[oe-commits] [openembedded-core] 08/29: dropbear: drop support for DSA host keys in dropbear init script
git at git.openembedded.org
git at git.openembedded.org
Fri Mar 10 10:16:15 UTC 2017
This is an automated email from the git hooks/post-receive script.
rpurdie pushed a commit to branch master-next
in repository openembedded-core.
commit 6bd7341a38a8bb5387ea81dbccfed327370569f3
Author: Andre McCurdy <armccurdy at gmail.com>
AuthorDate: Mon Mar 6 17:42:25 2017 -0800
dropbear: drop support for DSA host keys in dropbear init script
Bring the dropbear init script into sync with the systemd service
file (dropbearkey.service supports RSA host keys only) and with
recent versions of openssh which deprecate DSA host keys.
https://www.gentoo.org/support/news-items/2015-08-13-openssh-weak-keys.html
Signed-off-by: Andre McCurdy <armccurdy at gmail.com>
Signed-off-by: Ross Burton <ross.burton at intel.com>
---
meta/recipes-core/dropbear/dropbear/init | 36 ++++++--------------------------
1 file changed, 6 insertions(+), 30 deletions(-)
diff --git a/meta/recipes-core/dropbear/dropbear/init b/meta/recipes-core/dropbear/dropbear/init
index 434bd6b..f6e1c46 100755
--- a/meta/recipes-core/dropbear/dropbear/init
+++ b/meta/recipes-core/dropbear/dropbear/init
@@ -40,49 +40,28 @@ done
if [ $readonly_rootfs = "1" ]; then
mkdir -p /var/lib/dropbear
DROPBEAR_RSAKEY_DEFAULT="/var/lib/dropbear/dropbear_rsa_host_key"
- DROPBEAR_DSSKEY_DEFAULT="/var/lib/dropbear/dropbear_dss_host_key"
else
DROPBEAR_RSAKEY_DEFAULT="/etc/dropbear/dropbear_rsa_host_key"
- DROPBEAR_DSSKEY_DEFAULT="/etc/dropbear/dropbear_dss_host_key"
fi
test -z "$DROPBEAR_BANNER" || \
DROPBEAR_EXTRA_ARGS="$DROPBEAR_EXTRA_ARGS -b $DROPBEAR_BANNER"
test -n "$DROPBEAR_RSAKEY" || \
DROPBEAR_RSAKEY=$DROPBEAR_RSAKEY_DEFAULT
-test -n "$DROPBEAR_DSSKEY" || \
- DROPBEAR_DSSKEY=$DROPBEAR_DSSKEY_DEFAULT
-test -n "$DROPBEAR_KEYTYPES" || \
- DROPBEAR_KEYTYPES="rsa"
gen_keys() {
-for t in $DROPBEAR_KEYTYPES; do
- case $t in
- rsa)
- if [ -f "$DROPBEAR_RSAKEY" -a ! -s "$DROPBEAR_RSAKEY" ]; then
- rm $DROPBEAR_RSAKEY || true
- fi
- test -f $DROPBEAR_RSAKEY || dropbearkey -t rsa -f $DROPBEAR_RSAKEY $DROPBEAR_RSAKEY_ARGS
- ;;
- dsa)
- if [ -f "$DROPBEAR_DSSKEY" -a ! -s "$DROPBEAR_DSSKEY" ]; then
- rm $DROPBEAR_DSSKEY || true
- fi
- test -f $DROPBEAR_DSSKEY || dropbearkey -t dss -f $DROPBEAR_DSSKEY $DROPBEAR_DSSKEY_ARGS
- ;;
- esac
-done
+ if [ -f "$DROPBEAR_RSAKEY" -a ! -s "$DROPBEAR_RSAKEY" ]; then
+ rm $DROPBEAR_RSAKEY || true
+ fi
+ test -f $DROPBEAR_RSAKEY || dropbearkey -t rsa -f $DROPBEAR_RSAKEY $DROPBEAR_RSAKEY_ARGS
}
case "$1" in
start)
echo -n "Starting $DESC: "
gen_keys
- KEY_ARGS=""
- test -f $DROPBEAR_DSSKEY && KEY_ARGS="$KEY_ARGS -d $DROPBEAR_DSSKEY"
- test -f $DROPBEAR_RSAKEY && KEY_ARGS="$KEY_ARGS -r $DROPBEAR_RSAKEY"
start-stop-daemon -S -p $PIDFILE \
- -x "$DAEMON" -- $KEY_ARGS \
+ -x "$DAEMON" -- -r $DROPBEAR_RSAKEY \
-p "$DROPBEAR_PORT" $DROPBEAR_EXTRA_ARGS
echo "$NAME."
;;
@@ -95,11 +74,8 @@ case "$1" in
echo -n "Restarting $DESC: "
start-stop-daemon -K -x "$DAEMON" -p $PIDFILE
sleep 1
- KEY_ARGS=""
- test -f $DROPBEAR_DSSKEY && KEY_ARGS="$KEY_ARGS -d $DROPBEAR_DSSKEY"
- test -f $DROPBEAR_RSAKEY && KEY_ARGS="$KEY_ARGS -r $DROPBEAR_RSAKEY"
start-stop-daemon -S -p $PIDFILE \
- -x "$DAEMON" -- $KEY_ARGS \
+ -x "$DAEMON" -- -r $DROPBEAR_RSAKEY \
-p "$DROPBEAR_PORT" $DROPBEAR_EXTRA_ARGS
echo "$NAME."
;;
--
To stop receiving notification emails like this one, please contact
the administrator of this repository.
More information about the Openembedded-commits
mailing list