wok-next annotate openssh/receipt @ rev 20281
remove netatalk-pam, partimage-pam, openssh-pam
author | Pascal Bellard <pascal.bellard@slitaz.org> |
---|---|
date | Wed Nov 08 14:51:34 2017 +0100 (2017-11-08) |
parents | 7a6bbcda071b |
children | 23544825f0d9 |
rev | line source |
---|---|
al@19850 | 1 # SliTaz package receipt v2. |
pascal@860 | 2 |
pascal@860 | 3 PACKAGE="openssh" |
al@19850 | 4 VERSION="7.5p1" |
pascal@860 | 5 CATEGORY="security" |
al@19850 | 6 SHORT_DESC="OpenSSH clients and daemon" |
pascal@860 | 7 MAINTAINER="pascal.bellard@slitaz.org" |
pascal@14657 | 8 LICENSE="BSD" |
al@19850 | 9 WEB_SITE="https://www.openssh.com/" |
al@19850 | 10 |
pascal@860 | 11 TARBALL="$PACKAGE-$VERSION.tar.gz" |
al@19850 | 12 WGET_URL="http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/$TARBALL" |
pankso@16381 | 13 |
pascal@20281 | 14 BUILD_DEPENDS="libcrypto-dev zlib-dev openssl-dev perl mdocml-dev pam-dev" # groff |
pascal@20281 | 15 SPLIT="sftp-server openssh openssh-pam" |
pascal@860 | 16 |
pascal@860 | 17 # Rules to configure and make the package. |
pascal@860 | 18 compile_rules() |
pascal@860 | 19 { |
al@19850 | 20 # http://www.linuxfromscratch.org/blfs/view/stable/postlfs/openssh.html |
al@19850 | 21 install -v -m700 -d /var/lib/sshd && |
al@19850 | 22 chown -v root:sys /var/lib/sshd && |
al@19850 | 23 |
al@19850 | 24 addgroup -g 50 -S sshd && |
al@19850 | 25 adduser \ |
al@19850 | 26 -h /var/lib/sshd \ |
al@19850 | 27 -g 'sshd PrivSep' \ |
al@19850 | 28 -s /bin/false \ |
al@19850 | 29 -G sshd \ |
al@19850 | 30 -S -D \ |
al@19850 | 31 -u 50 \ |
al@19850 | 32 sshd && |
al@19850 | 33 |
pascal@20281 | 34 cp -a $src $src-pam |
pankso@16381 | 35 ./configure \ |
pankso@16381 | 36 --sysconfdir=/etc/ssh \ |
al@19850 | 37 --with-md5-passwords \ |
al@19850 | 38 --with-privsep-path=/var/lib/sshd \ |
pascal@20281 | 39 --without-pam \ |
pascal@20281 | 40 --without-ssh1 \ |
pascal@1514 | 41 $CONFIGURE_ARGS && |
al@19850 | 42 make && make DESTDIR=$DESTDIR install || return 1 |
pascal@860 | 43 |
pascal@20281 | 44 cd $src-pam |
pascal@20281 | 45 ./configure \ |
pascal@20281 | 46 --sysconfdir=/etc/ssh \ |
pascal@20281 | 47 --with-privsep-path=/var/lib/sshd \ |
pascal@20281 | 48 --with-pam \ |
pascal@20281 | 49 --with-xauth=/usr/bin/xauth \ |
pascal@20281 | 50 --without-ssh1 \ |
pascal@20281 | 51 $CONFIGURE_ARGS && |
pascal@20281 | 52 make && make DESTDIR=$DESTDIR-pam install || return 1 |
pascal@18807 | 53 |
pascal@20281 | 54 for inst in $install $install-pam ; do |
pascal@20281 | 55 install -vm755 contrib/ssh-copy-id $inst/usr/bin |
al@19850 | 56 |
pascal@20281 | 57 install=$inst cook_pick_manpages contrib/ssh-copy-id.1 |
pascal@20281 | 58 install=$inst cook_pick_docs INSTALL LICENCE OVERVIEW README* |
al@19850 | 59 |
pascal@20281 | 60 # SliTaz stuff |
pascal@20281 | 61 |
pascal@20281 | 62 mkdir -p $inst/etc/init.d |
pascal@20281 | 63 cp $stuff/openssh $inst/etc/init.d |
pascal@20281 | 64 cat >> $inst/etc/ssh/ssh_config <<EOT |
pascal@19409 | 65 |
pascal@19409 | 66 # client bug CVE-2016-0777 and CVE-2016-0778 |
pascal@19409 | 67 Host * |
pascal@19409 | 68 UseRoaming no |
pascal@19409 | 69 |
al@19850 | 70 # From https://wiki.gentoo.org/wiki/SSH_jump_host |
pascal@19409 | 71 Host *+* |
pascal@19409 | 72 ProxyCommand ssh $(echo %h | sed 's/+[^+]*$//;s/\([^+%%]*\)%%\([^+]*\)$/\2 -l \1/;s/:/ -p /') exec nc -w1 $(echo %h | sed 's/^.*+//;/:/!s/$/ %p/;s/:/ /') |
pascal@19409 | 73 |
pascal@19409 | 74 EOT |
pascal@20281 | 75 done |
pascal@20281 | 76 sed -i 's/.*UsePAM.*/UsePAM yes/' $install-pam/etc/ssh/sshd_conifig |
pascal@860 | 77 } |
pascal@860 | 78 |
al@19850 | 79 # Rules to gen a SliTaz package suitable for Tazpkg. |
al@19850 | 80 genpkg_rules() |
pascal@7303 | 81 { |
al@19850 | 82 case $PACKAGE in |
al@19850 | 83 sftp-server) |
al@19850 | 84 copy sftp-server |
al@19850 | 85 CAT="security|secure FTP server" |
al@19850 | 86 TAGS="ssh" |
al@19850 | 87 DEPENDS="libcrypto zlib" |
al@19850 | 88 ;; |
al@19850 | 89 openssh) |
al@19850 | 90 copy @std sshd/ |
al@19850 | 91 DEPENDS="sftp-server libcrypto zlib" |
al@19850 | 92 CONFIG_FILES="/etc/ssh/moduli /etc/ssh/ssh_config /etc/ssh/sshd_config \ |
al@19850 | 93 /etc/inetd.conf" |
al@19850 | 94 TAGS="ssh security" |
al@19850 | 95 PROVIDE="ssh" |
al@19850 | 96 TAZPANEL_DAEMON="man::sshd|edit::/etc/ssh/sshd_config|options|web::$WEB_SITE" |
al@19850 | 97 ;; |
pascal@20281 | 98 openssh-pam) |
pascal@20281 | 99 install=$install-pam copy @std sshd/ |
pascal@20281 | 100 DEPENDS="sftp-server libcrypto zlib pam" |
pascal@20281 | 101 CONFIG_FILES="/etc/ssh/moduli /etc/ssh/ssh_config /etc/ssh/sshd_config \ |
pascal@20281 | 102 /etc/inetd.conf" |
pascal@20281 | 103 TAGS="ssh security" |
pascal@20281 | 104 PROVIDE="openssh:pam ssh:pam" |
pascal@20281 | 105 TAZPANEL_DAEMON="man::sshd|edit::/etc/ssh/sshd_config|options|web::$WEB_SITE" |
pascal@20281 | 106 ;; |
al@19850 | 107 esac |
al@19850 | 108 } |
al@19850 | 109 |
al@19850 | 110 post_install_openssh() { |
al@18689 | 111 grep -q ssh "$1/etc/inetd.conf" || cat >> "$1/etc/inetd.conf" <<EOT |
pascal@17048 | 112 #ssh stream tcp nowait root sshd sshd -i |
pascal@17048 | 113 EOT |
al@19850 | 114 |
al@19850 | 115 while read dropbear openssh; do |
al@18689 | 116 [ -s "$1$dropbear" ] || continue |
pascal@18730 | 117 chroot "$1/" dropbearconvert dropbear openssh $dropbear $openssh |
pascal@18730 | 118 chroot "$1/" dropbearkey -y -f $dropbear | grep ssh > "$1$openssh.pub" |
pascal@18730 | 119 chroot "$1/" dropbearkey -y -f $dropbear | grep Fingerprint |
pascal@16753 | 120 done <<EOT |
pascal@7303 | 121 /etc/dropbear/dropbear_rsa_host_key /etc/ssh/ssh_host_rsa_key |
pascal@7305 | 122 /etc/dropbear/dropbear_dss_host_key /etc/ssh/ssh_host_dsa_key |
pascal@19889 | 123 /etc/dropbear/dropbear_ecdsa_host_key /etc/ssh/ssh_host_ecdsa_key |
pascal@7303 | 124 EOT |
al@18689 | 125 |
al@18689 | 126 chroot "$1/" ssh-keygen -A |
pascal@7303 | 127 } |
pascal@17048 | 128 |
al@19850 | 129 post_remove_openssh() { |
al@19850 | 130 grep -q sshd "$1/etc/inetd.conf" && |
al@19850 | 131 sed -i '/sshd/d' "$1/etc/inetd.conf" |
pascal@17048 | 132 } |
pascal@20281 | 133 |
pascal@20281 | 134 post_install_openssh_pam() { |
pascal@20281 | 135 grep -q ssh "$1/etc/inetd.conf" || cat >> "$1/etc/inetd.conf" <<EOT |
pascal@20281 | 136 #ssh stream tcp nowait root sshd sshd -i |
pascal@20281 | 137 EOT |
pascal@20281 | 138 |
pascal@20281 | 139 while read dropbear openssh; do |
pascal@20281 | 140 [ -s "$1$dropbear" ] || continue |
pascal@20281 | 141 chroot "$1/" dropbearconvert dropbear openssh $dropbear $openssh |
pascal@20281 | 142 chroot "$1/" dropbearkey -y -f $dropbear | grep ssh > "$1$openssh.pub" |
pascal@20281 | 143 chroot "$1/" dropbearkey -y -f $dropbear | grep Fingerprint |
pascal@20281 | 144 done <<EOT |
pascal@20281 | 145 /etc/dropbear/dropbear_rsa_host_key /etc/ssh/ssh_host_rsa_key |
pascal@20281 | 146 /etc/dropbear/dropbear_dss_host_key /etc/ssh/ssh_host_dsa_key |
pascal@20281 | 147 /etc/dropbear/dropbear_ecdsa_host_key /etc/ssh/ssh_host_ecdsa_key |
pascal@20281 | 148 EOT |
pascal@20281 | 149 |
pascal@20281 | 150 chroot "$1/" ssh-keygen -A |
pascal@20281 | 151 } |
pascal@20281 | 152 |
pascal@20281 | 153 post_remove_openssh_pam() { |
pascal@20281 | 154 grep -q sshd "$1/etc/inetd.conf" && |
pascal@20281 | 155 sed -i '/sshd/d' "$1/etc/inetd.conf" |
pascal@20281 | 156 } |