summaryrefslogtreecommitdiff
path: root/data
diff options
context:
space:
mode:
Diffstat (limited to 'data')
-rwxr-xr-xdata/live-build-config/hooks/04-locale.chroot1
-rwxr-xr-xdata/live-build-config/hooks/09-live.chroot5
-rwxr-xr-xdata/live-build-config/hooks/18-enable-disable_services.chroot (renamed from data/live-build-config/hooks/18-disable_services.chroot)3
-rw-r--r--data/live-build-config/includes.chroot/etc/systemd/system/sshd.service16
-rw-r--r--data/live-build-config/includes.chroot/lib/systemd/system/ssh-session-cleanup.service13
-rwxr-xr-xdata/live-build-config/includes.chroot/usr/lib/openssh/ssh-session-cleanup11
6 files changed, 32 insertions, 17 deletions
diff --git a/data/live-build-config/hooks/04-locale.chroot b/data/live-build-config/hooks/04-locale.chroot
index 1c02db02..89a5f954 100755
--- a/data/live-build-config/hooks/04-locale.chroot
+++ b/data/live-build-config/hooks/04-locale.chroot
@@ -6,3 +6,4 @@ LANG=en_US.UTF-8
LC_ALL=C
EOF
+sed -i 's/AcceptEnv LANG LC_\*/# AcceptEnv LANG LC_\*/g' /etc/ssh/sshd_config
diff --git a/data/live-build-config/hooks/09-live.chroot b/data/live-build-config/hooks/09-live.chroot
index e2f95ff3..f19f0ae6 100755
--- a/data/live-build-config/hooks/09-live.chroot
+++ b/data/live-build-config/hooks/09-live.chroot
@@ -1,6 +1,11 @@
#!/bin/sh
# hack live script that tries to mount ext[23] floppies as root
+# remove user settings live config scripts
sed -e '/ln -s "${devname}"/,/return 0/ s/^/: FIXME/' \
-i /usr/share/initramfs-tools/scripts/live
+
+rm -rf /lib/live/config/0030-live-debconfig_passwd
+rm -rf /lib/live/config/0030-user-setup
+rm -rf /lib/live/config/0040-sudo
diff --git a/data/live-build-config/hooks/18-disable_services.chroot b/data/live-build-config/hooks/18-enable-disable_services.chroot
index c68a6b3d..68971405 100755
--- a/data/live-build-config/hooks/18-disable_services.chroot
+++ b/data/live-build-config/hooks/18-enable-disable_services.chroot
@@ -1,6 +1,6 @@
#!/bin/sh
-echo I: Disabling services.
+echo I: Enabling/Disabling services.
systemctl disable exim4
/usr/sbin/update-rc.d -f exim4 remove
systemctl disable isc-dhcp-server
@@ -25,3 +25,4 @@ systemctl disable dnsmasq
/usr/sbin/update-rc.d -f dnsmasq remove
systemctl disable lldpd
/usr/sbin/update-rc.d -f lldpd remove
+systemctl enable ssh-session-cleanup
diff --git a/data/live-build-config/includes.chroot/etc/systemd/system/sshd.service b/data/live-build-config/includes.chroot/etc/systemd/system/sshd.service
deleted file mode 100644
index e84142bb..00000000
--- a/data/live-build-config/includes.chroot/etc/systemd/system/sshd.service
+++ /dev/null
@@ -1,16 +0,0 @@
-[Unit]
-Description=OpenBSD Secure Shell server
-After=network.target auditd.service
-ConditionPathExists=!/etc/ssh/sshd_not_to_be_run
-
-[Service]
-EnvironmentFile=-/etc/default/ssh
-ExecStart=/usr/sbin/sshd -D $SSHD_OPTS
-ExecReload=/bin/kill -HUP $MAINPID
-ExecStop=/usr/bin/killall sshd
-KillMode=process
-Restart=on-failure
-
-[Install]
-WantedBy=multi-user.target
-Alias=sshd.service
diff --git a/data/live-build-config/includes.chroot/lib/systemd/system/ssh-session-cleanup.service b/data/live-build-config/includes.chroot/lib/systemd/system/ssh-session-cleanup.service
new file mode 100644
index 00000000..b8672722
--- /dev/null
+++ b/data/live-build-config/includes.chroot/lib/systemd/system/ssh-session-cleanup.service
@@ -0,0 +1,13 @@
+[Unit]
+Description=OpenBSD Secure Shell session cleanup
+Wants=network.target
+After=network.target
+
+[Service]
+ExecStart=/bin/true
+ExecStop=/usr/lib/openssh/ssh-session-cleanup
+RemainAfterExit=yes
+Type=oneshot
+
+[Install]
+WantedBy=multi-user.target
diff --git a/data/live-build-config/includes.chroot/usr/lib/openssh/ssh-session-cleanup b/data/live-build-config/includes.chroot/usr/lib/openssh/ssh-session-cleanup
new file mode 100755
index 00000000..f283cc96
--- /dev/null
+++ b/data/live-build-config/includes.chroot/usr/lib/openssh/ssh-session-cleanup
@@ -0,0 +1,11 @@
+#! /bin/sh
+
+ssh_session_pattern='sshd: \S.*@pts/[0-9]+'
+
+IFS="$IFS@"
+pgrep -a -f "$ssh_session_pattern" | while read pid daemon user pty; do
+ echo "Found ${daemon%:} session $pid on $pty; sending SIGTERM"
+ kill "$pid" || true
+done
+
+exit 0