From mboxrd@z Thu Jan 1 00:00:00 1970 X-GM-THRID: 6634399131619033088 X-Received: by 2002:a2e:482:: with SMTP id a2-v6mr1741441ljf.28.1545228555650; Wed, 19 Dec 2018 06:09:15 -0800 (PST) X-BeenThere: isar-users@googlegroups.com Received: by 2002:a19:7609:: with SMTP id c9ls1924873lff.0.gmail; Wed, 19 Dec 2018 06:09:15 -0800 (PST) X-Google-Smtp-Source: AFSGD/W692vIm4T0XZfKSkPi9ci3OsifRmrer7/0cStGxVMAbG5NpJ7WH+K567rQBlnlwcVFIGVl X-Received: by 2002:a19:ed18:: with SMTP id y24mr1227584lfy.17.1545228555024; Wed, 19 Dec 2018 06:09:15 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1545228554; cv=none; d=google.com; s=arc-20160816; b=fsm3nic0Nvxvli12PY0vGmvhALwyeL8u7O7JROAi+Io0upGX3vY8DaBda4P1hofmDR v0IKUFLeeUIMM4EAv4CVtkkwyj203DAskB27wWYzStaszIGjN+y042jnZiz0hhREuh4L LwYoBKAWOK4lYUsllTOVfm3UvmmOs1bAPQVQ9wpTFTaASZDELWPSB3+EAFWjSvsOrbDf jG/T9bQRwTOj7Mu48Vji4ihu+jtDCyF7M/4m/N9laSTwM9lwS+Iqmt6a5qjR38lrbtnE DusiBWkUPusCEM4CLIJB5fx7sqIkEyWLYDWbnRV7ZKNMnqWCMZe1TIUgKdaFJwFHFRHP C4yg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:subject:cc:to:from:date; bh=DnIB8a/gAUBbxGDcoZoWx2qttSwFM0RE7/qdvw/Nejg=; b=f3JuoInVgy89qj/Z/6woU0CLauG4Cz92XXm+eYoFd3FWYofAb0L9Unbq2LRcbJ4fHl t5PoQrDbaSEEhsowWQA2IO9ItPtLTdYbjV2fgoSMtDamxe+nFHzaoBHjjK8nPeIsDOCW uSnfGQaEc6VdJK05M+34Ip9RFZB4diL5Df13yn44BLBOXZTa1D1aRDSeZyO9lUF3UtWP KMHS8EVW8oRtTl9GmiyZVKwnWRR7q9OFDF1Arksx4+dK0yw4govpQd5tRUGY4ExzkcVM lY34qAtPP+/6PYYAaGWftwX37TR7Np3LrBfK5SCPMGLaieQtzTLVftNetLLRhz6pX8YW 3YVg== ARC-Authentication-Results: i=1; gmr-mx.google.com; spf=pass (google.com: domain of henning.schild@siemens.com designates 194.138.37.39 as permitted sender) smtp.mailfrom=henning.schild@siemens.com Return-Path: Received: from lizzard.sbs.de (lizzard.sbs.de. [194.138.37.39]) by gmr-mx.google.com with ESMTPS id n189si715959lfa.4.2018.12.19.06.09.14 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 19 Dec 2018 06:09:14 -0800 (PST) Received-SPF: pass (google.com: domain of henning.schild@siemens.com designates 194.138.37.39 as permitted sender) client-ip=194.138.37.39; Authentication-Results: gmr-mx.google.com; spf=pass (google.com: domain of henning.schild@siemens.com designates 194.138.37.39 as permitted sender) smtp.mailfrom=henning.schild@siemens.com Received: from mail1.sbs.de (mail1.sbs.de [192.129.41.35]) by lizzard.sbs.de (8.15.2/8.15.2) with ESMTPS id wBJE9EHo007364 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 19 Dec 2018 15:09:14 +0100 Received: from md1za8fc.ad001.siemens.net ([139.25.69.6]) by mail1.sbs.de (8.15.2/8.15.2) with ESMTP id wBJE9EL2031387; Wed, 19 Dec 2018 15:09:14 +0100 Date: Wed, 19 Dec 2018 15:09:13 +0100 From: Henning Schild To: Harald Seiler Cc: Subject: Re: [PATCH v3] sshd-regen-keys: Fix sshd deadlock on boot Message-ID: <20181219150913.7a737eea@md1za8fc.ad001.siemens.net> In-Reply-To: <32fe04e1e3f5c3c90543665e8965f0e04a8781cf.camel@denx.de> References: <20181219134121.6b540490@md1za8fc.ad001.siemens.net> <32fe04e1e3f5c3c90543665e8965f0e04a8781cf.camel@denx.de> X-Mailer: Claws Mail 3.15.0-dirty (GTK+ 2.24.32; x86_64-pc-linux-gnu) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-TUID: fTl2pLLOsb6S LGTM, and tests succeeded as expected. Henning Am Wed, 19 Dec 2018 14:54:04 +0100 schrieb Harald Seiler : > Currently, when sshd-regen-keys runs dpkg-reconfigure, this > will lead to a call to `systemctl restart ssh`. This call blocks > forever because of course the sshd-regen-keys unit, which is a > dependency of sshd, hasn't finished at this point and can't do so > because it is waiting as well. > > To circumvent this deadlock, this commit changes sshd-regen-keys' > behavior so sshd is first disabled and only reenabled after the > job is done. > > Signed-off-by: Harald Seiler > --- > Changes for v2: > - Remove `systemctl start --no-block ssh` call as it looks like > this is not needed. > > Changes for v3: > - Bump version number to 0.2 > > .../sshd-regen-keys/files/sshd-regen-keys.service | 2 +- > .../sshd-regen-keys/files/sshd-regen-keys.sh | 18 > ++++++++++++++++++ .../{sshd-regen-keys_0.1.bb => > sshd-regen-keys_0.2.bb} | 7 +++++-- 3 files changed, 24 > insertions(+), 3 deletions(-) create mode 100644 > meta/recipes-support/sshd-regen-keys/files/sshd-regen-keys.sh rename > meta/recipes-support/sshd-regen-keys/{sshd-regen-keys_0.1.bb => > sshd-regen-keys_0.2.bb} (58%) > > diff --git > a/meta/recipes-support/sshd-regen-keys/files/sshd-regen-keys.service > b/meta/recipes-support/sshd-regen-keys/files/sshd-regen-keys.service > index 3b8231f..a05e1a9 100644 --- > a/meta/recipes-support/sshd-regen-keys/files/sshd-regen-keys.service > +++ > b/meta/recipes-support/sshd-regen-keys/files/sshd-regen-keys.service > @@ -10,7 +10,7 @@ ConditionPathIsReadWrite=/etc Type=oneshot > RemainAfterExit=yes Environment=DEBIAN_FRONTEND=noninteractive > -ExecStart=/bin/sh -c "rm -v /etc/ssh/ssh_host_*_key*; > dpkg-reconfigure openssh-server" > +ExecStart=/usr/sbin/sshd-regen-keys.sh ExecStartPost=-/bin/systemctl > disable sshd-regen-keys.service StandardOutput=syslog > StandardError=syslog diff --git > a/meta/recipes-support/sshd-regen-keys/files/sshd-regen-keys.sh > b/meta/recipes-support/sshd-regen-keys/files/sshd-regen-keys.sh new > file mode 100644 index 0000000..11fca3b --- /dev/null > +++ b/meta/recipes-support/sshd-regen-keys/files/sshd-regen-keys.sh > @@ -0,0 +1,18 @@ > +#!/usr/bin/env sh > + > +echo -n "SSH server is " > +if systemctl is-enabled ssh; then > + SSHD_ENABLED="true" > + systemctl disable --no-reload ssh > +fi > + > +echo "Removing keys ..." > +rm -v /etc/ssh/ssh_host_*_key* > + > +echo "Regenerating keys ..." > +dpkg-reconfigure openssh-server > + > +if test -n $SSHD_ENABLED; then > + echo "Reenabling ssh server ..." > + systemctl enable --no-reload ssh > +fi > diff --git > a/meta/recipes-support/sshd-regen-keys/sshd-regen-keys_0.1.bb > b/meta/recipes-support/sshd-regen-keys/sshd-regen-keys_0.2.bb > similarity index 58% rename from > meta/recipes-support/sshd-regen-keys/sshd-regen-keys_0.1.bb rename to > meta/recipes-support/sshd-regen-keys/sshd-regen-keys_0.2.bb index > 02e9e25..6f12414 100644 --- > a/meta/recipes-support/sshd-regen-keys/sshd-regen-keys_0.1.bb +++ > b/meta/recipes-support/sshd-regen-keys/sshd-regen-keys_0.2.bb @@ -6,9 > +6,12 @@ MAINTAINER = "isar-users " > DEBIAN_DEPENDS = "openssh-server, systemd" SRC_URI = "file://postinst > \ > - file://sshd-regen-keys.service" > + file://sshd-regen-keys.service \ > + file://sshd-regen-keys.sh" > > +do_install[cleandirs] = "${D}/lib/systemd/system \ > + ${D}/usr/sbin" > do_install() { > - install -v -d -m 755 "${D}/lib/systemd/system" > install -v -m 644 "${WORKDIR}/sshd-regen-keys.service" > "${D}/lib/systemd/system/sshd-regen-keys.service" > + install -v -m 755 "${WORKDIR}/sshd-regen-keys.sh" > "${D}/usr/sbin/sshd-regen-keys.sh" } >