[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#832445: marked as done (openssh: Rework upstart ssh-agent job and add systemd user unit)

Your message dated Fri, 29 Jul 2016 04:19:35 +0000
with message-id <E1bSzGp-0002zl-P1@franck.debian.org>
and subject line Bug#832445: fixed in openssh 1:7.2p2-8
has caused the Debian Bug report #832445,
regarding openssh: Rework upstart ssh-agent job and add systemd user unit
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org

832445: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=832445
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
Package: openssh-client
Severity: wishlist
Version: 7.2p2-7
Tags: patch
User: ubuntu-devel@lists.ubuntu.com
Usertags: origin-ubuntu ubuntu-patch yakkety systemd-session


in Ubuntu we are currently converting the user session from upstart to
systemd [1]. The upstart sessions were entirely Ubuntu specific, but
the systemd user units are aimed to work on every distro and thus I
attempt to standardize those (see [2]).

These two patches refactor and improve the current upstart job and add
a systemd unit. Please see the commit logs for details.

At the moment Debian uses neither upstart nor systemd for its user
sessions, to this is a no-op for Debian. But Colin wants to keep the
packages in sync, so it would be great if you could apply those. The
dead weight is just three very small files.

Thanks for considering,


[1] https://blueprints.launchpad.net/ubuntu/+spec/convergence-y-replace-upstart
[2] https://github.com/systemd/systemd/pull/3678

Martin Pitt                        | http://www.piware.de
Ubuntu Developer (www.ubuntu.com)  | Debian Developer  (www.debian.org)
From 01ab606b2e5251fd40da72ff978d7c9e8928a7a6 Mon Sep 17 00:00:00 2001
From: Martin Pitt <martin.pitt@ubuntu.com>
Date: Mon, 25 Jul 2016 17:03:17 +0200
Subject: [PATCH 1/2] Add debian/agent-launch: Helper script for conditionally
 starting the SSH agent in the user session

Use it in ssh-agent.user-session.upstart. This will also be used in a
corresponding systemd user unit.

This replaces the backgrounded "ssh-agent -s" with a foreground task which
works more nicely with modern init systems for logging/debugging and

Also use a fixed socket file name in $XDG_RUNTIME_DIR -- under both upstart and
systemd we can assume this, and it allows restarting the service in a running
 debian/agent-launch                   | 29 +++++++++++++++++++++++++++++
 debian/changelog                      |  7 +++++++
 debian/openssh-client.install         |  2 ++
 debian/ssh-agent.user-session.upstart | 20 ++------------------
 4 files changed, 40 insertions(+), 18 deletions(-)
 create mode 100755 debian/agent-launch

diff --git a/debian/agent-launch b/debian/agent-launch
new file mode 100755
index 0000000..40479b8
--- /dev/null
+++ b/debian/agent-launch
@@ -0,0 +1,29 @@
+# helper script for launching ssh-agent, used by systemd unit and upstart job
+set -e
+if [ ! -d "$XDG_RUNTIME_DIR" ]; then
+    echo 'This needs $XDG_RUNTIME_DIR to be set' >&2
+    exit 1
+if [ "$1" = start ]; then
+    if [ -z "$SSH_AUTH_SOCK" ] && grep -s -q '^use-ssh-agent$' /etc/X11/Xsession.options; then
+        S="$XDG_RUNTIME_DIR/openssh_agent"
+        dbus-update-activation-environment --verbose --systemd SSH_AUTH_SOCK=$S SSH_AGENT_LAUNCHER=openssh
+        if type initctl >/dev/null 2>&1; then
+            initctl set-env --global SSH_AUTH_SOCK=$S
+        fi
+        exec ssh-agent -D -a $S
+    fi
+elif [ "$1" = stop ]; then
+    if [ "$SSH_AGENT_LAUNCHER" = openssh ]; then
+        dbus-update-activation-environment --systemd  SSH_AUTH_SOCK=
+        if type initctl >/dev/null 2>&1; then
+            initctl unset-env --global SSH_AUTH_SOCK
+        fi
+    fi
+    echo "Unknown command $1" >&2
+    exit 1
diff --git a/debian/changelog b/debian/changelog
index e81c667..7185d15 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+openssh (1:7.2p2-8) UNRELEASED; urgency=medium
+  * Add debian/agent-launch: Helper script for conditionally starting the SSH
+    agent in the user session. Use it in ssh-agent.user-session.upstart.
+ -- Martin Pitt <martin.pitt@ubuntu.com>  Mon, 25 Jul 2016 17:01:56 +0200
 openssh (1:7.2p2-7) unstable; urgency=medium
   * Don't stop the ssh-session-cleanup service on upgrade (closes: #832155).
diff --git a/debian/openssh-client.install b/debian/openssh-client.install
index fd6819a..fd9c02d 100755
--- a/debian/openssh-client.install
+++ b/debian/openssh-client.install
@@ -26,6 +26,8 @@ usr/share/man/man8/ssh-pkcs11-helper.8
 contrib/ssh-copy-id usr/bin
 debian/ssh-argv0 usr/bin
+debian/agent-launch usr/lib/openssh
 # dh_apport would be neater, but at the time of writing it isn't in unstable
 # yet.
 debian/openssh-client.apport => usr/share/apport/package-hooks/openssh-client.py
diff --git a/debian/ssh-agent.user-session.upstart b/debian/ssh-agent.user-session.upstart
index 385a9ec..672d2a0 100644
--- a/debian/ssh-agent.user-session.upstart
+++ b/debian/ssh-agent.user-session.upstart
@@ -3,21 +3,5 @@ author "Stéphane Graber <stgraber@ubuntu.com>"
 start on starting xsession-init
-pre-start script
-    [ -e /etc/X11/Xsession.options ] || { stop; exit 0; }
-    grep -q "^use-ssh-agent$" /etc/X11/Xsession.options || { stop; exit 0; }
-    [ -z "$SSH_AUTH_SOCK" ] || { stop; exit 0; }
-    eval "$(ssh-agent -s)" >/dev/null
-    initctl set-env --global SSH_AUTH_SOCK=$SSH_AUTH_SOCK
-    initctl set-env --global SSH_AGENT_PID=$SSH_AGENT_PID
-    initctl set-env --global SSH_AGENT_LAUNCHER=upstart
-end script
-post-stop script
-    [ "$SSH_AGENT_LAUNCHER" = upstart ] || exit 0
-    kill $SSH_AGENT_PID 2>/dev/null || true
-    initctl unset-env --global SSH_AUTH_SOCK
-    initctl unset-env --global SSH_AGENT_PID
-    initctl unset-env --global SSH_AGENT_LAUNCHER
-end script
+exec /usr/lib/openssh/agent-launch start
+post-stop exec /usr/lib/openssh/agent-launch stop

From 0aa9e9e60c696f8cc6ed5df13ca52922bb752fa5 Mon Sep 17 00:00:00 2001
From: Martin Pitt <martin.pitt@ubuntu.com>
Date: Mon, 25 Jul 2016 17:07:25 +0200
Subject: [PATCH 2/2] Add systemd user unit for graphical sessions that use

Override the corresponding upstart job in that case.
 debian/changelog                  | 2 ++
 debian/openssh-client.install     | 4 ++++
 debian/openssh-client.links       | 2 ++
 debian/systemd/ssh-agent.override | 1 +
 debian/systemd/ssh-agent.service  | 8 ++++++++
 5 files changed, 17 insertions(+)
 create mode 100644 debian/systemd/ssh-agent.override
 create mode 100644 debian/systemd/ssh-agent.service

diff --git a/debian/changelog b/debian/changelog
index 7185d15..dd6f7dc 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -2,6 +2,8 @@ openssh (1:7.2p2-8) UNRELEASED; urgency=medium
   * Add debian/agent-launch: Helper script for conditionally starting the SSH
     agent in the user session. Use it in ssh-agent.user-session.upstart.
+  * Add systemd user unit for graphical sessions that use systemd. Override
+    the corresponding upstart job in that case.
  -- Martin Pitt <martin.pitt@ubuntu.com>  Mon, 25 Jul 2016 17:01:56 +0200
diff --git a/debian/openssh-client.install b/debian/openssh-client.install
index fd9c02d..b8b798d 100755
--- a/debian/openssh-client.install
+++ b/debian/openssh-client.install
@@ -35,3 +35,7 @@ debian/openssh-client.apport => usr/share/apport/package-hooks/openssh-client.py
 # Upstart user job (only used under user sessions).
 debian/ssh-agent.user-session.upstart => usr/share/upstart/sessions/ssh-agent.conf
+# systemd user unit (only used under sessions)
+debian/systemd/ssh-agent.service usr/lib/systemd/user
+# disable above upstart job when running the systemd user unit
+debian/systemd/ssh-agent.override usr/share/upstart/systemd-session/upstart
diff --git a/debian/openssh-client.links b/debian/openssh-client.links
index 75d798a..1d94c74 100644
--- a/debian/openssh-client.links
+++ b/debian/openssh-client.links
@@ -1,2 +1,4 @@
 usr/bin/ssh usr/bin/slogin
 usr/share/man/man1/ssh.1 usr/share/man/man1/slogin.1
+# enable systemd user unit for graphical sessions that use systemd
+usr/lib/systemd/user/ssh-agent.service usr/lib/systemd/user/graphical-session-pre.target.wants/ssh-agent.service
diff --git a/debian/systemd/ssh-agent.override b/debian/systemd/ssh-agent.override
new file mode 100644
index 0000000..2905494
--- /dev/null
+++ b/debian/systemd/ssh-agent.override
@@ -0,0 +1 @@
diff --git a/debian/systemd/ssh-agent.service b/debian/systemd/ssh-agent.service
new file mode 100644
index 0000000..2297f8f
--- /dev/null
+++ b/debian/systemd/ssh-agent.service
@@ -0,0 +1,8 @@
+Description=OpenSSH Agent
+ExecStart=/usr/lib/openssh/agent-launch start
+ExecStopPost=/usr/lib/openssh/agent-launch stop

Attachment: signature.asc
Description: PGP signature

--- End Message ---
--- Begin Message ---
Source: openssh
Source-Version: 1:7.2p2-8

We believe that the bug you reported is fixed in the latest version of
openssh, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 832445@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
Colin Watson <cjwatson@debian.org> (supplier of updated openssh package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)

Hash: SHA256

Format: 1.8
Date: Fri, 29 Jul 2016 02:51:32 +0100
Source: openssh
Binary: openssh-client openssh-client-ssh1 openssh-server openssh-sftp-server ssh ssh-krb5 ssh-askpass-gnome openssh-client-udeb openssh-server-udeb
Architecture: source
Version: 1:7.2p2-8
Distribution: unstable
Urgency: medium
Maintainer: Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>
Changed-By: Colin Watson <cjwatson@debian.org>
 openssh-client - secure shell (SSH) client, for secure access to remote machines
 openssh-client-ssh1 - secure shell (SSH) client for legacy SSH1 protocol
 openssh-client-udeb - secure shell client for the Debian installer (udeb)
 openssh-server - secure shell (SSH) server, for secure access from remote machines
 openssh-server-udeb - secure shell server for the Debian installer (udeb)
 openssh-sftp-server - secure shell (SSH) sftp server module, for SFTP access from remot
 ssh        - secure shell client and server (metapackage)
 ssh-askpass-gnome - interactive X program to prompt users for a passphrase for ssh-ad
 ssh-krb5   - secure shell client and server (transitional package)
Closes: 832155 832445 832557
 openssh (1:7.2p2-8) unstable; urgency=medium
   [ Colin Watson ]
   * Stop enabling ssh-session-cleanup.service by default; instead, ship it
     as an example and add a section to README.Debian.  libpam-systemd >= 230
     and "UsePAM yes" should take care of the original problem for most
     systemd users (thanks, Michael Biebl; closes: #832155).
   [ Martin Pitt ]
   * Add debian/agent-launch: Helper script for conditionally starting the SSH
     agent in the user session. Use it in ssh-agent.user-session.upstart.
   * Add systemd user unit for graphical sessions that use systemd. Override
     the corresponding upstart job in that case (closes: #832445).
   * debian/openssh-server.if-up: Don't block on a finished reload of
     openssh.service, to avoid deadlocking with restarting networking.
     (closes: #832557, LP: #1584393)
 20205f98e98ebf139f83cb2ea54d99879511387e 2884 openssh_7.2p2-8.dsc
 ed0db2274a92c43e7838792a78c9410e1830412e 155012 openssh_7.2p2-8.debian.tar.xz
 e778efe40936b501934e610e111366778127fc1517abf50533a0c16618a6c700 2884 openssh_7.2p2-8.dsc
 12a769972a4dfb379203c966d8bc2b848246ee69c83abffa2875b91adafb1525 155012 openssh_7.2p2-8.debian.tar.xz
 7e3e0ca8818b3f61b5775b903fab9530 2884 net standard openssh_7.2p2-8.dsc
 74cef7c835704e93c61eb234c59cc7d2 155012 net standard openssh_7.2p2-8.debian.tar.xz

Version: GnuPG v1
Comment: Colin Watson <cjwatson@debian.org> -- Debian developer


--- End Message ---

Reply to: