On Tue, 2017-06-20 at 10:52 +0200, Ulrich Ölmann wrote: > On Tue, May 23, 2017 at 03:37:16PM +0100, Burton, Ross wrote: > > On 7 May 2017 at 02:33, Joshua Watt <[email protected]> wrote: > > > diff --git a/meta/recipes- > > > connectivity/openssh/openssh/sshdgenkeys.service > > > b/meta/recipes-connectivity/openssh/openssh/sshdgenkeys.service > > > index 148e6ad..af56404 100644 > > > --- a/meta/recipes- > > > connectivity/openssh/openssh/sshdgenkeys.service > > > +++ b/meta/recipes- > > > connectivity/openssh/openssh/sshdgenkeys.service > > > @@ -1,22 +1,14 @@ > > > [Unit] > > > Description=OpenSSH Key Generation > > > RequiresMountsFor=/var /run > > > -ConditionPathExists=!/var/run/ssh/ssh_host_rsa_key > > > -ConditionPathExists=!/var/run/ssh/ssh_host_dsa_key > > > -ConditionPathExists=!/var/run/ssh/ssh_host_ecdsa_key > > > -ConditionPathExists=!/var/run/ssh/ssh_host_ed25519_key > > > -ConditionPathExists=!/etc/ssh/ssh_host_rsa_key > > > -ConditionPathExists=!/etc/ssh/ssh_host_dsa_key > > > -ConditionPathExists=!/etc/ssh/ssh_host_ecdsa_key > > > -ConditionPathExists=!/etc/ssh/ssh_host_ed25519_key > > > > > > > Can you not continue to use ConditionPathExists to only run this > > unit if it > > needs to run? You can prepend the argument with | to make them > > logical OR > > instead of logical AND, if I'm reading this documentation > > correctly. > > Am I right that if we have a read-write mounted root-FS with already > existing > keys in /etc/ssh the service unit will nevertheless be started on > _every_ boot > now as the files which are checked for existance in /var/run/ssh are > missing?
Yes. The service is actually run when the first ssh connection is made (not at boot time), but it will do so on the first connection every boot cycle. I don't know a way to do a complex conditional in systemd, so this does the superset and makes sshd-check-key figure out if the key actually needs generating or not. Perhaps there is a better way to do this with the systemd conditional syntax that I am not aware of? Ideally, the conditional checks in the systemd unit would be able to use the SYSCONFDIR from /etc/default/ssh, but I'm not sure if that is possible. > > Best regards > Ulrich > -- > Pengutronix > e.K. | | > Industrial Linux Solutions | http://www.pengutronix.d > e/ | > Peiner Str. 6-8, 31137 Hildesheim, Germany | Phone: +49-5121-206917- > 0 | > Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917- > 5555 | -- _______________________________________________ Openembedded-core mailing list [email protected] http://lists.openembedded.org/mailman/listinfo/openembedded-core
