[OE-Core][PATCH v2] openssh: add systemd readiness notification support

Tue, 14 Nov 2023 20:30:51 -0800 

From: Xiangyu Chen <xiangyu.c...@windriver.com>

The sshd keeps on terminating and restarting in servel minutes, we can observe
log from journalctl that the sshd was killed by systemd with signal 15:

    systemd[1]: sshd.service start operation timed out. Terminating.
    sshd[374]: Received signal 15; terminating.

When the sshd as a systemd service, it need to tell systemd with a "READY" 
status,
and when it is restarted, it need to tell systemd with a "RELOADING" status, 
otherwise,
systemd would treat it as failing service and restart it again.

Taken a patch from openssh upstream PR[1], that after using a signal to tell 
systemd
it is ready or reload now.

Ref:
[1] 
https://github.com/openssh/openssh-portable/pull/375/commits/be187435911cde6cc3cef6982a508261074f1e56

Signed-off-by: Xiangyu Chen <xiangyu.c...@windriver.com>
---
 ...tional-support-for-systemd-sd_notify.patch | 99 +++++++++++++++++++
 .../openssh/openssh_9.5p1.bb                  |  5 +-
 2 files changed, 103 insertions(+), 1 deletion(-)
 create mode 100644 
meta/recipes-connectivity/openssh/openssh/0001-systemd-Add-optional-support-for-systemd-sd_notify.patch

diff --git 
a/meta/recipes-connectivity/openssh/openssh/0001-systemd-Add-optional-support-for-systemd-sd_notify.patch
 
b/meta/recipes-connectivity/openssh/openssh/0001-systemd-Add-optional-support-for-systemd-sd_notify.patch
new file mode 100644
index 0000000000..acda8f1ce9
--- /dev/null
+++ 
b/meta/recipes-connectivity/openssh/openssh/0001-systemd-Add-optional-support-for-systemd-sd_notify.patch
@@ -0,0 +1,99 @@
+From be187435911cde6cc3cef6982a508261074f1e56 Mon Sep 17 00:00:00 2001
+From: Matt Jolly <Matt.Jolly@footclan.ninja>
+Date: Thu, 2 Feb 2023 21:05:40 +1100
+Subject: [PATCH] systemd: Add optional support for systemd `sd_notify`
+
+This is a rebase of Dennis Lamm's <expedition...@gentoo.org>
+patch based on Jakub Jelen's <jje...@redhat.com> original patch
+
+Upstream-Status: Submitted 
[https://github.com/openssh/openssh-portable/pull/375/commits/be187435911cde6cc3cef6982a508261074f1e56]
+
+Signed-off-by: Xiangyu Chen <xiangyu.c...@windriver.com>
+---
+ configure.ac | 24 ++++++++++++++++++++++++
+ sshd.c       | 13 +++++++++++++
+ 2 files changed, 37 insertions(+)
+
+diff --git a/configure.ac b/configure.ac
+index 22fee70f..486c189f 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -4835,6 +4835,29 @@ AC_SUBST([GSSLIBS])
+ AC_SUBST([K5LIBS])
+ AC_SUBST([CHANNELLIBS])
+ 
++# Check whether user wants systemd support
++SYSTEMD_MSG="no"
++AC_ARG_WITH(systemd,
++      [  --with-systemd          Enable systemd support],
++      [ if test "x$withval" != "xno" ; then
++              AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no])
++              if test "$PKGCONFIG" != "no"; then
++                      AC_MSG_CHECKING([for libsystemd])
++                      if $PKGCONFIG --exists libsystemd; then
++                              SYSTEMD_CFLAGS=`$PKGCONFIG --cflags libsystemd`
++                              SYSTEMD_LIBS=`$PKGCONFIG --libs libsystemd`
++                              CPPFLAGS="$CPPFLAGS $SYSTEMD_CFLAGS"
++                              SSHDLIBS="$SSHDLIBS $SYSTEMD_LIBS"
++                              AC_MSG_RESULT([yes])
++                              AC_DEFINE(HAVE_SYSTEMD, 1, [Define if you want 
systemd support.])
++                              SYSTEMD_MSG="yes"
++                      else
++                              AC_MSG_RESULT([no])
++                      fi
++              fi
++      fi ]
++)
++
+ # Looking for programs, paths and files
+ 
+ PRIVSEP_PATH=/var/empty
+@@ -5634,6 +5657,7 @@ echo "                   libldns support: $LDNS_MSG"
+ echo "  Solaris process contract support: $SPC_MSG"
+ echo "           Solaris project support: $SP_MSG"
+ echo "         Solaris privilege support: $SPP_MSG"
++echo "                   systemd support: $SYSTEMD_MSG"
+ echo "       IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
+ echo "           Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
+ echo "                  BSD Auth support: $BSD_AUTH_MSG"
+diff --git a/sshd.c b/sshd.c
+index 6321936c..859d6a0b 100644
+--- a/sshd.c
++++ b/sshd.c
+@@ -88,6 +88,10 @@
+ #include <prot.h>
+ #endif
+ 
++#ifdef HAVE_SYSTEMD
++#include <systemd/sd-daemon.h>
++#endif
++
+ #include "xmalloc.h"
+ #include "ssh.h"
+ #include "ssh2.h"
+@@ -310,6 +314,10 @@ static void
+ sighup_restart(void)
+ {
+       logit("Received SIGHUP; restarting.");
++#ifdef HAVE_SYSTEMD
++      /* Signal systemd that we are reloading */
++      sd_notify(0, "RELOADING=1");
++#endif
+       if (options.pid_file != NULL)
+               unlink(options.pid_file);
+       platform_pre_restart();
+@@ -2086,6 +2094,11 @@ main(int ac, char **av)
+                       }
+               }
+ 
++#ifdef HAVE_SYSTEMD
++              /* Signal systemd that we are ready to accept connections */
++              sd_notify(0, "READY=1");
++#endif
++
+               /* Accept a connection and return in a forked child */
+               server_accept_loop(&sock_in, &sock_out,
+                   &newsock, config_s);
+-- 
+2.25.1
+
diff --git a/meta/recipes-connectivity/openssh/openssh_9.5p1.bb 
b/meta/recipes-connectivity/openssh/openssh_9.5p1.bb
index 3a94633cf0..bbb8fb091a 100644
--- a/meta/recipes-connectivity/openssh/openssh_9.5p1.bb
+++ b/meta/recipes-connectivity/openssh/openssh_9.5p1.bb
@@ -26,6 +26,7 @@ SRC_URI = 
"http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar
            file://sshd_check_keys \
            file://add-test-support-for-busybox.patch \
            
file://0001-regress-banner.sh-log-input-and-output-files-on-erro.patch \
+           
file://0001-systemd-Add-optional-support-for-systemd-sd_notify.patch \
            "
 SRC_URI[sha256sum] = 
"f026e7b79ba7fb540f75182af96dc8a8f1db395f922bbc9f6ca603672686086b"
 
@@ -51,7 +52,8 @@ INITSCRIPT_PARAMS:${PN}-sshd = "defaults 9"
 SYSTEMD_PACKAGES = "${PN}-sshd"
 SYSTEMD_SERVICE:${PN}-sshd = "sshd.socket sshd.service"
 
-inherit autotools-brokensep ptest
+inherit autotools-brokensep ptest pkgconfig
+DEPENDS += "${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'systemd', '', 
d)}"
 
 PACKAGECONFIG ??= ""
 PACKAGECONFIG[kerberos] = "--with-kerberos5,--without-kerberos5,krb5"
@@ -69,6 +71,7 @@ EXTRA_OECONF = "'LOGIN_PROGRAM=${base_bindir}/login' \
                 --sysconfdir=${sysconfdir}/ssh \
                 --with-xauth=${bindir}/xauth \
                 --disable-strip \
+                ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 
'--with-systemd', '--without-systemd', d)} \
                 "
 
 # musl doesn't implement wtmp/utmp and logwtmp
-- 
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#190553): 
https://lists.openembedded.org/g/openembedded-core/message/190553
Mute This Topic: https://lists.openembedded.org/mt/102599570/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to