wyj/LFS-PKGBUILDs
1
0
Fork 0
Code Issues 2 Pull Requests Actions Packages Projects 1 Releases Wiki Activity
Files
96890d787c6d209cb787a11b46e4dfa63b309333
LFS-PKGBUILDs/net-misc/openssh-10.2_p1.PKGBUILD

194 lines
6.4 KiB
Bash
Raw Blame History

pkgname=openssh
pkgver=10.2_p1
_ver=${pkgver/_}
pkgdesc="Port of OpenBSD's free SSH release"
homepage="https://www.openssh.com/"
license=("BSD" "GPL-2")
depends=(
openssl
libxcrypt
zlib
linux-headers
pam
shadow
)
bdepends=(
autoconf
pkgconf
)
_patches=("openssh-9.4_p1-Allow-MAP_NORESERVE-in-sandbox-seccomp-filter-maps.patch"
"openssh-9.7_p1-config-tweaks.patch"
)
_patch_sums=("d8fc604795d8bb4228ccbfe5714d5503bb1e0d63818d2fac65d533530d01fe4ce4fac0743b8b415f646322fec859b699fa7365beba8a42bd880d737b7c6bd7df"
"bfc39aa573dd3934bae2a496a8a730f99dd7d6217c4d6e146ca4c401151f5e803f704719f29213548c67db015ba9f4cae749dd7ee5bc3b8cee0395892abae01f"
)
sources=("${pkgname}-${_ver}.tar.gz"
"sshd_at.service.1"
"sshd.pam_include.2"
"sshd.service.2"
"sshd.socket"
"acct-user-sshd.conf"
"acct-group-sshd.conf"
"${_patches[@]}"
)
urls=("https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/${sources[0]}"
"sshd_at.service.1"
"sshd.pam_include.2"
"sshd.service.2"
"sshd.socket"
"acct-user-sshd.conf"
"acct-group-sshd.conf"
"${_patches[@]}"
)
sha512sums=("66f3dd646179e71aaf41c33b6f14a207dc873d71d24f11c130a89dee317ee45398b818e5b94887b5913240964a38630d7bca3e481e0f1eff2e41d9e1cfdbdfc5"
"fbfe0aed3a5e99f15dc68838975cc49a206d697fb3549d8b31db25617dc7b7b8dd2397d865d89f305d5da391cd56a69277c2215c4335fccb4dd6a9b95ba34e2f"
"d3f7e6ca8c9f2b5060ebccb259316bb59c9a7e158e8ef9466765a20db263a4043a590811f1a3ab072b718dbd70898bc69b77e0b19603d7f394b5ac1bd0a4a56c"
"24c04f0608b478b3aa600a0bdfeb31b196bd9524fdd9c78bcbef5f603a797e17ffbf2ce503af707800b67d789b24fbe1ce15e87df58003752156709d497fca3b"
"4d31d373b7bdae917dc0cf05418c71d4743e98e354aefcf055f88f55c9c644a5a0e0e605dbb8372c1b98d17c0ea1c8c0fee27d38ab8dbe23c7e420a6a78c6d42"
"72ede363950bcc1d31959bab94efdb4e87d3f913ead96ecf593041000e9d63e0872b1f9ddc75a06a67e5c7ab23e24aa0398ee99ea9b0ca921bde83b6d486c568"
"2f477d9a83086b23b00ec6fff576ce04ec5da7e73154c566292cd6192741d7775c19b7564fe0eacfa5ef9314282545217a9e6d39c4d9593db82fe2c4967b5cdc"
"${_patch_sums[@]}"
)
src_prepare() {
tar -xf ${distdir}/${sources[0]} --strip-components=1
sed -i '/^AuthorizedKeysFile/s:^:#:' sshd_config
for _patch in ${_patches[@]}; do
patch -p1 -i ${filedir}/${_patch}
done
if [[ -d patches ]]; then
find patches -type f -name "*.patch" -exec patch -p1 -i {} \;
fi
sed -e '/\t\tpercent \\/ d' \
-i regress/Makefile
local sed_args=(
-e "s:-lcrypto:$(pkg-config --libs openssl):"
# Disable fortify flags ... our gcc does this for us
-e 's:-D_FORTIFY_SOURCE=2::'
)
sed -i "${sed_args[@]}" configure{.ac,}
autoreconf -fiv
}
create_config_dropins() {
local locale_vars=(
# These are language variables that POSIX defines.
# http://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap08.html#tag_08_02
LANG LC_ALL LC_COLLATE LC_CTYPE LC_MESSAGES LC_MONETARY LC_NUMERIC LC_TIME
# These are the GNU extensions.
# https://www.gnu.org/software/autoconf/manual/html_node/Special-Shell-Variables.html
LANGUAGE LC_ADDRESS LC_IDENTIFICATION LC_MEASUREMENT LC_NAME LC_PAPER LC_TELEPHONE
)
mkdir -p etc/ssh/ssh{,d}_config.d
cat > etc/ssh/ssh_config.d/9999999gentoo.conf << EOF
# Send locale environment variables (bug #367017)
SendEnv ${locale_vars[*]}
# Send COLORTERM to match TERM (bug #658540)
SendEnv COLORTERM
EOF
cat << EOF > etc/ssh/ssh_config.d/9999999gentoo-security.conf
RevokedHostKeys "/etc/ssh/ssh_revoked_hosts"
EOF
cat << EOF > etc/ssh/ssh_revoked_hosts
# https://github.blog/2023-03-23-we-updated-our-rsa-ssh-host-key/
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==
EOF
cat << EOF > etc/ssh/sshd_config.d/9999999gentoo.conf
# Allow client to pass locale environment variables (bug #367017)
AcceptEnv ${locale_vars[*]}
# Allow client to pass COLORTERM to match TERM (bug #658540)
AcceptEnv COLORTERM
EOF
cat << EOF > etc/ssh/sshd_config.d/9999999gentoo-subsystem.conf
# override default of no subsystems
Subsystem sftp /usr/lib/ssh/sftp-server
EOF
cat << EOF > etc/ssh/sshd_config.d/9999999gentoo-pam.conf
UsePAM yes
# This interferes with PAM.
PasswordAuthentication no
# PAM can do its own handling of MOTD.
PrintMotd no
PrintLastLog no
EOF
}
src_build() {
local conf_args=(
--prefix=/usr
--disable-strip
--with-pid-dir=/run
--sysconfdir=/etc/ssh
--libexecdir=/usr/lib/ssh
--datadir=/usr/share/openssh
--with-privsep-path=/var/empty
--with-privsep-user=sshd
--with-xauth=/usr/bin/xauth
--without-hardening
--without-pie
--without-stackprotect
--without-wtmpdb
--without-audit
--without-kerberos5
--without-ldns
--without-libedit
--with-pam
--without-selinux
--without-security-key-builtin
--with-openssl
--with-ssl-engine
)
./configure "${conf_args[@]}"
make
create_config_dropins
}
src_check() {
local tests=(compat-tests interop-tests file-tests unit)
chown -R leaf .
chown -R leaf $HOME
chown -R leaf $TMPDIR
su leaf -c "mkdir -pv $HOME/.ssh && make -j1 ${tests[@]}"
}
src_install() {
make install-nokeys DESTDIR="${pkgdir}"
chmod 600 "${pkgdir}/etc/ssh/sshd_config"
install -vDm755 contrib/ssh-copy-id -t "${pkgdir}/usr/bin/"
install -vDm644 "${filedir}"/sshd.pam_include.2 "${pkgdir}/etc/pam.d/sshd"
install -vDm644 contrib/ssh-copy-id.1 -t "${pkgdir}/usr/share/man/man1/"
install -vDm644 "${filedir}/sshd.socket" -t "${pkgdir}/usr/lib/systemd/system/"
install -vDm644 "${filedir}/sshd.service.2" "${pkgdir}/usr/lib/systemd/system/sshd.service"
install -vDm644 "${filedir}/sshd_at.service.1" "${pkgdir}/usr/lib/systemd/system/sshd@.service"
install -vdm755 "${pkgdir}/etc/ssh/ssh_config.d"
install -vDm644 etc/ssh/ssh_config.d/* -t "${pkgdir}/etc/ssh/ssh_config.d"
install -vdm700 "${pkgdir}/etc/ssh/sshd_config.d"
install -vDm600 etc/ssh/sshd_config.d/* -t "${pkgdir}/etc/ssh/sshd_config.d"
install -vDm644 etc/ssh/ssh_revoked_hosts -t "${pkgdir}/etc/ssh"
install -vDm644 "${filedir}"/acct-user-sshd.conf -t "${pkgdir}/usr/lib/sysusers.d/"
install -vDm644 "${filedir}"/acct-group-sshd.conf -t "${pkgdir}/usr/lib/sysusers.d/"
}
# vim:ft=sh syn=sh et sw=2:
Reference in New Issue View Git Blame Copy Permalink