summarylogtreecommitdiffstats
path: root/PKGBUILD
diff options
context:
space:
mode:
Diffstat (limited to 'PKGBUILD')
-rw-r--r--PKGBUILD218
1 files changed, 146 insertions, 72 deletions
diff --git a/PKGBUILD b/PKGBUILD
index 701aabf1dc1a..cc26bcc113a5 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -1,4 +1,7 @@
-# Maintainer: Gaetan Bisson <bisson@archlinux.org>
+# Maintainer: David Runge <dvzrv@archlinux.org>
+# Maintainer: Levente Polyak <anthraxx[at]archlinux[dot]org>
+# Maintainer: Giancarlo Razzolini <grazzolini@archlinux.org>
+# Contributor: Gaetan Bisson <bisson@archlinux.org>
# Contributor: Aaron Griffin <aaron@archlinux.org>
# Contributor: judd <jvinet@zeroflux.org>
# SELinux Maintainer: Nicolas Iooss (nicolas <dot> iooss <at> m4x <dot> org)
@@ -9,96 +12,167 @@
# If you want to help keep it up to date, please open a Pull Request there.
pkgname=openssh-selinux
-pkgver=8.0p1
+pkgver=9.7p1
pkgrel=1
-pkgdesc='Premier connectivity tool for remote login with the SSH protocol, with SELinux support'
+pkgdesc="SSH protocol implementation for remote login, command execution and file transfer, with SELinux support"
+arch=(x86_64 aarch64)
url='https://www.openssh.com/portable.html'
-license=('custom:BSD')
-arch=('x86_64')
-makedepends=('linux-headers')
-depends=('krb5' 'openssl' 'libedit' 'ldns' 'libselinux')
-optdepends=('xorg-xauth: X11 forwarding'
- 'x11-ssh-askpass: input passphrase in X')
+license=(
+ BSD-2-Clause
+ BSD-3-Clause
+ ISC
+ LicenseRef-Public-Domain
+ MIT
+)
+depends=(
+ glibc
+ libselinux
+)
+makedepends=(
+ krb5
+ libedit
+ libfido2
+ libxcrypt
+ linux-headers
+ openssl
+ pam
+ zlib
+)
+optdepends=(
+ 'libfido2: FIDO/U2F support'
+ 'sh: for ssh-copy-id and findssl.sh'
+ 'x11-ssh-askpass: input passphrase in X'
+ 'xorg-xauth: X11 forwarding'
+)
+backup=(
+ etc/pam.d/sshd
+ etc/ssh/ssh_config
+ etc/ssh/sshd_config
+)
conflicts=("${pkgname/-selinux}" "selinux-${pkgname/-selinux}")
provides=("${pkgname/-selinux}=${pkgver}-${pkgrel}"
"selinux-${pkgname/-selinux}=${pkgver}-${pkgrel}")
groups=('selinux')
-validpgpkeys=('59C2118ED206D927E667EBE3D3E5F56B6D920D30')
-source=("https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/${pkgname/-selinux}-${pkgver}.tar.gz"{,.asc}
- 'sshdgenkeys.service'
- 'sshd@.service'
- 'sshd.service'
- 'sshd.socket'
- 'sshd.conf'
- 'sshd.pam')
-sha256sums=('bd943879e69498e8031eb6b7f44d08cdc37d59a7ab689aa0b437320c3481fd68'
+source=(
+ https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/${pkgname/-selinux}-${pkgver}.tar.gz{,.asc}
+ 99-archlinux.conf
+ ${pkgname/-selinux}.tmpfiles
+ sshdgenkeys.service
+ sshd.service
+ ssh-agent.service
+ sshd.pam
+)
+sha256sums=('490426f766d82a2763fcacd8d83ea3d70798750c7bd2aff2e57dc5660f773ffd'
'SKIP'
- '4031577db6416fcbaacf8a26a024ecd3939e5c10fe6a86ee3f0eea5093d533b7'
- '3a0845737207f4eda221c9c9fb64e766ade9684562d8ba4f705f7ae6826886e5'
- 'c5ed9fa629f8f8dbf3bae4edbad4441c36df535088553fe82695c52d7bde30aa'
- 'de14363e9d4ed92848e524036d9e6b57b2d35cc77d377b7247c38111d2a3defd'
- '4effac1186cc62617f44385415103021f72f674f8b8e26447fc1139c670090f6'
- '64576021515c0a98b0aaf0a0ae02e0f5ebe8ee525b1e647ab68f369f81ecd846')
+ '78b806c38bc1e246daaa941bfe7880e6eb6f53f093bea5d5868525ae6d223d30'
+ '975904668c3c98fff5dbf840717ae959593fa05e90e215e67bf7ee24369d6369'
+ 'e5305767b2d317183ad1c5022a5f6705bd9014a8b22495a000fd482713738611'
+ 'e40f8b7c8e5e2ecf3084b3511a6c36d5b5c9f9e61f2bb13e3726c71dc7d4fbc7'
+ 'b3b1e4f7af169cd5fccdcdf9538ef37fc919c79a9905f797925153a94e723998'
+ '633e24cbfcb045ba777d3e06d5f85dfaa06d44f4727d38c7fb2187c57498221d')
+b2sums=('520859fcbdf678808fc8515b64585ab9a90a8055fa869df6fbba3083cb7f73ddb81ed9ea981e131520736a8aed838f85ae68ca63406a410df61039913c5cb48b'
+ 'SKIP'
+ '1ff8cd4ae22efed2b4260f1e518de919c4b290be4e0b5edbc8e2225ffe63788678d1961e6f863b85974c4697428ee827bcbabad371cfc91cc8b36eae9402eb97'
+ '43bf32158d6b14cf298e5e92a54d93577d6a45b32b3c0fad7a3722e55a53e446fd30df10002bc945c71528904bb397aaadc4f439dd81e5a87263a31b1daa7fc2'
+ '09fad3648f48f13ee80195b90913feeba21240d121b1178e0ce62f4a17b1f7e58e8edc22c04403e377ab300f5022a804c848f5be132765d5ca26a38aab262e50'
+ '07ad5c7fb557411a6646ff6830bc9d564c07cbddc4ce819641d31c05dbdf677bfd8a99907cf529a7ee383b8c250936a6423f4b4b97ba0f1c14f627bbd629bd4e'
+ '046ea6bd6aa00440991e5f7998db33864a7baa353ec6071f96a3ccb5cca5b548cb9e75f9dee56022ca39daa977d18452851d91e6ba36a66028b84b375ded9bc5'
+ '1d24cc029eccf71cee54dda84371cf9aa8d805433e751575ab237df654055dd869024b50facd8b73390717e63100c76bca28b493e0c8be9791c76a2e0d60990a')
+validpgpkeys=('7168B983815A5EEF59A4ADFD2A3F414E736060BA') # Damien Miller <djm@mindrot.org>
-backup=('etc/ssh/ssh_config' 'etc/ssh/sshd_config' 'etc/pam.d/sshd')
+prepare() {
+ cd ${pkgname/-selinux}-$pkgver
+ # remove variable (but useless) first line in config (related to upstream VCS)
+ sed '/^#.*\$.*\$$/d' -i ssh{,d}_config
-build() {
- cd "${srcdir}/${pkgname/-selinux}-${pkgver}"
-
- ./configure \
- --prefix=/usr \
- --sbindir=/usr/bin \
- --libexecdir=/usr/lib/ssh \
- --sysconfdir=/etc/ssh \
- --with-ldns \
- --with-libedit \
- --with-ssl-engine \
- --with-pam \
- --with-privsep-user=nobody \
- --with-kerberos5=/usr \
- --with-xauth=/usr/bin/xauth \
- --with-md5-passwords \
- --with-pid-dir=/run \
- --with-default-path='/usr/local/sbin:/usr/local/bin:/usr/bin' \
- --with-selinux
-
- make
+ # prepend configuration option to include drop-in configuration files for sshd_config
+ printf "# Include drop-in configurations\nInclude /etc/ssh/sshd_config.d/*.conf\n" | cat - sshd_config > sshd_config.tmp
+ mv -v sshd_config.tmp sshd_config
+ # prepend configuration option to include drop-in configuration files for ssh_config
+ printf "# Include drop-in configurations\nInclude /etc/ssh/ssh_config.d/*.conf\n" | cat - ssh_config > ssh_config.tmp
+ mv -v ssh_config.tmp ssh_config
+
+ # extract separate licenses
+ sed -n '89,113p' LICENCE > ../rijndael.Public-Domain.txt
+ sed -n '116,145p' LICENCE > ../ssh.BSD-3-Clause.txt
+ sed -n '148,209p' LICENCE > ../BSD-2-Clause.txt
+ sed -n '213,218p' LICENCE > ../snprintf.Public-Domain.txt
+ sed -n '222,258p' LICENCE > ../openbsd-compat.BSD-3-Clause.txt
+ sed -n '260,278p' LICENCE > ../openbsd-compat.ISC.txt
+ sed -n '280,308p' LICENCE > ../openbsd-compat.MIT.txt
+ sed -n '280,308p' LICENCE > ../openbsd-compat.MIT.txt
+ sed -n '310,338p' LICENCE > ../blowfish.BSD-3-Clause.txt
+ sed -n '340,368p' LICENCE > ../replacement.BSD-2-Clause.txt
}
-check() {
- cd "${srcdir}/${pkgname/-selinux}-${pkgver}"
+build() {
+ local configure_options=(
+ --prefix=/usr
+ --sbindir=/usr/bin
+ --libexecdir=/usr/lib/ssh
+ --sysconfdir=/etc/ssh
+ --disable-strip
+ --with-libedit
+ --with-security-key-builtin
+ --with-ssl-engine
+ --with-pam
+ --with-privsep-user=nobody
+ --with-kerberos5=/usr
+ --with-xauth=/usr/bin/xauth
+ --with-pid-dir=/run
+ --with-default-path='/usr/local/sbin:/usr/local/bin:/usr/bin'
+ --without-zlib-version-check
+ --with-selinux
+ )
- # Tests require openssh to be already installed system-wide,
- # also connectivity tests will fail under makechrootpkg since
- # it runs as nobody which has /bin/false as login shell.
+ cd ${pkgname/-selinux}-$pkgver
- if [[ -e /usr/bin/scp && ! -e /.arch-chroot ]]; then
- make tests
- fi
+ ./configure "${configure_options[@]}"
+ make
+}
+
+check() {
+ # NOTE: make t-exec does not work in our build environment
+ make file-tests interop-tests unit -C ${pkgname/-selinux}-$pkgver
}
package() {
- cd "${srcdir}/${pkgname/-selinux}-${pkgver}"
+ depends+=(
+ krb5 libkrb5.so libgssapi_krb5.so
+ libedit libedit.so
+ libxcrypt libcrypt.so
+ openssl libcrypto.so
+ pam libpam.so
+ zlib libz.so
+ )
+
+ cd ${pkgname/-selinux}-$pkgver
+
+ make DESTDIR="$pkgdir" install
- make DESTDIR="${pkgdir}" install
+ install -vDm 644 ../99-archlinux.conf -t "$pkgdir/etc/ssh/sshd_config.d/"
+ install -vdm 755 "$pkgdir/etc/ssh/ssh_config.d"
- ln -sf ssh.1.gz "${pkgdir}"/usr/share/man/man1/slogin.1.gz
- install -Dm644 LICENCE "${pkgdir}/usr/share/licenses/${pkgname}/LICENCE"
+ install -Dm644 LICENCE -t "$pkgdir/usr/share/licenses/${pkgname/-selinux}/"
+ install -Dm644 ../*.txt -t "$pkgdir/usr/share/licenses/${pkgname/-selinux}/"
- install -Dm644 ../sshdgenkeys.service "${pkgdir}"/usr/lib/systemd/system/sshdgenkeys.service
- install -Dm644 ../sshd@.service "${pkgdir}"/usr/lib/systemd/system/sshd@.service
- install -Dm644 ../sshd.service "${pkgdir}"/usr/lib/systemd/system/sshd.service
- install -Dm644 ../sshd.socket "${pkgdir}"/usr/lib/systemd/system/sshd.socket
- install -Dm644 ../sshd.conf "${pkgdir}"/usr/lib/tmpfiles.d/sshd.conf
- install -Dm644 ../sshd.pam "${pkgdir}"/etc/pam.d/sshd
+ install -Dm644 ../sshdgenkeys.service -t "$pkgdir"/usr/lib/systemd/system/
+ install -Dm644 ../sshd.service -t "$pkgdir"/usr/lib/systemd/system/
+ install -Dm644 ../ssh-agent.service -t "$pkgdir"/usr/lib/systemd/user/
+ install -Dm644 ../sshd.pam "$pkgdir"/etc/pam.d/sshd
- install -Dm755 contrib/findssl.sh "${pkgdir}"/usr/bin/findssl.sh
- install -Dm755 contrib/ssh-copy-id "${pkgdir}"/usr/bin/ssh-copy-id
- install -Dm644 contrib/ssh-copy-id.1 "${pkgdir}"/usr/share/man/man1/ssh-copy-id.1
+ # factory files
+ install -Dm644 ../sshd.pam "$pkgdir"/usr/share/factory/etc/pam.d/sshd
+ install -Dm644 "$pkgdir/etc/ssh/moduli" -t "$pkgdir"/usr/share/factory/etc/ssh/
+ install -Dm644 "$pkgdir/etc/ssh/ssh_config" -t "$pkgdir"/usr/share/factory/etc/ssh/
+ install -Dm644 "$pkgdir/etc/ssh/sshd_config" -t "$pkgdir"/usr/share/factory/etc/ssh/
+ install -vDm 644 ../99-archlinux.conf -t "$pkgdir/usr/share/factory/etc/ssh/sshd_config.d/"
- sed \
- -e '/^#ChallengeResponseAuthentication yes$/c ChallengeResponseAuthentication no' \
- -e '/^#PrintMotd yes$/c PrintMotd no # pam does that' \
- -e '/^#UsePAM no$/c UsePAM yes' \
- -i "${pkgdir}"/etc/ssh/sshd_config
+ install -vDm 644 ../${pkgname/-selinux}.tmpfiles "$pkgdir/usr/lib/tmpfiles.d/${pkgname/-selinux}.conf"
+
+ install -Dm755 contrib/findssl.sh -t "$pkgdir"/usr/bin/
+ install -Dm755 contrib/ssh-copy-id -t "$pkgdir"/usr/bin/
+ install -Dm644 contrib/ssh-copy-id.1 -t "$pkgdir"/usr/share/man/man1/
}
+
+# vim: ts=2 sw=2 et: