diff options
| author | Dave Simons | 2015-09-11 13:54:38 +0200 |
|---|---|---|
| committer | Dave Simons | 2015-09-11 13:54:38 +0200 |
| commit | a996daea0f6e0acc974f266418d4997d0dbd2f02 (patch) | |
| tree | 58454e4728cab8ff41d80b0e592f56f466b191d7 | |
| download | aur-a996daea0f6e0acc974f266418d4997d0dbd2f02.tar.gz | |
initial commit - sshttp-git pkg
Signed-off-by: Dave Simons <pkgs@simonsd.org>
| -rw-r--r-- | .SRCINFO | 24 | ||||
| -rw-r--r-- | .gitignore | 6 | ||||
| -rw-r--r-- | PKGBUILD | 44 | ||||
| -rwxr-xr-x | nf-cleanup | 33 | ||||
| -rw-r--r-- | sshttpd.config | 6 | ||||
| -rw-r--r-- | sshttpd.install | 4 | ||||
| -rw-r--r-- | sshttpd.service | 16 |
7 files changed, 133 insertions, 0 deletions
diff --git a/.SRCINFO b/.SRCINFO new file mode 100644 index 000000000000..6c2f102d2197 --- /dev/null +++ b/.SRCINFO @@ -0,0 +1,24 @@ +pkgbase = sshttp-git + pkgdesc = SSH/HTTP(S) multiplexer + pkgver = e145de8 + pkgrel = 1 + url = https://github.com/stealth/sshttp + arch = any + license = BSD + makedepends = git + makedepends = gcc + depends = libcap + provides = sshttp + conflicts = sshttp + backup = etc/conf.d/sshttpd + source = git://github.com/stealth/sshttp + source = nf-cleanup + source = sshttpd.config + source = sshttpd.service + md5sums = SKIP + md5sums = 7c75787f5b74ad1922fdf6722b1c7405 + md5sums = 6d35b4409cac3ebd6e75f4736805f102 + md5sums = cff8825c1428b87836218af0ed8a0066 + +pkgname = sshttp-git + diff --git a/.gitignore b/.gitignore new file mode 100644 index 000000000000..adb92eaba696 --- /dev/null +++ b/.gitignore @@ -0,0 +1,6 @@ +*.swp +*.swo +*.pkg.tar.xz +pkg +src +sshttp diff --git a/PKGBUILD b/PKGBUILD new file mode 100644 index 000000000000..62d11ff9a89b --- /dev/null +++ b/PKGBUILD @@ -0,0 +1,44 @@ +pkgname=sshttp-git +pkgver=e145de8 +pkgrel=1 +pkgdesc="SSH/HTTP(S) multiplexer" +arch=('any') +url="https://github.com/stealth/sshttp" +license=('BSD') +depends=('libcap') +provides=('sshttp') +conflicts=('sshttp') +backup=('etc/conf.d/sshttpd') +makedepends=('git' + 'gcc') +source=('git://github.com/stealth/sshttp' + 'nf-cleanup' + 'sshttpd.config' + 'sshttpd.service') +md5sums=('SKIP' + '7c75787f5b74ad1922fdf6722b1c7405' + '6d35b4409cac3ebd6e75f4736805f102' + 'cff8825c1428b87836218af0ed8a0066') + +pkgver() { + cd $srcdir/${pkgname%-git} + git rev-parse --short HEAD +} + +build() { + cd $srcdir/${pkgname%-git} + make +} + +package() { + install -Dm755 sshttpd.config $pkgdir/etc/conf.d/sshttpd + install -Dm755 sshttpd.service $pkgdir/usr/lib/systemd/system/sshttpd.service + install -dm755 $pkgdir/var/sshttp + install -Dm755 nf-cleanup $pkgdir/usr/bin/nf-cleanup + + cd "$srcdir/${pkgname%-git}" + install -Dm755 sshttpd $pkgdir/usr/bin/sshttpd + install -Dm755 nf-setup $pkgdir/usr/bin/nf-setup +} + +# vim:set ts=4 sw=4 et: diff --git a/nf-cleanup b/nf-cleanup new file mode 100755 index 000000000000..0762308e8d21 --- /dev/null +++ b/nf-cleanup @@ -0,0 +1,33 @@ +#!/bin/sh + +# sshttp netfilter rules +# + +# If you mux SSH/SMTP (rather than HTTP), then HTTP_PORT is your +# alternate SMTP port. e.g. 2525 and sshttp needs to be started with +# '-L 25 -H 2525' + +DEV=eth0 +SSH_PORT=22 +HTTP_PORT=8080 + +#if it clashes with complex NATing rules, try this +#iptables -t mangle -F +#iptables -t nat -F +#iptables -t raw -F + +# block HTTP/SSH direct access +iptables -D INPUT -i $DEV -p tcp --dport $SSH_PORT -j DROP +iptables -D INPUT -i $DEV -p tcp --dport $HTTP_PORT -j DROP + +iptables -t mangle -D DIVERT -j MARK --set-mark 1 +iptables -t mangle -D DIVERT -j ACCEPT + +iptables -t mangle -X DIVERT || true +iptables -t mangle -D OUTPUT -p tcp -o $DEV --sport $SSH_PORT -j DIVERT +iptables -t mangle -D OUTPUT -p tcp -o $DEV --sport $HTTP_PORT -j DIVERT +iptables -t mangle -D PREROUTING -p tcp -m socket -j DIVERT + +ip rule del fwmark 1 lookup 123 || true +ip route del local 0.0.0.0/0 dev lo table 123 + diff --git a/sshttpd.config b/sshttpd.config new file mode 100644 index 000000000000..e17721f1d208 --- /dev/null +++ b/sshttpd.config @@ -0,0 +1,6 @@ +SSH_PORT="8022" +HTTP_PORT="8080" +LISTEN_PORT="8043" +LISTEN_ADDRESS="0.0.0.0" +USER="nobody" +CHROOT_DIR="/var/sshttp" diff --git a/sshttpd.install b/sshttpd.install new file mode 100644 index 000000000000..829a10e72922 --- /dev/null +++ b/sshttpd.install @@ -0,0 +1,4 @@ +post_install() { +# useradd -r sshttp -d /var/run/sshttp -U -m -s /bin/false +# chown sshttp: /var/run/sshttp +} diff --git a/sshttpd.service b/sshttpd.service new file mode 100644 index 000000000000..876f5be6ce88 --- /dev/null +++ b/sshttpd.service @@ -0,0 +1,16 @@ +[Unit] +Description=SSH/HTTP(S) multiplexer +After=network.target + +[Service] +Type=oneshot +User=root +Group=root +EnvironmentFile=/etc/conf.d/sshttpd +ExecStart=/usr/bin/nf-setup ; \ + /usr/bin/sshttpd -S $SSH_PORT -H $HTTP_PORT -L $LISTEN_PORT -l $LISTEN_ADDRESS -U $USER -R $CHROOT_DIR +ExecStop=/usr/bin/nf-cleanup ; \ + /usr/bin/killall sshttpd + +[Install] +WantedBy=multi-user.target |