[v2,0/2] sshd-regen-keys: Fix boot hang on low end hardware

Message ID	20211015080638.12765-1-florian.bezdeka@siemens.com
Headers	show Return-Path: <isar-users+bncBC44VTVY2UERBFXNUSFQMGQEXMK2AHI@googlegroups.com> Sender: isar-users@googlegroups.com Received-SPF: pass (google.com: domain of florian.bezdeka@siemens.com designates 40.107.14.72 as permitted sender) client-ip=40.107.14.72; From: Florian Bezdeka <florian.bezdeka@siemens.com> To: isar-users@googlegroups.com Cc: jan.kiszka@siemens.com, henning.schild@siemens.com, Florian Bezdeka <florian.bezdeka@siemens.com> Subject: [PATCH v2 0/2] sshd-regen-keys: Fix boot hang on low end hardware Date: Fri, 15 Oct 2021 10:06:36 +0200 Message-Id: <20211015080638.12765-1-florian.bezdeka@siemens.com> Content-Type: text/plain; charset="UTF-8" MIME-Version: 1.0 Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com
Series	sshd-regen-keys: Fix boot hang on low end hardware \| expand [v2,0/2] sshd-regen-keys: Fix boot hang on low end hardware [v2,1/2] sshd-regen-keys: Start key generation after entropy seed [v2,2/2] sshd-regen-keys: Fix some systemd obsolete warnings about using syslog

Message ID

20211015080638.12765-1-florian.bezdeka@siemens.com

Headers

Sender: isar-users@googlegroups.com
Received-SPF: pass (google.com: domain of florian.bezdeka@siemens.com
	designates 40.107.14.72 as permitted sender)
	client-ip=40.107.14.72; 
From: Florian Bezdeka <florian.bezdeka@siemens.com>
To: isar-users@googlegroups.com
Cc: jan.kiszka@siemens.com, henning.schild@siemens.com,
	Florian Bezdeka <florian.bezdeka@siemens.com>
Subject: [PATCH v2 0/2] sshd-regen-keys: Fix boot hang on low end hardware
Date: Fri, 15 Oct 2021 10:06:36 +0200
Message-Id: <20211015080638.12765-1-florian.bezdeka@siemens.com>
Content-Type: text/plain; charset="UTF-8"
MIME-Version: 1.0
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: zwWHktUA8pd/MHoC9C5knMgys3s92kcJAWqW/zoV+P3khfzgpcVAn3DslEJCx/q4ZYu+LcGCbI9V/NAnUbegmXKykdPrNKeWgkFvAvAHKSkcv4e+guGGjSdhNvD3LoQD08mL7H0fhGe/+9U3c9n8vJoTyfXEr6JxHkS1NegOU93fSRn75nTOaDB/5ANrYfCwUK1no2r+59+yY9pig/Ioz5/fxVcd2sY9FaOXvW46s8Kh5aN2LIgSR2BBTRz0At1wXF0J1XAVwQkFUNf5tAnNQj8TwkrTgXXBvagDokc9JKbTEGyUx/ZP6QDboUasKVvE6nROYw9465/yrcWCtG9RgO4u5+GLKwNnvplWQaNAgU/tWqB1NaxZzQ5M6ZemiE9NoYVT78zAZgJbNZueLl860dU1lwdb4jRsenQdusyQP/9wwwEpyCBbDABH/v8MprLS6XhsUjHQy53KnKEhUmtsjs+x3sM/bQhFQtABL9VqLxwQ2b3DcUsKxSYBouLUSJDL0UcTPvT+dPaPVDNs10b+woYA30GBw4gRrOfFVR2QsmqDJNjko1h5/9Lxw8RyQ0CYavpjXfkrDPzIEX/7qCGdBzZUBYy5ipIJNVBvUcRchllPK5wSm988BzCmmWEKxk38EmmAbSWpIrop/HUB9coQg3rKG3Lpms1ElErj4EPvuovRyI8uUgDRQTZJQpY9ATNR+1FC7QOFNmNL7+VCupEzuWIdAFg9RiEQyrbIVirdeiU2yx0ekrQqHs68ovRIgTTKTFqa0IyMBT0i6KOJQXGYWv9uuTO5wE0JwU2fXcP7QOTOsmY4eqjJRlGrF0MbOufz45GfSrOQItJ4RQFUXrAXv9AxVRwCPAEzcVGJ2VuFj3YYKcLDUmZKY64BsvixyTepUp/iUgIDIR/3dTcHRtDYERSOQUGzRPehKvFqbd1Y2w5o+vTQjfLu/guuux6axmEYh7+OuGC2QQ86jB6wmHsFFyUlrE67hAohhFCgxj1BCZXly2bom41vL1WjRP0xvKXFRMqPf9RTwpkSS7mhoPQ2fE55Ckj1jYa4c9/kgVNz96EZ8k/at7txjYKnuwG9VuvcuHli0t1bjHBL0TiXYZUV1b4FU49VKYF6MZzNYatpLkzxJ7sYYwTjBmJmxLUmxIEHd7vJAo7NBRynqSPUDIxjdtf0CvaU1pDHhMiwk3Mv8qQS+7UoElXtuq5Oo2JTjM01pYHx7E0IxiW+Aaw45uCcrngWB5w4HP9wgpCgut2SHholCnqP4m5aIWrQQ3fC6iVCKyGtMZx/jqmtsZYFzW771N3C4W7oBku0OFqzohtzNJhR2eyykGFLKmjwQql9VBpOL20lZguEnJ0/g4+Yl1cI4xMonRh6+sNJMCpKJRR+3xUYOPpxIaEb3aN32D1u5Xts
X-OriginatorOrg: siemens.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 4d2455e7-63ec-4482-d817-08d98fb2b8dd
X-MS-Exchange-CrossTenant-AuthSource: AM0PR10MB1906.EURPRD10.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 15 Oct 2021 08:06:41.9342
	(UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: 3e2FNSVIv8X6A31Ec0f8LayHj9oVO5gcqEWs43NhyhAtTFlOqg1XdMDKmQYs1NEkafFG+djuIBd3DgCt2baFK01OmXUGaOTq/MEEw2rHp2g=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR10MB2737
X-Original-Sender: florian.bezdeka@siemens.com
X-Original-Authentication-Results: gmr-mx.google.com;       dkim=pass
	header.i=@siemens.onmicrosoft.com
	header.s=selector1-siemens-onmicrosoft-com
	header.b=JNy5sJqJ; arc=pass (i=1 spf=pass spfdomain=siemens.com
	dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com);
	spf=pass (google.com: domain of florian.bezdeka@siemens.com
	designates
	40.107.14.72 as permitted sender)
	smtp.mailfrom=florian.bezdeka@siemens.com; 
	dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=siemens.com
Precedence: list
Mailing-list: list isar-users@googlegroups.com;
	contact isar-users+owners@googlegroups.com
List-ID: <isar-users.googlegroups.com>
X-Spam-Checked-In-Group: isar-users@googlegroups.com
X-Google-Group-Id: 914930254986
List-Post: <https://groups.google.com/group/isar-users/post>,
	<mailto:isar-users@googlegroups.com>
List-Help: <https://groups.google.com/support/>,
	<mailto:isar-users+help@googlegroups.com>
List-Archive: <https://groups.google.com/group/isar-users
List-Subscribe: <https://groups.google.com/group/isar-users/subscribe>,
	<mailto:isar-users+subscribe@googlegroups.com>
List-Unsubscribe: <mailto:googlegroups-manage+914930254986+unsubscribe@googlegroups.com>,
	<https://groups.google.com/group/isar-users/subscribe>
X-getmail-retrieved-from-mailbox: INBOX

Series

sshd-regen-keys: Fix boot hang on low end hardware | expand

Message

Florian Bezdeka Oct. 14, 2021, 11:06 p.m. UTC

Hi,

when booting a Debian 11 based ISAR image with sshd-regen-keys 
enabled on low end systems it could happen that the first boot 
took too long so that the configured timeout for serial console 
systemd units was hit.

It turned out that running sshd-regen-keys in parallel to
systemd-random-seed is not the best idea. Patch one fixes that by
moving the start of sshd-regen-keys after the point in time where 
systemd-random-seed completed.

Patch two fixes two warnings that were discovered on Debian 11. I
tested that with Debian 10 as well. Worked as expected.

Best regards,
Florian

---
Changes since v1:
 - Rebased on current next

Florian Bezdeka (2):
  sshd-regen-keys: Start key generation after entropy seed
  sshd-regen-keys: Fix some systemd obsolete warnings about using syslog

 .../sshd-regen-keys/files/sshd-regen-keys.service              | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

Comments

Anton Mikanovich Oct. 22, 2021, 5:59 a.m. UTC | #1

On 15.10.21 11:06, Florian Bezdeka wrote:
> Hi,
>
> when booting a Debian 11 based ISAR image with sshd-regen-keys
> enabled on low end systems it could happen that the first boot
> took too long so that the configured timeout for serial console
> systemd units was hit.
>
> It turned out that running sshd-regen-keys in parallel to
> systemd-random-seed is not the best idea. Patch one fixes that by
> moving the start of sshd-regen-keys after the point in time where
> systemd-random-seed completed.
>
> Patch two fixes two warnings that were discovered on Debian 11. I
> tested that with Debian 10 as well. Worked as expected.
>
> Best regards,
> Florian
>
Applied to next, thanks.