diff options
| author | Rasmus Villemoes <rasmus.villemoes@prevas.dk> | 2024-07-10 23:01:01 +0200 |
|---|---|---|
| committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2024-07-13 23:28:30 +0100 |
| commit | 314106d579a9fdcf1b073798bcf93184a3a43405 (patch) | |
| tree | 82eb52214ea8972f007064c5084c3affd0f231a7 /meta/recipes-connectivity | |
| parent | da04237311b3f8bf80a7a82c05fc9de3c0d26ada (diff) | |
| download | poky-314106d579a9fdcf1b073798bcf93184a3a43405.tar.gz | |
openssh: factor out sshd hostkey setup to separate function
Commit 0827c29566 (openssh: allow configuration of hostkey type) broke
our setup. We make use of the 'Include /etc/ssh/sshd_config.d/*.conf'
and put a hostkeys.conf file in there, configuring the types and
locations of the sshd host keys.
With that commit, we now get an extra "HostKey
/etc/ssh/ssh_host_ecdsa_key" line in the sshd_config. And while we
could avoid that by removing all hostkey-* items from PACKAGECONFIG,
other people providing their own sshd_config via a .bbappend now have
their HostKey settings unconditionally removed by the 'sed'
invocations, regardless of PACKAGECONFIG.
To make it easier for downstream layers and BSPs to define (and
preserve) their own logic for placement and type of sshd host keys,
factor out the new logic to a separate shell function. Downstream
layers can then simply override that by an empty function and keep the
behaviour they used to have.
(From OE-Core rev: 09dd5cceecfaa2046f7ed070690b000181723fd2)
Signed-off-by: Rasmus Villemoes <rasmus.villemoes@prevas.dk>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-connectivity')
| -rw-r--r-- | meta/recipes-connectivity/openssh/openssh_9.7p1.bb | 48 |
1 files changed, 26 insertions, 22 deletions
diff --git a/meta/recipes-connectivity/openssh/openssh_9.7p1.bb b/meta/recipes-connectivity/openssh/openssh_9.7p1.bb index 69eade3ee7..4a08c0bd66 100644 --- a/meta/recipes-connectivity/openssh/openssh_9.7p1.bb +++ b/meta/recipes-connectivity/openssh/openssh_9.7p1.bb | |||
| @@ -113,6 +113,31 @@ do_compile_ptest() { | |||
| 113 | oe_runmake regress-binaries regress-unit-binaries | 113 | oe_runmake regress-binaries regress-unit-binaries |
| 114 | } | 114 | } |
| 115 | 115 | ||
| 116 | sshd_hostkey_setup() { | ||
| 117 | # Enable specific ssh host keys | ||
| 118 | sed -i '/HostKey/d' ${D}${sysconfdir}/ssh/sshd_config | ||
| 119 | if ${@bb.utils.contains('PACKAGECONFIG','hostkey-rsa','true','false',d)}; then | ||
| 120 | echo "HostKey /etc/ssh/ssh_host_rsa_key" >> ${D}${sysconfdir}/ssh/sshd_config | ||
| 121 | fi | ||
| 122 | if ${@bb.utils.contains('PACKAGECONFIG','hostkey-ecdsa','true','false',d)}; then | ||
| 123 | echo "HostKey /etc/ssh/ssh_host_ecdsa_key" >> ${D}${sysconfdir}/ssh/sshd_config | ||
| 124 | fi | ||
| 125 | if ${@bb.utils.contains('PACKAGECONFIG','hostkey-ed25519','true','false',d)}; then | ||
| 126 | echo "HostKey /etc/ssh/ssh_host_ed25519_key" >> ${D}${sysconfdir}/ssh/sshd_config | ||
| 127 | fi | ||
| 128 | |||
| 129 | sed -i '/HostKey/d' ${D}${sysconfdir}/ssh/sshd_config_readonly | ||
| 130 | if ${@bb.utils.contains('PACKAGECONFIG','hostkey-rsa','true','false',d)}; then | ||
| 131 | echo "HostKey /var/run/ssh/ssh_host_rsa_key" >> ${D}${sysconfdir}/ssh/sshd_config_readonly | ||
| 132 | fi | ||
| 133 | if ${@bb.utils.contains('PACKAGECONFIG','hostkey-ecdsa','true','false',d)}; then | ||
| 134 | echo "HostKey /var/run/ssh/ssh_host_ecdsa_key" >> ${D}${sysconfdir}/ssh/sshd_config_readonly | ||
| 135 | fi | ||
| 136 | if ${@bb.utils.contains('PACKAGECONFIG','hostkey-ed25519','true','false',d)}; then | ||
| 137 | echo "HostKey /var/run/ssh/ssh_host_ed25519_key" >> ${D}${sysconfdir}/ssh/sshd_config_readonly | ||
| 138 | fi | ||
| 139 | } | ||
| 140 | |||
| 116 | do_install:append () { | 141 | do_install:append () { |
| 117 | if [ "${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)}" ]; then | 142 | if [ "${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)}" ]; then |
| 118 | install -D -m 0644 ${UNPACKDIR}/sshd ${D}${sysconfdir}/pam.d/sshd | 143 | install -D -m 0644 ${UNPACKDIR}/sshd ${D}${sysconfdir}/pam.d/sshd |
| @@ -131,31 +156,9 @@ do_install:append () { | |||
| 131 | install -m 644 ${UNPACKDIR}/volatiles.99_sshd ${D}/${sysconfdir}/default/volatiles/99_sshd | 156 | install -m 644 ${UNPACKDIR}/volatiles.99_sshd ${D}/${sysconfdir}/default/volatiles/99_sshd |
| 132 | install -m 0755 ${S}/contrib/ssh-copy-id ${D}${bindir} | 157 | install -m 0755 ${S}/contrib/ssh-copy-id ${D}${bindir} |
| 133 | 158 | ||
| 134 | # Enable specific ssh host keys | ||
| 135 | sed -i '/HostKey/d' ${D}${sysconfdir}/ssh/sshd_config | ||
| 136 | if ${@bb.utils.contains('PACKAGECONFIG','hostkey-rsa','true','false',d)}; then | ||
| 137 | echo "HostKey /etc/ssh/ssh_host_rsa_key" >> ${D}${sysconfdir}/ssh/sshd_config | ||
| 138 | fi | ||
| 139 | if ${@bb.utils.contains('PACKAGECONFIG','hostkey-ecdsa','true','false',d)}; then | ||
| 140 | echo "HostKey /etc/ssh/ssh_host_ecdsa_key" >> ${D}${sysconfdir}/ssh/sshd_config | ||
| 141 | fi | ||
| 142 | if ${@bb.utils.contains('PACKAGECONFIG','hostkey-ed25519','true','false',d)}; then | ||
| 143 | echo "HostKey /etc/ssh/ssh_host_ed25519_key" >> ${D}${sysconfdir}/ssh/sshd_config | ||
| 144 | fi | ||
| 145 | |||
| 146 | # Create config files for read-only rootfs | 159 | # Create config files for read-only rootfs |
| 147 | install -d ${D}${sysconfdir}/ssh | 160 | install -d ${D}${sysconfdir}/ssh |
| 148 | install -m 644 ${D}${sysconfdir}/ssh/sshd_config ${D}${sysconfdir}/ssh/sshd_config_readonly | 161 | install -m 644 ${D}${sysconfdir}/ssh/sshd_config ${D}${sysconfdir}/ssh/sshd_config_readonly |
| 149 | sed -i '/HostKey/d' ${D}${sysconfdir}/ssh/sshd_config_readonly | ||
| 150 | if ${@bb.utils.contains('PACKAGECONFIG','hostkey-rsa','true','false',d)}; then | ||
| 151 | echo "HostKey /var/run/ssh/ssh_host_rsa_key" >> ${D}${sysconfdir}/ssh/sshd_config_readonly | ||
| 152 | fi | ||
| 153 | if ${@bb.utils.contains('PACKAGECONFIG','hostkey-ecdsa','true','false',d)}; then | ||
| 154 | echo "HostKey /var/run/ssh/ssh_host_ecdsa_key" >> ${D}${sysconfdir}/ssh/sshd_config_readonly | ||
| 155 | fi | ||
| 156 | if ${@bb.utils.contains('PACKAGECONFIG','hostkey-ed25519','true','false',d)}; then | ||
| 157 | echo "HostKey /var/run/ssh/ssh_host_ed25519_key" >> ${D}${sysconfdir}/ssh/sshd_config_readonly | ||
| 158 | fi | ||
| 159 | 162 | ||
| 160 | install -d ${D}${systemd_system_unitdir} | 163 | install -d ${D}${systemd_system_unitdir} |
| 161 | if ${@bb.utils.contains('PACKAGECONFIG','systemd-sshd-socket-mode','true','false',d)}; then | 164 | if ${@bb.utils.contains('PACKAGECONFIG','systemd-sshd-socket-mode','true','false',d)}; then |
| @@ -181,6 +184,7 @@ do_install:append () { | |||
| 181 | ${D}${sysconfdir}/init.d/sshd | 184 | ${D}${sysconfdir}/init.d/sshd |
| 182 | 185 | ||
| 183 | install -D -m 0755 ${UNPACKDIR}/sshd_check_keys ${D}${libexecdir}/${BPN}/sshd_check_keys | 186 | install -D -m 0755 ${UNPACKDIR}/sshd_check_keys ${D}${libexecdir}/${BPN}/sshd_check_keys |
| 187 | sshd_hostkey_setup | ||
| 184 | } | 188 | } |
| 185 | 189 | ||
| 186 | do_install_ptest () { | 190 | do_install_ptest () { |