diff --git a/lib/functions.py b/lib/functions.py
index f1d1c23..1f0cc0a 100644
--- a/lib/functions.py
+++ b/lib/functions.py
@@ -3,7 +3,7 @@
# functions.py
#
# thomas@linuxmuster.net
-# 20230831
+# 20240210
#
from subprocess import Popen, PIPE
@@ -647,10 +647,10 @@ def putSftp(ip, localfile, remotefile, secret='', sshuser='root'):
# upload firewall config
-def putFwConfig(firewallip, secret=''):
+def putFwConfig(firewallip, fwconf=constants.FWCONFREMOTE, secret=''):
printScript('Uploading firewall configuration:')
rc = putSftp(firewallip, constants.FWCONFLOCAL,
- constants.FWCONFREMOTE, secret)
+ fwconf, secret)
if rc:
printScript('* Upload finished successfully.')
else:
diff --git a/lib/setup.d/h_ssh.py b/lib/setup.d/h_ssh.py
index 9d1cd40..5b83c84 100644
--- a/lib/setup.d/h_ssh.py
+++ b/lib/setup.d/h_ssh.py
@@ -2,7 +2,7 @@
#
# setup ssh host keys
# thomas@linuxmuster.net
-# 20220105
+# 20240209
#
import configparser
@@ -60,8 +60,7 @@
subProc('ssh-keygen -t ' + a + ' -f '
+ rootkey_prefix + a + ' -N ""', logfile)
if a == 'rsa':
- subProc('base64 ' + constants.SSHPUBKEY
- + ' > ' + constants.SSHPUBKEYB64, logfile)
+ subProc('echo -n "$(cat ' + constants.SSHPUBKEY + ')" | base64 -w0 > ' + constants.SSHPUBKEYB64, logfile)
rc = replaceInFile(constants.SSHPUBKEYB64, '\n', '')
printScript(' Success!', '', True, True, False, len(msg))
except:
diff --git a/lib/setup.d/m_firewall.py b/lib/setup.d/m_firewall.py
index 1f6acbc..4d8df18 100644
--- a/lib/setup.d/m_firewall.py
+++ b/lib/setup.d/m_firewall.py
@@ -2,7 +2,7 @@
#
# firewall setup
# thomas@linuxmuster.net
-# 20220105
+# 20220210
#
import bcrypt
@@ -119,9 +119,7 @@ def main():
language = '' + lang + ''
# save gateway configuration
try:
- gwconfig = str(soup.findAll('gateways')[0])
- gwconfig = gwconfig.replace(
- '', '').replace('', '')
+ gwconfig = str(soup.find('gateways').content)
except:
gwconfig = ''
# save dnsserver configuration
@@ -235,7 +233,7 @@ def main():
# upload config files
# upload modified main config.xml
- rc = putFwConfig(firewallip, rolloutpw)
+ rc = putFwConfig(firewallip, '/tmp/opnsense.xml', rolloutpw)
if not rc:
sys.exit(1)
@@ -247,7 +245,7 @@ def main():
sys.exit(1)
rc, content = readTextfile(conftmp)
fwpath = content.split('\n')[0].partition(' ')[2]
- rc = putSftp(firewallip, conftmp, fwpath, productionpw)
+ rc = putSftp(firewallip, conftmp, fwpath, rolloutpw)
if not rc:
sys.exit(1)
@@ -258,9 +256,9 @@ def main():
printScript('Installing extensions and rebooting firewall')
fwsetup_local = constants.FWSHAREDIR + '/fwsetup.sh'
fwsetup_remote = '/tmp/fwsetup.sh'
- rc = putSftp(firewallip, fwsetup_local, fwsetup_remote, productionpw)
- rc = sshExec(firewallip, 'chmod +x ' + fwsetup_remote, productionpw)
- rc = sshExec(firewallip, fwsetup_remote, productionpw)
+ rc = putSftp(firewallip, fwsetup_local, fwsetup_remote, rolloutpw)
+ rc = sshExec(firewallip, 'chmod +x ' + fwsetup_remote, rolloutpw)
+ rc = sshExec(firewallip, fwsetup_remote, rolloutpw)
if not rc:
sys.exit(1)
diff --git a/share/firewall/opnsense/fwsetup.sh b/share/firewall/opnsense/fwsetup.sh
index f80c6f7..74494f0 100644
--- a/share/firewall/opnsense/fwsetup.sh
+++ b/share/firewall/opnsense/fwsetup.sh
@@ -2,7 +2,7 @@
#
# install extensions and reboot
# thomas@linuxmuster.net
-# 20200311
+# 20240210
#
# install extensions
@@ -11,5 +11,10 @@ for item in $extensions; do
pkg install -y $item
done
-# reboot
-configctl firmware reboot
+if [ -s /tmp/opnsense.xml ]; then
+ # copy setup config
+ cp /tmp/opnsense.xml /conf/config.xml
+
+ # reboot finally
+ reboot
+fi
\ No newline at end of file