From mboxrd@z Thu Jan 1 00:00:00 1970 X-GM-THRID: 6634399131619033088 X-Received: by 2002:a17:906:2445:: with SMTP id a5-v6mr7972878ejb.8.1546864950669; Mon, 07 Jan 2019 04:42:30 -0800 (PST) X-BeenThere: isar-users@googlegroups.com Received: by 2002:a17:906:488b:: with SMTP id v11-v6ls166358ejq.5.gmail; Mon, 07 Jan 2019 04:42:30 -0800 (PST) X-Google-Smtp-Source: AFSGD/X8qjWZiBPr29DmaoLyPR/0rjBcqk6Y6ahh7InaLSf8c/sFbpXk+XEVbBx/7XOeXAuzSOiF X-Received: by 2002:a17:906:1c45:: with SMTP id l5-v6mr7973286ejg.3.1546864950033; Mon, 07 Jan 2019 04:42:30 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1546864950; cv=none; d=google.com; s=arc-20160816; b=nhqypvDijTU02YEnf5i67Hk3609BCxe45u4nV0HTwZpmVEdK/iDdu7Sh05Hq/HxnSo 0eQ41i+Y2jMqsfARxIfsivOcHQfsYGctJnUcSeHh0spjLfQCLPm7EQAEyxzsNFFl3oou IE9jOjt73q4natVX2zc00gy//WhY/vIFNbN+LtVRvoj7l0ZyHuRD1qZ17ddK0gNmQEh4 tHnCrMaGDWjgGqQPS4K4IYJu+QZ0iEPkFzhrl5FbDfvgHbUPYHUvbT9oll2oldJNdQyQ DKYeuOuTCqnTSO2cdSmLr4n7Qu/W7Xy+VPWXw4z4R9dFFIwsHVPTplCi55YRrRS2S96v cW8w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:content-language:in-reply-to:mime-version :user-agent:date:message-id:organization:from:references:to:subject; bh=efLHZ+7cgIuUYeav5LslMaC1qmgjpAG1gHiePTCTK1g=; b=nr3ruLmBbYpFd84HMfo1zoxdbl90Ql3OTucUZim/LbmIcI6/1KTJ2PHpGUi/rCKBqv E0/rjKEpsoVHbBd0KDQgj+ZufCYAiIOhtU4SQLqge8UWoCOWDGamiQUDQwcV5AOSF6lU yW3c98/Q0KSwPVy7Kb0Ke+Pa/WDyJNcZkZKLkxczI2tKNCiTq5thXVwpOs1xSATrziTn ARq4eJ26AWdtnIDL+Jhlr5RFgVU7CCy28AhYc73lp7S8U3mQTfKuP0wM+iNJou8J7iIZ 2pXTTHOHlPyq0RyTifmQi4O7KdD7Z2WNj6c+YHQ2I2IaJp8oAIF7axb0c98Zbi9VkNgs M4og== ARC-Authentication-Results: i=1; gmr-mx.google.com; spf=pass (google.com: best guess record for domain of mosipov@ilbers.de designates 85.214.62.211 as permitted sender) smtp.mailfrom=mosipov@ilbers.de Return-Path: Received: from aqmola.ilbers.de (aqmola.ilbers.de. [85.214.62.211]) by gmr-mx.google.com with ESMTPS id a3si2329890eda.0.2019.01.07.04.42.29 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 07 Jan 2019 04:42:29 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of mosipov@ilbers.de designates 85.214.62.211 as permitted sender) client-ip=85.214.62.211; Authentication-Results: gmr-mx.google.com; spf=pass (google.com: best guess record for domain of mosipov@ilbers.de designates 85.214.62.211 as permitted sender) smtp.mailfrom=mosipov@ilbers.de Received: from [192.168.50.180] (nat-ppp-217.71.235.199-satnet-spb.ru [217.71.235.199] (may be forged)) (authenticated bits=0) by aqmola.ilbers.de (8.14.4/8.14.4/Debian-4+deb7u1) with ESMTP id x07CgO3g008539 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NOT); Mon, 7 Jan 2019 13:42:26 +0100 Subject: Re: [PATCH v3] sshd-regen-keys: Fix sshd deadlock on boot To: Harald Seiler , isar-users@googlegroups.com, Henning Schild References: <20181219134121.6b540490@md1za8fc.ad001.siemens.net> <32fe04e1e3f5c3c90543665e8965f0e04a8781cf.camel@denx.de> From: "Maxim Yu. Osipov" Organization: ilbers GmbH Message-ID: <532bca94-f7e1-b53b-a923-5f0501a43192@ilbers.de> Date: Mon, 7 Jan 2019 15:42:19 +0300 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.3.0 MIME-Version: 1.0 In-Reply-To: <32fe04e1e3f5c3c90543665e8965f0e04a8781cf.camel@denx.de> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-TUID: KKTJQKYEiW08 On 12/19/18 4:54 PM, Harald Seiler wrote: > Currently, when sshd-regen-keys runs dpkg-reconfigure, this > will lead to a call to `systemctl restart ssh`. This call blocks > forever because of course the sshd-regen-keys unit, which is a > dependency of sshd, hasn't finished at this point and can't do so > because it is waiting as well. > > To circumvent this deadlock, this commit changes sshd-regen-keys' > behavior so sshd is first disabled and only reenabled after the > job is done. Applied to the 'next', Thanks, Maxim. > Signed-off-by: Harald Seiler > --- > Changes for v2: > - Remove `systemctl start --no-block ssh` call as it looks like > this is not needed. > > Changes for v3: > - Bump version number to 0.2 > > .../sshd-regen-keys/files/sshd-regen-keys.service | 2 +- > .../sshd-regen-keys/files/sshd-regen-keys.sh | 18 ++++++++++++++++++ > .../{sshd-regen-keys_0.1.bb => sshd-regen-keys_0.2.bb} | 7 +++++-- > 3 files changed, 24 insertions(+), 3 deletions(-) > create mode 100644 meta/recipes-support/sshd-regen-keys/files/sshd-regen-keys.sh > rename meta/recipes-support/sshd-regen-keys/{sshd-regen-keys_0.1.bb => sshd-regen-keys_0.2.bb} (58%) > > diff --git a/meta/recipes-support/sshd-regen-keys/files/sshd-regen-keys.service b/meta/recipes-support/sshd-regen-keys/files/sshd-regen-keys.service > index 3b8231f..a05e1a9 100644 > --- a/meta/recipes-support/sshd-regen-keys/files/sshd-regen-keys.service > +++ b/meta/recipes-support/sshd-regen-keys/files/sshd-regen-keys.service > @@ -10,7 +10,7 @@ ConditionPathIsReadWrite=/etc > Type=oneshot > RemainAfterExit=yes > Environment=DEBIAN_FRONTEND=noninteractive > -ExecStart=/bin/sh -c "rm -v /etc/ssh/ssh_host_*_key*; dpkg-reconfigure openssh-server" > +ExecStart=/usr/sbin/sshd-regen-keys.sh > ExecStartPost=-/bin/systemctl disable sshd-regen-keys.service > StandardOutput=syslog > StandardError=syslog > diff --git a/meta/recipes-support/sshd-regen-keys/files/sshd-regen-keys.sh b/meta/recipes-support/sshd-regen-keys/files/sshd-regen-keys.sh > new file mode 100644 > index 0000000..11fca3b > --- /dev/null > +++ b/meta/recipes-support/sshd-regen-keys/files/sshd-regen-keys.sh > @@ -0,0 +1,18 @@ > +#!/usr/bin/env sh > + > +echo -n "SSH server is " > +if systemctl is-enabled ssh; then > + SSHD_ENABLED="true" > + systemctl disable --no-reload ssh > +fi > + > +echo "Removing keys ..." > +rm -v /etc/ssh/ssh_host_*_key* > + > +echo "Regenerating keys ..." > +dpkg-reconfigure openssh-server > + > +if test -n $SSHD_ENABLED; then > + echo "Reenabling ssh server ..." > + systemctl enable --no-reload ssh > +fi > diff --git a/meta/recipes-support/sshd-regen-keys/sshd-regen-keys_0.1.bb b/meta/recipes-support/sshd-regen-keys/sshd-regen-keys_0.2.bb > similarity index 58% > rename from meta/recipes-support/sshd-regen-keys/sshd-regen-keys_0.1.bb > rename to meta/recipes-support/sshd-regen-keys/sshd-regen-keys_0.2.bb > index 02e9e25..6f12414 100644 > --- a/meta/recipes-support/sshd-regen-keys/sshd-regen-keys_0.1.bb > +++ b/meta/recipes-support/sshd-regen-keys/sshd-regen-keys_0.2.bb > @@ -6,9 +6,12 @@ MAINTAINER = "isar-users " > DEBIAN_DEPENDS = "openssh-server, systemd" > > SRC_URI = "file://postinst \ > - file://sshd-regen-keys.service" > + file://sshd-regen-keys.service \ > + file://sshd-regen-keys.sh" > > +do_install[cleandirs] = "${D}/lib/systemd/system \ > + ${D}/usr/sbin" > do_install() { > - install -v -d -m 755 "${D}/lib/systemd/system" > install -v -m 644 "${WORKDIR}/sshd-regen-keys.service" "${D}/lib/systemd/system/sshd-regen-keys.service" > + install -v -m 755 "${WORKDIR}/sshd-regen-keys.sh" "${D}/usr/sbin/sshd-regen-keys.sh" > } > -- Maxim Osipov ilbers GmbH Maria-Merian-Str. 8 85521 Ottobrunn Germany +49 (151) 6517 6917 mosipov@ilbers.de http://ilbers.de/ Commercial register Munich, HRB 214197 General Manager: Baurzhan Ismagulov