Code Review / packages / trusty / cirros-testvm.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | inline | side by side
The cirros image was rebuilt against the 3.13.0-83 kernel, drivers e1000e, igbvf...
[packages/trusty/cirros-testvm.git] / cirros-testvm / src-cirros / patches-buildroot / dropbear-init-generate-keys.patch
diff --git a/cirros-testvm/src-cirros/patches-buildroot/dropbear-init-generate-keys.patch b/cirros-testvm/src-cirros/patches-buildroot/dropbear-init-generate-keys.patch
new file mode 100644 (file)
index 0000000..ca8927b
--- /dev/null
+++ b/cirros-testvm/src-cirros/patches-buildroot/dropbear-init-generate-keys.patch
@@ -0,0 +1,27 @@
+generate keys in dropbear sysvinit script
+
+buildroot upstream now uses '-R' to get their keys generated
+which is to generate them on the fly.  We'd rather they're explicitly
+generated ahead of time so that we can log them.
+Index: buildroot/package/dropbear/S50dropbear
+===================================================================
+--- buildroot.orig/package/dropbear/S50dropbear        2014-09-01 11:20:56.000000000 +0000
++++ buildroot/package/dropbear/S50dropbear     2014-09-16 19:29:54.320096000 +0000
+@@ -6,9 +6,17 @@
+ # Allow a few customizations from a config file
+ test -r /etc/default/dropbear && . /etc/default/dropbear
++DROPBEAR_KEYTYPES="rsa dss ecc"
+ start() {
+       DROPBEAR_ARGS="$DROPBEAR_ARGS -R"
++      local ktype file
++      for ktype in rsa dss ecdsa; do
++              file="/etc/dropbear/dropbear_${ktype}_host_key"
++              cirros-per instance dropbear-keygen-$ktype -- \
++                      dropbearkey -t "$ktype" -f "$file" >/dev/null 2>&1 ||
++              echo "WARN: generating key of type $ktype failed!"
++      done
+       echo -n "Starting dropbear sshd: "
+       umask 077
+       start-stop-daemon -S -q -p /var/run/dropbear.pid \