diff options
author | Chen Qi <Qi.Chen@windriver.com> | 2013-07-29 10:11:07 +0800 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2013-08-16 11:14:15 +0100 |
commit | 2ed44745024f04aa4e00ddba3009153c6b47c8e9 (patch) | |
tree | 923c8207e50f06c2a613e887f4ffaa6a3ea61589 /meta/classes | |
parent | f88a101bc0caa7b486527f0d337406651cbaeb0d (diff) | |
download | openembedded-core-2ed44745024f04aa4e00ddba3009153c6b47c8e9.tar.gz openembedded-core-2ed44745024f04aa4e00ddba3009153c6b47c8e9.tar.bz2 openembedded-core-2ed44745024f04aa4e00ddba3009153c6b47c8e9.zip |
openssh: fix for read-only rootfs
If the rootfs is read-only and the ssh keys are not available at system
start-up, the init script will generate ssh keys into /etc/ssh, thus
causing a 'read-only file system' error.
In order for Yocto based image to work correctly for read-only rootfs,
we use the following logic for openssh.
If the rootfs is read-only and there are pre-generated keys under /etc/ssh,
we use the pre-generated keys. Note the pre-generated keys are mainly for
debugging or development purpose.
If the rootfs is read-only and there are no pre-generated keys under
/etc/ssh, we use /var/run/ssh as the location for ssh keys. That is, at
system boot-up, the generated ssh keys will put into /var/run/ssh.
[YOCTO #4887]
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Diffstat (limited to 'meta/classes')
-rw-r--r-- | meta/classes/image.bbclass | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/meta/classes/image.bbclass b/meta/classes/image.bbclass index 494664627d..116bd226ea 100644 --- a/meta/classes/image.bbclass +++ b/meta/classes/image.bbclass @@ -262,6 +262,18 @@ read_only_rootfs_hook () { if [ -x ${IMAGE_ROOTFS}/etc/init.d/populate-volatile.sh ]; then ${IMAGE_ROOTFS}/etc/init.d/populate-volatile.sh fi + # If we're using openssh and the /etc/ssh directory has no pre-generated keys, + # we should configure openssh to use the configuration file /etc/ssh/sshd_config_readonly + # and the keys under /var/run/ssh. + if [ -d ${IMAGE_ROOTFS}/etc/ssh ]; then + if [ -e ${IMAGE_ROOTFS}/etc/ssh/ssh_host_rsa_key ]; then + echo "SYSCONFDIR=/etc/ssh" >> ${IMAGE_ROOTFS}/etc/default/ssh + echo "SSHD_OPTS=" >> ${IMAGE_ROOTFS}/etc/default/ssh + else + echo "SYSCONFDIR=/var/run/ssh" >> ${IMAGE_ROOTFS}/etc/default/ssh + echo "SSHD_OPTS='-f /etc/ssh/sshd_config_readonly'" >> ${IMAGE_ROOTFS}/etc/default/ssh + fi + fi fi } |