/mandos/release

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to mandos-keygen

  • Committer: Teddy Hogeborn
  • Date: 2024-11-17 18:43:11 UTC
  • mto: This revision was merged to the branch mainline in revision 412.
  • Revision ID: teddy@recompile.se-20241117184311-ox25kvngy62h209g
Debian package: Avoid suggesting a C compiler unnecessarily

The list of suggested packages, meant to enable the "mandos" program
to find the correct value of SO_BINDTODEVICE by using a C compiler,
are not necessary when Python 3.3 or later is used, since it has the
SO_BINDTODEVICE constant defined in the "socket" module.  Also, Python
2.6 or older has the same constant in the old "IN" module.  Therefore,
we should suggest these Python versions as alternatives to a C
compiler, so that a C compiler is not installed unnecessarily.

debian/control (Package: mandos/Suggests): Add "python3 (>= 3.3)" and
"python (<= 2.6)" as alternatives to "libc6-dev | libc-dev" and
"c-compiler".

Show diffs side-by-side

added added

removed removed

Lines of Context:
23
23
# Contact the authors at <mandos@recompile.se>.
24
24
25
25
 
26
 
VERSION="1.8.16"
 
26
VERSION="1.8.17"
27
27
 
28
28
KEYDIR="/etc/keys/mandos"
29
29
KEYTYPE=RSA
331
331
    esac
332
332
 
333
333
    if [ $SSH -eq 1 ]; then
334
 
        for ssh_keytype in ecdsa-sha2-nistp256 ed25519 rsa; do
335
 
            set +e
336
 
            ssh_fingerprint="`ssh-keyscan -t $ssh_keytype localhost 2>/dev/null`"
337
 
            err=$?
338
 
            set -e
339
 
            if [ $err -ne 0 ]; then
340
 
                ssh_fingerprint=""
341
 
                continue
342
 
            fi
343
 
            if [ -n "$ssh_fingerprint" ]; then
344
 
                ssh_fingerprint="${ssh_fingerprint#localhost }"
345
 
                break
346
 
            fi
 
334
        # The -q option is new in OpenSSH 9.8
 
335
        for ssh_keyscan_quiet in "-q " ""; do
 
336
            for ssh_keytype in ecdsa-sha2-nistp256 ed25519 rsa; do
 
337
                set +e
 
338
                ssh_fingerprint="`ssh-keyscan ${ssh_keyscan_quiet}-t $ssh_keytype localhost 2>/dev/null`"
 
339
                err=$?
 
340
                set -e
 
341
                if [ $err -ne 0 ]; then
 
342
                    ssh_fingerprint=""
 
343
                    continue
 
344
                fi
 
345
                if [ -n "$ssh_fingerprint" ]; then
 
346
                    ssh_fingerprint="${ssh_fingerprint#localhost }"
 
347
                    break 2
 
348
                fi
 
349
            done
347
350
        done
348
351
    fi
349
352
 
434
437
            }
435
438
        }' < "$SECFILE"
436
439
    if [ -n "$ssh_fingerprint" ]; then
437
 
        echo 'checker = ssh-keyscan -t '"$ssh_keytype"' %%(host)s 2>/dev/null | grep --fixed-strings --line-regexp --quiet --regexp=%%(host)s" %(ssh_fingerprint)s"'
 
440
        echo 'checker = ssh-keyscan '"$ssh_keyscan_quiet"'-t '"$ssh_keytype"' %%(host)s 2>/dev/null | grep --fixed-strings --line-regexp --quiet --regexp=%%(host)s" %(ssh_fingerprint)s"'
438
441
        echo "ssh_fingerprint = ${ssh_fingerprint}"
439
442
    fi
440
443
fi