From: Chen Qi <qi.c...@windriver.com>
To avoid generating ssh keys every time a system with read-only rootfs
starts, we generate ssh keys at rootfs creation time.
This change only has effect for systems with read-only rootfs.
[YOCTO #4103]
[YOCTO #4887]
Signed-off-by: Chen Qi <qi.c...@windriver.com>
---
meta/classes/image.bbclass | 15 +++++++++++++++
meta/recipes-connectivity/openssh/openssh_6.2p2.bb | 10 +++++++---
meta/recipes-core/dropbear/dropbear.inc | 6 +++++-
meta/recipes-core/dropbear/dropbear/init | 19 ++-----------------
4 files changed, 29 insertions(+), 21 deletions(-)
diff --git a/meta/classes/image.bbclass b/meta/classes/image.bbclass
index 3bc57d3..9a0692a 100644
--- a/meta/classes/image.bbclass
+++ b/meta/classes/image.bbclass
@@ -263,6 +263,21 @@ read_only_rootfs_hook () {
if [ -x ${IMAGE_ROOTFS}/etc/init.d/populate-volatile.sh ]; then
${IMAGE_ROOTFS}/etc/init.d/populate-volatile.sh
fi
+ # Generate ssh keys at rootfs time
+ if [ -d ${IMAGE_ROOTFS}/etc/dropbear ]; then
+ [ -r ${IMAGE_ROOTFS}/etc/default/dropbear ] && .
${IMAGE_ROOTFS}/etc/default/dropbear
+
DROPBEAR_RSAKEY_DEFAULT="/etc/dropbear/dropbear_rsa_host_key"
+
DROPBEAR_DSSKEY_DEFAULT="/etc/dropbear/dropbear_dss_host_key"
+ test -n "$DROPBEAR_RSAKEY" ||
DROPBEAR_RSAKEY=$DROPBEAR_RSAKEY_DEFAULT
+ test -n "$DROPBEAR_DSSKEY" ||
DROPBEAR_DSSKEY=$DROPBEAR_DSSKEY_DEFAULT
+ dropbearkey -t rsa -f ${IMAGE_ROOTFS}$DROPBEAR_RSAKEY
+ dropbearkey -t dss -f ${IMAGE_ROOTFS}$DROPBEAR_DSSKEY
+ fi
+ if [ -d ${IMAGE_ROOTFS}/etc/ssh ]; then
+ ssh-keygen -q -f
${IMAGE_ROOTFS}/etc/ssh/ssh_host_rsa_key -N '' -t rsa
+ ssh-keygen -q -f
${IMAGE_ROOTFS}/etc/ssh/ssh_host_ecdsa_key -N '' -t ecdsa
+ ssh-keygen -q -f
${IMAGE_ROOTFS}/etc/ssh/ssh_host_dsa_key -N '' -t dsa
+ fi
fi
}
diff --git a/meta/recipes-connectivity/openssh/openssh_6.2p2.bb b/meta/recipes-connectivity/openssh/openssh_6.2p2.bb
index ab2eefb..40dc4ca 100644
--- a/meta/recipes-connectivity/openssh/openssh_6.2p2.bb
+++ b/meta/recipes-connectivity/openssh/openssh_6.2p2.bb
@@ -9,7 +9,8 @@ LIC_FILES_CHKSUM =
"file://LICENCE;md5=e326045657e842541d3f35aada442507"
PR = "r0"
-DEPENDS = "zlib openssl"
+DEPENDS = "zlib openssl openssh-native"
+DEPENDS_class-native = "zlib-native openssl-native"
DEPENDS += "${@base_contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}"
RPROVIDES_${PN}-ssh = "ssh"
@@ -41,7 +42,7 @@ INITSCRIPT_PACKAGES = "${PN}-sshd"
INITSCRIPT_NAME_${PN}-sshd = "sshd"
INITSCRIPT_PARAMS_${PN}-sshd = "defaults 9"
-PACKAGECONFIG ??= "tcp-wrappers"
+PACKAGECONFIG_class-target ??= "tcp-wrappers"
PACKAGECONFIG[tcp-wrappers] = "--with-tcp-wrappers,,tcp-wrappers"
inherit autotools
@@ -49,6 +50,7 @@ inherit autotools
# LFS support:
CFLAGS += "-D__FILE_OFFSET_BITS=64"
export LD = "${CC}"
+export LD_class-native = "${CC}"
EXTRA_OECONF = "--with-rand-helper=no \
${@base_contains('DISTRO_FEATURES', 'pam', '--with-pam',
'--without-pam', d)} \
@@ -74,7 +76,7 @@ do_compile_append () {
install -m 0644 ${WORKDIR}/ssh_config ${S}/
}
-do_install_append () {
+do_install_append_class-target () {
for i in ${DISTRO_FEATURES};
do
if [ ${i} = "pam" ]; then
@@ -102,6 +104,7 @@ FILES_${PN}-keygen = "${bindir}/ssh-keygen"
RDEPENDS_${PN} += "${PN}-scp ${PN}-ssh ${PN}-sshd ${PN}-keygen"
RDEPENDS_${PN}-sshd += "${PN}-keygen"
+RDEPENDS_${PN}_class-native = ""
CONFFILES_${PN}-sshd = "${sysconfdir}/ssh/sshd_config"
CONFFILES_${PN}-ssh = "${sysconfdir}/ssh/ssh_config"
@@ -110,3 +113,4 @@ ALTERNATIVE_PRIORITY = "90"
ALTERNATIVE_${PN}-scp = "scp"
ALTERNATIVE_${PN}-ssh = "ssh"
+BBCLASSEXTEND = "native"
diff --git a/meta/recipes-core/dropbear/dropbear.inc
b/meta/recipes-core/dropbear/dropbear.inc
index be93d60..381b8aa 100644
--- a/meta/recipes-core/dropbear/dropbear.inc
+++ b/meta/recipes-core/dropbear/dropbear.inc
@@ -9,11 +9,13 @@ INC_PR = "r1"
LICENSE = "MIT"
LIC_FILES_CHKSUM = "file://LICENSE;md5=3a5b0c2f0d0c49dfde9558ae2036683c"
-DEPENDS = "zlib"
+DEPENDS = "zlib dropbear-native"
RPROVIDES_${PN} = "ssh sshd"
DEPENDS += "${@base_contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}"
+DEPENDS_class-native = "zlib-native"
+
SRC_URI = "http://matt.ucc.asn.au/dropbear/releases/dropbear-${PV}.tar.bz2 \
file://0001-urandom-xauth-changes-to-options.h.patch \
file://0002-static_build_fix.patch \
@@ -88,3 +90,5 @@ pkg_postrm_append_${PN} () {
rm ${sysconfdir}/dropbear/dropbear_dss_host_key
fi
}
+
+BBCLASSEXTEND = "native"
diff --git a/meta/recipes-core/dropbear/dropbear/init
b/meta/recipes-core/dropbear/dropbear/init
index e8fed3f..5140b0b 100755
--- a/meta/recipes-core/dropbear/dropbear/init
+++ b/meta/recipes-core/dropbear/dropbear/init
@@ -28,23 +28,8 @@ test "$NO_START" = "0" || exit 0
test -x "$DAEMON" || exit 0
test ! -h /var/service/dropbear || exit 0
-readonly_rootfs=0
-for flag in `awk '{ if ($2 == "/") { split($4,FLAGS,",") } }; END { for (f in
FLAGS) print FLAGS[f] }' </proc/mounts`; do
- case $flag in
- ro)
- readonly_rootfs=1
- ;;
- esac
-done
-
-if [ $readonly_rootfs = "1" ]; then
- mkdir -p /var/lib/dropbear
- DROPBEAR_RSAKEY_DEFAULT="/var/lib/dropbear/dropbear_rsa_host_key"
- DROPBEAR_DSSKEY_DEFAULT="/var/lib/dropbear/dropbear_dss_host_key"
-else
- DROPBEAR_RSAKEY_DEFAULT="/etc/dropbear/dropbear_rsa_host_key"
- DROPBEAR_DSSKEY_DEFAULT="/etc/dropbear/dropbear_dss_host_key"
-fi
+DROPBEAR_RSAKEY_DEFAULT="/etc/dropbear/dropbear_rsa_host_key"
+DROPBEAR_DSSKEY_DEFAULT="/etc/dropbear/dropbear_dss_host_key"
test -z "$DROPBEAR_BANNER" || \
DROPBEAR_EXTRA_ARGS="$DROPBEAR_EXTRA_ARGS -b $DROPBEAR_BANNER"
