Add systemd support (thanks, Sven Joachim; closes: #676830).

author: Colin Watson <cjwatson@debian.org> 2014-02-10 14:37:55 +0000
committer: Colin Watson <cjwatson@debian.org> 2014-02-10 14:37:55 +0000
commit: 11cbb530aa4ca54344eb8941342bfe510f4b981b (patch)
tree: 3cc6e4aa03bb76121fa1d4f8ee2fbcbdc6cdb5c1
parent: e4c505521f820cadada465ebfa8ff12e3d37feb9 (diff)
11 files changed, 74 insertions, 2 deletions
diff --git a/debian/README.Debian b/debian/README.Debian
index 00dfea13d..b9efeb9f5 100644
--- a/debian/README.Debian
+++ b/debian/README.Debian
@@ -201,6 +201,26 @@ If you do this, note that you will need to stop sshd being started in the
 normal way ('rm -f /etc/rc[2345].d/S16ssh') and that you will need to
 restart this sshd manually on upgrades.
+systemd socket activation
+-------------------------
+If you want to reconfigure systemd to launch sshd using socket activation,
+then you can run:
+  systemctl stop ssh.service
+  systemctl start ssh.socket
+To make this permanent:
+  systemctl disable ssh.service
+  systemctl enable ssh.socket
+This may be appropriate in environments where minimal footprint is critical
+(e.g. cloud guests).  Be aware that this bypasses MaxStartups, and systemd's
+MaxConnections cannot quite replace this as it cannot distinguish between
+authenticated and unauthenticated connections; see
+https://bugzilla.redhat.com/show_bug.cgi?id=963268 for more discussion.
 -- 
 Matthew Vernon <matthew@debian.org>
 Colin Watson <cjwatson@debian.org>
diff --git a/debian/changelog b/debian/changelog
index 5dc215554..e0adf6e70 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -28,6 +28,7 @@ openssh (1:6.5p1-1) UNRELEASED; urgency=medium
    'ssh-keygen -q -f /etc/ssh/ssh_host_ed25519_key -N "" -t ed25519'.
  * Drop long-obsolete "SSH now uses protocol 2 by default" section from
    README.Debian.
+  * Add systemd support (thanks, Sven Joachim; closes: #676830).
 -- Colin Watson <cjwatson@debian.org>  Sun, 09 Feb 2014 15:52:14 +0000
diff --git a/debian/control b/debian/control
index 8b3679570..78746affe 100644
--- a/debian/control
+++ b/debian/control
@@ -2,7 +2,7 @@ Source: openssh
 Section: net
 Priority: standard
 Maintainer: Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>
-Build-Depends: libwrap0-dev | libwrap-dev, zlib1g-dev (>= 1:1.2.3-1), libssl-dev (>= 0.9.8g), libpam0g-dev | libpam-dev, libgtk2.0-dev, libedit-dev, debhelper (>= 8.1.0~), libselinux1-dev [linux-any], libkrb5-dev | heimdal-dev, dpkg (>= 1.16.1~), libck-connector-dev, dh-autoreconf, autotools-dev
+Build-Depends: libwrap0-dev | libwrap-dev, zlib1g-dev (>= 1:1.2.3-1), libssl-dev (>= 0.9.8g), libpam0g-dev | libpam-dev, libgtk2.0-dev, libedit-dev, debhelper (>= 8.1.0~), libselinux1-dev [linux-any], libkrb5-dev | heimdal-dev, dpkg (>= 1.16.1~), libck-connector-dev, dh-autoreconf, autotools-dev, dh-systemd (>= 1.4)
 Standards-Version: 3.8.4
 Uploaders: Colin Watson <cjwatson@debian.org>, Matthew Vernon <matthew@debian.org>
 Homepage: http://www.openssh.org/
diff --git a/debian/openssh-server.install b/debian/openssh-server.install
index 8e04c4170..d04788cca 100644
--- a/debian/openssh-server.install
+++ b/debian/openssh-server.install
@@ -4,3 +4,7 @@ usr/share/man/man5/authorized_keys.5
 usr/share/man/man5/sshd_config.5
 usr/share/man/man8/sftp-server.8
 usr/share/man/man8/sshd.8
+debian/systemd/ssh.socket lib/systemd/system
+debian/systemd/ssh@.service lib/systemd/system
+debian/systemd/sshd.conf usr/lib/tmpfiles.d
diff --git a/debian/openssh-server.postinst b/debian/openssh-server.postinst
index 91c757db5..b35e227e7 100644
--- a/debian/openssh-server.postinst
+++ b/debian/openssh-server.postinst
@@ -304,6 +304,13 @@ if [ "$action" = configure ]; then
            # restart it under Upstart.
            start-stop-daemon --stop --quiet --oknodo --pidfile /var/run/sshd.pid || true
        fi
+        if dpkg --compare-versions "$2" lt 1:6.5p1-1 && \
+           [ -d /run/systemd/system ] && \
+           ! systemctl --quiet is-active ssh; then
+            # We must stop the sysvinit-controlled sshd before we can
+            # restart it under systemd.
+            start-stop-daemon --stop --quiet --oknodo --pidfile /var/run/sshd.pid || true
+        fi
 fi
 #DEBHELPER#
diff --git a/debian/openssh-server.ssh.service b/debian/openssh-server.ssh.service
new file mode 120000
index 000000000..609457230
--- /dev/null
+++ b/debian/openssh-server.ssh.service
@@ -0,0 +1 @@
+systemd/ssh.service
+\ No newline at end of file
diff --git a/debian/rules b/debian/rules
index 5b0d8f9d6..c8870b3a4 100755
--- a/debian/rules
+++ b/debian/rules
@@ -114,7 +114,7 @@ confflags += --with-ldflags='$(strip -Wl,--as-needed $(default_ldflags))'
 confflags_udeb += --with-ldflags='-Wl,--as-needed'
 %:
-        dh $@ --with=autoreconf
+        dh $@ --with=autoreconf,systemd
 autoreconf:
        autoreconf -f -i
@@ -190,6 +190,9 @@ override_dh_installdocs:
        # Avoid breaking dh_installexamples later.
        mkdir -p debian/openssh-server/usr/share/doc/openssh-client
+override_dh_systemd_enable:
+        dh_systemd_enable --name ssh
 override_dh_installinit:
        dh_installinit -R --name ssh -- start 16 2 3 4 5 .
diff --git a/debian/systemd/ssh.service b/debian/systemd/ssh.service
new file mode 100644
index 000000000..333690bfc
--- /dev/null
+++ b/debian/systemd/ssh.service
@@ -0,0 +1,15 @@
+[Unit]
+Description=OpenBSD Secure Shell server
+After=syslog.target network.target auditd.service
+ConditionPathExists=!/etc/ssh/sshd_not_to_be_run
+[Service]
+EnvironmentFile=-/etc/default/ssh
+ExecStartPre=/usr/bin/test -c /dev/null
+ExecStart=/usr/sbin/sshd -D $SSHD_OPTS
+ExecReload=/bin/kill -HUP $MAINPID
+KillMode=process
+Restart=on-failure
+[Install]
+WantedBy=multi-user.target
diff --git a/debian/systemd/ssh.socket b/debian/systemd/ssh.socket
new file mode 100644
index 000000000..fa1f615e4
--- /dev/null
+++ b/debian/systemd/ssh.socket
@@ -0,0 +1,11 @@
+[Unit]
+Description=OpenBSD Secure Shell server socket
+Conflicts=ssh.service
+ConditionPathExists=!/etc/ssh/sshd_not_to_be_run
+[Socket]
+ListenStream=22
+Accept=yes
+[Install]
+WantedBy=sockets.target
diff --git a/debian/systemd/ssh@.service b/debian/systemd/ssh@.service
new file mode 100644
index 000000000..c2f9b1547
--- /dev/null
+++ b/debian/systemd/ssh@.service
@@ -0,0 +1,9 @@
+[Unit]
+Description=OpenBSD Secure Shell server per-connection daemon
+After=auditd.service
+[Service]
+EnvironmentFile=-/etc/default/ssh
+ExecStartPre=/usr/bin/test -c /dev/null
+ExecStart=-/usr/sbin/sshd -i $SSHD_OPTS
+StandardInput=socket
diff --git a/debian/systemd/sshd.conf b/debian/systemd/sshd.conf
new file mode 100644
index 000000000..ab7302189
--- /dev/null
+++ b/debian/systemd/sshd.conf
@@ -0,0 +1 @@
+d /var/run/sshd 0755 root root
author	Colin Watson <cjwatson@debian.org>	2014-02-10 14:37:55 +0000
committer	Colin Watson <cjwatson@debian.org>	2014-02-10 14:37:55 +0000
commit	11cbb530aa4ca54344eb8941342bfe510f4b981b (patch)
tree	3cc6e4aa03bb76121fa1d4f8ee2fbcbdc6cdb5c1
parent	e4c505521f820cadada465ebfa8ff12e3d37feb9 (diff)

diff --git a/debian/README.Debian b/debian/README.Debian index 00dfea13d..b9efeb9f5 100644 --- a/debian/README.Debian +++ b/debian/README.Debian
@@ -201,6 +201,26 @@ If you do this, note that you will need to stop sshd being started in the
201	normal way ('rm -f /etc/rc[2345].d/S16ssh') and that you will need to	201	normal way ('rm -f /etc/rc[2345].d/S16ssh') and that you will need to
202	restart this sshd manually on upgrades.	202	restart this sshd manually on upgrades.
203		203
		204	systemd socket activation
		205	-------------------------
		206
		207	If you want to reconfigure systemd to launch sshd using socket activation,
		208	then you can run:
		209
		210	systemctl stop ssh.service
		211	systemctl start ssh.socket
		212
		213	To make this permanent:
		214
		215	systemctl disable ssh.service
		216	systemctl enable ssh.socket
		217
		218	This may be appropriate in environments where minimal footprint is critical
		219	(e.g. cloud guests). Be aware that this bypasses MaxStartups, and systemd's
		220	MaxConnections cannot quite replace this as it cannot distinguish between
		221	authenticated and unauthenticated connections; see
		222	https://bugzilla.redhat.com/show_bug.cgi?id=963268 for more discussion.
		223
204	--	224	--
205	Matthew Vernon <matthew@debian.org>	225	Matthew Vernon <matthew@debian.org>
206	Colin Watson <cjwatson@debian.org>	226	Colin Watson <cjwatson@debian.org>


diff --git a/debian/changelog b/debian/changelog index 5dc215554..e0adf6e70 100644 --- a/debian/changelog +++ b/debian/changelog
@@ -28,6 +28,7 @@ openssh (1:6.5p1-1) UNRELEASED; urgency=medium
28	'ssh-keygen -q -f /etc/ssh/ssh_host_ed25519_key -N "" -t ed25519'.	28	'ssh-keygen -q -f /etc/ssh/ssh_host_ed25519_key -N "" -t ed25519'.
29	* Drop long-obsolete "SSH now uses protocol 2 by default" section from	29	* Drop long-obsolete "SSH now uses protocol 2 by default" section from
30	README.Debian.	30	README.Debian.
		31	* Add systemd support (thanks, Sven Joachim; closes: #676830).
31		32
32	-- Colin Watson <cjwatson@debian.org> Sun, 09 Feb 2014 15:52:14 +0000	33	-- Colin Watson <cjwatson@debian.org> Sun, 09 Feb 2014 15:52:14 +0000
33		34


diff --git a/debian/control b/debian/control index 8b3679570..78746affe 100644 --- a/debian/control +++ b/debian/control
@@ -2,7 +2,7 @@ Source: openssh
2	Section: net	2	Section: net
3	Priority: standard	3	Priority: standard
4	Maintainer: Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>	4	Maintainer: Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>
5	Build-Depends: libwrap0-dev \| libwrap-dev, zlib1g-dev (>= 1:1.2.3-1), libssl-dev (>= 0.9.8g), libpam0g-dev \| libpam-dev, libgtk2.0-dev, libedit-dev, debhelper (>= 8.1.0~), libselinux1-dev [linux-any], libkrb5-dev \| heimdal-dev, dpkg (>= 1.16.1~), libck-connector-dev, dh-autoreconf, autotools-dev	5	Build-Depends: libwrap0-dev \| libwrap-dev, zlib1g-dev (>= 1:1.2.3-1), libssl-dev (>= 0.9.8g), libpam0g-dev \| libpam-dev, libgtk2.0-dev, libedit-dev, debhelper (>= 8.1.0~), libselinux1-dev [linux-any], libkrb5-dev \| heimdal-dev, dpkg (>= 1.16.1~), libck-connector-dev, dh-autoreconf, autotools-dev, dh-systemd (>= 1.4)
6	Standards-Version: 3.8.4	6	Standards-Version: 3.8.4
7	Uploaders: Colin Watson <cjwatson@debian.org>, Matthew Vernon <matthew@debian.org>	7	Uploaders: Colin Watson <cjwatson@debian.org>, Matthew Vernon <matthew@debian.org>
8	Homepage: http://www.openssh.org/	8	Homepage: http://www.openssh.org/


diff --git a/debian/openssh-server.install b/debian/openssh-server.install index 8e04c4170..d04788cca 100644 --- a/debian/openssh-server.install +++ b/debian/openssh-server.install
@@ -4,3 +4,7 @@ usr/share/man/man5/authorized_keys.5
4	usr/share/man/man5/sshd_config.5	4	usr/share/man/man5/sshd_config.5
5	usr/share/man/man8/sftp-server.8	5	usr/share/man/man8/sftp-server.8
6	usr/share/man/man8/sshd.8	6	usr/share/man/man8/sshd.8
		7
		8	debian/systemd/ssh.socket lib/systemd/system
		9	debian/systemd/ssh@.service lib/systemd/system
		10	debian/systemd/sshd.conf usr/lib/tmpfiles.d


diff --git a/debian/openssh-server.postinst b/debian/openssh-server.postinst index 91c757db5..b35e227e7 100644 --- a/debian/openssh-server.postinst +++ b/debian/openssh-server.postinst
@@ -304,6 +304,13 @@ if [ "$action" = configure ]; then
304	# restart it under Upstart.	304	# restart it under Upstart.
305	start-stop-daemon --stop --quiet --oknodo --pidfile /var/run/sshd.pid \|\| true	305	start-stop-daemon --stop --quiet --oknodo --pidfile /var/run/sshd.pid \|\| true
306	fi	306	fi
		307	if dpkg --compare-versions "$2" lt 1:6.5p1-1 && \
		308	[ -d /run/systemd/system ] && \
		309	! systemctl --quiet is-active ssh; then
		310	# We must stop the sysvinit-controlled sshd before we can
		311	# restart it under systemd.
		312	start-stop-daemon --stop --quiet --oknodo --pidfile /var/run/sshd.pid \|\| true
		313	fi
307	fi	314	fi
308		315
309	#DEBHELPER#	316	#DEBHELPER#


diff --git a/debian/openssh-server.ssh.service b/debian/openssh-server.ssh.service new file mode 120000 index 000000000..609457230 --- /dev/null +++ b/debian/openssh-server.ssh.service
@@ -0,0 +1 @@
			systemd/ssh.service \ No newline at end of file


diff --git a/debian/rules b/debian/rules index 5b0d8f9d6..c8870b3a4 100755 --- a/debian/rules +++ b/debian/rules
@@ -114,7 +114,7 @@ confflags += --with-ldflags='$(strip -Wl,--as-needed $(default_ldflags))'
114	confflags_udeb += --with-ldflags='-Wl,--as-needed'	114	confflags_udeb += --with-ldflags='-Wl,--as-needed'
115		115
116	%:	116	%:
117	dh $@ --with=autoreconf	117	dh $@ --with=autoreconf,systemd
118		118
119	autoreconf:	119	autoreconf:
120	autoreconf -f -i	120	autoreconf -f -i
@@ -190,6 +190,9 @@ override_dh_installdocs:
190	# Avoid breaking dh_installexamples later.	190	# Avoid breaking dh_installexamples later.
191	mkdir -p debian/openssh-server/usr/share/doc/openssh-client	191	mkdir -p debian/openssh-server/usr/share/doc/openssh-client
192		192
		193	override_dh_systemd_enable:
		194	dh_systemd_enable --name ssh
		195
193	override_dh_installinit:	196	override_dh_installinit:
194	dh_installinit -R --name ssh -- start 16 2 3 4 5 .	197	dh_installinit -R --name ssh -- start 16 2 3 4 5 .
195		198


diff --git a/debian/systemd/ssh.service b/debian/systemd/ssh.service new file mode 100644 index 000000000..333690bfc --- /dev/null +++ b/debian/systemd/ssh.service
@@ -0,0 +1,15 @@
		1	[Unit]
		2	Description=OpenBSD Secure Shell server
		3	After=syslog.target network.target auditd.service
		4	ConditionPathExists=!/etc/ssh/sshd_not_to_be_run
		5
		6	[Service]
		7	EnvironmentFile=-/etc/default/ssh
		8	ExecStartPre=/usr/bin/test -c /dev/null
		9	ExecStart=/usr/sbin/sshd -D $SSHD_OPTS
		10	ExecReload=/bin/kill -HUP $MAINPID
		11	KillMode=process
		12	Restart=on-failure
		13
		14	[Install]
		15	WantedBy=multi-user.target


diff --git a/debian/systemd/ssh.socket b/debian/systemd/ssh.socket new file mode 100644 index 000000000..fa1f615e4 --- /dev/null +++ b/debian/systemd/ssh.socket
@@ -0,0 +1,11 @@
		1	[Unit]
		2	Description=OpenBSD Secure Shell server socket
		3	Conflicts=ssh.service
		4	ConditionPathExists=!/etc/ssh/sshd_not_to_be_run
		5
		6	[Socket]
		7	ListenStream=22
		8	Accept=yes
		9
		10	[Install]
		11	WantedBy=sockets.target


diff --git a/debian/systemd/ssh@.service b/debian/systemd/ssh@.service new file mode 100644 index 000000000..c2f9b1547 --- /dev/null +++ b/debian/systemd/ssh@.service
@@ -0,0 +1,9 @@
		1	[Unit]
		2	Description=OpenBSD Secure Shell server per-connection daemon
		3	After=auditd.service
		4
		5	[Service]
		6	EnvironmentFile=-/etc/default/ssh
		7	ExecStartPre=/usr/bin/test -c /dev/null
		8	ExecStart=-/usr/sbin/sshd -i $SSHD_OPTS
		9	StandardInput=socket


diff --git a/debian/systemd/sshd.conf b/debian/systemd/sshd.conf new file mode 100644 index 000000000..ab7302189 --- /dev/null +++ b/debian/systemd/sshd.conf
@@ -0,0 +1 @@
			d /var/run/sshd 0755 root root