From: Ming Liu Date: Sat, 17 Jan 2026 12:05:23 +0000 (+0100) Subject: rootfs-postcommands.bbclass: avoid checking hard-coded openssh hostkey X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=fc436bc6f85112770e0699c11b29dacf33864a63;p=thirdparty%2Fopenembedded%2Fopenembedded-core.git rootfs-postcommands.bbclass: avoid checking hard-coded openssh hostkey The openssh host keys are configurable in openssh recipe, dont check hard-coded path ${IMAGE_ROOTFS}/etc/ssh/ssh_host_rsa_key. Instead, try to figure out the first host key in sshd_config, if there is no host keys set in sshd_config, then check the first host key presenting in ${IMAGE_ROOTFS}/etc/ssh. Signed-off-by: Ming Liu Signed-off-by: Antonin Godard Signed-off-by: Richard Purdie --- diff --git a/meta/classes-recipe/rootfs-postcommands.bbclass b/meta/classes-recipe/rootfs-postcommands.bbclass index f0c7ee658d..02cb97aec7 100644 --- a/meta/classes-recipe/rootfs-postcommands.bbclass +++ b/meta/classes-recipe/rootfs-postcommands.bbclass @@ -214,7 +214,11 @@ read_only_rootfs_hook () { # If stateless-rootfs is enabled this is always done as we don't want to save keys then if ${@ 'true' if not bb.utils.contains('IMAGE_FEATURES', 'overlayfs-etc', True, False, d) or bb.utils.contains('IMAGE_FEATURES', 'stateless-rootfs', True, False, d) else 'false'}; then if [ -d ${IMAGE_ROOTFS}/etc/ssh ]; then - if [ -e ${IMAGE_ROOTFS}/etc/ssh/ssh_host_rsa_key ]; then + ssh_host_key_checkpath=$(sed -n 's/^[ \t]*HostKey[ \t]\+\(.*\)/\1/p' ${IMAGE_ROOTFS}/etc/ssh/sshd_config | head -1) + if [ ! -e "$ssh_host_key_checkpath" ]; then + ssh_host_key_checkpath=$(ls ${IMAGE_ROOTFS}/etc/ssh/ssh_host_*_key | cut -f1 | head -1) + fi + if [ -e "$ssh_host_key_checkpath" ]; then echo "SYSCONFDIR=\${SYSCONFDIR:-/etc/ssh}" >> ${IMAGE_ROOTFS}/etc/default/ssh echo "SSHD_OPTS=" >> ${IMAGE_ROOTFS}/etc/default/ssh else