diff options
| author | jc_gargma <jc_gargma@iserlohn-fortress.net> | 2023-09-07 11:43:36 -0700 |
|---|---|---|
| committer | jc_gargma <jc_gargma@iserlohn-fortress.net> | 2023-09-07 11:43:36 -0700 |
| commit | 99809e836edc6885634bf9b089ca89059bc6b998 (patch) | |
| tree | a89dc43bafaa3d922be2bffce228696f43240b09 | |
| parent | Updated to 9.3p2 (diff) | |
| download | openssh-99809e836edc6885634bf9b089ca89059bc6b998.tar.xz | |
Updated to 9.4p1-3
| -rw-r--r-- | 00-archlinux.conf | 4 | ||||
| -rw-r--r-- | PKGBUILD | 94 | ||||
| -rw-r--r-- | openssh-9.0p1-sshd_config.patch | 30 |
3 files changed, 62 insertions, 66 deletions
diff --git a/00-archlinux.conf b/00-archlinux.conf new file mode 100644 index 0000000..365f115 --- /dev/null +++ b/00-archlinux.conf @@ -0,0 +1,4 @@ +# sshd_config defaults on Arch Linux +KbdInteractiveAuthentication no +UsePAM yes +PrintMotd no @@ -10,58 +10,76 @@ # Arch version lacks openrc support pkgname=openssh -pkgver=9.3p2 -pkgrel=1 +pkgver=9.4p1 +pkgrel=3 pkgdesc="SSH protocol implementation for remote login, command execution and file transfer" -arch=('x86_64') +arch=(x86_64) url='https://www.openssh.com/portable.html' -license=('custom:BSD') +license=( + BSD-2-Clause + BSD-3-Clause + ISC + MIT +) depends=( - 'glibc' - 'krb5' 'libkrb5.so' 'libgssapi_krb5.so' - 'ldns' - 'libedit' - 'libxcrypt' 'libcrypt.so' - 'openssl' - 'pam' 'libpam.so' - 'zlib' + glibc + krb5 libkrb5.so libgssapi_krb5.so + ldns + libedit + libxcrypt libcrypt.so + openssl + pam libpam.so + zlib +) +makedepends=( + libfido2 + linux-headers ) -makedepends=('libfido2' 'linux-headers') optdepends=( 'libfido2: FIDO/U2F support' + 'sh: for ssh-copy-id and findssl.sh' 'x11-ssh-askpass: input passphrase in X' 'xorg-xauth: X11 forwarding' ) backup=( - 'etc/pam.d/sshd' - 'etc/ssh/ssh_config' - 'etc/ssh/sshd_config' + etc/pam.d/sshd + etc/ssh/ssh_config + etc/ssh/sshd_config ) # # For some reason this breaks compiling. "error: C compiler cannot create executables" # # But old-fashioned raw injection of -flto=auto via export doesn't. #options=('lto') #options=('debug') source=( - "https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/${pkgname}-${pkgver}.tar.gz"{,.asc} - "$pkgname-9.0p1-sshd_config.patch" - 'sshd.conf' - 'sshd.pam' + https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/$pkgname-$pkgver.tar.gz{,.asc} + 00-archlinux.conf + sshd.conf + sshd.pam ) -sha256sums=('200ebe147f6cb3f101fd0cdf9e02442af7ddca298dffd9f456878e7ccac676e8' +sha256sums=('3608fd9088db2163ceb3e600c85ab79d0de3d221e59192ea1923e23263866a85' 'SKIP' - '27e43dfd1506c8a821ec8186bae65f2dc43ca038616d6de59f322bd14aa9d07f' + '78b806c38bc1e246daaa941bfe7880e6eb6f53f093bea5d5868525ae6d223d30' '4effac1186cc62617f44385415103021f72f674f8b8e26447fc1139c670090f6' '64576021515c0a98b0aaf0a0ae02e0f5ebe8ee525b1e647ab68f369f81ecd846') -b2sums=('38f8d4ada263112b318fafccabf0a33a004d8290a867434004eb3d37127c9bdabe6e0225fca9d6d68fb54338fec81dcc9313ca7c91d3a033311db44174dc9f6f' +b2sums=('d13d758129cce947d3f12edb6e88406aad10de6887b19ffa3ebd8e382b742a05f2a692a8824aec99939f6c7e13fbccc3bb14e5ee112f9a9255d4882eb87dcf53' 'SKIP' - '29e1a1c2744e0234830c6f93a46338ea8dc943370e20a24883d207d611025e54643da678f2826050c073a36be48dfdc7329d4cfb144c2ff90607a5f10f73dc59' + '1ff8cd4ae22efed2b4260f1e518de919c4b290be4e0b5edbc8e2225ffe63788678d1961e6f863b85974c4697428ee827bcbabad371cfc91cc8b36eae9402eb97' '27571f728c3c10834a81652f3917188436474b588f8b047462e44b6c7a424f60d06ce8cb74839b691870177d7261592207d7f35d4ae6c79af87d6a7ea156d395' '557d015bca7008ce824111f235da67b7e0051a693aaab666e97b78e753ed7928b72274af03d7fde12033986b733d5f996faf2a4feb6ecf53f39accae31334930') validpgpkeys=('7168B983815A5EEF59A4ADFD2A3F414E736060BA') # Damien Miller <djm@mindrot.org> # https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/RELEASE_KEY.asc prepare() { - patch -Np1 -d "$pkgname-$pkgver" -i ../$pkgname-9.0p1-sshd_config.patch + cd $pkgname-$pkgver + # remove variable (but useless) first line in config (related to upstream VCS) + sed '/^#.*\$.*\$$/d' -i ssh{,d}_config + + # prepend configuration option to include drop-in configuration files for sshd_config + printf "# Include drop-in configurations\nInclude /etc/ssh/sshd_config.d/*.conf\n" | cat - sshd_config > sshd_config.tmp + mv -v sshd_config.tmp sshd_config + # prepend configuration option to include drop-in configuration files for ssh_config + printf "# Include drop-in configurations\nInclude /etc/ssh/ssh_config.d/*.conf\n" | cat - ssh_config > ssh_config.tmp + mv -v ssh_config.tmp ssh_config } build() { @@ -81,9 +99,10 @@ build() { --with-xauth=/usr/bin/xauth --with-pid-dir=/run --with-default-path='/usr/local/sbin:/usr/local/bin:/usr/bin' + --without-zlib-version-check ) - cd "${pkgname}-${pkgver}" + cd $pkgname-$pkgver # -fPIE causes test errors export CFLAGS="$CFLAGS -O3 -fstack-protector-all -flto=auto -fPIC" @@ -95,24 +114,27 @@ build() { } check() { - cd "${pkgname}-${pkgver}" + cd $pkgname-$pkgver # NOTE: make t-exec does not work in our build environment make file-tests interop-tests unit } package() { - cd "${pkgname}-${pkgver}" + cd $pkgname-$pkgver + + make DESTDIR="$pkgdir" install - make DESTDIR="${pkgdir}" install + install -vDm 644 ../00-archlinux.conf -t "$pkgdir/etc/ssh/sshd_config.d/" + install -vdm 755 "$pkgdir/etc/ssh/ssh_config.d" - ln -sf ssh.1.gz "${pkgdir}"/usr/share/man/man1/slogin.1.gz - install -Dm644 LICENCE -t "${pkgdir}/usr/share/licenses/${pkgname}/" + ln -sf ssh.1.gz "$pkgdir"/usr/share/man/man1/slogin.1.gz + install -Dm644 LICENCE -t "$pkgdir/usr/share/licenses/$pkgname/" - install -Dm644 ../sshd.conf -t "${pkgdir}"/usr/lib/tmpfiles.d/ - install -Dm644 ../sshd.pam "${pkgdir}"/etc/pam.d/sshd + install -Dm644 ../sshd.conf -t "$pkgdir"/usr/lib/tmpfiles.d/ + install -Dm644 ../sshd.pam "$pkgdir"/etc/pam.d/sshd - install -Dm755 contrib/findssl.sh -t "${pkgdir}"/usr/bin/ - install -Dm755 contrib/ssh-copy-id -t "${pkgdir}"/usr/bin/ - install -Dm644 contrib/ssh-copy-id.1 -t "${pkgdir}"/usr/share/man/man1/ + install -Dm755 contrib/findssl.sh -t "$pkgdir"/usr/bin/ + install -Dm755 contrib/ssh-copy-id -t "$pkgdir"/usr/bin/ + install -Dm644 contrib/ssh-copy-id.1 -t "$pkgdir"/usr/share/man/man1/ } diff --git a/openssh-9.0p1-sshd_config.patch b/openssh-9.0p1-sshd_config.patch deleted file mode 100644 index 9100149..0000000 --- a/openssh-9.0p1-sshd_config.patch +++ /dev/null @@ -1,30 +0,0 @@ -diff -ruN a/sshd_config b/sshd_config ---- a/sshd_config 2022-04-06 02:47:48.000000000 +0200 -+++ b/sshd_config 2022-10-10 19:55:58.961117951 +0200 -@@ -58,7 +58,7 @@ - #PermitEmptyPasswords no - - # Change to no to disable s/key passwords --#KbdInteractiveAuthentication yes -+KbdInteractiveAuthentication no - - # Kerberos options - #KerberosAuthentication no -@@ -79,7 +79,7 @@ - # If you just want the PAM account and session checks to run without - # PAM authentication, then enable this but set PasswordAuthentication - # and KbdInteractiveAuthentication to 'no'. --#UsePAM no -+UsePAM yes - - #AllowAgentForwarding yes - #AllowTcpForwarding yes -@@ -88,7 +88,7 @@ - #X11DisplayOffset 10 - #X11UseLocalhost yes - #PermitTTY yes --#PrintMotd yes -+PrintMotd no - #PrintLastLog yes - #TCPKeepAlive yes - #PermitUserEnvironment no |