[PATCH] modules.d: introduce ssh-server module to provide service

[PATCH] modules.d: introduce ssh-server module to provide service

[Pingfan Liu]

When debugging a remote system, sometimes we may experience disk
failure. In this case, it makes debugging very unconformable if
there is no console server to forward the dmesg.
This new module install the sshd-required material in initramfs,
so later, sshd service can be started and let debugger login.

Signed-off-by: Pingfan Liu <piliu-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
---
 95ssh-server/module-setup.sh | 156 +++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 156 insertions(+)
 create mode 100755 95ssh-server/module-setup.sh

diff --git a/95ssh-server/module-setup.sh b/95ssh-server/module-setup.sh
new file mode 100755
index 0000000..65e1453
--- /dev/null
+++ b/95ssh-server/module-setup.sh
@@ -0,0 +1,156 @@
+#!/bin/bash
+# -*- mode: shell-script; indent-tabs-mode: nil; sh-basic-offset: 4; -*-
+# ex: ts=8 sw=4 sts=4 et filetype=sh
+
+# fixme: assume user is root
+
+check() {
+
+    # If our prerequisites are not met, fail.
+    require_binaries sshd || return 1
+}
+
+depends() {
+    # We depend on network modules being loaded
+    echo network
+}
+
+
+copy_pam_conf()
+{
+    inst_simple /etc/pam.d/login
+    inst_simple /etc/pam.d/passwd
+    inst_simple /etc/pam.d/password-auth
+    inst_simple /etc/pam.d/password-auth-ac
+    inst_simple /etc/pam.d/sshd
+    inst_simple /etc/pam.d/sssd-shadowutils
+    inst_simple /etc/pam.d/system-auth
+    inst_simple /etc/pam.d/system-auth-ac
+    inst_simple /etc/pam.d/systemd-user
+    inst_simple /etc/pam.d/postlogin
+    inst_simple /etc/pam.d/postlogin-ac
+    inst_simple /etc/pam.d/remote
+    inst_simple /etc/pam.d/setup
+
+    inst_simple /etc/security/access.conf
+    inst_simple /etc/security/chroot.conf
+    inst_simple /etc/security/console.apps
+    inst_simple /etc/security/console.handlers
+    inst_simple /etc/security/console.perms
+    inst_simple /etc/security/console.perms.d
+    inst_simple /etc/security/group.conf
+    inst_simple /etc/security/limits.conf
+    inst_simple /etc/security/limits.d
+    inst_simple /etc/security/namespace.conf
+    inst_simple /etc/security/namespace.d
+    inst_simple /etc/security/namespace.init
+    inst_simple /etc/security/opasswd
+    inst_simple /etc/security/pam_env.conf
+    inst_simple /etc/security/sepermit.conf
+    inst_simple /etc/security/time.conf
+}
+
+copy_pam_binary()
+{
+    inst_simple /usr/lib64/security/pam_access.so
+    inst_simple /usr/lib64/security/pam_chroot.so
+    inst_simple /usr/lib64/security/pam_console.so
+    inst_simple /usr/lib64/security/pam_cracklib.so
+    inst_simple /usr/lib64/security/pam_debug.so
+    inst_simple /usr/lib64/security/pam_deny.so
+    inst_simple /usr/lib64/security/pam_echo.so
+    inst_simple /usr/lib64/security/pam_env.so
+    inst_simple /usr/lib64/security/pam_exec.so
+    inst_simple /usr/lib64/security/pam_faildelay.so
+    inst_simple /usr/lib64/security/pam_faillock.so
+    inst_simple /usr/lib64/security/pam_filter
+    inst_simple /usr/lib64/security/pam_filter.so
+    inst_simple /usr/lib64/security/pam_filter/upperLOWER
+    inst_simple /usr/lib64/security/pam_ftp.so
+    inst_simple /usr/lib64/security/pam_group.so
+    inst_simple /usr/lib64/security/pam_issue.so
+    inst_simple /usr/lib64/security/pam_keyinit.so
+    inst_simple /usr/lib64/security/pam_lastlog.so
+    inst_simple /usr/lib64/security/pam_limits.so
+    inst_simple /usr/lib64/security/pam_listfile.so
+    inst_simple /usr/lib64/security/pam_localuser.so
+    inst_simple /usr/lib64/security/pam_loginuid.so
+    inst_simple /usr/lib64/security/pam_mail.so
+    inst_simple /usr/lib64/security/pam_mkhomedir.so
+    inst_simple /usr/lib64/security/pam_motd.so
+    inst_simple /usr/lib64/security/pam_namespace.so
+    inst_simple /usr/lib64/security/pam_nologin.so
+    inst_simple /usr/lib64/security/pam_permit.so
+    inst_simple /usr/lib64/security/pam_postgresok.so
+    inst_simple /usr/lib64/security/pam_pwhistory.so
+    inst_simple /usr/lib64/security/pam_rhosts.so
+    inst_simple /usr/lib64/security/pam_rootok.so
+    inst_simple /usr/lib64/security/pam_securetty.so
+    inst_simple /usr/lib64/security/pam_selinux.so
+    inst_simple /usr/lib64/security/pam_selinux_permit.so
+    inst_simple /usr/lib64/security/pam_sepermit.so
+    inst_simple /usr/lib64/security/pam_shells.so
+    inst_simple /usr/lib64/security/pam_stress.so
+    inst_simple /usr/lib64/security/pam_succeed_if.so
+    inst_simple /usr/lib64/security/pam_tally2.so
+    inst_simple /usr/lib64/security/pam_time.so
+    inst_simple /usr/lib64/security/pam_timestamp.so
+    inst_simple /usr/lib64/security/pam_tty_audit.so
+    inst_simple /usr/lib64/security/pam_umask.so
+    inst_simple /usr/lib64/security/pam_unix.so
+    inst_simple /usr/lib64/security/pam_unix_acct.so
+    inst_simple /usr/lib64/security/pam_unix_auth.so
+    inst_simple /usr/lib64/security/pam_unix_passwd.so
+    inst_simple /usr/lib64/security/pam_unix_session.so
+    inst_simple /usr/lib64/security/pam_userdb.so
+    inst_simple /usr/lib64/security/pam_warn.so
+    inst_simple /usr/lib64/security/pam_wheel.so
+    inst_simple /usr/lib64/security/pam_xauth.so
+    inst_simple /usr/sbin/faillock
+    inst_simple /usr/sbin/mkhomedir_helper
+    inst_simple /usr/sbin/pam_console_apply
+    inst_simple /usr/sbin/pam_tally2
+    inst_simple /usr/sbin/pam_timestamp_check
+    inst_simple /usr/sbin/pwhistory_helper
+    inst_simple /usr/sbin/unix_chkpwd
+    inst_simple /usr/sbin/unix_update
+}
+
+
+inst_pam()
+{
+    copy_pam_binary
+    copy_pam_conf
+}
+
+inst_sshd()
+{
+    inst_simple /usr/sbin/sshd
+    inst_simple /usr/libexec/openssh/sshd-keygen
+    inst_simple /etc/ssh/sshd_config
+    inst_simple /etc/ssh/ssh_host_rsa_key.pub
+    inst_simple /etc/ssh/ssh_host_rsa_key
+    inst_simple /etc/ssh/ssh_host_ecdsa_key
+    inst_simple /etc/ssh/ssh_host_ecdsa_key.pub
+    inst_simple /etc/ssh/ssh_host_ed25519_key
+    inst_simple /etc/ssh/ssh_host_ed25519_key.pub
+    inst_dir /var/empty/sshd
+    grep -E '^sshd:' /etc/passwd >> "$initdir/etc/passwd"
+    grep -E '^sshd:' /etc/group >> "$initdir/etc/group"
+    grep -E '^root:' /etc/passwd >> "$initdir/etc/passwd"
+    grep -E '^root:' /etc/group >> "$initdir/etc/group"
+    grep -E '^root:' /etc/shadow >> "$initdir/etc/shadow"
+    inst_simple   /root/.ssh/authorized_keys 
+    chmod 600 -R ${initdir}/etc/ssh/
+    inst_simple /etc/sysconfig/sshd
+    inst_simple /usr/lib/systemd/system/sshd-keygen@.service
+    inst_simple /usr/lib/systemd/system/sshd-keygen.target
+    inst_simple /usr/lib/systemd/system/sshd.service
+    inst_simple /usr/lib/systemd/system/sshd@.service
+    inst_simple /usr/lib/systemd/system/sshd.socket
+}
+
+install() {
+    inst_sshd
+    inst_pam
+}
-- 
2.7.4

Re: [PATCH] modules.d: introduce ssh-server module to provide service

[Dracut GitHub Import Bot]

Patchset imported to github.
Pull request:
<https://github.com/dracutdevs/dracut/compare/master...dracut-mailing-devs:1495593594-26460-1-git-send-email-piliu%40redhat.com>

Re: [PATCH] modules.d: introduce ssh-server module to provide service

[Dave Young]

Hi Pingfan,
On 05/24/17 at 10:39am, Pingfan Liu wrote:
> When debugging a remote system, sometimes we may experience disk
> failure. In this case, it makes debugging very unconformable if
> there is no console server to forward the dmesg.
> This new module install the sshd-required material in initramfs,
> so later, sshd service can be started and let debugger login.

There is a Fedora bug below:
https://bugzilla.redhat.com/show_bug.cgi?id=524727

Also there is a dropbear solution here, maybe you can compare with that
solution see which one is better, dropbear seems using small memory but
openssh is more popular.

> 
> Signed-off-by: Pingfan Liu <piliu-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
> ---
>  95ssh-server/module-setup.sh | 156 +++++++++++++++++++++++++++++++++++++++++++
>  1 file changed, 156 insertions(+)
>  create mode 100755 95ssh-server/module-setup.sh
> 
> diff --git a/95ssh-server/module-setup.sh b/95ssh-server/module-setup.sh
> new file mode 100755
> index 0000000..65e1453
> --- /dev/null
> +++ b/95ssh-server/module-setup.sh
> @@ -0,0 +1,156 @@
> +#!/bin/bash
> +# -*- mode: shell-script; indent-tabs-mode: nil; sh-basic-offset: 4; -*-
> +# ex: ts=8 sw=4 sts=4 et filetype=sh
> +
> +# fixme: assume user is root
> +
> +check() {
> +
> +    # If our prerequisites are not met, fail.
> +    require_binaries sshd || return 1
> +}
> +
> +depends() {
> +    # We depend on network modules being loaded
> +    echo network
> +}
> +
> +
> +copy_pam_conf()
> +{
> +    inst_simple /etc/pam.d/login
> +    inst_simple /etc/pam.d/passwd
> +    inst_simple /etc/pam.d/password-auth
> +    inst_simple /etc/pam.d/password-auth-ac
> +    inst_simple /etc/pam.d/sshd
> +    inst_simple /etc/pam.d/sssd-shadowutils
> +    inst_simple /etc/pam.d/system-auth
> +    inst_simple /etc/pam.d/system-auth-ac
> +    inst_simple /etc/pam.d/systemd-user
> +    inst_simple /etc/pam.d/postlogin
> +    inst_simple /etc/pam.d/postlogin-ac
> +    inst_simple /etc/pam.d/remote
> +    inst_simple /etc/pam.d/setup
> +
> +    inst_simple /etc/security/access.conf
> +    inst_simple /etc/security/chroot.conf
> +    inst_simple /etc/security/console.apps
> +    inst_simple /etc/security/console.handlers
> +    inst_simple /etc/security/console.perms
> +    inst_simple /etc/security/console.perms.d
> +    inst_simple /etc/security/group.conf
> +    inst_simple /etc/security/limits.conf
> +    inst_simple /etc/security/limits.d
> +    inst_simple /etc/security/namespace.conf
> +    inst_simple /etc/security/namespace.d
> +    inst_simple /etc/security/namespace.init
> +    inst_simple /etc/security/opasswd
> +    inst_simple /etc/security/pam_env.conf
> +    inst_simple /etc/security/sepermit.conf
> +    inst_simple /etc/security/time.conf
> +}
> +
> +copy_pam_binary()
> +{
> +    inst_simple /usr/lib64/security/pam_access.so
> +    inst_simple /usr/lib64/security/pam_chroot.so
> +    inst_simple /usr/lib64/security/pam_console.so
> +    inst_simple /usr/lib64/security/pam_cracklib.so
> +    inst_simple /usr/lib64/security/pam_debug.so
> +    inst_simple /usr/lib64/security/pam_deny.so
> +    inst_simple /usr/lib64/security/pam_echo.so
> +    inst_simple /usr/lib64/security/pam_env.so
> +    inst_simple /usr/lib64/security/pam_exec.so
> +    inst_simple /usr/lib64/security/pam_faildelay.so
> +    inst_simple /usr/lib64/security/pam_faillock.so
> +    inst_simple /usr/lib64/security/pam_filter
> +    inst_simple /usr/lib64/security/pam_filter.so
> +    inst_simple /usr/lib64/security/pam_filter/upperLOWER
> +    inst_simple /usr/lib64/security/pam_ftp.so
> +    inst_simple /usr/lib64/security/pam_group.so
> +    inst_simple /usr/lib64/security/pam_issue.so
> +    inst_simple /usr/lib64/security/pam_keyinit.so
> +    inst_simple /usr/lib64/security/pam_lastlog.so
> +    inst_simple /usr/lib64/security/pam_limits.so
> +    inst_simple /usr/lib64/security/pam_listfile.so
> +    inst_simple /usr/lib64/security/pam_localuser.so
> +    inst_simple /usr/lib64/security/pam_loginuid.so
> +    inst_simple /usr/lib64/security/pam_mail.so
> +    inst_simple /usr/lib64/security/pam_mkhomedir.so
> +    inst_simple /usr/lib64/security/pam_motd.so
> +    inst_simple /usr/lib64/security/pam_namespace.so
> +    inst_simple /usr/lib64/security/pam_nologin.so
> +    inst_simple /usr/lib64/security/pam_permit.so
> +    inst_simple /usr/lib64/security/pam_postgresok.so
> +    inst_simple /usr/lib64/security/pam_pwhistory.so
> +    inst_simple /usr/lib64/security/pam_rhosts.so
> +    inst_simple /usr/lib64/security/pam_rootok.so
> +    inst_simple /usr/lib64/security/pam_securetty.so
> +    inst_simple /usr/lib64/security/pam_selinux.so
> +    inst_simple /usr/lib64/security/pam_selinux_permit.so
> +    inst_simple /usr/lib64/security/pam_sepermit.so
> +    inst_simple /usr/lib64/security/pam_shells.so
> +    inst_simple /usr/lib64/security/pam_stress.so
> +    inst_simple /usr/lib64/security/pam_succeed_if.so
> +    inst_simple /usr/lib64/security/pam_tally2.so
> +    inst_simple /usr/lib64/security/pam_time.so
> +    inst_simple /usr/lib64/security/pam_timestamp.so
> +    inst_simple /usr/lib64/security/pam_tty_audit.so
> +    inst_simple /usr/lib64/security/pam_umask.so
> +    inst_simple /usr/lib64/security/pam_unix.so
> +    inst_simple /usr/lib64/security/pam_unix_acct.so
> +    inst_simple /usr/lib64/security/pam_unix_auth.so
> +    inst_simple /usr/lib64/security/pam_unix_passwd.so
> +    inst_simple /usr/lib64/security/pam_unix_session.so
> +    inst_simple /usr/lib64/security/pam_userdb.so
> +    inst_simple /usr/lib64/security/pam_warn.so
> +    inst_simple /usr/lib64/security/pam_wheel.so
> +    inst_simple /usr/lib64/security/pam_xauth.so
> +    inst_simple /usr/sbin/faillock
> +    inst_simple /usr/sbin/mkhomedir_helper
> +    inst_simple /usr/sbin/pam_console_apply
> +    inst_simple /usr/sbin/pam_tally2
> +    inst_simple /usr/sbin/pam_timestamp_check
> +    inst_simple /usr/sbin/pwhistory_helper
> +    inst_simple /usr/sbin/unix_chkpwd
> +    inst_simple /usr/sbin/unix_update
> +}
> +
> +
> +inst_pam()
> +{
> +    copy_pam_binary
> +    copy_pam_conf
> +}
> +
> +inst_sshd()
> +{
> +    inst_simple /usr/sbin/sshd
> +    inst_simple /usr/libexec/openssh/sshd-keygen
> +    inst_simple /etc/ssh/sshd_config
> +    inst_simple /etc/ssh/ssh_host_rsa_key.pub
> +    inst_simple /etc/ssh/ssh_host_rsa_key
> +    inst_simple /etc/ssh/ssh_host_ecdsa_key
> +    inst_simple /etc/ssh/ssh_host_ecdsa_key.pub
> +    inst_simple /etc/ssh/ssh_host_ed25519_key
> +    inst_simple /etc/ssh/ssh_host_ed25519_key.pub
> +    inst_dir /var/empty/sshd
> +    grep -E '^sshd:' /etc/passwd >> "$initdir/etc/passwd"
> +    grep -E '^sshd:' /etc/group >> "$initdir/etc/group"
> +    grep -E '^root:' /etc/passwd >> "$initdir/etc/passwd"
> +    grep -E '^root:' /etc/group >> "$initdir/etc/group"
> +    grep -E '^root:' /etc/shadow >> "$initdir/etc/shadow"
> +    inst_simple   /root/.ssh/authorized_keys 
> +    chmod 600 -R ${initdir}/etc/ssh/
> +    inst_simple /etc/sysconfig/sshd
> +    inst_simple /usr/lib/systemd/system/sshd-keygen@.service
> +    inst_simple /usr/lib/systemd/system/sshd-keygen.target
> +    inst_simple /usr/lib/systemd/system/sshd.service
> +    inst_simple /usr/lib/systemd/system/sshd@.service
> +    inst_simple /usr/lib/systemd/system/sshd.socket
> +}
> +
> +install() {
> +    inst_sshd
> +    inst_pam
> +}
> -- 
> 2.7.4
> 
> --
> To unsubscribe from this list: send the line "unsubscribe initramfs" in
> the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH] modules.d: introduce ssh-server module to provide service

[Pingfan Liu]

----- Original Message -----
> From: "Dave Young" <dyoung-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
> To: "Pingfan Liu" <piliu-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
> Cc: initramfs-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, kernelfans-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org
> Sent: Friday, May 26, 2017 11:23:30 AM
> Subject: Re: [PATCH] modules.d: introduce ssh-server module to provide service
> 
> Hi Pingfan,
> On 05/24/17 at 10:39am, Pingfan Liu wrote:
> > When debugging a remote system, sometimes we may experience disk
> > failure. In this case, it makes debugging very unconformable if
> > there is no console server to forward the dmesg.
> > This new module install the sshd-required material in initramfs,
> > so later, sshd service can be started and let debugger login.
> 
> There is a Fedora bug below:
> https://bugzilla.redhat.com/show_bug.cgi?id=524727
> 
> Also there is a dropbear solution here, maybe you can compare with that
> solution see which one is better, dropbear seems using small memory but
> openssh is more popular.
> 
Yeah, that is a good solution. But it is a pity that it has not been accepted.
It will be great helpful when debugging drivers etc

Thanks,
Pingfan
> > 
> > Signed-off-by: Pingfan Liu <piliu-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
> > ---
> >  95ssh-server/module-setup.sh | 156
> >  +++++++++++++++++++++++++++++++++++++++++++
> >  1 file changed, 156 insertions(+)
> >  create mode 100755 95ssh-server/module-setup.sh
> > 
> > diff --git a/95ssh-server/module-setup.sh b/95ssh-server/module-setup.sh
> > new file mode 100755
> > index 0000000..65e1453
> > --- /dev/null
> > +++ b/95ssh-server/module-setup.sh
> > @@ -0,0 +1,156 @@
> > +#!/bin/bash
> > +# -*- mode: shell-script; indent-tabs-mode: nil; sh-basic-offset: 4; -*-
> > +# ex: ts=8 sw=4 sts=4 et filetype=sh
> > +
> > +# fixme: assume user is root
> > +
> > +check() {
> > +
> > +    # If our prerequisites are not met, fail.
> > +    require_binaries sshd || return 1
> > +}
> > +
> > +depends() {
> > +    # We depend on network modules being loaded
> > +    echo network
> > +}
> > +
> > +
> > +copy_pam_conf()
> > +{
> > +    inst_simple /etc/pam.d/login
> > +    inst_simple /etc/pam.d/passwd
> > +    inst_simple /etc/pam.d/password-auth
> > +    inst_simple /etc/pam.d/password-auth-ac
> > +    inst_simple /etc/pam.d/sshd
> > +    inst_simple /etc/pam.d/sssd-shadowutils
> > +    inst_simple /etc/pam.d/system-auth
> > +    inst_simple /etc/pam.d/system-auth-ac
> > +    inst_simple /etc/pam.d/systemd-user
> > +    inst_simple /etc/pam.d/postlogin
> > +    inst_simple /etc/pam.d/postlogin-ac
> > +    inst_simple /etc/pam.d/remote
> > +    inst_simple /etc/pam.d/setup
> > +
> > +    inst_simple /etc/security/access.conf
> > +    inst_simple /etc/security/chroot.conf
> > +    inst_simple /etc/security/console.apps
> > +    inst_simple /etc/security/console.handlers
> > +    inst_simple /etc/security/console.perms
> > +    inst_simple /etc/security/console.perms.d
> > +    inst_simple /etc/security/group.conf
> > +    inst_simple /etc/security/limits.conf
> > +    inst_simple /etc/security/limits.d
> > +    inst_simple /etc/security/namespace.conf
> > +    inst_simple /etc/security/namespace.d
> > +    inst_simple /etc/security/namespace.init
> > +    inst_simple /etc/security/opasswd
> > +    inst_simple /etc/security/pam_env.conf
> > +    inst_simple /etc/security/sepermit.conf
> > +    inst_simple /etc/security/time.conf
> > +}
> > +
> > +copy_pam_binary()
> > +{
> > +    inst_simple /usr/lib64/security/pam_access.so
> > +    inst_simple /usr/lib64/security/pam_chroot.so
> > +    inst_simple /usr/lib64/security/pam_console.so
> > +    inst_simple /usr/lib64/security/pam_cracklib.so
> > +    inst_simple /usr/lib64/security/pam_debug.so
> > +    inst_simple /usr/lib64/security/pam_deny.so
> > +    inst_simple /usr/lib64/security/pam_echo.so
> > +    inst_simple /usr/lib64/security/pam_env.so
> > +    inst_simple /usr/lib64/security/pam_exec.so
> > +    inst_simple /usr/lib64/security/pam_faildelay.so
> > +    inst_simple /usr/lib64/security/pam_faillock.so
> > +    inst_simple /usr/lib64/security/pam_filter
> > +    inst_simple /usr/lib64/security/pam_filter.so
> > +    inst_simple /usr/lib64/security/pam_filter/upperLOWER
> > +    inst_simple /usr/lib64/security/pam_ftp.so
> > +    inst_simple /usr/lib64/security/pam_group.so
> > +    inst_simple /usr/lib64/security/pam_issue.so
> > +    inst_simple /usr/lib64/security/pam_keyinit.so
> > +    inst_simple /usr/lib64/security/pam_lastlog.so
> > +    inst_simple /usr/lib64/security/pam_limits.so
> > +    inst_simple /usr/lib64/security/pam_listfile.so
> > +    inst_simple /usr/lib64/security/pam_localuser.so
> > +    inst_simple /usr/lib64/security/pam_loginuid.so
> > +    inst_simple /usr/lib64/security/pam_mail.so
> > +    inst_simple /usr/lib64/security/pam_mkhomedir.so
> > +    inst_simple /usr/lib64/security/pam_motd.so
> > +    inst_simple /usr/lib64/security/pam_namespace.so
> > +    inst_simple /usr/lib64/security/pam_nologin.so
> > +    inst_simple /usr/lib64/security/pam_permit.so
> > +    inst_simple /usr/lib64/security/pam_postgresok.so
> > +    inst_simple /usr/lib64/security/pam_pwhistory.so
> > +    inst_simple /usr/lib64/security/pam_rhosts.so
> > +    inst_simple /usr/lib64/security/pam_rootok.so
> > +    inst_simple /usr/lib64/security/pam_securetty.so
> > +    inst_simple /usr/lib64/security/pam_selinux.so
> > +    inst_simple /usr/lib64/security/pam_selinux_permit.so
> > +    inst_simple /usr/lib64/security/pam_sepermit.so
> > +    inst_simple /usr/lib64/security/pam_shells.so
> > +    inst_simple /usr/lib64/security/pam_stress.so
> > +    inst_simple /usr/lib64/security/pam_succeed_if.so
> > +    inst_simple /usr/lib64/security/pam_tally2.so
> > +    inst_simple /usr/lib64/security/pam_time.so
> > +    inst_simple /usr/lib64/security/pam_timestamp.so
> > +    inst_simple /usr/lib64/security/pam_tty_audit.so
> > +    inst_simple /usr/lib64/security/pam_umask.so
> > +    inst_simple /usr/lib64/security/pam_unix.so
> > +    inst_simple /usr/lib64/security/pam_unix_acct.so
> > +    inst_simple /usr/lib64/security/pam_unix_auth.so
> > +    inst_simple /usr/lib64/security/pam_unix_passwd.so
> > +    inst_simple /usr/lib64/security/pam_unix_session.so
> > +    inst_simple /usr/lib64/security/pam_userdb.so
> > +    inst_simple /usr/lib64/security/pam_warn.so
> > +    inst_simple /usr/lib64/security/pam_wheel.so
> > +    inst_simple /usr/lib64/security/pam_xauth.so
> > +    inst_simple /usr/sbin/faillock
> > +    inst_simple /usr/sbin/mkhomedir_helper
> > +    inst_simple /usr/sbin/pam_console_apply
> > +    inst_simple /usr/sbin/pam_tally2
> > +    inst_simple /usr/sbin/pam_timestamp_check
> > +    inst_simple /usr/sbin/pwhistory_helper
> > +    inst_simple /usr/sbin/unix_chkpwd
> > +    inst_simple /usr/sbin/unix_update
> > +}
> > +
> > +
> > +inst_pam()
> > +{
> > +    copy_pam_binary
> > +    copy_pam_conf
> > +}
> > +
> > +inst_sshd()
> > +{
> > +    inst_simple /usr/sbin/sshd
> > +    inst_simple /usr/libexec/openssh/sshd-keygen
> > +    inst_simple /etc/ssh/sshd_config
> > +    inst_simple /etc/ssh/ssh_host_rsa_key.pub
> > +    inst_simple /etc/ssh/ssh_host_rsa_key
> > +    inst_simple /etc/ssh/ssh_host_ecdsa_key
> > +    inst_simple /etc/ssh/ssh_host_ecdsa_key.pub
> > +    inst_simple /etc/ssh/ssh_host_ed25519_key
> > +    inst_simple /etc/ssh/ssh_host_ed25519_key.pub
> > +    inst_dir /var/empty/sshd
> > +    grep -E '^sshd:' /etc/passwd >> "$initdir/etc/passwd"
> > +    grep -E '^sshd:' /etc/group >> "$initdir/etc/group"
> > +    grep -E '^root:' /etc/passwd >> "$initdir/etc/passwd"
> > +    grep -E '^root:' /etc/group >> "$initdir/etc/group"
> > +    grep -E '^root:' /etc/shadow >> "$initdir/etc/shadow"
> > +    inst_simple   /root/.ssh/authorized_keys
> > +    chmod 600 -R ${initdir}/etc/ssh/
> > +    inst_simple /etc/sysconfig/sshd
> > +    inst_simple /usr/lib/systemd/system/sshd-keygen@.service
> > +    inst_simple /usr/lib/systemd/system/sshd-keygen.target
> > +    inst_simple /usr/lib/systemd/system/sshd.service
> > +    inst_simple /usr/lib/systemd/system/sshd@.service
> > +    inst_simple /usr/lib/systemd/system/sshd.socket
> > +}
> > +
> > +install() {
> > +    inst_sshd
> > +    inst_pam
> > +}
> > --
> > 2.7.4
> > 
> > --
> > To unsubscribe from this list: send the line "unsubscribe initramfs" in
> > the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
> > More majordomo info at  http://vger.kernel.org/majordomo-info.html
> 

Re: [PATCH] modules.d: introduce ssh-server module to provide service

[Liu ping fan]

Hi Harald, what is your opinion of such functionality?

Thanks and regards,
Pingfan

On Wed, May 24, 2017 at 10:39 AM, Pingfan Liu <piliu-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org> wrote:
> When debugging a remote system, sometimes we may experience disk
> failure. In this case, it makes debugging very unconformable if
> there is no console server to forward the dmesg.
> This new module install the sshd-required material in initramfs,
> so later, sshd service can be started and let debugger login.
>
> Signed-off-by: Pingfan Liu <piliu-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
> ---
>  95ssh-server/module-setup.sh | 156 +++++++++++++++++++++++++++++++++++++++++++
>  1 file changed, 156 insertions(+)
>  create mode 100755 95ssh-server/module-setup.sh
>
> diff --git a/95ssh-server/module-setup.sh b/95ssh-server/module-setup.sh
> new file mode 100755
> index 0000000..65e1453
> --- /dev/null
> +++ b/95ssh-server/module-setup.sh
> @@ -0,0 +1,156 @@
> +#!/bin/bash
> +# -*- mode: shell-script; indent-tabs-mode: nil; sh-basic-offset: 4; -*-
> +# ex: ts=8 sw=4 sts=4 et filetype=sh
> +
> +# fixme: assume user is root
> +
> +check() {
> +
> +    # If our prerequisites are not met, fail.
> +    require_binaries sshd || return 1
> +}
> +
> +depends() {
> +    # We depend on network modules being loaded
> +    echo network
> +}
> +
> +
> +copy_pam_conf()
> +{
> +    inst_simple /etc/pam.d/login
> +    inst_simple /etc/pam.d/passwd
> +    inst_simple /etc/pam.d/password-auth
> +    inst_simple /etc/pam.d/password-auth-ac
> +    inst_simple /etc/pam.d/sshd
> +    inst_simple /etc/pam.d/sssd-shadowutils
> +    inst_simple /etc/pam.d/system-auth
> +    inst_simple /etc/pam.d/system-auth-ac
> +    inst_simple /etc/pam.d/systemd-user
> +    inst_simple /etc/pam.d/postlogin
> +    inst_simple /etc/pam.d/postlogin-ac
> +    inst_simple /etc/pam.d/remote
> +    inst_simple /etc/pam.d/setup
> +
> +    inst_simple /etc/security/access.conf
> +    inst_simple /etc/security/chroot.conf
> +    inst_simple /etc/security/console.apps
> +    inst_simple /etc/security/console.handlers
> +    inst_simple /etc/security/console.perms
> +    inst_simple /etc/security/console.perms.d
> +    inst_simple /etc/security/group.conf
> +    inst_simple /etc/security/limits.conf
> +    inst_simple /etc/security/limits.d
> +    inst_simple /etc/security/namespace.conf
> +    inst_simple /etc/security/namespace.d
> +    inst_simple /etc/security/namespace.init
> +    inst_simple /etc/security/opasswd
> +    inst_simple /etc/security/pam_env.conf
> +    inst_simple /etc/security/sepermit.conf
> +    inst_simple /etc/security/time.conf
> +}
> +
> +copy_pam_binary()
> +{
> +    inst_simple /usr/lib64/security/pam_access.so
> +    inst_simple /usr/lib64/security/pam_chroot.so
> +    inst_simple /usr/lib64/security/pam_console.so
> +    inst_simple /usr/lib64/security/pam_cracklib.so
> +    inst_simple /usr/lib64/security/pam_debug.so
> +    inst_simple /usr/lib64/security/pam_deny.so
> +    inst_simple /usr/lib64/security/pam_echo.so
> +    inst_simple /usr/lib64/security/pam_env.so
> +    inst_simple /usr/lib64/security/pam_exec.so
> +    inst_simple /usr/lib64/security/pam_faildelay.so
> +    inst_simple /usr/lib64/security/pam_faillock.so
> +    inst_simple /usr/lib64/security/pam_filter
> +    inst_simple /usr/lib64/security/pam_filter.so
> +    inst_simple /usr/lib64/security/pam_filter/upperLOWER
> +    inst_simple /usr/lib64/security/pam_ftp.so
> +    inst_simple /usr/lib64/security/pam_group.so
> +    inst_simple /usr/lib64/security/pam_issue.so
> +    inst_simple /usr/lib64/security/pam_keyinit.so
> +    inst_simple /usr/lib64/security/pam_lastlog.so
> +    inst_simple /usr/lib64/security/pam_limits.so
> +    inst_simple /usr/lib64/security/pam_listfile.so
> +    inst_simple /usr/lib64/security/pam_localuser.so
> +    inst_simple /usr/lib64/security/pam_loginuid.so
> +    inst_simple /usr/lib64/security/pam_mail.so
> +    inst_simple /usr/lib64/security/pam_mkhomedir.so
> +    inst_simple /usr/lib64/security/pam_motd.so
> +    inst_simple /usr/lib64/security/pam_namespace.so
> +    inst_simple /usr/lib64/security/pam_nologin.so
> +    inst_simple /usr/lib64/security/pam_permit.so
> +    inst_simple /usr/lib64/security/pam_postgresok.so
> +    inst_simple /usr/lib64/security/pam_pwhistory.so
> +    inst_simple /usr/lib64/security/pam_rhosts.so
> +    inst_simple /usr/lib64/security/pam_rootok.so
> +    inst_simple /usr/lib64/security/pam_securetty.so
> +    inst_simple /usr/lib64/security/pam_selinux.so
> +    inst_simple /usr/lib64/security/pam_selinux_permit.so
> +    inst_simple /usr/lib64/security/pam_sepermit.so
> +    inst_simple /usr/lib64/security/pam_shells.so
> +    inst_simple /usr/lib64/security/pam_stress.so
> +    inst_simple /usr/lib64/security/pam_succeed_if.so
> +    inst_simple /usr/lib64/security/pam_tally2.so
> +    inst_simple /usr/lib64/security/pam_time.so
> +    inst_simple /usr/lib64/security/pam_timestamp.so
> +    inst_simple /usr/lib64/security/pam_tty_audit.so
> +    inst_simple /usr/lib64/security/pam_umask.so
> +    inst_simple /usr/lib64/security/pam_unix.so
> +    inst_simple /usr/lib64/security/pam_unix_acct.so
> +    inst_simple /usr/lib64/security/pam_unix_auth.so
> +    inst_simple /usr/lib64/security/pam_unix_passwd.so
> +    inst_simple /usr/lib64/security/pam_unix_session.so
> +    inst_simple /usr/lib64/security/pam_userdb.so
> +    inst_simple /usr/lib64/security/pam_warn.so
> +    inst_simple /usr/lib64/security/pam_wheel.so
> +    inst_simple /usr/lib64/security/pam_xauth.so
> +    inst_simple /usr/sbin/faillock
> +    inst_simple /usr/sbin/mkhomedir_helper
> +    inst_simple /usr/sbin/pam_console_apply
> +    inst_simple /usr/sbin/pam_tally2
> +    inst_simple /usr/sbin/pam_timestamp_check
> +    inst_simple /usr/sbin/pwhistory_helper
> +    inst_simple /usr/sbin/unix_chkpwd
> +    inst_simple /usr/sbin/unix_update
> +}
> +
> +
> +inst_pam()
> +{
> +    copy_pam_binary
> +    copy_pam_conf
> +}
> +
> +inst_sshd()
> +{
> +    inst_simple /usr/sbin/sshd
> +    inst_simple /usr/libexec/openssh/sshd-keygen
> +    inst_simple /etc/ssh/sshd_config
> +    inst_simple /etc/ssh/ssh_host_rsa_key.pub
> +    inst_simple /etc/ssh/ssh_host_rsa_key
> +    inst_simple /etc/ssh/ssh_host_ecdsa_key
> +    inst_simple /etc/ssh/ssh_host_ecdsa_key.pub
> +    inst_simple /etc/ssh/ssh_host_ed25519_key
> +    inst_simple /etc/ssh/ssh_host_ed25519_key.pub
> +    inst_dir /var/empty/sshd
> +    grep -E '^sshd:' /etc/passwd >> "$initdir/etc/passwd"
> +    grep -E '^sshd:' /etc/group >> "$initdir/etc/group"
> +    grep -E '^root:' /etc/passwd >> "$initdir/etc/passwd"
> +    grep -E '^root:' /etc/group >> "$initdir/etc/group"
> +    grep -E '^root:' /etc/shadow >> "$initdir/etc/shadow"
> +    inst_simple   /root/.ssh/authorized_keys
> +    chmod 600 -R ${initdir}/etc/ssh/
> +    inst_simple /etc/sysconfig/sshd
> +    inst_simple /usr/lib/systemd/system/sshd-keygen@.service
> +    inst_simple /usr/lib/systemd/system/sshd-keygen.target
> +    inst_simple /usr/lib/systemd/system/sshd.service
> +    inst_simple /usr/lib/systemd/system/sshd@.service
> +    inst_simple /usr/lib/systemd/system/sshd.socket
> +}
> +
> +install() {
> +    inst_sshd
> +    inst_pam
> +}
> --
> 2.7.4
>

Re: [PATCH] modules.d: introduce ssh-server module to provide service

[Harald Hoyer]

On 12.06.2017 07:47, Liu ping fan wrote:
> Hi Harald, what is your opinion of such functionality?

yeah, nice, but some issues:

1) "inst" should be used instead of "inst_simple" for executables and *.so
2) That is a long hardcoded list of dependencies. Are they all needed?
3) The module should probably be renamed to rhel-7-ssh-server or a similar name
   to reflect, that it is most likely only working on this distribution variant
4) Does it have to be shipped in upstream dracut? Looks like this can live totally
   fine in a project, which lives outside of dracut.

> 
> Thanks and regards,
> Pingfan
> 
> On Wed, May 24, 2017 at 10:39 AM, Pingfan Liu <piliu-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org> wrote:
>> When debugging a remote system, sometimes we may experience disk
>> failure. In this case, it makes debugging very unconformable if
>> there is no console server to forward the dmesg.
>> This new module install the sshd-required material in initramfs,
>> so later, sshd service can be started and let debugger login.
>>
>> Signed-off-by: Pingfan Liu <piliu-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
>> ---
>>  95ssh-server/module-setup.sh | 156 +++++++++++++++++++++++++++++++++++++++++++
>>  1 file changed, 156 insertions(+)
>>  create mode 100755 95ssh-server/module-setup.sh
>>
>> diff --git a/95ssh-server/module-setup.sh b/95ssh-server/module-setup.sh
>> new file mode 100755
>> index 0000000..65e1453
>> --- /dev/null
>> +++ b/95ssh-server/module-setup.sh
>> @@ -0,0 +1,156 @@
>> +#!/bin/bash
>> +# -*- mode: shell-script; indent-tabs-mode: nil; sh-basic-offset: 4; -*-
>> +# ex: ts=8 sw=4 sts=4 et filetype=sh
>> +
>> +# fixme: assume user is root
>> +
>> +check() {
>> +
>> +    # If our prerequisites are not met, fail.
>> +    require_binaries sshd || return 1
>> +}
>> +
>> +depends() {
>> +    # We depend on network modules being loaded
>> +    echo network
>> +}
>> +
>> +
>> +copy_pam_conf()
>> +{
>> +    inst_simple /etc/pam.d/login
>> +    inst_simple /etc/pam.d/passwd
>> +    inst_simple /etc/pam.d/password-auth
>> +    inst_simple /etc/pam.d/password-auth-ac
>> +    inst_simple /etc/pam.d/sshd
>> +    inst_simple /etc/pam.d/sssd-shadowutils
>> +    inst_simple /etc/pam.d/system-auth
>> +    inst_simple /etc/pam.d/system-auth-ac
>> +    inst_simple /etc/pam.d/systemd-user
>> +    inst_simple /etc/pam.d/postlogin
>> +    inst_simple /etc/pam.d/postlogin-ac
>> +    inst_simple /etc/pam.d/remote
>> +    inst_simple /etc/pam.d/setup
>> +
>> +    inst_simple /etc/security/access.conf
>> +    inst_simple /etc/security/chroot.conf
>> +    inst_simple /etc/security/console.apps
>> +    inst_simple /etc/security/console.handlers
>> +    inst_simple /etc/security/console.perms
>> +    inst_simple /etc/security/console.perms.d
>> +    inst_simple /etc/security/group.conf
>> +    inst_simple /etc/security/limits.conf
>> +    inst_simple /etc/security/limits.d
>> +    inst_simple /etc/security/namespace.conf
>> +    inst_simple /etc/security/namespace.d
>> +    inst_simple /etc/security/namespace.init
>> +    inst_simple /etc/security/opasswd
>> +    inst_simple /etc/security/pam_env.conf
>> +    inst_simple /etc/security/sepermit.conf
>> +    inst_simple /etc/security/time.conf
>> +}
>> +
>> +copy_pam_binary()
>> +{
>> +    inst_simple /usr/lib64/security/pam_access.so
>> +    inst_simple /usr/lib64/security/pam_chroot.so
>> +    inst_simple /usr/lib64/security/pam_console.so
>> +    inst_simple /usr/lib64/security/pam_cracklib.so
>> +    inst_simple /usr/lib64/security/pam_debug.so
>> +    inst_simple /usr/lib64/security/pam_deny.so
>> +    inst_simple /usr/lib64/security/pam_echo.so
>> +    inst_simple /usr/lib64/security/pam_env.so
>> +    inst_simple /usr/lib64/security/pam_exec.so
>> +    inst_simple /usr/lib64/security/pam_faildelay.so
>> +    inst_simple /usr/lib64/security/pam_faillock.so
>> +    inst_simple /usr/lib64/security/pam_filter
>> +    inst_simple /usr/lib64/security/pam_filter.so
>> +    inst_simple /usr/lib64/security/pam_filter/upperLOWER
>> +    inst_simple /usr/lib64/security/pam_ftp.so
>> +    inst_simple /usr/lib64/security/pam_group.so
>> +    inst_simple /usr/lib64/security/pam_issue.so
>> +    inst_simple /usr/lib64/security/pam_keyinit.so
>> +    inst_simple /usr/lib64/security/pam_lastlog.so
>> +    inst_simple /usr/lib64/security/pam_limits.so
>> +    inst_simple /usr/lib64/security/pam_listfile.so
>> +    inst_simple /usr/lib64/security/pam_localuser.so
>> +    inst_simple /usr/lib64/security/pam_loginuid.so
>> +    inst_simple /usr/lib64/security/pam_mail.so
>> +    inst_simple /usr/lib64/security/pam_mkhomedir.so
>> +    inst_simple /usr/lib64/security/pam_motd.so
>> +    inst_simple /usr/lib64/security/pam_namespace.so
>> +    inst_simple /usr/lib64/security/pam_nologin.so
>> +    inst_simple /usr/lib64/security/pam_permit.so
>> +    inst_simple /usr/lib64/security/pam_postgresok.so
>> +    inst_simple /usr/lib64/security/pam_pwhistory.so
>> +    inst_simple /usr/lib64/security/pam_rhosts.so
>> +    inst_simple /usr/lib64/security/pam_rootok.so
>> +    inst_simple /usr/lib64/security/pam_securetty.so
>> +    inst_simple /usr/lib64/security/pam_selinux.so
>> +    inst_simple /usr/lib64/security/pam_selinux_permit.so
>> +    inst_simple /usr/lib64/security/pam_sepermit.so
>> +    inst_simple /usr/lib64/security/pam_shells.so
>> +    inst_simple /usr/lib64/security/pam_stress.so
>> +    inst_simple /usr/lib64/security/pam_succeed_if.so
>> +    inst_simple /usr/lib64/security/pam_tally2.so
>> +    inst_simple /usr/lib64/security/pam_time.so
>> +    inst_simple /usr/lib64/security/pam_timestamp.so
>> +    inst_simple /usr/lib64/security/pam_tty_audit.so
>> +    inst_simple /usr/lib64/security/pam_umask.so
>> +    inst_simple /usr/lib64/security/pam_unix.so
>> +    inst_simple /usr/lib64/security/pam_unix_acct.so
>> +    inst_simple /usr/lib64/security/pam_unix_auth.so
>> +    inst_simple /usr/lib64/security/pam_unix_passwd.so
>> +    inst_simple /usr/lib64/security/pam_unix_session.so
>> +    inst_simple /usr/lib64/security/pam_userdb.so
>> +    inst_simple /usr/lib64/security/pam_warn.so
>> +    inst_simple /usr/lib64/security/pam_wheel.so
>> +    inst_simple /usr/lib64/security/pam_xauth.so
>> +    inst_simple /usr/sbin/faillock
>> +    inst_simple /usr/sbin/mkhomedir_helper
>> +    inst_simple /usr/sbin/pam_console_apply
>> +    inst_simple /usr/sbin/pam_tally2
>> +    inst_simple /usr/sbin/pam_timestamp_check
>> +    inst_simple /usr/sbin/pwhistory_helper
>> +    inst_simple /usr/sbin/unix_chkpwd
>> +    inst_simple /usr/sbin/unix_update
>> +}
>> +
>> +
>> +inst_pam()
>> +{
>> +    copy_pam_binary
>> +    copy_pam_conf
>> +}
>> +
>> +inst_sshd()
>> +{
>> +    inst_simple /usr/sbin/sshd
>> +    inst_simple /usr/libexec/openssh/sshd-keygen
>> +    inst_simple /etc/ssh/sshd_config
>> +    inst_simple /etc/ssh/ssh_host_rsa_key.pub
>> +    inst_simple /etc/ssh/ssh_host_rsa_key
>> +    inst_simple /etc/ssh/ssh_host_ecdsa_key
>> +    inst_simple /etc/ssh/ssh_host_ecdsa_key.pub
>> +    inst_simple /etc/ssh/ssh_host_ed25519_key
>> +    inst_simple /etc/ssh/ssh_host_ed25519_key.pub
>> +    inst_dir /var/empty/sshd
>> +    grep -E '^sshd:' /etc/passwd >> "$initdir/etc/passwd"
>> +    grep -E '^sshd:' /etc/group >> "$initdir/etc/group"
>> +    grep -E '^root:' /etc/passwd >> "$initdir/etc/passwd"
>> +    grep -E '^root:' /etc/group >> "$initdir/etc/group"
>> +    grep -E '^root:' /etc/shadow >> "$initdir/etc/shadow"
>> +    inst_simple   /root/.ssh/authorized_keys
>> +    chmod 600 -R ${initdir}/etc/ssh/
>> +    inst_simple /etc/sysconfig/sshd
>> +    inst_simple /usr/lib/systemd/system/sshd-keygen@.service
>> +    inst_simple /usr/lib/systemd/system/sshd-keygen.target
>> +    inst_simple /usr/lib/systemd/system/sshd.service
>> +    inst_simple /usr/lib/systemd/system/sshd@.service
>> +    inst_simple /usr/lib/systemd/system/sshd.socket
>> +}
>> +
>> +install() {
>> +    inst_sshd
>> +    inst_pam
>> +}
>> --
>> 2.7.4
>>

Re: [PATCH] modules.d: introduce ssh-server module to provide service

[Daniel Molkentin]

On 06/21/2017 04:41 PM, Harald Hoyer wrote:
> On 12.06.2017 07:47, Liu ping fan wrote:
>> Hi Harald, what is your opinion of such functionality?
> yeah, nice, but some issues:
>
> 1) "inst" should be used instead of "inst_simple" for executables and *.so
> 2) That is a long hardcoded list of dependencies. Are they all needed?
> 3) The module should probably be renamed to rhel-7-ssh-server or a similar name
>    to reflect, that it is most likely only working on this distribution variant
> 4) Does it have to be shipped in upstream dracut? Looks like this can live totally
>    fine in a project, which lives outside of dracut.
I was about to introduce something similar, I would try to keep it
general purpose. A good use case could be to unlock an encrypted root fs
after a reboot, even though that would require more work.

Some things I noticed:

1. This should go into modules.d, not the root
2. check() should return 255 even if sshd is found (you probably don't
want this to be the default)?
3. the multiple inst_simples for the different keys seem excessive, plus
there might be more than those. Use a glob?

Cheers,
  Daniel

Re: [PATCH] modules.d: introduce ssh-server module to provide service

[Pingfan Liu]

----- Original Message -----
> From: "Daniel Molkentin" <dmolkentin-l3A5Bk7waGM@public.gmane.org>
> To: "Harald Hoyer" <harald-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>, "Liu ping fan" <kernelfans-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>, "Pingfan Liu" <piliu-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
> Cc: initramfs-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
> Sent: Wednesday, June 21, 2017 11:14:21 PM
> Subject: Re: [PATCH] modules.d: introduce ssh-server module to provide service
> 
> On 06/21/2017 04:41 PM, Harald Hoyer wrote:
> > On 12.06.2017 07:47, Liu ping fan wrote:
> >> Hi Harald, what is your opinion of such functionality?
> > yeah, nice, but some issues:
> >
> > 1) "inst" should be used instead of "inst_simple" for executables and *.so
> > 2) That is a long hardcoded list of dependencies. Are they all needed?
> > 3) The module should probably be renamed to rhel-7-ssh-server or a similar
> > name
> >    to reflect, that it is most likely only working on this distribution
> >    variant
> > 4) Does it have to be shipped in upstream dracut? Looks like this can live
> > totally
> >    fine in a project, which lives outside of dracut.
> I was about to introduce something similar, I would try to keep it
> general purpose. A good use case could be to unlock an encrypted root fs
> after a reboot, even though that would require more work.
> 
Yeah, I notice that project. It is great, but it is a pity that it is not merged into drauct upstream since it is a little complicated and difficult to maintain.

> Some things I noticed:
> 
> 1. This should go into modules.d, not the root
> 2. check() should return 255 even if sshd is found (you probably don't
> want this to be the default)?
> 3. the multiple inst_simples for the different keys seem excessive, plus
> there might be more than those. Use a glob?
> 
Yes. Thank you for advice.

Best regards,
Pingfan

> Cheers,
>   Daniel
> 
> --
> To unsubscribe from this list: send the line "unsubscribe initramfs" in
> the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
> 

Re: [PATCH] modules.d: introduce ssh-server module to provide service

[Pingfan Liu]

----- Original Message -----
> From: "Harald Hoyer" <harald-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
> To: "Liu ping fan" <kernelfans-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>, "Pingfan Liu" <piliu-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
> Cc: initramfs-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
> Sent: Wednesday, June 21, 2017 10:41:50 PM
> Subject: Re: [PATCH] modules.d: introduce ssh-server module to provide service
> 
> On 12.06.2017 07:47, Liu ping fan wrote:
> > Hi Harald, what is your opinion of such functionality?
> 
> yeah, nice, but some issues:
> 
> 1) "inst" should be used instead of "inst_simple" for executables and *.so
> 2) That is a long hardcoded list of dependencies. Are they all needed?
> 3) The module should probably be renamed to rhel-7-ssh-server or a similar
> name
>    to reflect, that it is most likely only working on this distribution
>    variant
> 4) Does it have to be shipped in upstream dracut? Looks like this can live
> totally
>    fine in a project, which lives outside of dracut.
> 
Ah, I brought up this patch to ease the remote debugging on customer env. And usually the bug reporter is not familiar with detail, and it cost some time to communicate. With this patch, it is more easy to debug the initrd issue with capture-kernel.
It is ok if you think it is better to keep this patch lives outside of dracut. I can ask the customer to install it by manual.



Thanks and regards,
Pingfan