sysmo-bts
/
generic-poky
9
0
Fork 0
Code Pull Requests Releases Activity

dropbear: drop support for DSA host keys in dropbear init script 

Bring the dropbear init script into sync with the systemd service
file (dropbearkey.service supports RSA host keys only) and with
recent versions of openssh which deprecate DSA host keys.

  https://www.gentoo.org/support/news-items/2015-08-13-openssh-weak-keys.html

(From OE-Core rev: 6bd7341a38a8bb5387ea81dbccfed327370569f3)

Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
Andre McCurdy 2017-03-06 17:42:25 -08:00 committed by Richard Purdie
parent 3f3ced499c
commit 5ccea3e02a
1 changed files with 6 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
meta/recipes-core/dropbear/dropbear/init
View File

@ -40,49 +40,28 @@ done
if [ $readonly_rootfs = "1" ]; then if [ $readonly_rootfs = "1" ]; then
mkdir -p /var/lib/dropbear mkdir -p /var/lib/dropbear
DROPBEAR_RSAKEY_DEFAULT="/var/lib/dropbear/dropbear_rsa_host_key" DROPBEAR_RSAKEY_DEFAULT="/var/lib/dropbear/dropbear_rsa_host_key"
DROPBEAR_DSSKEY_DEFAULT="/var/lib/dropbear/dropbear_dss_host_key"
else else
DROPBEAR_RSAKEY_DEFAULT="/etc/dropbear/dropbear_rsa_host_key" DROPBEAR_RSAKEY_DEFAULT="/etc/dropbear/dropbear_rsa_host_key"
DROPBEAR_DSSKEY_DEFAULT="/etc/dropbear/dropbear_dss_host_key"
fi fi
test -z "$DROPBEAR_BANNER" || \ test -z "$DROPBEAR_BANNER" || \
DROPBEAR_EXTRA_ARGS="$DROPBEAR_EXTRA_ARGS -b $DROPBEAR_BANNER" DROPBEAR_EXTRA_ARGS="$DROPBEAR_EXTRA_ARGS -b $DROPBEAR_BANNER"
test -n "$DROPBEAR_RSAKEY" || \ test -n "$DROPBEAR_RSAKEY" || \
DROPBEAR_RSAKEY=$DROPBEAR_RSAKEY_DEFAULT DROPBEAR_RSAKEY=$DROPBEAR_RSAKEY_DEFAULT
test -n "$DROPBEAR_DSSKEY" || \
DROPBEAR_DSSKEY=$DROPBEAR_DSSKEY_DEFAULT
test -n "$DROPBEAR_KEYTYPES" || \
DROPBEAR_KEYTYPES="rsa"
gen_keys() { gen_keys() {
for t in $DROPBEAR_KEYTYPES; do if [ -f "$DROPBEAR_RSAKEY" -a ! -s "$DROPBEAR_RSAKEY" ]; then
case $t in rm $DROPBEAR_RSAKEY || true
rsa) fi
if [ -f "$DROPBEAR_RSAKEY" -a ! -s "$DROPBEAR_RSAKEY" ]; then test -f $DROPBEAR_RSAKEY || dropbearkey -t rsa -f $DROPBEAR_RSAKEY $DROPBEAR_RSAKEY_ARGS
rm $DROPBEAR_RSAKEY || true
fi
test -f $DROPBEAR_RSAKEY || dropbearkey -t rsa -f $DROPBEAR_RSAKEY $DROPBEAR_RSAKEY_ARGS
;;
dsa)
if [ -f "$DROPBEAR_DSSKEY" -a ! -s "$DROPBEAR_DSSKEY" ]; then
rm $DROPBEAR_DSSKEY || true
fi
test -f $DROPBEAR_DSSKEY || dropbearkey -t dss -f $DROPBEAR_DSSKEY $DROPBEAR_DSSKEY_ARGS
;;
esac
done
} }
case "$1" in case "$1" in
start) start)
echo -n "Starting $DESC: " echo -n "Starting $DESC: "
gen_keys gen_keys
KEY_ARGS=""
test -f $DROPBEAR_DSSKEY && KEY_ARGS="$KEY_ARGS -d $DROPBEAR_DSSKEY"
test -f $DROPBEAR_RSAKEY && KEY_ARGS="$KEY_ARGS -r $DROPBEAR_RSAKEY"
start-stop-daemon -S -p $PIDFILE \ start-stop-daemon -S -p $PIDFILE \
-x "$DAEMON" -- $KEY_ARGS \ -x "$DAEMON" -- -r $DROPBEAR_RSAKEY \
-p "$DROPBEAR_PORT" $DROPBEAR_EXTRA_ARGS -p "$DROPBEAR_PORT" $DROPBEAR_EXTRA_ARGS
echo "$NAME." echo "$NAME."
;; ;;
@ -95,11 +74,8 @@ case "$1" in
echo -n "Restarting $DESC: " echo -n "Restarting $DESC: "
start-stop-daemon -K -x "$DAEMON" -p $PIDFILE start-stop-daemon -K -x "$DAEMON" -p $PIDFILE
sleep 1 sleep 1
KEY_ARGS=""
test -f $DROPBEAR_DSSKEY && KEY_ARGS="$KEY_ARGS -d $DROPBEAR_DSSKEY"
test -f $DROPBEAR_RSAKEY && KEY_ARGS="$KEY_ARGS -r $DROPBEAR_RSAKEY"
start-stop-daemon -S -p $PIDFILE \ start-stop-daemon -S -p $PIDFILE \
-x "$DAEMON" -- $KEY_ARGS \ -x "$DAEMON" -- -r $DROPBEAR_RSAKEY \
-p "$DROPBEAR_PORT" $DROPBEAR_EXTRA_ARGS -p "$DROPBEAR_PORT" $DROPBEAR_EXTRA_ARGS
echo "$NAME." echo "$NAME."
;; ;;