From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 1CE2713835A for ; Sat, 20 Jun 2020 02:17:16 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 24063E0833; Sat, 20 Jun 2020 02:17:15 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 0AFC4E0833 for ; Sat, 20 Jun 2020 02:17:14 +0000 (UTC) Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 7B9E334F095 for ; Sat, 20 Jun 2020 02:17:13 +0000 (UTC) Received: from localhost.localdomain (localhost [IPv6:::1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id E677A2AB for ; Sat, 20 Jun 2020 02:17:11 +0000 (UTC) From: "Thomas Deutschmann" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Thomas Deutschmann" Message-ID: <1592618578.64242cfcdca6d70e7aefaab7e424ad818d701e54.whissi@gentoo> Subject: [gentoo-commits] proj/genkernel:master commit in: / X-VCS-Repository: proj/genkernel X-VCS-Files: gen_funcs.sh gen_initramfs.sh X-VCS-Directories: / X-VCS-Committer: whissi X-VCS-Committer-Name: Thomas Deutschmann X-VCS-Revision: 64242cfcdca6d70e7aefaab7e424ad818d701e54 X-VCS-Branch: master Date: Sat, 20 Jun 2020 02:17:11 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply X-Archives-Salt: f9f34658-62bf-496f-8f0f-68b60f4cc2dc X-Archives-Hash: 7ae83ee4ac5dc90932273e7b0e352eb4 commit: 64242cfcdca6d70e7aefaab7e424ad818d701e54 Author: Thomas Deutschmann gentoo org> AuthorDate: Sat Jun 20 02:02:58 2020 +0000 Commit: Thomas Deutschmann gentoo org> CommitDate: Sat Jun 20 02:02:58 2020 +0000 URL: https://gitweb.gentoo.org/proj/genkernel.git/commit/?id=64242cfc gen_initramfs.sh: append_dropbear(): Add support for ed25519 host keys Signed-off-by: Thomas Deutschmann gentoo.org> gen_funcs.sh | 3 +++ gen_initramfs.sh | 17 +++++++++++++++-- 2 files changed, 18 insertions(+), 2 deletions(-) diff --git a/gen_funcs.sh b/gen_funcs.sh index 1297732..eaba05a 100755 --- a/gen_funcs.sh +++ b/gen_funcs.sh @@ -789,6 +789,9 @@ dropbear_get_key_type_from_filename() { *_ecdsa_*) type=ecdsa ;; + *_ed25519_*) + type=ed25519 + ;; *_rsa_*) type=rsa ;; diff --git a/gen_initramfs.sh b/gen_initramfs.sh index 651bfbf..fd9583b 100755 --- a/gen_initramfs.sh +++ b/gen_initramfs.sh @@ -1180,6 +1180,12 @@ append_dropbear() { missing_ssh_host_keys=yes fi + if [ ! -f "/etc/ssh/ssh_host_ed25519_key" ] + then + print_info 3 "$(get_indent 2)${PN}: >> SSH host key '/etc/ssh/ssh_host_ed25519_key' is missing!" + missing_ssh_host_keys=yes + fi + if isTrue "${missing_ssh_host_keys}" then # Should only happen when installing a new system ... @@ -1190,6 +1196,7 @@ append_dropbear() { local -a required_dropbear_host_keys=( /etc/dropbear/dropbear_ecdsa_host_key + /etc/dropbear/dropbear_ed25519_host_key /etc/dropbear/dropbear_rsa_host_key ) @@ -1218,6 +1225,12 @@ append_dropbear() { then print_info 1 "$(get_indent 2)${PN}: >> Dropbear host key '${required_key}' exists but is older than '/etc/ssh/ssh_host_ecdsa_key'; Removing to force update due to --ssh-host-key=create-from-host ..." rm "${required_key}" || gen_die "Failed to remove outdated '${required_key}' file!" + elif [[ "${SSH_HOST_KEYS}" == 'create-from-host' ]] \ + && [[ "${required_key}" == *_ed25519_* ]] \ + && [[ "${required_key}" -ot "/etc/ssh/ssh_host_ed25519_key" ]] + then + print_info 1 "$(get_indent 2)${PN}: >> Dropbear host key '${required_key}' exists but is older than '/etc/ssh/ssh_host_ed25519_key'; Removing to force update due to --ssh-host-key=create-from-host ..." + rm "${required_key}" || gen_die "Failed to remove outdated '${required_key}' file!" else print_info 3 "$(get_indent 2)${PN}: >> Dropbear host key '${required_key}' exists!" unset required_dropbear_host_keys[${i}] @@ -1261,8 +1274,8 @@ append_dropbear() { print_info 2 "$(get_indent 2)${PN}: >> Using existing dropbear host keys from /etc/dropbear ..." fi - cp -aL --target-directory "${initramfs_dropbear_dir}" /etc/dropbear/{dropbear_rsa_host_key,dropbear_ecdsa_host_key} \ - || gen_die "Failed to copy '/etc/dropbear/{dropbear_rsa_host_key,dropbear_ecdsa_host_key}'" + cp -aL --target-directory "${initramfs_dropbear_dir}" /etc/dropbear/dropbear_{rsa,ecdsa,ed25519}_host_key \ + || gen_die "Failed to copy '/etc/dropbear/dropbear_{rsa,ecdsa,ed25519}_host_key'" # Try to show embedded dropbear host key details for security reasons. # We do it that complicated to get common used formats.