Bug#933999: openssh-server: please provide a runscript for runit
Package: openssh-server
Version: 1:8.0p1-4
Severity: wishlist
Tags: patch
Dear Maintainer,
here is a patch to add support for Runit initialization system.
While writing the runscript I took a look at both the old sysv script
and systemd unit. The sysv script has two tests that I omitted in
the runscript
> ( /usr/sbin/sshd -\? 2>&1 | grep -q OpenSSH ) 2>/dev/null || exit 0
>if [ ! -c /dev/null ]; then
> ....
I'm not sure, are those still relevant?
Also, note that the 'since=1:8.0p1-5' option in the openssh-server.runit file
should match the version that actually adds the runscript.
the git patch is attached, and there is also a MR on salsa
https://salsa.debian.org/ssh-team/openssh/merge_requests/7
If you need more details please ask
Thanks,
Lorenzo
-- System Information:
Debian Release: bullseye/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 4.19.0-3-amd64 (SMP w/4 CPU cores)
Kernel taint flags: TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: runit (via /run/runit.stopit)
Versions of packages openssh-server depends on:
ii adduser 3.118
ii debconf [debconf-2.0] 1.5.73
ii dpkg 1.19.7
ii libaudit1 1:2.8.5-2
ii libc6 2.28-10
ii libcom-err2 1.45.3-3
ii libgssapi-krb5-2 1.17-6
ii libkrb5-3 1.17-6
ii libpam-modules 1.3.1-5
ii libpam-runtime 1.3.1-5
ii libpam0g 1.3.1-5
ii libselinux1 2.9-2
ii libssl1.1 1.1.1c-1
pn libsystemd0 <none>
ii libwrap0 7.6.q-28
ii lsb-base 10.2019051400
ii openssh-client 1:8.0p1-4
ii openssh-sftp-server 1:8.0p1-4
ii procps 2:3.3.15-2
ii runit-helper 2.8.13.2
ii ucf 3.0038+nmu1
ii zlib1g 1:1.2.11.dfsg-1
Versions of packages openssh-server recommends:
ii libpam-elogind-compat [libpam-systemd] 1.3
ii ncurses-term 6.1+20190713-2
ii xauth 1:1.0.10-1
Versions of packages openssh-server suggests:
ii lxqt-openssh-askpass [ssh-askpass] 0.14.1-1
pn molly-guard <none>
pn monkeysphere <none>
pn rssh <none>
pn ufw <none>
-- debconf information excluded
>From 8a2040f54e832dd589dbf0cb62ffaee28e6dee7a Mon Sep 17 00:00:00 2001
From: Lorenzo Puliti <lorenzo.ru.g@gmail.com>
Date: Mon, 5 Aug 2019 20:24:41 +0200
Subject: [PATCH] Add a runscript for runit
Add a 'run' and a 'finish' script for runit init system;
rely on dh-runit for maintscript code.
---
debian/control | 2 ++
debian/openssh-server.runit | 1 +
debian/openssh-server.ssh.runscript/finish | 16 ++++++++++++++++
debian/openssh-server.ssh.runscript/run | 20 ++++++++++++++++++++
debian/rules | 2 +-
5 files changed, 40 insertions(+), 1 deletion(-)
create mode 100644 debian/openssh-server.runit
create mode 100644 debian/openssh-server.ssh.runscript/finish
create mode 100644 debian/openssh-server.ssh.runscript/run
diff --git a/debian/control b/debian/control
index c690df075..eab4e2b6e 100644
--- a/debian/control
+++ b/debian/control
@@ -19,6 +19,7 @@ Build-Depends: autotools-dev,
libwrap0-dev | libwrap-dev,
pkg-config,
zlib1g-dev (>= 1:1.2.3),
+ dh-runit(>=2.8.8),
Standards-Version: 4.1.0
Uploaders: Colin Watson <cjwatson@debian.org>,
Matthew Vernon <matthew@debian.org>,
@@ -92,6 +93,7 @@ Conflicts: sftp,
Replaces: openssh-client (<< 1:7.9p1-8),
ssh,
ssh-krb5,
+Breaks: ${runit:Breaks}
Suggests: molly-guard,
monkeysphere,
rssh,
diff --git a/debian/openssh-server.runit b/debian/openssh-server.runit
new file mode 100644
index 000000000..cb659a00b
--- /dev/null
+++ b/debian/openssh-server.runit
@@ -0,0 +1 @@
+debian/openssh-server.ssh.runscript logscript,name=ssh,since=1:8.0p1-5
diff --git a/debian/openssh-server.ssh.runscript/finish b/debian/openssh-server.ssh.runscript/finish
new file mode 100644
index 000000000..7e29ef1db
--- /dev/null
+++ b/debian/openssh-server.ssh.runscript/finish
@@ -0,0 +1,16 @@
+#!/bin/sh
+set -e
+
+NAME=ssh
+
+[ $1 = -1 ] && echo "runsv: ERROR in $NAME: unexpected error or wrong sh syntax"
+# no need to stop the service here, runsv will stop trying after the first attempt
+
+[ $1 = 161 ] && echo "runsv: ERROR $1 in $NAME: disabled by local settings" \
+ && sv d $(dirname $0) && exit 0
+
+[ $1 = 162 ] && echo "runsv: ERROR $1 in $NAME: configtest or early setup failed" \
+ && sv d $(dirname $0) && exit 0
+
+echo "$NAME Stopped"
+
diff --git a/debian/openssh-server.ssh.runscript/run b/debian/openssh-server.ssh.runscript/run
new file mode 100644
index 000000000..f9b08a871
--- /dev/null
+++ b/debian/openssh-server.ssh.runscript/run
@@ -0,0 +1,20 @@
+#!/usr/bin/env /lib/runit/invoke-run
+set -e
+
+NAME="ssh"
+
+sv start auditd || sv check auditd || true
+
+# don't start if 'sshd_not_to_be_start' exists
+test -e /etc/ssh/sshd_not_to_be_run && exit 161
+
+#Create /run/sshd
+test -d /run/sshd || mkdir /run/sshd && chmod 0755 /run/sshd
+
+exec 2>&1
+
+#Config test
+/usr/sbin/sshd -t || exit 162
+
+echo "Starting $NAME..."
+exec /usr/sbin/sshd -D -e $SSHD_OPTS
diff --git a/debian/rules b/debian/rules
index 550306d4f..4208569e2 100755
--- a/debian/rules
+++ b/debian/rules
@@ -106,7 +106,7 @@ confflags += --with-ldflags='$(strip -Wl,--as-needed $(LDFLAGS))'
confflags_udeb += --with-ldflags='-Wl,--as-needed'
%:
- dh $@ --with=autoreconf,systemd
+ dh $@ --with=autoreconf,systemd,runit
autoreconf:
autoreconf -f -i
--
2.23.0.rc1
Reply to: