summaryrefslogtreecommitdiff
path: root/meta/classes
diff options
context:
space:
mode:
authorChen Qi <Qi.Chen@windriver.com>2013-07-29 10:11:07 +0800
committerRichard Purdie <richard.purdie@linuxfoundation.org>2013-08-16 11:14:15 +0100
commit2ed44745024f04aa4e00ddba3009153c6b47c8e9 (patch)
tree923c8207e50f06c2a613e887f4ffaa6a3ea61589 /meta/classes
parentf88a101bc0caa7b486527f0d337406651cbaeb0d (diff)
downloadopenembedded-core-2ed44745024f04aa4e00ddba3009153c6b47c8e9.tar.gz
openembedded-core-2ed44745024f04aa4e00ddba3009153c6b47c8e9.tar.bz2
openembedded-core-2ed44745024f04aa4e00ddba3009153c6b47c8e9.zip
openssh: fix for read-only rootfs
If the rootfs is read-only and the ssh keys are not available at system start-up, the init script will generate ssh keys into /etc/ssh, thus causing a 'read-only file system' error. In order for Yocto based image to work correctly for read-only rootfs, we use the following logic for openssh. If the rootfs is read-only and there are pre-generated keys under /etc/ssh, we use the pre-generated keys. Note the pre-generated keys are mainly for debugging or development purpose. If the rootfs is read-only and there are no pre-generated keys under /etc/ssh, we use /var/run/ssh as the location for ssh keys. That is, at system boot-up, the generated ssh keys will put into /var/run/ssh. [YOCTO #4887] Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com>
Diffstat (limited to 'meta/classes')
-rw-r--r--meta/classes/image.bbclass12
1 files changed, 12 insertions, 0 deletions
diff --git a/meta/classes/image.bbclass b/meta/classes/image.bbclass
index 494664627d..116bd226ea 100644
--- a/meta/classes/image.bbclass
+++ b/meta/classes/image.bbclass
@@ -262,6 +262,18 @@ read_only_rootfs_hook () {
if [ -x ${IMAGE_ROOTFS}/etc/init.d/populate-volatile.sh ]; then
${IMAGE_ROOTFS}/etc/init.d/populate-volatile.sh
fi
+ # If we're using openssh and the /etc/ssh directory has no pre-generated keys,
+ # we should configure openssh to use the configuration file /etc/ssh/sshd_config_readonly
+ # and the keys under /var/run/ssh.
+ if [ -d ${IMAGE_ROOTFS}/etc/ssh ]; then
+ if [ -e ${IMAGE_ROOTFS}/etc/ssh/ssh_host_rsa_key ]; then
+ echo "SYSCONFDIR=/etc/ssh" >> ${IMAGE_ROOTFS}/etc/default/ssh
+ echo "SSHD_OPTS=" >> ${IMAGE_ROOTFS}/etc/default/ssh
+ else
+ echo "SYSCONFDIR=/var/run/ssh" >> ${IMAGE_ROOTFS}/etc/default/ssh
+ echo "SSHD_OPTS='-f /etc/ssh/sshd_config_readonly'" >> ${IMAGE_ROOTFS}/etc/default/ssh
+ fi
+ fi
fi
}