CirrOS

Merge lp:~hughsaunders/cirros/dropbearkey into lp:cirros

  1. dropbearkey
  2. Merge into trunk
Proposed by Scott Moser
Status: Rejected
Rejected by: Scott Moser
Proposed branch: lp:~hughsaunders/cirros/dropbearkey
Merge into: lp:cirros
Diff against target: 52 lines (+25/-13)
1 file modified
patches-buildroot/dropbear-init-generate-keys.patch (+25/-13)
To merge this branch: bzr merge lp:~hughsaunders/cirros/dropbearkey
Reviewer Review Type Date Requested Status
Scott Moser Approve
Review via email: mp+290888@code.launchpad.net
To post a comment you must log in.
Revision history for this message
Scott Moser (smoser) wrote :

using cirros-per is desirable here, we do want to re-generate keys for a new instance and you're dropping that here.

maybe something like:

how_often="instance"
# -f = file, -t = type (rsa or dss), -y = print public key (and check)
if [ -e "$file" ] && ! dropbearkey -f "$file" -y; then
  how_often="always"
  rm -f "$file"
  echo "WARN: removing invalid $file"
fi
cirros-per "$how_often" ...

Revision history for this message
Scott Moser (smoser) wrote :

this looks good, i just need to pull it.

review: Approve
Revision history for this message
Scott Moser (smoser) wrote :

rejected in favor of the Hugh's now-merged branch at lp:~hughsaunders/cirros/dropbearinit
https://code.launchpad.net/~hughsaunders/cirros/dropbearinit/+merge/291895

Unmerged revisions

364. By <email address hidden>

Replace invalid keys on dropbear init.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'patches-buildroot/dropbear-init-generate-keys.patch'
2--- patches-buildroot/dropbear-init-generate-keys.patch 2015-05-28 01:28:20 +0000
3+++ patches-buildroot/dropbear-init-generate-keys.patch 2016-04-06 20:39:02 +0000
4@@ -5,23 +5,35 @@
5 generated ahead of time so that we can log them.
6 Index: buildroot/package/dropbear/S50dropbear
7 ===================================================================
8---- buildroot.orig/package/dropbear/S50dropbear 2014-09-01 11:20:56.000000000 +0000
9-+++ buildroot/package/dropbear/S50dropbear 2014-09-16 19:29:54.320096000 +0000
10-@@ -6,9 +6,17 @@
11- # Allow a few customizations from a config file
12- test -r /etc/default/dropbear && . /etc/default/dropbear
13-
14-+DROPBEAR_KEYTYPES="rsa dss ecc"
15- start() {
16- DROPBEAR_ARGS="$DROPBEAR_ARGS -R"
17-
18+--- buildroot.orig/package/dropbear/S50dropbear 2016-04-06 20:25:27.751836649 +0100
19++++ buildroot/package/dropbear/S50dropbear 2016-04-06 21:30:16.771836649 +0100
20+@@ -11,6 +11,29 @@
21+
22+ echo -n "Starting dropbear sshd: "
23+ umask 077
24++ # Ensure host keys are changed when instance ID changes
25++ cirros-per instance remove-dropbear-host-keys -- rm -rf /etc/dropbear
26++
27++ # Make sure dropbear directory exists
28++ if [ ! -d /etc/dropbear ]; then
29++ mkdir -p /etc/dropbear
30++ fi
31++
32++ # Regenerate invalid or missing keys
33 + local ktype file
34 + for ktype in rsa dss ecdsa; do
35 + file="/etc/dropbear/dropbear_${ktype}_host_key"
36-+ cirros-per instance dropbear-keygen-$ktype -- \
37++ # -f = input file, -y = validate and print pubkey info
38++ if ! dropbearkey -f "$file" -y &>/dev/null; then
39++ if [ -e "$file" ]; then
40++ echo "Removing invalid key: $file"
41++ rm -f "$file"
42++ fi
43++ # -t = type (dss, rsa, ecdsa), -f = output file
44 + dropbearkey -t "$ktype" -f "$file" >/dev/null 2>&1 ||
45 + echo "WARN: generating key of type $ktype failed!"
46++ fi
47 + done
48- echo -n "Starting dropbear sshd: "
49- umask 077
50 start-stop-daemon -S -q -p /var/run/dropbear.pid \
51+ --exec /usr/sbin/dropbear -- $DROPBEAR_ARGS
52+ [ $? = 0 ] && echo "OK" || echo "FAIL"

Subscribers

People subscribed via source and target branches