11 files changed, 133 insertions, 5 deletions
diff --git a/configure.ac b/configure.ac
index 128889a28..eec2b727c 100644
--- a/configure.ac
+++ b/configure.ac
@@ -4213,6 +4213,29 @@ AC_ARG_WITH([kerberos5],
 AC_SUBST([GSSLIBS])
 AC_SUBST([K5LIBS])
+# Check whether user wants systemd support
+SYSTEMD_MSG="no"
+AC_ARG_WITH(systemd,
+        [  --with-systemd          Enable systemd support],
+        [ if test "x$withval" != "xno" ; then
+                AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no])
+                if test "$PKGCONFIG" != "no"; then
+                        AC_MSG_CHECKING([for libsystemd])
+                        if $PKGCONFIG --exists libsystemd; then
+                                SYSTEMD_CFLAGS=`$PKGCONFIG --cflags libsystemd`
+                                SYSTEMD_LIBS=`$PKGCONFIG --libs libsystemd`
+                                CPPFLAGS="$CPPFLAGS $SYSTEMD_CFLAGS"
+                                SSHDLIBS="$SSHDLIBS $SYSTEMD_LIBS"
+                                AC_MSG_RESULT([yes])
+                                AC_DEFINE(HAVE_SYSTEMD, 1, [Define if you want systemd support.])
+                                SYSTEMD_MSG="yes"
+                        else
+                                AC_MSG_RESULT([no])
+                        fi
+                fi
+        fi ]
+)
 # Looking for programs, paths and files
 PRIVSEP_PATH=/var/empty
@@ -5014,6 +5037,7 @@ echo "              MD5 password support: $MD5_MSG"
 echo "                   libedit support: $LIBEDIT_MSG"
 echo "  Solaris process contract support: $SPC_MSG"
 echo "           Solaris project support: $SP_MSG"
+echo "                   systemd support: $SYSTEMD_MSG"
 echo "       IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
 echo "           Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
 echo "                  BSD Auth support: $BSD_AUTH_MSG"
diff --git a/debian/.git-dpm b/debian/.git-dpm
index a5ea18e89..b74a96d43 100644
--- a/debian/.git-dpm
+++ b/debian/.git-dpm
@@ -1,6 +1,6 @@
 # see git-dpm(1) from git-dpm package
-ed5dcc5819cd53636938bd5c30b8c5acdd1615e1
+480b475c69faf9cfa748cc445e36201bc7a81b80
-ed5dcc5819cd53636938bd5c30b8c5acdd1615e1
+480b475c69faf9cfa748cc445e36201bc7a81b80
 651211fd4a199b299540c00c54a46e27fadb04be
 651211fd4a199b299540c00c54a46e27fadb04be
 openssh_7.1p1.orig.tar.gz
diff --git a/debian/changelog b/debian/changelog
index ff9eb099d..faa138ce0 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+openssh (1:7.1p1-5) UNRELEASED; urgency=medium
+  [ Michael Biebl ]
+  * Add systemd readiness notification support (closes: #778913).
+ -- Colin Watson <cjwatson@debian.org>  Mon, 21 Dec 2015 16:10:53 +0000
 openssh (1:7.1p1-4) unstable; urgency=medium
  * Backport upstream patch to unbreak connections with peers that set
diff --git a/debian/control b/debian/control
index 8ecb3d44a..fc705b3d8 100644
--- a/debian/control
+++ b/debian/control
@@ -2,7 +2,7 @@ Source: openssh
 Section: net
 Priority: standard
 Maintainer: Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>
-Build-Depends: libwrap0-dev | libwrap-dev, zlib1g-dev (>= 1:1.2.3), libssl-dev (>= 0.9.8g), libpam0g-dev | libpam-dev, libgtk2.0-dev, libedit-dev, debhelper (>= 9~), dh-exec, libselinux1-dev [linux-any], libkrb5-dev | heimdal-dev, dpkg-dev (>= 1.16.1~), dh-autoreconf, autotools-dev, dh-systemd (>= 1.4), libaudit-dev [linux-any]
+Build-Depends: libwrap0-dev | libwrap-dev, zlib1g-dev (>= 1:1.2.3), libssl-dev (>= 0.9.8g), libpam0g-dev | libpam-dev, libgtk2.0-dev, libedit-dev, debhelper (>= 9~), dh-exec, libselinux1-dev [linux-any], libkrb5-dev | heimdal-dev, dpkg-dev (>= 1.16.1~), dh-autoreconf, autotools-dev, dh-systemd (>= 1.4), libaudit-dev [linux-any], libsystemd-dev [linux-any]
 XS-Testsuite: autopkgtest
 Standards-Version: 3.9.6
 Uploaders: Colin Watson <cjwatson@debian.org>, Matthew Vernon <matthew@debian.org>
diff --git a/debian/patches/backport-fix-first-kex-follows.patch b/debian/patches/backport-fix-first-kex-follows.patch
index 0333adad1..07c86b948 100644
--- a/debian/patches/backport-fix-first-kex-follows.patch
+++ b/debian/patches/backport-fix-first-kex-follows.patch
@@ -1,4 +1,4 @@
-From ed5dcc5819cd53636938bd5c30b8c5acdd1615e1 Mon Sep 17 00:00:00 2001
+From 480b475c69faf9cfa748cc445e36201bc7a81b80 Mon Sep 17 00:00:00 2001
 From: Damien Miller <djm@mindrot.org>
 Date: Tue, 15 Dec 2015 15:25:04 +0000
 Subject: upstream commit
diff --git a/debian/patches/debian-config.patch b/debian/patches/debian-config.patch
index cfa6ef6b7..6bd50eaad 100644
--- a/debian/patches/debian-config.patch
+++ b/debian/patches/debian-config.patch
@@ -1,4 +1,4 @@
-From 9351b179c72f18dc1b1d5bb84b2a7dab5e0af3fc Mon Sep 17 00:00:00 2001
+From a466a627b806905df9c7583af7edcf39e9481201 Mon Sep 17 00:00:00 2001
 From: Colin Watson <cjwatson@debian.org>
 Date: Sun, 9 Feb 2014 16:10:18 +0000
 Subject: Various Debian-specific configuration changes
diff --git a/debian/patches/series b/debian/patches/series
index 340077745..f7eb1cc8b 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -24,5 +24,6 @@ ssh-agent-setgid.patch
 no-openssl-version-status.patch
 gnome-ssh-askpass2-icon.patch
 sigstop.patch
+systemd-readiness.patch
 debian-config.patch
 backport-fix-first-kex-follows.patch
diff --git a/debian/patches/systemd-readiness.patch b/debian/patches/systemd-readiness.patch
new file mode 100644
index 000000000..bbe3b2cd5
--- /dev/null
+++ b/debian/patches/systemd-readiness.patch
@@ -0,0 +1,84 @@
+From 818791ef8edf087481bd49eb32335c8d7e1953d6 Mon Sep 17 00:00:00 2001
+From: Michael Biebl <biebl@debian.org>
+Date: Mon, 21 Dec 2015 16:08:47 +0000
+Subject: Add systemd readiness notification support
+Bug-Debian: https://bugs.debian.org/778913
+Forwarded: no
+Last-Update: 2015-12-21
+Patch-Name: systemd-readiness.patch
+---
+ configure.ac | 24 ++++++++++++++++++++++++
+ sshd.c       |  9 +++++++++
+ 2 files changed, 33 insertions(+)
+diff --git a/configure.ac b/configure.ac
+index 128889a..eec2b72 100644
+--- a/configure.ac
+++ b/configure.ac
+@@ -4213,6 +4213,29 @@ AC_ARG_WITH([kerberos5],
+ AC_SUBST([GSSLIBS])
+ AC_SUBST([K5LIBS])
+ 
+# Check whether user wants systemd support
+SYSTEMD_MSG="no"
+AC_ARG_WITH(systemd,
+       [  --with-systemd          Enable systemd support],
+       [ if test "x$withval" != "xno" ; then
+               AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no])
+               if test "$PKGCONFIG" != "no"; then
+                       AC_MSG_CHECKING([for libsystemd])
+                       if $PKGCONFIG --exists libsystemd; then
+                               SYSTEMD_CFLAGS=`$PKGCONFIG --cflags libsystemd`
+                               SYSTEMD_LIBS=`$PKGCONFIG --libs libsystemd`
+                               CPPFLAGS="$CPPFLAGS $SYSTEMD_CFLAGS"
+                               SSHDLIBS="$SSHDLIBS $SYSTEMD_LIBS"
+                               AC_MSG_RESULT([yes])
+                               AC_DEFINE(HAVE_SYSTEMD, 1, [Define if you want systemd support.])
+                               SYSTEMD_MSG="yes"
+                       else
+                               AC_MSG_RESULT([no])
+                       fi
+               fi
+       fi ]
+)
+
+ # Looking for programs, paths and files
+ 
+ PRIVSEP_PATH=/var/empty
+@@ -5014,6 +5037,7 @@ echo "              MD5 password support: $MD5_MSG"
+ echo "                   libedit support: $LIBEDIT_MSG"
+ echo "  Solaris process contract support: $SPC_MSG"
+ echo "           Solaris project support: $SP_MSG"
+echo "                   systemd support: $SYSTEMD_MSG"
+ echo "       IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
+ echo "           Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
+ echo "                  BSD Auth support: $BSD_AUTH_MSG"
+diff --git a/sshd.c b/sshd.c
+index 7e72b9b..4d28dc0 100644
+--- a/sshd.c
+++ b/sshd.c
+@@ -85,6 +85,10 @@
+ #include <prot.h>
+ #endif
+ 
+#ifdef HAVE_SYSTEMD
+#include <systemd/sd-daemon.h>
+#endif
+
+ #include "xmalloc.h"
+ #include "ssh.h"
+ #include "ssh1.h"
+@@ -2011,6 +2015,11 @@ main(int ac, char **av)
+        /* ignore SIGPIPE */
+        signal(SIGPIPE, SIG_IGN);
+ 
+#ifdef HAVE_SYSTEMD
+       /* Signal systemd that we are ready to accept connections */
+       sd_notify(0, "READY=1");
+#endif
+
+        /* Get a connection, either from inetd or a listening TCP socket */
+        if (inetd_flag) {
+                server_accept_inetd(&sock_in, &sock_out);
diff --git a/debian/rules b/debian/rules
index e67053cdd..01937b39e 100755
--- a/debian/rules
+++ b/debian/rules
@@ -92,6 +92,7 @@ confflags += --with-ssl-engine
 ifeq ($(DEB_HOST_ARCH_OS),linux)
 confflags += --with-selinux
 confflags += --with-audit=linux
+confflags += --with-systemd
 endif
 # The deb build wants xauth; the udeb build doesn't.
diff --git a/debian/systemd/ssh.service b/debian/systemd/ssh.service
index ff28d39c1..3df8c6426 100644
--- a/debian/systemd/ssh.service
+++ b/debian/systemd/ssh.service
@@ -9,6 +9,8 @@ ExecStart=/usr/sbin/sshd -D $SSHD_OPTS
 ExecReload=/bin/kill -HUP $MAINPID
 KillMode=process
 Restart=on-failure
+RestartPreventExitStatus=255
+Type=notify
 [Install]
 WantedBy=multi-user.target
diff --git a/sshd.c b/sshd.c
index 7e72b9b84..4d28dc0aa 100644
--- a/sshd.c
+++ b/sshd.c
@@ -85,6 +85,10 @@
 #include <prot.h>
 #endif
+#ifdef HAVE_SYSTEMD
+#include <systemd/sd-daemon.h>
+#endif
 #include "xmalloc.h"
 #include "ssh.h"
 #include "ssh1.h"
@@ -2011,6 +2015,11 @@ main(int ac, char **av)
        /* ignore SIGPIPE */
        signal(SIGPIPE, SIG_IGN);
+#ifdef HAVE_SYSTEMD
+        /* Signal systemd that we are ready to accept connections */
+        sd_notify(0, "READY=1");
+#endif
        /* Get a connection, either from inetd or a listening TCP socket */
        if (inetd_flag) {
                server_accept_inetd(&sock_in, &sock_out);

diff --git a/configure.ac b/configure.ac index 128889a28..eec2b727c 100644 --- a/configure.ac +++ b/configure.ac
@@ -4213,6 +4213,29 @@ AC_ARG_WITH([kerberos5],
4213	AC_SUBST([GSSLIBS])	4213	AC_SUBST([GSSLIBS])
4214	AC_SUBST([K5LIBS])	4214	AC_SUBST([K5LIBS])
4215		4215
		4216	# Check whether user wants systemd support
		4217	SYSTEMD_MSG="no"
		4218	AC_ARG_WITH(systemd,
		4219	[ --with-systemd Enable systemd support],
		4220	[ if test "x$withval" != "xno" ; then
		4221	AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no])
		4222	if test "$PKGCONFIG" != "no"; then
		4223	AC_MSG_CHECKING([for libsystemd])
		4224	if $PKGCONFIG --exists libsystemd; then
		4225	SYSTEMD_CFLAGS=`$PKGCONFIG --cflags libsystemd`
		4226	SYSTEMD_LIBS=`$PKGCONFIG --libs libsystemd`
		4227	CPPFLAGS="$CPPFLAGS $SYSTEMD_CFLAGS"
		4228	SSHDLIBS="$SSHDLIBS $SYSTEMD_LIBS"
		4229	AC_MSG_RESULT([yes])
		4230	AC_DEFINE(HAVE_SYSTEMD, 1, [Define if you want systemd support.])
		4231	SYSTEMD_MSG="yes"
		4232	else
		4233	AC_MSG_RESULT([no])
		4234	fi
		4235	fi
		4236	fi ]
		4237	)
		4238
4216	# Looking for programs, paths and files	4239	# Looking for programs, paths and files
4217		4240
4218	PRIVSEP_PATH=/var/empty	4241	PRIVSEP_PATH=/var/empty
@@ -5014,6 +5037,7 @@ echo " MD5 password support: $MD5_MSG"
5014	echo " libedit support: $LIBEDIT_MSG"	5037	echo " libedit support: $LIBEDIT_MSG"
5015	echo " Solaris process contract support: $SPC_MSG"	5038	echo " Solaris process contract support: $SPC_MSG"
5016	echo " Solaris project support: $SP_MSG"	5039	echo " Solaris project support: $SP_MSG"
		5040	echo " systemd support: $SYSTEMD_MSG"
5017	echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"	5041	echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
5018	echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"	5042	echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
5019	echo " BSD Auth support: $BSD_AUTH_MSG"	5043	echo " BSD Auth support: $BSD_AUTH_MSG"


diff --git a/debian/.git-dpm b/debian/.git-dpm index a5ea18e89..b74a96d43 100644 --- a/debian/.git-dpm +++ b/debian/.git-dpm
@@ -1,6 +1,6 @@
1	# see git-dpm(1) from git-dpm package	1	# see git-dpm(1) from git-dpm package
2	ed5dcc5819cd53636938bd5c30b8c5acdd1615e1	2	480b475c69faf9cfa748cc445e36201bc7a81b80
3	ed5dcc5819cd53636938bd5c30b8c5acdd1615e1	3	480b475c69faf9cfa748cc445e36201bc7a81b80
4	651211fd4a199b299540c00c54a46e27fadb04be	4	651211fd4a199b299540c00c54a46e27fadb04be
5	651211fd4a199b299540c00c54a46e27fadb04be	5	651211fd4a199b299540c00c54a46e27fadb04be
6	openssh_7.1p1.orig.tar.gz	6	openssh_7.1p1.orig.tar.gz


diff --git a/debian/changelog b/debian/changelog index ff9eb099d..faa138ce0 100644 --- a/debian/changelog +++ b/debian/changelog
@@ -1,3 +1,10 @@
		1	openssh (1:7.1p1-5) UNRELEASED; urgency=medium
		2
		3	[ Michael Biebl ]
		4	* Add systemd readiness notification support (closes: #778913).
		5
		6	-- Colin Watson <cjwatson@debian.org> Mon, 21 Dec 2015 16:10:53 +0000
		7
1	openssh (1:7.1p1-4) unstable; urgency=medium	8	openssh (1:7.1p1-4) unstable; urgency=medium
2		9
3	* Backport upstream patch to unbreak connections with peers that set	10	* Backport upstream patch to unbreak connections with peers that set


diff --git a/debian/control b/debian/control index 8ecb3d44a..fc705b3d8 100644 --- a/debian/control +++ b/debian/control
@@ -2,7 +2,7 @@ Source: openssh
2	Section: net	2	Section: net
3	Priority: standard	3	Priority: standard
4	Maintainer: Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>	4	Maintainer: Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>
5	Build-Depends: libwrap0-dev \| libwrap-dev, zlib1g-dev (>= 1:1.2.3), libssl-dev (>= 0.9.8g), libpam0g-dev \| libpam-dev, libgtk2.0-dev, libedit-dev, debhelper (>= 9~), dh-exec, libselinux1-dev [linux-any], libkrb5-dev \| heimdal-dev, dpkg-dev (>= 1.16.1~), dh-autoreconf, autotools-dev, dh-systemd (>= 1.4), libaudit-dev [linux-any]	5	Build-Depends: libwrap0-dev \| libwrap-dev, zlib1g-dev (>= 1:1.2.3), libssl-dev (>= 0.9.8g), libpam0g-dev \| libpam-dev, libgtk2.0-dev, libedit-dev, debhelper (>= 9~), dh-exec, libselinux1-dev [linux-any], libkrb5-dev \| heimdal-dev, dpkg-dev (>= 1.16.1~), dh-autoreconf, autotools-dev, dh-systemd (>= 1.4), libaudit-dev [linux-any], libsystemd-dev [linux-any]
6	XS-Testsuite: autopkgtest	6	XS-Testsuite: autopkgtest
7	Standards-Version: 3.9.6	7	Standards-Version: 3.9.6
8	Uploaders: Colin Watson <cjwatson@debian.org>, Matthew Vernon <matthew@debian.org>	8	Uploaders: Colin Watson <cjwatson@debian.org>, Matthew Vernon <matthew@debian.org>


diff --git a/debian/patches/backport-fix-first-kex-follows.patch b/debian/patches/backport-fix-first-kex-follows.patch index 0333adad1..07c86b948 100644 --- a/debian/patches/backport-fix-first-kex-follows.patch +++ b/debian/patches/backport-fix-first-kex-follows.patch
@@ -1,4 +1,4 @@
1	From ed5dcc5819cd53636938bd5c30b8c5acdd1615e1 Mon Sep 17 00:00:00 2001	1	From 480b475c69faf9cfa748cc445e36201bc7a81b80 Mon Sep 17 00:00:00 2001
2	From: Damien Miller <djm@mindrot.org>	2	From: Damien Miller <djm@mindrot.org>
3	Date: Tue, 15 Dec 2015 15:25:04 +0000	3	Date: Tue, 15 Dec 2015 15:25:04 +0000
4	Subject: upstream commit	4	Subject: upstream commit


diff --git a/debian/patches/debian-config.patch b/debian/patches/debian-config.patch index cfa6ef6b7..6bd50eaad 100644 --- a/debian/patches/debian-config.patch +++ b/debian/patches/debian-config.patch
@@ -1,4 +1,4 @@
1	From 9351b179c72f18dc1b1d5bb84b2a7dab5e0af3fc Mon Sep 17 00:00:00 2001	1	From a466a627b806905df9c7583af7edcf39e9481201 Mon Sep 17 00:00:00 2001
2	From: Colin Watson <cjwatson@debian.org>	2	From: Colin Watson <cjwatson@debian.org>
3	Date: Sun, 9 Feb 2014 16:10:18 +0000	3	Date: Sun, 9 Feb 2014 16:10:18 +0000
4	Subject: Various Debian-specific configuration changes	4	Subject: Various Debian-specific configuration changes


diff --git a/debian/patches/series b/debian/patches/series index 340077745..f7eb1cc8b 100644 --- a/debian/patches/series +++ b/debian/patches/series
@@ -24,5 +24,6 @@ ssh-agent-setgid.patch
24	no-openssl-version-status.patch	24	no-openssl-version-status.patch
25	gnome-ssh-askpass2-icon.patch	25	gnome-ssh-askpass2-icon.patch
26	sigstop.patch	26	sigstop.patch
		27	systemd-readiness.patch
27	debian-config.patch	28	debian-config.patch
28	backport-fix-first-kex-follows.patch	29	backport-fix-first-kex-follows.patch


diff --git a/debian/patches/systemd-readiness.patch b/debian/patches/systemd-readiness.patch new file mode 100644 index 000000000..bbe3b2cd5 --- /dev/null +++ b/debian/patches/systemd-readiness.patch
@@ -0,0 +1,84 @@
		1	From 818791ef8edf087481bd49eb32335c8d7e1953d6 Mon Sep 17 00:00:00 2001
		2	From: Michael Biebl <biebl@debian.org>
		3	Date: Mon, 21 Dec 2015 16:08:47 +0000
		4	Subject: Add systemd readiness notification support
		5
		6	Bug-Debian: https://bugs.debian.org/778913
		7	Forwarded: no
		8	Last-Update: 2015-12-21
		9
		10	Patch-Name: systemd-readiness.patch
		11	---
		12	configure.ac \| 24 ++++++++++++++++++++++++
		13	sshd.c \| 9 +++++++++
		14	2 files changed, 33 insertions(+)
		15
		16	diff --git a/configure.ac b/configure.ac
		17	index 128889a..eec2b72 100644
		18	--- a/configure.ac
		19	+++ b/configure.ac
		20	@@ -4213,6 +4213,29 @@ AC_ARG_WITH([kerberos5],
		21	AC_SUBST([GSSLIBS])
		22	AC_SUBST([K5LIBS])
		23
		24	+# Check whether user wants systemd support
		25	+SYSTEMD_MSG="no"
		26	+AC_ARG_WITH(systemd,
		27	+ [ --with-systemd Enable systemd support],
		28	+ [ if test "x$withval" != "xno" ; then
		29	+ AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no])
		30	+ if test "$PKGCONFIG" != "no"; then
		31	+ AC_MSG_CHECKING([for libsystemd])
		32	+ if $PKGCONFIG --exists libsystemd; then
		33	+ SYSTEMD_CFLAGS=`$PKGCONFIG --cflags libsystemd`
		34	+ SYSTEMD_LIBS=`$PKGCONFIG --libs libsystemd`
		35	+ CPPFLAGS="$CPPFLAGS $SYSTEMD_CFLAGS"
		36	+ SSHDLIBS="$SSHDLIBS $SYSTEMD_LIBS"
		37	+ AC_MSG_RESULT([yes])
		38	+ AC_DEFINE(HAVE_SYSTEMD, 1, [Define if you want systemd support.])
		39	+ SYSTEMD_MSG="yes"
		40	+ else
		41	+ AC_MSG_RESULT([no])
		42	+ fi
		43	+ fi
		44	+ fi ]
		45	+)
		46	+
		47	# Looking for programs, paths and files
		48
		49	PRIVSEP_PATH=/var/empty
		50	@@ -5014,6 +5037,7 @@ echo " MD5 password support: $MD5_MSG"
		51	echo " libedit support: $LIBEDIT_MSG"
		52	echo " Solaris process contract support: $SPC_MSG"
		53	echo " Solaris project support: $SP_MSG"
		54	+echo " systemd support: $SYSTEMD_MSG"
		55	echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
		56	echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
		57	echo " BSD Auth support: $BSD_AUTH_MSG"
		58	diff --git a/sshd.c b/sshd.c
		59	index 7e72b9b..4d28dc0 100644
		60	--- a/sshd.c
		61	+++ b/sshd.c
		62	@@ -85,6 +85,10 @@
		63	#include <prot.h>
		64	#endif
		65
		66	+#ifdef HAVE_SYSTEMD
		67	+#include <systemd/sd-daemon.h>
		68	+#endif
		69	+
		70	#include "xmalloc.h"
		71	#include "ssh.h"
		72	#include "ssh1.h"
		73	@@ -2011,6 +2015,11 @@ main(int ac, char **av)
		74	/* ignore SIGPIPE */
		75	signal(SIGPIPE, SIG_IGN);
		76
		77	+#ifdef HAVE_SYSTEMD
		78	+ /* Signal systemd that we are ready to accept connections */
		79	+ sd_notify(0, "READY=1");
		80	+#endif
		81	+
		82	/* Get a connection, either from inetd or a listening TCP socket */
		83	if (inetd_flag) {
		84	server_accept_inetd(&sock_in, &sock_out);


diff --git a/debian/rules b/debian/rules index e67053cdd..01937b39e 100755 --- a/debian/rules +++ b/debian/rules
@@ -92,6 +92,7 @@ confflags += --with-ssl-engine
92	ifeq ($(DEB_HOST_ARCH_OS),linux)	92	ifeq ($(DEB_HOST_ARCH_OS),linux)
93	confflags += --with-selinux	93	confflags += --with-selinux
94	confflags += --with-audit=linux	94	confflags += --with-audit=linux
		95	confflags += --with-systemd
95	endif	96	endif
96		97
97	# The deb build wants xauth; the udeb build doesn't.	98	# The deb build wants xauth; the udeb build doesn't.


diff --git a/debian/systemd/ssh.service b/debian/systemd/ssh.service index ff28d39c1..3df8c6426 100644 --- a/debian/systemd/ssh.service +++ b/debian/systemd/ssh.service
@@ -9,6 +9,8 @@ ExecStart=/usr/sbin/sshd -D $SSHD_OPTS
9	ExecReload=/bin/kill -HUP $MAINPID	9	ExecReload=/bin/kill -HUP $MAINPID
10	KillMode=process	10	KillMode=process
11	Restart=on-failure	11	Restart=on-failure
		12	RestartPreventExitStatus=255
		13	Type=notify
12		14
13	[Install]	15	[Install]
14	WantedBy=multi-user.target	16	WantedBy=multi-user.target


diff --git a/sshd.c b/sshd.c index 7e72b9b84..4d28dc0aa 100644 --- a/sshd.c +++ b/sshd.c
@@ -85,6 +85,10 @@
85	#include <prot.h>	85	#include <prot.h>
86	#endif	86	#endif
87		87
		88	#ifdef HAVE_SYSTEMD
		89	#include <systemd/sd-daemon.h>
		90	#endif
		91
88	#include "xmalloc.h"	92	#include "xmalloc.h"
89	#include "ssh.h"	93	#include "ssh.h"
90	#include "ssh1.h"	94	#include "ssh1.h"
@@ -2011,6 +2015,11 @@ main(int ac, char **av)
2011	/* ignore SIGPIPE */	2015	/* ignore SIGPIPE */
2012	signal(SIGPIPE, SIG_IGN);	2016	signal(SIGPIPE, SIG_IGN);
2013		2017
		2018	#ifdef HAVE_SYSTEMD
		2019	/* Signal systemd that we are ready to accept connections */
		2020	sd_notify(0, "READY=1");
		2021	#endif
		2022
2014	/* Get a connection, either from inetd or a listening TCP socket */	2023	/* Get a connection, either from inetd or a listening TCP socket */
2015	if (inetd_flag) {	2024	if (inetd_flag) {
2016	server_accept_inetd(&sock_in, &sock_out);	2025	server_accept_inetd(&sock_in, &sock_out);