From mboxrd@z Thu Jan 1 00:00:00 1970 Delivery-date: Mon, 18 Oct 2021 16:36:49 +0200 Received: from metis.ext.pengutronix.de ([2001:67c:670:201:290:27ff:fe1d:cc33]) by lore.white.stw.pengutronix.de with esmtp (Exim 4.92) (envelope-from ) id 1mcTkv-0005oG-NK for lore@lore.pengutronix.de; Mon, 18 Oct 2021 16:36:49 +0200 Received: from localhost ([127.0.0.1] helo=metis.ext.pengutronix.de) by metis.ext.pengutronix.de with esmtp (Exim 4.92) (envelope-from ) id 1mcTkv-0002HU-5l; Mon, 18 Oct 2021 16:36:49 +0200 Received: from mail.thorsis.com ([92.198.35.195]) by metis.ext.pengutronix.de with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1mcTkN-0001L8-Ev; Mon, 18 Oct 2021 16:36:16 +0200 Received: from localhost (localhost [127.0.0.1]) by mail.thorsis.com (Postfix) with ESMTP id 9B6731CB9; Mon, 18 Oct 2021 16:36:14 +0200 (CEST) X-Virus-Scanned: Debian amavisd-new at mail.thorsis.com Received: from mail.thorsis.com ([127.0.0.1]) by localhost (mail.thorsis.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XIq9ZS7TEwvo; Mon, 18 Oct 2021 16:36:14 +0200 (CEST) Received: by mail.thorsis.com (Postfix, from userid 109) id CA6871CA5; Mon, 18 Oct 2021 16:36:12 +0200 (CEST) Received: from adahl by ada.ifak-system.com with local (Exim 4.92) (envelope-from ) id 1mcTk2-0007Bs-MG; Mon, 18 Oct 2021 16:35:54 +0200 From: Alexander Dahl To: ptxdist@pengutronix.de Date: Mon, 18 Oct 2021 16:35:51 +0200 Message-Id: <20211018143554.27573-6-ada@thorsis.com> In-Reply-To: <20211018143554.27573-1-ada@thorsis.com> References: <20211018143554.27573-1-ada@thorsis.com> X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on metis.ext.pengutronix.de X-Spam-Level: X-Spam-Status: No, score=-2.6 required=4.0 tests=AWL,BAYES_00,SPF_HELO_NONE, SPF_PASS autolearn=ham autolearn_force=no version=3.4.2 Subject: [ptxdist] [PATCH v2 5/8] dropbear: Refactor rc-once and init to use KEYTYPES X-BeenThere: ptxdist@pengutronix.de X-Mailman-Version: 2.1.29 Precedence: list List-Id: PTXdist Development Mailing List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: ptxdist@pengutronix.de Cc: Denis Osterland-Heim , Michael Olbrich , Bruno Thomsen , Alexander Stein MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "ptxdist" X-SA-Exim-Connect-IP: 127.0.0.1 X-SA-Exim-Mail-From: ptxdist-bounces@pengutronix.de X-SA-Exim-Scanned: No (on metis.ext.pengutronix.de); SAEximRunCond expanded to false Previously DSS and RSA keys were always generated, regardless if dropbear was built with support for that host key or not, which somehow contradicts what commit message of 01ac7cc409b5 ("dropbear: Remove deprecated options") promised. No other things changed here, just considering that KEYTYPES list for 'rsa' and 'dss' for now. Signed-off-by: Alexander Dahl --- projectroot/etc/init.d/dropbear | 17 ++++++++++++++--- projectroot/etc/rc.once.d/dropbear | 26 +++++++++++++++++++++++--- 2 files changed, 37 insertions(+), 6 deletions(-) diff --git a/projectroot/etc/init.d/dropbear b/projectroot/etc/init.d/dropbear index 342565f93..88ef5aa71 100644 --- a/projectroot/etc/init.d/dropbear +++ b/projectroot/etc/init.d/dropbear @@ -15,10 +15,21 @@ test -z "$DROPBEAR_BANNER" || \ DROPBEAR_EXTRA_ARGS="$DROPBEAR_EXTRA_ARGS -b $DROPBEAR_BANNER" dropbear_start() { - KEY_ARGS="" - test -f $DROPBEAR_DSSKEY && KEY_ARGS="$KEY_ARGS -d $DROPBEAR_DSSKEY" - test -f $DROPBEAR_RSAKEY && KEY_ARGS="$KEY_ARGS -r $DROPBEAR_RSAKEY" + for keytype in $DROPBEAR_KEYTYPES + do + case "$keytype" in + dss) + test -f $DROPBEAR_DSSKEY && KEY_ARGS="$KEY_ARGS -d $DROPBEAR_DSSKEY" + ;; + rsa) + test -f $DROPBEAR_RSAKEY && KEY_ARGS="$KEY_ARGS -r $DROPBEAR_RSAKEY" + ;; + *) + echo "Key type '$keytype' not supported" + ;; + esac + done echo -n "starting dropbear..." diff --git a/projectroot/etc/rc.once.d/dropbear b/projectroot/etc/rc.once.d/dropbear index dd922d727..a9a1d475c 100644 --- a/projectroot/etc/rc.once.d/dropbear +++ b/projectroot/etc/rc.once.d/dropbear @@ -5,10 +5,11 @@ PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin . /usr/lib/init/dropbear.sh gen_key() { - key_type=$1 key_file=$2 + [ -e "$key_file" ] && return + rm -f $key_file > /dev/null 2>&1 echo -n "generating $key_type key..." @@ -22,6 +23,25 @@ gen_key() { fi } -[ -e "$DROPBEAR_RSAKEY" ] || gen_key rsa "$DROPBEAR_RSAKEY" -[ -e "$DROPBEAR_DSSKEY" ] || gen_key dss "$DROPBEAR_DSSKEY" +gen_keys() { + for keytype in $DROPBEAR_KEYTYPES + do + case "$keytype" in + dss) + gen_key dss "$DROPBEAR_DSSKEY" + ;; + rsa) + gen_key rsa "$DROPBEAR_RSAKEY" + ;; + *) + echo "Key type '$keytype' not supported" + ;; + esac + done +} +if ! gen_keys +then + echo "Generating SSH keys failed!" + exit 1 +fi -- 2.30.2 _______________________________________________ ptxdist mailing list ptxdist@pengutronix.de To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de