CirrOS

Merge lp:~hughsaunders/cirros/dropbearkey into lp:cirros

  1. dropbearkey
  2. Merge into trunk
Proposed by Scott Moser
Status: Rejected
Rejected by: Scott Moser
Proposed branch: lp:~hughsaunders/cirros/dropbearkey
Merge into: lp:cirros
Diff against target: 52 lines (+25/-13)
1 file modified
patches-buildroot/dropbear-init-generate-keys.patch (+25/-13)
To merge this branch: bzr merge lp:~hughsaunders/cirros/dropbearkey
Reviewer Review Type Date Requested Status
Scott Moser Approve
Review via email: mp+290888@code.launchpad.net
To post a comment you must log in.
Revision history for this message
Scott Moser (smoser) wrote :

using cirros-per is desirable here, we do want to re-generate keys for a new instance and you're dropping that here.

maybe something like:

how_often="instance"
# -f = file, -t = type (rsa or dss), -y = print public key (and check)
if [ -e "$file" ] && ! dropbearkey -f "$file" -y; then
  how_often="always"
  rm -f "$file"
  echo "WARN: removing invalid $file"
fi
cirros-per "$how_often" ...

Revision history for this message
Scott Moser (smoser) wrote :

this looks good, i just need to pull it.

review: Approve
Revision history for this message
Scott Moser (smoser) wrote :

rejected in favor of the Hugh's now-merged branch at lp:~hughsaunders/cirros/dropbearinit
https://code.launchpad.net/~hughsaunders/cirros/dropbearinit/+merge/291895

Unmerged revisions

364. By <email address hidden>

Replace invalid keys on dropbear init.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
=== modified file 'patches-buildroot/dropbear-init-generate-keys.patch'
--- patches-buildroot/dropbear-init-generate-keys.patch 2015-05-28 01:28:20 +0000
+++ patches-buildroot/dropbear-init-generate-keys.patch 2016-04-06 20:39:02 +0000
@@ -5,23 +5,35 @@
5generated ahead of time so that we can log them.5generated ahead of time so that we can log them.
6Index: buildroot/package/dropbear/S50dropbear6Index: buildroot/package/dropbear/S50dropbear
7===================================================================7===================================================================
8--- buildroot.orig/package/dropbear/S50dropbear 2014-09-01 11:20:56.000000000 +00008--- buildroot.orig/package/dropbear/S50dropbear 2016-04-06 20:25:27.751836649 +0100
9+++ buildroot/package/dropbear/S50dropbear 2014-09-16 19:29:54.320096000 +00009+++ buildroot/package/dropbear/S50dropbear 2016-04-06 21:30:16.771836649 +0100
10@@ -6,9 +6,17 @@10@@ -11,6 +11,29 @@
11 # Allow a few customizations from a config file11
12 test -r /etc/default/dropbear && . /etc/default/dropbear12 echo -n "Starting dropbear sshd: "
13 13 umask 077
14+DROPBEAR_KEYTYPES="rsa dss ecc"14+ # Ensure host keys are changed when instance ID changes
15 start() {15+ cirros-per instance remove-dropbear-host-keys -- rm -rf /etc/dropbear
16 DROPBEAR_ARGS="$DROPBEAR_ARGS -R"16+
17 17+ # Make sure dropbear directory exists
18+ if [ ! -d /etc/dropbear ]; then
19+ mkdir -p /etc/dropbear
20+ fi
21+
22+ # Regenerate invalid or missing keys
18+ local ktype file23+ local ktype file
19+ for ktype in rsa dss ecdsa; do24+ for ktype in rsa dss ecdsa; do
20+ file="/etc/dropbear/dropbear_${ktype}_host_key"25+ file="/etc/dropbear/dropbear_${ktype}_host_key"
21+ cirros-per instance dropbear-keygen-$ktype -- \26+ # -f = input file, -y = validate and print pubkey info
27+ if ! dropbearkey -f "$file" -y &>/dev/null; then
28+ if [ -e "$file" ]; then
29+ echo "Removing invalid key: $file"
30+ rm -f "$file"
31+ fi
32+ # -t = type (dss, rsa, ecdsa), -f = output file
22+ dropbearkey -t "$ktype" -f "$file" >/dev/null 2>&1 ||33+ dropbearkey -t "$ktype" -f "$file" >/dev/null 2>&1 ||
23+ echo "WARN: generating key of type $ktype failed!"34+ echo "WARN: generating key of type $ktype failed!"
35+ fi
24+ done36+ done
25 echo -n "Starting dropbear sshd: "
26 umask 077
27 start-stop-daemon -S -q -p /var/run/dropbear.pid \37 start-stop-daemon -S -q -p /var/run/dropbear.pid \
38 --exec /usr/sbin/dropbear -- $DROPBEAR_ARGS
39 [ $? = 0 ] && echo "OK" || echo "FAIL"

Subscribers

People subscribed via source and target branches