openssh: add systemd readiness notification support

The sshd keeps on terminating and restarting in servel minutes, we can observe log from journalctl that the sshd was killed by systemd with signal 15: systemd[1]: sshd.service start operation timed out. Terminating. sshd[374]: Received signal 15; terminating. When the sshd as a systemd service, it need to tell systemd with a "READY" status, and when it is restarted, it need to tell systemd with a "RELOADING" status, otherwise, systemd would treat it as failing service and restart it again. Taken a patch from openssh upstream PR[1], that after using a signal to tell systemd it is ready or reload now. Ref: [1] https://github.com/openssh/openssh-portable/pull/375/commits/be187435911cde6cc3cef6982a508261074f1e56 (From OE-Core rev: 4090dca8e44ec79ccb9a674db31e835d20b51888) Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Xiangyu Chen <xiangyu.chen@windriver.com> 2023-11-15 13:05:07 +0800
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2023-11-20 15:30:52 +0000
commit: 339d362a70f4523a4b296901f5c391ea8b90019e (patch)
tree: 2009d9795c6ea7e8ee2f75b4ffc576e8ec57f95e /meta/recipes-connectivity/openssh
parent: ff0c3a48e20d4dc98b63676cfb66d73301297907 (diff)
download: poky-339d362a70f4523a4b296901f5c391ea8b90019e.tar.gz
2 files changed, 103 insertions, 1 deletions
diff --git a/meta/recipes-connectivity/openssh/openssh/0001-systemd-Add-optional-support-for-systemd-sd_notify.patch b/meta/recipes-connectivity/openssh/openssh/0001-systemd-Add-optional-support-for-systemd-sd_notify.patch
new file mode 100644
index 0000000000..acda8f1ce9
--- /dev/null
+++ b/meta/recipes-connectivity/openssh/openssh/0001-systemd-Add-optional-support-for-systemd-sd_notify.patch
@@ -0,0 +1,99 @@
+From be187435911cde6cc3cef6982a508261074f1e56 Mon Sep 17 00:00:00 2001
+From: Matt Jolly <Matt.Jolly@footclan.ninja>
+Date: Thu, 2 Feb 2023 21:05:40 +1100
+Subject: [PATCH] systemd: Add optional support for systemd `sd_notify`
+This is a rebase of Dennis Lamm's <expeditioneer@gentoo.org>
+patch based on Jakub Jelen's <jjelen@redhat.com> original patch
+Upstream-Status: Submitted [https://github.com/openssh/openssh-portable/pull/375/commits/be187435911cde6cc3cef6982a508261074f1e56]
+Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com>
+---
+ configure.ac | 24 ++++++++++++++++++++++++
+ sshd.c       | 13 +++++++++++++
+ 2 files changed, 37 insertions(+)
+diff --git a/configure.ac b/configure.ac
+index 22fee70f..486c189f 100644
+--- a/configure.ac
+++ b/configure.ac
+@@ -4835,6 +4835,29 @@ AC_SUBST([GSSLIBS])
+ AC_SUBST([K5LIBS])
+ AC_SUBST([CHANNELLIBS])
+ 
+# Check whether user wants systemd support
+SYSTEMD_MSG="no"
+AC_ARG_WITH(systemd,
+       [  --with-systemd          Enable systemd support],
+       [ if test "x$withval" != "xno" ; then
+               AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no])
+               if test "$PKGCONFIG" != "no"; then
+                       AC_MSG_CHECKING([for libsystemd])
+                       if $PKGCONFIG --exists libsystemd; then
+                               SYSTEMD_CFLAGS=`$PKGCONFIG --cflags libsystemd`
+                               SYSTEMD_LIBS=`$PKGCONFIG --libs libsystemd`
+                               CPPFLAGS="$CPPFLAGS $SYSTEMD_CFLAGS"
+                               SSHDLIBS="$SSHDLIBS $SYSTEMD_LIBS"
+                               AC_MSG_RESULT([yes])
+                               AC_DEFINE(HAVE_SYSTEMD, 1, [Define if you want systemd support.])
+                               SYSTEMD_MSG="yes"
+                       else
+                               AC_MSG_RESULT([no])
+                       fi
+               fi
+       fi ]
+)
+
+ # Looking for programs, paths and files
+ 
+ PRIVSEP_PATH=/var/empty
+@@ -5634,6 +5657,7 @@ echo "                   libldns support: $LDNS_MSG"
+ echo "  Solaris process contract support: $SPC_MSG"
+ echo "           Solaris project support: $SP_MSG"
+ echo "         Solaris privilege support: $SPP_MSG"
+echo "                   systemd support: $SYSTEMD_MSG"
+ echo "       IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
+ echo "           Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
+ echo "                  BSD Auth support: $BSD_AUTH_MSG"
+diff --git a/sshd.c b/sshd.c
+index 6321936c..859d6a0b 100644
+--- a/sshd.c
+++ b/sshd.c
+@@ -88,6 +88,10 @@
+ #include <prot.h>
+ #endif
+ 
+#ifdef HAVE_SYSTEMD
+#include <systemd/sd-daemon.h>
+#endif
+
+ #include "xmalloc.h"
+ #include "ssh.h"
+ #include "ssh2.h"
+@@ -310,6 +314,10 @@ static void
+ sighup_restart(void)
+ {
+        logit("Received SIGHUP; restarting.");
+#ifdef HAVE_SYSTEMD
+       /* Signal systemd that we are reloading */
+       sd_notify(0, "RELOADING=1");
+#endif
+        if (options.pid_file != NULL)
+                unlink(options.pid_file);
+        platform_pre_restart();
+@@ -2086,6 +2094,11 @@ main(int ac, char **av)
+                        }
+                }
+ 
+#ifdef HAVE_SYSTEMD
+               /* Signal systemd that we are ready to accept connections */
+               sd_notify(0, "READY=1");
+#endif
+
+                /* Accept a connection and return in a forked child */
+                server_accept_loop(&sock_in, &sock_out,
+                    &newsock, config_s);
+-- 
+2.25.1
diff --git a/meta/recipes-connectivity/openssh/openssh_9.5p1.bb b/meta/recipes-connectivity/openssh/openssh_9.5p1.bb
index 3a94633cf0..bbb8fb091a 100644
--- a/meta/recipes-connectivity/openssh/openssh_9.5p1.bb
+++ b/meta/recipes-connectivity/openssh/openssh_9.5p1.bb
@@ -26,6 +26,7 @@ SRC_URI = "http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar
           file://sshd_check_keys \
           file://add-test-support-for-busybox.patch \
           file://0001-regress-banner.sh-log-input-and-output-files-on-erro.patch \
+           file://0001-systemd-Add-optional-support-for-systemd-sd_notify.patch \
           "
 SRC_URI[sha256sum] = "f026e7b79ba7fb540f75182af96dc8a8f1db395f922bbc9f6ca603672686086b"
@@ -51,7 +52,8 @@ INITSCRIPT_PARAMS:${PN}-sshd = "defaults 9"
 SYSTEMD_PACKAGES = "${PN}-sshd"
 SYSTEMD_SERVICE:${PN}-sshd = "sshd.socket sshd.service"
-inherit autotools-brokensep ptest
+inherit autotools-brokensep ptest pkgconfig
+DEPENDS += "${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'systemd', '', d)}"
 PACKAGECONFIG ??= ""
 PACKAGECONFIG[kerberos] = "--with-kerberos5,--without-kerberos5,krb5"
@@ -69,6 +71,7 @@ EXTRA_OECONF = "'LOGIN_PROGRAM=${base_bindir}/login' \
                --sysconfdir=${sysconfdir}/ssh \
                --with-xauth=${bindir}/xauth \
                --disable-strip \
+                ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', '--with-systemd', '--without-systemd', d)} \
                "
 # musl doesn't implement wtmp/utmp and logwtmp
author	Xiangyu Chen <xiangyu.chen@windriver.com>	2023-11-15 13:05:07 +0800
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2023-11-20 15:30:52 +0000
commit	339d362a70f4523a4b296901f5c391ea8b90019e (patch)
tree	2009d9795c6ea7e8ee2f75b4ffc576e8ec57f95e /meta/recipes-connectivity/openssh
parent	ff0c3a48e20d4dc98b63676cfb66d73301297907 (diff)
download	poky-339d362a70f4523a4b296901f5c391ea8b90019e.tar.gz

diff --git a/meta/recipes-connectivity/openssh/openssh/0001-systemd-Add-optional-support-for-systemd-sd_notify.patch b/meta/recipes-connectivity/openssh/openssh/0001-systemd-Add-optional-support-for-systemd-sd_notify.patch new file mode 100644 index 0000000000..acda8f1ce9 --- /dev/null +++ b/meta/recipes-connectivity/openssh/openssh/0001-systemd-Add-optional-support-for-systemd-sd_notify.patch
@@ -0,0 +1,99 @@
		1	From be187435911cde6cc3cef6982a508261074f1e56 Mon Sep 17 00:00:00 2001
		2	From: Matt Jolly <Matt.Jolly@footclan.ninja>
		3	Date: Thu, 2 Feb 2023 21:05:40 +1100
		4	Subject: [PATCH] systemd: Add optional support for systemd `sd_notify`
		5
		6	This is a rebase of Dennis Lamm's <expeditioneer@gentoo.org>
		7	patch based on Jakub Jelen's <jjelen@redhat.com> original patch
		8
		9	Upstream-Status: Submitted [https://github.com/openssh/openssh-portable/pull/375/commits/be187435911cde6cc3cef6982a508261074f1e56]
		10
		11	Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com>
		12	---
		13	configure.ac \| 24 ++++++++++++++++++++++++
		14	sshd.c \| 13 +++++++++++++
		15	2 files changed, 37 insertions(+)
		16
		17	diff --git a/configure.ac b/configure.ac
		18	index 22fee70f..486c189f 100644
		19	--- a/configure.ac
		20	+++ b/configure.ac
		21	@@ -4835,6 +4835,29 @@ AC_SUBST([GSSLIBS])
		22	AC_SUBST([K5LIBS])
		23	AC_SUBST([CHANNELLIBS])
		24
		25	+# Check whether user wants systemd support
		26	+SYSTEMD_MSG="no"
		27	+AC_ARG_WITH(systemd,
		28	+ [ --with-systemd Enable systemd support],
		29	+ [ if test "x$withval" != "xno" ; then
		30	+ AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no])
		31	+ if test "$PKGCONFIG" != "no"; then
		32	+ AC_MSG_CHECKING([for libsystemd])
		33	+ if $PKGCONFIG --exists libsystemd; then
		34	+ SYSTEMD_CFLAGS=`$PKGCONFIG --cflags libsystemd`
		35	+ SYSTEMD_LIBS=`$PKGCONFIG --libs libsystemd`
		36	+ CPPFLAGS="$CPPFLAGS $SYSTEMD_CFLAGS"
		37	+ SSHDLIBS="$SSHDLIBS $SYSTEMD_LIBS"
		38	+ AC_MSG_RESULT([yes])
		39	+ AC_DEFINE(HAVE_SYSTEMD, 1, [Define if you want systemd support.])
		40	+ SYSTEMD_MSG="yes"
		41	+ else
		42	+ AC_MSG_RESULT([no])
		43	+ fi
		44	+ fi
		45	+ fi ]
		46	+)
		47	+
		48	# Looking for programs, paths and files
		49
		50	PRIVSEP_PATH=/var/empty
		51	@@ -5634,6 +5657,7 @@ echo " libldns support: $LDNS_MSG"
		52	echo " Solaris process contract support: $SPC_MSG"
		53	echo " Solaris project support: $SP_MSG"
		54	echo " Solaris privilege support: $SPP_MSG"
		55	+echo " systemd support: $SYSTEMD_MSG"
		56	echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
		57	echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
		58	echo " BSD Auth support: $BSD_AUTH_MSG"
		59	diff --git a/sshd.c b/sshd.c
		60	index 6321936c..859d6a0b 100644
		61	--- a/sshd.c
		62	+++ b/sshd.c
		63	@@ -88,6 +88,10 @@
		64	#include <prot.h>
		65	#endif
		66
		67	+#ifdef HAVE_SYSTEMD
		68	+#include <systemd/sd-daemon.h>
		69	+#endif
		70	+
		71	#include "xmalloc.h"
		72	#include "ssh.h"
		73	#include "ssh2.h"
		74	@@ -310,6 +314,10 @@ static void
		75	sighup_restart(void)
		76	{
		77	logit("Received SIGHUP; restarting.");
		78	+#ifdef HAVE_SYSTEMD
		79	+ /* Signal systemd that we are reloading */
		80	+ sd_notify(0, "RELOADING=1");
		81	+#endif
		82	if (options.pid_file != NULL)
		83	unlink(options.pid_file);
		84	platform_pre_restart();
		85	@@ -2086,6 +2094,11 @@ main(int ac, char **av)
		86	}
		87	}
		88
		89	+#ifdef HAVE_SYSTEMD
		90	+ /* Signal systemd that we are ready to accept connections */
		91	+ sd_notify(0, "READY=1");
		92	+#endif
		93	+
		94	/* Accept a connection and return in a forked child */
		95	server_accept_loop(&sock_in, &sock_out,
		96	&newsock, config_s);
		97	--
		98	2.25.1
		99


diff --git a/meta/recipes-connectivity/openssh/openssh_9.5p1.bb b/meta/recipes-connectivity/openssh/openssh_9.5p1.bb index 3a94633cf0..bbb8fb091a 100644 --- a/meta/recipes-connectivity/openssh/openssh_9.5p1.bb +++ b/meta/recipes-connectivity/openssh/openssh_9.5p1.bb
@@ -26,6 +26,7 @@ SRC_URI = "http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar
26	file://sshd_check_keys \	26	file://sshd_check_keys \
27	file://add-test-support-for-busybox.patch \	27	file://add-test-support-for-busybox.patch \
28	file://0001-regress-banner.sh-log-input-and-output-files-on-erro.patch \	28	file://0001-regress-banner.sh-log-input-and-output-files-on-erro.patch \
		29	file://0001-systemd-Add-optional-support-for-systemd-sd_notify.patch \
29	"	30	"
30	SRC_URI[sha256sum] = "f026e7b79ba7fb540f75182af96dc8a8f1db395f922bbc9f6ca603672686086b"	31	SRC_URI[sha256sum] = "f026e7b79ba7fb540f75182af96dc8a8f1db395f922bbc9f6ca603672686086b"
31		32
@@ -51,7 +52,8 @@ INITSCRIPT_PARAMS:${PN}-sshd = "defaults 9"
51	SYSTEMD_PACKAGES = "${PN}-sshd"	52	SYSTEMD_PACKAGES = "${PN}-sshd"
52	SYSTEMD_SERVICE:${PN}-sshd = "sshd.socket sshd.service"	53	SYSTEMD_SERVICE:${PN}-sshd = "sshd.socket sshd.service"
53		54
54	inherit autotools-brokensep ptest	55	inherit autotools-brokensep ptest pkgconfig
		56	DEPENDS += "${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'systemd', '', d)}"
55		57
56	PACKAGECONFIG ??= ""	58	PACKAGECONFIG ??= ""
57	PACKAGECONFIG[kerberos] = "--with-kerberos5,--without-kerberos5,krb5"	59	PACKAGECONFIG[kerberos] = "--with-kerberos5,--without-kerberos5,krb5"
@@ -69,6 +71,7 @@ EXTRA_OECONF = "'LOGIN_PROGRAM=${base_bindir}/login' \
69	--sysconfdir=${sysconfdir}/ssh \	71	--sysconfdir=${sysconfdir}/ssh \
70	--with-xauth=${bindir}/xauth \	72	--with-xauth=${bindir}/xauth \
71	--disable-strip \	73	--disable-strip \
		74	${@bb.utils.contains('DISTRO_FEATURES', 'systemd', '--with-systemd', '--without-systemd', d)} \
72	"	75	"
73		76
74	# musl doesn't implement wtmp/utmp and logwtmp	77	# musl doesn't implement wtmp/utmp and logwtmp