From: Paul Donald <newtwen+github@gmail.com>
Date: Sat, 31 Jan 2026 14:47:30 +0000 (+0100)
Subject: wireguard-tools: avoid temp file for key gen
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=97789875d5e23ebf3bd311454846649e8fb215bc;p=thirdparty%2Fopenwrt.git

wireguard-tools: avoid temp file for key gen

- no longer write any temporary file for key gen

Signed-off-by: Paul Donald <newtwen+github@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/21784
Signed-off-by: Robert Marko <robimarko@gmail.com>
---

diff --git a/package/network/utils/wireguard-tools/files/wireguard.sh b/package/network/utils/wireguard-tools/files/wireguard.sh
index 78a432a8d10..8226c327da8 100644
--- a/package/network/utils/wireguard-tools/files/wireguard.sh
+++ b/package/network/utils/wireguard-tools/files/wireguard.sh
@@ -112,16 +112,10 @@ ensure_key_is_generated() {
 	local private_key
 	private_key="$(uci get network."$1".private_key)"
 
-	if [ "$private_key" == "generate" ]; then
-		local ucitmp
-		oldmask="$(umask)"
-		umask 077
-		ucitmp="$(mktemp -d)"
+	if [ "$private_key" = "generate" ] || [ -z "$private_key" ]; then
 		private_key="$("${WG}" genkey)"
-		uci -q -t "$ucitmp" set network."$1".private_key="$private_key" && \
-			uci -q -t "$ucitmp" commit network
-		rm -rf "$ucitmp"
-		umask "$oldmask"
+		uci -q set network."$1".private_key="$private_key" && \
+			uci -q commit network
 	fi
 }