From: Xiangyu Chen <[email protected]>
The sshd keeps on terminating and restarting in servel minutes, we can observe
log from journalctl that the sshd was killed by systemd with signal 15:
systemd[1]: sshd.service start operation timed out. Terminating.
sshd[374]: Received signal 15; terminating.
When the sshd as a systemd service, it need to tell systemd with a "READY"
status,
otherwise, systemd would treat it as failing service and restart it again.
Taken a patch from debain[1] that after sshd listening port, using a signal to
tell systemd
it is ready now.
Ref:
[1] https://sources.debian.org/patches/openssh/1:9.4p1-1/systemd-readiness.patch
Signed-off-by: Xiangyu Chen <[email protected]>
---
.../openssh/openssh/systemd-readiness.patch | 93 +++++++++++++++++++
.../openssh/openssh_9.5p1.bb | 6 +-
2 files changed, 98 insertions(+), 1 deletion(-)
create mode 100644
meta/recipes-connectivity/openssh/openssh/systemd-readiness.patch
diff --git a/meta/recipes-connectivity/openssh/openssh/systemd-readiness.patch
b/meta/recipes-connectivity/openssh/openssh/systemd-readiness.patch
new file mode 100644
index 0000000000..0f3dc23053
--- /dev/null
+++ b/meta/recipes-connectivity/openssh/openssh/systemd-readiness.patch
@@ -0,0 +1,93 @@
+From 3a67c50db67d31120bc3e2f25e75632d5ddaaf93 Mon Sep 17 00:00:00 2001
+From: Michael Biebl <[email protected]>
+Date: Mon, 21 Dec 2015 16:08:47 +0000
+Subject: Add systemd readiness notification support
+
+Bug-Debian: https://bugs.debian.org/778913
+Forwarded: no
+Last-Update: 2017-08-22
+
+Patch-Name: systemd-readiness.patch
+
+Add systemd readiness notification support
+
+Patch taken from debian repository
+[https://sources.debian.org/patches/openssh/1:9.4p1-1/systemd-readiness.patch/]
+
+Upstream-Status: Inappropriate [systemd specific]
+
+Signed-off-by: Xiangyu Chen <[email protected]>
+---
+ configure.ac | 24 ++++++++++++++++++++++++
+ sshd.c | 9 +++++++++
+ 2 files changed, 33 insertions(+)
+
+diff --git a/configure.ac b/configure.ac
+index 8ff3cdd05..5aec9ce25 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -4888,6 +4888,29 @@ AC_SUBST([GSSLIBS])
+ AC_SUBST([K5LIBS])
+ AC_SUBST([CHANNELLIBS])
+
++# Check whether user wants systemd support
++SYSTEMD_MSG="no"
++AC_ARG_WITH(systemd,
++ [ --with-systemd Enable systemd support],
++ [ if test "x$withval" != "xno" ; then
++ AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no])
++ if test "$PKGCONFIG" != "no"; then
++ AC_MSG_CHECKING([for libsystemd])
++ if $PKGCONFIG --exists libsystemd; then
++ SYSTEMD_CFLAGS=`$PKGCONFIG --cflags libsystemd`
++ SYSTEMD_LIBS=`$PKGCONFIG --libs libsystemd`
++ CPPFLAGS="$CPPFLAGS $SYSTEMD_CFLAGS"
++ SSHDLIBS="$SSHDLIBS $SYSTEMD_LIBS"
++ AC_MSG_RESULT([yes])
++ AC_DEFINE(HAVE_SYSTEMD, 1, [Define if you want
systemd support.])
++ SYSTEMD_MSG="yes"
++ else
++ AC_MSG_RESULT([no])
++ fi
++ fi
++ fi ]
++)
++
+ # Looking for programs, paths and files
+
+ PRIVSEP_PATH=/var/empty
+@@ -5688,6 +5711,7 @@ echo " libldns support: $LDNS_MSG"
+ echo " Solaris process contract support: $SPC_MSG"
+ echo " Solaris project support: $SP_MSG"
+ echo " Solaris privilege support: $SPP_MSG"
++echo " systemd support: $SYSTEMD_MSG"
+ echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
+ echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
+ echo " BSD Auth support: $BSD_AUTH_MSG"
+diff --git a/sshd.c b/sshd.c
+index 29db3a2ac..731b9e400 100644
+--- a/sshd.c
++++ b/sshd.c
+@@ -88,6 +88,10 @@
+ #include <prot.h>
+ #endif
+
++#ifdef HAVE_SYSTEMD
++#include <systemd/sd-daemon.h>
++#endif
++
+ #include "xmalloc.h"
+ #include "ssh.h"
+ #include "ssh2.h"
+@@ -2101,6 +2105,11 @@ main(int ac, char **av)
+ }
+ }
+
++#ifdef HAVE_SYSTEMD
++ /* Signal systemd that we are ready to accept connections */
++ sd_notify(0, "READY=1");
++#endif
++
+ /* Accept a connection and return in a forked child */
+ server_accept_loop(&sock_in, &sock_out,
+ &newsock, config_s);
diff --git a/meta/recipes-connectivity/openssh/openssh_9.5p1.bb
b/meta/recipes-connectivity/openssh/openssh_9.5p1.bb
index 3a94633cf0..9b2f2a42d2 100644
--- a/meta/recipes-connectivity/openssh/openssh_9.5p1.bb
+++ b/meta/recipes-connectivity/openssh/openssh_9.5p1.bb
@@ -26,7 +26,9 @@ SRC_URI =
"http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar
file://sshd_check_keys \
file://add-test-support-for-busybox.patch \
file://0001-regress-banner.sh-log-input-and-output-files-on-erro.patch \
+ file://systemd-readiness.patch \
"
+
SRC_URI[sha256sum] =
"f026e7b79ba7fb540f75182af96dc8a8f1db395f922bbc9f6ca603672686086b"
CVE_STATUS[CVE-2007-2768] = "not-applicable-config: This CVE is specific to
OpenSSH with the pam opie which we don't build/use here."
@@ -51,7 +53,8 @@ INITSCRIPT_PARAMS:${PN}-sshd = "defaults 9"
SYSTEMD_PACKAGES = "${PN}-sshd"
SYSTEMD_SERVICE:${PN}-sshd = "sshd.socket sshd.service"
-inherit autotools-brokensep ptest
+inherit autotools-brokensep ptest pkgconfig
+DEPENDS += "${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'systemd', '',
d)}"
PACKAGECONFIG ??= ""
PACKAGECONFIG[kerberos] = "--with-kerberos5,--without-kerberos5,krb5"
@@ -69,6 +72,7 @@ EXTRA_OECONF = "'LOGIN_PROGRAM=${base_bindir}/login' \
--sysconfdir=${sysconfdir}/ssh \
--with-xauth=${bindir}/xauth \
--disable-strip \
+ ${@bb.utils.contains('DISTRO_FEATURES', 'systemd',
'--with-systemd', '--without-systemd', d)} \
"
# musl doesn't implement wtmp/utmp and logwtmp
--
2.25.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#190413):
https://lists.openembedded.org/g/openembedded-core/message/190413
Mute This Topic: https://lists.openembedded.org/mt/102523723/21656
Group Owner: [email protected]
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-
