[OE-core] [PATCH RESEND 1/3] openssh: Package server configuration

David Vincent freesilicon at gmail.com
Tue Jun 13 07:33:19 UTC 2017 

On vendredi 9 juin 2017 11:41:25 CEST Peter Kjellerstedt wrote:
> > -----Original Message-----
> > From: openembedded-core-bounces at lists.openembedded.org
> > [mailto:openembedded-core-bounces at lists.openembedded.org] On Behalf Of
> > David Vincent
> > Sent: den 9 juni 2017 09:04
> > To: openembedded-core at lists.openembedded.org
> > Subject: [OE-core] [PATCH RESEND 1/3] openssh: Package server
> > configuration
> > 
> > Split sshd configuration for read-write/read-only rootfs in two
> > distinct
> > packages. Also, add a package dependency between openssh-sshd package
> > and a provider of sshd-config.
> > 
> > Signed-off-by: David Vincent <freesilicon at gmail.com>
> > ---
> > 
> >  meta/recipes-connectivity/openssh/openssh_7.5p1.bb | 51
> > 
> > ++++++++++++++++++----
> > 
> >  1 file changed, 42 insertions(+), 9 deletions(-)
> > 
> > diff --git a/meta/recipes-connectivity/openssh/openssh_7.5p1.bb
> > b/meta/recipes-connectivity/openssh/openssh_7.5p1.bb
> > index 5b96745aae..e22e6c672d 100644
> > --- a/meta/recipes-connectivity/openssh/openssh_7.5p1.bb
> > +++ b/meta/recipes-connectivity/openssh/openssh_7.5p1.bb
> > @@ -91,13 +91,17 @@ do_compile_ptest() {
> > 
> >  }
> >  
> >  do_install_append () {
> > 
> > -	if [ "${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)}" ]; then
> > +	# Create default config files
> > +	install -m 0644 ${D}${sysconfdir}/ssh/sshd_config
> > ${D}${sysconfdir}/ssh/sshd_config_default +	rm -f
> > ${D}${sysconfdir}/ssh/sshd_config
> > +
> > +	if [ "${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'pam', '', d)}" =
> > "pam" ]; then> 
> >  		install -D -m 0644 ${WORKDIR}/sshd ${D}${sysconfdir}/pam.d/sshd
> > 
> > -		sed -i -e 's:#UsePAM no:UsePAM yes:' ${D}${sysconfdir}/ssh/
sshd_config
> > +		sed -i -e 's:#UsePAM no:UsePAM yes:'
> > ${D}${sysconfdir}/ssh/sshd_config_default> 
> >  	fi
> > 
> > -	if [ "${@bb.utils.filter('DISTRO_FEATURES', 'x11', d)}" ]; then
> > -		sed -i -e 's:#X11Forwarding no:X11Forwarding yes:'
> > ${D}${sysconfdir}/ssh/sshd_config +	if [
> > "${@bb.utils.contains('DISTRO_FEATURES', 'x11', 'x11', '', d)}" = "x11"
> > ]; then +		sed -i -e 's:#X11Forwarding no:X11Forwarding yes:'
> > ${D}${sysconfdir}/ssh/sshd_config_default> 
> >  	fi
> 
> Instead of all the changes above you could just do this here instead:
Yes, it is simpler that way. If a v2 is to be sent, I will do that change.
> 
> 	mv ${D}${sysconfdir}/ssh/sshd_config
> ${D}${sysconfdir}/ssh/sshd_config_default
> >  	install -d ${D}${sysconfdir}/init.d
> > 
> > @@ -110,7 +114,7 @@ do_install_append () {
> > 
> >  	# Create config files for read-only rootfs
> >  	install -d ${D}${sysconfdir}/ssh
> 
> Creating the directory here again is unnecessary.
That's the old code, maybe it should be dropped.
> 
> > -	install -m 644 ${D}${sysconfdir}/ssh/sshd_config
> > ${D}${sysconfdir}/ssh/sshd_config_readonly +	install -m 644
> > ${D}${sysconfdir}/ssh/sshd_config_default
> > ${D}${sysconfdir}/ssh/sshd_config_readonly> 
> >  	sed -i '/HostKey/d' ${D}${sysconfdir}/ssh/sshd_config_readonly
> >  	echo "HostKey /var/run/ssh/ssh_host_rsa_key" >>
> >  	${D}${sysconfdir}/ssh/sshd_config_readonly echo "HostKey
> >  	/var/run/ssh/ssh_host_dsa_key" >>
> >  	${D}${sysconfdir}/ssh/sshd_config_readonly> 
> > @@ -134,30 +138,59 @@ do_install_ptest () {
> > 
> >  ALLOW_EMPTY_${PN} = "1"
> > 
> > -PACKAGES =+ "${PN}-keygen ${PN}-scp ${PN}-ssh ${PN}-sshd ${PN}-sftp
> > ${PN}-misc ${PN}-sftp-server" +PACKAGES =+ "${PN}-keygen ${PN}-scp
> > ${PN}-ssh ${PN}-sshd-config ${PN}-sshd-config-readonly ${PN}-sshd
> > ${PN}-sftp ${PN}-misc ${PN}-sftp-server"> 
> >  FILES_${PN}-scp = "${bindir}/scp.${BPN}"
> >  FILES_${PN}-ssh = "${bindir}/ssh.${BPN} ${sysconfdir}/ssh/ssh_config"
> > 
> > +FILES_${PN}-sshd-config = "${sysconfdir}/ssh/sshd_config_default"
> > +FILES_${PN}-sshd-config-readonly =
> > "${sysconfdir}/ssh/sshd_config_readonly"> 
> >  FILES_${PN}-sshd = "${sbindir}/sshd ${sysconfdir}/init.d/sshd
> >  ${systemd_unitdir}/system"> 
> > -FILES_${PN}-sshd += "${sysconfdir}/ssh/moduli
> > ${sysconfdir}/ssh/sshd_config ${sysconfdir}/ssh/sshd_config_readonly
> > ${sysconfdir}/default/volatiles/99_sshd ${sysconfdir}/pam.d/sshd"
> > +FILES_${PN}-sshd += "${sysconfdir}/ssh/moduli
> > ${sysconfdir}/default/volatiles/99_sshd ${sysconfdir}/pam.d/sshd"> 
> >  FILES_${PN}-sftp = "${bindir}/sftp"
> >  FILES_${PN}-sftp-server = "${libexecdir}/sftp-server"
> >  FILES_${PN}-misc = "${bindir}/ssh* ${libexecdir}/ssh*"
> >  FILES_${PN}-keygen = "${bindir}/ssh-keygen"
> >  
> >  RDEPENDS_${PN} += "${PN}-scp ${PN}-ssh ${PN}-sshd ${PN}-keygen"
> > 
> > -RDEPENDS_${PN}-sshd += "${PN}-keygen
> > ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'pam-plugin-keyinit
> > pam-plugin-loginuid', '', d)}" +RDEPENDS_${PN}-sshd += "${PN}-keygen
> > sshd-config ${@bb.utils.contains('DISTRO_FEATURES', 'pam',
> > 'pam-plugin-keyinit pam-plugin-loginuid', '', d)}"> 
> >  RDEPENDS_${PN}-ptest += "${PN}-sftp ${PN}-misc ${PN}-sftp-server make"
> >  
> >  RPROVIDES_${PN}-ssh = "ssh"
> > 
> > +RPROVIDES_${PN}-sshd-config = "sshd-config"
> > +RPROVIDES_${PN}-sshd-config-readonly = "sshd-config"
> > 
> >  RPROVIDES_${PN}-sshd = "sshd"
> >  
> >  RCONFLICTS_${PN} = "dropbear"
> > 
> > +RCONFLICTS_${PN}-sshd-config = "${PN}-sshd-config-readonly"
> > +RCONFLICTS_${PN}-sshd-config-readonly = "${PN}-sshd-config"
> > 
> >  RCONFLICTS_${PN}-sshd = "dropbear"
> >  RCONFLICTS_${PN}-keygen = "ssh-keygen"
> > 
> > -CONFFILES_${PN}-sshd = "${sysconfdir}/ssh/sshd_config"
> > +CONFFILES_${PN}-sshd-config = "${sysconfdir}/ssh/sshd_config_default"
> > +CONFFILES_${PN}-sshd-config-readonly =
> > "${sysconfdir}/ssh/sshd_config_readonly"> 
> >  CONFFILES_${PN}-ssh = "${sysconfdir}/ssh/ssh_config"
> > 
> > +pkg_postinst_${PN}-sshd-config () {
> > +#!/bin/sh
> > +if [ -e $D${sysconfdir}/ssh/sshd_config ]; then
> > +    rm $D${sysconfdir}/ssh/sshd_config
> > +fi
> > +
> > +# Make sure destination directory exists, before creating the symlink
> > +mkdir -p $D${sysconfdir}/ssh
> > +ln -s sshd_config_default $D${sysconfdir}/ssh/sshd_config
> > +}
> > +
> > +pkg_postinst_${PN}-sshd-config-readonly () {
> > +#!/bin/sh
> > +if [ -e $D${sysconfdir}/ssh/sshd_config ]; then
> > +    rm $D${sysconfdir}/ssh/sshd_config
> > +fi
> > +
> > +# Make sure destination directory exists, before creating the symlink
> > +mkdir -p $D${sysconfdir}/ssh
> > +ln -s sshd_config_readonly $D${sysconfdir}/ssh/sshd_config
> > +}
> > +
> 
> I do not like changing /etc/ssh/sshd_config to be a link. I know at least
> we have our own rootfs-postcommands that will be affected by such a change.
> 
> How about you use a PACKAGESPLITFUNCS function instead and move the files
> back into place before they are packaged, so that both configuration
> packages contain the /etc/ssh/sshd_config file.
I have another problem, when I package my configuration, I do not want any 
postcommand tasks to modify it unpredictibly in my release builds. Maybe I 
should find another workaround to not break the current workflows.
> 
> Something like this should work (totally untested):
> 
> PACKAGESPLITFUNCS += "restore_sshd_config"
> 
> restore_sshd_config() {
> 	for file in ${PKGDEST}/*${sysconfdir}/sshd/sshd_config_*; do
> 		mv $file ${file%_*}
> 	done
> }
> 
> >  ALTERNATIVE_PRIORITY = "90"
> >  ALTERNATIVE_${PN}-scp = "scp"
> >  ALTERNATIVE_${PN}-ssh = "ssh"
> > 
> > --
> > 2.13.0
> 
> //Peter


--
David

More information about the Openembedded-core mailing list