summaryrefslogtreecommitdiff
path: root/net-misc/openssh
diff options
context:
space:
mode:
Diffstat (limited to 'net-misc/openssh')
-rw-r--r--net-misc/openssh/Manifest2
-rw-r--r--net-misc/openssh/openssh-9.7_p1-r2.ebuild (renamed from net-misc/openssh/openssh-9.7_p1.ebuild)80
2 files changed, 49 insertions, 33 deletions
diff --git a/net-misc/openssh/Manifest b/net-misc/openssh/Manifest
index 56935ca511a3..c88aa091efa5 100644
--- a/net-misc/openssh/Manifest
+++ b/net-misc/openssh/Manifest
@@ -15,5 +15,5 @@ DIST openssh-9.7p1.tar.gz.asc 833 BLAKE2B a95e952be48bd55a07d0a95a49dc06c326816c
EBUILD openssh-9.6_p1-r1.ebuild 14012 BLAKE2B 879504585f4ad5de7e93d54535ebd7a3f82a7b1d7cee1661386f0883d32dc0aa56304b5f2c587f6c21569312736d8408ce91eda7e5c55a0f845197f4cf048e25 SHA512 67a580e5c3888a7253216238147fb51bea2b5bffca75bfa69188b5f6d35ae2bbc18afcc621adfae724e08e992488446268e4e0a07b3c34efa33453f3befb2967
EBUILD openssh-9.6_p1-r2.ebuild 14105 BLAKE2B 0dc5ac19fd1edbf1114ce98c576245302fb74b97b2f45a501b14c2dd206d4db9a453195ee50d2d9e8edb91766f6ed3c92965c828b9cd8f60f7a42f519f9cf319 SHA512 794e8ca280500f61e7df99e0a1273cfbfe25b0736b0bcb8f4aa4b5486bb915bece9bc6831559755ef8af9af88ff66ad17201ec7f51db22dda99413642235a142
EBUILD openssh-9.6_p1-r3.ebuild 13891 BLAKE2B 98bc143f607c06d5d8c705b563cad80e1a29ad1d18506e0d5c2b1f13581db2ee09d04f78dcbfb8366d1b0a93c59fad9e0f4cf6b5d7243bae0d973c4b44b3e9b0 SHA512 908304266b8d9329c3ed582a3d2da507f889654f72754da2fe5f1655099517721c786ece314ae8f9802fea8e6e2eeae96c3c0cf8517d4503f5b8c2b6961ac176
-EBUILD openssh-9.7_p1.ebuild 13786 BLAKE2B bfbff35850e942f8e9d50f8f08cec61e78427b4bdbfa3664c69f2455742403c66f36a4f715fee1c29f3938bbfc03121896f37b9681f012662454df29302edaed SHA512 04829d73fdf1374fe6ddeaa892d05d2c03611b7142fbf4c615d8e38264005b37e67711f0219441dd9ab896e28e7a100312fb5362b1d707749edaee7b9757e0f8
+EBUILD openssh-9.7_p1-r2.ebuild 14066 BLAKE2B ada1b60519d235b78468cd5a0ab142e2bc4c897faa14b222025ce376dc4c7e5d6ebff8ac54ee2e8b8628b0a5ea6b5894908b1ae45aac7de11e40d780f009373b SHA512 76da8edc2524f830ffb5abc5a50fc8806f3907e3e197055b472e3c6f27bb3d7166c636616b3863b978a750d393d444559f6c6f690326ca809e6042cf753860f9
MISC metadata.xml 1788 BLAKE2B d04d3030f70f3615522672fa56e684acaa67ddce8d16cce86ba8911fb8fc11ed152be012ecf560427d271868c4841a7422aaa644305947302d3ebab62bdb577d SHA512 bd328e3a33ce04b989149333db5f774f1b52540f12ef83b08b7fcf136ae2a3a9c83bef42c28991d3536249098ca0b9ffd21e583d93599580510d8619e9fd01ca
diff --git a/net-misc/openssh/openssh-9.7_p1.ebuild b/net-misc/openssh/openssh-9.7_p1-r2.ebuild
index 9508c8162da3..3b0c7f2125a0 100644
--- a/net-misc/openssh/openssh-9.7_p1.ebuild
+++ b/net-misc/openssh/openssh-9.7_p1-r2.ebuild
@@ -217,24 +217,18 @@ src_configure() {
econf "${myconf[@]}"
}
-src_test() {
- local tests=( compat-tests )
- local shell=$(egetshell "${UID}")
- if [[ ${shell} == */nologin ]] || [[ ${shell} == */false ]] ; then
- ewarn "Running the full OpenSSH testsuite requires a usable shell for the 'portage'"
- ewarn "user, so we will run a subset only."
- tests+=( interop-tests )
- else
- tests+=( tests )
- fi
+tweak_ssh_configs() {
+ cat <<-EOF >> ssh_config.out || die
- local -x SUDO= SSH_SK_PROVIDER= TEST_SSH_UNSAFE_PERMISSIONS=1
- mkdir -p "${HOME}"/.ssh || die
- emake -j1 "${tests[@]}" </dev/null
+ Include "${EPREFIX}/etc/ssh/ssh_config.d/*.conf"
+ EOF
+ cat <<-EOF >> sshd_config.out || die
+
+ Include "${EPREFIX}/etc/ssh/sshd_config.d/*.conf"
+ EOF
}
-# Gentoo tweaks to default config files.
-tweak_ssh_configs() {
+create_config_dropins() {
local locale_vars=(
# These are language variables that POSIX defines.
# http://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap08.html#tag_08_02
@@ -245,15 +239,9 @@ tweak_ssh_configs() {
LANGUAGE LC_ADDRESS LC_IDENTIFICATION LC_MEASUREMENT LC_NAME LC_PAPER LC_TELEPHONE
)
- dodir /etc/ssh/ssh_config.d /etc/ssh/sshd_config.d
- cat <<-EOF >> "${ED}"/etc/ssh/ssh_config || die
- Include "${EPREFIX}/etc/ssh/ssh_config.d/*.conf"
- EOF
- cat <<-EOF >> "${ED}"/etc/ssh/sshd_config || die
- Include "${EPREFIX}/etc/ssh/sshd_config.d/*.conf"
- EOF
+ mkdir -p "${WORKDIR}"/etc/ssh/ssh{,d}_config.d || die
- cat <<-EOF >> "${ED}"/etc/ssh/ssh_config.d/9999999gentoo.conf || die
+ cat <<-EOF > "${WORKDIR}"/etc/ssh/ssh_config.d/9999999gentoo.conf || die
# Send locale environment variables (bug #367017)
SendEnv ${locale_vars[*]}
@@ -261,16 +249,16 @@ tweak_ssh_configs() {
SendEnv COLORTERM
EOF
- cat <<-EOF >> "${ED}"/etc/ssh/ssh_config.d/9999999gentoo-security.conf || die
+ cat <<-EOF > "${WORKDIR}"/etc/ssh/ssh_config.d/9999999gentoo-security.conf || die
RevokedHostKeys "${EPREFIX}/etc/ssh/ssh_revoked_hosts"
EOF
- cat <<-EOF >> "${ED}"/etc/ssh/ssh_revoked_hosts || die
+ cat <<-EOF > "${WORKDIR}"/etc/ssh/ssh_revoked_hosts || die
# https://github.blog/2023-03-23-we-updated-our-rsa-ssh-host-key/
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==
EOF
- cat <<-EOF >> "${ED}"/etc/ssh/sshd_config.d/9999999gentoo.conf || die
+ cat <<-EOF > "${WORKDIR}"/etc/ssh/sshd_config.d/9999999gentoo.conf || die
# Allow client to pass locale environment variables (bug #367017)
AcceptEnv ${locale_vars[*]}
@@ -279,7 +267,7 @@ tweak_ssh_configs() {
EOF
if use pam ; then
- cat <<-EOF >> "${ED}"/etc/ssh/sshd_config.d/9999999gentoo-pam.conf || die
+ cat <<-EOF > "${WORKDIR}"/etc/ssh/sshd_config.d/9999999gentoo-pam.conf || die
UsePAM yes
# This interferes with PAM.
PasswordAuthentication no
@@ -290,13 +278,35 @@ tweak_ssh_configs() {
fi
if use livecd ; then
- cat <<-EOF >> "${ED}"/etc/ssh/sshd_config.d/9999999gentoo-livecd.conf || die
+ cat <<-EOF > "${WORKDIR}"/etc/ssh/sshd_config.d/9999999gentoo-livecd.conf || die
# Allow root login with password on livecds.
PermitRootLogin Yes
EOF
fi
}
+src_compile() {
+ default
+ tweak_ssh_configs
+ create_config_dropins
+}
+
+src_test() {
+ local tests=( compat-tests )
+ local shell=$(egetshell "${UID}")
+ if [[ ${shell} == */nologin ]] || [[ ${shell} == */false ]] ; then
+ ewarn "Running the full OpenSSH testsuite requires a usable shell for the 'portage'"
+ ewarn "user, so we will run a subset only."
+ tests+=( interop-tests )
+ else
+ tests+=( tests )
+ fi
+
+ local -x SUDO= SSH_SK_PROVIDER= TEST_SSH_UNSAFE_PERMISSIONS=1
+ mkdir -p "${HOME}"/.ssh || die
+ emake -j1 "${tests[@]}" </dev/null
+}
+
src_install() {
emake install-nokeys DESTDIR="${D}"
fperms 600 /etc/ssh/sshd_config
@@ -308,18 +318,24 @@ src_install() {
newpamd "${FILESDIR}"/sshd.pam_include.2 sshd
fi
- tweak_ssh_configs
-
doman contrib/ssh-copy-id.1
dodoc ChangeLog CREDITS OVERVIEW README* TODO sshd_config
- diropts -m 0700
- dodir /etc/skel/.ssh
rmdir "${ED}"/var/empty || die
systemd_dounit "${FILESDIR}"/sshd.socket
systemd_newunit "${FILESDIR}"/sshd.service.1 sshd.service
systemd_newunit "${FILESDIR}"/sshd_at.service.1 'sshd@.service'
+
+ # Install dropins with explicit mode, bug 906638, 915840
+ diropts -m0755
+ insopts -m0644
+ insinto /etc/ssh
+ doins -r "${WORKDIR}"/etc/ssh/ssh_config.d
+ doins "${WORKDIR}"/etc/ssh/ssh_revoked_hosts
+ diropts -m0700
+ insopts -m0600
+ doins -r "${WORKDIR}"/etc/ssh/sshd_config.d
}
pkg_preinst() {
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-05 11:24:20 +0000