commit: 64242cfcdca6d70e7aefaab7e424ad818d701e54
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Sat Jun 20 02:02:58 2020 +0000
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Sat Jun 20 02:02:58 2020 +0000
URL: https://gitweb.gentoo.org/proj/genkernel.git/commit/?id=64242cfc
gen_initramfs.sh: append_dropbear(): Add support for ed25519 host keys
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>
gen_funcs.sh | 3 +++
gen_initramfs.sh | 17 +++++++++++++++--
2 files changed, 18 insertions(+), 2 deletions(-)
diff --git a/gen_funcs.sh b/gen_funcs.sh
index 1297732..eaba05a 100755
--- a/gen_funcs.sh
+++ b/gen_funcs.sh
@@ -789,6 +789,9 @@ dropbear_get_key_type_from_filename() {
*_ecdsa_*)
type=ecdsa
;;
+ *_ed25519_*)
+ type=ed25519
+ ;;
*_rsa_*)
type=rsa
;;
diff --git a/gen_initramfs.sh b/gen_initramfs.sh
index 651bfbf..fd9583b 100755
--- a/gen_initramfs.sh
+++ b/gen_initramfs.sh
@@ -1180,6 +1180,12 @@ append_dropbear() {
missing_ssh_host_keys=yes
fi
+ if [ ! -f "/etc/ssh/ssh_host_ed25519_key" ]
+ then
+ print_info 3 "$(get_indent 2)${PN}: >> SSH host
key '/etc/ssh/ssh_host_ed25519_key' is missing!"
+ missing_ssh_host_keys=yes
+ fi
+
if isTrue "${missing_ssh_host_keys}"
then
# Should only happen when installing a new
system ...
@@ -1190,6 +1196,7 @@ append_dropbear() {
local -a required_dropbear_host_keys=(
/etc/dropbear/dropbear_ecdsa_host_key
+ /etc/dropbear/dropbear_ed25519_host_key
/etc/dropbear/dropbear_rsa_host_key
)
@@ -1218,6 +1225,12 @@ append_dropbear() {
then
print_info 1 "$(get_indent 2)${PN}: >>
Dropbear host key '${required_key}' exists but is older than
'/etc/ssh/ssh_host_ecdsa_key'; Removing to force update due to
--ssh-host-key=create-from-host ..."
rm "${required_key}" || gen_die "Failed
to remove outdated '${required_key}' file!"
+ elif [[ "${SSH_HOST_KEYS}" ==
'create-from-host' ]] \
+ && [[ "${required_key}" == *_ed25519_*
]] \
+ && [[ "${required_key}" -ot
"/etc/ssh/ssh_host_ed25519_key" ]]
+ then
+ print_info 1 "$(get_indent 2)${PN}: >>
Dropbear host key '${required_key}' exists but is older than
'/etc/ssh/ssh_host_ed25519_key'; Removing to force update due to
--ssh-host-key=create-from-host ..."
+ rm "${required_key}" || gen_die "Failed
to remove outdated '${required_key}' file!"
else
print_info 3 "$(get_indent 2)${PN}: >>
Dropbear host key '${required_key}' exists!"
unset required_dropbear_host_keys[${i}]
@@ -1261,8 +1274,8 @@ append_dropbear() {
print_info 2 "$(get_indent 2)${PN}: >> Using existing
dropbear host keys from /etc/dropbear ..."
fi
- cp -aL --target-directory "${initramfs_dropbear_dir}"
/etc/dropbear/{dropbear_rsa_host_key,dropbear_ecdsa_host_key} \
- || gen_die "Failed to copy
'/etc/dropbear/{dropbear_rsa_host_key,dropbear_ecdsa_host_key}'"
+ cp -aL --target-directory "${initramfs_dropbear_dir}"
/etc/dropbear/dropbear_{rsa,ecdsa,ed25519}_host_key \
+ || gen_die "Failed to copy
'/etc/dropbear/dropbear_{rsa,ecdsa,ed25519}_host_key'"
# Try to show embedded dropbear host key details for security
reasons.
# We do it that complicated to get common used formats.
