[Buildroot] [PATCH 4/4] package/openssh: add sd socket-activated ssh daemon services
Norbert Lange
nolange79 at gmail.com
Sun Jun 7 21:30:19 UTC 2020
Am So., 7. Juni 2020 um 21:45 Uhr schrieb Norbert Lange <nolange79 at gmail.com>:
>
> Am So., 7. Juni 2020 um 21:32 Uhr schrieb Jérémy ROSEN <jeremy.rosen at smile.fr>:
> >
> >
> >
> > Le dim. 7 juin 2020 à 21:11, Norbert Lange <nolange79 at gmail.com> a écrit :
> >>
> >> Am So., 7. Juni 2020 um 13:07 Uhr schrieb Jérémy ROSEN <jeremy.rosen at smile.fr>:
> >> >
> >> >
> >> >
> >> > Le sam. 6 juin 2020 à 00:59, Norbert Lange <nolange79 at gmail.com> a écrit :
> >> >>
> >> >> Signed-off-by: Norbert Lange <nolange79 at gmail.com>
> >> >> ---
> >> >> package/openssh/openssh.mk | 6 +++---
> >> >> package/openssh/sshd-host-keygen.service | 2 +-
> >> >> package/openssh/sshd.socket | 11 +++++++++++
> >> >> package/openssh/sshd at .service | 10 ++++++++++
> >> >> 4 files changed, 25 insertions(+), 4 deletions(-)
> >> >> create mode 100644 package/openssh/sshd.socket
> >> >> create mode 100644 package/openssh/sshd at .service
> >> >>
> >> >> diff --git a/package/openssh/openssh.mk b/package/openssh/openssh.mk
> >> >> index 6b3ee1f5f4..1f2638e9c9 100644
> >> >> --- a/package/openssh/openssh.mk
> >> >> +++ b/package/openssh/openssh.mk
> >> >> @@ -114,9 +114,9 @@ endef
> >> >> OPENSSH_POST_INSTALL_TARGET_HOOKS += OPENSSH_INSTALL_SERVER_PROGRAMS
> >> >>
> >> >> define OPENSSH_INSTALL_INIT_SYSTEMD
> >> >> - mkdir $(TARGET_DIR)/usr/lib/systemd/system
> >> >> - $(INSTALL) -m 644 package/openssh/sshd*.service \
> >> >> - $(TARGET_DIR)/usr/lib/systemd/system/
> >> >> + mkdir -p $(TARGET_DIR)/usr/lib/systemd/system
> >> >> + $(INSTALL) -m 644 package/openssh/sshd*.service package/openssh/sshd.socket \
> >> >> + $(TARGET_DIR)/usr/lib/systemd/system/.
> >> >> $(OPENSSH_INSTALL_SYSTEMD_SYSUSERS)
> >> >> endef
> >> >>
> >> >> diff --git a/package/openssh/sshd-host-keygen.service b/package/openssh/sshd-host-keygen.service
> >> >> index 058e671c44..ffde622b01 100644
> >> >> --- a/package/openssh/sshd-host-keygen.service
> >> >> +++ b/package/openssh/sshd-host-keygen.service
> >> >> @@ -17,4 +17,4 @@ Type=oneshot
> >> >> RemainAfterExit=yes
> >> >>
> >> >> [Install]
> >> >> -WantedBy=sshd.service
> >> >> +WantedBy=sshd.service sshd.socket
> >> >> diff --git a/package/openssh/sshd.socket b/package/openssh/sshd.socket
> >> >> new file mode 100644
> >> >> index 0000000000..bbae9ed7aa
> >> >> --- /dev/null
> >> >> +++ b/package/openssh/sshd.socket
> >> >> @@ -0,0 +1,11 @@
> >> >> +[Unit]
> >> >> +Description=OpenBSD Secure Shell server socket
> >> >> +Before=sshd.service
> >> >> +Conflicts=sshd.service
> >> >
> >> > No, that would stop the socket when the service is started, and you don't want that.
> >> > If you do that, only one connection would be accepted before the socket is stoped
> >> > and since you have accept=yes no further connections would be accepted
> >>
> >> there is the singular sshd service
> >> and the sshd.socket which spawns sshd@ instance services.
> >> Those are mutually exclusive (because of the "Conflicts"), the
> >> "Before" line just ensures that the sshd.socket wins out by default.
> >>
> >
> > aah right, I messed up sshd.service and sshd at .service in my head.
> > my bad.
> >
> > I personally think we shouldn't install both methods.
> > either choose a distro-wide decision or provide a config option
> >
> > Anyway, I see what you are doing now, and that should work, AFAICT.
> >
> > I still think that it's cool that openssh supports all those startup methods,
> > but I'm not convinced we need to support all of them in BR.
>
> sshd is better for throughput/efficiency if you have alot connections,
>
> the socket option saves memory if you rarely have connections (and is
> actually a simpler service file).
>
> I would support both, but let users pick.
>
> Norbert
How about this option:
config BR2_PACKAGE_OPENSSH_SERVER_SOCKET
bool "server socket"
depends on BR2_INIT_SYSTEMD
help
Systemd socket activation server.
makefile gonna get allota ifdefs, right now it's a bit naive anyway,
as you could pick server and not key_utils and then the services (sys
and systemd) would fail when trying to verify/generate the host keys.
Norbert
More information about the buildroot
mailing list