From mboxrd@z Thu Jan 1 00:00:00 1970 X-GM-THRID: 6802611076497145856 X-Received: by 2002:adf:ef45:: with SMTP id c5mr3650532wrp.302.1583919164152; Wed, 11 Mar 2020 02:32:44 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com Received: by 2002:a1c:93:: with SMTP id 141ls849213wma.1.canary-gmail; Wed, 11 Mar 2020 02:32:42 -0700 (PDT) X-Google-Smtp-Source: ADFU+vsbJAwr2LebrcURn8TwGBkYjkO/Q8cdN52geCL1icWtRymETLGNWQ9YYnxfkjAezOZzSepW X-Received: by 2002:a7b:cb12:: with SMTP id u18mr2839834wmj.153.1583919162494; Wed, 11 Mar 2020 02:32:42 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1583919162; cv=none; d=google.com; s=arc-20160816; b=TJn/hHVXXL2jDjBzskZzAQOR88QJMSGf3hpXzDfRPqixb1XYpcrTveqLk07Fd+IZQh CEMPW10aqpkaS6pKCFMQVIFKN/l28nAAvEWvZX/av0++kWXLQs23glLUexy8OwV11sNR fkUafJGxD828atUo09hqqgQQ9mq0e6r9rLtwVgjeMmtA+OA125RZ5sJKxdtCCALC/xKc rR1yd3KjclcIMuwJwzn2bhXzEAMd1NRIRixSUqx5Kdhc+h4QarStfqUrMW2H07J1EscY xW17z3slD31I5VRlHVDaVf8aJtNrkT+GubuKPnmCmJraWCsPme8OoX8tUTmobwoSZRHX T0bw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:content-language:in-reply-to:mime-version :user-agent:date:message-id:from:references:cc:to:subject; bh=rFrob1m5/6Cy+18EwgiTthVVOk8ug0Z1bPGQcat/fcg=; b=YgL0HaD/olp4Wz/c3KY35MHKGJmU2ViSSX1ohy2c1JruCJZweRDmnUaQTtO24ryoiO LGFRjufMtqwPvB9i1rOzvK3KtJ+Q02PnSUtrCICp9QqnaS5HfMAs9l8dtjrIfg+9QwqW Txmg1FnlAAtLX3CyRJz5oGkPgK9zzZksvcZtdqB8pLMxwI3fQ3YE+HXB7dzFmXz3RGkd pjrcpulqjoCJEiHbq2mEuHqznG89+hd7Yce+hV8IiLkXOJ9N8DLkHpwvh6Z1xd0AynHD OdEMoq6LThgc0kmPwbiuXM5SMO4JOKar2Fvm5YsB+gX3nxt9RikM/lGZzB3JNYsThHU4 k09w== ARC-Authentication-Results: i=1; gmr-mx.google.com; spf=pass (google.com: domain of jan.kiszka@siemens.com designates 192.35.17.28 as permitted sender) smtp.mailfrom=jan.kiszka@siemens.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=siemens.com Return-Path: Received: from goliath.siemens.de (goliath.siemens.de. [192.35.17.28]) by gmr-mx.google.com with ESMTPS id d16si53724wrv.4.2020.03.11.02.32.42 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 11 Mar 2020 02:32:42 -0700 (PDT) Received-SPF: pass (google.com: domain of jan.kiszka@siemens.com designates 192.35.17.28 as permitted sender) client-ip=192.35.17.28; Authentication-Results: gmr-mx.google.com; spf=pass (google.com: domain of jan.kiszka@siemens.com designates 192.35.17.28 as permitted sender) smtp.mailfrom=jan.kiszka@siemens.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=siemens.com Received: from mail1.sbs.de (mail1.sbs.de [192.129.41.35]) by goliath.siemens.de (8.15.2/8.15.2) with ESMTPS id 02B9WgxV000805 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 11 Mar 2020 10:32:42 +0100 Received: from [167.87.85.172] ([167.87.85.172]) by mail1.sbs.de (8.15.2/8.15.2) with ESMTP id 02B9Wexh003504; Wed, 11 Mar 2020 10:32:41 +0100 Subject: Re: [PATCH 1/3] sshd-regen-keys: correct dependency on ssh daemon service To: Henning Schild , Cedric Hombourger Cc: isar-users@googlegroups.com References: <1583856274-254-1-git-send-email-Cedric_Hombourger@mentor.com> <1583856274-254-2-git-send-email-Cedric_Hombourger@mentor.com> <20200311093443.541c8c61@md1za8fc.ad001.siemens.net> From: Jan Kiszka Message-ID: Date: Wed, 11 Mar 2020 10:32:40 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.5.0 MIME-Version: 1.0 In-Reply-To: <20200311093443.541c8c61@md1za8fc.ad001.siemens.net> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-TUID: Zq946tc48QhA On 11.03.20 09:34, Henning Schild wrote: > One fun fact on the version bump here. All our "on first boot" recipes > use a trick where the postinst enables them, and their run disables > them again. > > That pattern is broken in the face of package updates, where the > service will be enabled again and we do a second round. Meaning all > packages using that pattern need code that can be run multiple times. > > In fact the pattern should probably be improved, where the "enable" in > postinst becomes conditional if the packages was installed before and > the service is already disabled. > > Taking Jan in as well, since he established that pattern. Yeah, but without considering a package update case at all. I suppose some other post-inst scripts we have, e.g. in customization packages, are not really upgrade-friendly. Simply wasn't a priority so far, but we can always do better of course. Jan > > Henning > > On Tue, 10 Mar 2020 17:04:32 +0100 > Cedric Hombourger wrote: > >> The name of the SSH daemon service is ssh.service, not sshd.service >> This fixes some (sporadic) failures to generate host-specific ssh >> keys on first boot. >> >> Signed-off-by: Cedric Hombourger >> --- >> .../sshd-regen-keys/files/sshd-regen-keys.service | 2 >> +- .../{sshd-regen-keys_0.2.bb => sshd-regen-keys_0.3.bb} | 0 >> 2 files changed, 1 insertion(+), 1 deletion(-) >> rename meta/recipes-support/sshd-regen-keys/{sshd-regen-keys_0.2.bb >> => sshd-regen-keys_0.3.bb} (100%) >> >> diff --git >> a/meta/recipes-support/sshd-regen-keys/files/sshd-regen-keys.service >> b/meta/recipes-support/sshd-regen-keys/files/sshd-regen-keys.service >> index a05e1a9..f50d34c 100644 --- >> a/meta/recipes-support/sshd-regen-keys/files/sshd-regen-keys.service >> +++ >> b/meta/recipes-support/sshd-regen-keys/files/sshd-regen-keys.service >> @@ -3,7 +3,7 @@ Description=Regenerate sshd host keys >> DefaultDependencies=no Conflicts=shutdown.target >> After=systemd-remount-fs.service -Before=shutdown.target sshd.service >> +Before=shutdown.target ssh.service ConditionPathIsReadWrite=/etc >> >> [Service] >> diff --git >> a/meta/recipes-support/sshd-regen-keys/sshd-regen-keys_0.2.bb >> b/meta/recipes-support/sshd-regen-keys/sshd-regen-keys_0.3.bb >> similarity index 100% rename from >> meta/recipes-support/sshd-regen-keys/sshd-regen-keys_0.2.bb rename to >> meta/recipes-support/sshd-regen-keys/sshd-regen-keys_0.3.bb > -- Siemens AG, Corporate Technology, CT RDA IOT SES-DE Corporate Competence Center Embedded Linux