summaryrefslogtreecommitdiff
path: root/meta-openbmc-mods/meta-common/recipes-core/dropbear
diff options
context:
space:
mode:
Diffstat (limited to 'meta-openbmc-mods/meta-common/recipes-core/dropbear')
-rw-r--r--meta-openbmc-mods/meta-common/recipes-core/dropbear/dropbear_%.bbappend22
-rwxr-xr-xmeta-openbmc-mods/meta-common/recipes-core/dropbear/files/enable-ssh.sh48
2 files changed, 70 insertions, 0 deletions
diff --git a/meta-openbmc-mods/meta-common/recipes-core/dropbear/dropbear_%.bbappend b/meta-openbmc-mods/meta-common/recipes-core/dropbear/dropbear_%.bbappend
new file mode 100644
index 000000000..9d5dcf6b0
--- /dev/null
+++ b/meta-openbmc-mods/meta-common/recipes-core/dropbear/dropbear_%.bbappend
@@ -0,0 +1,22 @@
+FILESEXTRAPATHS:prepend := "${THISDIR}/files:"
+
+SRC_URI += "file://enable-ssh.sh"
+
+add_manual_ssh_enable() {
+ install -d ${D}/usr/share/misc
+ install -m 0755 ${D}/${systemd_unitdir}/system/dropbear@.service ${D}/usr/share/misc/dropbear@.service
+ install -m 0755 ${D}/${systemd_unitdir}/system/dropbear.socket ${D}/usr/share/misc/dropbear.socket
+ install -m 0755 ${WORKDIR}/enable-ssh.sh ${D}${bindir}/enable-ssh.sh
+ # Remove dropbear service and socket by default, if debug-tweaks is disabled
+ rm ${D}/${systemd_unitdir}/system/dropbear@.service
+ rm ${D}/${systemd_unitdir}/system/dropbear.socket
+}
+
+do_install:append() {
+ # Add manual ssh enable script if debug-tweaks is disabled
+ ${@bb.utils.contains('EXTRA_IMAGE_FEATURES', 'debug-tweaks', '', 'add_manual_ssh_enable', d)}
+}
+
+FILES:${PN} += "/usr/share/misc"
+SYSTEMD_SERVICE:${PN} += "dropbearkey.service"
+SYSTEMD_SERVICE:${PN}:remove += " ${@bb.utils.contains('EXTRA_IMAGE_FEATURES', 'debug-tweaks', '', 'dropbear.socket', d)}"
diff --git a/meta-openbmc-mods/meta-common/recipes-core/dropbear/files/enable-ssh.sh b/meta-openbmc-mods/meta-common/recipes-core/dropbear/files/enable-ssh.sh
new file mode 100755
index 000000000..922aa09f5
--- /dev/null
+++ b/meta-openbmc-mods/meta-common/recipes-core/dropbear/files/enable-ssh.sh
@@ -0,0 +1,48 @@
+#!/bin/sh
+
+usage="$(basename "$0") [-h] [-d] -- Enable/Disable ssh for root user
+where:
+ -h help
+ -d disable ssh and remove priv-admin permission for root user"
+
+enable_ssh() {
+ if [ -e /etc/systemd/system/dropbear@.service ] &&
+ [ -e /etc/systemd/system/sockets.target.wants/dropbear.socket ]; then
+ echo "SSH is already enabled"
+ else
+ cp /usr/share/misc/dropbear@.service /etc/systemd/system/dropbear@.service
+ cp /usr/share/misc/dropbear.socket /etc/systemd/system/dropbear.socket
+ ln -s /etc/systemd/system/dropbear.socket /etc/systemd/system/sockets.target.wants/dropbear.socket
+ groupmems -g priv-admin -a root
+ systemctl daemon-reload
+ systemctl restart dropbear.socket
+ echo "Enabled SSH service for root user successful"
+ fi
+}
+
+disable_ssh() {
+ if [ -e /etc/systemd/system/dropbear@.service ] &&
+ [ -e /etc/systemd/system/sockets.target.wants/dropbear.socket ]; then
+ systemctl stop dropbear.socket
+ systemctl stop dropbear@*.service
+ rm -rf /etc/systemd/system/sockets.target.wants/dropbear.socket
+ rm -rf /etc/systemd/system/dropbear.socket
+ rm -rf /etc/systemd/system/dropbear@.service
+ groupmems -g priv-admin -d root
+ echo "SSH disabled"
+ else
+ echo "SSH is already disabled"
+ fi
+}
+
+case "$1" in
+"-h")
+ echo ${usage}
+ ;;
+"-d")
+ disable_ssh
+ ;;
+*)
+ enable_ssh
+ ;;
+esac
generated by cgit v1.2.3 (git 2.39.0) at 2024-09-13 16:57:46 +0300