Re: [OE-core] [PATCH 1/2] gcc: Oe-selftest failure analysis - fix for host key verfication & kex exchange identification failures

[Richard Purdie <richard.purdie@linuxfoundation.org>]

Hi Harish,

On Thu, 2024-04-18 at 03:50 -0700, Sadineni, Harish via
lists.openembedded.org wrote:
> From: Harish Sadineni <Harish.Sadineni@windriver.com>
> 
> while runnig oe-selftest for gcc, testcases that need to be run on
> qemu are not running due to below failures.
> - Executing on ssh: mkdir -p /tmp/runtest.3549641   (timeout = 300)
>    spawn [open ...]
>    Host key verification failed.
>    ERROR: Couldn't create remote directory /tmp/runtest.3549641 on
> ssh
> - kex_exchange_identification: read: Connection reset by peer^M
>    Connection reset by 192.168.7.2 port 22^M
>    ERROR: Couldn't create remote directory /tmp/runtest.3549814 on
> ssh
> 
> Host key verification failure is happening when ssh board config file
> name is defined as "ssh.exp" and there are multiple ssh.exp files
> generated during the build and a wrong ssh config was taken. To
> resolve this changed the board config file name to "linux-ssh.exp"
> which ensures correct ssh settings are used.
> 
> To resolve kex exchange identification error increased the
> MaxStartups.
> 
> Signed-off-by: Harish Sadineni <Harish.Sadineni@windriver.com>
> ---
>  meta/lib/oeqa/selftest/cases/gcc.py                   | 2 +-
>  meta/recipes-connectivity/openssh/openssh/sshd_config | 2 +-
>  meta/recipes-devtools/gcc/gcc-testsuite.inc           | 2 +-
>  3 files changed, 3 insertions(+), 3 deletions(-)

Thanks for these. They did pass testing on the autobuilder but I there
are some style tweaks needed before they can merge and we have to
answer some questions about the sshd_config changes.

Style wise, the shortlog of the patch (subject line) needs to be
improved. It should start "oeqa/selftest/gcc:" to make it clear this
isn't a gcc recipe change but a selftest change.

The shortlog should also be a short summary, so for example:

oeqa/selftest/gcc: Fix ssh tests to run correctly

The longer log can contain contain information about the host key and
key exchange pieces.

Moving on to the patch content, the openssh piece needs to be separated
out into a separate patch as it is changing a quite key separate part
of the system.

I noticed the second patch also has an openssh change, so perhaps
combine those two changes together into a separate patch. The second
patch also needs the shortlog improving similar to the above.

The rest of the patch content is good.

The remaining issue is where/when to apply the openssh changes. My
worry is that this does have potential DoS implications on real target
devices as the config change is being made globally. It made me wonder
if we should have a "qemuall" openssh config that applies to our qemu
machines we use for testing as way of handling this?

Cheers,

Richard