[ptxdist] [PATCH] openssh: make host key generation optional

Mon, 16 Nov 2020 11:12:23 -0800 

If not set host keys must be provided in some other way
(otherwise sshd will not start)

Signed-off-by: Artur Wiebe <ar...@4wiebe.de>
---
 rules/openssh.in       | 12 ++++++++++--
 rules/openssh.make     |  2 ++
 rules/openssh.postinst |  4 +++-
 3 files changed, 15 insertions(+), 3 deletions(-)

diff --git a/rules/openssh.in b/rules/openssh.in
index 09f5c5555..37013250c 100644
--- a/rules/openssh.in
+++ b/rules/openssh.in
@@ -6,10 +6,10 @@ menuconfig OPENSSH
        select OPENSSL
        select LIBC_CRYPT
        select LIBC_UTIL
-       select RC_ONCE if OPENSSH_SSHD && RUNTIME
+       select RC_ONCE if OPENSSH_SSHD_GENKEYS && RUNTIME
        select BUSYBOX_START_STOP_DAEMON if OPENSSH_SSHD_STARTSCRIPT
        select LIBSELINUX if GLOBAL_SELINUX
-       select OPENSSH_KEYGEN if OPENSSH_SSHD
+       select OPENSSH_KEYGEN if OPENSSH_SSHD_GENKEYS
        prompt "openssh                       "
        help
          secure shell client/server, an rlogin/rsh/rcp replacement
@@ -49,6 +49,14 @@ config OPENSSH_SSHD_SYSTEMD_UNIT
        depends on OPENSSH_SSHD && SYSTEMD
        prompt "install systemd unit files for sshd"
 
+config OPENSSH_SSHD_GENKEYS
+       bool "generate sshd host keys at first boot"
+       default y
+       depends on OPENSSH_SSHD
+       help
+         If not set host keys must be provided in some other way
+         (otherwise sshd will not start)
+
 config OPENSSH_SCP
        bool "scp"
        help
diff --git a/rules/openssh.make b/rules/openssh.make
index cae04487f..99fca3f46 100644
--- a/rules/openssh.make
+++ b/rules/openssh.make
@@ -105,8 +105,10 @@ ifdef PTXCONF_OPENSSH_SSHD
                /etc/ssh/moduli)
        @$(call install_copy, openssh, 0, 0, 0755, -, \
                /usr/sbin/sshd)
+ifdef PTXCONF_OPENSSH_SSHD_GENKEYS
        @$(call install_alternative, openssh, 0, 0, 0755, 
/etc/rc.once.d/openssh)
 endif
+endif
 
 ifdef PTXCONF_INITMETHOD_BBINIT
 ifdef PTXCONF_OPENSSH_SSHD_STARTSCRIPT
diff --git a/rules/openssh.postinst b/rules/openssh.postinst
index fcfbf9149..a7bbf1c58 100644
--- a/rules/openssh.postinst
+++ b/rules/openssh.postinst
@@ -1,2 +1,4 @@
 #!/bin/sh
-$DESTDIR/usr/sbin/enable-rc-once openssh
+if [ -f $DESTDIR/etc/rc.once.d/openssh ]; then
+       $DESTDIR/usr/sbin/enable-rc-once openssh
+fi
-- 
2.29.2


_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de
To unsubscribe, send a mail with subject "unsubscribe" to 
ptxdist-requ...@pengutronix.de

Reply via email to