On Fri, 2013-07-26 at 11:28 +0200, Martin Jansa wrote: > On Fri, Jul 26, 2013 at 03:39:36PM +0800, [email protected] wrote: > > From: Chen Qi <[email protected]> > > > > To avoid generating ssh keys every time a system with read-only rootfs > > starts, we generate ssh keys at rootfs creation time. > > > > This change only has effect for systems with read-only rootfs. > > I'm not sure if having the same keys on all devices installed from the > same image is always desired behavior, imho it should be controlled by > another variable, because some people want read-only rootfs and keys > generated in some other write-able partition.
Agreed. In fact, I suspect that most folks who would be happy with all devices getting identical keys would want to go even further and have the keys be pre-generated so they were the same in every version of the image, rather than having them change every time the rootfs is regenerated. Otherwise you still get the "host key has changed" warning whenever you install a new rootfs. If we're going to add this "generate keys at rootfs time" thing as an option then that's fine, but it needs to be configurable under control of IMAGE_FEATURES and/or DISTRO_FEATURES and/or PACKAGECONFIG. Some other observations on this patch: - the subject line is in the wrong format - there are quite a lot of changes to the openssh recipe in here, some of which look a bit hokey. For example, this change: -PACKAGECONFIG ??= "tcp-wrappers" +PACKAGECONFIG_class-target ??= "tcp-wrappers" ... is going to be a trap for the unwary and probably shouldn't be done this way. p. _______________________________________________ Openembedded-core mailing list [email protected] http://lists.openembedded.org/mailman/listinfo/openembedded-core
