diff options
| author | CamVan Nguyen <ctnguyen@us.ibm.com> | 2018-02-15 22:24:39 +0300 |
|---|---|---|
| committer | Brad Bishop <bradleyb@fuzziesquirrel.com> | 2018-03-01 16:59:53 +0300 |
| commit | fda75e54b2d90855e0edba27f1f94be9bf12b27d (patch) | |
| tree | b1d1ca2318d2ebef8ec1ab3c90174d2a7e46b446 /meta-phosphor/common/recipes-core | |
| parent | 32004fa5039c574b254b63af363b7d16592a2106 (diff) | |
| download | openbmc-fda75e54b2d90855e0edba27f1f94be9bf12b27d.tar.xz | |
Create RSA host key in user specified path
On each ssh connection, we are getting a Warning message similar to below:
dropbear[3956]: Failed loading /var/lib/dropbear/dropbear_rsa_host_key
This is because the dropbear service is started with the -r option which
points to /var/lib/dropbear/dropbear_rsa_host_key as the RSA host key to
load. However, the dropbearkey.service creates the key in /etc/dropbear
instead. There is an environment file, /etc/default/dropbear, which
contains the path to the RSA host key. This path is set by
rootfs-postcommands.bbclass. At build time, the .bbclass file checks if
the /etc/dropbear directory exists and if the RSA host key exists in
this directory. If the key does exist it sets the path to /etc/dropbear
else it sets it to /var/lib/dropbear. The dropbear service reads this
environment file to determine from which path to load the RSA host key.
This fix is to change dropbearkey.service to have similar logic to read
the file to determine which path to create the RSA host key. This will
get rid of the above Warning message, which can fill up the log buffer
in a Continuous Test environment where many ssh connection are made.
Change-Id: Iae37a3dfa9aa8c56687560f0f6560114c1e9b85a
Signed-off-by: CamVan Nguyen <ctnguyen@us.ibm.com>
Diffstat (limited to 'meta-phosphor/common/recipes-core')
| -rw-r--r-- | meta-phosphor/common/recipes-core/dropbear/dropbear/dropbearkey.service | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/meta-phosphor/common/recipes-core/dropbear/dropbear/dropbearkey.service b/meta-phosphor/common/recipes-core/dropbear/dropbear/dropbearkey.service index 623f73e42..dfeb17f41 100644 --- a/meta-phosphor/common/recipes-core/dropbear/dropbear/dropbearkey.service +++ b/meta-phosphor/common/recipes-core/dropbear/dropbear/dropbearkey.service @@ -1,10 +1,17 @@ [Unit] Description=SSH Key Generation -ConditionPathExists=|!/etc/dropbear/dropbear_rsa_host_key [Service] +# Set the default RSA key path then load environment variables from the +# environment file, which might override the default RSA key path. +Environment="DROPBEAR_RSAKEY_DIR=/etc/dropbear" +EnvironmentFile=-/etc/default/dropbear Type=oneshot -ExecStart=@SBINDIR@/dropbearkey -t rsa -f /etc/dropbear/dropbear_rsa_host_key +ExecStart=@BASE_BINDIR@/sh -c \ + "if [[ ! -f ${DROPBEAR_RSAKEY_DIR}/dropbear_rsa_host_key ]]; then \ + @BASE_BINDIR@/mkdir -p ${DROPBEAR_RSAKEY_DIR}; \ + @SBINDIR@/dropbearkey -t rsa -f ${DROPBEAR_RSAKEY_DIR}/dropbear_rsa_host_key; \ + fi" RemainAfterExit=yes [Install] |