From mboxrd@z Thu Jan 1 00:00:00 1970 X-GM-THRID: 6634399131619033088 X-Received: by 2002:a50:ad61:: with SMTP id z30mr4464455edc.0.1544694486699; Thu, 13 Dec 2018 01:48:06 -0800 (PST) X-BeenThere: isar-users@googlegroups.com Received: by 2002:a17:906:5a09:: with SMTP id p9-v6ls358538ejq.3.gmail; Thu, 13 Dec 2018 01:48:06 -0800 (PST) X-Google-Smtp-Source: AFSGD/WYoHmdKBoLEg1aC0tVstfk4LFFI1ZqC1ePW39ZsULlT4UVZo1alJYjVxhQqvCwN92YlShe X-Received: by 2002:a17:906:443:: with SMTP id e3-v6mr3643735eja.1.1544694486290; Thu, 13 Dec 2018 01:48:06 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1544694486; cv=none; d=google.com; s=arc-20160816; b=yjPB8bvMTr+schPwQgSoBbKEgf/F0ZHIS0/h5VEuKFqKHNmePm6v+1oTHySAUK9Cq1 9JY+dZkIMSaLiM+7LVrJpprxY3WR2tmlfGciSOb2ZbSDsQU6+exLaR30Tkdz2RnKibUT yzMWqvxD5RjKF5f9Sr2cvOtrNZH+L7UgzQU4XXOIjhf0tVLWYrAHm2BL803uZVyRzwqt GkfjwZRfW1UmOfeYKFrIf9gvI4r1fzo2o0SVQ02oq5CgYRui8loAO3RZtvt3asWv5sAi 1jC4w+l/AaSUrIZBnYrod7xIbcoDt1gxOO15U/cC4NSMiSv520fZNDORiagkJ5WqZy18 ShNw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:references:in-reply-to:date :to:from:subject:message-id; bh=Kd1d9KaZR1v45t97+JrkZR9CMGcqyrXsu7XUsdwl3uw=; b=WqyKkfSUCNGNC1E3MsPqPmW1/2h/cj/ukn4OvLYjJ2RKJPMWnCkCvoSzIm94zvgzE9 8s4vyhRoFKzHwqGv0fSf8V2Pqa/ZKX22O/kI2SBGkaWaIrJLKbniZ9xUZO/VmE0oIsjZ LAMMaMfbYWZSgEYHfcE5kZ+VqgpI9JohvB7AvTo97VMrVIPBQ/ZLC53DTnxQzTzX6uC2 FekfznoiigpOWeZdKg2FweL5IZQjWZY2vkdeYWC4nSPNFop0oC0ebMYp1yM6nlYlZyll NmzaDFgcOoTkk5lWT7A3hVA/k2zLJnysRMK20cx269cc7jdNzZks82s99KE0TFZ0BBfR Kjjg== ARC-Authentication-Results: i=1; gmr-mx.google.com; spf=neutral (google.com: 212.18.0.9 is neither permitted nor denied by best guess record for domain of hws@denx.de) smtp.mailfrom=hws@denx.de Return-Path: Received: from mail-out.m-online.net (mail-out.m-online.net. [212.18.0.9]) by gmr-mx.google.com with ESMTPS id k25si80296edd.1.2018.12.13.01.48.06 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 13 Dec 2018 01:48:06 -0800 (PST) Received-SPF: neutral (google.com: 212.18.0.9 is neither permitted nor denied by best guess record for domain of hws@denx.de) client-ip=212.18.0.9; Authentication-Results: gmr-mx.google.com; spf=neutral (google.com: 212.18.0.9 is neither permitted nor denied by best guess record for domain of hws@denx.de) smtp.mailfrom=hws@denx.de Received: from frontend01.mail.m-online.net (unknown [192.168.8.182]) by mail-out.m-online.net (Postfix) with ESMTP id 43FplB03lYz1qvwQ; Thu, 13 Dec 2018 10:48:06 +0100 (CET) Received: from localhost (dynscan1.mnet-online.de [192.168.6.70]) by mail.m-online.net (Postfix) with ESMTP id 43Fpl96y2Rz1qtdx; Thu, 13 Dec 2018 10:48:05 +0100 (CET) X-Virus-Scanned: amavisd-new at mnet-online.de Received: from mail.mnet-online.de ([192.168.8.182]) by localhost (dynscan1.mail.m-online.net [192.168.6.70]) (amavisd-new, port 10024) with ESMTP id vpNiSKE-xWFw; Thu, 13 Dec 2018 10:48:04 +0100 (CET) X-Auth-Info: Wsl9H1Vyk9KhoXCQjL5x64ld2A5xwgMzdEhDN7CGaWg= Received: from elite.denx.de (p578adb1c.dip0.t-ipconnect.de [87.138.219.28]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.mnet-online.de (Postfix) with ESMTPSA; Thu, 13 Dec 2018 10:48:04 +0100 (CET) Message-ID: <1544694484.2560.15.camel@denx.de> Subject: Re: [PATCH] sshd-regen-keys: Fix sshd deadlock on boot From: Harald Seiler To: Claudius Heine , isar-users@googlegroups.com Date: Thu, 13 Dec 2018 10:48:04 +0100 In-Reply-To: References: <1544691418.2560.7.camel@denx.de> Content-Type: text/plain; charset="UTF-8" X-Mailer: Evolution 3.26.6 (3.26.6-1.fc27) Mime-Version: 1.0 Content-Transfer-Encoding: 7bit X-TUID: SgnQ88NThgTG Hello Claudius, On Thu, 2018-12-13 at 10:41 +0100, Claudius Heine wrote: > Hi Harald, > > On 13/12/2018 09.56, Harald Seiler wrote: > > Currently, when sshd-regen-keys runs dpkg-reconfigure, this > > will lead to a call to `systemctl restart ssh`. This call blocks > > forever because of course the sshd-regen-keys unit, which is a > > dependency of sshd, hasn't finished at this point and can't do so > > because it is waiting as well. > > > > To circumvent this deadlock, this commit changes sshd-regen-keys' > > behavior so sshd is first disabled and only reenabled after the > > job is done. > > > > Signed-off-by: Harald Seiler > > --- > > .../sshd-regen-keys/files/sshd-regen-keys.service | 2 +- > > .../sshd-regen-keys/files/sshd-regen-keys.sh | 19 +++++++++++++++++++ > > .../sshd-regen-keys/sshd-regen-keys_0.1.bb | 7 +++++-- > > 3 files changed, 25 insertions(+), 3 deletions(-) > > create mode 100644 meta/recipes-support/sshd-regen-keys/files/sshd-regen-keys.sh > > > > diff --git a/meta/recipes-support/sshd-regen-keys/files/sshd-regen-keys.service b/meta/recipes-support/sshd-regen-keys/files/sshd-regen-keys.service > > index 3b8231f..a05e1a9 100644 > > --- a/meta/recipes-support/sshd-regen-keys/files/sshd-regen-keys.service > > +++ b/meta/recipes-support/sshd-regen-keys/files/sshd-regen-keys.service > > @@ -10,7 +10,7 @@ ConditionPathIsReadWrite=/etc > > Type=oneshot > > RemainAfterExit=yes > > Environment=DEBIAN_FRONTEND=noninteractive > > -ExecStart=/bin/sh -c "rm -v /etc/ssh/ssh_host_*_key*; dpkg-reconfigure openssh-server" > > +ExecStart=/usr/sbin/sshd-regen-keys.sh > > ExecStartPost=-/bin/systemctl disable sshd-regen-keys.service > > StandardOutput=syslog > > StandardError=syslog > > diff --git a/meta/recipes-support/sshd-regen-keys/files/sshd-regen-keys.sh b/meta/recipes-support/sshd-regen-keys/files/sshd-regen-keys.sh > > new file mode 100644 > > index 0000000..294e8fa > > --- /dev/null > > +++ b/meta/recipes-support/sshd-regen-keys/files/sshd-regen-keys.sh > > @@ -0,0 +1,19 @@ > > +#!/usr/bin/env sh > > + > > +echo -n "SSH server is " > > +if systemctl is-enabled ssh; then > > + SSHD_ENABLED="true" > > + systemctl disable --no-reload ssh > > +fi > > + > > +echo "Removing keys ..." > > +rm -v /etc/ssh/ssh_host_*_key* > > + > > +echo "Regenerating keys ..." > > +dpkg-reconfigure openssh-server > > Since this is part of 'meta', does it make sense to make the package > name+service file name configurable from the bitbake configuration or is > that too much trouble. > I don't quite understand what you mean, can you please elaborate on that? > > + > > +if test -n $SSHD_ENABLED; then > > + echo "Reenabling ssh server ..." > > + systemctl enable --no-reload ssh > > + systemctl start --no-block ssh > > Should the service be stopped before? Or in other words: Does it make > sense to differentiate between sshd enabled and started in this script? ssh.service is guaranteed to be stopped because it requires sshd-regen-keys.service to be done before starting. > So apart from those minor nitpicks/questions, LGTM. > > Kind regards, > Claudius > > > +fi > > diff --git a/meta/recipes-support/sshd-regen-keys/sshd-regen-keys_0.1.bb b/meta/recipes-support/sshd-regen-keys/sshd-regen-keys_0.1.bb > > index 02e9e25..6f12414 100644 > > --- a/meta/recipes-support/sshd-regen-keys/sshd-regen-keys_0.1.bb > > +++ b/meta/recipes-support/sshd-regen-keys/sshd-regen-keys_0.1.bb > > @@ -6,9 +6,12 @@ MAINTAINER = "isar-users " > > DEBIAN_DEPENDS = "openssh-server, systemd" > > > > SRC_URI = "file://postinst \ > > - file://sshd-regen-keys.service" > > + file://sshd-regen-keys.service \ > > + file://sshd-regen-keys.sh" > > > > +do_install[cleandirs] = "${D}/lib/systemd/system \ > > + ${D}/usr/sbin" > > do_install() { > > - install -v -d -m 755 "${D}/lib/systemd/system" > > install -v -m 644 "${WORKDIR}/sshd-regen-keys.service" "${D}/lib/systemd/system/sshd-regen-keys.service" > > + install -v -m 755 "${WORKDIR}/sshd-regen-keys.sh" "${D}/usr/sbin/sshd-regen-keys.sh" > > } > > > > -- Harald DENX Software Engineering GmbH, Managing Director: Wolfgang Denk HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany Phone: +49-8142-66989-62 Fax: +49-8142-66989-80 Email: hws@denx.de