From d6735bf75b13b30c9820e489448f1d2098fc8f92 Mon Sep 17 00:00:00 2001
From: Felix Fietkau <nbd@nbd.name>
Date: Fri, 6 Jun 2025 10:44:02 +0200
Subject: [PATCH] unetd: cli: split generating network key from signing

Preparation for reusing the key for more operations

Signed-off-by: Felix Fietkau <nbd@nbd.name>
---
 package/network/services/unetd/files/unet.uc | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/package/network/services/unetd/files/unet.uc b/package/network/services/unetd/files/unet.uc
index 453c58adb0..eb2c450cb6 100644
--- a/package/network/services/unetd/files/unet.uc
+++ b/package/network/services/unetd/files/unet.uc
@@ -166,14 +166,24 @@ function network_sign_data(ctx, name, network, pw_file, upload)
 		bin_file += "." + time();
 
 	writefile(json_file, sprintf("%.J\n", network));
-	let ret = network_keygen(pw_file, '-S', network.config, bin_file, json_file);
-	unlink(json_file);
+
+	let key_file = mkstemp();
+	let ret = network_keygen(pw_file, '-G', network.config, "/dev/fd/" + key_file.fileno());
 	if (!ret) {
+		if (ctx.command_failed)
+			ctx.command_failed("Failed to generate network key");
+		return false;
+	}
+
+	ret = system([ "unet-tool", "-S", "-K", "/dev/fd/" + key_file.fileno(), "-o", bin_file, json_file ]);
+	unlink(json_file);
+	if (ret != 0) {
 		if (ctx.command_failed)
 			ctx.command_failed("Failed to sign network configuration");
 		return false;
 	}
 
+	key_file.close();
 	if (!upload)
 		return true;
 
-- 
2.30.2