From f515e7e4b4cddfbd1d75694cf5998979256220d9 Mon Sep 17 00:00:00 2001 From: Riku Voipio Date: Wed, 10 May 2017 16:27:06 +0300 Subject: stretch: rc.local update ssh key generation Stretch uses systemd socket actication vor ssh. unfortunately postinst will still tries to restart sshd, which will fail as socket is still listening. This leaves systemd think system is in degraded state - ssh will still work but degraded state has side-effects elsewhere. Workaround by disabling socket first. And on the positive, the dsa key workaround can now be removed... Change-Id: Ibcc870170d36e4f4f8db4eb0f7e7830f62388ed3 --- stretch-arm64-alip/customization/includes.chroot/etc/rc.local | 11 +++++++---- .../customization/includes.chroot/etc/rc.local | 8 +++++++- .../customization/includes.chroot/etc/rc.local | 11 +++++++---- .../customization/includes.chroot/etc/rc.local | 11 +++++++---- stretch-armhf-alip/customization/includes.chroot/etc/rc.local | 11 +++++++---- .../customization/includes.chroot/etc/rc.local | 8 +++++++- .../customization/includes.chroot/etc/rc.local | 11 +++++++---- .../customization/includes.chroot/etc/rc.local | 11 +++++++---- 8 files changed, 56 insertions(+), 26 deletions(-) diff --git a/stretch-arm64-alip/customization/includes.chroot/etc/rc.local b/stretch-arm64-alip/customization/includes.chroot/etc/rc.local index 1f1d743..4e613ff 100755 --- a/stretch-arm64-alip/customization/includes.chroot/etc/rc.local +++ b/stretch-arm64-alip/customization/includes.chroot/etc/rc.local @@ -11,10 +11,13 @@ # # By default this script does nothing. -# Generate the SSH keys if non-existent -test -f /etc/ssh/ssh_host_rsa_key || dpkg-reconfigure openssh-server -# workaround for https://bugs.debian.org/850614 -test -f /etc/ssh/ssh_host_dsa_key || ssh-keygen -q -f /etc/ssh/ssh_host_dsa_key -N '' -t dsa +# Generate the SSH keys if non-existent +if [ ! -f /etc/ssh/ssh_host_rsa_key ] +then + # else ssh service start in dpkg-reconfigure will fail + systemctl stop ssh.socket||true + dpkg-reconfigure openssh-server +fi exit 0 diff --git a/stretch-arm64-blend/customization/includes.chroot/etc/rc.local b/stretch-arm64-blend/customization/includes.chroot/etc/rc.local index bedc8cf..4e613ff 100755 --- a/stretch-arm64-blend/customization/includes.chroot/etc/rc.local +++ b/stretch-arm64-blend/customization/includes.chroot/etc/rc.local @@ -11,7 +11,13 @@ # # By default this script does nothing. + # Generate the SSH keys if non-existent -test -f /etc/ssh/ssh_host_rsa_key || dpkg-reconfigure openssh-server +if [ ! -f /etc/ssh/ssh_host_rsa_key ] +then + # else ssh service start in dpkg-reconfigure will fail + systemctl stop ssh.socket||true + dpkg-reconfigure openssh-server +fi exit 0 diff --git a/stretch-arm64-developer/customization/includes.chroot/etc/rc.local b/stretch-arm64-developer/customization/includes.chroot/etc/rc.local index 1f1d743..4e613ff 100755 --- a/stretch-arm64-developer/customization/includes.chroot/etc/rc.local +++ b/stretch-arm64-developer/customization/includes.chroot/etc/rc.local @@ -11,10 +11,13 @@ # # By default this script does nothing. -# Generate the SSH keys if non-existent -test -f /etc/ssh/ssh_host_rsa_key || dpkg-reconfigure openssh-server -# workaround for https://bugs.debian.org/850614 -test -f /etc/ssh/ssh_host_dsa_key || ssh-keygen -q -f /etc/ssh/ssh_host_dsa_key -N '' -t dsa +# Generate the SSH keys if non-existent +if [ ! -f /etc/ssh/ssh_host_rsa_key ] +then + # else ssh service start in dpkg-reconfigure will fail + systemctl stop ssh.socket||true + dpkg-reconfigure openssh-server +fi exit 0 diff --git a/stretch-arm64-installer/customization/includes.chroot/etc/rc.local b/stretch-arm64-installer/customization/includes.chroot/etc/rc.local index 1f1d743..4e613ff 100755 --- a/stretch-arm64-installer/customization/includes.chroot/etc/rc.local +++ b/stretch-arm64-installer/customization/includes.chroot/etc/rc.local @@ -11,10 +11,13 @@ # # By default this script does nothing. -# Generate the SSH keys if non-existent -test -f /etc/ssh/ssh_host_rsa_key || dpkg-reconfigure openssh-server -# workaround for https://bugs.debian.org/850614 -test -f /etc/ssh/ssh_host_dsa_key || ssh-keygen -q -f /etc/ssh/ssh_host_dsa_key -N '' -t dsa +# Generate the SSH keys if non-existent +if [ ! -f /etc/ssh/ssh_host_rsa_key ] +then + # else ssh service start in dpkg-reconfigure will fail + systemctl stop ssh.socket||true + dpkg-reconfigure openssh-server +fi exit 0 diff --git a/stretch-armhf-alip/customization/includes.chroot/etc/rc.local b/stretch-armhf-alip/customization/includes.chroot/etc/rc.local index 1f1d743..4e613ff 100755 --- a/stretch-armhf-alip/customization/includes.chroot/etc/rc.local +++ b/stretch-armhf-alip/customization/includes.chroot/etc/rc.local @@ -11,10 +11,13 @@ # # By default this script does nothing. -# Generate the SSH keys if non-existent -test -f /etc/ssh/ssh_host_rsa_key || dpkg-reconfigure openssh-server -# workaround for https://bugs.debian.org/850614 -test -f /etc/ssh/ssh_host_dsa_key || ssh-keygen -q -f /etc/ssh/ssh_host_dsa_key -N '' -t dsa +# Generate the SSH keys if non-existent +if [ ! -f /etc/ssh/ssh_host_rsa_key ] +then + # else ssh service start in dpkg-reconfigure will fail + systemctl stop ssh.socket||true + dpkg-reconfigure openssh-server +fi exit 0 diff --git a/stretch-armhf-blend/customization/includes.chroot/etc/rc.local b/stretch-armhf-blend/customization/includes.chroot/etc/rc.local index bedc8cf..4e613ff 100755 --- a/stretch-armhf-blend/customization/includes.chroot/etc/rc.local +++ b/stretch-armhf-blend/customization/includes.chroot/etc/rc.local @@ -11,7 +11,13 @@ # # By default this script does nothing. + # Generate the SSH keys if non-existent -test -f /etc/ssh/ssh_host_rsa_key || dpkg-reconfigure openssh-server +if [ ! -f /etc/ssh/ssh_host_rsa_key ] +then + # else ssh service start in dpkg-reconfigure will fail + systemctl stop ssh.socket||true + dpkg-reconfigure openssh-server +fi exit 0 diff --git a/stretch-armhf-developer/customization/includes.chroot/etc/rc.local b/stretch-armhf-developer/customization/includes.chroot/etc/rc.local index 1f1d743..4e613ff 100755 --- a/stretch-armhf-developer/customization/includes.chroot/etc/rc.local +++ b/stretch-armhf-developer/customization/includes.chroot/etc/rc.local @@ -11,10 +11,13 @@ # # By default this script does nothing. -# Generate the SSH keys if non-existent -test -f /etc/ssh/ssh_host_rsa_key || dpkg-reconfigure openssh-server -# workaround for https://bugs.debian.org/850614 -test -f /etc/ssh/ssh_host_dsa_key || ssh-keygen -q -f /etc/ssh/ssh_host_dsa_key -N '' -t dsa +# Generate the SSH keys if non-existent +if [ ! -f /etc/ssh/ssh_host_rsa_key ] +then + # else ssh service start in dpkg-reconfigure will fail + systemctl stop ssh.socket||true + dpkg-reconfigure openssh-server +fi exit 0 diff --git a/stretch-armhf-installer/customization/includes.chroot/etc/rc.local b/stretch-armhf-installer/customization/includes.chroot/etc/rc.local index 1f1d743..4e613ff 100755 --- a/stretch-armhf-installer/customization/includes.chroot/etc/rc.local +++ b/stretch-armhf-installer/customization/includes.chroot/etc/rc.local @@ -11,10 +11,13 @@ # # By default this script does nothing. -# Generate the SSH keys if non-existent -test -f /etc/ssh/ssh_host_rsa_key || dpkg-reconfigure openssh-server -# workaround for https://bugs.debian.org/850614 -test -f /etc/ssh/ssh_host_dsa_key || ssh-keygen -q -f /etc/ssh/ssh_host_dsa_key -N '' -t dsa +# Generate the SSH keys if non-existent +if [ ! -f /etc/ssh/ssh_host_rsa_key ] +then + # else ssh service start in dpkg-reconfigure will fail + systemctl stop ssh.socket||true + dpkg-reconfigure openssh-server +fi exit 0 -- cgit v1.2.3