ChenQi <[email protected]> escreveu (quarta, 17/07/2024 à(s) 10:25):
> I think the problem might be related to the "+Type=notify-reload" change > in [email protected]. It's in inetd mode so the upstream change about > SYSTEMD_NOTIFY should have nothing to do with it. > I also doubt if the following line should be removed from sshd.service. > > -ExecReload=@BASE_BINDIR@/kill -HUP $MAINPID > > Make sense. Maybe the service changes in the patch need to be conditional on whether or not we are using systemd. I'm going to try this path a little. but I am now facing some issues with testimage without the overall openssh patch series. Jose > Regards, > Qi > > On 7/17/24 16:46, Jose Quaresma wrote: > > > Khem Raj <[email protected]> escreveu (quarta, 17/07/2024 à(s) 07:38): > >> actually I narrowed down my problem of disconnection to this patch in >> the series. Earlier I thought it might be related to the openssh >> upgrade patch >> but reverting that still causes the problem but this patch when >> reverted, the problem is gone. >> > > I will jump on this today and try to find the root cause. > The ptest goes well in my local tests but I didn't do anything with > testimage. > I'll see if the testimage picks up something. > > Thanks for the feedback. > > Jose > > >> >> On Tue, Jul 16, 2024 at 7:17 AM Jose Quaresma via >> lists.openembedded.org >> <https://urldefense.com/v3/__http://lists.openembedded.org__;!!AjveYdw8EvQ!dyDMDTQfmXOSDtp_OINCHZKvb_Jx8re27vm6ogUDwMTZlQz2eu2WGexbqUYAYEPhX7AfK0o33vSBIxkkcgx8BUuo8VXD$> >> <[email protected]> wrote: >> > >> > Still side effects of the XZ backdoor. The systemd sd-notify patch >> > was rejected [1] upstream and was chosen a standalone implementation >> > that does not depend on libsystemd [2]. >> > >> > Racional [1]: >> > >> > License incompatibility and library bloatedness were the reasons. >> > Given recent events we're never going to take a dependency on >> libsystemd, >> > though we might implement the notification protocol ourselves if it >> isn't too much work. >> > >> > [1] >> https://github.com/openssh/openssh-portable/pull/375#issuecomment-2027749729 >> <https://urldefense.com/v3/__https://github.com/openssh/openssh-portable/pull/375*issuecomment-2027749729__;Iw!!AjveYdw8EvQ!dyDMDTQfmXOSDtp_OINCHZKvb_Jx8re27vm6ogUDwMTZlQz2eu2WGexbqUYAYEPhX7AfK0o33vSBIxkkcgx8BXB1d9mL$> >> > [2] >> https://github.com/openssh/openssh-portable/commit/08f579231cd38a1c657aaa6ddeb8ab57a1fd4f5c >> <https://urldefense.com/v3/__https://github.com/openssh/openssh-portable/commit/08f579231cd38a1c657aaa6ddeb8ab57a1fd4f5c__;!!AjveYdw8EvQ!dyDMDTQfmXOSDtp_OINCHZKvb_Jx8re27vm6ogUDwMTZlQz2eu2WGexbqUYAYEPhX7AfK0o33vSBIxkkcgx8Bcg4kaOm$> >> > >> > Signed-off-by: Jose Quaresma <[email protected]> >> > --- >> > >> > v4: >> > - split update of Upstream-Status in new patches in the serie >> > >> > v5: >> > - use the upstream solution >> > >> > ...-notify-systemd-on-listen-and-reload.patch | 225 ++++++++++++++++++ >> > ...tional-support-for-systemd-sd_notify.patch | 96 -------- >> > .../openssh/openssh/sshd.service | 2 +- >> > .../openssh/openssh/[email protected] | 1 + >> > .../openssh/openssh_9.7p1.bb >> <https://urldefense.com/v3/__http://openssh_9.7p1.bb__;!!AjveYdw8EvQ!dyDMDTQfmXOSDtp_OINCHZKvb_Jx8re27vm6ogUDwMTZlQz2eu2WGexbqUYAYEPhX7AfK0o33vSBIxkkcgx8Bamvaj4m$> >> | 4 +- >> > 5 files changed, 228 insertions(+), 100 deletions(-) >> > create mode 100644 >> meta/recipes-connectivity/openssh/openssh/0001-notify-systemd-on-listen-and-reload.patch >> > delete mode 100644 >> meta/recipes-connectivity/openssh/openssh/0001-systemd-Add-optional-support-for-systemd-sd_notify.patch >> > >> > diff --git >> a/meta/recipes-connectivity/openssh/openssh/0001-notify-systemd-on-listen-and-reload.patch >> b/meta/recipes-connectivity/openssh/openssh/0001-notify-systemd-on-listen-and-reload.patch >> > new file mode 100644 >> > index 0000000000..4925c969fe >> > --- /dev/null >> > +++ >> b/meta/recipes-connectivity/openssh/openssh/0001-notify-systemd-on-listen-and-reload.patch >> > @@ -0,0 +1,225 @@ >> > +From fc73e2405a8ca928465580b74a4d76112919367b Mon Sep 17 00:00:00 2001 >> > +From: Damien Miller <[email protected]> >> > +Date: Wed, 3 Apr 2024 14:40:32 +1100 >> > +Subject: [PATCH] notify systemd on listen and reload >> > + >> > +Standalone implementation that does not depend on libsystemd. >> > +With assistance from Luca Boccassi, and feedback/testing from Colin >> > +Watson. bz2641 >> > + >> > +Upstream-Status: Backport [ >> https://github.com/openssh/openssh-portable/commit/08f579231cd38a1c657aaa6ddeb8ab57a1fd4f5c >> <https://urldefense.com/v3/__https://github.com/openssh/openssh-portable/commit/08f579231cd38a1c657aaa6ddeb8ab57a1fd4f5c__;!!AjveYdw8EvQ!dyDMDTQfmXOSDtp_OINCHZKvb_Jx8re27vm6ogUDwMTZlQz2eu2WGexbqUYAYEPhX7AfK0o33vSBIxkkcgx8Bcg4kaOm$> >> ] >> > + >> > +Signed-off-by: Jose Quaresma <[email protected]> >> > +--- >> > + configure.ac >> <https://urldefense.com/v3/__http://configure.ac__;!!AjveYdw8EvQ!dyDMDTQfmXOSDtp_OINCHZKvb_Jx8re27vm6ogUDwMTZlQz2eu2WGexbqUYAYEPhX7AfK0o33vSBIxkkcgx8BZPaE51L$> >> | 1 + >> > + openbsd-compat/port-linux.c | 97 ++++++++++++++++++++++++++++++++++++- >> > + openbsd-compat/port-linux.h | 5 ++ >> > + platform.c | 11 +++++ >> > + platform.h | 1 + >> > + sshd.c | 2 + >> > + 6 files changed, 115 insertions(+), 2 deletions(-) >> > + >> > +diff --git a/configure.ac >> <https://urldefense.com/v3/__http://configure.ac__;!!AjveYdw8EvQ!dyDMDTQfmXOSDtp_OINCHZKvb_Jx8re27vm6ogUDwMTZlQz2eu2WGexbqUYAYEPhX7AfK0o33vSBIxkkcgx8BZPaE51L$> >> b/configure.ac >> <https://urldefense.com/v3/__http://configure.ac__;!!AjveYdw8EvQ!dyDMDTQfmXOSDtp_OINCHZKvb_Jx8re27vm6ogUDwMTZlQz2eu2WGexbqUYAYEPhX7AfK0o33vSBIxkkcgx8BZPaE51L$> >> > +index 82e8bb7c1..854f92b5b 100644 >> > +--- a/configure.ac >> <https://urldefense.com/v3/__http://configure.ac__;!!AjveYdw8EvQ!dyDMDTQfmXOSDtp_OINCHZKvb_Jx8re27vm6ogUDwMTZlQz2eu2WGexbqUYAYEPhX7AfK0o33vSBIxkkcgx8BZPaE51L$> >> > ++++ b/configure.ac >> <https://urldefense.com/v3/__http://configure.ac__;!!AjveYdw8EvQ!dyDMDTQfmXOSDtp_OINCHZKvb_Jx8re27vm6ogUDwMTZlQz2eu2WGexbqUYAYEPhX7AfK0o33vSBIxkkcgx8BZPaE51L$> >> > +@@ -915,6 +915,7 @@ int main(void) { if >> (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) >> > + AC_DEFINE([_PATH_BTMP], ["/var/log/btmp"], [log for bad login >> attempts]) >> > + AC_DEFINE([USE_BTMP]) >> > + AC_DEFINE([LINUX_OOM_ADJUST], [1], [Adjust Linux out-of-memory >> killer]) >> > ++ AC_DEFINE([SYSTEMD_NOTIFY], [1], [Have sshd notify systemd on >> start/reload]) >> > + inet6_default_4in6=yes >> > + case `uname -r` in >> > + 1.*|2.0.*) >> > +diff --git a/openbsd-compat/port-linux.c b/openbsd-compat/port-linux.c >> > +index 0457e28d0..df7290246 100644 >> > +--- a/openbsd-compat/port-linux.c >> > ++++ b/openbsd-compat/port-linux.c >> > +@@ -21,16 +21,23 @@ >> > + >> > + #include "includes.h" >> > + >> > +-#if defined(WITH_SELINUX) || defined(LINUX_OOM_ADJUST) >> > ++#if defined(WITH_SELINUX) || defined(LINUX_OOM_ADJUST) || \ >> > ++ defined(SYSTEMD_NOTIFY) >> > ++#include <sys/socket.h> >> > ++#include <sys/un.h> >> > ++ >> > + #include <errno.h> >> > ++#include <inttypes.h> >> > + #include <stdarg.h> >> > + #include <string.h> >> > + #include <stdio.h> >> > + #include <stdlib.h> >> > ++#include <time.h> >> > + >> > + #include "log.h" >> > + #include "xmalloc.h" >> > + #include "port-linux.h" >> > ++#include "misc.h" >> > + >> > + #ifdef WITH_SELINUX >> > + #include <selinux/selinux.h> >> > +@@ -310,4 +317,90 @@ oom_adjust_restore(void) >> > + return; >> > + } >> > + #endif /* LINUX_OOM_ADJUST */ >> > +-#endif /* WITH_SELINUX || LINUX_OOM_ADJUST */ >> > ++ >> > ++#ifdef SYSTEMD_NOTIFY >> > ++ >> > ++static void ssh_systemd_notify(const char *, ...) >> > ++ __attribute__((__format__ (printf, 1, 2))) >> __attribute__((__nonnull__ (1))); >> > ++ >> > ++static void >> > ++ssh_systemd_notify(const char *fmt, ...) >> > ++{ >> > ++ char *s = NULL; >> > ++ const char *path; >> > ++ struct stat sb; >> > ++ struct sockaddr_un addr; >> > ++ int fd = -1; >> > ++ va_list ap; >> > ++ >> > ++ if ((path = getenv("NOTIFY_SOCKET")) == NULL || strlen(path) == >> 0) >> > ++ return; >> > ++ >> > ++ va_start(ap, fmt); >> > ++ xvasprintf(&s, fmt, ap); >> > ++ va_end(ap); >> > ++ >> > ++ /* Only AF_UNIX is supported, with path or abstract sockets */ >> > ++ if (path[0] != '/' && path[0] != '@') { >> > ++ error_f("socket \"%s\" is not compatible with AF_UNIX", >> path); >> > ++ goto out; >> > ++ } >> > ++ >> > ++ if (path[0] == '/' && stat(path, &sb) != 0) { >> > ++ error_f("socket \"%s\" stat: %s", path, >> strerror(errno)); >> > ++ goto out; >> > ++ } >> > ++ >> > ++ memset(&addr, 0, sizeof(addr)); >> > ++ addr.sun_family = AF_UNIX; >> > ++ if (strlcpy(addr.sun_path, path, >> > ++ sizeof(addr.sun_path)) >= sizeof(addr.sun_path)) { >> > ++ error_f("socket path \"%s\" too long", path); >> > ++ goto out; >> > ++ } >> > ++ /* Support for abstract socket */ >> > ++ if (addr.sun_path[0] == '@') >> > ++ addr.sun_path[0] = 0; >> > ++ if ((fd = socket(PF_UNIX, SOCK_DGRAM, 0)) == -1) { >> > ++ error_f("socket \"%s\": %s", path, strerror(errno)); >> > ++ goto out; >> > ++ } >> > ++ if (connect(fd, &addr, sizeof(addr)) != 0) { >> > ++ error_f("socket \"%s\" connect: %s", path, >> strerror(errno)); >> > ++ goto out; >> > ++ } >> > ++ if (write(fd, s, strlen(s)) != (ssize_t)strlen(s)) { >> > ++ error_f("socket \"%s\" write: %s", path, >> strerror(errno)); >> > ++ goto out; >> > ++ } >> > ++ debug_f("socket \"%s\" notified %s", path, s); >> > ++ out: >> > ++ if (fd != -1) >> > ++ close(fd); >> > ++ free(s); >> > ++} >> > ++ >> > ++void >> > ++ssh_systemd_notify_ready(void) >> > ++{ >> > ++ ssh_systemd_notify("READY=1"); >> > ++} >> > ++ >> > ++void >> > ++ssh_systemd_notify_reload(void) >> > ++{ >> > ++ struct timespec now; >> > ++ >> > ++ monotime_ts(&now); >> > ++ if (now.tv_sec < 0 || now.tv_nsec < 0) { >> > ++ error_f("monotime returned negative value"); >> > ++ ssh_systemd_notify("RELOADING=1"); >> > ++ } else { >> > ++ ssh_systemd_notify("RELOADING=1\nMONOTONIC_USEC=%llu", >> > ++ ((uint64_t)now.tv_sec * 1000000ULL) + >> > ++ ((uint64_t)now.tv_nsec / 1000ULL)); >> > ++ } >> > ++} >> > ++#endif /* SYSTEMD_NOTIFY */ >> > ++ >> > ++#endif /* WITH_SELINUX || LINUX_OOM_ADJUST || SYSTEMD_NOTIFY */ >> > +diff --git a/openbsd-compat/port-linux.h b/openbsd-compat/port-linux.h >> > +index 3c22a854d..14064f87d 100644 >> > +--- a/openbsd-compat/port-linux.h >> > ++++ b/openbsd-compat/port-linux.h >> > +@@ -30,4 +30,9 @@ void oom_adjust_restore(void); >> > + void oom_adjust_setup(void); >> > + #endif >> > + >> > ++#ifdef SYSTEMD_NOTIFY >> > ++void ssh_systemd_notify_ready(void); >> > ++void ssh_systemd_notify_reload(void); >> > ++#endif >> > ++ >> > + #endif /* ! _PORT_LINUX_H */ >> > +diff --git a/platform.c b/platform.c >> > +index 4fe8744ee..9cf818153 100644 >> > +--- a/platform.c >> > ++++ b/platform.c >> > +@@ -44,6 +44,14 @@ platform_pre_listen(void) >> > + #endif >> > + } >> > + >> > ++void >> > ++platform_post_listen(void) >> > ++{ >> > ++#ifdef SYSTEMD_NOTIFY >> > ++ ssh_systemd_notify_ready(); >> > ++#endif >> > ++} >> > ++ >> > + void >> > + platform_pre_fork(void) >> > + { >> > +@@ -55,6 +63,9 @@ platform_pre_fork(void) >> > + void >> > + platform_pre_restart(void) >> > + { >> > ++#ifdef SYSTEMD_NOTIFY >> > ++ ssh_systemd_notify_reload(); >> > ++#endif >> > + #ifdef LINUX_OOM_ADJUST >> > + oom_adjust_restore(); >> > + #endif >> > +diff --git a/platform.h b/platform.h >> > +index 7fef8c983..5dec23276 100644 >> > +--- a/platform.h >> > ++++ b/platform.h >> > +@@ -21,6 +21,7 @@ >> > + void platform_pre_listen(void); >> > + void platform_pre_fork(void); >> > + void platform_pre_restart(void); >> > ++void platform_post_listen(void); >> > + void platform_post_fork_parent(pid_t child_pid); >> > + void platform_post_fork_child(void); >> > + int platform_privileged_uidswap(void); >> > +diff --git a/sshd.c b/sshd.c >> > +index b4f2b9742..865331b46 100644 >> > +--- a/sshd.c >> > ++++ b/sshd.c >> > +@@ -2077,6 +2077,8 @@ main(int ac, char **av) >> > + ssh_signal(SIGTERM, sigterm_handler); >> > + ssh_signal(SIGQUIT, sigterm_handler); >> > + >> > ++ platform_post_listen(); >> > ++ >> > + /* >> > + * Write out the pid file after the sigterm handler >> > + * is setup and the listen sockets are bound >> > +-- >> > +2.45.2 >> > + >> > diff --git >> a/meta/recipes-connectivity/openssh/openssh/0001-systemd-Add-optional-support-for-systemd-sd_notify.patch >> b/meta/recipes-connectivity/openssh/openssh/0001-systemd-Add-optional-support-for-systemd-sd_notify.patch >> > deleted file mode 100644 >> > index f079d936a4..0000000000 >> > --- >> a/meta/recipes-connectivity/openssh/openssh/0001-systemd-Add-optional-support-for-systemd-sd_notify.patch >> > +++ /dev/null >> > @@ -1,96 +0,0 @@ >> > -From b02ef7621758f06eb686ef4f620636dbad086eda Mon Sep 17 00:00:00 2001 >> > -From: Matt Jolly <[email protected]> >> <[email protected]> >> > -Date: Thu, 2 Feb 2023 21:05:40 +1100 >> > -Subject: [PATCH] systemd: Add optional support for systemd `sd_notify` >> > - >> > -This is a rebase of Dennis Lamm's <[email protected]> >> > -patch based on Jakub Jelen's <[email protected]> original patch >> > - >> > -Upstream-Status: Submitted [ >> https://github.com/openssh/openssh-portable/pull/375/commits/be187435911cde6cc3cef6982a508261074f1e56 >> <https://urldefense.com/v3/__https://github.com/openssh/openssh-portable/pull/375/commits/be187435911cde6cc3cef6982a508261074f1e56__;!!AjveYdw8EvQ!dyDMDTQfmXOSDtp_OINCHZKvb_Jx8re27vm6ogUDwMTZlQz2eu2WGexbqUYAYEPhX7AfK0o33vSBIxkkcgx8BfwiLKAT$> >> ] >> > - >> > -Signed-off-by: Xiangyu Chen <[email protected]> >> > ---- >> > - configure.ac >> <https://urldefense.com/v3/__http://configure.ac__;!!AjveYdw8EvQ!dyDMDTQfmXOSDtp_OINCHZKvb_Jx8re27vm6ogUDwMTZlQz2eu2WGexbqUYAYEPhX7AfK0o33vSBIxkkcgx8BZPaE51L$> >> | 24 ++++++++++++++++++++++++ >> > - sshd.c | 13 +++++++++++++ >> > - 2 files changed, 37 insertions(+) >> > - >> > -diff --git a/configure.ac >> <https://urldefense.com/v3/__http://configure.ac__;!!AjveYdw8EvQ!dyDMDTQfmXOSDtp_OINCHZKvb_Jx8re27vm6ogUDwMTZlQz2eu2WGexbqUYAYEPhX7AfK0o33vSBIxkkcgx8BZPaE51L$> >> b/configure.ac >> <https://urldefense.com/v3/__http://configure.ac__;!!AjveYdw8EvQ!dyDMDTQfmXOSDtp_OINCHZKvb_Jx8re27vm6ogUDwMTZlQz2eu2WGexbqUYAYEPhX7AfK0o33vSBIxkkcgx8BZPaE51L$> >> > -index 82e8bb7..d1145d3 100644 >> > ---- a/configure.ac >> <https://urldefense.com/v3/__http://configure.ac__;!!AjveYdw8EvQ!dyDMDTQfmXOSDtp_OINCHZKvb_Jx8re27vm6ogUDwMTZlQz2eu2WGexbqUYAYEPhX7AfK0o33vSBIxkkcgx8BZPaE51L$> >> > -+++ b/configure.ac >> <https://urldefense.com/v3/__http://configure.ac__;!!AjveYdw8EvQ!dyDMDTQfmXOSDtp_OINCHZKvb_Jx8re27vm6ogUDwMTZlQz2eu2WGexbqUYAYEPhX7AfK0o33vSBIxkkcgx8BZPaE51L$> >> > -@@ -4870,6 +4870,29 @@ AC_SUBST([GSSLIBS]) >> > - AC_SUBST([K5LIBS]) >> > - AC_SUBST([CHANNELLIBS]) >> > - >> > -+# Check whether user wants systemd support >> > -+SYSTEMD_MSG="no" >> > -+AC_ARG_WITH(systemd, >> > -+ [ --with-systemd Enable systemd support], >> > -+ [ if test "x$withval" != "xno" ; then >> > -+ AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no]) >> > -+ if test "$PKGCONFIG" != "no"; then >> > -+ AC_MSG_CHECKING([for libsystemd]) >> > -+ if $PKGCONFIG --exists libsystemd; then >> > -+ SYSTEMD_CFLAGS=`$PKGCONFIG --cflags >> libsystemd` >> > -+ SYSTEMD_LIBS=`$PKGCONFIG --libs >> libsystemd` >> > -+ CPPFLAGS="$CPPFLAGS $SYSTEMD_CFLAGS" >> > -+ SSHDLIBS="$SSHDLIBS $SYSTEMD_LIBS" >> > -+ AC_MSG_RESULT([yes]) >> > -+ AC_DEFINE(HAVE_SYSTEMD, 1, [Define if >> you want systemd support.]) >> > -+ SYSTEMD_MSG="yes" >> > -+ else >> > -+ AC_MSG_RESULT([no]) >> > -+ fi >> > -+ fi >> > -+ fi ] >> > -+) >> > -+ >> > - # Looking for programs, paths and files >> > - >> > - PRIVSEP_PATH=/var/empty >> > -@@ -5688,6 +5711,7 @@ echo " libldns support: >> $LDNS_MSG" >> > - echo " Solaris process contract support: $SPC_MSG" >> > - echo " Solaris project support: $SP_MSG" >> > - echo " Solaris privilege support: $SPP_MSG" >> > -+echo " systemd support: $SYSTEMD_MSG" >> > - echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG" >> > - echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG" >> > - echo " BSD Auth support: $BSD_AUTH_MSG" >> > -diff --git a/sshd.c b/sshd.c >> > -index b4f2b97..6820a41 100644 >> > ---- a/sshd.c >> > -+++ b/sshd.c >> > -@@ -88,6 +88,10 @@ >> > - #include <prot.h> >> > - #endif >> > - >> > -+#ifdef HAVE_SYSTEMD >> > -+#include <systemd/sd-daemon.h> >> > -+#endif >> > -+ >> > - #include "xmalloc.h" >> > - #include "ssh.h" >> > - #include "ssh2.h" >> > -@@ -308,6 +312,10 @@ static void >> > - sighup_restart(void) >> > - { >> > - logit("Received SIGHUP; restarting."); >> > -+#ifdef HAVE_SYSTEMD >> > -+ /* Signal systemd that we are reloading */ >> > -+ sd_notify(0, "RELOADING=1"); >> > -+#endif >> > - if (options.pid_file != NULL) >> > - unlink(options.pid_file); >> > - platform_pre_restart(); >> > -@@ -2093,6 +2101,11 @@ main(int ac, char **av) >> > - } >> > - } >> > - >> > -+#ifdef HAVE_SYSTEMD >> > -+ /* Signal systemd that we are ready to accept >> connections */ >> > -+ sd_notify(0, "READY=1"); >> > -+#endif >> > -+ >> > - /* Accept a connection and return in a forked child */ >> > - server_accept_loop(&sock_in, &sock_out, >> > - &newsock, config_s); >> > diff --git a/meta/recipes-connectivity/openssh/openssh/sshd.service >> b/meta/recipes-connectivity/openssh/openssh/sshd.service >> > index 3e570ab1e5..c71fff1cc1 100644 >> > --- a/meta/recipes-connectivity/openssh/openssh/sshd.service >> > +++ b/meta/recipes-connectivity/openssh/openssh/sshd.service >> > @@ -5,11 +5,11 @@ After=sshdgenkeys.service >> > After=nss-user-lookup.target >> <https://urldefense.com/v3/__http://nss-user-lookup.target__;!!AjveYdw8EvQ!dyDMDTQfmXOSDtp_OINCHZKvb_Jx8re27vm6ogUDwMTZlQz2eu2WGexbqUYAYEPhX7AfK0o33vSBIxkkcgx8BfffE4_Q$> >> > >> > [Service] >> > +Type=notify-reload >> > Environment="SSHD_OPTS=" >> > EnvironmentFile=-/etc/default/ssh >> > ExecStartPre=@BASE_BINDIR@/mkdir -p /var/run/sshd >> > ExecStart=-@SBINDIR@/sshd -D $SSHD_OPTS >> > -ExecReload=@BASE_BINDIR@/kill -HUP $MAINPID >> > KillMode=process >> > Restart=on-failure >> > RestartSec=42s >> > diff --git a/meta/recipes-connectivity/openssh/openssh/[email protected] >> b/meta/recipes-connectivity/openssh/openssh/[email protected] >> > index 9d9965e624..dcfec8f054 100644 >> > --- a/meta/recipes-connectivity/openssh/openssh/[email protected] >> > +++ b/meta/recipes-connectivity/openssh/openssh/[email protected] >> > @@ -3,6 +3,7 @@ Description=OpenSSH Per-Connection Daemon >> > After=sshdgenkeys.service >> > >> > [Service] >> > +Type=notify-reload >> > Environment="SSHD_OPTS=" >> > EnvironmentFile=-/etc/default/ssh >> > ExecStart=-@SBINDIR@/sshd -i $SSHD_OPTS >> > diff --git a/meta/recipes-connectivity/openssh/openssh_9.7p1.bb >> <https://urldefense.com/v3/__http://openssh_9.7p1.bb__;!!AjveYdw8EvQ!dyDMDTQfmXOSDtp_OINCHZKvb_Jx8re27vm6ogUDwMTZlQz2eu2WGexbqUYAYEPhX7AfK0o33vSBIxkkcgx8Bamvaj4m$> >> b/meta/recipes-connectivity/openssh/openssh_9.7p1.bb >> <https://urldefense.com/v3/__http://openssh_9.7p1.bb__;!!AjveYdw8EvQ!dyDMDTQfmXOSDtp_OINCHZKvb_Jx8re27vm6ogUDwMTZlQz2eu2WGexbqUYAYEPhX7AfK0o33vSBIxkkcgx8Bamvaj4m$> >> > index 4f20616295..4680d12be5 100644 >> > --- a/meta/recipes-connectivity/openssh/openssh_9.7p1.bb >> <https://urldefense.com/v3/__http://openssh_9.7p1.bb__;!!AjveYdw8EvQ!dyDMDTQfmXOSDtp_OINCHZKvb_Jx8re27vm6ogUDwMTZlQz2eu2WGexbqUYAYEPhX7AfK0o33vSBIxkkcgx8Bamvaj4m$> >> > +++ b/meta/recipes-connectivity/openssh/openssh_9.7p1.bb >> <https://urldefense.com/v3/__http://openssh_9.7p1.bb__;!!AjveYdw8EvQ!dyDMDTQfmXOSDtp_OINCHZKvb_Jx8re27vm6ogUDwMTZlQz2eu2WGexbqUYAYEPhX7AfK0o33vSBIxkkcgx8Bamvaj4m$> >> > @@ -24,7 +24,7 @@ SRC_URI = " >> http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar >> <https://urldefense.com/v3/__http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-$*7BPV*7D.tar__;JSU!!AjveYdw8EvQ!dyDMDTQfmXOSDtp_OINCHZKvb_Jx8re27vm6ogUDwMTZlQz2eu2WGexbqUYAYEPhX7AfK0o33vSBIxkkcgx8BZvn3QuC$> >> > file://run-ptest \ >> > file://sshd_check_keys \ >> > >> file://0001-regress-banner.sh-log-input-and-output-files-on-erro.patch \ >> > - >> file://0001-systemd-Add-optional-support-for-systemd-sd_notify.patch \ >> > + file://0001-notify-systemd-on-listen-and-reload.patch \ >> > file://CVE-2024-6387.patch \ >> > " >> > SRC_URI[sha256sum] = >> "490426f766d82a2763fcacd8d83ea3d70798750c7bd2aff2e57dc5660f773ffd" >> > @@ -52,7 +52,6 @@ SYSTEMD_PACKAGES = "${PN}-sshd" >> > SYSTEMD_SERVICE:${PN}-sshd = >> > "${@bb.utils.contains('PACKAGECONFIG','systemd-sshd-socket-mode','sshd.socket', >> '', d)} >> ${@bb.utils.contains('PACKAGECONFIG','systemd-sshd-service-mode','sshd.service', >> '', d)}" >> <$%[email protected]('PACKAGECONFIG','systemd-sshd-socket-mode','sshd.socket','',d)%7D$%[email protected]('PACKAGECONFIG','systemd-sshd-service-mode','sshd.service','',d)%7D> >> > >> > inherit autotools-brokensep ptest pkgconfig >> > -DEPENDS += "${@bb.utils.contains('DISTRO_FEATURES', 'systemd', >> 'systemd', '', d)}" >> <$%[email protected]('DISTRO_FEATURES','systemd','systemd','',d)%7D> >> > >> > # systemd-sshd-socket-mode means installing sshd.socket >> > # and systemd-sshd-service-mode corresponding to sshd.service >> > @@ -78,7 +77,6 @@ EXTRA_OECONF = "'LOGIN_PROGRAM=${base_bindir}/login' \ >> > --sysconfdir=${sysconfdir}/ssh \ >> > --with-xauth=${bindir}/xauth \ >> > --disable-strip \ >> > - ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', >> '--with-systemd', '--without-systemd', d)} \ >> > " >> > >> > # musl doesn't implement wtmp/utmp and logwtmp >> > -- >> > 2.45.2 >> > >> > >> > >> > >> > > > -- > Best regards, > > José Quaresma > > > > > > -- Best regards, José Quaresma
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#202154): https://lists.openembedded.org/g/openembedded-core/message/202154 Mute This Topic: https://lists.openembedded.org/mt/107252588/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
