From mboxrd@z Thu Jan 1 00:00:00 1970 X-GM-THRID: 6634399131619033088 X-Received: by 2002:a17:906:b7d9:: with SMTP id fy25-v6mr3775185ejb.2.1544707083986; Thu, 13 Dec 2018 05:18:03 -0800 (PST) X-BeenThere: isar-users@googlegroups.com Received: by 2002:a50:a5f8:: with SMTP id b53ls684037edc.5.gmail; Thu, 13 Dec 2018 05:18:03 -0800 (PST) X-Google-Smtp-Source: AFSGD/XUSoJZQXFfbOVgkE8JXet3m6waaeRBKwNha4WMF5Ddt0/XuIOy1JwBRBR4PSfc9gO/XFdm X-Received: by 2002:a50:d1d6:: with SMTP id i22mr4615521edg.1.1544707083612; Thu, 13 Dec 2018 05:18:03 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1544707083; cv=none; d=google.com; s=arc-20160816; b=vvvYzdRYbO41qIgBsvmdXVi9jQWK7uImWK6WGtJbNwDfKOAhJOmxmuyP/BdOU3qeSp Bkl+FqOhCaLB2VgjFeVtySfEUI/TOuW9cAGL/slfdU9rZuEnyp2ENliu4wHwjF0Kqm3e f/aCp1JphGs/DYojzLkW4sAwSrrxBw8RineG/hYVbGVcr8dnnlhhs0McObQAEHJWVwQi W/mp8O1N2NCMTyCHEoqKrRwUolFErkm6n01oNpr3immG452Y9XfzqU+ofsZOO7AiWZqL toR/2jPhVuiIbGKEMgPmpmGFU+owY7moPe7uUipdDvPaoykWblTb86CE+F/BXiOC++RP 6JYw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:subject:cc:to:from:date; bh=9q2ug21EdnTl9xXJM8EpbuQrVSsxewSyT+voLuCrZ8g=; b=qaJwWH8Q9QjoCvMguTlhfMuGAFIy5QOzOrjCOEkVbg+8JUH/VsA9wxj6B0S/ZEoRmK dYd9G5vnNqnNRWdyaRgaYx+A6Pwyt5GhwWdc1IW+i+HOQij4KOUNpVBvaYFk1vTKybg0 5vYY0ozeAYfFhpXBDV4gnX2MA4U/CmWI2WknI7QcWdUhl5Xk/eefAIM590F9NlEVEdmO tRhAOBUBBra6pj9z6A5TjriMVIA665Da9CizpZUeYl/kkbuex3lEGAuPYx7qC0IQEDmy Lp5GulBkp4eYTwYklH4WWrqZzLAelV8Cb4qSpMtO8n/AHU3t/X0uz2+b+Ovwia5QoaeS /dBg== ARC-Authentication-Results: i=1; gmr-mx.google.com; spf=pass (google.com: domain of henning.schild@siemens.com designates 194.138.37.39 as permitted sender) smtp.mailfrom=henning.schild@siemens.com Return-Path: Received: from lizzard.sbs.de (lizzard.sbs.de. [194.138.37.39]) by gmr-mx.google.com with ESMTPS id a3si48191eda.0.2018.12.13.05.18.03 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 13 Dec 2018 05:18:03 -0800 (PST) Received-SPF: pass (google.com: domain of henning.schild@siemens.com designates 194.138.37.39 as permitted sender) client-ip=194.138.37.39; Authentication-Results: gmr-mx.google.com; spf=pass (google.com: domain of henning.schild@siemens.com designates 194.138.37.39 as permitted sender) smtp.mailfrom=henning.schild@siemens.com Received: from mail1.sbs.de (mail1.sbs.de [192.129.41.35]) by lizzard.sbs.de (8.15.2/8.15.2) with ESMTPS id wBDDI3j7000310 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Thu, 13 Dec 2018 14:18:03 +0100 Received: from md1za8fc.ad001.siemens.net ([139.25.69.236]) by mail1.sbs.de (8.15.2/8.15.2) with ESMTP id wBDDI2fG001590; Thu, 13 Dec 2018 14:18:02 +0100 Date: Thu, 13 Dec 2018 14:18:02 +0100 From: Henning Schild To: Harald Seiler Cc: Subject: Re: [PATCH] sshd-regen-keys: Fix sshd deadlock on boot Message-ID: <20181213141802.6fe4a015@md1za8fc.ad001.siemens.net> In-Reply-To: <1544706004.2560.17.camel@denx.de> References: <1544691418.2560.7.camel@denx.de> <20181213134625.4a811e3b@md1za8fc.ad001.siemens.net> <1544706004.2560.17.camel@denx.de> X-Mailer: Claws Mail 3.15.0-dirty (GTK+ 2.24.32; x86_64-pc-linux-gnu) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-TUID: TWf4Nrcnbj6u Am Thu, 13 Dec 2018 14:00:04 +0100 schrieb Harald Seiler : > On Thu, 2018-12-13 at 13:46 +0100, Henning Schild wrote: > > Am Thu, 13 Dec 2018 09:56:58 +0100 > > schrieb Harald Seiler : > > > > > Currently, when sshd-regen-keys runs dpkg-reconfigure, this > > > will lead to a call to `systemctl restart ssh`. This call blocks > > > forever because of course the sshd-regen-keys unit, which is a > > > dependency of sshd, hasn't finished at this point and can't do so > > > because it is waiting as well. > > > > > > To circumvent this deadlock, this commit changes sshd-regen-keys' > > > behavior so sshd is first disabled and only reenabled after the > > > job is done. > > > > > > Signed-off-by: Harald Seiler > > > --- > > > .../sshd-regen-keys/files/sshd-regen-keys.service | 2 +- > > > .../sshd-regen-keys/files/sshd-regen-keys.sh | 19 > > > +++++++++++++++++++ .../sshd-regen-keys/sshd-regen-keys_0.1.bb > > > > 7 +++++-- 3 files changed, 25 insertions(+), 3 deletions(-) > > > > > > create mode 100644 > > > meta/recipes-support/sshd-regen-keys/files/sshd-regen-keys.sh > > > > > > diff --git > > > a/meta/recipes-support/sshd-regen-keys/files/sshd-regen-keys.service > > > b/meta/recipes-support/sshd-regen-keys/files/sshd-regen-keys.service > > > index 3b8231f..a05e1a9 100644 --- > > > a/meta/recipes-support/sshd-regen-keys/files/sshd-regen-keys.service > > > +++ > > > b/meta/recipes-support/sshd-regen-keys/files/sshd-regen-keys.service > > > @@ -10,7 +10,7 @@ ConditionPathIsReadWrite=/etc Type=oneshot > > > RemainAfterExit=yes Environment=DEBIAN_FRONTEND=noninteractive > > > -ExecStart=/bin/sh -c "rm -v /etc/ssh/ssh_host_*_key*; > > > dpkg-reconfigure openssh-server" > > > +ExecStart=/usr/sbin/sshd-regen-keys.sh > > > ExecStartPost=-/bin/systemctl disable sshd-regen-keys.service > > > StandardOutput=syslog StandardError=syslog diff --git > > > a/meta/recipes-support/sshd-regen-keys/files/sshd-regen-keys.sh > > > b/meta/recipes-support/sshd-regen-keys/files/sshd-regen-keys.sh > > > new file mode 100644 index 0000000..294e8fa --- /dev/null > > > +++ > > > b/meta/recipes-support/sshd-regen-keys/files/sshd-regen-keys.sh > > > @@ -0,0 +1,19 @@ +#!/usr/bin/env sh > > > + > > > +echo -n "SSH server is " > > > +if systemctl is-enabled ssh; then > > > + SSHD_ENABLED="true" > > > + systemctl disable --no-reload ssh > > > +fi > > > + > > > +echo "Removing keys ..." > > > +rm -v /etc/ssh/ssh_host_*_key* > > > + > > > +echo "Regenerating keys ..." > > > +dpkg-reconfigure openssh-server > > > + > > > +if test -n $SSHD_ENABLED; then > > > + echo "Reenabling ssh server ..." > > > + systemctl enable --no-reload ssh > > > + systemctl start --no-block ssh > > > > Do we need the start? Is that not in fact taking us into the same > > issue? ... i guess that is the "--no-block". > > Yes, `systemctl start --no-block` queues the unit for starting > and immediately returns, which prevents us from running into the > same deadlock again. That is what i guessed. But can we not drop that? The unit has to finish before sshd anyways, so there will be a "start sshd" somewhere after that point. Henning > > Henning > > > > > +fi > > > diff --git > > > a/meta/recipes-support/sshd-regen-keys/sshd-regen-keys_0.1.bb > > > b/meta/recipes-support/sshd-regen-keys/sshd-regen-keys_0.1.bb > > > index 02e9e25..6f12414 100644 --- > > > a/meta/recipes-support/sshd-regen-keys/sshd-regen-keys_0.1.bb +++ > > > b/meta/recipes-support/sshd-regen-keys/sshd-regen-keys_0.1.bb @@ > > > -6,9 +6,12 @@ MAINTAINER = "isar-users > > > " DEBIAN_DEPENDS = "openssh-server, > > > systemd" SRC_URI = "file://postinst \ > > > - file://sshd-regen-keys.service" > > > + file://sshd-regen-keys.service \ > > > + file://sshd-regen-keys.sh" > > > > > > +do_install[cleandirs] = "${D}/lib/systemd/system \ > > > + ${D}/usr/sbin" > > > do_install() { > > > - install -v -d -m 755 "${D}/lib/systemd/system" > > > install -v -m 644 "${WORKDIR}/sshd-regen-keys.service" > > > "${D}/lib/systemd/system/sshd-regen-keys.service" > > > + install -v -m 755 "${WORKDIR}/sshd-regen-keys.sh" > > > "${D}/usr/sbin/sshd-regen-keys.sh" } > > > >