On Fri, 2026-01-02 at 12:27 +0100, Patrick Vogelaar via lists.openembedded.org wrote: > This patch adds a variable for the key directory path. This is especially > useful when working with a read-only file system where you want to > specify the location e.g. on a r/w partition. To be consistent, the > change was also done for the read write path. > > For changing the path simply create a bbappend and override the > variable. > > Signed-off-by: Patrick Vogelaar <[email protected]> > --- > .../openssh/openssh_10.2p1.bb | 16 ++++++++++------ > 1 file changed, 10 insertions(+), 6 deletions(-) > > diff --git a/meta/recipes-connectivity/openssh/openssh_10.2p1.bb > b/meta/recipes-connectivity/openssh/openssh_10.2p1.bb > index 866129573f..e319f4ac24 100644 > --- a/meta/recipes-connectivity/openssh/openssh_10.2p1.bb > +++ b/meta/recipes-connectivity/openssh/openssh_10.2p1.bb > @@ -99,6 +99,10 @@ CACHED_CONFIGUREVARS += > "ac_cv_path_PATH_PASSWD_PROG=${bindir}/passwd" > # We don't want to depend on libblockfile > CACHED_CONFIGUREVARS += "ac_cv_header_maillock_h=no" > > +# This allows overriding the key location in a bbappend > +RO_SSH_KEY_DIR ?= "/var/run/ssh" > +SSH_KEY_DIR ?= "/etc/ssh"
The naming here is very easy to confuse, but I guess it's to match with
the 'sshd_config' and 'sshd_config_readonly' filenames. I think we
should be explicit in the RO case that we're talking about the read-only
configuration though. And we'd prefer this as a suffix instead of a
prefix.
Oh, and we should make it clear that this is specific to openssh, then
these variables could be set from a config file instead of just a
bbappend. And make it clear that it's for the host keys while we're at
it.
Many 'and's there!
So, I suggest we use:
OPENSSH_HOST_KEY_DIR
OPENSSH_HOST_KEY_DIR_READONLY_CONFIG
> +
> do_configure:prepend () {
> export LD="${CC}"
> install -m 0600 ${UNPACKDIR}/sshd_config ${B}/
> @@ -113,24 +117,24 @@ sshd_hostkey_setup() {
> # Enable specific ssh host keys
> sed -i '/HostKey/d' ${D}${sysconfdir}/ssh/sshd_config
> if
> ${@bb.utils.contains('PACKAGECONFIG','hostkey-rsa','true','false',d)}; then
> - echo "HostKey /etc/ssh/ssh_host_rsa_key" >>
> ${D}${sysconfdir}/ssh/sshd_config
> + echo "HostKey ${SSH_KEY_DIR}/ssh_host_rsa_key" >>
> ${D}${sysconfdir}/ssh/sshd_config
> fi
> if
> ${@bb.utils.contains('PACKAGECONFIG','hostkey-ecdsa','true','false',d)}; then
> - echo "HostKey /etc/ssh/ssh_host_ecdsa_key" >>
> ${D}${sysconfdir}/ssh/sshd_config
> + echo "HostKey ${SSH_KEY_DIR}/ssh_host_ecdsa_key" >>
> ${D}${sysconfdir}/ssh/sshd_config
> fi
> if
> ${@bb.utils.contains('PACKAGECONFIG','hostkey-ed25519','true','false',d)};
> then
> - echo "HostKey /etc/ssh/ssh_host_ed25519_key" >>
> ${D}${sysconfdir}/ssh/sshd_config
> + echo "HostKey ${SSH_KEY_DIR}/ssh_host_ed25519_key" >>
> ${D}${sysconfdir}/ssh/sshd_config
> fi
>
> sed -i '/HostKey/d' ${D}${sysconfdir}/ssh/sshd_config_readonly
> if
> ${@bb.utils.contains('PACKAGECONFIG','hostkey-rsa','true','false',d)}; then
> - echo "HostKey /var/run/ssh/ssh_host_rsa_key" >>
> ${D}${sysconfdir}/ssh/sshd_config_readonly
> + echo "HostKey ${RO_SSH_KEY_DIR}/ssh_host_rsa_key" >>
> ${D}${sysconfdir}/ssh/sshd_config_readonly
> fi
> if
> ${@bb.utils.contains('PACKAGECONFIG','hostkey-ecdsa','true','false',d)}; then
> - echo "HostKey /var/run/ssh/ssh_host_ecdsa_key" >>
> ${D}${sysconfdir}/ssh/sshd_config_readonly
> + echo "HostKey ${RO_SSH_KEY_DIR}/ssh_host_ecdsa_key" >>
> ${D}${sysconfdir}/ssh/sshd_config_readonly
> fi
> if
> ${@bb.utils.contains('PACKAGECONFIG','hostkey-ed25519','true','false',d)};
> then
> - echo "HostKey /var/run/ssh/ssh_host_ed25519_key" >>
> ${D}${sysconfdir}/ssh/sshd_config_readonly
> + echo "HostKey ${RO_SSH_KEY_DIR}/ssh_host_ed25519_key" >>
> ${D}${sysconfdir}/ssh/sshd_config_readonly
> fi
> }
Best regards,
--
Paul Barker
signature.asc
Description: This is a digitally signed message part
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#229074): https://lists.openembedded.org/g/openembedded-core/message/229074 Mute This Topic: https://lists.openembedded.org/mt/117039670/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
