From ernst@zaphod.euronet.nl  Mon Nov 26 02:33:07 2001
Return-Path: <ernst@zaphod.euronet.nl>
Received: from zaphod.euronet.nl (zaphod.euronet.nl [194.134.128.241])
	by hub.freebsd.org (Postfix) with ESMTP id CA2EC37B405
	for <FreeBSD-gnats-submit@freebsd.org>; Mon, 26 Nov 2001 02:33:06 -0800 (PST)
Received: (from ernst@localhost)
	by zaphod.euronet.nl (8.11.6/8.11.6) id fAQAX7077782;
	Mon, 26 Nov 2001 11:33:07 +0100 (CET)
	(envelope-from ernst)
Message-Id: <200111261033.fAQAX7077782@zaphod.euronet.nl>
Date: Mon, 26 Nov 2001 11:33:07 +0100 (CET)
From: Ernst de Haan <znerd@freebsd.org>
Reply-To: Ernst de Haan <znerd@freebsd.org>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: After install: /etc/rc complains if crypto is not installed
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         32288
>Category:       bin
>Synopsis:       [sysinstall] After install: /etc/rc complains if crypto is not installed
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-qa
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon Nov 26 02:40:01 PST 2001
>Closed-Date:    Fri Dec 30 00:25:13 GMT 2005
>Last-Modified:  Fri Dec 30 00:25:13 GMT 2005
>Originator:     Ernst de Haan
>Release:        FreeBSD 4.4-STABLE i386
>Organization:
FreeBSD
>Environment:
System: FreeBSD 4.4-RELEASE
>Description:
Just installed 4.4-R on a laptop. I only selected bin, compat4 and a few
others, but I did *not* select crypto. Now when I first started the machine
(actually the reboot after the install) I get the following message:

   Starting final network daemons: creating ssh RSA host key
   /etc/rc: /usr/bin/ssh-keygen: not found
    creating ssh DSA host key
   /etc/rc: /usr/bin/ssh-keygen: not found
   .

Seems to me that this is not very clean.
>How-To-Repeat:
Install 4.4-R, choose "Custom", select only bin, man, compat4 and ports.
Let the install program restart and watch the messages at boot time.
>Fix:
>Release-Note:
>Audit-Trail:

From: Dag-Erling Smorgrav <des@ofug.org>
To: Ernst de Haan <znerd@freebsd.org>
Cc: FreeBSD-gnats-submit@freebsd.org
Subject: Re: conf/32288: After install: /etc/rc complains if crypto is not installed
Date: 26 Nov 2001 15:54:32 +0100

 Ernst de Haan <znerd@freebsd.org> writes:
 >    Starting final network daemons: creating ssh RSA host key
 >    /etc/rc: /usr/bin/ssh-keygen: not found
 >     creating ssh DSA host key
 >    /etc/rc: /usr/bin/ssh-keygen: not found
 >    .
 
 This is because sysinstall sets sshd_enable to YES.  It should
 probably set it to NO when crypto is not installed.  In addition,
 rc.network should check for the existence and executability of
 ssh-keygen, which should probably be parametrized.
 
 DES
 -- 
 Dag-Erling Smorgrav - des@ofug.org

From: Makoto Matsushita <matusita@jp.freebsd.org>
To: FreeBSD-gnats-submit@freebsd.org
Cc:  
Subject: Re: conf/32288: After install: /etc/rc complains if crypto is not
 installed
Date: Tue, 27 Nov 2001 02:23:37 +0900

 des>  This is because sysinstall sets sshd_enable to YES.  It should
 des>  probably set it to NO when crypto is not installed.
 
 sysinstall sets sshd_enable to YES if you
 
 1) select 'Medium' in security profile
 2) enable sshd in "Networking Services" menu
 
 I suppose PR originator do 1), is it true?
 
 des>  In addition, rc.network should check for the existence and
 des>  executability of ssh-keygen, which should probably be
 des>  parametrized.
 
 In /etc/rc, sshd starts only if sshd_enable=YES *and* /usr/bin/sshd
 exists as a executable file.  IMHO, tweaking /etc/rc.network is only
 required for fixing this.
 
 -- -
 Makoto `MAR' Matsushita

From: Makoto Matsushita <matusita@jp.freebsd.org>
To: FreeBSD-gnats-submit@freebsd.org
Cc: Dag-Erling Smorgrav <des@ofug.org>
Subject: Re: conf/32288: After install: /etc/rc complains if crypto is not
 installed
Date: Wed, 28 Nov 2001 00:57:36 +0900

 des>  In addition, rc.network should check for the existence and
 des>  executability of ssh-keygen, which should probably be
 des>  parametrized.
 
 How about this patch?  Logic is changed to:
 
 	if ${sshd_enable} is YES
 		if ${ssh_keygen_program} is not executable
 			ssh_keygen_enable=NO
 		if ${ssh_keygen_enable} is YES
 			(create keys as before)
 
 ssh_keygen_enable is set to "YES", and ssh_keygen_program is set to
 "/usr/bin/ssh-keygen" to keep the behavior of current rc.network.
 If a user doesn't install 'crypto' distribution, /usr/bin/ssh-keygen
 is not available so ssh_keygen_enable turn to 'NO'.
 
 BTW, I don't like this patch, the ssh-keygen line is too long...
 
 -- -
 Makoto `MAR' Matsushita
 
 Index: rc.network
 ===================================================================
 RCS file: /home/ncvs/src/etc/rc.network,v
 retrieving revision 1.115
 diff -u -r1.115 rc.network
 --- rc.network	24 Nov 2001 23:41:32 -0000	1.115
 +++ rc.network	27 Nov 2001 15:48:52 -0000
 @@ -814,14 +814,21 @@
  
  	case ${sshd_enable} in
  	[Yy][Ee][Ss])
 -		if [ ! -f /etc/ssh/ssh_host_key ]; then
 -			echo ' creating ssh RSA host key';
 -			/usr/bin/ssh-keygen -N "" -f /etc/ssh/ssh_host_key
 -		fi
 -		if [ ! -f /etc/ssh/ssh_host_dsa_key ]; then
 -			echo ' creating ssh DSA host key';
 -			/usr/bin/ssh-keygen -d -N "" -f /etc/ssh/ssh_host_dsa_key
 +		if [ ! -x ${ssh_keygen_program:-/usr/bin/ssh-keygen} ]; then
 +			ssh_keygen_enable="NO"
  		fi
 +		case ${ssh_keygen_enable} in
 +		[Yy][Ee][Ss])
 +			if [ ! -f /etc/ssh/ssh_host_key ]; then
 +				echo ' creating ssh RSA host key';
 +				${ssh_keygen_program:-/usr/bin/ssh-keygen} -N "" -f /etc/ssh/ssh_host_key
 +			fi
 +			if [ ! -f /etc/ssh/ssh_host_dsa_key ]; then
 +				echo ' creating ssh DSA host key';
 +				${ssh_keygen_program:-/usr/bin/ssh-keygen} -d -N "" -f /etc/ssh/ssh_host_dsa_key
 +			fi
 +			;;
 +		esac
  		;;
  	esac
  
 Index: defaults/rc.conf
 ===================================================================
 RCS file: /home/ncvs/src/etc/defaults/rc.conf,v
 retrieving revision 1.132
 diff -u -r1.132 rc.conf
 --- defaults/rc.conf	24 Nov 2001 16:12:03 -0000	1.132
 +++ defaults/rc.conf	27 Nov 2001 15:48:53 -0000
 @@ -153,6 +153,8 @@
  sshd_enable="NO"                # Enable sshd
  sshd_program="/usr/sbin/sshd"	# path to sshd, if you want a different one.
  sshd_flags=""                   # Additional flags for sshd.
 +ssh_keygen_enable="YES"		# Create sshd host keys if not exist.
 +ssh_keygen_program="/usr/bin/ssh-keygen" # Create sshd host keys if not exist.
  
  ### Network daemon (NFS) Need all portmap_enable="YES" ###
  amd_enable="NO"			# Run amd service with $amd_flags (or NO).

From: Murray Stokely <murray@FreeBSD.org>
To: freebsd-gnats-submit@FreeBSD.org, znerd@freebsd.org
Cc:  
Subject: Re: conf/32288: After install: /etc/rc complains if crypto is not installed
Date: Mon, 10 Dec 2001 03:24:48 -0800

 This patch looks good to me, please commit it.  This will also close
 PR 31458
 
    - Murray

From: Doug Barton <DougB@DougBarton.net>
To: freebsd-gnats-submit@FreeBSD.org, znerd@freebsd.org
Cc:  
Subject: Re: conf/32288: After install: /etc/rc complains if crypto is not 
 installed
Date: Thu, 07 Feb 2002 19:02:00 -0800

 Please do NOT commit this patch. It attempts to solve a problem created
 by sysinstall with an otherwise useless hack in rc. The real fix is to
 make sure that sysintall adjusts rc.conf when crypto is not installed.
Responsible-Changed-From-To: freebsd-bugs->qa 
Responsible-Changed-By: kris 
Responsible-Changed-When: Fri Jul 18 16:05:48 PDT 2003 
Responsible-Changed-Why:  
Assign to qa group 

http://www.freebsd.org/cgi/query-pr.cgi?pr=32288 
State-Changed-From-To: open->closed 
State-Changed-By: ceri 
State-Changed-When: Fri Dec 30 00:24:15 UTC 2005 
State-Changed-Why:  
It hasn't been possible to do an installation with crypto since revision 
1.357 of src/usr.sbin/sysinstall/install.c, which I am taking as a 
pretty good indication that this isn't getting fixed now. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=32288 
>Unformatted:
