[OE-core] [PATCH V2 10/10] openssh: make /etc/ssh directory writable in read-only rootfs

[ChenQi]

On 07/29/2013 11:59 PM, Burton, Ross wrote:
> On 29 July 2013 03:33,  <Qi.Chen at windriver.com> wrote:
>> From: Chen Qi <Qi.Chen at windriver.com>
>>
>> If the rootfs is read-only and the ssh keys are not available at system
>> start-up, the init script will generate ssh keys into /etc/ssh, thus
>> causing a 'read-only file system' error.
>>
>> Make this directory writable in case of a read-only rootfs.
>> Note that if the ssh keys are pregenerated, they will not be lost,
>> as there's a copying process before bind mounting.
> I'm not very keen on the idea of every oe-core system having a tmpfs
> on /etc/openssh just for read-only-root configurations

I agree, especially when the configuration is not likely to change at 
runtime.

>   where there
> isn't a pre-generated key.
>
> At least one better option would be to handle the read-only / with no
> pre-generated keys situation in the init script, and write keys to
> /run.
For now, I want to use the following logic.

If the rootfs is not read-only, everything remains the same as before.

If the rootfs is read-only and there are pre-generated keys under 
/etc/ssh, we use the pre-generated keys. The pre-generated keys are 
mainly for debugging or development purpose.

If the rootfs is read-only and there are no pre-generated keys under 
/etc/ssh, we use /var/run/ssh as the location for ssh keys. That is, at 
system boot-up, the generated ssh keys will be put into /var/run/ssh.

What do you think about it? If it's OK, I'll send out a V3.

Best Regards,
Chen Qi