lakitu: Fix ssh hostkey verification error

This CL fixes the error by including the following changes:
1. Include a patch to write hostkeys to the stateful partition.
Currently, the sshd fetches hostkeys from /mnt/stateful_partition/etc/ssh,
however the guest agent daemon generates and writes ssh hostkeys to /etc/ssh.
We need the guest agent to write ssh hostkeys to the stateful_partition
if we want to support publishing of hostkeys to instance metadata.

2. Modify fix-systemd-units-dependencies patch to have sshd.service
block on google-instance-setup.service. sshd.service currently has a
script which runs before sshd.service is launched which generates hostkeys
to the stateful partition. Since we need to use the hostkeys that
google-instance-setup.service is generating, we will need sshd.service
to run after google-instance-setup.service.

BUG=b:147559155
TEST=cos_tryjob
RELEASE_NOTE=Fix ssh hostkey verification error

Change-Id: I9b3a3afef7b8eb5b739ad6126a7983423ab7b090
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/overlays/board-overlays/+/2063380
Reviewed-by: Robert Kolchmeyer <rkolchmeyer@google.com>
Reviewed-by: Dexter Rivera <riverade@chromium.org>
Commit-Queue: Dexter Rivera <riverade@chromium.org>
Tested-by: Dexter Rivera <riverade@chromium.org>
(cherry picked from commit 8a80b6d7a4e99d55c1d1ec324baf02404e982d32)
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/overlays/board-overlays/+/2071061
diff --git a/overlay-lakitu/app-admin/compute-image-packages/compute-image-packages-20190801-r2.ebuild b/overlay-lakitu/app-admin/compute-image-packages/compute-image-packages-20190801-r3.ebuild
similarity index 100%
rename from overlay-lakitu/app-admin/compute-image-packages/compute-image-packages-20190801-r2.ebuild
rename to overlay-lakitu/app-admin/compute-image-packages/compute-image-packages-20190801-r3.ebuild
diff --git a/overlay-lakitu/app-admin/compute-image-packages/compute-image-packages-20190801.ebuild b/overlay-lakitu/app-admin/compute-image-packages/compute-image-packages-20190801.ebuild
index fe82b7f..33a4b3f 100644
--- a/overlay-lakitu/app-admin/compute-image-packages/compute-image-packages-20190801.ebuild
+++ b/overlay-lakitu/app-admin/compute-image-packages/compute-image-packages-20190801.ebuild
@@ -39,7 +39,8 @@
 	epatch "${FILESDIR}/20190304-homedir-uid-fix.patch"
 	epatch "${FILESDIR}/20190801-no-boto.patch"
 	epatch "${FILESDIR}/20190801-fix-systemd-units-dependencies.patch"
-	popd
+	epatch "${FILESDIR}/20190801-write-hostkeys-to-stateful-partition.patch"
+	popd || return
 	distutils-r1_python_prepare_all
 }
 
@@ -62,7 +63,7 @@
 	# Backports the get-metadata-value script from older version of this
 	# package (1.3.3).
 	exeinto /usr/share/google/
-	newexe ${FILESDIR}/1.3.3-get_metadata_value get_metadata_value
+	newexe "${FILESDIR}/1.3.3-get_metadata_value" get_metadata_value
 
 	# Install distro specific default configuration.
 	insinto /etc/default/
diff --git a/overlay-lakitu/app-admin/compute-image-packages/files/20190801-fix-systemd-units-dependencies.patch b/overlay-lakitu/app-admin/compute-image-packages/files/20190801-fix-systemd-units-dependencies.patch
index 6e2b49c..4adfa49 100644
--- a/overlay-lakitu/app-admin/compute-image-packages/files/20190801-fix-systemd-units-dependencies.patch
+++ b/overlay-lakitu/app-admin/compute-image-packages/files/20190801-fix-systemd-units-dependencies.patch
@@ -1,30 +1,14 @@
-From f87b65f54e2a01a0be5e723289419b06870a8faf Mon Sep 17 00:00:00 2001
-From: Daniel Wang <wonderfly@google.com>
-Date: Wed, 28 Aug 2019 13:24:20 -0700
+From c3703674dc73b19cabd9388c828931dc52b13232 Mon Sep 17 00:00:00 2001
+From: Dexter Rivera <riverade@google.com>
+Date: Wed, 19 Feb 2020 13:45:23 -0800
 Subject: [PATCH] Fix systemd units dependencies
 
-The unit definitions from upstream don't work for COS very well.
 ---
- .../src/lib/systemd/system/google-instance-setup.service      | 4 ++--
- .../src/lib/systemd/system/google-network-daemon.service      | 3 ++-
- .../src/lib/systemd/system/google-shutdown-scripts.service    | 3 ++-
- .../src/lib/systemd/system/google-startup-scripts.service     | 3 ++-
- 4 files changed, 8 insertions(+), 5 deletions(-)
+ .../src/lib/systemd/system/google-network-daemon.service       | 3 ++-
+ .../src/lib/systemd/system/google-shutdown-scripts.service     | 3 ++-
+ .../src/lib/systemd/system/google-startup-scripts.service      | 3 ++-
+ 3 files changed, 6 insertions(+), 3 deletions(-)
 
-diff --git a/packages/google-compute-engine/src/lib/systemd/system/google-instance-setup.service b/packages/google-compute-engine/src/lib/systemd/system/google-instance-setup.service
-index ee987b2..5069b41 100644
---- a/packages/google-compute-engine/src/lib/systemd/system/google-instance-setup.service
-+++ b/packages/google-compute-engine/src/lib/systemd/system/google-instance-setup.service
-@@ -1,7 +1,7 @@
- [Unit]
- Description=Google Compute Engine Instance Setup
--After=network-online.target network.target rsyslog.service
--Before=sshd.service
-+After=network-online.target
-+Wants=network-online.target
- 
- [Service]
- Type=oneshot
 diff --git a/packages/google-compute-engine/src/lib/systemd/system/google-network-daemon.service b/packages/google-compute-engine/src/lib/systemd/system/google-network-daemon.service
 index 71745d4..b4dd4bc 100644
 --- a/packages/google-compute-engine/src/lib/systemd/system/google-network-daemon.service
@@ -68,5 +52,5 @@
  [Service]
  ExecStart=/usr/bin/google_metadata_script_runner --script-type startup
 -- 
-2.23.0.187.g17f5b7556c-goog
+2.25.0.265.gbab2e86ba0-goog
 
diff --git a/overlay-lakitu/app-admin/compute-image-packages/files/20190801-write-hostkeys-to-stateful-partition.patch b/overlay-lakitu/app-admin/compute-image-packages/files/20190801-write-hostkeys-to-stateful-partition.patch
new file mode 100644
index 0000000..844449f
--- /dev/null
+++ b/overlay-lakitu/app-admin/compute-image-packages/files/20190801-write-hostkeys-to-stateful-partition.patch
@@ -0,0 +1,50 @@
+From 41a305c3b87e959db833afa4a4c7643cd1600106 Mon Sep 17 00:00:00 2001
+From: Dexter Rivera <riverade@google.com>
+Date: Fri, 21 Feb 2020 16:31:52 -0800
+Subject: [PATCH] Write keys to the stateful partition
+
+---
+ .../instance_setup/instance_setup.py           | 18 +++++++++++++++---
+ 1 file changed, 15 insertions(+), 3 deletions(-)
+
+diff --git a/packages/python-google-compute-engine/google_compute_engine/instance_setup/instance_setup.py b/packages/python-google-compute-engine/google_compute_engine/instance_setup/instance_setup.py
+index cb1a2a6..42c242f 100755
+--- a/packages/python-google-compute-engine/google_compute_engine/instance_setup/instance_setup.py
++++ b/packages/python-google-compute-engine/google_compute_engine/instance_setup/instance_setup.py
+@@ -207,11 +207,19 @@ class InstanceSetup(object):
+     """
+     section = 'Instance'
+     instance_id = self._GetInstanceId()
+-    if instance_id != self.instance_config.GetOptionString(
+-        section, 'instance_id'):
++    prev_instance_id = None
++
++    instance_id_file = '/mnt/stateful_partition/.instance_id'
++    if os.path.isfile(instance_id_file):
++      with open(instance_id_file, 'rb') as f:
++        prev_instance_id = f.read().strip()
++
++    if not prev_instance_id or prev_instance_id != instance_id:
+       self.logger.info('Generating SSH host keys for instance %s.', instance_id)
+       file_regex = re.compile(r'ssh_host_(?P<type>[a-z0-9]*)_key\Z')
+-      key_dir = '/etc/ssh'
++      key_dir = '/mnt/stateful_partition/etc/ssh'
++      if not os.path.isdir(key_dir):
++        os.makedirs(key_dir)
+       key_files = [f for f in os.listdir(key_dir) if file_regex.match(f)]
+       key_types = host_key_types.split(',') if host_key_types else []
+       key_types_files = ['ssh_host_%s_key' % key_type for key_type in key_types]
+@@ -224,6 +232,10 @@ class InstanceSetup(object):
+       self._StartSshd()
+       self.instance_config.SetOption(section, 'instance_id', str(instance_id))
+ 
++      # Write the instance_id to the stateful partition
++      with open(instance_id_file, 'wb') as f:
++        f.write(instance_id)
++
+   def _GetNumericProjectId(self):
+     """Get the numeric project ID.
+ 
+-- 
+2.25.0.265.gbab2e86ba0-goog
+