wok-next annotate openssh/receipt @ rev 21017

Some maintenance
author Aleksej Bobylev <al.bobylev@gmail.com>
date Tue Oct 16 16:46:05 2018 +0300 (2018-10-16)
parents 757d032c55c7
children d5aab818505e
rev   line source
al@19850 1 # SliTaz package receipt v2.
pascal@860 2
pascal@860 3 PACKAGE="openssh"
al@20529 4 VERSION="7.6p1"
pascal@860 5 CATEGORY="security"
al@19850 6 SHORT_DESC="OpenSSH clients and daemon"
pascal@860 7 MAINTAINER="pascal.bellard@slitaz.org"
pascal@14657 8 LICENSE="BSD"
al@19850 9 WEB_SITE="https://www.openssh.com/"
al@21017 10 LFS="http://www.linuxfromscratch.org/blfs/view/svn/postlfs/openssh.html"
al@19850 11
pascal@860 12 TARBALL="$PACKAGE-$VERSION.tar.gz"
al@19850 13 WGET_URL="http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/$TARBALL"
pankso@16381 14
al@20453 15 BUILD_DEPENDS="openssl-dev zlib-dev openssl-dev perl mdocml-dev pam-dev" # groff
al@20529 16 SPLIT="openssh openssh-pam:pam"
pascal@860 17
al@20529 18 compile_rules() {
al@20529 19 install -m700 -d /var/lib/sshd
al@20529 20 chown root:sys /var/lib/sshd
al@20529 21
al@20529 22 addgroup -g 50 -S sshd
al@19850 23 adduser \
al@19850 24 -h /var/lib/sshd \
al@19850 25 -g 'sshd PrivSep' \
al@19850 26 -s /bin/false \
al@19850 27 -G sshd \
al@19850 28 -S -D \
al@19850 29 -u 50 \
al@20529 30 sshd
al@19850 31
al@20529 32 case $SET in
al@20529 33 pam) SET_ARGS='--with-pam --with-xauth=/usr/bin/xauth';;
al@20529 34 *) SET_ARGS='--without-pam --with-md5-passwords';;
al@20529 35 esac
al@20529 36
pankso@16381 37 ./configure \
pankso@16381 38 --sysconfdir=/etc/ssh \
al@19850 39 --with-privsep-path=/var/lib/sshd \
al@20529 40 $SET_ARGS \
pascal@1514 41 $CONFIGURE_ARGS &&
al@20534 42 make &&
al@20534 43 make DESTDIR=$DESTDIR install || return 1
pascal@860 44
al@20529 45 install -vm755 contrib/ssh-copy-id $install/usr/bin/
pascal@18807 46
al@20529 47 cook_pick_manpages contrib/ssh-copy-id.1
al@20529 48 cook_pick_docs INSTALL LICENCE OVERVIEW README*
al@19850 49
al@20529 50 # SliTaz stuff
al@19850 51
al@20529 52 install -Dm755 $stuff/openssh $install/etc/init.d/openssh
pascal@20281 53
al@20529 54 cat >> $install/etc/ssh/ssh_config <<EOT
pascal@19409 55
pascal@19409 56 # client bug CVE-2016-0777 and CVE-2016-0778
pascal@19409 57 Host *
pascal@19409 58 UseRoaming no
pascal@19409 59
al@19850 60 # From https://wiki.gentoo.org/wiki/SSH_jump_host
pascal@19409 61 Host *+*
pascal@19409 62 ProxyCommand ssh $(echo %h | sed 's/+[^+]*$//;s/\([^+%%]*\)%%\([^+]*\)$/\2 -l \1/;s/:/ -p /') exec nc -w1 $(echo %h | sed 's/^.*+//;/:/!s/$/ %p/;s/:/ /')
pascal@19409 63
pascal@19409 64 EOT
al@20529 65
al@20529 66 touch $install/etc/inetd.conf
pascal@860 67 }
pascal@860 68
al@20529 69 genpkg_rules() {
al@19850 70 case $PACKAGE in
al@19850 71 openssh)
al@19850 72 copy @std sshd/
al@20529 73 DEPENDS="openssl zlib"
al@20529 74 CONFIG_FILES="/etc/ssh/moduli /etc/ssh/ssh_config \
al@20529 75 /etc/ssh/sshd_config /etc/inetd.conf"
al@19850 76 TAGS="ssh security"
al@19850 77 PROVIDE="ssh"
al@19850 78 TAZPANEL_DAEMON="man::sshd|edit::/etc/ssh/sshd_config|options|web::$WEB_SITE"
al@19850 79 ;;
pascal@20281 80 openssh-pam)
al@20529 81 copy @std sshd/
pascal@20284 82 sed -i 's/.*UsePAM.*/UsePAM yes/' $fs/etc/ssh/sshd_config
al@20292 83 CAT="security|with PAM support"
al@20529 84 DEPENDS="openssl zlib pam"
al@20529 85 CONFIG_FILES="/etc/ssh/moduli /etc/ssh/ssh_config \
al@20529 86 /etc/ssh/sshd_config /etc/inetd.conf"
pascal@20281 87 TAGS="ssh security"
pascal@20281 88 PROVIDE="openssh:pam ssh:pam"
pascal@20281 89 TAZPANEL_DAEMON="man::sshd|edit::/etc/ssh/sshd_config|options|web::$WEB_SITE"
pascal@20281 90 ;;
al@19850 91 esac
al@19850 92 }
al@19850 93
al@19850 94 post_install_openssh() {
al@18689 95 grep -q ssh "$1/etc/inetd.conf" || cat >> "$1/etc/inetd.conf" <<EOT
pascal@17048 96 #ssh stream tcp nowait root sshd sshd -i
pascal@17048 97 EOT
al@19850 98
al@19850 99 while read dropbear openssh; do
al@18689 100 [ -s "$1$dropbear" ] || continue
pascal@18730 101 chroot "$1/" dropbearconvert dropbear openssh $dropbear $openssh
pascal@18730 102 chroot "$1/" dropbearkey -y -f $dropbear | grep ssh > "$1$openssh.pub"
pascal@18730 103 chroot "$1/" dropbearkey -y -f $dropbear | grep Fingerprint
pascal@16753 104 done <<EOT
pascal@7303 105 /etc/dropbear/dropbear_rsa_host_key /etc/ssh/ssh_host_rsa_key
pascal@7305 106 /etc/dropbear/dropbear_dss_host_key /etc/ssh/ssh_host_dsa_key
pascal@19889 107 /etc/dropbear/dropbear_ecdsa_host_key /etc/ssh/ssh_host_ecdsa_key
pascal@7303 108 EOT
al@18689 109
al@18689 110 chroot "$1/" ssh-keygen -A
pascal@7303 111 }
pascal@17048 112
al@19850 113 post_remove_openssh() {
al@19850 114 grep -q sshd "$1/etc/inetd.conf" &&
al@19850 115 sed -i '/sshd/d' "$1/etc/inetd.conf"
pascal@17048 116 }
pascal@20281 117
pascal@20281 118 post_install_openssh_pam() {
pascal@20281 119 grep -q ssh "$1/etc/inetd.conf" || cat >> "$1/etc/inetd.conf" <<EOT
pascal@20281 120 #ssh stream tcp nowait root sshd sshd -i
pascal@20281 121 EOT
pascal@20281 122
pascal@20281 123 while read dropbear openssh; do
pascal@20281 124 [ -s "$1$dropbear" ] || continue
pascal@20281 125 chroot "$1/" dropbearconvert dropbear openssh $dropbear $openssh
pascal@20281 126 chroot "$1/" dropbearkey -y -f $dropbear | grep ssh > "$1$openssh.pub"
pascal@20281 127 chroot "$1/" dropbearkey -y -f $dropbear | grep Fingerprint
pascal@20281 128 done <<EOT
pascal@20281 129 /etc/dropbear/dropbear_rsa_host_key /etc/ssh/ssh_host_rsa_key
pascal@20281 130 /etc/dropbear/dropbear_dss_host_key /etc/ssh/ssh_host_dsa_key
pascal@20281 131 /etc/dropbear/dropbear_ecdsa_host_key /etc/ssh/ssh_host_ecdsa_key
pascal@20281 132 EOT
pascal@20281 133
pascal@20281 134 chroot "$1/" ssh-keygen -A
pascal@20281 135 }
pascal@20281 136
pascal@20281 137 post_remove_openssh_pam() {
pascal@20281 138 grep -q sshd "$1/etc/inetd.conf" &&
pascal@20281 139 sed -i '/sshd/d' "$1/etc/inetd.conf"
pascal@20281 140 }