[Buildroot] [PATCH] package/dropbear: fix when readlink is busybox'
Peter Korsgaard
peter at korsgaard.com
Mon Aug 24 15:38:23 UTC 2015
>>>>> "Yann" == Yann E MORIN <yann.morin.1998 at free.fr> writes:
Hi,
>> Looking at the recent changes to S50dropbear, isn't it quite noisy with
>> a RO rootfs? I would imagine those rm and mkdir calls complain with
>> RO. Perhaps we should add 2>/dev/null to them?
> Well, on a RO filesystem, we'd create /var/run/dropbear on each boot,
> and thus regenerate keys on each boot. This means keys from such a
> device can not really be trusted.
Well, with a RO filesystem you only have the option to either generate
at each boot or bake in a hardcoded host key in the rootfs. Neither is
really great for security.
> So I'd prefer we get the error messages, as a clue to the user that
> something is wrong. Maybe we could have had an explicit message, yes.
Those fairly obscure messages are imho not really helpful - But on the
other hand I'm not sure a dedicated message is really warranted.
--
Venlig hilsen,
Peter Korsgaard
More information about the buildroot
mailing list