diff options
author | James Meyer <james.meyer@operamail.com> | 2012-08-07 17:48:41 (GMT) |
---|---|---|
committer | James Meyer <james.meyer@operamail.com> | 2012-08-07 17:48:41 (GMT) |
commit | 3db4697296afcefb5b9d5d4b8acc462466192ab5 (patch) | |
tree | cc89cb07cb8d3189a8172a5f3dc3030f7374c8bf | |
parent | df0abbd835cdc168cba9da94c72121f39232ce8a (diff) | |
download | linhes_pkgbuild-3db4697296afcefb5b9d5d4b8acc462466192ab5.zip linhes_pkgbuild-3db4697296afcefb5b9d5d4b8acc462466192ab5.tar.gz linhes_pkgbuild-3db4697296afcefb5b9d5d4b8acc462466192ab5.tar.bz2 |
openssh: 6.0p1
-rw-r--r-- | abs/core/openssh/PKGBUILD | 124 | ||||
-rwxr-xr-x | abs/core/openssh/sshd | 68 | ||||
-rw-r--r-- | abs/core/openssh/sshd.close-sessions | 17 | ||||
-rw-r--r-- | abs/core/openssh/sshd.pam | 5 | ||||
-rw-r--r-- | abs/core/openssh/sshd.service | 19 | ||||
-rw-r--r-- | abs/core/openssh/sshd.socket | 10 | ||||
-rw-r--r-- | abs/core/openssh/sshd@.service | 8 | ||||
-rw-r--r-- | abs/core/openssh/sshdgenkeys.service | 18 | ||||
-rw-r--r-- | abs/core/openssh/tmpfiles.d | 1 |
9 files changed, 191 insertions, 79 deletions
diff --git a/abs/core/openssh/PKGBUILD b/abs/core/openssh/PKGBUILD index 36a82bd..fced1e1 100644 --- a/abs/core/openssh/PKGBUILD +++ b/abs/core/openssh/PKGBUILD @@ -1,64 +1,96 @@ -# $Id: PKGBUILD 89278 2010-08-30 21:38:00Z thomas $ -# Maintainer: Aaron Griffin <aaron@archlinux.org> +# $Id: PKGBUILD 162326 2012-06-25 06:10:45Z bisson $ +# Maintainer: Gaetan Bisson <bisson@archlinux.org> +# Contributor: Aaron Griffin <aaron@archlinux.org> # Contributor: judd <jvinet@zeroflux.org> pkgname=openssh -pkgver=5.6p1 -pkgrel=1 -pkgdesc='A Secure SHell server/client' +pkgver=6.0p1 +pkgrel=3 +pkgdesc='Free version of the SSH connectivity tools' +url='http://www.openssh.org/portable.html' +license=('custom:BSD') arch=('i686' 'x86_64') -license=('custom') -url="http://www.openssh.org/portable.html" -backup=('etc/ssh/ssh_config' 'etc/ssh/sshd_config' 'etc/pam.d/sshd') -depends=('openssl' 'zlib' 'pam' 'tcp_wrappers' 'heimdal') +depends=('krb5' 'openssl' 'libedit' 'ldns') +optdepends=('xorg-xauth: X11 forwarding' + 'x11-ssh-askpass: input passphrase in X') source=("ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/${pkgname}-${pkgver}.tar.gz" - 'sshd' 'sshd.confd' 'sshd.pam') -md5sums=('e6ee52e47c768bf0ec42a232b5d18fb0' - '17b1b1bf0f578a55945ee204bd4462af' - 'e2cea70ac13af7e63d40eb04415eacd5' - '1c7c2ea8734ec7e3ca58d820634dc73a') + 'sshd.close-sessions' + 'sshdgenkeys.service' + 'sshd@.service' + 'sshd.service' + 'sshd.socket' + 'tmpfiles.d' + 'sshd.confd' + 'sshd.pam' + 'sshd') +sha1sums=('f691e53ef83417031a2854b8b1b661c9c08e4422' + '954bf1660aa32620c37034320877f4511b767ccb' + '6c71de2c2ca9622aa8e863acd94b135555e11125' + 'bd6eae36c7ef9efb7147778baad7858b81f2d660' + '83a257b8f6a62237383262cb0e2583e5609ddac0' + 'a30fb5fda6d0143345bae47684edaffb8d0a92a7' + 'b5cf44205e8f4365c00bfbee110d7c0e563627aa' + 'ec102deb69cad7d14f406289d2fc11fee6eddbdd' + '659e3ee95c269014783ff8b318c6f50bf7496fbd' + 'ed36e3a522f619ff6b13e253526596e4cca11e9f') + +backup=('etc/ssh/ssh_config' 'etc/ssh/sshd_config' 'etc/pam.d/sshd' 'etc/conf.d/sshd') build() { - cd ${srcdir}/${pkgname}-${pkgver} + cd "${srcdir}/${pkgname}-${pkgver}" + + ./configure \ + --prefix=/usr \ + --libexecdir=/usr/lib/ssh \ + --sysconfdir=/etc/ssh \ + --with-ldns \ + --with-libedit \ + --with-ssl-engine \ + --with-pam \ + --with-privsep-user=nobody \ + --with-kerberos5=/usr \ + --with-xauth=/usr/bin/xauth \ + --with-mantype=man \ + --with-md5-passwords \ + --with-pid-dir=/run \ + + make +} + +check() { + cd "${srcdir}/${pkgname}-${pkgver}" - #NOTE we disable-strip so that makepkg can decide whether to strip or not - ./configure --prefix=/usr --libexecdir=/usr/lib/ssh \ - --sysconfdir=/etc/ssh --with-tcp-wrappers --with-privsep-user=nobody \ - --with-md5-passwords --with-pam --with-mantype=man --mandir=/usr/share/man \ - --with-xauth=/usr/bin/xauth --with-kerberos5=/usr --with-ssl-engine \ - --disable-strip - make || return 1 + # The connect.sh test must be run by a user with a decent login shell; + # chroot builds use nobody with /bin/false. + make tests || true } package() { - cd ${srcdir}/${pkgname}-${pkgver} - make DESTDIR=${pkgdir} install + cd "${srcdir}/${pkgname}-${pkgver}" + make DESTDIR="${pkgdir}" install - install -Dm755 ${srcdir}/sshd ${pkgdir}/etc/rc.d/sshd + rm "${pkgdir}"/usr/share/man/man1/slogin.1 + ln -sf ssh.1.gz "${pkgdir}"/usr/share/man/man1/slogin.1.gz - install -Dm644 LICENCE ${pkgdir}/usr/share/licenses/${pkgname}/LICENCE - install -Dm644 ${srcdir}/sshd.pam ${pkgdir}/etc/pam.d/sshd - install -Dm644 ${srcdir}/sshd.confd ${pkgdir}/etc/conf.d/sshd + install -Dm644 LICENCE "${pkgdir}/usr/share/licenses/${pkgname}/LICENCE" - rm ${pkgdir}/usr/share/man/man1/slogin.1 - ln -sf ssh.1.gz ${pkgdir}/usr/share/man/man1/slogin.1.gz + install -Dm644 ../sshdgenkeys.service "${pkgdir}"/usr/lib/systemd/system/sshdgenkeys.service + install -Dm644 ../sshd@.service "${pkgdir}"/usr/lib/systemd/system/sshd@.service + install -Dm644 ../sshd.service "${pkgdir}"/usr/lib/systemd/system/sshd.service + install -Dm644 ../sshd.socket "${pkgdir}"/usr/lib/systemd/system/sshd.socket + install -Dm644 ../tmpfiles.d "${pkgdir}"/usr/lib/tmpfiles.d/openssh.conf - #additional contrib scripts that we like - install -Dm755 contrib/findssl.sh ${pkgdir}/usr/bin/findssl.sh - install -Dm755 contrib/ssh-copy-id ${pkgdir}/usr/bin/ssh-copy-id - install -Dm644 contrib/ssh-copy-id.1 ${pkgdir}/usr/share/man/man1/ssh-copy-id.1 + install -Dm755 ../sshd.close-sessions "${pkgdir}/etc/rc.d/functions.d/sshd-close-sessions" # FS#17389 + install -Dm644 ../sshd.confd "${pkgdir}"/etc/conf.d/sshd + install -Dm644 ../sshd.pam "${pkgdir}"/etc/pam.d/sshd + install -Dm755 ../sshd "${pkgdir}"/etc/rc.d/sshd - # sshd_config - sed -i \ - -e 's|^#ListenAddress 0.0.0.0|ListenAddress 0.0.0.0|g' \ - -e 's|^#UsePAM no|UsePAM yes|g' \ - -e 's|^#ChallengeResponseAuthentication yes|ChallengeResponseAuthentication no|g' \ - ${pkgdir}/etc/ssh/sshd_config - echo "HashKnownHosts yes" >> ${pkgdir}/etc/ssh/ssh_config - echo "StrictHostKeyChecking ask" >> ${pkgdir}/etc/ssh/ssh_config + install -Dm755 contrib/findssl.sh "${pkgdir}"/usr/bin/findssl.sh + install -Dm755 contrib/ssh-copy-id "${pkgdir}"/usr/bin/ssh-copy-id + install -Dm644 contrib/ssh-copy-id.1 "${pkgdir}"/usr/share/man/man1/ssh-copy-id.1 - #ssh_config - sed -i \ - -e 's|^# Host \*|Host *|g' \ - ${pkgdir}/etc/ssh/ssh_config + sed \ + -e '/^#ChallengeResponseAuthentication yes$/c ChallengeResponseAuthentication no' \ + -e '/^#UsePAM no$/c UsePAM yes' \ + -i "${pkgdir}"/etc/ssh/sshd_config } diff --git a/abs/core/openssh/sshd b/abs/core/openssh/sshd index bc0e453..4bf4780 100755 --- a/abs/core/openssh/sshd +++ b/abs/core/openssh/sshd @@ -4,38 +4,42 @@ . /etc/rc.d/functions . /etc/conf.d/sshd -PID="$(cat /var/run/sshd.pid 2>/dev/null)" +PIDFILE=/run/sshd.pid +PID=$(cat $PIDFILE 2>/dev/null) +if ! readlink -q /proc/$PID/exe | grep -q '^/usr/sbin/sshd'; then + PID= + rm $PIDFILE 2>/dev/null +fi + case "$1" in - start) - stat_busy "Starting Secure Shell Daemon" - [ -f /etc/ssh/ssh_host_key ] || { /usr/bin/ssh-keygen -t rsa1 -N "" -f /etc/ssh/ssh_host_key >/dev/null; } - [ -f /etc/ssh/ssh_host_rsa_key ] || { /usr/bin/ssh-keygen -t rsa -N "" -f /etc/ssh/ssh_host_rsa_key >/dev/null; } - [ -f /etc/ssh/ssh_host_dsa_key ] || { /usr/bin/ssh-keygen -t dsa -N "" -f /etc/ssh/ssh_host_dsa_key >/dev/null; } - [ -d /var/empty ] || mkdir -p /var/empty - [ -z "$PID" ] && /usr/sbin/sshd $SSHD_ARGS - if [ $? -gt 0 ]; then - stat_fail - else - add_daemon sshd - stat_done - fi - ;; - stop) - stat_busy "Stopping Secure Shell Daemon" - [ ! -z "$PID" ] && kill $PID &> /dev/null - if [ $? -gt 0 ]; then - stat_fail - else - rm_daemon sshd - stat_done - fi - ;; - restart) - $0 stop - sleep 1 - $0 start - ;; - *) - echo "usage: $0 {start|stop|restart}" + start) + stat_busy 'Starting Secure Shell Daemon' + /usr/bin/ssh-keygen -A + [[ -d /var/empty ]] || mkdir -p /var/empty + [[ -z $PID ]] && /usr/sbin/sshd $SSHD_ARGS + if [[ $? -gt 0 ]]; then + stat_fail + else + add_daemon sshd + stat_done + fi + ;; + stop) + stat_busy 'Stopping Secure Shell Daemon' + [[ ! -z $PID ]] && kill $PID &> /dev/null + if [[ $? -gt 0 ]]; then + stat_fail + else + rm_daemon sshd + stat_done + fi + ;; + restart) + $0 stop + sleep 1 + $0 start + ;; + *) + echo "usage: $0 {start|stop|restart}" esac exit 0 diff --git a/abs/core/openssh/sshd.close-sessions b/abs/core/openssh/sshd.close-sessions new file mode 100644 index 0000000..be2a709 --- /dev/null +++ b/abs/core/openssh/sshd.close-sessions @@ -0,0 +1,17 @@ +# Close sshd sessions before shutting down the network; see FS#17389. + +sshd_close_sessions () { + if ck_daemon sshd; then + return + fi + /etc/rc.d/sshd stop + stat_busy "Stopping Secure Shell Sessions" + for i in $(pgrep sshd); do + if readlink -q /proc/$i/exe | grep -q '^/usr/sbin/sshd'; then + kill $i + fi + done &>/dev/null + stat_done +} + +add_hook shutdown_start sshd_close_sessions diff --git a/abs/core/openssh/sshd.pam b/abs/core/openssh/sshd.pam index dc70815..aeef8be 100644 --- a/abs/core/openssh/sshd.pam +++ b/abs/core/openssh/sshd.pam @@ -1,10 +1,13 @@ #%PAM-1.0 #auth required pam_securetty.so #Disable remote root auth required pam_unix.so -auth required pam_nologin.so auth required pam_env.so +account required pam_nologin.so account required pam_unix.so account required pam_time.so password required pam_unix.so session required pam_unix_session.so session required pam_limits.so +session optional pam_loginuid.so +-session optional pam_ck_connector.so nox11 +-session optional pam_systemd.so diff --git a/abs/core/openssh/sshd.service b/abs/core/openssh/sshd.service new file mode 100644 index 0000000..7c8f883 --- /dev/null +++ b/abs/core/openssh/sshd.service @@ -0,0 +1,19 @@ +[Unit] +Description=OpenSSH Daemon +After=sshdgenkeys.service + +[Service] +ExecStart=/usr/sbin/sshd -D +ExecReload=/bin/kill -HUP $MAINPID +KillMode=process +Restart=always + +[Install] +WantedBy=multi-user.target +Also=sshdgenkeys.service + +# Note that this is the service file for running a single SSH server for all +# incoming connections, suitable only for systems with a large amount of SSH +# traffic. In almost all other cases it is a better idea to use sshd.socket + +# sshd@.service (i.e. the on-demand spawning version for one instance per +# connection). diff --git a/abs/core/openssh/sshd.socket b/abs/core/openssh/sshd.socket new file mode 100644 index 0000000..6a67bfe --- /dev/null +++ b/abs/core/openssh/sshd.socket @@ -0,0 +1,10 @@ +[Unit] +Conflicts=sshd.service + +[Socket] +ListenStream=22 +Accept=yes + +[Install] +WantedBy=sockets.target +Also=sshdgenkeys.service diff --git a/abs/core/openssh/sshd@.service b/abs/core/openssh/sshd@.service new file mode 100644 index 0000000..2fd9b08 --- /dev/null +++ b/abs/core/openssh/sshd@.service @@ -0,0 +1,8 @@ +[Unit] +Description=OpenSSH Per-Connection Daemon +After=sshdgenkeys.service + +[Service] +ExecStart=-/usr/sbin/sshd -i +StandardInput=socket +StandardError=syslog diff --git a/abs/core/openssh/sshdgenkeys.service b/abs/core/openssh/sshdgenkeys.service new file mode 100644 index 0000000..47c1c3f --- /dev/null +++ b/abs/core/openssh/sshdgenkeys.service @@ -0,0 +1,18 @@ +[Unit] +Description=SSH Key Generation +ConditionPathExists=|!/etc/ssh/ssh_host_key +ConditionPathExists=|!/etc/ssh/ssh_host_key.pub +ConditionPathExists=|!/etc/ssh/ssh_host_ecdsa_key +ConditionPathExists=|!/etc/ssh/ssh_host_ecdsa_key.pub +ConditionPathExists=|!/etc/ssh/ssh_host_dsa_key +ConditionPathExists=|!/etc/ssh/ssh_host_dsa_key.pub +ConditionPathExists=|!/etc/ssh/ssh_host_rsa_key +ConditionPathExists=|!/etc/ssh/ssh_host_rsa_key.pub + +[Service] +ExecStart=/usr/bin/ssh-keygen -A +Type=oneshot +RemainAfterExit=yes + +[Install] +WantedBy=multi-user.target diff --git a/abs/core/openssh/tmpfiles.d b/abs/core/openssh/tmpfiles.d new file mode 100644 index 0000000..7c5b261 --- /dev/null +++ b/abs/core/openssh/tmpfiles.d @@ -0,0 +1 @@ +d /var/empty 0755 root root - |