From 11cbb530aa4ca54344eb8941342bfe510f4b981b Mon Sep 17 00:00:00 2001
From: Colin Watson <cjwatson@debian.org>
Date: Mon, 10 Feb 2014 14:37:55 +0000
Subject: Add systemd support (thanks, Sven Joachim; closes: #676830).

---
 debian/README.Debian              | 20 ++++++++++++++++++++
 debian/changelog                  |  1 +
 debian/control                    |  2 +-
 debian/openssh-server.install     |  4 ++++
 debian/openssh-server.postinst    |  7 +++++++
 debian/openssh-server.ssh.service |  1 +
 debian/rules                      |  5 ++++-
 debian/systemd/ssh.service        | 15 +++++++++++++++
 debian/systemd/ssh.socket         | 11 +++++++++++
 debian/systemd/ssh@.service       |  9 +++++++++
 debian/systemd/sshd.conf          |  1 +
 11 files changed, 74 insertions(+), 2 deletions(-)
 create mode 120000 debian/openssh-server.ssh.service
 create mode 100644 debian/systemd/ssh.service
 create mode 100644 debian/systemd/ssh.socket
 create mode 100644 debian/systemd/ssh@.service
 create mode 100644 debian/systemd/sshd.conf

diff --git a/debian/README.Debian b/debian/README.Debian
index 00dfea13d..b9efeb9f5 100644
--- a/debian/README.Debian
+++ b/debian/README.Debian
@@ -201,6 +201,26 @@ If you do this, note that you will need to stop sshd being started in the
 normal way ('rm -f /etc/rc[2345].d/S16ssh') and that you will need to
 restart this sshd manually on upgrades.
 
+systemd socket activation
+-------------------------
+
+If you want to reconfigure systemd to launch sshd using socket activation,
+then you can run:
+
+  systemctl stop ssh.service
+  systemctl start ssh.socket
+
+To make this permanent:
+
+  systemctl disable ssh.service
+  systemctl enable ssh.socket
+
+This may be appropriate in environments where minimal footprint is critical
+(e.g. cloud guests).  Be aware that this bypasses MaxStartups, and systemd's
+MaxConnections cannot quite replace this as it cannot distinguish between
+authenticated and unauthenticated connections; see
+https://bugzilla.redhat.com/show_bug.cgi?id=963268 for more discussion.
+
 -- 
 Matthew Vernon <matthew@debian.org>
 Colin Watson <cjwatson@debian.org>
diff --git a/debian/changelog b/debian/changelog
index 5dc215554..e0adf6e70 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -28,6 +28,7 @@ openssh (1:6.5p1-1) UNRELEASED; urgency=medium
     'ssh-keygen -q -f /etc/ssh/ssh_host_ed25519_key -N "" -t ed25519'.
   * Drop long-obsolete "SSH now uses protocol 2 by default" section from
     README.Debian.
+  * Add systemd support (thanks, Sven Joachim; closes: #676830).
 
  -- Colin Watson <cjwatson@debian.org>  Sun, 09 Feb 2014 15:52:14 +0000
 
diff --git a/debian/control b/debian/control
index 8b3679570..78746affe 100644
--- a/debian/control
+++ b/debian/control
@@ -2,7 +2,7 @@ Source: openssh
 Section: net
 Priority: standard
 Maintainer: Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>
-Build-Depends: libwrap0-dev | libwrap-dev, zlib1g-dev (>= 1:1.2.3-1), libssl-dev (>= 0.9.8g), libpam0g-dev | libpam-dev, libgtk2.0-dev, libedit-dev, debhelper (>= 8.1.0~), libselinux1-dev [linux-any], libkrb5-dev | heimdal-dev, dpkg (>= 1.16.1~), libck-connector-dev, dh-autoreconf, autotools-dev
+Build-Depends: libwrap0-dev | libwrap-dev, zlib1g-dev (>= 1:1.2.3-1), libssl-dev (>= 0.9.8g), libpam0g-dev | libpam-dev, libgtk2.0-dev, libedit-dev, debhelper (>= 8.1.0~), libselinux1-dev [linux-any], libkrb5-dev | heimdal-dev, dpkg (>= 1.16.1~), libck-connector-dev, dh-autoreconf, autotools-dev, dh-systemd (>= 1.4)
 Standards-Version: 3.8.4
 Uploaders: Colin Watson <cjwatson@debian.org>, Matthew Vernon <matthew@debian.org>
 Homepage: http://www.openssh.org/
diff --git a/debian/openssh-server.install b/debian/openssh-server.install
index 8e04c4170..d04788cca 100644
--- a/debian/openssh-server.install
+++ b/debian/openssh-server.install
@@ -4,3 +4,7 @@ usr/share/man/man5/authorized_keys.5
 usr/share/man/man5/sshd_config.5
 usr/share/man/man8/sftp-server.8
 usr/share/man/man8/sshd.8
+
+debian/systemd/ssh.socket lib/systemd/system
+debian/systemd/ssh@.service lib/systemd/system
+debian/systemd/sshd.conf usr/lib/tmpfiles.d
diff --git a/debian/openssh-server.postinst b/debian/openssh-server.postinst
index 91c757db5..b35e227e7 100644
--- a/debian/openssh-server.postinst
+++ b/debian/openssh-server.postinst
@@ -304,6 +304,13 @@ if [ "$action" = configure ]; then
 	    # restart it under Upstart.
 	    start-stop-daemon --stop --quiet --oknodo --pidfile /var/run/sshd.pid || true
 	fi
+	if dpkg --compare-versions "$2" lt 1:6.5p1-1 && \
+	   [ -d /run/systemd/system ] && \
+	   ! systemctl --quiet is-active ssh; then
+	    # We must stop the sysvinit-controlled sshd before we can
+	    # restart it under systemd.
+	    start-stop-daemon --stop --quiet --oknodo --pidfile /var/run/sshd.pid || true
+	fi
 fi
 
 #DEBHELPER#
diff --git a/debian/openssh-server.ssh.service b/debian/openssh-server.ssh.service
new file mode 120000
index 000000000..609457230
--- /dev/null
+++ b/debian/openssh-server.ssh.service
@@ -0,0 +1 @@
+systemd/ssh.service
\ No newline at end of file
diff --git a/debian/rules b/debian/rules
index 5b0d8f9d6..c8870b3a4 100755
--- a/debian/rules
+++ b/debian/rules
@@ -114,7 +114,7 @@ confflags += --with-ldflags='$(strip -Wl,--as-needed $(default_ldflags))'
 confflags_udeb += --with-ldflags='-Wl,--as-needed'
 
 %:
-	dh $@ --with=autoreconf
+	dh $@ --with=autoreconf,systemd
 
 autoreconf:
 	autoreconf -f -i
@@ -190,6 +190,9 @@ override_dh_installdocs:
 	# Avoid breaking dh_installexamples later.
 	mkdir -p debian/openssh-server/usr/share/doc/openssh-client
 
+override_dh_systemd_enable:
+	dh_systemd_enable --name ssh
+
 override_dh_installinit:
 	dh_installinit -R --name ssh -- start 16 2 3 4 5 .
 
diff --git a/debian/systemd/ssh.service b/debian/systemd/ssh.service
new file mode 100644
index 000000000..333690bfc
--- /dev/null
+++ b/debian/systemd/ssh.service
@@ -0,0 +1,15 @@
+[Unit]
+Description=OpenBSD Secure Shell server
+After=syslog.target network.target auditd.service
+ConditionPathExists=!/etc/ssh/sshd_not_to_be_run
+
+[Service]
+EnvironmentFile=-/etc/default/ssh
+ExecStartPre=/usr/bin/test -c /dev/null
+ExecStart=/usr/sbin/sshd -D $SSHD_OPTS
+ExecReload=/bin/kill -HUP $MAINPID
+KillMode=process
+Restart=on-failure
+
+[Install]
+WantedBy=multi-user.target
diff --git a/debian/systemd/ssh.socket b/debian/systemd/ssh.socket
new file mode 100644
index 000000000..fa1f615e4
--- /dev/null
+++ b/debian/systemd/ssh.socket
@@ -0,0 +1,11 @@
+[Unit]
+Description=OpenBSD Secure Shell server socket
+Conflicts=ssh.service
+ConditionPathExists=!/etc/ssh/sshd_not_to_be_run
+
+[Socket]
+ListenStream=22
+Accept=yes
+
+[Install]
+WantedBy=sockets.target
diff --git a/debian/systemd/ssh@.service b/debian/systemd/ssh@.service
new file mode 100644
index 000000000..c2f9b1547
--- /dev/null
+++ b/debian/systemd/ssh@.service
@@ -0,0 +1,9 @@
+[Unit]
+Description=OpenBSD Secure Shell server per-connection daemon
+After=auditd.service
+
+[Service]
+EnvironmentFile=-/etc/default/ssh
+ExecStartPre=/usr/bin/test -c /dev/null
+ExecStart=-/usr/sbin/sshd -i $SSHD_OPTS
+StandardInput=socket
diff --git a/debian/systemd/sshd.conf b/debian/systemd/sshd.conf
new file mode 100644
index 000000000..ab7302189
--- /dev/null
+++ b/debian/systemd/sshd.conf
@@ -0,0 +1 @@
+d /var/run/sshd 0755 root root
-- 
cgit v1.2.3