blob: d6699122e06afca37943122fa5222ccbaa01555b (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
|
# Contributor: Leonardo Arena <rnalrd@alpinelinux.org>
# Contributor: Valery Kartel <valery.kartel@gmail.com>
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=openssh
pkgver=7.5_p1
_myver=${pkgver%_*}${pkgver#*_}
pkgrel=5
pkgdesc="Port of OpenBSD's free SSH release"
url="http://www.openssh.org/portable.html"
arch="all"
license="as-is"
options="suid"
depends="openssh-client openssh-sftp-server openssh-server"
makedepends_build="linux-pam-dev"
makedepends_host="libressl-dev zlib-dev linux-headers"
makedepends="$makedepends_build $makedepends_host"
# Add more packages support here e.g. kerberos
_pkgsupport=""
[ -z "$BOOTSTRAP" ] && _pkgsupport="pam"
subpackages="$pkgname-doc
$pkgname-keygen
$pkgname-client
$pkgname-keysign
$pkgname-sftp-server:sftp
$pkgname-server-common:server_common:noarch
$pkgname-server
"
for _flavour in $_pkgsupport; do
subpackages="$subpackages ${pkgname}-server-$_flavour:_pkg_flavour"
done
source="http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/$pkgname-$_myver.tar.gz
openssh7.4-peaktput.patch
openssh7.4-dynwindows.patch
fix-utmp.patch
bsd-compatible-realpath.patch
sshd.initd
sshd.confd
sftp-interactive.patch
openssh-7.5p1-sandbox.patch
"
# secfixes:
# 7.4_p1:
# - CVE-2016-10009
# - CVE-2016-10010
# - CVE-2016-10011
# - CVE-2016-10012
# HPN patches are from: http://hpnssh.sourceforge.net/
builddir="$srcdir"/$pkgname-$_myver
prepare() {
cd "$builddir"
default_prepare
for _flavour in $_pkgsupport; do
cp -R "$srcdir"/$pkgname-$_myver "$srcdir"/$pkgname-${_myver}-$_flavour
done
}
build() {
cd "$builddir"
export LD="$CC"
_configure_vanilla="./configure \
--build=$CBUILD \
--host=$CHOST \
--prefix=/usr \
--sysconfdir=/etc/ssh \
--libexecdir=/usr/lib/ssh \
--mandir=/usr/share/man \
--with-pid-dir=/run \
--with-mantype=man \
--with-ldflags='${LDFLAGS}' \
--disable-lastlog \
--disable-strip \
--disable-wtmp \
--with-privsep-path=/var/empty \
--with-xauth=/usr/bin/xauth \
--with-privsep-user=sshd \
--with-md5-passwords \
--with-ssl-engine \
"
# now we build "vanilla" openssh
_configure="$_configure_vanilla"
for _flavour in $_pkgsupport; do
_configure="$_configure --without-$_flavour"
done
msg "Building openssh..."
eval "$_configure"
make
# now we build other openssh-$_flavour
_configure="$_configure_vanilla"
for _flavour in $_pkgsupport; do
cd "$builddir-$_flavour"
msg "Building openssh with $_flavour support..."
eval "$_configure --with-$_flavour"
make
done
}
package() {
cd "$builddir"
make DESTDIR="$pkgdir" install
mkdir -p "$pkgdir"/var/empty
install -D -m755 "$srcdir"/sshd.initd \
"$pkgdir"/etc/init.d/sshd
install -D -m644 "$srcdir"/sshd.confd \
"$pkgdir"/etc/conf.d/sshd
install -Dm644 "$builddir"/contrib/ssh-copy-id.1 \
"$pkgdir"/usr/share/man/man1/ssh-copy-id.1
sed -i 's/#UseDNS yes/UseDNS no/' "$pkgdir"/etc/ssh/sshd_config
}
keygen() {
pkgdesc="ssh helper program for generating keys"
depends=
install -d "$subpkgdir"/usr/bin
mv "$pkgdir"/usr/bin/ssh-keygen \
"$subpkgdir"/usr/bin/
}
client() {
pkgdesc="OpenBSD's SSH client"
depends="openssh-keygen"
install -d "$subpkgdir"/usr/bin \
"$subpkgdir"/usr/lib/ssh \
"$subpkgdir"/etc/ssh \
"$subpkgdir"/var/empty
mv "$pkgdir"/usr/bin/* \
"$subpkgdir"/usr/bin/
mv "$pkgdir"/etc/ssh/ssh_config \
"$pkgdir"/etc/ssh/moduli \
"$subpkgdir"/etc/ssh/
install -Dm755 "$builddir"/contrib/findssl.sh \
"$subpkgdir"/usr/bin/findssl.sh
install -Dm755 "$builddir"/contrib/ssh-copy-id \
"$subpkgdir"/usr/bin/ssh-copy-id
install -Dm755 "$builddir"/ssh-pkcs11-helper \
"$subpkgdir"/usr/bin/ssh-pkcs11-helper
}
keysign() {
pkgdesc="ssh helper program for host-based authentication"
depends="openssh-client"
install -d "$subpkgdir"/usr/lib/ssh
mv "$pkgdir"/usr/lib/ssh/ssh-keysign \
"$subpkgdir"/usr/lib/ssh/
}
sftp() {
pkgdesc="ssh sftp server module"
depends=""
install -d "$subpkgdir"/usr/lib/ssh
mv "$pkgdir"/usr/lib/ssh/sftp-server \
"$subpkgdir"/usr/lib/ssh/
}
server_common() {
pkgdesc="OpenSSH server configuration files"
depends=""
for i in etc/ssh/sshd_config \
etc/init.d/sshd \
etc/conf.d/sshd; do
install -d "$subpkgdir"/${i%/*}
mv "$pkgdir"/$i \
"$subpkgdir"/${i%/*}/
done
}
server() {
pkgdesc="OpenSSH server"
depends="openssh-keygen openssh-server-common"
cd "$builddir"
install -d "$subpkgdir"/usr/sbin
mv "$pkgdir"/usr/sbin/sshd "$subpkgdir"/usr/sbin/
}
_server() {
cd "$builddir"
install -d "$subpkgdir"/usr/sbin
mv "$1"/sshd "$subpkgdir"/usr/sbin/
}
_pkg_flavour() {
pkgdesc="OpenSSH server with $_flavour support"
depends="openssh-keygen openssh-server-common"
for _flavour in $_pkgsupport; do
cd "${builddir}"-$_flavour
_server "${builddir}"-$_flavour
done
}
sha512sums="58c542e8a110fb4316a68db94abb663fa1c810becd0638d45281df8aeca62c1f705090437a80e788e6c29121769b72a505feced537d3118c933fde01b5285c81 openssh-7.5p1.tar.gz
398096a89aa104abeff31aa043ac406a6348e0fdd4d313b7888ee0b931d38fd71fc21bceee46145e88f03bc27e00890e068442faee2d33f86cfbc04d58ffa4b6 openssh7.4-peaktput.patch
b9d736eae9b43de91fa3eb277ba8abc6290a8436b0fb00ae3b0f1b2eabba9983e4d2a1e3c68f5514247d0a3f120037f0795fd88fbf302aabd2d1b54a325a04ee openssh7.4-dynwindows.patch
f35fffcd26635249ce5d820e7b3e406e586f2d2d7f6a045f221e2f9fb53aebc1ab1dd1e603b3389462296ed77921a1d08456e7aaa3825cbed08f405b381a58e1 fix-utmp.patch
f2b8daa537ea3f32754a4485492cc6eb3f40133ed46c0a5a29a89e4bcf8583d82d891d94bf2e5eb1c916fa68ec094abf4e6cd641e9737a6c05053808012b3a73 bsd-compatible-realpath.patch
394a420a36880bb0dd37dfd8727cea91fd9de6534050169e21212a46513ef3aaafe2752c338699b3d4ccd14871b26cf01a152df8060cd37f86ce0665fd53c63f sshd.initd
ce0abddbd2004891f88efd8522c4b37a4989290269fab339c0fa9aacc051f7fd3b20813e192e92e0e64315750041cb74012d4321260f4865ff69d7a935b259d4 sshd.confd
c1d09c65dbc347f0904edc30f91aa9a24b0baee50309536182455b544f1e3f85a8cecfa959e32be8b101d8282ef06dde3febbbc3f315489339dcf04155c859a9 sftp-interactive.patch
15c5478bcae56c019a2fbd82ec04808537fd4ba1f1ba4a0a88c0343c16c698c45dbfac59eebc3fcfd3c15b302ebec43e60ffa02442a6c77673b14818ad3f7b60 openssh-7.5p1-sandbox.patch"
|