openssh: Fix key generation with systemd

106b59d9 broke SSH host key generation when systemd and a read-only root file system are in use because there isn't a way for systemd to get the optional weak assigment of SYSCONFDIR from /etc/default/sshd and still provide a default value if it is not specified. Instead, move the logic for determining if keys need to be created to a helper script that both the SysV init script and the systemd unit file can reference. This does mean that the systemd unit file can't check for file existence to know if it should start the service, but it wasn't able to do that correctly anyway anymore. This should be a problem since the serivce is only run once per power cycle by systemd, and should exit quickly if the keys already exist (From OE-Core rev: 7e49c5879862253ae1b6a26535d07a2740a95798) Signed-off-by: Joshua Watt <JPEWhacker@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Joshua Watt <jpewhacker@gmail.com> 2017-07-03 20:18:18 -0500
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2017-09-25 14:14:16 +0100
commit: ae32558a19ae3b3f175365dc0e10fa74a91e28ce (patch)
tree: 6f5476c59bf2c89c13100f6b2ccf6497bfcf02d2 /meta/recipes-connectivity/openssh/openssh_7.5p1.bb
parent: edcf39820f94c84b29c95a0d7b16b8d36857e87b (diff)
download: poky-ae32558a19ae3b3f175365dc0e10fa74a91e28ce.tar.gz
1 files changed, 8 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/openssh/openssh_7.5p1.bb b/meta/recipes-connectivity/openssh/openssh_7.5p1.bb
index e46b4c86ad..86ca6ff372 100644
--- a/meta/recipes-connectivity/openssh/openssh_7.5p1.bb
+++ b/meta/recipes-connectivity/openssh/openssh_7.5p1.bb
@@ -27,6 +27,7 @@ SRC_URI = "http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar
           file://openssh-7.1p1-conditional-compile-des-in-pkcs11.patch \
           file://fix-potential-signed-overflow-in-pointer-arithmatic.patch \
           file://0001-openssh-Fix-syntax-error-on-x32.patch \
+           file://sshd_check_keys \
           "
 PAM_SRC_URI = "file://sshd"
@@ -120,7 +121,13 @@ do_install_append () {
        sed -i -e 's,@BASE_BINDIR@,${base_bindir},g' \
                -e 's,@SBINDIR@,${sbindir},g' \
                -e 's,@BINDIR@,${bindir},g' \
+                -e 's,@LIBEXECDIR@,${libexecdir}/${BPN},g' \
                ${D}${systemd_unitdir}/system/sshd.socket ${D}${systemd_unitdir}/system/*.service
+        sed -i -e 's,@LIBEXECDIR@,${libexecdir}/${BPN},g' \
+                ${D}${sysconfdir}/init.d/sshd
+        install -D -m 0755 ${WORKDIR}/sshd_check_keys ${D}${libexecdir}/${BPN}/sshd_check_keys
 }
 do_install_ptest () {
@@ -135,6 +142,7 @@ FILES_${PN}-scp = "${bindir}/scp.${BPN}"
 FILES_${PN}-ssh = "${bindir}/ssh.${BPN} ${sysconfdir}/ssh/ssh_config"
 FILES_${PN}-sshd = "${sbindir}/sshd ${sysconfdir}/init.d/sshd ${systemd_unitdir}/system"
 FILES_${PN}-sshd += "${sysconfdir}/ssh/moduli ${sysconfdir}/ssh/sshd_config ${sysconfdir}/ssh/sshd_config_readonly ${sysconfdir}/default/volatiles/99_sshd ${sysconfdir}/pam.d/sshd"
+FILES_${PN}-sshd += "${libexecdir}/${BPN}/sshd_check_keys"
 FILES_${PN}-sftp = "${bindir}/sftp"
 FILES_${PN}-sftp-server = "${libexecdir}/sftp-server"
 FILES_${PN}-misc = "${bindir}/ssh* ${libexecdir}/ssh*"
author	Joshua Watt <jpewhacker@gmail.com>	2017-07-03 20:18:18 -0500
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2017-09-25 14:14:16 +0100
commit	ae32558a19ae3b3f175365dc0e10fa74a91e28ce (patch)
tree	6f5476c59bf2c89c13100f6b2ccf6497bfcf02d2 /meta/recipes-connectivity/openssh/openssh_7.5p1.bb
parent	edcf39820f94c84b29c95a0d7b16b8d36857e87b (diff)
download	poky-ae32558a19ae3b3f175365dc0e10fa74a91e28ce.tar.gz