diff options
| author | Martin Pitt <martin.pitt@ubuntu.com> | 2016-07-25 17:03:17 +0200 |
|---|---|---|
| committer | Colin Watson <cjwatson@debian.org> | 2016-07-29 02:32:54 +0100 |
| commit | 4cebe1ac6b50c7bc74313e26d44c4fc0af8886aa (patch) | |
| tree | d33233488eac0023ec3a4e5e7edd0180b53318b1 | |
| parent | 556ee3d2d433dc70512003667398f0979b0940a9 (diff) | |
Add debian/agent-launch: Helper script for conditionally starting the SSH agent in the user session
Use it in ssh-agent.user-session.upstart. This will also be used in a
corresponding systemd user unit.
This replaces the backgrounded "ssh-agent -s" with a foreground task which
works more nicely with modern init systems for logging/debugging and
starting/stopping.
Also use a fixed socket file name in $XDG_RUNTIME_DIR -- under both upstart and
systemd we can assume this, and it allows restarting the service in a running
session.
| -rwxr-xr-x | debian/agent-launch | 29 | ||||
| -rw-r--r-- | debian/changelog | 5 | ||||
| -rwxr-xr-x | debian/openssh-client.install | 2 | ||||
| -rw-r--r-- | debian/ssh-agent.user-session.upstart | 20 |
4 files changed, 38 insertions, 18 deletions
diff --git a/debian/agent-launch b/debian/agent-launch new file mode 100755 index 000000000..40479b868 --- /dev/null +++ b/debian/agent-launch | |||
| @@ -0,0 +1,29 @@ | |||
| 1 | #!/bin/sh | ||
| 2 | # helper script for launching ssh-agent, used by systemd unit and upstart job | ||
| 3 | set -e | ||
| 4 | |||
| 5 | if [ ! -d "$XDG_RUNTIME_DIR" ]; then | ||
| 6 | echo 'This needs $XDG_RUNTIME_DIR to be set' >&2 | ||
| 7 | exit 1 | ||
| 8 | fi | ||
| 9 | |||
| 10 | if [ "$1" = start ]; then | ||
| 11 | if [ -z "$SSH_AUTH_SOCK" ] && grep -s -q '^use-ssh-agent$' /etc/X11/Xsession.options; then | ||
| 12 | S="$XDG_RUNTIME_DIR/openssh_agent" | ||
| 13 | dbus-update-activation-environment --verbose --systemd SSH_AUTH_SOCK=$S SSH_AGENT_LAUNCHER=openssh | ||
| 14 | if type initctl >/dev/null 2>&1; then | ||
| 15 | initctl set-env --global SSH_AUTH_SOCK=$S | ||
| 16 | fi | ||
| 17 | exec ssh-agent -D -a $S | ||
| 18 | fi | ||
| 19 | elif [ "$1" = stop ]; then | ||
| 20 | if [ "$SSH_AGENT_LAUNCHER" = openssh ]; then | ||
| 21 | dbus-update-activation-environment --systemd SSH_AUTH_SOCK= | ||
| 22 | if type initctl >/dev/null 2>&1; then | ||
| 23 | initctl unset-env --global SSH_AUTH_SOCK | ||
| 24 | fi | ||
| 25 | fi | ||
| 26 | else | ||
| 27 | echo "Unknown command $1" >&2 | ||
| 28 | exit 1 | ||
| 29 | fi | ||
diff --git a/debian/changelog b/debian/changelog index 0977bc8c9..79d973bb8 100644 --- a/debian/changelog +++ b/debian/changelog | |||
| @@ -1,10 +1,15 @@ | |||
| 1 | openssh (1:7.2p2-8) UNRELEASED; urgency=medium | 1 | openssh (1:7.2p2-8) UNRELEASED; urgency=medium |
| 2 | 2 | ||
| 3 | [ Colin Watson ] | ||
| 3 | * Stop enabling ssh-session-cleanup.service by default; instead, ship it | 4 | * Stop enabling ssh-session-cleanup.service by default; instead, ship it |
| 4 | as an example and add a section to README.Debian. libpam-systemd >= 230 | 5 | as an example and add a section to README.Debian. libpam-systemd >= 230 |
| 5 | and "UsePAM yes" should take care of the original problem for most | 6 | and "UsePAM yes" should take care of the original problem for most |
| 6 | systemd users (thanks, Michael Biebl; closes: #832155). | 7 | systemd users (thanks, Michael Biebl; closes: #832155). |
| 7 | 8 | ||
| 9 | [ Martin Pitt ] | ||
| 10 | * Add debian/agent-launch: Helper script for conditionally starting the SSH | ||
| 11 | agent in the user session. Use it in ssh-agent.user-session.upstart. | ||
| 12 | |||
| 8 | -- Colin Watson <cjwatson@debian.org> Thu, 28 Jul 2016 22:04:37 +0100 | 13 | -- Colin Watson <cjwatson@debian.org> Thu, 28 Jul 2016 22:04:37 +0100 |
| 9 | 14 | ||
| 10 | openssh (1:7.2p2-7) unstable; urgency=medium | 15 | openssh (1:7.2p2-7) unstable; urgency=medium |
diff --git a/debian/openssh-client.install b/debian/openssh-client.install index fd6819a7c..fd9c02d1b 100755 --- a/debian/openssh-client.install +++ b/debian/openssh-client.install | |||
| @@ -26,6 +26,8 @@ usr/share/man/man8/ssh-pkcs11-helper.8 | |||
| 26 | contrib/ssh-copy-id usr/bin | 26 | contrib/ssh-copy-id usr/bin |
| 27 | debian/ssh-argv0 usr/bin | 27 | debian/ssh-argv0 usr/bin |
| 28 | 28 | ||
| 29 | debian/agent-launch usr/lib/openssh | ||
| 30 | |||
| 29 | # dh_apport would be neater, but at the time of writing it isn't in unstable | 31 | # dh_apport would be neater, but at the time of writing it isn't in unstable |
| 30 | # yet. | 32 | # yet. |
| 31 | debian/openssh-client.apport => usr/share/apport/package-hooks/openssh-client.py | 33 | debian/openssh-client.apport => usr/share/apport/package-hooks/openssh-client.py |
diff --git a/debian/ssh-agent.user-session.upstart b/debian/ssh-agent.user-session.upstart index 385a9ecc6..672d2a0de 100644 --- a/debian/ssh-agent.user-session.upstart +++ b/debian/ssh-agent.user-session.upstart | |||
| @@ -3,21 +3,5 @@ author "Stéphane Graber <stgraber@ubuntu.com>" | |||
| 3 | 3 | ||
| 4 | start on starting xsession-init | 4 | start on starting xsession-init |
| 5 | 5 | ||
| 6 | pre-start script | 6 | exec /usr/lib/openssh/agent-launch start |
| 7 | [ -e /etc/X11/Xsession.options ] || { stop; exit 0; } | 7 | post-stop exec /usr/lib/openssh/agent-launch stop |
| 8 | grep -q "^use-ssh-agent$" /etc/X11/Xsession.options || { stop; exit 0; } | ||
| 9 | [ -z "$SSH_AUTH_SOCK" ] || { stop; exit 0; } | ||
| 10 | |||
| 11 | eval "$(ssh-agent -s)" >/dev/null | ||
| 12 | initctl set-env --global SSH_AUTH_SOCK=$SSH_AUTH_SOCK | ||
| 13 | initctl set-env --global SSH_AGENT_PID=$SSH_AGENT_PID | ||
| 14 | initctl set-env --global SSH_AGENT_LAUNCHER=upstart | ||
| 15 | end script | ||
| 16 | |||
| 17 | post-stop script | ||
| 18 | [ "$SSH_AGENT_LAUNCHER" = upstart ] || exit 0 | ||
| 19 | kill $SSH_AGENT_PID 2>/dev/null || true | ||
| 20 | initctl unset-env --global SSH_AUTH_SOCK | ||
| 21 | initctl unset-env --global SSH_AGENT_PID | ||
| 22 | initctl unset-env --global SSH_AGENT_LAUNCHER | ||
| 23 | end script | ||