diff options
-rw-r--r-- | configure.ac | 24 | ||||
-rw-r--r-- | debian/.git-dpm | 4 | ||||
-rw-r--r-- | debian/changelog | 7 | ||||
-rw-r--r-- | debian/control | 2 | ||||
-rw-r--r-- | debian/patches/backport-fix-first-kex-follows.patch | 2 | ||||
-rw-r--r-- | debian/patches/debian-config.patch | 2 | ||||
-rw-r--r-- | debian/patches/series | 1 | ||||
-rw-r--r-- | debian/patches/systemd-readiness.patch | 84 | ||||
-rwxr-xr-x | debian/rules | 1 | ||||
-rw-r--r-- | debian/systemd/ssh.service | 2 | ||||
-rw-r--r-- | sshd.c | 9 |
11 files changed, 133 insertions, 5 deletions
diff --git a/configure.ac b/configure.ac index 128889a28..eec2b727c 100644 --- a/configure.ac +++ b/configure.ac | |||
@@ -4213,6 +4213,29 @@ AC_ARG_WITH([kerberos5], | |||
4213 | AC_SUBST([GSSLIBS]) | 4213 | AC_SUBST([GSSLIBS]) |
4214 | AC_SUBST([K5LIBS]) | 4214 | AC_SUBST([K5LIBS]) |
4215 | 4215 | ||
4216 | # Check whether user wants systemd support | ||
4217 | SYSTEMD_MSG="no" | ||
4218 | AC_ARG_WITH(systemd, | ||
4219 | [ --with-systemd Enable systemd support], | ||
4220 | [ if test "x$withval" != "xno" ; then | ||
4221 | AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no]) | ||
4222 | if test "$PKGCONFIG" != "no"; then | ||
4223 | AC_MSG_CHECKING([for libsystemd]) | ||
4224 | if $PKGCONFIG --exists libsystemd; then | ||
4225 | SYSTEMD_CFLAGS=`$PKGCONFIG --cflags libsystemd` | ||
4226 | SYSTEMD_LIBS=`$PKGCONFIG --libs libsystemd` | ||
4227 | CPPFLAGS="$CPPFLAGS $SYSTEMD_CFLAGS" | ||
4228 | SSHDLIBS="$SSHDLIBS $SYSTEMD_LIBS" | ||
4229 | AC_MSG_RESULT([yes]) | ||
4230 | AC_DEFINE(HAVE_SYSTEMD, 1, [Define if you want systemd support.]) | ||
4231 | SYSTEMD_MSG="yes" | ||
4232 | else | ||
4233 | AC_MSG_RESULT([no]) | ||
4234 | fi | ||
4235 | fi | ||
4236 | fi ] | ||
4237 | ) | ||
4238 | |||
4216 | # Looking for programs, paths and files | 4239 | # Looking for programs, paths and files |
4217 | 4240 | ||
4218 | PRIVSEP_PATH=/var/empty | 4241 | PRIVSEP_PATH=/var/empty |
@@ -5014,6 +5037,7 @@ echo " MD5 password support: $MD5_MSG" | |||
5014 | echo " libedit support: $LIBEDIT_MSG" | 5037 | echo " libedit support: $LIBEDIT_MSG" |
5015 | echo " Solaris process contract support: $SPC_MSG" | 5038 | echo " Solaris process contract support: $SPC_MSG" |
5016 | echo " Solaris project support: $SP_MSG" | 5039 | echo " Solaris project support: $SP_MSG" |
5040 | echo " systemd support: $SYSTEMD_MSG" | ||
5017 | echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG" | 5041 | echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG" |
5018 | echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG" | 5042 | echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG" |
5019 | echo " BSD Auth support: $BSD_AUTH_MSG" | 5043 | echo " BSD Auth support: $BSD_AUTH_MSG" |
diff --git a/debian/.git-dpm b/debian/.git-dpm index a5ea18e89..b74a96d43 100644 --- a/debian/.git-dpm +++ b/debian/.git-dpm | |||
@@ -1,6 +1,6 @@ | |||
1 | # see git-dpm(1) from git-dpm package | 1 | # see git-dpm(1) from git-dpm package |
2 | ed5dcc5819cd53636938bd5c30b8c5acdd1615e1 | 2 | 480b475c69faf9cfa748cc445e36201bc7a81b80 |
3 | ed5dcc5819cd53636938bd5c30b8c5acdd1615e1 | 3 | 480b475c69faf9cfa748cc445e36201bc7a81b80 |
4 | 651211fd4a199b299540c00c54a46e27fadb04be | 4 | 651211fd4a199b299540c00c54a46e27fadb04be |
5 | 651211fd4a199b299540c00c54a46e27fadb04be | 5 | 651211fd4a199b299540c00c54a46e27fadb04be |
6 | openssh_7.1p1.orig.tar.gz | 6 | openssh_7.1p1.orig.tar.gz |
diff --git a/debian/changelog b/debian/changelog index ff9eb099d..faa138ce0 100644 --- a/debian/changelog +++ b/debian/changelog | |||
@@ -1,3 +1,10 @@ | |||
1 | openssh (1:7.1p1-5) UNRELEASED; urgency=medium | ||
2 | |||
3 | [ Michael Biebl ] | ||
4 | * Add systemd readiness notification support (closes: #778913). | ||
5 | |||
6 | -- Colin Watson <cjwatson@debian.org> Mon, 21 Dec 2015 16:10:53 +0000 | ||
7 | |||
1 | openssh (1:7.1p1-4) unstable; urgency=medium | 8 | openssh (1:7.1p1-4) unstable; urgency=medium |
2 | 9 | ||
3 | * Backport upstream patch to unbreak connections with peers that set | 10 | * Backport upstream patch to unbreak connections with peers that set |
diff --git a/debian/control b/debian/control index 8ecb3d44a..fc705b3d8 100644 --- a/debian/control +++ b/debian/control | |||
@@ -2,7 +2,7 @@ Source: openssh | |||
2 | Section: net | 2 | Section: net |
3 | Priority: standard | 3 | Priority: standard |
4 | Maintainer: Debian OpenSSH Maintainers <debian-ssh@lists.debian.org> | 4 | Maintainer: Debian OpenSSH Maintainers <debian-ssh@lists.debian.org> |
5 | Build-Depends: libwrap0-dev | libwrap-dev, zlib1g-dev (>= 1:1.2.3), libssl-dev (>= 0.9.8g), libpam0g-dev | libpam-dev, libgtk2.0-dev, libedit-dev, debhelper (>= 9~), dh-exec, libselinux1-dev [linux-any], libkrb5-dev | heimdal-dev, dpkg-dev (>= 1.16.1~), dh-autoreconf, autotools-dev, dh-systemd (>= 1.4), libaudit-dev [linux-any] | 5 | Build-Depends: libwrap0-dev | libwrap-dev, zlib1g-dev (>= 1:1.2.3), libssl-dev (>= 0.9.8g), libpam0g-dev | libpam-dev, libgtk2.0-dev, libedit-dev, debhelper (>= 9~), dh-exec, libselinux1-dev [linux-any], libkrb5-dev | heimdal-dev, dpkg-dev (>= 1.16.1~), dh-autoreconf, autotools-dev, dh-systemd (>= 1.4), libaudit-dev [linux-any], libsystemd-dev [linux-any] |
6 | XS-Testsuite: autopkgtest | 6 | XS-Testsuite: autopkgtest |
7 | Standards-Version: 3.9.6 | 7 | Standards-Version: 3.9.6 |
8 | Uploaders: Colin Watson <cjwatson@debian.org>, Matthew Vernon <matthew@debian.org> | 8 | Uploaders: Colin Watson <cjwatson@debian.org>, Matthew Vernon <matthew@debian.org> |
diff --git a/debian/patches/backport-fix-first-kex-follows.patch b/debian/patches/backport-fix-first-kex-follows.patch index 0333adad1..07c86b948 100644 --- a/debian/patches/backport-fix-first-kex-follows.patch +++ b/debian/patches/backport-fix-first-kex-follows.patch | |||
@@ -1,4 +1,4 @@ | |||
1 | From ed5dcc5819cd53636938bd5c30b8c5acdd1615e1 Mon Sep 17 00:00:00 2001 | 1 | From 480b475c69faf9cfa748cc445e36201bc7a81b80 Mon Sep 17 00:00:00 2001 |
2 | From: Damien Miller <djm@mindrot.org> | 2 | From: Damien Miller <djm@mindrot.org> |
3 | Date: Tue, 15 Dec 2015 15:25:04 +0000 | 3 | Date: Tue, 15 Dec 2015 15:25:04 +0000 |
4 | Subject: upstream commit | 4 | Subject: upstream commit |
diff --git a/debian/patches/debian-config.patch b/debian/patches/debian-config.patch index cfa6ef6b7..6bd50eaad 100644 --- a/debian/patches/debian-config.patch +++ b/debian/patches/debian-config.patch | |||
@@ -1,4 +1,4 @@ | |||
1 | From 9351b179c72f18dc1b1d5bb84b2a7dab5e0af3fc Mon Sep 17 00:00:00 2001 | 1 | From a466a627b806905df9c7583af7edcf39e9481201 Mon Sep 17 00:00:00 2001 |
2 | From: Colin Watson <cjwatson@debian.org> | 2 | From: Colin Watson <cjwatson@debian.org> |
3 | Date: Sun, 9 Feb 2014 16:10:18 +0000 | 3 | Date: Sun, 9 Feb 2014 16:10:18 +0000 |
4 | Subject: Various Debian-specific configuration changes | 4 | Subject: Various Debian-specific configuration changes |
diff --git a/debian/patches/series b/debian/patches/series index 340077745..f7eb1cc8b 100644 --- a/debian/patches/series +++ b/debian/patches/series | |||
@@ -24,5 +24,6 @@ ssh-agent-setgid.patch | |||
24 | no-openssl-version-status.patch | 24 | no-openssl-version-status.patch |
25 | gnome-ssh-askpass2-icon.patch | 25 | gnome-ssh-askpass2-icon.patch |
26 | sigstop.patch | 26 | sigstop.patch |
27 | systemd-readiness.patch | ||
27 | debian-config.patch | 28 | debian-config.patch |
28 | backport-fix-first-kex-follows.patch | 29 | backport-fix-first-kex-follows.patch |
diff --git a/debian/patches/systemd-readiness.patch b/debian/patches/systemd-readiness.patch new file mode 100644 index 000000000..bbe3b2cd5 --- /dev/null +++ b/debian/patches/systemd-readiness.patch | |||
@@ -0,0 +1,84 @@ | |||
1 | From 818791ef8edf087481bd49eb32335c8d7e1953d6 Mon Sep 17 00:00:00 2001 | ||
2 | From: Michael Biebl <biebl@debian.org> | ||
3 | Date: Mon, 21 Dec 2015 16:08:47 +0000 | ||
4 | Subject: Add systemd readiness notification support | ||
5 | |||
6 | Bug-Debian: https://bugs.debian.org/778913 | ||
7 | Forwarded: no | ||
8 | Last-Update: 2015-12-21 | ||
9 | |||
10 | Patch-Name: systemd-readiness.patch | ||
11 | --- | ||
12 | configure.ac | 24 ++++++++++++++++++++++++ | ||
13 | sshd.c | 9 +++++++++ | ||
14 | 2 files changed, 33 insertions(+) | ||
15 | |||
16 | diff --git a/configure.ac b/configure.ac | ||
17 | index 128889a..eec2b72 100644 | ||
18 | --- a/configure.ac | ||
19 | +++ b/configure.ac | ||
20 | @@ -4213,6 +4213,29 @@ AC_ARG_WITH([kerberos5], | ||
21 | AC_SUBST([GSSLIBS]) | ||
22 | AC_SUBST([K5LIBS]) | ||
23 | |||
24 | +# Check whether user wants systemd support | ||
25 | +SYSTEMD_MSG="no" | ||
26 | +AC_ARG_WITH(systemd, | ||
27 | + [ --with-systemd Enable systemd support], | ||
28 | + [ if test "x$withval" != "xno" ; then | ||
29 | + AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no]) | ||
30 | + if test "$PKGCONFIG" != "no"; then | ||
31 | + AC_MSG_CHECKING([for libsystemd]) | ||
32 | + if $PKGCONFIG --exists libsystemd; then | ||
33 | + SYSTEMD_CFLAGS=`$PKGCONFIG --cflags libsystemd` | ||
34 | + SYSTEMD_LIBS=`$PKGCONFIG --libs libsystemd` | ||
35 | + CPPFLAGS="$CPPFLAGS $SYSTEMD_CFLAGS" | ||
36 | + SSHDLIBS="$SSHDLIBS $SYSTEMD_LIBS" | ||
37 | + AC_MSG_RESULT([yes]) | ||
38 | + AC_DEFINE(HAVE_SYSTEMD, 1, [Define if you want systemd support.]) | ||
39 | + SYSTEMD_MSG="yes" | ||
40 | + else | ||
41 | + AC_MSG_RESULT([no]) | ||
42 | + fi | ||
43 | + fi | ||
44 | + fi ] | ||
45 | +) | ||
46 | + | ||
47 | # Looking for programs, paths and files | ||
48 | |||
49 | PRIVSEP_PATH=/var/empty | ||
50 | @@ -5014,6 +5037,7 @@ echo " MD5 password support: $MD5_MSG" | ||
51 | echo " libedit support: $LIBEDIT_MSG" | ||
52 | echo " Solaris process contract support: $SPC_MSG" | ||
53 | echo " Solaris project support: $SP_MSG" | ||
54 | +echo " systemd support: $SYSTEMD_MSG" | ||
55 | echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG" | ||
56 | echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG" | ||
57 | echo " BSD Auth support: $BSD_AUTH_MSG" | ||
58 | diff --git a/sshd.c b/sshd.c | ||
59 | index 7e72b9b..4d28dc0 100644 | ||
60 | --- a/sshd.c | ||
61 | +++ b/sshd.c | ||
62 | @@ -85,6 +85,10 @@ | ||
63 | #include <prot.h> | ||
64 | #endif | ||
65 | |||
66 | +#ifdef HAVE_SYSTEMD | ||
67 | +#include <systemd/sd-daemon.h> | ||
68 | +#endif | ||
69 | + | ||
70 | #include "xmalloc.h" | ||
71 | #include "ssh.h" | ||
72 | #include "ssh1.h" | ||
73 | @@ -2011,6 +2015,11 @@ main(int ac, char **av) | ||
74 | /* ignore SIGPIPE */ | ||
75 | signal(SIGPIPE, SIG_IGN); | ||
76 | |||
77 | +#ifdef HAVE_SYSTEMD | ||
78 | + /* Signal systemd that we are ready to accept connections */ | ||
79 | + sd_notify(0, "READY=1"); | ||
80 | +#endif | ||
81 | + | ||
82 | /* Get a connection, either from inetd or a listening TCP socket */ | ||
83 | if (inetd_flag) { | ||
84 | server_accept_inetd(&sock_in, &sock_out); | ||
diff --git a/debian/rules b/debian/rules index e67053cdd..01937b39e 100755 --- a/debian/rules +++ b/debian/rules | |||
@@ -92,6 +92,7 @@ confflags += --with-ssl-engine | |||
92 | ifeq ($(DEB_HOST_ARCH_OS),linux) | 92 | ifeq ($(DEB_HOST_ARCH_OS),linux) |
93 | confflags += --with-selinux | 93 | confflags += --with-selinux |
94 | confflags += --with-audit=linux | 94 | confflags += --with-audit=linux |
95 | confflags += --with-systemd | ||
95 | endif | 96 | endif |
96 | 97 | ||
97 | # The deb build wants xauth; the udeb build doesn't. | 98 | # The deb build wants xauth; the udeb build doesn't. |
diff --git a/debian/systemd/ssh.service b/debian/systemd/ssh.service index ff28d39c1..3df8c6426 100644 --- a/debian/systemd/ssh.service +++ b/debian/systemd/ssh.service | |||
@@ -9,6 +9,8 @@ ExecStart=/usr/sbin/sshd -D $SSHD_OPTS | |||
9 | ExecReload=/bin/kill -HUP $MAINPID | 9 | ExecReload=/bin/kill -HUP $MAINPID |
10 | KillMode=process | 10 | KillMode=process |
11 | Restart=on-failure | 11 | Restart=on-failure |
12 | RestartPreventExitStatus=255 | ||
13 | Type=notify | ||
12 | 14 | ||
13 | [Install] | 15 | [Install] |
14 | WantedBy=multi-user.target | 16 | WantedBy=multi-user.target |
@@ -85,6 +85,10 @@ | |||
85 | #include <prot.h> | 85 | #include <prot.h> |
86 | #endif | 86 | #endif |
87 | 87 | ||
88 | #ifdef HAVE_SYSTEMD | ||
89 | #include <systemd/sd-daemon.h> | ||
90 | #endif | ||
91 | |||
88 | #include "xmalloc.h" | 92 | #include "xmalloc.h" |
89 | #include "ssh.h" | 93 | #include "ssh.h" |
90 | #include "ssh1.h" | 94 | #include "ssh1.h" |
@@ -2011,6 +2015,11 @@ main(int ac, char **av) | |||
2011 | /* ignore SIGPIPE */ | 2015 | /* ignore SIGPIPE */ |
2012 | signal(SIGPIPE, SIG_IGN); | 2016 | signal(SIGPIPE, SIG_IGN); |
2013 | 2017 | ||
2018 | #ifdef HAVE_SYSTEMD | ||
2019 | /* Signal systemd that we are ready to accept connections */ | ||
2020 | sd_notify(0, "READY=1"); | ||
2021 | #endif | ||
2022 | |||
2014 | /* Get a connection, either from inetd or a listening TCP socket */ | 2023 | /* Get a connection, either from inetd or a listening TCP socket */ |
2015 | if (inetd_flag) { | 2024 | if (inetd_flag) { |
2016 | server_accept_inetd(&sock_in, &sock_out); | 2025 | server_accept_inetd(&sock_in, &sock_out); |