/mandos/trunk

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to mandos-keygen

  • Committer: Teddy Hogeborn
  • Date: 2024-09-09 04:24:39 UTC
  • Revision ID: teddy@recompile.se-20240909042439-j85mr20uli2hnyis
Eliminate compiler warnings

Many programs use nested functions, which now result in a linker
warning about executable stack.  Hide this warning.  Also, rewrite a
loop in the plymouth plugin to avoid warning about signed overflow.
This change also makes the plugin pick the alphabetically first
process entry instead of the last, in case many plymouth processes are
found (which should be unlikely).

* Makefile (plugin-runner, dracut-module/password-agent,
  plugins.d/password-prompt, plugins.d/mandos-client,
  plugins.d/plymouth): New target; set LDFLAGS to add "-Xlinker
  --no-warn-execstack".
* plugins.d/plymouth.c (get_pid): When no pid files are found, and we
  are looking through the process list, go though it from the start
  instead of from the end, i.e. in normal alphabetical order and not
  in reverse order.

Show diffs side-by-side

added added

removed removed

Lines of Context:
mandos-keygen
23
23
# Contact the authors at <mandos@recompile.se>.
24
24
25
25
 
26
 
VERSION="1.8.17"
 
26
VERSION="1.8.16"
27
27
 
28
28
KEYDIR="/etc/keys/mandos"
29
29
KEYTYPE=RSA
331
331
    esac
332
332
 
333
333
    if [ $SSH -eq 1 ]; then
334
 
        # The -q option is new in OpenSSH 9.8
335
 
        for ssh_keyscan_quiet in "-q " ""; do
336
 
            for ssh_keytype in ecdsa-sha2-nistp256 ed25519 rsa; do
337
 
                set +e
338
 
                ssh_fingerprint="`ssh-keyscan ${ssh_keyscan_quiet}-t $ssh_keytype localhost 2>/dev/null`"
339
 
                err=$?
340
 
                set -e
341
 
                if [ $err -ne 0 ]; then
342
 
                    ssh_fingerprint=""
343
 
                    continue
344
 
                fi
345
 
                if [ -n "$ssh_fingerprint" ]; then
346
 
                    ssh_fingerprint="${ssh_fingerprint#localhost }"
347
 
                    break 2
348
 
                fi
349
 
            done
 
334
        for ssh_keytype in ecdsa-sha2-nistp256 ed25519 rsa; do
 
335
            set +e
 
336
            ssh_fingerprint="`ssh-keyscan -t $ssh_keytype localhost 2>/dev/null`"
 
337
            err=$?
 
338
            set -e
 
339
            if [ $err -ne 0 ]; then
 
340
                ssh_fingerprint=""
 
341
                continue
 
342
            fi
 
343
            if [ -n "$ssh_fingerprint" ]; then
 
344
                ssh_fingerprint="${ssh_fingerprint#localhost }"
 
345
                break
 
346
            fi
350
347
        done
351
348
    fi
352
349
 
437
434
            }
438
435
        }' < "$SECFILE"
439
436
    if [ -n "$ssh_fingerprint" ]; then
440
 
        echo 'checker = ssh-keyscan '"$ssh_keyscan_quiet"'-t '"$ssh_keytype"' %%(host)s 2>/dev/null | grep --fixed-strings --line-regexp --quiet --regexp=%%(host)s" %(ssh_fingerprint)s"'
 
437
        echo 'checker = ssh-keyscan -t '"$ssh_keytype"' %%(host)s 2>/dev/null | grep --fixed-strings --line-regexp --quiet --regexp=%%(host)s" %(ssh_fingerprint)s"'
441
438
        echo "ssh_fingerprint = ${ssh_fingerprint}"
442
439
    fi
443
440
fi