Please include the oe-core commit that this version was taken from. It'll be easier to uprev, if needed, if we need to.
--Mark On 9/22/19 9:57 AM, Hongxu Jia wrote: > Signed-off-by: Hongxu Jia <hongxu....@windriver.com> > --- > .../openssh/openssh/sshd_check_keys | 78 > ++++++++++++++++++++++ > 1 file changed, 78 insertions(+) > create mode 100644 recipes-connectivity/openssh/openssh/sshd_check_keys > > diff --git a/recipes-connectivity/openssh/openssh/sshd_check_keys > b/recipes-connectivity/openssh/openssh/sshd_check_keys > new file mode 100644 > index 0000000..1931dc7 > --- /dev/null > +++ b/recipes-connectivity/openssh/openssh/sshd_check_keys > @@ -0,0 +1,78 @@ > +#! /bin/sh > + > +generate_key() { > + local FILE=$1 > + local TYPE=$2 > + local DIR="$(dirname "$FILE")" > + > + mkdir -p "$DIR" > + ssh-keygen -q -f "${FILE}.tmp" -N '' -t $TYPE > + > + # Atomically rename file public key > + mv -f "${FILE}.tmp.pub" "${FILE}.pub" > + > + # This sync does double duty: Ensuring that the data in the temporary > + # private key file is on disk before the rename, and ensuring that the > + # public key rename is completed before the private key rename, since we > + # switch on the existence of the private key to trigger key generation. > + # This does mean it is possible for the public key to exist, but be > garbage > + # but this is OK because in that case the private key won't exist and the > + # keys will be regenerated. > + # > + # In the event that sync understands arguments that limit what it tries > to > + # fsync(), we provided them. If it does not, it will simply call sync() > + # which is just as well > + sync "${FILE}.pub" "$DIR" "${FILE}.tmp" > + > + mv "${FILE}.tmp" "$FILE" > + > + # sync to ensure the atomic rename is committed > + sync "$DIR" > +} > + > +# /etc/default/ssh may set SYSCONFDIR and SSHD_OPTS > +if test -f /etc/default/ssh; then > + . /etc/default/ssh > +fi > + > +[ -z "$SYSCONFDIR" ] && SYSCONFDIR=/etc/ssh > +mkdir -p $SYSCONFDIR > + > +# parse sshd options > +set -- ${SSHD_OPTS} -- > +sshd_config=/etc/ssh/sshd_config > +while true ; do > + case "$1" in > + -f*) if [ "$1" = "-f" ] ; then > + sshd_config="$2" > + shift > + else > + sshd_config="${1#-f}" > + fi > + shift > + ;; > + --) shift; break;; > + *) shift;; > + esac > +done > + > +HOST_KEYS=$(sed -n 's/^[ \t]*HostKey[ \t]\+\(.*\)/\1/p' "${sshd_config}") > +[ -z "${HOST_KEYS}" ] && HOST_KEYS="$SYSCONFDIR/ssh_host_rsa_key > $SYSCONFDIR/ssh_host_ecdsa_key $SYSCONFDIR/ssh_host_ed25519_key" > + > +for key in ${HOST_KEYS} ; do > + [ -f $key ] && continue > + case $key in > + *_rsa_key) > + echo " generating ssh RSA host key..." > + generate_key $key rsa > + ;; > + *_ecdsa_key) > + echo " generating ssh ECDSA host key..." > + generate_key $key ecdsa > + ;; > + *_ed25519_key) > + echo " generating ssh ED25519 host key..." > + generate_key $key ed25519 > + ;; > + esac > +done > -- _______________________________________________ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto