Merge ~andrea-frittoli/cirros:bug_1564948 into cirros:0.3

Proposed by Andrea Frittoli on 2017-02-08
Status: Merged
Merged at revision: 093f907ecd117fd23c70180d4f13b7b89952204d
Proposed branch: ~andrea-frittoli/cirros:bug_1564948
Merge into: cirros:0.3
Diff against target: 74 lines (+68/-0)
1 file modified
src/etc/init.d/S50dropbear (+68/-0)
Reviewer Review Type Date Requested Status
cirros developers 2017-02-08 Pending
Review via email: mp+316711@code.launchpad.net

Description of the change

This branch includes two commits (1 cherry-picked from master, 1 extra fix to make this working on 0.3), which fixes https://launchpad.net/bugs/1564948.

The content of the cherry-picked commit is http://bazaar.launchpad.net/~cirros-dev/cirros/trunk/revision/366, rebased on top of branch 3.0, with the only conflict being the removal of dropbear-init-generate-keys.patch from patches-buildroot/series.

A Tempest test for hard reboot in some cases hits the case where the host key is empty, as the file system flush does not happen quickly enough. This triggers bugs/1564948, i.e. the ssh daemon does not start at all, and the Tempest test fails with "connection refused", which is misleading.

Using a new release of CirrOS which includes this branch would solve the problem.

To post a comment you must log in.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/src/etc/init.d/S50dropbear b/src/etc/init.d/S50dropbear
2new file mode 100755
3index 0000000..1ce463f
4--- /dev/null
5+++ b/src/etc/init.d/S50dropbear
6@@ -0,0 +1,68 @@
7+#!/bin/sh
8+#
9+# Starts dropbear sshd.
10+#
11+
12+echo "Top of dropbear init script"
13+
14+# Allow a few customizations from a config file
15+test -r /etc/default/dropbear && . /etc/default/dropbear
16+
17+start() {
18+ DROPBEAR_ARGS="$DROPBEAR_ARGS -R"
19+
20+ echo -n "Starting dropbear sshd: "
21+ umask 077
22+ # Ensure host keys are changed when instance ID changes
23+ cirros-per instance remove-dropbear-host-keys -- rm -rf /etc/dropbear
24+
25+ # Make sure dropbear directory exists
26+ if [ ! -d /etc/dropbear ]; then
27+ mkdir -p /etc/dropbear
28+ fi
29+
30+ # Regenerate invalid or missing keys
31+ local ktype file
32+ for ktype in rsa dss ecdsa; do
33+ file="/etc/dropbear/dropbear_${ktype}_host_key"
34+ # -f = input file, -y = validate and print pubkey info
35+ if ! dropbearkey -f "$file" -y &>/dev/null; then
36+ if [ -e "$file" ]; then
37+ echo "Removing invalid key: $file"
38+ rm -f "$file"
39+ fi
40+ # -t = type (dss, rsa, ecdsa), -f = output file
41+ dropbearkey -t "$ktype" -f "$file" >/dev/null 2>&1 ||
42+ echo "WARN: generating key of type $ktype failed!"
43+ fi
44+ done
45+ start-stop-daemon -S -q -p /var/run/dropbear.pid \
46+ --exec /usr/sbin/dropbear -- $DROPBEAR_ARGS
47+ [ $? = 0 ] && echo "OK" || echo "FAIL"
48+}
49+stop() {
50+ echo -n "Stopping dropbear sshd: "
51+ start-stop-daemon -K -q -p /var/run/dropbear.pid
52+ [ $? = 0 ] && echo "OK" || echo "FAIL"
53+}
54+restart() {
55+ stop
56+ start
57+}
58+
59+case "$1" in
60+ start)
61+ start
62+ ;;
63+ stop)
64+ stop
65+ ;;
66+ restart|reload)
67+ restart
68+ ;;
69+ *)
70+ echo "Usage: $0 {start|stop|restart}"
71+ exit 1
72+esac
73+
74+exit $?

Subscribers

People subscribed via source and target branches