From mboxrd@z Thu Jan  1 00:00:00 1970
Delivery-date: Mon, 18 Oct 2021 16:36:49 +0200
Received: from metis.ext.pengutronix.de ([2001:67c:670:201:290:27ff:fe1d:cc33])
	by lore.white.stw.pengutronix.de with esmtp (Exim 4.92)
	(envelope-from <ptxdist-bounces+lore=lore.pengutronix.de@pengutronix.de>)
	id 1mcTkv-0005oG-NK
	for lore@lore.pengutronix.de; Mon, 18 Oct 2021 16:36:49 +0200
Received: from localhost ([127.0.0.1] helo=metis.ext.pengutronix.de)
	by metis.ext.pengutronix.de with esmtp (Exim 4.92)
	(envelope-from <ptxdist-bounces@pengutronix.de>)
	id 1mcTkv-0002HU-5l; Mon, 18 Oct 2021 16:36:49 +0200
Received: from mail.thorsis.com ([92.198.35.195])
 by metis.ext.pengutronix.de with esmtps
 (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92)
 (envelope-from <ada@thorsis.com>)
 id 1mcTkN-0001L8-Ev; Mon, 18 Oct 2021 16:36:16 +0200
Received: from localhost (localhost [127.0.0.1])
 by mail.thorsis.com (Postfix) with ESMTP id 9B6731CB9;
 Mon, 18 Oct 2021 16:36:14 +0200 (CEST)
X-Virus-Scanned: Debian amavisd-new at mail.thorsis.com
Received: from mail.thorsis.com ([127.0.0.1])
 by localhost (mail.thorsis.com [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id XIq9ZS7TEwvo; Mon, 18 Oct 2021 16:36:14 +0200 (CEST)
Received: by mail.thorsis.com (Postfix, from userid 109)
 id CA6871CA5; Mon, 18 Oct 2021 16:36:12 +0200 (CEST)
Received: from adahl by ada.ifak-system.com with local (Exim 4.92)
 (envelope-from <ada@thorsis.com>)
 id 1mcTk2-0007Bs-MG; Mon, 18 Oct 2021 16:35:54 +0200
From: Alexander Dahl <ada@thorsis.com>
To: ptxdist@pengutronix.de
Date: Mon, 18 Oct 2021 16:35:51 +0200
Message-Id: <20211018143554.27573-6-ada@thorsis.com>
In-Reply-To: <20211018143554.27573-1-ada@thorsis.com>
References: <20211018143554.27573-1-ada@thorsis.com>
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on
 metis.ext.pengutronix.de
X-Spam-Level: 
X-Spam-Status: No, score=-2.6 required=4.0 tests=AWL,BAYES_00,SPF_HELO_NONE,
 SPF_PASS autolearn=ham autolearn_force=no version=3.4.2
Subject: [ptxdist] [PATCH v2 5/8] dropbear: Refactor rc-once and init to use
 KEYTYPES
X-BeenThere: ptxdist@pengutronix.de
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: PTXdist Development Mailing List <ptxdist.pengutronix.de>
List-Unsubscribe: <http://metis.pengutronix.de/cgi-bin/mailman/options/ptxdist>, 
 <mailto:ptxdist-request@pengutronix.de?subject=unsubscribe>
List-Archive: <http://metis.pengutronix.de/cgi-bin/mailman/private/ptxdist/>
List-Post: <mailto:ptxdist@pengutronix.de>
List-Help: <mailto:ptxdist-request@pengutronix.de?subject=help>
List-Subscribe: <http://metis.pengutronix.de/cgi-bin/mailman/listinfo/ptxdist>, 
 <mailto:ptxdist-request@pengutronix.de?subject=subscribe>
Reply-To: ptxdist@pengutronix.de
Cc: Denis Osterland-Heim <denis.osterland@diehl.com>,
 Michael Olbrich <m.olbrich@pengutronix.de>,
 Bruno Thomsen <bruno.thomsen@gmail.com>,
 Alexander Stein <alexander.stein@systec-electronic.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: "ptxdist" <ptxdist-bounces@pengutronix.de>
X-SA-Exim-Connect-IP: 127.0.0.1
X-SA-Exim-Mail-From: ptxdist-bounces@pengutronix.de
X-SA-Exim-Scanned: No (on metis.ext.pengutronix.de); SAEximRunCond expanded to false

Previously DSS and RSA keys were always generated, regardless if
dropbear was built with support for that host key or not, which somehow
contradicts what commit message of 01ac7cc409b5 ("dropbear: Remove
deprecated options") promised.

No other things changed here, just considering that KEYTYPES list for
'rsa' and 'dss' for now.

Signed-off-by: Alexander Dahl <ada@thorsis.com>
---
 projectroot/etc/init.d/dropbear    | 17 ++++++++++++++---
 projectroot/etc/rc.once.d/dropbear | 26 +++++++++++++++++++++++---
 2 files changed, 37 insertions(+), 6 deletions(-)

diff --git a/projectroot/etc/init.d/dropbear b/projectroot/etc/init.d/dropbear
index 342565f93..88ef5aa71 100644
--- a/projectroot/etc/init.d/dropbear
+++ b/projectroot/etc/init.d/dropbear
@@ -15,10 +15,21 @@ test -z "$DROPBEAR_BANNER" || \
   DROPBEAR_EXTRA_ARGS="$DROPBEAR_EXTRA_ARGS -b $DROPBEAR_BANNER"
 
 dropbear_start() {
-
     KEY_ARGS=""
-    test -f $DROPBEAR_DSSKEY && KEY_ARGS="$KEY_ARGS -d $DROPBEAR_DSSKEY"
-    test -f $DROPBEAR_RSAKEY && KEY_ARGS="$KEY_ARGS -r $DROPBEAR_RSAKEY"
+    for keytype in $DROPBEAR_KEYTYPES
+    do
+        case "$keytype" in
+            dss)
+                test -f $DROPBEAR_DSSKEY && KEY_ARGS="$KEY_ARGS -d $DROPBEAR_DSSKEY"
+                ;;
+            rsa)
+                test -f $DROPBEAR_RSAKEY && KEY_ARGS="$KEY_ARGS -r $DROPBEAR_RSAKEY"
+                ;;
+            *)
+                echo "Key type '$keytype' not supported"
+                ;;
+        esac
+    done
 
     echo -n "starting dropbear..."
 
diff --git a/projectroot/etc/rc.once.d/dropbear b/projectroot/etc/rc.once.d/dropbear
index dd922d727..a9a1d475c 100644
--- a/projectroot/etc/rc.once.d/dropbear
+++ b/projectroot/etc/rc.once.d/dropbear
@@ -5,10 +5,11 @@ PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
 . /usr/lib/init/dropbear.sh
 
 gen_key() {
-
 	key_type=$1
 	key_file=$2
 
+	[ -e "$key_file" ] && return
+
 	rm -f $key_file > /dev/null 2>&1
 
 	echo -n "generating $key_type key..."
@@ -22,6 +23,25 @@ gen_key() {
 	fi
 }
 
-[ -e "$DROPBEAR_RSAKEY" ] || gen_key rsa "$DROPBEAR_RSAKEY"
-[ -e "$DROPBEAR_DSSKEY" ] || gen_key dss "$DROPBEAR_DSSKEY"
+gen_keys() {
+	for keytype in $DROPBEAR_KEYTYPES
+	do
+		case "$keytype" in
+			dss)
+				gen_key dss "$DROPBEAR_DSSKEY"
+				;;
+			rsa)
+				gen_key rsa "$DROPBEAR_RSAKEY"
+				;;
+			*)
+				echo "Key type '$keytype' not supported"
+				;;
+		esac
+	done
+}
 
+if ! gen_keys
+then
+	echo "Generating SSH keys failed!"
+	exit 1
+fi
-- 
2.30.2


_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de
To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de