diff options
author | Natanael Copa <ncopa@alpinelinux.org> | 2015-05-21 12:37:16 +0000 |
---|---|---|
committer | Natanael Copa <ncopa@alpinelinux.org> | 2015-05-21 12:45:34 +0000 |
commit | a439ca13411b044211fcb9a8137647ce4033b448 (patch) | |
tree | 917e161ce9be7de721420fc24b1b2bb2c5ae3bca /main/openssh | |
parent | c8ee1cb2287617b540656b4352052fec0e382132 (diff) | |
download | aports-a439ca13411b044211fcb9a8137647ce4033b448.tar.bz2 aports-a439ca13411b044211fcb9a8137647ce4033b448.tar.xz |
main/openssh: add support for disable keygen
Add support for SSHD_DISABLE_KEYGEN in /etc/conf.d/sshd to make it
possible disable host key generation at startup.
Also sync with gentoo's init.d script
fixes #4171
Diffstat (limited to 'main/openssh')
-rw-r--r-- | main/openssh/APKBUILD | 8 | ||||
-rwxr-xr-x | main/openssh/sshd.initd | 67 |
2 files changed, 38 insertions, 37 deletions
diff --git a/main/openssh/APKBUILD b/main/openssh/APKBUILD index c69d72d91c..e1b8291f92 100644 --- a/main/openssh/APKBUILD +++ b/main/openssh/APKBUILD @@ -2,7 +2,7 @@ pkgname=openssh pkgver=6.8_p1 _myver=${pkgver%_*}${pkgver#*_} -pkgrel=1 +pkgrel=2 pkgdesc="Port of OpenBSD's free SSH release" url="http://www.openssh.org/portable.html" arch="all" @@ -110,20 +110,20 @@ md5sums="08f72de6751acfbd0892b5f003922701 openssh-6.8p1.tar.gz cd52fe99cb4b7d0d847bf5d710d93564 openssh6.5-peaktput.diff c6e29d7d88529a66d857657753f39694 openssh6.8-dynwindows.diff 37fbfe9cfb9a5e2454382ea8c79ed2e1 openssh-fix-utmp.diff -dbc330ab8b8f310567742bd24cde171d sshd.initd +e3fd4d42e2664b6c37f0c636f5e7a5d8 sshd.initd b35e9f3829f4cfca07168fcba98749c7 sshd.confd 2dd7e366607e95f9762273067309fd6e openssh-sftp-interactive.diff" sha256sums="3ff64ce73ee124480b5bf767b9830d7d3c03bbcb6abe716b78f0192c37ce160e openssh-6.8p1.tar.gz bf49212e47a86d10650f739532cea514a310925e6445b4f8011031b6b55f3249 openssh6.5-peaktput.diff bf0f00bd88a7224ea0618f6e347a6a805c4e5acd869196725a3923d711ff1246 openssh6.8-dynwindows.diff 1c85437fd94aa4fc269e6297e4eb790baa98c39949ec0410792c09ee31ba9782 openssh-fix-utmp.diff -0a1c12843786c6be50c02292e41b23b2eadb54b9a2da1161f2a4306860a09636 sshd.initd +cf053bee46c7037bdab3b3575c7080f4b514d8623c023a4dcfccb4cdcff179cf sshd.initd 29c6d57ac3ec6018cadc6ba6cd9b90c9ed46e20049b970fdcc68ee2481a2ee41 sshd.confd 4ce1ad5f767c0f4e854a0cfeef0e2e400f333c649e552df1ecc317e6a6557376 openssh-sftp-interactive.diff" sha512sums="7c4457e4525a56cdabb1164ffaf6bed1c094294ae7d06dd3484dcffcd87738fcffe7019b6cae0032c254b0389832644522d5a9f2603b50637ffeb9999b5fcede openssh-6.8p1.tar.gz e041398e177674f698480e23be037160bd07b751c754956a3ddf1b964da24c85e826fb75e7c23c9826d36761da73d08db9583c047d58a08dc7b2149a949075b1 openssh6.5-peaktput.diff 307ca56d2bae53f2f2852a695de440843a457c4000524d1b7dbcf2f46f70ae4f8ba7309273b62287ad5eef2005e2911dd737a0f55605352397b8f557d78e18df openssh6.8-dynwindows.diff f35fffcd26635249ce5d820e7b3e406e586f2d2d7f6a045f221e2f9fb53aebc1ab1dd1e603b3389462296ed77921a1d08456e7aaa3825cbed08f405b381a58e1 openssh-fix-utmp.diff -9617fc0bf0e25014422b2cda5b7edfa207fd7a05a22c93d237411c4d041f714141c81290b8a0441a8a277263a1ea8f8000ae89e955eb1a3c999c0c1217b93a2e sshd.initd +4c24dd9c3cc9ca97bc77bbabb4128e9e043d71523a4bfb93dae65882db1b397f80dc432a9dd013a0aafba1bc0864700d0c8613d444de244d540ff026ffc57e80 sshd.initd b9ae816af54a55e134a9307e376f05367b815f1b3fd545c2a2c312d18aedcf907f413e8bad8db980cdd9aad4011a72a79e1e94594f69500939a9cb46287f2f81 sshd.confd c1d09c65dbc347f0904edc30f91aa9a24b0baee50309536182455b544f1e3f85a8cecfa959e32be8b101d8282ef06dde3febbbc3f315489339dcf04155c859a9 openssh-sftp-interactive.diff" diff --git a/main/openssh/sshd.initd b/main/openssh/sshd.initd index 9edeb06cba..ae116f0e18 100755 --- a/main/openssh/sshd.initd +++ b/main/openssh/sshd.initd @@ -1,61 +1,62 @@ #!/sbin/openrc-run -# Copyright 1999-2011 Gentoo Foundation +# Copyright 1999-2015 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/files/sshd.rc6.3,v 1.2 2011/09/14 21:46:19 polynomial-c Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/files/sshd.rc6.4,v 1.5 2015/05/04 02:56:25 vapier Exp $ -extra_commands="checkconfig gen_keys" +extra_commands="checkconfig" extra_started_commands="reload" +: ${SSHD_CONFDIR:=/etc/ssh} +: ${SSHD_CONFIG:=${SSHD_CONFDIR}/sshd_config} +: ${SSHD_PIDFILE:=/var/run/${SVCNAME}.pid} +: ${SSHD_BINARY:=/usr/sbin/sshd} + depend() { use logger dns - need net - after firewall + if [ "${rc_need+set}" = "set" ] ; then + : # Do nothing, the user has explicitly set rc_need + else + local x warn_addr + for x in $(awk '/^ListenAddress/{ print $2 }' "$SSHD_CONFIG" 2>/dev/null) ; do + case "${x}" in + 0.0.0.0|0.0.0.0:*) ;; + ::|\[::\]*) ;; + *) warn_addr="${warn_addr} ${x}" ;; + esac + done + if [ -n "${warn_addr}" ] ; then + need net + ewarn "You are binding an interface in ListenAddress statement in your sshd_config!" + ewarn "You must add rc_need=\"net.FOO\" to your /etc/conf.d/sshd" + ewarn "where FOO is the interface(s) providing the following address(es):" + ewarn "${warn_addr}" + fi + fi } -SSHD_CONFDIR=${SSHD_CONFDIR:-/etc/ssh} -SSHD_PIDFILE=${SSHD_PIDFILE:-/var/run/${SVCNAME}.pid} -SSHD_BINARY=${SSHD_BINARY:-/usr/sbin/sshd} - checkconfig() { if [ ! -d /var/empty ] ; then mkdir -p /var/empty || return 1 fi - if [ ! -e "${SSHD_CONFDIR}"/sshd_config ] ; then - eerror "You need an ${SSHD_CONFDIR}/sshd_config file to run sshd" + if [ ! -e "${SSHD_CONFIG}" ] ; then + eerror "You need an ${SSHD_CONFIG} file to run sshd" eerror "There is a sample file in /usr/share/doc/openssh" return 1 fi - gen_keys || return 1 + if ! yesno "${SSHD_DISABLE_KEYGEN}"; then + ssh-keygen -A || return 1 + fi [ "${SSHD_PIDFILE}" != "/var/run/sshd.pid" ] \ && SSHD_OPTS="${SSHD_OPTS} -o PidFile=${SSHD_PIDFILE}" - [ "${SSHD_CONFDIR}" != "/etc/ssh" ] \ - && SSHD_OPTS="${SSHD_OPTS} -f ${SSHD_CONFDIR}/sshd_config" + [ "${SSHD_CONFIG}" != "/etc/ssh/sshd_config" ] \ + && SSHD_OPTS="${SSHD_OPTS} -f ${SSHD_CONFIG}" "${SSHD_BINARY}" -t ${SSHD_OPTS} || return 1 } -gen_key() { - local type=$1 key ks - [ $# -eq 1 ] && ks="${type}_" - key="${SSHD_CONFDIR}/ssh_host_${ks}key" - if [ ! -e "${key}" ] ; then - ebegin "Generating ${type} host key" - ssh-keygen -t ${type} -f "${key}" -N '' - eend $? || return $? - fi -} - -gen_keys() { - if egrep -q '^[[:space:]]*Protocol[[:space:]]+.*1' "${SSHD_CONFDIR}"/sshd_config ; then - gen_key rsa1 "" || return 1 - fi - gen_key dsa && gen_key rsa && gen_key ecdsa && gen_key ed25519 - return $? -} - start() { checkconfig || return 1 |