From: Andre McCurdy <armccurdy@gmail.com>
Date: Thu, 31 May 2018 00:16:47 +0000 (-0700)
Subject: dropbear: drop run time detection of read-only rootfs
X-Git-Tag: lucaceresoli/bug-15201-perf-libtraceevent-missing~17762
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4990f87b2f6a8b30c8d1c767636e7f5527f595ba;p=thirdparty%2Fopenembedded%2Fopenembedded-core-contrib.git

dropbear: drop run time detection of read-only rootfs

Previously, when dropbear was started via its init script, relocation
of DROPBEAR_RSAKEY_DIR to support read-only rootfs was handled at
run time from within the init script.

Update the init script to take advantage of the read-only rootfs
config setup by read_only_rootfs_hook() and therefore be consistent
with startup under systemd (where relocation of DROPBEAR_RSAKEY_DIR
is handled by the read_only_rootfs_hook() at build time).

Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---

diff --git a/meta/classes/rootfs-postcommands.bbclass b/meta/classes/rootfs-postcommands.bbclass
index 55222095349..221869e04ce 100644
--- a/meta/classes/rootfs-postcommands.bbclass
+++ b/meta/classes/rootfs-postcommands.bbclass
@@ -112,14 +112,11 @@ read_only_rootfs_hook () {
 
 	# Also tweak the key location for dropbear in the same way.
 	if [ -d ${IMAGE_ROOTFS}/etc/dropbear ]; then
-		if [ -e ${IMAGE_ROOTFS}/etc/dropbear/dropbear_rsa_host_key ]; then
-			echo "DROPBEAR_RSAKEY_DIR=/etc/dropbear" >> ${IMAGE_ROOTFS}/etc/default/dropbear
-		else
+		if [ ! -e ${IMAGE_ROOTFS}/etc/dropbear/dropbear_rsa_host_key ]; then
 			echo "DROPBEAR_RSAKEY_DIR=/var/lib/dropbear" >> ${IMAGE_ROOTFS}/etc/default/dropbear
 		fi
 	fi
 
-
 	if ${@bb.utils.contains("DISTRO_FEATURES", "sysvinit", "true", "false", d)}; then
 		# Change the value of ROOTFS_READ_ONLY in /etc/default/rcS to yes
 		if [ -e ${IMAGE_ROOTFS}/etc/default/rcS ]; then
diff --git a/meta/recipes-core/dropbear/dropbear/init b/meta/recipes-core/dropbear/dropbear/init
index f6e1c462fab..ffab7a2362b 100755
--- a/meta/recipes-core/dropbear/dropbear/init
+++ b/meta/recipes-core/dropbear/dropbear/init
@@ -17,8 +17,11 @@ NAME=dropbear
 DESC="Dropbear SSH server"
 PIDFILE=/var/run/dropbear.pid
 
+# These values may be replaced by those from /etc/default/dropbear
+DROPBEAR_RSAKEY_DIR="/etc/dropbear"
 DROPBEAR_PORT=22
 DROPBEAR_EXTRA_ARGS=
+DROPBEAR_RSAKEY_ARGS=
 NO_START=0
 
 set -e
@@ -28,32 +31,19 @@ test "$NO_START" = "0" || exit 0
 test -x "$DAEMON" || exit 0
 test ! -h /var/service/dropbear || exit 0
 
-readonly_rootfs=0
-for flag in `awk '{ if ($2 == "/") { split($4,FLAGS,",") } }; END { for (f in FLAGS) print FLAGS[f] }' </proc/mounts`; do
-  case $flag in
-   ro)
-     readonly_rootfs=1
-     ;;
-  esac
-done
-
-if [ $readonly_rootfs = "1" ]; then
-  mkdir -p /var/lib/dropbear
-  DROPBEAR_RSAKEY_DEFAULT="/var/lib/dropbear/dropbear_rsa_host_key"
-else
-  DROPBEAR_RSAKEY_DEFAULT="/etc/dropbear/dropbear_rsa_host_key"
-fi
-
 test -z "$DROPBEAR_BANNER" || \
   DROPBEAR_EXTRA_ARGS="$DROPBEAR_EXTRA_ARGS -b $DROPBEAR_BANNER"
 test -n "$DROPBEAR_RSAKEY" || \
-  DROPBEAR_RSAKEY=$DROPBEAR_RSAKEY_DEFAULT
+  DROPBEAR_RSAKEY="${DROPBEAR_RSAKEY_DIR}/dropbear_rsa_host_key"
 
 gen_keys() {
     if [ -f "$DROPBEAR_RSAKEY" -a ! -s "$DROPBEAR_RSAKEY" ]; then
         rm $DROPBEAR_RSAKEY || true
     fi
-    test -f $DROPBEAR_RSAKEY || dropbearkey -t rsa -f $DROPBEAR_RSAKEY $DROPBEAR_RSAKEY_ARGS
+    if [ ! -f "$DROPBEAR_RSAKEY" ]; then
+        mkdir -p ${DROPBEAR_RSAKEY%/*}
+        dropbearkey -t rsa -f $DROPBEAR_RSAKEY $DROPBEAR_RSAKEY_ARGS
+    fi
 }
 
 case "$1" in