On Thu, May 08, 2025 at 04:40:22PM -0400, Daniel Kahn Gillmor wrote:
To fix this use case, we just need to tell systemd that any manual
attempt to start the ssh-agent service needs to ensure that the socket
is listening first.
We can do this with the following patch to the OpenSSH package's
ssh-agent.service file:
diff --git a/debian/systemd/ssh-agent.service b/debian/systemd/ssh-agent.service
index 72e0a3e46..19ea47c91 100644
--- a/debian/systemd/ssh-agent.service
+++ b/debian/systemd/ssh-agent.service
@@ -1,6 +1,8 @@
[Unit]
Description=OpenSSH Agent
Documentation=man:ssh-agent(1)
+Requires=ssh-agent.socket
+After=ssh-agent.socket
[Service]
Environment=SSH_ASKPASS_REQUIRE=force
I think After= is unnecessary. systemd.socket(5) says (bearing in mind
that Before= and After= are inverses, as one might expect from their
names):
Socket units automatically gain a Before= dependency on the service
units they activate.
But adding just Requires= on its own sounds reasonable. I'll wait for
confirmation from Antoine that that works, but if so then I'm willing to
try to get this into trixie.
--
Colin Watson (he/him) [cjwat...@debian.org]
