diff options
-rw-r--r-- | .SRCINFO | 38 | ||||
-rw-r--r-- | PKGBUILD | 106 | ||||
-rw-r--r-- | install | 10 | ||||
-rw-r--r-- | sshd.conf | 1 | ||||
-rw-r--r-- | sshd.pam | 6 | ||||
-rw-r--r-- | sshd.service | 17 | ||||
-rw-r--r-- | sshd.socket | 10 | ||||
-rw-r--r-- | sshd@.service | 8 | ||||
-rw-r--r-- | sshdgenkeys.service | 17 |
9 files changed, 213 insertions, 0 deletions
diff --git a/.SRCINFO b/.SRCINFO new file mode 100644 index 000000000000..dac2deab6ee0 --- /dev/null +++ b/.SRCINFO @@ -0,0 +1,38 @@ +pkgbase = openssh-git + pkgdesc = Free version of the SSH connectivity tools + pkgver = 6.8.P1.r125.g51a1c21 + pkgrel = 1 + url = http://www.openssh.org/portable.html + install = install + arch = i686 + arch = x86_64 + license = custom:BSD + makedepends = linux-headers + depends = krb5 + depends = openssl + depends = libedit + depends = ldns + optdepends = xorg-xauth: X11 forwarding + optdepends = x11-ssh-askpass: input passphrase in X + provides = openssh + conflicts = openssh + backup = etc/ssh/ssh_config + backup = etc/ssh/sshd_config + backup = etc/pam.d/sshd + source = openssh::git://anongit.mindrot.org/openssh.git + source = sshdgenkeys.service + source = sshd@.service + source = sshd.service + source = sshd.socket + source = sshd.conf + source = sshd.pam + sha256sums = SKIP + sha256sums = ff3cbdd0e59ff7dac4dc797d5c0f2b1db4117ddbb49d52f1c4f1771961903878 + sha256sums = 69cc2abaaae0aa8071b8eac338b2df725f60ce73381843179b74eaac78ba7f1d + sha256sums = c5ed9fa629f8f8dbf3bae4edbad4441c36df535088553fe82695c52d7bde30aa + sha256sums = de14363e9d4ed92848e524036d9e6b57b2d35cc77d377b7247c38111d2a3defd + sha256sums = 4effac1186cc62617f44385415103021f72f674f8b8e26447fc1139c670090f6 + sha256sums = 64576021515c0a98b0aaf0a0ae02e0f5ebe8ee525b1e647ab68f369f81ecd846 + +pkgname = openssh-git + diff --git a/PKGBUILD b/PKGBUILD new file mode 100644 index 000000000000..e252766eaa49 --- /dev/null +++ b/PKGBUILD @@ -0,0 +1,106 @@ +# Maintainer: Christian Hesse <mail@eworm.de> +# Contributor: Gaetan Bisson <bisson@archlinux.org> +# Contributor: Aaron Griffin <aaron@archlinux.org> +# Contributor: judd <jvinet@zeroflux.org> + +pkgname=openssh-git +pkgver=6.8.P1.r125.g51a1c21 +pkgrel=1 +pkgdesc='Free version of the SSH connectivity tools' +url='http://www.openssh.org/portable.html' +license=('custom:BSD') +arch=('i686' 'x86_64') +makedepends=('linux-headers') +depends=('krb5' 'openssl' 'libedit' 'ldns') +optdepends=('xorg-xauth: X11 forwarding' + 'x11-ssh-askpass: input passphrase in X') +provides=('openssh') +conflicts=('openssh') +source=('openssh::git://anongit.mindrot.org/openssh.git' + 'sshdgenkeys.service' + 'sshd@.service' + 'sshd.service' + 'sshd.socket' + 'sshd.conf' + 'sshd.pam') +sha256sums=('SKIP' + 'ff3cbdd0e59ff7dac4dc797d5c0f2b1db4117ddbb49d52f1c4f1771961903878' + '69cc2abaaae0aa8071b8eac338b2df725f60ce73381843179b74eaac78ba7f1d' + 'c5ed9fa629f8f8dbf3bae4edbad4441c36df535088553fe82695c52d7bde30aa' + 'de14363e9d4ed92848e524036d9e6b57b2d35cc77d377b7247c38111d2a3defd' + '4effac1186cc62617f44385415103021f72f674f8b8e26447fc1139c670090f6' + '64576021515c0a98b0aaf0a0ae02e0f5ebe8ee525b1e647ab68f369f81ecd846') + +backup=('etc/ssh/ssh_config' 'etc/ssh/sshd_config' 'etc/pam.d/sshd') + +install=install + +pkgver() { + cd openssh/ + + if GITTAG="$(git describe --abbrev=0 --tags 2>/dev/null)"; then + echo "$(sed -e "s/^${pkgname%%-git}//" -e 's/^[-_/a-zA-Z]\+//' -e 's/[-_+]/./g' <<< ${GITTAG}).r$(git rev-list --count ${GITTAG}..).g$(git log -1 --format="%h")" + else + echo "0.r$(git rev-list --count master).g$(git log -1 --format="%h")" + fi +} + +build() { + cd openssh/ + + autoreconf -fi + + ./configure \ + --prefix=/usr \ + --sbindir=/usr/bin \ + --libexecdir=/usr/lib/ssh \ + --sysconfdir=/etc/ssh \ + --with-ldns \ + --with-libedit \ + --with-ssl-engine \ + --with-pam \ + --with-privsep-user=nobody \ + --with-kerberos5=/usr \ + --with-xauth=/usr/bin/xauth \ + --with-mantype=man \ + --with-md5-passwords \ + --with-pid-dir=/run \ + + make +} + +check() { + cd openssh/ + + make tests || true + # hard to suitably test connectivity: + # - fails with /bin/false as login shell + # - fails with firewall activated, etc. +} + +package() { + cd openssh/ + + make DESTDIR="${pkgdir}" install + + ln -sf ssh.1.gz "${pkgdir}"/usr/share/man/man1/slogin.1.gz + install -Dm644 LICENCE "${pkgdir}/usr/share/licenses/${pkgname}/LICENCE" + + install -Dm644 ../sshdgenkeys.service "${pkgdir}"/usr/lib/systemd/system/sshdgenkeys.service + install -Dm644 ../sshd@.service "${pkgdir}"/usr/lib/systemd/system/sshd@.service + install -Dm644 ../sshd.service "${pkgdir}"/usr/lib/systemd/system/sshd.service + install -Dm644 ../sshd.socket "${pkgdir}"/usr/lib/systemd/system/sshd.socket + install -Dm644 ../sshd.conf "${pkgdir}"/usr/lib/tmpfiles.d/sshd.conf + install -Dm644 ../sshd.pam "${pkgdir}"/etc/pam.d/sshd + + install -Dm755 contrib/findssl.sh "${pkgdir}"/usr/bin/findssl.sh + install -Dm755 contrib/ssh-copy-id "${pkgdir}"/usr/bin/ssh-copy-id + install -Dm644 contrib/ssh-copy-id.1 "${pkgdir}"/usr/share/man/man1/ssh-copy-id.1 + + sed \ + -e '/^#ChallengeResponseAuthentication yes$/c ChallengeResponseAuthentication no' \ + -e '/^#PrintMotd yes$/c PrintMotd no # pam does that' \ + -e '/^#UsePAM no$/c UsePAM yes' \ + -i "${pkgdir}"/etc/ssh/sshd_config +} + diff --git a/install b/install new file mode 100644 index 000000000000..6f0cd3703fb0 --- /dev/null +++ b/install @@ -0,0 +1,10 @@ +post_upgrade() { + if [[ $(vercmp $2 6.2p2) = -1 ]]; then + cat <<EOF + +==> The sshd daemon has been moved to /usr/bin alongside all binaries. +==> Please update this path in your scripts if applicable. + +EOF + fi +} diff --git a/sshd.conf b/sshd.conf new file mode 100644 index 000000000000..ca2a393542e7 --- /dev/null +++ b/sshd.conf @@ -0,0 +1 @@ +d /var/empty 0755 root root diff --git a/sshd.pam b/sshd.pam new file mode 100644 index 000000000000..7ecef084d07a --- /dev/null +++ b/sshd.pam @@ -0,0 +1,6 @@ +#%PAM-1.0 +#auth required pam_securetty.so #disable remote root +auth include system-remote-login +account include system-remote-login +password include system-remote-login +session include system-remote-login diff --git a/sshd.service b/sshd.service new file mode 100644 index 000000000000..55ed95322da7 --- /dev/null +++ b/sshd.service @@ -0,0 +1,17 @@ +[Unit] +Description=OpenSSH Daemon +Wants=sshdgenkeys.service +After=sshdgenkeys.service +After=network.target + +[Service] +ExecStart=/usr/bin/sshd -D +ExecReload=/bin/kill -HUP $MAINPID +KillMode=process +Restart=always + +[Install] +WantedBy=multi-user.target + +# This service file runs an SSH daemon that forks for each incoming connection. +# If you prefer to spawn on-demand daemons, use sshd.socket and sshd@.service. diff --git a/sshd.socket b/sshd.socket new file mode 100644 index 000000000000..e09e328690fd --- /dev/null +++ b/sshd.socket @@ -0,0 +1,10 @@ +[Unit] +Conflicts=sshd.service +Wants=sshdgenkeys.service + +[Socket] +ListenStream=22 +Accept=yes + +[Install] +WantedBy=sockets.target diff --git a/sshd@.service b/sshd@.service new file mode 100644 index 000000000000..7ce3d37baa43 --- /dev/null +++ b/sshd@.service @@ -0,0 +1,8 @@ +[Unit] +Description=OpenSSH Per-Connection Daemon +After=sshdgenkeys.service + +[Service] +ExecStart=-/usr/bin/sshd -i +StandardInput=socket +StandardError=syslog diff --git a/sshdgenkeys.service b/sshdgenkeys.service new file mode 100644 index 000000000000..d1e154692c5d --- /dev/null +++ b/sshdgenkeys.service @@ -0,0 +1,17 @@ +[Unit] +Description=SSH Key Generation +ConditionPathExists=|!/etc/ssh/ssh_host_dsa_key +ConditionPathExists=|!/etc/ssh/ssh_host_dsa_key.pub +ConditionPathExists=|!/etc/ssh/ssh_host_ecdsa_key +ConditionPathExists=|!/etc/ssh/ssh_host_ecdsa_key.pub +ConditionPathExists=|!/etc/ssh/ssh_host_ed25519_key +ConditionPathExists=|!/etc/ssh/ssh_host_ed25519_key.pub +ConditionPathExists=|!/etc/ssh/ssh_host_key +ConditionPathExists=|!/etc/ssh/ssh_host_key.pub +ConditionPathExists=|!/etc/ssh/ssh_host_rsa_key +ConditionPathExists=|!/etc/ssh/ssh_host_rsa_key.pub + +[Service] +ExecStart=/usr/bin/ssh-keygen -A +Type=oneshot +RemainAfterExit=yes |