Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Wed, 6 Apr 2011 19:13:57 +0400
From: Vasiliy Kulikov <segoon@...nwall.com>
To: cpb@....log2.net
Cc: owl-dev@...ts.openwall.com
Subject: Re: installvztree.sh fails on remove SSH keys

Hi Chris,

On Wed, Apr 06, 2011 at 00:59 -1000, cpb@....log2.net wrote:
> -------------------
> 1. Fail to remove non-existent host keys in vztree before compression.
> 
> I've always found when running "make vztemplate" that a line near
> the end of installvztree.sh stops the process because it tries to
> remove non-existent SSH keys from the new VE before compressing it:
> 
>     (about line 60): rm ssh/ssh_host_*

That's curious.  These files are generated by openssh-server while
installing RPM into the vztree root:

   4:openssh-server         ########################################### [ 20%]
Generating public/private rsa1 key pair.
Your identification has been saved in /etc/ssh/ssh_host_key.
Your public key has been saved in /etc/ssh/ssh_host_key.pub.
The key fingerprint is:
b4:0a:22:50:46:4b:ff:f2:02:0c:1e:19:8f:c8:df:e0 rsa1
Generating public/private dsa key pair.
Your identification has been saved in /etc/ssh/ssh_host_dsa_key.
Your public key has been saved in /etc/ssh/ssh_host_dsa_key.pub.
The key fingerprint is:
c3:ff:86:b1:6c:69:06:d6:a9:aa:5d:c8:4a:9f:de:4a dsa
Generating public/private rsa key pair.
Your identification has been saved in /etc/ssh/ssh_host_rsa_key.
Your public key has been saved in /etc/ssh/ssh_host_rsa_key.pub.
The key fingerprint is:
0b:3b:39:bb:71:4c:bb:c5:75:6a:e7:48:b5:ea:a8:1e rsa

Don't you have ssh server RPM installed into vztree or do you manually
delete ssh RPM?  If former, please show your "make installvztree"
log.  If latter, tell why :)

> 4. This is not a bug, but it bit me. I had something like an Owl-current
> setup and did a buildworld to make Owl-stable RPMS. The build went OK,
> but because I had libusb* installed in the build env., the gnupg RPM was
> built with that as a dependency. So make installworld into /owl failed
> because there's no libusb in Owl-stable! Interesting. So I removed libusb*
> and gnupg RPMs from the build env, rebuilt the gnupg RPM, cleared out /owl,
> then make installworld into /owl went OK.

I suppose it is a bug.  We don't want to have additional dependencies,
especially when they don't make sense for us (like this one).

Thank you for the report,

-- 
Vasiliy Kulikov
http://www.openwall.com - bringing security into open computing environments

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ