diff options
Diffstat (limited to 'meta-openbmc-mods/meta-common/recipes-core/dropbear')
-rw-r--r-- | meta-openbmc-mods/meta-common/recipes-core/dropbear/dropbear_%.bbappend | 22 | ||||
-rwxr-xr-x | meta-openbmc-mods/meta-common/recipes-core/dropbear/files/enable-ssh.sh | 48 |
2 files changed, 70 insertions, 0 deletions
diff --git a/meta-openbmc-mods/meta-common/recipes-core/dropbear/dropbear_%.bbappend b/meta-openbmc-mods/meta-common/recipes-core/dropbear/dropbear_%.bbappend new file mode 100644 index 000000000..9d5dcf6b0 --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-core/dropbear/dropbear_%.bbappend @@ -0,0 +1,22 @@ +FILESEXTRAPATHS:prepend := "${THISDIR}/files:" + +SRC_URI += "file://enable-ssh.sh" + +add_manual_ssh_enable() { + install -d ${D}/usr/share/misc + install -m 0755 ${D}/${systemd_unitdir}/system/dropbear@.service ${D}/usr/share/misc/dropbear@.service + install -m 0755 ${D}/${systemd_unitdir}/system/dropbear.socket ${D}/usr/share/misc/dropbear.socket + install -m 0755 ${WORKDIR}/enable-ssh.sh ${D}${bindir}/enable-ssh.sh + # Remove dropbear service and socket by default, if debug-tweaks is disabled + rm ${D}/${systemd_unitdir}/system/dropbear@.service + rm ${D}/${systemd_unitdir}/system/dropbear.socket +} + +do_install:append() { + # Add manual ssh enable script if debug-tweaks is disabled + ${@bb.utils.contains('EXTRA_IMAGE_FEATURES', 'debug-tweaks', '', 'add_manual_ssh_enable', d)} +} + +FILES:${PN} += "/usr/share/misc" +SYSTEMD_SERVICE:${PN} += "dropbearkey.service" +SYSTEMD_SERVICE:${PN}:remove += " ${@bb.utils.contains('EXTRA_IMAGE_FEATURES', 'debug-tweaks', '', 'dropbear.socket', d)}" diff --git a/meta-openbmc-mods/meta-common/recipes-core/dropbear/files/enable-ssh.sh b/meta-openbmc-mods/meta-common/recipes-core/dropbear/files/enable-ssh.sh new file mode 100755 index 000000000..922aa09f5 --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-core/dropbear/files/enable-ssh.sh @@ -0,0 +1,48 @@ +#!/bin/sh + +usage="$(basename "$0") [-h] [-d] -- Enable/Disable ssh for root user +where: + -h help + -d disable ssh and remove priv-admin permission for root user" + +enable_ssh() { + if [ -e /etc/systemd/system/dropbear@.service ] && + [ -e /etc/systemd/system/sockets.target.wants/dropbear.socket ]; then + echo "SSH is already enabled" + else + cp /usr/share/misc/dropbear@.service /etc/systemd/system/dropbear@.service + cp /usr/share/misc/dropbear.socket /etc/systemd/system/dropbear.socket + ln -s /etc/systemd/system/dropbear.socket /etc/systemd/system/sockets.target.wants/dropbear.socket + groupmems -g priv-admin -a root + systemctl daemon-reload + systemctl restart dropbear.socket + echo "Enabled SSH service for root user successful" + fi +} + +disable_ssh() { + if [ -e /etc/systemd/system/dropbear@.service ] && + [ -e /etc/systemd/system/sockets.target.wants/dropbear.socket ]; then + systemctl stop dropbear.socket + systemctl stop dropbear@*.service + rm -rf /etc/systemd/system/sockets.target.wants/dropbear.socket + rm -rf /etc/systemd/system/dropbear.socket + rm -rf /etc/systemd/system/dropbear@.service + groupmems -g priv-admin -d root + echo "SSH disabled" + else + echo "SSH is already disabled" + fi +} + +case "$1" in +"-h") + echo ${usage} + ;; +"-d") + disable_ssh + ;; +*) + enable_ssh + ;; +esac |