'echo -n' is not a POSIX construct (no flag support), we shoud use
'printf', especially in init script.
This patch was generated by the following command line:
git grep -l 'echo -n' -- `git ls-files | grep -v 'patch'` | xargs sed -i 's/echo -n/printf/'
Signed-off-by: Maxime Hadjinlian <maxime.hadjinlian@gmail.com>
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
When the rootfs is read-only, keys will be generated in a volatile
location, which is inherently bad as host keys will change on each boot,
rendering them virtually useless.
Add a warning so the user is at least aware of the issue.
Hide the rm output to avoid noisy output, now that we have a proper warning.
Move the starting message after the symlink-block, to avoid messages
collision. Move the umask as well, since /etc/dropbear/ may be world
readable; just the private host keys should be ?00 (and dropbear handles
that by itself).
[Peter: minor tweaks to commit message]
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Peter Korsgaard <jacmet@uclibc.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Busybox "readlink -f" does not canonicalise paths when the target is
missing, while coreutils do.
Fix that by:
- making an absolute symlink
- dropping "-f" when calling readlink
Fixes#8276.
Reported-by: Jason Tang <tang@jtang.org>
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Paul Cercueil <paul@crapouillou.net>
Cc: Alexandre Belloni <alexandre.belloni@free-electrons.com>
Tested-by: Jason Tang <tang@jtang.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This commit ensures that the /etc/dropbear symlink won't be removed if
it points elsewhere than /var/run/dropbear.
[Thomas:
- fix indentation / too long lines as suggested by Yann E. Morin.]
Signed-off-by: Paul Cercueil <paul@crapouillou.net>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
dropbear generates its keys at the first connection, and wants to save
them in /etc/dropbear (not configurable).
Currently, our /etc/dropbear is a directory.
When the filesystem is read-only, dropbear can't save its keys, so
refuses all connections.
Fix that with:
- at build time, create /etc/dropbear as a symlink to
/var/run/dropbear
- at runtime, if the filesystem is RW (we can rm /etc/dropbear),
we replace the symlink with an actual directory; otherwise,
when the filesystem is RO (we can't rm /etc/dropbear), we create
/var/run/dropbear so the symlink points to an existing directory
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Cc: Arnout Vandecappelle <arnout@mind.be>
Cc: Maxime Hadjinlian <maxime.hadjinlian@gmail.com>
Acked-by: "Maxime Hadjinlian" <maxime.hadjinlian@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
test a == b is not available in e.g. dash.
Command(s) used for editing:
q=\[\"\'\]
operand="${q}?[$]?[a-zA-Z0-9_\?]+${q}?" ## doesn't detect ${VAR}
test_expr="(\[\s+${operand}\s+)==(\s+${operand}\s+\])"
find . -type f -name '[SK][0-9][0-9]*' | \
xargs sed -r -e "s@${test_expr}@\1=\2@g" -i
Signed-off-by: André Erdmann <dywi@mailerd.de>
Acked-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The current SysV startup script create a directory which is necessary
for dropbear to correctly work.
This creation is not done with systemd.
Instead of both init creating the directory, we add the creation of this
directory to the INSTALL_TARGET_CMDS to make sure it's present.
[Peter: use make syntax for TARGET_DIR as pointed out by Thomas]
Signed-off-by: Maxime Hadjinlian <maxime.hadjinlian@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The default port 22 used by dropbear for its SSH connections is not always
desired. Dropbear accepts an option '-p' to set the port, but doing this was
not possible from the buildroot-provided init script.
One way to fix this is by adding a custom S50dropbear in a project-specific
rootfs overlay. However, this approach has the big disadvantage that bug
fixes or improvements in the default init script (i.e. in newer buildroot
releases) are not available (unless you manually port these changes each
time you upgrade buildroot).
Another solution is to modify the default init script from a
project-specific post-build script. However, this is fragile because you'd
have to sed some line but this line may change in later buildroot releases.
Yet another solution is to change the default port at build time, by
patching the options.h header file in the dropbear sources. This was
proposed with a patch [1] before, but not accepted.
This patch implements another solution, hinted from the discussion in [1]:
the default init script now sources a config file /etc/default/dropbear, in
which the user can set the variable DROPBEAR_ARGS. This is similar to the
S81named init script in the bind package. The config file would be added to
a project-specific rootfs overlay, a custom skeleton, or created from a
post-build script.
This approach has the advantage of being simple and non-intrusive, without
any code duplication or fragile script modifications.
[1] http://lists.busybox.net/pipermail/buildroot/2013-November/083165.html
Signed-off-by: Thomas De Schampheleire <thomas.de.schampheleire@gmail.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Bump to version 2013.62 with ECC support.
Switch the initscript to on-demand key generation and add systemd unit
file.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
