dropbear: drop run time detection of read-only rootfs

Previously, when dropbear was started via its init script, relocation of DROPBEAR_RSAKEY_DIR to support read-only rootfs was handled at run time from within the init script. Update the init script to take advantage of the read-only rootfs config setup by read_only_rootfs_hook() and therefore be consistent with startup under systemd (where relocation of DROPBEAR_RSAKEY_DIR is handled by the read_only_rootfs_hook() at build time). (From OE-Core rev: 4990f87b2f6a8b30c8d1c767636e7f5527f595ba) (From OE-Core rev: b1f3fac327da43ccc079a03d3554f1365b298608) Signed-off-by: Andre McCurdy <armccurdy@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2026-04-18 21:32:12 +02:00 · 2018-05-30 17:16:47 -07:00
parent 92c5eeaff9
commit 9f3445c9e5
2 changed files with 9 additions and 22 deletions
--- a/meta/classes/rootfs-postcommands.bbclass
+++ b/meta/classes/rootfs-postcommands.bbclass
@@ -112,14 +112,11 @@ read_only_rootfs_hook () {

 	# Also tweak the key location for dropbear in the same way.
 	if [ -d ${IMAGE_ROOTFS}/etc/dropbear ]; then
-		if [ -e ${IMAGE_ROOTFS}/etc/dropbear/dropbear_rsa_host_key ]; then
-			echo "DROPBEAR_RSAKEY_DIR=/etc/dropbear" >> ${IMAGE_ROOTFS}/etc/default/dropbear
-		else
+		if [ ! -e ${IMAGE_ROOTFS}/etc/dropbear/dropbear_rsa_host_key ]; then
 			echo "DROPBEAR_RSAKEY_DIR=/var/lib/dropbear" >> ${IMAGE_ROOTFS}/etc/default/dropbear
 		fi
 	fi

-
 	if ${@bb.utils.contains("DISTRO_FEATURES", "sysvinit", "true", "false", d)}; then
 		# Change the value of ROOTFS_READ_ONLY in /etc/default/rcS to yes
 		if [ -e ${IMAGE_ROOTFS}/etc/default/rcS ]; then
--- a/meta/recipes-core/dropbear/dropbear/init
+++ b/meta/recipes-core/dropbear/dropbear/init
@@ -17,8 +17,11 @@ NAME=dropbear
 DESC="Dropbear SSH server"
 PIDFILE=/var/run/dropbear.pid

+# These values may be replaced by those from /etc/default/dropbear
+DROPBEAR_RSAKEY_DIR="/etc/dropbear"
 DROPBEAR_PORT=22
 DROPBEAR_EXTRA_ARGS=
+DROPBEAR_RSAKEY_ARGS=
 NO_START=0

 set -e
@@ -28,32 +31,19 @@ test "$NO_START" = "0" || exit 0
 test -x "$DAEMON" || exit 0
 test ! -h /var/service/dropbear || exit 0

-readonly_rootfs=0
-for flag in `awk '{ if ($2 == "/") { split($4,FLAGS,",") } }; END { for (f in FLAGS) print FLAGS[f] }' </proc/mounts`; do
-  case $flag in
-   ro)
-     readonly_rootfs=1
-     ;;
-  esac
-done
-
-if [ $readonly_rootfs = "1" ]; then
-  mkdir -p /var/lib/dropbear
-  DROPBEAR_RSAKEY_DEFAULT="/var/lib/dropbear/dropbear_rsa_host_key"
-else
-  DROPBEAR_RSAKEY_DEFAULT="/etc/dropbear/dropbear_rsa_host_key"
-fi
-
 test -z "$DROPBEAR_BANNER" || \
  DROPBEAR_EXTRA_ARGS="$DROPBEAR_EXTRA_ARGS -b $DROPBEAR_BANNER"
 test -n "$DROPBEAR_RSAKEY" || \
-  DROPBEAR_RSAKEY=$DROPBEAR_RSAKEY_DEFAULT
+  DROPBEAR_RSAKEY="${DROPBEAR_RSAKEY_DIR}/dropbear_rsa_host_key"

 gen_keys() {
    if [ -f "$DROPBEAR_RSAKEY" -a ! -s "$DROPBEAR_RSAKEY" ]; then
        rm $DROPBEAR_RSAKEY || true
    fi
-    test -f $DROPBEAR_RSAKEY || dropbearkey -t rsa -f $DROPBEAR_RSAKEY $DROPBEAR_RSAKEY_ARGS
+    if [ ! -f "$DROPBEAR_RSAKEY" ]; then
+        mkdir -p ${DROPBEAR_RSAKEY%/*}
+        dropbearkey -t rsa -f $DROPBEAR_RSAKEY $DROPBEAR_RSAKEY_ARGS
+    fi
 }

 case "$1" in