From patchwork Thu Jun 11 09:14:05 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Norbert Lange X-Patchwork-Id: 1307390 X-Patchwork-Delegate: thomas.petazzoni@free-electrons.com Return-Path: X-Original-To: incoming-buildroot@patchwork.ozlabs.org Delivered-To: patchwork-incoming-buildroot@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=busybox.net (client-ip=140.211.166.137; helo=fraxinus.osuosl.org; envelope-from=buildroot-bounces@busybox.net; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20161025 header.b=G6E1cwQq; dkim-atps=neutral Received: from fraxinus.osuosl.org (smtp4.osuosl.org [140.211.166.137]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 49jJ8v1Hvfz9sRN for ; Thu, 11 Jun 2020 19:14:55 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by fraxinus.osuosl.org (Postfix) with ESMTP id 8AC0887A2B; Thu, 11 Jun 2020 09:14:49 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from fraxinus.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id v4B0rR3hIls4; Thu, 11 Jun 2020 09:14:47 +0000 (UTC) Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34]) by fraxinus.osuosl.org (Postfix) with ESMTP id 1376F87A05; Thu, 11 Jun 2020 09:14:47 +0000 (UTC) X-Original-To: buildroot@lists.busybox.net Delivered-To: buildroot@osuosl.org Received: from hemlock.osuosl.org (smtp2.osuosl.org [140.211.166.133]) by ash.osuosl.org (Postfix) with ESMTP id 944A11BF869 for ; Thu, 11 Jun 2020 09:14:42 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by hemlock.osuosl.org (Postfix) with ESMTP id 90B138954C for ; Thu, 11 Jun 2020 09:14:42 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from hemlock.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tKJ0K9ExTBu6 for ; Thu, 11 Jun 2020 09:14:41 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from mail-ed1-f41.google.com (mail-ed1-f41.google.com [209.85.208.41]) by hemlock.osuosl.org (Postfix) with ESMTPS id 82C718946A for ; Thu, 11 Jun 2020 09:14:41 +0000 (UTC) Received: by mail-ed1-f41.google.com with SMTP id m32so3403033ede.8 for ; Thu, 11 Jun 2020 02:14:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=fZuNjA+5+fe00PxAOEackxRh7OXQWdYbBfVZb4Eo4xg=; b=G6E1cwQq4eWBok6XnZah1Q2vammrtigBDrt62kNk/87vIjT7zYWDJJzsgN3HHoJMuJ eLzCExqRTKHZzBY0eWdpV2nLWEjvfiaTzMAA9wdMxNBRSt8/VfH+31ms2XJXP68dS/0a IEUdhvMvjCVuHQ50aInPPgLEadBdkFkqAN5S6PkvjVWo/04BDnduFewiGShyjLcVdfB3 M44lZu/s0KBQKtC/Xe0bJIxilVb1us/Gv2IykX1UD38AA/K6iobtHMrlnzDzuJA88zG1 0PyncUaOQC2nGDq/A/ovF9IXN60LtgH/Ex+/3Kx4nwjHcirCzQT/bWUqrr0HjUShh0AD eO6w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=fZuNjA+5+fe00PxAOEackxRh7OXQWdYbBfVZb4Eo4xg=; b=VwGu2EZwxjZ3NISRhO2K98hr44jSjtZHH55UdnYHk7EeqHi6V9G+6r9Wk41s7mpXYr zsZ6D2nHaHyc+wKmHnpZ9+EIQbIpg5yyw5QRfcV5PAUNLmrSAt/v2mBsZ48mubfE7VgI P41m6lCdFpFINCZBEA3IBae4wgcMZX1K3eRJhNR2SWJ2E3wACyHMtzmZkZZj7phX3dq+ YZH90it0Q0ULs61EBnE973GvujV9BV6EhYNpBqs5DUaEYpMKpzY1pNIqfQkhsZchN8bH Jh17dTHkMtf80v2ghC2WoVjsTmajM0Z4qMgc91ij6XLLA+smvSWTqwUz0uxJRXJ0lb6+ qiyA== X-Gm-Message-State: AOAM532Ltd/INGcE8H9W7+/wWrZSNWpVChDbqrc0R45FPYEAiy64fD8N 44oYSJst8yX/IrUMDcm8Z60a4HrynYg= X-Google-Smtp-Source: ABdhPJwcdNFkNTLtmREs+zq7bNVliH2pf8kT+j3NhCYqb6SuILad3wH+PTMt/x2oxy4Z9qceB/7oRw== X-Received: by 2002:a50:fb0b:: with SMTP id d11mr6300357edq.118.1591866879528; Thu, 11 Jun 2020 02:14:39 -0700 (PDT) Received: from localhost.localdomain (84-114-45-16.cable.dynamic.surfer.at. [84.114.45.16]) by smtp.gmail.com with ESMTPSA id ck11sm1541678ejb.41.2020.06.11.02.14.38 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 11 Jun 2020 02:14:39 -0700 (PDT) From: Norbert Lange To: buildroot@buildroot.org Date: Thu, 11 Jun 2020 11:14:05 +0200 Message-Id: <20200611091407.12688-3-nolange79@gmail.com> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20200611091407.12688-1-nolange79@gmail.com> References: <20200611091407.12688-1-nolange79@gmail.com> MIME-Version: 1.0 Subject: [Buildroot] [PATCH v2 2/3] package/openssh: seperate sd service for host key generation X-BeenThere: buildroot@busybox.net X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion and development of buildroot List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Norbert Lange , jeremy.rosen@smile.fr Errors-To: buildroot-bounces@busybox.net Sender: "buildroot" split out generation of host keys into an optional service that can easily be removed or deactivated. Signed-off-by: Norbert Lange Reviewed-by: Jérémy ROSEN --- package/openssh/openssh.mk | 5 +++-- package/openssh/sshd-host-keygen.service | 23 +++++++++++++++++++++++ package/openssh/sshd.service | 1 - 3 files changed, 26 insertions(+), 3 deletions(-) create mode 100644 package/openssh/sshd-host-keygen.service diff --git a/package/openssh/openssh.mk b/package/openssh/openssh.mk index 3e0a85ae2e..1fcd957299 100644 --- a/package/openssh/openssh.mk +++ b/package/openssh/openssh.mk @@ -116,8 +116,9 @@ endef OPENSSH_POST_INSTALL_TARGET_HOOKS += OPENSSH_INSTALL_SERVER_PROGRAMS define OPENSSH_INSTALL_INIT_SYSTEMD - $(INSTALL) -D -m 644 package/openssh/sshd.service \ - $(TARGET_DIR)/usr/lib/systemd/system/sshd.service + mkdir $(TARGET_DIR)/usr/lib/systemd/system + $(INSTALL) -m 644 package/openssh/sshd*.service \ + $(TARGET_DIR)/usr/lib/systemd/system/ $(OPENSSH_INSTALL_SYSTEMD_SYSUSERS) endef diff --git a/package/openssh/sshd-host-keygen.service b/package/openssh/sshd-host-keygen.service new file mode 100644 index 0000000000..2db1be16c4 --- /dev/null +++ b/package/openssh/sshd-host-keygen.service @@ -0,0 +1,23 @@ +[Unit] +Description=SSH Key Generation +Before=sshd.service + +ConditionPathExists=|!/etc/ssh/ssh_host_dsa_key +ConditionPathExists=|!/etc/ssh/ssh_host_dsa_key.pub +ConditionPathExists=|!/etc/ssh/ssh_host_ecdsa_key +ConditionPathExists=|!/etc/ssh/ssh_host_ecdsa_key.pub +ConditionPathExists=|!/etc/ssh/ssh_host_ed25519_key +ConditionPathExists=|!/etc/ssh/ssh_host_ed25519_key.pub +ConditionPathExists=|!/etc/ssh/ssh_host_rsa_key +ConditionPathExists=|!/etc/ssh/ssh_host_rsa_key.pub + +[Service] +ExecStart=/usr/bin/ssh-keygen -A +Type=oneshot +# systemd changed behaviour in v245 leading to various drawbacks, +# seems like every one-shot service should use RemainAfterExit +# https://github.com/systemd/systemd/issues/15091 +RemainAfterExit=yes + +[Install] +WantedBy=sshd.service diff --git a/package/openssh/sshd.service b/package/openssh/sshd.service index 715bd3f7eb..797e249d8d 100644 --- a/package/openssh/sshd.service +++ b/package/openssh/sshd.service @@ -4,7 +4,6 @@ Documentation=man:sshd(8) man:sshd_config(5) After=network.target auditd.service [Service] -ExecStartPre=/usr/bin/ssh-keygen -A ExecStartPre=/usr/sbin/sshd -t ExecStart=/usr/sbin/sshd -D ExecReload=/usr/sbin/sshd -t