mirror of
https://github.com/Telecominfraproject/wlan-ap.git
synced 2025-12-15 04:17:01 +00:00
4865aabdb3
Modify early_boot init script to copy all .pem and .ca files from /certificates/ to /etc/ucentral/ instead of only operational.pem and operational.ca. This enables support for multiple trust chains where certificates are stored with FQDN-based names (e.g., controller.example.com.pem) alongside the traditional operational.pem. The simple wildcard copy allows air-gapped deployments to maintain certificates for multiple controllers without complex logic. Signed-off-by: John Crispin <john@phrozen.org>
37 lines
1.1 KiB
Bash
Executable File
37 lines
1.1 KiB
Bash
Executable File
#!/bin/sh /etc/rc.common
|
|
|
|
START=09
|
|
|
|
copy_certificates() {
|
|
[ -f /certificates/key.pem ] || return
|
|
|
|
cp /certificates/*.pem /certificates/*.ca /etc/ucentral/ 2>/dev/null || true
|
|
chown root.network /etc/ucentral/*.pem /etc/ucentral/*.ca
|
|
chmod 0440 root.network /etc/ucentral/*.pem /etc/ucentral/*.ca
|
|
[ -f /certificates/gateway.json ] && cp /certificates/gateway.json /etc/ucentral/gateway.flash
|
|
[ -f /certificates/restrictions.json ] && cp /certificates/restrictions.json /etc/ucentral/
|
|
[ -f /certificates/sign_pubkey.pem ] && cp /certificates/sign_pubkey.pem /etc/ucentral/
|
|
country=`cat /certificates/ucentral.defaults | jsonfilter -e '@.country'`
|
|
[ -z "$country" -a -f /etc/uci-defaults/30_uboot-envtools ] && {
|
|
(. /etc/uci-defaults/30_uboot-envtools)
|
|
fw_printenv
|
|
country=$(fw_printenv -n country)
|
|
}
|
|
[ -z "$country" ] && country=US
|
|
echo "options cfg80211 ieee80211_regdom="$country > /etc/modules.conf
|
|
echo -n $country > /etc/ucentral/country
|
|
sync
|
|
exit 0
|
|
}
|
|
|
|
boot() {
|
|
case "$(board_name)" in
|
|
sonicfi,rap6*)
|
|
touch /tmp/squashfs
|
|
;;
|
|
esac
|
|
[ -f /etc/ucentral/key.pem ] && return
|
|
/usr/bin/mount_certs
|
|
copy_certificates
|
|
}
|