[1/4,v3] openssh: Add systemd support

Submitted by Shakeel, Muhammad on Aug. 16, 2013, 5:27 p.m.

Details

Message ID 1376674064-14468-1-git-send-email-muhammad_shakeel@mentor.com
State Superseded
Headers show

Commit Message

Shakeel, Muhammad Aug. 16, 2013, 5:27 p.m.
From: Muhammad Shakeel <muhammad_shakeel@mentor.com>

-Remove dependency on meta-systemd

Signed-off-by: Muhammad Shakeel <muhammad_shakeel@mentor.com>
---
 .../openssh/openssh-6.2p2/sshd.socket              |   11 +++++++++++
 .../openssh/openssh-6.2p2/sshd@.service            |    9 +++++++++
 .../openssh/openssh-6.2p2/sshdgenkeys.service      |   10 ++++++++++
 meta/recipes-connectivity/openssh/openssh_6.2p2.bb |   20 ++++++++++++++++++--
 4 files changed, 48 insertions(+), 2 deletions(-)

Patch hide | download patch | download mbox

diff --git a/meta/recipes-connectivity/openssh/openssh-6.2p2/sshd.socket b/meta/recipes-connectivity/openssh/openssh-6.2p2/sshd.socket
new file mode 100644
index 0000000..753a33b
--- /dev/null
+++ b/meta/recipes-connectivity/openssh/openssh-6.2p2/sshd.socket
@@ -0,0 +1,11 @@ 
+[Unit]
+Conflicts=sshd.service
+
+[Socket]
+ExecStartPre=/bin/mkdir -p /var/run/sshd
+ListenStream=22
+Accept=yes
+
+[Install]
+WantedBy=sockets.target
+Also=sshdgenkeys.service
diff --git a/meta/recipes-connectivity/openssh/openssh-6.2p2/sshd@.service b/meta/recipes-connectivity/openssh/openssh-6.2p2/sshd@.service
new file mode 100644
index 0000000..d118490
--- /dev/null
+++ b/meta/recipes-connectivity/openssh/openssh-6.2p2/sshd@.service
@@ -0,0 +1,9 @@ 
+[Unit]
+Description=OpenSSH Per-Connection Daemon
+After=sshdgenkeys.service
+
+[Service]
+ExecStart=-/usr/sbin/sshd -i
+ExecReload=/bin/kill -HUP $MAINPID
+StandardInput=socket
+StandardError=syslog
diff --git a/meta/recipes-connectivity/openssh/openssh-6.2p2/sshdgenkeys.service b/meta/recipes-connectivity/openssh/openssh-6.2p2/sshdgenkeys.service
new file mode 100644
index 0000000..c717214
--- /dev/null
+++ b/meta/recipes-connectivity/openssh/openssh-6.2p2/sshdgenkeys.service
@@ -0,0 +1,10 @@ 
+[Unit]
+Description=SSH Key Generation
+
+[Service]
+ExecStart=/usr/bin/ssh-keygen -A
+Type=oneshot
+RemainAfterExit=yes
+
+[Install]
+WantedBy=multi-user.target
diff --git a/meta/recipes-connectivity/openssh/openssh_6.2p2.bb b/meta/recipes-connectivity/openssh/openssh_6.2p2.bb
index c76f9ac..8dac2f1 100644
--- a/meta/recipes-connectivity/openssh/openssh_6.2p2.bb
+++ b/meta/recipes-connectivity/openssh/openssh_6.2p2.bb
@@ -26,14 +26,17 @@  SRC_URI = "ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar.
            file://init \
            file://openssh-CVE-2011-4327.patch \
            file://mac.patch \
-           ${@base_contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)}"
+           ${@base_contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)} \
+           file://sshd.socket \
+           file://sshd@.service \
+           file://sshdgenkeys.service "
 
 PAM_SRC_URI = "file://sshd"
 
 SRC_URI[md5sum] = "be46174dcbb77ebb4ea88ef140685de1"
 SRC_URI[sha256sum] = "7f29b9d2ad672ae0f9e1dcbff871fc5c2e60a194e90c766432e32161b842313b"
 
-inherit useradd update-rc.d update-alternatives
+inherit useradd update-rc.d update-alternatives systemd
 
 USERADD_PACKAGES = "${PN}-sshd"
 USERADD_PARAM_${PN}-sshd = "--system --no-create-home --home-dir /var/run/sshd --shell /bin/false --user-group sshd"
@@ -41,6 +44,10 @@  INITSCRIPT_PACKAGES = "${PN}-sshd"
 INITSCRIPT_NAME_${PN}-sshd = "sshd"
 INITSCRIPT_PARAMS_${PN}-sshd = "defaults 9"
 
+SYSTEMD_PACKAGES = "${PN}-sshd"
+SYSTEMD_SERVICE_${PN}-sshd = "sshd.socket sshd@.service sshdgenkeys.service"
+SYSTEMD_AUTO_ENABLE = "enable"
+
 PACKAGECONFIG ??= "tcp-wrappers"
 PACKAGECONFIG[tcp-wrappers] = "--with-tcp-wrappers,,tcp-wrappers"
 
@@ -93,6 +100,14 @@  do_install_append () {
 	echo "HostKey /var/run/ssh/ssh_host_rsa_key" >> ${D}${sysconfdir}/ssh/sshd_config_readonly
 	echo "HostKey /var/run/ssh/ssh_host_dsa_key" >> ${D}${sysconfdir}/ssh/sshd_config_readonly
 	echo "HostKey /var/run/ssh/ssh_host_ecdsa_key" >> ${D}${sysconfdir}/ssh/sshd_config_readonly
+
+	install -d ${D}${systemd_unitdir}/system
+	install -m 0644 ${WORKDIR}/sshd.socket ${D}${systemd_unitdir}/system
+	install -m 0644 ${WORKDIR}/sshd@.service ${D}${systemd_unitdir}/system
+	install -m 0644 ${WORKDIR}/sshdgenkeys.service ${D}${systemd_unitdir}/system
+	sed -i 's,/bin/,${base_bindir}/,g' ${D}${systemd_unitdir}/system/sshd.socket ${D}${systemd_unitdir}/system/sshd@.service
+	sed -i 's,/usr/sbin/,${sbindir}/,g' ${D}${systemd_unitdir}/system/sshd@.service
+	sed -i 's,/usr/bin/,${bindir}/,g' ${D}${systemd_unitdir}/system/sshdgenkeys.service
 }
 
 ALLOW_EMPTY_${PN} = "1"
@@ -102,6 +117,7 @@  FILES_${PN}-scp = "${bindir}/scp.${BPN}"
 FILES_${PN}-ssh = "${bindir}/ssh.${BPN} ${sysconfdir}/ssh/ssh_config"
 FILES_${PN}-sshd = "${sbindir}/sshd ${sysconfdir}/init.d/sshd"
 FILES_${PN}-sshd += "${sysconfdir}/ssh/moduli ${sysconfdir}/ssh/sshd_config ${sysconfdir}/ssh/sshd_config_readonly"
+FILES_${PN}-sshd += "${systemd_unitdir}"
 FILES_${PN}-sftp = "${bindir}/sftp"
 FILES_${PN}-sftp-server = "${libexecdir}/sftp-server"
 FILES_${PN}-misc = "${bindir}/ssh* ${libexecdir}/ssh*"

Comments

Khem Raj Aug. 16, 2013, 5:47 p.m.
On Fri, Aug 16, 2013 at 10:27 AM, Shakeel, Muhammad <
muhammad_shakeel@mentor.com> wrote:

> From: Muhammad Shakeel <muhammad_shakeel@mentor.com>
>
> -Remove dependency on meta-systemd
>
> Signed-off-by: Muhammad Shakeel <muhammad_shakeel@mentor.com>
> ---
>  .../openssh/openssh-6.2p2/sshd.socket              |   11 +++++++++++
>  .../openssh/openssh-6.2p2/sshd@.service            |    9 +++++++++
>  .../openssh/openssh-6.2p2/sshdgenkeys.service      |   10 ++++++++++
>  meta/recipes-connectivity/openssh/openssh_6.2p2.bb |   20
> ++++++++++++++++++--
>  4 files changed, 48 insertions(+), 2 deletions(-)
>
> diff --git a/meta/recipes-connectivity/openssh/openssh-6.2p2/sshd.socket
> b/meta/recipes-connectivity/openssh/openssh-6.2p2/sshd.socket
> new file mode 100644
> index 0000000..753a33b
> --- /dev/null
> +++ b/meta/recipes-connectivity/openssh/openssh-6.2p2/sshd.socket
> @@ -0,0 +1,11 @@
> +[Unit]
> +Conflicts=sshd.service
> +
> +[Socket]
> +ExecStartPre=/bin/mkdir -p /var/run/sshd
> +ListenStream=22
> +Accept=yes
> +
> +[Install]
> +WantedBy=sockets.target
> +Also=sshdgenkeys.service
> diff --git a/meta/recipes-connectivity/openssh/openssh-6.2p2/sshd@.service
> b/meta/recipes-connectivity/openssh/openssh-6.2p2/sshd@.service
> new file mode 100644
> index 0000000..d118490
> --- /dev/null
> +++ b/meta/recipes-connectivity/openssh/openssh-6.2p2/sshd@.service
> @@ -0,0 +1,9 @@
> +[Unit]
> +Description=OpenSSH Per-Connection Daemon
> +After=sshdgenkeys.service
> +
> +[Service]
> +ExecStart=-/usr/sbin/sshd -i
> +ExecReload=/bin/kill -HUP $MAINPID
> +StandardInput=socket
> +StandardError=syslog
> diff --git
> a/meta/recipes-connectivity/openssh/openssh-6.2p2/sshdgenkeys.service
> b/meta/recipes-connectivity/openssh/openssh-6.2p2/sshdgenkeys.service
> new file mode 100644
> index 0000000..c717214
> --- /dev/null
> +++ b/meta/recipes-connectivity/openssh/openssh-6.2p2/sshdgenkeys.service
> @@ -0,0 +1,10 @@
> +[Unit]
> +Description=SSH Key Generation
> +
> +[Service]
> +ExecStart=/usr/bin/ssh-keygen -A
> +Type=oneshot
> +RemainAfterExit=yes
> +
> +[Install]
> +WantedBy=multi-user.target
>



it would be nice if it was using libdir/bindir instead of hardcoded paths
coudld be achieved by generating the unit files from some sort of .in files
at build time so it could benefit
the distros which dont use /usr e.g.

??

> diff --git a/meta/recipes-connectivity/openssh/openssh_6.2p2.bbb/meta/recipes-connectivity/openssh/
> openssh_6.2p2.bb
> index c76f9ac..8dac2f1 100644
> --- a/meta/recipes-connectivity/openssh/openssh_6.2p2.bb
> +++ b/meta/recipes-connectivity/openssh/openssh_6.2p2.bb
> @@ -26,14 +26,17 @@ SRC_URI = "
> ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar.
>             file://init \
>             file://openssh-CVE-2011-4327.patch \
>             file://mac.patch \
> -           ${@base_contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}',
> '', d)}"
> +           ${@base_contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}',
> '', d)} \
> +           file://sshd.socket \
> +           file://sshd@.service \
> +           file://sshdgenkeys.service "
>
>  PAM_SRC_URI = "file://sshd"
>
>  SRC_URI[md5sum] = "be46174dcbb77ebb4ea88ef140685de1"
>  SRC_URI[sha256sum] =
> "7f29b9d2ad672ae0f9e1dcbff871fc5c2e60a194e90c766432e32161b842313b"
>
> -inherit useradd update-rc.d update-alternatives
> +inherit useradd update-rc.d update-alternatives systemd
>
>  USERADD_PACKAGES = "${PN}-sshd"
>  USERADD_PARAM_${PN}-sshd = "--system --no-create-home --home-dir
> /var/run/sshd --shell /bin/false --user-group sshd"
> @@ -41,6 +44,10 @@ INITSCRIPT_PACKAGES = "${PN}-sshd"
>  INITSCRIPT_NAME_${PN}-sshd = "sshd"
>  INITSCRIPT_PARAMS_${PN}-sshd = "defaults 9"
>
> +SYSTEMD_PACKAGES = "${PN}-sshd"
> +SYSTEMD_SERVICE_${PN}-sshd = "sshd.socket sshd@.service
> sshdgenkeys.service"
> +SYSTEMD_AUTO_ENABLE = "enable"
> +
>  PACKAGECONFIG ??= "tcp-wrappers"
>  PACKAGECONFIG[tcp-wrappers] = "--with-tcp-wrappers,,tcp-wrappers"
>
> @@ -93,6 +100,14 @@ do_install_append () {
>         echo "HostKey /var/run/ssh/ssh_host_rsa_key" >>
> ${D}${sysconfdir}/ssh/sshd_config_readonly
>         echo "HostKey /var/run/ssh/ssh_host_dsa_key" >>
> ${D}${sysconfdir}/ssh/sshd_config_readonly
>         echo "HostKey /var/run/ssh/ssh_host_ecdsa_key" >>
> ${D}${sysconfdir}/ssh/sshd_config_readonly
> +
> +       install -d ${D}${systemd_unitdir}/system
> +       install -m 0644 ${WORKDIR}/sshd.socket
> ${D}${systemd_unitdir}/system
> +       install -m 0644 ${WORKDIR}/sshd@.service
> ${D}${systemd_unitdir}/system
> +       install -m 0644 ${WORKDIR}/sshdgenkeys.service
> ${D}${systemd_unitdir}/system
> +       sed -i 's,/bin/,${base_bindir}/,g'
> ${D}${systemd_unitdir}/system/sshd.socket
> ${D}${systemd_unitdir}/system/sshd@.service
> +       sed -i 's,/usr/sbin/,${sbindir}/,g'
> ${D}${systemd_unitdir}/system/sshd@.service
> +       sed -i 's,/usr/bin/,${bindir}/,g'
> ${D}${systemd_unitdir}/system/sshdgenkeys.service
>  }
>
>  ALLOW_EMPTY_${PN} = "1"
> @@ -102,6 +117,7 @@ FILES_${PN}-scp = "${bindir}/scp.${BPN}"
>  FILES_${PN}-ssh = "${bindir}/ssh.${BPN} ${sysconfdir}/ssh/ssh_config"
>  FILES_${PN}-sshd = "${sbindir}/sshd ${sysconfdir}/init.d/sshd"
>  FILES_${PN}-sshd += "${sysconfdir}/ssh/moduli
> ${sysconfdir}/ssh/sshd_config ${sysconfdir}/ssh/sshd_config_readonly"
> +FILES_${PN}-sshd += "${systemd_unitdir}"
>  FILES_${PN}-sftp = "${bindir}/sftp"
>  FILES_${PN}-sftp-server = "${libexecdir}/sftp-server"
>  FILES_${PN}-misc = "${bindir}/ssh* ${libexecdir}/ssh*"
> --
> 1.7.9.5
>
> _______________________________________________
> Openembedded-core mailing list
> Openembedded-core@lists.openembedded.org
> http://lists.openembedded.org/mailman/listinfo/openembedded-core
>
Shakeel, Muhammad Aug. 19, 2013, 6:18 a.m.
On 08/16/2013 10:47 PM, Khem Raj wrote:
>
>
>
> On Fri, Aug 16, 2013 at 10:27 AM, Shakeel, Muhammad 
> <muhammad_shakeel@mentor.com <mailto:muhammad_shakeel@mentor.com>> wrote:
>
>     From: Muhammad Shakeel <muhammad_shakeel@mentor.com
>     <mailto:muhammad_shakeel@mentor.com>>
>
>     -Remove dependency on meta-systemd
>
>     +[Service]
>     +ExecStart=-/usr/sbin/sshd -i
>
>
>
> it would be nice if it was using libdir/bindir instead of hardcoded paths
> coudld be achieved by generating the unit files from some sort of .in 
> files at build time so it could benefit
> the distros which dont use /usr e.g.
> ??
>
>     +       sed -i 's,/bin/,${base_bindir}/,g'
>     ${D}${systemd_unitdir}/system/sshd.socket
>     ${D}${systemd_unitdir}/system/sshd@.service
>     +       sed -i 's,/usr/sbin/,${sbindir}/,g'
>     ${D}${systemd_unitdir}/system/sshd@.service
>     +       sed -i 's,/usr/bin/,${bindir}/,g'
>     ${D}${systemd_unitdir}/system/sshdgenkeys.service
>
>
/usr/sbin/ is being sed'ed with ${sbindir} in do_install_append of the 
respective recipe file. /usr/bin/ and /bin/ is also taken care of.

Regards
Khem Raj Aug. 19, 2013, 6:40 a.m.
On Sun, Aug 18, 2013 at 11:18 PM, Muhammad Shakeel
<muhammad_shakeel@mentor.com> wrote:
> /usr/sbin/ is being sed'ed with ${sbindir} in do_install_append of the
> respective recipe file. /usr/bin/ and /bin/ is also taken care of.

i see, thats better. however I do see a need to have  a generalized
way of specifying service files and a generic
processing engine which then takes care of it. Otherwise we have the
same code replicated in multiple recipes
Saul Wold Aug. 19, 2013, 9 p.m.
On 08/18/2013 11:40 PM, Khem Raj wrote:
> On Sun, Aug 18, 2013 at 11:18 PM, Muhammad Shakeel
> <muhammad_shakeel@mentor.com> wrote:
>> /usr/sbin/ is being sed'ed with ${sbindir} in do_install_append of the
>> respective recipe file. /usr/bin/ and /bin/ is also taken care of.
>
> i see, thats better. however I do see a need to have  a generalized
> way of specifying service files and a generic
> processing engine which then takes care of it. Otherwise we have the
> same code replicated in multiple recipes

Agreed, I think there should be a generalized solution here, implemented 
in the systemd.bbclass.

It also appears that this set is also creating a /lib dir that should 
not be there for non-systemd builds.

> ERROR: Task 25 (/home/sgw/yocto/poky/meta/recipes-extended/lighttpd/lighttpd_1.4.32.bb, do_package) failed with exit code '1'
> ERROR: QA Issue: nfs-utils: Files/directories were installed but not shipped
>   /lib
> ERROR: QA run found fatal errors. Please consider fixing them.
> ERROR: Function failed: do_package_qa
> ERROR: Logfile of failure stored in: /home/sgw/yocto/builds/world/tmp/work/x86_64-poky-linux/nfs-utils/1.2.8-r0/temp/log.do_package.17558

Thanks
	Sau!


> _______________________________________________
> Openembedded-core mailing list
> Openembedded-core@lists.openembedded.org
> http://lists.openembedded.org/mailman/listinfo/openembedded-core
>
Shakeel, Muhammad Aug. 20, 2013, 6:54 a.m.
On 08/20/2013 02:00 AM, Saul Wold wrote:
> On 08/18/2013 11:40 PM, Khem Raj wrote:
>> On Sun, Aug 18, 2013 at 11:18 PM, Muhammad Shakeel
>> <muhammad_shakeel@mentor.com> wrote:
>>> /usr/sbin/ is being sed'ed with ${sbindir} in do_install_append of the
>>> respective recipe file. /usr/bin/ and /bin/ is also taken care of.
>>
>> i see, thats better. however I do see a need to have  a generalized
>> way of specifying service files and a generic
>> processing engine which then takes care of it. Otherwise we have the
>> same code replicated in multiple recipes
>
> Agreed, I think there should be a generalized solution here, 
> implemented in the systemd.bbclass.
This is not required for all of the systemd unit files. Packages which 
have upstream systemd support, e.g. avahi, ofono they install service 
file theirselves.
I have already discussed to move this 'sed' part into systemd.bbclass 
but Ross Burton had other ideas. 
http://patches.openembedded.org/patch/53489/

So what is your final recommendation here?

> It also appears that this set is also creating a /lib dir that should 
> not be there for non-systemd builds.
>
>> ERROR: Task 25 
>> (/home/sgw/yocto/poky/meta/recipes-extended/lighttpd/lighttpd_1.4.32.bb, 
>> do_package) failed with exit code '1'
>> ERROR: QA Issue: nfs-utils: Files/directories were installed but not 
>> shipped
>>   /lib
>> ERROR: QA run found fatal errors. Please consider fixing them.
>> ERROR: Function failed: do_package_qa
>> ERROR: Logfile of failure stored in: 
>> /home/sgw/yocto/builds/world/tmp/work/x86_64-poky-linux/nfs-utils/1.2.8-r0/temp/log.do_package.17558
Sorry about this error, I will fix this in next version.

Regards
--Shakeel