dropbear: drop support for DSA host keys in dropbear init script

Bring the dropbear init script into sync with the systemd service file (dropbearkey.service supports RSA host keys only) and with recent versions of openssh which deprecate DSA host keys. https://www.gentoo.org/support/news-items/2015-08-13-openssh-weak-keys.html (From OE-Core rev: 6bd7341a38a8bb5387ea81dbccfed327370569f3) Signed-off-by: Andre McCurdy <armccurdy@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Andre McCurdy <armccurdy@gmail.com> 2017-03-06 17:42:25 -0800
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2017-03-10 14:50:10 +0000
commit: 5ccea3e02a3800dd0e6e41d80fb20b02035133da (patch)
tree: 508634c2ee4e5db066eb44b4b458f8af7e02fce2
parent: 3f3ced499c3be21e48abde2387d45133684702ca (diff)
download: poky-5ccea3e02a3800dd0e6e41d80fb20b02035133da.tar.gz
1 files changed, 6 insertions, 30 deletions
diff --git a/meta/recipes-core/dropbear/dropbear/init b/meta/recipes-core/dropbear/dropbear/init
index 434bd6b971..f6e1c462fa 100755
--- a/meta/recipes-core/dropbear/dropbear/init
+++ b/meta/recipes-core/dropbear/dropbear/init
@@ -40,49 +40,28 @@ done
 if [ $readonly_rootfs = "1" ]; then
  mkdir -p /var/lib/dropbear
  DROPBEAR_RSAKEY_DEFAULT="/var/lib/dropbear/dropbear_rsa_host_key"
-  DROPBEAR_DSSKEY_DEFAULT="/var/lib/dropbear/dropbear_dss_host_key"
 else
  DROPBEAR_RSAKEY_DEFAULT="/etc/dropbear/dropbear_rsa_host_key"
-  DROPBEAR_DSSKEY_DEFAULT="/etc/dropbear/dropbear_dss_host_key"
 fi
 test -z "$DROPBEAR_BANNER" || \
  DROPBEAR_EXTRA_ARGS="$DROPBEAR_EXTRA_ARGS -b $DROPBEAR_BANNER"
 test -n "$DROPBEAR_RSAKEY" || \
  DROPBEAR_RSAKEY=$DROPBEAR_RSAKEY_DEFAULT
-test -n "$DROPBEAR_DSSKEY" || \
-  DROPBEAR_DSSKEY=$DROPBEAR_DSSKEY_DEFAULT
-test -n "$DROPBEAR_KEYTYPES" || \
-  DROPBEAR_KEYTYPES="rsa"
 gen_keys() {
-for t in $DROPBEAR_KEYTYPES; do
+    if [ -f "$DROPBEAR_RSAKEY" -a ! -s "$DROPBEAR_RSAKEY" ]; then
-  case $t in
+        rm $DROPBEAR_RSAKEY || true
-    rsa)
+    fi
-        if [ -f "$DROPBEAR_RSAKEY" -a ! -s "$DROPBEAR_RSAKEY" ]; then
+    test -f $DROPBEAR_RSAKEY || dropbearkey -t rsa -f $DROPBEAR_RSAKEY $DROPBEAR_RSAKEY_ARGS
-                rm $DROPBEAR_RSAKEY || true
-        fi
-        test -f $DROPBEAR_RSAKEY || dropbearkey -t rsa -f $DROPBEAR_RSAKEY $DROPBEAR_RSAKEY_ARGS
-        ;;
-    dsa)
-        if [ -f "$DROPBEAR_DSSKEY" -a ! -s "$DROPBEAR_DSSKEY" ]; then
-                rm $DROPBEAR_DSSKEY || true
-        fi
-        test -f $DROPBEAR_DSSKEY || dropbearkey -t dss -f $DROPBEAR_DSSKEY $DROPBEAR_DSSKEY_ARGS
-        ;;
-  esac
-done
 }
 case "$1" in
  start)
        echo -n "Starting $DESC: "
        gen_keys
-        KEY_ARGS=""
-        test -f $DROPBEAR_DSSKEY && KEY_ARGS="$KEY_ARGS -d $DROPBEAR_DSSKEY"
-        test -f $DROPBEAR_RSAKEY && KEY_ARGS="$KEY_ARGS -r $DROPBEAR_RSAKEY"
        start-stop-daemon -S -p $PIDFILE \
-          -x "$DAEMON" -- $KEY_ARGS \
+          -x "$DAEMON" -- -r $DROPBEAR_RSAKEY \
            -p "$DROPBEAR_PORT" $DROPBEAR_EXTRA_ARGS
        echo "$NAME."
        ;;
@@ -95,11 +74,8 @@ case "$1" in
        echo -n "Restarting $DESC: "
        start-stop-daemon -K -x "$DAEMON" -p $PIDFILE
        sleep 1
-        KEY_ARGS=""
-        test -f $DROPBEAR_DSSKEY && KEY_ARGS="$KEY_ARGS -d $DROPBEAR_DSSKEY"
-        test -f $DROPBEAR_RSAKEY && KEY_ARGS="$KEY_ARGS -r $DROPBEAR_RSAKEY"
        start-stop-daemon -S -p $PIDFILE \
-          -x "$DAEMON" -- $KEY_ARGS \
+          -x "$DAEMON" -- -r $DROPBEAR_RSAKEY \
            -p "$DROPBEAR_PORT" $DROPBEAR_EXTRA_ARGS
        echo "$NAME."
        ;;
author	Andre McCurdy <armccurdy@gmail.com>	2017-03-06 17:42:25 -0800
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2017-03-10 14:50:10 +0000
commit	5ccea3e02a3800dd0e6e41d80fb20b02035133da (patch)
tree	508634c2ee4e5db066eb44b4b458f8af7e02fce2
parent	3f3ced499c3be21e48abde2387d45133684702ca (diff)
download	poky-5ccea3e02a3800dd0e6e41d80fb20b02035133da.tar.gz