From mboxrd@z Thu Jan  1 00:00:00 1970
X-GM-THRID: 6634399131619033088
X-Received: by 2002:a1c:96c9:: with SMTP id y192mr1232123wmd.20.1544691420363;
        Thu, 13 Dec 2018 00:57:00 -0800 (PST)
X-BeenThere: isar-users@googlegroups.com
Received: by 2002:a1c:e919:: with SMTP id q25ls288760wmc.6.gmail; Thu, 13 Dec
 2018 00:56:59 -0800 (PST)
X-Google-Smtp-Source: AFSGD/V5EvcHlVzKM9w4XB2bYsFkQiDQX1QlgP+P3eclfaPqmQhA6KO33H5TpvYPf1iTUA7qjqvV
X-Received: by 2002:a1c:2dd0:: with SMTP id t199mr1134353wmt.21.1544691419934;
        Thu, 13 Dec 2018 00:56:59 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1544691419; cv=none;
        d=google.com; s=arc-20160816;
        b=eOy6kZAYbMSkL2d5Dc7oKHdG524+a4s1nx2OttPo5xAdZBvGKjPYJ2Kd6ziVehzlf9
         AHTWLaKC1w6HeeQ4DE5082GSD56Xf08FcTzUIQKgnIR+Cnqhoao0v93zQfgnYK4s9WRJ
         80z/kBYuloFi4xccyUcLLY7mKz0PwB+VC9Hp27z84V2CsDaGhOMHnbKB9fbxPDRKcyTt
         jUlKbrRJiDh3vFp1L5uMBNggM73kZayYk33E9mNFWohKMgWcdHIYcannv2zN1rVjkJtg
         8+kpAzy9R4iKBa5HeucwMd3NqQ/qGw8UPn1VpyXjoE8uDBP2Mi7wsAYJbejd417WtT9q
         rElA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=content-transfer-encoding:mime-version:date:to:from:subject
         :message-id;
        bh=oBiHu4dv/Eg+yN3z0xXJ78kznXnPXEs+2npFVzb7F2I=;
        b=SSQvtMGMphmLY/FA8NWAOUmfxruwLG527XLs1tS9gOQD0bwYsfdFUnHgwZvKvb2FP7
         98rNttzsZe5vs0t/lGYHbxep1v0ORcMxCH/naKuSpX2KHOBvHpTMDAxRjYNw4WjwR+0F
         RqFnA6W4bFxEOoi1nE33m8dMNzVJdR7GSo8SjqgCnSFDqZWlmVNvYY9PNV1y2c98Q1UX
         u2bUaEPN/R9wxe5s2kX6zjPxObEjw+fpfB0Y80qWz21GvL1aWX3xk1yMeBM2hcvdO/12
         Zk6UzGkX5OFSeuMH53Gwr0vR0SkyTkdKEuKRpnjd6EGLqFJVuDAXl8pKGBONw2N7AYAZ
         qOow==
ARC-Authentication-Results: i=1; gmr-mx.google.com;
       spf=neutral (google.com: 2001:a60:0:28:0:1:25:1 is neither permitted nor denied by best guess record for domain of hws@denx.de) smtp.mailfrom=hws@denx.de
Return-Path: <hws@denx.de>
Received: from mail-out.m-online.net (mail-out.m-online.net. [2001:a60:0:28:0:1:25:1])
        by gmr-mx.google.com with ESMTPS id p15si30554wrm.5.2018.12.13.00.56.59
        for <isar-users@googlegroups.com>
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Thu, 13 Dec 2018 00:56:59 -0800 (PST)
Received-SPF: neutral (google.com: 2001:a60:0:28:0:1:25:1 is neither permitted nor denied by best guess record for domain of hws@denx.de) client-ip=2001:a60:0:28:0:1:25:1;
Authentication-Results: gmr-mx.google.com;
       spf=neutral (google.com: 2001:a60:0:28:0:1:25:1 is neither permitted nor denied by best guess record for domain of hws@denx.de) smtp.mailfrom=hws@denx.de
Received: from frontend01.mail.m-online.net (unknown [192.168.8.182])
	by mail-out.m-online.net (Postfix) with ESMTP id 43FncC4vfSz1qxJM
	for <isar-users@googlegroups.com>; Thu, 13 Dec 2018 09:56:59 +0100 (CET)
Received: from localhost (dynscan1.mnet-online.de [192.168.6.70])
	by mail.m-online.net (Postfix) with ESMTP id 43FncC4jZQz1qtdx
	for <isar-users@googlegroups.com>; Thu, 13 Dec 2018 09:56:59 +0100 (CET)
X-Virus-Scanned: amavisd-new at mnet-online.de
Received: from mail.mnet-online.de ([192.168.8.182])
	by localhost (dynscan1.mail.m-online.net [192.168.6.70]) (amavisd-new, port 10024)
	with ESMTP id l2OMoLkI10SA for <isar-users@googlegroups.com>;
	Thu, 13 Dec 2018 09:56:58 +0100 (CET)
X-Auth-Info: /XRFGGwuVvzDUkfebK90rnWpzDHwhZ9Z+Mwcln3NE+0=
Received: from elite.denx.de (p578adb1c.dip0.t-ipconnect.de [87.138.219.28])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by mail.mnet-online.de (Postfix) with ESMTPSA
	for <isar-users@googlegroups.com>; Thu, 13 Dec 2018 09:56:58 +0100 (CET)
Message-ID: <1544691418.2560.7.camel@denx.de>
Subject: [PATCH] sshd-regen-keys: Fix sshd deadlock on boot
From: Harald Seiler <hws@denx.de>
To: isar-users@googlegroups.com
Date: Thu, 13 Dec 2018 09:56:58 +0100
Content-Type: text/plain; charset="UTF-8"
X-Mailer: Evolution 3.26.6 (3.26.6-1.fc27) 
Mime-Version: 1.0
Content-Transfer-Encoding: 7bit
X-TUID: fYo0/T9IXxZ5

Currently, when sshd-regen-keys runs dpkg-reconfigure, this
will lead to a call to `systemctl restart ssh`.  This call blocks
forever because of course the sshd-regen-keys unit, which is a
dependency of sshd, hasn't finished at this point and can't do so
because it is waiting as well.

To circumvent this deadlock, this commit changes sshd-regen-keys'
behavior so sshd is first disabled and only reenabled after the
job is done.

Signed-off-by: Harald Seiler <hws@denx.de>
---
 .../sshd-regen-keys/files/sshd-regen-keys.service     |  2 +-
 .../sshd-regen-keys/files/sshd-regen-keys.sh          | 19 +++++++++++++++++++
 .../sshd-regen-keys/sshd-regen-keys_0.1.bb            |  7 +++++--
 3 files changed, 25 insertions(+), 3 deletions(-)
 create mode 100644 meta/recipes-support/sshd-regen-keys/files/sshd-regen-keys.sh

diff --git a/meta/recipes-support/sshd-regen-keys/files/sshd-regen-keys.service b/meta/recipes-support/sshd-regen-keys/files/sshd-regen-keys.service
index 3b8231f..a05e1a9 100644
--- a/meta/recipes-support/sshd-regen-keys/files/sshd-regen-keys.service
+++ b/meta/recipes-support/sshd-regen-keys/files/sshd-regen-keys.service
@@ -10,7 +10,7 @@ ConditionPathIsReadWrite=/etc
 Type=oneshot
 RemainAfterExit=yes
 Environment=DEBIAN_FRONTEND=noninteractive
-ExecStart=/bin/sh -c "rm -v /etc/ssh/ssh_host_*_key*; dpkg-reconfigure openssh-server"
+ExecStart=/usr/sbin/sshd-regen-keys.sh
 ExecStartPost=-/bin/systemctl disable sshd-regen-keys.service
 StandardOutput=syslog
 StandardError=syslog
diff --git a/meta/recipes-support/sshd-regen-keys/files/sshd-regen-keys.sh b/meta/recipes-support/sshd-regen-keys/files/sshd-regen-keys.sh
new file mode 100644
index 0000000..294e8fa
--- /dev/null
+++ b/meta/recipes-support/sshd-regen-keys/files/sshd-regen-keys.sh
@@ -0,0 +1,19 @@
+#!/usr/bin/env sh
+
+echo -n "SSH server is "
+if systemctl is-enabled ssh; then
+    SSHD_ENABLED="true"
+    systemctl disable --no-reload ssh
+fi
+
+echo "Removing keys ..."
+rm -v /etc/ssh/ssh_host_*_key*
+
+echo "Regenerating keys ..."
+dpkg-reconfigure openssh-server
+
+if test -n $SSHD_ENABLED; then
+    echo "Reenabling ssh server ..."
+    systemctl enable --no-reload ssh
+    systemctl start --no-block ssh
+fi
diff --git a/meta/recipes-support/sshd-regen-keys/sshd-regen-keys_0.1.bb b/meta/recipes-support/sshd-regen-keys/sshd-regen-keys_0.1.bb
index 02e9e25..6f12414 100644
--- a/meta/recipes-support/sshd-regen-keys/sshd-regen-keys_0.1.bb
+++ b/meta/recipes-support/sshd-regen-keys/sshd-regen-keys_0.1.bb
@@ -6,9 +6,12 @@ MAINTAINER = "isar-users <isar-users@googlegroups.com>"
 DEBIAN_DEPENDS = "openssh-server, systemd"
 
 SRC_URI = "file://postinst \
-           file://sshd-regen-keys.service"
+           file://sshd-regen-keys.service \
+           file://sshd-regen-keys.sh"
 
+do_install[cleandirs] = "${D}/lib/systemd/system \
+                         ${D}/usr/sbin"
 do_install() {
-    install -v -d -m 755 "${D}/lib/systemd/system"
     install -v -m 644 "${WORKDIR}/sshd-regen-keys.service" "${D}/lib/systemd/system/sshd-regen-keys.service"
+    install -v -m 755 "${WORKDIR}/sshd-regen-keys.sh" "${D}/usr/sbin/sshd-regen-keys.sh"
 }
-- 
2.14.1