Add systemd stuff to keep track of service

This commit is contained in:
Jakub Jelen 2017-02-20 13:31:29 +01:00
parent 140ef5a0f5
commit 4e7cdec7ef
4 changed files with 106 additions and 30 deletions

View File

@ -1,24 +0,0 @@
diff -up openssh-7.4p1/misc.c.daemon openssh-7.4p1/misc.c
--- openssh-7.4p1/misc.c.daemon 2017-02-03 13:08:14.751282516 +0100
+++ openssh-7.4p1/misc.c 2017-02-03 13:08:14.778282474 +0100
@@ -1273,6 +1273,9 @@ daemonized(void)
return 0; /* parent is not init */
if (getsid(0) != getpid())
return 0; /* not session leader */
+ if (getenv("_SSH_DAEMONIZED") == NULL)
+ return 0; /* already reexeced */
+
debug3("already daemonized");
return 1;
}
diff -up openssh-7.4p1/sshd.c.daemon openssh-7.4p1/sshd.c
--- openssh-7.4p1/sshd.c.daemon 2017-02-03 13:08:14.755282510 +0100
+++ openssh-7.4p1/sshd.c 2017-02-03 13:09:29.765164356 +0100
@@ -1866,6 +1866,7 @@ main(int ac, char **av)
if (daemon(0, 0) < 0)
fatal("daemon() failed: %.200s", strerror(errno));
+ setenv("_SSH_DAEMONIZED", "1", 1);
disconnect_controlling_tty();
}
/* Reinitialize the log (because of the fork above). */

View File

@ -0,0 +1,99 @@
commit 0e22b79bfde45a7cf7a2e51a68ec11c4285f3b31
Author: Jakub Jelen <jjelen@redhat.com>
Date: Mon Nov 21 15:04:06 2016 +0100
systemd stuff
diff --git a/configure.ac b/configure.ac
index 2ffc369..162ce92 100644
--- a/configure.ac
+++ b/configure.ac
@@ -4265,6 +4265,30 @@ AC_ARG_WITH([kerberos5],
AC_SUBST([GSSLIBS])
AC_SUBST([K5LIBS])
+# Check whether user wants systemd support
+SYSTEMD_MSG="no"
+AC_ARG_WITH(systemd,
+ [ --with-systemd Enable systemd support],
+ [ if test "x$withval" != "xno" ; then
+ AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no])
+ if test "$PKGCONFIG" != "no"; then
+ AC_MSG_CHECKING([for libsystemd])
+ if $PKGCONFIG --exists libsystemd; then
+ SYSTEMD_CFLAGS=`$PKGCONFIG --cflags libsystemd`
+ SYSTEMD_LIBS=`$PKGCONFIG --libs libsystemd`
+ CPPFLAGS="$CPPFLAGS $SYSTEMD_CFLAGS"
+ SSHDLIBS="$SSHDLIBS $SYSTEMD_LIBS"
+ AC_MSG_RESULT([yes])
+ AC_DEFINE(HAVE_SYSTEMD, 1, [Define if you want systemd support.])
+ SYSTEMD_MSG="yes"
+ else
+ AC_MSG_RESULT([no])
+ fi
+ fi
+ fi ]
+)
+
+
# Looking for programs, paths and files
PRIVSEP_PATH=/var/empty
@@ -5097,6 +5121,7 @@ echo " libedit support: $LIBEDIT_MSG"
echo " Solaris process contract support: $SPC_MSG"
echo " Solaris project support: $SP_MSG"
echo " Solaris privilege support: $SPP_MSG"
+echo " systemd support: $SYSTEMD_MSG"
echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
echo " BSD Auth support: $BSD_AUTH_MSG"
diff --git a/contrib/sshd.service b/contrib/sshd.service
new file mode 100644
index 0000000..e0d4923
--- /dev/null
+++ b/contrib/sshd.service
@@ -0,0 +1,16 @@
+[Unit]
+Description=OpenSSH server daemon
+Documentation=man:sshd(8) man:sshd_config(5)
+After=network.target
+
+[Service]
+Type=notify
+ExecStart=/usr/sbin/sshd -D $OPTIONS
+ExecReload=/bin/kill -HUP $MAINPID
+KillMode=process
+Restart=on-failure
+RestartPreventExitStatus=255
+
+[Install]
+WantedBy=multi-user.target
+
diff --git a/sshd.c b/sshd.c
index 816611c..b8b9d13 100644
--- a/sshd.c
+++ b/sshd.c
@@ -85,6 +85,10 @@
#include <prot.h>
#endif
+#ifdef HAVE_SYSTEMD
+#include <systemd/sd-daemon.h>
+#endif
+
#include "xmalloc.h"
#include "ssh.h"
#include "ssh2.h"
@@ -1833,6 +1837,11 @@ main(int ac, char **av)
/* ignore SIGPIPE */
signal(SIGPIPE, SIG_IGN);
+#ifdef HAVE_SYSTEMD
+ /* Signal systemd that we are ready to accept connections */
+ sd_notify(0, "READY=1");
+#endif
+
/* Get a connection, either from inetd or a listening TCP socket */
if (inetd_flag) {
server_accept_inetd(&sock_in, &sock_out);

View File

@ -226,12 +226,12 @@ Patch940: openssh-7.2p2-expose-pam.patch
Patch942: openssh-7.2p2-chroot-capabilities.patch Patch942: openssh-7.2p2-chroot-capabilities.patch
# Move MAX_DISPLAYS to a configuration option (#1341302) # Move MAX_DISPLAYS to a configuration option (#1341302)
Patch944: openssh-7.3p1-x11-max-displays.patch Patch944: openssh-7.3p1-x11-max-displays.patch
# Temporary workaround for upstream (#2641)
Patch945: openssh-7.4p1-daemon.patch
# Whitelist /usr/lib*/ as planed upstream to prevent breakage # Whitelist /usr/lib*/ as planed upstream to prevent breakage
Patch946: openssh-7.4p1-pkcs11-whitelist.patch Patch946: openssh-7.4p1-pkcs11-whitelist.patch
# Correct reporting errors from included files (#1408558) # Correct reporting errors from included files (#1408558)
Patch947: openssh-7.4p1-include-errors.patch Patch947: openssh-7.4p1-include-errors.patch
# Help systemd to track the running service
Patch948: openssh-7.4p1-systemd.patch
License: BSD License: BSD
@ -262,6 +262,7 @@ BuildRequires: fipscheck-devel >= 1.3.0
BuildRequires: openssl-devel >= 0.9.8j BuildRequires: openssl-devel >= 0.9.8j
BuildRequires: perl-podlators BuildRequires: perl-podlators
BuildRequires: libcap-ng-devel BuildRequires: libcap-ng-devel
BuildRequires: systemd-devel
%if %{kerberos5} %if %{kerberos5}
BuildRequires: krb5-devel BuildRequires: krb5-devel
@ -465,9 +466,9 @@ popd
%patch940 -p1 -b .expose-pam %patch940 -p1 -b .expose-pam
%patch942 -p1 -b .chroot-cap %patch942 -p1 -b .chroot-cap
%patch944 -p1 -b .x11max %patch944 -p1 -b .x11max
%patch945 -p1 -b .daemon
%patch946 -p1 -b .pkcs11-whitelist %patch946 -p1 -b .pkcs11-whitelist
%patch947 -p1 -b .include-errors %patch947 -p1 -b .include-errors
%patch948 -p1 -b .systemd
%patch200 -p1 -b .audit %patch200 -p1 -b .audit
%patch201 -p1 -b .audit-race %patch201 -p1 -b .audit-race
@ -560,6 +561,7 @@ make clean
--with-ssl-engine \ --with-ssl-engine \
--with-ipaddr-display \ --with-ipaddr-display \
--with-pie=no \ --with-pie=no \
--with-systemd \
%if %{ldap} %if %{ldap}
--with-ldap \ --with-ldap \
%endif %endif

View File

@ -5,10 +5,9 @@ After=network.target sshd-keygen.target
Wants=sshd-keygen.target Wants=sshd-keygen.target
[Service] [Service]
Type=forking Type=notify
PIDFile=/var/run/sshd.pid
EnvironmentFile=-/etc/sysconfig/sshd EnvironmentFile=-/etc/sysconfig/sshd
ExecStart=/usr/sbin/sshd $OPTIONS ExecStart=/usr/sbin/sshd -D $OPTIONS
ExecReload=/bin/kill -HUP $MAINPID ExecReload=/bin/kill -HUP $MAINPID
KillMode=process KillMode=process
Restart=on-failure Restart=on-failure