dropbear: merge with recipes-fixes/dropbear
Now that the dropbear package was imported into this repository, apply
the fixes from recipes-fixes/dropbear directly on top of the package.
I'm not sure if the override would still work otherwise, and it would be
unexpected to have this override as it's in the same repository.
The diff of the init script is the reverse of "dropbear: drop support
for DSA host keys in dropbear init script" patch:
5ccea3e02a
That is because all other changes (the reason why the init script was
overridden in the first place) had been upstreamed and were already part
of the init script in generic-poky.git.
I don't think anyone is using a SSH client that accepts DSA host keys
(and of course it's a bad idea from security perspective unless using it
e.g. in a trusted vpn). But as this is a legacy system, don't change
more than necessary and keep the old init script.
Related: SYS#6402
Change-Id: If6815dde787c385b2f2310a01f1c13f0a983903d
This commit is contained in:
parent
d1967ad94a
commit
b60a2ba297
|
|
@ -40,28 +40,49 @@ done
|
|||
if [ $readonly_rootfs = "1" ]; then
|
||||
mkdir -p /var/lib/dropbear
|
||||
DROPBEAR_RSAKEY_DEFAULT="/var/lib/dropbear/dropbear_rsa_host_key"
|
||||
DROPBEAR_DSSKEY_DEFAULT="/var/lib/dropbear/dropbear_dss_host_key"
|
||||
else
|
||||
DROPBEAR_RSAKEY_DEFAULT="/etc/dropbear/dropbear_rsa_host_key"
|
||||
DROPBEAR_DSSKEY_DEFAULT="/etc/dropbear/dropbear_dss_host_key"
|
||||
fi
|
||||
|
||||
test -z "$DROPBEAR_BANNER" || \
|
||||
DROPBEAR_EXTRA_ARGS="$DROPBEAR_EXTRA_ARGS -b $DROPBEAR_BANNER"
|
||||
test -n "$DROPBEAR_RSAKEY" || \
|
||||
DROPBEAR_RSAKEY=$DROPBEAR_RSAKEY_DEFAULT
|
||||
test -n "$DROPBEAR_DSSKEY" || \
|
||||
DROPBEAR_DSSKEY=$DROPBEAR_DSSKEY_DEFAULT
|
||||
test -n "$DROPBEAR_KEYTYPES" || \
|
||||
DROPBEAR_KEYTYPES="rsa"
|
||||
|
||||
gen_keys() {
|
||||
if [ -f "$DROPBEAR_RSAKEY" -a ! -s "$DROPBEAR_RSAKEY" ]; then
|
||||
rm $DROPBEAR_RSAKEY || true
|
||||
fi
|
||||
test -f $DROPBEAR_RSAKEY || dropbearkey -t rsa -f $DROPBEAR_RSAKEY $DROPBEAR_RSAKEY_ARGS
|
||||
for t in $DROPBEAR_KEYTYPES; do
|
||||
case $t in
|
||||
rsa)
|
||||
if [ -f "$DROPBEAR_RSAKEY" -a ! -s "$DROPBEAR_RSAKEY" ]; then
|
||||
rm $DROPBEAR_RSAKEY
|
||||
fi
|
||||
test -f $DROPBEAR_RSAKEY || dropbearkey -t rsa -f $DROPBEAR_RSAKEY
|
||||
;;
|
||||
dsa)
|
||||
if [ -f "$DROPBEAR_DSSKEY" -a ! -s "$DROPBEAR_DSSKEY" ]; then
|
||||
rm $DROPBEAR_DSSKEY
|
||||
fi
|
||||
test -f $DROPBEAR_DSSKEY || dropbearkey -t dss -f $DROPBEAR_DSSKEY
|
||||
;;
|
||||
esac
|
||||
done
|
||||
}
|
||||
|
||||
case "$1" in
|
||||
start)
|
||||
echo -n "Starting $DESC: "
|
||||
gen_keys
|
||||
KEY_ARGS=""
|
||||
test -f $DROPBEAR_DSSKEY && KEY_ARGS="$KEY_ARGS -d $DROPBEAR_DSSKEY"
|
||||
test -f $DROPBEAR_RSAKEY && KEY_ARGS="$KEY_ARGS -r $DROPBEAR_RSAKEY"
|
||||
start-stop-daemon -S -p $PIDFILE \
|
||||
-x "$DAEMON" -- -r $DROPBEAR_RSAKEY \
|
||||
-x "$DAEMON" -- $KEY_ARGS \
|
||||
-p "$DROPBEAR_PORT" $DROPBEAR_EXTRA_ARGS
|
||||
echo "$NAME."
|
||||
;;
|
||||
|
|
@ -74,8 +95,11 @@ case "$1" in
|
|||
echo -n "Restarting $DESC: "
|
||||
start-stop-daemon -K -x "$DAEMON" -p $PIDFILE
|
||||
sleep 1
|
||||
KEY_ARGS=""
|
||||
test -f $DROPBEAR_DSSKEY && KEY_ARGS="$KEY_ARGS -d $DROPBEAR_DSSKEY"
|
||||
test -f $DROPBEAR_RSAKEY && KEY_ARGS="$KEY_ARGS -r $DROPBEAR_RSAKEY"
|
||||
start-stop-daemon -S -p $PIDFILE \
|
||||
-x "$DAEMON" -- -r $DROPBEAR_RSAKEY \
|
||||
-x "$DAEMON" -- $KEY_ARGS \
|
||||
-p "$DROPBEAR_PORT" $DROPBEAR_EXTRA_ARGS
|
||||
echo "$NAME."
|
||||
;;
|
||||
|
|
|
|||
|
|
@ -1,4 +0,0 @@
|
|||
THISDIR := "${@os.path.dirname(d.getVar('FILE', True))}"
|
||||
FILESPATH =. "${@base_set_filespath(["${THISDIR}/files"], d)}:"
|
||||
|
||||
PRINC="4"
|
||||
|
|
@ -1,113 +0,0 @@
|
|||
#!/bin/sh
|
||||
### BEGIN INIT INFO
|
||||
# Provides: sshd
|
||||
# Required-Start: $remote_fs $syslog $networking
|
||||
# Required-Stop: $remote_fs $syslog
|
||||
# Default-Start: 2 3 4 5
|
||||
# Default-Stop: 1
|
||||
# Short-Description: Dropbear Secure Shell server
|
||||
### END INIT INFO
|
||||
#
|
||||
# Do not configure this file. Edit /etc/default/dropbear instead!
|
||||
#
|
||||
|
||||
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
|
||||
DAEMON=/usr/sbin/dropbear
|
||||
NAME=dropbear
|
||||
DESC="Dropbear SSH server"
|
||||
PIDFILE=/var/run/dropbear.pid
|
||||
|
||||
DROPBEAR_PORT=22
|
||||
DROPBEAR_EXTRA_ARGS=
|
||||
NO_START=0
|
||||
|
||||
set -e
|
||||
|
||||
test ! -r /etc/default/dropbear || . /etc/default/dropbear
|
||||
test "$NO_START" = "0" || exit 0
|
||||
test -x "$DAEMON" || exit 0
|
||||
test ! -h /var/service/dropbear || exit 0
|
||||
|
||||
readonly_rootfs=0
|
||||
for flag in `awk '{ if ($2 == "/") { split($4,FLAGS,",") } }; END { for (f in FLAGS) print FLAGS[f] }' </proc/mounts`; do
|
||||
case $flag in
|
||||
ro)
|
||||
readonly_rootfs=1
|
||||
;;
|
||||
esac
|
||||
done
|
||||
|
||||
if [ $readonly_rootfs = "1" ]; then
|
||||
mkdir -p /var/lib/dropbear
|
||||
DROPBEAR_RSAKEY_DEFAULT="/var/lib/dropbear/dropbear_rsa_host_key"
|
||||
DROPBEAR_DSSKEY_DEFAULT="/var/lib/dropbear/dropbear_dss_host_key"
|
||||
else
|
||||
DROPBEAR_RSAKEY_DEFAULT="/etc/dropbear/dropbear_rsa_host_key"
|
||||
DROPBEAR_DSSKEY_DEFAULT="/etc/dropbear/dropbear_dss_host_key"
|
||||
fi
|
||||
|
||||
test -z "$DROPBEAR_BANNER" || \
|
||||
DROPBEAR_EXTRA_ARGS="$DROPBEAR_EXTRA_ARGS -b $DROPBEAR_BANNER"
|
||||
test -n "$DROPBEAR_RSAKEY" || \
|
||||
DROPBEAR_RSAKEY=$DROPBEAR_RSAKEY_DEFAULT
|
||||
test -n "$DROPBEAR_DSSKEY" || \
|
||||
DROPBEAR_DSSKEY=$DROPBEAR_DSSKEY_DEFAULT
|
||||
test -n "$DROPBEAR_KEYTYPES" || \
|
||||
DROPBEAR_KEYTYPES="rsa"
|
||||
|
||||
gen_keys() {
|
||||
for t in $DROPBEAR_KEYTYPES; do
|
||||
case $t in
|
||||
rsa)
|
||||
if [ -f "$DROPBEAR_RSAKEY" -a ! -s "$DROPBEAR_RSAKEY" ]; then
|
||||
rm $DROPBEAR_RSAKEY
|
||||
fi
|
||||
test -f $DROPBEAR_RSAKEY || dropbearkey -t rsa -f $DROPBEAR_RSAKEY
|
||||
;;
|
||||
dsa)
|
||||
if [ -f "$DROPBEAR_DSSKEY" -a ! -s "$DROPBEAR_DSSKEY" ]; then
|
||||
rm $DROPBEAR_DSSKEY
|
||||
fi
|
||||
test -f $DROPBEAR_DSSKEY || dropbearkey -t dss -f $DROPBEAR_DSSKEY
|
||||
;;
|
||||
esac
|
||||
done
|
||||
}
|
||||
|
||||
case "$1" in
|
||||
start)
|
||||
echo -n "Starting $DESC: "
|
||||
gen_keys
|
||||
KEY_ARGS=""
|
||||
test -f $DROPBEAR_DSSKEY && KEY_ARGS="$KEY_ARGS -d $DROPBEAR_DSSKEY"
|
||||
test -f $DROPBEAR_RSAKEY && KEY_ARGS="$KEY_ARGS -r $DROPBEAR_RSAKEY"
|
||||
start-stop-daemon -S -p $PIDFILE \
|
||||
-x "$DAEMON" -- $KEY_ARGS \
|
||||
-p "$DROPBEAR_PORT" $DROPBEAR_EXTRA_ARGS
|
||||
echo "$NAME."
|
||||
;;
|
||||
stop)
|
||||
echo -n "Stopping $DESC: "
|
||||
start-stop-daemon -K -x "$DAEMON" -p $PIDFILE
|
||||
echo "$NAME."
|
||||
;;
|
||||
restart|force-reload)
|
||||
echo -n "Restarting $DESC: "
|
||||
start-stop-daemon -K -x "$DAEMON" -p $PIDFILE
|
||||
sleep 1
|
||||
KEY_ARGS=""
|
||||
test -f $DROPBEAR_DSSKEY && KEY_ARGS="$KEY_ARGS -d $DROPBEAR_DSSKEY"
|
||||
test -f $DROPBEAR_RSAKEY && KEY_ARGS="$KEY_ARGS -r $DROPBEAR_RSAKEY"
|
||||
start-stop-daemon -S -p $PIDFILE \
|
||||
-x "$DAEMON" -- $KEY_ARGS \
|
||||
-p "$DROPBEAR_PORT" $DROPBEAR_EXTRA_ARGS
|
||||
echo "$NAME."
|
||||
;;
|
||||
*)
|
||||
N=/etc/init.d/$NAME
|
||||
echo "Usage: $N {start|stop|restart|force-reload}" >&2
|
||||
exit 1
|
||||
;;
|
||||
esac
|
||||
|
||||
exit 0
|
||||
Loading…
Reference in New Issue