From patchwork Tue Nov 19 18:50:00 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: hurrhnn--- via openwrt-devel X-Patchwork-Id: 1197588 X-Patchwork-Delegate: blogic@openwrt.org Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.openwrt.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=lists.openwrt.org Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="hvvg5NUr"; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 47HZf96HDLz9sPW for ; Wed, 20 Nov 2019 05:50:57 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender:Content-Type:Subject: List-Help:Reply-To:List-Archive:List-Unsubscribe:List-Subscribe:Cc:From: List-Post:List-Id:Message-ID:MIME-Version:Date:To:Content-Transfer-Encoding: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Owner; bh=5oT6gCKuyxGTF5HzfMjAp9gsQH2j3/yq6xVvev2+4u8=; b=hvvg5NUrBEfM0oXlw80OboLoUb bgJ9gcrKWe25cMC8JVydNLhlhFRgse1b9cghYIIUy1VWotxnpKa+6nI07ZbhQJzTkObIL20SxCzCX NJTj9YcHyU/Na2hmfWUryGfkuojmAu05uu6OKbvv8zbk8Za0nxAYWGaHApai4y1Idg5qDpVK7lk0A uU1UfEyai4m3DH10RFlekx+d+D6Qm+ccOthr9KrNvpdrNWPSqkM3k5yTZxsO4tB8GoBujL5DVLHE8 8ir70+wpx6OusQvYehWl3VRCzJjQME3w5u8EbQ3Pwu2sGtNGqGofWdhBACthy5dVCypHIz8hg1jYW MGp+dHwA==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1iX8aU-0005Hd-PY; Tue, 19 Nov 2019 18:50:54 +0000 To: openwrt-devel@lists.openwrt.org Date: Tue, 19 Nov 2019 18:50:00 +0000 MIME-Version: 1.0 Message-ID: List-Id: List-Post: X-Patchwork-Original-From: Kyle Copperfield via openwrt-devel From: hurrhnn--- via openwrt-devel Precedence: list Cc: incoming@patchwork.ozlabs.org X-Mailman-Version: 2.1.29 X-BeenThere: openwrt-devel@lists.openwrt.org List-Subscribe: , List-Unsubscribe: , List-Archive: Reply-To: Kyle Copperfield List-Help: Subject: [OpenWrt-Devel] [PATCH v3] dropbear: move failsafe code out of base-files Sender: "openwrt-devel" Errors-To: openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org The sender domain has a DMARC Reject/Quarantine policy which disallows sending mailing list messages using the original "From" header. To mitigate this problem, the original message has been wrapped automatically by the mailing list software. Failsafe code of dropbear should be in the dropbear package not the base-files package. Signed-off-by: Kyle Copperfield --- package/base-files/Makefile | 2 +- package/base-files/files/lib/preinit/99_10_failsafe_login | 6 ------ package/network/services/dropbear/Makefile | 3 ++- package/network/services/dropbear/files/dropbear.failsafe | 8 ++++++++ 4 files changed, 11 insertions(+), 8 deletions(-) create mode 100755 package/network/services/dropbear/files/dropbear.failsafe diff --git a/package/base-files/Makefile b/package/base-files/Makefile index 0ca4d739f3..cf5166772d 100644 --- a/package/base-files/Makefile +++ b/package/base-files/Makefile @@ -12,7 +12,7 @@ include $(INCLUDE_DIR)/version.mk include $(INCLUDE_DIR)/feeds.mk PKG_NAME:=base-files -PKG_RELEASE:=209 +PKG_RELEASE:=210 PKG_FLAGS:=nonshared PKG_FILE_DEPENDS:=$(PLATFORM_DIR)/ $(GENERIC_PLATFORM_DIR)/base-files/ diff --git a/package/base-files/files/lib/preinit/99_10_failsafe_login b/package/base-files/files/lib/preinit/99_10_failsafe_login index 728c63b2e8..16ad84f4ba 100644 --- a/package/base-files/files/lib/preinit/99_10_failsafe_login +++ b/package/base-files/files/lib/preinit/99_10_failsafe_login @@ -2,11 +2,6 @@ # Copyright (C) 2006-2015 OpenWrt.org # Copyright (C) 2010 Vertical Communications -failsafe_netlogin () { - dropbearkey -t rsa -s 1024 -f /tmp/dropbear_failsafe_host_key - dropbear -r /tmp/dropbear_failsafe_host_key <> /dev/null 2>&1 -} - failsafe_shell() { local console="$(sed -e 's/ /\n/g' /proc/cmdline | grep '^console=' | head -1 | sed -e 's/^console=//' -e 's/,.*//')" [ -n "$console" ] || console=console @@ -17,5 +12,4 @@ failsafe_shell() { done & } -boot_hook_add failsafe failsafe_netlogin boot_hook_add failsafe failsafe_shell diff --git a/package/network/services/dropbear/Makefile b/package/network/services/dropbear/Makefile index 75a3264ebb..ec4b355268 100644 --- a/package/network/services/dropbear/Makefile +++ b/package/network/services/dropbear/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=dropbear PKG_VERSION:=2019.78 -PKG_RELEASE:=2 +PKG_RELEASE:=3 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2 PKG_SOURCE_URL:= \ @@ -156,6 +156,7 @@ define Package/dropbear/install $(INSTALL_BIN) ./files/dropbear.init $(1)/etc/init.d/dropbear $(INSTALL_DIR) $(1)/usr/lib/opkg/info $(INSTALL_DIR) $(1)/etc/dropbear + $(INSTALL_DIR) ./files/dropbear.failsafe $(1)/lib/preinit/99_10_failsafe_dropbear $(if $(CONFIG_DROPBEAR_ECC),touch $(1)/etc/dropbear/dropbear_ecdsa_host_key) touch $(1)/etc/dropbear/dropbear_rsa_host_key endef diff --git a/package/network/services/dropbear/files/dropbear.failsafe b/package/network/services/dropbear/files/dropbear.failsafe new file mode 100755 index 0000000000..a98ede459a --- /dev/null +++ b/package/network/services/dropbear/files/dropbear.failsafe @@ -0,0 +1,8 @@ +#!/bin/sh + +failsafe_dropbear () { + dropbearkey -t rsa -s 1024 -f /tmp/dropbear_failsafe_host_key + dropbear -r /tmp/dropbear_failsafe_host_key <> /dev/null 2>&1 +} + +boot_hook_add failsafe failsafe_dropbear