[arch-commits] Commit in openssh/repos (18 files)

Gaetan Bisson bisson at nymeria.archlinux.org
Wed Feb 5 05:20:28 UTC 2014


    Date: Wednesday, February 5, 2014 @ 06:20:28
  Author: bisson
Revision: 205448

archrelease: copy trunk to testing-i686, testing-x86_64

Added:
  openssh/repos/testing-i686/
  openssh/repos/testing-i686/PKGBUILD
    (from rev 205447, openssh/trunk/PKGBUILD)
  openssh/repos/testing-i686/install
    (from rev 205447, openssh/trunk/install)
  openssh/repos/testing-i686/lowercase.patch
    (from rev 205447, openssh/trunk/lowercase.patch)
  openssh/repos/testing-i686/sshd.pam
    (from rev 205447, openssh/trunk/sshd.pam)
  openssh/repos/testing-i686/sshd.service
    (from rev 205447, openssh/trunk/sshd.service)
  openssh/repos/testing-i686/sshd.socket
    (from rev 205447, openssh/trunk/sshd.socket)
  openssh/repos/testing-i686/sshd at .service
    (from rev 205447, openssh/trunk/sshd at .service)
  openssh/repos/testing-i686/sshdgenkeys.service
    (from rev 205447, openssh/trunk/sshdgenkeys.service)
  openssh/repos/testing-x86_64/
  openssh/repos/testing-x86_64/PKGBUILD
    (from rev 205447, openssh/trunk/PKGBUILD)
  openssh/repos/testing-x86_64/install
    (from rev 205447, openssh/trunk/install)
  openssh/repos/testing-x86_64/lowercase.patch
    (from rev 205447, openssh/trunk/lowercase.patch)
  openssh/repos/testing-x86_64/sshd.pam
    (from rev 205447, openssh/trunk/sshd.pam)
  openssh/repos/testing-x86_64/sshd.service
    (from rev 205447, openssh/trunk/sshd.service)
  openssh/repos/testing-x86_64/sshd.socket
    (from rev 205447, openssh/trunk/sshd.socket)
  openssh/repos/testing-x86_64/sshd at .service
    (from rev 205447, openssh/trunk/sshd at .service)
  openssh/repos/testing-x86_64/sshdgenkeys.service
    (from rev 205447, openssh/trunk/sshdgenkeys.service)

------------------------------------+
 testing-i686/PKGBUILD              |   95 +++++++++++++++++++++++++++++++++++
 testing-i686/install               |   10 +++
 testing-i686/lowercase.patch       |   32 +++++++++++
 testing-i686/sshd.pam              |    6 ++
 testing-i686/sshd.service          |   17 ++++++
 testing-i686/sshd.socket           |   10 +++
 testing-i686/sshd at .service         |    8 ++
 testing-i686/sshdgenkeys.service   |   17 ++++++
 testing-x86_64/PKGBUILD            |   95 +++++++++++++++++++++++++++++++++++
 testing-x86_64/install             |   10 +++
 testing-x86_64/lowercase.patch     |   32 +++++++++++
 testing-x86_64/sshd.pam            |    6 ++
 testing-x86_64/sshd.service        |   17 ++++++
 testing-x86_64/sshd.socket         |   10 +++
 testing-x86_64/sshd at .service       |    8 ++
 testing-x86_64/sshdgenkeys.service |   17 ++++++
 16 files changed, 390 insertions(+)

Copied: openssh/repos/testing-i686/PKGBUILD (from rev 205447, openssh/trunk/PKGBUILD)
===================================================================
--- testing-i686/PKGBUILD	                        (rev 0)
+++ testing-i686/PKGBUILD	2014-02-05 05:20:28 UTC (rev 205448)
@@ -0,0 +1,95 @@
+# $Id$
+# Maintainer: Gaetan Bisson <bisson at archlinux.org>
+# Contributor: Aaron Griffin <aaron at archlinux.org>
+# Contributor: judd <jvinet at zeroflux.org>
+
+pkgname=openssh
+pkgver=6.5p1
+pkgrel=2
+pkgdesc='Free version of the SSH connectivity tools'
+url='http://www.openssh.org/portable.html'
+license=('custom:BSD')
+arch=('i686' 'x86_64')
+makedepends=('linux-headers')
+depends=('krb5' 'openssl' 'libedit' 'ldns')
+optdepends=('xorg-xauth: X11 forwarding'
+            'x11-ssh-askpass: input passphrase in X')
+source=("ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/${pkgname}-${pkgver}.tar.gz"{,.asc}
+        'lowercase.patch'
+        'sshdgenkeys.service'
+        'sshd at .service'
+        'sshd.service'
+        'sshd.socket'
+        'sshd.pam')
+sha1sums=('3363a72b4fee91b29cf2024ff633c17f6cd2f86d' 'SKIP'
+          '3163a71cbaeac39d0783ad4c501fd0630d6c0c22'
+          'cc1ceec606c98c7407e7ac21ade23aed81e31405'
+          '6a0ff3305692cf83aca96e10f3bb51e1c26fccda'
+          'ec49c6beba923e201505f5669cea48cad29014db'
+          'e12fa910b26a5634e5a6ac39ce1399a132cf6796'
+          'd93dca5ebda4610ff7647187f8928a3de28703f3')
+
+backup=('etc/ssh/ssh_config' 'etc/ssh/sshd_config' 'etc/pam.d/sshd')
+
+install=install
+
+prepare() {
+	cd "${srcdir}/${pkgname}-${pkgver}"
+	patch -p1 -i ../lowercase.patch
+}
+
+build() {
+	cd "${srcdir}/${pkgname}-${pkgver}"
+
+	./configure \
+		--prefix=/usr \
+		--sbindir=/usr/bin \
+		--libexecdir=/usr/lib/ssh \
+		--sysconfdir=/etc/ssh \
+		--with-ldns \
+		--with-libedit \
+		--with-ssl-engine \
+		--with-pam \
+		--with-privsep-user=nobody \
+		--with-kerberos5=/usr \
+		--with-xauth=/usr/bin/xauth \
+		--with-mantype=man \
+		--with-md5-passwords \
+		--with-pid-dir=/run \
+
+	make
+}
+
+check() {
+	cd "${srcdir}/${pkgname}-${pkgver}"
+
+	make tests || true
+	# hard to suitably test connectivity:
+	# - fails with /bin/false as login shell
+	# - fails with firewall activated, etc.
+}
+
+package() {
+	cd "${srcdir}/${pkgname}-${pkgver}"
+
+	make DESTDIR="${pkgdir}" install
+
+	ln -sf ssh.1.gz "${pkgdir}"/usr/share/man/man1/slogin.1.gz
+	install -Dm644 LICENCE "${pkgdir}/usr/share/licenses/${pkgname}/LICENCE"
+
+	install -Dm644 ../sshdgenkeys.service "${pkgdir}"/usr/lib/systemd/system/sshdgenkeys.service
+	install -Dm644 ../sshd at .service "${pkgdir}"/usr/lib/systemd/system/sshd at .service
+	install -Dm644 ../sshd.service "${pkgdir}"/usr/lib/systemd/system/sshd.service
+	install -Dm644 ../sshd.socket "${pkgdir}"/usr/lib/systemd/system/sshd.socket
+	install -Dm644 ../sshd.pam "${pkgdir}"/etc/pam.d/sshd
+
+	install -Dm755 contrib/findssl.sh "${pkgdir}"/usr/bin/findssl.sh
+	install -Dm755 contrib/ssh-copy-id "${pkgdir}"/usr/bin/ssh-copy-id
+	install -Dm644 contrib/ssh-copy-id.1 "${pkgdir}"/usr/share/man/man1/ssh-copy-id.1
+
+	sed \
+		-e '/^#ChallengeResponseAuthentication yes$/c ChallengeResponseAuthentication no' \
+		-e '/^#PrintMotd yes$/c PrintMotd no # pam does that' \
+		-e '/^#UsePAM no$/c UsePAM yes' \
+		-i "${pkgdir}"/etc/ssh/sshd_config
+}

Copied: openssh/repos/testing-i686/install (from rev 205447, openssh/trunk/install)
===================================================================
--- testing-i686/install	                        (rev 0)
+++ testing-i686/install	2014-02-05 05:20:28 UTC (rev 205448)
@@ -0,0 +1,10 @@
+post_upgrade() {
+	if [[ $(vercmp $2 6.2p2) = -1 ]]; then
+		cat <<EOF
+
+==> The sshd daemon has been moved to /usr/bin alongside all binaries.
+==> Please update this path in your scripts if applicable.
+
+EOF
+	fi
+}

Copied: openssh/repos/testing-i686/lowercase.patch (from rev 205447, openssh/trunk/lowercase.patch)
===================================================================
--- testing-i686/lowercase.patch	                        (rev 0)
+++ testing-i686/lowercase.patch	2014-02-05 05:20:28 UTC (rev 205448)
@@ -0,0 +1,32 @@
+From d56b44d2dfa093883a5c4e91be3f72d99946b170 Mon Sep 17 00:00:00 2001
+From: Damien Miller <djm at mindrot.org>
+Date: Tue, 04 Feb 2014 00:26:04 +0000
+Subject:    - djm at cvs.openbsd.org 2014/02/04 00:24:29
+
+     [ssh.c]
+     delay lowercasing of hostname until right before hostname
+     canonicalisation to unbreak case-sensitive matching of ssh_config;
+     reported by Ike Devolder; ok markus@
+---
+diff --git a/ssh.c b/ssh.c
+index ec95733..add760c 100644
+--- a/ssh.c
++++ b/ssh.c
+@@ -780,7 +780,6 @@ main(int ac, char **av)
+ 	if (!host)
+ 		usage();
+ 
+-	lowercase(host);
+ 	host_arg = xstrdup(host);
+ 
+ 	OpenSSL_add_all_algorithms();
+@@ -914,6 +913,7 @@ main(int ac, char **av)
+ 	}
+ 
+ 	/* If canonicalization requested then try to apply it */
++	lowercase(host);
+ 	if (options.canonicalize_hostname != SSH_CANONICALISE_NO)
+ 		addrs = resolve_canonicalize(&host, options.port);
+ 	/*
+--
+cgit v0.9.2

Copied: openssh/repos/testing-i686/sshd.pam (from rev 205447, openssh/trunk/sshd.pam)
===================================================================
--- testing-i686/sshd.pam	                        (rev 0)
+++ testing-i686/sshd.pam	2014-02-05 05:20:28 UTC (rev 205448)
@@ -0,0 +1,6 @@
+#%PAM-1.0
+#auth     required  pam_securetty.so     #disable remote root
+auth      include   system-remote-login
+account   include   system-remote-login
+password  include   system-remote-login
+session   include   system-remote-login

Copied: openssh/repos/testing-i686/sshd.service (from rev 205447, openssh/trunk/sshd.service)
===================================================================
--- testing-i686/sshd.service	                        (rev 0)
+++ testing-i686/sshd.service	2014-02-05 05:20:28 UTC (rev 205448)
@@ -0,0 +1,17 @@
+[Unit]
+Description=OpenSSH Daemon
+Wants=sshdgenkeys.service
+After=sshdgenkeys.service
+After=network.target
+
+[Service]
+ExecStart=/usr/bin/sshd -D
+ExecReload=/bin/kill -HUP $MAINPID
+KillMode=process
+Restart=always
+
+[Install]
+WantedBy=multi-user.target
+
+# This service file runs an SSH daemon that forks for each incoming connection.
+# If you prefer to spawn on-demand daemons, use sshd.socket and sshd at .service.

Copied: openssh/repos/testing-i686/sshd.socket (from rev 205447, openssh/trunk/sshd.socket)
===================================================================
--- testing-i686/sshd.socket	                        (rev 0)
+++ testing-i686/sshd.socket	2014-02-05 05:20:28 UTC (rev 205448)
@@ -0,0 +1,10 @@
+[Unit]
+Conflicts=sshd.service
+Wants=sshdgenkeys.service
+
+[Socket]
+ListenStream=22
+Accept=yes
+
+[Install]
+WantedBy=sockets.target

Copied: openssh/repos/testing-i686/sshd at .service (from rev 205447, openssh/trunk/sshd at .service)
===================================================================
--- testing-i686/sshd at .service	                        (rev 0)
+++ testing-i686/sshd at .service	2014-02-05 05:20:28 UTC (rev 205448)
@@ -0,0 +1,8 @@
+[Unit]
+Description=OpenSSH Per-Connection Daemon
+After=sshdgenkeys.service
+
+[Service]
+ExecStart=-/usr/bin/sshd -i
+StandardInput=socket
+StandardError=syslog

Copied: openssh/repos/testing-i686/sshdgenkeys.service (from rev 205447, openssh/trunk/sshdgenkeys.service)
===================================================================
--- testing-i686/sshdgenkeys.service	                        (rev 0)
+++ testing-i686/sshdgenkeys.service	2014-02-05 05:20:28 UTC (rev 205448)
@@ -0,0 +1,17 @@
+[Unit]
+Description=SSH Key Generation
+ConditionPathExists=|!/etc/ssh/ssh_host_key
+ConditionPathExists=|!/etc/ssh/ssh_host_key.pub
+ConditionPathExists=|!/etc/ssh/ssh_host_rsa_key
+ConditionPathExists=|!/etc/ssh/ssh_host_rsa_key.pub
+ConditionPathExists=|!/etc/ssh/ssh_host_dsa_key
+ConditionPathExists=|!/etc/ssh/ssh_host_dsa_key.pub
+ConditionPathExists=|!/etc/ssh/ssh_host_ecdsa_key
+ConditionPathExists=|!/etc/ssh/ssh_host_ecdsa_key.pub
+ConditionPathExists=|!/etc/ssh/ssh_host_ed25519_key
+ConditionPathExists=|!/etc/ssh/ssh_host_ed25519_key.pub
+
+[Service]
+ExecStart=/usr/bin/ssh-keygen -A
+Type=oneshot
+RemainAfterExit=yes

Copied: openssh/repos/testing-x86_64/PKGBUILD (from rev 205447, openssh/trunk/PKGBUILD)
===================================================================
--- testing-x86_64/PKGBUILD	                        (rev 0)
+++ testing-x86_64/PKGBUILD	2014-02-05 05:20:28 UTC (rev 205448)
@@ -0,0 +1,95 @@
+# $Id$
+# Maintainer: Gaetan Bisson <bisson at archlinux.org>
+# Contributor: Aaron Griffin <aaron at archlinux.org>
+# Contributor: judd <jvinet at zeroflux.org>
+
+pkgname=openssh
+pkgver=6.5p1
+pkgrel=2
+pkgdesc='Free version of the SSH connectivity tools'
+url='http://www.openssh.org/portable.html'
+license=('custom:BSD')
+arch=('i686' 'x86_64')
+makedepends=('linux-headers')
+depends=('krb5' 'openssl' 'libedit' 'ldns')
+optdepends=('xorg-xauth: X11 forwarding'
+            'x11-ssh-askpass: input passphrase in X')
+source=("ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/${pkgname}-${pkgver}.tar.gz"{,.asc}
+        'lowercase.patch'
+        'sshdgenkeys.service'
+        'sshd at .service'
+        'sshd.service'
+        'sshd.socket'
+        'sshd.pam')
+sha1sums=('3363a72b4fee91b29cf2024ff633c17f6cd2f86d' 'SKIP'
+          '3163a71cbaeac39d0783ad4c501fd0630d6c0c22'
+          'cc1ceec606c98c7407e7ac21ade23aed81e31405'
+          '6a0ff3305692cf83aca96e10f3bb51e1c26fccda'
+          'ec49c6beba923e201505f5669cea48cad29014db'
+          'e12fa910b26a5634e5a6ac39ce1399a132cf6796'
+          'd93dca5ebda4610ff7647187f8928a3de28703f3')
+
+backup=('etc/ssh/ssh_config' 'etc/ssh/sshd_config' 'etc/pam.d/sshd')
+
+install=install
+
+prepare() {
+	cd "${srcdir}/${pkgname}-${pkgver}"
+	patch -p1 -i ../lowercase.patch
+}
+
+build() {
+	cd "${srcdir}/${pkgname}-${pkgver}"
+
+	./configure \
+		--prefix=/usr \
+		--sbindir=/usr/bin \
+		--libexecdir=/usr/lib/ssh \
+		--sysconfdir=/etc/ssh \
+		--with-ldns \
+		--with-libedit \
+		--with-ssl-engine \
+		--with-pam \
+		--with-privsep-user=nobody \
+		--with-kerberos5=/usr \
+		--with-xauth=/usr/bin/xauth \
+		--with-mantype=man \
+		--with-md5-passwords \
+		--with-pid-dir=/run \
+
+	make
+}
+
+check() {
+	cd "${srcdir}/${pkgname}-${pkgver}"
+
+	make tests || true
+	# hard to suitably test connectivity:
+	# - fails with /bin/false as login shell
+	# - fails with firewall activated, etc.
+}
+
+package() {
+	cd "${srcdir}/${pkgname}-${pkgver}"
+
+	make DESTDIR="${pkgdir}" install
+
+	ln -sf ssh.1.gz "${pkgdir}"/usr/share/man/man1/slogin.1.gz
+	install -Dm644 LICENCE "${pkgdir}/usr/share/licenses/${pkgname}/LICENCE"
+
+	install -Dm644 ../sshdgenkeys.service "${pkgdir}"/usr/lib/systemd/system/sshdgenkeys.service
+	install -Dm644 ../sshd at .service "${pkgdir}"/usr/lib/systemd/system/sshd at .service
+	install -Dm644 ../sshd.service "${pkgdir}"/usr/lib/systemd/system/sshd.service
+	install -Dm644 ../sshd.socket "${pkgdir}"/usr/lib/systemd/system/sshd.socket
+	install -Dm644 ../sshd.pam "${pkgdir}"/etc/pam.d/sshd
+
+	install -Dm755 contrib/findssl.sh "${pkgdir}"/usr/bin/findssl.sh
+	install -Dm755 contrib/ssh-copy-id "${pkgdir}"/usr/bin/ssh-copy-id
+	install -Dm644 contrib/ssh-copy-id.1 "${pkgdir}"/usr/share/man/man1/ssh-copy-id.1
+
+	sed \
+		-e '/^#ChallengeResponseAuthentication yes$/c ChallengeResponseAuthentication no' \
+		-e '/^#PrintMotd yes$/c PrintMotd no # pam does that' \
+		-e '/^#UsePAM no$/c UsePAM yes' \
+		-i "${pkgdir}"/etc/ssh/sshd_config
+}

Copied: openssh/repos/testing-x86_64/install (from rev 205447, openssh/trunk/install)
===================================================================
--- testing-x86_64/install	                        (rev 0)
+++ testing-x86_64/install	2014-02-05 05:20:28 UTC (rev 205448)
@@ -0,0 +1,10 @@
+post_upgrade() {
+	if [[ $(vercmp $2 6.2p2) = -1 ]]; then
+		cat <<EOF
+
+==> The sshd daemon has been moved to /usr/bin alongside all binaries.
+==> Please update this path in your scripts if applicable.
+
+EOF
+	fi
+}

Copied: openssh/repos/testing-x86_64/lowercase.patch (from rev 205447, openssh/trunk/lowercase.patch)
===================================================================
--- testing-x86_64/lowercase.patch	                        (rev 0)
+++ testing-x86_64/lowercase.patch	2014-02-05 05:20:28 UTC (rev 205448)
@@ -0,0 +1,32 @@
+From d56b44d2dfa093883a5c4e91be3f72d99946b170 Mon Sep 17 00:00:00 2001
+From: Damien Miller <djm at mindrot.org>
+Date: Tue, 04 Feb 2014 00:26:04 +0000
+Subject:    - djm at cvs.openbsd.org 2014/02/04 00:24:29
+
+     [ssh.c]
+     delay lowercasing of hostname until right before hostname
+     canonicalisation to unbreak case-sensitive matching of ssh_config;
+     reported by Ike Devolder; ok markus@
+---
+diff --git a/ssh.c b/ssh.c
+index ec95733..add760c 100644
+--- a/ssh.c
++++ b/ssh.c
+@@ -780,7 +780,6 @@ main(int ac, char **av)
+ 	if (!host)
+ 		usage();
+ 
+-	lowercase(host);
+ 	host_arg = xstrdup(host);
+ 
+ 	OpenSSL_add_all_algorithms();
+@@ -914,6 +913,7 @@ main(int ac, char **av)
+ 	}
+ 
+ 	/* If canonicalization requested then try to apply it */
++	lowercase(host);
+ 	if (options.canonicalize_hostname != SSH_CANONICALISE_NO)
+ 		addrs = resolve_canonicalize(&host, options.port);
+ 	/*
+--
+cgit v0.9.2

Copied: openssh/repos/testing-x86_64/sshd.pam (from rev 205447, openssh/trunk/sshd.pam)
===================================================================
--- testing-x86_64/sshd.pam	                        (rev 0)
+++ testing-x86_64/sshd.pam	2014-02-05 05:20:28 UTC (rev 205448)
@@ -0,0 +1,6 @@
+#%PAM-1.0
+#auth     required  pam_securetty.so     #disable remote root
+auth      include   system-remote-login
+account   include   system-remote-login
+password  include   system-remote-login
+session   include   system-remote-login

Copied: openssh/repos/testing-x86_64/sshd.service (from rev 205447, openssh/trunk/sshd.service)
===================================================================
--- testing-x86_64/sshd.service	                        (rev 0)
+++ testing-x86_64/sshd.service	2014-02-05 05:20:28 UTC (rev 205448)
@@ -0,0 +1,17 @@
+[Unit]
+Description=OpenSSH Daemon
+Wants=sshdgenkeys.service
+After=sshdgenkeys.service
+After=network.target
+
+[Service]
+ExecStart=/usr/bin/sshd -D
+ExecReload=/bin/kill -HUP $MAINPID
+KillMode=process
+Restart=always
+
+[Install]
+WantedBy=multi-user.target
+
+# This service file runs an SSH daemon that forks for each incoming connection.
+# If you prefer to spawn on-demand daemons, use sshd.socket and sshd at .service.

Copied: openssh/repos/testing-x86_64/sshd.socket (from rev 205447, openssh/trunk/sshd.socket)
===================================================================
--- testing-x86_64/sshd.socket	                        (rev 0)
+++ testing-x86_64/sshd.socket	2014-02-05 05:20:28 UTC (rev 205448)
@@ -0,0 +1,10 @@
+[Unit]
+Conflicts=sshd.service
+Wants=sshdgenkeys.service
+
+[Socket]
+ListenStream=22
+Accept=yes
+
+[Install]
+WantedBy=sockets.target

Copied: openssh/repos/testing-x86_64/sshd at .service (from rev 205447, openssh/trunk/sshd at .service)
===================================================================
--- testing-x86_64/sshd at .service	                        (rev 0)
+++ testing-x86_64/sshd at .service	2014-02-05 05:20:28 UTC (rev 205448)
@@ -0,0 +1,8 @@
+[Unit]
+Description=OpenSSH Per-Connection Daemon
+After=sshdgenkeys.service
+
+[Service]
+ExecStart=-/usr/bin/sshd -i
+StandardInput=socket
+StandardError=syslog

Copied: openssh/repos/testing-x86_64/sshdgenkeys.service (from rev 205447, openssh/trunk/sshdgenkeys.service)
===================================================================
--- testing-x86_64/sshdgenkeys.service	                        (rev 0)
+++ testing-x86_64/sshdgenkeys.service	2014-02-05 05:20:28 UTC (rev 205448)
@@ -0,0 +1,17 @@
+[Unit]
+Description=SSH Key Generation
+ConditionPathExists=|!/etc/ssh/ssh_host_key
+ConditionPathExists=|!/etc/ssh/ssh_host_key.pub
+ConditionPathExists=|!/etc/ssh/ssh_host_rsa_key
+ConditionPathExists=|!/etc/ssh/ssh_host_rsa_key.pub
+ConditionPathExists=|!/etc/ssh/ssh_host_dsa_key
+ConditionPathExists=|!/etc/ssh/ssh_host_dsa_key.pub
+ConditionPathExists=|!/etc/ssh/ssh_host_ecdsa_key
+ConditionPathExists=|!/etc/ssh/ssh_host_ecdsa_key.pub
+ConditionPathExists=|!/etc/ssh/ssh_host_ed25519_key
+ConditionPathExists=|!/etc/ssh/ssh_host_ed25519_key.pub
+
+[Service]
+ExecStart=/usr/bin/ssh-keygen -A
+Type=oneshot
+RemainAfterExit=yes




More information about the arch-commits mailing list