diff options
author | Colin Watson <cjwatson@debian.org> | 2014-02-10 14:37:55 +0000 |
---|---|---|
committer | Colin Watson <cjwatson@debian.org> | 2014-02-10 14:37:55 +0000 |
commit | 11cbb530aa4ca54344eb8941342bfe510f4b981b (patch) | |
tree | 3cc6e4aa03bb76121fa1d4f8ee2fbcbdc6cdb5c1 /debian | |
parent | e4c505521f820cadada465ebfa8ff12e3d37feb9 (diff) |
Add systemd support (thanks, Sven Joachim; closes: #676830).
Diffstat (limited to 'debian')
-rw-r--r-- | debian/README.Debian | 20 | ||||
-rw-r--r-- | debian/changelog | 1 | ||||
-rw-r--r-- | debian/control | 2 | ||||
-rw-r--r-- | debian/openssh-server.install | 4 | ||||
-rw-r--r-- | debian/openssh-server.postinst | 7 | ||||
l--------- | debian/openssh-server.ssh.service | 1 | ||||
-rwxr-xr-x | debian/rules | 5 | ||||
-rw-r--r-- | debian/systemd/ssh.service | 15 | ||||
-rw-r--r-- | debian/systemd/ssh.socket | 11 | ||||
-rw-r--r-- | debian/systemd/ssh@.service | 9 | ||||
-rw-r--r-- | debian/systemd/sshd.conf | 1 |
11 files changed, 74 insertions, 2 deletions
diff --git a/debian/README.Debian b/debian/README.Debian index 00dfea13d..b9efeb9f5 100644 --- a/debian/README.Debian +++ b/debian/README.Debian | |||
@@ -201,6 +201,26 @@ If you do this, note that you will need to stop sshd being started in the | |||
201 | normal way ('rm -f /etc/rc[2345].d/S16ssh') and that you will need to | 201 | normal way ('rm -f /etc/rc[2345].d/S16ssh') and that you will need to |
202 | restart this sshd manually on upgrades. | 202 | restart this sshd manually on upgrades. |
203 | 203 | ||
204 | systemd socket activation | ||
205 | ------------------------- | ||
206 | |||
207 | If you want to reconfigure systemd to launch sshd using socket activation, | ||
208 | then you can run: | ||
209 | |||
210 | systemctl stop ssh.service | ||
211 | systemctl start ssh.socket | ||
212 | |||
213 | To make this permanent: | ||
214 | |||
215 | systemctl disable ssh.service | ||
216 | systemctl enable ssh.socket | ||
217 | |||
218 | This may be appropriate in environments where minimal footprint is critical | ||
219 | (e.g. cloud guests). Be aware that this bypasses MaxStartups, and systemd's | ||
220 | MaxConnections cannot quite replace this as it cannot distinguish between | ||
221 | authenticated and unauthenticated connections; see | ||
222 | https://bugzilla.redhat.com/show_bug.cgi?id=963268 for more discussion. | ||
223 | |||
204 | -- | 224 | -- |
205 | Matthew Vernon <matthew@debian.org> | 225 | Matthew Vernon <matthew@debian.org> |
206 | Colin Watson <cjwatson@debian.org> | 226 | Colin Watson <cjwatson@debian.org> |
diff --git a/debian/changelog b/debian/changelog index 5dc215554..e0adf6e70 100644 --- a/debian/changelog +++ b/debian/changelog | |||
@@ -28,6 +28,7 @@ openssh (1:6.5p1-1) UNRELEASED; urgency=medium | |||
28 | 'ssh-keygen -q -f /etc/ssh/ssh_host_ed25519_key -N "" -t ed25519'. | 28 | 'ssh-keygen -q -f /etc/ssh/ssh_host_ed25519_key -N "" -t ed25519'. |
29 | * Drop long-obsolete "SSH now uses protocol 2 by default" section from | 29 | * Drop long-obsolete "SSH now uses protocol 2 by default" section from |
30 | README.Debian. | 30 | README.Debian. |
31 | * Add systemd support (thanks, Sven Joachim; closes: #676830). | ||
31 | 32 | ||
32 | -- Colin Watson <cjwatson@debian.org> Sun, 09 Feb 2014 15:52:14 +0000 | 33 | -- Colin Watson <cjwatson@debian.org> Sun, 09 Feb 2014 15:52:14 +0000 |
33 | 34 | ||
diff --git a/debian/control b/debian/control index 8b3679570..78746affe 100644 --- a/debian/control +++ b/debian/control | |||
@@ -2,7 +2,7 @@ Source: openssh | |||
2 | Section: net | 2 | Section: net |
3 | Priority: standard | 3 | Priority: standard |
4 | Maintainer: Debian OpenSSH Maintainers <debian-ssh@lists.debian.org> | 4 | Maintainer: Debian OpenSSH Maintainers <debian-ssh@lists.debian.org> |
5 | Build-Depends: libwrap0-dev | libwrap-dev, zlib1g-dev (>= 1:1.2.3-1), libssl-dev (>= 0.9.8g), libpam0g-dev | libpam-dev, libgtk2.0-dev, libedit-dev, debhelper (>= 8.1.0~), libselinux1-dev [linux-any], libkrb5-dev | heimdal-dev, dpkg (>= 1.16.1~), libck-connector-dev, dh-autoreconf, autotools-dev | 5 | Build-Depends: libwrap0-dev | libwrap-dev, zlib1g-dev (>= 1:1.2.3-1), libssl-dev (>= 0.9.8g), libpam0g-dev | libpam-dev, libgtk2.0-dev, libedit-dev, debhelper (>= 8.1.0~), libselinux1-dev [linux-any], libkrb5-dev | heimdal-dev, dpkg (>= 1.16.1~), libck-connector-dev, dh-autoreconf, autotools-dev, dh-systemd (>= 1.4) |
6 | Standards-Version: 3.8.4 | 6 | Standards-Version: 3.8.4 |
7 | Uploaders: Colin Watson <cjwatson@debian.org>, Matthew Vernon <matthew@debian.org> | 7 | Uploaders: Colin Watson <cjwatson@debian.org>, Matthew Vernon <matthew@debian.org> |
8 | Homepage: http://www.openssh.org/ | 8 | Homepage: http://www.openssh.org/ |
diff --git a/debian/openssh-server.install b/debian/openssh-server.install index 8e04c4170..d04788cca 100644 --- a/debian/openssh-server.install +++ b/debian/openssh-server.install | |||
@@ -4,3 +4,7 @@ usr/share/man/man5/authorized_keys.5 | |||
4 | usr/share/man/man5/sshd_config.5 | 4 | usr/share/man/man5/sshd_config.5 |
5 | usr/share/man/man8/sftp-server.8 | 5 | usr/share/man/man8/sftp-server.8 |
6 | usr/share/man/man8/sshd.8 | 6 | usr/share/man/man8/sshd.8 |
7 | |||
8 | debian/systemd/ssh.socket lib/systemd/system | ||
9 | debian/systemd/ssh@.service lib/systemd/system | ||
10 | debian/systemd/sshd.conf usr/lib/tmpfiles.d | ||
diff --git a/debian/openssh-server.postinst b/debian/openssh-server.postinst index 91c757db5..b35e227e7 100644 --- a/debian/openssh-server.postinst +++ b/debian/openssh-server.postinst | |||
@@ -304,6 +304,13 @@ if [ "$action" = configure ]; then | |||
304 | # restart it under Upstart. | 304 | # restart it under Upstart. |
305 | start-stop-daemon --stop --quiet --oknodo --pidfile /var/run/sshd.pid || true | 305 | start-stop-daemon --stop --quiet --oknodo --pidfile /var/run/sshd.pid || true |
306 | fi | 306 | fi |
307 | if dpkg --compare-versions "$2" lt 1:6.5p1-1 && \ | ||
308 | [ -d /run/systemd/system ] && \ | ||
309 | ! systemctl --quiet is-active ssh; then | ||
310 | # We must stop the sysvinit-controlled sshd before we can | ||
311 | # restart it under systemd. | ||
312 | start-stop-daemon --stop --quiet --oknodo --pidfile /var/run/sshd.pid || true | ||
313 | fi | ||
307 | fi | 314 | fi |
308 | 315 | ||
309 | #DEBHELPER# | 316 | #DEBHELPER# |
diff --git a/debian/openssh-server.ssh.service b/debian/openssh-server.ssh.service new file mode 120000 index 000000000..609457230 --- /dev/null +++ b/debian/openssh-server.ssh.service | |||
@@ -0,0 +1 @@ | |||
systemd/ssh.service \ No newline at end of file | |||
diff --git a/debian/rules b/debian/rules index 5b0d8f9d6..c8870b3a4 100755 --- a/debian/rules +++ b/debian/rules | |||
@@ -114,7 +114,7 @@ confflags += --with-ldflags='$(strip -Wl,--as-needed $(default_ldflags))' | |||
114 | confflags_udeb += --with-ldflags='-Wl,--as-needed' | 114 | confflags_udeb += --with-ldflags='-Wl,--as-needed' |
115 | 115 | ||
116 | %: | 116 | %: |
117 | dh $@ --with=autoreconf | 117 | dh $@ --with=autoreconf,systemd |
118 | 118 | ||
119 | autoreconf: | 119 | autoreconf: |
120 | autoreconf -f -i | 120 | autoreconf -f -i |
@@ -190,6 +190,9 @@ override_dh_installdocs: | |||
190 | # Avoid breaking dh_installexamples later. | 190 | # Avoid breaking dh_installexamples later. |
191 | mkdir -p debian/openssh-server/usr/share/doc/openssh-client | 191 | mkdir -p debian/openssh-server/usr/share/doc/openssh-client |
192 | 192 | ||
193 | override_dh_systemd_enable: | ||
194 | dh_systemd_enable --name ssh | ||
195 | |||
193 | override_dh_installinit: | 196 | override_dh_installinit: |
194 | dh_installinit -R --name ssh -- start 16 2 3 4 5 . | 197 | dh_installinit -R --name ssh -- start 16 2 3 4 5 . |
195 | 198 | ||
diff --git a/debian/systemd/ssh.service b/debian/systemd/ssh.service new file mode 100644 index 000000000..333690bfc --- /dev/null +++ b/debian/systemd/ssh.service | |||
@@ -0,0 +1,15 @@ | |||
1 | [Unit] | ||
2 | Description=OpenBSD Secure Shell server | ||
3 | After=syslog.target network.target auditd.service | ||
4 | ConditionPathExists=!/etc/ssh/sshd_not_to_be_run | ||
5 | |||
6 | [Service] | ||
7 | EnvironmentFile=-/etc/default/ssh | ||
8 | ExecStartPre=/usr/bin/test -c /dev/null | ||
9 | ExecStart=/usr/sbin/sshd -D $SSHD_OPTS | ||
10 | ExecReload=/bin/kill -HUP $MAINPID | ||
11 | KillMode=process | ||
12 | Restart=on-failure | ||
13 | |||
14 | [Install] | ||
15 | WantedBy=multi-user.target | ||
diff --git a/debian/systemd/ssh.socket b/debian/systemd/ssh.socket new file mode 100644 index 000000000..fa1f615e4 --- /dev/null +++ b/debian/systemd/ssh.socket | |||
@@ -0,0 +1,11 @@ | |||
1 | [Unit] | ||
2 | Description=OpenBSD Secure Shell server socket | ||
3 | Conflicts=ssh.service | ||
4 | ConditionPathExists=!/etc/ssh/sshd_not_to_be_run | ||
5 | |||
6 | [Socket] | ||
7 | ListenStream=22 | ||
8 | Accept=yes | ||
9 | |||
10 | [Install] | ||
11 | WantedBy=sockets.target | ||
diff --git a/debian/systemd/ssh@.service b/debian/systemd/ssh@.service new file mode 100644 index 000000000..c2f9b1547 --- /dev/null +++ b/debian/systemd/ssh@.service | |||
@@ -0,0 +1,9 @@ | |||
1 | [Unit] | ||
2 | Description=OpenBSD Secure Shell server per-connection daemon | ||
3 | After=auditd.service | ||
4 | |||
5 | [Service] | ||
6 | EnvironmentFile=-/etc/default/ssh | ||
7 | ExecStartPre=/usr/bin/test -c /dev/null | ||
8 | ExecStart=-/usr/sbin/sshd -i $SSHD_OPTS | ||
9 | StandardInput=socket | ||
diff --git a/debian/systemd/sshd.conf b/debian/systemd/sshd.conf new file mode 100644 index 000000000..ab7302189 --- /dev/null +++ b/debian/systemd/sshd.conf | |||
@@ -0,0 +1 @@ | |||
d /var/run/sshd 0755 root root | |||