[PATCH 1/2] meta/classes/image: Introduce sshd host key assertion

[Henning Schild <henning.schild@siemens.com>]

From: Henning Schild <henning.schild@siemens.com>

Images containing ssh host keys without some way of dealing with the
fact that those have to be generate at run-time not install-time are
invalid!

Introduce a check that our own package "sshd-regen-keys" is installed
when such keys are present (when an ssh daemon is installed).

Suggest to install that package or find some other way of dealing with
the problem. But fail by default, since such an image is most likely
broken.

Signed-off-by: Henning Schild <henning.schild@siemens.com>
---
 meta/classes/image-postproc-extension.bbclass | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/meta/classes/image-postproc-extension.bbclass b/meta/classes/image-postproc-extension.bbclass
index 625ba7d..5467bbc 100644
--- a/meta/classes/image-postproc-extension.bbclass
+++ b/meta/classes/image-postproc-extension.bbclass
@@ -44,3 +44,17 @@ image_postprocess_mark() {
     update_etc_os_release \
         --build-id "${BUILD_ID}" --variant "${DESCRIPTION}"
 }
+
+ROOTFS_POSTPROCESS_COMMAND =+ "image_postprocess_sshd_key_regen"
+
+image_postprocess_sshd_key_regen() {
+    if ls ${WORKDIR}/rootfs/etc/ssh/ssh_host_*key* > /dev/null; then
+        if [ ! -d ${WORKDIR}/rootfs/usr/share/doc/sshd-regen-keys ]; then
+            bbwarn "Looks like you have ssh host keys in the image but did "\
+                   "not install \"sshd-regen-keys\". This image should not be "\
+                   "deployed more than once."
+            bberror "Install the package or forcefully remove this check!"
+            exit 1
+        fi
+    fi
+}
-- 
2.21.0