All of lore.kernel.org
 help / color / mirror / Atom feed
* Disabling sshd is harder than it should be
@ 2019-04-26 13:26 Richard Weinberger
  2019-04-29  7:33 ` ChenQi
  0 siblings, 1 reply; 4+ messages in thread
From: Richard Weinberger @ 2019-04-26 13:26 UTC (permalink / raw)
  To: yocto

My thud based system installs openssh-sshd but I want to have sshd
disabled by default.
So I checked the docs how to disabled a systemd service by default and
found SYSTEMD_AUTO_ENABLE, perfect.

After I put that into my bbappend file I figured that sshd is still
enabled by default.
With one difference, it was no longer present as sshd.socket, but as
sshd.service.
This seemed odd and after another hour I realized that now sshd is
stared as good old sysvinist script. Hmm.

To finally disable sshd by default I had to disable it via systemd
_and_ sysvinit.
Is this really the expected way? :-(

For reference, this is my bbappend file which works:
SYSTEMD_AUTO_ENABLE = "disable"
INITSCRIPT_PARAMS_${PN}-sshd = "remove"

-- 
Thanks,
//richard


^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: Disabling sshd is harder than it should be
  2019-04-26 13:26 Disabling sshd is harder than it should be Richard Weinberger
@ 2019-04-29  7:33 ` ChenQi
  2019-04-29 19:10   ` Richard Weinberger
  0 siblings, 1 reply; 4+ messages in thread
From: ChenQi @ 2019-04-29  7:33 UTC (permalink / raw)
  To: Richard Weinberger, yocto

On 04/26/2019 09:26 PM, Richard Weinberger wrote:
> My thud based system installs openssh-sshd but I want to have sshd
> disabled by default.
> So I checked the docs how to disabled a systemd service by default and
> found SYSTEMD_AUTO_ENABLE, perfect.
>
> After I put that into my bbappend file I figured that sshd is still
> enabled by default.
> With one difference, it was no longer present as sshd.socket, but as
> sshd.service.
> This seemed odd and after another hour I realized that now sshd is
> stared as good old sysvinist script. Hmm.
>
> To finally disable sshd by default I had to disable it via systemd
> _and_ sysvinit.
> Is this really the expected way? :-(
>
> For reference, this is my bbappend file which works:
> SYSTEMD_AUTO_ENABLE = "disable"
> INITSCRIPT_PARAMS_${PN}-sshd = "remove"
>

When selecting systemd as the init manager, the following line is 
recommended.
DISTRO_FEATURES_BACKFILL_CONSIDERED += "sysvinit"
Then you should only need: SYSTEMD_AUTO_ENABLE = "disable"

Best Regards,
Chen Qi


^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: Disabling sshd is harder than it should be
  2019-04-29  7:33 ` ChenQi
@ 2019-04-29 19:10   ` Richard Weinberger
  2019-04-29 21:08     ` Loïc Domaigné
  0 siblings, 1 reply; 4+ messages in thread
From: Richard Weinberger @ 2019-04-29 19:10 UTC (permalink / raw)
  To: ChenQi; +Cc: yocto

On Mon, Apr 29, 2019 at 9:23 AM ChenQi <Qi.Chen@windriver.com> wrote:
> When selecting systemd as the init manager, the following line is
> recommended.
> DISTRO_FEATURES_BACKFILL_CONSIDERED += "sysvinit"
> Then you should only need: SYSTEMD_AUTO_ENABLE = "disable"

Thanks a lot for your suggestion!
But doesn't this line imply that recipes which don't supply systemd servies
files won't work since the init.d scipt fallback will be disabled?

-- 
Thanks,
//richard


^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: Disabling sshd is harder than it should be
  2019-04-29 19:10   ` Richard Weinberger
@ 2019-04-29 21:08     ` Loïc Domaigné
  0 siblings, 0 replies; 4+ messages in thread
From: Loïc Domaigné @ 2019-04-29 21:08 UTC (permalink / raw)
  To: Richard Weinberger, ChenQi; +Cc: yocto

Guten Abend Richard, 

> > When selecting systemd as the init manager, the following line is
> > recommended.
> > DISTRO_FEATURES_BACKFILL_CONSIDERED += "sysvinit"
> > Then you should only need: SYSTEMD_AUTO_ENABLE = "disable"
> 
> Thanks a lot for your suggestion!
> But doesn't this line imply that recipes which don't supply systemd servies
> files won't work since the init.d scipt fallback will be disabled?

As per Mega-manual (section "using systemd Exclusively"):
# switch to systemd init
DISTRO_FEATURES_append = " systemd"
VIRTUAL-RUNTIME_init_manager = "systemd" 

# The next 2 lines:
# -prevent sysvinit of being automatically added to the image (BACKFILL_CONSIDERED), 
# -remove the initscripts from the image (VIRTUAL-RUNTIME_initscripts) 
DISTRO_FEATURES_BACKFILL_CONSIDERED = "sysvinit"
VIRTUAL-RUNTIME_initscripts = ""

Now "pokying around" further in meta/ and meta-poky/, it turns out that that later variable might be what you're looking for. 

As far as I can see, it can be set to:
VIRTUAL-RUNTIME_initscripts = ""
VIRTUAL-RUNTIME_initscripts = "initscripts"
VIRTUAL-RUNTIME_initscripts = "systemd-compat-units"

Also using "+=" operator for BACKFILL_CONSIDERED as suggested by Qi sounds more generic to me than using a plain assignment.

Speaking of which... Additional findings (meta/conf/distro/include/maintainers.inc) let me also think that Qi is simply just the right address for these kind of questions ;-) 

Ah, and yes. If you are moving from sysvinit -> systemd for an existing project, you might need a clean build as DISTRO_FEATURES is changed.

Hope this helps!
Loic.


^ permalink raw reply	[flat|nested] 4+ messages in thread
end of thread, other threads:[~2019-04-29 21:33 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-04-26 13:26 Disabling sshd is harder than it should be Richard Weinberger
2019-04-29  7:33 ` ChenQi
2019-04-29 19:10   ` Richard Weinberger
2019-04-29 21:08     ` Loïc Domaigné

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.