Browse Source

dropbear: Add an init script that removes truncated keys

It is possible that the key is truncated, remove it in this case.
hfreyther/master-next
Holger Hans Peter Freyther 9 years ago
parent
commit
8431d916a5
  1. 4
      recipes-fixes/dropbear/dropbear_sysmocom.inc
  2. 112
      recipes-fixes/dropbear/files/init
  3. 1
      yocto-shared/dropbear_0.52.bbappend

4
recipes-fixes/dropbear/dropbear_sysmocom.inc

@ -0,0 +1,4 @@
THISDIR := "${@os.path.dirname(bb.data.getVar('FILE', d, True))}"
FILESPATH =. "${@base_set_filespath(["${THISDIR}/files"], d)}:"
PRINC="2"

112
recipes-fixes/dropbear/files/init

@ -0,0 +1,112 @@
#!/bin/sh
### BEGIN INIT INFO
# Provides: sshd
# Required-Start: $remote_fs $syslog $networking
# Required-Stop: $remote_fs $syslog
# Default-Start: 2 3 4 5
# Default-Stop: 1
# Short-Description: Dropbear Secure Shell server
### END INIT INFO
#
# Do not configure this file. Edit /etc/default/dropbear instead!
#
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
DAEMON=/usr/sbin/dropbear
NAME=dropbear
DESC="Dropbear SSH server"
DROPBEAR_PORT=22
DROPBEAR_EXTRA_ARGS=
NO_START=0
set -e
test ! -r /etc/default/dropbear || . /etc/default/dropbear
test "$NO_START" = "0" || exit 0
test -x "$DAEMON" || exit 0
test ! -h /var/service/dropbear || exit 0
readonly_rootfs=0
for flag in `awk '{ if ($2 == "/") { split($4,FLAGS,",") } }; END { for (f in FLAGS) print FLAGS[f] }' </proc/mounts`; do
case $flag in
ro)
readonly_rootfs=1
;;
esac
done
if [ $readonly_rootfs = "1" ]; then
mkdir -p /var/lib/dropbear
DROPBEAR_RSAKEY_DEFAULT="/var/lib/dropbear/dropbear_rsa_host_key"
DROPBEAR_DSSKEY_DEFAULT="/var/lib/dropbear/dropbear_dss_host_key"
else
DROPBEAR_RSAKEY_DEFAULT="/etc/dropbear/dropbear_rsa_host_key"
DROPBEAR_DSSKEY_DEFAULT="/etc/dropbear/dropbear_dss_host_key"
fi
test -z "$DROPBEAR_BANNER" || \
DROPBEAR_EXTRA_ARGS="$DROPBEAR_EXTRA_ARGS -b $DROPBEAR_BANNER"
test -n "$DROPBEAR_RSAKEY" || \
DROPBEAR_RSAKEY=$DROPBEAR_RSAKEY_DEFAULT
test -n "$DROPBEAR_DSSKEY" || \
DROPBEAR_DSSKEY=$DROPBEAR_DSSKEY_DEFAULT
test -n "$DROPBEAR_KEYTYPES" || \
DROPBEAR_KEYTYPES="rsa"
gen_keys() {
for t in $DROPBEAR_KEYTYPES; do
case $t in
rsa)
if [ ! -s $DROPBEAR_RSAKEY ]; then
rm $DROPBEAR_RSAKEY
fi
test -f $DROPBEAR_RSAKEY || dropbearkey -t rsa -f $DROPBEAR_RSAKEY
;;
dsa)
if [ ! -s $DROPBEAR_DSSKEY ]; then
rm $DROPBEAR_DSSKEY
fi
test -f $DROPBEAR_DSSKEY || dropbearkey -t dss -f $DROPBEAR_DSSKEY
;;
esac
done
}
case "$1" in
start)
echo -n "Starting $DESC: "
gen_keys
KEY_ARGS=""
test -f $DROPBEAR_DSSKEY && KEY_ARGS="$KEY_ARGS -d $DROPBEAR_DSSKEY"
test -f $DROPBEAR_RSAKEY && KEY_ARGS="$KEY_ARGS -r $DROPBEAR_RSAKEY"
start-stop-daemon -S \
-x "$DAEMON" -- $KEY_ARGS \
-p "$DROPBEAR_PORT" $DROPBEAR_EXTRA_ARGS
echo "$NAME."
;;
stop)
echo -n "Stopping $DESC: "
start-stop-daemon -K -x "$DAEMON"
echo "$NAME."
;;
restart|force-reload)
echo -n "Restarting $DESC: "
start-stop-daemon -K -x "$DAEMON"
sleep 1
KEY_ARGS=""
test -f $DROPBEAR_DSSKEY && KEY_ARGS="$KEY_ARGS -d $DROPBEAR_DSSKEY"
test -f $DROPBEAR_RSAKEY && KEY_ARGS="$KEY_ARGS -r $DROPBEAR_RSAKEY"
start-stop-daemon -S \
-x "$DAEMON" -- $KEY_ARGS \
-p "$DROPBEAR_PORT" $DROPBEAR_EXTRA_ARGS
echo "$NAME."
;;
*)
N=/etc/init.d/$NAME
echo "Usage: $N {start|stop|restart|force-reload}" >&2
exit 1
;;
esac
exit 0

1
yocto-shared/dropbear_0.52.bbappend

@ -0,0 +1 @@
require recipes-fixes/dropbear/${PN}_sysmocom.inc
Loading…
Cancel
Save