Merge remote-tracking branch 'thingos/dev' into dev

board/common/cleanups.sh

@@ -10,7 +10,6 @@ find ${TARGET} -name '.empty' | xargs -r rm
 # /etc stuff
 rm -rf ${TARGET}/etc/network/
 rm -rf ${TARGET}/etc/dhcp/
-rm -rf ${TARGET}/etc/ssh/
 rm -rf ${TARGET}/etc/rc_keymaps/
 rm -rf ${TARGET}/etc/default/
 rm -rf ${TARGET}/etc/ctdb/

board/common/overlay/etc/init.d/S40network

@@ -185,18 +185,18 @@ start() {
 
     ssid=$(cat /data/etc/wpa_supplicant.conf 2>&1 | grep ssid | grep -v scan_ssid | cut -d '"' -f 2)
     test -n "${OS_WLAN}" -a -n "${ssid}" && start_wlan && wlan_ok="ok"
-    
     test -n "${OS_PPP}" -a -r /data/etc/ppp/modem && ifconfig | grep ${OS_PPP} &>/dev/null && ppp_ok="ok"
+    def_route_ok=$(ip route get 1.1.1.1 &>/dev/null && echo "ok")
     
     if [[ -n "${OS_ETH}" ]]; then
-            # if wifi or ppp link ok, start eth in background
+        # if wifi or ppp link ok, start eth in background
-        if [[ "${wlan_ok}" == "ok" ]] || [[ "${ppp_ok}" == "ok" ]]; then
+        if [[ "${wlan_ok}" == "ok" ]] || [[ "${ppp_ok}" == "ok" ]] && [[ "${def_route_ok}" == "ok" ]]; then
             start_eth &>/dev/null &
         else
             start_eth && eth_ok="ok"
         fi
     fi
-    
+
     if [[ "${eth_ok}" != "ok" ]] && [[ "${wlan_ok}" != "ok" ]] && [[ "${ppp_ok}" != "ok" ]]; then
         if [[ "${LINK_WATCH}" == "true" ]]; then
             logger -t network "no network connection available, calling panic action"
@@ -232,6 +232,19 @@ start() {
             test $? == 0 && msg_done || msg_fail
         fi
     fi
+
+    # re-evalutate default route, as it might have changed with start_eth or static IP
+    def_route_ok=$(ip route get 1.1.1.1 &>/dev/null && echo "ok")
+    if [[ "${def_route_ok}" != "ok" ]]; then
+        if [[ "${IP_WATCH}" == "true" ]]; then
+            logger -t network "no default route, calling panic action"
+            panic_action network
+            return 1
+        else
+            logger -t network "no default route"
+            return 0
+        fi
+    fi
 }
 
 stop() {

board/common/overlay/etc/init.d/S60sshd

@@ -1,6 +1,12 @@
 #!/bin/bash
 
-CONF="/etc/sshd_config"
+SYS_DIR=/etc/ssh
+USER_DIR=/data/etc/ssh
+RUN_DIR=/var/run/ssh
+
+SYS_CONF="${SYS_DIR}/sshd_config"
+USER_CONF="${USER_DIR}/sshd_config"
+CONF="${RUN_DIR}/sshd_config"
 
 PROG="/usr/sbin/sshd"
 PROG_KG="/usr/bin/ssh-keygen"
@@ -10,23 +16,38 @@ test -x ${PROG} || exit 0
 
 test -n "${OS_VERSION}" || source /etc/init.d/base
 
-test -s ${CONF} || exit 0
+test -s ${SYS_CONF} || exit 0
 
 test "${OS_NETWORKLESS}" == "true" && exit 0
 
 
 start() {
-    msg_begin "Starting sshd"
+    # merge user and sys conf files; options in first file take precedence
-    
+    mkdir -p $(dirname ${CONF})
-    # create any missing keys
+    if [[ -s ${USER_CONF} ]]; then
-    if ! ${PROG_KG} -A >/dev/null; then
+        cat ${USER_CONF} ${SYS_CONF} > ${CONF}
-        msg_fail
+    else
-        return 1
+        cp ${SYS_CONF} ${CONF}
     fi
 
+    # ensure various dirs existence
+    mkdir -p ${USER_DIR}
+    mkdir -p ${RUN_DIR}
+
+    # create any missing keys
+    if ! [[ -s ${USER_DIR}/ssh_host_rsa_key ]]; then
+        msg_begin "Generating ssh host keys"
+        for type in rsa dsa ecdsa ed25519; do
+            ssh-keygen -f ${USER_DIR}/ssh_host_${type}_key -N '' -t ${type} >/dev/null
+        done
+        test $? == 0 && msg_done || msg_fail
+    fi
+
+    msg_begin "Starting sshd"
+    
     umask 077
     hostname=$(hostname)
-    echo "Welcome to ${hostname}!" > /var/cache/sshd_banner
+    echo "Welcome to ${hostname}!" > ${RUN_DIR}/sshd_banner
     sync
 
     ${PROG} -f ${CONF}
@@ -57,4 +78,3 @@ case "$1" in
         echo "Usage: $0 {start|stop|restart}"
         exit 1
 esac
-

board/common/overlay/etc/ssh/authorized_keys

@@ -0,0 +1 @@
+/data/etc/ssh/authorized_keys

board/common/overlay/etc/ssh/ssh_host_dsa_key

@@ -0,0 +1 @@
+/data/etc/ssh/ssh_host_dsa_key

board/common/overlay/etc/ssh/ssh_host_dsa_key.pub

@@ -0,0 +1 @@
+/data/etc/ssh/ssh_host_dsa_key.pub

board/common/overlay/etc/ssh/ssh_host_ecdsa_key

@@ -0,0 +1 @@
+/data/etc/ssh/ssh_host_ecdsa_key

board/common/overlay/etc/ssh/ssh_host_ecdsa_key.pub

@@ -0,0 +1 @@
+/data/etc/ssh/ssh_host_ecdsa_key.pub

board/common/overlay/etc/ssh/ssh_host_ed25519_key

@@ -0,0 +1 @@
+/data/etc/ssh/ssh_host_ed25519_key

board/common/overlay/etc/ssh/ssh_host_ed25519_key.pub

@@ -0,0 +1 @@
+/data/etc/ssh/ssh_host_ed25519_key.pub

board/common/overlay/etc/ssh/ssh_host_rsa_key

@@ -0,0 +1 @@
+/data/etc/ssh/ssh_host_rsa_key

board/common/overlay/etc/ssh/ssh_host_rsa_key.pub

@@ -0,0 +1 @@
+/data/etc/ssh/ssh_host_rsa_key.pub

board/common/overlay/etc/ssh/sshd_config

@@ -0,0 +1,9 @@
+ListenAddress 0.0.0.0
+
+PermitRootLogin yes
+PermitEmptyPasswords yes
+UseDNS no
+Banner /var/run/ssh/sshd_banner
+
+Subsystem sftp /usr/libexec/sftp-server
+IPQoS cs0 cs0

board/common/overlay/etc/sshd_config

@@ -1,16 +0,0 @@
-Port 22
-ListenAddress 0.0.0.0
-
-HostKey /data/etc/ssh_host_rsa_key
-HostKey /data/etc/ssh_host_dsa_key
-HostKey /data/etc/ssh_host_ecdsa_key
-HostKey /data/etc/ssh_host_ed25519_key
-
-PermitRootLogin yes
-PermitEmptyPasswords yes
-AuthorizedKeysFile /data/etc/ssh_authorized_keys
-UseDNS no
-Banner /var/cache/sshd_banner
-
-Subsystem sftp /usr/libexec/sftp-server
-IPQoS cs0 cs0

board/common/overlay/root/.ssh

@@ -0,0 +1 @@
+/data/etc/ssh

package/openssh/openssh.mk

@@ -10,7 +10,7 @@ OPENSSH_LICENSE = BSD-3-Clause, BSD-2-Clause, Public Domain
 OPENSSH_LICENSE_FILES = LICENCE
 OPENSSH_CONF_ENV = LD="$(TARGET_CC)" LDFLAGS="$(TARGET_CFLAGS)"
 OPENSSH_CONF_OPTS = \
-	--sysconfdir=/data/etc \
+	--sysconfdir=/etc/ssh \
 	--with-default-path=$(BR2_SYSTEM_DEFAULT_PATH) \
 	--disable-lastlog \
 	--disable-utmp \