diff options
author | Joshua Watt <jpewhacker@gmail.com> | 2017-07-03 20:18:18 -0500 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2017-09-25 14:14:16 +0100 |
commit | ae32558a19ae3b3f175365dc0e10fa74a91e28ce (patch) | |
tree | 6f5476c59bf2c89c13100f6b2ccf6497bfcf02d2 /meta/recipes-connectivity/openssh/openssh_7.5p1.bb | |
parent | edcf39820f94c84b29c95a0d7b16b8d36857e87b (diff) | |
download | poky-ae32558a19ae3b3f175365dc0e10fa74a91e28ce.tar.gz |
openssh: Fix key generation with systemd
106b59d9 broke SSH host key generation when systemd and a read-only root file
system are in use because there isn't a way for systemd to get the optional
weak assigment of SYSCONFDIR from /etc/default/sshd and still provide a default
value if it is not specified. Instead, move the logic for determining if keys
need to be created to a helper script that both the SysV init script and the
systemd unit file can reference.
This does mean that the systemd unit file can't check for file existence to
know if it should start the service, but it wasn't able to do that correctly
anyway anymore. This should be a problem since the serivce is only run once per
power cycle by systemd, and should exit quickly if the keys already exist
(From OE-Core rev: 7e49c5879862253ae1b6a26535d07a2740a95798)
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-connectivity/openssh/openssh_7.5p1.bb')
-rw-r--r-- | meta/recipes-connectivity/openssh/openssh_7.5p1.bb | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/openssh/openssh_7.5p1.bb b/meta/recipes-connectivity/openssh/openssh_7.5p1.bb index e46b4c86ad..86ca6ff372 100644 --- a/meta/recipes-connectivity/openssh/openssh_7.5p1.bb +++ b/meta/recipes-connectivity/openssh/openssh_7.5p1.bb | |||
@@ -27,6 +27,7 @@ SRC_URI = "http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar | |||
27 | file://openssh-7.1p1-conditional-compile-des-in-pkcs11.patch \ | 27 | file://openssh-7.1p1-conditional-compile-des-in-pkcs11.patch \ |
28 | file://fix-potential-signed-overflow-in-pointer-arithmatic.patch \ | 28 | file://fix-potential-signed-overflow-in-pointer-arithmatic.patch \ |
29 | file://0001-openssh-Fix-syntax-error-on-x32.patch \ | 29 | file://0001-openssh-Fix-syntax-error-on-x32.patch \ |
30 | file://sshd_check_keys \ | ||
30 | " | 31 | " |
31 | 32 | ||
32 | PAM_SRC_URI = "file://sshd" | 33 | PAM_SRC_URI = "file://sshd" |
@@ -120,7 +121,13 @@ do_install_append () { | |||
120 | sed -i -e 's,@BASE_BINDIR@,${base_bindir},g' \ | 121 | sed -i -e 's,@BASE_BINDIR@,${base_bindir},g' \ |
121 | -e 's,@SBINDIR@,${sbindir},g' \ | 122 | -e 's,@SBINDIR@,${sbindir},g' \ |
122 | -e 's,@BINDIR@,${bindir},g' \ | 123 | -e 's,@BINDIR@,${bindir},g' \ |
124 | -e 's,@LIBEXECDIR@,${libexecdir}/${BPN},g' \ | ||
123 | ${D}${systemd_unitdir}/system/sshd.socket ${D}${systemd_unitdir}/system/*.service | 125 | ${D}${systemd_unitdir}/system/sshd.socket ${D}${systemd_unitdir}/system/*.service |
126 | |||
127 | sed -i -e 's,@LIBEXECDIR@,${libexecdir}/${BPN},g' \ | ||
128 | ${D}${sysconfdir}/init.d/sshd | ||
129 | |||
130 | install -D -m 0755 ${WORKDIR}/sshd_check_keys ${D}${libexecdir}/${BPN}/sshd_check_keys | ||
124 | } | 131 | } |
125 | 132 | ||
126 | do_install_ptest () { | 133 | do_install_ptest () { |
@@ -135,6 +142,7 @@ FILES_${PN}-scp = "${bindir}/scp.${BPN}" | |||
135 | FILES_${PN}-ssh = "${bindir}/ssh.${BPN} ${sysconfdir}/ssh/ssh_config" | 142 | FILES_${PN}-ssh = "${bindir}/ssh.${BPN} ${sysconfdir}/ssh/ssh_config" |
136 | FILES_${PN}-sshd = "${sbindir}/sshd ${sysconfdir}/init.d/sshd ${systemd_unitdir}/system" | 143 | FILES_${PN}-sshd = "${sbindir}/sshd ${sysconfdir}/init.d/sshd ${systemd_unitdir}/system" |
137 | FILES_${PN}-sshd += "${sysconfdir}/ssh/moduli ${sysconfdir}/ssh/sshd_config ${sysconfdir}/ssh/sshd_config_readonly ${sysconfdir}/default/volatiles/99_sshd ${sysconfdir}/pam.d/sshd" | 144 | FILES_${PN}-sshd += "${sysconfdir}/ssh/moduli ${sysconfdir}/ssh/sshd_config ${sysconfdir}/ssh/sshd_config_readonly ${sysconfdir}/default/volatiles/99_sshd ${sysconfdir}/pam.d/sshd" |
145 | FILES_${PN}-sshd += "${libexecdir}/${BPN}/sshd_check_keys" | ||
138 | FILES_${PN}-sftp = "${bindir}/sftp" | 146 | FILES_${PN}-sftp = "${bindir}/sftp" |
139 | FILES_${PN}-sftp-server = "${libexecdir}/sftp-server" | 147 | FILES_${PN}-sftp-server = "${libexecdir}/sftp-server" |
140 | FILES_${PN}-misc = "${bindir}/ssh* ${libexecdir}/ssh*" | 148 | FILES_${PN}-misc = "${bindir}/ssh* ${libexecdir}/ssh*" |