1 files changed, 36 insertions, 30 deletions
diff --git a/sshd.initd b/sshd.initd
index dd0b146..d0533d2 100755..100644
--- a/sshd.initd
+++ b/sshd.initd
@@ -1,5 +1,5 @@
 #!/usr/bin/openrc-run
-# Copyright 1999-2015 Gentoo Foundation
+# Copyright 1999-2018 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
 
 extra_commands="checkconfig"
@@ -9,15 +9,27 @@ extra_started_commands="reload"
 : ${SSHD_CONFIG:=${SSHD_CONFDIR}/sshd_config}
 : ${SSHD_PIDFILE:=/run/${SVCNAME}.pid}
 : ${SSHD_BINARY:=/usr/bin/sshd}
+: ${SSHD_KEYGEN_BINARY:=/usr/bin/ssh-keygen}
+
+command="${SSHD_BINARY}"
+pidfile="${SSHD_PIDFILE}"
+command_args="${SSHD_OPTS} -o PidFile=${pidfile} -f ${SSHD_CONFIG}"
+
+# Wait one second (length chosen arbitrarily) to see if sshd actually
+# creates a PID file, or if it crashes for some reason like not being
+# able to bind to the address in ListenAddress (bug 617596).
+: ${SSHD_SSD_OPTS:=--wait 1000}
+start_stop_daemon_args="${SSHD_SSD_OPTS}"
 
 depend() {
-	use logger dns
+	# Entropy can be used by ssh-keygen, among other things, but
+	# is not strictly required (bug 470020).
+	use logger dns entropy
+	need net
 }
 
 checkconfig() {
-	if [ ! -d /var/empty ] ; then
-		mkdir -p /var/empty || return 1
-	fi
+	checkpath --mode 0755 --directory "/var/empty"
 
 	if [ ! -e "${SSHD_CONFIG}" ] ; then
 		eerror "You need an ${SSHD_CONFIG} file to run sshd"
@@ -25,41 +37,35 @@ checkconfig() {
 		return 1
 	fi
 
-	ssh-keygen -A || return 1
+	${SSHD_KEYGEN_BINARY} -A || return 2
 
-	[ "${SSHD_PIDFILE}" != "/run/sshd.pid" ] \
-		&& SSHD_OPTS="${SSHD_OPTS} -o PidFile=${SSHD_PIDFILE}"
-	[ "${SSHD_CONFIG}" != "/etc/ssh/sshd_config" ] \
-		&& SSHD_OPTS="${SSHD_OPTS} -f ${SSHD_CONFIG}"
-
-	"${SSHD_BINARY}" -t ${SSHD_OPTS} || return 1
+	"${command}" -t ${command_args} || return 3
 }
 
-start() {
-	checkconfig || return 1
-
-	ebegin "Starting ${SVCNAME}"
-	start-stop-daemon --start --exec "${SSHD_BINARY}" \
-	    --pidfile "${SSHD_PIDFILE}" \
-	    -- ${SSHD_OPTS}
-	eend $?
+start_pre() {
+	# If this isn't a restart, make sure that the user's config isn't
+	# busted before we try to start the daemon (this will produce
+	# better error messages than if we just try to start it blindly).
+	#
+	# If, on the other hand, this *is* a restart, then the stop_pre
+	# action will have ensured that the config is usable and we don't
+	# need to do that again.
+	if [ "${RC_CMD}" != "restart" ] ; then
+		checkconfig || return $?
+	fi
 }
 
-stop() {
+stop_pre() {
+	# If this is a restart, check to make sure the user's config
+	# isn't busted before we stop the running daemon.
 	if [ "${RC_CMD}" = "restart" ] ; then
-		checkconfig || return 1
+		checkconfig || return $?
 	fi
-
-	ebegin "Stopping ${SVCNAME}"
-	start-stop-daemon --stop --exec "${SSHD_BINARY}" \
-	    --pidfile "${SSHD_PIDFILE}" --quiet
-	eend $?
 }
 
 reload() {
-	checkconfig || return 1
+	checkconfig || return $?
 	ebegin "Reloading ${SVCNAME}"
-	start-stop-daemon --signal HUP \
-	    --exec "${SSHD_BINARY}" --pidfile "${SSHD_PIDFILE}"
+	start-stop-daemon --signal HUP --pidfile "${pidfile}"
 	eend $?
 }