[arch-commits] Commit in sslh/repos (8 files)
Felix Yan
felixonmars at archlinux.org
Tue Jul 7 18:24:25 UTC 2020
Date: Tuesday, July 7, 2020 @ 18:24:25
Author: felixonmars
Revision: 660081
archrelease: copy trunk to community-staging-x86_64
Added:
sslh/repos/community-staging-x86_64/
sslh/repos/community-staging-x86_64/PKGBUILD
(from rev 660080, sslh/trunk/PKGBUILD)
sslh/repos/community-staging-x86_64/sslh-fork.service
(from rev 660080, sslh/trunk/sslh-fork.service)
sslh/repos/community-staging-x86_64/sslh-select.service
(from rev 660080, sslh/trunk/sslh-select.service)
sslh/repos/community-staging-x86_64/sslh.cfg
(from rev 660080, sslh/trunk/sslh.cfg)
sslh/repos/community-staging-x86_64/sslh.install
(from rev 660080, sslh/trunk/sslh.install)
sslh/repos/community-staging-x86_64/sslh.service
(from rev 660080, sslh/trunk/sslh.service)
sslh/repos/community-staging-x86_64/sslh.sysusers
(from rev 660080, sslh/trunk/sslh.sysusers)
---------------------+
PKGBUILD | 56 ++++++++++++++++++++++++++++++++++++++++++++++++++
sslh-fork.service | 27 ++++++++++++++++++++++++
sslh-select.service | 27 ++++++++++++++++++++++++
sslh.cfg | 21 ++++++++++++++++++
sslh.install | 27 ++++++++++++++++++++++++
sslh.service | 25 ++++++++++++++++++++++
sslh.sysusers | 1
7 files changed, 184 insertions(+)
Copied: sslh/repos/community-staging-x86_64/PKGBUILD (from rev 660080, sslh/trunk/PKGBUILD)
===================================================================
--- community-staging-x86_64/PKGBUILD (rev 0)
+++ community-staging-x86_64/PKGBUILD 2020-07-07 18:24:25 UTC (rev 660081)
@@ -0,0 +1,56 @@
+# Maintainer: Sébastien "Seblu" Luttringer <seblu at archlinux.org>
+# Contributor: Le_suisse <lesuisse.dev+aur at gmail dot com>
+# Contributor: Jason Rodriguez <jason-aur at catloaf.net>
+
+pkgname=sslh
+pkgver=1.20
+pkgrel=2
+pkgdesc='SSL/SSH/OpenVPN/XMPP/tinc port multiplexer'
+arch=('x86_64')
+url='https://www.rutschle.net/tech/sslh/README.html'
+license=('GPL2')
+makedepends=('systemd')
+depends=('glibc' 'libcap' 'libconfig' 'pcre' 'systemd-libs')
+backup=('etc/sslh.cfg')
+install=$pkgname.install
+source=("https://www.rutschle.net/tech/sslh/$pkgname-v$pkgver.tar.gz"{,.asc}
+ 'sslh.cfg'
+ 'sslh.service'
+ 'sslh-select.service'
+ 'sslh-fork.service')
+validpgpkeys=('CDDDBADBEA4B72748E007D326C056F7AC7934136') # Yves Rutschle <yves at rutschle.net>
+md5sums=('6a69c6128d0349e5fb22167675d18aee'
+ 'SKIP'
+ '67a119213538aabf5d70a756ae7a99d0'
+ 'ecbb46c46874d7b620202926d36b8478'
+ '2b98633ee61bc5a809a4f75479628b2f'
+ 'ca5ec0adf9149f1db4e09af659391659')
+
+build() {
+ cd $pkgname-v$pkgver
+ make VERSION=\"v$pkgver\" USELIBCAP=1 USESYSTEMD=1 all systemd-sslh-generator
+}
+
+package() {
+ # default arch config
+ install -Dm 644 sslh.cfg "$pkgdir/etc/sslh.cfg"
+ # manually install to have both ssl-fork and ssl-select
+ cd $pkgname-v$pkgver
+ install -Dm 755 sslh-fork "$pkgdir/usr/bin/sslh-fork"
+ install -Dm 755 sslh-select "$pkgdir/usr/bin/sslh-select"
+ ln -s sslh-fork "$pkgdir/usr/bin/sslh"
+ # install manpage
+ install -Dm 644 sslh.8.gz "$pkgdir/usr/share/man/man8/sslh.8.gz"
+ ln -s sslh.8.gz "$pkgdir/usr/share/man/man8/sslh-fork.8.gz"
+ ln -s sslh.8.gz "$pkgdir/usr/share/man/man8/sslh-select.8.gz"
+ # install examples files
+ install -Dm 644 basic.cfg "$pkgdir/usr/share/doc/$pkgname/basic.cfg"
+ install -Dm 644 example.cfg "$pkgdir/usr/share/doc/$pkgname/example.cfg"
+ # systemd
+ install -dm 755 "$pkgdir"/usr/lib/systemd/{system,system-generators}
+ install -Dm 755 systemd-sslh-generator "$pkgdir/usr/lib/systemd/system-generators/systemd-sslh-generator"
+ cd "$pkgdir"
+ install -Dm 644 "$srcdir"/sslh{,-fork,-select}.service usr/lib/systemd/system
+}
+
+# vim:set ts=2 sw=2 et:
Copied: sslh/repos/community-staging-x86_64/sslh-fork.service (from rev 660080, sslh/trunk/sslh-fork.service)
===================================================================
--- community-staging-x86_64/sslh-fork.service (rev 0)
+++ community-staging-x86_64/sslh-fork.service 2020-07-07 18:24:25 UTC (rev 660081)
@@ -0,0 +1,27 @@
+[Unit]
+Description=SSL/SSH multiplexer (fork mode)
+Conflicts=sslh-select.service sslh.socket
+After=network.target
+
+[Service]
+ExecStart=/usr/bin/sslh-fork --config --foreground
+KillMode=process
+ProtectSystem=strict
+ProtectHome=true
+ProtectKernelModules=true
+ProtectKernelTunables=true
+ProtectControlGroups=true
+PrivateTmp=true
+PrivateDevices=true
+SecureBits=noroot-locked
+MountFlags=private
+NoNewPrivileges=true
+CapabilityBoundingSet=CAP_SETGID CAP_SETUID CAP_NET_BIND_SERVICE
+AmbientCapabilities=CAP_NET_BIND_SERVICE
+RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX
+MemoryDenyWriteExecute=true
+User=sslh
+DynamicUser=true
+
+[Install]
+WantedBy=multi-user.target
Copied: sslh/repos/community-staging-x86_64/sslh-select.service (from rev 660080, sslh/trunk/sslh-select.service)
===================================================================
--- community-staging-x86_64/sslh-select.service (rev 0)
+++ community-staging-x86_64/sslh-select.service 2020-07-07 18:24:25 UTC (rev 660081)
@@ -0,0 +1,27 @@
+[Unit]
+Description=SSL/SSH multiplexer (select mode)
+Conflicts=sslh-fork.service sslh.socket
+After=network.target
+
+[Service]
+ExecStart=/usr/bin/sslh-select --config --foreground
+KillMode=process
+ProtectSystem=strict
+ProtectHome=true
+ProtectKernelModules=true
+ProtectKernelTunables=true
+ProtectControlGroups=true
+PrivateTmp=true
+PrivateDevices=true
+SecureBits=noroot-locked
+MountFlags=private
+NoNewPrivileges=true
+CapabilityBoundingSet=CAP_SETGID CAP_SETUID CAP_NET_BIND_SERVICE
+AmbientCapabilities=CAP_NET_BIND_SERVICE
+RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX
+MemoryDenyWriteExecute=true
+User=sslh
+DynamicUser=true
+
+[Install]
+WantedBy=multi-user.target
Copied: sslh/repos/community-staging-x86_64/sslh.cfg (from rev 660080, sslh/trunk/sslh.cfg)
===================================================================
--- community-staging-x86_64/sslh.cfg (rev 0)
+++ community-staging-x86_64/sslh.cfg 2020-07-07 18:24:25 UTC (rev 660081)
@@ -0,0 +1,21 @@
+# Default Arch configuration
+# You can find more examples in /usr/share/doc/sslh
+
+timeout: 2;
+
+listen:
+(
+ { host: "0.0.0.0"; port: "443"; }
+);
+
+protocols:
+(
+ { name: "ssh"; service: "ssh"; host: "localhost"; port: "22"; probe: "builtin"; },
+ { name: "openvpn"; host: "localhost"; port: "1194"; probe: "builtin"; },
+ { name: "xmpp"; host: "localhost"; port: "5222"; probe: "builtin"; },
+ { name: "http"; host: "localhost"; port: "80"; probe: "builtin"; },
+ { name: "ssl"; host: "localhost"; port: "8443"; probe: "builtin"; },
+ { name: "anyprot"; host: "localhost"; port: "8443"; probe: "builtin"; }
+);
+
+# vim:set ts=4 sw=4 et:
Copied: sslh/repos/community-staging-x86_64/sslh.install (from rev 660080, sslh/trunk/sslh.install)
===================================================================
--- community-staging-x86_64/sslh.install (rev 0)
+++ community-staging-x86_64/sslh.install 2020-07-07 18:24:25 UTC (rev 660081)
@@ -0,0 +1,27 @@
+#!/bin/sh
+
+# arg 1: the new package version
+# arg 2: the old package version
+post_upgrade() {
+ if (( "$(vercmp $2 1.14-1)" <= 0 )); then
+ cat << EOF
+===> sslh systemd service has been splitted in sslh-fork.service and sslh-select.service
+EOF
+ fi
+ if (( "$(vercmp $2 1.16-3)" < 0 )); then
+ cat << EOF
+===> sslh may runs as unprivileged sslh user. Check your setup.
+EOF
+ fi
+ if (( "$(vercmp $2 1.19b)" < 0 )); then
+ cat << EOF
+===> Default config path is now /etc/sslh.cfg (as required by systemd generator)
+=====> Rename your /etc/sslh.conf into /etc/sslh.cfg
+===> sslh unit files security has been improved.
+=====> You may need to remove the PIDfile option in your /etc/sslh.cfg.
+===> sslh user is now created at unit startup (via DynamicUser)
+EOF
+ fi
+}
+
+# vim:set ts=2 sw=2 ft=sh et:
Copied: sslh/repos/community-staging-x86_64/sslh.service (from rev 660080, sslh/trunk/sslh.service)
===================================================================
--- community-staging-x86_64/sslh.service (rev 0)
+++ community-staging-x86_64/sslh.service 2020-07-07 18:24:25 UTC (rev 660081)
@@ -0,0 +1,25 @@
+[Unit]
+Description=SSL/SSH multiplexer (socket mode)
+Conflicts=sslh-fork.service sslh-select.service
+Requires=sslh.socket
+PartOf=sslh.socket
+
+[Service]
+ExecStart=/usr/bin/sslh --config --foreground
+KillMode=process
+ProtectSystem=strict
+ProtectHome=true
+ProtectKernelModules=true
+ProtectKernelTunables=true
+ProtectControlGroups=true
+PrivateTmp=true
+PrivateDevices=true
+SecureBits=noroot-locked
+MountFlags=private
+NoNewPrivileges=true
+CapabilityBoundingSet=CAP_SETGID CAP_SETUID CAP_NET_BIND_SERVICE
+AmbientCapabilities=CAP_NET_BIND_SERVICE
+RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX
+MemoryDenyWriteExecute=true
+User=sslh
+DynamicUser=true
Copied: sslh/repos/community-staging-x86_64/sslh.sysusers (from rev 660080, sslh/trunk/sslh.sysusers)
===================================================================
--- community-staging-x86_64/sslh.sysusers (rev 0)
+++ community-staging-x86_64/sslh.sysusers 2020-07-07 18:24:25 UTC (rev 660081)
@@ -0,0 +1 @@
+u sslh - - -
More information about the arch-commits
mailing list