From 2b204500bd20621d29762f23204a000eadc88e00 Mon Sep 17 00:00:00 2001
From: Chen Qi <Qi.Chen@windriver.com>
Date: Mon, 29 Jul 2013 10:11:07 +0800
Subject: openssh: fix for read-only rootfs

If the rootfs is read-only and the ssh keys are not available at system
start-up, the init script will generate ssh keys into /etc/ssh, thus
causing a 'read-only file system' error.

In order for Yocto based image to work correctly for read-only rootfs,
we use the following logic for openssh.

If the rootfs is read-only and there are pre-generated keys under /etc/ssh,
we use the pre-generated keys. Note the pre-generated keys are mainly for
debugging or development purpose.
If the rootfs is read-only and there are no pre-generated keys under
/etc/ssh, we use /var/run/ssh as the location for ssh keys. That is, at
system boot-up, the generated ssh keys will put into /var/run/ssh.

[YOCTO #4887]

(From OE-Core rev: 2ed44745024f04aa4e00ddba3009153c6b47c8e9)

Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---
 .../openssh/openssh-6.2p2/init                     | 22 +++++++++++++++-------
 1 file changed, 15 insertions(+), 7 deletions(-)

(limited to 'meta/recipes-connectivity/openssh/openssh-6.2p2/init')

diff --git a/meta/recipes-connectivity/openssh/openssh-6.2p2/init b/meta/recipes-connectivity/openssh/openssh-6.2p2/init
index 6beec848df..12fb79bd7c 100644
--- a/meta/recipes-connectivity/openssh/openssh-6.2p2/init
+++ b/meta/recipes-connectivity/openssh/openssh-6.2p2/init
@@ -6,14 +6,22 @@ set -e
 test -x /usr/sbin/sshd || exit 0
 ( /usr/sbin/sshd -\? 2>&1 | grep -q OpenSSH ) 2>/dev/null || exit 0
 
+# /etc/default/ssh may set SYSCONFDIR and SSHD_OPTS
 if test -f /etc/default/ssh; then
     . /etc/default/ssh
 fi
 
+[ -z "$SYSCONFDIR" ] && SYSCONFDIR=/etc/ssh
+mkdir -p $SYSCONFDIR
+
+HOST_KEY_RSA=$SYSCONFDIR/ssh_host_rsa_key
+HOST_KEY_DSA=$SYSCONFDIR/ssh_host_dsa_key
+HOST_KEY_ECDSA=$SYSCONFDIR/ssh_host_ecdsa_key
+
 check_for_no_start() {
     # forget it if we're trying to start, and /etc/ssh/sshd_not_to_be_run exists
-    if [ -e /etc/ssh/sshd_not_to_be_run ]; then 
-	echo "OpenBSD Secure Shell server not in use (/etc/ssh/sshd_not_to_be_run)"
+    if [ -e $SYSCONFDIR/sshd_not_to_be_run ]; then
+	echo "OpenBSD Secure Shell server not in use ($SYSCONFDIR/sshd_not_to_be_run)"
 	exit 0
     fi
 }
@@ -32,17 +40,17 @@ check_config() {
 
 check_keys() {
 	# create keys if necessary
-	if [ ! -f /etc/ssh/ssh_host_rsa_key ]; then
+	if [ ! -f $HOST_KEY_RSA ]; then
 		echo "  generating ssh RSA key..."
-		ssh-keygen -q -f /etc/ssh/ssh_host_rsa_key -N '' -t rsa
+		ssh-keygen -q -f $HOST_KEY_RSA -N '' -t rsa
 	fi
-	if [ ! -f /etc/ssh/ssh_host_ecdsa_key ]; then
+	if [ ! -f $HOST_KEY_ECDSA ]; then
 		echo "  generating ssh ECDSA key..."
-		ssh-keygen -q -f /etc/ssh/ssh_host_ecdsa_key -N '' -t ecdsa
+		ssh-keygen -q -f $HOST_KEY_ECDSA -N '' -t ecdsa
 	fi
 	if [ ! -f /etc/ssh/ssh_host_dsa_key ]; then
 		echo "  generating ssh DSA key..."
-		ssh-keygen -q -f /etc/ssh/ssh_host_dsa_key -N '' -t dsa
+		ssh-keygen -q -f $HOST_KEY_DSA -N '' -t dsa
 	fi
 }
 
-- 
cgit v1.2.3-54-g00ecf