diff options
| author | Ronan Pigott | 2023-06-16 19:03:57 -0700 |
|---|---|---|
| committer | Ronan Pigott | 2023-06-16 19:17:39 -0700 |
| commit | 6bef0e9e77afcd31544719ce5b24f30c0e8aafe3 (patch) | |
| tree | 92fbee10ccf8d5e774d21455e543afd2af12eb94 | |
| parent | 1ddf3dc8e0c03539b82d8c13c13ae7d0603f5775 (diff) | |
| download | aur-sd-ssh-agent.tar.gz | |
don't remove provided socket on shutdown
| -rw-r--r-- | .SRCINFO | 2 | ||||
| -rw-r--r-- | 0001-ssh-agent-add-systemd-socket-based-activation.patch | 48 | ||||
| -rw-r--r-- | PKGBUILD | 2 | ||||
| -rw-r--r-- | sd-ssh-agent.service | 2 |
4 files changed, 39 insertions, 15 deletions
@@ -1,7 +1,7 @@ pkgbase = sd-ssh-agent pkgdesc = Openssh ssh-agent with support for systemd socket-based activation pkgver = 9.3p1 - pkgrel = 2 + pkgrel = 3 url = https://www.openssh.com/portable.html arch = x86_64 license = custom:BSD diff --git a/0001-ssh-agent-add-systemd-socket-based-activation.patch b/0001-ssh-agent-add-systemd-socket-based-activation.patch index 3d9ae7f86efb..2013f6f20774 100644 --- a/0001-ssh-agent-add-systemd-socket-based-activation.patch +++ b/0001-ssh-agent-add-systemd-socket-based-activation.patch @@ -1,13 +1,13 @@ -From 0e9c9f779c31d51206db84783130ca3f6a0d44f7 Mon Sep 17 00:00:00 2001 +From 60132e12267ecb4e53d8f7311eb34d3aae46b55b Mon Sep 17 00:00:00 2001 From: Ronan Pigott <ronan@rjp.ie> Date: Thu, 15 Jun 2023 13:03:38 -0700 Subject: [PATCH] ssh-agent: add systemd socket-based activation --- Makefile.in | 3 ++- - configure.ac | 25 +++++++++++++++++++++++++ - ssh-agent.c | 44 +++++++++++++++++++++++++++++++++++--------- - 3 files changed, 62 insertions(+), 10 deletions(-) + configure.ac | 25 ++++++++++++++++++++++++ + ssh-agent.c | 54 +++++++++++++++++++++++++++++++++++++++++++--------- + 3 files changed, 72 insertions(+), 10 deletions(-) diff --git a/Makefile.in b/Makefile.in index 70287f51fb81..9bace646fecf 100644 @@ -81,7 +81,7 @@ index 07893e870659..d12b6e9c0588 100644 echo "" diff --git a/ssh-agent.c b/ssh-agent.c -index c72518ba3537..0c31609742d3 100644 +index c72518ba3537..eb3a8b022590 100644 --- a/ssh-agent.c +++ b/ssh-agent.c @@ -69,6 +69,9 @@ @@ -94,7 +94,30 @@ index c72518ba3537..0c31609742d3 100644 #include <unistd.h> #ifdef HAVE_UTIL_H # include <util.h> -@@ -2000,7 +2003,7 @@ int +@@ -166,6 +169,11 @@ pid_t cleanup_pid = 0; + char socket_name[PATH_MAX]; + char socket_dir[PATH_MAX]; + ++#ifdef WITH_SYSTEMD ++/* tracks whether the active AUTH_SOCKET was passed to us by a third party */ ++int external_socket = 0; ++#endif ++ + /* Pattern-list of allowed PKCS#11/Security key paths */ + static char *allowed_providers; + +@@ -1946,6 +1954,10 @@ cleanup_socket(void) + { + if (cleanup_pid != 0 && getpid() != cleanup_pid) + return; ++#ifdef WITH_SYSTEMD ++ if (external_socket) ++ return; ++#endif + debug_f("cleanup"); + if (socket_name[0]) + unlink(socket_name); +@@ -2000,7 +2012,7 @@ int main(int ac, char **av) { int c_flag = 0, d_flag = 0, D_flag = 0, k_flag = 0, s_flag = 0; @@ -103,7 +126,7 @@ index c72518ba3537..0c31609742d3 100644 char *shell, *format, *pidstr, *agentsocket = NULL; #ifdef HAVE_SETRLIMIT struct rlimit rlim; -@@ -2015,6 +2018,9 @@ main(int ac, char **av) +@@ -2015,6 +2027,9 @@ main(int ac, char **av) struct pollfd *pfd = NULL; size_t npfd = 0; u_int maxfds; @@ -113,18 +136,19 @@ index c72518ba3537..0c31609742d3 100644 /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ sanitise_stdfd(); -@@ -2142,6 +2148,24 @@ main(int ac, char **av) +@@ -2142,6 +2157,25 @@ main(int ac, char **av) parent_pid = getpid(); +#ifdef WITH_SYSTEMD + nfds = sd_listen_fds(1); + if (nfds > 0) { ++ sock = SD_LISTEN_FDS_START; + if (agentsocket == NULL) { + fprintf(stderr, "%s not set, cannot use socket-activation", + SSH_AUTHSOCKET_ENV_NAME); + exit(1); -+ } else if (sd_is_socket_unix(SD_LISTEN_FDS_START, SOCK_STREAM, 1, agentsocket, 0) <= 0) { ++ } else if (sd_is_socket_unix(sock, SOCK_STREAM, 1, agentsocket, 0) <= 0) { + fprintf(stderr, "Unexpected auth sock received from systemd. Expected %s\n", agentsocket); + exit(1); + } else if (nfds > 1) { @@ -132,13 +156,13 @@ index c72518ba3537..0c31609742d3 100644 + exit(1); + } + strlcpy(socket_name, agentsocket, sizeof socket_name); -+ sock = SD_LISTEN_FDS_START; ++ external_socket = 1; + } +#endif if (agentsocket == NULL) { /* Create private directory for agent socket */ mktemp_proto(socket_dir, sizeof(socket_dir)); -@@ -2150,7 +2174,7 @@ main(int ac, char **av) +@@ -2150,7 +2184,7 @@ main(int ac, char **av) exit(1); } snprintf(socket_name, sizeof socket_name, "%s/agent.%ld", socket_dir, @@ -147,7 +171,7 @@ index c72518ba3537..0c31609742d3 100644 } else { /* Try to use specified agent socket */ socket_dir[0] = '\0'; -@@ -2161,14 +2185,16 @@ main(int ac, char **av) +@@ -2161,14 +2195,16 @@ main(int ac, char **av) * Create socket early so it will exist before command gets run from * the parent. */ @@ -8,7 +8,7 @@ pkgname=sd-ssh-agent _pkgname=openssh pkgver=9.3p1 -pkgrel=2 +pkgrel=3 pkgdesc="Openssh ssh-agent with support for systemd socket-based activation" arch=('x86_64') url='https://www.openssh.com/portable.html' diff --git a/sd-ssh-agent.service b/sd-ssh-agent.service index f3315a0fd634..15f63715b00c 100644 --- a/sd-ssh-agent.service +++ b/sd-ssh-agent.service @@ -3,7 +3,7 @@ Description=SSH key agent [Service] Type=simple -ExecStart=/usr/bin/sd-ssh-agent -D -a ${SSH_AUTH_SOCK} +ExecStart=/usr/bin/sd-ssh-agent -D -a %t/sd-ssh-agent.sock [Install] Also=sd-ssh-agent.socket |