From 8702fdd82368a1f205bf0109621515f5bfa87065 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabian=20Bl=C3=A4se?= Date: Sun, 13 Jun 2021 10:58:25 +0200 Subject: [PATCH] fff-sysupgrade: Keep ed25519 and ecdsa host key on system upgrade MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Dropbear supports ed25519 keys since OpenWrt 21.02. Also, ecdsa is supported since v19.07, but disabled in our firmware. Keep the generated ed25519 and ecdsa host key accross upgrades. While at it, remove dss host keys, as they are not supported anymore. 5eb7864aadd5 ("dropbear: rewrite init script startup logic to handle both host key files") 8a7a93947004 ("dropbear: remove generation and configuration of DSS keys") Signed-off-by: Fabian Bläse Reviewed-by: Adrian Schmutzler --- src/packages/fff/fff-sysupgrade/Makefile | 2 +- .../fff-sysupgrade/files/etc/uci-defaults/99-fff-sysupgrade | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/src/packages/fff/fff-sysupgrade/Makefile b/src/packages/fff/fff-sysupgrade/Makefile index 4b99eac0..c9a9c06d 100644 --- a/src/packages/fff/fff-sysupgrade/Makefile +++ b/src/packages/fff/fff-sysupgrade/Makefile @@ -1,7 +1,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=fff-sysupgrade -PKG_RELEASE:=12 +PKG_RELEASE:=13 include $(INCLUDE_DIR)/package.mk diff --git a/src/packages/fff/fff-sysupgrade/files/etc/uci-defaults/99-fff-sysupgrade b/src/packages/fff/fff-sysupgrade/files/etc/uci-defaults/99-fff-sysupgrade index 14854082..d0f3d36a 100644 --- a/src/packages/fff/fff-sysupgrade/files/etc/uci-defaults/99-fff-sysupgrade +++ b/src/packages/fff/fff-sysupgrade/files/etc/uci-defaults/99-fff-sysupgrade @@ -4,8 +4,9 @@ cat > /etc/sysupgrade.conf <<-__EOF__ /etc/shadow -/etc/dropbear/dropbear_dss_host_key /etc/dropbear/dropbear_rsa_host_key +/etc/dropbear/dropbear_ecdsa_host_key +/etc/dropbear/dropbear_ed25519_host_key /etc/dropbear/authorized_keys /etc/network.config /etc/config/fff