mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-04-30 03:32:12 +02:00
Code Issues Packages Projects Releases Wiki Activity

openssh: factor out sshd hostkey setup to separate function

Browse Source 
Commit 0827c29566 (openssh: allow configuration of hostkey type) broke
our setup. We make use of the 'Include /etc/ssh/sshd_config.d/*.conf'
and put a hostkeys.conf file in there, configuring the types and
locations of the sshd host keys.

With that commit, we now get an extra "HostKey
/etc/ssh/ssh_host_ecdsa_key" line in the sshd_config. And while we
could avoid that by removing all hostkey-* items from PACKAGECONFIG,
other people providing their own sshd_config via a .bbappend now have
their HostKey settings unconditionally removed by the 'sed'
invocations, regardless of PACKAGECONFIG.

To make it easier for downstream layers and BSPs to define (and
preserve) their own logic for placement and type of sshd host keys,
factor out the new logic to a separate shell function. Downstream
layers can then simply override that by an empty function and keep the
behaviour they used to have.

(From OE-Core rev: 09dd5cceecfaa2046f7ed070690b000181723fd2)

Signed-off-by: Rasmus Villemoes <rasmus.villemoes@prevas.dk>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
Rasmus Villemoes
2024-07-10 23:01:01 +02:00
committed by Richard Purdie
parent da04237311
commit 314106d579
1 changed files with 26 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

48
meta/recipes-connectivity/openssh/openssh_9.7p1.bb
View File

@@ -113,6 +113,31 @@ do_compile_ptest() {
oe_runmake regress-binaries regress-unit-binaries
}
sshd_hostkey_setup() {
# Enable specific ssh host keys
sed -i '/HostKey/d' ${D}${sysconfdir}/ssh/sshd_config
if ${@bb.utils.contains('PACKAGECONFIG','hostkey-rsa','true','false',d)}; then
echo "HostKey /etc/ssh/ssh_host_rsa_key" >> ${D}${sysconfdir}/ssh/sshd_config
fi
if ${@bb.utils.contains('PACKAGECONFIG','hostkey-ecdsa','true','false',d)}; then
echo "HostKey /etc/ssh/ssh_host_ecdsa_key" >> ${D}${sysconfdir}/ssh/sshd_config
fi
if ${@bb.utils.contains('PACKAGECONFIG','hostkey-ed25519','true','false',d)}; then
echo "HostKey /etc/ssh/ssh_host_ed25519_key" >> ${D}${sysconfdir}/ssh/sshd_config
fi
sed -i '/HostKey/d' ${D}${sysconfdir}/ssh/sshd_config_readonly
if ${@bb.utils.contains('PACKAGECONFIG','hostkey-rsa','true','false',d)}; then
echo "HostKey /var/run/ssh/ssh_host_rsa_key" >> ${D}${sysconfdir}/ssh/sshd_config_readonly
fi
if ${@bb.utils.contains('PACKAGECONFIG','hostkey-ecdsa','true','false',d)}; then
echo "HostKey /var/run/ssh/ssh_host_ecdsa_key" >> ${D}${sysconfdir}/ssh/sshd_config_readonly
fi
if ${@bb.utils.contains('PACKAGECONFIG','hostkey-ed25519','true','false',d)}; then
echo "HostKey /var/run/ssh/ssh_host_ed25519_key" >> ${D}${sysconfdir}/ssh/sshd_config_readonly
fi
}
do_install:append () {
if [ "${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)}" ]; then
install -D -m 0644 ${UNPACKDIR}/sshd ${D}${sysconfdir}/pam.d/sshd
@@ -131,31 +156,9 @@ do_install:append () {
install -m 644 ${UNPACKDIR}/volatiles.99_sshd ${D}/${sysconfdir}/default/volatiles/99_sshd
install -m 0755 ${S}/contrib/ssh-copy-id ${D}${bindir}
# Enable specific ssh host keys
sed -i '/HostKey/d' ${D}${sysconfdir}/ssh/sshd_config
if ${@bb.utils.contains('PACKAGECONFIG','hostkey-rsa','true','false',d)}; then
echo "HostKey /etc/ssh/ssh_host_rsa_key" >> ${D}${sysconfdir}/ssh/sshd_config
fi
if ${@bb.utils.contains('PACKAGECONFIG','hostkey-ecdsa','true','false',d)}; then
echo "HostKey /etc/ssh/ssh_host_ecdsa_key" >> ${D}${sysconfdir}/ssh/sshd_config
fi
if ${@bb.utils.contains('PACKAGECONFIG','hostkey-ed25519','true','false',d)}; then
echo "HostKey /etc/ssh/ssh_host_ed25519_key" >> ${D}${sysconfdir}/ssh/sshd_config
fi
# Create config files for read-only rootfs
install -d ${D}${sysconfdir}/ssh
install -m 644 ${D}${sysconfdir}/ssh/sshd_config ${D}${sysconfdir}/ssh/sshd_config_readonly
sed -i '/HostKey/d' ${D}${sysconfdir}/ssh/sshd_config_readonly
if ${@bb.utils.contains('PACKAGECONFIG','hostkey-rsa','true','false',d)}; then
echo "HostKey /var/run/ssh/ssh_host_rsa_key" >> ${D}${sysconfdir}/ssh/sshd_config_readonly
fi
if ${@bb.utils.contains('PACKAGECONFIG','hostkey-ecdsa','true','false',d)}; then
echo "HostKey /var/run/ssh/ssh_host_ecdsa_key" >> ${D}${sysconfdir}/ssh/sshd_config_readonly
fi
if ${@bb.utils.contains('PACKAGECONFIG','hostkey-ed25519','true','false',d)}; then
echo "HostKey /var/run/ssh/ssh_host_ed25519_key" >> ${D}${sysconfdir}/ssh/sshd_config_readonly
fi
install -d ${D}${systemd_system_unitdir}
if ${@bb.utils.contains('PACKAGECONFIG','systemd-sshd-socket-mode','true','false',d)}; then
@@ -181,6 +184,7 @@ do_install:append () {
${D}${sysconfdir}/init.d/sshd
install -D -m 0755 ${UNPACKDIR}/sshd_check_keys ${D}${libexecdir}/${BPN}/sshd_check_keys
sshd_hostkey_setup
}
do_install_ptest () {