On 07/29/2013 11:59 PM, Burton, Ross wrote:
On 29 July 2013 03:33, <[email protected]> wrote:
From: Chen Qi <[email protected]>
If the rootfs is read-only and the ssh keys are not available at system
start-up, the init script will generate ssh keys into /etc/ssh, thus
causing a 'read-only file system' error.
Make this directory writable in case of a read-only rootfs.
Note that if the ssh keys are pregenerated, they will not be lost,
as there's a copying process before bind mounting.
I'm not very keen on the idea of every oe-core system having a tmpfs
on /etc/openssh just for read-only-root configurations
I agree, especially when the configuration is not likely to change at
runtime.
where there
isn't a pre-generated key.
At least one better option would be to handle the read-only / with no
pre-generated keys situation in the init script, and write keys to
/run.
For now, I want to use the following logic.
If the rootfs is not read-only, everything remains the same as before.
If the rootfs is read-only and there are pre-generated keys under
/etc/ssh, we use the pre-generated keys. The pre-generated keys are
mainly for debugging or development purpose.
If the rootfs is read-only and there are no pre-generated keys under
/etc/ssh, we use /var/run/ssh as the location for ssh keys. That is, at
system boot-up, the generated ssh keys will be put into /var/run/ssh.
What do you think about it? If it's OK, I'll send out a V3.
Best Regards,
Chen Qi
_______________________________________________
Openembedded-core mailing list
[email protected]
http://lists.openembedded.org/mailman/listinfo/openembedded-core
