Bug 32288
| Summary: | [sysinstall] After install: /etc/rc complains if crypto is not installed | ||
|---|---|---|---|
| Product: | Base System | Reporter: | Ernst de Haan <znerd> |
| Component: | bin | Assignee: | freebsd-qa (Nobody) <qa> |
| Status: | Closed FIXED | ||
| Severity: | Affects Only Me | ||
| Priority: | Normal | ||
| Version: | 4.4-STABLE | ||
| Hardware: | Any | ||
| OS: | Any | ||
Ernst de Haan <znerd@freebsd.org> writes: > Starting final network daemons: creating ssh RSA host key > /etc/rc: /usr/bin/ssh-keygen: not found > creating ssh DSA host key > /etc/rc: /usr/bin/ssh-keygen: not found > . This is because sysinstall sets sshd_enable to YES. It should probably set it to NO when crypto is not installed. In addition, rc.network should check for the existence and executability of ssh-keygen, which should probably be parametrized. DES -- Dag-Erling Smorgrav - des@ofug.org des> This is because sysinstall sets sshd_enable to YES. It should des> probably set it to NO when crypto is not installed. sysinstall sets sshd_enable to YES if you 1) select 'Medium' in security profile 2) enable sshd in "Networking Services" menu I suppose PR originator do 1), is it true? des> In addition, rc.network should check for the existence and des> executability of ssh-keygen, which should probably be des> parametrized. In /etc/rc, sshd starts only if sshd_enable=YES *and* /usr/bin/sshd exists as a executable file. IMHO, tweaking /etc/rc.network is only required for fixing this. -- - Makoto `MAR' Matsushita des> In addition, rc.network should check for the existence and
des> executability of ssh-keygen, which should probably be
des> parametrized.
How about this patch? Logic is changed to:
if ${sshd_enable} is YES
if ${ssh_keygen_program} is not executable
ssh_keygen_enable=NO
if ${ssh_keygen_enable} is YES
(create keys as before)
ssh_keygen_enable is set to "YES", and ssh_keygen_program is set to
"/usr/bin/ssh-keygen" to keep the behavior of current rc.network.
If a user doesn't install 'crypto' distribution, /usr/bin/ssh-keygen
is not available so ssh_keygen_enable turn to 'NO'.
BTW, I don't like this patch, the ssh-keygen line is too long...
-- -
Makoto `MAR' Matsushita
Index: rc.network
===================================================================
RCS file: /home/ncvs/src/etc/rc.network,v
retrieving revision 1.115
diff -u -r1.115 rc.network
--- rc.network 24 Nov 2001 23:41:32 -0000 1.115
+++ rc.network 27 Nov 2001 15:48:52 -0000
@@ -814,14 +814,21 @@
case ${sshd_enable} in
[Yy][Ee][Ss])
- if [ ! -f /etc/ssh/ssh_host_key ]; then
- echo ' creating ssh RSA host key';
- /usr/bin/ssh-keygen -N "" -f /etc/ssh/ssh_host_key
- fi
- if [ ! -f /etc/ssh/ssh_host_dsa_key ]; then
- echo ' creating ssh DSA host key';
- /usr/bin/ssh-keygen -d -N "" -f /etc/ssh/ssh_host_dsa_key
+ if [ ! -x ${ssh_keygen_program:-/usr/bin/ssh-keygen} ]; then
+ ssh_keygen_enable="NO"
fi
+ case ${ssh_keygen_enable} in
+ [Yy][Ee][Ss])
+ if [ ! -f /etc/ssh/ssh_host_key ]; then
+ echo ' creating ssh RSA host key';
+ ${ssh_keygen_program:-/usr/bin/ssh-keygen} -N "" -f /etc/ssh/ssh_host_key
+ fi
+ if [ ! -f /etc/ssh/ssh_host_dsa_key ]; then
+ echo ' creating ssh DSA host key';
+ ${ssh_keygen_program:-/usr/bin/ssh-keygen} -d -N "" -f /etc/ssh/ssh_host_dsa_key
+ fi
+ ;;
+ esac
;;
esac
Index: defaults/rc.conf
===================================================================
RCS file: /home/ncvs/src/etc/defaults/rc.conf,v
retrieving revision 1.132
diff -u -r1.132 rc.conf
--- defaults/rc.conf 24 Nov 2001 16:12:03 -0000 1.132
+++ defaults/rc.conf 27 Nov 2001 15:48:53 -0000
@@ -153,6 +153,8 @@
sshd_enable="NO" # Enable sshd
sshd_program="/usr/sbin/sshd" # path to sshd, if you want a different one.
sshd_flags="" # Additional flags for sshd.
+ssh_keygen_enable="YES" # Create sshd host keys if not exist.
+ssh_keygen_program="/usr/bin/ssh-keygen" # Create sshd host keys if not exist.
### Network daemon (NFS) Need all portmap_enable="YES" ###
amd_enable="NO" # Run amd service with $amd_flags (or NO).
This patch looks good to me, please commit it. This will also close PR 31458 - Murray Please do NOT commit this patch. It attempts to solve a problem created by sysinstall with an otherwise useless hack in rc. The real fix is to make sure that sysintall adjusts rc.conf when crypto is not installed. Responsible Changed From-To: freebsd-bugs->qa Assign to qa group State Changed From-To: open->closed It hasn't been possible to do an installation with crypto since revision 1.357 of src/usr.sbin/sysinstall/install.c, which I am taking as a pretty good indication that this isn't getting fixed now. |
Just installed 4.4-R on a laptop. I only selected bin, compat4 and a few others, but I did *not* select crypto. Now when I first started the machine (actually the reboot after the install) I get the following message: Starting final network daemons: creating ssh RSA host key /etc/rc: /usr/bin/ssh-keygen: not found creating ssh DSA host key /etc/rc: /usr/bin/ssh-keygen: not found . Seems to me that this is not very clean. How-To-Repeat: Install 4.4-R, choose "Custom", select only bin, man, compat4 and ports. Let the install program restart and watch the messages at boot time.