]> git.ipfire.org Git - thirdparty/openwrt.git/commitdiff
wifi-scripts: restore priv_key/priv_key_pwd as config aliases 24088/head
authorHauke Mehrtens <hauke@hauke-m.de>
Sun, 5 Jul 2026 17:38:53 +0000 (19:38 +0200)
committerHauke Mehrtens <hauke@hauke-m.de>
Mon, 6 Jul 2026 23:50:56 +0000 (01:50 +0200)
The shell config generator read the client private key from the UCI
options priv_key / priv_key_pwd (and priv_key2 / priv_key2_pwd for the
inner tunnel). The ucode generator was switched to private_key /
private_key_passwd (matching the wpa_supplicant field names), and LuCI
was updated accordingly, but existing configurations still carry the old
option names.

Such configs silently lose their private key: for an EAP-TLS client this
leaves wpa_supplicant without a client key and authentication fails after
upgrading from 24.10.

The schema already lists priv_key / priv_key_pwd, but as plain strings,
so validate() never migrates them. Declare them (and the missing
priv_key2 / priv_key2_pwd) as aliases of the private_key* options so the
old names keep working.

Fixes: https://github.com/openwrt/openwrt/issues/22599
Fixes: 218f3884d2fb ("wifi-scripts: add ucode based scripts")
Assisted-by: Claude:claude-opus-4-8
Link: https://github.com/openwrt/openwrt/pull/24088
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
package/network/config/wifi-scripts/files-ucode/usr/share/schema/wireless.wifi-iface.json

index 285279c22ec68bdb8df808d4696d1116de7bdb68..25e151fd88b8abde16a4043954aa429ad80c1b01 100644 (file)
                        "default": true
                },
                "priv_key": {
-                       "type": "string"
+                       "type": "alias",
+                       "default": "private_key"
                },
                "priv_key_pwd": {
-                       "type": "string"
+                       "type": "alias",
+                       "default": "private_key_passwd"
+               },
+               "priv_key2": {
+                       "type": "alias",
+                       "default": "private_key2"
+               },
+               "priv_key2_pwd": {
+                       "type": "alias",
+                       "default": "private_key2_passwd"
                },
                "private_key": {
                        "description": "Private key matching with the server certificate for EAP-TLS/PEAP/TTLS",