From 6a7dd92929fcc61281e9897b29b0e7a240fd25e6 Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Tue, 26 Jul 2016 12:57:48 +0200
Subject: [PATCH] Remove legacy sshd-keygen (#1359762) Revert "Add legacy
 sshd-keygen for anaconda (#1331077)"

This reverts commit 0b5300a59c5b88489f9a00f529670fb2723de34e.
---
 openssh.spec       |   3 -
 sshd-keygen.legacy | 168 ---------------------------------------------
 2 files changed, 171 deletions(-)
 delete mode 100644 sshd-keygen.legacy

diff --git a/openssh.spec b/openssh.spec
index 9071526..4ff9036 100644
--- a/openssh.spec
+++ b/openssh.spec
@@ -90,7 +90,6 @@ Source12: sshd-keygen@.service
 Source13: sshd-keygen
 Source14: sshd.tmpfiles
 Source15: sshd-keygen.target
-Source16: sshd-keygen.legacy
 
 # Internal debug
 Patch0: openssh-5.9p1-wIm.patch
@@ -672,7 +671,6 @@ install -d $RPM_BUILD_ROOT%{_libdir}/fipscheck
 install -m644 %{SOURCE2} $RPM_BUILD_ROOT/etc/pam.d/sshd
 install -m644 %{SOURCE6} $RPM_BUILD_ROOT/etc/pam.d/ssh-keycat
 install -m644 %{SOURCE7} $RPM_BUILD_ROOT/etc/sysconfig/sshd
-install -m755 %{SOURCE16} $RPM_BUILD_ROOT/%{_sbindir}/sshd-keygen
 install -d -m755 $RPM_BUILD_ROOT/%{_unitdir}
 install -m644 %{SOURCE9} $RPM_BUILD_ROOT/%{_unitdir}/sshd@.service
 install -m644 %{SOURCE10} $RPM_BUILD_ROOT/%{_unitdir}/sshd.socket
@@ -777,7 +775,6 @@ getent passwd sshd >/dev/null || \
 %files server
 %dir %attr(0711,root,root) %{_var}/empty/sshd
 %attr(0755,root,root) %{_sbindir}/sshd
-%attr(0755,root,root) %{_sbindir}/sshd-keygen
 %attr(0644,root,root) %{_libdir}/fipscheck/sshd.hmac
 %attr(0755,root,root) %{_libexecdir}/openssh/sftp-server
 %attr(0755,root,root) %{_libexecdir}/openssh/sshd-keygen
diff --git a/sshd-keygen.legacy b/sshd-keygen.legacy
deleted file mode 100644
index 78da730..0000000
--- a/sshd-keygen.legacy
+++ /dev/null
@@ -1,168 +0,0 @@
-#!/bin/bash
-
-# Create the host keys for the OpenSSH server.
-#
-# The creation is controlled by the $AUTOCREATE_SERVER_KEYS environment
-# variable.
-AUTOCREATE_SERVER_KEYS="RSA ECDSA ED25519"
-
-if [ -f /etc/rc.d/init.d/functions ]; then
-    # source function library
-    . /etc/rc.d/init.d/functions
-else
-    # minimal implimantation of success and failure function
-    success()
-    {
-        echo -en $"[  OK  ]\r"
-        return 0
-    }
-    failure()
-    {
-        echo -en $"[FAILED]\r"
-        return 1
-    }
-fi
-
-# Some functions to make the below more readable
-KEYGEN=/usr/bin/ssh-keygen
-RSA1_KEY=/etc/ssh/ssh_host_key
-RSA_KEY=/etc/ssh/ssh_host_rsa_key
-DSA_KEY=/etc/ssh/ssh_host_dsa_key
-ECDSA_KEY=/etc/ssh/ssh_host_ecdsa_key
-ED25519_KEY=/etc/ssh/ssh_host_ed25519_key
-
-# pull in sysconfig settings
-[ -f /etc/sysconfig/sshd ] && . /etc/sysconfig/sshd
-
-fips_enabled() {
-	if [ -r /proc/sys/crypto/fips_enabled ]; then
-		cat /proc/sys/crypto/fips_enabled
-	else
-		echo 0
-	fi
-}
-
-do_rsa1_keygen() {
-	if [ ! -s $RSA1_KEY -a `fips_enabled` -eq 0 ]; then
-		echo -n $"Generating SSH1 RSA host key: "
-		rm -f $RSA1_KEY
-		if test ! -f $RSA1_KEY && $KEYGEN -q -t rsa1 -f $RSA1_KEY -C '' -N '' >&/dev/null; then
-			chgrp ssh_keys $RSA1_KEY
-			chmod 640 $RSA1_KEY
-			chmod 644 $RSA1_KEY.pub
-			if [ -x /sbin/restorecon ]; then
-			    /sbin/restorecon $RSA1_KEY{,.pub}
-			fi
-			success $"RSA1 key generation"
-			echo
-		else
-			failure $"RSA1 key generation"
-			echo
-			exit 1
-		fi
-	fi
-}
-
-do_rsa_keygen() {
-	if [ ! -s $RSA_KEY ]; then
-		echo -n $"Generating SSH2 RSA host key: "
-		rm -f $RSA_KEY
-		if test ! -f $RSA_KEY && $KEYGEN -q -t rsa -f $RSA_KEY -C '' -N '' >&/dev/null; then
-			chgrp ssh_keys $RSA_KEY
-			chmod 640 $RSA_KEY
-			chmod 644 $RSA_KEY.pub
-			if [ -x /sbin/restorecon ]; then
-			    /sbin/restorecon $RSA_KEY{,.pub}
-			fi
-			success $"RSA key generation"
-			echo
-		else
-			failure $"RSA key generation"
-			echo
-			exit 1
-		fi
-	fi
-}
-
-do_dsa_keygen() {
-	if [ ! -s $DSA_KEY -a `fips_enabled` -eq 0 ]; then
-		echo -n $"Generating SSH2 DSA host key: "
-		rm -f $DSA_KEY
-		if test ! -f $DSA_KEY && $KEYGEN -q -t dsa -f $DSA_KEY -C '' -N '' >&/dev/null; then
-			chgrp ssh_keys $DSA_KEY
-			chmod 640 $DSA_KEY
-			chmod 644 $DSA_KEY.pub
-			if [ -x /sbin/restorecon ]; then
-			    /sbin/restorecon $DSA_KEY{,.pub}
-			fi
-			success $"DSA key generation"
-			echo
-		else
-			failure $"DSA key generation"
-			echo
-			exit 1
-		fi
-	fi
-}
-
-do_ecdsa_keygen() {
-	if [ ! -s $ECDSA_KEY ]; then
-		echo -n $"Generating SSH2 ECDSA host key: "
-		rm -f $ECDSA_KEY
-		if test ! -f $ECDSA_KEY && $KEYGEN -q -t ecdsa -f $ECDSA_KEY -C '' -N '' >&/dev/null; then
-			chgrp ssh_keys $ECDSA_KEY
-			chmod 640 $ECDSA_KEY
-			chmod 644 $ECDSA_KEY.pub
-			if [ -x /sbin/restorecon ]; then
-			    /sbin/restorecon $ECDSA_KEY{,.pub}
-			fi
-			success $"ECDSA key generation"
-			echo
-		else
-			failure $"ECDSA key generation"
-			echo
-			exit 1
-		fi
-	fi
-}
-
-do_ed25519_keygen() {
-	if [ ! -s $ED25519_KEY -a `fips_enabled` -eq 0 ]; then
-		echo -n $"Generating SSH2 ED25519 host key: "
-		rm -f $ED25519_KEY
-		if test ! -f $ED25519_KEY && $KEYGEN -q -t ed25519 -f $ED25519_KEY -C '' -N '' >&/dev/null; then
-			chgrp ssh_keys $ED25519_KEY
-			chmod 640 $ED25519_KEY
-			chmod 644 $ED25519_KEY.pub
-			if [ -x /sbin/restorecon ]; then
-			    /sbin/restorecon $ED25519_KEY{,.pub}
-			fi
-			success $"ED25519 key generation"
-			echo
-		else
-			failure $"ED25519 key generation"
-			echo
-			exit 1
-		fi
-	fi
-}
-
-if [ "x${AUTOCREATE_SERVER_KEYS}" == "xNO" ]; then
-	exit 0
-fi
-
-# legacy options
-case $AUTOCREATE_SERVER_KEYS in
-	NODSA) AUTOCREATE_SERVER_KEYS="RSA ECDSA ED25519";;
-	RSAONLY) AUTOCREATE_SERVER_KEYS="RSA";;
-	YES) AUTOCREATE_SERVER_KEYS="DSA RSA ECDSA ED25519";;
-esac
-
-for KEY in $AUTOCREATE_SERVER_KEYS; do
-	case $KEY in
-		DSA) do_dsa_keygen;;
-		RSA) do_rsa_keygen;;
-		ECDSA) do_ecdsa_keygen;;
-		ED25519) do_ed25519_keygen;;
-	esac
-done