upg openssh

2023-08-11 14:19:56 +03:00 · 2023-08-11 14:19:56 +03:00 · 7ae5f81d00
parent bc8663110c
commit 7ae5f81d00
6 changed files with 74 additions and 15 deletions
--- a/openssh/00-archlinux.conf
+++ b/openssh/00-archlinux.conf
@ -0,0 +1,4 @@
+# sshd_config defaults on Arch Linux
+KbdInteractiveAuthentication no
+UsePAM yes
+PrintMotd no
--- a/openssh/PKGBUILD
+++ b/openssh/PKGBUILD
@ -7,7 +7,7 @@

 pkgname=openssh
 pkgver=9.4p1
-pkgrel=01  # openssl rebuild
+pkgrel=02  # openssl rebuild
 pkgdesc='SSH protocol implementation for remote login, command execution and file transfer w/o systemd'
 url='https://www.openssh.com/portable.html'
 depends=(
@ -29,8 +29,9 @@ optdepends=('sh: for ssh-copy-id and findssl.sh'
 backup=('etc/ssh/ssh_config' 'etc/ssh/sshd_config' 'etc/pam.d/sshd')

 #options=('debug')   ## uncomment this to have the debug pkg produced
-source=("https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/${pkgname}-${pkgver}.tar.gz"{,.asc}
-	"$pkgname-9.0p1-sshd_config.patch"
+source=(https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/$pkgname-$pkgver.tar.gz{,.asc}
+#	"$pkgname-9.0p1-sshd_config.patch"
+	'00-archlinux.conf'
 	'sshd.conf'
 	'sshd.pam')

@ -38,7 +39,16 @@ source=("https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/${pkgname}-${pkgve
 #install=install   ### systemd autostart crap 

 prepare() {
-  patch -Np1 -d "$pkgname-$pkgver" -i ../$pkgname-9.0p1-sshd_config.patch
+  cd $pkgname-$pkgver
+  # remove variable (but useless) first line in config (related to upstream VCS)
+  sed '/^#.*\$.*\$$/d' -i ssh{,d}_config
+
+  # prepend configuration option to include drop-in configuration files for sshd_config
+  printf "# Include drop-in configurations\nInclude /etc/ssh/sshd_config.d/*.conf\n" | cat - sshd_config > sshd_config.tmp
+  mv -v sshd_config.tmp sshd_config
+  # prepend configuration option to include drop-in configuration files for ssh_config
+  printf "# Include drop-in configurations\nInclude /etc/ssh/ssh_config.d/*.conf\n" | cat - ssh_config > ssh_config.tmp
+  mv -v ssh_config.tmp ssh_config
 }

 #prepare() {
@ -81,10 +91,14 @@ package() {
 	cd "${pkgname}-${pkgver}"

 	make DESTDIR="${pkgdir}" install
+	install -vDm 644 ../00-archlinux.conf -t "$pkgdir/etc/ssh/sshd_config.d/"
+	install -vdm 755 "$pkgdir/etc/ssh/ssh_config.d"

 	ln -sf ssh.1.gz "${pkgdir}"/usr/share/man/man1/slogin.1.gz
 	install -Dm644 LICENCE -t "${pkgdir}/usr/share/licenses/${pkgname}/LICENCE"

+#	We are including the service files as guid in making runit 66 services, especially the
+#	sshdgenkeys service 
 #	install -Dm644 ../sshdgenkeys.service -t "${pkgdir}"/usr/lib/systemd/system/sshdgenkeys.service
 #	install -Dm644 ../sshd.service -t "${pkgdir}"/usr/lib/systemd/system/sshd.service
 	install -Dm644 ../sshd.conf -t "${pkgdir}"/usr/lib/tmpfiles.d/sshd.conf
@ -93,7 +107,6 @@ package() {
 	install -Dm755 contrib/findssl.sh -t "${pkgdir}"/usr/bin/findssl.sh
 	install -Dm755 contrib/ssh-copy-id -t "${pkgdir}"/usr/bin/ssh-copy-id
 	install -Dm644 contrib/ssh-copy-id.1 -t "${pkgdir}"/usr/share/man/man1/ssh-copy-id.1
-
 }

 #---- arch license gpg-key & sha256sums ----
@ -106,8 +119,9 @@ validpgpkeys=('7168B983815A5EEF59A4ADFD2A3F414E736060BA') # "Damien Miller <djm@

 sha256sums=(3608fd9088db2163ceb3e600c85ab79d0de3d221e59192ea1923e23263866a85  # openssh-9.4p1.tar.gz
 	d92592d82bee81745a71bbf249ede02afcdbf933f0de18841a7f17b15b975a03  # openssh-9.4p1.tar.gz.asc
-	27e43dfd1506c8a821ec8186bae65f2dc43ca038616d6de59f322bd14aa9d07f  # openssh-9.0p1-sshd_config.patch
-	4effac1186cc62617f44385415103021f72f674f8b8e26447fc1139c670090f6  # sshd.conf
+	78b806c38bc1e246daaa941bfe7880e6eb6f53f093bea5d5868525ae6d223d30  # 00-archlinux.conf
+	76635a91526ce44571485e292e3a777ded6a439af78cb93514b999f91fb9b327  # sshd.conf
 	64576021515c0a98b0aaf0a0ae02e0f5ebe8ee525b1e647ab68f369f81ecd846) # sshd.pam

-##  e5d56664c00bbf6288b1b3f5df93c92e540c5b31508db4f9af99b08ffdef52b6  openssh-9.4p1-01-x86_64.pkg.tar.lz
+##  52c55680fd0b9d3580f6d331856c22f41a9961eac37992eb7fb823146e74852e  openssh-9.4p1-02-x86_64.pkg.tar.lz
+
--- a/openssh/PKGBUILD-arch
+++ b/openssh/PKGBUILD-arch
@ -6,7 +6,7 @@

 pkgname=openssh
 pkgver=9.4p1
-pkgrel=1
+pkgrel=2
 pkgdesc="SSH protocol implementation for remote login, command execution and file transfer"
 arch=(x86_64)
 url='https://www.openssh.com/portable.html'
@ -38,7 +38,7 @@ backup=(
 )
 source=(
  https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/$pkgname-$pkgver.tar.gz{,.asc}
-  $pkgname-9.0p1-sshd_config.patch
+  00-archlinux.conf
  sshdgenkeys.service
  sshd.service
  sshd.conf
@ -46,22 +46,31 @@ source=(
 )
 sha256sums=('3608fd9088db2163ceb3e600c85ab79d0de3d221e59192ea1923e23263866a85'
            'SKIP'
-            '27e43dfd1506c8a821ec8186bae65f2dc43ca038616d6de59f322bd14aa9d07f'
+            '78b806c38bc1e246daaa941bfe7880e6eb6f53f093bea5d5868525ae6d223d30'
            'e5305767b2d317183ad1c5022a5f6705bd9014a8b22495a000fd482713738611'
            'e40f8b7c8e5e2ecf3084b3511a6c36d5b5c9f9e61f2bb13e3726c71dc7d4fbc7'
-            '4effac1186cc62617f44385415103021f72f674f8b8e26447fc1139c670090f6'
+            '76635a91526ce44571485e292e3a777ded6a439af78cb93514b999f91fb9b327'
            '64576021515c0a98b0aaf0a0ae02e0f5ebe8ee525b1e647ab68f369f81ecd846')
 b2sums=('d13d758129cce947d3f12edb6e88406aad10de6887b19ffa3ebd8e382b742a05f2a692a8824aec99939f6c7e13fbccc3bb14e5ee112f9a9255d4882eb87dcf53'
        'SKIP'
-        '29e1a1c2744e0234830c6f93a46338ea8dc943370e20a24883d207d611025e54643da678f2826050c073a36be48dfdc7329d4cfb144c2ff90607a5f10f73dc59'
+        '1ff8cd4ae22efed2b4260f1e518de919c4b290be4e0b5edbc8e2225ffe63788678d1961e6f863b85974c4697428ee827bcbabad371cfc91cc8b36eae9402eb97'
        '09fad3648f48f13ee80195b90913feeba21240d121b1178e0ce62f4a17b1f7e58e8edc22c04403e377ab300f5022a804c848f5be132765d5ca26a38aab262e50'
        '07ad5c7fb557411a6646ff6830bc9d564c07cbddc4ce819641d31c05dbdf677bfd8a99907cf529a7ee383b8c250936a6423f4b4b97ba0f1c14f627bbd629bd4e'
-        '27571f728c3c10834a81652f3917188436474b588f8b047462e44b6c7a424f60d06ce8cb74839b691870177d7261592207d7f35d4ae6c79af87d6a7ea156d395'
+        'a3fd8f00430168f03dcbc4a5768ed788dd43140e365a882b601510f53f69704da04f24660157bb8a43125f5389528993732d99569d77d5f3358074e7ae36d4ca'
        '557d015bca7008ce824111f235da67b7e0051a693aaab666e97b78e753ed7928b72274af03d7fde12033986b733d5f996faf2a4feb6ecf53f39accae31334930')
 validpgpkeys=('7168B983815A5EEF59A4ADFD2A3F414E736060BA')  # Damien Miller <djm@mindrot.org>

 prepare() {
-  patch -Np1 -d $pkgname-$pkgver -i ../$pkgname-9.0p1-sshd_config.patch
+  cd $pkgname-$pkgver
+  # remove variable (but useless) first line in config (related to upstream VCS)
+  sed '/^#.*\$.*\$$/d' -i ssh{,d}_config
+
+  # prepend configuration option to include drop-in configuration files for sshd_config
+  printf "# Include drop-in configurations\nInclude /etc/ssh/sshd_config.d/*.conf\n" | cat - sshd_config > sshd_config.tmp
+  mv -v sshd_config.tmp sshd_config
+  # prepend configuration option to include drop-in configuration files for ssh_config
+  printf "# Include drop-in configurations\nInclude /etc/ssh/ssh_config.d/*.conf\n" | cat - ssh_config > ssh_config.tmp
+  mv -v ssh_config.tmp ssh_config
 }

 build() {
@ -99,6 +108,9 @@ package() {

  make DESTDIR="$pkgdir" install

+  install -vDm 644 ../00-archlinux.conf -t "$pkgdir/etc/ssh/sshd_config.d/"
+  install -vdm 755 "$pkgdir/etc/ssh/ssh_config.d"
+
  ln -sf ssh.1.gz "$pkgdir"/usr/share/man/man1/slogin.1.gz
  install -Dm644 LICENCE -t "$pkgdir/usr/share/licenses/$pkgname/"

--- a/openssh/sshd.conf
+++ b/openssh/sshd.conf
@ -1 +1,3 @@
 d /var/empty 0755 root root
+d /etc/ssh/sshd_config.d 0755 root root
+d /etc/ssh/ssh_config.d 0755 root root
--- a/openssh/sshd.service
+++ b/openssh/sshd.service
@ -0,0 +1,14 @@
+[Unit]
+Description=OpenSSH Daemon
+Wants=sshdgenkeys.service
+After=sshdgenkeys.service
+After=network.target
+
+[Service]
+ExecStart=/usr/bin/sshd -D
+ExecReload=/bin/kill -HUP $MAINPID
+KillMode=process
+Restart=always
+
+[Install]
+WantedBy=multi-user.target
--- a/openssh/sshdgenkeys.service
+++ b/openssh/sshdgenkeys.service
@ -0,0 +1,13 @@
+[Unit]
+Description=SSH Key Generation
+ConditionPathExists=|!/etc/ssh/ssh_host_ecdsa_key
+ConditionPathExists=|!/etc/ssh/ssh_host_ecdsa_key.pub
+ConditionPathExists=|!/etc/ssh/ssh_host_ed25519_key
+ConditionPathExists=|!/etc/ssh/ssh_host_ed25519_key.pub
+ConditionPathExists=|!/etc/ssh/ssh_host_rsa_key
+ConditionPathExists=|!/etc/ssh/ssh_host_rsa_key.pub
+
+[Service]
+ExecStart=/usr/bin/ssh-keygen -A
+Type=oneshot
+RemainAfterExit=yes