diff options
| author | Chen Qi <Qi.Chen@windriver.com> | 2013-07-29 10:11:07 +0800 |
|---|---|---|
| committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2013-08-16 11:14:36 +0100 |
| commit | 2b204500bd20621d29762f23204a000eadc88e00 (patch) | |
| tree | 18aac8670f0ce87836947964292e33175ec2d1d7 /meta/classes | |
| parent | 0b66192825633d4d7e635cd9a97a3c0da39fc765 (diff) | |
| download | poky-2b204500bd20621d29762f23204a000eadc88e00.tar.gz | |
openssh: fix for read-only rootfs
If the rootfs is read-only and the ssh keys are not available at system
start-up, the init script will generate ssh keys into /etc/ssh, thus
causing a 'read-only file system' error.
In order for Yocto based image to work correctly for read-only rootfs,
we use the following logic for openssh.
If the rootfs is read-only and there are pre-generated keys under /etc/ssh,
we use the pre-generated keys. Note the pre-generated keys are mainly for
debugging or development purpose.
If the rootfs is read-only and there are no pre-generated keys under
/etc/ssh, we use /var/run/ssh as the location for ssh keys. That is, at
system boot-up, the generated ssh keys will put into /var/run/ssh.
[YOCTO #4887]
(From OE-Core rev: 2ed44745024f04aa4e00ddba3009153c6b47c8e9)
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/classes')
| -rw-r--r-- | meta/classes/image.bbclass | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/meta/classes/image.bbclass b/meta/classes/image.bbclass index 494664627d..116bd226ea 100644 --- a/meta/classes/image.bbclass +++ b/meta/classes/image.bbclass | |||
| @@ -262,6 +262,18 @@ read_only_rootfs_hook () { | |||
| 262 | if [ -x ${IMAGE_ROOTFS}/etc/init.d/populate-volatile.sh ]; then | 262 | if [ -x ${IMAGE_ROOTFS}/etc/init.d/populate-volatile.sh ]; then |
| 263 | ${IMAGE_ROOTFS}/etc/init.d/populate-volatile.sh | 263 | ${IMAGE_ROOTFS}/etc/init.d/populate-volatile.sh |
| 264 | fi | 264 | fi |
| 265 | # If we're using openssh and the /etc/ssh directory has no pre-generated keys, | ||
| 266 | # we should configure openssh to use the configuration file /etc/ssh/sshd_config_readonly | ||
| 267 | # and the keys under /var/run/ssh. | ||
| 268 | if [ -d ${IMAGE_ROOTFS}/etc/ssh ]; then | ||
| 269 | if [ -e ${IMAGE_ROOTFS}/etc/ssh/ssh_host_rsa_key ]; then | ||
| 270 | echo "SYSCONFDIR=/etc/ssh" >> ${IMAGE_ROOTFS}/etc/default/ssh | ||
| 271 | echo "SSHD_OPTS=" >> ${IMAGE_ROOTFS}/etc/default/ssh | ||
| 272 | else | ||
| 273 | echo "SYSCONFDIR=/var/run/ssh" >> ${IMAGE_ROOTFS}/etc/default/ssh | ||
| 274 | echo "SSHD_OPTS='-f /etc/ssh/sshd_config_readonly'" >> ${IMAGE_ROOTFS}/etc/default/ssh | ||
| 275 | fi | ||
| 276 | fi | ||
| 265 | fi | 277 | fi |
| 266 | } | 278 | } |
| 267 | 279 | ||