openssh: move configfile changs back to openssh recipe

Move the StarlingX additional configuration to the recipe the sshd_config needs to be patched due to difference in available MACs. Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Babak Sarashki <Babak.SarAshki@windriver.com>
2020-07-06 11:57:37 -07:00 · 2020-07-06 11:57:37 -07:00 · ebca50196c
commit ebca50196c
parent e19a1474df
3 changed files with 23 additions and 36 deletions
--- a/meta-stx-flock/stx-config-files/config-files_1.0.0.bb
+++ b/meta-stx-flock/stx-config-files/config-files_1.0.0.bb
@ -32,7 +32,6 @@ LIC_FILES_CHKSUM = "\

 SRC_URI = " \
 	git://opendev.org/starlingx/${SRCNAME}.git;protocol=${PROTOCOL};rev=${SRCREV};branch=${BRANCH} \
-	file://openssh-config-rm-hmac-ripemd160.patch \
 	file://util-linux-pam-postlogin.patch \
 	file://syslog-ng-config-parse-err.patch \
 	file://syslog-ng-config-systemd-service.patch \
@ -74,7 +73,6 @@ PACKAGES += "net-snmp-config"
 PACKAGES += "nfs-utils-config"
 PACKAGES += "ntp-config"
 PACKAGES += "openldap-config"
-PACKAGES += "openssh-config"
 PACKAGES += "openvswitch-config"
 PACKAGES += "pam-config"
 PACKAGES += "rabbitmq-server-config"
@ -105,7 +103,6 @@ FILES_net-snmp-config= "${datadir}/starlingx/config-files/net-snmp-config/"
 FILES_nfs-utils-config= "${datadir}/starlingx/config-files/nfs-utils-config/"
 FILES_ntp-config= "${datadir}/starlingx/config-files/ntp-config/"
 FILES_openldap-config= "${datadir}/starlingx/config-files/openldap-config/"
-FILES_openssh-config= "${datadir}/starlingx/config-files/openssh-config/"
 FILES_openvswitch-config= "${datadir}/starlingx/config-files/openvswitch-config/"
 FILES_pam-config= "${datadir}/starlingx/config-files/pam-config/"
 FILES_rabbitmq-server-config= "${datadir}/starlingx/config-files/rabbitmq-server-config/"
@ -165,7 +162,6 @@ RRECOMMENDS_openldap-config += " \
 	openldap-bin \
 	"

-RDEPENDS_openssh-config += " openssh"
 RDEPENDS_openvswitch-config += " openvswitch"
 RDEPENDS_pam-config += " \
 	libpam-runtime \
@ -482,33 +478,6 @@ pkg_postinst_ontarget_openldap-config() {
 	chmod 644 ${systemd_system_unitdir}/slapd
 }

-pkg_postinst_ontarget_openssh-config() {
-#	%description
-#	package StarlingX configuration files of openssh to system folder.
-
-
-	SRCPATH=${datadir}/starlingx/config-files/openssh-config/files
-
-	install -m 644 ${SRCPATH}/sshd.service  ${sysconfdir}/systemd/system/sshd.service
-	install -m 644 ${SRCPATH}/ssh_config    ${datadir}/starlingx/ssh_config
-	install -m 600 ${SRCPATH}/sshd_config   ${datadir}/starlingx/sshd_config
-
-	# remove the unsupported and deprecated options
-	sed -i -e 's/^\(GSSAPIAuthentication.*\)/#\1/' \
-	       -e 's/^\(GSSAPICleanupCredentials.*\)/#\1/' \
-	       -e 's/^\(UsePrivilegeSeparation.*\)/#\1/' \
-	       ${datadir}/starlingx/sshd_config
-	
-	cp -f ${datadir}/starlingx/ssh_config  ${sysconfdir}/ssh/ssh_config
-	cp -f ${datadir}/starlingx/sshd_config ${sysconfdir}/ssh/sshd_config
-
-	systemctl daemon-reload
-	systemctl enable sshd.service
-
-	systemctl --no-block restart sshd.service
-
-}
-
 pkg_postinst_ontarget_openvswitch-config() {
 #	%description
 #	StarlingX openvswitch configuration file
--- a/meta-stx-integ/recipes-connectivity/openssh/files/openssh-config-rm-hmac-ripemd160.patch
+++ b/meta-stx-integ/recipes-connectivity/openssh/files/openssh-config-rm-hmac-ripemd160.patch
@ -1,7 +1,7 @@
-diff --git a/openssh-config/files/sshd_config b/openssh-config/files/sshd_config
+diff --git a/sshd_config b/sshd_config
 index 0dfc0e2..b767509 100644
--- a/openssh-config/files/sshd_config
-+++ b/openssh-config/files/sshd_config
+--- a/sshd_config
+++ b/sshd_config
@@ -144,5 +144,5 @@ DenyUsers admin secadmin operator
 # TODO (aning): once openssh is updated to 7.5, an explicit exclusion list
 # using "-" should be used for cipher, MAC and kex excluded suites.
--- a/meta-stx-integ/recipes-connectivity/openssh/openssh_7.%.bbappend
+++ b/meta-stx-integ/recipes-connectivity/openssh/openssh_7.%.bbappend
@ -15,14 +15,32 @@

 FILESEXTRAPATHS_prepend := "${THISDIR}/files:"

+BRANCH = "r/stx.3.0"
+SRCREV = "d778e862571957ece3c404c0c37d325769772fde"
+
 SRC_URI += "\
    file://stx/sshd.init \
    file://stx/sshd-keygen \
    file://stx/sshd-keygen.service \
-    file://stx/sshd.service \
    file://stx/sshd.sysconfig \
+    git://opendev.org/starlingx/config-files.git;protocol=https;rev=${SRCREV};branch=${BRANCH};destsuffix=stx-configfiles;subpath=openssh-config \
+    file://openssh-config-rm-hmac-ripemd160.patch \
 "

+do_unpack_append() {
+    bb.build.exec_func('do_copy_config_files', d)
+}
+
+do_copy_config_files () {
+    cp -f ${WORKDIR}/stx-configfiles/files/sshd_config ${S}
+    # remove the unsupported and deprecated options
+    sed -i -e 's/^\(GSSAPIAuthentication.*\)/#\1/' \
+           -e 's/^\(GSSAPICleanupCredentials.*\)/#\1/' \
+           -e 's/^\(UsePrivilegeSeparation.*\)/#\1/' \
+           ${S}/sshd_config
+    cp -f ${WORKDIR}/stx-configfiles/files/ssh_config ${S}
+}
+
 SYSTEMD_SERVICE_${PN}-sshd = "sshd.service"

 do_install_append () {
@ -37,7 +55,7 @@ do_install_append () {
    install -m 644 ${WORKDIR}/stx/sshd.sysconfig ${D}/${sysconfdir}/sysconfig/sshd

    install -m 755 ${WORKDIR}/stx/sshd-keygen ${D}/${sbindir}/sshd-keygen
-    install -m644 ${WORKDIR}/stx/sshd.service ${D}/${systemd_system_unitdir}/sshd.service
+    install -m644 ${WORKDIR}/stx-configfiles/files/sshd.service ${D}/${systemd_system_unitdir}/sshd.service
    install -m644 ${WORKDIR}/stx/sshd-keygen.service ${D}/${systemd_system_unitdir}/sshd-keygen.service

    install -d ${D}/${sysconfdir}/tmpfiles.d