From patchwork Sat Nov 9 04:05:51 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Thomas Richard via openwrt-devel X-Patchwork-Id: 1192366 X-Patchwork-Delegate: blogic@openwrt.org Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.openwrt.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=lists.openwrt.org Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="LsQ6iOoC"; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4793VB5XHjz9sP4 for ; Sat, 9 Nov 2019 15:06:26 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender:Content-Type:Subject: List-Help:Reply-To:List-Archive:List-Unsubscribe:List-Subscribe:From: List-Post:List-Id:Message-ID:MIME-Version:Date:To:Cc: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To: References:List-Owner; bh=yufzP809/DNg1LBwge9hAA7HxkvmT+Gm0VqhVfbloc4=; b=LsQ 6iOoCxf1yMs9QEMmUdOcxrM//vwAZDuDIhZPw62ka9e0FqDwnwX54Oe2f+MJy1GzS17hhIB/y8JIo 3Ll/g5BiglZuZ/7tVS0skYFm+oXVi2Y448L7RxyjRpxS6Ifk9ELHuUKHck2tNU1hMtiI/i2ZxP3Sv wKTB/Bm42ZHb3oMimQXHybCEhnm1EQ44L1NgXym24iFbgx08s08ppQ+p912d3McI0YM5xH8q3FNo4 Pd6QvmhpxDPvGS40SHbWDEWdtvbuMA+aAoBjcpi/0iMjmGDhuEVdPhXimCgN6inzKcjP5rFCSAJEF HvIifH2stTA7EVRF038J0/J5TQ/vu8Q==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1iTI10-0000md-Gz; Sat, 09 Nov 2019 04:06:22 +0000 To: openwrt-devel@lists.openwrt.org Date: Fri, 8 Nov 2019 20:05:51 -0800 MIME-Version: 1.0 Message-ID: List-Id: List-Post: X-Patchwork-Original-From: Kyle Copperfield via openwrt-devel From: Thomas Richard via openwrt-devel Precedence: list X-Mailman-Version: 2.1.29 X-BeenThere: openwrt-devel@lists.openwrt.org List-Subscribe: , List-Unsubscribe: , List-Archive: Reply-To: Kyle Copperfield List-Help: Subject: [OpenWrt-Devel] [PATCH v2] dropbear: move failsafe code out of base-files Sender: "openwrt-devel" Errors-To: openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org The sender domain has a DMARC Reject/Quarantine policy which disallows sending mailing list messages using the original "From" header. To mitigate this problem, the original message has been wrapped automatically by the mailing list software. Move dropbear failsafe code out of base-files and into dropbear where it should be. Signed-off-by: Kyle Copperfield --- package/base-files/Makefile | 2 +- package/base-files/files/lib/preinit/99_10_failsafe_login | 6 ------ package/network/services/dropbear/Makefile | 3 ++- package/network/services/dropbear/files/dropbear.failsafe | 8 ++++++++ 4 files changed, 11 insertions(+), 8 deletions(-) create mode 100755 package/network/services/dropbear/files/dropbear.failsafe diff --git a/package/base-files/Makefile b/package/base-files/Makefile index addbac8664..5c121ace24 100644 --- a/package/base-files/Makefile +++ b/package/base-files/Makefile @@ -12,7 +12,7 @@ include $(INCLUDE_DIR)/version.mk include $(INCLUDE_DIR)/feeds.mk PKG_NAME:=base-files -PKG_RELEASE:=206 +PKG_RELEASE:=207 PKG_FLAGS:=nonshared PKG_FILE_DEPENDS:=$(PLATFORM_DIR)/ $(GENERIC_PLATFORM_DIR)/base-files/ diff --git a/package/base-files/files/lib/preinit/99_10_failsafe_login b/package/base-files/files/lib/preinit/99_10_failsafe_login index 728c63b2e8..16ad84f4ba 100644 --- a/package/base-files/files/lib/preinit/99_10_failsafe_login +++ b/package/base-files/files/lib/preinit/99_10_failsafe_login @@ -2,11 +2,6 @@ # Copyright (C) 2006-2015 OpenWrt.org # Copyright (C) 2010 Vertical Communications -failsafe_netlogin () { - dropbearkey -t rsa -s 1024 -f /tmp/dropbear_failsafe_host_key - dropbear -r /tmp/dropbear_failsafe_host_key <> /dev/null 2>&1 -} - failsafe_shell() { local console="$(sed -e 's/ /\n/g' /proc/cmdline | grep '^console=' | head -1 | sed -e 's/^console=//' -e 's/,.*//')" [ -n "$console" ] || console=console @@ -17,5 +12,4 @@ failsafe_shell() { done & } -boot_hook_add failsafe failsafe_netlogin boot_hook_add failsafe failsafe_shell diff --git a/package/network/services/dropbear/Makefile b/package/network/services/dropbear/Makefile index 75a3264ebb..ec4b355268 100644 --- a/package/network/services/dropbear/Makefile +++ b/package/network/services/dropbear/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=dropbear PKG_VERSION:=2019.78 -PKG_RELEASE:=2 +PKG_RELEASE:=3 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2 PKG_SOURCE_URL:= \ @@ -156,6 +156,7 @@ define Package/dropbear/install $(INSTALL_BIN) ./files/dropbear.init $(1)/etc/init.d/dropbear $(INSTALL_DIR) $(1)/usr/lib/opkg/info $(INSTALL_DIR) $(1)/etc/dropbear + $(INSTALL_DIR) ./files/dropbear.failsafe $(1)/lib/preinit/99_10_failsafe_dropbear $(if $(CONFIG_DROPBEAR_ECC),touch $(1)/etc/dropbear/dropbear_ecdsa_host_key) touch $(1)/etc/dropbear/dropbear_rsa_host_key endef diff --git a/package/network/services/dropbear/files/dropbear.failsafe b/package/network/services/dropbear/files/dropbear.failsafe new file mode 100755 index 0000000000..a98ede459a --- /dev/null +++ b/package/network/services/dropbear/files/dropbear.failsafe @@ -0,0 +1,8 @@ +#!/bin/sh + +failsafe_dropbear () { + dropbearkey -t rsa -s 1024 -f /tmp/dropbear_failsafe_host_key + dropbear -r /tmp/dropbear_failsafe_host_key <> /dev/null 2>&1 +} + +boot_hook_add failsafe failsafe_dropbear