[OE-core] [PATCH RESEND 1/3] openssh: Package server configuration
Peter Kjellerstedt
peter.kjellerstedt at axis.com
Fri Jun 9 09:41:25 UTC 2017
> -----Original Message-----
> From: openembedded-core-bounces at lists.openembedded.org
> [mailto:openembedded-core-bounces at lists.openembedded.org] On Behalf Of
> David Vincent
> Sent: den 9 juni 2017 09:04
> To: openembedded-core at lists.openembedded.org
> Subject: [OE-core] [PATCH RESEND 1/3] openssh: Package server
> configuration
>
> Split sshd configuration for read-write/read-only rootfs in two
> distinct
> packages. Also, add a package dependency between openssh-sshd package
> and a provider of sshd-config.
>
> Signed-off-by: David Vincent <freesilicon at gmail.com>
> ---
> meta/recipes-connectivity/openssh/openssh_7.5p1.bb | 51
> ++++++++++++++++++----
> 1 file changed, 42 insertions(+), 9 deletions(-)
>
> diff --git a/meta/recipes-connectivity/openssh/openssh_7.5p1.bb
> b/meta/recipes-connectivity/openssh/openssh_7.5p1.bb
> index 5b96745aae..e22e6c672d 100644
> --- a/meta/recipes-connectivity/openssh/openssh_7.5p1.bb
> +++ b/meta/recipes-connectivity/openssh/openssh_7.5p1.bb
> @@ -91,13 +91,17 @@ do_compile_ptest() {
> }
>
> do_install_append () {
> - if [ "${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)}" ]; then
> + # Create default config files
> + install -m 0644 ${D}${sysconfdir}/ssh/sshd_config ${D}${sysconfdir}/ssh/sshd_config_default
> + rm -f ${D}${sysconfdir}/ssh/sshd_config
> +
> + if [ "${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'pam', '', d)}" = "pam" ]; then
> install -D -m 0644 ${WORKDIR}/sshd ${D}${sysconfdir}/pam.d/sshd
> - sed -i -e 's:#UsePAM no:UsePAM yes:' ${D}${sysconfdir}/ssh/sshd_config
> + sed -i -e 's:#UsePAM no:UsePAM yes:' ${D}${sysconfdir}/ssh/sshd_config_default
> fi
>
> - if [ "${@bb.utils.filter('DISTRO_FEATURES', 'x11', d)}" ]; then
> - sed -i -e 's:#X11Forwarding no:X11Forwarding yes:' ${D}${sysconfdir}/ssh/sshd_config
> + if [ "${@bb.utils.contains('DISTRO_FEATURES', 'x11', 'x11', '', d)}" = "x11" ]; then
> + sed -i -e 's:#X11Forwarding no:X11Forwarding yes:' ${D}${sysconfdir}/ssh/sshd_config_default
> fi
Instead of all the changes above you could just do this here instead:
mv ${D}${sysconfdir}/ssh/sshd_config ${D}${sysconfdir}/ssh/sshd_config_default
> install -d ${D}${sysconfdir}/init.d
> @@ -110,7 +114,7 @@ do_install_append () {
>
> # Create config files for read-only rootfs
> install -d ${D}${sysconfdir}/ssh
Creating the directory here again is unnecessary.
> - install -m 644 ${D}${sysconfdir}/ssh/sshd_config ${D}${sysconfdir}/ssh/sshd_config_readonly
> + install -m 644 ${D}${sysconfdir}/ssh/sshd_config_default ${D}${sysconfdir}/ssh/sshd_config_readonly
> sed -i '/HostKey/d' ${D}${sysconfdir}/ssh/sshd_config_readonly
> echo "HostKey /var/run/ssh/ssh_host_rsa_key" >> ${D}${sysconfdir}/ssh/sshd_config_readonly
> echo "HostKey /var/run/ssh/ssh_host_dsa_key" >> ${D}${sysconfdir}/ssh/sshd_config_readonly
> @@ -134,30 +138,59 @@ do_install_ptest () {
>
> ALLOW_EMPTY_${PN} = "1"
>
> -PACKAGES =+ "${PN}-keygen ${PN}-scp ${PN}-ssh ${PN}-sshd ${PN}-sftp ${PN}-misc ${PN}-sftp-server"
> +PACKAGES =+ "${PN}-keygen ${PN}-scp ${PN}-ssh ${PN}-sshd-config ${PN}-sshd-config-readonly ${PN}-sshd ${PN}-sftp ${PN}-misc ${PN}-sftp-server"
> FILES_${PN}-scp = "${bindir}/scp.${BPN}"
> FILES_${PN}-ssh = "${bindir}/ssh.${BPN} ${sysconfdir}/ssh/ssh_config"
> +FILES_${PN}-sshd-config = "${sysconfdir}/ssh/sshd_config_default"
> +FILES_${PN}-sshd-config-readonly = "${sysconfdir}/ssh/sshd_config_readonly"
> FILES_${PN}-sshd = "${sbindir}/sshd ${sysconfdir}/init.d/sshd ${systemd_unitdir}/system"
> -FILES_${PN}-sshd += "${sysconfdir}/ssh/moduli ${sysconfdir}/ssh/sshd_config ${sysconfdir}/ssh/sshd_config_readonly ${sysconfdir}/default/volatiles/99_sshd ${sysconfdir}/pam.d/sshd"
> +FILES_${PN}-sshd += "${sysconfdir}/ssh/moduli ${sysconfdir}/default/volatiles/99_sshd ${sysconfdir}/pam.d/sshd"
> FILES_${PN}-sftp = "${bindir}/sftp"
> FILES_${PN}-sftp-server = "${libexecdir}/sftp-server"
> FILES_${PN}-misc = "${bindir}/ssh* ${libexecdir}/ssh*"
> FILES_${PN}-keygen = "${bindir}/ssh-keygen"
>
> RDEPENDS_${PN} += "${PN}-scp ${PN}-ssh ${PN}-sshd ${PN}-keygen"
> -RDEPENDS_${PN}-sshd += "${PN}-keygen ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'pam-plugin-keyinit pam-plugin-loginuid', '', d)}"
> +RDEPENDS_${PN}-sshd += "${PN}-keygen sshd-config ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'pam-plugin-keyinit pam-plugin-loginuid', '', d)}"
> RDEPENDS_${PN}-ptest += "${PN}-sftp ${PN}-misc ${PN}-sftp-server make"
>
> RPROVIDES_${PN}-ssh = "ssh"
> +RPROVIDES_${PN}-sshd-config = "sshd-config"
> +RPROVIDES_${PN}-sshd-config-readonly = "sshd-config"
> RPROVIDES_${PN}-sshd = "sshd"
>
> RCONFLICTS_${PN} = "dropbear"
> +RCONFLICTS_${PN}-sshd-config = "${PN}-sshd-config-readonly"
> +RCONFLICTS_${PN}-sshd-config-readonly = "${PN}-sshd-config"
> RCONFLICTS_${PN}-sshd = "dropbear"
> RCONFLICTS_${PN}-keygen = "ssh-keygen"
>
> -CONFFILES_${PN}-sshd = "${sysconfdir}/ssh/sshd_config"
> +CONFFILES_${PN}-sshd-config = "${sysconfdir}/ssh/sshd_config_default"
> +CONFFILES_${PN}-sshd-config-readonly = "${sysconfdir}/ssh/sshd_config_readonly"
> CONFFILES_${PN}-ssh = "${sysconfdir}/ssh/ssh_config"
>
> +pkg_postinst_${PN}-sshd-config () {
> +#!/bin/sh
> +if [ -e $D${sysconfdir}/ssh/sshd_config ]; then
> + rm $D${sysconfdir}/ssh/sshd_config
> +fi
> +
> +# Make sure destination directory exists, before creating the symlink
> +mkdir -p $D${sysconfdir}/ssh
> +ln -s sshd_config_default $D${sysconfdir}/ssh/sshd_config
> +}
> +
> +pkg_postinst_${PN}-sshd-config-readonly () {
> +#!/bin/sh
> +if [ -e $D${sysconfdir}/ssh/sshd_config ]; then
> + rm $D${sysconfdir}/ssh/sshd_config
> +fi
> +
> +# Make sure destination directory exists, before creating the symlink
> +mkdir -p $D${sysconfdir}/ssh
> +ln -s sshd_config_readonly $D${sysconfdir}/ssh/sshd_config
> +}
> +
I do not like changing /etc/ssh/sshd_config to be a link. I know at least
we have our own rootfs-postcommands that will be affected by such a change.
How about you use a PACKAGESPLITFUNCS function instead and move the files
back into place before they are packaged, so that both configuration
packages contain the /etc/ssh/sshd_config file.
Something like this should work (totally untested):
PACKAGESPLITFUNCS += "restore_sshd_config"
restore_sshd_config() {
for file in ${PKGDEST}/*${sysconfdir}/sshd/sshd_config_*; do
mv $file ${file%_*}
done
}
> ALTERNATIVE_PRIORITY = "90"
> ALTERNATIVE_${PN}-scp = "scp"
> ALTERNATIVE_${PN}-ssh = "ssh"
> --
> 2.13.0
//Peter
More information about the Openembedded-core
mailing list