Copying keys into /cfg automatically
The idea here is to copy the SSH key material which gets generated
during the first boot into a persistent place. That way, one can update
the system freely, and the SSH keys for both OpenSSH and Netopeer2's
server/keystored will be preserved.
Change-Id: I094ab3142195ce4dd5e714b486962b2ec4925098
diff --git a/package/czechlight-cfg-fs/Config.in b/package/czechlight-cfg-fs/Config.in
index 3974d6c..81fe19f 100644
--- a/package/czechlight-cfg-fs/Config.in
+++ b/package/czechlight-cfg-fs/Config.in
@@ -27,4 +27,14 @@
endif # BR2_PACKAGE_SYSREPO
+if BR2_PACKAGE_NETOPEER2_KEYSTORED
+
+config CZECHLIGHT_CFG_FS_PERSIST_KEYS
+ bool "Persist host keys for OpenSSH and Netopeer2"
+ default Y
+ help
+ Save OpenSSH's key material and netopeer2-keystored's SSH keys into /cfg
+
+endif # BR2_PACKAGE_NETOPEER2_KEYSTORED
+
endif # BR2_PACKAGE_CZECHLIGHT_CFG_FS
diff --git a/package/czechlight-cfg-fs/czechlight-cfg-fs.mk b/package/czechlight-cfg-fs/czechlight-cfg-fs.mk
index f51b6ef..c774691 100644
--- a/package/czechlight-cfg-fs/czechlight-cfg-fs.mk
+++ b/package/czechlight-cfg-fs/czechlight-cfg-fs.mk
@@ -33,6 +33,13 @@
$(TARGET_DIR)/usr/lib/systemd/system/
ln -sf ../sysrepo-persistent-cfg.service $(TARGET_DIR)/usr/lib/systemd/system/multi-user.target.wants/
$(endif)
+ $(ifeq ($(CZECHLIGHT_CFG_FS_PERSIST_KEYS),y))
+ mkdir -p $(TARGET_DIR)/usr/lib/systemd/system/multi-user.target.wants/
+ $(INSTALL) -D -m 0644 \
+ $(BR2_EXTERNAL_CZECHLIGHT_PATH)/package/czechlight-cfg-fs/netopeer2-keystored-persistent-keys.service \
+ $(TARGET_DIR)/usr/lib/systemd/system/
+ ln -sf ../netopeer2-keystored-persistent-keys.service $(TARGET_DIR)/usr/lib/systemd/system/multi-user.target.wants/
+ $(endif)
endef
$(eval $(generic-package))
diff --git a/package/czechlight-cfg-fs/netopeer2-keystored-persistent-keys.service b/package/czechlight-cfg-fs/netopeer2-keystored-persistent-keys.service
new file mode 100644
index 0000000..177c247
--- /dev/null
+++ b/package/czechlight-cfg-fs/netopeer2-keystored-persistent-keys.service
@@ -0,0 +1,14 @@
+[Unit]
+Description=Store SSH host keys into /cfg
+After=netopeer2-keystored-init-keys.service
+Requires=netopeer2-keystored-init-keys.service
+ConditionPathExists=!/cfg/etc/keystored/keys
+
+[Service]
+Type=oneshot
+ExecStartPre=/bin/mkdir -p /cfg/etc/ssh
+ExecStart=/bin/sh -c 'cp -a /etc/ssh/ssh_host_*_key* /cfg/etc/ssh/'
+ExecStart=/bin/cp -a /etc/keystored /cfg/etc/
+
+[Install]
+WantedBy=multi-user.target