From ecd02bf3f1c7a07a3271b2736a9e12dd6e897821 Mon Sep 17 00:00:00 2001
From: David Galloway <dgallowa@redhat.com>
Date: Fri, 19 Aug 2016 16:09:30 -0400
Subject: [PATCH] ceph-post-file: migrate to RSA SSH keys

DSA keys are being deprecated: http://www.openssh.com/legacy.html

drop.ceph.com will continue to allow the old DSA key but eventually,
users submitting logs using ceph-post-file will run into issues when
OpenSSH completely drops support for the algorithm.

Fixes: http://tracker.ceph.com/issues/14267

Signed-off-by: David Galloway <dgallowa@redhat.com>
---
 Makefile.am                    |  8 ++++----
 ceph.spec.in                   |  4 ++--
 debian/ceph-common.install     |  4 ++--
 share/id_dsa_drop.ceph.com     | 12 ------------
 share/id_dsa_drop.ceph.com.pub |  1 -
 share/id_rsa_drop.ceph.com     | 27 +++++++++++++++++++++++++++
 share/id_rsa_drop.ceph.com.pub |  1 +
 src/CMakeLists.txt             |  4 ++--
 src/ceph-post-file.in          | 10 +++++-----
 9 files changed, 43 insertions(+), 28 deletions(-)
 delete mode 100644 share/id_dsa_drop.ceph.com
 delete mode 100644 share/id_dsa_drop.ceph.com.pub
 create mode 100644 share/id_rsa_drop.ceph.com
 create mode 100644 share/id_rsa_drop.ceph.com.pub

diff --git a/Makefile.am b/Makefile.am
index 1b252c1737c0f..18aa8589184f2 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -18,8 +18,8 @@ EXTRA_DIST += \
 	udev/60-ceph-by-parttypeuuid.rules \
 	udev/95-ceph-osd.rules \
 	share/known_hosts_drop.ceph.com \
-	share/id_dsa_drop.ceph.com \
-	share/id_dsa_drop.ceph.com.pub
+	share/id_rsa_drop.ceph.com \
+	share/id_rsa_drop.ceph.com.pub
 
 NPROC = nproc
 if FREEBSD
@@ -30,8 +30,8 @@ endif
 install-data-local::
 	-mkdir -p $(DESTDIR)$(datadir)/ceph
 	-install -m 600 share/known_hosts_drop.ceph.com $(DESTDIR)$(datadir)/ceph/known_hosts_drop.ceph.com
-	-install -m 600 share/id_dsa_drop.ceph.com $(DESTDIR)$(datadir)/ceph/id_dsa_drop.ceph.com
-	-install -m 600 share/id_dsa_drop.ceph.com.pub $(DESTDIR)$(datadir)/ceph/id_dsa_drop.ceph.com.pub
+	-install -m 600 share/id_rsa_drop.ceph.com $(DESTDIR)$(datadir)/ceph/id_rsa_drop.ceph.com
+	-install -m 600 share/id_rsa_drop.ceph.com.pub $(DESTDIR)$(datadir)/ceph/id_rsa_drop.ceph.com.pub
 
 all-local::
 if WITH_DEBUG
diff --git a/ceph.spec.in b/ceph.spec.in
index dc132ad6103e3..e54f6d34700fe 100644
--- a/ceph.spec.in
+++ b/ceph.spec.in
@@ -924,8 +924,8 @@ DISABLE_RESTART_ON_UPDATE="yes"
 %{_mandir}/man8/rbd-replay-prep.8*
 %dir %{_datadir}/ceph/
 %{_datadir}/ceph/known_hosts_drop.ceph.com
-%{_datadir}/ceph/id_dsa_drop.ceph.com
-%{_datadir}/ceph/id_dsa_drop.ceph.com.pub
+%{_datadir}/ceph/id_rsa_drop.ceph.com
+%{_datadir}/ceph/id_rsa_drop.ceph.com.pub
 %dir %{_sysconfdir}/ceph/
 %config %{_sysconfdir}/bash_completion.d/rados
 %config %{_sysconfdir}/bash_completion.d/rbd
diff --git a/debian/ceph-common.install b/debian/ceph-common.install
index 49a5878b188e8..361d878fe9a3d 100644
--- a/debian/ceph-common.install
+++ b/debian/ceph-common.install
@@ -31,8 +31,8 @@ usr/share/man/man8/rbd.8
 usr/share/man/man8/rbdmap.8
 usr/share/man/man8/rbd-replay*.8
 usr/share/ceph/known_hosts_drop.ceph.com
-usr/share/ceph/id_dsa_drop.ceph.com
-usr/share/ceph/id_dsa_drop.ceph.com.pub
+usr/share/ceph/id_rsa_drop.ceph.com
+usr/share/ceph/id_rsa_drop.ceph.com.pub
 etc/ceph/rbdmap
 etc/init.d/rbdmap
 lib/udev/rules.d/50-rbd.rules
diff --git a/share/id_dsa_drop.ceph.com b/share/id_dsa_drop.ceph.com
deleted file mode 100644
index 3efc985a129ec..0000000000000
--- a/share/id_dsa_drop.ceph.com
+++ /dev/null
@@ -1,12 +0,0 @@
------BEGIN DSA PRIVATE KEY-----
-MIIBugIBAAKBgQDv8F/WToUDOc2HRWUOqtq5ilORE+5P53yZUo7ugr8XD3wM0H7Q
-IIl9F9fizwUtL2gh3n1BnBxmPhkVU6VYsiDpn1P3dWvRmf+jyqPuk+b185L0Erb8
-QsExADv6v33Yyd+9i5oTI988Rm1VWY6QhP7neW6yMPt2noi1TwleLm6z2wIVAKHL
-ciT2S0w/dbTFQDFHSEOCAif3AoGAHwOYd8YEInrcBrXPFJuPFbQKr8ceO3/ItY0r
-/W/L92nXUJbdl1JEt2KfkdwaxkBhlYT7E1JR5MRoTNBTEMCFjHxemZCdH+03+Jzq
-+RAQ28p77przbqOFaMuZuQoGlqMy3gYrhnPRGEJGjh+pkhMePqUPCCKFtRntNzlH
-lDh4uOACgYBLGpqu3Pthhd4fnawv8Md16gc/p1Vg/5vyAzi9Gshhgf1hXvFHdeJv
-AN/5mgE/Ekg7fqeNUhui9LYkuuOMgP267naGkAAgxV3bbiy439Vj8SzXdOQk4agA
-YgebWkmJrdMtUSzeBYBkqBZTZODvQwCmYdR6INuNuZtA+rHgKwiAHQIUZak7aJD8
-y4kap9GmduDYmp6/JxU=
------END DSA PRIVATE KEY-----
diff --git a/share/id_dsa_drop.ceph.com.pub b/share/id_dsa_drop.ceph.com.pub
deleted file mode 100644
index e7e538344345e..0000000000000
--- a/share/id_dsa_drop.ceph.com.pub
+++ /dev/null
@@ -1 +0,0 @@
-ssh-dss AAAAB3NzaC1kc3MAAACBAO/wX9ZOhQM5zYdFZQ6q2rmKU5ET7k/nfJlSju6CvxcPfAzQftAgiX0X1+LPBS0vaCHefUGcHGY+GRVTpViyIOmfU/d1a9GZ/6PKo+6T5vXzkvQStvxCwTEAO/q/fdjJ372LmhMj3zxGbVVZjpCE/ud5brIw+3aeiLVPCV4ubrPbAAAAFQChy3Ik9ktMP3W0xUAxR0hDggIn9wAAAIAfA5h3xgQietwGtc8Um48VtAqvxx47f8i1jSv9b8v3addQlt2XUkS3Yp+R3BrGQGGVhPsTUlHkxGhM0FMQwIWMfF6ZkJ0f7Tf4nOr5EBDbynvumvNuo4Voy5m5CgaWozLeBiuGc9EYQkaOH6mSEx4+pQ8IIoW1Ge03OUeUOHi44AAAAIBLGpqu3Pthhd4fnawv8Md16gc/p1Vg/5vyAzi9Gshhgf1hXvFHdeJvAN/5mgE/Ekg7fqeNUhui9LYkuuOMgP267naGkAAgxV3bbiy439Vj8SzXdOQk4agAYgebWkmJrdMtUSzeBYBkqBZTZODvQwCmYdR6INuNuZtA+rHgKwiAHQ== public_ceph_post_key_2013-08-16
diff --git a/share/id_rsa_drop.ceph.com b/share/id_rsa_drop.ceph.com
new file mode 100644
index 0000000000000..78dc7da5f0f31
--- /dev/null
+++ b/share/id_rsa_drop.ceph.com
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEA6H/ykb30TtYaK8DbaFH5gOHO1E5zs9M5rRNpx5oSC5K3qj7j
+PmWJqFtL+kGxD19IqmYVzAun9auwwObIYtNqr/trD7G9I8W2MYYo/CmJlv/anoBE
+R+fQxkcsPQ8TB3RHBFHR2NnJmOAn3dSt5BRdjzQCL3MMCENq7J2zmF1OcATAAjuK
+kYvp/dunFqmn6GVDjgUWcd12Oz67dVlykjLDCF6cLqup0YM2dZ/mMAUQkGPJytpZ
+4O9Pk9MdXy4LIvJEfQyRWf9fMXWmjEjn7xYFoMbQn+078Fxqv3z2pxB0DU2u94ur
+ep4l7NATtuLoF0qrTYqxxmJi2PDhVMkpeaFQWQIDAQABAoIBAGgzT8e51pCurDQH
+z03Fz4jPqx7Dul9Rv3uuQ65NguDk9KO8Y6RHZZaqtDaI0o4NKkgUUJiOcMxOEn2h
+8RU5o4sTpzv1cMtjhPBVLHE3PI8MRDLdUbzYTF1Q8Ka85s5kcp+g++ewVAXMEJH/
+C6A48GWJ7aDOcwoRDQ7W7vLOfqT84U8on97jn1vMA30ZzailQUqvfgOHUldoQlrc
+6SnBuPnyIozIlir1+seRiNJJ17Dx7sr3nMr3c2Ugvw5ZDSCJ5PmJxZZwl+I6v2kM
+372lOHnp7u0Ii6aOeX69RvWx2CeA2sw1miMfe/b5sjOm4B4PPGwj4knbxHmVs8W4
+GTaJWjECgYEA9pAbTDBQQfvsqwnR4W/e6R1azKa0hTL9dSZBxLQjrPaHhRQsrZbE
+AudL9cfx5ucmoiX++/wVHUpU9nGhZfdvpISCPuVtTnY26Ug7UsKxf2no5gSyKQi+
+xmj0+V9/a1tGD4jdAeRRqhBLR4p1aOWZlCOgaXEq/2w021KBykkzkNcCgYEA8WYL
+5F4QnZaqRosAVPhOw7ovSPclQ70aLX56V3QMwuyLXPqIuKJBFhVHxLl97meB+hrY
+/4gmLW+hvud7dlW88A5x/sgwLy1dMgY0EJEjhVmsk+kni2ZKNsmXGuwUI1qefYk+
+l4WM4k1+5Tp32mw7i5PByQhKVWXh3318ekorkk8CgYEAyzf7R9CKVdhOOKrfUe/i
+ykBnlkXQg/iC7wuZKYdP4D9Rc14tdOXOqJX7BZjGyIm8TekDQK2EuZ+KZ5VAccp/
+Ohn9P9nZPdIxcBUY0B2oLlwcmXlFXozWsLHRN7h+TP3twOANSIHmzUSgx1ZXbx3O
+d0rl7AJabivBZQOb9h5fYgECgYAcS7vlHumPr1NyRWTakOiapL5aLS4fDJF+965b
+hezhBF0pnuxbyBkc/42UD7IlOdjQekkpWsou1UD+YZ/lNROah/bwyIJtZUHhVTzR
+HFIvlV1XUSMjge/9EBA4RafupPai/G1r0Wm8NR1EvV/DKKCqMb2rVN9xtymMyubG
+Zt9InQKBgQDd2TIVDXbPWsnh9EU893uQrLHLDJ5Xu1dcvKX8yvFDihwUrP6ycq9O
+zopzAWu8Fdm0vFEyImwkPPhEJ5kSLQW8T3RJVKQpZ1tgz8sZRXoaTOI+u9w28REc
+2/ABV6x6DknKI9qiQU4sM5hY5pweFtKDIwJFBqWtgFQR0NBoll7JHA==
+-----END RSA PRIVATE KEY-----
diff --git a/share/id_rsa_drop.ceph.com.pub b/share/id_rsa_drop.ceph.com.pub
new file mode 100644
index 0000000000000..5130a1c05483e
--- /dev/null
+++ b/share/id_rsa_drop.ceph.com.pub
@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDof/KRvfRO1horwNtoUfmA4c7UTnOz0zmtE2nHmhILkreqPuM+ZYmoW0v6QbEPX0iqZhXMC6f1q7DA5shi02qv+2sPsb0jxbYxhij8KYmW/9qegERH59DGRyw9DxMHdEcEUdHY2cmY4Cfd1K3kFF2PNAIvcwwIQ2rsnbOYXU5wBMACO4qRi+n926cWqafoZUOOBRZx3XY7Prt1WXKSMsMIXpwuq6nRgzZ1n+YwBRCQY8nK2lng70+T0x1fLgsi8kR9DJFZ/18xdaaMSOfvFgWgxtCf7TvwXGq/fPanEHQNTa73i6t6niXs0BO24ugXSqtNirHGYmLY8OFUySl5oVBZ public_ceph_post_key_2016-08-19
diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt
index fb1d867604d5c..9cec3aa974e4f 100644
--- a/src/CMakeLists.txt
+++ b/src/CMakeLists.txt
@@ -743,8 +743,8 @@ install(PROGRAMS
   RENAME ceph)
 
 install(FILES
-  ${CMAKE_SOURCE_DIR}/share/id_dsa_drop.ceph.com
-  ${CMAKE_SOURCE_DIR}/share/id_dsa_drop.ceph.com.pub
+  ${CMAKE_SOURCE_DIR}/share/id_rsa_drop.ceph.com
+  ${CMAKE_SOURCE_DIR}/share/id_rsa_drop.ceph.com.pub
   ${CMAKE_SOURCE_DIR}/share/known_hosts_drop.ceph.com
   DESTINATION ${CMAKE_INSTALL_DATADIR}/ceph)
 
diff --git a/src/ceph-post-file.in b/src/ceph-post-file.in
index b278e8abd95c7..07da4a2c5087c 100755
--- a/src/ceph-post-file.in
+++ b/src/ceph-post-file.in
@@ -1,13 +1,13 @@
 #!/bin/bash -e
 
 # If these files exist, assume we are a source install.
-if [[ -f ../share/known_hosts_drop.ceph.com && -f ../share/id_dsa_drop.ceph.com ]]
+if [[ -f ../share/known_hosts_drop.ceph.com && -f ../share/id_rsa_drop.ceph.com ]]
     then # running from source install
        known_hosts=../share/known_hosts_drop.ceph.com
-       ssh_key=../share/id_dsa_drop.ceph.com
+       ssh_key=../share/id_rsa_drop.ceph.com
     else # running from a pkg install
        known_hosts=@datadir@/known_hosts_drop.ceph.com
-       ssh_key=@datadir@/id_dsa_drop.ceph.com
+       ssh_key=@datadir@/id_rsa_drop.ceph.com
 fi
 
 function usage() {
@@ -39,7 +39,7 @@ Options:
   -k|--known_hosts <path>    known_hosts file
                                [Default: /usr/share/ceph/known_hosts_drop.ceph.com]
   -i <path>         Ssh identity file
-                      [Default: /usr/share/ceph/id_dsa_drop.ceph.com]
+                      [Default: /usr/share/ceph/id_rsa_drop.ceph.com]
   -h|--help         Show this usage information
 "
 }
@@ -150,7 +150,7 @@ EOF
 done
 
 # no UserKnownHostsFile so that we don't try to record the IP hash key
-# GLobalKnownHostsFile so that we are verifying that this is the real drop.ceph.com
+# GlobalKnownHostsFile so that we are verifying that this is the real drop.ceph.com
 
 cp "$ssh_key" "$t4"
 cp "${ssh_key}.pub" "$t4.pub"