This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree".
The branch, next has been updated via 2af817938546f4994967a171cc35ff3460ebdfef (commit) via 167e6ec7a8d68f1c87833d77e2e290230c0399e0 (commit) from a20395a645d73a74825693e8d9cbb411a5b3cfcf (commit)
Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.
- Log ----------------------------------------------------------------- commit 2af817938546f4994967a171cc35ff3460ebdfef Author: Michael Tremer michael.tremer@ipfire.org Date: Sat Feb 1 16:46:22 2014 +0100
rngd: Mix-in RDRAND and reload for HWRNGs added at runtime.
commit 167e6ec7a8d68f1c87833d77e2e290230c0399e0 Author: Michael Tremer michael.tremer@ipfire.org Date: Sat Feb 1 16:15:10 2014 +0100
openssh: Update to 6.5p1.
Adds support for ed25519.
-----------------------------------------------------------------------
Summary of changes: config/rootfiles/common/openssh | 2 ++ config/rootfiles/common/udev | 1 + .../{oldcore/36 => core/76}/filelists/openssh | 0 config/udev/90-hwrng.rules | 1 + lfs/openssh | 4 +-- lfs/udev | 4 +++ src/initscripts/init.d/rngd | 18 +++++++++++--- src/initscripts/init.d/sshd | 29 ++++++++++++++++------ 8 files changed, 47 insertions(+), 12 deletions(-) copy config/rootfiles/{oldcore/36 => core/76}/filelists/openssh (100%) create mode 100644 config/udev/90-hwrng.rules
Difference in files: diff --git a/config/rootfiles/common/openssh b/config/rootfiles/common/openssh index 6737b6c..1b6ded3 100644 --- a/config/rootfiles/common/openssh +++ b/config/rootfiles/common/openssh @@ -5,6 +5,8 @@ etc/ssh/ssh_config #etc/ssh/ssh_host_dsa_key.pub #etc/ssh/ssh_host_ecdsa_key #etc/ssh/ssh_host_ecdsa_key.pub +#etc/ssh/ssh_host_ed25519_key +#etc/ssh/ssh_host_ed25519_key.pub #etc/ssh/ssh_host_key #etc/ssh/ssh_host_key.pub #etc/ssh/ssh_host_rsa_key diff --git a/config/rootfiles/common/udev b/config/rootfiles/common/udev index 3b9979b..bc1cdaa 100644 --- a/config/rootfiles/common/udev +++ b/config/rootfiles/common/udev @@ -51,6 +51,7 @@ lib/udev #lib/udev/rules.d/78-sound-card.rules #lib/udev/rules.d/80-drivers.rules #lib/udev/rules.d/80-net-name-slot.rules +#lib/udev/rules.d/90-hwrng.rules #lib/udev/rules.d/95-udev-late.rules #lib/udev/rules.d/99-codel.rules #lib/udev/scsi_id diff --git a/config/rootfiles/core/76/filelists/openssh b/config/rootfiles/core/76/filelists/openssh new file mode 120000 index 0000000..d8c77fd --- /dev/null +++ b/config/rootfiles/core/76/filelists/openssh @@ -0,0 +1 @@ +../../../common/openssh \ No newline at end of file diff --git a/config/udev/90-hwrng.rules b/config/udev/90-hwrng.rules new file mode 100644 index 0000000..a939790 --- /dev/null +++ b/config/udev/90-hwrng.rules @@ -0,0 +1 @@ +ACTION=="add|remove", KERNEL=="hw_random", RUN+="/etc/rc.d/init.d/rngd udev-event" diff --git a/lfs/openssh b/lfs/openssh index 17772c1..d651162 100644 --- a/lfs/openssh +++ b/lfs/openssh @@ -24,7 +24,7 @@
include Config
-VER = 6.4p1 +VER = 6.5p1
THISAPP = openssh-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = a62b88b884df0b09b8a8c5789ac9e51b +$(DL_FILE)_MD5 = a084e7272b8cbd25afe0f5dce4802fef
install : $(TARGET)
diff --git a/lfs/udev b/lfs/udev index d034993..fdf8bf2 100644 --- a/lfs/udev +++ b/lfs/udev @@ -108,6 +108,10 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) install -v -m 644 $(DIR_SRC)/config/udev/25-alsa.rules \ /lib/udev/rules.d
+ # Install hwrng rules. + install -v -m 644 $(DIR_SRC)/config/udev/90-hwrng.rules \ + /lib/udev/rules.d + # Install codel rules. install -v -m 644 $(DIR_SRC)/config/udev/99-codel.rules \ /lib/udev/rules.d diff --git a/src/initscripts/init.d/rngd b/src/initscripts/init.d/rngd index cc1c10d..22437fd 100644 --- a/src/initscripts/init.d/rngd +++ b/src/initscripts/init.d/rngd @@ -11,16 +11,24 @@ . /etc/sysconfig/rc . ${rc_functions}
+function has_rdrand() { + grep -q "rdrand" /proc/cpuinfo +} + +function has_hwrng() { + [ -e "/dev/hwrng" ] +} + case "${1}" in start) - if [ ! -e "/dev/hwrng" ]; then - boot_mesg "No Hardware Random Number Generator found..." ${WARNING} + if ! has_hwrng && ! has_rdrand; then + boot_mesg "No Hardware Random Number Generator found..." echo_warning exit 0 fi
boot_mesg "Starting Random Number Generator Daemon..." - loadproc /usr/sbin/rngd + loadproc /usr/sbin/rngd --no-tpm=1 ;;
stop) @@ -38,6 +46,10 @@ case "${1}" in statusproc /usr/sbin/rngd ;;
+ udev-event) + $0 restart &>/dev/null + ;; + *) echo "Usage: ${0} {start|stop|restart|status}" exit 1 diff --git a/src/initscripts/init.d/sshd b/src/initscripts/init.d/sshd index e99e694..8aab83f 100644 --- a/src/initscripts/init.d/sshd +++ b/src/initscripts/init.d/sshd @@ -12,13 +12,28 @@
case "$1" in start) - if [ ! -e /etc/ssh/ssh_host_rsa_key ]; then - echo "Generating SSH Keys" - ssh-keygen -qf /etc/ssh/ssh_host_rsa_key -N '' - ssh-keygen -qf /etc/ssh/ssh_host_key -N '' -t rsa1 - ssh-keygen -qf /etc/ssh/ssh_host_dsa_key -N '' -t dsa - ssh-keygen -qf /etc/ssh/ssh_host_ecdsa_key -N '' -t ecdsa - fi + if [ ! -e "/etc/ssh/ssh_host_key" ]; then + boot_mesg "Generating SSH host key..." + ssh-keygen -qf /etc/ssh/ssh_host_key -N '' -t rsa1 + evaluate_retval + fi + + for algo in rsa dsa ecdsa ed25519; do + keyfile="/etc/ssh/ssh_host_${algo}_key" + + # If the key already exists, there is nothing to do. + [ -e "${keyfile}" ] && continue + + case "${algo}" in + rsa) + algo="rsa1" + ;; + esac + + boot_mesg "Generating SSH key (${algo})..." + ssh-keygen -qf "${keyfile}" -N '' -t ${algo} + evaluate_retval + done
[ -e "/var/ipfire/remote/enablessh" ] || exit 0 # SSH is not enabled boot_mesg "Starting SSH Server..."
hooks/post-receive -- IPFire 2.x development tree