commit: c927f5613f2f28aa7f09037a77875cb2fcdcd16a parent: 6dd843f4ab72badbac4022e6ae32716efe149c9b Author: Haelwenn (lanodan) Monnier <contact@hacktivis.me> Date: Thu, 20 Dec 2018 03:07:01 +0100 net-misc/openssh: RemoveDiffstat:
| D | net-misc/openssh/Manifest | 1 | - |
| D | net-misc/openssh/files/sshd-r1.confd | 33 | --------------------------------- |
| D | net-misc/openssh/files/sshd.initd | 89 | ------------------------------------------------------------------------------- |
| D | net-misc/openssh/files/sshd.pam_include.2 | 4 | ---- |
| D | net-misc/openssh/files/sshd.service | 11 | ----------- |
| D | net-misc/openssh/files/sshd.socket | 10 | ---------- |
| D | net-misc/openssh/files/sshd_at.service | 8 | -------- |
| D | net-misc/openssh/metadata.xml | 32 | -------------------------------- |
| D | net-misc/openssh/openssh-7.9_p1.ebuild | 185 | ------------------------------------------------------------------------------- |
9 files changed, 0 insertions(+), 373 deletions(-)
diff --git a/net-misc/openssh/Manifest b/net-misc/openssh/Manifest @@ -1 +0,0 @@ -DIST openssh-7.9p1.tar.gz 1565384 BLAKE2B de15795e03d33d4f9fe4792f6b14500123230b6c00c1e5bd7207bb6d6bf6df0b2e057c1b1de0fee709f58dd159203fdd69fe1473118a6baedebaa0c1c4c55b59 SHA512 0412c9c429c9287f0794023951469c8e6ec833cdb55821bfa0300dd90d0879ff60484f620cffd93372641ab69bf0b032c2d700ccc680950892725fb631b7708e diff --git a/net-misc/openssh/files/sshd-r1.confd b/net-misc/openssh/files/sshd-r1.confd @@ -1,33 +0,0 @@ -# /etc/conf.d/sshd: config file for /etc/init.d/sshd - -# Where is your sshd_config file stored? - -SSHD_CONFDIR="${RC_PREFIX%/}/etc/ssh" - - -# Any random options you want to pass to sshd. -# See the sshd(8) manpage for more info. - -SSHD_OPTS="" - - -# Wait one second (length chosen arbitrarily) to see if sshd actually -# creates a PID file, or if it crashes for some reason like not being -# able to bind to the address in ListenAddress. - -#SSHD_SSD_OPTS="--wait 1000" - - -# Pid file to use (needs to be absolute path). - -#SSHD_PIDFILE="${RC_PREFIX%/}/run/sshd.pid" - - -# Path to the sshd binary (needs to be absolute path). - -#SSHD_BINARY="${RC_PREFIX%/}/usr/sbin/sshd" - - -# Path to the ssh-keygen binary (needs to be absolute path). - -#SSHD_KEYGEN_BINARY="${RC_PREFIX%/}/usr/bin/ssh-keygen" diff --git a/net-misc/openssh/files/sshd.initd b/net-misc/openssh/files/sshd.initd @@ -1,89 +0,0 @@ -#!/sbin/openrc-run -# Copyright 1999-2018 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 - -extra_commands="checkconfig" -extra_started_commands="reload" - -: ${SSHD_CONFDIR:=${RC_PREFIX%/}/etc/ssh} -: ${SSHD_CONFIG:=${SSHD_CONFDIR}/sshd_config} -: ${SSHD_PIDFILE:=${RC_PREFIX%/}/run/${SVCNAME}.pid} -: ${SSHD_BINARY:=${RC_PREFIX%/}/usr/sbin/sshd} -: ${SSHD_KEYGEN_BINARY:=${RC_PREFIX%/}/usr/bin/ssh-keygen} - -command="${SSHD_BINARY}" -pidfile="${SSHD_PIDFILE}" -command_args="${SSHD_OPTS} -o PidFile=${pidfile} -f ${SSHD_CONFIG}" - -# Wait one second (length chosen arbitrarily) to see if sshd actually -# creates a PID file, or if it crashes for some reason like not being -# able to bind to the address in ListenAddress (bug 617596). -: ${SSHD_SSD_OPTS:=--wait 1000} -start_stop_daemon_args="${SSHD_SSD_OPTS}" - -depend() { - # Entropy can be used by ssh-keygen, among other things, but - # is not strictly required (bug 470020). - use logger dns entropy - if [ "${rc_need+set}" = "set" ] ; then - : # Do nothing, the user has explicitly set rc_need - else - local x warn_addr - for x in $(awk '/^ListenAddress/{ print $2 }' "$SSHD_CONFIG" 2>/dev/null) ; do - case "${x}" in - 0.0.0.0|0.0.0.0:*) ;; - ::|\[::\]*) ;; - *) warn_addr="${warn_addr} ${x}" ;; - esac - done - if [ -n "${warn_addr}" ] ; then - need net - ewarn "You are binding an interface in ListenAddress statement in your sshd_config!" - ewarn "You must add rc_need=\"net.FOO\" to your ${RC_PREFIX%/}/etc/conf.d/sshd" - ewarn "where FOO is the interface(s) providing the following address(es):" - ewarn "${warn_addr}" - fi - fi -} - -checkconfig() { - checkpath --mode 0755 --directory "${RC_PREFIX%/}/var/empty" - - if [ ! -e "${SSHD_CONFIG}" ] ; then - eerror "You need an ${SSHD_CONFIG} file to run sshd" - eerror "There is a sample file in /usr/share/doc/openssh" - return 1 - fi - - ${SSHD_KEYGEN_BINARY} -A || return 2 - - "${command}" -t ${command_args} || return 3 -} - -start_pre() { - # If this isn't a restart, make sure that the user's config isn't - # busted before we try to start the daemon (this will produce - # better error messages than if we just try to start it blindly). - # - # If, on the other hand, this *is* a restart, then the stop_pre - # action will have ensured that the config is usable and we don't - # need to do that again. - if [ "${RC_CMD}" != "restart" ] ; then - checkconfig || return $? - fi -} - -stop_pre() { - # If this is a restart, check to make sure the user's config - # isn't busted before we stop the running daemon. - if [ "${RC_CMD}" = "restart" ] ; then - checkconfig || return $? - fi -} - -reload() { - checkconfig || return $? - ebegin "Reloading ${SVCNAME}" - start-stop-daemon --signal HUP --pidfile "${pidfile}" - eend $? -} diff --git a/net-misc/openssh/files/sshd.pam_include.2 b/net-misc/openssh/files/sshd.pam_include.2 @@ -1,4 +0,0 @@ -auth include system-remote-login -account include system-remote-login -password include system-remote-login -session include system-remote-login diff --git a/net-misc/openssh/files/sshd.service b/net-misc/openssh/files/sshd.service @@ -1,11 +0,0 @@ -[Unit] -Description=OpenSSH server daemon -After=syslog.target network.target auditd.service - -[Service] -ExecStartPre=/usr/bin/ssh-keygen -A -ExecStart=/usr/sbin/sshd -D -e -ExecReload=/bin/kill -HUP $MAINPID - -[Install] -WantedBy=multi-user.target diff --git a/net-misc/openssh/files/sshd.socket b/net-misc/openssh/files/sshd.socket @@ -1,10 +0,0 @@ -[Unit] -Description=OpenSSH Server Socket -Conflicts=sshd.service - -[Socket] -ListenStream=22 -Accept=yes - -[Install] -WantedBy=sockets.target diff --git a/net-misc/openssh/files/sshd_at.service b/net-misc/openssh/files/sshd_at.service @@ -1,8 +0,0 @@ -[Unit] -Description=OpenSSH per-connection server daemon -After=syslog.target auditd.service - -[Service] -ExecStart=-/usr/sbin/sshd -i -e -StandardInput=socket -StandardError=syslog diff --git a/net-misc/openssh/metadata.xml b/net-misc/openssh/metadata.xml @@ -1,32 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> -<pkgmetadata> - <maintainer type="person"> - <email>contact@hacktivis.me</email> - <name>Haelwenn (lanodan) Monnier</name> - </maintainer> - <longdescription> -OpenSSH is a FREE version of the SSH protocol suite of network connectivity tools that -increasing numbers of people on the Internet are coming to rely on. Many users of telnet, -rlogin, ftp, and other such programs might not realize that their password is transmitted -across the Internet unencrypted, but it is. OpenSSH encrypts all traffic (including passwords) -to effectively eliminate eavesdropping, connection hijacking, and other network-level attacks. -Additionally, OpenSSH provides a myriad of secure tunneling capabilities, as well as a variety -of authentication methods. - -The OpenSSH suite includes the ssh program which replaces rlogin and telnet, scp which -replaces rcp, and sftp which replaces ftp. Also included is sshd which is the server side of -the package, and the other basic utilities like ssh-add, ssh-agent, ssh-keysign, ssh-keyscan, -ssh-keygen and sftp-server. OpenSSH supports SSH protocol versions 1.3, 1.5, and 2.0. -</longdescription> - <use> - <flag name="bindist">Disable EC/RC5 algorithms in OpenSSL for patent reasons.</flag> - <flag name="ldns">Use LDNS for DNSSEC/SSHFP validation.</flag> - <flag name="livecd">Enable root password logins for live-cd environment.</flag> - <flag name="ssl">Enable additional crypto algorithms via OpenSSL</flag> - </use> - <upstream> - <remote-id type="cpe">cpe:/a:openssh:openssh</remote-id> - <remote-id type="sourceforge">hpnssh</remote-id> - </upstream> -</pkgmetadata> diff --git a/net-misc/openssh/openssh-7.9_p1.ebuild b/net-misc/openssh/openssh-7.9_p1.ebuild @@ -1,185 +0,0 @@ -# Copyright 1999-2018 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 - -EAPI=6 - -inherit user flag-o-matic multilib autotools pam systemd - -PARCH=${P/_} - -DESCRIPTION="Port of OpenBSD's free SSH release" -HOMEPAGE="https://www.openssh.com/" -SRC_URI="mirror://openbsd/OpenSSH/portable/${PARCH}.tar.gz" - -LICENSE="BSD GPL-2" -SLOT="0" -KEYWORDS="" -IUSE="abi_mips_n32 audit bindist debug kerberos kernel_linux ldns libedit libressl livecd pam +pie selinux +ssl static test X" -RESTRICT="!test? ( test )" -REQUIRED_USE="ldns? ( ssl ) - pie? ( !static ) - static? ( !kerberos !pam ) - test? ( ssl )" - -LIB_DEPEND=" - audit? ( sys-process/audit[static-libs(+)] ) - ldns? ( - net-libs/ldns[static-libs(+)] - !bindist? ( net-libs/ldns[ecdsa,ssl(+)] ) - bindist? ( net-libs/ldns[-ecdsa,ssl(+)] ) - ) - libedit? ( dev-libs/libedit:=[static-libs(+)] ) - selinux? ( >=sys-libs/libselinux-1.28[static-libs(+)] ) - ssl? ( - !libressl? ( - >=dev-libs/openssl-1.0.1:0=[bindist=] - dev-libs/openssl:0=[static-libs(+)] - ) - libressl? ( dev-libs/libressl:0=[static-libs(+)] ) - ) - >=sys-libs/zlib-1.2.3:=[static-libs(+)]" -RDEPEND=" - !static? ( ${LIB_DEPEND//\[static-libs(+)]} ) - pam? ( virtual/pam ) - kerberos? ( virtual/krb5 )" -DEPEND="${RDEPEND} - static? ( ${LIB_DEPEND} ) - virtual/pkgconfig - virtual/os-headers - sys-devel/autoconf" -RDEPEND="${RDEPEND} - pam? ( >=sys-auth/pambase-20081028 ) - userland_GNU? ( virtual/shadow ) - X? ( x11-apps/xauth )" - -S="${WORKDIR}/${PARCH}" - -src_prepare() { - default - - eautoreconf - - tc-export PKG_CONFIG - local sed_args=( - -e "s:-lcrypto:$(${PKG_CONFIG} --libs openssl):" - # Disable PATH reset, trust what portage gives us #254615 - -e 's:^PATH=/:#PATH=/:' - # Disable fortify flags ... our gcc does this for us - -e 's:-D_FORTIFY_SOURCE=2::' - ) - - sed -i "${sed_args[@]}" configure{.ac,} || die - - eautoreconf -} - -src_configure() { - addwrite /dev/ptmx - - use debug && append-cppflags -DSANDBOX_SECCOMP_FILTER_DEBUG - use static && append-ldflags -static - - local myconf=( - --with-ldflags="${LDFLAGS}" - --disable-strip - --with-pid-dir="${EPREFIX}"$(usex kernel_linux '' '/var')/run - --sysconfdir="${EPREFIX%/}"/etc/ssh - --libexecdir="${EPREFIX%/}"/usr/$(get_libdir)/misc - --datadir="${EPREFIX%/}"/usr/share/openssh - --with-privsep-path="${EPREFIX%/}"/var/empty - --with-privsep-user=sshd - --with-mantype=doc - $(use_with audit audit linux) - $(use_with kerberos kerberos5 "${EPREFIX%/}"/usr) - $(use_with ldns) - $(use_with libedit) - $(use_with pam) - $(use_with pie) - $(use_with selinux) - $(use_with ssl openssl) - $(use_with ssl md5-passwords) - $(use_with ssl ssl-engine) - $(use_with !elibc_Cygwin hardening) #659210 - ) - - # stackprotect is broken on musl x86 - use elibc_musl && use x86 && myconf+=( --without-stackprotect ) - - # The seccomp sandbox is broken on x32, so use the older method for now. #553748 - use amd64 && [[ ${ABI} == "x32" ]] && myconf+=( --with-sandbox=rlimit ) - - econf "${myconf[@]}" -} - -src_test() { - local t skipped=() failed=() passed=() - local tests=( interop-tests compat-tests ) - - local shell=$(egetshell "${UID}") - if [[ ${shell} == */nologin ]] || [[ ${shell} == */false ]] ; then - elog "Running the full OpenSSH testsuite requires a usable shell for the 'portage'" - elog "user, so we will run a subset only." - skipped+=( tests ) - else - tests+=( tests ) - fi - - # It will also attempt to write to the homedir .ssh. - local sshhome=${T}/homedir - mkdir -p "${sshhome}"/.ssh - for t in "${tests[@]}" ; do - # Some tests read from stdin ... - HOMEDIR="${sshhome}" HOME="${sshhome}" \ - emake -k -j1 ${t} </dev/null \ - && passed+=( "${t}" ) \ - || failed+=( "${t}" ) - done - - einfo "Passed tests: ${passed[*]}" - [[ ${#skipped[@]} -gt 0 ]] && ewarn "Skipped tests: ${skipped[*]}" - [[ ${#failed[@]} -gt 0 ]] && die "Some tests failed: ${failed[*]}" -} - -src_install() { - emake install-nokeys DESTDIR="${D}" - fperms 600 /etc/ssh/sshd_config - dobin contrib/ssh-copy-id - newinitd "${FILESDIR}"/sshd.initd sshd - newconfd "${FILESDIR}"/sshd-r1.confd sshd - - newpamd "${FILESDIR}"/sshd.pam_include.2 sshd - - doman contrib/ssh-copy-id.1 - dodoc CREDITS OVERVIEW README* TODO sshd_config - - diropts -m 0700 - dodir /etc/skel/.ssh - - keepdir /var/empty - - systemd_dounit "${FILESDIR}"/sshd.{service,socket} - systemd_newunit "${FILESDIR}"/sshd_at.service 'sshd@.service' -} - -pkg_preinst() { - enewgroup sshd 22 - enewuser sshd 22 -1 /var/empty sshd -} - -pkg_postinst() { - if has_version "<${CATEGORY}/${PN}-7.6_p1" ; then - elog "Starting with openssh-7.6p1, openssh upstream has removed ssh1 support entirely." - elog "Furthermore, rsa keys with less than 1024 bits will be refused." - fi - if has_version "<${CATEGORY}/${PN}-7.7_p1" ; then - elog "Starting with openssh-7.7p1, we no longer patch openssh to provide LDAP functionality." - elog "Install sys-auth/ssh-ldap-pubkey and use OpenSSH's \"AuthorizedKeysCommand\" option" - elog "if you need to authenticate against LDAP." - elog "See https://wiki.gentoo.org/wiki/SSH/LDAP_migration for more details." - fi - if ! use ssl && has_version "${CATEGORY}/${PN}[ssl]" ; then - elog "Be aware that by disabling openssl support in openssh, the server and clients" - elog "no longer support dss/rsa/ecdsa keys. You will need to generate ed25519 keys" - elog "and update all clients/servers that utilize them." - fi -}