wok view openssh-pam/receipt @ rev 25682

Up libqcow (20240308)
author Pascal Bellard <pascal.bellard@slitaz.org>
date Sun Mar 24 18:25:46 2024 +0000 (2 months ago)
parents d88295c12cfc
children
line source
1 # SliTaz package receipt.
2
3 PACKAGE="openssh-pam"
4 VERSION="9.3p1"
5 CATEGORY="security"
6 TAGS="ssh security"
7 SHORT_DESC="Openbsd Secure Shell using PAM."
8 MAINTAINER="pascal.bellard@slitaz.org"
9 LICENSE="BSD"
10 WEB_SITE="https://www.openssh.com/"
11
12 SOURCE="openssh"
13 TARBALL="$SOURCE-$VERSION.tar.gz"
14 WGET_URL="https://ftp.fr.openbsd.org/pub/OpenBSD/OpenSSH/portable/$TARBALL"
15
16 PROVIDE="openssh:pam ssh:pam"
17 SUGGESTED="gtk+"
18 DEPENDS="libcrypto pam sftp-server zlib"
19 BUILD_DEPENDS="gtk+-dev libcrypto-dev openssl-dev pam pam-dev zlib-dev"
20
21 TAZPANEL_DAEMON="man::sshd|edit::/etc/ssh/sshd_config|options::OPENSSH_OPTIONS|web::$WEB_SITE"
22
23 CONFIG_FILES="/etc/ssh/*config /etc/ssh/moduli"
24 SECRET_FILES="/etc/ssh/*key*"
25
26 # What is the latest version available today?
27 current_version()
28 {
29 wget -O - ${WGET_URL%/*}/ 2>/dev/null | \
30 sed '/tar..z"/!d;s|.*ssh-\(.*\).tar..z".*|\1|' | tail -n1
31 }
32
33 # Rules to configure and make the package.
34 compile_rules()
35 {
36 unset LD # for cross compiling with --disable-strip
37 ./configure \
38 --prefix=/usr \
39 --sysconfdir=/etc/ssh \
40 --libexecdir=/usr/sbin \
41 --with-privsep-user=nobody \
42 --with-xauth=/usr/bin/xauth \
43 --with-privsep-path=/var/run/sshd \
44 --with-pam \
45 --disable-strip \
46 $CONFIGURE_ARGS &&
47 make STRIP_OPT="" &&
48 make install -j 1 DESTDIR=$DESTDIR
49 install -d -m 755 $DESTDIR/usr/share/doc &&
50 install -m 644 $src/[A-Z][A-Z]* $DESTDIR/usr/share/doc
51 cd contrib &&
52 cc -Wall $(pkg-config --cflags gtk+-2.0) gnome-ssh-askpass2.c \
53 -o gnome-ssh-askpass $(pkg-config --libs gtk+-2.0) -lX11 &&
54 cp gnome-ssh-askpass $DESTDIR/usr/bin/ssh-askpass
55 }
56
57 # Rules to gen a SliTaz package suitable for Tazpkg.
58 genpkg_rules()
59 {
60 mkdir -p $fs/usr
61 mkdir -p $fs/etc/init.d
62 mkdir -p $fs/etc/ssh
63
64 cp -a $install/usr/sbin $fs/usr
65 cp -a $install/usr/bin $fs/usr
66 rm -f $fs/usr/sbin/sftp-server
67 install -D -m 755 -oroot -groot $src/contrib/sshd.pam.generic \
68 $fs/etc/pam.d/sshd
69 install -m 755 -oroot -groot $src/contrib/ssh-copy-id \
70 $fs/usr/bin
71 cp $src/contrib/ssh-copy-id.1 $install/usr/share/man/cat1
72 cp -a $install/etc $fs
73 cp ../$SOURCE/stuff/openssh $fs/etc/init.d
74 sed -i 's/.*UsePAM.*/UsePAM yes/' $fs/etc/ssh/sshd_config
75 sed -i 's|/usr/libexec/sftp-server|/usr/sbin/sftp-server|' \
76 $fs/etc/ssh/sshd_config
77
78 cat >> $fs/etc/ssh/ssh_config <<EOT
79
80 # client bug CVE-2016-0777 and CVE-2016-0778
81 Host *
82 UseRoaming no
83
84 # From https://wiki.gentoo.org/wiki/SSH_jump_host
85 Host *+*
86 ProxyCommand ssh \$(echo %h | sed 's/+[^+]*$//;s/\\([^+%%]*\\)%%\\([^+]*\\)\$/\\2 -l \\1/;s/:/ -p /') exec nc -w1 \$(echo %h | sed 's/^.*+//;/:/!s/\$/ %p/;s/:/ /')
87
88 EOT
89 }
90
91 post_install()
92 {
93 grep -q ssh "$1/etc/inetd.conf" || cat >> "$1/etc/inetd.conf" <<EOT
94 #ssh stream tcp nowait root sshd sshd -i
95 EOT
96 while read dropbear openssh
97 do
98 [ -s "$1$dropbear" ] || continue
99 [ -s "$1$openssh" ] && continue
100 chroot "$1/" dropbearconvert dropbear openssh $dropbear $openssh
101 chroot "$1/" dropbearkey -y -f $dropbear | grep ssh > "$1$openssh.pub"
102 chroot "$1/" dropbearkey -y -f $dropbear | grep Fingerprint
103 done <<EOT
104 /etc/dropbear/dropbear_rsa_host_key /etc/ssh/ssh_host_rsa_key
105 /etc/dropbear/dropbear_dss_host_key /etc/ssh/ssh_host_dsa_key
106 /etc/dropbear/dropbear_ecdsa_host_key /etc/ssh/ssh_host_ecdsa_key
107 /etc/dropbear/dropbear_ed25519_host_key /etc/ssh/ssh_host_ed25519_key
108 EOT
109
110 chroot "$1/" ssh-keygen -A
111 }
112
113 post_remove()
114 {
115 grep -q sshd "$1/etc/inetd.conf" &&
116 sed -i '/sshd/d' "$1/etc/inetd.conf"
117 }