wok-next view openssh/receipt @ rev 20337
orpheus: tiny patch
| author | Pascal Bellard <pascal.bellard@slitaz.org> |
|---|---|
| date | Thu Nov 16 21:37:29 2017 +0100 (2017-11-16) |
| parents | c6b8c8e476d9 |
| children | e6615350078d |
line source
1 # SliTaz package receipt v2.
3 PACKAGE="openssh"
4 VERSION="7.5p1"
5 CATEGORY="security"
6 SHORT_DESC="OpenSSH clients and daemon"
7 MAINTAINER="pascal.bellard@slitaz.org"
8 LICENSE="BSD"
9 WEB_SITE="https://www.openssh.com/"
11 TARBALL="$PACKAGE-$VERSION.tar.gz"
12 WGET_URL="http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/$TARBALL"
14 BUILD_DEPENDS="libcrypto-dev zlib-dev openssl-dev perl mdocml-dev pam-dev" # groff
15 SPLIT="sftp-server openssh openssh-pam"
17 # Rules to configure and make the package.
18 compile_rules()
19 {
20 # http://www.linuxfromscratch.org/blfs/view/stable/postlfs/openssh.html
21 install -v -m700 -d /var/lib/sshd &&
22 chown -v root:sys /var/lib/sshd &&
24 addgroup -g 50 -S sshd &&
25 adduser \
26 -h /var/lib/sshd \
27 -g 'sshd PrivSep' \
28 -s /bin/false \
29 -G sshd \
30 -S -D \
31 -u 50 \
32 sshd &&
34 cp -a $src $src-pam
35 ./configure \
36 --sysconfdir=/etc/ssh \
37 --with-md5-passwords \
38 --with-privsep-path=/var/lib/sshd \
39 --without-pam \
40 --without-ssh1 \
41 $CONFIGURE_ARGS &&
42 make && make DESTDIR=$DESTDIR install || return 1
44 cd $src-pam
45 ./configure \
46 --sysconfdir=/etc/ssh \
47 --with-privsep-path=/var/lib/sshd \
48 --with-pam \
49 --with-xauth=/usr/bin/xauth \
50 --without-ssh1 \
51 $CONFIGURE_ARGS &&
52 make && make DESTDIR=$DESTDIR-pam install || return 1
54 for inst in $install $install-pam ; do
55 install -vm755 contrib/ssh-copy-id $inst/usr/bin
57 install=$inst cook_pick_manpages contrib/ssh-copy-id.1
58 install=$inst cook_pick_docs INSTALL LICENCE OVERVIEW README*
60 # SliTaz stuff
62 mkdir -p $inst/etc/init.d
63 cp $stuff/openssh $inst/etc/init.d
64 cat >> $inst/etc/ssh/ssh_config <<EOT
66 # client bug CVE-2016-0777 and CVE-2016-0778
67 Host *
68 UseRoaming no
70 # From https://wiki.gentoo.org/wiki/SSH_jump_host
71 Host *+*
72 ProxyCommand ssh $(echo %h | sed 's/+[^+]*$//;s/\([^+%%]*\)%%\([^+]*\)$/\2 -l \1/;s/:/ -p /') exec nc -w1 $(echo %h | sed 's/^.*+//;/:/!s/$/ %p/;s/:/ /')
74 EOT
75 done
76 }
78 # Rules to gen a SliTaz package suitable for Tazpkg.
79 genpkg_rules()
80 {
81 case $PACKAGE in
82 sftp-server)
83 copy sftp-server
84 CAT="security|secure FTP server"
85 TAGS="ssh"
86 DEPENDS="libcrypto zlib"
87 ;;
88 openssh)
89 copy @std sshd/
90 DEPENDS="sftp-server libcrypto zlib"
91 CONFIG_FILES="/etc/ssh/moduli /etc/ssh/ssh_config /etc/ssh/sshd_config \
92 /etc/inetd.conf"
93 TAGS="ssh security"
94 PROVIDE="ssh"
95 TAZPANEL_DAEMON="man::sshd|edit::/etc/ssh/sshd_config|options|web::$WEB_SITE"
96 ;;
97 openssh-pam)
98 install=$install-pam copy @std sshd/
99 sed -i 's/.*UsePAM.*/UsePAM yes/' $fs/etc/ssh/sshd_config
100 CAT="security|with PAM support"
101 DEPENDS="sftp-server libcrypto zlib pam"
102 CONFIG_FILES="/etc/ssh/moduli /etc/ssh/ssh_config /etc/ssh/sshd_config \
103 /etc/inetd.conf"
104 TAGS="ssh security"
105 PROVIDE="openssh:pam ssh:pam"
106 TAZPANEL_DAEMON="man::sshd|edit::/etc/ssh/sshd_config|options|web::$WEB_SITE"
107 ;;
108 esac
109 }
111 post_install_openssh() {
112 grep -q ssh "$1/etc/inetd.conf" || cat >> "$1/etc/inetd.conf" <<EOT
113 #ssh stream tcp nowait root sshd sshd -i
114 EOT
116 while read dropbear openssh; do
117 [ -s "$1$dropbear" ] || continue
118 chroot "$1/" dropbearconvert dropbear openssh $dropbear $openssh
119 chroot "$1/" dropbearkey -y -f $dropbear | grep ssh > "$1$openssh.pub"
120 chroot "$1/" dropbearkey -y -f $dropbear | grep Fingerprint
121 done <<EOT
122 /etc/dropbear/dropbear_rsa_host_key /etc/ssh/ssh_host_rsa_key
123 /etc/dropbear/dropbear_dss_host_key /etc/ssh/ssh_host_dsa_key
124 /etc/dropbear/dropbear_ecdsa_host_key /etc/ssh/ssh_host_ecdsa_key
125 EOT
127 chroot "$1/" ssh-keygen -A
128 }
130 post_remove_openssh() {
131 grep -q sshd "$1/etc/inetd.conf" &&
132 sed -i '/sshd/d' "$1/etc/inetd.conf"
133 }
135 post_install_openssh_pam() {
136 grep -q ssh "$1/etc/inetd.conf" || cat >> "$1/etc/inetd.conf" <<EOT
137 #ssh stream tcp nowait root sshd sshd -i
138 EOT
140 while read dropbear openssh; do
141 [ -s "$1$dropbear" ] || continue
142 chroot "$1/" dropbearconvert dropbear openssh $dropbear $openssh
143 chroot "$1/" dropbearkey -y -f $dropbear | grep ssh > "$1$openssh.pub"
144 chroot "$1/" dropbearkey -y -f $dropbear | grep Fingerprint
145 done <<EOT
146 /etc/dropbear/dropbear_rsa_host_key /etc/ssh/ssh_host_rsa_key
147 /etc/dropbear/dropbear_dss_host_key /etc/ssh/ssh_host_dsa_key
148 /etc/dropbear/dropbear_ecdsa_host_key /etc/ssh/ssh_host_ecdsa_key
149 EOT
151 chroot "$1/" ssh-keygen -A
152 }
154 post_remove_openssh_pam() {
155 grep -q sshd "$1/etc/inetd.conf" &&
156 sed -i '/sshd/d' "$1/etc/inetd.conf"
157 }