openssh: 6.0p1

9 files changed, 191 insertions, 79 deletions

diff --git a/abs/core/openssh/PKGBUILD b/abs/core/openssh/PKGBUILD
index 36a82bd..fced1e1 100644
--- a/abs/core/openssh/PKGBUILD
+++ b/abs/core/openssh/PKGBUILD
@@ -1,64 +1,96 @@
-# $Id: PKGBUILD 89278 2010-08-30 21:38:00Z thomas $
-# Maintainer: Aaron Griffin <aaron@archlinux.org>
+# $Id: PKGBUILD 162326 2012-06-25 06:10:45Z bisson $
+# Maintainer: Gaetan Bisson <bisson@archlinux.org>
+# Contributor: Aaron Griffin <aaron@archlinux.org>
 # Contributor: judd <jvinet@zeroflux.org>
 
 pkgname=openssh
-pkgver=5.6p1
-pkgrel=1
-pkgdesc='A Secure SHell server/client'
+pkgver=6.0p1
+pkgrel=3
+pkgdesc='Free version of the SSH connectivity tools'
+url='http://www.openssh.org/portable.html'
+license=('custom:BSD')
 arch=('i686' 'x86_64')
-license=('custom')
-url="http://www.openssh.org/portable.html"
-backup=('etc/ssh/ssh_config' 'etc/ssh/sshd_config' 'etc/pam.d/sshd')
-depends=('openssl' 'zlib' 'pam' 'tcp_wrappers' 'heimdal')
+depends=('krb5' 'openssl' 'libedit' 'ldns')
+optdepends=('xorg-xauth: X11 forwarding'
+            'x11-ssh-askpass: input passphrase in X')
 source=("ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/${pkgname}-${pkgver}.tar.gz"
-        'sshd' 'sshd.confd' 'sshd.pam')
-md5sums=('e6ee52e47c768bf0ec42a232b5d18fb0'
-         '17b1b1bf0f578a55945ee204bd4462af'
-         'e2cea70ac13af7e63d40eb04415eacd5'
-         '1c7c2ea8734ec7e3ca58d820634dc73a')
+        'sshd.close-sessions'
+        'sshdgenkeys.service'
+        'sshd@.service'
+        'sshd.service'
+        'sshd.socket'
+        'tmpfiles.d'
+        'sshd.confd'
+        'sshd.pam'
+        'sshd')
+sha1sums=('f691e53ef83417031a2854b8b1b661c9c08e4422'
+          '954bf1660aa32620c37034320877f4511b767ccb'
+          '6c71de2c2ca9622aa8e863acd94b135555e11125'
+          'bd6eae36c7ef9efb7147778baad7858b81f2d660'
+          '83a257b8f6a62237383262cb0e2583e5609ddac0'
+          'a30fb5fda6d0143345bae47684edaffb8d0a92a7'
+          'b5cf44205e8f4365c00bfbee110d7c0e563627aa'
+          'ec102deb69cad7d14f406289d2fc11fee6eddbdd'
+          '659e3ee95c269014783ff8b318c6f50bf7496fbd'
+          'ed36e3a522f619ff6b13e253526596e4cca11e9f')
+
+backup=('etc/ssh/ssh_config' 'etc/ssh/sshd_config' 'etc/pam.d/sshd' 'etc/conf.d/sshd')
 
 build() {
-  cd ${srcdir}/${pkgname}-${pkgver}
+	cd "${srcdir}/${pkgname}-${pkgver}"
+
+	./configure \
+		--prefix=/usr \
+		--libexecdir=/usr/lib/ssh \
+		--sysconfdir=/etc/ssh \
+		--with-ldns \
+		--with-libedit \
+		--with-ssl-engine \
+		--with-pam \
+		--with-privsep-user=nobody \
+		--with-kerberos5=/usr \
+		--with-xauth=/usr/bin/xauth \
+		--with-mantype=man \
+		--with-md5-passwords \
+		--with-pid-dir=/run \
+
+	make
+}
+
+check() {
+	cd "${srcdir}/${pkgname}-${pkgver}"
 
-  #NOTE we disable-strip so that makepkg can decide whether to strip or not
-  ./configure --prefix=/usr --libexecdir=/usr/lib/ssh \
-    --sysconfdir=/etc/ssh --with-tcp-wrappers --with-privsep-user=nobody \
-    --with-md5-passwords --with-pam --with-mantype=man --mandir=/usr/share/man \
-    --with-xauth=/usr/bin/xauth --with-kerberos5=/usr --with-ssl-engine \
-    --disable-strip
-  make || return 1
+	# The connect.sh test must be run by a user with a decent login shell;
+	# chroot builds use nobody with /bin/false.
+	make tests || true
 }
 
 package() {
-  cd ${srcdir}/${pkgname}-${pkgver}
-  make DESTDIR=${pkgdir} install
+	cd "${srcdir}/${pkgname}-${pkgver}"
+	make DESTDIR="${pkgdir}" install
 
-  install -Dm755 ${srcdir}/sshd ${pkgdir}/etc/rc.d/sshd
+	rm "${pkgdir}"/usr/share/man/man1/slogin.1
+	ln -sf ssh.1.gz "${pkgdir}"/usr/share/man/man1/slogin.1.gz
 
-  install -Dm644 LICENCE ${pkgdir}/usr/share/licenses/${pkgname}/LICENCE
-  install -Dm644 ${srcdir}/sshd.pam ${pkgdir}/etc/pam.d/sshd
-  install -Dm644 ${srcdir}/sshd.confd ${pkgdir}/etc/conf.d/sshd
+	install -Dm644 LICENCE "${pkgdir}/usr/share/licenses/${pkgname}/LICENCE"
 
-  rm ${pkgdir}/usr/share/man/man1/slogin.1
-  ln -sf ssh.1.gz ${pkgdir}/usr/share/man/man1/slogin.1.gz
+	install -Dm644 ../sshdgenkeys.service "${pkgdir}"/usr/lib/systemd/system/sshdgenkeys.service
+	install -Dm644 ../sshd@.service "${pkgdir}"/usr/lib/systemd/system/sshd@.service
+	install -Dm644 ../sshd.service "${pkgdir}"/usr/lib/systemd/system/sshd.service
+	install -Dm644 ../sshd.socket "${pkgdir}"/usr/lib/systemd/system/sshd.socket
+	install -Dm644 ../tmpfiles.d "${pkgdir}"/usr/lib/tmpfiles.d/openssh.conf
 
-  #additional contrib scripts that we like
-  install -Dm755 contrib/findssl.sh ${pkgdir}/usr/bin/findssl.sh
-  install -Dm755 contrib/ssh-copy-id ${pkgdir}/usr/bin/ssh-copy-id
-  install -Dm644 contrib/ssh-copy-id.1  ${pkgdir}/usr/share/man/man1/ssh-copy-id.1
+	install -Dm755 ../sshd.close-sessions "${pkgdir}/etc/rc.d/functions.d/sshd-close-sessions" # FS#17389
+	install -Dm644 ../sshd.confd "${pkgdir}"/etc/conf.d/sshd
+	install -Dm644 ../sshd.pam "${pkgdir}"/etc/pam.d/sshd
+	install -Dm755 ../sshd "${pkgdir}"/etc/rc.d/sshd
 
-  # sshd_config
-  sed -i \
-    -e 's|^#ListenAddress 0.0.0.0|ListenAddress 0.0.0.0|g' \
-    -e 's|^#UsePAM no|UsePAM yes|g' \
-    -e 's|^#ChallengeResponseAuthentication yes|ChallengeResponseAuthentication no|g' \
-    ${pkgdir}/etc/ssh/sshd_config
-  echo "HashKnownHosts yes" >>  ${pkgdir}/etc/ssh/ssh_config
-  echo "StrictHostKeyChecking ask" >>  ${pkgdir}/etc/ssh/ssh_config
+	install -Dm755 contrib/findssl.sh "${pkgdir}"/usr/bin/findssl.sh
+	install -Dm755 contrib/ssh-copy-id "${pkgdir}"/usr/bin/ssh-copy-id
+	install -Dm644 contrib/ssh-copy-id.1 "${pkgdir}"/usr/share/man/man1/ssh-copy-id.1
 
-  #ssh_config
-  sed -i \
-    -e 's|^# Host \*|Host *|g' \
-    ${pkgdir}/etc/ssh/ssh_config
+	sed \
+		-e '/^#ChallengeResponseAuthentication yes$/c ChallengeResponseAuthentication no' \
+		-e '/^#UsePAM no$/c UsePAM yes' \
+		-i "${pkgdir}"/etc/ssh/sshd_config
 }
diff --git a/abs/core/openssh/sshd b/abs/core/openssh/sshd
index bc0e453..4bf4780 100755
--- a/abs/core/openssh/sshd
+++ b/abs/core/openssh/sshd
@@ -4,38 +4,42 @@
 . /etc/rc.d/functions
 . /etc/conf.d/sshd
 
-PID="$(cat /var/run/sshd.pid 2>/dev/null)"
+PIDFILE=/run/sshd.pid
+PID=$(cat $PIDFILE 2>/dev/null)
+if ! readlink -q /proc/$PID/exe | grep -q '^/usr/sbin/sshd'; then
+	PID=
+	rm $PIDFILE 2>/dev/null
+fi
+
 case "$1" in
-  start)
-    stat_busy "Starting Secure Shell Daemon"
-    [ -f /etc/ssh/ssh_host_key ] || { /usr/bin/ssh-keygen -t rsa1 -N "" -f /etc/ssh/ssh_host_key >/dev/null; }
-    [ -f /etc/ssh/ssh_host_rsa_key ] || { /usr/bin/ssh-keygen -t rsa -N "" -f /etc/ssh/ssh_host_rsa_key >/dev/null; }
-    [ -f /etc/ssh/ssh_host_dsa_key ] || { /usr/bin/ssh-keygen -t dsa -N "" -f /etc/ssh/ssh_host_dsa_key >/dev/null; }
-    [ -d /var/empty ] || mkdir -p /var/empty
-    [ -z "$PID" ] && /usr/sbin/sshd $SSHD_ARGS
-    if [ $? -gt 0 ]; then
-      stat_fail
-    else
-      add_daemon sshd
-      stat_done
-    fi
-    ;;
-  stop)
-    stat_busy "Stopping Secure Shell Daemon"
-    [ ! -z "$PID" ]  && kill $PID &> /dev/null
-    if [ $? -gt 0 ]; then
-      stat_fail
-    else
-      rm_daemon sshd
-      stat_done
-    fi
-    ;;
-  restart)
-    $0 stop
-    sleep 1
-    $0 start
-    ;;
-  *)
-    echo "usage: $0 {start|stop|restart}"  
+	start)
+		stat_busy 'Starting Secure Shell Daemon'
+		/usr/bin/ssh-keygen -A
+		[[ -d /var/empty ]] || mkdir -p /var/empty
+		[[ -z $PID ]] && /usr/sbin/sshd $SSHD_ARGS
+		if [[ $? -gt 0 ]]; then
+			stat_fail
+		else
+			add_daemon sshd
+			stat_done
+		fi
+		;;
+	stop)
+		stat_busy 'Stopping Secure Shell Daemon'
+		[[ ! -z $PID ]] && kill $PID &> /dev/null
+		if [[ $? -gt 0 ]]; then
+			stat_fail
+		else
+			rm_daemon sshd
+			stat_done
+		fi
+		;;
+	restart)
+		$0 stop
+		sleep 1
+		$0 start
+		;;
+	*)
+		echo "usage: $0 {start|stop|restart}"
 esac
 exit 0
diff --git a/abs/core/openssh/sshd.close-sessions b/abs/core/openssh/sshd.close-sessions
new file mode 100644
index 0000000..be2a709
--- /dev/null
+++ b/abs/core/openssh/sshd.close-sessions
@@ -0,0 +1,17 @@
+# Close sshd sessions before shutting down the network; see FS#17389.
+
+sshd_close_sessions () {
+	if ck_daemon sshd; then
+		return
+	fi
+	/etc/rc.d/sshd stop
+	stat_busy "Stopping Secure Shell Sessions"
+	for i in $(pgrep sshd); do
+		if readlink -q /proc/$i/exe | grep -q '^/usr/sbin/sshd'; then
+			kill $i
+		fi
+	done &>/dev/null
+	stat_done
+}
+
+add_hook shutdown_start sshd_close_sessions
diff --git a/abs/core/openssh/sshd.pam b/abs/core/openssh/sshd.pam
index dc70815..aeef8be 100644
--- a/abs/core/openssh/sshd.pam
+++ b/abs/core/openssh/sshd.pam
@@ -1,10 +1,13 @@
 #%PAM-1.0
 #auth		required	pam_securetty.so	#Disable remote root
 auth		required	pam_unix.so
-auth		required	pam_nologin.so
 auth		required	pam_env.so
+account		required	pam_nologin.so
 account		required	pam_unix.so
 account		required	pam_time.so
 password	required	pam_unix.so
 session		required	pam_unix_session.so
 session		required	pam_limits.so
+session         optional        pam_loginuid.so
+-session	optional	pam_ck_connector.so nox11
+-session	optional	pam_systemd.so
diff --git a/abs/core/openssh/sshd.service b/abs/core/openssh/sshd.service
new file mode 100644
index 0000000..7c8f883
--- /dev/null
+++ b/abs/core/openssh/sshd.service
@@ -0,0 +1,19 @@
+[Unit]
+Description=OpenSSH Daemon
+After=sshdgenkeys.service
+
+[Service]
+ExecStart=/usr/sbin/sshd -D
+ExecReload=/bin/kill -HUP $MAINPID
+KillMode=process
+Restart=always
+
+[Install]
+WantedBy=multi-user.target
+Also=sshdgenkeys.service
+
+# Note that this is the service file for running a single SSH server for all
+# incoming connections, suitable only for systems with a large amount of SSH
+# traffic. In almost all other cases it is a better idea to use sshd.socket +
+# sshd@.service (i.e. the on-demand spawning version for one instance per
+# connection).
diff --git a/abs/core/openssh/sshd.socket b/abs/core/openssh/sshd.socket
new file mode 100644
index 0000000..6a67bfe
--- /dev/null
+++ b/abs/core/openssh/sshd.socket
@@ -0,0 +1,10 @@
+[Unit]
+Conflicts=sshd.service
+
+[Socket]
+ListenStream=22
+Accept=yes
+
+[Install]
+WantedBy=sockets.target
+Also=sshdgenkeys.service
diff --git a/abs/core/openssh/sshd@.service b/abs/core/openssh/sshd@.service
new file mode 100644
index 0000000..2fd9b08
--- /dev/null
+++ b/abs/core/openssh/sshd@.service
@@ -0,0 +1,8 @@
+[Unit]
+Description=OpenSSH Per-Connection Daemon
+After=sshdgenkeys.service
+
+[Service]
+ExecStart=-/usr/sbin/sshd -i
+StandardInput=socket
+StandardError=syslog
diff --git a/abs/core/openssh/sshdgenkeys.service b/abs/core/openssh/sshdgenkeys.service
new file mode 100644
index 0000000..47c1c3f
--- /dev/null
+++ b/abs/core/openssh/sshdgenkeys.service
@@ -0,0 +1,18 @@
+[Unit]
+Description=SSH Key Generation
+ConditionPathExists=|!/etc/ssh/ssh_host_key
+ConditionPathExists=|!/etc/ssh/ssh_host_key.pub
+ConditionPathExists=|!/etc/ssh/ssh_host_ecdsa_key
+ConditionPathExists=|!/etc/ssh/ssh_host_ecdsa_key.pub
+ConditionPathExists=|!/etc/ssh/ssh_host_dsa_key
+ConditionPathExists=|!/etc/ssh/ssh_host_dsa_key.pub
+ConditionPathExists=|!/etc/ssh/ssh_host_rsa_key
+ConditionPathExists=|!/etc/ssh/ssh_host_rsa_key.pub
+
+[Service]
+ExecStart=/usr/bin/ssh-keygen -A
+Type=oneshot
+RemainAfterExit=yes
+
+[Install]
+WantedBy=multi-user.target
diff --git a/abs/core/openssh/tmpfiles.d b/abs/core/openssh/tmpfiles.d
new file mode 100644
index 0000000..7c5b261
--- /dev/null
+++ b/abs/core/openssh/tmpfiles.d
@@ -0,0 +1 @@
+d /var/empty 0755 root root -