wok-next view openssh/receipt @ rev 20281
remove netatalk-pam, partimage-pam, openssh-pam
| author | Pascal Bellard <pascal.bellard@slitaz.org> |
|---|---|
| date | Wed Nov 08 14:51:34 2017 +0100 (2017-11-08) |
| parents | 7a6bbcda071b |
| children | 23544825f0d9 |
line source
1 # SliTaz package receipt v2.
3 PACKAGE="openssh"
4 VERSION="7.5p1"
5 CATEGORY="security"
6 SHORT_DESC="OpenSSH clients and daemon"
7 MAINTAINER="pascal.bellard@slitaz.org"
8 LICENSE="BSD"
9 WEB_SITE="https://www.openssh.com/"
11 TARBALL="$PACKAGE-$VERSION.tar.gz"
12 WGET_URL="http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/$TARBALL"
14 BUILD_DEPENDS="libcrypto-dev zlib-dev openssl-dev perl mdocml-dev pam-dev" # groff
15 SPLIT="sftp-server openssh openssh-pam"
17 # Rules to configure and make the package.
18 compile_rules()
19 {
20 # http://www.linuxfromscratch.org/blfs/view/stable/postlfs/openssh.html
21 install -v -m700 -d /var/lib/sshd &&
22 chown -v root:sys /var/lib/sshd &&
24 addgroup -g 50 -S sshd &&
25 adduser \
26 -h /var/lib/sshd \
27 -g 'sshd PrivSep' \
28 -s /bin/false \
29 -G sshd \
30 -S -D \
31 -u 50 \
32 sshd &&
34 cp -a $src $src-pam
35 ./configure \
36 --sysconfdir=/etc/ssh \
37 --with-md5-passwords \
38 --with-privsep-path=/var/lib/sshd \
39 --without-pam \
40 --without-ssh1 \
41 $CONFIGURE_ARGS &&
42 make && make DESTDIR=$DESTDIR install || return 1
44 cd $src-pam
45 ./configure \
46 --sysconfdir=/etc/ssh \
47 --with-privsep-path=/var/lib/sshd \
48 --with-pam \
49 --with-xauth=/usr/bin/xauth \
50 --without-ssh1 \
51 $CONFIGURE_ARGS &&
52 make && make DESTDIR=$DESTDIR-pam install || return 1
54 for inst in $install $install-pam ; do
55 install -vm755 contrib/ssh-copy-id $inst/usr/bin
57 install=$inst cook_pick_manpages contrib/ssh-copy-id.1
58 install=$inst cook_pick_docs INSTALL LICENCE OVERVIEW README*
60 # SliTaz stuff
62 mkdir -p $inst/etc/init.d
63 cp $stuff/openssh $inst/etc/init.d
64 cat >> $inst/etc/ssh/ssh_config <<EOT
66 # client bug CVE-2016-0777 and CVE-2016-0778
67 Host *
68 UseRoaming no
70 # From https://wiki.gentoo.org/wiki/SSH_jump_host
71 Host *+*
72 ProxyCommand ssh $(echo %h | sed 's/+[^+]*$//;s/\([^+%%]*\)%%\([^+]*\)$/\2 -l \1/;s/:/ -p /') exec nc -w1 $(echo %h | sed 's/^.*+//;/:/!s/$/ %p/;s/:/ /')
74 EOT
75 done
76 sed -i 's/.*UsePAM.*/UsePAM yes/' $install-pam/etc/ssh/sshd_conifig
77 }
79 # Rules to gen a SliTaz package suitable for Tazpkg.
80 genpkg_rules()
81 {
82 case $PACKAGE in
83 sftp-server)
84 copy sftp-server
85 CAT="security|secure FTP server"
86 TAGS="ssh"
87 DEPENDS="libcrypto zlib"
88 ;;
89 openssh)
90 copy @std sshd/
91 DEPENDS="sftp-server libcrypto zlib"
92 CONFIG_FILES="/etc/ssh/moduli /etc/ssh/ssh_config /etc/ssh/sshd_config \
93 /etc/inetd.conf"
94 TAGS="ssh security"
95 PROVIDE="ssh"
96 TAZPANEL_DAEMON="man::sshd|edit::/etc/ssh/sshd_config|options|web::$WEB_SITE"
97 ;;
98 openssh-pam)
99 install=$install-pam copy @std sshd/
100 DEPENDS="sftp-server libcrypto zlib pam"
101 CONFIG_FILES="/etc/ssh/moduli /etc/ssh/ssh_config /etc/ssh/sshd_config \
102 /etc/inetd.conf"
103 TAGS="ssh security"
104 PROVIDE="openssh:pam ssh:pam"
105 TAZPANEL_DAEMON="man::sshd|edit::/etc/ssh/sshd_config|options|web::$WEB_SITE"
106 ;;
107 esac
108 }
110 post_install_openssh() {
111 grep -q ssh "$1/etc/inetd.conf" || cat >> "$1/etc/inetd.conf" <<EOT
112 #ssh stream tcp nowait root sshd sshd -i
113 EOT
115 while read dropbear openssh; do
116 [ -s "$1$dropbear" ] || continue
117 chroot "$1/" dropbearconvert dropbear openssh $dropbear $openssh
118 chroot "$1/" dropbearkey -y -f $dropbear | grep ssh > "$1$openssh.pub"
119 chroot "$1/" dropbearkey -y -f $dropbear | grep Fingerprint
120 done <<EOT
121 /etc/dropbear/dropbear_rsa_host_key /etc/ssh/ssh_host_rsa_key
122 /etc/dropbear/dropbear_dss_host_key /etc/ssh/ssh_host_dsa_key
123 /etc/dropbear/dropbear_ecdsa_host_key /etc/ssh/ssh_host_ecdsa_key
124 EOT
126 chroot "$1/" ssh-keygen -A
127 }
129 post_remove_openssh() {
130 grep -q sshd "$1/etc/inetd.conf" &&
131 sed -i '/sshd/d' "$1/etc/inetd.conf"
132 }
134 post_install_openssh_pam() {
135 grep -q ssh "$1/etc/inetd.conf" || cat >> "$1/etc/inetd.conf" <<EOT
136 #ssh stream tcp nowait root sshd sshd -i
137 EOT
139 while read dropbear openssh; do
140 [ -s "$1$dropbear" ] || continue
141 chroot "$1/" dropbearconvert dropbear openssh $dropbear $openssh
142 chroot "$1/" dropbearkey -y -f $dropbear | grep ssh > "$1$openssh.pub"
143 chroot "$1/" dropbearkey -y -f $dropbear | grep Fingerprint
144 done <<EOT
145 /etc/dropbear/dropbear_rsa_host_key /etc/ssh/ssh_host_rsa_key
146 /etc/dropbear/dropbear_dss_host_key /etc/ssh/ssh_host_dsa_key
147 /etc/dropbear/dropbear_ecdsa_host_key /etc/ssh/ssh_host_ecdsa_key
148 EOT
150 chroot "$1/" ssh-keygen -A
151 }
153 post_remove_openssh_pam() {
154 grep -q sshd "$1/etc/inetd.conf" &&
155 sed -i '/sshd/d' "$1/etc/inetd.conf"
156 }