[OE-core] [PATCH 9/9] Generate ssh keys at rootfs creation time in case of a read-only rootfs

Fri, 26 Jul 2013 00:40:21 -0700 

From: Chen Qi <[email protected]>

To avoid generating ssh keys every time a system with read-only rootfs
starts, we generate ssh keys at rootfs creation time.

This change only has effect for systems with read-only rootfs.

[YOCTO #4103]
[YOCTO #4887]

Signed-off-by: Chen Qi <[email protected]>
---
 meta/classes/image.bbclass                         |   15 +++++++++++++++
 meta/recipes-connectivity/openssh/openssh_6.2p2.bb |   10 +++++++---
 meta/recipes-core/dropbear/dropbear.inc            |    6 +++++-
 meta/recipes-core/dropbear/dropbear/init           |   19 ++-----------------
 4 files changed, 29 insertions(+), 21 deletions(-)

diff --git a/meta/classes/image.bbclass b/meta/classes/image.bbclass
index 3bc57d3..9a0692a 100644
--- a/meta/classes/image.bbclass
+++ b/meta/classes/image.bbclass
@@ -263,6 +263,21 @@ read_only_rootfs_hook () {
                if [ -x ${IMAGE_ROOTFS}/etc/init.d/populate-volatile.sh ]; then
                        ${IMAGE_ROOTFS}/etc/init.d/populate-volatile.sh
                fi
+               # Generate ssh keys at rootfs time
+               if [ -d ${IMAGE_ROOTFS}/etc/dropbear ]; then
+                       [ -r ${IMAGE_ROOTFS}/etc/default/dropbear ] && . 
${IMAGE_ROOTFS}/etc/default/dropbear
+                       
DROPBEAR_RSAKEY_DEFAULT="/etc/dropbear/dropbear_rsa_host_key"
+                       
DROPBEAR_DSSKEY_DEFAULT="/etc/dropbear/dropbear_dss_host_key"
+                       test -n "$DROPBEAR_RSAKEY" || 
DROPBEAR_RSAKEY=$DROPBEAR_RSAKEY_DEFAULT
+                       test -n "$DROPBEAR_DSSKEY" || 
DROPBEAR_DSSKEY=$DROPBEAR_DSSKEY_DEFAULT
+                       dropbearkey -t rsa -f ${IMAGE_ROOTFS}$DROPBEAR_RSAKEY
+                       dropbearkey -t dss -f ${IMAGE_ROOTFS}$DROPBEAR_DSSKEY
+               fi
+               if [ -d ${IMAGE_ROOTFS}/etc/ssh ]; then
+                       ssh-keygen -q -f 
${IMAGE_ROOTFS}/etc/ssh/ssh_host_rsa_key -N '' -t rsa
+                       ssh-keygen -q -f 
${IMAGE_ROOTFS}/etc/ssh/ssh_host_ecdsa_key -N '' -t ecdsa
+                       ssh-keygen -q -f 
${IMAGE_ROOTFS}/etc/ssh/ssh_host_dsa_key -N '' -t dsa
+               fi
        fi
 }
 
diff --git a/meta/recipes-connectivity/openssh/openssh_6.2p2.bb 
b/meta/recipes-connectivity/openssh/openssh_6.2p2.bb
index ab2eefb..40dc4ca 100644
--- a/meta/recipes-connectivity/openssh/openssh_6.2p2.bb
+++ b/meta/recipes-connectivity/openssh/openssh_6.2p2.bb
@@ -9,7 +9,8 @@ LIC_FILES_CHKSUM = 
"file://LICENCE;md5=e326045657e842541d3f35aada442507"
 
 PR = "r0"
 
-DEPENDS = "zlib openssl"
+DEPENDS = "zlib openssl openssh-native"
+DEPENDS_class-native = "zlib-native openssl-native"
 DEPENDS += "${@base_contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}"
 
 RPROVIDES_${PN}-ssh = "ssh"
@@ -41,7 +42,7 @@ INITSCRIPT_PACKAGES = "${PN}-sshd"
 INITSCRIPT_NAME_${PN}-sshd = "sshd"
 INITSCRIPT_PARAMS_${PN}-sshd = "defaults 9"
 
-PACKAGECONFIG ??= "tcp-wrappers"
+PACKAGECONFIG_class-target ??= "tcp-wrappers"
 PACKAGECONFIG[tcp-wrappers] = "--with-tcp-wrappers,,tcp-wrappers"
 
 inherit autotools
@@ -49,6 +50,7 @@ inherit autotools
 # LFS support:
 CFLAGS += "-D__FILE_OFFSET_BITS=64"
 export LD = "${CC}"
+export LD_class-native = "${CC}"
 
 EXTRA_OECONF = "--with-rand-helper=no \
                 ${@base_contains('DISTRO_FEATURES', 'pam', '--with-pam', 
'--without-pam', d)} \
@@ -74,7 +76,7 @@ do_compile_append () {
        install -m 0644 ${WORKDIR}/ssh_config ${S}/
 }
 
-do_install_append () {
+do_install_append_class-target () {
        for i in ${DISTRO_FEATURES};
        do
                if [ ${i} = "pam" ];  then
@@ -102,6 +104,7 @@ FILES_${PN}-keygen = "${bindir}/ssh-keygen"
 
 RDEPENDS_${PN} += "${PN}-scp ${PN}-ssh ${PN}-sshd ${PN}-keygen"
 RDEPENDS_${PN}-sshd += "${PN}-keygen"
+RDEPENDS_${PN}_class-native = ""
 
 CONFFILES_${PN}-sshd = "${sysconfdir}/ssh/sshd_config"
 CONFFILES_${PN}-ssh = "${sysconfdir}/ssh/ssh_config"
@@ -110,3 +113,4 @@ ALTERNATIVE_PRIORITY = "90"
 ALTERNATIVE_${PN}-scp = "scp"
 ALTERNATIVE_${PN}-ssh = "ssh"
 
+BBCLASSEXTEND = "native"
diff --git a/meta/recipes-core/dropbear/dropbear.inc 
b/meta/recipes-core/dropbear/dropbear.inc
index be93d60..381b8aa 100644
--- a/meta/recipes-core/dropbear/dropbear.inc
+++ b/meta/recipes-core/dropbear/dropbear.inc
@@ -9,11 +9,13 @@ INC_PR = "r1"
 LICENSE = "MIT"
 LIC_FILES_CHKSUM = "file://LICENSE;md5=3a5b0c2f0d0c49dfde9558ae2036683c"
 
-DEPENDS = "zlib"
+DEPENDS = "zlib dropbear-native"
 RPROVIDES_${PN} = "ssh sshd" 
 
 DEPENDS += "${@base_contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}"
 
+DEPENDS_class-native = "zlib-native"
+
 SRC_URI = "http://matt.ucc.asn.au/dropbear/releases/dropbear-${PV}.tar.bz2 \
            file://0001-urandom-xauth-changes-to-options.h.patch \
            file://0002-static_build_fix.patch \
@@ -88,3 +90,5 @@ pkg_postrm_append_${PN} () {
         rm ${sysconfdir}/dropbear/dropbear_dss_host_key
   fi
 }
+
+BBCLASSEXTEND = "native"
diff --git a/meta/recipes-core/dropbear/dropbear/init 
b/meta/recipes-core/dropbear/dropbear/init
index e8fed3f..5140b0b 100755
--- a/meta/recipes-core/dropbear/dropbear/init
+++ b/meta/recipes-core/dropbear/dropbear/init
@@ -28,23 +28,8 @@ test "$NO_START" = "0" || exit 0
 test -x "$DAEMON" || exit 0
 test ! -h /var/service/dropbear || exit 0
 
-readonly_rootfs=0
-for flag in `awk '{ if ($2 == "/") { split($4,FLAGS,",") } }; END { for (f in 
FLAGS) print FLAGS[f] }' </proc/mounts`; do
-  case $flag in
-   ro)
-     readonly_rootfs=1
-     ;;
-  esac
-done
-
-if [ $readonly_rootfs = "1" ]; then
-  mkdir -p /var/lib/dropbear
-  DROPBEAR_RSAKEY_DEFAULT="/var/lib/dropbear/dropbear_rsa_host_key"
-  DROPBEAR_DSSKEY_DEFAULT="/var/lib/dropbear/dropbear_dss_host_key"
-else
-  DROPBEAR_RSAKEY_DEFAULT="/etc/dropbear/dropbear_rsa_host_key"
-  DROPBEAR_DSSKEY_DEFAULT="/etc/dropbear/dropbear_dss_host_key"
-fi
+DROPBEAR_RSAKEY_DEFAULT="/etc/dropbear/dropbear_rsa_host_key"
+DROPBEAR_DSSKEY_DEFAULT="/etc/dropbear/dropbear_dss_host_key"
 
 test -z "$DROPBEAR_BANNER" || \
   DROPBEAR_EXTRA_ARGS="$DROPBEAR_EXTRA_ARGS -b $DROPBEAR_BANNER"
-- 
1.7.9.5

_______________________________________________
Openembedded-core mailing list
[email protected]
http://lists.openembedded.org/mailman/listinfo/openembedded-core

Reply via email to