fix firewall sshkey & gateway setup.

linuxmuster · Feb 10, 2024 · 496049a · 496049a
1 parent 84f0461
commit 496049a
Show file tree

Hide file tree

Showing 4 changed files with 20 additions and 18 deletions.
diff --git a/lib/functions.py b/lib/functions.py
@@ -3,7 +3,7 @@
 # functions.py
 #
 # thomas@linuxmuster.net
-# 20230831
+# 20240210
 #
 
 from subprocess import Popen, PIPE
@@ -647,10 +647,10 @@ def putSftp(ip, localfile, remotefile, secret='', sshuser='root'):
 
 
 # upload firewall config
-def putFwConfig(firewallip, secret=''):
+def putFwConfig(firewallip, fwconf=constants.FWCONFREMOTE, secret=''):
     printScript('Uploading firewall configuration:')
     rc = putSftp(firewallip, constants.FWCONFLOCAL,
-                 constants.FWCONFREMOTE, secret)
+                 fwconf, secret)
     if rc:
         printScript('* Upload finished successfully.')
     else:

diff --git a/lib/setup.d/h_ssh.py b/lib/setup.d/h_ssh.py
@@ -2,7 +2,7 @@
 #
 # setup ssh host keys
 # thomas@linuxmuster.net
-# 20220105
+# 20240209
 #
 
 import configparser
@@ -60,8 +60,7 @@
         subProc('ssh-keygen -t ' + a + ' -f '
                 + rootkey_prefix + a + ' -N ""', logfile)
         if a == 'rsa':
-            subProc('base64 ' + constants.SSHPUBKEY
-                    + ' > ' + constants.SSHPUBKEYB64, logfile)
+            subProc('echo -n "$(cat ' + constants.SSHPUBKEY + ')" | base64 -w0 > ' + constants.SSHPUBKEYB64, logfile)
             rc = replaceInFile(constants.SSHPUBKEYB64, '\n', '')
         printScript(' Success!', '', True, True, False, len(msg))
     except:

diff --git a/lib/setup.d/m_firewall.py b/lib/setup.d/m_firewall.py
@@ -2,7 +2,7 @@
 #
 # firewall setup
 # thomas@linuxmuster.net
-# 20220105
+# 20220210
 #
 
 import bcrypt
@@ -119,9 +119,7 @@ def main():
             language = '<language>' + lang + '</language>'
         # save gateway configuration
         try:
-            gwconfig = str(soup.findAll('gateways')[0])
-            gwconfig = gwconfig.replace(
-                '<gateways>', '').replace('</gateways>', '')
+            gwconfig = str(soup.find('gateways').content)
         except:
             gwconfig = ''
         # save dnsserver configuration
@@ -235,7 +233,7 @@ def main():
 
     # upload config files
     # upload modified main config.xml
-    rc = putFwConfig(firewallip, rolloutpw)
+    rc = putFwConfig(firewallip, '/tmp/opnsense.xml', rolloutpw)
     if not rc:
         sys.exit(1)
 
@@ -247,7 +245,7 @@ def main():
         sys.exit(1)
     rc, content = readTextfile(conftmp)
     fwpath = content.split('\n')[0].partition(' ')[2]
-    rc = putSftp(firewallip, conftmp, fwpath, productionpw)
+    rc = putSftp(firewallip, conftmp, fwpath, rolloutpw)
     if not rc:
         sys.exit(1)
 
@@ -258,9 +256,9 @@ def main():
     printScript('Installing extensions and rebooting firewall')
     fwsetup_local = constants.FWSHAREDIR + '/fwsetup.sh'
     fwsetup_remote = '/tmp/fwsetup.sh'
-    rc = putSftp(firewallip, fwsetup_local, fwsetup_remote, productionpw)
-    rc = sshExec(firewallip, 'chmod +x ' + fwsetup_remote, productionpw)
-    rc = sshExec(firewallip, fwsetup_remote, productionpw)
+    rc = putSftp(firewallip, fwsetup_local, fwsetup_remote, rolloutpw)
+    rc = sshExec(firewallip, 'chmod +x ' + fwsetup_remote, rolloutpw)
+    rc = sshExec(firewallip, fwsetup_remote, rolloutpw)
     if not rc:
         sys.exit(1)
 

diff --git a/share/firewall/opnsense/fwsetup.sh b/share/firewall/opnsense/fwsetup.sh
@@ -2,7 +2,7 @@
 #
 # install extensions and reboot
 # thomas@linuxmuster.net
-# 20200311
+# 20240210
 #
 
 # install extensions
@@ -11,5 +11,10 @@ for item in $extensions; do
   pkg install -y $item
 done
 
-# reboot
-configctl firmware reboot
+if [ -s /tmp/opnsense.xml ]; then
+  # copy setup config
+  cp /tmp/opnsense.xml /conf/config.xml
+
+  # reboot finally
+  reboot
+fi