From 5ccea3e02a3800dd0e6e41d80fb20b02035133da Mon Sep 17 00:00:00 2001
From: Andre McCurdy <armccurdy@gmail.com>
Date: Mon, 6 Mar 2017 17:42:25 -0800
Subject: [PATCH] dropbear: drop support for DSA host keys in dropbear init
 script

Bring the dropbear init script into sync with the systemd service
file (dropbearkey.service supports RSA host keys only) and with
recent versions of openssh which deprecate DSA host keys.

  https://www.gentoo.org/support/news-items/2015-08-13-openssh-weak-keys.html

(From OE-Core rev: 6bd7341a38a8bb5387ea81dbccfed327370569f3)

Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---
 meta/recipes-core/dropbear/dropbear/init | 36 ++++--------------------
 1 file changed, 6 insertions(+), 30 deletions(-)

diff --git a/meta/recipes-core/dropbear/dropbear/init b/meta/recipes-core/dropbear/dropbear/init
index 434bd6b971..f6e1c462fa 100755
--- a/meta/recipes-core/dropbear/dropbear/init
+++ b/meta/recipes-core/dropbear/dropbear/init
@@ -40,49 +40,28 @@ done
 if [ $readonly_rootfs = "1" ]; then
   mkdir -p /var/lib/dropbear
   DROPBEAR_RSAKEY_DEFAULT="/var/lib/dropbear/dropbear_rsa_host_key"
-  DROPBEAR_DSSKEY_DEFAULT="/var/lib/dropbear/dropbear_dss_host_key"
 else
   DROPBEAR_RSAKEY_DEFAULT="/etc/dropbear/dropbear_rsa_host_key"
-  DROPBEAR_DSSKEY_DEFAULT="/etc/dropbear/dropbear_dss_host_key"
 fi
 
 test -z "$DROPBEAR_BANNER" || \
   DROPBEAR_EXTRA_ARGS="$DROPBEAR_EXTRA_ARGS -b $DROPBEAR_BANNER"
 test -n "$DROPBEAR_RSAKEY" || \
   DROPBEAR_RSAKEY=$DROPBEAR_RSAKEY_DEFAULT
-test -n "$DROPBEAR_DSSKEY" || \
-  DROPBEAR_DSSKEY=$DROPBEAR_DSSKEY_DEFAULT
-test -n "$DROPBEAR_KEYTYPES" || \
-  DROPBEAR_KEYTYPES="rsa"
 
 gen_keys() {
-for t in $DROPBEAR_KEYTYPES; do
-  case $t in
-    rsa)
-        if [ -f "$DROPBEAR_RSAKEY" -a ! -s "$DROPBEAR_RSAKEY" ]; then
-                rm $DROPBEAR_RSAKEY || true
-        fi
-        test -f $DROPBEAR_RSAKEY || dropbearkey -t rsa -f $DROPBEAR_RSAKEY $DROPBEAR_RSAKEY_ARGS
-	;;
-    dsa)
-        if [ -f "$DROPBEAR_DSSKEY" -a ! -s "$DROPBEAR_DSSKEY" ]; then
-                rm $DROPBEAR_DSSKEY || true
-        fi
-        test -f $DROPBEAR_DSSKEY || dropbearkey -t dss -f $DROPBEAR_DSSKEY $DROPBEAR_DSSKEY_ARGS
-	;;
-  esac
-done
+    if [ -f "$DROPBEAR_RSAKEY" -a ! -s "$DROPBEAR_RSAKEY" ]; then
+        rm $DROPBEAR_RSAKEY || true
+    fi
+    test -f $DROPBEAR_RSAKEY || dropbearkey -t rsa -f $DROPBEAR_RSAKEY $DROPBEAR_RSAKEY_ARGS
 }
 
 case "$1" in
   start)
 	echo -n "Starting $DESC: "
 	gen_keys
-	KEY_ARGS=""
-	test -f $DROPBEAR_DSSKEY && KEY_ARGS="$KEY_ARGS -d $DROPBEAR_DSSKEY"
-	test -f $DROPBEAR_RSAKEY && KEY_ARGS="$KEY_ARGS -r $DROPBEAR_RSAKEY"
 	start-stop-daemon -S -p $PIDFILE \
-	  -x "$DAEMON" -- $KEY_ARGS \
+	  -x "$DAEMON" -- -r $DROPBEAR_RSAKEY \
 	    -p "$DROPBEAR_PORT" $DROPBEAR_EXTRA_ARGS
 	echo "$NAME."
 	;;
@@ -95,11 +74,8 @@ case "$1" in
 	echo -n "Restarting $DESC: "
 	start-stop-daemon -K -x "$DAEMON" -p $PIDFILE
 	sleep 1
-	KEY_ARGS=""
-	test -f $DROPBEAR_DSSKEY && KEY_ARGS="$KEY_ARGS -d $DROPBEAR_DSSKEY"
-	test -f $DROPBEAR_RSAKEY && KEY_ARGS="$KEY_ARGS -r $DROPBEAR_RSAKEY"
 	start-stop-daemon -S -p $PIDFILE \
-	  -x "$DAEMON" -- $KEY_ARGS \
+	  -x "$DAEMON" -- -r $DROPBEAR_RSAKEY \
 	    -p "$DROPBEAR_PORT" $DROPBEAR_EXTRA_ARGS
 	echo "$NAME."
 	;;