[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#715194: openssh-server: ship systemd unit files

On 2013-07-06 23:23 +0200, Colin Watson wrote:

> On Sat, Jul 06, 2013 at 07:36:35PM +0000, Shawn Landden wrote:
>> openssh package should ship systemd unit files for system-wide ssh and
>> per-connection socket activated ssh (lower ram consumption when logins
>> are rare)

One problem here is that these two options conflict, you can either run
a single sshd managing all connections _or_ use socket activation and
spawn instances on demand.  The latter is discussed in Lennart
Poettering's "systemd for Administrators" series[1].

> I'd consider applying a patch if it were complete (i.e. handled all the
> packaging side of things as well).  I'm unlikely to get around to this
> otherwise.

Attached is a patch that adapts the Fedora unit files[2] to Debian
customs, e.g. the units test for /etc/ssh/sshd_not_to_be_run and even
check /dev/null (is that really necessary?).  Since it probably does not
really make sense to enable both ssh.service (the traditional method to
start sshd) and ssh.socket (the socket activation approach), and the
former guarantees maximum compatibility with existing setups, I have
chosen to enable the former.  Switching to the latter can be done with
"systemctl start ssh.socket", to make it permanent:

# systemctl disable ssh.service
# systemctl enable ssh.socket

This probably needs a paragraph in README.Debian.

Cheers,
       Sven


1. http://0pointer.de/blog/projects/inetd.html
2. http://ftp.uni-bayreuth.de/linux/fedora/linux/development/rawhide/source/SRPMS/o/openssh-6.2p2-3.fc20.src.rpm


diff -Nru openssh-6.2p2/debian/changelog openssh-6.2p2/debian/changelog
--- openssh-6.2p2/debian/changelog	2013-07-02 23:54:51.000000000 +0200
+++ openssh-6.2p2/debian/changelog	2013-07-07 18:06:22.000000000 +0200
@@ -1,3 +1,9 @@
+openssh (1:6.2p2-6local1) unstable; urgency=low
+
+  * Add systemd support (Closes: #715194).
+
+ -- Sven Joachim <svenjoac@gmx.de>  Sun, 07 Jul 2013 18:06:21 +0200
+
 openssh (1:6.2p2-6) unstable; urgency=low
 
   * Update config.guess and config.sub automatically at build time.
diff -Nru openssh-6.2p2/debian/control openssh-6.2p2/debian/control
--- openssh-6.2p2/debian/control	2013-07-02 23:54:24.000000000 +0200
+++ openssh-6.2p2/debian/control	2013-07-07 18:00:39.000000000 +0200
@@ -2,7 +2,7 @@
 Section: net
 Priority: standard
 Maintainer: Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>
-Build-Depends: libwrap0-dev | libwrap-dev, zlib1g-dev (>= 1:1.2.3-1), libssl-dev (>= 0.9.8g), libpam0g-dev | libpam-dev, libgtk2.0-dev, libedit-dev, debhelper (>= 8.1.0~), libselinux1-dev [linux-any], libkrb5-dev | heimdal-dev, dpkg (>= 1.16.1~), libck-connector-dev, dh-autoreconf, autotools-dev
+Build-Depends: libwrap0-dev | libwrap-dev, zlib1g-dev (>= 1:1.2.3-1), libssl-dev (>= 0.9.8g), libpam0g-dev | libpam-dev, libgtk2.0-dev, libedit-dev, debhelper (>= 8.1.0~), libselinux1-dev [linux-any], libkrb5-dev | heimdal-dev, dpkg (>= 1.16.1~), libck-connector-dev, dh-autoreconf, autotools-dev, dh-systemd (>= 1.4)
 Standards-Version: 3.8.4
 Uploaders: Colin Watson <cjwatson@debian.org>, Matthew Vernon <matthew@debian.org>
 Homepage: http://www.openssh.org/
diff -Nru openssh-6.2p2/debian/openssh-server.install openssh-6.2p2/debian/openssh-server.install
--- openssh-6.2p2/debian/openssh-server.install	2010-08-24 00:07:51.000000000 +0200
+++ openssh-6.2p2/debian/openssh-server.install	2013-07-08 11:46:15.000000000 +0200
@@ -4,3 +4,6 @@
 usr/share/man/man5/sshd_config.5
 usr/share/man/man8/sftp-server.8
 usr/share/man/man8/sshd.8
+debian/ssh.socket   lib/systemd/system
+debian/ssh@.service lib/systemd/system
+debian/sshd.conf    usr/lib/tmpfiles.d
diff -Nru openssh-6.2p2/debian/openssh-server.postinst openssh-6.2p2/debian/openssh-server.postinst
--- openssh-6.2p2/debian/openssh-server.postinst	2013-06-13 14:59:48.000000000 +0200
+++ openssh-6.2p2/debian/openssh-server.postinst	2013-07-08 11:55:10.000000000 +0200
@@ -240,6 +240,14 @@
 EOF
 }
 
+check_privsep_dir() {
+    # Create the PrivSep empty dir if necessary
+    if [ ! -d /var/run/sshd ]; then
+	mkdir /var/run/sshd
+	chmod 0755 /var/run/sshd
+    fi
+}
+
 fix_statoverride() {
 # Remove an erronous override for sshd (we should have overridden ssh)
 	if [ -x /usr/sbin/dpkg-statoverride ]; then
@@ -270,6 +278,7 @@
 	create_keys
 	fix_statoverride
 	setup_sshd_user
+	check_privsep_dir
 	if dpkg --compare-versions "$2" lt 1:5.2p1-1; then
 	    remove_old_init_links
 	fi
diff -Nru openssh-6.2p2/debian/openssh-server.ssh.service openssh-6.2p2/debian/openssh-server.ssh.service
--- openssh-6.2p2/debian/openssh-server.ssh.service	1970-01-01 01:00:00.000000000 +0100
+++ openssh-6.2p2/debian/openssh-server.ssh.service	2013-07-08 13:36:53.000000000 +0200
@@ -0,0 +1,14 @@
+[Unit]
+Description=OpenSSH server daemon
+After=syslog.target network.target auditd.service
+ConditionPathExists=!/etc/ssh/sshd_not_to_be_run
+
+[Service]
+EnvironmentFile=/etc/default/ssh
+ExecStartPre=/usr/bin/test -c /dev/null
+ExecStart=/usr/sbin/sshd -D $SSHD_OPTS
+ExecReload=/bin/kill -HUP $MAINPID
+KillMode=process
+
+[Install]
+WantedBy=multi-user.target
diff -Nru openssh-6.2p2/debian/rules openssh-6.2p2/debian/rules
--- openssh-6.2p2/debian/rules	2013-07-02 23:51:57.000000000 +0200
+++ openssh-6.2p2/debian/rules	2013-07-08 11:11:09.000000000 +0200
@@ -114,7 +114,7 @@
 confflags_udeb += --with-ldflags='-Wl,--as-needed'
 
 %:
-	dh $@ --with=autoreconf
+	dh $@ --with=autoreconf,systemd
 
 autoreconf:
 	autoreconf -f -i
@@ -190,6 +190,9 @@
 	# Avoid breaking dh_installexamples later.
 	mkdir -p debian/openssh-server/usr/share/doc/openssh-client
 
+override_dh_systemd_enable:
+	dh_systemd_enable -popenssh-server ssh.service
+
 override_dh_installinit:
 	dh_installinit -R --name ssh -- start 16 2 3 4 5 .
 
diff -Nru openssh-6.2p2/debian/ssh.socket openssh-6.2p2/debian/ssh.socket
--- openssh-6.2p2/debian/ssh.socket	1970-01-01 01:00:00.000000000 +0100
+++ openssh-6.2p2/debian/ssh.socket	2013-07-08 13:00:58.000000000 +0200
@@ -0,0 +1,11 @@
+[Unit]
+Description=OpenSSH Server Socket
+Conflicts=ssh.service
+ConditionPathExists=!/etc/ssh/sshd_not_to_be_run
+
+[Socket]
+ListenStream=22
+Accept=yes
+
+[Install]
+WantedBy=sockets.target
diff -Nru openssh-6.2p2/debian/ssh@.service openssh-6.2p2/debian/ssh@.service
--- openssh-6.2p2/debian/ssh@.service	1970-01-01 01:00:00.000000000 +0100
+++ openssh-6.2p2/debian/ssh@.service	2013-07-08 13:39:28.000000000 +0200
@@ -0,0 +1,9 @@
+[Unit]
+Description=OpenSSH per-connection server daemon
+After=auditd.service
+
+[Service]
+EnvironmentFile=-/etc/default/ssh
+ExecStartPre=/usr/bin/test -c /dev/null
+ExecStart=-/usr/sbin/sshd -i $SSHD_OPTS
+StandardInput=socket
diff -Nru openssh-6.2p2/debian/sshd.conf openssh-6.2p2/debian/sshd.conf
--- openssh-6.2p2/debian/sshd.conf	1970-01-01 01:00:00.000000000 +0100
+++ openssh-6.2p2/debian/sshd.conf	2013-07-08 11:40:06.000000000 +0200
@@ -0,0 +1 @@
+d /var/run/sshd 0755 root root
Reply to: