wok view openssh-pam/receipt @ rev 25027

updated openssh, openssh-pam and sftp-server (8.7p1 -> 9.0p1)
author Hans-G?nter Theisgen
date Thu May 19 13:59:33 2022 +0100 (23 months ago)
parents 7bea68e23e6b
children 41581d281860
line source
1 # SliTaz package receipt.
2
3 PACKAGE="openssh-pam"
4 VERSION="9.0p1"
5 CATEGORY="security"
6 TAGS="ssh security"
7 SHORT_DESC="Openbsd Secure Shell using PAM."
8 MAINTAINER="pascal.bellard@slitaz.org"
9 LICENSE="BSD"
10 WEB_SITE="https://www.openssh.com/"
11
12 SOURCE="openssh"
13 TARBALL="$SOURCE-$VERSION.tar.gz"
14 WGET_URL="https://ftp.fr.openbsd.org/pub/OpenBSD/OpenSSH/portable/$TARBALL"
15
16 PROVIDE="openssh:pam ssh:pam"
17 SUGGESTED="gtk+"
18 DEPENDS="libcrypto pam sftp-server zlib"
19 BUILD_DEPENDS="gtk+-dev libcrypto-dev openssl-dev pam pam-dev zlib-dev"
20
21 TAZPANEL_DAEMON="man::sshd|edit::/etc/ssh/sshd_config|options::OPENSSH_OPTIONS|web::$WEB_SITE"
22
23 CONFIG_FILES="/etc/ssh/*config /etc/ssh/moduli"
24 SECRET_FILES="/etc/ssh/*key*"
25
26 current_version()
27 {
28 wget -O - ${WGET_URL%/*}/ 2>/dev/null | \
29 sed '/tar..z"/!d;s|.*ssh-\(.*\).tar..z".*|\1|' | tail -n1
30 }
31
32 # Rules to configure and make the package.
33 compile_rules()
34 {
35 unset LD # for cross compiling with --disable-strip
36 ./configure \
37 --prefix=/usr \
38 --sysconfdir=/etc/ssh \
39 --libexecdir=/usr/sbin \
40 --with-privsep-user=nobody \
41 --with-xauth=/usr/bin/xauth \
42 --with-privsep-path=/var/run/sshd \
43 --with-pam \
44 --disable-strip \
45 $CONFIGURE_ARGS &&
46 make STRIP_OPT="" &&
47 make install -j 1 DESTDIR=$DESTDIR
48 install -d -m 755 $DESTDIR/usr/share/doc &&
49 install -m 644 $src/[A-Z][A-Z]* $DESTDIR/usr/share/doc
50 cd contrib &&
51 cc -Wall $(pkg-config --cflags gtk+-2.0) gnome-ssh-askpass2.c \
52 -o gnome-ssh-askpass $(pkg-config --libs gtk+-2.0) -lX11 &&
53 cp gnome-ssh-askpass $DESTDIR/usr/bin/ssh-askpass
54 }
55
56 # Rules to gen a SliTaz package suitable for Tazpkg.
57 genpkg_rules()
58 {
59 mkdir -p $fs/usr
60 mkdir -p $fs/etc/init.d
61 mkdir -p $fs/etc/ssh
62
63 cp -a $install/usr/sbin $fs/usr
64 cp -a $install/usr/bin $fs/usr
65 rm -f $fs/usr/sbin/sftp-server
66 install -D -m 755 -oroot -groot $src/contrib/sshd.pam.generic \
67 $fs/etc/pam.d/sshd
68 install -m 755 -oroot -groot $src/contrib/ssh-copy-id \
69 $fs/usr/bin
70 cp $src/contrib/ssh-copy-id.1 $install/usr/share/man/cat1
71 cp -a $install/etc $fs
72 cp ../$SOURCE/stuff/openssh $fs/etc/init.d
73 sed -i 's/.*UsePAM.*/UsePAM yes/' $fs/etc/ssh/sshd_config
74 sed -i 's|/usr/libexec/sftp-server|/usr/sbin/sftp-server|' \
75 $fs/etc/ssh/sshd_config
76
77 cat >> $fs/etc/ssh/ssh_config <<EOT
78
79 # client bug CVE-2016-0777 and CVE-2016-0778
80 Host *
81 UseRoaming no
82
83 # From https://wiki.gentoo.org/wiki/SSH_jump_host
84 Host *+*
85 ProxyCommand ssh \$(echo %h | sed 's/+[^+]*$//;s/\\([^+%%]*\\)%%\\([^+]*\\)\$/\\2 -l \\1/;s/:/ -p /') exec nc -w1 \$(echo %h | sed 's/^.*+//;/:/!s/\$/ %p/;s/:/ /')
86
87 EOT
88 }
89
90 post_install()
91 {
92 grep -q ssh "$1/etc/inetd.conf" || cat >> "$1/etc/inetd.conf" <<EOT
93 #ssh stream tcp nowait root sshd sshd -i
94 EOT
95 while read dropbear openssh
96 do
97 [ -s "$1$dropbear" ] || continue
98 [ -s "$1$openssh" ] && continue
99 chroot "$1/" dropbearconvert dropbear openssh $dropbear $openssh
100 chroot "$1/" dropbearkey -y -f $dropbear | grep ssh > "$1$openssh.pub"
101 chroot "$1/" dropbearkey -y -f $dropbear | grep Fingerprint
102 done <<EOT
103 /etc/dropbear/dropbear_rsa_host_key /etc/ssh/ssh_host_rsa_key
104 /etc/dropbear/dropbear_dss_host_key /etc/ssh/ssh_host_dsa_key
105 /etc/dropbear/dropbear_ecdsa_host_key /etc/ssh/ssh_host_ecdsa_key
106 /etc/dropbear/dropbear_ed25519_host_key /etc/ssh/ssh_host_ed25519_key
107 EOT
108
109 chroot "$1/" ssh-keygen -A
110 }
111
112 post_remove()
113 {
114 grep -q sshd "$1/etc/inetd.conf" &&
115 sed -i '/sshd/d' "$1/etc/inetd.conf"
116 }