diff options
| author | Ronan Pigott | 2023-06-15 17:57:22 -0700 |
|---|---|---|
| committer | Ronan Pigott | 2023-06-15 20:50:11 -0700 |
| commit | 6470fdea10e92ed0d0709f09d66530082e0fc364 (patch) | |
| tree | 44733cfe10e6babd703c278402fc48a7f962a71d | |
| download | aur-6470fdea10e92ed0d0709f09d66530082e0fc364.tar.gz | |
initial commit
| -rw-r--r-- | .SRCINFO | 26 | ||||
| -rw-r--r-- | 0001-ssh-agent-add-systemd-socket-based-activation.patch | 176 | ||||
| -rw-r--r-- | 10-sd-ssh-agent-auth-sock.conf | 1 | ||||
| -rw-r--r-- | PKGBUILD | 69 | ||||
| -rw-r--r-- | sd-ssh-agent.service | 9 | ||||
| -rw-r--r-- | sd-ssh-agent.socket | 10 |
6 files changed, 291 insertions, 0 deletions
diff --git a/.SRCINFO b/.SRCINFO new file mode 100644 index 000000000000..99728ebde74c --- /dev/null +++ b/.SRCINFO @@ -0,0 +1,26 @@ +pkgbase = sd-ssh-agent + pkgdesc = Openssh ssh-agent with support for systemd socket-based activation + pkgver = 9.3p1 + pkgrel = 1 + url = https://www.openssh.com/portable.html + arch = x86_64 + license = custom:BSD + makedepends = linux-headers + depends = glibc + depends = openssl + depends = systemd + source = https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-9.3p1.tar.gz + source = https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-9.3p1.tar.gz.asc + source = 0001-ssh-agent-add-systemd-socket-based-activation.patch + source = sd-ssh-agent.service + source = sd-ssh-agent.socket + source = 10-sd-ssh-agent-auth-sock.conf + validpgpkeys = 7168B983815A5EEF59A4ADFD2A3F414E736060BA + sha256sums = e9baba7701a76a51f3d85a62c383a3c9dcd97fa900b859bc7db114c1868af8a8 + sha256sums = SKIP + sha256sums = SKIP + sha256sums = SKIP + sha256sums = SKIP + sha256sums = SKIP + +pkgname = sd-ssh-agent diff --git a/0001-ssh-agent-add-systemd-socket-based-activation.patch b/0001-ssh-agent-add-systemd-socket-based-activation.patch new file mode 100644 index 000000000000..c51ee5f44875 --- /dev/null +++ b/0001-ssh-agent-add-systemd-socket-based-activation.patch @@ -0,0 +1,176 @@ +From c0b82718c4994fce670926d4d5deb24459838682 Mon Sep 17 00:00:00 2001 +From: Ronan Pigott <ronan@rjp.ie> +Date: Thu, 15 Jun 2023 13:03:38 -0700 +Subject: [PATCH] ssh-agent: add systemd socket-based activation + +--- + Makefile.in | 3 ++- + configure.ac | 25 +++++++++++++++++++++++++ + ssh-agent.c | 44 +++++++++++++++++++++++++++++++++++--------- + 3 files changed, 62 insertions(+), 10 deletions(-) + +diff --git a/Makefile.in b/Makefile.in +index 70287f51fb81..9bace646fecf 100644 +--- a/Makefile.in ++++ b/Makefile.in +@@ -53,6 +53,7 @@ CHANNELLIBS=@CHANNELLIBS@ + K5LIBS=@K5LIBS@ + GSSLIBS=@GSSLIBS@ + SSHDLIBS=@SSHDLIBS@ ++AGENTLIBS=@AGENTLIBS@ + LIBEDIT=@LIBEDIT@ + LIBFIDO2=@LIBFIDO2@ + AR=@AR@ +@@ -216,7 +217,7 @@ ssh-add$(EXEEXT): $(LIBCOMPAT) libssh.a $(SSHADD_OBJS) + $(LD) -o $@ $(SSHADD_OBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) $(CHANNELLIBS) + + ssh-agent$(EXEEXT): $(LIBCOMPAT) libssh.a $(SSHAGENT_OBJS) +- $(LD) -o $@ $(SSHAGENT_OBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) $(CHANNELLIBS) ++ $(LD) -o $@ $(SSHAGENT_OBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(AGENTLIBS) $(LIBS) $(CHANNELLIBS) + + ssh-keygen$(EXEEXT): $(LIBCOMPAT) libssh.a $(SSHKEYGEN_OBJS) + $(LD) -o $@ $(SSHKEYGEN_OBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) $(CHANNELLIBS) +diff --git a/configure.ac b/configure.ac +index 07893e870659..d12b6e9c0588 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -147,6 +147,16 @@ else + AC_MSG_RESULT([no]) + fi + ++systemd=no ++AC_ARG_WITH([systemd], ++ [ --with-systemd Enable use of systemd socket-based activation ], ++ [ if test "x$withval" = "xyes" ; then ++ systemd=yes ++ AC_DEFINE([WITH_SYSTEMD], [1], [enable systemd socket-based activation]) ++ fi ++ ] ++) ++ + use_stack_protector=1 + use_toolchain_hardening=1 + AC_ARG_WITH([stackprotect], +@@ -3376,6 +3386,18 @@ AC_CHECK_LIB([crypt], [crypt], [ + AC_CHECK_FUNCS([crypt]) + LIBS="$saved_LIBS" + ++if test "x$systemd" == "xyes" ; then ++ # Check for sd_listen_fds in libsystemd for socket activation ++ saved_LIBS="$LIBS" ++ AC_CHECK_LIB([systemd], [sd_listen_fds], [ ++ LIBS="-lsystemd $LIBS" ++ AGENTLIBS="-lsystemd $AGENTLIBS" ++ ]) ++ AC_CHECK_FUNCS([sd_listen_fds]) ++ LIBS="$saved_LIBS" ++ AC_SUBST([AGENTLIBS]) ++fi ++ + # Check for PAM libs + PAM_MSG="no" + AC_ARG_WITH([pam], +@@ -5632,6 +5654,9 @@ fi + if test ! -z "${SSHDLIBS}"; then + echo " +for sshd: ${SSHDLIBS}" + fi ++if test ! -z "${AGENTLIBS}"; then ++echo " +for ssh-agent: ${AGENTLIBS}" ++fi + + echo "" + +diff --git a/ssh-agent.c b/ssh-agent.c +index c72518ba3537..4e62dce4eebb 100644 +--- a/ssh-agent.c ++++ b/ssh-agent.c +@@ -69,6 +69,9 @@ + #include <stdlib.h> + #include <time.h> + #include <string.h> ++#ifdef WITH_SYSTEMD ++# include <systemd/sd-daemon.h> ++#endif + #include <unistd.h> + #ifdef HAVE_UTIL_H + # include <util.h> +@@ -2000,7 +2003,7 @@ int + main(int ac, char **av) + { + int c_flag = 0, d_flag = 0, D_flag = 0, k_flag = 0, s_flag = 0; +- int sock, ch, result, saved_errno; ++ int sock = 0, ch, result, saved_errno; + char *shell, *format, *pidstr, *agentsocket = NULL; + #ifdef HAVE_SETRLIMIT + struct rlimit rlim; +@@ -2015,6 +2018,9 @@ main(int ac, char **av) + struct pollfd *pfd = NULL; + size_t npfd = 0; + u_int maxfds; ++#ifdef WITH_SYSTEMD ++ int nfds = 0; ++#endif + + /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ + sanitise_stdfd(); +@@ -2142,6 +2148,24 @@ main(int ac, char **av) + + parent_pid = getpid(); + ++#ifdef WITH_SYSTEMD ++ nfds = sd_listen_fds(1); ++ if (nfds > 0) { ++ if (agentsocket == NULL) { ++ fprintf(stderr, "%s not set, cannot use socket-activation", ++ SSH_AUTHSOCKET_ENV_NAME); ++ exit(1); ++ } else if (!sd_is_socket_unix(SD_LISTEN_FDS_START, SOCK_STREAM, 0, agentsocket, 0)) { ++ fprintf(stderr, "Unexpected auth sock received from systemd\n"); ++ exit(1); ++ } else if (nfds > 1) { ++ fprintf(stderr, "too many fds received from systemd (%d)\n", nfds); ++ exit(1); ++ } ++ strlcpy(socket_name, agentsocket, sizeof socket_name); ++ sock = SD_LISTEN_FDS_START; ++ } ++#endif + if (agentsocket == NULL) { + /* Create private directory for agent socket */ + mktemp_proto(socket_dir, sizeof(socket_dir)); +@@ -2150,7 +2174,7 @@ main(int ac, char **av) + exit(1); + } + snprintf(socket_name, sizeof socket_name, "%s/agent.%ld", socket_dir, +- (long)parent_pid); ++ (long)parent_pid); + } else { + /* Try to use specified agent socket */ + socket_dir[0] = '\0'; +@@ -2161,14 +2185,16 @@ main(int ac, char **av) + * Create socket early so it will exist before command gets run from + * the parent. + */ +- prev_mask = umask(0177); +- sock = unix_listener(socket_name, SSH_LISTEN_BACKLOG, 0); +- if (sock < 0) { +- /* XXX - unix_listener() calls error() not perror() */ +- *socket_name = '\0'; /* Don't unlink any existing file */ +- cleanup_exit(1); ++ if (sock == 0) { ++ prev_mask = umask(0177); ++ sock = unix_listener(socket_name, SSH_LISTEN_BACKLOG, 0); ++ if (sock < 0) { ++ /* XXX - unix_listener() calls error() not perror() */ ++ *socket_name = '\0'; /* Don't unlink any existing file */ ++ cleanup_exit(1); ++ } ++ umask(prev_mask); + } +- umask(prev_mask); + + /* + * Fork, and have the parent execute the command, if any, or present +-- +2.41.0 + diff --git a/10-sd-ssh-agent-auth-sock.conf b/10-sd-ssh-agent-auth-sock.conf new file mode 100644 index 000000000000..769daba06fc6 --- /dev/null +++ b/10-sd-ssh-agent-auth-sock.conf @@ -0,0 +1 @@ +SSH_AUTH_SOCK=${XDG_RUNTIME_DIR}/sd-ssh-agent.sock diff --git a/PKGBUILD b/PKGBUILD new file mode 100644 index 000000000000..57be084c52d2 --- /dev/null +++ b/PKGBUILD @@ -0,0 +1,69 @@ +# Maintainer: Ronan Pigott <ronan@rjp.ie> +# Contributor: Levente Polyak <anthraxx[at]archlinux[dot]org> +# Contributor: Giancarlo Razzolini <grazzolini@archlinux.org> +# Contributor: Gaetan Bisson <bisson@archlinux.org> +# Contributor: Aaron Griffin <aaron@archlinux.org> +# Contributor: judd <jvinet@zeroflux.org> + +pkgname=sd-ssh-agent +_pkgname=openssh +pkgver=9.3p1 +pkgrel=1 +pkgdesc="Openssh ssh-agent with support for systemd socket-based activation" +arch=('x86_64') +url='https://www.openssh.com/portable.html' +license=('custom:BSD') +depends=( + 'glibc' + 'openssl' + 'systemd' +) +makedepends=('linux-headers') +source=( + "https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/${_pkgname}-${pkgver}.tar.gz"{,.asc} + '0001-ssh-agent-add-systemd-socket-based-activation.patch' + 'sd-ssh-agent.service' + 'sd-ssh-agent.socket' + '10-sd-ssh-agent-auth-sock.conf' +) +sha256sums=( + 'e9baba7701a76a51f3d85a62c383a3c9dcd97fa900b859bc7db114c1868af8a8' + 'SKIP' + 'SKIP' + 'SKIP' + 'SKIP' + 'SKIP' +) +validpgpkeys=('7168B983815A5EEF59A4ADFD2A3F414E736060BA') # Damien Miller <djm@mindrot.org> + +prepare() { + patch -Np1 -d "$_pkgname-$pkgver" -i ../0001-ssh-agent-add-systemd-socket-based-activation.patch + autoreconf "$_pkgname-$pkgver" +} + +build() { + local configure_options=( + --prefix=/usr + --sbindir=/usr/bin + --libexecdir=/usr/lib/ssh + --sysconfdir=/etc/ssh + --disable-strip + --with-systemd + ) + + cd "${_pkgname}-${pkgver}" + + ./configure "${configure_options[@]}" + make ssh-agent +} + +package() { + cd "${_pkgname}-${pkgver}" + + install -Dm755 ./ssh-agent "${pkgdir}"/usr/bin/sd-ssh-agent + install -Dm644 -t "${pkgdir}"/usr/lib/systemd/user/ ../sd-ssh-agent.service + install -Dm644 -t "${pkgdir}"/usr/lib/systemd/user/ ../sd-ssh-agent.socket + install -Dm644 -t "${pkgdir}"/usr/lib/environment.d/ ../10-sd-ssh-agent-auth-sock.conf +} + +# vim: ts=2 sw=2 et: diff --git a/sd-ssh-agent.service b/sd-ssh-agent.service new file mode 100644 index 000000000000..f3315a0fd634 --- /dev/null +++ b/sd-ssh-agent.service @@ -0,0 +1,9 @@ +[Unit] +Description=SSH key agent + +[Service] +Type=simple +ExecStart=/usr/bin/sd-ssh-agent -D -a ${SSH_AUTH_SOCK} + +[Install] +Also=sd-ssh-agent.socket diff --git a/sd-ssh-agent.socket b/sd-ssh-agent.socket new file mode 100644 index 000000000000..5ab3f71838b2 --- /dev/null +++ b/sd-ssh-agent.socket @@ -0,0 +1,10 @@ +[Unit] +ConditionEnvironment=SSH_AUTH_SOCK + +[Socket] +ListenStream=${SSH_AUTH_SOCK} +Backlog=128 +PassCredentials=true + +[Install] +WantedBy=sockets.target |