Add systemd stuff to keep track of service

2017-02-20 13:31:29 +01:00 · 2017-02-20 13:31:29 +01:00 · 4e7cdec7ef
commit 4e7cdec7ef
parent 140ef5a0f5
4 changed files with 106 additions and 30 deletions
--- a/openssh-7.4p1-daemon.patch
+++ b/openssh-7.4p1-daemon.patch
@ -1,24 +0,0 @@
-diff -up openssh-7.4p1/misc.c.daemon openssh-7.4p1/misc.c
--- openssh-7.4p1/misc.c.daemon	2017-02-03 13:08:14.751282516 +0100
-+++ openssh-7.4p1/misc.c	2017-02-03 13:08:14.778282474 +0100
-@@ -1273,6 +1273,9 @@ daemonized(void)
- 		return 0;	/* parent is not init */
- 	if (getsid(0) != getpid())
- 		return 0;	/* not session leader */
-+	if (getenv("_SSH_DAEMONIZED") == NULL)
-+		return 0;	/* already reexeced */
-+
- 	debug3("already daemonized");
- 	return 1;
- }
-diff -up openssh-7.4p1/sshd.c.daemon openssh-7.4p1/sshd.c
--- openssh-7.4p1/sshd.c.daemon	2017-02-03 13:08:14.755282510 +0100
-+++ openssh-7.4p1/sshd.c	2017-02-03 13:09:29.765164356 +0100
-@@ -1866,6 +1866,7 @@ main(int ac, char **av)
- 		if (daemon(0, 0) < 0)
- 			fatal("daemon() failed: %.200s", strerror(errno));
- 
-+		setenv("_SSH_DAEMONIZED", "1", 1);
- 		disconnect_controlling_tty();
- 	}
- 	/* Reinitialize the log (because of the fork above). */
--- a/openssh-7.4p1-systemd.patch
+++ b/openssh-7.4p1-systemd.patch
@ -0,0 +1,99 @@
+commit 0e22b79bfde45a7cf7a2e51a68ec11c4285f3b31
+Author: Jakub Jelen <jjelen@redhat.com>
+Date:   Mon Nov 21 15:04:06 2016 +0100
+
+    systemd stuff
+
+diff --git a/configure.ac b/configure.ac
+index 2ffc369..162ce92 100644
+--- a/configure.ac
+++ b/configure.ac
+@@ -4265,6 +4265,30 @@ AC_ARG_WITH([kerberos5],
+ AC_SUBST([GSSLIBS])
+ AC_SUBST([K5LIBS])
+ 
+# Check whether user wants systemd support
+SYSTEMD_MSG="no"
+AC_ARG_WITH(systemd,
+	[  --with-systemd          Enable systemd support],
+	[ if test "x$withval" != "xno" ; then
+		AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no])
+		if test "$PKGCONFIG" != "no"; then
+			AC_MSG_CHECKING([for libsystemd])
+			if $PKGCONFIG --exists libsystemd; then
+				SYSTEMD_CFLAGS=`$PKGCONFIG --cflags libsystemd`
+				SYSTEMD_LIBS=`$PKGCONFIG --libs libsystemd`
+				CPPFLAGS="$CPPFLAGS $SYSTEMD_CFLAGS"
+				SSHDLIBS="$SSHDLIBS $SYSTEMD_LIBS"
+				AC_MSG_RESULT([yes])
+				AC_DEFINE(HAVE_SYSTEMD, 1, [Define if you want systemd support.])
+				SYSTEMD_MSG="yes"
+			else
+				AC_MSG_RESULT([no])
+			fi
+		fi
+	fi ]
+)
+
+
+ # Looking for programs, paths and files
+ 
+ PRIVSEP_PATH=/var/empty
+@@ -5097,6 +5121,7 @@ echo "                   libedit support: $LIBEDIT_MSG"
+ echo "  Solaris process contract support: $SPC_MSG"
+ echo "           Solaris project support: $SP_MSG"
+ echo "         Solaris privilege support: $SPP_MSG"
+echo "                   systemd support: $SYSTEMD_MSG"
+ echo "       IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
+ echo "           Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
+ echo "                  BSD Auth support: $BSD_AUTH_MSG"
+diff --git a/contrib/sshd.service b/contrib/sshd.service
+new file mode 100644
+index 0000000..e0d4923
+--- /dev/null
+++ b/contrib/sshd.service
+@@ -0,0 +1,16 @@
+[Unit]
+Description=OpenSSH server daemon
+Documentation=man:sshd(8) man:sshd_config(5)
+After=network.target
+
+[Service]
+Type=notify
+ExecStart=/usr/sbin/sshd -D $OPTIONS
+ExecReload=/bin/kill -HUP $MAINPID
+KillMode=process
+Restart=on-failure
+RestartPreventExitStatus=255
+
+[Install]
+WantedBy=multi-user.target
+
+diff --git a/sshd.c b/sshd.c
+index 816611c..b8b9d13 100644
+--- a/sshd.c
+++ b/sshd.c
+@@ -85,6 +85,10 @@
+ #include <prot.h>
+ #endif
+ 
+#ifdef HAVE_SYSTEMD
+#include <systemd/sd-daemon.h>
+#endif
+
+ #include "xmalloc.h"
+ #include "ssh.h"
+ #include "ssh2.h"
+@@ -1833,6 +1837,11 @@ main(int ac, char **av)
+ 	/* ignore SIGPIPE */
+ 	signal(SIGPIPE, SIG_IGN);
+ 
+#ifdef HAVE_SYSTEMD
+	/* Signal systemd that we are ready to accept connections */
+	sd_notify(0, "READY=1");
+#endif
+
+ 	/* Get a connection, either from inetd or a listening TCP socket */
+ 	if (inetd_flag) {
+ 		server_accept_inetd(&sock_in, &sock_out);
+
--- a/openssh.spec
+++ b/openssh.spec
@ -226,12 +226,12 @@ Patch940: openssh-7.2p2-expose-pam.patch
 Patch942: openssh-7.2p2-chroot-capabilities.patch
 # Move MAX_DISPLAYS to a configuration option (#1341302)
 Patch944: openssh-7.3p1-x11-max-displays.patch
-# Temporary workaround for upstream (#2641)
-Patch945: openssh-7.4p1-daemon.patch
 # Whitelist /usr/lib*/ as planed upstream to prevent breakage
 Patch946: openssh-7.4p1-pkcs11-whitelist.patch
 # Correct reporting errors from included files (#1408558)
 Patch947: openssh-7.4p1-include-errors.patch
+# Help systemd to track the running service
+Patch948: openssh-7.4p1-systemd.patch


 License: BSD
@ -262,6 +262,7 @@ BuildRequires: fipscheck-devel >= 1.3.0
 BuildRequires: openssl-devel >= 0.9.8j
 BuildRequires: perl-podlators
 BuildRequires: libcap-ng-devel
+BuildRequires: systemd-devel

 %if %{kerberos5}
 BuildRequires: krb5-devel
@ -465,9 +466,9 @@ popd
 %patch940 -p1 -b .expose-pam
 %patch942 -p1 -b .chroot-cap
 %patch944 -p1 -b .x11max
-%patch945 -p1 -b .daemon
 %patch946 -p1 -b .pkcs11-whitelist
 %patch947 -p1 -b .include-errors
+%patch948 -p1 -b .systemd

 %patch200 -p1 -b .audit
 %patch201 -p1 -b .audit-race
@ -560,6 +561,7 @@ make clean
 	--with-ssl-engine \
 	--with-ipaddr-display \
 	--with-pie=no \
+	--with-systemd \
 %if %{ldap}
 	--with-ldap \
 %endif
--- a/sshd.service
+++ b/sshd.service
@ -5,10 +5,9 @@ After=network.target sshd-keygen.target
 Wants=sshd-keygen.target

 [Service]
-Type=forking
-PIDFile=/var/run/sshd.pid
+Type=notify
 EnvironmentFile=-/etc/sysconfig/sshd
-ExecStart=/usr/sbin/sshd $OPTIONS
+ExecStart=/usr/sbin/sshd -D $OPTIONS
 ExecReload=/bin/kill -HUP $MAINPID
 KillMode=process
 Restart=on-failure