From: Xiangyu Chen <xiangyu.c...@windriver.com> The sshd keeps on terminating and restarting in servel minutes, we can observe log from journalctl that the sshd was killed by systemd with signal 15:
systemd[1]: sshd.service start operation timed out. Terminating. sshd[374]: Received signal 15; terminating. When the sshd as a systemd service, it need to tell systemd with a "READY" status, and when it is restarted, it need to tell systemd with a "RELOADING" status, otherwise, systemd would treat it as failing service and restart it again. Taken a patch from openssh upstream PR[1], that after using a signal to tell systemd it is ready or reload now. Ref: [1] https://github.com/openssh/openssh-portable/pull/375/commits/be187435911cde6cc3cef6982a508261074f1e56 Signed-off-by: Xiangyu Chen <xiangyu.c...@windriver.com> --- ...tional-support-for-systemd-sd_notify.patch | 99 +++++++++++++++++++ .../openssh/openssh_9.5p1.bb | 5 +- 2 files changed, 103 insertions(+), 1 deletion(-) create mode 100644 meta/recipes-connectivity/openssh/openssh/0001-systemd-Add-optional-support-for-systemd-sd_notify.patch diff --git a/meta/recipes-connectivity/openssh/openssh/0001-systemd-Add-optional-support-for-systemd-sd_notify.patch b/meta/recipes-connectivity/openssh/openssh/0001-systemd-Add-optional-support-for-systemd-sd_notify.patch new file mode 100644 index 0000000000..acda8f1ce9 --- /dev/null +++ b/meta/recipes-connectivity/openssh/openssh/0001-systemd-Add-optional-support-for-systemd-sd_notify.patch @@ -0,0 +1,99 @@ +From be187435911cde6cc3cef6982a508261074f1e56 Mon Sep 17 00:00:00 2001 +From: Matt Jolly <Matt.Jolly@footclan.ninja> +Date: Thu, 2 Feb 2023 21:05:40 +1100 +Subject: [PATCH] systemd: Add optional support for systemd `sd_notify` + +This is a rebase of Dennis Lamm's <expedition...@gentoo.org> +patch based on Jakub Jelen's <jje...@redhat.com> original patch + +Upstream-Status: Submitted [https://github.com/openssh/openssh-portable/pull/375/commits/be187435911cde6cc3cef6982a508261074f1e56] + +Signed-off-by: Xiangyu Chen <xiangyu.c...@windriver.com> +--- + configure.ac | 24 ++++++++++++++++++++++++ + sshd.c | 13 +++++++++++++ + 2 files changed, 37 insertions(+) + +diff --git a/configure.ac b/configure.ac +index 22fee70f..486c189f 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -4835,6 +4835,29 @@ AC_SUBST([GSSLIBS]) + AC_SUBST([K5LIBS]) + AC_SUBST([CHANNELLIBS]) + ++# Check whether user wants systemd support ++SYSTEMD_MSG="no" ++AC_ARG_WITH(systemd, ++ [ --with-systemd Enable systemd support], ++ [ if test "x$withval" != "xno" ; then ++ AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no]) ++ if test "$PKGCONFIG" != "no"; then ++ AC_MSG_CHECKING([for libsystemd]) ++ if $PKGCONFIG --exists libsystemd; then ++ SYSTEMD_CFLAGS=`$PKGCONFIG --cflags libsystemd` ++ SYSTEMD_LIBS=`$PKGCONFIG --libs libsystemd` ++ CPPFLAGS="$CPPFLAGS $SYSTEMD_CFLAGS" ++ SSHDLIBS="$SSHDLIBS $SYSTEMD_LIBS" ++ AC_MSG_RESULT([yes]) ++ AC_DEFINE(HAVE_SYSTEMD, 1, [Define if you want systemd support.]) ++ SYSTEMD_MSG="yes" ++ else ++ AC_MSG_RESULT([no]) ++ fi ++ fi ++ fi ] ++) ++ + # Looking for programs, paths and files + + PRIVSEP_PATH=/var/empty +@@ -5634,6 +5657,7 @@ echo " libldns support: $LDNS_MSG" + echo " Solaris process contract support: $SPC_MSG" + echo " Solaris project support: $SP_MSG" + echo " Solaris privilege support: $SPP_MSG" ++echo " systemd support: $SYSTEMD_MSG" + echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG" + echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG" + echo " BSD Auth support: $BSD_AUTH_MSG" +diff --git a/sshd.c b/sshd.c +index 6321936c..859d6a0b 100644 +--- a/sshd.c ++++ b/sshd.c +@@ -88,6 +88,10 @@ + #include <prot.h> + #endif + ++#ifdef HAVE_SYSTEMD ++#include <systemd/sd-daemon.h> ++#endif ++ + #include "xmalloc.h" + #include "ssh.h" + #include "ssh2.h" +@@ -310,6 +314,10 @@ static void + sighup_restart(void) + { + logit("Received SIGHUP; restarting."); ++#ifdef HAVE_SYSTEMD ++ /* Signal systemd that we are reloading */ ++ sd_notify(0, "RELOADING=1"); ++#endif + if (options.pid_file != NULL) + unlink(options.pid_file); + platform_pre_restart(); +@@ -2086,6 +2094,11 @@ main(int ac, char **av) + } + } + ++#ifdef HAVE_SYSTEMD ++ /* Signal systemd that we are ready to accept connections */ ++ sd_notify(0, "READY=1"); ++#endif ++ + /* Accept a connection and return in a forked child */ + server_accept_loop(&sock_in, &sock_out, + &newsock, config_s); +-- +2.25.1 + diff --git a/meta/recipes-connectivity/openssh/openssh_9.5p1.bb b/meta/recipes-connectivity/openssh/openssh_9.5p1.bb index 3a94633cf0..bbb8fb091a 100644 --- a/meta/recipes-connectivity/openssh/openssh_9.5p1.bb +++ b/meta/recipes-connectivity/openssh/openssh_9.5p1.bb @@ -26,6 +26,7 @@ SRC_URI = "http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar file://sshd_check_keys \ file://add-test-support-for-busybox.patch \ file://0001-regress-banner.sh-log-input-and-output-files-on-erro.patch \ + file://0001-systemd-Add-optional-support-for-systemd-sd_notify.patch \ " SRC_URI[sha256sum] = "f026e7b79ba7fb540f75182af96dc8a8f1db395f922bbc9f6ca603672686086b" @@ -51,7 +52,8 @@ INITSCRIPT_PARAMS:${PN}-sshd = "defaults 9" SYSTEMD_PACKAGES = "${PN}-sshd" SYSTEMD_SERVICE:${PN}-sshd = "sshd.socket sshd.service" -inherit autotools-brokensep ptest +inherit autotools-brokensep ptest pkgconfig +DEPENDS += "${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'systemd', '', d)}" PACKAGECONFIG ??= "" PACKAGECONFIG[kerberos] = "--with-kerberos5,--without-kerberos5,krb5" @@ -69,6 +71,7 @@ EXTRA_OECONF = "'LOGIN_PROGRAM=${base_bindir}/login' \ --sysconfdir=${sysconfdir}/ssh \ --with-xauth=${bindir}/xauth \ --disable-strip \ + ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', '--with-systemd', '--without-systemd', d)} \ " # musl doesn't implement wtmp/utmp and logwtmp -- 2.25.1
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#190553): https://lists.openembedded.org/g/openembedded-core/message/190553 Mute This Topic: https://lists.openembedded.org/mt/102599570/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-