Merge ~enr0n/ubuntu/+source/openssh:merge-lp2018094-mantic into ubuntu/+source/openssh:debian/sid
- Git
- lp:~enr0n/ubuntu/+source/openssh
- merge-lp2018094-mantic
- Merge into debian/sid
Status: | Needs review | ||||||||
---|---|---|---|---|---|---|---|---|---|
Proposed branch: | ~enr0n/ubuntu/+source/openssh:merge-lp2018094-mantic | ||||||||
Merge into: | ubuntu/+source/openssh:debian/sid | ||||||||
Diff against target: |
1605 lines (+1016/-107) 30 files modified
debian/README.Debian (+10/-17) debian/changelog (+133/-0) debian/control (+2/-1) debian/openssh-server.postinst (+192/-6) debian/openssh-server.postrm (+4/-0) debian/openssh-server.templates (+12/-0) debian/openssh-server.tmpfile (+2/-0) debian/openssh-server.ucf-md5sum (+24/-0) debian/patches/series (+1/-0) debian/patches/socket-activation-documentation.patch (+50/-0) debian/patches/systemd-socket-activation.patch (+152/-44) debian/po/cs.po (+26/-1) debian/po/da.po (+26/-1) debian/po/de.po (+26/-1) debian/po/es.po (+26/-1) debian/po/fr.po (+26/-1) debian/po/it.po (+26/-1) debian/po/ja.po (+26/-1) debian/po/nl.po (+26/-1) debian/po/pt.po (+26/-1) debian/po/pt_BR.po (+26/-1) debian/po/ru.po (+28/-3) debian/po/sv.po (+26/-1) debian/po/templates.pot (+27/-2) debian/po/tr.po (+27/-2) debian/rules (+3/-2) debian/systemd/ssh.service (+0/-2) debian/tests/control (+6/-0) debian/tests/systemd-socket-activation (+57/-0) dev/null (+0/-17) |
||||||||
Related bugs: |
|
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Steve Langasek (community) | Approve | ||
Review via email: mp+443364@code.launchpad.net |
Commit message
Description of the change
I ran autopkgtests locally (amd64) and they passed.
Nick Rosbrook (enr0n) : | # |
Unmerged commits
- f4a0129... by Nick Rosbrook
-
changelog
- 988a629... by Nick Rosbrook
-
update-maintainer
- 2c2be41... by Nick Rosbrook
-
reconstruct-
changelog - f788eb2... by Nick Rosbrook
-
merge-changelogs
- 387eecd... by Nick Rosbrook
-
* debian/
openssh- server. ucf-md5sum: update for Ubuntu delta - 182c872... by Nick Rosbrook
-
* debian/
README. Debian: mention drop-in configurations in instructions
for disabling sshd socket activation (LP: #2017434). - 409372d... by Nick Rosbrook
-
* debian/
tests/systemd- socket- activation: Add autopkgtest for systemd socket
activation functionality. - a9ff51f... by Nick Rosbrook
-
* debian/
patches/ systemd- socket- activation. patch: Fix sshd
re-execution behavior when socket activation is used - 2ff5428... by Nick Rosbrook
-
* debian/
openssh- server. tmpfile, debian/ systemd/ ssh.service: Move
/run/sshd creation out of the systemd unit to a tmpfile config so
that sshd can be run manually if necessary without having to create
this directory by hand. - 17af9ff... by Nick Rosbrook
-
* debian/
openssh- server. ucf-md5sum: Update list of stock sshd_config
checksums to include those from jammy and kinetic.
Preview Diff
1 | diff --git a/debian/.gitignore b/debian/.gitignore |
2 | deleted file mode 100644 |
3 | index 988323b..0000000 |
4 | --- a/debian/.gitignore |
5 | +++ /dev/null |
6 | @@ -1,17 +0,0 @@ |
7 | -/*.debhelper* |
8 | -/*substvars |
9 | -/build-deb |
10 | -/build-udeb |
11 | -/files |
12 | -/keygen-test/key1 |
13 | -/keygen-test/key1.pub |
14 | -/keygen-test/key2 |
15 | -/keygen-test/key2.pub |
16 | -/openssh-client |
17 | -/openssh-client-udeb |
18 | -/openssh-server |
19 | -/openssh-server-udeb |
20 | -/ssh |
21 | -/ssh-askpass-gnome |
22 | -/ssh-krb5 |
23 | -/tmp |
24 | diff --git a/debian/README.Debian b/debian/README.Debian |
25 | index 77d331b..83049c8 100644 |
26 | --- a/debian/README.Debian |
27 | +++ b/debian/README.Debian |
28 | @@ -184,23 +184,7 @@ this sshd manually on upgrades. |
29 | Socket-based activation with systemd |
30 | ------------------------------------ |
31 | |
32 | -If you want to reconfigure systemd to listen on port 22 itself and launch |
33 | -sshd on connection (systemd-style socket activation), then you can run: |
34 | - |
35 | - systemctl disable --now ssh.service |
36 | - systemctl start ssh.socket |
37 | - |
38 | -To roll back this change, run: |
39 | - |
40 | - systemctl stop ssh.socket |
41 | - systemctl enable --now ssh.service |
42 | - |
43 | -Or if you want to make this change permanent: |
44 | - |
45 | - systemctl enable ssh.socket |
46 | - |
47 | -This may be appropriate in environments where minimal footprint is critical |
48 | -(e.g. cloud guests). |
49 | +By default, socket-based activation is used on systems that use systemd. |
50 | |
51 | The provided ssh.socket unit file sets ListenStream=22. If you need to have |
52 | it listen on a different address or port, then you will need to do this as |
53 | @@ -215,6 +199,15 @@ follows (modifying ListenStream to match your requirements): |
54 | |
55 | See systemd.socket(5) for details. |
56 | |
57 | +If you do not want to use socket activation for ssh on your system, you |
58 | +can disable socket activation by running: |
59 | + |
60 | + systemctl disable --now ssh.socket |
61 | + rm -f /etc/systemd/system/ssh.service.d/00-socket.conf |
62 | + rm -f /etc/systemd/system/ssh.service.d/addresses.conf |
63 | + systemctl daemon-reload |
64 | + systemctl enable --now ssh.service |
65 | + |
66 | Terminating SSH sessions cleanly on shutdown/reboot with systemd |
67 | ---------------------------------------------------------------- |
68 | |
69 | diff --git a/debian/changelog b/debian/changelog |
70 | index c725f55..e883b37 100644 |
71 | --- a/debian/changelog |
72 | +++ b/debian/changelog |
73 | @@ -1,3 +1,37 @@ |
74 | +openssh (1:9.2p1-2ubuntu1) mantic; urgency=medium |
75 | + |
76 | + * Merge with Debian unstable (LP: #2018094). Remaining changes: |
77 | + - debian/rules: modify dh_installsystemd invocations for |
78 | + socket-activated sshd |
79 | + - debian/openssh-server.postinst: handle migration of sshd_config options |
80 | + to systemd socket options on upgrade. |
81 | + - debian/README.Debian: document systemd socket activation. |
82 | + - debian/patches/socket-activation-documentation.patch: Document in |
83 | + sshd_config(5) that ListenAddress and Port no longer work. |
84 | + - debian/openssh-server.templates: include debconf prompt explaining |
85 | + when migration cannot happen due to multiple ListenAddress values |
86 | + - debian/.gitignore: drop file |
87 | + - debian/openssh-server.postrm: remove systemd drop-ins for |
88 | + socket-activated sshd on purge |
89 | + - debian/openssh-server.ucf-md5sum: Update list of stock sshd_config |
90 | + checksums to include those from jammy and kinetic. |
91 | + - debian/openssh-server.tmpfile,debian/systemd/ssh.service: Move |
92 | + /run/sshd creation out of the systemd unit to a tmpfile config so |
93 | + that sshd can be run manually if necessary without having to create |
94 | + this directory by hand. |
95 | + - debian/patches/systemd-socket-activation.patch: Fix sshd |
96 | + re-execution behavior when socket activation is used |
97 | + - debian/tests/systemd-socket-activation: Add autopkgtest for systemd socket |
98 | + activation functionality. |
99 | + * Dropped changes, included in Debian: |
100 | + - debian/patches/systemd-socket-activation.patch: Initial implementation |
101 | + * New changes: |
102 | + - debian/README.Debian: mention drop-in configurations in instructions |
103 | + for disabling sshd socket activation (LP: #2017434). |
104 | + - debian/openssh-server.ucf-md5sum: update for Ubuntu delta |
105 | + |
106 | + -- Nick Rosbrook <nick.rosbrook@canonical.com> Fri, 19 May 2023 15:18:17 -0400 |
107 | + |
108 | openssh (1:9.2p1-2) unstable; urgency=medium |
109 | |
110 | * Fix mistakenly-unreleased entry for 1:9.2p1-1 in debian/NEWS. |
111 | @@ -249,6 +283,105 @@ openssh (1:9.1p1-1) unstable; urgency=medium |
112 | |
113 | -- Colin Watson <cjwatson@debian.org> Mon, 14 Nov 2022 16:25:45 +0000 |
114 | |
115 | +openssh (1:9.0p1-1ubuntu8.1) lunar; urgency=medium |
116 | + |
117 | + * debian/patches/systemd-socket-activation.patch: Fix re-execution behavior |
118 | + (LP: #2011458): |
119 | + - Remove FD_CLOEXEC on fds passed by systemd to prevent automatic closing |
120 | + when sshd re-executes. |
121 | + - Do not manually close fds passed by systemd when re-executing. |
122 | + - Only call sd_listen_fds() once, and only in the parent process. |
123 | + - Check the LISTEN_FDS environment variable to get the number of fds |
124 | + passed by systemd when re-executing as a child process. |
125 | + * debian/tests/systemd-socket-activation: Add autopkgtest for systemd socket |
126 | + activation functionality. |
127 | + |
128 | + -- Nick Rosbrook <nick.rosbrook@canonical.com> Fri, 31 Mar 2023 12:44:32 -0400 |
129 | + |
130 | +openssh (1:9.0p1-1ubuntu8) lunar; urgency=medium |
131 | + |
132 | + * debian/openssh-server.postinst: Fix handling of ListenAddress when a port |
133 | + is specified (LP: #1993478): |
134 | + - Strip port before converting hostnames to numerical addresses. |
135 | + - Only append ports when the ListenAddress does not already specify a |
136 | + port. |
137 | + - Revert socket migration on upgrade if a previous version did the |
138 | + migration when it should not have. |
139 | + * debian/openssh-server.postinst: Ignore empty directory failure from rmdir |
140 | + when skipping socket migration (LP: #1995294). |
141 | + |
142 | + -- Nick Rosbrook <nick.rosbrook@canonical.com> Tue, 25 Oct 2022 11:57:43 -0400 |
143 | + |
144 | +openssh (1:9.0p1-1ubuntu7) kinetic; urgency=medium |
145 | + |
146 | + * Update list of stock sshd_config checksums to include those from |
147 | + jammy and kinetic. |
148 | + * Add a workaround for LP: #1990863 (now fixed in livecd-rootfs) to |
149 | + avoid spurious ucf prompts on upgrade. |
150 | + * Move /run/sshd creation out of the systemd unit to a tmpfile config |
151 | + so that sshd can be run manually if necessary without having to create |
152 | + this directory by hand. LP: #1991283. |
153 | + |
154 | + [ Nick Rosbrook ] |
155 | + * debian/openssh-server.postinst: Fix addresses.conf generation when only |
156 | + non-default Port is used in /etc/ssh/sshd_config (LP: #1991199). |
157 | + |
158 | + -- Steve Langasek <vorlon@debian.org> Mon, 26 Sep 2022 21:55:14 +0000 |
159 | + |
160 | +openssh (1:9.0p1-1ubuntu6) kinetic; urgency=medium |
161 | + |
162 | + * Fix syntax error in postinst :/ |
163 | + |
164 | + -- Steve Langasek <vorlon@debian.org> Fri, 23 Sep 2022 19:51:32 +0000 |
165 | + |
166 | +openssh (1:9.0p1-1ubuntu5) kinetic; urgency=medium |
167 | + |
168 | + * Correctly handle the case of new installs, and correctly apply systemd |
169 | + unit overrides on upgrade from existing kinetic systems. |
170 | + |
171 | + -- Steve Langasek <vorlon@debian.org> Fri, 23 Sep 2022 19:45:18 +0000 |
172 | + |
173 | +openssh (1:9.0p1-1ubuntu4) kinetic; urgency=medium |
174 | + |
175 | + * Don't migrate users to socket activation if multiple ListenAddresses |
176 | + might make sshd unreliable on boot. |
177 | + * Fix regexp bug that prevented proper migration of IPv6 address settings. |
178 | + |
179 | + -- Steve Langasek <vorlon@debian.org> Fri, 23 Sep 2022 19:35:37 +0000 |
180 | + |
181 | +openssh (1:9.0p1-1ubuntu3) kinetic; urgency=medium |
182 | + |
183 | + * Document in the default sshd_config file the changes in behavior |
184 | + triggered by use of socket-based activation. |
185 | + |
186 | + -- Steve Langasek <steve.langasek@ubuntu.com> Fri, 26 Aug 2022 00:40:11 +0000 |
187 | + |
188 | +openssh (1:9.0p1-1ubuntu2) kinetic; urgency=medium |
189 | + |
190 | + * Fix manpage to not claim socket-based activation is the default on |
191 | + Debian! |
192 | + |
193 | + -- Steve Langasek <steve.langasek@ubuntu.com> Fri, 26 Aug 2022 00:21:42 +0000 |
194 | + |
195 | +openssh (1:9.0p1-1ubuntu1) kinetic; urgency=medium |
196 | + |
197 | + * debian/patches/systemd-socket-activation.patch: support systemd |
198 | + socket activation. |
199 | + * debian/systemd/ssh.socket, debian/systemd/ssh.service: use socket |
200 | + activation by default. |
201 | + * debian/rules: rejigger dh_installsystemd invocations so ssh.service and |
202 | + ssh.socket don't fight. |
203 | + * debian/openssh-server.postinst: handle migration of sshd_config options |
204 | + to systemd socket options on upgrade. |
205 | + * debian/README.Debian: document systemd socket activation. |
206 | + * debian/patches/socket-activation-documentation.patch: Document in |
207 | + sshd_config(5) that ListenAddress and Port no longer work. |
208 | + * debian/openssh-server.templates, debian/openssh-server.postinst: include |
209 | + debconf warning about possible service failure with multiple |
210 | + ListenAddress settings. |
211 | + |
212 | + -- Steve Langasek <steve.langasek@ubuntu.com> Fri, 19 Aug 2022 20:43:16 +0000 |
213 | + |
214 | openssh (1:9.0p1-1) unstable; urgency=medium |
215 | |
216 | * New upstream release (https://www.openssh.com/releasenotes.html#9.0p1): |
217 | diff --git a/debian/control b/debian/control |
218 | index f3ed979..aa9cc2e 100644 |
219 | --- a/debian/control |
220 | +++ b/debian/control |
221 | @@ -1,7 +1,8 @@ |
222 | Source: openssh |
223 | Section: net |
224 | Priority: standard |
225 | -Maintainer: Debian OpenSSH Maintainers <debian-ssh@lists.debian.org> |
226 | +Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com> |
227 | +XSBC-Original-Maintainer: Debian OpenSSH Maintainers <debian-ssh@lists.debian.org> |
228 | Build-Depends: debhelper (>= 13.1~), |
229 | debhelper-compat (= 13), |
230 | dh-exec, |
231 | diff --git a/debian/openssh-server.postinst b/debian/openssh-server.postinst |
232 | index d38695f..a9d5894 100644 |
233 | --- a/debian/openssh-server.postinst |
234 | +++ b/debian/openssh-server.postinst |
235 | @@ -20,6 +20,86 @@ get_config_option() { |
236 | /etc/ssh/sshd_config |
237 | } |
238 | |
239 | +get_config_option_all() { |
240 | + option="$1" |
241 | + file="$2" |
242 | + |
243 | + if [ -z "$file" ]; then |
244 | + file=/etc/ssh/sshd_config |
245 | + fi |
246 | + |
247 | + [ -f "$file" ] || return 0 |
248 | + # ListenAddress and Port only take a single word argument so anything |
249 | + # after this must be a comment |
250 | + while read option2 value junk; do |
251 | + case $option2 in |
252 | + $option) |
253 | + echo $value |
254 | + ;; |
255 | + Include) |
256 | + # globs |
257 | + for f in $value; do |
258 | + get_config_option_all "$option" "$f" |
259 | + done |
260 | + ;; |
261 | + esac |
262 | + done < $file |
263 | +} |
264 | + |
265 | +hostnames_to_addresses() { |
266 | + addresses="$1" |
267 | + for address in $addresses; do |
268 | + address_no_port="$(address_strip_port $address)" |
269 | + if echo "$address_no_port" | grep -q '^[0-9a-f:]\+$\|^[0-9.]\+$'; then |
270 | + numeric_addresses="$numeric_addresses $address" |
271 | + else |
272 | + new_addresses=$( (getent ahostsv4 $address_no_port; |
273 | + getent ahostsv6 $address_no_port) \ |
274 | + | awk '$1 ~ /^::ffff:/ || $2 != "STREAM" { next; } |
275 | + $1 ~ /:/ { print "[" $1 "]"; next; } |
276 | + { print $1 }' \ |
277 | + | sort -u) |
278 | + port="$(port_from_address $address)" |
279 | + if [ -n "$port" ]; then |
280 | + new_addresses="$(for addr in $new_addresses; do echo $addr:$port; done)" |
281 | + fi |
282 | + numeric_addresses="$numeric_addresses $new_addresses" |
283 | + fi |
284 | + done |
285 | + echo "$numeric_addresses" |
286 | +} |
287 | + |
288 | +port_from_address() { |
289 | + address="$1" |
290 | + if echo $address | grep -q '^\[[0-9a-f:]*\]:'; then |
291 | + # This is an IPv6 address with a port. |
292 | + port="$(echo $address | awk -F':' '{print $NF}')" |
293 | + elif echo $address | grep -q '^\[[0-9a-f:]*\]\+$\|^[0-9a-f:]\+$'; then |
294 | + # This is an IPv6 address without a port. |
295 | + port="" |
296 | + else |
297 | + # This is an IPv4 address or hostname, where the port |
298 | + # may or may not be specified. |
299 | + port="$(echo $address | awk -F':' '{print $2}')" |
300 | + fi |
301 | + echo "$port" |
302 | +} |
303 | + |
304 | +address_strip_port() { |
305 | + address="$1" |
306 | + if echo $address | grep -q '^\[[0-9a-f:]*\]\(:\|$\)'; then |
307 | + # This is an IPv6 address in brackets, with or without a port. |
308 | + address_no_port="$(echo $address | awk -F '[][]' '{print $2}')" |
309 | + elif echo $address | grep -q '^[0-9a-f:]\+$'; then |
310 | + # This is an IPv6 address with no brackets and no port. |
311 | + address_no_port="$address" |
312 | + else |
313 | + # This is an IPv4 address or hostname, where the port |
314 | + # may or may not be specified. |
315 | + address_no_port="$(echo $address | awk -F':' '{print $1}')" |
316 | + fi |
317 | + echo "$address_no_port" |
318 | +} |
319 | |
320 | host_keys_required() { |
321 | hostkeys="$(get_config_option HostKey)" |
322 | @@ -71,15 +151,20 @@ create_keys() { |
323 | |
324 | |
325 | new_config= |
326 | +workaround= |
327 | |
328 | cleanup() { |
329 | if [ "$new_config" ]; then |
330 | rm -f "$new_config" |
331 | fi |
332 | + if [ "$workaround" ]; then |
333 | + rm -f "$workaround" |
334 | + fi |
335 | } |
336 | |
337 | |
338 | create_sshdconfig() { |
339 | + prev_ver="$1" |
340 | # XXX cjwatson 2016-12-24: This debconf template is very confusingly |
341 | # named; its description is "Disable SSH password authentication for |
342 | # root?", so true -> prohibit-password (the upstream default), |
343 | @@ -101,6 +186,21 @@ create_sshdconfig() { |
344 | "$new_config" |
345 | fi |
346 | mkdir -pZ /etc/ssh |
347 | + |
348 | + # Workaround for LP: #1968873: if we have an sshd_config with a known |
349 | + # checksum, confirm it via ucf before applying the changes from |
350 | + # the new version. |
351 | + if dpkg --compare-versions "$prev_ver" lt-nl 1:9.0p1-1ubuntu7 \ |
352 | + && grep -q "^$(md5sum /etc/ssh/sshd_config | awk '{ print $1 }')" \ |
353 | + /usr/share/openssh/sshd_config.md5sum |
354 | + then |
355 | + workaround="$(mktemp)" |
356 | + sed -e'14,16d' "$new_config" > "$workaround" |
357 | + ucf --three-way --debconf-ok \ |
358 | + --sum-file /usr/share/openssh/sshd_config.md5sum \ |
359 | + "$workaround" /etc/ssh/sshd_config |
360 | + fi |
361 | + |
362 | ucf --three-way --debconf-ok \ |
363 | --sum-file /usr/share/openssh/sshd_config.md5sum \ |
364 | "$new_config" /etc/ssh/sshd_config |
365 | @@ -114,7 +214,7 @@ setup_sshd_user() { |
366 | } |
367 | |
368 | if [ "$action" = configure ]; then |
369 | - create_sshdconfig |
370 | + create_sshdconfig "$2" |
371 | create_keys |
372 | setup_sshd_user |
373 | if dpkg --compare-versions "$2" lt-nl 1:7.9p1-5 && \ |
374 | @@ -127,18 +227,104 @@ if [ "$action" = configure ]; then |
375 | # which we now move back into place. |
376 | mv /etc/ssh/moduli.dpkg-bak /etc/ssh/moduli |
377 | fi |
378 | - if dpkg --compare-versions "$2" lt-nl 1:9.1p1-1~ && \ |
379 | - deb-systemd-helper --quiet was-enabled ssh.socket && \ |
380 | - [ -d /run/systemd/system ] |
381 | + if dpkg --compare-versions "$2" lt-nl 1:9.0p1-1ubuntu8~ |
382 | then |
383 | # migrate to systemd socket activation. |
384 | - systemctl unmask ssh.service |
385 | - systemctl disable ssh.service |
386 | + addresses=$(get_config_option_all ListenAddress) |
387 | + addresses=$(hostnames_to_addresses "$addresses") |
388 | + ports=$(get_config_option_all Port) |
389 | + if [ -n "$addresses$ports" ] |
390 | + then |
391 | + override_dir=/etc/systemd/system/ssh.socket.d |
392 | + mkdir -p "$override_dir" |
393 | + echo '[Socket]' > "$override_dir"/addresses.conf.new |
394 | + echo 'ListenStream=' >> "$override_dir"/addresses.conf.new |
395 | + fi |
396 | + if [ -n "$addresses" ]; then |
397 | + [ -n "$ports" ] || ports=22 |
398 | + count=0 |
399 | + for address in $addresses; do |
400 | + count=$((count+1)) |
401 | + port_from_address="$(port_from_address $address)" |
402 | + if [ -z "$port_from_address" ]; then |
403 | + for port in $ports; do |
404 | + echo "ListenStream=$address:$port" \ |
405 | + >> "$override_dir"/addresses.conf.new |
406 | + done |
407 | + else |
408 | + echo "ListenStream=$address" \ |
409 | + >> "$override_dir"/addresses.conf.new |
410 | + fi |
411 | + done |
412 | + if [ $count -gt 1 ]; then |
413 | + db_input critical openssh-server/listenstream-may-fail || true |
414 | + db_go || true |
415 | + rm -f "$override_dir"/addresses.conf.new |
416 | + rmdir --ignore-fail-on-non-empty "$override_dir" |
417 | + NO_SOCKET_MIGRATION=1 |
418 | + fi |
419 | + elif [ -n "$ports" ]; then |
420 | + for port in $ports; do |
421 | + echo "ListenStream=$port" \ |
422 | + >> "$override_dir"/addresses.conf.new |
423 | + done |
424 | + fi |
425 | + |
426 | + if [ -z "$NO_SOCKET_MIGRATION" ] && [ -n "$addresses$ports" ] |
427 | + then |
428 | + mv "$override_dir"/addresses.conf.new \ |
429 | + "$override_dir"/addresses.conf |
430 | + fi |
431 | + fi |
432 | + if dpkg --compare-versions "$2" lt 1:9.0p1-1ubuntu5~; then |
433 | + if [ -z "$NO_SOCKET_MIGRATION" ]; then |
434 | + override_dir=/etc/systemd/system/ssh.service.d |
435 | + mkdir -p "$override_dir" |
436 | + echo '[Unit]' > "$override_dir"/00-socket.conf |
437 | + echo 'After=ssh.socket' >> "$override_dir"/00-socket.conf |
438 | + echo 'Requires=ssh.socket' >> "$override_dir"/00-socket.conf |
439 | + |
440 | + # deb-systemd-helper is inadequate for the task of |
441 | + # changing policy for the units on upgrade |
442 | + if [ -d /run/systemd/system ]; then |
443 | + systemctl daemon-reload |
444 | + systemctl disable ssh.service |
445 | + systemctl unmask ssh.service |
446 | + systemctl stop ssh.service |
447 | + systemctl enable ssh.socket |
448 | + fi |
449 | + fi |
450 | fi |
451 | + |
452 | + # Revert socket migration if we can determine the user hit |
453 | + # LP: #1993478. |
454 | + if dpkg --compare-versions "$2" lt-nl 1:9.0p1-1ubuntu7~ \ |
455 | + && [ -e /etc/systemd/system/ssh.socket.d/addresses.conf ] \ |
456 | + && [ -e /etc/systemd/system/ssh.service.d/00-socket.conf ] \ |
457 | + && [ -n "$NO_SOCKET_MIGRATION" ]; then |
458 | + rm /etc/systemd/system/ssh.socket.d/addresses.conf |
459 | + rmdir --ignore-fail-on-non-empty /etc/systemd/system/ssh.socket.d |
460 | + rm /etc/systemd/system/ssh.service.d/00-socket.conf |
461 | + rmdir --ignore-fail-on-non-empty /etc/systemd/system/ssh.service.d |
462 | + if [ -d /run/systemd/system ]; then |
463 | + systemctl daemon-reload |
464 | + systemctl disable ssh.socket |
465 | + systemctl stop ssh.socket |
466 | + systemctl enable ssh.service |
467 | + fi |
468 | + fi |
469 | fi |
470 | |
471 | #DEBHELPER# |
472 | |
473 | +if [ -d /run/systemd/system ]; then |
474 | + if deb-systemd-helper --quiet was-enabled ssh.socket; then |
475 | + deb-systemd-invoke restart ssh.socket |
476 | + elif deb-systemd-helper --quiet was-enabled ssh.service; then |
477 | + deb-systemd-invoke restart ssh.service |
478 | + fi |
479 | +fi |
480 | + |
481 | db_stop |
482 | |
483 | exit 0 |
484 | diff --git a/debian/openssh-server.postrm b/debian/openssh-server.postrm |
485 | index fbaeb17..46798dd 100644 |
486 | --- a/debian/openssh-server.postrm |
487 | +++ b/debian/openssh-server.postrm |
488 | @@ -23,6 +23,10 @@ case $1 in |
489 | if command -v ucfr >/dev/null 2>&1; then |
490 | ucfr --purge openssh-server /etc/ssh/sshd_config |
491 | fi |
492 | + rm -f /etc/systemd/system/ssh.service.d/00-socket.conf |
493 | + rm -f /etc/systemd/system/ssh.socket.d/addresses.conf |
494 | + rmdir /etc/systemd/system/ssh.service.d || true |
495 | + rmdir /etc/systemd/system/ssh.socket.d || true |
496 | rm -f /etc/ssh/sshd_not_to_be_run |
497 | [ ! -d /etc/ssh ] || rmdir --ignore-fail-on-non-empty /etc/ssh |
498 | |
499 | diff --git a/debian/openssh-server.templates b/debian/openssh-server.templates |
500 | index e071fe3..31f2935 100644 |
501 | --- a/debian/openssh-server.templates |
502 | +++ b/debian/openssh-server.templates |
503 | @@ -21,3 +21,15 @@ Description: Allow password authentication? |
504 | By default, the SSH server will allow authenticating using a password. |
505 | You may want to change this if all users on this system authenticate using |
506 | a stronger authentication method, such as public keys. |
507 | + |
508 | +Template: openssh-server/listenstream-may-fail |
509 | +Type: error |
510 | +_Description: Not migrating to socket activation |
511 | + This version of openssh-server uses socket-based activation by default. |
512 | + However, because you have more than one ListenAddress configured in |
513 | + sshd_config, it is impossible to determine at upgrade time if migrating |
514 | + you to socket-based activation would cause the starting of sshd at boot |
515 | + to be unreliable. |
516 | + . |
517 | + Because a failure to start ssh may make it impossible to admininister a |
518 | + system, you will not be migrated to socket-based activation at this time. |
519 | diff --git a/debian/openssh-server.tmpfile b/debian/openssh-server.tmpfile |
520 | new file mode 100644 |
521 | index 0000000..76c6323 |
522 | --- /dev/null |
523 | +++ b/debian/openssh-server.tmpfile |
524 | @@ -0,0 +1,2 @@ |
525 | +#Type Path Mode UID GID Age Arguments |
526 | +D /run/sshd 0755 root root - - |
527 | diff --git a/debian/openssh-server.ucf-md5sum b/debian/openssh-server.ucf-md5sum |
528 | index 3a9dc23..9a8efb6 100644 |
529 | --- a/debian/openssh-server.ucf-md5sum |
530 | +++ b/debian/openssh-server.ucf-md5sum |
531 | @@ -103,8 +103,32 @@ cc873ab3ccc9cf3a3830c3c0728c0d0b |
532 | 9f1bec115595c0f76282d80abe5d9bcc |
533 | ae1a449c8adb31cb603e28fda5342696 |
534 | |
535 | +# From 1:8.4p1-5 |
536 | +6dbdc3a27e1953d209f929df7aff0c57 |
537 | +0ef8c8fe6a3afd12382dbb93cd7bbb4e |
538 | +ae1a449c8adb31cb603e28fda5342696 |
539 | +9f1bec115595c0f76282d80abe5d9bcc |
540 | + |
541 | # From 1:8.7p1-1: |
542 | fe83fd23553510bb632dc8e6e35ab41a |
543 | d96ecd9064ea650c44372a5a33d3e497 |
544 | 7fdb195ac56e0bf1992e18ac656811af |
545 | 4e03b4df60cd00c651777ec14ff76aef |
546 | + |
547 | +# From 1:8.9p1-3 |
548 | +30e0fe758429c57d35a5e71dbd8dd2f8 |
549 | +23a8a2b1a8f1538be49eb86313367191 |
550 | +133f5f0119fbf5716b7d72048b25ea71 |
551 | +697a81708f11897cb0fef857563dee55 |
552 | + |
553 | +# From 1:9.0p1-1ubuntu3 |
554 | +90ace5da6c7eb3041732930972662f34 |
555 | +b2c07b86695152141e84f44e4414104a |
556 | +e7b9120b6e68c5666ac21a0cc03d4806 |
557 | +9389be84e67cd5a91b97de5ff03c9306 |
558 | + |
559 | +# From 1:9.2p1-2ubuntu1 |
560 | +fac56840f6697a357368bb878dd8fb87 |
561 | +d01da8c9de75176095712d4e37d5dcd5 |
562 | +e4898846045f33b8d99d3263d6f6fd81 |
563 | +ec46dc59ba9c9e9458add405264fcedd |
564 | diff --git a/debian/patches/series b/debian/patches/series |
565 | index cbbfc88..e7e2a9c 100644 |
566 | --- a/debian/patches/series |
567 | +++ b/debian/patches/series |
568 | @@ -26,3 +26,4 @@ maxhostnamelen.patch |
569 | conch-ssh-rsa.patch |
570 | systemd-socket-activation.patch |
571 | remove-spurious-ssh-agent-options.patch |
572 | +socket-activation-documentation.patch |
573 | diff --git a/debian/patches/socket-activation-documentation.patch b/debian/patches/socket-activation-documentation.patch |
574 | new file mode 100644 |
575 | index 0000000..9afde55 |
576 | --- /dev/null |
577 | +++ b/debian/patches/socket-activation-documentation.patch |
578 | @@ -0,0 +1,50 @@ |
579 | +Index: openssh-9.0p1/sshd_config.5 |
580 | +=================================================================== |
581 | +--- openssh-9.0p1.orig/sshd_config.5 |
582 | ++++ openssh-9.0p1/sshd_config.5 |
583 | +@@ -1069,6 +1069,15 @@ |
584 | + Multiple |
585 | + .Cm ListenAddress |
586 | + options are permitted. |
587 | ++.Pp |
588 | ++.Cm Note: |
589 | ++On Ubuntu, the openssh-server package is configured to use systemd |
590 | ++socket-based activation by default. Therefore if you are using systemd with |
591 | ++the default configuration, |
592 | ++.Cm ListenAddress |
593 | ++options will not be honored. Address configuration must be handled in |
594 | ++.Pa /etc/systemd/system/ssh.socket.d |
595 | ++instead. |
596 | + .It Cm LoginGraceTime |
597 | + The server disconnects after this time if the user has not |
598 | + successfully logged in. |
599 | +@@ -1520,6 +1529,15 @@ |
600 | + Multiple options of this type are permitted. |
601 | + See also |
602 | + .Cm ListenAddress . |
603 | ++.Pp |
604 | ++.Cm Note: |
605 | ++On Ubuntu, the openssh-server package is configured to use systemd |
606 | ++socket-based activation by default. Therefore if you are using systemd with |
607 | ++the default configuration, |
608 | ++.Cm Port |
609 | ++options will not be honored. Address configuration must be handled in |
610 | ++.Pa /etc/systemd/system/ssh.socket.d |
611 | ++instead. |
612 | + .It Cm PrintLastLog |
613 | + Specifies whether |
614 | + .Xr sshd 8 |
615 | +Index: openssh-9.0p1/sshd_config |
616 | +=================================================================== |
617 | +--- openssh-9.0p1.orig/sshd_config |
618 | ++++ openssh-9.0p1/sshd_config |
619 | +@@ -12,6 +12,9 @@ |
620 | + |
621 | + Include /etc/ssh/sshd_config.d/*.conf |
622 | + |
623 | ++# Port and ListenAddress options are not used when sshd is socket-activated, |
624 | ++# which is now the default in Ubuntu. See sshd_config(5) and |
625 | ++# /usr/share/doc/openssh-server/README.Debian.gz for details. |
626 | + #Port 22 |
627 | + #AddressFamily any |
628 | + #ListenAddress 0.0.0.0 |
629 | diff --git a/debian/patches/systemd-socket-activation.patch b/debian/patches/systemd-socket-activation.patch |
630 | index 5441622..3bfa116 100644 |
631 | --- a/debian/patches/systemd-socket-activation.patch |
632 | +++ b/debian/patches/systemd-socket-activation.patch |
633 | @@ -1,47 +1,72 @@ |
634 | -From 4cedd1c9acac0fba598db2eaf43278dfe8e53ef0 Mon Sep 17 00:00:00 2001 |
635 | -From: Steve Langasek <steve.langasek@ubuntu.com> |
636 | -Date: Thu, 1 Sep 2022 16:03:37 +0100 |
637 | -Subject: Support systemd socket activation |
638 | +Description: support systemd socket activation |
639 | + Unlike inetd socket activation, with systemd socket activation the |
640 | + supervisor passes the listened-on socket to the child process and lets |
641 | + the child process handle the accept(). This lets us do delayed start |
642 | + of the sshd daemon without becoming incompatible with config options |
643 | + like ClientAliveCountMax. |
644 | +Author: Steve Langasek <steve.langasek@ubuntu.com> |
645 | +Author: Nick Rosbrook <nick.rosbrook@canonical.com> |
646 | +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/2011458 |
647 | +Last-Update: 2023-04-17 |
648 | |
649 | -Unlike inetd socket activation, with systemd socket activation the |
650 | -supervisor passes the listened-on socket to the child process and lets |
651 | -the child process handle the accept(). This lets us do delayed start |
652 | -of the sshd daemon without becoming incompatible with config options |
653 | -like ClientAliveCountMax. |
654 | - |
655 | -Last-Update: 2022-09-01 |
656 | - |
657 | -Patch-Name: systemd-socket-activation.patch |
658 | ---- |
659 | - sshd.c | 89 +++++++++++++++++++++++++++++++++++++++++++++++++--------- |
660 | - 1 file changed, 75 insertions(+), 14 deletions(-) |
661 | - |
662 | -diff --git a/sshd.c b/sshd.c |
663 | -index 0a4eefe01..fc22fcb62 100644 |
664 | --- a/sshd.c |
665 | +++ b/sshd.c |
666 | -@@ -141,10 +141,16 @@ int deny_severity; |
667 | +@@ -140,11 +140,14 @@ |
668 | + int deny_severity; |
669 | #endif /* LIBWRAP */ |
670 | |
671 | ++/* This will only get set if we build with systemd. */ |
672 | ++static int systemd_num_listen_fds; |
673 | ++ |
674 | /* Re-exec fds */ |
675 | -#define REEXEC_DEVCRYPTO_RESERVED_FD (STDERR_FILENO + 1) |
676 | -#define REEXEC_STARTUP_PIPE_FD (STDERR_FILENO + 2) |
677 | -#define REEXEC_CONFIG_PASS_FD (STDERR_FILENO + 3) |
678 | -#define REEXEC_MIN_FREE_FD (STDERR_FILENO + 4) |
679 | -+#ifdef HAVE_SYSTEMD |
680 | -+#define SYSTEMD_OFFSET sd_listen_fds(0) |
681 | -+#else |
682 | -+#define SYSTEMD_OFFSET 0 |
683 | -+#endif |
684 | -+ |
685 | -+#define REEXEC_DEVCRYPTO_RESERVED_FD (STDERR_FILENO + 1 + SYSTEMD_OFFSET) |
686 | -+#define REEXEC_STARTUP_PIPE_FD (STDERR_FILENO + 2 + SYSTEMD_OFFSET) |
687 | -+#define REEXEC_CONFIG_PASS_FD (STDERR_FILENO + 3 + SYSTEMD_OFFSET) |
688 | -+#define REEXEC_MIN_FREE_FD (STDERR_FILENO + 4 + SYSTEMD_OFFSET) |
689 | ++#define REEXEC_DEVCRYPTO_RESERVED_FD (STDERR_FILENO + 1 + systemd_num_listen_fds) |
690 | ++#define REEXEC_STARTUP_PIPE_FD (STDERR_FILENO + 2 + systemd_num_listen_fds) |
691 | ++#define REEXEC_CONFIG_PASS_FD (STDERR_FILENO + 3 + systemd_num_listen_fds) |
692 | ++#define REEXEC_MIN_FREE_FD (STDERR_FILENO + 4 + systemd_num_listen_fds) |
693 | |
694 | extern char *__progname; |
695 | |
696 | -@@ -1025,6 +1031,48 @@ server_accept_inetd(int *sock_in, int *sock_out) |
697 | +@@ -195,6 +198,7 @@ |
698 | + */ |
699 | + #define MAX_LISTEN_SOCKS 16 |
700 | + static int listen_socks[MAX_LISTEN_SOCKS]; |
701 | ++static int listen_socks_no_close[MAX_LISTEN_SOCKS]; |
702 | + static int num_listen_socks = 0; |
703 | + |
704 | + /* Daemon's agent connection */ |
705 | +@@ -280,12 +284,16 @@ |
706 | + * Close all listening sockets |
707 | + */ |
708 | + static void |
709 | +-close_listen_socks(void) |
710 | ++close_listen_socks(int force) |
711 | + { |
712 | + int i; |
713 | + |
714 | +- for (i = 0; i < num_listen_socks; i++) |
715 | ++ for (i = 0; i < num_listen_socks; i++) { |
716 | ++ if (listen_socks_no_close[i] > 0 && force <= 0) |
717 | ++ continue; |
718 | ++ |
719 | + close(listen_socks[i]); |
720 | ++ } |
721 | + num_listen_socks = 0; |
722 | + } |
723 | + |
724 | +@@ -324,7 +332,7 @@ |
725 | + if (options.pid_file != NULL) |
726 | + unlink(options.pid_file); |
727 | + platform_pre_restart(); |
728 | +- close_listen_socks(); |
729 | ++ close_listen_socks(/* force = */ 0); |
730 | + close_startup_pipes(); |
731 | + ssh_signal(SIGHUP, SIG_IGN); /* will be restored after exec */ |
732 | + execv(saved_argv[0], saved_argv); |
733 | +@@ -1033,6 +1041,65 @@ |
734 | debug("inetd sockets after dupping: %d, %d", *sock_in, *sock_out); |
735 | } |
736 | |
737 | @@ -52,7 +77,7 @@ index 0a4eefe01..fc22fcb62 100644 |
738 | +static void |
739 | +setup_systemd_socket(int listen_sock) |
740 | +{ |
741 | -+ int ret; |
742 | ++ int flags, ret; |
743 | + struct sockaddr_storage addr; |
744 | + socklen_t len = sizeof(addr); |
745 | + char ntop[NI_MAXHOST], strport[NI_MAXSERV]; |
746 | @@ -77,10 +102,27 @@ index 0a4eefe01..fc22fcb62 100644 |
747 | + close(listen_sock); |
748 | + return; |
749 | + } |
750 | ++ |
751 | + /* Socket options */ |
752 | + set_reuseaddr(listen_sock); |
753 | + |
754 | ++ /* systemd sets FD_CLOEXEC on the fds it passes to us, but we need this |
755 | ++ * to stay open across re-exec. */ |
756 | ++ flags = fcntl(listen_sock, F_GETFD); |
757 | ++ if (flags < 0) { |
758 | ++ error("Failed to get fd flags: %s", strerror(errno)); |
759 | ++ close(listen_sock); |
760 | ++ return; |
761 | ++ } |
762 | ++ |
763 | ++ if (fcntl(listen_sock, F_SETFD, flags & ~FD_CLOEXEC) < 0) { |
764 | ++ error("Failed to clear FD_CLOEXEC flag: %s", strerror(errno)); |
765 | ++ close(listen_sock); |
766 | ++ return; |
767 | ++ } |
768 | ++ |
769 | + listen_socks[num_listen_socks] = listen_sock; |
770 | ++ listen_socks_no_close[num_listen_socks] = 1; |
771 | + num_listen_socks++; |
772 | + |
773 | + logit("Server listening on %s port %s.", ntop, strport); |
774 | @@ -90,15 +132,7 @@ index 0a4eefe01..fc22fcb62 100644 |
775 | /* |
776 | * Listen for TCP connections |
777 | */ |
778 | -@@ -1104,22 +1152,35 @@ static void |
779 | - server_listen(void) |
780 | - { |
781 | - u_int i; |
782 | -+#ifdef HAVE_SYSTEMD |
783 | -+ int systemd_socket_count; |
784 | -+#endif |
785 | - |
786 | - /* Initialise per-source limit tracking. */ |
787 | +@@ -1117,17 +1184,26 @@ |
788 | srclimit_init(options.max_startups, options.per_source_max_startups, |
789 | options.per_source_masklen_ipv4, options.per_source_masklen_ipv6); |
790 | |
791 | @@ -109,11 +143,10 @@ index 0a4eefe01..fc22fcb62 100644 |
792 | - memset(&options.listen_addrs[i], 0, |
793 | - sizeof(options.listen_addrs[i])); |
794 | +#ifdef HAVE_SYSTEMD |
795 | -+ systemd_socket_count = sd_listen_fds(0); |
796 | -+ if (systemd_socket_count > 0) |
797 | ++ if (systemd_num_listen_fds > 0) |
798 | + { |
799 | + int i; |
800 | -+ for (i = 0; i < systemd_socket_count; i++) |
801 | ++ for (i = 0; i < systemd_num_listen_fds; i++) |
802 | + setup_systemd_socket(SD_LISTEN_FDS_START + i); |
803 | + } else |
804 | +#endif |
805 | @@ -136,3 +169,78 @@ index 0a4eefe01..fc22fcb62 100644 |
806 | if (!num_listen_socks) |
807 | fatal("Cannot bind any address."); |
808 | } |
809 | +@@ -1182,7 +1258,7 @@ |
810 | + if (received_sigterm) { |
811 | + logit("Received signal %d; terminating.", |
812 | + (int) received_sigterm); |
813 | +- close_listen_socks(); |
814 | ++ close_listen_socks(/* force = */ 1); |
815 | + if (options.pid_file != NULL) |
816 | + unlink(options.pid_file); |
817 | + exit(received_sigterm == SIGTERM ? 0 : 255); |
818 | +@@ -1196,7 +1272,7 @@ |
819 | + if (received_sighup) { |
820 | + if (!lameduck) { |
821 | + debug("Received SIGHUP; waiting for children"); |
822 | +- close_listen_socks(); |
823 | ++ close_listen_socks(/* force = */ 0); |
824 | + lameduck = 1; |
825 | + } |
826 | + if (listening <= 0) { |
827 | +@@ -1319,7 +1395,7 @@ |
828 | + * connection without forking. |
829 | + */ |
830 | + debug("Server will not fork when running in debugging mode."); |
831 | +- close_listen_socks(); |
832 | ++ close_listen_socks(/* force = */ 0); |
833 | + *sock_in = *newsock; |
834 | + *sock_out = *newsock; |
835 | + close(startup_p[0]); |
836 | +@@ -1353,7 +1429,7 @@ |
837 | + platform_post_fork_child(); |
838 | + startup_pipe = startup_p[1]; |
839 | + close_startup_pipes(); |
840 | +- close_listen_socks(); |
841 | ++ close_listen_socks(/* force = */ 0); |
842 | + *sock_in = *newsock; |
843 | + *sock_out = *newsock; |
844 | + log_init(__progname, |
845 | +@@ -1701,6 +1777,38 @@ |
846 | + break; |
847 | + } |
848 | + } |
849 | ++ |
850 | ++#ifdef HAVE_SYSTEMD |
851 | ++ /* We should call sd_listen_fds() exactly once, and only in the parent |
852 | ++ * process. |
853 | ++ * |
854 | ++ * If the parent calls sd_listen_fds() more than once, then FD_CLOEXEC |
855 | ++ * will be re-configured for the passed fds, which will cause problems |
856 | ++ * during re-execution. The FD_CLOEXEC flag will be cleared by |
857 | ++ * setup_systemd_socket(). |
858 | ++ * |
859 | ++ * If the child calls sd_listen_fds(), it will return 0 because it will |
860 | ++ * compare our pid to the LISTEN_PID environment variable, and only |
861 | ++ * return LISTEN_FDS if they match. Thus, when we are a child process, |
862 | ++ * check the LISTEN_FDS ourselves. */ |
863 | ++ if (rexeced_flag) { |
864 | ++ const char* s = getenv("LISTEN_FDS"); |
865 | ++ if (s && s[0] != '\0') { |
866 | ++ errno = 0; |
867 | ++ r = (int)strtonum(s, 0, MAX_LISTEN_SOCKS, NULL); |
868 | ++ if (errno > 0) |
869 | ++ fatal("Failed to parse LISTEN_FDS: %s", strerror(errno)); |
870 | ++ } else |
871 | ++ r = 0; |
872 | ++ } else { |
873 | ++ r = sd_listen_fds(0); |
874 | ++ if (r < 0) |
875 | ++ fatal("Failed to get systemd socket fds: %s", strerror(-r)); |
876 | ++ } |
877 | ++ |
878 | ++ systemd_num_listen_fds = r; |
879 | ++#endif |
880 | ++ |
881 | + if (rexeced_flag || inetd_flag) |
882 | + rexec_flag = 0; |
883 | + if (!test_flag && rexec_flag && !path_absolute(av[0])) |
884 | diff --git a/debian/po/cs.po b/debian/po/cs.po |
885 | index d01e0ff..21b4c7b 100644 |
886 | --- a/debian/po/cs.po |
887 | +++ b/debian/po/cs.po |
888 | @@ -7,7 +7,7 @@ msgid "" |
889 | msgstr "" |
890 | "Project-Id-Version: openssh 1:6.6p1-1\n" |
891 | "Report-Msgid-Bugs-To: openssh@packages.debian.org\n" |
892 | -"POT-Creation-Date: 2014-03-20 02:06+0000\n" |
893 | +"POT-Creation-Date: 2022-09-23 19:34+0000\n" |
894 | "PO-Revision-Date: 2014-06-12 12:25+0200\n" |
895 | "Last-Translator: Michal Simunek <michal.simunek@gmail.com>\n" |
896 | "Language-Team: Czech <debian-l10n-czech@lists.debian.org>\n" |
897 | @@ -53,3 +53,28 @@ msgstr "" |
898 | "poškodit systémy, které jsou nastaveny s předpokladem, že bude možné se " |
899 | "přihlašovat přes SSH jako root pomocí ověřování heslem. Změnu této volby " |
900 | "byste měli provést pouze pokud ověřování heslem potřebujete." |
901 | + |
902 | +#. Type: error |
903 | +#. Description |
904 | +#: ../openssh-server.templates:3001 |
905 | +msgid "Not migrating to socket activation" |
906 | +msgstr "" |
907 | + |
908 | +#. Type: error |
909 | +#. Description |
910 | +#: ../openssh-server.templates:3001 |
911 | +msgid "" |
912 | +"This version of openssh-server uses socket-based activation by default. " |
913 | +"However, because you have more than one ListenAddress configured in " |
914 | +"sshd_config, it is impossible to determine at upgrade time if migrating you " |
915 | +"to socket-based activation would cause the starting of sshd at boot to be " |
916 | +"unreliable." |
917 | +msgstr "" |
918 | + |
919 | +#. Type: error |
920 | +#. Description |
921 | +#: ../openssh-server.templates:3001 |
922 | +msgid "" |
923 | +"Because a failure to start ssh may make it impossible to admininister a " |
924 | +"system, you will not be migrated to socket-based activation at this time." |
925 | +msgstr "" |
926 | diff --git a/debian/po/da.po b/debian/po/da.po |
927 | index 70d576d..a08ca3b 100644 |
928 | --- a/debian/po/da.po |
929 | +++ b/debian/po/da.po |
930 | @@ -7,7 +7,7 @@ msgid "" |
931 | msgstr "" |
932 | "Project-Id-Version: openssh\n" |
933 | "Report-Msgid-Bugs-To: openssh@packages.debian.org\n" |
934 | -"POT-Creation-Date: 2014-03-20 02:06+0000\n" |
935 | +"POT-Creation-Date: 2022-09-23 19:34+0000\n" |
936 | "PO-Revision-Date: 2014-03-21 23:51+0200\n" |
937 | "Last-Translator: Joe Hansen <joedalton2@yahoo.dk>\n" |
938 | "Language-Team: Danish <debian-l10n-danish@lists.debian.org>\n" |
939 | @@ -53,3 +53,28 @@ msgstr "" |
940 | "Det kan dog ødelægge systemer, som er opsat med forventning om at kunne SSH " |
941 | "som root via brug af adgangskodegodkendelse. Du skal kun lave denne ændring, " |
942 | "hvis du ikke har brug for dette." |
943 | + |
944 | +#. Type: error |
945 | +#. Description |
946 | +#: ../openssh-server.templates:3001 |
947 | +msgid "Not migrating to socket activation" |
948 | +msgstr "" |
949 | + |
950 | +#. Type: error |
951 | +#. Description |
952 | +#: ../openssh-server.templates:3001 |
953 | +msgid "" |
954 | +"This version of openssh-server uses socket-based activation by default. " |
955 | +"However, because you have more than one ListenAddress configured in " |
956 | +"sshd_config, it is impossible to determine at upgrade time if migrating you " |
957 | +"to socket-based activation would cause the starting of sshd at boot to be " |
958 | +"unreliable." |
959 | +msgstr "" |
960 | + |
961 | +#. Type: error |
962 | +#. Description |
963 | +#: ../openssh-server.templates:3001 |
964 | +msgid "" |
965 | +"Because a failure to start ssh may make it impossible to admininister a " |
966 | +"system, you will not be migrated to socket-based activation at this time." |
967 | +msgstr "" |
968 | diff --git a/debian/po/de.po b/debian/po/de.po |
969 | index ecba54b..2536ea4 100644 |
970 | --- a/debian/po/de.po |
971 | +++ b/debian/po/de.po |
972 | @@ -8,7 +8,7 @@ msgid "" |
973 | msgstr "" |
974 | "Project-Id-Version: openssh_1:6.6p1-1\n" |
975 | "Report-Msgid-Bugs-To: openssh@packages.debian.org\n" |
976 | -"POT-Creation-Date: 2014-03-20 02:06+0000\n" |
977 | +"POT-Creation-Date: 2022-09-23 19:34+0000\n" |
978 | "PO-Revision-Date: 2014-03-24 22:21+0100\n" |
979 | "Last-Translator: Stephan Beck <sbeck@mailbox.org>\n" |
980 | "Language-Team: Debian German translation team <debian-l10n-german@lists." |
981 | @@ -59,3 +59,28 @@ msgstr "" |
982 | "in der Absicht konfiguriert wurden, die Anmeldung als »root« über SSH unter " |
983 | "Verwendung von Passwort-Authentifizierung zuzulassen. Sie sollten diese " |
984 | "Änderung nur vornehmen, wenn Sie auf Letzteres verzichten können." |
985 | + |
986 | +#. Type: error |
987 | +#. Description |
988 | +#: ../openssh-server.templates:3001 |
989 | +msgid "Not migrating to socket activation" |
990 | +msgstr "" |
991 | + |
992 | +#. Type: error |
993 | +#. Description |
994 | +#: ../openssh-server.templates:3001 |
995 | +msgid "" |
996 | +"This version of openssh-server uses socket-based activation by default. " |
997 | +"However, because you have more than one ListenAddress configured in " |
998 | +"sshd_config, it is impossible to determine at upgrade time if migrating you " |
999 | +"to socket-based activation would cause the starting of sshd at boot to be " |
1000 | +"unreliable." |
1001 | +msgstr "" |
1002 | + |
1003 | +#. Type: error |
1004 | +#. Description |
1005 | +#: ../openssh-server.templates:3001 |
1006 | +msgid "" |
1007 | +"Because a failure to start ssh may make it impossible to admininister a " |
1008 | +"system, you will not be migrated to socket-based activation at this time." |
1009 | +msgstr "" |
1010 | diff --git a/debian/po/es.po b/debian/po/es.po |
1011 | index de8a67a..14550d6 100644 |
1012 | --- a/debian/po/es.po |
1013 | +++ b/debian/po/es.po |
1014 | @@ -28,7 +28,7 @@ msgid "" |
1015 | msgstr "" |
1016 | "Project-Id-Version: openssh\n" |
1017 | "Report-Msgid-Bugs-To: openssh@packages.debian.org\n" |
1018 | -"POT-Creation-Date: 2014-03-20 02:06+0000\n" |
1019 | +"POT-Creation-Date: 2022-09-23 19:34+0000\n" |
1020 | "PO-Revision-Date: 2014-03-23 20:43-0300\n" |
1021 | "Last-Translator: Matías Bellone <matiasbellone+debian@gmail.com>\n" |
1022 | "Language-Team: Debian l10n Spanish <debian-l10n-spanish@lists.debian.org>\n" |
1023 | @@ -78,3 +78,28 @@ msgstr "" |
1024 | "configuración permite que el usuario root inicie sesión a través de SSH " |
1025 | "utilizando una contraseña. Sólo debería realizar este cambio si no necesita " |
1026 | "este comportamiento." |
1027 | + |
1028 | +#. Type: error |
1029 | +#. Description |
1030 | +#: ../openssh-server.templates:3001 |
1031 | +msgid "Not migrating to socket activation" |
1032 | +msgstr "" |
1033 | + |
1034 | +#. Type: error |
1035 | +#. Description |
1036 | +#: ../openssh-server.templates:3001 |
1037 | +msgid "" |
1038 | +"This version of openssh-server uses socket-based activation by default. " |
1039 | +"However, because you have more than one ListenAddress configured in " |
1040 | +"sshd_config, it is impossible to determine at upgrade time if migrating you " |
1041 | +"to socket-based activation would cause the starting of sshd at boot to be " |
1042 | +"unreliable." |
1043 | +msgstr "" |
1044 | + |
1045 | +#. Type: error |
1046 | +#. Description |
1047 | +#: ../openssh-server.templates:3001 |
1048 | +msgid "" |
1049 | +"Because a failure to start ssh may make it impossible to admininister a " |
1050 | +"system, you will not be migrated to socket-based activation at this time." |
1051 | +msgstr "" |
1052 | diff --git a/debian/po/fr.po b/debian/po/fr.po |
1053 | index f7125e9..7d7093b 100644 |
1054 | --- a/debian/po/fr.po |
1055 | +++ b/debian/po/fr.po |
1056 | @@ -7,7 +7,7 @@ msgid "" |
1057 | msgstr "" |
1058 | "Project-Id-Version: openssh_1:6.5p1-6\n" |
1059 | "Report-Msgid-Bugs-To: openssh@packages.debian.org\n" |
1060 | -"POT-Creation-Date: 2014-03-20 02:06+0000\n" |
1061 | +"POT-Creation-Date: 2022-09-23 19:34+0000\n" |
1062 | "PO-Revision-Date: 2014-03-22 08:26+0100\n" |
1063 | "Last-Translator: Étienne Gilli <etienne.gilli@gmail.com>\n" |
1064 | "Language-Team: French <debian-l10n-french@lists.debian.org>\n" |
1065 | @@ -57,3 +57,28 @@ msgstr "" |
1066 | "inutilisables les systèmes reposant sur la possibilité de se connecter au " |
1067 | "compte « root » par SSH avec authentification par mot de passe. Vous ne " |
1068 | "devriez appliquer cette modification que si ce n’est pas votre cas." |
1069 | + |
1070 | +#. Type: error |
1071 | +#. Description |
1072 | +#: ../openssh-server.templates:3001 |
1073 | +msgid "Not migrating to socket activation" |
1074 | +msgstr "" |
1075 | + |
1076 | +#. Type: error |
1077 | +#. Description |
1078 | +#: ../openssh-server.templates:3001 |
1079 | +msgid "" |
1080 | +"This version of openssh-server uses socket-based activation by default. " |
1081 | +"However, because you have more than one ListenAddress configured in " |
1082 | +"sshd_config, it is impossible to determine at upgrade time if migrating you " |
1083 | +"to socket-based activation would cause the starting of sshd at boot to be " |
1084 | +"unreliable." |
1085 | +msgstr "" |
1086 | + |
1087 | +#. Type: error |
1088 | +#. Description |
1089 | +#: ../openssh-server.templates:3001 |
1090 | +msgid "" |
1091 | +"Because a failure to start ssh may make it impossible to admininister a " |
1092 | +"system, you will not be migrated to socket-based activation at this time." |
1093 | +msgstr "" |
1094 | diff --git a/debian/po/it.po b/debian/po/it.po |
1095 | index dd71060..5390795 100644 |
1096 | --- a/debian/po/it.po |
1097 | +++ b/debian/po/it.po |
1098 | @@ -6,7 +6,7 @@ msgid "" |
1099 | msgstr "" |
1100 | "Project-Id-Version: openssh\n" |
1101 | "Report-Msgid-Bugs-To: openssh@packages.debian.org\n" |
1102 | -"POT-Creation-Date: 2014-03-20 02:06+0000\n" |
1103 | +"POT-Creation-Date: 2022-09-23 19:34+0000\n" |
1104 | "PO-Revision-Date: 2014-03-28 11:12+0200\n" |
1105 | "Last-Translator: Beatrice Torracca <beatricet@libero.it>\n" |
1106 | "Language-Team: Italian <debian-l10n-italian@lists.debian.org>\n" |
1107 | @@ -56,3 +56,28 @@ msgstr "" |
1108 | "impostati facendo affidamento sulla possibilità di autenticazione SSH come " |
1109 | "root usando la password. Si dovrebbe fare questo cambiamento solo se non si " |
1110 | "ha bisogno di tale comportamento." |
1111 | + |
1112 | +#. Type: error |
1113 | +#. Description |
1114 | +#: ../openssh-server.templates:3001 |
1115 | +msgid "Not migrating to socket activation" |
1116 | +msgstr "" |
1117 | + |
1118 | +#. Type: error |
1119 | +#. Description |
1120 | +#: ../openssh-server.templates:3001 |
1121 | +msgid "" |
1122 | +"This version of openssh-server uses socket-based activation by default. " |
1123 | +"However, because you have more than one ListenAddress configured in " |
1124 | +"sshd_config, it is impossible to determine at upgrade time if migrating you " |
1125 | +"to socket-based activation would cause the starting of sshd at boot to be " |
1126 | +"unreliable." |
1127 | +msgstr "" |
1128 | + |
1129 | +#. Type: error |
1130 | +#. Description |
1131 | +#: ../openssh-server.templates:3001 |
1132 | +msgid "" |
1133 | +"Because a failure to start ssh may make it impossible to admininister a " |
1134 | +"system, you will not be migrated to socket-based activation at this time." |
1135 | +msgstr "" |
1136 | diff --git a/debian/po/ja.po b/debian/po/ja.po |
1137 | index db382f1..b48d281 100644 |
1138 | --- a/debian/po/ja.po |
1139 | +++ b/debian/po/ja.po |
1140 | @@ -7,7 +7,7 @@ msgid "" |
1141 | msgstr "" |
1142 | "Project-Id-Version: openssh\n" |
1143 | "Report-Msgid-Bugs-To: openssh@packages.debian.org\n" |
1144 | -"POT-Creation-Date: 2014-03-20 02:06+0000\n" |
1145 | +"POT-Creation-Date: 2022-09-23 19:34+0000\n" |
1146 | "PO-Revision-Date: 2014-03-20 11:06+0900\n" |
1147 | "Last-Translator: victory <victory.deb@gmail.com>\n" |
1148 | "Language-Team: Japanese <debian-japanese@lists.debian.org>\n" |
1149 | @@ -53,3 +53,28 @@ msgstr "" |
1150 | "ます。しかしパスワード認証により root で SSH 接続できることを前提として構成し" |
1151 | "たシステムでは問題が発生する可能性があります。そういった必要のない場合にのみ" |
1152 | "この変更を行うようにしてください。" |
1153 | + |
1154 | +#. Type: error |
1155 | +#. Description |
1156 | +#: ../openssh-server.templates:3001 |
1157 | +msgid "Not migrating to socket activation" |
1158 | +msgstr "" |
1159 | + |
1160 | +#. Type: error |
1161 | +#. Description |
1162 | +#: ../openssh-server.templates:3001 |
1163 | +msgid "" |
1164 | +"This version of openssh-server uses socket-based activation by default. " |
1165 | +"However, because you have more than one ListenAddress configured in " |
1166 | +"sshd_config, it is impossible to determine at upgrade time if migrating you " |
1167 | +"to socket-based activation would cause the starting of sshd at boot to be " |
1168 | +"unreliable." |
1169 | +msgstr "" |
1170 | + |
1171 | +#. Type: error |
1172 | +#. Description |
1173 | +#: ../openssh-server.templates:3001 |
1174 | +msgid "" |
1175 | +"Because a failure to start ssh may make it impossible to admininister a " |
1176 | +"system, you will not be migrated to socket-based activation at this time." |
1177 | +msgstr "" |
1178 | diff --git a/debian/po/nl.po b/debian/po/nl.po |
1179 | index 3afd617..eca9662 100644 |
1180 | --- a/debian/po/nl.po |
1181 | +++ b/debian/po/nl.po |
1182 | @@ -7,7 +7,7 @@ msgid "" |
1183 | msgstr "" |
1184 | "Project-Id-Version: openssh\n" |
1185 | "Report-Msgid-Bugs-To: openssh@packages.debian.org\n" |
1186 | -"POT-Creation-Date: 2014-03-20 02:06+0000\n" |
1187 | +"POT-Creation-Date: 2022-09-23 19:34+0000\n" |
1188 | "PO-Revision-Date: 2014-10-03 23:54+0200\n" |
1189 | "Last-Translator: Frans Spiesschaert <Frans.Spiesschaert@yucom.be>\n" |
1190 | "Language-Team: Debian Dutch l10n Team <debian-l10n-dutch@lists.debian.org>\n" |
1191 | @@ -58,3 +58,28 @@ msgstr "" |
1192 | "ingesteld werden vanuit de verwachting dat de systeembeheerder SSH kan " |
1193 | "gebruiken met authenticatie via wachtwoord. Enkel wanneer u dit laatste niet " |
1194 | "nodig heeft, zou u deze wijziging kunnen doorvoeren." |
1195 | + |
1196 | +#. Type: error |
1197 | +#. Description |
1198 | +#: ../openssh-server.templates:3001 |
1199 | +msgid "Not migrating to socket activation" |
1200 | +msgstr "" |
1201 | + |
1202 | +#. Type: error |
1203 | +#. Description |
1204 | +#: ../openssh-server.templates:3001 |
1205 | +msgid "" |
1206 | +"This version of openssh-server uses socket-based activation by default. " |
1207 | +"However, because you have more than one ListenAddress configured in " |
1208 | +"sshd_config, it is impossible to determine at upgrade time if migrating you " |
1209 | +"to socket-based activation would cause the starting of sshd at boot to be " |
1210 | +"unreliable." |
1211 | +msgstr "" |
1212 | + |
1213 | +#. Type: error |
1214 | +#. Description |
1215 | +#: ../openssh-server.templates:3001 |
1216 | +msgid "" |
1217 | +"Because a failure to start ssh may make it impossible to admininister a " |
1218 | +"system, you will not be migrated to socket-based activation at this time." |
1219 | +msgstr "" |
1220 | diff --git a/debian/po/pt.po b/debian/po/pt.po |
1221 | index 2dab84c..8f51af9 100644 |
1222 | --- a/debian/po/pt.po |
1223 | +++ b/debian/po/pt.po |
1224 | @@ -7,7 +7,7 @@ msgid "" |
1225 | msgstr "" |
1226 | "Project-Id-Version: openssh 1:6.6p1-1\n" |
1227 | "Report-Msgid-Bugs-To: openssh@packages.debian.org\n" |
1228 | -"POT-Creation-Date: 2014-03-20 02:06+0000\n" |
1229 | +"POT-Creation-Date: 2022-09-23 19:34+0000\n" |
1230 | "PO-Revision-Date: 2014-03-21 21:13+0000\n" |
1231 | "Last-Translator: Américo Monteiro <a_monteiro@gmx.com>\n" |
1232 | "Language-Team: Portuguese <traduz@debianpt.org>\n" |
1233 | @@ -57,3 +57,28 @@ msgstr "" |
1234 | "configurados com a expectativa de serem capazes de SSH como root usando " |
1235 | "autenticação por palavra-passe. Apenas deverá fazer esta alteração se não " |
1236 | "precisa de tal método de autenticação." |
1237 | + |
1238 | +#. Type: error |
1239 | +#. Description |
1240 | +#: ../openssh-server.templates:3001 |
1241 | +msgid "Not migrating to socket activation" |
1242 | +msgstr "" |
1243 | + |
1244 | +#. Type: error |
1245 | +#. Description |
1246 | +#: ../openssh-server.templates:3001 |
1247 | +msgid "" |
1248 | +"This version of openssh-server uses socket-based activation by default. " |
1249 | +"However, because you have more than one ListenAddress configured in " |
1250 | +"sshd_config, it is impossible to determine at upgrade time if migrating you " |
1251 | +"to socket-based activation would cause the starting of sshd at boot to be " |
1252 | +"unreliable." |
1253 | +msgstr "" |
1254 | + |
1255 | +#. Type: error |
1256 | +#. Description |
1257 | +#: ../openssh-server.templates:3001 |
1258 | +msgid "" |
1259 | +"Because a failure to start ssh may make it impossible to admininister a " |
1260 | +"system, you will not be migrated to socket-based activation at this time." |
1261 | +msgstr "" |
1262 | diff --git a/debian/po/pt_BR.po b/debian/po/pt_BR.po |
1263 | index 99b1182..98856bb 100644 |
1264 | --- a/debian/po/pt_BR.po |
1265 | +++ b/debian/po/pt_BR.po |
1266 | @@ -8,7 +8,7 @@ msgid "" |
1267 | msgstr "" |
1268 | "Project-Id-Version: openssh\n" |
1269 | "Report-Msgid-Bugs-To: openssh@packages.debian.org\n" |
1270 | -"POT-Creation-Date: 2014-03-20 02:06+0000\n" |
1271 | +"POT-Creation-Date: 2022-09-23 19:34+0000\n" |
1272 | "PO-Revision-Date: 2014-11-23 23:49-0200\n" |
1273 | "Last-Translator: José de Figueiredo <deb.gnulinux@gmail.com>\n" |
1274 | "Language-Team: Brazilian Portuguese <debian-l10n-portuguese@lists.debian." |
1275 | @@ -55,3 +55,28 @@ msgstr "" |
1276 | "Entretanto, ela pode quebrar sistemas que foram configurados com a " |
1277 | "expectativa de acesso SSH com root usando autenticação por senha. Você deve " |
1278 | "fazer esta mudança somente se você não precisa fazer isso." |
1279 | + |
1280 | +#. Type: error |
1281 | +#. Description |
1282 | +#: ../openssh-server.templates:3001 |
1283 | +msgid "Not migrating to socket activation" |
1284 | +msgstr "" |
1285 | + |
1286 | +#. Type: error |
1287 | +#. Description |
1288 | +#: ../openssh-server.templates:3001 |
1289 | +msgid "" |
1290 | +"This version of openssh-server uses socket-based activation by default. " |
1291 | +"However, because you have more than one ListenAddress configured in " |
1292 | +"sshd_config, it is impossible to determine at upgrade time if migrating you " |
1293 | +"to socket-based activation would cause the starting of sshd at boot to be " |
1294 | +"unreliable." |
1295 | +msgstr "" |
1296 | + |
1297 | +#. Type: error |
1298 | +#. Description |
1299 | +#: ../openssh-server.templates:3001 |
1300 | +msgid "" |
1301 | +"Because a failure to start ssh may make it impossible to admininister a " |
1302 | +"system, you will not be migrated to socket-based activation at this time." |
1303 | +msgstr "" |
1304 | diff --git a/debian/po/ru.po b/debian/po/ru.po |
1305 | index f2e1daf..3fa193c 100644 |
1306 | --- a/debian/po/ru.po |
1307 | +++ b/debian/po/ru.po |
1308 | @@ -6,7 +6,7 @@ msgid "" |
1309 | msgstr "" |
1310 | "Project-Id-Version: openssh 1:6.6p1-1\n" |
1311 | "Report-Msgid-Bugs-To: openssh@packages.debian.org\n" |
1312 | -"POT-Creation-Date: 2014-03-20 02:06+0000\n" |
1313 | +"POT-Creation-Date: 2022-09-23 19:34+0000\n" |
1314 | "PO-Revision-Date: 2014-03-22 10:04+0400\n" |
1315 | "Last-Translator: Yuri Kozlov <yuray@komyakino.ru>\n" |
1316 | "Language-Team: Russian <debian-l10n-russian@lists.debian.org>\n" |
1317 | @@ -14,8 +14,8 @@ msgstr "" |
1318 | "MIME-Version: 1.0\n" |
1319 | "Content-Type: text/plain; charset=UTF-8\n" |
1320 | "Content-Transfer-Encoding: 8bit\n" |
1321 | -"Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n" |
1322 | -"%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);\n" |
1323 | +"Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && " |
1324 | +"n%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);\n" |
1325 | "X-Generator: Lokalize 1.4\n" |
1326 | |
1327 | #. Type: boolean |
1328 | @@ -55,3 +55,28 @@ msgstr "" |
1329 | "атак). Однако, это вредит системам, в которых специально настроен вход для " |
1330 | "root по SSH с парольной аутентификацией. Если это не ваш случай, то ответьте " |
1331 | "утвердительно." |
1332 | + |
1333 | +#. Type: error |
1334 | +#. Description |
1335 | +#: ../openssh-server.templates:3001 |
1336 | +msgid "Not migrating to socket activation" |
1337 | +msgstr "" |
1338 | + |
1339 | +#. Type: error |
1340 | +#. Description |
1341 | +#: ../openssh-server.templates:3001 |
1342 | +msgid "" |
1343 | +"This version of openssh-server uses socket-based activation by default. " |
1344 | +"However, because you have more than one ListenAddress configured in " |
1345 | +"sshd_config, it is impossible to determine at upgrade time if migrating you " |
1346 | +"to socket-based activation would cause the starting of sshd at boot to be " |
1347 | +"unreliable." |
1348 | +msgstr "" |
1349 | + |
1350 | +#. Type: error |
1351 | +#. Description |
1352 | +#: ../openssh-server.templates:3001 |
1353 | +msgid "" |
1354 | +"Because a failure to start ssh may make it impossible to admininister a " |
1355 | +"system, you will not be migrated to socket-based activation at this time." |
1356 | +msgstr "" |
1357 | diff --git a/debian/po/sv.po b/debian/po/sv.po |
1358 | index 278b0cc..296e611 100644 |
1359 | --- a/debian/po/sv.po |
1360 | +++ b/debian/po/sv.po |
1361 | @@ -8,7 +8,7 @@ msgid "" |
1362 | msgstr "" |
1363 | "Project-Id-Version: openssh\n" |
1364 | "Report-Msgid-Bugs-To: openssh@packages.debian.org\n" |
1365 | -"POT-Creation-Date: 2014-03-20 02:06+0000\n" |
1366 | +"POT-Creation-Date: 2022-09-23 19:34+0000\n" |
1367 | "PO-Revision-Date: 2014-03-21 21:36+0100\n" |
1368 | "Last-Translator: Andreas Rönnquist <gusnan@gusnan.se>\n" |
1369 | "Language-Team: Swedish\n" |
1370 | @@ -56,3 +56,28 @@ msgstr "" |
1371 | "sådana angrepp). Dock så kan detta förstöra system som förväntas kunna " |
1372 | "använda SSH som root med hjälp av lösenordsautentisering. Du skall endast " |
1373 | "göra denna förändring om du inte har ett behov av att kunna göra detta." |
1374 | + |
1375 | +#. Type: error |
1376 | +#. Description |
1377 | +#: ../openssh-server.templates:3001 |
1378 | +msgid "Not migrating to socket activation" |
1379 | +msgstr "" |
1380 | + |
1381 | +#. Type: error |
1382 | +#. Description |
1383 | +#: ../openssh-server.templates:3001 |
1384 | +msgid "" |
1385 | +"This version of openssh-server uses socket-based activation by default. " |
1386 | +"However, because you have more than one ListenAddress configured in " |
1387 | +"sshd_config, it is impossible to determine at upgrade time if migrating you " |
1388 | +"to socket-based activation would cause the starting of sshd at boot to be " |
1389 | +"unreliable." |
1390 | +msgstr "" |
1391 | + |
1392 | +#. Type: error |
1393 | +#. Description |
1394 | +#: ../openssh-server.templates:3001 |
1395 | +msgid "" |
1396 | +"Because a failure to start ssh may make it impossible to admininister a " |
1397 | +"system, you will not be migrated to socket-based activation at this time." |
1398 | +msgstr "" |
1399 | diff --git a/debian/po/templates.pot b/debian/po/templates.pot |
1400 | index 47c9e36..c9dc5ba 100644 |
1401 | --- a/debian/po/templates.pot |
1402 | +++ b/debian/po/templates.pot |
1403 | @@ -1,6 +1,6 @@ |
1404 | # SOME DESCRIPTIVE TITLE. |
1405 | # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER |
1406 | -# This file is distributed under the same license as the PACKAGE package. |
1407 | +# This file is distributed under the same license as the openssh package. |
1408 | # FIRST AUTHOR <EMAIL@ADDRESS>, YEAR. |
1409 | # |
1410 | #, fuzzy |
1411 | @@ -8,7 +8,7 @@ msgid "" |
1412 | msgstr "" |
1413 | "Project-Id-Version: openssh\n" |
1414 | "Report-Msgid-Bugs-To: openssh@packages.debian.org\n" |
1415 | -"POT-Creation-Date: 2014-03-20 02:06+0000\n" |
1416 | +"POT-Creation-Date: 2022-09-23 19:34+0000\n" |
1417 | "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" |
1418 | "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" |
1419 | "Language-Team: LANGUAGE <LL@li.org>\n" |
1420 | @@ -44,3 +44,28 @@ msgid "" |
1421 | "able to SSH as root using password authentication. You should only make this " |
1422 | "change if you do not need to do that." |
1423 | msgstr "" |
1424 | + |
1425 | +#. Type: error |
1426 | +#. Description |
1427 | +#: ../openssh-server.templates:3001 |
1428 | +msgid "Not migrating to socket activation" |
1429 | +msgstr "" |
1430 | + |
1431 | +#. Type: error |
1432 | +#. Description |
1433 | +#: ../openssh-server.templates:3001 |
1434 | +msgid "" |
1435 | +"This version of openssh-server uses socket-based activation by default. " |
1436 | +"However, because you have more than one ListenAddress configured in " |
1437 | +"sshd_config, it is impossible to determine at upgrade time if migrating you " |
1438 | +"to socket-based activation would cause the starting of sshd at boot to be " |
1439 | +"unreliable." |
1440 | +msgstr "" |
1441 | + |
1442 | +#. Type: error |
1443 | +#. Description |
1444 | +#: ../openssh-server.templates:3001 |
1445 | +msgid "" |
1446 | +"Because a failure to start ssh may make it impossible to admininister a " |
1447 | +"system, you will not be migrated to socket-based activation at this time." |
1448 | +msgstr "" |
1449 | diff --git a/debian/po/tr.po b/debian/po/tr.po |
1450 | index 1ada041..fd6bde5 100644 |
1451 | --- a/debian/po/tr.po |
1452 | +++ b/debian/po/tr.po |
1453 | @@ -7,15 +7,15 @@ msgid "" |
1454 | msgstr "" |
1455 | "Project-Id-Version: openssh-server\n" |
1456 | "Report-Msgid-Bugs-To: openssh@packages.debian.org\n" |
1457 | -"POT-Creation-Date: 2014-03-20 02:06+0000\n" |
1458 | +"POT-Creation-Date: 2022-09-23 19:34+0000\n" |
1459 | "PO-Revision-Date: 2014-08-01 14:44+0200\n" |
1460 | "Last-Translator: Mert Dirik <mertdirik@gmail.com>\n" |
1461 | "Language-Team: Debian L10n Turkish <debian-l10n-turkish@lists.debian.org>\n" |
1462 | +"Language: tr\n" |
1463 | "MIME-Version: 1.0\n" |
1464 | "Content-Type: text/plain; charset=UTF-8\n" |
1465 | "Content-Transfer-Encoding: 8bit\n" |
1466 | "X-Generator: Poedit 1.5.4\n" |
1467 | -"Language: tr\n" |
1468 | |
1469 | #. Type: boolean |
1470 | #. Description |
1471 | @@ -56,3 +56,28 @@ msgstr "" |
1472 | "parola doğrulama yöntemiyle oturum açılabileceği varsayımıyla hareket eden " |
1473 | "sistemlerde eskiden çalışan düzenin bozulmasına sebep olacaktır. Bu " |
1474 | "değişikliği yalnızca sorun çıkarmayacağından eminseniz yapın." |
1475 | + |
1476 | +#. Type: error |
1477 | +#. Description |
1478 | +#: ../openssh-server.templates:3001 |
1479 | +msgid "Not migrating to socket activation" |
1480 | +msgstr "" |
1481 | + |
1482 | +#. Type: error |
1483 | +#. Description |
1484 | +#: ../openssh-server.templates:3001 |
1485 | +msgid "" |
1486 | +"This version of openssh-server uses socket-based activation by default. " |
1487 | +"However, because you have more than one ListenAddress configured in " |
1488 | +"sshd_config, it is impossible to determine at upgrade time if migrating you " |
1489 | +"to socket-based activation would cause the starting of sshd at boot to be " |
1490 | +"unreliable." |
1491 | +msgstr "" |
1492 | + |
1493 | +#. Type: error |
1494 | +#. Description |
1495 | +#: ../openssh-server.templates:3001 |
1496 | +msgid "" |
1497 | +"Because a failure to start ssh may make it impossible to admininister a " |
1498 | +"system, you will not be migrated to socket-based activation at this time." |
1499 | +msgstr "" |
1500 | diff --git a/debian/rules b/debian/rules |
1501 | index 18b2bf3..400fca7 100755 |
1502 | --- a/debian/rules |
1503 | +++ b/debian/rules |
1504 | @@ -186,8 +186,9 @@ override_dh_installinit: |
1505 | dh_installinit -R --name ssh |
1506 | |
1507 | override_dh_installsystemd: |
1508 | - dh_installsystemd -popenssh-server ssh.service rescue-ssh.target |
1509 | - dh_installsystemd -popenssh-server --no-enable ssh.socket |
1510 | + dh_installsystemd -popenssh-server --no-start ssh.socket |
1511 | + dh_installsystemd -popenssh-server rescue-ssh.target |
1512 | + dh_installsystemd -popenssh-server --no-enable --no-start ssh.service |
1513 | |
1514 | debian/openssh-server.sshd.pam: debian/openssh-server.sshd.pam.in |
1515 | ifeq ($(DEB_HOST_ARCH_OS),linux) |
1516 | diff --git a/debian/systemd/ssh.service b/debian/systemd/ssh.service |
1517 | index 7495d9a..a18105b 100644 |
1518 | --- a/debian/systemd/ssh.service |
1519 | +++ b/debian/systemd/ssh.service |
1520 | @@ -14,8 +14,6 @@ KillMode=process |
1521 | Restart=on-failure |
1522 | RestartPreventExitStatus=255 |
1523 | Type=notify |
1524 | -RuntimeDirectory=sshd |
1525 | -RuntimeDirectoryMode=0755 |
1526 | |
1527 | [Install] |
1528 | WantedBy=multi-user.target |
1529 | diff --git a/debian/tests/control b/debian/tests/control |
1530 | index 8bc480a..0329ea0 100644 |
1531 | --- a/debian/tests/control |
1532 | +++ b/debian/tests/control |
1533 | @@ -8,3 +8,9 @@ Depends: devscripts, |
1534 | python3-twisted, |
1535 | sudo, |
1536 | sysvinit-utils, |
1537 | + |
1538 | +Tests: systemd-socket-activation |
1539 | +Restrictions: needs-root allow-stderr |
1540 | +Depends: openssh-client, |
1541 | + openssh-server, |
1542 | + systemd, |
1543 | diff --git a/debian/tests/systemd-socket-activation b/debian/tests/systemd-socket-activation |
1544 | new file mode 100644 |
1545 | index 0000000..42d4526 |
1546 | --- /dev/null |
1547 | +++ b/debian/tests/systemd-socket-activation |
1548 | @@ -0,0 +1,57 @@ |
1549 | +#!/bin/bash |
1550 | + |
1551 | +set -euo pipefail |
1552 | + |
1553 | +assert_unit_property() { |
1554 | + local property="$(echo "$2" | awk -F'=' '{print $1}')" |
1555 | + |
1556 | + local expect="$2" |
1557 | + local actual="$(systemctl show -p "$property" "$1")" |
1558 | + |
1559 | + if [[ "$actual" != "$expect" ]]; then |
1560 | + echo "Fail: $1: expected $expect, but got $actual" |
1561 | + return 1 |
1562 | + fi |
1563 | +} |
1564 | + |
1565 | +# Generate RSA key and add it to this user's authorized keys. |
1566 | +ssh-keygen -t rsa -N "" -f "$HOME/.ssh/id_rsa" -q |
1567 | +if [[ -f ~/.ssh/authorized_keys ]]; then |
1568 | + touch ~/.ssh/authorized_keys |
1569 | + chmod 0600 ~/.ssh/authorized_keys |
1570 | +fi |
1571 | +cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys |
1572 | + |
1573 | +# Make sure ssh.service is not running. |
1574 | +echo "Stopping ssh.service..." |
1575 | +systemctl stop ssh.service 2>/dev/null |
1576 | + |
1577 | +# Check that ssh.socket is active and listening. |
1578 | +echo "Checking that ssh.socket is active and listening..." |
1579 | +assert_unit_property ssh.socket "ActiveState=active" |
1580 | +assert_unit_property ssh.socket "SubState=listening" |
1581 | + |
1582 | +# Check that ssh.service is currently inactive/dead. |
1583 | +echo "Checking that ssh.service is inactive/dead..." |
1584 | +assert_unit_property ssh.service "ActiveState=inactive" |
1585 | +assert_unit_property ssh.service "SubState=dead" |
1586 | + |
1587 | +# Check that a connection attempt successfully activates ssh.service. |
1588 | +echo "Checking that a connection attempt activates ssh.service..." |
1589 | +ssh -oStrictHostKeyChecking=no localhost -- /usr/bin/true |
1590 | +assert_unit_property ssh.service "ActiveState=active" |
1591 | +assert_unit_property ssh.service "SubState=running" |
1592 | + |
1593 | +# Check that we can re-execute sshd via systemctl reload. |
1594 | +echo "Checking that sshd can be re-executed..." |
1595 | +systemctl reload ssh.service |
1596 | +assert_unit_property ssh.service "ActiveState=active" |
1597 | +assert_unit_property ssh.service "SubState=running" |
1598 | + |
1599 | +# Check that we can run sshd in debug mode. |
1600 | +echo "Checking sshd can run in debug mode..." |
1601 | +systemctl stop ssh.service 2>/dev/null |
1602 | +sed -i 's/^SSHD_OPTS=.*/SSHD_OPTS=-ddd/g' /etc/default/ssh |
1603 | +ssh -oStrictHostKeyChecking=no localhost -- /usr/bin/true |
1604 | + |
1605 | +echo "Done." |