summaryrefslogtreecommitdiffstats
path: root/abs/core/openssh
diff options
context:
space:
mode:
Diffstat (limited to 'abs/core/openssh')
-rw-r--r--abs/core/openssh/PKGBUILD49
-rw-r--r--abs/core/openssh/install10
-rwxr-xr-xabs/core/openssh/sshd45
-rw-r--r--abs/core/openssh/sshd.close-sessions17
-rw-r--r--abs/core/openssh/sshd.confd4
-rw-r--r--abs/core/openssh/sshd.pam17
-rw-r--r--abs/core/openssh/sshd.service12
-rw-r--r--abs/core/openssh/sshd.socket2
-rw-r--r--abs/core/openssh/sshd@.service2
-rw-r--r--abs/core/openssh/sshdgenkeys.service3
-rw-r--r--abs/core/openssh/tmpfiles.d1
11 files changed, 42 insertions, 120 deletions
diff --git a/abs/core/openssh/PKGBUILD b/abs/core/openssh/PKGBUILD
index fced1e1..63b69d3 100644
--- a/abs/core/openssh/PKGBUILD
+++ b/abs/core/openssh/PKGBUILD
@@ -1,46 +1,42 @@
-# $Id: PKGBUILD 162326 2012-06-25 06:10:45Z bisson $
+# $Id: PKGBUILD 199078 2013-11-08 16:53:32Z bisson $
# Maintainer: Gaetan Bisson <bisson@archlinux.org>
# Contributor: Aaron Griffin <aaron@archlinux.org>
# Contributor: judd <jvinet@zeroflux.org>
pkgname=openssh
-pkgver=6.0p1
-pkgrel=3
+pkgver=6.4p1
+pkgrel=1
pkgdesc='Free version of the SSH connectivity tools'
url='http://www.openssh.org/portable.html'
license=('custom:BSD')
arch=('i686' 'x86_64')
+makedepends=('linux-headers')
depends=('krb5' 'openssl' 'libedit' 'ldns')
optdepends=('xorg-xauth: X11 forwarding'
'x11-ssh-askpass: input passphrase in X')
source=("ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/${pkgname}-${pkgver}.tar.gz"
- 'sshd.close-sessions'
'sshdgenkeys.service'
'sshd@.service'
'sshd.service'
'sshd.socket'
- 'tmpfiles.d'
- 'sshd.confd'
- 'sshd.pam'
- 'sshd')
-sha1sums=('f691e53ef83417031a2854b8b1b661c9c08e4422'
- '954bf1660aa32620c37034320877f4511b767ccb'
- '6c71de2c2ca9622aa8e863acd94b135555e11125'
- 'bd6eae36c7ef9efb7147778baad7858b81f2d660'
- '83a257b8f6a62237383262cb0e2583e5609ddac0'
- 'a30fb5fda6d0143345bae47684edaffb8d0a92a7'
- 'b5cf44205e8f4365c00bfbee110d7c0e563627aa'
- 'ec102deb69cad7d14f406289d2fc11fee6eddbdd'
- '659e3ee95c269014783ff8b318c6f50bf7496fbd'
- 'ed36e3a522f619ff6b13e253526596e4cca11e9f')
+ 'sshd.pam')
+sha1sums=('cf5fe0eb118d7e4f9296fbc5d6884965885fc55d'
+ '6df5be396f8c593bb511a249a1453294d18a01a6'
+ '6a0ff3305692cf83aca96e10f3bb51e1c26fccda'
+ 'ec49c6beba923e201505f5669cea48cad29014db'
+ 'e12fa910b26a5634e5a6ac39ce1399a132cf6796'
+ 'd93dca5ebda4610ff7647187f8928a3de28703f3')
-backup=('etc/ssh/ssh_config' 'etc/ssh/sshd_config' 'etc/pam.d/sshd' 'etc/conf.d/sshd')
+backup=('etc/ssh/ssh_config' 'etc/ssh/sshd_config' 'etc/pam.d/sshd')
+
+install=install
build() {
cd "${srcdir}/${pkgname}-${pkgver}"
./configure \
--prefix=/usr \
+ --sbindir=/usr/bin \
--libexecdir=/usr/lib/ssh \
--sysconfdir=/etc/ssh \
--with-ldns \
@@ -60,30 +56,24 @@ build() {
check() {
cd "${srcdir}/${pkgname}-${pkgver}"
- # The connect.sh test must be run by a user with a decent login shell;
- # chroot builds use nobody with /bin/false.
- make tests || true
+ make tests ||
+ grep $USER /etc/passwd | grep -q /bin/false
+ # connect.sh fails when run with stupid login shell
}
package() {
cd "${srcdir}/${pkgname}-${pkgver}"
+
make DESTDIR="${pkgdir}" install
- rm "${pkgdir}"/usr/share/man/man1/slogin.1
ln -sf ssh.1.gz "${pkgdir}"/usr/share/man/man1/slogin.1.gz
-
install -Dm644 LICENCE "${pkgdir}/usr/share/licenses/${pkgname}/LICENCE"
install -Dm644 ../sshdgenkeys.service "${pkgdir}"/usr/lib/systemd/system/sshdgenkeys.service
install -Dm644 ../sshd@.service "${pkgdir}"/usr/lib/systemd/system/sshd@.service
install -Dm644 ../sshd.service "${pkgdir}"/usr/lib/systemd/system/sshd.service
install -Dm644 ../sshd.socket "${pkgdir}"/usr/lib/systemd/system/sshd.socket
- install -Dm644 ../tmpfiles.d "${pkgdir}"/usr/lib/tmpfiles.d/openssh.conf
-
- install -Dm755 ../sshd.close-sessions "${pkgdir}/etc/rc.d/functions.d/sshd-close-sessions" # FS#17389
- install -Dm644 ../sshd.confd "${pkgdir}"/etc/conf.d/sshd
install -Dm644 ../sshd.pam "${pkgdir}"/etc/pam.d/sshd
- install -Dm755 ../sshd "${pkgdir}"/etc/rc.d/sshd
install -Dm755 contrib/findssl.sh "${pkgdir}"/usr/bin/findssl.sh
install -Dm755 contrib/ssh-copy-id "${pkgdir}"/usr/bin/ssh-copy-id
@@ -91,6 +81,7 @@ package() {
sed \
-e '/^#ChallengeResponseAuthentication yes$/c ChallengeResponseAuthentication no' \
+ -e '/^#PrintMotd yes$/c PrintMotd no # pam does that' \
-e '/^#UsePAM no$/c UsePAM yes' \
-i "${pkgdir}"/etc/ssh/sshd_config
}
diff --git a/abs/core/openssh/install b/abs/core/openssh/install
new file mode 100644
index 0000000..6f0cd37
--- /dev/null
+++ b/abs/core/openssh/install
@@ -0,0 +1,10 @@
+post_upgrade() {
+ if [[ $(vercmp $2 6.2p2) = -1 ]]; then
+ cat <<EOF
+
+==> The sshd daemon has been moved to /usr/bin alongside all binaries.
+==> Please update this path in your scripts if applicable.
+
+EOF
+ fi
+}
diff --git a/abs/core/openssh/sshd b/abs/core/openssh/sshd
deleted file mode 100755
index 4bf4780..0000000
--- a/abs/core/openssh/sshd
+++ /dev/null
@@ -1,45 +0,0 @@
-#!/bin/bash
-
-. /etc/rc.conf
-. /etc/rc.d/functions
-. /etc/conf.d/sshd
-
-PIDFILE=/run/sshd.pid
-PID=$(cat $PIDFILE 2>/dev/null)
-if ! readlink -q /proc/$PID/exe | grep -q '^/usr/sbin/sshd'; then
- PID=
- rm $PIDFILE 2>/dev/null
-fi
-
-case "$1" in
- start)
- stat_busy 'Starting Secure Shell Daemon'
- /usr/bin/ssh-keygen -A
- [[ -d /var/empty ]] || mkdir -p /var/empty
- [[ -z $PID ]] && /usr/sbin/sshd $SSHD_ARGS
- if [[ $? -gt 0 ]]; then
- stat_fail
- else
- add_daemon sshd
- stat_done
- fi
- ;;
- stop)
- stat_busy 'Stopping Secure Shell Daemon'
- [[ ! -z $PID ]] && kill $PID &> /dev/null
- if [[ $? -gt 0 ]]; then
- stat_fail
- else
- rm_daemon sshd
- stat_done
- fi
- ;;
- restart)
- $0 stop
- sleep 1
- $0 start
- ;;
- *)
- echo "usage: $0 {start|stop|restart}"
-esac
-exit 0
diff --git a/abs/core/openssh/sshd.close-sessions b/abs/core/openssh/sshd.close-sessions
deleted file mode 100644
index be2a709..0000000
--- a/abs/core/openssh/sshd.close-sessions
+++ /dev/null
@@ -1,17 +0,0 @@
-# Close sshd sessions before shutting down the network; see FS#17389.
-
-sshd_close_sessions () {
- if ck_daemon sshd; then
- return
- fi
- /etc/rc.d/sshd stop
- stat_busy "Stopping Secure Shell Sessions"
- for i in $(pgrep sshd); do
- if readlink -q /proc/$i/exe | grep -q '^/usr/sbin/sshd'; then
- kill $i
- fi
- done &>/dev/null
- stat_done
-}
-
-add_hook shutdown_start sshd_close_sessions
diff --git a/abs/core/openssh/sshd.confd b/abs/core/openssh/sshd.confd
deleted file mode 100644
index 5ce7c00..0000000
--- a/abs/core/openssh/sshd.confd
+++ /dev/null
@@ -1,4 +0,0 @@
-#
-# Parameters to be passed to sshd
-#
-SSHD_ARGS=""
diff --git a/abs/core/openssh/sshd.pam b/abs/core/openssh/sshd.pam
index aeef8be..7ecef08 100644
--- a/abs/core/openssh/sshd.pam
+++ b/abs/core/openssh/sshd.pam
@@ -1,13 +1,6 @@
#%PAM-1.0
-#auth required pam_securetty.so #Disable remote root
-auth required pam_unix.so
-auth required pam_env.so
-account required pam_nologin.so
-account required pam_unix.so
-account required pam_time.so
-password required pam_unix.so
-session required pam_unix_session.so
-session required pam_limits.so
-session optional pam_loginuid.so
--session optional pam_ck_connector.so nox11
--session optional pam_systemd.so
+#auth required pam_securetty.so #disable remote root
+auth include system-remote-login
+account include system-remote-login
+password include system-remote-login
+session include system-remote-login
diff --git a/abs/core/openssh/sshd.service b/abs/core/openssh/sshd.service
index 7c8f883..55ed953 100644
--- a/abs/core/openssh/sshd.service
+++ b/abs/core/openssh/sshd.service
@@ -1,19 +1,17 @@
[Unit]
Description=OpenSSH Daemon
+Wants=sshdgenkeys.service
After=sshdgenkeys.service
+After=network.target
[Service]
-ExecStart=/usr/sbin/sshd -D
+ExecStart=/usr/bin/sshd -D
ExecReload=/bin/kill -HUP $MAINPID
KillMode=process
Restart=always
[Install]
WantedBy=multi-user.target
-Also=sshdgenkeys.service
-# Note that this is the service file for running a single SSH server for all
-# incoming connections, suitable only for systems with a large amount of SSH
-# traffic. In almost all other cases it is a better idea to use sshd.socket +
-# sshd@.service (i.e. the on-demand spawning version for one instance per
-# connection).
+# This service file runs an SSH daemon that forks for each incoming connection.
+# If you prefer to spawn on-demand daemons, use sshd.socket and sshd@.service.
diff --git a/abs/core/openssh/sshd.socket b/abs/core/openssh/sshd.socket
index 6a67bfe..e09e328 100644
--- a/abs/core/openssh/sshd.socket
+++ b/abs/core/openssh/sshd.socket
@@ -1,5 +1,6 @@
[Unit]
Conflicts=sshd.service
+Wants=sshdgenkeys.service
[Socket]
ListenStream=22
@@ -7,4 +8,3 @@ Accept=yes
[Install]
WantedBy=sockets.target
-Also=sshdgenkeys.service
diff --git a/abs/core/openssh/sshd@.service b/abs/core/openssh/sshd@.service
index 2fd9b08..7ce3d37 100644
--- a/abs/core/openssh/sshd@.service
+++ b/abs/core/openssh/sshd@.service
@@ -3,6 +3,6 @@ Description=OpenSSH Per-Connection Daemon
After=sshdgenkeys.service
[Service]
-ExecStart=-/usr/sbin/sshd -i
+ExecStart=-/usr/bin/sshd -i
StandardInput=socket
StandardError=syslog
diff --git a/abs/core/openssh/sshdgenkeys.service b/abs/core/openssh/sshdgenkeys.service
index 47c1c3f..8c27d71 100644
--- a/abs/core/openssh/sshdgenkeys.service
+++ b/abs/core/openssh/sshdgenkeys.service
@@ -13,6 +13,3 @@ ConditionPathExists=|!/etc/ssh/ssh_host_rsa_key.pub
ExecStart=/usr/bin/ssh-keygen -A
Type=oneshot
RemainAfterExit=yes
-
-[Install]
-WantedBy=multi-user.target
diff --git a/abs/core/openssh/tmpfiles.d b/abs/core/openssh/tmpfiles.d
deleted file mode 100644
index 7c5b261..0000000
--- a/abs/core/openssh/tmpfiles.d
+++ /dev/null
@@ -1 +0,0 @@
-d /var/empty 0755 root root -