summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--meta/classes/image.bbclass12
-rw-r--r--meta/recipes-connectivity/openssh/openssh-6.2p2/init22
-rw-r--r--meta/recipes-connectivity/openssh/openssh_6.2p2.bb9
3 files changed, 35 insertions, 8 deletions
diff --git a/meta/classes/image.bbclass b/meta/classes/image.bbclass
index 494664627d..116bd226ea 100644
--- a/meta/classes/image.bbclass
+++ b/meta/classes/image.bbclass
@@ -262,6 +262,18 @@ read_only_rootfs_hook () {
262 if [ -x ${IMAGE_ROOTFS}/etc/init.d/populate-volatile.sh ]; then 262 if [ -x ${IMAGE_ROOTFS}/etc/init.d/populate-volatile.sh ]; then
263 ${IMAGE_ROOTFS}/etc/init.d/populate-volatile.sh 263 ${IMAGE_ROOTFS}/etc/init.d/populate-volatile.sh
264 fi 264 fi
265 # If we're using openssh and the /etc/ssh directory has no pre-generated keys,
266 # we should configure openssh to use the configuration file /etc/ssh/sshd_config_readonly
267 # and the keys under /var/run/ssh.
268 if [ -d ${IMAGE_ROOTFS}/etc/ssh ]; then
269 if [ -e ${IMAGE_ROOTFS}/etc/ssh/ssh_host_rsa_key ]; then
270 echo "SYSCONFDIR=/etc/ssh" >> ${IMAGE_ROOTFS}/etc/default/ssh
271 echo "SSHD_OPTS=" >> ${IMAGE_ROOTFS}/etc/default/ssh
272 else
273 echo "SYSCONFDIR=/var/run/ssh" >> ${IMAGE_ROOTFS}/etc/default/ssh
274 echo "SSHD_OPTS='-f /etc/ssh/sshd_config_readonly'" >> ${IMAGE_ROOTFS}/etc/default/ssh
275 fi
276 fi
265 fi 277 fi
266} 278}
267 279
diff --git a/meta/recipes-connectivity/openssh/openssh-6.2p2/init b/meta/recipes-connectivity/openssh/openssh-6.2p2/init
index 6beec848df..12fb79bd7c 100644
--- a/meta/recipes-connectivity/openssh/openssh-6.2p2/init
+++ b/meta/recipes-connectivity/openssh/openssh-6.2p2/init
@@ -6,14 +6,22 @@ set -e
6test -x /usr/sbin/sshd || exit 0 6test -x /usr/sbin/sshd || exit 0
7( /usr/sbin/sshd -\? 2>&1 | grep -q OpenSSH ) 2>/dev/null || exit 0 7( /usr/sbin/sshd -\? 2>&1 | grep -q OpenSSH ) 2>/dev/null || exit 0
8 8
9# /etc/default/ssh may set SYSCONFDIR and SSHD_OPTS
9if test -f /etc/default/ssh; then 10if test -f /etc/default/ssh; then
10 . /etc/default/ssh 11 . /etc/default/ssh
11fi 12fi
12 13
14[ -z "$SYSCONFDIR" ] && SYSCONFDIR=/etc/ssh
15mkdir -p $SYSCONFDIR
16
17HOST_KEY_RSA=$SYSCONFDIR/ssh_host_rsa_key
18HOST_KEY_DSA=$SYSCONFDIR/ssh_host_dsa_key
19HOST_KEY_ECDSA=$SYSCONFDIR/ssh_host_ecdsa_key
20
13check_for_no_start() { 21check_for_no_start() {
14 # forget it if we're trying to start, and /etc/ssh/sshd_not_to_be_run exists 22 # forget it if we're trying to start, and /etc/ssh/sshd_not_to_be_run exists
15 if [ -e /etc/ssh/sshd_not_to_be_run ]; then 23 if [ -e $SYSCONFDIR/sshd_not_to_be_run ]; then
16 echo "OpenBSD Secure Shell server not in use (/etc/ssh/sshd_not_to_be_run)" 24 echo "OpenBSD Secure Shell server not in use ($SYSCONFDIR/sshd_not_to_be_run)"
17 exit 0 25 exit 0
18 fi 26 fi
19} 27}
@@ -32,17 +40,17 @@ check_config() {
32 40
33check_keys() { 41check_keys() {
34 # create keys if necessary 42 # create keys if necessary
35 if [ ! -f /etc/ssh/ssh_host_rsa_key ]; then 43 if [ ! -f $HOST_KEY_RSA ]; then
36 echo " generating ssh RSA key..." 44 echo " generating ssh RSA key..."
37 ssh-keygen -q -f /etc/ssh/ssh_host_rsa_key -N '' -t rsa 45 ssh-keygen -q -f $HOST_KEY_RSA -N '' -t rsa
38 fi 46 fi
39 if [ ! -f /etc/ssh/ssh_host_ecdsa_key ]; then 47 if [ ! -f $HOST_KEY_ECDSA ]; then
40 echo " generating ssh ECDSA key..." 48 echo " generating ssh ECDSA key..."
41 ssh-keygen -q -f /etc/ssh/ssh_host_ecdsa_key -N '' -t ecdsa 49 ssh-keygen -q -f $HOST_KEY_ECDSA -N '' -t ecdsa
42 fi 50 fi
43 if [ ! -f /etc/ssh/ssh_host_dsa_key ]; then 51 if [ ! -f /etc/ssh/ssh_host_dsa_key ]; then
44 echo " generating ssh DSA key..." 52 echo " generating ssh DSA key..."
45 ssh-keygen -q -f /etc/ssh/ssh_host_dsa_key -N '' -t dsa 53 ssh-keygen -q -f $HOST_KEY_DSA -N '' -t dsa
46 fi 54 fi
47} 55}
48 56
diff --git a/meta/recipes-connectivity/openssh/openssh_6.2p2.bb b/meta/recipes-connectivity/openssh/openssh_6.2p2.bb
index ab2eefb9bc..c76f9ac7ee 100644
--- a/meta/recipes-connectivity/openssh/openssh_6.2p2.bb
+++ b/meta/recipes-connectivity/openssh/openssh_6.2p2.bb
@@ -86,6 +86,13 @@ do_install_append () {
86 install -m 0755 ${WORKDIR}/init ${D}${sysconfdir}/init.d/sshd 86 install -m 0755 ${WORKDIR}/init ${D}${sysconfdir}/init.d/sshd
87 rm -f ${D}${bindir}/slogin ${D}${datadir}/Ssh.bin 87 rm -f ${D}${bindir}/slogin ${D}${datadir}/Ssh.bin
88 rmdir ${D}${localstatedir}/run/sshd ${D}${localstatedir}/run ${D}${localstatedir} 88 rmdir ${D}${localstatedir}/run/sshd ${D}${localstatedir}/run ${D}${localstatedir}
89 # Create config files for read-only rootfs
90 install -d ${D}${sysconfdir}/ssh
91 install -m 644 ${WORKDIR}/sshd_config ${D}${sysconfdir}/ssh/sshd_config_readonly
92 sed -i '/HostKey/d' ${D}${sysconfdir}/ssh/sshd_config_readonly
93 echo "HostKey /var/run/ssh/ssh_host_rsa_key" >> ${D}${sysconfdir}/ssh/sshd_config_readonly
94 echo "HostKey /var/run/ssh/ssh_host_dsa_key" >> ${D}${sysconfdir}/ssh/sshd_config_readonly
95 echo "HostKey /var/run/ssh/ssh_host_ecdsa_key" >> ${D}${sysconfdir}/ssh/sshd_config_readonly
89} 96}
90 97
91ALLOW_EMPTY_${PN} = "1" 98ALLOW_EMPTY_${PN} = "1"
@@ -94,7 +101,7 @@ PACKAGES =+ "${PN}-keygen ${PN}-scp ${PN}-ssh ${PN}-sshd ${PN}-sftp ${PN}-misc $
94FILES_${PN}-scp = "${bindir}/scp.${BPN}" 101FILES_${PN}-scp = "${bindir}/scp.${BPN}"
95FILES_${PN}-ssh = "${bindir}/ssh.${BPN} ${sysconfdir}/ssh/ssh_config" 102FILES_${PN}-ssh = "${bindir}/ssh.${BPN} ${sysconfdir}/ssh/ssh_config"
96FILES_${PN}-sshd = "${sbindir}/sshd ${sysconfdir}/init.d/sshd" 103FILES_${PN}-sshd = "${sbindir}/sshd ${sysconfdir}/init.d/sshd"
97FILES_${PN}-sshd += "${sysconfdir}/ssh/moduli ${sysconfdir}/ssh/sshd_config" 104FILES_${PN}-sshd += "${sysconfdir}/ssh/moduli ${sysconfdir}/ssh/sshd_config ${sysconfdir}/ssh/sshd_config_readonly"
98FILES_${PN}-sftp = "${bindir}/sftp" 105FILES_${PN}-sftp = "${bindir}/sftp"
99FILES_${PN}-sftp-server = "${libexecdir}/sftp-server" 106FILES_${PN}-sftp-server = "${libexecdir}/sftp-server"
100FILES_${PN}-misc = "${bindir}/ssh* ${libexecdir}/ssh*" 107FILES_${PN}-misc = "${bindir}/ssh* ${libexecdir}/ssh*"
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2025-12-09 14:04:27 +0000