From mboxrd@z Thu Jan 1 00:00:00 1970 X-GM-THRID: 6634399131619033088 X-Received: by 2002:a24:349:: with SMTP id e70mr5738875ite.9.1545227772405; Wed, 19 Dec 2018 05:56:12 -0800 (PST) X-BeenThere: isar-users@googlegroups.com Received: by 2002:a24:4247:: with SMTP id i68ls1815618itb.5.gmail; Wed, 19 Dec 2018 05:56:12 -0800 (PST) X-Google-Smtp-Source: AFSGD/WQQOBA0mhkJi6rxQ8DMYyQNFKFFvwcuGgSNwsky0b7bb0HCfX339MHB6K7YYxv3S6DoKyL X-Received: by 2002:a24:24e:: with SMTP id 75mr5704434itu.0.1545227772077; Wed, 19 Dec 2018 05:56:12 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1545227772; cv=none; d=google.com; s=arc-20160816; b=CLk2smooeWoPlrHu+RqBwtOLLRnglSNwM/KnX7ZUoygdlUERQPc5B9hkBPrksSssXV SGJtIkBkyoOIGuuXbalta3IIccHMU2jT9Ga0aaNMM0tZ/A/r7FCQjFW1cK5cL2mBxtIq QccOesUrcUMipFRAcgZ+wxHL0awyTShna/neDORQUZPIvlQuITwa4hHhr+0ypgoUaDol 1uCZrPDQW55m7c+4nO8J4SYbYRyR2fVs4kqcUuBlxlSYecSxoUKZOBPmMFhpL9JjucwX ScKfo3UWSPqLrAuIYaYB6cOOyRudV4o7iePKCPxaDZgu9tcnFp3LglElIeu1VnR6cxL5 vR1Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:user-agent:references :in-reply-to:date:to:from:subject:message-id; bh=Cjje65GsHGZMPQy1CIO79DfXlQIxFTtVaISMb65hg6U=; b=uphS8R6knXpcQ2cN07Ypb7g1tTtqyUZoripUMmEkwQitW8LBjaEvujzO9Sj7yAy1BV QYLe24ANsDgCiNeyzojt6OQrOyKzsjQnxarTo5HthfZxtdhD63agmAUZb+PtbEbFoWzC v0JOxXertNFT2NS7HF4xuH+GfL+8lhkhJp/QOQ4+NOBQezntSJ70Bev3OfZP3RS53+Lo XaKSykbfdyVGMasmx60fJQSlIm5mC0+5Is0i80eASzk5McXz8zI2T/Kfzh5oa8249u+/ 8E37n+Bp5nQNRoFgv96sbxMeoQVrHBTfI2FPosAtXI69osXEvvoBuNcwin4d01Zcb8zp fwAQ== ARC-Authentication-Results: i=1; gmr-mx.google.com; spf=neutral (google.com: 212.18.0.10 is neither permitted nor denied by best guess record for domain of hws@denx.de) smtp.mailfrom=hws@denx.de Return-Path: Received: from mail-out.m-online.net (mail-out.m-online.net. [212.18.0.10]) by gmr-mx.google.com with ESMTPS id v67si199347itb.0.2018.12.19.05.56.11 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 19 Dec 2018 05:56:11 -0800 (PST) Received-SPF: neutral (google.com: 212.18.0.10 is neither permitted nor denied by best guess record for domain of hws@denx.de) client-ip=212.18.0.10; Authentication-Results: gmr-mx.google.com; spf=neutral (google.com: 212.18.0.10 is neither permitted nor denied by best guess record for domain of hws@denx.de) smtp.mailfrom=hws@denx.de Received: from frontend01.mail.m-online.net (unknown [192.168.8.182]) by mail-out.m-online.net (Postfix) with ESMTP id 43KbwG4F14z1qwfN; Wed, 19 Dec 2018 14:54:06 +0100 (CET) Received: from localhost (dynscan1.mnet-online.de [192.168.6.70]) by mail.m-online.net (Postfix) with ESMTP id 43KbwG403tz1qstH; Wed, 19 Dec 2018 14:54:06 +0100 (CET) X-Virus-Scanned: amavisd-new at mnet-online.de Received: from mail.mnet-online.de ([192.168.8.182]) by localhost (dynscan1.mail.m-online.net [192.168.6.70]) (amavisd-new, port 10024) with ESMTP id qtle8ToUv1AH; Wed, 19 Dec 2018 14:54:05 +0100 (CET) X-Auth-Info: pf+xM/Zb1gn9968c39UnsBUrZ9Thkr+5EIxfBhugiw4= Received: from sandvich (p5B04C2AA.dip0.t-ipconnect.de [91.4.194.170]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.mnet-online.de (Postfix) with ESMTPSA; Wed, 19 Dec 2018 14:54:05 +0100 (CET) Message-ID: <32fe04e1e3f5c3c90543665e8965f0e04a8781cf.camel@denx.de> Subject: [PATCH v3] sshd-regen-keys: Fix sshd deadlock on boot From: Harald Seiler To: isar-users@googlegroups.com, Henning Schild Date: Wed, 19 Dec 2018 14:54:04 +0100 In-Reply-To: <20181219134121.6b540490@md1za8fc.ad001.siemens.net> References: <20181219134121.6b540490@md1za8fc.ad001.siemens.net> Content-Type: text/plain; charset="UTF-8" User-Agent: Evolution 3.30.3 Mime-Version: 1.0 Content-Transfer-Encoding: 7bit X-TUID: MP6GDcHs/IFe Currently, when sshd-regen-keys runs dpkg-reconfigure, this will lead to a call to `systemctl restart ssh`. This call blocks forever because of course the sshd-regen-keys unit, which is a dependency of sshd, hasn't finished at this point and can't do so because it is waiting as well. To circumvent this deadlock, this commit changes sshd-regen-keys' behavior so sshd is first disabled and only reenabled after the job is done. Signed-off-by: Harald Seiler --- Changes for v2: - Remove `systemctl start --no-block ssh` call as it looks like this is not needed. Changes for v3: - Bump version number to 0.2 .../sshd-regen-keys/files/sshd-regen-keys.service | 2 +- .../sshd-regen-keys/files/sshd-regen-keys.sh | 18 ++++++++++++++++++ .../{sshd-regen-keys_0.1.bb => sshd-regen-keys_0.2.bb} | 7 +++++-- 3 files changed, 24 insertions(+), 3 deletions(-) create mode 100644 meta/recipes-support/sshd-regen-keys/files/sshd-regen-keys.sh rename meta/recipes-support/sshd-regen-keys/{sshd-regen-keys_0.1.bb => sshd-regen-keys_0.2.bb} (58%) diff --git a/meta/recipes-support/sshd-regen-keys/files/sshd-regen-keys.service b/meta/recipes-support/sshd-regen-keys/files/sshd-regen-keys.service index 3b8231f..a05e1a9 100644 --- a/meta/recipes-support/sshd-regen-keys/files/sshd-regen-keys.service +++ b/meta/recipes-support/sshd-regen-keys/files/sshd-regen-keys.service @@ -10,7 +10,7 @@ ConditionPathIsReadWrite=/etc Type=oneshot RemainAfterExit=yes Environment=DEBIAN_FRONTEND=noninteractive -ExecStart=/bin/sh -c "rm -v /etc/ssh/ssh_host_*_key*; dpkg-reconfigure openssh-server" +ExecStart=/usr/sbin/sshd-regen-keys.sh ExecStartPost=-/bin/systemctl disable sshd-regen-keys.service StandardOutput=syslog StandardError=syslog diff --git a/meta/recipes-support/sshd-regen-keys/files/sshd-regen-keys.sh b/meta/recipes-support/sshd-regen-keys/files/sshd-regen-keys.sh new file mode 100644 index 0000000..11fca3b --- /dev/null +++ b/meta/recipes-support/sshd-regen-keys/files/sshd-regen-keys.sh @@ -0,0 +1,18 @@ +#!/usr/bin/env sh + +echo -n "SSH server is " +if systemctl is-enabled ssh; then + SSHD_ENABLED="true" + systemctl disable --no-reload ssh +fi + +echo "Removing keys ..." +rm -v /etc/ssh/ssh_host_*_key* + +echo "Regenerating keys ..." +dpkg-reconfigure openssh-server + +if test -n $SSHD_ENABLED; then + echo "Reenabling ssh server ..." + systemctl enable --no-reload ssh +fi diff --git a/meta/recipes-support/sshd-regen-keys/sshd-regen-keys_0.1.bb b/meta/recipes-support/sshd-regen-keys/sshd-regen-keys_0.2.bb similarity index 58% rename from meta/recipes-support/sshd-regen-keys/sshd-regen-keys_0.1.bb rename to meta/recipes-support/sshd-regen-keys/sshd-regen-keys_0.2.bb index 02e9e25..6f12414 100644 --- a/meta/recipes-support/sshd-regen-keys/sshd-regen-keys_0.1.bb +++ b/meta/recipes-support/sshd-regen-keys/sshd-regen-keys_0.2.bb @@ -6,9 +6,12 @@ MAINTAINER = "isar-users " DEBIAN_DEPENDS = "openssh-server, systemd" SRC_URI = "file://postinst \ - file://sshd-regen-keys.service" + file://sshd-regen-keys.service \ + file://sshd-regen-keys.sh" +do_install[cleandirs] = "${D}/lib/systemd/system \ + ${D}/usr/sbin" do_install() { - install -v -d -m 755 "${D}/lib/systemd/system" install -v -m 644 "${WORKDIR}/sshd-regen-keys.service" "${D}/lib/systemd/system/sshd-regen-keys.service" + install -v -m 755 "${WORKDIR}/sshd-regen-keys.sh" "${D}/usr/sbin/sshd-regen-keys.sh" } -- Harald DENX Software Engineering GmbH, Managing Director: Wolfgang Denk HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany Phone: +49-8142-66989-62 Fax: +49-8142-66989-80 Email: hws@denx.de