From mboxrd@z Thu Jan 1 00:00:00 1970 Delivery-date: Fri, 22 Oct 2021 11:05:53 +0200 Received: from metis.ext.pengutronix.de ([2001:67c:670:201:290:27ff:fe1d:cc33]) by lore.white.stw.pengutronix.de with esmtp (Exim 4.92) (envelope-from ) id 1mdqUr-0001KE-1x for lore@lore.pengutronix.de; Fri, 22 Oct 2021 11:05:53 +0200 Received: from localhost ([127.0.0.1] helo=metis.ext.pengutronix.de) by metis.ext.pengutronix.de with esmtp (Exim 4.92) (envelope-from ) id 1mdqUq-00043P-Li; Fri, 22 Oct 2021 11:05:52 +0200 Received: from mail.thorsis.com ([92.198.35.195]) by metis.ext.pengutronix.de with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1mdqUj-00042p-3p; Fri, 22 Oct 2021 11:05:46 +0200 Received: from localhost (localhost [127.0.0.1]) by mail.thorsis.com (Postfix) with ESMTP id 510CE324C; Fri, 22 Oct 2021 11:05:44 +0200 (CEST) X-Virus-Scanned: Debian amavisd-new at mail.thorsis.com Received: from mail.thorsis.com ([127.0.0.1]) by localhost (mail.thorsis.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 71KGXsCe4ZrK; Fri, 22 Oct 2021 11:05:44 +0200 (CEST) Received: by mail.thorsis.com (Postfix, from userid 109) id 2FDA429C4; Fri, 22 Oct 2021 11:05:44 +0200 (CEST) From: Alexander Dahl To: Michael Olbrich Date: Fri, 22 Oct 2021 11:05:37 +0200 Message-ID: <3971939.r3f0tfIcqM@ada> Organization: Thorsis Technologies GmbH In-Reply-To: References: <20211018143554.27573-1-ada@thorsis.com> <20211018143554.27573-6-ada@thorsis.com> X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on metis.ext.pengutronix.de X-Spam-Level: X-Spam-Status: No, score=-2.6 required=4.0 tests=AWL,BAYES_00,SPF_HELO_NONE, SPF_PASS autolearn=ham autolearn_force=no version=3.4.2 Subject: Re: [ptxdist] [PATCH v2 5/8] dropbear: Refactor rc-once and init to use KEYTYPES X-BeenThere: ptxdist@pengutronix.de X-Mailman-Version: 2.1.29 Precedence: list List-Id: PTXdist Development Mailing List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: ptxdist@pengutronix.de Cc: Denis Osterland-Heim , ptxdist@pengutronix.de, Bruno Thomsen , Alexander Stein MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Sender: "ptxdist" X-SA-Exim-Connect-IP: 127.0.0.1 X-SA-Exim-Mail-From: ptxdist-bounces@pengutronix.de X-SA-Exim-Scanned: No (on metis.ext.pengutronix.de); SAEximRunCond expanded to false Hello Michael, Am Freitag, 22. Oktober 2021, 10:44:05 CEST schrieb Michael Olbrich: > On Mon, Oct 18, 2021 at 04:35:51PM +0200, Alexander Dahl wrote: > > Previously DSS and RSA keys were always generated, regardless if > > dropbear was built with support for that host key or not, which somehow > > contradicts what commit message of 01ac7cc409b5 ("dropbear: Remove > > deprecated options") promised. > > = > > No other things changed here, just considering that KEYTYPES list for > > 'rsa' and 'dss' for now. > > = > > Signed-off-by: Alexander Dahl > > --- > > = > > projectroot/etc/init.d/dropbear | 17 ++++++++++++++--- > > projectroot/etc/rc.once.d/dropbear | 26 +++++++++++++++++++++++--- > > 2 files changed, 37 insertions(+), 6 deletions(-) > > = > > diff --git a/projectroot/etc/init.d/dropbear > > b/projectroot/etc/init.d/dropbear index 342565f93..88ef5aa71 100644 > > --- a/projectroot/etc/init.d/dropbear > > +++ b/projectroot/etc/init.d/dropbear > > @@ -15,10 +15,21 @@ test -z "$DROPBEAR_BANNER" || \ > > = > > DROPBEAR_EXTRA_ARGS=3D"$DROPBEAR_EXTRA_ARGS -b $DROPBEAR_BANNER" > > = > > dropbear_start() { > > = > > - > > = > > KEY_ARGS=3D"" > > = > > - test -f $DROPBEAR_DSSKEY && KEY_ARGS=3D"$KEY_ARGS -d $DROPBEAR_DSS= KEY" > > - test -f $DROPBEAR_RSAKEY && KEY_ARGS=3D"$KEY_ARGS -r $DROPBEAR_RSA= KEY" > > + for keytype in $DROPBEAR_KEYTYPES > > + do > > + case "$keytype" in > > + dss) > > + test -f $DROPBEAR_DSSKEY && KEY_ARGS=3D"$KEY_ARGS -d > > $DROPBEAR_DSSKEY" + ;; > = > Isn't dss disabled completely? So do we actually need this? Depends where you look. :-/ The option was removed from ptxdist menu, yes. It is discouraged to use, ye= s. For the patch I did not want to refactor and change behaviour at the same = time, so I would propose another patch for removing dss key support from th= e = init and rc-once scripts. Should that come before or after the other change= s? >>From dropbear point of view I'm not 100% sure, but I think it's still possi= ble = to built with dss support. ptxdist does not make an explicit decision on th= at = and relies on dropbear internal defaults. Maybe we should disable that = explicitly? dropbear build is different from standard ways, so it's a littl= e = harder to pin down all the options. Greets Alex > = > Michael > = > > + rsa) > > + test -f $DROPBEAR_RSAKEY && KEY_ARGS=3D"$KEY_ARGS -r > > $DROPBEAR_RSAKEY" + ;; > > + *) > > + echo "Key type '$keytype' not supported" > > + ;; > > + esac > > + done > > = > > echo -n "starting dropbear..." > > = > > diff --git a/projectroot/etc/rc.once.d/dropbear > > b/projectroot/etc/rc.once.d/dropbear index dd922d727..a9a1d475c 100644 > > --- a/projectroot/etc/rc.once.d/dropbear > > +++ b/projectroot/etc/rc.once.d/dropbear > > @@ -5,10 +5,11 @@ > > PATH=3D/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin> = > > . /usr/lib/init/dropbear.sh > > = > > gen_key() { > > = > > - > > = > > key_type=3D$1 > > key_file=3D$2 > > = > > + [ -e "$key_file" ] && return > > + > > = > > rm -f $key_file > /dev/null 2>&1 > > = > > echo -n "generating $key_type key..." > > = > > @@ -22,6 +23,25 @@ gen_key() { > > = > > fi > > = > > } > > = > > -[ -e "$DROPBEAR_RSAKEY" ] || gen_key rsa "$DROPBEAR_RSAKEY" > > -[ -e "$DROPBEAR_DSSKEY" ] || gen_key dss "$DROPBEAR_DSSKEY" > > +gen_keys() { > > + for keytype in $DROPBEAR_KEYTYPES > > + do > > + case "$keytype" in > > + dss) > > + gen_key dss "$DROPBEAR_DSSKEY" > > + ;; > > + rsa) > > + gen_key rsa "$DROPBEAR_RSAKEY" > > + ;; > > + *) > > + echo "Key type '$keytype' not supported" > > + ;; > > + esac > > + done > > +} > > = > > +if ! gen_keys > > +then > > + echo "Generating SSH keys failed!" > > + exit 1 > > +fi -- = Alexander Dahl Thorsis Technologies GmbH T +49 391 544 563 1000 Industrieautomation Oststr. 18 F +49 391 544 563 9099 T +49 391 544 563 3036 39114 Magdeburg https://www.thorsis.co= m/ Sitz der Gesellschaft: Magdeburg Amtsgericht Stendal HRB 110339 Gesch=E4ftsf=FChrer: Dipl.-Ing. Thorsten Szczepanski _______________________________________________ ptxdist mailing list ptxdist@pengutronix.de To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@p= engutronix.de