diff options
-rw-r--r-- | .SRCINFO | 45 | ||||
-rw-r--r-- | PKGBUILD | 59 | ||||
-rw-r--r-- | openssh-9.0p1-sshd_config.patch | 30 | ||||
-rw-r--r-- | openssh.tmpfiles | 9 | ||||
-rw-r--r-- | sshd.conf | 3 |
5 files changed, 81 insertions, 65 deletions
@@ -1,7 +1,7 @@ pkgbase = openssh-selinux pkgdesc = SSH protocol implementation for remote login, command execution and file transfer, with SELinux support pkgver = 9.6p1 - pkgrel = 1 + pkgrel = 3 url = https://www.openssh.com/portable.html arch = x86_64 arch = aarch64 @@ -9,28 +9,24 @@ pkgbase = openssh-selinux license = BSD-2-Clause license = BSD-3-Clause license = ISC + license = LicenseRef-Public-Domain license = MIT + makedepends = krb5 + makedepends = libedit makedepends = libfido2 + makedepends = libxcrypt makedepends = linux-headers + makedepends = openssl + makedepends = pam + makedepends = zlib depends = glibc - depends = krb5 - depends = libkrb5.so - depends = libgssapi_krb5.so - depends = ldns - depends = libedit - depends = libxcrypt - depends = libcrypt.so - depends = openssl - depends = pam - depends = libpam.so - depends = zlib depends = libselinux optdepends = libfido2: FIDO/U2F support optdepends = sh: for ssh-copy-id and findssl.sh optdepends = x11-ssh-askpass: input passphrase in X optdepends = xorg-xauth: X11 forwarding - provides = openssh=9.6p1-1 - provides = selinux-openssh=9.6p1-1 + provides = openssh=9.6p1-3 + provides = selinux-openssh=9.6p1-3 conflicts = openssh conflicts = selinux-openssh backup = etc/pam.d/sshd @@ -39,27 +35,42 @@ pkgbase = openssh-selinux source = https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-9.6p1.tar.gz source = https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-9.6p1.tar.gz.asc source = 99-archlinux.conf + source = openssh.tmpfiles source = sshdgenkeys.service source = sshd.service source = ssh-agent.service - source = sshd.conf source = sshd.pam validpgpkeys = 7168B983815A5EEF59A4ADFD2A3F414E736060BA sha256sums = 910211c07255a8c5ad654391b40ee59800710dd8119dd5362de09385aa7a777c sha256sums = SKIP sha256sums = 78b806c38bc1e246daaa941bfe7880e6eb6f53f093bea5d5868525ae6d223d30 + sha256sums = 975904668c3c98fff5dbf840717ae959593fa05e90e215e67bf7ee24369d6369 sha256sums = e5305767b2d317183ad1c5022a5f6705bd9014a8b22495a000fd482713738611 sha256sums = e40f8b7c8e5e2ecf3084b3511a6c36d5b5c9f9e61f2bb13e3726c71dc7d4fbc7 sha256sums = b3b1e4f7af169cd5fccdcdf9538ef37fc919c79a9905f797925153a94e723998 - sha256sums = 76635a91526ce44571485e292e3a777ded6a439af78cb93514b999f91fb9b327 sha256sums = 633e24cbfcb045ba777d3e06d5f85dfaa06d44f4727d38c7fb2187c57498221d b2sums = dd7f6747fe89f7b386be4faaf7fc43398a9bf439e45608ae61c2126cf8743c64ef7b5af45c75e9007b0bda525f8809261ca0f2fc47ce60177ba769a5324719dd b2sums = SKIP b2sums = 1ff8cd4ae22efed2b4260f1e518de919c4b290be4e0b5edbc8e2225ffe63788678d1961e6f863b85974c4697428ee827bcbabad371cfc91cc8b36eae9402eb97 + b2sums = 43bf32158d6b14cf298e5e92a54d93577d6a45b32b3c0fad7a3722e55a53e446fd30df10002bc945c71528904bb397aaadc4f439dd81e5a87263a31b1daa7fc2 b2sums = 09fad3648f48f13ee80195b90913feeba21240d121b1178e0ce62f4a17b1f7e58e8edc22c04403e377ab300f5022a804c848f5be132765d5ca26a38aab262e50 b2sums = 07ad5c7fb557411a6646ff6830bc9d564c07cbddc4ce819641d31c05dbdf677bfd8a99907cf529a7ee383b8c250936a6423f4b4b97ba0f1c14f627bbd629bd4e b2sums = 046ea6bd6aa00440991e5f7998db33864a7baa353ec6071f96a3ccb5cca5b548cb9e75f9dee56022ca39daa977d18452851d91e6ba36a66028b84b375ded9bc5 - b2sums = a3fd8f00430168f03dcbc4a5768ed788dd43140e365a882b601510f53f69704da04f24660157bb8a43125f5389528993732d99569d77d5f3358074e7ae36d4ca b2sums = 1d24cc029eccf71cee54dda84371cf9aa8d805433e751575ab237df654055dd869024b50facd8b73390717e63100c76bca28b493e0c8be9791c76a2e0d60990a pkgname = openssh-selinux + depends = glibc + depends = libselinux + depends = krb5 + depends = libkrb5.so + depends = libgssapi_krb5.so + depends = libedit + depends = libedit.so + depends = libxcrypt + depends = libcrypt.so + depends = openssl + depends = libcrypto.so + depends = pam + depends = libpam.so + depends = zlib + depends = libz.so @@ -1,3 +1,4 @@ +# Maintainer: David Runge <dvzrv@archlinux.org> # Maintainer: Levente Polyak <anthraxx[at]archlinux[dot]org> # Maintainer: Giancarlo Razzolini <grazzolini@archlinux.org> # Contributor: Gaetan Bisson <bisson@archlinux.org> @@ -12,7 +13,7 @@ pkgname=openssh-selinux pkgver=9.6p1 -pkgrel=1 +pkgrel=3 pkgdesc="SSH protocol implementation for remote login, command execution and file transfer, with SELinux support" arch=(x86_64 aarch64) url='https://www.openssh.com/portable.html' @@ -20,22 +21,22 @@ license=( BSD-2-Clause BSD-3-Clause ISC + LicenseRef-Public-Domain MIT ) depends=( glibc - krb5 libkrb5.so libgssapi_krb5.so - ldns - libedit - libxcrypt libcrypt.so - openssl - pam libpam.so - zlib libselinux ) makedepends=( + krb5 + libedit libfido2 + libxcrypt linux-headers + openssl + pam + zlib ) optdepends=( 'libfido2: FIDO/U2F support' @@ -55,27 +56,27 @@ groups=('selinux') source=( https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/${pkgname/-selinux}-${pkgver}.tar.gz{,.asc} 99-archlinux.conf + ${pkgname/-selinux}.tmpfiles sshdgenkeys.service sshd.service ssh-agent.service - sshd.conf sshd.pam ) sha256sums=('910211c07255a8c5ad654391b40ee59800710dd8119dd5362de09385aa7a777c' 'SKIP' '78b806c38bc1e246daaa941bfe7880e6eb6f53f093bea5d5868525ae6d223d30' + '975904668c3c98fff5dbf840717ae959593fa05e90e215e67bf7ee24369d6369' 'e5305767b2d317183ad1c5022a5f6705bd9014a8b22495a000fd482713738611' 'e40f8b7c8e5e2ecf3084b3511a6c36d5b5c9f9e61f2bb13e3726c71dc7d4fbc7' 'b3b1e4f7af169cd5fccdcdf9538ef37fc919c79a9905f797925153a94e723998' - '76635a91526ce44571485e292e3a777ded6a439af78cb93514b999f91fb9b327' '633e24cbfcb045ba777d3e06d5f85dfaa06d44f4727d38c7fb2187c57498221d') b2sums=('dd7f6747fe89f7b386be4faaf7fc43398a9bf439e45608ae61c2126cf8743c64ef7b5af45c75e9007b0bda525f8809261ca0f2fc47ce60177ba769a5324719dd' 'SKIP' '1ff8cd4ae22efed2b4260f1e518de919c4b290be4e0b5edbc8e2225ffe63788678d1961e6f863b85974c4697428ee827bcbabad371cfc91cc8b36eae9402eb97' + '43bf32158d6b14cf298e5e92a54d93577d6a45b32b3c0fad7a3722e55a53e446fd30df10002bc945c71528904bb397aaadc4f439dd81e5a87263a31b1daa7fc2' '09fad3648f48f13ee80195b90913feeba21240d121b1178e0ce62f4a17b1f7e58e8edc22c04403e377ab300f5022a804c848f5be132765d5ca26a38aab262e50' '07ad5c7fb557411a6646ff6830bc9d564c07cbddc4ce819641d31c05dbdf677bfd8a99907cf529a7ee383b8c250936a6423f4b4b97ba0f1c14f627bbd629bd4e' '046ea6bd6aa00440991e5f7998db33864a7baa353ec6071f96a3ccb5cca5b548cb9e75f9dee56022ca39daa977d18452851d91e6ba36a66028b84b375ded9bc5' - 'a3fd8f00430168f03dcbc4a5768ed788dd43140e365a882b601510f53f69704da04f24660157bb8a43125f5389528993732d99569d77d5f3358074e7ae36d4ca' '1d24cc029eccf71cee54dda84371cf9aa8d805433e751575ab237df654055dd869024b50facd8b73390717e63100c76bca28b493e0c8be9791c76a2e0d60990a') validpgpkeys=('7168B983815A5EEF59A4ADFD2A3F414E736060BA') # Damien Miller <djm@mindrot.org> @@ -90,6 +91,18 @@ prepare() { # prepend configuration option to include drop-in configuration files for ssh_config printf "# Include drop-in configurations\nInclude /etc/ssh/ssh_config.d/*.conf\n" | cat - ssh_config > ssh_config.tmp mv -v ssh_config.tmp ssh_config + + # extract separate licenses + sed -n '89,113p' LICENCE > ../rijndael.Public-Domain.txt + sed -n '116,145p' LICENCE > ../ssh.BSD-3-Clause.txt + sed -n '148,209p' LICENCE > ../BSD-2-Clause.txt + sed -n '213,218p' LICENCE > ../snprintf.Public-Domain.txt + sed -n '222,258p' LICENCE > ../openbsd-compat.BSD-3-Clause.txt + sed -n '260,278p' LICENCE > ../openbsd-compat.ISC.txt + sed -n '280,308p' LICENCE > ../openbsd-compat.MIT.txt + sed -n '280,308p' LICENCE > ../openbsd-compat.MIT.txt + sed -n '310,338p' LICENCE > ../blowfish.BSD-3-Clause.txt + sed -n '340,368p' LICENCE > ../replacement.BSD-2-Clause.txt } build() { @@ -99,7 +112,6 @@ build() { --libexecdir=/usr/lib/ssh --sysconfdir=/etc/ssh --disable-strip - --with-ldns --with-libedit --with-security-key-builtin --with-ssl-engine @@ -125,6 +137,15 @@ check() { } package() { + depends+=( + krb5 libkrb5.so libgssapi_krb5.so + libedit libedit.so + libxcrypt libcrypt.so + openssl libcrypto.so + pam libpam.so + zlib libz.so + ) + cd ${pkgname/-selinux}-$pkgver make DESTDIR="$pkgdir" install @@ -132,15 +153,23 @@ package() { install -vDm 644 ../99-archlinux.conf -t "$pkgdir/etc/ssh/sshd_config.d/" install -vdm 755 "$pkgdir/etc/ssh/ssh_config.d" - ln -sf ssh.1.gz "$pkgdir"/usr/share/man/man1/slogin.1.gz - install -Dm644 LICENCE -t "$pkgdir/usr/share/licenses/$pkgname/" + install -Dm644 LICENCE -t "$pkgdir/usr/share/licenses/${pkgname/-selinux}/" + install -Dm644 ../*.txt -t "$pkgdir/usr/share/licenses/${pkgname/-selinux}/" install -Dm644 ../sshdgenkeys.service -t "$pkgdir"/usr/lib/systemd/system/ install -Dm644 ../sshd.service -t "$pkgdir"/usr/lib/systemd/system/ install -Dm644 ../ssh-agent.service -t "$pkgdir"/usr/lib/systemd/user/ - install -Dm644 ../sshd.conf -t "$pkgdir"/usr/lib/tmpfiles.d/ install -Dm644 ../sshd.pam "$pkgdir"/etc/pam.d/sshd + # factory files + install -Dm644 ../sshd.pam "$pkgdir"/usr/share/factory/etc/pam.d/sshd + install -Dm644 "$pkgdir/etc/ssh/moduli" -t "$pkgdir"/usr/share/factory/etc/ssh/ + install -Dm644 "$pkgdir/etc/ssh/ssh_config" -t "$pkgdir"/usr/share/factory/etc/ssh/ + install -Dm644 "$pkgdir/etc/ssh/sshd_config" -t "$pkgdir"/usr/share/factory/etc/ssh/ + install -vDm 644 ../99-archlinux.conf -t "$pkgdir/usr/share/factory/etc/ssh/sshd_config.d/" + + install -vDm 644 ../${pkgname/-selinux}.tmpfiles "$pkgdir/usr/lib/tmpfiles.d/${pkgname/-selinux}.conf" + install -Dm755 contrib/findssl.sh -t "$pkgdir"/usr/bin/ install -Dm755 contrib/ssh-copy-id -t "$pkgdir"/usr/bin/ install -Dm644 contrib/ssh-copy-id.1 -t "$pkgdir"/usr/share/man/man1/ diff --git a/openssh-9.0p1-sshd_config.patch b/openssh-9.0p1-sshd_config.patch deleted file mode 100644 index 910014922bad..000000000000 --- a/openssh-9.0p1-sshd_config.patch +++ /dev/null @@ -1,30 +0,0 @@ -diff -ruN a/sshd_config b/sshd_config ---- a/sshd_config 2022-04-06 02:47:48.000000000 +0200 -+++ b/sshd_config 2022-10-10 19:55:58.961117951 +0200 -@@ -58,7 +58,7 @@ - #PermitEmptyPasswords no - - # Change to no to disable s/key passwords --#KbdInteractiveAuthentication yes -+KbdInteractiveAuthentication no - - # Kerberos options - #KerberosAuthentication no -@@ -79,7 +79,7 @@ - # If you just want the PAM account and session checks to run without - # PAM authentication, then enable this but set PasswordAuthentication - # and KbdInteractiveAuthentication to 'no'. --#UsePAM no -+UsePAM yes - - #AllowAgentForwarding yes - #AllowTcpForwarding yes -@@ -88,7 +88,7 @@ - #X11DisplayOffset 10 - #X11UseLocalhost yes - #PermitTTY yes --#PrintMotd yes -+PrintMotd no - #PrintLastLog yes - #TCPKeepAlive yes - #PermitUserEnvironment no diff --git a/openssh.tmpfiles b/openssh.tmpfiles new file mode 100644 index 000000000000..0bf3870972f2 --- /dev/null +++ b/openssh.tmpfiles @@ -0,0 +1,9 @@ +C /etc/pam.d/sshd +C /etc/ssh/moduli +C /etc/ssh/ssh_config +C /etc/ssh/sshd_config +C /etc/ssh/sshd_config.d/99-archlinux.conf + +d /etc/ssh/ssh_config.d +d /etc/ssh/sshd_config.d +d /var/empty diff --git a/sshd.conf b/sshd.conf deleted file mode 100644 index c9dc76c346c2..000000000000 --- a/sshd.conf +++ /dev/null @@ -1,3 +0,0 @@ -d /var/empty 0755 root root -d /etc/ssh/sshd_config.d 0755 root root -d /etc/ssh/ssh_config.d 0755 root root |