diff options
author | Richard Purdie <richard.purdie@linuxfoundation.org> | 2024-05-04 10:48:01 +0100 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2024-05-13 16:28:33 +0100 |
commit | b0405972d4fd6fa12f90afea5ecb9a50c01c21c6 (patch) | |
tree | e1ee5a9edfb1221e39674889cc6872afc49cc0c3 /meta/recipes-connectivity | |
parent | e2fabdd6d53ee30a67992bd966961f423f18a388 (diff) | |
download | openembedded-core-b0405972d4fd6fa12f90afea5ecb9a50c01c21c6.tar.gz |
ssh-pregen-hostkeys: Limit to qemu machines by default
There are potential security issues from using pre-generated host keys. We made
the recipe available for autobuilder testing purposes but concerns remain about
how easily this could end up in production.
I thought we'd already done this, but limit the recipe to qemu* machines,
which means any real hardware trying to use it will need to be a bit more
explicit about it and specifically enable it.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-connectivity')
-rw-r--r-- | meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys_1.0.bb | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys_1.0.bb b/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys_1.0.bb index ede18a0031..4a62ddacd5 100644 --- a/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys_1.0.bb +++ b/meta/recipes-connectivity/ssh-pregen-hostkeys/ssh-pregen-hostkeys_1.0.bb @@ -8,6 +8,8 @@ LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MIT;md5=0835ade698e0bcf8506ecda INHIBIT_DEFAULT_DEPS = "1" +COMPATIBLE_MACHINE = "^qemu.*$" + do_install () { install -d ${D}${sysconfdir}/dropbear install ${UNPACKDIR}/dropbear_rsa_host_key -m 0600 ${D}${sysconfdir}/dropbear/ @@ -16,4 +18,4 @@ do_install () { install ${UNPACKDIR}/openssh/* ${D}${sysconfdir}/ssh/ chmod 0600 ${D}${sysconfdir}/ssh/* chmod 0644 ${D}${sysconfdir}/ssh/*.pub -}
\ No newline at end of file +} |