From mboxrd@z Thu Jan 1 00:00:00 1970 X-GM-THRID: 6634399131619033088 X-Received: by 2002:adf:deca:: with SMTP id i10mr7532365wrn.313.1559072934359; Tue, 28 May 2019 12:48:54 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com Received: by 2002:adf:dd44:: with SMTP id u4ls2086wrm.3.gmail; Tue, 28 May 2019 12:48:53 -0700 (PDT) X-Google-Smtp-Source: APXvYqyvn9optUkqbhFn6h/L1Jk/eXQpROgZHbW3ZaUii6R6kjPq4HW0ZSkGkq+NdIAe9RJETrLV X-Received: by 2002:a5d:69c9:: with SMTP id s9mr773917wrw.277.1559072933765; Tue, 28 May 2019 12:48:53 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1559072933; cv=none; d=google.com; s=arc-20160816; b=lKQgXEy6meKTLQf4TCBuVSCRLwylG95XTQODrWEIbKYaNQDE4GE22OWPYXEW76y5xU tji98Neaelb2msqvIOIB5FkrI8m+IN3puopH9RouGkb0ZmNp0YYBqeVlbhuAtVy99/cf WnifVEYN6PZQI5EOQOjfU7fuUVptVBKoktKsUz3l4KmyxEsTKs5+yu1ArdZNOHkEO5NL hEWdP87RT9Qfk13zESx6n08p3AsacEKmdK4bApdoL8HHeRfrPEopRjCewzVgZztwGlxR 4enoq/iZSRgv60rRaFHYHIly+0buao1DFHpd4wbXcSQGZw+xDGCQTJTEGNR7+azJDeCC kINQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:subject:cc:to:from:date; bh=C3YLtpbGbsfEpGfQZJARKEL6myvTBjL0tT80NKBbEFE=; b=JrheVfmRYqAsgFJWIVxx7x5BXLEVfL4t8UIFbv8hediLsUPOh6Ez74Jr7rkggxZRS+ ieVJ0eozKT7jE3BaE0OYaeug5K4y/9Tp19jBvnidt7wkdTeYO/XxCxgNrUbF+TEv5Aps AbOv9CpUPcbIIHytJGu0QCQ8AoDLVkXAQ3LhAQR/afp2zuwWgF9R+qI+k+5HWs2WpSAd HwepZhZE2FgRZPs4wxaw32ZNJk7C6YPg2R9vLZdxUzxCAHsrxw3Drg9K9h485QZ8iTmf PuHpJj4CE/4N03Qnj7MR/t1TAzOmGp8kfSPkZiwbeDlPN4uQuu5NtBEFWJa2AwbUnunn p73A== ARC-Authentication-Results: i=1; gmr-mx.google.com; spf=pass (google.com: domain of henning.schild@siemens.com designates 194.138.37.40 as permitted sender) smtp.mailfrom=henning.schild@siemens.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=siemens.com Return-Path: Received: from gecko.sbs.de (gecko.sbs.de. [194.138.37.40]) by gmr-mx.google.com with ESMTPS id f8si148006wre.0.2019.05.28.12.48.53 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 28 May 2019 12:48:53 -0700 (PDT) Received-SPF: pass (google.com: domain of henning.schild@siemens.com designates 194.138.37.40 as permitted sender) client-ip=194.138.37.40; Authentication-Results: gmr-mx.google.com; spf=pass (google.com: domain of henning.schild@siemens.com designates 194.138.37.40 as permitted sender) smtp.mailfrom=henning.schild@siemens.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=siemens.com Received: from mail2.sbs.de (mail2.sbs.de [192.129.41.66]) by gecko.sbs.de (8.15.2/8.15.2) with ESMTPS id x4SJmqmE003033 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 28 May 2019 21:48:52 +0200 Received: from md1za8fc.ad001.siemens.net ([167.87.5.213]) by mail2.sbs.de (8.15.2/8.15.2) with ESMTP id x4SJmpHK015284; Tue, 28 May 2019 21:48:52 +0200 Date: Tue, 28 May 2019 21:48:48 +0200 From: Henning Schild To: Harald Seiler Cc: , Claudius Heine Subject: Re: [PATCH v3] sshd-regen-keys: Fix sshd deadlock on boot Message-ID: <20190528214848.4ed89f52@md1za8fc.ad001.siemens.net> In-Reply-To: <20190528202511.52b8d976@md1za8fc.ad001.siemens.net> References: <20181219134121.6b540490@md1za8fc.ad001.siemens.net> <32fe04e1e3f5c3c90543665e8965f0e04a8781cf.camel@denx.de> <20190528202511.52b8d976@md1za8fc.ad001.siemens.net> X-Mailer: Claws Mail 3.17.3 (GTK+ 2.24.32; x86_64-pc-linux-gnu) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-TUID: ookTXYuNEbro Am Tue, 28 May 2019 20:25:11 +0200 schrieb "[ext] Henning Schild" : > Looking at the recent rootfs postprocessing scripts and how we stop > putting magic into install hooks i thought about this one again. > > This is all nice but it does not solve the real problem. You have to > be aware that you get the ssh key problem when building and later > deploying a debian like we do. Once you are aware you might discover > this handy package. > > I think we should have bitbake magic that installs this package as > soon as sshd gets installed. Which could be tricky if sshd gets > pulled as dep ... The probably most lighweight way will be to bbwarn in a postprocess if sshd installed and sshd-regen-keys is not. I will send a patch. Henning > Henning > > Am Wed, 19 Dec 2018 14:54:04 +0100 > schrieb Harald Seiler : > > > Currently, when sshd-regen-keys runs dpkg-reconfigure, this > > will lead to a call to `systemctl restart ssh`. This call blocks > > forever because of course the sshd-regen-keys unit, which is a > > dependency of sshd, hasn't finished at this point and can't do so > > because it is waiting as well. > > > > To circumvent this deadlock, this commit changes sshd-regen-keys' > > behavior so sshd is first disabled and only reenabled after the > > job is done. > > > > Signed-off-by: Harald Seiler > > --- > > Changes for v2: > > - Remove `systemctl start --no-block ssh` call as it looks like > > this is not needed. > > > > Changes for v3: > > - Bump version number to 0.2 > > > > .../sshd-regen-keys/files/sshd-regen-keys.service | 2 +- > > .../sshd-regen-keys/files/sshd-regen-keys.sh | 18 > > ++++++++++++++++++ .../{sshd-regen-keys_0.1.bb => > > sshd-regen-keys_0.2.bb} | 7 +++++-- 3 files changed, 24 > > insertions(+), 3 deletions(-) create mode 100644 > > meta/recipes-support/sshd-regen-keys/files/sshd-regen-keys.sh rename > > meta/recipes-support/sshd-regen-keys/{sshd-regen-keys_0.1.bb => > > sshd-regen-keys_0.2.bb} (58%) > > > > diff --git > > a/meta/recipes-support/sshd-regen-keys/files/sshd-regen-keys.service > > b/meta/recipes-support/sshd-regen-keys/files/sshd-regen-keys.service > > index 3b8231f..a05e1a9 100644 --- > > a/meta/recipes-support/sshd-regen-keys/files/sshd-regen-keys.service > > +++ > > b/meta/recipes-support/sshd-regen-keys/files/sshd-regen-keys.service > > @@ -10,7 +10,7 @@ ConditionPathIsReadWrite=/etc Type=oneshot > > RemainAfterExit=yes Environment=DEBIAN_FRONTEND=noninteractive > > -ExecStart=/bin/sh -c "rm -v /etc/ssh/ssh_host_*_key*; > > dpkg-reconfigure openssh-server" > > +ExecStart=/usr/sbin/sshd-regen-keys.sh > > ExecStartPost=-/bin/systemctl disable sshd-regen-keys.service > > StandardOutput=syslog StandardError=syslog diff --git > > a/meta/recipes-support/sshd-regen-keys/files/sshd-regen-keys.sh > > b/meta/recipes-support/sshd-regen-keys/files/sshd-regen-keys.sh new > > file mode 100644 index 0000000..11fca3b --- /dev/null > > +++ b/meta/recipes-support/sshd-regen-keys/files/sshd-regen-keys.sh > > @@ -0,0 +1,18 @@ > > +#!/usr/bin/env sh > > + > > +echo -n "SSH server is " > > +if systemctl is-enabled ssh; then > > + SSHD_ENABLED="true" > > + systemctl disable --no-reload ssh > > +fi > > + > > +echo "Removing keys ..." > > +rm -v /etc/ssh/ssh_host_*_key* > > + > > +echo "Regenerating keys ..." > > +dpkg-reconfigure openssh-server > > + > > +if test -n $SSHD_ENABLED; then > > + echo "Reenabling ssh server ..." > > + systemctl enable --no-reload ssh > > +fi > > diff --git > > a/meta/recipes-support/sshd-regen-keys/sshd-regen-keys_0.1.bb > > b/meta/recipes-support/sshd-regen-keys/sshd-regen-keys_0.2.bb > > similarity index 58% rename from > > meta/recipes-support/sshd-regen-keys/sshd-regen-keys_0.1.bb rename > > to meta/recipes-support/sshd-regen-keys/sshd-regen-keys_0.2.bb index > > 02e9e25..6f12414 100644 --- > > a/meta/recipes-support/sshd-regen-keys/sshd-regen-keys_0.1.bb +++ > > b/meta/recipes-support/sshd-regen-keys/sshd-regen-keys_0.2.bb @@ > > -6,9 +6,12 @@ MAINTAINER = "isar-users > > " DEBIAN_DEPENDS = "openssh-server, > > systemd" SRC_URI = "file://postinst \ > > - file://sshd-regen-keys.service" > > + file://sshd-regen-keys.service \ > > + file://sshd-regen-keys.sh" > > > > +do_install[cleandirs] = "${D}/lib/systemd/system \ > > + ${D}/usr/sbin" > > do_install() { > > - install -v -d -m 755 "${D}/lib/systemd/system" > > install -v -m 644 "${WORKDIR}/sshd-regen-keys.service" > > "${D}/lib/systemd/system/sshd-regen-keys.service" > > + install -v -m 755 "${WORKDIR}/sshd-regen-keys.sh" > > "${D}/usr/sbin/sshd-regen-keys.sh" } > > >