From mboxrd@z Thu Jan 1 00:00:00 1970 Delivery-date: Fri, 26 Nov 2021 15:35:39 +0100 Received: from metis.ext.pengutronix.de ([2001:67c:670:201:290:27ff:fe1d:cc33]) by lore.white.stw.pengutronix.de with esmtp (Exim 4.92) (envelope-from ) id 1mqcKB-0004BH-4e for lore@lore.pengutronix.de; Fri, 26 Nov 2021 15:35:39 +0100 Received: from localhost ([127.0.0.1] helo=metis.ext.pengutronix.de) by metis.ext.pengutronix.de with esmtp (Exim 4.92) (envelope-from ) id 1mqcKA-0006Bh-P2; Fri, 26 Nov 2021 15:35:38 +0100 Received: from drehscheibe.grey.stw.pengutronix.de ([2a0a:edc0:0:c01:1d::a2]) by metis.ext.pengutronix.de with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1mqcJf-0005CT-VC; Fri, 26 Nov 2021 15:35:08 +0100 Received: from [2a0a:edc0:0:1101:1d::39] (helo=dude03.red.stw.pengutronix.de) by drehscheibe.grey.stw.pengutronix.de with esmtp (Exim 4.94.2) (envelope-from ) id 1mqcJf-001Bux-Ao; Fri, 26 Nov 2021 15:35:06 +0100 Received: from mol by dude03.red.stw.pengutronix.de with local (Exim 4.94.2) (envelope-from ) id 1mqcJd-0053pX-P4; Fri, 26 Nov 2021 15:35:05 +0100 From: Michael Olbrich To: ptxdist@pengutronix.de Date: Fri, 26 Nov 2021 15:35:05 +0100 Message-Id: <20211126143505.1206318-1-m.olbrich@pengutronix.de> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20211105154734.19983-8-ada@thorsis.com> References: <20211105154734.19983-8-ada@thorsis.com> MIME-Version: 1.0 Subject: Re: [ptxdist] [APPLIED] dropbear: rc-once: Regenerate key if invalid key is found X-BeenThere: ptxdist@pengutronix.de X-Mailman-Version: 2.1.29 Precedence: list List-Id: PTXdist Development Mailing List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: ptxdist@pengutronix.de Cc: Alexander Dahl Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "ptxdist" X-SA-Exim-Connect-IP: 127.0.0.1 X-SA-Exim-Mail-From: ptxdist-bounces@pengutronix.de X-SA-Exim-Scanned: No (on metis.ext.pengutronix.de); SAEximRunCond expanded to false Thanks, applied as 2e864fb02dbb3733f2ef3808b86364441da364a2. Michael [sent from post-receive hook] On Fri, 26 Nov 2021 15:35:05 +0100, Alexander Dahl wrote: > Previously just existence of a key file was checked, which allowed > empty key files or invalid key files to persist. That would have > prevented dropbear server daemon startup. > > Note: this does not always regenerate keys, only if rc-once is triggered > and run again for whatever reason. > > Signed-off-by: Alexander Dahl > Message-Id: <20211105154734.19983-8-ada@thorsis.com> > Signed-off-by: Michael Olbrich > > diff --git a/projectroot/etc/rc.once.d/dropbear b/projectroot/etc/rc.once.d/dropbear > index b1c40fdbbe5c..8a04406242e4 100644 > --- a/projectroot/etc/rc.once.d/dropbear > +++ b/projectroot/etc/rc.once.d/dropbear > @@ -8,7 +8,8 @@ gen_key() { > key_type=$1 > key_file=$2 > > - [ -e "$key_file" ] && return > + # do not overwrite valid key files > + [ -s "$key_file" ] && dropbearkey -y -f "$key_file" > /dev/null 2>&1 && return > > rm -f $key_file > /dev/null 2>&1 > _______________________________________________ ptxdist mailing list ptxdist@pengutronix.de To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de