blob: 5fb55873d805e565d6e2e5b551e04c2c218e7411 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
|
# Maintainer: jc_gargma <jc_gargma@iserlohn-fortress.net>
# Maintainer (Arch): Levente Polyak <anthraxx[at]archlinux[dot]org>
# Maintainer (Arch): Giancarlo Razzolini <grazzolini@archlinux.org>
# Contributor (Arch): Gaetan Bisson <bisson@archlinux.org>
# Contributor (Arch): Aaron Griffin <aaron@archlinux.org>
# Contributor (Arch): judd <jvinet@zeroflux.org>
# # I maintain this because:
# Artix version lacks additional optimization and hardening flags
# Arch version lacks openrc support
pkgname=openssh
pkgver=9.4p1
pkgrel=4
pkgdesc="SSH protocol implementation for remote login, command execution and file transfer"
arch=(x86_64)
url='https://www.openssh.com/portable.html'
license=(
BSD-2-Clause
BSD-3-Clause
ISC
MIT
)
depends=(
glibc
krb5 libkrb5.so libgssapi_krb5.so
ldns
libedit
libxcrypt libcrypt.so
openssl
pam libpam.so
zlib
)
makedepends=(
libfido2
linux-headers
)
optdepends=(
'libfido2: FIDO/U2F support'
'sh: for ssh-copy-id and findssl.sh'
'x11-ssh-askpass: input passphrase in X'
'xorg-xauth: X11 forwarding'
)
backup=(
etc/pam.d/sshd
etc/ssh/ssh_config
etc/ssh/sshd_config
)
# # For some reason this breaks compiling. "error: C compiler cannot create executables"
# # But old-fashioned raw injection of -flto=auto via export doesn't.
#options=('lto')
#options=('debug')
source=(
https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/$pkgname-$pkgver.tar.gz{,.asc}
99-archlinux.conf
sshd.conf
sshd.pam
)
sha256sums=('3608fd9088db2163ceb3e600c85ab79d0de3d221e59192ea1923e23263866a85'
'SKIP'
'78b806c38bc1e246daaa941bfe7880e6eb6f53f093bea5d5868525ae6d223d30'
'4effac1186cc62617f44385415103021f72f674f8b8e26447fc1139c670090f6'
'a979e236681c6a06906937cf0f012e976347af5d6d7e7ae04a11acb01cc2689d')
b2sums=('d13d758129cce947d3f12edb6e88406aad10de6887b19ffa3ebd8e382b742a05f2a692a8824aec99939f6c7e13fbccc3bb14e5ee112f9a9255d4882eb87dcf53'
'SKIP'
'1ff8cd4ae22efed2b4260f1e518de919c4b290be4e0b5edbc8e2225ffe63788678d1961e6f863b85974c4697428ee827bcbabad371cfc91cc8b36eae9402eb97'
'27571f728c3c10834a81652f3917188436474b588f8b047462e44b6c7a424f60d06ce8cb74839b691870177d7261592207d7f35d4ae6c79af87d6a7ea156d395'
'a61b50849a4efe66b3341fd312531dde54917cf138ddb458973632de7ff815dddeeff432ff84fb0d63d94a46a331b6bb736ae0e260f8cc7f82beb3c0a9c0d602')
validpgpkeys=('7168B983815A5EEF59A4ADFD2A3F414E736060BA') # Damien Miller <djm@mindrot.org>
# https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/RELEASE_KEY.asc
prepare() {
cd $pkgname-$pkgver
# remove variable (but useless) first line in config (related to upstream VCS)
sed '/^#.*\$.*\$$/d' -i ssh{,d}_config
# prepend configuration option to include drop-in configuration files for sshd_config
printf "# Include drop-in configurations\nInclude /etc/ssh/sshd_config.d/*.conf\n" | cat - sshd_config > sshd_config.tmp
mv -v sshd_config.tmp sshd_config
# prepend configuration option to include drop-in configuration files for ssh_config
printf "# Include drop-in configurations\nInclude /etc/ssh/ssh_config.d/*.conf\n" | cat - ssh_config > ssh_config.tmp
mv -v ssh_config.tmp ssh_config
}
build() {
local configure_options=(
--prefix=/usr
--sbindir=/usr/bin
--libexecdir=/usr/lib/ssh
--sysconfdir=/etc/ssh
--disable-strip
--with-ldns
--with-libedit
--with-security-key-builtin
--with-ssl-engine
--with-pam
--with-privsep-user=nobody
--with-kerberos5=/usr
--with-xauth=/usr/bin/xauth
--with-pid-dir=/run
--with-default-path='/usr/local/sbin:/usr/local/bin:/usr/bin'
--without-zlib-version-check
)
cd $pkgname-$pkgver
# -fPIE causes test errors
export CFLAGS="$CFLAGS -O3 -fstack-protector-all -flto=auto -fPIC"
export CXXFLAGS="$CXXFLAGS -O3 -fstack-protector-all -flto=auto -fPIC"
#export LDFLAGS="$LDFLAGS,-pie"
./configure "${configure_options[@]}"
make
}
check() {
cd $pkgname-$pkgver
# NOTE: make t-exec does not work in our build environment
make file-tests interop-tests unit
}
package() {
cd $pkgname-$pkgver
make DESTDIR="$pkgdir" install
install -vDm 644 ../99-archlinux.conf -t "$pkgdir/etc/ssh/sshd_config.d/"
install -vdm 755 "$pkgdir/etc/ssh/ssh_config.d"
ln -sf ssh.1.gz "$pkgdir"/usr/share/man/man1/slogin.1.gz
install -Dm644 LICENCE -t "$pkgdir/usr/share/licenses/$pkgname/"
install -Dm644 ../sshd.conf -t "$pkgdir"/usr/lib/tmpfiles.d/
install -Dm644 ../sshd.pam "$pkgdir"/etc/pam.d/sshd
install -Dm755 contrib/findssl.sh -t "$pkgdir"/usr/bin/
install -Dm755 contrib/ssh-copy-id -t "$pkgdir"/usr/bin/
install -Dm644 contrib/ssh-copy-id.1 -t "$pkgdir"/usr/share/man/man1/
}
|