From mboxrd@z Thu Jan 1 00:00:00 1970 Return-path: Date: Sat, 14 Nov 2020 21:34:47 +0100 From: Roland Hieber Message-ID: <20201114203447.y34nu2vjtlekvzc2@pengutronix.de> References: <20201113141955.3477005-1-artur@4wiebe.de> <20201113174648.GA292963@lenoch> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: <20201113174648.GA292963@lenoch> Subject: Re: [ptxdist] [PATCH] DRAFT: openssh: make host key generation optional List-Id: PTXdist Development Mailing List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: ptxdist@pengutronix.de Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: ptxdist-bounces@pengutronix.de Sender: "ptxdist" To: Artur Wiebe Cc: ptxdist@pengutronix.de On Fri, Nov 13, 2020 at 06:46:48PM +0100, Ladislav Michl wrote: > On Fri, Nov 13, 2020 at 03:19:55PM +0100, Artur Wiebe wrote: > > How can openssh.postinst be disabled from within the rule files? > > The very same could be achieved with symlink in your BSP: > projectroot/etc/rc.once.d/openssh -> /dev/null I don't understand why you want to disable this. The SSH server will not start without host keys. Or do you want to install a static version of the host keys generated at build time? If so, there should be an option for this. But for now, in my opinion, disabling OPENSSH_SSHD_GENKEYS will just lead to a broken SSH server. - Roland > > > --- > > rules/openssh.in | 14 ++++++++++---- > > rules/openssh.make | 2 ++ > > 2 files changed, 12 insertions(+), 4 deletions(-) > > > > diff --git a/rules/openssh.in b/rules/openssh.in > > index 09f5c5555..f9d1affbd 100644 > > --- a/rules/openssh.in > > +++ b/rules/openssh.in > > @@ -6,10 +6,10 @@ menuconfig OPENSSH > > select OPENSSL > > select LIBC_CRYPT > > select LIBC_UTIL > > - select RC_ONCE if OPENSSH_SSHD && RUNTIME > > + select RC_ONCE if OPENSSH_SSHD_GENKEYS && RUNTIME > > select BUSYBOX_START_STOP_DAEMON if OPENSSH_SSHD_STARTSCRIPT > > select LIBSELINUX if GLOBAL_SELINUX > > - select OPENSSH_KEYGEN if OPENSSH_SSHD > > + select OPENSSH_KEYGEN if OPENSSH_SSHD_GENKEYS > > prompt "openssh " > > help > > secure shell client/server, an rlogin/rsh/rcp replacement > > @@ -40,15 +40,21 @@ config OPENSSH_SSHD > > config OPENSSH_SSHD_STARTSCRIPT > > bool > > default y > > - depends on OPENSSH_SSHD > > + depends on OPENSSH_SSHD && INITMETHOD_BBINIT > > prompt "install /etc/init.d/openssh" > > > > config OPENSSH_SSHD_SYSTEMD_UNIT > > bool > > default y > > - depends on OPENSSH_SSHD && SYSTEMD > > + depends on OPENSSH_SSHD && INITMETHOD_SYSTEMD > > prompt "install systemd unit files for sshd" > > > > +config OPENSSH_SSHD_GENKEYS > > + bool > > + default y > > + depends on OPENSSH_SSHD > > + prompt "generate sshd host keys at first boot" > > + > > config OPENSSH_SCP > > bool "scp" > > help > > diff --git a/rules/openssh.make b/rules/openssh.make > > index cae04487f..0da2f23cd 100644 > > --- a/rules/openssh.make > > +++ b/rules/openssh.make > > @@ -105,8 +105,10 @@ ifdef PTXCONF_OPENSSH_SSHD > > /etc/ssh/moduli) > > @$(call install_copy, openssh, 0, 0, 0755, -, \ > > /usr/sbin/sshd) > > +ifdef OPENSSH_SSHD_GENKEYS > > @$(call install_alternative, openssh, 0, 0, 0755, /etc/rc.once.d/openssh) > > endif > > +endif > > > > ifdef PTXCONF_INITMETHOD_BBINIT > > ifdef PTXCONF_OPENSSH_SSHD_STARTSCRIPT > > -- > > 2.29.2 > > > > > > _______________________________________________ > > ptxdist mailing list > > ptxdist@pengutronix.de > > To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de > > _______________________________________________ > ptxdist mailing list > ptxdist@pengutronix.de > To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de > -- Roland Hieber, Pengutronix e.K. | r.hieber@pengutronix.de | Steuerwalder Str. 21 | https://www.pengutronix.de/ | 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 | Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 | _______________________________________________ ptxdist mailing list ptxdist@pengutronix.de To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de