[Buildroot] [PATCH] package/dropbear: fix when readlink is busybox'

Peter Korsgaard peter at korsgaard.com
Mon Aug 24 15:38:23 UTC 2015


>>>>> "Yann" == Yann E MORIN <yann.morin.1998 at free.fr> writes:

Hi,

>> Looking at the recent changes to S50dropbear, isn't it quite noisy with
 >> a RO rootfs? I would imagine those rm and mkdir calls complain with
 >> RO. Perhaps we should add 2>/dev/null to them?

 > Well, on a RO filesystem, we'd create /var/run/dropbear on each boot,
 > and thus regenerate keys on each boot. This means keys from such a
 > device can not really be trusted.

Well, with a RO filesystem you only have the option to either generate
at each boot or bake in a hardcoded host key in the rootfs. Neither is
really great for security.

 > So I'd prefer we get the error messages, as a clue to the user that
 > something is wrong. Maybe we could have had an explicit message, yes.

Those fairly obscure messages are imho not really helpful - But on the
other hand I'm not sure a dedicated message is really warranted.

-- 
Venlig hilsen,
Peter Korsgaard 



More information about the buildroot mailing list