wok-next diff openssh/receipt @ rev 20281
remove netatalk-pam, partimage-pam, openssh-pam
author | Pascal Bellard <pascal.bellard@slitaz.org> |
---|---|
date | Wed Nov 08 14:51:34 2017 +0100 (2017-11-08) |
parents | 7a6bbcda071b |
children | 23544825f0d9 |
line diff
1.1 --- a/openssh/receipt Tue Oct 10 08:54:54 2017 +0200 1.2 +++ b/openssh/receipt Wed Nov 08 14:51:34 2017 +0100 1.3 @@ -11,8 +11,8 @@ 1.4 TARBALL="$PACKAGE-$VERSION.tar.gz" 1.5 WGET_URL="http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/$TARBALL" 1.6 1.7 -BUILD_DEPENDS="libcrypto-dev zlib-dev openssl-dev perl mdocml-dev" # groff 1.8 -SPLIT="sftp-server openssh" 1.9 +BUILD_DEPENDS="libcrypto-dev zlib-dev openssl-dev perl mdocml-dev pam-dev" # groff 1.10 +SPLIT="sftp-server openssh openssh-pam" 1.11 1.12 # Rules to configure and make the package. 1.13 compile_rules() 1.14 @@ -31,23 +31,37 @@ 1.15 -u 50 \ 1.16 sshd && 1.17 1.18 + cp -a $src $src-pam 1.19 ./configure \ 1.20 --sysconfdir=/etc/ssh \ 1.21 --with-md5-passwords \ 1.22 --with-privsep-path=/var/lib/sshd \ 1.23 + --without-pam \ 1.24 + --without-ssh1 \ 1.25 $CONFIGURE_ARGS && 1.26 make && make DESTDIR=$DESTDIR install || return 1 1.27 1.28 - install -vm755 contrib/ssh-copy-id $install/usr/bin 1.29 + cd $src-pam 1.30 + ./configure \ 1.31 + --sysconfdir=/etc/ssh \ 1.32 + --with-privsep-path=/var/lib/sshd \ 1.33 + --with-pam \ 1.34 + --with-xauth=/usr/bin/xauth \ 1.35 + --without-ssh1 \ 1.36 + $CONFIGURE_ARGS && 1.37 + make && make DESTDIR=$DESTDIR-pam install || return 1 1.38 1.39 - cook_pick_manpages contrib/ssh-copy-id.1 1.40 - cook_pick_docs INSTALL LICENCE OVERVIEW README* 1.41 + for inst in $install $install-pam ; do 1.42 + install -vm755 contrib/ssh-copy-id $inst/usr/bin 1.43 1.44 - # SliTaz stuff 1.45 + install=$inst cook_pick_manpages contrib/ssh-copy-id.1 1.46 + install=$inst cook_pick_docs INSTALL LICENCE OVERVIEW README* 1.47 1.48 - mkdir -p $install/etc/init.d 1.49 - cp $stuff/openssh $install/etc/init.d 1.50 - cat >> $install/etc/ssh/ssh_config <<EOT 1.51 + # SliTaz stuff 1.52 + 1.53 + mkdir -p $inst/etc/init.d 1.54 + cp $stuff/openssh $inst/etc/init.d 1.55 + cat >> $inst/etc/ssh/ssh_config <<EOT 1.56 1.57 # client bug CVE-2016-0777 and CVE-2016-0778 1.58 Host * 1.59 @@ -58,6 +72,8 @@ 1.60 ProxyCommand ssh $(echo %h | sed 's/+[^+]*$//;s/\([^+%%]*\)%%\([^+]*\)$/\2 -l \1/;s/:/ -p /') exec nc -w1 $(echo %h | sed 's/^.*+//;/:/!s/$/ %p/;s/:/ /') 1.61 1.62 EOT 1.63 + done 1.64 + sed -i 's/.*UsePAM.*/UsePAM yes/' $install-pam/etc/ssh/sshd_conifig 1.65 } 1.66 1.67 # Rules to gen a SliTaz package suitable for Tazpkg. 1.68 @@ -79,6 +95,15 @@ 1.69 PROVIDE="ssh" 1.70 TAZPANEL_DAEMON="man::sshd|edit::/etc/ssh/sshd_config|options|web::$WEB_SITE" 1.71 ;; 1.72 + openssh-pam) 1.73 + install=$install-pam copy @std sshd/ 1.74 + DEPENDS="sftp-server libcrypto zlib pam" 1.75 + CONFIG_FILES="/etc/ssh/moduli /etc/ssh/ssh_config /etc/ssh/sshd_config \ 1.76 + /etc/inetd.conf" 1.77 + TAGS="ssh security" 1.78 + PROVIDE="openssh:pam ssh:pam" 1.79 + TAZPANEL_DAEMON="man::sshd|edit::/etc/ssh/sshd_config|options|web::$WEB_SITE" 1.80 + ;; 1.81 esac 1.82 } 1.83 1.84 @@ -105,3 +130,27 @@ 1.85 grep -q sshd "$1/etc/inetd.conf" && 1.86 sed -i '/sshd/d' "$1/etc/inetd.conf" 1.87 } 1.88 + 1.89 +post_install_openssh_pam() { 1.90 + grep -q ssh "$1/etc/inetd.conf" || cat >> "$1/etc/inetd.conf" <<EOT 1.91 +#ssh stream tcp nowait root sshd sshd -i 1.92 +EOT 1.93 + 1.94 + while read dropbear openssh; do 1.95 + [ -s "$1$dropbear" ] || continue 1.96 + chroot "$1/" dropbearconvert dropbear openssh $dropbear $openssh 1.97 + chroot "$1/" dropbearkey -y -f $dropbear | grep ssh > "$1$openssh.pub" 1.98 + chroot "$1/" dropbearkey -y -f $dropbear | grep Fingerprint 1.99 + done <<EOT 1.100 +/etc/dropbear/dropbear_rsa_host_key /etc/ssh/ssh_host_rsa_key 1.101 +/etc/dropbear/dropbear_dss_host_key /etc/ssh/ssh_host_dsa_key 1.102 +/etc/dropbear/dropbear_ecdsa_host_key /etc/ssh/ssh_host_ecdsa_key 1.103 +EOT 1.104 + 1.105 + chroot "$1/" ssh-keygen -A 1.106 +} 1.107 + 1.108 +post_remove_openssh_pam() { 1.109 + grep -q sshd "$1/etc/inetd.conf" && 1.110 + sed -i '/sshd/d' "$1/etc/inetd.conf" 1.111 +}