[arch-commits] Commit in sslh/repos/community-x86_64 (15 files)

Sébastien Luttringer seblu at gemini.archlinux.org
Thu Aug 19 21:42:52 UTC 2021


    Date: Thursday, August 19, 2021 @ 21:42:52
  Author: seblu
Revision: 1003921

archrelease: copy trunk to community-x86_64

Added:
  sslh/repos/community-x86_64/PKGBUILD
    (from rev 1003920, sslh/trunk/PKGBUILD)
  sslh/repos/community-x86_64/sslh-fork.service
    (from rev 1003920, sslh/trunk/sslh-fork.service)
  sslh/repos/community-x86_64/sslh-select.service
    (from rev 1003920, sslh/trunk/sslh-select.service)
  sslh/repos/community-x86_64/sslh.cfg
    (from rev 1003920, sslh/trunk/sslh.cfg)
  sslh/repos/community-x86_64/sslh.install
    (from rev 1003920, sslh/trunk/sslh.install)
  sslh/repos/community-x86_64/sslh.service
    (from rev 1003920, sslh/trunk/sslh.service)
  sslh/repos/community-x86_64/sslh.sysusers
    (from rev 1003920, sslh/trunk/sslh.sysusers)
Deleted:
  sslh/repos/community-x86_64/PKGBUILD
  sslh/repos/community-x86_64/fix-libconfig.patch
  sslh/repos/community-x86_64/sslh-fork.service
  sslh/repos/community-x86_64/sslh-select.service
  sslh/repos/community-x86_64/sslh.cfg
  sslh/repos/community-x86_64/sslh.install
  sslh/repos/community-x86_64/sslh.service
  sslh/repos/community-x86_64/sslh.sysusers

---------------------+
 PKGBUILD            |  140 ++++++++++++++++++++++++--------------------------
 fix-libconfig.patch |   11 ---
 sslh-fork.service   |   54 +++++++++----------
 sslh-select.service |   54 +++++++++----------
 sslh.cfg            |   42 +++++++--------
 sslh.install        |   54 +++++++++----------
 sslh.service        |   50 ++++++++---------
 sslh.sysusers       |    2 
 8 files changed, 197 insertions(+), 210 deletions(-)

Deleted: PKGBUILD
===================================================================
--- PKGBUILD	2021-08-19 21:42:44 UTC (rev 1003920)
+++ PKGBUILD	2021-08-19 21:42:52 UTC (rev 1003921)
@@ -1,71 +0,0 @@
-# Maintainer: Sébastien "Seblu" Luttringer <seblu at archlinux.org>
-# Contributor: Le_suisse <lesuisse.dev+aur at gmail dot com>
-# Contributor: Jason Rodriguez <jason-aur at catloaf.net>
-
-pkgname=sslh
-pkgver=1.21c
-pkgrel=2
-pkgdesc='SSL/SSH/OpenVPN/XMPP/tinc port multiplexer'
-arch=('x86_64')
-url='https://www.rutschle.net/tech/sslh/README.html'
-license=('GPL2')
-makedepends=('systemd')
-depends=('glibc' 'libcap' 'libconfig' 'pcre' 'systemd-libs')
-backup=('etc/sslh.cfg')
-install=$pkgname.install
-source=("https://www.rutschle.net/tech/sslh/$pkgname-v$pkgver.tar.gz"{,.asc}
-        'sslh.cfg'
-        'sslh.service'
-        'sslh-select.service'
-        'sslh-fork.service'
-        'fix-libconfig.patch')
-validpgpkeys=('CDDDBADBEA4B72748E007D326C056F7AC7934136') # Yves Rutschle <yves at rutschle.net>
-sha256sums=('3bfe783726f82c1f5a4be630ddc494ebb08dbb69980662cd7ffdeb7bc9e1e706'
-            'SKIP'
-            '3feff7e2c096bc18d8f0073141c1017dccd4abbbc491fa16b55afd5c5ff6352c'
-            '49ed1c88b0de079bc31a94e600b63edd7ea95b4aa9b5f533c15db1221d0892db'
-            '5824ae86ced9142c37343367bd737661c2da826fba244cea7072685347be2250'
-            'd41f7cb8a3a3d8fc11608bc552014f03177ac3cdd8c5c6157d7d1a557d91cacb'
-            'eefab0803283120454a11c7e1850ae181062a96cbd40a0f9a17d421b74040e4c')
-
-prepare() {
-  cd $pkgname-v$pkgver
-  # apply patch from the source array (should be a pacman feature)
-  local src
-  for src in "${source[@]}"; do
-    src="${src%%::*}"
-    src="${src##*/}"
-    [[ $src = *.patch ]] || continue
-    echo "Applying patch $src..."
-    patch -Np1 < "../$src"
-  done
-}
-
-build() {
-  cd $pkgname-v$pkgver
-  make VERSION=\"v$pkgver\" USELIBCAP=1 USESYSTEMD=1 all systemd-sslh-generator
-}
-
-package() {
-  # default arch config
-  install -Dm 644 sslh.cfg "$pkgdir/etc/sslh.cfg"
-  # manually install to have both ssl-fork and ssl-select
-  cd $pkgname-v$pkgver
-  install -Dm 755 sslh-fork "$pkgdir/usr/bin/sslh-fork"
-  install -Dm 755 sslh-select "$pkgdir/usr/bin/sslh-select"
-  ln -s sslh-fork "$pkgdir/usr/bin/sslh"
-  # install manpage
-  install -Dm 644 sslh.8.gz "$pkgdir/usr/share/man/man8/sslh.8.gz"
-  ln -s sslh.8.gz "$pkgdir/usr/share/man/man8/sslh-fork.8.gz"
-  ln -s sslh.8.gz "$pkgdir/usr/share/man/man8/sslh-select.8.gz"
-  # install examples files
-  install -Dm 644 basic.cfg "$pkgdir/usr/share/doc/$pkgname/basic.cfg"
-  install -Dm 644 example.cfg "$pkgdir/usr/share/doc/$pkgname/example.cfg"
-  # systemd
-  install -dm 755 "$pkgdir"/usr/lib/systemd/{system,system-generators}
-  install -Dm 755 systemd-sslh-generator "$pkgdir/usr/lib/systemd/system-generators/systemd-sslh-generator"
-  cd "$pkgdir"
-  install -Dm 644 "$srcdir"/sslh{,-fork,-select}.service usr/lib/systemd/system
-}
-
-# vim:set ts=2 sw=2 et:

Copied: sslh/repos/community-x86_64/PKGBUILD (from rev 1003920, sslh/trunk/PKGBUILD)
===================================================================
--- PKGBUILD	                        (rev 0)
+++ PKGBUILD	2021-08-19 21:42:52 UTC (rev 1003921)
@@ -0,0 +1,69 @@
+# Maintainer: Sébastien "Seblu" Luttringer
+# Contributor: Le_suisse <lesuisse.dev+aur at gmail dot com>
+# Contributor: Jason Rodriguez <jason-aur at catloaf.net>
+
+pkgname=sslh
+pkgver=1.22
+pkgrel=1
+pkgdesc='SSL/SSH/OpenVPN/XMPP/tinc port multiplexer'
+arch=('x86_64')
+url='https://www.rutschle.net/tech/sslh/README.html'
+license=('GPL2')
+makedepends=('systemd')
+depends=('glibc' 'libcap' 'libconfig' 'pcre' 'systemd-libs')
+backup=('etc/sslh.cfg')
+install=$pkgname.install
+source=("https://www.rutschle.net/tech/sslh/$pkgname-v$pkgver.tar.gz"{,.asc}
+        'sslh.cfg'
+        'sslh.service'
+        'sslh-select.service'
+        'sslh-fork.service')
+validpgpkeys=('CDDDBADBEA4B72748E007D326C056F7AC7934136') # Yves Rutschle <yves at rutschle.net>
+sha256sums=('50ea47f8a52e09855e4abcba00e2d6efa3b100faef4b7a066582dfb9bd043b6e'
+            'SKIP'
+            '3feff7e2c096bc18d8f0073141c1017dccd4abbbc491fa16b55afd5c5ff6352c'
+            '49ed1c88b0de079bc31a94e600b63edd7ea95b4aa9b5f533c15db1221d0892db'
+            '5824ae86ced9142c37343367bd737661c2da826fba244cea7072685347be2250'
+            'd41f7cb8a3a3d8fc11608bc552014f03177ac3cdd8c5c6157d7d1a557d91cacb')
+
+prepare() {
+  cd $pkgname-v$pkgver
+  # apply patch from the source array (should be a pacman feature)
+  local src
+  for src in "${source[@]}"; do
+    src="${src%%::*}"
+    src="${src##*/}"
+    [[ $src = *.patch ]] || continue
+    echo "Applying patch $src..."
+    patch -Np1 < "../$src"
+  done
+}
+
+build() {
+  cd $pkgname-v$pkgver
+  make VERSION=\"v$pkgver\" USELIBCAP=1 USESYSTEMD=1 all systemd-sslh-generator
+}
+
+package() {
+  # default arch config
+  install -Dm 644 sslh.cfg "$pkgdir/etc/sslh.cfg"
+  # manually install to have both ssl-fork and ssl-select
+  cd $pkgname-v$pkgver
+  install -Dm 755 sslh-fork "$pkgdir/usr/bin/sslh-fork"
+  install -Dm 755 sslh-select "$pkgdir/usr/bin/sslh-select"
+  ln -s sslh-fork "$pkgdir/usr/bin/sslh"
+  # install manpage
+  install -Dm 644 sslh.8.gz "$pkgdir/usr/share/man/man8/sslh.8.gz"
+  ln -s sslh.8.gz "$pkgdir/usr/share/man/man8/sslh-fork.8.gz"
+  ln -s sslh.8.gz "$pkgdir/usr/share/man/man8/sslh-select.8.gz"
+  # install examples files
+  install -Dm 644 basic.cfg "$pkgdir/usr/share/doc/$pkgname/basic.cfg"
+  install -Dm 644 example.cfg "$pkgdir/usr/share/doc/$pkgname/example.cfg"
+  # systemd
+  install -dm 755 "$pkgdir"/usr/lib/systemd/{system,system-generators}
+  install -Dm 755 systemd-sslh-generator "$pkgdir/usr/lib/systemd/system-generators/systemd-sslh-generator"
+  cd "$pkgdir"
+  install -Dm 644 "$srcdir"/sslh{,-fork,-select}.service usr/lib/systemd/system
+}
+
+# vim:set ts=2 sw=2 et:

Deleted: fix-libconfig.patch
===================================================================
--- fix-libconfig.patch	2021-08-19 21:42:44 UTC (rev 1003920)
+++ fix-libconfig.patch	2021-08-19 21:42:52 UTC (rev 1003921)
@@ -1,11 +0,0 @@
---- a/sslh-conf.c	2020-07-30 09:45:50.000000000 +0200
-+++ b/sslh-conf.c	2021-07-01 02:11:39.589685985 +0200
-@@ -1599,7 +1599,7 @@
-         }
-     }
- 
--    s = config_lookup(&c, "/");
-+    s = config_root_setting(&c);
- 
-     res = read_block(s, cfg, table_sslhcfg, &errmsg);
-     if (!res) {

Deleted: sslh-fork.service
===================================================================
--- sslh-fork.service	2021-08-19 21:42:44 UTC (rev 1003920)
+++ sslh-fork.service	2021-08-19 21:42:52 UTC (rev 1003921)
@@ -1,27 +0,0 @@
-[Unit]
-Description=SSL/SSH multiplexer (fork mode)
-Conflicts=sslh-select.service sslh.socket
-After=network.target
-
-[Service]
-ExecStart=/usr/bin/sslh-fork --config /etc/sslh.cfg --foreground
-KillMode=process
-ProtectSystem=strict
-ProtectHome=true
-ProtectKernelModules=true
-ProtectKernelTunables=true
-ProtectControlGroups=true
-PrivateTmp=true
-PrivateDevices=true
-SecureBits=noroot-locked
-MountFlags=private
-NoNewPrivileges=true
-CapabilityBoundingSet=CAP_SETGID CAP_SETUID CAP_NET_BIND_SERVICE
-AmbientCapabilities=CAP_NET_BIND_SERVICE
-RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX
-MemoryDenyWriteExecute=true
-User=sslh
-DynamicUser=true
-
-[Install]
-WantedBy=multi-user.target

Copied: sslh/repos/community-x86_64/sslh-fork.service (from rev 1003920, sslh/trunk/sslh-fork.service)
===================================================================
--- sslh-fork.service	                        (rev 0)
+++ sslh-fork.service	2021-08-19 21:42:52 UTC (rev 1003921)
@@ -0,0 +1,27 @@
+[Unit]
+Description=SSL/SSH multiplexer (fork mode)
+Conflicts=sslh-select.service sslh.socket
+After=network.target
+
+[Service]
+ExecStart=/usr/bin/sslh-fork --config /etc/sslh.cfg --foreground
+KillMode=process
+ProtectSystem=strict
+ProtectHome=true
+ProtectKernelModules=true
+ProtectKernelTunables=true
+ProtectControlGroups=true
+PrivateTmp=true
+PrivateDevices=true
+SecureBits=noroot-locked
+MountFlags=private
+NoNewPrivileges=true
+CapabilityBoundingSet=CAP_SETGID CAP_SETUID CAP_NET_BIND_SERVICE
+AmbientCapabilities=CAP_NET_BIND_SERVICE
+RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX
+MemoryDenyWriteExecute=true
+User=sslh
+DynamicUser=true
+
+[Install]
+WantedBy=multi-user.target

Deleted: sslh-select.service
===================================================================
--- sslh-select.service	2021-08-19 21:42:44 UTC (rev 1003920)
+++ sslh-select.service	2021-08-19 21:42:52 UTC (rev 1003921)
@@ -1,27 +0,0 @@
-[Unit]
-Description=SSL/SSH multiplexer (select mode)
-Conflicts=sslh-fork.service sslh.socket
-After=network.target
-
-[Service]
-ExecStart=/usr/bin/sslh-select --config /etc/sslh.cfg --foreground
-KillMode=process
-ProtectSystem=strict
-ProtectHome=true
-ProtectKernelModules=true
-ProtectKernelTunables=true
-ProtectControlGroups=true
-PrivateTmp=true
-PrivateDevices=true
-SecureBits=noroot-locked
-MountFlags=private
-NoNewPrivileges=true
-CapabilityBoundingSet=CAP_SETGID CAP_SETUID CAP_NET_BIND_SERVICE
-AmbientCapabilities=CAP_NET_BIND_SERVICE
-RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX
-MemoryDenyWriteExecute=true
-User=sslh
-DynamicUser=true
-
-[Install]
-WantedBy=multi-user.target

Copied: sslh/repos/community-x86_64/sslh-select.service (from rev 1003920, sslh/trunk/sslh-select.service)
===================================================================
--- sslh-select.service	                        (rev 0)
+++ sslh-select.service	2021-08-19 21:42:52 UTC (rev 1003921)
@@ -0,0 +1,27 @@
+[Unit]
+Description=SSL/SSH multiplexer (select mode)
+Conflicts=sslh-fork.service sslh.socket
+After=network.target
+
+[Service]
+ExecStart=/usr/bin/sslh-select --config /etc/sslh.cfg --foreground
+KillMode=process
+ProtectSystem=strict
+ProtectHome=true
+ProtectKernelModules=true
+ProtectKernelTunables=true
+ProtectControlGroups=true
+PrivateTmp=true
+PrivateDevices=true
+SecureBits=noroot-locked
+MountFlags=private
+NoNewPrivileges=true
+CapabilityBoundingSet=CAP_SETGID CAP_SETUID CAP_NET_BIND_SERVICE
+AmbientCapabilities=CAP_NET_BIND_SERVICE
+RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX
+MemoryDenyWriteExecute=true
+User=sslh
+DynamicUser=true
+
+[Install]
+WantedBy=multi-user.target

Deleted: sslh.cfg
===================================================================
--- sslh.cfg	2021-08-19 21:42:44 UTC (rev 1003920)
+++ sslh.cfg	2021-08-19 21:42:52 UTC (rev 1003921)
@@ -1,21 +0,0 @@
-# Default Arch configuration
-# You can find more examples in /usr/share/doc/sslh
-
-timeout: 2;
-
-listen:
-(
-    { host: "0.0.0.0"; port: "443"; }
-);
-
-protocols:
-(
-     { name: "ssh"; service: "ssh"; host: "localhost"; port: "22"; probe: "builtin"; },
-     { name: "openvpn"; host: "localhost"; port: "1194"; probe: "builtin"; },
-     { name: "xmpp"; host: "localhost"; port: "5222"; probe: "builtin"; },
-     { name: "http"; host: "localhost"; port: "80"; probe: "builtin"; },
-     { name: "tls"; host: "localhost"; port: "8443"; probe: "builtin"; },
-     { name: "anyprot"; host: "localhost"; port: "8443"; probe: "builtin"; }
-);
-
-# vim:set ts=4 sw=4 et:

Copied: sslh/repos/community-x86_64/sslh.cfg (from rev 1003920, sslh/trunk/sslh.cfg)
===================================================================
--- sslh.cfg	                        (rev 0)
+++ sslh.cfg	2021-08-19 21:42:52 UTC (rev 1003921)
@@ -0,0 +1,21 @@
+# Default Arch configuration
+# You can find more examples in /usr/share/doc/sslh
+
+timeout: 2;
+
+listen:
+(
+    { host: "0.0.0.0"; port: "443"; }
+);
+
+protocols:
+(
+     { name: "ssh"; service: "ssh"; host: "localhost"; port: "22"; probe: "builtin"; },
+     { name: "openvpn"; host: "localhost"; port: "1194"; probe: "builtin"; },
+     { name: "xmpp"; host: "localhost"; port: "5222"; probe: "builtin"; },
+     { name: "http"; host: "localhost"; port: "80"; probe: "builtin"; },
+     { name: "tls"; host: "localhost"; port: "8443"; probe: "builtin"; },
+     { name: "anyprot"; host: "localhost"; port: "8443"; probe: "builtin"; }
+);
+
+# vim:set ts=4 sw=4 et:

Deleted: sslh.install
===================================================================
--- sslh.install	2021-08-19 21:42:44 UTC (rev 1003920)
+++ sslh.install	2021-08-19 21:42:52 UTC (rev 1003921)
@@ -1,27 +0,0 @@
-#!/bin/sh
-
-# arg 1:  the new package version
-# arg 2:  the old package version
-post_upgrade() {
-  if (( "$(vercmp $2 1.14-1)" <= 0 )); then
-    cat << EOF
-===> sslh systemd service has been splitted in sslh-fork.service and sslh-select.service
-EOF
-  fi
-  if (( "$(vercmp $2 1.16-3)" < 0 )); then
-    cat << EOF
-===> sslh may runs as unprivileged sslh user. Check your setup.
-EOF
-  fi
-  if (( "$(vercmp $2 1.19b)" < 0 )); then
-    cat << EOF
-===> Default config path is now /etc/sslh.cfg (as required by systemd generator)
-=====> Rename your /etc/sslh.conf into /etc/sslh.cfg
-===> sslh unit files security has been improved.
-=====> You may need to remove the PIDfile option in your /etc/sslh.cfg.
-===> sslh user is now created at unit startup (via DynamicUser)
-EOF
-  fi
-}
-
-# vim:set ts=2 sw=2 ft=sh et:

Copied: sslh/repos/community-x86_64/sslh.install (from rev 1003920, sslh/trunk/sslh.install)
===================================================================
--- sslh.install	                        (rev 0)
+++ sslh.install	2021-08-19 21:42:52 UTC (rev 1003921)
@@ -0,0 +1,27 @@
+#!/bin/sh
+
+# arg 1:  the new package version
+# arg 2:  the old package version
+post_upgrade() {
+  if (( "$(vercmp $2 1.14-1)" <= 0 )); then
+    cat << EOF
+===> sslh systemd service has been splitted in sslh-fork.service and sslh-select.service
+EOF
+  fi
+  if (( "$(vercmp $2 1.16-3)" < 0 )); then
+    cat << EOF
+===> sslh may runs as unprivileged sslh user. Check your setup.
+EOF
+  fi
+  if (( "$(vercmp $2 1.19b)" < 0 )); then
+    cat << EOF
+===> Default config path is now /etc/sslh.cfg (as required by systemd generator)
+=====> Rename your /etc/sslh.conf into /etc/sslh.cfg
+===> sslh unit files security has been improved.
+=====> You may need to remove the PIDfile option in your /etc/sslh.cfg.
+===> sslh user is now created at unit startup (via DynamicUser)
+EOF
+  fi
+}
+
+# vim:set ts=2 sw=2 ft=sh et:

Deleted: sslh.service
===================================================================
--- sslh.service	2021-08-19 21:42:44 UTC (rev 1003920)
+++ sslh.service	2021-08-19 21:42:52 UTC (rev 1003921)
@@ -1,25 +0,0 @@
-[Unit]
-Description=SSL/SSH multiplexer (socket mode)
-Conflicts=sslh-fork.service sslh-select.service
-Requires=sslh.socket
-PartOf=sslh.socket
-
-[Service]
-ExecStart=/usr/bin/sslh --config /etc/sslh.cfg --foreground
-KillMode=process
-ProtectSystem=strict
-ProtectHome=true
-ProtectKernelModules=true
-ProtectKernelTunables=true
-ProtectControlGroups=true
-PrivateTmp=true
-PrivateDevices=true
-SecureBits=noroot-locked
-MountFlags=private
-NoNewPrivileges=true
-CapabilityBoundingSet=CAP_SETGID CAP_SETUID CAP_NET_BIND_SERVICE
-AmbientCapabilities=CAP_NET_BIND_SERVICE
-RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX
-MemoryDenyWriteExecute=true
-User=sslh
-DynamicUser=true

Copied: sslh/repos/community-x86_64/sslh.service (from rev 1003920, sslh/trunk/sslh.service)
===================================================================
--- sslh.service	                        (rev 0)
+++ sslh.service	2021-08-19 21:42:52 UTC (rev 1003921)
@@ -0,0 +1,25 @@
+[Unit]
+Description=SSL/SSH multiplexer (socket mode)
+Conflicts=sslh-fork.service sslh-select.service
+Requires=sslh.socket
+PartOf=sslh.socket
+
+[Service]
+ExecStart=/usr/bin/sslh --config /etc/sslh.cfg --foreground
+KillMode=process
+ProtectSystem=strict
+ProtectHome=true
+ProtectKernelModules=true
+ProtectKernelTunables=true
+ProtectControlGroups=true
+PrivateTmp=true
+PrivateDevices=true
+SecureBits=noroot-locked
+MountFlags=private
+NoNewPrivileges=true
+CapabilityBoundingSet=CAP_SETGID CAP_SETUID CAP_NET_BIND_SERVICE
+AmbientCapabilities=CAP_NET_BIND_SERVICE
+RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX
+MemoryDenyWriteExecute=true
+User=sslh
+DynamicUser=true

Deleted: sslh.sysusers
===================================================================
--- sslh.sysusers	2021-08-19 21:42:44 UTC (rev 1003920)
+++ sslh.sysusers	2021-08-19 21:42:52 UTC (rev 1003921)
@@ -1 +0,0 @@
-u sslh - - -

Copied: sslh/repos/community-x86_64/sslh.sysusers (from rev 1003920, sslh/trunk/sslh.sysusers)
===================================================================
--- sslh.sysusers	                        (rev 0)
+++ sslh.sysusers	2021-08-19 21:42:52 UTC (rev 1003921)
@@ -0,0 +1 @@
+u sslh - - -



More information about the arch-commits mailing list