[OE-core] [PATCH] openssh: add After dependencies on nss-user-lookup.target

[Rasmus Villemoes via lists.openembedded.org]

From: Rasmus Villemoes <rasmus.villem...@prevas.dk>

Quoting 'man systemd.special':

  nss-user-lookup.target

    A target that should be used as synchronization point for all
    regular UNIX user/group name service lookups. [...] All services
    for which the availability of the full user/group database is
    essential should be ordered after this target, but not pull it
    in. All services which provide parts of the user/group database
    should be ordered before this target, and pull it in.

When no service providing parts of the user/group database exists and
thus pulls in the nss-user-lookup.target, this added dependency is a
no-op.

However, when such a service does exist, and e.g. modifies /etc/shadow
to change password or enable/disable certain accounts, it is essential
that no ssh connections are accepted until those changes are made.

Signed-off-by: Rasmus Villemoes <rasmus.villem...@prevas.dk>
---
 meta/recipes-connectivity/openssh/openssh/sshd.service | 1 +
 meta/recipes-connectivity/openssh/openssh/sshd.socket  | 1 +
 2 files changed, 2 insertions(+)

diff --git a/meta/recipes-connectivity/openssh/openssh/sshd.service 
b/meta/recipes-connectivity/openssh/openssh/sshd.service
index 2a997b656a..3e570ab1e5 100644
--- a/meta/recipes-connectivity/openssh/openssh/sshd.service
+++ b/meta/recipes-connectivity/openssh/openssh/sshd.service
@@ -2,6 +2,7 @@
 Description=OpenSSH server daemon
 Wants=sshdgenkeys.service
 After=sshdgenkeys.service
+After=nss-user-lookup.target
 
 [Service]
 Environment="SSHD_OPTS="
diff --git a/meta/recipes-connectivity/openssh/openssh/sshd.socket 
b/meta/recipes-connectivity/openssh/openssh/sshd.socket
index 8d76d62309..7dd2ed0626 100644
--- a/meta/recipes-connectivity/openssh/openssh/sshd.socket
+++ b/meta/recipes-connectivity/openssh/openssh/sshd.socket
@@ -1,6 +1,7 @@
 [Unit]
 Conflicts=sshd.service
 Wants=sshdgenkeys.service
+After=nss-user-lookup.target
 
 [Socket]
 ExecStartPre=@BASE_BINDIR@/mkdir -p /var/run/sshd
-- 
2.40.1.1.g1c60b9335d


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#198463): 
https://lists.openembedded.org/g/openembedded-core/message/198463
Mute This Topic: https://lists.openembedded.org/mt/105575252/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-