diff options
Diffstat (limited to 'PKGBUILD')
-rw-r--r-- | PKGBUILD | 218 |
1 files changed, 146 insertions, 72 deletions
@@ -1,4 +1,7 @@ -# Maintainer: Gaetan Bisson <bisson@archlinux.org> +# Maintainer: David Runge <dvzrv@archlinux.org> +# Maintainer: Levente Polyak <anthraxx[at]archlinux[dot]org> +# Maintainer: Giancarlo Razzolini <grazzolini@archlinux.org> +# Contributor: Gaetan Bisson <bisson@archlinux.org> # Contributor: Aaron Griffin <aaron@archlinux.org> # Contributor: judd <jvinet@zeroflux.org> # SELinux Maintainer: Nicolas Iooss (nicolas <dot> iooss <at> m4x <dot> org) @@ -9,96 +12,167 @@ # If you want to help keep it up to date, please open a Pull Request there. pkgname=openssh-selinux -pkgver=8.0p1 +pkgver=9.7p1 pkgrel=1 -pkgdesc='Premier connectivity tool for remote login with the SSH protocol, with SELinux support' +pkgdesc="SSH protocol implementation for remote login, command execution and file transfer, with SELinux support" +arch=(x86_64 aarch64) url='https://www.openssh.com/portable.html' -license=('custom:BSD') -arch=('x86_64') -makedepends=('linux-headers') -depends=('krb5' 'openssl' 'libedit' 'ldns' 'libselinux') -optdepends=('xorg-xauth: X11 forwarding' - 'x11-ssh-askpass: input passphrase in X') +license=( + BSD-2-Clause + BSD-3-Clause + ISC + LicenseRef-Public-Domain + MIT +) +depends=( + glibc + libselinux +) +makedepends=( + krb5 + libedit + libfido2 + libxcrypt + linux-headers + openssl + pam + zlib +) +optdepends=( + 'libfido2: FIDO/U2F support' + 'sh: for ssh-copy-id and findssl.sh' + 'x11-ssh-askpass: input passphrase in X' + 'xorg-xauth: X11 forwarding' +) +backup=( + etc/pam.d/sshd + etc/ssh/ssh_config + etc/ssh/sshd_config +) conflicts=("${pkgname/-selinux}" "selinux-${pkgname/-selinux}") provides=("${pkgname/-selinux}=${pkgver}-${pkgrel}" "selinux-${pkgname/-selinux}=${pkgver}-${pkgrel}") groups=('selinux') -validpgpkeys=('59C2118ED206D927E667EBE3D3E5F56B6D920D30') -source=("https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/${pkgname/-selinux}-${pkgver}.tar.gz"{,.asc} - 'sshdgenkeys.service' - 'sshd@.service' - 'sshd.service' - 'sshd.socket' - 'sshd.conf' - 'sshd.pam') -sha256sums=('bd943879e69498e8031eb6b7f44d08cdc37d59a7ab689aa0b437320c3481fd68' +source=( + https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/${pkgname/-selinux}-${pkgver}.tar.gz{,.asc} + 99-archlinux.conf + ${pkgname/-selinux}.tmpfiles + sshdgenkeys.service + sshd.service + ssh-agent.service + sshd.pam +) +sha256sums=('490426f766d82a2763fcacd8d83ea3d70798750c7bd2aff2e57dc5660f773ffd' 'SKIP' - '4031577db6416fcbaacf8a26a024ecd3939e5c10fe6a86ee3f0eea5093d533b7' - '3a0845737207f4eda221c9c9fb64e766ade9684562d8ba4f705f7ae6826886e5' - 'c5ed9fa629f8f8dbf3bae4edbad4441c36df535088553fe82695c52d7bde30aa' - 'de14363e9d4ed92848e524036d9e6b57b2d35cc77d377b7247c38111d2a3defd' - '4effac1186cc62617f44385415103021f72f674f8b8e26447fc1139c670090f6' - '64576021515c0a98b0aaf0a0ae02e0f5ebe8ee525b1e647ab68f369f81ecd846') + '78b806c38bc1e246daaa941bfe7880e6eb6f53f093bea5d5868525ae6d223d30' + '975904668c3c98fff5dbf840717ae959593fa05e90e215e67bf7ee24369d6369' + 'e5305767b2d317183ad1c5022a5f6705bd9014a8b22495a000fd482713738611' + 'e40f8b7c8e5e2ecf3084b3511a6c36d5b5c9f9e61f2bb13e3726c71dc7d4fbc7' + 'b3b1e4f7af169cd5fccdcdf9538ef37fc919c79a9905f797925153a94e723998' + '633e24cbfcb045ba777d3e06d5f85dfaa06d44f4727d38c7fb2187c57498221d') +b2sums=('520859fcbdf678808fc8515b64585ab9a90a8055fa869df6fbba3083cb7f73ddb81ed9ea981e131520736a8aed838f85ae68ca63406a410df61039913c5cb48b' + 'SKIP' + '1ff8cd4ae22efed2b4260f1e518de919c4b290be4e0b5edbc8e2225ffe63788678d1961e6f863b85974c4697428ee827bcbabad371cfc91cc8b36eae9402eb97' + '43bf32158d6b14cf298e5e92a54d93577d6a45b32b3c0fad7a3722e55a53e446fd30df10002bc945c71528904bb397aaadc4f439dd81e5a87263a31b1daa7fc2' + '09fad3648f48f13ee80195b90913feeba21240d121b1178e0ce62f4a17b1f7e58e8edc22c04403e377ab300f5022a804c848f5be132765d5ca26a38aab262e50' + '07ad5c7fb557411a6646ff6830bc9d564c07cbddc4ce819641d31c05dbdf677bfd8a99907cf529a7ee383b8c250936a6423f4b4b97ba0f1c14f627bbd629bd4e' + '046ea6bd6aa00440991e5f7998db33864a7baa353ec6071f96a3ccb5cca5b548cb9e75f9dee56022ca39daa977d18452851d91e6ba36a66028b84b375ded9bc5' + '1d24cc029eccf71cee54dda84371cf9aa8d805433e751575ab237df654055dd869024b50facd8b73390717e63100c76bca28b493e0c8be9791c76a2e0d60990a') +validpgpkeys=('7168B983815A5EEF59A4ADFD2A3F414E736060BA') # Damien Miller <djm@mindrot.org> -backup=('etc/ssh/ssh_config' 'etc/ssh/sshd_config' 'etc/pam.d/sshd') +prepare() { + cd ${pkgname/-selinux}-$pkgver + # remove variable (but useless) first line in config (related to upstream VCS) + sed '/^#.*\$.*\$$/d' -i ssh{,d}_config -build() { - cd "${srcdir}/${pkgname/-selinux}-${pkgver}" - - ./configure \ - --prefix=/usr \ - --sbindir=/usr/bin \ - --libexecdir=/usr/lib/ssh \ - --sysconfdir=/etc/ssh \ - --with-ldns \ - --with-libedit \ - --with-ssl-engine \ - --with-pam \ - --with-privsep-user=nobody \ - --with-kerberos5=/usr \ - --with-xauth=/usr/bin/xauth \ - --with-md5-passwords \ - --with-pid-dir=/run \ - --with-default-path='/usr/local/sbin:/usr/local/bin:/usr/bin' \ - --with-selinux - - make + # prepend configuration option to include drop-in configuration files for sshd_config + printf "# Include drop-in configurations\nInclude /etc/ssh/sshd_config.d/*.conf\n" | cat - sshd_config > sshd_config.tmp + mv -v sshd_config.tmp sshd_config + # prepend configuration option to include drop-in configuration files for ssh_config + printf "# Include drop-in configurations\nInclude /etc/ssh/ssh_config.d/*.conf\n" | cat - ssh_config > ssh_config.tmp + mv -v ssh_config.tmp ssh_config + + # extract separate licenses + sed -n '89,113p' LICENCE > ../rijndael.Public-Domain.txt + sed -n '116,145p' LICENCE > ../ssh.BSD-3-Clause.txt + sed -n '148,209p' LICENCE > ../BSD-2-Clause.txt + sed -n '213,218p' LICENCE > ../snprintf.Public-Domain.txt + sed -n '222,258p' LICENCE > ../openbsd-compat.BSD-3-Clause.txt + sed -n '260,278p' LICENCE > ../openbsd-compat.ISC.txt + sed -n '280,308p' LICENCE > ../openbsd-compat.MIT.txt + sed -n '280,308p' LICENCE > ../openbsd-compat.MIT.txt + sed -n '310,338p' LICENCE > ../blowfish.BSD-3-Clause.txt + sed -n '340,368p' LICENCE > ../replacement.BSD-2-Clause.txt } -check() { - cd "${srcdir}/${pkgname/-selinux}-${pkgver}" +build() { + local configure_options=( + --prefix=/usr + --sbindir=/usr/bin + --libexecdir=/usr/lib/ssh + --sysconfdir=/etc/ssh + --disable-strip + --with-libedit + --with-security-key-builtin + --with-ssl-engine + --with-pam + --with-privsep-user=nobody + --with-kerberos5=/usr + --with-xauth=/usr/bin/xauth + --with-pid-dir=/run + --with-default-path='/usr/local/sbin:/usr/local/bin:/usr/bin' + --without-zlib-version-check + --with-selinux + ) - # Tests require openssh to be already installed system-wide, - # also connectivity tests will fail under makechrootpkg since - # it runs as nobody which has /bin/false as login shell. + cd ${pkgname/-selinux}-$pkgver - if [[ -e /usr/bin/scp && ! -e /.arch-chroot ]]; then - make tests - fi + ./configure "${configure_options[@]}" + make +} + +check() { + # NOTE: make t-exec does not work in our build environment + make file-tests interop-tests unit -C ${pkgname/-selinux}-$pkgver } package() { - cd "${srcdir}/${pkgname/-selinux}-${pkgver}" + depends+=( + krb5 libkrb5.so libgssapi_krb5.so + libedit libedit.so + libxcrypt libcrypt.so + openssl libcrypto.so + pam libpam.so + zlib libz.so + ) + + cd ${pkgname/-selinux}-$pkgver + + make DESTDIR="$pkgdir" install - make DESTDIR="${pkgdir}" install + install -vDm 644 ../99-archlinux.conf -t "$pkgdir/etc/ssh/sshd_config.d/" + install -vdm 755 "$pkgdir/etc/ssh/ssh_config.d" - ln -sf ssh.1.gz "${pkgdir}"/usr/share/man/man1/slogin.1.gz - install -Dm644 LICENCE "${pkgdir}/usr/share/licenses/${pkgname}/LICENCE" + install -Dm644 LICENCE -t "$pkgdir/usr/share/licenses/${pkgname/-selinux}/" + install -Dm644 ../*.txt -t "$pkgdir/usr/share/licenses/${pkgname/-selinux}/" - install -Dm644 ../sshdgenkeys.service "${pkgdir}"/usr/lib/systemd/system/sshdgenkeys.service - install -Dm644 ../sshd@.service "${pkgdir}"/usr/lib/systemd/system/sshd@.service - install -Dm644 ../sshd.service "${pkgdir}"/usr/lib/systemd/system/sshd.service - install -Dm644 ../sshd.socket "${pkgdir}"/usr/lib/systemd/system/sshd.socket - install -Dm644 ../sshd.conf "${pkgdir}"/usr/lib/tmpfiles.d/sshd.conf - install -Dm644 ../sshd.pam "${pkgdir}"/etc/pam.d/sshd + install -Dm644 ../sshdgenkeys.service -t "$pkgdir"/usr/lib/systemd/system/ + install -Dm644 ../sshd.service -t "$pkgdir"/usr/lib/systemd/system/ + install -Dm644 ../ssh-agent.service -t "$pkgdir"/usr/lib/systemd/user/ + install -Dm644 ../sshd.pam "$pkgdir"/etc/pam.d/sshd - install -Dm755 contrib/findssl.sh "${pkgdir}"/usr/bin/findssl.sh - install -Dm755 contrib/ssh-copy-id "${pkgdir}"/usr/bin/ssh-copy-id - install -Dm644 contrib/ssh-copy-id.1 "${pkgdir}"/usr/share/man/man1/ssh-copy-id.1 + # factory files + install -Dm644 ../sshd.pam "$pkgdir"/usr/share/factory/etc/pam.d/sshd + install -Dm644 "$pkgdir/etc/ssh/moduli" -t "$pkgdir"/usr/share/factory/etc/ssh/ + install -Dm644 "$pkgdir/etc/ssh/ssh_config" -t "$pkgdir"/usr/share/factory/etc/ssh/ + install -Dm644 "$pkgdir/etc/ssh/sshd_config" -t "$pkgdir"/usr/share/factory/etc/ssh/ + install -vDm 644 ../99-archlinux.conf -t "$pkgdir/usr/share/factory/etc/ssh/sshd_config.d/" - sed \ - -e '/^#ChallengeResponseAuthentication yes$/c ChallengeResponseAuthentication no' \ - -e '/^#PrintMotd yes$/c PrintMotd no # pam does that' \ - -e '/^#UsePAM no$/c UsePAM yes' \ - -i "${pkgdir}"/etc/ssh/sshd_config + install -vDm 644 ../${pkgname/-selinux}.tmpfiles "$pkgdir/usr/lib/tmpfiles.d/${pkgname/-selinux}.conf" + + install -Dm755 contrib/findssl.sh -t "$pkgdir"/usr/bin/ + install -Dm755 contrib/ssh-copy-id -t "$pkgdir"/usr/bin/ + install -Dm644 contrib/ssh-copy-id.1 -t "$pkgdir"/usr/share/man/man1/ } + +# vim: ts=2 sw=2 et: |