diff options
Diffstat (limited to 'meta-phosphor/common/recipes-core')
2 files changed, 47 insertions, 1 deletions
diff --git a/meta-phosphor/common/recipes-core/dropbear/dropbear/0001-Only-load-dropbear-default-host-keys-if-a-key-is-not.patch b/meta-phosphor/common/recipes-core/dropbear/dropbear/0001-Only-load-dropbear-default-host-keys-if-a-key-is-not.patch new file mode 100644 index 000000000..e32baec83 --- /dev/null +++ b/meta-phosphor/common/recipes-core/dropbear/dropbear/0001-Only-load-dropbear-default-host-keys-if-a-key-is-not.patch @@ -0,0 +1,42 @@ +From 95eff1ca0beea55259c2cdc7f1bb9f930bf57bc8 Mon Sep 17 00:00:00 2001 +From: CamVan Nguyen <ctnguyen@us.ibm.com> +Date: Tue, 13 Feb 2018 15:37:47 -0600 +Subject: [PATCH 1/1] Only load dropbear default host keys if a key is not + specified + +--- + svr-runopts.c | 10 +++++++--- + 1 file changed, 7 insertions(+), 3 deletions(-) + +diff --git a/svr-runopts.c b/svr-runopts.c +index 8f60059..c5c2148 100644 +--- a/svr-runopts.c ++++ b/svr-runopts.c +@@ -488,17 +488,21 @@ void load_all_hostkeys() { + m_free(hostkey_file); + } + ++ /* Only load default host keys if a host key is not specified by the ++ * user */ ++ if (0 == svr_opts.num_hostkey_files) { + #ifdef DROPBEAR_RSA +- loadhostkey(RSA_PRIV_FILENAME, 0); ++ loadhostkey(RSA_PRIV_FILENAME, 0); + #endif + + #ifdef DROPBEAR_DSS +- loadhostkey(DSS_PRIV_FILENAME, 0); ++ loadhostkey(DSS_PRIV_FILENAME, 0); + #endif + + #ifdef DROPBEAR_ECDSA +- loadhostkey(ECDSA_PRIV_FILENAME, 0); ++ loadhostkey(ECDSA_PRIV_FILENAME, 0); + #endif ++ } + + #ifdef DROPBEAR_DELAY_HOSTKEY + if (svr_opts.delay_hostkey) { +-- +1.8.2.2 + diff --git a/meta-phosphor/common/recipes-core/dropbear/dropbear_%.bbappend b/meta-phosphor/common/recipes-core/dropbear/dropbear_%.bbappend index 51a98d424..165a19e44 100644 --- a/meta-phosphor/common/recipes-core/dropbear/dropbear_%.bbappend +++ b/meta-phosphor/common/recipes-core/dropbear/dropbear_%.bbappend @@ -1,7 +1,11 @@ inherit obmc-phosphor-discovery-service +# 0001-Only-load-dropbear-default-host-keys-if-a-key-is-not.patch +# has been upstreamed. This patch can be removed once we upgrade +# to yocto 2.5 or later which will pull in the latest dropbear code. FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:" SRC_URI += "file://dropbearkey.service \ - file://0001-dropbear-Add-c-command-option-to-force-a-specific-co.patch" + file://0001-dropbear-Add-c-command-option-to-force-a-specific-co.patch \ + file://0001-Only-load-dropbear-default-host-keys-if-a-key-is-not.patch" REGISTERED_SERVICES_${PN} += "ssh:tcp:22 sftp:tcp:22" |