From mboxrd@z Thu Jan 1 00:00:00 1970 X-GM-THRID: 6634399131619033088 X-Received: by 2002:adf:c606:: with SMTP id n6mr1584781wrg.62.1559067916776; Tue, 28 May 2019 11:25:16 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com Received: by 2002:a5d:6751:: with SMTP id l17ls3613319wrw.7.gmail; Tue, 28 May 2019 11:25:16 -0700 (PDT) X-Google-Smtp-Source: APXvYqyYSObovLh26DMInjv7NcP+6bwH5bq5HHvIVxyM3W5bevqT35aBSdua0Fo+ELJCbPMbbUMr X-Received: by 2002:a5d:53ca:: with SMTP id a10mr4254698wrw.131.1559067916352; Tue, 28 May 2019 11:25:16 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1559067916; cv=none; d=google.com; s=arc-20160816; b=Kdxfp9TwsBPgwJOfUckZOapCCxJQPVcWWWSQX/NqSAFgivvtXhTXJ6mCzl8YXawPnV MSpVRdIOS6UzW9nvl+imfBDf09xFPuQNK53wXmTuGrh9VuCxFW6l4IF6BdY535xZQiHO /dy1QHHSe7ck1JiZz5hCsmxpTm/uxwkuCx1kKr2fhv+8BGCi51+q1sLYxQ97Xt019u4/ pahe0s8Dcxp20RTJ0dhyCM4IgWfsYpslMR4Fs+GpFjvAF1UsgGS1YdGBqEjDvlotUF1G fB3YsvlbVT0eutkfNpw6D7cR3RdXgZj1ArQ3r7HRM3Ke+7FsJDwSotVTiiRDfEDWWYgU vgIw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:subject:cc:to:from:date; bh=678Cq916P6D9QAPowdhRCvCYxLGxHKYEIzAmV30ZiqI=; b=PREIAaA6VNsalFjCqtPfMxjERuKcQYTC/4B60j98n81+TPIWP2PNjqH14ukYyDB986 ylMCWxmxifmXF0gA/2SbQe1vZWu4a7ZQ5yHfuEBpIMkqUma36cDfW4D/nz20A0e5GvKY 06Gd/Qs45pItY1hcMEhRbOlaQWc63i5OkytG6XuAXXewAqSADgaFpPnsiUtPdD5axyFp vcUgvoPp0XFFWEg5IQm5Xb2TPyGMuD7wVDCELp4+ccBDeXtKcCKq7UxpgqqPTVxYHrRU kMqCBxexH6JexCo6FBQt9ZBGiMrxsBd+kMG0YHVpQbsNXYVW89+xI3ryl+u883/HZ06o lYGg== ARC-Authentication-Results: i=1; gmr-mx.google.com; spf=pass (google.com: domain of henning.schild@siemens.com designates 192.35.17.14 as permitted sender) smtp.mailfrom=henning.schild@siemens.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=siemens.com Return-Path: Received: from david.siemens.de (david.siemens.de. [192.35.17.14]) by gmr-mx.google.com with ESMTPS id h189si140351wmh.2.2019.05.28.11.25.16 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 28 May 2019 11:25:16 -0700 (PDT) Received-SPF: pass (google.com: domain of henning.schild@siemens.com designates 192.35.17.14 as permitted sender) client-ip=192.35.17.14; Authentication-Results: gmr-mx.google.com; spf=pass (google.com: domain of henning.schild@siemens.com designates 192.35.17.14 as permitted sender) smtp.mailfrom=henning.schild@siemens.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=siemens.com Received: from mail1.sbs.de (mail1.sbs.de [192.129.41.35]) by david.siemens.de (8.15.2/8.15.2) with ESMTPS id x4SIPE1h030291 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 28 May 2019 20:25:14 +0200 Received: from md1za8fc.ad001.siemens.net ([139.25.69.101]) by mail1.sbs.de (8.15.2/8.15.2) with ESMTP id x4SIPDJd008198; Tue, 28 May 2019 20:25:13 +0200 Date: Tue, 28 May 2019 20:25:11 +0200 From: Henning Schild To: Harald Seiler Cc: , "Claudius Heine" Subject: Re: [PATCH v3] sshd-regen-keys: Fix sshd deadlock on boot Message-ID: <20190528202511.52b8d976@md1za8fc.ad001.siemens.net> In-Reply-To: <32fe04e1e3f5c3c90543665e8965f0e04a8781cf.camel@denx.de> References: <20181219134121.6b540490@md1za8fc.ad001.siemens.net> <32fe04e1e3f5c3c90543665e8965f0e04a8781cf.camel@denx.de> X-Mailer: Claws Mail 3.17.3 (GTK+ 2.24.32; x86_64-pc-linux-gnu) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-TUID: 0h596KhNsl/4 Looking at the recent rootfs postprocessing scripts and how we stop putting magic into install hooks i thought about this one again. This is all nice but it does not solve the real problem. You have to be aware that you get the ssh key problem when building and later deploying a debian like we do. Once you are aware you might discover this handy package. I think we should have bitbake magic that installs this package as soon as sshd gets installed. Which could be tricky if sshd gets pulled as dep ... Henning Am Wed, 19 Dec 2018 14:54:04 +0100 schrieb Harald Seiler : > Currently, when sshd-regen-keys runs dpkg-reconfigure, this > will lead to a call to `systemctl restart ssh`. This call blocks > forever because of course the sshd-regen-keys unit, which is a > dependency of sshd, hasn't finished at this point and can't do so > because it is waiting as well. > > To circumvent this deadlock, this commit changes sshd-regen-keys' > behavior so sshd is first disabled and only reenabled after the > job is done. > > Signed-off-by: Harald Seiler > --- > Changes for v2: > - Remove `systemctl start --no-block ssh` call as it looks like > this is not needed. > > Changes for v3: > - Bump version number to 0.2 > > .../sshd-regen-keys/files/sshd-regen-keys.service | 2 +- > .../sshd-regen-keys/files/sshd-regen-keys.sh | 18 > ++++++++++++++++++ .../{sshd-regen-keys_0.1.bb => > sshd-regen-keys_0.2.bb} | 7 +++++-- 3 files changed, 24 > insertions(+), 3 deletions(-) create mode 100644 > meta/recipes-support/sshd-regen-keys/files/sshd-regen-keys.sh rename > meta/recipes-support/sshd-regen-keys/{sshd-regen-keys_0.1.bb => > sshd-regen-keys_0.2.bb} (58%) > > diff --git > a/meta/recipes-support/sshd-regen-keys/files/sshd-regen-keys.service > b/meta/recipes-support/sshd-regen-keys/files/sshd-regen-keys.service > index 3b8231f..a05e1a9 100644 --- > a/meta/recipes-support/sshd-regen-keys/files/sshd-regen-keys.service > +++ > b/meta/recipes-support/sshd-regen-keys/files/sshd-regen-keys.service > @@ -10,7 +10,7 @@ ConditionPathIsReadWrite=/etc Type=oneshot > RemainAfterExit=yes Environment=DEBIAN_FRONTEND=noninteractive > -ExecStart=/bin/sh -c "rm -v /etc/ssh/ssh_host_*_key*; > dpkg-reconfigure openssh-server" > +ExecStart=/usr/sbin/sshd-regen-keys.sh ExecStartPost=-/bin/systemctl > disable sshd-regen-keys.service StandardOutput=syslog > StandardError=syslog diff --git > a/meta/recipes-support/sshd-regen-keys/files/sshd-regen-keys.sh > b/meta/recipes-support/sshd-regen-keys/files/sshd-regen-keys.sh new > file mode 100644 index 0000000..11fca3b --- /dev/null > +++ b/meta/recipes-support/sshd-regen-keys/files/sshd-regen-keys.sh > @@ -0,0 +1,18 @@ > +#!/usr/bin/env sh > + > +echo -n "SSH server is " > +if systemctl is-enabled ssh; then > + SSHD_ENABLED="true" > + systemctl disable --no-reload ssh > +fi > + > +echo "Removing keys ..." > +rm -v /etc/ssh/ssh_host_*_key* > + > +echo "Regenerating keys ..." > +dpkg-reconfigure openssh-server > + > +if test -n $SSHD_ENABLED; then > + echo "Reenabling ssh server ..." > + systemctl enable --no-reload ssh > +fi > diff --git > a/meta/recipes-support/sshd-regen-keys/sshd-regen-keys_0.1.bb > b/meta/recipes-support/sshd-regen-keys/sshd-regen-keys_0.2.bb > similarity index 58% rename from > meta/recipes-support/sshd-regen-keys/sshd-regen-keys_0.1.bb rename to > meta/recipes-support/sshd-regen-keys/sshd-regen-keys_0.2.bb index > 02e9e25..6f12414 100644 --- > a/meta/recipes-support/sshd-regen-keys/sshd-regen-keys_0.1.bb +++ > b/meta/recipes-support/sshd-regen-keys/sshd-regen-keys_0.2.bb @@ -6,9 > +6,12 @@ MAINTAINER = "isar-users " > DEBIAN_DEPENDS = "openssh-server, systemd" SRC_URI = "file://postinst > \ > - file://sshd-regen-keys.service" > + file://sshd-regen-keys.service \ > + file://sshd-regen-keys.sh" > > +do_install[cleandirs] = "${D}/lib/systemd/system \ > + ${D}/usr/sbin" > do_install() { > - install -v -d -m 755 "${D}/lib/systemd/system" > install -v -m 644 "${WORKDIR}/sshd-regen-keys.service" > "${D}/lib/systemd/system/sshd-regen-keys.service" > + install -v -m 755 "${WORKDIR}/sshd-regen-keys.sh" > "${D}/usr/sbin/sshd-regen-keys.sh" } >