CirrOS

Merge lp:~hughsaunders/cirros/dropbearinit into lp:cirros

  1. dropbearinit
  2. Merge into trunk
Proposed by Hugh Saunders
Status: Merged
Merged at revision: 366
Proposed branch: lp:~hughsaunders/cirros/dropbearinit
Merge into: lp:cirros
Diff against target: 130 lines (+70/-29)
4 files modified
patches-buildroot/dropbear-init-generate-keys.patch (+0/-27)
patches-buildroot/series (+0/-1)
src/etc/init.d/S50dropbear (+68/-0)
src/etc/init.d/resizefs (+2/-1)
To merge this branch: bzr merge lp:~hughsaunders/cirros/dropbearinit
Reviewer Review Type Date Requested Status
Scott Moser Pending
Review via email: mp+291895@code.launchpad.net

Description of the change

An alternative approach to https://code.launchpad.net/~hughsaunders/cirros/dropbearkey/+merge/290888

Instead of updating the patch for the dropbear init script, carry the whole script. Also moves resizefs to before dropbear in rc3.d.

To post a comment you must log in.
Revision history for this message
Hugh Saunders (hughsaunders) wrote :

More code but at least the diff makes sense :/

Revision history for this message
Scott Moser (smoser) wrote :

we shouldnt be *so* tight that we can't write a few key files.
so i'd rather not put the resize change in place.
I realize background resize is possibly odd, but without knowing that we can resize -> 10G in sub-second, i'm not itnerested in blocking on it.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== removed file 'patches-buildroot/dropbear-init-generate-keys.patch'
2--- patches-buildroot/dropbear-init-generate-keys.patch 2015-05-28 01:28:20 +0000
3+++ patches-buildroot/dropbear-init-generate-keys.patch 1970-01-01 00:00:00 +0000
4@@ -1,27 +0,0 @@
5-generate keys in dropbear sysvinit script
6-
7-buildroot upstream now uses '-R' to get their keys generated
8-which is to generate them on the fly. We'd rather they're explicitly
9-generated ahead of time so that we can log them.
10-Index: buildroot/package/dropbear/S50dropbear
11-===================================================================
12---- buildroot.orig/package/dropbear/S50dropbear 2014-09-01 11:20:56.000000000 +0000
13-+++ buildroot/package/dropbear/S50dropbear 2014-09-16 19:29:54.320096000 +0000
14-@@ -6,9 +6,17 @@
15- # Allow a few customizations from a config file
16- test -r /etc/default/dropbear && . /etc/default/dropbear
17-
18-+DROPBEAR_KEYTYPES="rsa dss ecc"
19- start() {
20- DROPBEAR_ARGS="$DROPBEAR_ARGS -R"
21-
22-+ local ktype file
23-+ for ktype in rsa dss ecdsa; do
24-+ file="/etc/dropbear/dropbear_${ktype}_host_key"
25-+ cirros-per instance dropbear-keygen-$ktype -- \
26-+ dropbearkey -t "$ktype" -f "$file" >/dev/null 2>&1 ||
27-+ echo "WARN: generating key of type $ktype failed!"
28-+ done
29- echo -n "Starting dropbear sshd: "
30- umask 077
31- start-stop-daemon -S -q -p /var/run/dropbear.pid \
32
33=== modified file 'patches-buildroot/series'
34--- patches-buildroot/series 2015-05-08 16:34:40 +0000
35+++ patches-buildroot/series 2016-04-14 14:21:38 +0000
36@@ -1,2 +1,1 @@
37 ifupdown-cirros.patch
38-dropbear-init-generate-keys.patch
39
40=== added file 'src/etc/init.d/S50dropbear'
41--- src/etc/init.d/S50dropbear 1970-01-01 00:00:00 +0000
42+++ src/etc/init.d/S50dropbear 2016-04-14 14:21:38 +0000
43@@ -0,0 +1,68 @@
44+#!/bin/sh
45+#
46+# Starts dropbear sshd.
47+#
48+
49+echo "Top of dropbear init script"
50+
51+# Allow a few customizations from a config file
52+test -r /etc/default/dropbear && . /etc/default/dropbear
53+
54+start() {
55+ DROPBEAR_ARGS="$DROPBEAR_ARGS -R"
56+
57+ echo -n "Starting dropbear sshd: "
58+ umask 077
59+ # Ensure host keys are changed when instance ID changes
60+ cirros-per instance remove-dropbear-host-keys -- rm -rf /etc/dropbear
61+
62+ # Make sure dropbear directory exists
63+ if [ ! -d /etc/dropbear ]; then
64+ mkdir -p /etc/dropbear
65+ fi
66+
67+ # Regenerate invalid or missing keys
68+ local ktype file
69+ for ktype in rsa dss ecdsa; do
70+ file="/etc/dropbear/dropbear_${ktype}_host_key"
71+ # -f = input file, -y = validate and print pubkey info
72+ if ! dropbearkey -f "$file" -y &>/dev/null; then
73+ if [ -e "$file" ]; then
74+ echo "Removing invalid key: $file"
75+ rm -f "$file"
76+ fi
77+ # -t = type (dss, rsa, ecdsa), -f = output file
78+ dropbearkey -t "$ktype" -f "$file" >/dev/null 2>&1 ||
79+ echo "WARN: generating key of type $ktype failed!"
80+ fi
81+ done
82+ start-stop-daemon -S -q -p /var/run/dropbear.pid \
83+ --exec /usr/sbin/dropbear -- $DROPBEAR_ARGS
84+ [ $? = 0 ] && echo "OK" || echo "FAIL"
85+}
86+stop() {
87+ echo -n "Stopping dropbear sshd: "
88+ start-stop-daemon -K -q -p /var/run/dropbear.pid
89+ [ $? = 0 ] && echo "OK" || echo "FAIL"
90+}
91+restart() {
92+ stop
93+ start
94+}
95+
96+case "$1" in
97+ start)
98+ start
99+ ;;
100+ stop)
101+ stop
102+ ;;
103+ restart|reload)
104+ restart
105+ ;;
106+ *)
107+ echo "Usage: $0 {start|stop|restart}"
108+ exit 1
109+esac
110+
111+exit $?
112
113=== modified file 'src/etc/init.d/resizefs'
114--- src/etc/init.d/resizefs 2015-05-28 19:47:25 +0000
115+++ src/etc/init.d/resizefs 2016-04-14 14:21:38 +0000
116@@ -1,7 +1,8 @@
117 #!/bin/sh
118 # vi: ts=4 noexpandtab
119
120-RESIZE_MODE="background"
121+echo "Top of resize init script"
122+RESIZE_MODE="foreground"
123 GROWROOT="enabled"
124 if [ -f /etc/default/resizefs ]; then
125 . /etc/default/resizefs
126
127=== added symlink 'src/etc/rc3.d/S49-resizefs'
128=== target is u'../init.d/resizefs'
129=== removed symlink 'src/etc/rc3.d/S55-resizefs'
130=== target was u'../init.d/resizefs'

Subscribers

People subscribed via source and target branches