summaryrefslogtreecommitdiffstats
path: root/meta
diff options
context:
space:
mode:
authorRasmus Villemoes <rasmus.villemoes@prevas.dk>2024-04-17 13:45:20 +0200
committerRichard Purdie <richard.purdie@linuxfoundation.org>2024-04-25 10:19:28 +0100
commit89204a0114c1d46626a2439389f9c0a760dbb8d0 (patch)
tree753a2a01a709d3b797376017812450c22d049334 /meta
parent8aa5d31184fac2ee5ad26ff130f98c751e8ae4c6 (diff)
downloadpoky-89204a0114c1d46626a2439389f9c0a760dbb8d0.tar.gz
openssh: add After dependencies on nss-user-lookup.target
Quoting 'man systemd.special': nss-user-lookup.target A target that should be used as synchronization point for all regular UNIX user/group name service lookups. [...] All services for which the availability of the full user/group database is essential should be ordered after this target, but not pull it in. All services which provide parts of the user/group database should be ordered before this target, and pull it in. When no service providing parts of the user/group database exists and thus pulls in the nss-user-lookup.target, this added dependency is a no-op. However, when such a service does exist, and e.g. modifies /etc/shadow to change password or enable/disable certain accounts, it is essential that no ssh connections are accepted until those changes are made. (From OE-Core rev: 365b5490f3b12772ed57a6bcfd1e0e8a91185afc) Signed-off-by: Rasmus Villemoes <rasmus.villemoes@prevas.dk> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta')
-rw-r--r--meta/recipes-connectivity/openssh/openssh/sshd.service1
-rw-r--r--meta/recipes-connectivity/openssh/openssh/sshd.socket1
2 files changed, 2 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/openssh/openssh/sshd.service b/meta/recipes-connectivity/openssh/openssh/sshd.service
index 2a997b656a..3e570ab1e5 100644
--- a/meta/recipes-connectivity/openssh/openssh/sshd.service
+++ b/meta/recipes-connectivity/openssh/openssh/sshd.service
@@ -2,6 +2,7 @@
2Description=OpenSSH server daemon 2Description=OpenSSH server daemon
3Wants=sshdgenkeys.service 3Wants=sshdgenkeys.service
4After=sshdgenkeys.service 4After=sshdgenkeys.service
5After=nss-user-lookup.target
5 6
6[Service] 7[Service]
7Environment="SSHD_OPTS=" 8Environment="SSHD_OPTS="
diff --git a/meta/recipes-connectivity/openssh/openssh/sshd.socket b/meta/recipes-connectivity/openssh/openssh/sshd.socket
index 8d76d62309..7dd2ed0626 100644
--- a/meta/recipes-connectivity/openssh/openssh/sshd.socket
+++ b/meta/recipes-connectivity/openssh/openssh/sshd.socket
@@ -1,6 +1,7 @@
1[Unit] 1[Unit]
2Conflicts=sshd.service 2Conflicts=sshd.service
3Wants=sshdgenkeys.service 3Wants=sshdgenkeys.service
4After=nss-user-lookup.target
4 5
5[Socket] 6[Socket]
6ExecStartPre=@BASE_BINDIR@/mkdir -p /var/run/sshd 7ExecStartPre=@BASE_BINDIR@/mkdir -p /var/run/sshd