[OE-core] [PATCH] openssh: Atomically generate host keys
Ulrich Ölmann
u.oelmann at pengutronix.de
Tue Jun 20 08:52:56 UTC 2017
On Tue, May 23, 2017 at 03:37:16PM +0100, Burton, Ross wrote:
> On 7 May 2017 at 02:33, Joshua Watt <jpewhacker at gmail.com> wrote:
> > diff --git a/meta/recipes-connectivity/openssh/openssh/sshdgenkeys.service
> > b/meta/recipes-connectivity/openssh/openssh/sshdgenkeys.service
> > index 148e6ad..af56404 100644
> > --- a/meta/recipes-connectivity/openssh/openssh/sshdgenkeys.service
> > +++ b/meta/recipes-connectivity/openssh/openssh/sshdgenkeys.service
> > @@ -1,22 +1,14 @@
> > [Unit]
> > Description=OpenSSH Key Generation
> > RequiresMountsFor=/var /run
> > -ConditionPathExists=!/var/run/ssh/ssh_host_rsa_key
> > -ConditionPathExists=!/var/run/ssh/ssh_host_dsa_key
> > -ConditionPathExists=!/var/run/ssh/ssh_host_ecdsa_key
> > -ConditionPathExists=!/var/run/ssh/ssh_host_ed25519_key
> > -ConditionPathExists=!/etc/ssh/ssh_host_rsa_key
> > -ConditionPathExists=!/etc/ssh/ssh_host_dsa_key
> > -ConditionPathExists=!/etc/ssh/ssh_host_ecdsa_key
> > -ConditionPathExists=!/etc/ssh/ssh_host_ed25519_key
> >
>
> Can you not continue to use ConditionPathExists to only run this unit if it
> needs to run? You can prepend the argument with | to make them logical OR
> instead of logical AND, if I'm reading this documentation correctly.
Am I right that if we have a read-write mounted root-FS with already existing
keys in /etc/ssh the service unit will nevertheless be started on _every_ boot
now as the files which are checked for existance in /var/run/ssh are missing?
Best regards
Ulrich
--
Pengutronix e.K. | |
Industrial Linux Solutions | http://www.pengutronix.de/ |
Peiner Str. 6-8, 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
More information about the Openembedded-core
mailing list