blob: 1a12f8c763397f0fa0596aaa13dd7d0aaf391fbc (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
|
# Contributor: Leonardo Arena <rnalrd@alpinelinux.org>
# Contributor: Valery Kartel <valery.kartel@gmail.com>
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=openssh
pkgver=8.0_p1
_myver=${pkgver%_*}${pkgver#*_}
pkgrel=0
pkgdesc="Port of OpenBSD's free SSH release"
url="https://www.openssh.com/portable.html"
arch="all"
license="BSD"
options="!check suid" # FIXME: tests fails. disable for now
depends="openssh-client openssh-sftp-server openssh-server"
makedepends_build="linux-pam-dev"
makedepends_host="openssl-dev zlib-dev libedit-dev linux-headers"
makedepends="$makedepends_build $makedepends_host"
# Add more packages support here e.g. kerberos
_pkgsupport=""
[ -z "$BOOTSTRAP" ] && _pkgsupport="pam"
subpackages="$pkgname-doc
$pkgname-keygen
$pkgname-client
$pkgname-keysign
$pkgname-sftp-server:sftp
$pkgname-server-common:server_common:noarch
$pkgname-server
"
for _flavour in $_pkgsupport; do
subpackages="$subpackages ${pkgname}-server-$_flavour:_pkg_flavour"
done
source="https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/$pkgname-$_myver.tar.gz
fix-utmp.patch
bsd-compatible-realpath.patch
sftp-interactive.patch
disable-forwarding-by-default.patch
sshd.initd
sshd.confd
"
# secfixes:
# 7.9_p1-r3:
# - CVE-2018-20685
# - CVE-2019-6109
# - CVE-2019-6111
# 7.7_p1-r4:
# - CVE-2018-15473
# 7.5_p1-r8:
# - CVE-2017-15906
# 7.4_p1-r0:
# - CVE-2016-10009
# - CVE-2016-10010
# - CVE-2016-10011
# - CVE-2016-10012
builddir="$srcdir"/$pkgname-$_myver
prepare() {
cd "$builddir"
default_prepare
for _flavour in $_pkgsupport; do
cp -R "$srcdir"/$pkgname-$_myver "$srcdir"/$pkgname-${_myver}-$_flavour
done
}
build() {
cd "$builddir"
export LD="$CC"
export TEST_SSH_UTF8=no # utf8 test fails
_configure_vanilla="./configure \
--build=$CBUILD \
--host=$CHOST \
--prefix=/usr \
--sysconfdir=/etc/ssh \
--libexecdir=/usr/lib/ssh \
--mandir=/usr/share/man \
--with-pid-dir=/run \
--with-mantype=doc \
--with-ldflags='${LDFLAGS}' \
--disable-lastlog \
--disable-strip \
--disable-wtmp \
--with-privsep-path=/var/empty \
--with-xauth=/usr/bin/xauth \
--with-privsep-user=sshd \
--with-md5-passwords \
--with-ssl-engine \
--with-libedit \
"
# now we build "vanilla" openssh
_configure="$_configure_vanilla"
for _flavour in $_pkgsupport; do
_configure="$_configure --without-$_flavour"
done
msg "Building openssh..."
eval "$_configure"
make
# now we build other openssh-$_flavour
_configure="$_configure_vanilla"
for _flavour in $_pkgsupport; do
cd "$builddir-$_flavour"
msg "Building openssh with $_flavour support..."
eval "$_configure --with-$_flavour"
make
done
}
check() {
cd "$builddir"
make tests
}
package() {
cd "$builddir"
make DESTDIR="$pkgdir" install
mkdir -p "$pkgdir"/var/empty
install -D -m755 "$srcdir"/sshd.initd \
"$pkgdir"/etc/init.d/sshd
install -D -m644 "$srcdir"/sshd.confd \
"$pkgdir"/etc/conf.d/sshd
install -Dm644 "$builddir"/contrib/ssh-copy-id.1 \
"$pkgdir"/usr/share/man/man1/ssh-copy-id.1
sed -i 's/#UseDNS yes/UseDNS no/' "$pkgdir"/etc/ssh/sshd_config
}
keygen() {
pkgdesc="ssh helper program for generating keys"
depends=
install -d "$subpkgdir"/usr/bin
mv "$pkgdir"/usr/bin/ssh-keygen \
"$subpkgdir"/usr/bin/
}
client() {
pkgdesc="OpenBSD's SSH client"
depends="openssh-keygen"
install -d "$subpkgdir"/usr/bin \
"$subpkgdir"/usr/lib/ssh \
"$subpkgdir"/etc/ssh \
"$subpkgdir"/var/empty
mv "$pkgdir"/usr/bin/* \
"$subpkgdir"/usr/bin/
mv "$pkgdir"/etc/ssh/ssh_config \
"$pkgdir"/etc/ssh/moduli \
"$subpkgdir"/etc/ssh/
install -Dm755 "$builddir"/contrib/findssl.sh \
"$subpkgdir"/usr/bin/findssl.sh
install -Dm755 "$builddir"/contrib/ssh-copy-id \
"$subpkgdir"/usr/bin/ssh-copy-id
install -Dm755 "$builddir"/ssh-pkcs11-helper \
"$subpkgdir"/usr/bin/ssh-pkcs11-helper
}
keysign() {
pkgdesc="ssh helper program for host-based authentication"
depends="openssh-client"
install -d "$subpkgdir"/usr/lib/ssh
mv "$pkgdir"/usr/lib/ssh/ssh-keysign \
"$subpkgdir"/usr/lib/ssh/
}
sftp() {
pkgdesc="ssh sftp server module"
depends=""
install -d "$subpkgdir"/usr/lib/ssh
mv "$pkgdir"/usr/lib/ssh/sftp-server \
"$subpkgdir"/usr/lib/ssh/
}
server_common() {
pkgdesc="OpenSSH server configuration files"
depends=""
for i in etc/ssh/sshd_config \
etc/init.d/sshd \
etc/conf.d/sshd; do
install -d "$subpkgdir"/${i%/*}
mv "$pkgdir"/$i \
"$subpkgdir"/${i%/*}/
done
}
server() {
pkgdesc="OpenSSH server"
depends="openssh-keygen openssh-server-common"
cd "$builddir"
install -d "$subpkgdir"/usr/sbin
mv "$pkgdir"/usr/sbin/sshd "$subpkgdir"/usr/sbin/
}
_server() {
cd "$builddir"
install -d "$subpkgdir"/usr/sbin
mv "$1"/sshd "$subpkgdir"/usr/sbin/
}
_pkg_flavour() {
pkgdesc="OpenSSH server with $_flavour support"
depends="openssh-keygen openssh-server-common"
for _flavour in $_pkgsupport; do
cd "${builddir}"-$_flavour
_server "${builddir}"-$_flavour
done
}
sha512sums="e280fa2d56f550efd37c5d2477670326261aa8b94d991f9eb17aad90e0c6c9c939efa90fe87d33260d0f709485cb05c379f0fd1bd44fc0d5190298b6398c9982 openssh-8.0p1.tar.gz
f35fffcd26635249ce5d820e7b3e406e586f2d2d7f6a045f221e2f9fb53aebc1ab1dd1e603b3389462296ed77921a1d08456e7aaa3825cbed08f405b381a58e1 fix-utmp.patch
f2b8daa537ea3f32754a4485492cc6eb3f40133ed46c0a5a29a89e4bcf8583d82d891d94bf2e5eb1c916fa68ec094abf4e6cd641e9737a6c05053808012b3a73 bsd-compatible-realpath.patch
c1d09c65dbc347f0904edc30f91aa9a24b0baee50309536182455b544f1e3f85a8cecfa959e32be8b101d8282ef06dde3febbbc3f315489339dcf04155c859a9 sftp-interactive.patch
8df35d72224cd255eb0685d2c707b24e5eb24f0fdd67ca6cc0f615bdbd3eeeea2d18674a6af0c6dab74c2d8247e2370d0b755a84c99f766a431bc50c40b557de disable-forwarding-by-default.patch
8122ac1838586a1487dad1f70ed2ec8161ae57b4a7ee8bfef9757b590aa76a887a6c5e5f2575728da4c6c2f00d2a924360e23d84a4df204d7021b44b690cb2f8 sshd.initd
ec506156c286e5b28a530e9964dd68b7f6c9e881fbc47247a988e52a1f9cd50cbfaf4955c96774f9e2508d8b734c4abf98785fbaa75ae6249e3464b5495f1afc sshd.confd"
|
