This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".
The branch, next has been updated
via 2af817938546f4994967a171cc35ff3460ebdfef (commit)
via 167e6ec7a8d68f1c87833d77e2e290230c0399e0 (commit)
from a20395a645d73a74825693e8d9cbb411a5b3cfcf (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 2af817938546f4994967a171cc35ff3460ebdfef
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Sat Feb 1 16:46:22 2014 +0100
rngd: Mix-in RDRAND and reload for HWRNGs added at runtime.
commit 167e6ec7a8d68f1c87833d77e2e290230c0399e0
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Sat Feb 1 16:15:10 2014 +0100
openssh: Update to 6.5p1.
Adds support for ed25519.
-----------------------------------------------------------------------
Summary of changes:
config/rootfiles/common/openssh | 2 ++
config/rootfiles/common/udev | 1 +
.../{oldcore/36 => core/76}/filelists/openssh | 0
config/udev/90-hwrng.rules | 1 +
lfs/openssh | 4 +--
lfs/udev | 4 +++
src/initscripts/init.d/rngd | 18 +++++++++++---
src/initscripts/init.d/sshd | 29 ++++++++++++++++------
8 files changed, 47 insertions(+), 12 deletions(-)
copy config/rootfiles/{oldcore/36 => core/76}/filelists/openssh (100%)
create mode 100644 config/udev/90-hwrng.rules
Difference in files:
diff --git a/config/rootfiles/common/openssh b/config/rootfiles/common/openssh
index 6737b6c..1b6ded3 100644
--- a/config/rootfiles/common/openssh
+++ b/config/rootfiles/common/openssh
@@ -5,6 +5,8 @@ etc/ssh/ssh_config
#etc/ssh/ssh_host_dsa_key.pub
#etc/ssh/ssh_host_ecdsa_key
#etc/ssh/ssh_host_ecdsa_key.pub
+#etc/ssh/ssh_host_ed25519_key
+#etc/ssh/ssh_host_ed25519_key.pub
#etc/ssh/ssh_host_key
#etc/ssh/ssh_host_key.pub
#etc/ssh/ssh_host_rsa_key
diff --git a/config/rootfiles/common/udev b/config/rootfiles/common/udev
index 3b9979b..bc1cdaa 100644
--- a/config/rootfiles/common/udev
+++ b/config/rootfiles/common/udev
@@ -51,6 +51,7 @@ lib/udev
#lib/udev/rules.d/78-sound-card.rules
#lib/udev/rules.d/80-drivers.rules
#lib/udev/rules.d/80-net-name-slot.rules
+#lib/udev/rules.d/90-hwrng.rules
#lib/udev/rules.d/95-udev-late.rules
#lib/udev/rules.d/99-codel.rules
#lib/udev/scsi_id
diff --git a/config/rootfiles/core/76/filelists/openssh b/config/rootfiles/core/76/filelists/openssh
new file mode 120000
index 0000000..d8c77fd
--- /dev/null
+++ b/config/rootfiles/core/76/filelists/openssh
@@ -0,0 +1 @@
+../../../common/openssh
\ No newline at end of file
diff --git a/config/udev/90-hwrng.rules b/config/udev/90-hwrng.rules
new file mode 100644
index 0000000..a939790
--- /dev/null
+++ b/config/udev/90-hwrng.rules
@@ -0,0 +1 @@
+ACTION=="add|remove", KERNEL=="hw_random", RUN+="/etc/rc.d/init.d/rngd udev-event"
diff --git a/lfs/openssh b/lfs/openssh
index 17772c1..d651162 100644
--- a/lfs/openssh
+++ b/lfs/openssh
@@ -24,7 +24,7 @@
include Config
-VER = 6.4p1
+VER = 6.5p1
THISAPP = openssh-$(VER)
DL_FILE = $(THISAPP).tar.gz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = a62b88b884df0b09b8a8c5789ac9e51b
+$(DL_FILE)_MD5 = a084e7272b8cbd25afe0f5dce4802fef
install : $(TARGET)
diff --git a/lfs/udev b/lfs/udev
index d034993..fdf8bf2 100644
--- a/lfs/udev
+++ b/lfs/udev
@@ -108,6 +108,10 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
install -v -m 644 $(DIR_SRC)/config/udev/25-alsa.rules \
/lib/udev/rules.d
+ # Install hwrng rules.
+ install -v -m 644 $(DIR_SRC)/config/udev/90-hwrng.rules \
+ /lib/udev/rules.d
+
# Install codel rules.
install -v -m 644 $(DIR_SRC)/config/udev/99-codel.rules \
/lib/udev/rules.d
diff --git a/src/initscripts/init.d/rngd b/src/initscripts/init.d/rngd
index cc1c10d..22437fd 100644
--- a/src/initscripts/init.d/rngd
+++ b/src/initscripts/init.d/rngd
@@ -11,16 +11,24 @@
. /etc/sysconfig/rc
. ${rc_functions}
+function has_rdrand() {
+ grep -q "rdrand" /proc/cpuinfo
+}
+
+function has_hwrng() {
+ [ -e "/dev/hwrng" ]
+}
+
case "${1}" in
start)
- if [ ! -e "/dev/hwrng" ]; then
- boot_mesg "No Hardware Random Number Generator found..." ${WARNING}
+ if ! has_hwrng && ! has_rdrand; then
+ boot_mesg "No Hardware Random Number Generator found..."
echo_warning
exit 0
fi
boot_mesg "Starting Random Number Generator Daemon..."
- loadproc /usr/sbin/rngd
+ loadproc /usr/sbin/rngd --no-tpm=1
;;
stop)
@@ -38,6 +46,10 @@ case "${1}" in
statusproc /usr/sbin/rngd
;;
+ udev-event)
+ $0 restart &>/dev/null
+ ;;
+
*)
echo "Usage: ${0} {start|stop|restart|status}"
exit 1
diff --git a/src/initscripts/init.d/sshd b/src/initscripts/init.d/sshd
index e99e694..8aab83f 100644
--- a/src/initscripts/init.d/sshd
+++ b/src/initscripts/init.d/sshd
@@ -12,13 +12,28 @@
case "$1" in
start)
- if [ ! -e /etc/ssh/ssh_host_rsa_key ]; then
- echo "Generating SSH Keys"
- ssh-keygen -qf /etc/ssh/ssh_host_rsa_key -N ''
- ssh-keygen -qf /etc/ssh/ssh_host_key -N '' -t rsa1
- ssh-keygen -qf /etc/ssh/ssh_host_dsa_key -N '' -t dsa
- ssh-keygen -qf /etc/ssh/ssh_host_ecdsa_key -N '' -t ecdsa
- fi
+ if [ ! -e "/etc/ssh/ssh_host_key" ]; then
+ boot_mesg "Generating SSH host key..."
+ ssh-keygen -qf /etc/ssh/ssh_host_key -N '' -t rsa1
+ evaluate_retval
+ fi
+
+ for algo in rsa dsa ecdsa ed25519; do
+ keyfile="/etc/ssh/ssh_host_${algo}_key"
+
+ # If the key already exists, there is nothing to do.
+ [ -e "${keyfile}" ] && continue
+
+ case "${algo}" in
+ rsa)
+ algo="rsa1"
+ ;;
+ esac
+
+ boot_mesg "Generating SSH key (${algo})..."
+ ssh-keygen -qf "${keyfile}" -N '' -t ${algo}
+ evaluate_retval
+ done
[ -e "/var/ipfire/remote/enablessh" ] || exit 0 # SSH is not enabled
boot_mesg "Starting SSH Server..."
hooks/post-receive
--
IPFire 2.x development tree