summaryrefslogtreecommitdiffstats
path: root/abs/core/openssh
diff options
context:
space:
mode:
authorJames Meyer <james.meyer@operamail.com>2012-08-07 17:48:41 (GMT)
committerJames Meyer <james.meyer@operamail.com>2012-08-07 17:48:41 (GMT)
commit3db4697296afcefb5b9d5d4b8acc462466192ab5 (patch)
treecc89cb07cb8d3189a8172a5f3dc3030f7374c8bf /abs/core/openssh
parentdf0abbd835cdc168cba9da94c72121f39232ce8a (diff)
downloadlinhes_pkgbuild-3db4697296afcefb5b9d5d4b8acc462466192ab5.zip
linhes_pkgbuild-3db4697296afcefb5b9d5d4b8acc462466192ab5.tar.gz
linhes_pkgbuild-3db4697296afcefb5b9d5d4b8acc462466192ab5.tar.bz2
openssh: 6.0p1
Diffstat (limited to 'abs/core/openssh')
-rw-r--r--abs/core/openssh/PKGBUILD124
-rwxr-xr-xabs/core/openssh/sshd68
-rw-r--r--abs/core/openssh/sshd.close-sessions17
-rw-r--r--abs/core/openssh/sshd.pam5
-rw-r--r--abs/core/openssh/sshd.service19
-rw-r--r--abs/core/openssh/sshd.socket10
-rw-r--r--abs/core/openssh/sshd@.service8
-rw-r--r--abs/core/openssh/sshdgenkeys.service18
-rw-r--r--abs/core/openssh/tmpfiles.d1
9 files changed, 191 insertions, 79 deletions
diff --git a/abs/core/openssh/PKGBUILD b/abs/core/openssh/PKGBUILD
index 36a82bd..fced1e1 100644
--- a/abs/core/openssh/PKGBUILD
+++ b/abs/core/openssh/PKGBUILD
@@ -1,64 +1,96 @@
-# $Id: PKGBUILD 89278 2010-08-30 21:38:00Z thomas $
-# Maintainer: Aaron Griffin <aaron@archlinux.org>
+# $Id: PKGBUILD 162326 2012-06-25 06:10:45Z bisson $
+# Maintainer: Gaetan Bisson <bisson@archlinux.org>
+# Contributor: Aaron Griffin <aaron@archlinux.org>
# Contributor: judd <jvinet@zeroflux.org>
pkgname=openssh
-pkgver=5.6p1
-pkgrel=1
-pkgdesc='A Secure SHell server/client'
+pkgver=6.0p1
+pkgrel=3
+pkgdesc='Free version of the SSH connectivity tools'
+url='http://www.openssh.org/portable.html'
+license=('custom:BSD')
arch=('i686' 'x86_64')
-license=('custom')
-url="http://www.openssh.org/portable.html"
-backup=('etc/ssh/ssh_config' 'etc/ssh/sshd_config' 'etc/pam.d/sshd')
-depends=('openssl' 'zlib' 'pam' 'tcp_wrappers' 'heimdal')
+depends=('krb5' 'openssl' 'libedit' 'ldns')
+optdepends=('xorg-xauth: X11 forwarding'
+ 'x11-ssh-askpass: input passphrase in X')
source=("ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/${pkgname}-${pkgver}.tar.gz"
- 'sshd' 'sshd.confd' 'sshd.pam')
-md5sums=('e6ee52e47c768bf0ec42a232b5d18fb0'
- '17b1b1bf0f578a55945ee204bd4462af'
- 'e2cea70ac13af7e63d40eb04415eacd5'
- '1c7c2ea8734ec7e3ca58d820634dc73a')
+ 'sshd.close-sessions'
+ 'sshdgenkeys.service'
+ 'sshd@.service'
+ 'sshd.service'
+ 'sshd.socket'
+ 'tmpfiles.d'
+ 'sshd.confd'
+ 'sshd.pam'
+ 'sshd')
+sha1sums=('f691e53ef83417031a2854b8b1b661c9c08e4422'
+ '954bf1660aa32620c37034320877f4511b767ccb'
+ '6c71de2c2ca9622aa8e863acd94b135555e11125'
+ 'bd6eae36c7ef9efb7147778baad7858b81f2d660'
+ '83a257b8f6a62237383262cb0e2583e5609ddac0'
+ 'a30fb5fda6d0143345bae47684edaffb8d0a92a7'
+ 'b5cf44205e8f4365c00bfbee110d7c0e563627aa'
+ 'ec102deb69cad7d14f406289d2fc11fee6eddbdd'
+ '659e3ee95c269014783ff8b318c6f50bf7496fbd'
+ 'ed36e3a522f619ff6b13e253526596e4cca11e9f')
+
+backup=('etc/ssh/ssh_config' 'etc/ssh/sshd_config' 'etc/pam.d/sshd' 'etc/conf.d/sshd')
build() {
- cd ${srcdir}/${pkgname}-${pkgver}
+ cd "${srcdir}/${pkgname}-${pkgver}"
+
+ ./configure \
+ --prefix=/usr \
+ --libexecdir=/usr/lib/ssh \
+ --sysconfdir=/etc/ssh \
+ --with-ldns \
+ --with-libedit \
+ --with-ssl-engine \
+ --with-pam \
+ --with-privsep-user=nobody \
+ --with-kerberos5=/usr \
+ --with-xauth=/usr/bin/xauth \
+ --with-mantype=man \
+ --with-md5-passwords \
+ --with-pid-dir=/run \
+
+ make
+}
+
+check() {
+ cd "${srcdir}/${pkgname}-${pkgver}"
- #NOTE we disable-strip so that makepkg can decide whether to strip or not
- ./configure --prefix=/usr --libexecdir=/usr/lib/ssh \
- --sysconfdir=/etc/ssh --with-tcp-wrappers --with-privsep-user=nobody \
- --with-md5-passwords --with-pam --with-mantype=man --mandir=/usr/share/man \
- --with-xauth=/usr/bin/xauth --with-kerberos5=/usr --with-ssl-engine \
- --disable-strip
- make || return 1
+ # The connect.sh test must be run by a user with a decent login shell;
+ # chroot builds use nobody with /bin/false.
+ make tests || true
}
package() {
- cd ${srcdir}/${pkgname}-${pkgver}
- make DESTDIR=${pkgdir} install
+ cd "${srcdir}/${pkgname}-${pkgver}"
+ make DESTDIR="${pkgdir}" install
- install -Dm755 ${srcdir}/sshd ${pkgdir}/etc/rc.d/sshd
+ rm "${pkgdir}"/usr/share/man/man1/slogin.1
+ ln -sf ssh.1.gz "${pkgdir}"/usr/share/man/man1/slogin.1.gz
- install -Dm644 LICENCE ${pkgdir}/usr/share/licenses/${pkgname}/LICENCE
- install -Dm644 ${srcdir}/sshd.pam ${pkgdir}/etc/pam.d/sshd
- install -Dm644 ${srcdir}/sshd.confd ${pkgdir}/etc/conf.d/sshd
+ install -Dm644 LICENCE "${pkgdir}/usr/share/licenses/${pkgname}/LICENCE"
- rm ${pkgdir}/usr/share/man/man1/slogin.1
- ln -sf ssh.1.gz ${pkgdir}/usr/share/man/man1/slogin.1.gz
+ install -Dm644 ../sshdgenkeys.service "${pkgdir}"/usr/lib/systemd/system/sshdgenkeys.service
+ install -Dm644 ../sshd@.service "${pkgdir}"/usr/lib/systemd/system/sshd@.service
+ install -Dm644 ../sshd.service "${pkgdir}"/usr/lib/systemd/system/sshd.service
+ install -Dm644 ../sshd.socket "${pkgdir}"/usr/lib/systemd/system/sshd.socket
+ install -Dm644 ../tmpfiles.d "${pkgdir}"/usr/lib/tmpfiles.d/openssh.conf
- #additional contrib scripts that we like
- install -Dm755 contrib/findssl.sh ${pkgdir}/usr/bin/findssl.sh
- install -Dm755 contrib/ssh-copy-id ${pkgdir}/usr/bin/ssh-copy-id
- install -Dm644 contrib/ssh-copy-id.1 ${pkgdir}/usr/share/man/man1/ssh-copy-id.1
+ install -Dm755 ../sshd.close-sessions "${pkgdir}/etc/rc.d/functions.d/sshd-close-sessions" # FS#17389
+ install -Dm644 ../sshd.confd "${pkgdir}"/etc/conf.d/sshd
+ install -Dm644 ../sshd.pam "${pkgdir}"/etc/pam.d/sshd
+ install -Dm755 ../sshd "${pkgdir}"/etc/rc.d/sshd
- # sshd_config
- sed -i \
- -e 's|^#ListenAddress 0.0.0.0|ListenAddress 0.0.0.0|g' \
- -e 's|^#UsePAM no|UsePAM yes|g' \
- -e 's|^#ChallengeResponseAuthentication yes|ChallengeResponseAuthentication no|g' \
- ${pkgdir}/etc/ssh/sshd_config
- echo "HashKnownHosts yes" >> ${pkgdir}/etc/ssh/ssh_config
- echo "StrictHostKeyChecking ask" >> ${pkgdir}/etc/ssh/ssh_config
+ install -Dm755 contrib/findssl.sh "${pkgdir}"/usr/bin/findssl.sh
+ install -Dm755 contrib/ssh-copy-id "${pkgdir}"/usr/bin/ssh-copy-id
+ install -Dm644 contrib/ssh-copy-id.1 "${pkgdir}"/usr/share/man/man1/ssh-copy-id.1
- #ssh_config
- sed -i \
- -e 's|^# Host \*|Host *|g' \
- ${pkgdir}/etc/ssh/ssh_config
+ sed \
+ -e '/^#ChallengeResponseAuthentication yes$/c ChallengeResponseAuthentication no' \
+ -e '/^#UsePAM no$/c UsePAM yes' \
+ -i "${pkgdir}"/etc/ssh/sshd_config
}
diff --git a/abs/core/openssh/sshd b/abs/core/openssh/sshd
index bc0e453..4bf4780 100755
--- a/abs/core/openssh/sshd
+++ b/abs/core/openssh/sshd
@@ -4,38 +4,42 @@
. /etc/rc.d/functions
. /etc/conf.d/sshd
-PID="$(cat /var/run/sshd.pid 2>/dev/null)"
+PIDFILE=/run/sshd.pid
+PID=$(cat $PIDFILE 2>/dev/null)
+if ! readlink -q /proc/$PID/exe | grep -q '^/usr/sbin/sshd'; then
+ PID=
+ rm $PIDFILE 2>/dev/null
+fi
+
case "$1" in
- start)
- stat_busy "Starting Secure Shell Daemon"
- [ -f /etc/ssh/ssh_host_key ] || { /usr/bin/ssh-keygen -t rsa1 -N "" -f /etc/ssh/ssh_host_key >/dev/null; }
- [ -f /etc/ssh/ssh_host_rsa_key ] || { /usr/bin/ssh-keygen -t rsa -N "" -f /etc/ssh/ssh_host_rsa_key >/dev/null; }
- [ -f /etc/ssh/ssh_host_dsa_key ] || { /usr/bin/ssh-keygen -t dsa -N "" -f /etc/ssh/ssh_host_dsa_key >/dev/null; }
- [ -d /var/empty ] || mkdir -p /var/empty
- [ -z "$PID" ] && /usr/sbin/sshd $SSHD_ARGS
- if [ $? -gt 0 ]; then
- stat_fail
- else
- add_daemon sshd
- stat_done
- fi
- ;;
- stop)
- stat_busy "Stopping Secure Shell Daemon"
- [ ! -z "$PID" ] && kill $PID &> /dev/null
- if [ $? -gt 0 ]; then
- stat_fail
- else
- rm_daemon sshd
- stat_done
- fi
- ;;
- restart)
- $0 stop
- sleep 1
- $0 start
- ;;
- *)
- echo "usage: $0 {start|stop|restart}"
+ start)
+ stat_busy 'Starting Secure Shell Daemon'
+ /usr/bin/ssh-keygen -A
+ [[ -d /var/empty ]] || mkdir -p /var/empty
+ [[ -z $PID ]] && /usr/sbin/sshd $SSHD_ARGS
+ if [[ $? -gt 0 ]]; then
+ stat_fail
+ else
+ add_daemon sshd
+ stat_done
+ fi
+ ;;
+ stop)
+ stat_busy 'Stopping Secure Shell Daemon'
+ [[ ! -z $PID ]] && kill $PID &> /dev/null
+ if [[ $? -gt 0 ]]; then
+ stat_fail
+ else
+ rm_daemon sshd
+ stat_done
+ fi
+ ;;
+ restart)
+ $0 stop
+ sleep 1
+ $0 start
+ ;;
+ *)
+ echo "usage: $0 {start|stop|restart}"
esac
exit 0
diff --git a/abs/core/openssh/sshd.close-sessions b/abs/core/openssh/sshd.close-sessions
new file mode 100644
index 0000000..be2a709
--- /dev/null
+++ b/abs/core/openssh/sshd.close-sessions
@@ -0,0 +1,17 @@
+# Close sshd sessions before shutting down the network; see FS#17389.
+
+sshd_close_sessions () {
+ if ck_daemon sshd; then
+ return
+ fi
+ /etc/rc.d/sshd stop
+ stat_busy "Stopping Secure Shell Sessions"
+ for i in $(pgrep sshd); do
+ if readlink -q /proc/$i/exe | grep -q '^/usr/sbin/sshd'; then
+ kill $i
+ fi
+ done &>/dev/null
+ stat_done
+}
+
+add_hook shutdown_start sshd_close_sessions
diff --git a/abs/core/openssh/sshd.pam b/abs/core/openssh/sshd.pam
index dc70815..aeef8be 100644
--- a/abs/core/openssh/sshd.pam
+++ b/abs/core/openssh/sshd.pam
@@ -1,10 +1,13 @@
#%PAM-1.0
#auth required pam_securetty.so #Disable remote root
auth required pam_unix.so
-auth required pam_nologin.so
auth required pam_env.so
+account required pam_nologin.so
account required pam_unix.so
account required pam_time.so
password required pam_unix.so
session required pam_unix_session.so
session required pam_limits.so
+session optional pam_loginuid.so
+-session optional pam_ck_connector.so nox11
+-session optional pam_systemd.so
diff --git a/abs/core/openssh/sshd.service b/abs/core/openssh/sshd.service
new file mode 100644
index 0000000..7c8f883
--- /dev/null
+++ b/abs/core/openssh/sshd.service
@@ -0,0 +1,19 @@
+[Unit]
+Description=OpenSSH Daemon
+After=sshdgenkeys.service
+
+[Service]
+ExecStart=/usr/sbin/sshd -D
+ExecReload=/bin/kill -HUP $MAINPID
+KillMode=process
+Restart=always
+
+[Install]
+WantedBy=multi-user.target
+Also=sshdgenkeys.service
+
+# Note that this is the service file for running a single SSH server for all
+# incoming connections, suitable only for systems with a large amount of SSH
+# traffic. In almost all other cases it is a better idea to use sshd.socket +
+# sshd@.service (i.e. the on-demand spawning version for one instance per
+# connection).
diff --git a/abs/core/openssh/sshd.socket b/abs/core/openssh/sshd.socket
new file mode 100644
index 0000000..6a67bfe
--- /dev/null
+++ b/abs/core/openssh/sshd.socket
@@ -0,0 +1,10 @@
+[Unit]
+Conflicts=sshd.service
+
+[Socket]
+ListenStream=22
+Accept=yes
+
+[Install]
+WantedBy=sockets.target
+Also=sshdgenkeys.service
diff --git a/abs/core/openssh/sshd@.service b/abs/core/openssh/sshd@.service
new file mode 100644
index 0000000..2fd9b08
--- /dev/null
+++ b/abs/core/openssh/sshd@.service
@@ -0,0 +1,8 @@
+[Unit]
+Description=OpenSSH Per-Connection Daemon
+After=sshdgenkeys.service
+
+[Service]
+ExecStart=-/usr/sbin/sshd -i
+StandardInput=socket
+StandardError=syslog
diff --git a/abs/core/openssh/sshdgenkeys.service b/abs/core/openssh/sshdgenkeys.service
new file mode 100644
index 0000000..47c1c3f
--- /dev/null
+++ b/abs/core/openssh/sshdgenkeys.service
@@ -0,0 +1,18 @@
+[Unit]
+Description=SSH Key Generation
+ConditionPathExists=|!/etc/ssh/ssh_host_key
+ConditionPathExists=|!/etc/ssh/ssh_host_key.pub
+ConditionPathExists=|!/etc/ssh/ssh_host_ecdsa_key
+ConditionPathExists=|!/etc/ssh/ssh_host_ecdsa_key.pub
+ConditionPathExists=|!/etc/ssh/ssh_host_dsa_key
+ConditionPathExists=|!/etc/ssh/ssh_host_dsa_key.pub
+ConditionPathExists=|!/etc/ssh/ssh_host_rsa_key
+ConditionPathExists=|!/etc/ssh/ssh_host_rsa_key.pub
+
+[Service]
+ExecStart=/usr/bin/ssh-keygen -A
+Type=oneshot
+RemainAfterExit=yes
+
+[Install]
+WantedBy=multi-user.target
diff --git a/abs/core/openssh/tmpfiles.d b/abs/core/openssh/tmpfiles.d
new file mode 100644
index 0000000..7c5b261
--- /dev/null
+++ b/abs/core/openssh/tmpfiles.d
@@ -0,0 +1 @@
+d /var/empty 0755 root root -