Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 828567 - Using SSH in Genkernel will make net-misc/openssh show up in depclean
Summary: Using SSH in Genkernel will make net-misc/openssh show up in depclean
Status: RESOLVED NEEDINFO
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal normal
Assignee: Gentoo Genkernel Maintainers
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2021-12-08 10:51 UTC by r7l
Modified: 2021-12-10 11:01 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description r7l 2021-12-08 10:51:05 UTC
When using Genkernel with SSH feature activated, it will ask for net-misc/dropbear to be installed in order to add it to initramfs. All this makes sense and works well once installed but it will drop net-misc/openssh out of scope for virtual/ssh and make Portage to ask for removal when using --depclean.

This can be confusing as it's not easily clear why openssh is requested for removal when dropbear is only meant to be used with Genkernel. The only way to get around this, is by adding net-misc/openssh to Portage world file as well.

Wouldn't it be a better solution for those using SSH with Genkernel, to add a ssh USE flag to Genkernel? It add the dropbear dependency and install it.

Reproducible: Always

Steps to Reproduce:
1. install Genkernel and activate SSH option
2. install net-misc/dropbear as told
3. run emerge --depclean
Actual Results:  
!!! 'net-misc/openssh' (virtual/ssh) is part of your system profile.
!!! Unmerging it may be damaging to your system.

Expected Results:  
net-misc/openssh to remain in the system.
Comment 1 Thomas Deutschmann (RETIRED) gentoo-dev 2021-12-10 00:39:34 UTC
I think you got confused by multiple things.

First of all, virtual/ssh is a _virtual_ package which can be satisfied by either net-misc/openssh or net-misc/dropbear. If you have both packages installed but not added to your world file, only one provider will be 'protected' against removal by this virtual.

By default, this will be net-misc/openssh unless you have set USE=minimal for virtual/ssh in which vase net-misc/dropbear will be preferred.

Now the question is why you didn't install and added net-misc/openssh to your world file like described in handbook (just run `emerge -a --noreplace net-misc/openssh` now to add it to your world file). Did you really pick virtual/ssh on your own to get an OpenSSH client?

Regarding genkernel:
Genkernel has no dependency on net-misc/dropbear. Depending on how you create host keys used within the initramfs, genkernel will need net-misc/dropbear to create those keys in appropriate format. However, in most cases, genkernel will use its own copy of dropbear and doesn't depend on net-misc/dropbear. The package is only needed when you do cross-compile, i.e. generate genkernel initramfs for another system having a different architecture your host system cannot execute (in which case the host system running genkernel cannot execute internal dropbear copy).

You can also provide host keys on your own or generate new host keys on each boot. Please see genkernel man page for more details.

I would be interested to understand why you believe genkernel depends on net-misc/dropbear. In case genkernel told you, could you please attach genkernel.log from that run?
Comment 2 r7l 2021-12-10 11:01:29 UTC
I am aware of the situation with virtual/ssh and i don't have "minimal". I've never seen any place mentioning openssh to be required to be installed manually during install. I've just even checked again both 

https://wiki.gentoo.org/wiki/Handbook:AMD64/Full/Installation

and 

https://wiki.gentoo.org/wiki/Genkernel

as that would be what i am usually using when installing. I don't see it being mentioned on both of those sites.

And on any other Gentoo system i've had and have, there was never an issue with openssh as i've not installed dropbear and openssh would remain the sole ssh package installed. As expected by virtual/ssh.

Let me try to explain how i've ended up with this issue:

I've installed my system with Luks encryption according to amd64 Handbook in the wiki. As said before, without installing openssh again.

I've installed Genkernel and edited /etc/genkernel.conf according to a kernel with SSH included into the initramfs. All fine.

When running "genkernel all" it showed this message:

* ERROR: authorized_keys file '/etc/dropbear/authorized_keys' does not exist!
* Please consult '/var/log/genkernel.log' for more information and any
* errors that were reported above.
* 
* Report any genkernel bugs to bugs.gentoo.org and
* assign your bug to genkernel@gentoo.org. Please include
* as much information as you can in your bug report; attaching
* '/var/log/genkernel.log' so that your issue can be dealt with effectively.
* 
* Please do *not* report kernel compilation failures as genkernel bugs!

Checking /var/log/genkernel.log it will just include this same message and when looking at the Genkernel wiki page it introduces the SSH section with this line:

"genkernel can embed the net-misc/dropbear SSH daemon into the initramfs ..."

And even the man page speaks of dropbear (even with commands being used) without mentioning where it's coming from.

So, while it doesn't actually say it would require me to install net-misc/dropbear, i was assuming (from the info i had) that Genkernel would need dropbear to be installed in order to provide SSH. I've installed it and this made the error go away without any additional work. This made me believe it would be the way to go and Genkernel not having it as a dependency might be since SSH in initramfs is probably an edge case feature for most people.  Well, doing SSH with Dracut is actually quite an adventure. But that's different topic.

Installing dropbear added it to Portage world file and caused the depclean issue for the said reasons. I've actually had this same issue on another system at some point in the past when i was setting up Gentoo with Luks and SSH in initramfs there. I've simply installed openssh and went on back then. But having the same issue again, made me decide to report it.

So what i read out of your comment is that Genkernel ships it's own version of dropbear. I wasn't aware of that (didn't see it mentioned in the wiki or else) and i am sorry, for not taking a dive into the internals of Genkernel.

I am going to try to uninstall dropbear, symlink the ssh keys (as suggested in the wiki) and try redo the initramfs. Having mixed SSH keys was barely an issue in the past, as the systems in question are running local (just without keyboard and monitor attached) and i was restarting like once or twice a year at most.