diff options
Diffstat (limited to 'abs/core')
-rw-r--r-- | abs/core/openssh/PKGBUILD | 49 | ||||
-rw-r--r-- | abs/core/openssh/install | 10 | ||||
-rwxr-xr-x | abs/core/openssh/sshd | 45 | ||||
-rw-r--r-- | abs/core/openssh/sshd.close-sessions | 17 | ||||
-rw-r--r-- | abs/core/openssh/sshd.confd | 4 | ||||
-rw-r--r-- | abs/core/openssh/sshd.pam | 17 | ||||
-rw-r--r-- | abs/core/openssh/sshd.service | 12 | ||||
-rw-r--r-- | abs/core/openssh/sshd.socket | 2 | ||||
-rw-r--r-- | abs/core/openssh/sshd@.service | 2 | ||||
-rw-r--r-- | abs/core/openssh/sshdgenkeys.service | 3 | ||||
-rw-r--r-- | abs/core/openssh/tmpfiles.d | 1 |
11 files changed, 42 insertions, 120 deletions
diff --git a/abs/core/openssh/PKGBUILD b/abs/core/openssh/PKGBUILD index fced1e1..63b69d3 100644 --- a/abs/core/openssh/PKGBUILD +++ b/abs/core/openssh/PKGBUILD @@ -1,46 +1,42 @@ -# $Id: PKGBUILD 162326 2012-06-25 06:10:45Z bisson $ +# $Id: PKGBUILD 199078 2013-11-08 16:53:32Z bisson $ # Maintainer: Gaetan Bisson <bisson@archlinux.org> # Contributor: Aaron Griffin <aaron@archlinux.org> # Contributor: judd <jvinet@zeroflux.org> pkgname=openssh -pkgver=6.0p1 -pkgrel=3 +pkgver=6.4p1 +pkgrel=1 pkgdesc='Free version of the SSH connectivity tools' url='http://www.openssh.org/portable.html' license=('custom:BSD') arch=('i686' 'x86_64') +makedepends=('linux-headers') depends=('krb5' 'openssl' 'libedit' 'ldns') optdepends=('xorg-xauth: X11 forwarding' 'x11-ssh-askpass: input passphrase in X') source=("ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/${pkgname}-${pkgver}.tar.gz" - 'sshd.close-sessions' 'sshdgenkeys.service' 'sshd@.service' 'sshd.service' 'sshd.socket' - 'tmpfiles.d' - 'sshd.confd' - 'sshd.pam' - 'sshd') -sha1sums=('f691e53ef83417031a2854b8b1b661c9c08e4422' - '954bf1660aa32620c37034320877f4511b767ccb' - '6c71de2c2ca9622aa8e863acd94b135555e11125' - 'bd6eae36c7ef9efb7147778baad7858b81f2d660' - '83a257b8f6a62237383262cb0e2583e5609ddac0' - 'a30fb5fda6d0143345bae47684edaffb8d0a92a7' - 'b5cf44205e8f4365c00bfbee110d7c0e563627aa' - 'ec102deb69cad7d14f406289d2fc11fee6eddbdd' - '659e3ee95c269014783ff8b318c6f50bf7496fbd' - 'ed36e3a522f619ff6b13e253526596e4cca11e9f') + 'sshd.pam') +sha1sums=('cf5fe0eb118d7e4f9296fbc5d6884965885fc55d' + '6df5be396f8c593bb511a249a1453294d18a01a6' + '6a0ff3305692cf83aca96e10f3bb51e1c26fccda' + 'ec49c6beba923e201505f5669cea48cad29014db' + 'e12fa910b26a5634e5a6ac39ce1399a132cf6796' + 'd93dca5ebda4610ff7647187f8928a3de28703f3') -backup=('etc/ssh/ssh_config' 'etc/ssh/sshd_config' 'etc/pam.d/sshd' 'etc/conf.d/sshd') +backup=('etc/ssh/ssh_config' 'etc/ssh/sshd_config' 'etc/pam.d/sshd') + +install=install build() { cd "${srcdir}/${pkgname}-${pkgver}" ./configure \ --prefix=/usr \ + --sbindir=/usr/bin \ --libexecdir=/usr/lib/ssh \ --sysconfdir=/etc/ssh \ --with-ldns \ @@ -60,30 +56,24 @@ build() { check() { cd "${srcdir}/${pkgname}-${pkgver}" - # The connect.sh test must be run by a user with a decent login shell; - # chroot builds use nobody with /bin/false. - make tests || true + make tests || + grep $USER /etc/passwd | grep -q /bin/false + # connect.sh fails when run with stupid login shell } package() { cd "${srcdir}/${pkgname}-${pkgver}" + make DESTDIR="${pkgdir}" install - rm "${pkgdir}"/usr/share/man/man1/slogin.1 ln -sf ssh.1.gz "${pkgdir}"/usr/share/man/man1/slogin.1.gz - install -Dm644 LICENCE "${pkgdir}/usr/share/licenses/${pkgname}/LICENCE" install -Dm644 ../sshdgenkeys.service "${pkgdir}"/usr/lib/systemd/system/sshdgenkeys.service install -Dm644 ../sshd@.service "${pkgdir}"/usr/lib/systemd/system/sshd@.service install -Dm644 ../sshd.service "${pkgdir}"/usr/lib/systemd/system/sshd.service install -Dm644 ../sshd.socket "${pkgdir}"/usr/lib/systemd/system/sshd.socket - install -Dm644 ../tmpfiles.d "${pkgdir}"/usr/lib/tmpfiles.d/openssh.conf - - install -Dm755 ../sshd.close-sessions "${pkgdir}/etc/rc.d/functions.d/sshd-close-sessions" # FS#17389 - install -Dm644 ../sshd.confd "${pkgdir}"/etc/conf.d/sshd install -Dm644 ../sshd.pam "${pkgdir}"/etc/pam.d/sshd - install -Dm755 ../sshd "${pkgdir}"/etc/rc.d/sshd install -Dm755 contrib/findssl.sh "${pkgdir}"/usr/bin/findssl.sh install -Dm755 contrib/ssh-copy-id "${pkgdir}"/usr/bin/ssh-copy-id @@ -91,6 +81,7 @@ package() { sed \ -e '/^#ChallengeResponseAuthentication yes$/c ChallengeResponseAuthentication no' \ + -e '/^#PrintMotd yes$/c PrintMotd no # pam does that' \ -e '/^#UsePAM no$/c UsePAM yes' \ -i "${pkgdir}"/etc/ssh/sshd_config } diff --git a/abs/core/openssh/install b/abs/core/openssh/install new file mode 100644 index 0000000..6f0cd37 --- /dev/null +++ b/abs/core/openssh/install @@ -0,0 +1,10 @@ +post_upgrade() { + if [[ $(vercmp $2 6.2p2) = -1 ]]; then + cat <<EOF + +==> The sshd daemon has been moved to /usr/bin alongside all binaries. +==> Please update this path in your scripts if applicable. + +EOF + fi +} diff --git a/abs/core/openssh/sshd b/abs/core/openssh/sshd deleted file mode 100755 index 4bf4780..0000000 --- a/abs/core/openssh/sshd +++ /dev/null @@ -1,45 +0,0 @@ -#!/bin/bash - -. /etc/rc.conf -. /etc/rc.d/functions -. /etc/conf.d/sshd - -PIDFILE=/run/sshd.pid -PID=$(cat $PIDFILE 2>/dev/null) -if ! readlink -q /proc/$PID/exe | grep -q '^/usr/sbin/sshd'; then - PID= - rm $PIDFILE 2>/dev/null -fi - -case "$1" in - start) - stat_busy 'Starting Secure Shell Daemon' - /usr/bin/ssh-keygen -A - [[ -d /var/empty ]] || mkdir -p /var/empty - [[ -z $PID ]] && /usr/sbin/sshd $SSHD_ARGS - if [[ $? -gt 0 ]]; then - stat_fail - else - add_daemon sshd - stat_done - fi - ;; - stop) - stat_busy 'Stopping Secure Shell Daemon' - [[ ! -z $PID ]] && kill $PID &> /dev/null - if [[ $? -gt 0 ]]; then - stat_fail - else - rm_daemon sshd - stat_done - fi - ;; - restart) - $0 stop - sleep 1 - $0 start - ;; - *) - echo "usage: $0 {start|stop|restart}" -esac -exit 0 diff --git a/abs/core/openssh/sshd.close-sessions b/abs/core/openssh/sshd.close-sessions deleted file mode 100644 index be2a709..0000000 --- a/abs/core/openssh/sshd.close-sessions +++ /dev/null @@ -1,17 +0,0 @@ -# Close sshd sessions before shutting down the network; see FS#17389. - -sshd_close_sessions () { - if ck_daemon sshd; then - return - fi - /etc/rc.d/sshd stop - stat_busy "Stopping Secure Shell Sessions" - for i in $(pgrep sshd); do - if readlink -q /proc/$i/exe | grep -q '^/usr/sbin/sshd'; then - kill $i - fi - done &>/dev/null - stat_done -} - -add_hook shutdown_start sshd_close_sessions diff --git a/abs/core/openssh/sshd.confd b/abs/core/openssh/sshd.confd deleted file mode 100644 index 5ce7c00..0000000 --- a/abs/core/openssh/sshd.confd +++ /dev/null @@ -1,4 +0,0 @@ -# -# Parameters to be passed to sshd -# -SSHD_ARGS="" diff --git a/abs/core/openssh/sshd.pam b/abs/core/openssh/sshd.pam index aeef8be..7ecef08 100644 --- a/abs/core/openssh/sshd.pam +++ b/abs/core/openssh/sshd.pam @@ -1,13 +1,6 @@ #%PAM-1.0 -#auth required pam_securetty.so #Disable remote root -auth required pam_unix.so -auth required pam_env.so -account required pam_nologin.so -account required pam_unix.so -account required pam_time.so -password required pam_unix.so -session required pam_unix_session.so -session required pam_limits.so -session optional pam_loginuid.so --session optional pam_ck_connector.so nox11 --session optional pam_systemd.so +#auth required pam_securetty.so #disable remote root +auth include system-remote-login +account include system-remote-login +password include system-remote-login +session include system-remote-login diff --git a/abs/core/openssh/sshd.service b/abs/core/openssh/sshd.service index 7c8f883..55ed953 100644 --- a/abs/core/openssh/sshd.service +++ b/abs/core/openssh/sshd.service @@ -1,19 +1,17 @@ [Unit] Description=OpenSSH Daemon +Wants=sshdgenkeys.service After=sshdgenkeys.service +After=network.target [Service] -ExecStart=/usr/sbin/sshd -D +ExecStart=/usr/bin/sshd -D ExecReload=/bin/kill -HUP $MAINPID KillMode=process Restart=always [Install] WantedBy=multi-user.target -Also=sshdgenkeys.service -# Note that this is the service file for running a single SSH server for all -# incoming connections, suitable only for systems with a large amount of SSH -# traffic. In almost all other cases it is a better idea to use sshd.socket + -# sshd@.service (i.e. the on-demand spawning version for one instance per -# connection). +# This service file runs an SSH daemon that forks for each incoming connection. +# If you prefer to spawn on-demand daemons, use sshd.socket and sshd@.service. diff --git a/abs/core/openssh/sshd.socket b/abs/core/openssh/sshd.socket index 6a67bfe..e09e328 100644 --- a/abs/core/openssh/sshd.socket +++ b/abs/core/openssh/sshd.socket @@ -1,5 +1,6 @@ [Unit] Conflicts=sshd.service +Wants=sshdgenkeys.service [Socket] ListenStream=22 @@ -7,4 +8,3 @@ Accept=yes [Install] WantedBy=sockets.target -Also=sshdgenkeys.service diff --git a/abs/core/openssh/sshd@.service b/abs/core/openssh/sshd@.service index 2fd9b08..7ce3d37 100644 --- a/abs/core/openssh/sshd@.service +++ b/abs/core/openssh/sshd@.service @@ -3,6 +3,6 @@ Description=OpenSSH Per-Connection Daemon After=sshdgenkeys.service [Service] -ExecStart=-/usr/sbin/sshd -i +ExecStart=-/usr/bin/sshd -i StandardInput=socket StandardError=syslog diff --git a/abs/core/openssh/sshdgenkeys.service b/abs/core/openssh/sshdgenkeys.service index 47c1c3f..8c27d71 100644 --- a/abs/core/openssh/sshdgenkeys.service +++ b/abs/core/openssh/sshdgenkeys.service @@ -13,6 +13,3 @@ ConditionPathExists=|!/etc/ssh/ssh_host_rsa_key.pub ExecStart=/usr/bin/ssh-keygen -A Type=oneshot RemainAfterExit=yes - -[Install] -WantedBy=multi-user.target diff --git a/abs/core/openssh/tmpfiles.d b/abs/core/openssh/tmpfiles.d deleted file mode 100644 index 7c5b261..0000000 --- a/abs/core/openssh/tmpfiles.d +++ /dev/null @@ -1 +0,0 @@ -d /var/empty 0755 root root - |