From mboxrd@z Thu Jan  1 00:00:00 1970
Return-path: <ptxdist-bounces@pengutronix.de>
In-Reply-To: <20201116191113.239636-1-artur@4wiebe.de>
MIME-Version: 1.0
Message-Id: <E1kiZHe-00GS0h-3q@dude03.red.stw.pengutronix.de>
From: Michael Olbrich <mol@pengutronix.de>
Date: Fri, 27 Nov 2020 09:39:14 +0100
Subject: Re: [ptxdist] [APPLIED] openssh: make host key generation optional
List-Id: PTXdist Development Mailing List <ptxdist.pengutronix.de>
List-Unsubscribe: <http://metis.pengutronix.de/cgi-bin/mailman/options/ptxdist>, 
 <mailto:ptxdist-request@pengutronix.de?subject=unsubscribe>
List-Archive: <http://metis.pengutronix.de/cgi-bin/mailman/private/ptxdist/>
List-Post: <mailto:ptxdist@pengutronix.de>
List-Help: <mailto:ptxdist-request@pengutronix.de?subject=help>
List-Subscribe: <http://metis.pengutronix.de/cgi-bin/mailman/listinfo/ptxdist>, 
 <mailto:ptxdist-request@pengutronix.de?subject=subscribe>
Reply-To: ptxdist@pengutronix.de
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: ptxdist-bounces@pengutronix.de
Sender: "ptxdist" <ptxdist-bounces@pengutronix.de>
To: ptxdist@pengutronix.de
Cc: Artur Wiebe <artur@4wiebe.de>

Thanks, applied as abfc4e40a6c5358d00a7f0e24b4b10888b7e8090.

Michael

[sent from post-receive hook]

On Fri, 27 Nov 2020 09:39:14 +0100, Artur Wiebe <artur@4wiebe.de> wrote:
> If not set host keys must be provided in some other way
> (otherwise sshd will not start)
> 
> Signed-off-by: Artur Wiebe <artur@4wiebe.de>
> Acked-by: Roland Hieber <rhi@pengutronix.de>
> Message-Id: <20201116191113.239636-1-artur@4wiebe.de>
> Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
> 
> diff --git a/rules/openssh.in b/rules/openssh.in
> index 09f5c55551d7..37013250cd8b 100644
> --- a/rules/openssh.in
> +++ b/rules/openssh.in
> @@ -6,10 +6,10 @@ menuconfig OPENSSH
>  	select OPENSSL
>  	select LIBC_CRYPT
>  	select LIBC_UTIL
> -	select RC_ONCE if OPENSSH_SSHD && RUNTIME
> +	select RC_ONCE if OPENSSH_SSHD_GENKEYS && RUNTIME
>  	select BUSYBOX_START_STOP_DAEMON if OPENSSH_SSHD_STARTSCRIPT
>  	select LIBSELINUX if GLOBAL_SELINUX
> -	select OPENSSH_KEYGEN if OPENSSH_SSHD
> +	select OPENSSH_KEYGEN if OPENSSH_SSHD_GENKEYS
>  	prompt "openssh                       "
>  	help
>  	  secure shell client/server, an rlogin/rsh/rcp replacement
> @@ -49,6 +49,14 @@ config OPENSSH_SSHD_SYSTEMD_UNIT
>  	depends on OPENSSH_SSHD && SYSTEMD
>  	prompt "install systemd unit files for sshd"
>  
> +config OPENSSH_SSHD_GENKEYS
> +	bool "generate sshd host keys at first boot"
> +	default y
> +	depends on OPENSSH_SSHD
> +	help
> +	  If not set host keys must be provided in some other way
> +	  (otherwise sshd will not start)
> +
>  config OPENSSH_SCP
>  	bool "scp"
>  	help
> diff --git a/rules/openssh.make b/rules/openssh.make
> index cae04487f8af..99fca3f4600f 100644
> --- a/rules/openssh.make
> +++ b/rules/openssh.make
> @@ -105,8 +105,10 @@ ifdef PTXCONF_OPENSSH_SSHD
>  		/etc/ssh/moduli)
>  	@$(call install_copy, openssh, 0, 0, 0755, -, \
>  		/usr/sbin/sshd)
> +ifdef PTXCONF_OPENSSH_SSHD_GENKEYS
>  	@$(call install_alternative, openssh, 0, 0, 0755, /etc/rc.once.d/openssh)
>  endif
> +endif
>  
>  ifdef PTXCONF_INITMETHOD_BBINIT
>  ifdef PTXCONF_OPENSSH_SSHD_STARTSCRIPT
> diff --git a/rules/openssh.postinst b/rules/openssh.postinst
> index fcfbf9149342..a7bbf1c5889b 100644
> --- a/rules/openssh.postinst
> +++ b/rules/openssh.postinst
> @@ -1,2 +1,4 @@
>  #!/bin/sh
> -$DESTDIR/usr/sbin/enable-rc-once openssh
> +if [ -f $DESTDIR/etc/rc.once.d/openssh ]; then
> +	$DESTDIR/usr/sbin/enable-rc-once openssh
> +fi

_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de
To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de