From: David Vincent <freesilicon@gmail.com>
To: openembedded-core@lists.openembedded.org
Subject: [PATCH 1/3] openssh: Package server configuration
Date: Tue, 24 Jan 2017 10:07:13 +0100 [thread overview]
Message-ID: <20170124090715.11646-2-freesilicon@gmail.com> (raw)
In-Reply-To: <20170124090715.11646-1-freesilicon@gmail.com>
Split sshd configuration for read-write/read-only rootfs in two distinct
packages. Also, add a package dependency between openssh-sshd package
and a provider of sshd-config.
Signed-off-by: David Vincent <freesilicon@gmail.com>
---
meta/recipes-connectivity/openssh/openssh_7.3p1.bb | 47 ++++++++++++++++++----
1 file changed, 40 insertions(+), 7 deletions(-)
diff --git a/meta/recipes-connectivity/openssh/openssh_7.3p1.bb b/meta/recipes-connectivity/openssh/openssh_7.3p1.bb
index 94eb0ed208..c02bb7d450 100644
--- a/meta/recipes-connectivity/openssh/openssh_7.3p1.bb
+++ b/meta/recipes-connectivity/openssh/openssh_7.3p1.bb
@@ -92,13 +92,17 @@ do_compile_ptest() {
}
do_install_append () {
+ # Create default config files
+ install -m 0644 ${D}${sysconfdir}/ssh/sshd_config ${D}${sysconfdir}/ssh/sshd_config_default
+ rm -f ${D}${sysconfdir}/ssh/sshd_config
+
if [ "${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'pam', '', d)}" = "pam" ]; then
install -D -m 0644 ${WORKDIR}/sshd ${D}${sysconfdir}/pam.d/sshd
- sed -i -e 's:#UsePAM no:UsePAM yes:' ${D}${sysconfdir}/ssh/sshd_config
+ sed -i -e 's:#UsePAM no:UsePAM yes:' ${D}${sysconfdir}/ssh/sshd_config_default
fi
if [ "${@bb.utils.contains('DISTRO_FEATURES', 'x11', 'x11', '', d)}" = "x11" ]; then
- sed -i -e 's:#X11Forwarding no:X11Forwarding yes:' ${D}${sysconfdir}/ssh/sshd_config
+ sed -i -e 's:#X11Forwarding no:X11Forwarding yes:' ${D}${sysconfdir}/ssh/sshd_config_default
fi
install -d ${D}${sysconfdir}/init.d
@@ -111,7 +115,7 @@ do_install_append () {
# Create config files for read-only rootfs
install -d ${D}${sysconfdir}/ssh
- install -m 644 ${D}${sysconfdir}/ssh/sshd_config ${D}${sysconfdir}/ssh/sshd_config_readonly
+ install -m 644 ${D}${sysconfdir}/ssh/sshd_config_default ${D}${sysconfdir}/ssh/sshd_config_readonly
sed -i '/HostKey/d' ${D}${sysconfdir}/ssh/sshd_config_readonly
echo "HostKey /var/run/ssh/ssh_host_rsa_key" >> ${D}${sysconfdir}/ssh/sshd_config_readonly
echo "HostKey /var/run/ssh/ssh_host_dsa_key" >> ${D}${sysconfdir}/ssh/sshd_config_readonly
@@ -135,30 +139,59 @@ do_install_ptest () {
ALLOW_EMPTY_${PN} = "1"
-PACKAGES =+ "${PN}-keygen ${PN}-scp ${PN}-ssh ${PN}-sshd ${PN}-sftp ${PN}-misc ${PN}-sftp-server"
+PACKAGES =+ "${PN}-keygen ${PN}-scp ${PN}-ssh ${PN}-sshd-config ${PN}-sshd-config-readonly ${PN}-sshd ${PN}-sftp ${PN}-misc ${PN}-sftp-server"
FILES_${PN}-scp = "${bindir}/scp.${BPN}"
FILES_${PN}-ssh = "${bindir}/ssh.${BPN} ${sysconfdir}/ssh/ssh_config"
+FILES_${PN}-sshd-config = "${sysconfdir}/ssh/sshd_config_default"
+FILES_${PN}-sshd-config-readonly = "${sysconfdir}/ssh/sshd_config_readonly"
FILES_${PN}-sshd = "${sbindir}/sshd ${sysconfdir}/init.d/sshd ${systemd_unitdir}/system"
-FILES_${PN}-sshd += "${sysconfdir}/ssh/moduli ${sysconfdir}/ssh/sshd_config ${sysconfdir}/ssh/sshd_config_readonly ${sysconfdir}/default/volatiles/99_sshd ${sysconfdir}/pam.d/sshd"
+FILES_${PN}-sshd += "${sysconfdir}/ssh/moduli ${sysconfdir}/default/volatiles/99_sshd ${sysconfdir}/pam.d/sshd"
FILES_${PN}-sftp = "${bindir}/sftp"
FILES_${PN}-sftp-server = "${libexecdir}/sftp-server"
FILES_${PN}-misc = "${bindir}/ssh* ${libexecdir}/ssh*"
FILES_${PN}-keygen = "${bindir}/ssh-keygen"
RDEPENDS_${PN} += "${PN}-scp ${PN}-ssh ${PN}-sshd ${PN}-keygen"
-RDEPENDS_${PN}-sshd += "${PN}-keygen ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'pam-plugin-keyinit pam-plugin-loginuid', '', d)}"
+RDEPENDS_${PN}-sshd += "${PN}-keygen sshd-config ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'pam-plugin-keyinit pam-plugin-loginuid', '', d)}"
RDEPENDS_${PN}-ptest += "${PN}-sftp ${PN}-misc ${PN}-sftp-server make"
RPROVIDES_${PN}-ssh = "ssh"
+RPROVIDES_${PN}-sshd-config = "sshd-config"
+RPROVIDES_${PN}-sshd-config-readonly = "sshd-config"
RPROVIDES_${PN}-sshd = "sshd"
RCONFLICTS_${PN} = "dropbear"
+RCONFLICTS_${PN}-sshd-config = "${PN}-sshd-config-readonly"
+RCONFLICTS_${PN}-sshd-config-readonly = "${PN}-sshd-config"
RCONFLICTS_${PN}-sshd = "dropbear"
RCONFLICTS_${PN}-keygen = "ssh-keygen"
-CONFFILES_${PN}-sshd = "${sysconfdir}/ssh/sshd_config"
+CONFFILES_${PN}-sshd-config = "${sysconfdir}/ssh/sshd_config_default"
+CONFFILES_${PN}-sshd-config-readonly = "${sysconfdir}/ssh/sshd_config_readonly"
CONFFILES_${PN}-ssh = "${sysconfdir}/ssh/ssh_config"
+pkg_postinst_${PN}-sshd-config () {
+#!/bin/sh
+if [ -e $D${sysconfdir}/ssh/sshd_config ]; then
+ rm $D${sysconfdir}/ssh/sshd_config
+fi
+
+# Make sure destination directory exists, before creating the symlink
+mkdir -p $D${sysconfdir}/ssh
+ln -s sshd_config_default $D${sysconfdir}/ssh/sshd_config
+}
+
+pkg_postinst_${PN}-sshd-config-readonly () {
+#!/bin/sh
+if [ -e $D${sysconfdir}/ssh/sshd_config ]; then
+ rm $D${sysconfdir}/ssh/sshd_config
+fi
+
+# Make sure destination directory exists, before creating the symlink
+mkdir -p $D${sysconfdir}/ssh
+ln -s sshd_config_readonly $D${sysconfdir}/ssh/sshd_config
+}
+
ALTERNATIVE_PRIORITY = "90"
ALTERNATIVE_${PN}-scp = "scp"
ALTERNATIVE_${PN}-ssh = "ssh"
--
2.11.0
next prev parent reply other threads:[~2017-01-24 9:08 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-01-23 14:55 [PATCH 0/4] openssh: Make sshd-config a package David Vincent
2017-01-23 14:55 ` [PATCH 1/4] openssh: Package server configuration David Vincent
2017-01-23 14:55 ` [PATCH 2/4] core-image: Set default sshd configuration David Vincent
2017-01-23 14:55 ` [PATCH 3/4] rootfs-postcommands: Modify ssh-related commands David Vincent
2017-01-23 14:55 ` [PATCH 4/4] ref-manual: Add SSHD_CONFIG David Vincent
2017-01-23 15:23 ` ✗ patchtest: failure for openssh: Make sshd-config a package Patchwork
2017-01-23 15:45 ` David Vincent
2017-01-23 16:08 ` Leonardo Sandoval
2017-01-23 16:39 ` David Vincent
2017-01-23 17:56 ` Leonardo Sandoval
2017-01-24 8:43 ` [PATCH 0/3] " David Vincent
2017-01-24 8:43 ` [PATCH 1/3] openssh: Package server configuration David Vincent
2017-01-24 8:43 ` [PATCH 2/3] core-image: Set default sshd configuration David Vincent
2017-01-24 8:43 ` [PATCH 3/3] rootfs-postcommands: Modify ssh-related commands David Vincent
2017-01-24 9:07 ` [PATCH v2 0/3] openssh: Make sshd-config a package David Vincent
2017-01-24 9:07 ` David Vincent [this message]
2017-01-24 9:07 ` [PATCH 2/3] core-image: Set default sshd configuration David Vincent
2017-01-24 9:07 ` [PATCH 3/3] rootfs-postcommands: Modify ssh-related commands David Vincent
2017-01-24 19:07 ` [PATCH v2 0/3] openssh: Make sshd-config a package Khem Raj
2017-01-25 7:58 ` David Vincent
2017-02-02 10:30 ` [PATCH v3 " David Vincent
2017-02-02 10:30 ` [PATCH v3 1/3] openssh: Package server configuration David Vincent
2017-02-02 10:30 ` [PATCH v3 2/3] core-image: Set default sshd configuration David Vincent
2017-02-02 10:30 ` [PATCH v3 3/3] rootfs-postcommands: Modify ssh-related commands David Vincent
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170124090715.11646-2-freesilicon@gmail.com \
--to=freesilicon@gmail.com \
--cc=openembedded-core@lists.openembedded.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox