summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndre McCurdy <armccurdy@gmail.com>2017-03-06 17:42:25 -0800
committerRichard Purdie <richard.purdie@linuxfoundation.org>2017-03-10 10:15:44 +0000
commit6bd7341a38a8bb5387ea81dbccfed327370569f3 (patch)
treec5ace7076e06dfc8853a68530de06e9dd049628f
parent5cc3592afc72bae8dd12d3d8ff15bb7418baaea3 (diff)
downloadopenembedded-core-6bd7341a38a8bb5387ea81dbccfed327370569f3.tar.gz
openembedded-core-6bd7341a38a8bb5387ea81dbccfed327370569f3.tar.bz2
openembedded-core-6bd7341a38a8bb5387ea81dbccfed327370569f3.zip
dropbear: drop support for DSA host keys in dropbear init script
Bring the dropbear init script into sync with the systemd service file (dropbearkey.service supports RSA host keys only) and with recent versions of openssh which deprecate DSA host keys. https://www.gentoo.org/support/news-items/2015-08-13-openssh-weak-keys.html Signed-off-by: Andre McCurdy <armccurdy@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
-rwxr-xr-xmeta/recipes-core/dropbear/dropbear/init36
1 files changed, 6 insertions, 30 deletions
diff --git a/meta/recipes-core/dropbear/dropbear/init b/meta/recipes-core/dropbear/dropbear/init
index 434bd6b971..f6e1c462fa 100755
--- a/meta/recipes-core/dropbear/dropbear/init
+++ b/meta/recipes-core/dropbear/dropbear/init
@@ -40,49 +40,28 @@ done
if [ $readonly_rootfs = "1" ]; then
mkdir -p /var/lib/dropbear
DROPBEAR_RSAKEY_DEFAULT="/var/lib/dropbear/dropbear_rsa_host_key"
- DROPBEAR_DSSKEY_DEFAULT="/var/lib/dropbear/dropbear_dss_host_key"
else
DROPBEAR_RSAKEY_DEFAULT="/etc/dropbear/dropbear_rsa_host_key"
- DROPBEAR_DSSKEY_DEFAULT="/etc/dropbear/dropbear_dss_host_key"
fi
test -z "$DROPBEAR_BANNER" || \
DROPBEAR_EXTRA_ARGS="$DROPBEAR_EXTRA_ARGS -b $DROPBEAR_BANNER"
test -n "$DROPBEAR_RSAKEY" || \
DROPBEAR_RSAKEY=$DROPBEAR_RSAKEY_DEFAULT
-test -n "$DROPBEAR_DSSKEY" || \
- DROPBEAR_DSSKEY=$DROPBEAR_DSSKEY_DEFAULT
-test -n "$DROPBEAR_KEYTYPES" || \
- DROPBEAR_KEYTYPES="rsa"
gen_keys() {
-for t in $DROPBEAR_KEYTYPES; do
- case $t in
- rsa)
- if [ -f "$DROPBEAR_RSAKEY" -a ! -s "$DROPBEAR_RSAKEY" ]; then
- rm $DROPBEAR_RSAKEY || true
- fi
- test -f $DROPBEAR_RSAKEY || dropbearkey -t rsa -f $DROPBEAR_RSAKEY $DROPBEAR_RSAKEY_ARGS
- ;;
- dsa)
- if [ -f "$DROPBEAR_DSSKEY" -a ! -s "$DROPBEAR_DSSKEY" ]; then
- rm $DROPBEAR_DSSKEY || true
- fi
- test -f $DROPBEAR_DSSKEY || dropbearkey -t dss -f $DROPBEAR_DSSKEY $DROPBEAR_DSSKEY_ARGS
- ;;
- esac
-done
+ if [ -f "$DROPBEAR_RSAKEY" -a ! -s "$DROPBEAR_RSAKEY" ]; then
+ rm $DROPBEAR_RSAKEY || true
+ fi
+ test -f $DROPBEAR_RSAKEY || dropbearkey -t rsa -f $DROPBEAR_RSAKEY $DROPBEAR_RSAKEY_ARGS
}
case "$1" in
start)
echo -n "Starting $DESC: "
gen_keys
- KEY_ARGS=""
- test -f $DROPBEAR_DSSKEY && KEY_ARGS="$KEY_ARGS -d $DROPBEAR_DSSKEY"
- test -f $DROPBEAR_RSAKEY && KEY_ARGS="$KEY_ARGS -r $DROPBEAR_RSAKEY"
start-stop-daemon -S -p $PIDFILE \
- -x "$DAEMON" -- $KEY_ARGS \
+ -x "$DAEMON" -- -r $DROPBEAR_RSAKEY \
-p "$DROPBEAR_PORT" $DROPBEAR_EXTRA_ARGS
echo "$NAME."
;;
@@ -95,11 +74,8 @@ case "$1" in
echo -n "Restarting $DESC: "
start-stop-daemon -K -x "$DAEMON" -p $PIDFILE
sleep 1
- KEY_ARGS=""
- test -f $DROPBEAR_DSSKEY && KEY_ARGS="$KEY_ARGS -d $DROPBEAR_DSSKEY"
- test -f $DROPBEAR_RSAKEY && KEY_ARGS="$KEY_ARGS -r $DROPBEAR_RSAKEY"
start-stop-daemon -S -p $PIDFILE \
- -x "$DAEMON" -- $KEY_ARGS \
+ -x "$DAEMON" -- -r $DROPBEAR_RSAKEY \
-p "$DROPBEAR_PORT" $DROPBEAR_EXTRA_ARGS
echo "$NAME."
;;