From patchwork Thu Nov 18 01:50:25 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Quirin Gylstorff <Quirin.Gylstorff@siemens.com>
X-Patchwork-Id: 1044
Return-Path: <isar-users+bncBCTZZTVX2QCRBA743CGAMGQENPOONCY@googlegroups.com>
Received: from shymkent.ilbers.de ([unix socket])
	by shymkent (Cyrus 2.5.10-Debian-2.5.10-3) with LMTPA;
	Thu, 18 Nov 2021 12:50:33 +0100
X-Sieve: CMU Sieve 2.4
Received: from mail-lf1-f61.google.com (mail-lf1-f61.google.com
	[209.85.167.61])
	by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8) with ESMTPS id
	1AIBoWfu015976
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256
	verify=NOT)
	for <patchwork@isar-build.org>; Thu, 18 Nov 2021 12:50:33 +0100
Received: by mail-lf1-f61.google.com with SMTP id
	y40-20020a0565123f2800b003fded085638sf3861559lfa.0
	for <patchwork@isar-build.org>; Thu, 18 Nov 2021 03:50:33 -0800 (PST)
ARC-Seal: i=2; a=rsa-sha256; t=1637236227; cv=pass;
	d=google.com; s=arc-20160816;
	b=CqJGN9Gv2HhUIMeYV246cgxoKY5tYkJ+CZHDRMQi6dxoMmDiapnDbvBk1yntvMiZJS
	faaDitLnTrsvf/PDRMtItkZYjpJL+fuZgHas2CZ0MWoveQypQlJjaExNdNp7AvYFx5Ju
	jeLIH82ysGeW+O0UnCnDxBEdJt6tAXfgiMRpjmaGKF92qEewx+S0z8qP6B/1n5IwyX05
	XvIFj+jqqCDSSx2ulCCm9vTx0ZLFzeBSKeFg+ml+lqmoJGOTlrIoYHl30WlAZ5ESvZ5h
	JX5BwEYtN/dYrrKnTHggEhMF9jCenu07eXme5v7PEXGmtjHCUuZ6IrpSUzfgPLf2pXjQ
	zVHw==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
	s=arc-20160816;
	h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
	:list-id:mailing-list:precedence:mime-version:message-id:date
	:subject:to:from:sender:dkim-signature;
	bh=ik0z2jjLQjcsrkn+OuFn3nv+r/IlP10p7eZsoVJo+30=;
	b=h2hEvRGKVUISH6CA1p5vy1cYbxwoiTtV0QCoLeDkDPZ63NiSLDmh5v2KxjTJId9xSS
	S8tmowTpSVOvUxySYeP2X+QZpMGes7ac5wlP/n25eDBApWjQ3+Kxksz0upuJ1zRLjskp
	3mo6w9jAJzXSPQfemaLNe7ZVP3SCsjscUttz2m2MkeMTu9EP6AigyS9rPAFtkB6hZzA9
	oMC4k/Qial0LvgUBnlO/xTfaxB3BU0eNxtRenMCmLmPAsl3L08LGpe180wjsrqle9k4m
	XFO/sNgnGt2joyqSyr6m3+phTecCoZ7YfXRNxXUuffESV/rx78cATeLUkQ6tH0z3cK/9
	Eu9A==
ARC-Authentication-Results: i=2; gmr-mx.google.com;
	spf=pass (google.com: domain of quirin.gylstorff@siemens.com
	designates 192.35.17.2 as permitted sender)
	smtp.mailfrom=Quirin.Gylstorff@siemens.com;
	dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=siemens.com
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=googlegroups.com; s=20210112;
	h=sender:from:to:subject:date:message-id:mime-version
	:x-original-sender:x-original-authentication-results:precedence
	:mailing-list:list-id:list-post:list-help:list-archive
	:list-subscribe:list-unsubscribe;
	bh=ik0z2jjLQjcsrkn+OuFn3nv+r/IlP10p7eZsoVJo+30=;
	b=gNOxzslkv6tCS8JRRpR++5PuhQQZN3byTg2Ttg/+qo13rSczjbfm9bq2ecmTN9jiQh
	xGOy6ccf3096WP0cJWYKhpU2DQBfl619t6zEm38J0gqAsE3MoaFgVmGJJr8CJciDyQhJ
	s0AE/Mp4v2km3iBE1Qv/wFO1hZHI5pdzM4se22OZWyzlSuTyD8w5ZGI5Joi8x6OBQhw5
	vW/OPA4MJUG537uG7/XetpjCtyMDmH6uDcz2Yb0yoANNdCJnzI9lLhBJ3uCnfE9wJI7m
	HVi6urb5xrUWFaToOCQnHxr/99YulIHTwlM4dmqvZskK0C3QIjzRkywJCBkd1MnMq9jb
	hymA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20210112;
	h=sender:x-gm-message-state:from:to:subject:date:message-id
	:mime-version:x-original-sender:x-original-authentication-results
	:precedence:mailing-list:list-id:x-spam-checked-in-group:list-post
	:list-help:list-archive:list-subscribe:list-unsubscribe;
	bh=ik0z2jjLQjcsrkn+OuFn3nv+r/IlP10p7eZsoVJo+30=;
	b=xio+g2JxaYkF+v5+6hlNSXLVXPq9MnOqzp8o2TjsysCvmhVfmIsLJLA4f+0YjZf7M0
	Svx7TwqBl8cs+h/AxIBofM5Jq/kKyEXw/D4vZRvacW9NLEDgWkpCZ1DQ+7psdSgU3ZrW
	i9SRe1PjULFuY6OpnXgI6r+99yKk6ZCXfffmkhsxdbrQbcP1uZLstdHr2RN/SWA6yaB0
	MZ3G4Erajg5UK0qh07dUo8paFqvAtJYTEWY3ZGMM4XdLkjkjaep3e9ck2bcihW6fVpbC
	HgggRfoE6EhzckgoRPCO65BcOeYPfdTsL4I4STOudT/RpIy/504Y1eCem5KxPi+XDqBN
	fnVQ==
Sender: isar-users@googlegroups.com
X-Gm-Message-State: AOAM533f3ZJllbCdZ5A+U7WvlDaBXIlKJojbmTBs5f523PEmwvyP3ud2
	lyOtz0fxEI4hNT+5NDOnExk=
X-Google-Smtp-Source: 
 ABdhPJwWexQYSMaRCxNDGfLGyl5GVyh9hLOWSzF+gHnipe4CdOX6q0Gu+NqjiI/WIVTqKwolOf9o1A==
X-Received: by 2002:a19:f242:: with SMTP id
	d2mr23662839lfk.516.1637236227497;
	Thu, 18 Nov 2021 03:50:27 -0800 (PST)
X-BeenThere: isar-users@googlegroups.com
Received: by 2002:a05:6512:3d9e:: with SMTP id k30ls2026168lfv.1.gmail; Thu,
	18 Nov 2021 03:50:26 -0800 (PST)
X-Received: by 2002:ac2:5e8f:: with SMTP id
	b15mr23853967lfq.252.1637236226515;
	Thu, 18 Nov 2021 03:50:26 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1637236226; cv=none;
	d=google.com; s=arc-20160816;
	b=ZYfOiRd6W2NLUaH3ovvatbCHdDxocjIq11gpSorFVuta36miBTixt7j4gNm238uWSx
	YsNaA7w1cfRMqKY7BnmPJU7H6mhFtYt1SKurnNlsaS6LUInwCJ3UXrMSQL2OiUO2fCJk
	xGA0ssZTOYLZqsXb3cwto9AhEn0o1p6eSXLWtPW80GBGnXtBUrTPXY2JkLKB5yNRLgK9
	vz34ZLwl8BMy2OUzAlTg06tTDnGdIu2bN+6pGtGwenr5qCn4vZR4iDLXk+POScH2YYYj
	Ebhkv+IweMrMm+nWM4i+Wk0HF+s/pf50rNM4GiEt4aKVAHHgkGWaU3YGVDJkSWw7oyBR
	YQFQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
	s=arc-20160816;
	h=content-transfer-encoding:mime-version:message-id:date:subject:to
	:from;
	bh=b1s7Vvfci7tQ01pj2lgIWqR2bIsYI1EaXCFQSl/LhCI=;
	b=CKoP4Hv60AL0+71ZxmuZBo73R9s6e3uEpeKuQ1GnEtA9sInM5WwPQxCJuzatXKXvzP
	4xn2Ry+Ke3aAJaie3y+6Qls6p3ngWfTEXMuITbKF/DHwr8tKRd/LvHjfRNtFKgZOdwYq
	htnt6znD7OVnb0toovhajK15M8qq6ZGtYbcdBHdFpIvvMIJDVjt+4pd6OpHRrSUkbloa
	XKQAbgnG+tMOrCStGpQGjTvunrWX9uLYPS/+sBhmQ53pCMbiGSOaISJ1l1tPO3DGjXr6
	DmygI3hUy7MGfqUa5DJw/1hJ7i1Oai9NscISra/AjZgyxwM8GrrWJFaeNa/81HTK57Vj
	K46A==
ARC-Authentication-Results: i=1; gmr-mx.google.com;
	spf=pass (google.com: domain of quirin.gylstorff@siemens.com
	designates 192.35.17.2 as permitted sender)
	smtp.mailfrom=Quirin.Gylstorff@siemens.com;
	dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=siemens.com
Received: from thoth.sbs.de (thoth.sbs.de. [192.35.17.2])
	by gmr-mx.google.com with ESMTPS id
	y7si207702ljp.7.2021.11.18.03.50.26
	for <isar-users@googlegroups.com>
	(version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);
	Thu, 18 Nov 2021 03:50:26 -0800 (PST)
Received-SPF: pass (google.com: domain of quirin.gylstorff@siemens.com
	designates 192.35.17.2 as permitted sender)
	client-ip=192.35.17.2;
Received: from mail1.sbs.de (mail1.sbs.de [192.129.41.35])
	by thoth.sbs.de (8.15.2/8.15.2) with ESMTPS id 1AIBoPRD014164
	(version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK)
	for <isar-users@googlegroups.com>; Thu, 18 Nov 2021 12:50:25 +0100
Received: from md2dvrtc.fritz.box ([139.22.45.143])
	by mail1.sbs.de (8.15.2/8.15.2) with ESMTP id 1AIBoPeW006793;
	Thu, 18 Nov 2021 12:50:25 +0100
From: "Q. Gylstorff" <Quirin.Gylstorff@siemens.com>
To: henning.schild@siemens.com, isar-users@googlegroups.com,
	jan.kiszka@siemens.com
Subject: [PATCH] sshd-regen-keys: Disable service after it run once
Date: Thu, 18 Nov 2021 12:50:25 +0100
Message-Id: <20211118115025.182309-1-Quirin.Gylstorff@siemens.com>
X-Mailer: git-send-email 2.30.2
MIME-Version: 1.0
X-Original-Sender: quirin.gylstorff@siemens.com
X-Original-Authentication-Results: gmr-mx.google.com;       spf=pass
	(google.com: domain of quirin.gylstorff@siemens.com designates
	192.35.17.2 as
	permitted sender) smtp.mailfrom=Quirin.Gylstorff@siemens.com;
	dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=siemens.com
Precedence: list
Mailing-list: list isar-users@googlegroups.com;
	contact isar-users+owners@googlegroups.com
List-ID: <isar-users.googlegroups.com>
X-Spam-Checked-In-Group: isar-users@googlegroups.com
X-Google-Group-Id: 914930254986
List-Post: <https://groups.google.com/group/isar-users/post>,
	<mailto:isar-users@googlegroups.com>
List-Help: <https://groups.google.com/support/>,
	<mailto:isar-users+help@googlegroups.com>
List-Archive: <https://groups.google.com/group/isar-users
List-Subscribe: <https://groups.google.com/group/isar-users/subscribe>,
	<mailto:isar-users+subscribe@googlegroups.com>
List-Unsubscribe: 
 <mailto:googlegroups-manage+914930254986+unsubscribe@googlegroups.com>,
	<https://groups.google.com/group/isar-users/subscribe>
X-Spam-Status: No, score=-0.9 required=5.0 tests=DKIMWL_WL_MED, DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_EF,HEADER_FROM_DIFFERENT_DOMAINS,
	MAILING_LIST_MULTI,RCVD_IN_MSPIKE_H2,SPF_PASS autolearn=unavailable
	autolearn_force=no version=3.4.2
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de
X-getmail-retrieved-from-mailbox: INBOX

From: Quirin Gylstorff <quirin.gylstorff@siemens.com>

sshd-regen-keys is executed every time the system boots.
This leads to new system ssh keys every boot.

Revert to the behavior to before
commit d700bf83042c57efdc4f4721f56d078433ce6b1d sshd-regen-keys: Improve service, make more robust

and disable the service after it was executed.

Signed-off-by: Quirin Gylstorff <quirin.gylstorff@siemens.com>
---
 .../sshd-regen-keys/files/sshd-regen-keys.service                | 1 +
 .../{sshd-regen-keys_0.4.bb => sshd-regen-keys_0.5.bb}           | 0
 2 files changed, 1 insertion(+)
 rename meta/recipes-support/sshd-regen-keys/{sshd-regen-keys_0.4.bb => sshd-regen-keys_0.5.bb} (100%)

diff --git a/meta/recipes-support/sshd-regen-keys/files/sshd-regen-keys.service b/meta/recipes-support/sshd-regen-keys/files/sshd-regen-keys.service
index 5c2ccff7..b38e6edc 100644
--- a/meta/recipes-support/sshd-regen-keys/files/sshd-regen-keys.service
+++ b/meta/recipes-support/sshd-regen-keys/files/sshd-regen-keys.service
@@ -11,6 +11,7 @@ ConditionPathIsReadWrite=/etc
 Type=oneshot
 RemainAfterExit=yes
 ExecStart=/usr/bin/ssh-keygen -A
+ExecStartPost=-/bin/systemctl disable sshd-regen-keys.service
 
 [Install]
 WantedBy=sysinit.target
diff --git a/meta/recipes-support/sshd-regen-keys/sshd-regen-keys_0.4.bb b/meta/recipes-support/sshd-regen-keys/sshd-regen-keys_0.5.bb
similarity index 100%
rename from meta/recipes-support/sshd-regen-keys/sshd-regen-keys_0.4.bb
rename to meta/recipes-support/sshd-regen-keys/sshd-regen-keys_0.5.bb