[arch-commits] Commit in sslh/repos (8 files)

Felix Yan felixonmars at archlinux.org
Tue Jul 7 18:24:25 UTC 2020


    Date: Tuesday, July 7, 2020 @ 18:24:25
  Author: felixonmars
Revision: 660081

archrelease: copy trunk to community-staging-x86_64

Added:
  sslh/repos/community-staging-x86_64/
  sslh/repos/community-staging-x86_64/PKGBUILD
    (from rev 660080, sslh/trunk/PKGBUILD)
  sslh/repos/community-staging-x86_64/sslh-fork.service
    (from rev 660080, sslh/trunk/sslh-fork.service)
  sslh/repos/community-staging-x86_64/sslh-select.service
    (from rev 660080, sslh/trunk/sslh-select.service)
  sslh/repos/community-staging-x86_64/sslh.cfg
    (from rev 660080, sslh/trunk/sslh.cfg)
  sslh/repos/community-staging-x86_64/sslh.install
    (from rev 660080, sslh/trunk/sslh.install)
  sslh/repos/community-staging-x86_64/sslh.service
    (from rev 660080, sslh/trunk/sslh.service)
  sslh/repos/community-staging-x86_64/sslh.sysusers
    (from rev 660080, sslh/trunk/sslh.sysusers)

---------------------+
 PKGBUILD            |   56 ++++++++++++++++++++++++++++++++++++++++++++++++++
 sslh-fork.service   |   27 ++++++++++++++++++++++++
 sslh-select.service |   27 ++++++++++++++++++++++++
 sslh.cfg            |   21 ++++++++++++++++++
 sslh.install        |   27 ++++++++++++++++++++++++
 sslh.service        |   25 ++++++++++++++++++++++
 sslh.sysusers       |    1 
 7 files changed, 184 insertions(+)

Copied: sslh/repos/community-staging-x86_64/PKGBUILD (from rev 660080, sslh/trunk/PKGBUILD)
===================================================================
--- community-staging-x86_64/PKGBUILD	                        (rev 0)
+++ community-staging-x86_64/PKGBUILD	2020-07-07 18:24:25 UTC (rev 660081)
@@ -0,0 +1,56 @@
+# Maintainer: Sébastien "Seblu" Luttringer <seblu at archlinux.org>
+# Contributor: Le_suisse <lesuisse.dev+aur at gmail dot com>
+# Contributor: Jason Rodriguez <jason-aur at catloaf.net>
+
+pkgname=sslh
+pkgver=1.20
+pkgrel=2
+pkgdesc='SSL/SSH/OpenVPN/XMPP/tinc port multiplexer'
+arch=('x86_64')
+url='https://www.rutschle.net/tech/sslh/README.html'
+license=('GPL2')
+makedepends=('systemd')
+depends=('glibc' 'libcap' 'libconfig' 'pcre' 'systemd-libs')
+backup=('etc/sslh.cfg')
+install=$pkgname.install
+source=("https://www.rutschle.net/tech/sslh/$pkgname-v$pkgver.tar.gz"{,.asc}
+        'sslh.cfg'
+        'sslh.service'
+        'sslh-select.service'
+        'sslh-fork.service')
+validpgpkeys=('CDDDBADBEA4B72748E007D326C056F7AC7934136') # Yves Rutschle <yves at rutschle.net>
+md5sums=('6a69c6128d0349e5fb22167675d18aee'
+         'SKIP'
+         '67a119213538aabf5d70a756ae7a99d0'
+         'ecbb46c46874d7b620202926d36b8478'
+         '2b98633ee61bc5a809a4f75479628b2f'
+         'ca5ec0adf9149f1db4e09af659391659')
+
+build() {
+  cd $pkgname-v$pkgver
+  make VERSION=\"v$pkgver\" USELIBCAP=1 USESYSTEMD=1 all systemd-sslh-generator
+}
+
+package() {
+  # default arch config
+  install -Dm 644 sslh.cfg "$pkgdir/etc/sslh.cfg"
+  # manually install to have both ssl-fork and ssl-select
+  cd $pkgname-v$pkgver
+  install -Dm 755 sslh-fork "$pkgdir/usr/bin/sslh-fork"
+  install -Dm 755 sslh-select "$pkgdir/usr/bin/sslh-select"
+  ln -s sslh-fork "$pkgdir/usr/bin/sslh"
+  # install manpage
+  install -Dm 644 sslh.8.gz "$pkgdir/usr/share/man/man8/sslh.8.gz"
+  ln -s sslh.8.gz "$pkgdir/usr/share/man/man8/sslh-fork.8.gz"
+  ln -s sslh.8.gz "$pkgdir/usr/share/man/man8/sslh-select.8.gz"
+  # install examples files
+  install -Dm 644 basic.cfg "$pkgdir/usr/share/doc/$pkgname/basic.cfg"
+  install -Dm 644 example.cfg "$pkgdir/usr/share/doc/$pkgname/example.cfg"
+  # systemd
+  install -dm 755 "$pkgdir"/usr/lib/systemd/{system,system-generators}
+  install -Dm 755 systemd-sslh-generator "$pkgdir/usr/lib/systemd/system-generators/systemd-sslh-generator"
+  cd "$pkgdir"
+  install -Dm 644 "$srcdir"/sslh{,-fork,-select}.service usr/lib/systemd/system
+}
+
+# vim:set ts=2 sw=2 et:

Copied: sslh/repos/community-staging-x86_64/sslh-fork.service (from rev 660080, sslh/trunk/sslh-fork.service)
===================================================================
--- community-staging-x86_64/sslh-fork.service	                        (rev 0)
+++ community-staging-x86_64/sslh-fork.service	2020-07-07 18:24:25 UTC (rev 660081)
@@ -0,0 +1,27 @@
+[Unit]
+Description=SSL/SSH multiplexer (fork mode)
+Conflicts=sslh-select.service sslh.socket
+After=network.target
+
+[Service]
+ExecStart=/usr/bin/sslh-fork --config --foreground
+KillMode=process
+ProtectSystem=strict
+ProtectHome=true
+ProtectKernelModules=true
+ProtectKernelTunables=true
+ProtectControlGroups=true
+PrivateTmp=true
+PrivateDevices=true
+SecureBits=noroot-locked
+MountFlags=private
+NoNewPrivileges=true
+CapabilityBoundingSet=CAP_SETGID CAP_SETUID CAP_NET_BIND_SERVICE
+AmbientCapabilities=CAP_NET_BIND_SERVICE
+RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX
+MemoryDenyWriteExecute=true
+User=sslh
+DynamicUser=true
+
+[Install]
+WantedBy=multi-user.target

Copied: sslh/repos/community-staging-x86_64/sslh-select.service (from rev 660080, sslh/trunk/sslh-select.service)
===================================================================
--- community-staging-x86_64/sslh-select.service	                        (rev 0)
+++ community-staging-x86_64/sslh-select.service	2020-07-07 18:24:25 UTC (rev 660081)
@@ -0,0 +1,27 @@
+[Unit]
+Description=SSL/SSH multiplexer (select mode)
+Conflicts=sslh-fork.service sslh.socket
+After=network.target
+
+[Service]
+ExecStart=/usr/bin/sslh-select --config --foreground
+KillMode=process
+ProtectSystem=strict
+ProtectHome=true
+ProtectKernelModules=true
+ProtectKernelTunables=true
+ProtectControlGroups=true
+PrivateTmp=true
+PrivateDevices=true
+SecureBits=noroot-locked
+MountFlags=private
+NoNewPrivileges=true
+CapabilityBoundingSet=CAP_SETGID CAP_SETUID CAP_NET_BIND_SERVICE
+AmbientCapabilities=CAP_NET_BIND_SERVICE
+RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX
+MemoryDenyWriteExecute=true
+User=sslh
+DynamicUser=true
+
+[Install]
+WantedBy=multi-user.target

Copied: sslh/repos/community-staging-x86_64/sslh.cfg (from rev 660080, sslh/trunk/sslh.cfg)
===================================================================
--- community-staging-x86_64/sslh.cfg	                        (rev 0)
+++ community-staging-x86_64/sslh.cfg	2020-07-07 18:24:25 UTC (rev 660081)
@@ -0,0 +1,21 @@
+# Default Arch configuration
+# You can find more examples in /usr/share/doc/sslh
+
+timeout: 2;
+
+listen:
+(
+    { host: "0.0.0.0"; port: "443"; }
+);
+
+protocols:
+(
+     { name: "ssh"; service: "ssh"; host: "localhost"; port: "22"; probe: "builtin"; },
+     { name: "openvpn"; host: "localhost"; port: "1194"; probe: "builtin"; },
+     { name: "xmpp"; host: "localhost"; port: "5222"; probe: "builtin"; },
+     { name: "http"; host: "localhost"; port: "80"; probe: "builtin"; },
+     { name: "ssl"; host: "localhost"; port: "8443"; probe: "builtin"; },
+     { name: "anyprot"; host: "localhost"; port: "8443"; probe: "builtin"; }
+);
+
+# vim:set ts=4 sw=4 et:

Copied: sslh/repos/community-staging-x86_64/sslh.install (from rev 660080, sslh/trunk/sslh.install)
===================================================================
--- community-staging-x86_64/sslh.install	                        (rev 0)
+++ community-staging-x86_64/sslh.install	2020-07-07 18:24:25 UTC (rev 660081)
@@ -0,0 +1,27 @@
+#!/bin/sh
+
+# arg 1:  the new package version
+# arg 2:  the old package version
+post_upgrade() {
+  if (( "$(vercmp $2 1.14-1)" <= 0 )); then
+    cat << EOF
+===> sslh systemd service has been splitted in sslh-fork.service and sslh-select.service
+EOF
+  fi
+  if (( "$(vercmp $2 1.16-3)" < 0 )); then
+    cat << EOF
+===> sslh may runs as unprivileged sslh user. Check your setup.
+EOF
+  fi
+  if (( "$(vercmp $2 1.19b)" < 0 )); then
+    cat << EOF
+===> Default config path is now /etc/sslh.cfg (as required by systemd generator)
+=====> Rename your /etc/sslh.conf into /etc/sslh.cfg
+===> sslh unit files security has been improved.
+=====> You may need to remove the PIDfile option in your /etc/sslh.cfg.
+===> sslh user is now created at unit startup (via DynamicUser)
+EOF
+  fi
+}
+
+# vim:set ts=2 sw=2 ft=sh et:

Copied: sslh/repos/community-staging-x86_64/sslh.service (from rev 660080, sslh/trunk/sslh.service)
===================================================================
--- community-staging-x86_64/sslh.service	                        (rev 0)
+++ community-staging-x86_64/sslh.service	2020-07-07 18:24:25 UTC (rev 660081)
@@ -0,0 +1,25 @@
+[Unit]
+Description=SSL/SSH multiplexer (socket mode)
+Conflicts=sslh-fork.service sslh-select.service
+Requires=sslh.socket
+PartOf=sslh.socket
+
+[Service]
+ExecStart=/usr/bin/sslh --config --foreground
+KillMode=process
+ProtectSystem=strict
+ProtectHome=true
+ProtectKernelModules=true
+ProtectKernelTunables=true
+ProtectControlGroups=true
+PrivateTmp=true
+PrivateDevices=true
+SecureBits=noroot-locked
+MountFlags=private
+NoNewPrivileges=true
+CapabilityBoundingSet=CAP_SETGID CAP_SETUID CAP_NET_BIND_SERVICE
+AmbientCapabilities=CAP_NET_BIND_SERVICE
+RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX
+MemoryDenyWriteExecute=true
+User=sslh
+DynamicUser=true

Copied: sslh/repos/community-staging-x86_64/sslh.sysusers (from rev 660080, sslh/trunk/sslh.sysusers)
===================================================================
--- community-staging-x86_64/sslh.sysusers	                        (rev 0)
+++ community-staging-x86_64/sslh.sysusers	2020-07-07 18:24:25 UTC (rev 660081)
@@ -0,0 +1 @@
+u sslh - - -



More information about the arch-commits mailing list