From mboxrd@z Thu Jan 1 00:00:00 1970 X-GM-THRID: 6634399131619033088 X-Received: by 2002:a2e:165c:: with SMTP id 28-v6mr1705757ljw.25.1545219827548; Wed, 19 Dec 2018 03:43:47 -0800 (PST) X-BeenThere: isar-users@googlegroups.com Received: by 2002:a2e:2a44:: with SMTP id q65-v6ls2450961ljq.1.gmail; Wed, 19 Dec 2018 03:43:46 -0800 (PST) X-Google-Smtp-Source: AFSGD/XfICqPvX42v35fSDrZJsdTVz88k8W6LjOUrTULB4dFYnR3ZxAAdVZ1vSIlNBW3u3VpFN7m X-Received: by 2002:a2e:9053:: with SMTP id n19-v6mr1766194ljg.12.1545219826355; Wed, 19 Dec 2018 03:43:46 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1545219826; cv=none; d=google.com; s=arc-20160816; b=nNRr/0d+IonyQRuY8wPlZp/FNfBa2HiS0yqzsmnpd/6TibfynwNC3tHV0geQxIQ8TL Yl+jD9Z1R0qildJi/YmeeHH7wymro97SN16IiQcWn3eweY7nmBRaLxccPpHckA2r0KeS UQvb+iN496Xg03uykVWjpLYjfrFWLlcF5dZ9cn8QP8Uwavdx+PaK/T2IUQS0N7BsbBUs PzbsGvvUvlgXYJbMkUd6RkentEKJWeCs03kIGivRKvBurhqF4bKrnvdl3TzP+UUcXdmu 1HGh1Y9EqgktdBHlPS0MYLqirjGfzgflb+qoFCIESZsilNUZkg8ro76yap13EmWXrnXI pJhg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:user-agent:references :in-reply-to:date:to:from:subject:message-id; bh=2vnGEy9lPWuDAlrZRNPj9BbFT6C2fIw61S4aClw/CTA=; b=QPSUUPihalv85qnJjvlzsDtB56vwno2kYYMhKNDmgTZgbnMvBTBFO5QqgaPZnzOEAC ywprRcaZPkmae27taFIXGWls7/nXOZ+/H7SX2LEVZAVAGE6ufwtse/JeZKsvQ78TGccx KY77/AxW/xYdgdVtk76luXwEUrTgB439GeXdXV2sylTeL1lN6fOKbDL4cvrr4oNtnixc 2b7tgmAAakL0pXLqlFEzxb5Jr7WSgLpE/TmxGR4ogguPUdHCA0ZUOdzKpYOSTWVocfYm W0zAxAu9Z/8ygmdK640v5ZEHNlP2PRlpbihG9y1bBADk88IsgE8OZOpdvtg/0gYji7UM R8ew== ARC-Authentication-Results: i=1; gmr-mx.google.com; spf=neutral (google.com: 212.18.0.9 is neither permitted nor denied by best guess record for domain of hws@denx.de) smtp.mailfrom=hws@denx.de Return-Path: Received: from mail-out.m-online.net (mail-out.m-online.net. [212.18.0.9]) by gmr-mx.google.com with ESMTPS id w10si693671lfc.5.2018.12.19.03.43.46 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 19 Dec 2018 03:43:46 -0800 (PST) Received-SPF: neutral (google.com: 212.18.0.9 is neither permitted nor denied by best guess record for domain of hws@denx.de) client-ip=212.18.0.9; Authentication-Results: gmr-mx.google.com; spf=neutral (google.com: 212.18.0.9 is neither permitted nor denied by best guess record for domain of hws@denx.de) smtp.mailfrom=hws@denx.de Received: from frontend01.mail.m-online.net (unknown [192.168.8.182]) by mail-out.m-online.net (Postfix) with ESMTP id 43KY1s4kLCz1qvvS; Wed, 19 Dec 2018 12:43:45 +0100 (CET) Received: from localhost (dynscan1.mnet-online.de [192.168.6.70]) by mail.m-online.net (Postfix) with ESMTP id 43KY1s4WKLz1qtfP; Wed, 19 Dec 2018 12:43:45 +0100 (CET) X-Virus-Scanned: amavisd-new at mnet-online.de Received: from mail.mnet-online.de ([192.168.8.182]) by localhost (dynscan1.mail.m-online.net [192.168.6.70]) (amavisd-new, port 10024) with ESMTP id NYlmQs9Y4KWH; Wed, 19 Dec 2018 12:43:44 +0100 (CET) X-Auth-Info: 1IijmVKHki4a3qTtBwRz4KzYzgTk7AauP+5uhfIJAR0= Received: from sandvich (p5B04C7D0.dip0.t-ipconnect.de [91.4.199.208]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.mnet-online.de (Postfix) with ESMTPSA; Wed, 19 Dec 2018 12:43:44 +0100 (CET) Message-ID: <8004cf446a3ff547ffd68ef8d3e34a6b88a17a06.camel@denx.de> Subject: [PATCH v2] sshd-regen-keys: Fix sshd deadlock on boot From: Harald Seiler To: isar-users@googlegroups.com, Henning Schild Date: Wed, 19 Dec 2018 12:43:43 +0100 In-Reply-To: <20181213141802.6fe4a015@md1za8fc.ad001.siemens.net> References: <20181213141802.6fe4a015@md1za8fc.ad001.siemens.net> Content-Type: text/plain; charset="UTF-8" User-Agent: Evolution 3.30.3 Mime-Version: 1.0 Content-Transfer-Encoding: 7bit X-TUID: BZIXCMZZ09D8 Currently, when sshd-regen-keys runs dpkg-reconfigure, this will lead to a call to `systemctl restart ssh`. This call blocks forever because of course the sshd-regen-keys unit, which is a dependency of sshd, hasn't finished at this point and can't do so because it is waiting as well. To circumvent this deadlock, this commit changes sshd-regen-keys' behavior so sshd is first disabled and only reenabled after the job is done. Signed-off-by: Harald Seiler --- > That is what i guessed. But can we not drop that? The unit has to > finish before sshd anyways, so there will be a "start sshd" somewhere > after that point. I am not certain, however I tested it and it looks like you are right. Changes for v2: - Remove `systemctl start --no-block ssh` call as it looks like this is not needed. .../sshd-regen-keys/files/sshd-regen-keys.service | 2 +- .../sshd-regen-keys/files/sshd-regen-keys.sh | 18 ++++++++++++++++++ .../sshd-regen-keys/sshd-regen-keys_0.1.bb | 7 +++++-- 3 files changed, 24 insertions(+), 3 deletions(-) create mode 100644 meta/recipes-support/sshd-regen-keys/files/sshd-regen-keys.sh diff --git a/meta/recipes-support/sshd-regen-keys/files/sshd-regen-keys.service b/meta/recipes-support/sshd-regen-keys/files/sshd-regen-keys.service index 3b8231f..a05e1a9 100644 --- a/meta/recipes-support/sshd-regen-keys/files/sshd-regen-keys.service +++ b/meta/recipes-support/sshd-regen-keys/files/sshd-regen-keys.service @@ -10,7 +10,7 @@ ConditionPathIsReadWrite=/etc Type=oneshot RemainAfterExit=yes Environment=DEBIAN_FRONTEND=noninteractive -ExecStart=/bin/sh -c "rm -v /etc/ssh/ssh_host_*_key*; dpkg-reconfigure openssh-server" +ExecStart=/usr/sbin/sshd-regen-keys.sh ExecStartPost=-/bin/systemctl disable sshd-regen-keys.service StandardOutput=syslog StandardError=syslog diff --git a/meta/recipes-support/sshd-regen-keys/files/sshd-regen-keys.sh b/meta/recipes-support/sshd-regen-keys/files/sshd-regen-keys.sh new file mode 100644 index 0000000..11fca3b --- /dev/null +++ b/meta/recipes-support/sshd-regen-keys/files/sshd-regen-keys.sh @@ -0,0 +1,18 @@ +#!/usr/bin/env sh + +echo -n "SSH server is " +if systemctl is-enabled ssh; then + SSHD_ENABLED="true" + systemctl disable --no-reload ssh +fi + +echo "Removing keys ..." +rm -v /etc/ssh/ssh_host_*_key* + +echo "Regenerating keys ..." +dpkg-reconfigure openssh-server + +if test -n $SSHD_ENABLED; then + echo "Reenabling ssh server ..." + systemctl enable --no-reload ssh +fi diff --git a/meta/recipes-support/sshd-regen-keys/sshd-regen-keys_0.1.bb b/meta/recipes-support/sshd-regen-keys/sshd-regen-keys_0.1.bb index 02e9e25..6f12414 100644 --- a/meta/recipes-support/sshd-regen-keys/sshd-regen-keys_0.1.bb +++ b/meta/recipes-support/sshd-regen-keys/sshd-regen-keys_0.1.bb @@ -6,9 +6,12 @@ MAINTAINER = "isar-users " DEBIAN_DEPENDS = "openssh-server, systemd" SRC_URI = "file://postinst \ - file://sshd-regen-keys.service" + file://sshd-regen-keys.service \ + file://sshd-regen-keys.sh" +do_install[cleandirs] = "${D}/lib/systemd/system \ + ${D}/usr/sbin" do_install() { - install -v -d -m 755 "${D}/lib/systemd/system" install -v -m 644 "${WORKDIR}/sshd-regen-keys.service" "${D}/lib/systemd/system/sshd-regen-keys.service" + install -v -m 755 "${WORKDIR}/sshd-regen-keys.sh" "${D}/usr/sbin/sshd-regen-keys.sh" } -- Harald DENX Software Engineering GmbH, Managing Director: Wolfgang Denk HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany Phone: +49-8142-66989-62 Fax: +49-8142-66989-80 Email: hws@denx.de