From mboxrd@z Thu Jan 1 00:00:00 1970 X-GM-THRID: 6802611076497145856 X-Received: by 2002:ac2:4c36:: with SMTP id u22mr1672349lfq.91.1583921096897; Wed, 11 Mar 2020 03:04:56 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com Received: by 2002:a05:651c:211:: with SMTP id y17ls268189ljn.10.gmail; Wed, 11 Mar 2020 03:04:56 -0700 (PDT) X-Google-Smtp-Source: ADFU+vv+uXZpNil0FdDRsz7G3GEeOIN2Fuql9SbyzRt6dhatsUBgn1iFwOSgrY1qHDy0fjaGaS+B X-Received: by 2002:a2e:3608:: with SMTP id d8mr1682814lja.52.1583921096197; Wed, 11 Mar 2020 03:04:56 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1583921096; cv=none; d=google.com; s=arc-20160816; b=Oy5Ey8nF+l4A9TQWFMKSF5t8DutgyWxO+BjLRaRUyroTB8kGqcjj8RblR1pfTGzSSZ CuveBZYzntblfi5DYSzqyKmI3sRNfNab7y3TWs7fsoq13Mf818nroYUzPleQ0ep2EX68 GK3HsHWafyZ8tQPW5lcF75Xwyc6kT9vgFx5IrelimqebET/4xFQiQrzuzmfeGr8XHENM WJr/+7mPtMcTDpz8Y8xOpwQie85WPRTVS0LS9YGe1ZL9ljEc79G8A8PHIkMNDoMrMlXH NqLmSWf3/R8AjV22mYyGvWNteTsKfJaZUpRSAdA78FgSTHo4ZREQt9x0SbhVW4fgCqIs L+pQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:subject:cc:to:from:date; bh=jHKANrCaEwu8spZvDUhZjOVm8FHyNV/orT8ZvTVjDxw=; b=wfKbXNG9tSk1ocU5N/qlndpMX+k9NhsZS2UU6nDRNHZtz1OwRaSgsswKJi4CzHQpVG e2xtC5JiMJMm0s5I3Ov0Yo/jXqTz7FioeO4+PZOLUatpdojdZzjJIiZvLDnsGHGNUPsT 8m29Fs1hYLYcjAcJPJzq0qQN4WSWMXm2FB9QlxdTrclRlYYpVMlQUwuSDy9X0O7i9o8k ezi1y7aVa0TJh87dFKtDPLVl6PVumr77dSRi/+XATGlDu1rYL3LTQkCWARQwUDq1+Kyi iJluz0RkEsUWSMsvbXutchUfHfwvFRawXis6EZhp6ZU2WUlgle+8/wX168m41V7X1DYi ahKQ== ARC-Authentication-Results: i=1; gmr-mx.google.com; spf=pass (google.com: domain of henning.schild@siemens.com designates 194.138.37.40 as permitted sender) smtp.mailfrom=henning.schild@siemens.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=siemens.com Return-Path: Received: from gecko.sbs.de (gecko.sbs.de. [194.138.37.40]) by gmr-mx.google.com with ESMTPS id p14si87093lfo.0.2020.03.11.03.04.56 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 11 Mar 2020 03:04:56 -0700 (PDT) Received-SPF: pass (google.com: domain of henning.schild@siemens.com designates 194.138.37.40 as permitted sender) client-ip=194.138.37.40; Authentication-Results: gmr-mx.google.com; spf=pass (google.com: domain of henning.schild@siemens.com designates 194.138.37.40 as permitted sender) smtp.mailfrom=henning.schild@siemens.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=siemens.com Received: from mail2.sbs.de (mail2.sbs.de [192.129.41.66]) by gecko.sbs.de (8.15.2/8.15.2) with ESMTPS id 02BA4tLg011332 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 11 Mar 2020 11:04:55 +0100 Received: from md1za8fc.ad001.siemens.net ([167.87.91.72]) by mail2.sbs.de (8.15.2/8.15.2) with ESMTP id 02BA4sJK010074; Wed, 11 Mar 2020 11:04:55 +0100 Date: Wed, 11 Mar 2020 11:04:52 +0100 From: Henning Schild To: Jan Kiszka Cc: Cedric Hombourger , Subject: Re: [PATCH 1/3] sshd-regen-keys: correct dependency on ssh daemon service Message-ID: <20200311110452.6e6f91df@md1za8fc.ad001.siemens.net> In-Reply-To: References: <1583856274-254-1-git-send-email-Cedric_Hombourger@mentor.com> <1583856274-254-2-git-send-email-Cedric_Hombourger@mentor.com> <20200311093443.541c8c61@md1za8fc.ad001.siemens.net> X-Mailer: Claws Mail 3.17.4 (GTK+ 2.24.32; x86_64-pc-linux-gnu) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-TUID: RrtIYW2pqK3/ On Wed, 11 Mar 2020 10:32:40 +0100 Jan Kiszka wrote: > On 11.03.20 09:34, Henning Schild wrote: > > One fun fact on the version bump here. All our "on first boot" > > recipes use a trick where the postinst enables them, and their run > > disables them again. > > > > That pattern is broken in the face of package updates, where the > > service will be enabled again and we do a second round. Meaning all > > packages using that pattern need code that can be run multiple > > times. > > > > In fact the pattern should probably be improved, where the "enable" > > in postinst becomes conditional if the packages was installed > > before and the service is already disabled. > > > > Taking Jan in as well, since he established that pattern. > > Yeah, but without considering a package update case at all. I suppose > some other post-inst scripts we have, e.g. in customization packages, > are not really upgrade-friendly. Simply wasn't a priority so far, but > we can always do better of course. I know the history and a lot of people will not do package updates. At the same time i suggest to keep that issue in mind and provide a clean solution for the Isar core. Henning > Jan > > > > > Henning > > > > On Tue, 10 Mar 2020 17:04:32 +0100 > > Cedric Hombourger wrote: > > > >> The name of the SSH daemon service is ssh.service, not sshd.service > >> This fixes some (sporadic) failures to generate host-specific ssh > >> keys on first boot. > >> > >> Signed-off-by: Cedric Hombourger > >> --- > >> .../sshd-regen-keys/files/sshd-regen-keys.service > >> | 2 +- .../{sshd-regen-keys_0.2.bb => sshd-regen-keys_0.3.bb} > >> | 0 2 files changed, 1 insertion(+), 1 deletion(-) > >> rename > >> meta/recipes-support/sshd-regen-keys/{sshd-regen-keys_0.2.bb => > >> sshd-regen-keys_0.3.bb} (100%) > >> > >> diff --git > >> a/meta/recipes-support/sshd-regen-keys/files/sshd-regen-keys.service > >> b/meta/recipes-support/sshd-regen-keys/files/sshd-regen-keys.service > >> index a05e1a9..f50d34c 100644 --- > >> a/meta/recipes-support/sshd-regen-keys/files/sshd-regen-keys.service > >> +++ > >> b/meta/recipes-support/sshd-regen-keys/files/sshd-regen-keys.service > >> @@ -3,7 +3,7 @@ Description=Regenerate sshd host keys > >> DefaultDependencies=no Conflicts=shutdown.target > >> After=systemd-remount-fs.service -Before=shutdown.target > >> sshd.service +Before=shutdown.target ssh.service > >> ConditionPathIsReadWrite=/etc > >> [Service] > >> diff --git > >> a/meta/recipes-support/sshd-regen-keys/sshd-regen-keys_0.2.bb > >> b/meta/recipes-support/sshd-regen-keys/sshd-regen-keys_0.3.bb > >> similarity index 100% rename from > >> meta/recipes-support/sshd-regen-keys/sshd-regen-keys_0.2.bb rename > >> to meta/recipes-support/sshd-regen-keys/sshd-regen-keys_0.3.bb > > >