From mboxrd@z Thu Jan  1 00:00:00 1970
Return-path: <ptxdist-bounces@pengutronix.de>
Received: from mo4-p00-ob.smtp.rzone.de ([85.215.255.22])
 by metis.ext.pengutronix.de with esmtps
 (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92)
 (envelope-from <artur@4wiebe.de>) id 1kejuL-0000wN-JI
 for ptxdist@pengutronix.de; Mon, 16 Nov 2020 20:11:22 +0100
From: Artur Wiebe <artur@4wiebe.de>
Date: Mon, 16 Nov 2020 20:11:13 +0100
Message-Id: <20201116191113.239636-1-artur@4wiebe.de>
MIME-Version: 1.0
Subject: [ptxdist] [PATCH] openssh: make host key generation optional
List-Id: PTXdist Development Mailing List <ptxdist.pengutronix.de>
List-Unsubscribe: <http://metis.pengutronix.de/cgi-bin/mailman/options/ptxdist>, 
 <mailto:ptxdist-request@pengutronix.de?subject=unsubscribe>
List-Archive: <http://metis.pengutronix.de/cgi-bin/mailman/private/ptxdist/>
List-Post: <mailto:ptxdist@pengutronix.de>
List-Help: <mailto:ptxdist-request@pengutronix.de?subject=help>
List-Subscribe: <http://metis.pengutronix.de/cgi-bin/mailman/listinfo/ptxdist>, 
 <mailto:ptxdist-request@pengutronix.de?subject=subscribe>
Reply-To: ptxdist@pengutronix.de
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: ptxdist-bounces@pengutronix.de
Sender: "ptxdist" <ptxdist-bounces@pengutronix.de>
To: ptxdist@pengutronix.de
Cc: Artur Wiebe <artur@4wiebe.de>

If not set host keys must be provided in some other way
(otherwise sshd will not start)

Signed-off-by: Artur Wiebe <artur@4wiebe.de>
---
 rules/openssh.in       | 12 ++++++++++--
 rules/openssh.make     |  2 ++
 rules/openssh.postinst |  4 +++-
 3 files changed, 15 insertions(+), 3 deletions(-)

diff --git a/rules/openssh.in b/rules/openssh.in
index 09f5c5555..37013250c 100644
--- a/rules/openssh.in
+++ b/rules/openssh.in
@@ -6,10 +6,10 @@ menuconfig OPENSSH
 	select OPENSSL
 	select LIBC_CRYPT
 	select LIBC_UTIL
-	select RC_ONCE if OPENSSH_SSHD && RUNTIME
+	select RC_ONCE if OPENSSH_SSHD_GENKEYS && RUNTIME
 	select BUSYBOX_START_STOP_DAEMON if OPENSSH_SSHD_STARTSCRIPT
 	select LIBSELINUX if GLOBAL_SELINUX
-	select OPENSSH_KEYGEN if OPENSSH_SSHD
+	select OPENSSH_KEYGEN if OPENSSH_SSHD_GENKEYS
 	prompt "openssh                       "
 	help
 	  secure shell client/server, an rlogin/rsh/rcp replacement
@@ -49,6 +49,14 @@ config OPENSSH_SSHD_SYSTEMD_UNIT
 	depends on OPENSSH_SSHD && SYSTEMD
 	prompt "install systemd unit files for sshd"
 
+config OPENSSH_SSHD_GENKEYS
+	bool "generate sshd host keys at first boot"
+	default y
+	depends on OPENSSH_SSHD
+	help
+	  If not set host keys must be provided in some other way
+	  (otherwise sshd will not start)
+
 config OPENSSH_SCP
 	bool "scp"
 	help
diff --git a/rules/openssh.make b/rules/openssh.make
index cae04487f..99fca3f46 100644
--- a/rules/openssh.make
+++ b/rules/openssh.make
@@ -105,8 +105,10 @@ ifdef PTXCONF_OPENSSH_SSHD
 		/etc/ssh/moduli)
 	@$(call install_copy, openssh, 0, 0, 0755, -, \
 		/usr/sbin/sshd)
+ifdef PTXCONF_OPENSSH_SSHD_GENKEYS
 	@$(call install_alternative, openssh, 0, 0, 0755, /etc/rc.once.d/openssh)
 endif
+endif
 
 ifdef PTXCONF_INITMETHOD_BBINIT
 ifdef PTXCONF_OPENSSH_SSHD_STARTSCRIPT
diff --git a/rules/openssh.postinst b/rules/openssh.postinst
index fcfbf9149..a7bbf1c58 100644
--- a/rules/openssh.postinst
+++ b/rules/openssh.postinst
@@ -1,2 +1,4 @@
 #!/bin/sh
-$DESTDIR/usr/sbin/enable-rc-once openssh
+if [ -f $DESTDIR/etc/rc.once.d/openssh ]; then
+	$DESTDIR/usr/sbin/enable-rc-once openssh
+fi
-- 
2.29.2


_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de
To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de