summaryrefslogtreecommitdiff
path: root/package
diff options
context:
space:
mode:
authorPhil Sutter <phil@nwl.cc>2010-04-11 23:37:33 +0200
committerWaldemar Brodkorb <wbx@openadk.org>2010-04-12 20:06:23 +0200
commit0422754bce96ada3b228333f1eb3db8cf11cd862 (patch)
treed36d30530a54f3d26ba3797eed311b744faae74b /package
parenta950c478f8dcebf33a8bb7b5938ac1b5199079f8 (diff)
dropbear: reenable DSS algo support
Tragically, disabling DSS support in order to prevent an error message from showing up at startup (because of missing dss host key) also disables support for pubkey auth using DSS keys. And guess which type mine is. ;) To provide a usable compromise, make dropbear.init generate the formerly missing dss host key. So there won't be any error message, either. Probably this fixes for hosts not being able to authenticate using an RSS host key, too.
Diffstat (limited to 'package')
-rw-r--r--package/dropbear/Makefile4
-rw-r--r--package/dropbear/files/dropbear.init8
-rw-r--r--package/dropbear/patches/patch-options_h11
3 files changed, 11 insertions, 12 deletions
diff --git a/package/dropbear/Makefile b/package/dropbear/Makefile
index 6625cb21c..2ab254cd2 100644
--- a/package/dropbear/Makefile
+++ b/package/dropbear/Makefile
@@ -5,14 +5,14 @@ include $(TOPDIR)/rules.mk
PKG_NAME:= dropbear
PKG_VERSION:= 0.52
-PKG_RELEASE:= 1
+PKG_RELEASE:= 2
PKG_MD5SUM:= 1c69ec674481d7745452f68f2ea5597e
PKG_DESCR:= SSH 2 server/client designed for embedded systems
PKG_SECTION:= net
PKG_URL:= http://matt.ucc.asn.au/dropbear
PKG_SITES:= http://matt.ucc.asn.au/dropbear/releases/
-PKG_DESCR_UTIL:= Utility for converting SSH keys
+PKG_DESCR_UTIL:= Utility for converting SSH private keys
include $(TOPDIR)/mk/package.mk
diff --git a/package/dropbear/files/dropbear.init b/package/dropbear/files/dropbear.init
index 4a7d7a875..9983e943c 100644
--- a/package/dropbear/files/dropbear.init
+++ b/package/dropbear/files/dropbear.init
@@ -27,6 +27,14 @@ start)
test $rv = 0 || exit 1
test -f /etc/dropbear/dropbear_rsa_host_key || exit 1
fi
+ if test ! -f /etc/dropbear/dropbear_dss_host_key; then
+ # take it easy here, since above already catched the worst cases
+ if test -x /usr/bin/dropbearkey; then
+ bothlog "dropbear: generating SSH private key (DSS)"
+ /usr/bin/dropbearkey -f /etc/dropbear/dropbear_dss_host_key -t dss
+ bothlog dropbear: key generation exited with code $?
+ fi
+ fi
/usr/sbin/dropbear $dropbear_flags
;;
stop)
diff --git a/package/dropbear/patches/patch-options_h b/package/dropbear/patches/patch-options_h
index b0903f45d..00914dda2 100644
--- a/package/dropbear/patches/patch-options_h
+++ b/package/dropbear/patches/patch-options_h
@@ -1,6 +1,6 @@
$Id: update-patches 24 2008-08-31 14:56:13Z wbx $
--- dropbear-0.52.orig/options.h 2008-11-11 15:13:50.000000000 +0100
-+++ dropbear-0.52/options.h 2010-01-22 17:55:09.000000000 +0100
++++ dropbear-0.52/options.h 2010-03-14 23:30:26.277667006 +0100
@@ -10,6 +10,11 @@
* parts are to allow for commandline -DDROPBEAR_XXX options etc.
******************************************************************/
@@ -13,15 +13,6 @@ $Id: update-patches 24 2008-08-31 14:56:13Z wbx $
#ifndef DROPBEAR_DEFPORT
#define DROPBEAR_DEFPORT "22"
#endif
-@@ -115,7 +120,7 @@ etc) slower (perhaps by 50%). Recommende
- * Removing either of these won't save very much space.
- * SSH2 RFC Draft requires dss, recommends rsa */
- #define DROPBEAR_RSA
--#define DROPBEAR_DSS
-+/* #define DROPBEAR_DSS */
-
- /* RSA can be vulnerable to timing attacks which use the time required for
- * signing to guess the private key. Blinding avoids this attack, though makes
@@ -129,7 +134,7 @@ etc) slower (perhaps by 50%). Recommende
/* #define DSS_PROTOK */