diff options
| author | Timothée Ravier | 2013-11-03 19:42:41 +0100 |
|---|---|---|
| committer | Timothée Ravier | 2013-11-03 19:42:41 +0100 |
| commit | a78a337a56844825ae9d9df73bd467bba148ee2a (patch) | |
| tree | e963c65e4b21407d31129757f5fab8939327e6b1 | |
| download | aur-a78a337a56844825ae9d9df73bd467bba148ee2a.tar.gz | |
General update: SELinux userspace & pkg renaming
| -rw-r--r-- | .SRCINFO | 38 | ||||
| -rw-r--r-- | PKGBUILD | 93 | ||||
| -rw-r--r-- | install | 10 | ||||
| -rw-r--r-- | sshd.pam | 6 | ||||
| -rw-r--r-- | sshd.service | 17 | ||||
| -rw-r--r-- | sshd.socket | 10 | ||||
| -rw-r--r-- | sshd@.service | 8 | ||||
| -rw-r--r-- | sshdgenkeys.service | 15 |
8 files changed, 197 insertions, 0 deletions
diff --git a/.SRCINFO b/.SRCINFO new file mode 100644 index 000000000000..445f59b8527c --- /dev/null +++ b/.SRCINFO @@ -0,0 +1,38 @@ +pkgbase = openssh-selinux + pkgdesc = Free version of the SSH connectivity tools with SELinux support + pkgver = 6.3p1 + pkgrel = 1 + url = http://www.openssh.org/portable.html + install = install + arch = i686 + arch = x86_64 + groups = selinux + license = custom:BSD + makedepends = linux-selinux-headers + depends = krb5 + depends = openssl + depends = libedit + depends = ldns + depends = libselinux + optdepends = xorg-xauth: X11 forwarding + optdepends = x11-ssh-askpass: input passphrase in X + provides = openssh=6.3p1-1 + conflicts = openssh + backup = etc/ssh/ssh_config + backup = etc/ssh/sshd_config + backup = etc/pam.d/sshd + source = ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-6.3p1.tar.gz + source = sshdgenkeys.service + source = sshd@.service + source = sshd.service + source = sshd.socket + source = sshd.pam + sha1sums = 70845ca79474258cab29dbefae13d93e41a83ccb + sha1sums = 6df5be396f8c593bb511a249a1453294d18a01a6 + sha1sums = 6a0ff3305692cf83aca96e10f3bb51e1c26fccda + sha1sums = ec49c6beba923e201505f5669cea48cad29014db + sha1sums = e12fa910b26a5634e5a6ac39ce1399a132cf6796 + sha1sums = d93dca5ebda4610ff7647187f8928a3de28703f3 + +pkgname = openssh-selinux + diff --git a/PKGBUILD b/PKGBUILD new file mode 100644 index 000000000000..7eec0e13fded --- /dev/null +++ b/PKGBUILD @@ -0,0 +1,93 @@ +# $Id$ +# Maintainer: Gaetan Bisson <bisson@archlinux.org> +# Contributor: Aaron Griffin <aaron@archlinux.org> +# Contributor: judd <jvinet@zeroflux.org> +# SELinux Maintainer: Timothée Ravier <tim@siosm.fr> +# Contributor: Nicky726 <Nicky726@gmail.com> + +pkgname=openssh-selinux +pkgver=6.3p1 +pkgrel=1 +pkgdesc='Free version of the SSH connectivity tools with SELinux support' +url='http://www.openssh.org/portable.html' +license=('custom:BSD') +arch=('i686' 'x86_64') +makedepends=('linux-selinux-headers') +depends=('krb5' 'openssl' 'libedit' 'ldns' 'libselinux') +optdepends=('xorg-xauth: X11 forwarding' + 'x11-ssh-askpass: input passphrase in X') +conflicts=("${pkgname/-selinux}") +provides=("${pkgname/-selinux}=${pkgver}-${pkgrel}") +groups=('selinux') +source=("ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/${pkgname/-selinux}-${pkgver}.tar.gz" + 'sshdgenkeys.service' + 'sshd@.service' + 'sshd.service' + 'sshd.socket' + 'sshd.pam') +sha1sums=('70845ca79474258cab29dbefae13d93e41a83ccb' + '6df5be396f8c593bb511a249a1453294d18a01a6' + '6a0ff3305692cf83aca96e10f3bb51e1c26fccda' + 'ec49c6beba923e201505f5669cea48cad29014db' + 'e12fa910b26a5634e5a6ac39ce1399a132cf6796' + 'd93dca5ebda4610ff7647187f8928a3de28703f3') + +backup=('etc/ssh/ssh_config' 'etc/ssh/sshd_config' 'etc/pam.d/sshd') + +install=install + +build() { + cd "${srcdir}/${pkgname/-selinux}-${pkgver}" + + ./configure \ + --prefix=/usr \ + --sbindir=/usr/bin \ + --libexecdir=/usr/lib/ssh \ + --sysconfdir=/etc/ssh \ + --with-ldns \ + --with-libedit \ + --with-ssl-engine \ + --with-pam \ + --with-privsep-user=nobody \ + --with-kerberos5=/usr \ + --with-xauth=/usr/bin/xauth \ + --with-mantype=man \ + --with-md5-passwords \ + --with-pid-dir=/run \ + --with-selinux + + make +} + +check() { + cd "${srcdir}/${pkgname/-selinux}-${pkgver}" + + make tests || + grep $USER /etc/passwd | grep -q /bin/false + # connect.sh fails when run with stupid login shell +} + +package() { + cd "${srcdir}/${pkgname/-selinux}-${pkgver}" + + make DESTDIR="${pkgdir}" install + + ln -sf ssh.1.gz "${pkgdir}"/usr/share/man/man1/slogin.1.gz + install -Dm644 LICENCE "${pkgdir}/usr/share/licenses/${pkgname}/LICENCE" + + install -Dm644 ../sshdgenkeys.service "${pkgdir}"/usr/lib/systemd/system/sshdgenkeys.service + install -Dm644 ../sshd@.service "${pkgdir}"/usr/lib/systemd/system/sshd@.service + install -Dm644 ../sshd.service "${pkgdir}"/usr/lib/systemd/system/sshd.service + install -Dm644 ../sshd.socket "${pkgdir}"/usr/lib/systemd/system/sshd.socket + install -Dm644 ../sshd.pam "${pkgdir}"/etc/pam.d/sshd + + install -Dm755 contrib/findssl.sh "${pkgdir}"/usr/bin/findssl.sh + install -Dm755 contrib/ssh-copy-id "${pkgdir}"/usr/bin/ssh-copy-id + install -Dm644 contrib/ssh-copy-id.1 "${pkgdir}"/usr/share/man/man1/ssh-copy-id.1 + + sed \ + -e '/^#ChallengeResponseAuthentication yes$/c ChallengeResponseAuthentication no' \ + -e '/^#PrintMotd yes$/c PrintMotd no # pam does that' \ + -e '/^#UsePAM no$/c UsePAM yes' \ + -i "${pkgdir}"/etc/ssh/sshd_config +} diff --git a/install b/install new file mode 100644 index 000000000000..6f0cd3703fb0 --- /dev/null +++ b/install @@ -0,0 +1,10 @@ +post_upgrade() { + if [[ $(vercmp $2 6.2p2) = -1 ]]; then + cat <<EOF + +==> The sshd daemon has been moved to /usr/bin alongside all binaries. +==> Please update this path in your scripts if applicable. + +EOF + fi +} diff --git a/sshd.pam b/sshd.pam new file mode 100644 index 000000000000..7ecef084d07a --- /dev/null +++ b/sshd.pam @@ -0,0 +1,6 @@ +#%PAM-1.0 +#auth required pam_securetty.so #disable remote root +auth include system-remote-login +account include system-remote-login +password include system-remote-login +session include system-remote-login diff --git a/sshd.service b/sshd.service new file mode 100644 index 000000000000..55ed95322da7 --- /dev/null +++ b/sshd.service @@ -0,0 +1,17 @@ +[Unit] +Description=OpenSSH Daemon +Wants=sshdgenkeys.service +After=sshdgenkeys.service +After=network.target + +[Service] +ExecStart=/usr/bin/sshd -D +ExecReload=/bin/kill -HUP $MAINPID +KillMode=process +Restart=always + +[Install] +WantedBy=multi-user.target + +# This service file runs an SSH daemon that forks for each incoming connection. +# If you prefer to spawn on-demand daemons, use sshd.socket and sshd@.service. diff --git a/sshd.socket b/sshd.socket new file mode 100644 index 000000000000..e09e328690fd --- /dev/null +++ b/sshd.socket @@ -0,0 +1,10 @@ +[Unit] +Conflicts=sshd.service +Wants=sshdgenkeys.service + +[Socket] +ListenStream=22 +Accept=yes + +[Install] +WantedBy=sockets.target diff --git a/sshd@.service b/sshd@.service new file mode 100644 index 000000000000..7ce3d37baa43 --- /dev/null +++ b/sshd@.service @@ -0,0 +1,8 @@ +[Unit] +Description=OpenSSH Per-Connection Daemon +After=sshdgenkeys.service + +[Service] +ExecStart=-/usr/bin/sshd -i +StandardInput=socket +StandardError=syslog diff --git a/sshdgenkeys.service b/sshdgenkeys.service new file mode 100644 index 000000000000..8c27d7110060 --- /dev/null +++ b/sshdgenkeys.service @@ -0,0 +1,15 @@ +[Unit] +Description=SSH Key Generation +ConditionPathExists=|!/etc/ssh/ssh_host_key +ConditionPathExists=|!/etc/ssh/ssh_host_key.pub +ConditionPathExists=|!/etc/ssh/ssh_host_ecdsa_key +ConditionPathExists=|!/etc/ssh/ssh_host_ecdsa_key.pub +ConditionPathExists=|!/etc/ssh/ssh_host_dsa_key +ConditionPathExists=|!/etc/ssh/ssh_host_dsa_key.pub +ConditionPathExists=|!/etc/ssh/ssh_host_rsa_key +ConditionPathExists=|!/etc/ssh/ssh_host_rsa_key.pub + +[Service] +ExecStart=/usr/bin/ssh-keygen -A +Type=oneshot +RemainAfterExit=yes |