Patchwork [1/4,v3] openssh: Add systemd support

login
register
mail settings
Submitter Shakeel, Muhammad
Date Aug. 16, 2013, 5:27 p.m.
Message ID <1376674064-14468-1-git-send-email-muhammad_shakeel@mentor.com>
Download mbox | patch
Permalink /patch/55943/
State New
Headers show

Comments

Shakeel, Muhammad - Aug. 16, 2013, 5:27 p.m.
From: Muhammad Shakeel <muhammad_shakeel@mentor.com>

-Remove dependency on meta-systemd

Signed-off-by: Muhammad Shakeel <muhammad_shakeel@mentor.com>
---
 .../openssh/openssh-6.2p2/sshd.socket              |   11 +++++++++++
 .../openssh/openssh-6.2p2/sshd@.service            |    9 +++++++++
 .../openssh/openssh-6.2p2/sshdgenkeys.service      |   10 ++++++++++
 meta/recipes-connectivity/openssh/openssh_6.2p2.bb |   20 ++++++++++++++++++--
 4 files changed, 48 insertions(+), 2 deletions(-)
Khem Raj - Aug. 16, 2013, 5:47 p.m.
On Fri, Aug 16, 2013 at 10:27 AM, Shakeel, Muhammad <
muhammad_shakeel@mentor.com> wrote:

> From: Muhammad Shakeel <muhammad_shakeel@mentor.com>
>
> -Remove dependency on meta-systemd
>
> Signed-off-by: Muhammad Shakeel <muhammad_shakeel@mentor.com>
> ---
>  .../openssh/openssh-6.2p2/sshd.socket              |   11 +++++++++++
>  .../openssh/openssh-6.2p2/sshd@.service            |    9 +++++++++
>  .../openssh/openssh-6.2p2/sshdgenkeys.service      |   10 ++++++++++
>  meta/recipes-connectivity/openssh/openssh_6.2p2.bb |   20
> ++++++++++++++++++--
>  4 files changed, 48 insertions(+), 2 deletions(-)
>
> diff --git a/meta/recipes-connectivity/openssh/openssh-6.2p2/sshd.socket
> b/meta/recipes-connectivity/openssh/openssh-6.2p2/sshd.socket
> new file mode 100644
> index 0000000..753a33b
> --- /dev/null
> +++ b/meta/recipes-connectivity/openssh/openssh-6.2p2/sshd.socket
> @@ -0,0 +1,11 @@
> +[Unit]
> +Conflicts=sshd.service
> +
> +[Socket]
> +ExecStartPre=/bin/mkdir -p /var/run/sshd
> +ListenStream=22
> +Accept=yes
> +
> +[Install]
> +WantedBy=sockets.target
> +Also=sshdgenkeys.service
> diff --git a/meta/recipes-connectivity/openssh/openssh-6.2p2/sshd@.service
> b/meta/recipes-connectivity/openssh/openssh-6.2p2/sshd@.service
> new file mode 100644
> index 0000000..d118490
> --- /dev/null
> +++ b/meta/recipes-connectivity/openssh/openssh-6.2p2/sshd@.service
> @@ -0,0 +1,9 @@
> +[Unit]
> +Description=OpenSSH Per-Connection Daemon
> +After=sshdgenkeys.service
> +
> +[Service]
> +ExecStart=-/usr/sbin/sshd -i
> +ExecReload=/bin/kill -HUP $MAINPID
> +StandardInput=socket
> +StandardError=syslog
> diff --git
> a/meta/recipes-connectivity/openssh/openssh-6.2p2/sshdgenkeys.service
> b/meta/recipes-connectivity/openssh/openssh-6.2p2/sshdgenkeys.service
> new file mode 100644
> index 0000000..c717214
> --- /dev/null
> +++ b/meta/recipes-connectivity/openssh/openssh-6.2p2/sshdgenkeys.service
> @@ -0,0 +1,10 @@
> +[Unit]
> +Description=SSH Key Generation
> +
> +[Service]
> +ExecStart=/usr/bin/ssh-keygen -A
> +Type=oneshot
> +RemainAfterExit=yes
> +
> +[Install]
> +WantedBy=multi-user.target
>



it would be nice if it was using libdir/bindir instead of hardcoded paths
coudld be achieved by generating the unit files from some sort of .in files
at build time so it could benefit
the distros which dont use /usr e.g.

??

> diff --git a/meta/recipes-connectivity/openssh/openssh_6.2p2.bbb/meta/recipes-connectivity/openssh/
> openssh_6.2p2.bb
> index c76f9ac..8dac2f1 100644
> --- a/meta/recipes-connectivity/openssh/openssh_6.2p2.bb
> +++ b/meta/recipes-connectivity/openssh/openssh_6.2p2.bb
> @@ -26,14 +26,17 @@ SRC_URI = "
> ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar.
>             file://init \
>             file://openssh-CVE-2011-4327.patch \
>             file://mac.patch \
> -           ${@base_contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}',
> '', d)}"
> +           ${@base_contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}',
> '', d)} \
> +           file://sshd.socket \
> +           file://sshd@.service \
> +           file://sshdgenkeys.service "
>
>  PAM_SRC_URI = "file://sshd"
>
>  SRC_URI[md5sum] = "be46174dcbb77ebb4ea88ef140685de1"
>  SRC_URI[sha256sum] =
> "7f29b9d2ad672ae0f9e1dcbff871fc5c2e60a194e90c766432e32161b842313b"
>
> -inherit useradd update-rc.d update-alternatives
> +inherit useradd update-rc.d update-alternatives systemd
>
>  USERADD_PACKAGES = "${PN}-sshd"
>  USERADD_PARAM_${PN}-sshd = "--system --no-create-home --home-dir
> /var/run/sshd --shell /bin/false --user-group sshd"
> @@ -41,6 +44,10 @@ INITSCRIPT_PACKAGES = "${PN}-sshd"
>  INITSCRIPT_NAME_${PN}-sshd = "sshd"
>  INITSCRIPT_PARAMS_${PN}-sshd = "defaults 9"
>
> +SYSTEMD_PACKAGES = "${PN}-sshd"
> +SYSTEMD_SERVICE_${PN}-sshd = "sshd.socket sshd@.service
> sshdgenkeys.service"
> +SYSTEMD_AUTO_ENABLE = "enable"
> +
>  PACKAGECONFIG ??= "tcp-wrappers"
>  PACKAGECONFIG[tcp-wrappers] = "--with-tcp-wrappers,,tcp-wrappers"
>
> @@ -93,6 +100,14 @@ do_install_append () {
>         echo "HostKey /var/run/ssh/ssh_host_rsa_key" >>
> ${D}${sysconfdir}/ssh/sshd_config_readonly
>         echo "HostKey /var/run/ssh/ssh_host_dsa_key" >>
> ${D}${sysconfdir}/ssh/sshd_config_readonly
>         echo "HostKey /var/run/ssh/ssh_host_ecdsa_key" >>
> ${D}${sysconfdir}/ssh/sshd_config_readonly
> +
> +       install -d ${D}${systemd_unitdir}/system
> +       install -m 0644 ${WORKDIR}/sshd.socket
> ${D}${systemd_unitdir}/system
> +       install -m 0644 ${WORKDIR}/sshd@.service
> ${D}${systemd_unitdir}/system
> +       install -m 0644 ${WORKDIR}/sshdgenkeys.service
> ${D}${systemd_unitdir}/system
> +       sed -i 's,/bin/,${base_bindir}/,g'
> ${D}${systemd_unitdir}/system/sshd.socket
> ${D}${systemd_unitdir}/system/sshd@.service
> +       sed -i 's,/usr/sbin/,${sbindir}/,g'
> ${D}${systemd_unitdir}/system/sshd@.service
> +       sed -i 's,/usr/bin/,${bindir}/,g'
> ${D}${systemd_unitdir}/system/sshdgenkeys.service
>  }
>
>  ALLOW_EMPTY_${PN} = "1"
> @@ -102,6 +117,7 @@ FILES_${PN}-scp = "${bindir}/scp.${BPN}"
>  FILES_${PN}-ssh = "${bindir}/ssh.${BPN} ${sysconfdir}/ssh/ssh_config"
>  FILES_${PN}-sshd = "${sbindir}/sshd ${sysconfdir}/init.d/sshd"
>  FILES_${PN}-sshd += "${sysconfdir}/ssh/moduli
> ${sysconfdir}/ssh/sshd_config ${sysconfdir}/ssh/sshd_config_readonly"
> +FILES_${PN}-sshd += "${systemd_unitdir}"
>  FILES_${PN}-sftp = "${bindir}/sftp"
>  FILES_${PN}-sftp-server = "${libexecdir}/sftp-server"
>  FILES_${PN}-misc = "${bindir}/ssh* ${libexecdir}/ssh*"
> --
> 1.7.9.5
>
> _______________________________________________
> Openembedded-core mailing list
> Openembedded-core@lists.openembedded.org
> http://lists.openembedded.org/mailman/listinfo/openembedded-core
>
Shakeel, Muhammad - Aug. 19, 2013, 6:18 a.m.
On 08/16/2013 10:47 PM, Khem Raj wrote:
>
>
>
> On Fri, Aug 16, 2013 at 10:27 AM, Shakeel, Muhammad 
> <muhammad_shakeel@mentor.com <mailto:muhammad_shakeel@mentor.com>> wrote:
>
>     From: Muhammad Shakeel <muhammad_shakeel@mentor.com
>     <mailto:muhammad_shakeel@mentor.com>>
>
>     -Remove dependency on meta-systemd
>
>     +[Service]
>     +ExecStart=-/usr/sbin/sshd -i
>
>
>
> it would be nice if it was using libdir/bindir instead of hardcoded paths
> coudld be achieved by generating the unit files from some sort of .in 
> files at build time so it could benefit
> the distros which dont use /usr e.g.
> ??
>
>     +       sed -i 's,/bin/,${base_bindir}/,g'
>     ${D}${systemd_unitdir}/system/sshd.socket
>     ${D}${systemd_unitdir}/system/sshd@.service
>     +       sed -i 's,/usr/sbin/,${sbindir}/,g'
>     ${D}${systemd_unitdir}/system/sshd@.service
>     +       sed -i 's,/usr/bin/,${bindir}/,g'
>     ${D}${systemd_unitdir}/system/sshdgenkeys.service
>
>
/usr/sbin/ is being sed'ed with ${sbindir} in do_install_append of the 
respective recipe file. /usr/bin/ and /bin/ is also taken care of.

Regards
Khem Raj - Aug. 19, 2013, 6:40 a.m.
On Sun, Aug 18, 2013 at 11:18 PM, Muhammad Shakeel
<muhammad_shakeel@mentor.com> wrote:
> /usr/sbin/ is being sed'ed with ${sbindir} in do_install_append of the
> respective recipe file. /usr/bin/ and /bin/ is also taken care of.

i see, thats better. however I do see a need to have  a generalized
way of specifying service files and a generic
processing engine which then takes care of it. Otherwise we have the
same code replicated in multiple recipes
Saul Wold - Aug. 19, 2013, 9 p.m.
On 08/18/2013 11:40 PM, Khem Raj wrote:
> On Sun, Aug 18, 2013 at 11:18 PM, Muhammad Shakeel
> <muhammad_shakeel@mentor.com> wrote:
>> /usr/sbin/ is being sed'ed with ${sbindir} in do_install_append of the
>> respective recipe file. /usr/bin/ and /bin/ is also taken care of.
>
> i see, thats better. however I do see a need to have  a generalized
> way of specifying service files and a generic
> processing engine which then takes care of it. Otherwise we have the
> same code replicated in multiple recipes

Agreed, I think there should be a generalized solution here, implemented 
in the systemd.bbclass.

It also appears that this set is also creating a /lib dir that should 
not be there for non-systemd builds.

> ERROR: Task 25 (/home/sgw/yocto/poky/meta/recipes-extended/lighttpd/lighttpd_1.4.32.bb, do_package) failed with exit code '1'
> ERROR: QA Issue: nfs-utils: Files/directories were installed but not shipped
>   /lib
> ERROR: QA run found fatal errors. Please consider fixing them.
> ERROR: Function failed: do_package_qa
> ERROR: Logfile of failure stored in: /home/sgw/yocto/builds/world/tmp/work/x86_64-poky-linux/nfs-utils/1.2.8-r0/temp/log.do_package.17558

Thanks
	Sau!


> _______________________________________________
> Openembedded-core mailing list
> Openembedded-core@lists.openembedded.org
> http://lists.openembedded.org/mailman/listinfo/openembedded-core
>
Shakeel, Muhammad - Aug. 20, 2013, 6:54 a.m.
On 08/20/2013 02:00 AM, Saul Wold wrote:
> On 08/18/2013 11:40 PM, Khem Raj wrote:
>> On Sun, Aug 18, 2013 at 11:18 PM, Muhammad Shakeel
>> <muhammad_shakeel@mentor.com> wrote:
>>> /usr/sbin/ is being sed'ed with ${sbindir} in do_install_append of the
>>> respective recipe file. /usr/bin/ and /bin/ is also taken care of.
>>
>> i see, thats better. however I do see a need to have  a generalized
>> way of specifying service files and a generic
>> processing engine which then takes care of it. Otherwise we have the
>> same code replicated in multiple recipes
>
> Agreed, I think there should be a generalized solution here, 
> implemented in the systemd.bbclass.
This is not required for all of the systemd unit files. Packages which 
have upstream systemd support, e.g. avahi, ofono they install service 
file theirselves.
I have already discussed to move this 'sed' part into systemd.bbclass 
but Ross Burton had other ideas. 
http://patches.openembedded.org/patch/53489/

So what is your final recommendation here?

> It also appears that this set is also creating a /lib dir that should 
> not be there for non-systemd builds.
>
>> ERROR: Task 25 
>> (/home/sgw/yocto/poky/meta/recipes-extended/lighttpd/lighttpd_1.4.32.bb, 
>> do_package) failed with exit code '1'
>> ERROR: QA Issue: nfs-utils: Files/directories were installed but not 
>> shipped
>>   /lib
>> ERROR: QA run found fatal errors. Please consider fixing them.
>> ERROR: Function failed: do_package_qa
>> ERROR: Logfile of failure stored in: 
>> /home/sgw/yocto/builds/world/tmp/work/x86_64-poky-linux/nfs-utils/1.2.8-r0/temp/log.do_package.17558
Sorry about this error, I will fix this in next version.

Regards
--Shakeel

Patch

diff --git a/meta/recipes-connectivity/openssh/openssh-6.2p2/sshd.socket b/meta/recipes-connectivity/openssh/openssh-6.2p2/sshd.socket
new file mode 100644
index 0000000..753a33b
--- /dev/null
+++ b/meta/recipes-connectivity/openssh/openssh-6.2p2/sshd.socket
@@ -0,0 +1,11 @@ 
+[Unit]
+Conflicts=sshd.service
+
+[Socket]
+ExecStartPre=/bin/mkdir -p /var/run/sshd
+ListenStream=22
+Accept=yes
+
+[Install]
+WantedBy=sockets.target
+Also=sshdgenkeys.service
diff --git a/meta/recipes-connectivity/openssh/openssh-6.2p2/sshd@.service b/meta/recipes-connectivity/openssh/openssh-6.2p2/sshd@.service
new file mode 100644
index 0000000..d118490
--- /dev/null
+++ b/meta/recipes-connectivity/openssh/openssh-6.2p2/sshd@.service
@@ -0,0 +1,9 @@ 
+[Unit]
+Description=OpenSSH Per-Connection Daemon
+After=sshdgenkeys.service
+
+[Service]
+ExecStart=-/usr/sbin/sshd -i
+ExecReload=/bin/kill -HUP $MAINPID
+StandardInput=socket
+StandardError=syslog
diff --git a/meta/recipes-connectivity/openssh/openssh-6.2p2/sshdgenkeys.service b/meta/recipes-connectivity/openssh/openssh-6.2p2/sshdgenkeys.service
new file mode 100644
index 0000000..c717214
--- /dev/null
+++ b/meta/recipes-connectivity/openssh/openssh-6.2p2/sshdgenkeys.service
@@ -0,0 +1,10 @@ 
+[Unit]
+Description=SSH Key Generation
+
+[Service]
+ExecStart=/usr/bin/ssh-keygen -A
+Type=oneshot
+RemainAfterExit=yes
+
+[Install]
+WantedBy=multi-user.target
diff --git a/meta/recipes-connectivity/openssh/openssh_6.2p2.bb b/meta/recipes-connectivity/openssh/openssh_6.2p2.bb
index c76f9ac..8dac2f1 100644
--- a/meta/recipes-connectivity/openssh/openssh_6.2p2.bb
+++ b/meta/recipes-connectivity/openssh/openssh_6.2p2.bb
@@ -26,14 +26,17 @@  SRC_URI = "ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar.
            file://init \
            file://openssh-CVE-2011-4327.patch \
            file://mac.patch \
-           ${@base_contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)}"
+           ${@base_contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)} \
+           file://sshd.socket \
+           file://sshd@.service \
+           file://sshdgenkeys.service "
 
 PAM_SRC_URI = "file://sshd"
 
 SRC_URI[md5sum] = "be46174dcbb77ebb4ea88ef140685de1"
 SRC_URI[sha256sum] = "7f29b9d2ad672ae0f9e1dcbff871fc5c2e60a194e90c766432e32161b842313b"
 
-inherit useradd update-rc.d update-alternatives
+inherit useradd update-rc.d update-alternatives systemd
 
 USERADD_PACKAGES = "${PN}-sshd"
 USERADD_PARAM_${PN}-sshd = "--system --no-create-home --home-dir /var/run/sshd --shell /bin/false --user-group sshd"
@@ -41,6 +44,10 @@  INITSCRIPT_PACKAGES = "${PN}-sshd"
 INITSCRIPT_NAME_${PN}-sshd = "sshd"
 INITSCRIPT_PARAMS_${PN}-sshd = "defaults 9"
 
+SYSTEMD_PACKAGES = "${PN}-sshd"
+SYSTEMD_SERVICE_${PN}-sshd = "sshd.socket sshd@.service sshdgenkeys.service"
+SYSTEMD_AUTO_ENABLE = "enable"
+
 PACKAGECONFIG ??= "tcp-wrappers"
 PACKAGECONFIG[tcp-wrappers] = "--with-tcp-wrappers,,tcp-wrappers"
 
@@ -93,6 +100,14 @@  do_install_append () {
 	echo "HostKey /var/run/ssh/ssh_host_rsa_key" >> ${D}${sysconfdir}/ssh/sshd_config_readonly
 	echo "HostKey /var/run/ssh/ssh_host_dsa_key" >> ${D}${sysconfdir}/ssh/sshd_config_readonly
 	echo "HostKey /var/run/ssh/ssh_host_ecdsa_key" >> ${D}${sysconfdir}/ssh/sshd_config_readonly
+
+	install -d ${D}${systemd_unitdir}/system
+	install -m 0644 ${WORKDIR}/sshd.socket ${D}${systemd_unitdir}/system
+	install -m 0644 ${WORKDIR}/sshd@.service ${D}${systemd_unitdir}/system
+	install -m 0644 ${WORKDIR}/sshdgenkeys.service ${D}${systemd_unitdir}/system
+	sed -i 's,/bin/,${base_bindir}/,g' ${D}${systemd_unitdir}/system/sshd.socket ${D}${systemd_unitdir}/system/sshd@.service
+	sed -i 's,/usr/sbin/,${sbindir}/,g' ${D}${systemd_unitdir}/system/sshd@.service
+	sed -i 's,/usr/bin/,${bindir}/,g' ${D}${systemd_unitdir}/system/sshdgenkeys.service
 }
 
 ALLOW_EMPTY_${PN} = "1"
@@ -102,6 +117,7 @@  FILES_${PN}-scp = "${bindir}/scp.${BPN}"
 FILES_${PN}-ssh = "${bindir}/ssh.${BPN} ${sysconfdir}/ssh/ssh_config"
 FILES_${PN}-sshd = "${sbindir}/sshd ${sysconfdir}/init.d/sshd"
 FILES_${PN}-sshd += "${sysconfdir}/ssh/moduli ${sysconfdir}/ssh/sshd_config ${sysconfdir}/ssh/sshd_config_readonly"
+FILES_${PN}-sshd += "${systemd_unitdir}"
 FILES_${PN}-sftp = "${bindir}/sftp"
 FILES_${PN}-sftp-server = "${libexecdir}/sftp-server"
 FILES_${PN}-misc = "${bindir}/ssh* ${libexecdir}/ssh*"