From mboxrd@z Thu Jan 1 00:00:00 1970 X-GM-THRID: 6634399131619033088 X-Received: by 2002:a2e:505a:: with SMTP id v26-v6mr1983139ljd.5.1544706037023; Thu, 13 Dec 2018 05:00:37 -0800 (PST) X-BeenThere: isar-users@googlegroups.com Received: by 2002:a2e:2a44:: with SMTP id q65-v6ls276766ljq.1.gmail; Thu, 13 Dec 2018 05:00:36 -0800 (PST) X-Google-Smtp-Source: AFSGD/W+pQQDLRXz9rjprpPN9s2j4puwvEj86e0fWMWmDgidMv+dorcg2Wi5vCWpMiChTzKXTXm1 X-Received: by 2002:a2e:8199:: with SMTP id e25-v6mr2127613ljg.15.1544706036509; Thu, 13 Dec 2018 05:00:36 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1544706036; cv=none; d=google.com; s=arc-20160816; b=JAEiuopp3jKcjLCbGO7m2yloyhaJ+Zu2sVZ2NhRAQ379t7K2uqne9E4chC6olV0DEc PY37Aa9358fyZtn1MeErzukg4klgQ11dOPe7/wdDrNgX3LmCkOxT3qCZwi5r2Pn8/Hrl lPBeMAQXOXaMTYzmhIUg2G1vfpvUsjPV9/t1GY9FLik8pRqho31qZlDIOEFAeuRjV4Kv yYWVJHX7ffHegPEw83LSNqKC3TEz5h+G3p4eXcBU8n3MYuPYfLi8dB4wx9PS40IGgS9w s3fOgAM3r+h6sVLClVxXpbF7iIsIlN80gM1t0YfzVy1GsFTYUP803lCKXX9WV5MJR4Kf OAMQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:references:in-reply-to:date :cc:to:from:subject:message-id; bh=mLlaZ9AD9ojcMRG7i3hunkBr2uUNiOJ7qdYsByurbhc=; b=VZl6PZjPcJFoNqadBZ7UypuV0X1rq7lahVCKVTTyEt0SYjpk2xhyg9jpVF3eFMbKLL OEOlYgvOf9I+xBYlZvpV/f1HNoposGbi/Yx087hSdcC4+Og9/BbRYb9xsB/Q0YXVSPNc IEJkZDePq9S2kJ7Z/hWeDHtKQj1AGxbycCas3v+G1AwHV1U5sTHM5E5bQmq3IB05Fg9Q GFox3nAhuWuuC9ywKs/hYlyVyE9/JesCRH8htRmfpmqDyYgEGa0lJxibWHKHB6rxiWea EDrRN7hzAaIirEyhO57jT4bnsPnoISpLs67wd/4yOalpz5kiZBVOGOgs5wB5ZPrr+5dO XFhg== ARC-Authentication-Results: i=1; gmr-mx.google.com; spf=neutral (google.com: 212.18.0.9 is neither permitted nor denied by best guess record for domain of hws@denx.de) smtp.mailfrom=hws@denx.de Return-Path: Received: from mail-out.m-online.net (mail-out.m-online.net. [212.18.0.9]) by gmr-mx.google.com with ESMTPS id t5-v6si53392lje.3.2018.12.13.05.00.36 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 13 Dec 2018 05:00:36 -0800 (PST) Received-SPF: neutral (google.com: 212.18.0.9 is neither permitted nor denied by best guess record for domain of hws@denx.de) client-ip=212.18.0.9; Authentication-Results: gmr-mx.google.com; spf=neutral (google.com: 212.18.0.9 is neither permitted nor denied by best guess record for domain of hws@denx.de) smtp.mailfrom=hws@denx.de Received: from frontend01.mail.m-online.net (unknown [192.168.8.182]) by mail-out.m-online.net (Postfix) with ESMTP id 43Fv1H6F40z1qwQd; Thu, 13 Dec 2018 14:00:35 +0100 (CET) Received: from localhost (dynscan1.mnet-online.de [192.168.6.70]) by mail.m-online.net (Postfix) with ESMTP id 43Fv1H5sGcz1qtfH; Thu, 13 Dec 2018 14:00:35 +0100 (CET) X-Virus-Scanned: amavisd-new at mnet-online.de Received: from mail.mnet-online.de ([192.168.8.182]) by localhost (dynscan1.mail.m-online.net [192.168.6.70]) (amavisd-new, port 10024) with ESMTP id AGCmD2V5O7mu; Thu, 13 Dec 2018 14:00:22 +0100 (CET) X-Auth-Info: 7A/9kDaKHnxX+dEp5wo3rHB3Ci6drsDrC6x+UX0QRWc= Received: from elite.denx.de (p578adb1c.dip0.t-ipconnect.de [87.138.219.28]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.mnet-online.de (Postfix) with ESMTPSA; Thu, 13 Dec 2018 14:00:05 +0100 (CET) Message-ID: <1544706004.2560.17.camel@denx.de> Subject: Re: [PATCH] sshd-regen-keys: Fix sshd deadlock on boot From: Harald Seiler To: Henning Schild Cc: isar-users@googlegroups.com Date: Thu, 13 Dec 2018 14:00:04 +0100 In-Reply-To: <20181213134625.4a811e3b@md1za8fc.ad001.siemens.net> References: <1544691418.2560.7.camel@denx.de> <20181213134625.4a811e3b@md1za8fc.ad001.siemens.net> Content-Type: text/plain; charset="UTF-8" X-Mailer: Evolution 3.26.6 (3.26.6-1.fc27) Mime-Version: 1.0 Content-Transfer-Encoding: 7bit X-TUID: 8tVgWTb3+3Q+ On Thu, 2018-12-13 at 13:46 +0100, Henning Schild wrote: > Am Thu, 13 Dec 2018 09:56:58 +0100 > schrieb Harald Seiler : > > > Currently, when sshd-regen-keys runs dpkg-reconfigure, this > > will lead to a call to `systemctl restart ssh`. This call blocks > > forever because of course the sshd-regen-keys unit, which is a > > dependency of sshd, hasn't finished at this point and can't do so > > because it is waiting as well. > > > > To circumvent this deadlock, this commit changes sshd-regen-keys' > > behavior so sshd is first disabled and only reenabled after the > > job is done. > > > > Signed-off-by: Harald Seiler > > --- > > .../sshd-regen-keys/files/sshd-regen-keys.service | 2 +- > > .../sshd-regen-keys/files/sshd-regen-keys.sh | 19 > > +++++++++++++++++++ .../sshd-regen-keys/sshd-regen-keys_0.1.bb > > > 7 +++++-- 3 files changed, 25 insertions(+), 3 deletions(-) > > > > create mode 100644 > > meta/recipes-support/sshd-regen-keys/files/sshd-regen-keys.sh > > > > diff --git > > a/meta/recipes-support/sshd-regen-keys/files/sshd-regen-keys.service > > b/meta/recipes-support/sshd-regen-keys/files/sshd-regen-keys.service > > index 3b8231f..a05e1a9 100644 --- > > a/meta/recipes-support/sshd-regen-keys/files/sshd-regen-keys.service > > +++ > > b/meta/recipes-support/sshd-regen-keys/files/sshd-regen-keys.service > > @@ -10,7 +10,7 @@ ConditionPathIsReadWrite=/etc Type=oneshot > > RemainAfterExit=yes Environment=DEBIAN_FRONTEND=noninteractive > > -ExecStart=/bin/sh -c "rm -v /etc/ssh/ssh_host_*_key*; > > dpkg-reconfigure openssh-server" > > +ExecStart=/usr/sbin/sshd-regen-keys.sh ExecStartPost=-/bin/systemctl > > disable sshd-regen-keys.service StandardOutput=syslog > > StandardError=syslog diff --git > > a/meta/recipes-support/sshd-regen-keys/files/sshd-regen-keys.sh > > b/meta/recipes-support/sshd-regen-keys/files/sshd-regen-keys.sh new > > file mode 100644 index 0000000..294e8fa --- /dev/null > > +++ b/meta/recipes-support/sshd-regen-keys/files/sshd-regen-keys.sh > > @@ -0,0 +1,19 @@ > > +#!/usr/bin/env sh > > + > > +echo -n "SSH server is " > > +if systemctl is-enabled ssh; then > > + SSHD_ENABLED="true" > > + systemctl disable --no-reload ssh > > +fi > > + > > +echo "Removing keys ..." > > +rm -v /etc/ssh/ssh_host_*_key* > > + > > +echo "Regenerating keys ..." > > +dpkg-reconfigure openssh-server > > + > > +if test -n $SSHD_ENABLED; then > > + echo "Reenabling ssh server ..." > > + systemctl enable --no-reload ssh > > + systemctl start --no-block ssh > > Do we need the start? Is that not in fact taking us into the same > issue? ... i guess that is the "--no-block". Yes, `systemctl start --no-block` queues the unit for starting and immediately returns, which prevents us from running into the same deadlock again. > Henning > > > +fi > > diff --git > > a/meta/recipes-support/sshd-regen-keys/sshd-regen-keys_0.1.bb > > b/meta/recipes-support/sshd-regen-keys/sshd-regen-keys_0.1.bb index > > 02e9e25..6f12414 100644 --- > > a/meta/recipes-support/sshd-regen-keys/sshd-regen-keys_0.1.bb +++ > > b/meta/recipes-support/sshd-regen-keys/sshd-regen-keys_0.1.bb @@ -6,9 > > +6,12 @@ MAINTAINER = "isar-users " > > DEBIAN_DEPENDS = "openssh-server, systemd" SRC_URI = "file://postinst > > \ > > - file://sshd-regen-keys.service" > > + file://sshd-regen-keys.service \ > > + file://sshd-regen-keys.sh" > > > > +do_install[cleandirs] = "${D}/lib/systemd/system \ > > + ${D}/usr/sbin" > > do_install() { > > - install -v -d -m 755 "${D}/lib/systemd/system" > > install -v -m 644 "${WORKDIR}/sshd-regen-keys.service" > > "${D}/lib/systemd/system/sshd-regen-keys.service" > > + install -v -m 755 "${WORKDIR}/sshd-regen-keys.sh" > > "${D}/usr/sbin/sshd-regen-keys.sh" } > > -- Harald DENX Software Engineering GmbH, Managing Director: Wolfgang Denk HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany Phone: +49-8142-66989-62 Fax: +49-8142-66989-80 Email: hws@denx.de