Am 12.05.2015 um 17:42 schrieb Michael Biebl: > Am 12.05.2015 um 17:07 schrieb Michael Biebl: >> As you can see, systemd tries to repeatedly start the service until it hits >> start-limit. >> We should use sd_notify in that case to pass a correct error code to systemd. > > Or we could use what's been proposed by Colin, i.e. > ExecStartPre=/usr/bin/sshd -t > or my > RestartPreventExitStatus=255 Updated patch, adding RestartPreventExitStatus=, attached. From my limited testing, seems to work fine here. -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth?
diff --git a/configure.ac b/configure.ac index f5c65c5..ef154ba 100644 --- a/configure.ac +++ b/configure.ac @@ -4137,6 +4137,29 @@ AC_ARG_WITH(consolekit, fi ] ) +# Check whether user wants systemd support +SYSTEMD_MSG="no" +AC_ARG_WITH(systemd, + [ --with-systemd Enable systemd support], + [ if test "x$withval" != "xno" ; then + AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no]) + if test "$PKGCONFIG" != "no"; then + AC_MSG_CHECKING([for libsystemd]) + if $PKGCONFIG --exists libsystemd; then + SYSTEMD_CFLAGS=`$PKGCONFIG --cflags libsystemd` + SYSTEMD_LIBS=`$PKGCONFIG --libs libsystemd` + CPPFLAGS="$CPPFLAGS $SYSTEMD_CFLAGS" + SSHDLIBS="$SSHDLIBS $SYSTEMD_LIBS" + AC_MSG_RESULT([yes]) + AC_DEFINE(HAVE_SYSTEMD, 1, [Define if you want systemd support.]) + SYSTEMD_MSG="yes" + else + AC_MSG_RESULT([no]) + fi + fi + fi ] +) + # Looking for programs, paths and files PRIVSEP_PATH=/var/empty @@ -4939,6 +4962,7 @@ echo " libedit support: $LIBEDIT_MSG" echo " Solaris process contract support: $SPC_MSG" echo " Solaris project support: $SP_MSG" echo " ConsoleKit support: $CONSOLEKIT_MSG" +echo " systemd support: $SYSTEMD_MSG" echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG" echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG" echo " BSD Auth support: $BSD_AUTH_MSG" diff --git a/debian/control b/debian/control index c513f4e..6144cf3 100644 --- a/debian/control +++ b/debian/control @@ -2,7 +2,7 @@ Source: openssh Section: net Priority: standard Maintainer: Debian OpenSSH Maintainers <debian-ssh@lists.debian.org> -Build-Depends: libwrap0-dev | libwrap-dev, zlib1g-dev (>= 1:1.2.3), libssl-dev (>= 0.9.8g), libpam0g-dev | libpam-dev, libgtk2.0-dev, libedit-dev, debhelper (>= 9~), dh-exec, libselinux1-dev [linux-any], libkrb5-dev | heimdal-dev, dpkg-dev (>= 1.16.1~), libck-connector-dev, dh-autoreconf, autotools-dev, dh-systemd (>= 1.4) +Build-Depends: libwrap0-dev | libwrap-dev, zlib1g-dev (>= 1:1.2.3), libssl-dev (>= 0.9.8g), libpam0g-dev | libpam-dev, libgtk2.0-dev, libedit-dev, debhelper (>= 9~), dh-exec, libselinux1-dev [linux-any], libkrb5-dev | heimdal-dev, dpkg-dev (>= 1.16.1~), libck-connector-dev, dh-autoreconf, autotools-dev, dh-systemd (>= 1.4), libsystemd-dev [linux-any] XS-Testsuite: autopkgtest Standards-Version: 3.9.6 Uploaders: Colin Watson <cjwatson@debian.org>, Matthew Vernon <matthew@debian.org> diff --git a/debian/rules b/debian/rules index 570e651..8429054 100755 --- a/debian/rules +++ b/debian/rules @@ -91,6 +91,7 @@ confflags += --with-kerberos5=/usr confflags += --with-ssl-engine ifeq ($(DEB_HOST_ARCH_OS),linux) confflags += --with-selinux +confflags += --with-systemd endif ifeq ($(DISTRIBUTOR),Ubuntu) confflags += --with-consolekit diff --git a/debian/systemd/ssh.service b/debian/systemd/ssh.service index ff28d39..3df8c64 100644 --- a/debian/systemd/ssh.service +++ b/debian/systemd/ssh.service @@ -9,6 +9,8 @@ ExecStart=/usr/sbin/sshd -D $SSHD_OPTS ExecReload=/bin/kill -HUP $MAINPID KillMode=process Restart=on-failure +RestartPreventExitStatus=255 +Type=notify [Install] WantedBy=multi-user.target diff --git a/sshd.c b/sshd.c index 23d5a64..180e9eb 100644 --- a/sshd.c +++ b/sshd.c @@ -84,6 +84,10 @@ #include <prot.h> #endif +#ifdef HAVE_SYSTEMD +#include <systemd/sd-daemon.h> +#endif + #include "xmalloc.h" #include "ssh.h" #include "ssh1.h" @@ -1927,6 +1931,12 @@ main(int ac, char **av) /* ignore SIGPIPE */ signal(SIGPIPE, SIG_IGN); + +#ifdef HAVE_SYSTEMD + /* Signal systemd that we are ready to accept connections */ + sd_notify(0, "READY=1"); +#endif + /* Get a connection, either from inetd or a listening TCP socket */ if (inetd_flag) { server_accept_inetd(&sock_in, &sock_out);
Attachment:
signature.asc
Description: OpenPGP digital signature