Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: "Anthony G. Basile" <blueness@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] proj/hardened-dev:musl commit in: net-misc/openssh/files/, net-misc/openssh/
Date: Fri, 21 Mar 2014 16:44:35
Message-Id: 1395420273.c28b27ab2f2d2ed00e42b95086675c06603f1bf7.blueness@gentoo
1 commit: c28b27ab2f2d2ed00e42b95086675c06603f1bf7
2 Author: layman <layman <AT> localhost>
3 AuthorDate: Fri Mar 21 16:41:30 2014 +0000
4 Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
5 CommitDate: Fri Mar 21 16:44:33 2014 +0000
6 URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-dev.git;a=commit;h=c28b27ab
7
8 net-misc/openssh: bump to 6.6_p1
9
10 ---
11 .../files/openssh-6.5_p1-hpn-cipher-align.patch | 114 ++++++++
12 .../openssh-6.6_p1-openssl-ignore-status.patch | 17 ++
13 .../openssh/files/openssh-6.6_p1-x509-glue.patch | 16 ++
14 .../openssh-6.6_p1-x509-hpn14v4-glue-p2.patch | 26 ++
15 net-misc/openssh/openssh-6.6_p1-r99.ebuild | 316 +++++++++++++++++++++
16 5 files changed, 489 insertions(+)
17
18 diff --git a/net-misc/openssh/files/openssh-6.5_p1-hpn-cipher-align.patch b/net-misc/openssh/files/openssh-6.5_p1-hpn-cipher-align.patch
19 new file mode 100644
20 index 0000000..cfb060f
21 --- /dev/null
22 +++ b/net-misc/openssh/files/openssh-6.5_p1-hpn-cipher-align.patch
23 @@ -0,0 +1,114 @@
24 +https://bugs.gentoo.org/498632
25 +
26 +make sure we do not use unaligned loads/stores as some arches really hate that.
27 +
28 +--- a/cipher-ctr-mt.c
29 ++++ b/cipher-ctr-mt.c
30 +@@ -58,8 +58,16 @@
31 + /* Collect thread stats and print at cancellation when in debug mode */
32 + /* #define CIPHER_THREAD_STATS */
33 +
34 +-/* Use single-byte XOR instead of 8-byte XOR */
35 +-/* #define CIPHER_BYTE_XOR */
36 ++/* Can the system do unaligned loads natively? */
37 ++#if defined(__aarch64__) || \
38 ++ defined(__i386__) || \
39 ++ defined(__powerpc__) || \
40 ++ defined(__x86_64__)
41 ++# define CIPHER_UNALIGNED_OK
42 ++#endif
43 ++#if defined(__SIZEOF_INT128__)
44 ++# define CIPHER_INT128_OK
45 ++#endif
46 + /*-------------------- END TUNABLES --------------------*/
47 +
48 +
49 +@@ -285,8 +293,20 @@ thread_loop(void *x)
50 +
51 + static int
52 + ssh_aes_ctr(EVP_CIPHER_CTX *ctx, u_char *dest, const u_char *src,
53 +- u_int len)
54 ++ size_t len)
55 + {
56 ++ typedef union {
57 ++#ifdef CIPHER_INT128_OK
58 ++ __uint128_t *u128;
59 ++#endif
60 ++ uint64_t *u64;
61 ++ uint32_t *u32;
62 ++ uint8_t *u8;
63 ++ const uint8_t *cu8;
64 ++ uintptr_t u;
65 ++ } ptrs_t;
66 ++ ptrs_t destp, srcp, bufp;
67 ++ uintptr_t align;
68 + struct ssh_aes_ctr_ctx *c;
69 + struct kq *q, *oldq;
70 + int ridx;
71 +@@ -301,35 +321,41 @@ ssh_aes_ctr(EVP_CIPHER_CTX *ctx, u_char *dest, const u_char *src,
72 + ridx = c->ridx;
73 +
74 + /* src already padded to block multiple */
75 ++ srcp.cu8 = src;
76 ++ destp.u8 = dest;
77 + while (len > 0) {
78 + buf = q->keys[ridx];
79 ++ bufp.u8 = buf;
80 +
81 +-#ifdef CIPHER_BYTE_XOR
82 +- dest[0] = src[0] ^ buf[0];
83 +- dest[1] = src[1] ^ buf[1];
84 +- dest[2] = src[2] ^ buf[2];
85 +- dest[3] = src[3] ^ buf[3];
86 +- dest[4] = src[4] ^ buf[4];
87 +- dest[5] = src[5] ^ buf[5];
88 +- dest[6] = src[6] ^ buf[6];
89 +- dest[7] = src[7] ^ buf[7];
90 +- dest[8] = src[8] ^ buf[8];
91 +- dest[9] = src[9] ^ buf[9];
92 +- dest[10] = src[10] ^ buf[10];
93 +- dest[11] = src[11] ^ buf[11];
94 +- dest[12] = src[12] ^ buf[12];
95 +- dest[13] = src[13] ^ buf[13];
96 +- dest[14] = src[14] ^ buf[14];
97 +- dest[15] = src[15] ^ buf[15];
98 +-#else
99 +- *(uint64_t *)dest = *(uint64_t *)src ^ *(uint64_t *)buf;
100 +- *(uint64_t *)(dest + 8) = *(uint64_t *)(src + 8) ^
101 +- *(uint64_t *)(buf + 8);
102 +-#endif
103 ++ /* figure out the alignment on the fly */
104 ++#ifdef CIPHER_UNALIGNED_OK
105 ++ align = 0;
106 ++#else
107 ++ align = destp.u | srcp.u | bufp.u;
108 ++#endif
109 ++
110 ++#ifdef CIPHER_INT128_OK
111 ++ if ((align & 0xf) == 0) {
112 ++ destp.u128[0] = srcp.u128[0] ^ bufp.u128[0];
113 ++ } else
114 ++#endif
115 ++ if ((align & 0x7) == 0) {
116 ++ destp.u64[0] = srcp.u64[0] ^ bufp.u64[0];
117 ++ destp.u64[1] = srcp.u64[1] ^ bufp.u64[1];
118 ++ } else if ((align & 0x3) == 0) {
119 ++ destp.u32[0] = srcp.u32[0] ^ bufp.u32[0];
120 ++ destp.u32[1] = srcp.u32[1] ^ bufp.u32[1];
121 ++ destp.u32[2] = srcp.u32[2] ^ bufp.u32[2];
122 ++ destp.u32[3] = srcp.u32[3] ^ bufp.u32[3];
123 ++ } else {
124 ++ size_t i;
125 ++ for (i = 0; i < AES_BLOCK_SIZE; ++i)
126 ++ dest[i] = src[i] ^ buf[i];
127 ++ }
128 +
129 +- dest += 16;
130 +- src += 16;
131 +- len -= 16;
132 ++ destp.u += AES_BLOCK_SIZE;
133 ++ srcp.u += AES_BLOCK_SIZE;
134 ++ len -= AES_BLOCK_SIZE;
135 + ssh_ctr_inc(ctx->iv, AES_BLOCK_SIZE);
136 +
137 + /* Increment read index, switch queues on rollover */
138
139 diff --git a/net-misc/openssh/files/openssh-6.6_p1-openssl-ignore-status.patch b/net-misc/openssh/files/openssh-6.6_p1-openssl-ignore-status.patch
140 new file mode 100644
141 index 0000000..6db6b97
142 --- /dev/null
143 +++ b/net-misc/openssh/files/openssh-6.6_p1-openssl-ignore-status.patch
144 @@ -0,0 +1,17 @@
145 +the last nibble of the openssl version represents the status. that is,
146 +whether it is a beta or release. when it comes to version checks in
147 +openssh, this component does not matter, so ignore it.
148 +
149 +https://bugzilla.mindrot.org/show_bug.cgi?id=2212
150 +
151 +--- a/entropy.c
152 ++++ b/entropy.c
153 +@@ -216,7 +216,7 @@ seed_rng(void)
154 + * allow 1.0.1 to work with 1.0.0). Going backwards is only allowed
155 + * within a patch series.
156 + */
157 +- u_long version_mask = SSLeay() >= 0x1000000f ? ~0xffff0L : ~0xff0L;
158 ++ u_long version_mask = SSLeay() >= 0x1000000f ? ~0xfffffL : ~0xff0L;
159 + if (((SSLeay() ^ OPENSSL_VERSION_NUMBER) & version_mask) ||
160 + (SSLeay() >> 12) < (OPENSSL_VERSION_NUMBER >> 12))
161 + fatal("OpenSSL version mismatch. Built against %lx, you "
162
163 diff --git a/net-misc/openssh/files/openssh-6.6_p1-x509-glue.patch b/net-misc/openssh/files/openssh-6.6_p1-x509-glue.patch
164 new file mode 100644
165 index 0000000..0ba3e45
166 --- /dev/null
167 +++ b/net-misc/openssh/files/openssh-6.6_p1-x509-glue.patch
168 @@ -0,0 +1,16 @@
169 +Make x509 apply after openssh-5.9_p1-sshd-gssapi-multihomed.patch.
170 +
171 +--- openssh-6.6p1+x509-7.9.diff
172 ++++ openssh-6.6p1+x509-7.9.diff
173 +@@ -15473,10 +15473,9 @@
174 + .It Cm ChallengeResponseAuthentication
175 + Specifies whether challenge-response authentication is allowed (e.g. via
176 + PAM or though authentication styles supported in
177 +-@@ -499,6 +576,16 @@
178 ++@@ -499,5 +576,15 @@
179 + The default is
180 + .Dq yes .
181 +- Note that this option applies to protocol version 2 only.
182 + +.It Cm HostbasedAlgorithms
183 + +Specifies the protocol version 2 algorithms used in
184 + +.Dq hostbased
185
186 diff --git a/net-misc/openssh/files/openssh-6.6_p1-x509-hpn14v4-glue-p2.patch b/net-misc/openssh/files/openssh-6.6_p1-x509-hpn14v4-glue-p2.patch
187 new file mode 100644
188 index 0000000..a69830e
189 --- /dev/null
190 +++ b/net-misc/openssh/files/openssh-6.6_p1-x509-hpn14v4-glue-p2.patch
191 @@ -0,0 +1,26 @@
192 +make the hpn patch apply when the x509 patch has also been applied
193 +
194 +--- openssh-6.6p1-hpnssh14v4.diff
195 ++++ openssh-6.6p1-hpnssh14v4.diff
196 +@@ -1742,18 +1742,14 @@
197 + if (options->ip_qos_interactive == -1)
198 + options->ip_qos_interactive = IPTOS_LOWDELAY;
199 + if (options->ip_qos_bulk == -1)
200 +-@@ -345,9 +393,10 @@
201 ++@@ -345,6 +393,7 @@
202 + sUsePrivilegeSeparation, sAllowAgentForwarding,
203 + sHostCertificate,
204 + sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile,
205 +-+ sTcpRcvBufPoll, sHPNDisabled, sHPNBufferSize,
206 +++ sTcpRcvBufPoll, sHPNDisabled, sHPNBufferSize, sNoneEnabled,
207 + sKexAlgorithms, sIPQoS, sVersionAddendum,
208 + sAuthorizedKeysCommand, sAuthorizedKeysCommandUser,
209 +-- sAuthenticationMethods, sHostKeyAgent,
210 +-+ sAuthenticationMethods, sNoneEnabled, sHostKeyAgent,
211 +- sDeprecated, sUnsupported
212 +- } ServerOpCodes;
213 +-
214 ++ sAuthenticationMethods, sHostKeyAgent,
215 + @@ -468,6 +517,10 @@
216 + { "revokedkeys", sRevokedKeys, SSHCFG_ALL },
217 + { "trustedusercakeys", sTrustedUserCAKeys, SSHCFG_ALL },
218
219 diff --git a/net-misc/openssh/openssh-6.6_p1-r99.ebuild b/net-misc/openssh/openssh-6.6_p1-r99.ebuild
220 new file mode 100644
221 index 0000000..3232115
222 --- /dev/null
223 +++ b/net-misc/openssh/openssh-6.6_p1-r99.ebuild
224 @@ -0,0 +1,316 @@
225 +# Copyright 1999-2014 Gentoo Foundation
226 +# Distributed under the terms of the GNU General Public License v2
227 +# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/openssh-6.6_p1-r1.ebuild,v 1.2 2014/03/20 20:58:31 vapier Exp $
228 +
229 +EAPI="4"
230 +inherit eutils user flag-o-matic multilib autotools pam systemd versionator
231 +
232 +# Make it more portable between straight releases
233 +# and _p? releases.
234 +PARCH=${P/_}
235 +
236 +#HPN_PATCH="${PN}-6.6p1-hpnssh14v4.diff.gz"
237 +HPN_PATCH="${PN}-6.6p1-hpnssh14v4.diff.xz"
238 +LDAP_PATCH="${PN}-lpk-6.5p1-0.3.14.patch.gz"
239 +X509_VER="7.9" X509_PATCH="${PARCH}+x509-${X509_VER}.diff.gz"
240 +
241 +DESCRIPTION="Port of OpenBSD's free SSH release"
242 +HOMEPAGE="http://www.openssh.org/"
243 +SRC_URI="mirror://openbsd/OpenSSH/portable/${PARCH}.tar.gz
244 + ${HPN_PATCH:+hpn? ( http://dev.gentoo.org/~polynomial-c/${HPN_PATCH} )}
245 + ${LDAP_PATCH:+ldap? ( mirror://gentoo/${LDAP_PATCH} )}
246 + ${X509_PATCH:+X509? ( http://roumenpetrov.info/openssh/x509-${X509_VER}/${X509_PATCH} )}
247 + "
248 + #${HPN_PATCH:+hpn? ( mirror://sourceforge/hpnssh/${HPN_PATCH} )}
249 +
250 +LICENSE="BSD GPL-2"
251 +SLOT="0"
252 +KEYWORDS="amd64 arm ~mips x86"
253 +IUSE="bindist ${HPN_PATCH:++}hpn kerberos ldap ldns libedit pam selinux skey static tcpd X X509"
254 +
255 +LIB_DEPEND="selinux? ( >=sys-libs/libselinux-1.28[static-libs(+)] )
256 + skey? ( >=sys-auth/skey-1.1.5-r1[static-libs(+)] )
257 + libedit? ( dev-libs/libedit[static-libs(+)] )
258 + >=dev-libs/openssl-0.9.6d:0[bindist=]
259 + dev-libs/openssl[static-libs(+)]
260 + >=sys-libs/zlib-1.2.3[static-libs(+)]
261 + tcpd? ( >=sys-apps/tcp-wrappers-7.6[static-libs(+)] )"
262 +RDEPEND="
263 + !static? (
264 + ${LIB_DEPEND//\[static-libs(+)]}
265 + ldns? (
266 + !bindist? ( net-libs/ldns[ecdsa,ssl] )
267 + bindist? ( net-libs/ldns[-ecdsa,ssl] )
268 + )
269 + )
270 + pam? ( virtual/pam )
271 + kerberos? ( virtual/krb5 )
272 + ldap? ( net-nds/openldap )"
273 +DEPEND="${RDEPEND}
274 + static? (
275 + ${LIB_DEPEND}
276 + ldns? (
277 + !bindist? ( net-libs/ldns[ecdsa,ssl,static-libs(+)] )
278 + bindist? ( net-libs/ldns[-ecdsa,ssl,static-libs(+)] )
279 + )
280 + )
281 + virtual/pkgconfig
282 + virtual/os-headers
283 + sys-devel/autoconf"
284 +RDEPEND="${RDEPEND}
285 + pam? ( >=sys-auth/pambase-20081028 )
286 + userland_GNU? ( virtual/shadow )
287 + X? ( x11-apps/xauth )"
288 +
289 +S=${WORKDIR}/${PARCH}
290 +
291 +pkg_setup() {
292 + # this sucks, but i'd rather have people unable to `emerge -u openssh`
293 + # than not be able to log in to their server any more
294 + maybe_fail() { [[ -z ${!2} ]] && echo "$1" ; }
295 + local fail="
296 + $(use X509 && maybe_fail X509 X509_PATCH)
297 + $(use ldap && maybe_fail ldap LDAP_PATCH)
298 + $(use hpn && maybe_fail hpn HPN_PATCH)
299 + "
300 + fail=$(echo ${fail})
301 + if [[ -n ${fail} ]] ; then
302 + eerror "Sorry, but this version does not yet support features"
303 + eerror "that you requested: ${fail}"
304 + eerror "Please mask ${PF} for now and check back later:"
305 + eerror " # echo '=${CATEGORY}/${PF}' >> /etc/portage/package.mask"
306 + die "booooo"
307 + fi
308 +}
309 +
310 +save_version() {
311 + # version.h patch conflict avoidence
312 + mv version.h version.h.$1
313 + cp -f version.h.pristine version.h
314 +}
315 +
316 +src_prepare() {
317 + sed -i \
318 + -e "/_PATH_XAUTH/s:/usr/X11R6/bin/xauth:${EPREFIX}/usr/bin/xauth:" \
319 + pathnames.h || die
320 + # keep this as we need it to avoid the conflict between LPK and HPN changing
321 + # this file.
322 + cp version.h version.h.pristine
323 +
324 + # don't break .ssh/authorized_keys2 for fun
325 + sed -i '/^AuthorizedKeysFile/s:^:#:' sshd_config || die
326 +
327 + epatch "${FILESDIR}"/${PN}-5.9_p1-sshd-gssapi-multihomed.patch #378361
328 + if use X509 ; then
329 + pushd .. >/dev/null
330 + epatch "${FILESDIR}"/${PN}-6.6_p1-x509-glue.patch
331 + use hpn && epatch "${FILESDIR}"/${PN}-6.6_p1-x509-hpn14v4-glue-p2.patch
332 + popd >/dev/null
333 + epatch "${WORKDIR}"/${X509_PATCH%.*}
334 + epatch "${FILESDIR}"/${PN}-6.3_p1-x509-hpn14v2-glue.patch
335 + save_version X509
336 + fi
337 + if ! use X509 ; then
338 + if [[ -n ${LDAP_PATCH} ]] && use ldap ; then
339 + epatch "${WORKDIR}"/${LDAP_PATCH%.*}
340 + save_version LPK
341 + fi
342 + else
343 + use ldap && ewarn "Sorry, X509 and LDAP conflict internally, disabling LDAP"
344 + fi
345 + epatch "${FILESDIR}"/${PN}-4.7_p1-GSSAPI-dns.patch #165444 integrated into gsskex
346 + epatch "${FILESDIR}"/${PN}-6.6_p1-openssl-ignore-status.patch
347 + if [[ -n ${HPN_PATCH} ]] && use hpn; then
348 + epatch "${WORKDIR}"/${HPN_PATCH%.*}
349 + epatch "${FILESDIR}"/${PN}-6.5_p1-hpn-cipher-align.patch #498632
350 + save_version HPN
351 + fi
352 +
353 + tc-export PKG_CONFIG
354 + local sed_args=(
355 + -e "s:-lcrypto:$(${PKG_CONFIG} --libs openssl):"
356 + # Disable PATH reset, trust what portage gives us #254615
357 + -e 's:^PATH=/:#PATH=/:'
358 + # Disable fortify flags ... our gcc does this for us
359 + -e 's:-D_FORTIFY_SOURCE=2::'
360 + )
361 + sed -i "${sed_args[@]}" configure{,.ac} || die
362 +
363 + epatch "${FILESDIR}"/${PN}-6.4p1-avoid-exit.patch
364 + epatch "${FILESDIR}"/${PN}-6.4p1-missing-sys_param_h.patch
365 + epatch "${FILESDIR}"/${PN}-6.4p1-fix-typo-construct_utmpx.patch
366 +
367 + epatch_user #473004
368 +
369 + # Now we can build a sane merged version.h
370 + (
371 + sed '/^#define SSH_RELEASE/d' version.h.* | sort -u
372 + macros=()
373 + for p in HPN LPK X509 ; do [ -e version.h.${p} ] && macros+=( SSH_${p} ) ; done
374 + printf '#define SSH_RELEASE SSH_VERSION SSH_PORTABLE %s\n' "${macros}"
375 + ) > version.h
376 +
377 + eautoreconf
378 +}
379 +
380 +static_use_with() {
381 + local flag=$1
382 + if use static && use ${flag} ; then
383 + ewarn "Disabling '${flag}' support because of USE='static'"
384 + # rebuild args so that we invert the first one (USE flag)
385 + # but otherwise leave everything else working so we can
386 + # just leverage use_with
387 + shift
388 + [[ -z $1 ]] && flag="${flag} ${flag}"
389 + set -- !${flag} "$@"
390 + fi
391 + use_with "$@"
392 +}
393 +
394 +src_configure() {
395 + local myconf
396 + addwrite /dev/ptmx
397 + addpredict /etc/skey/skeykeys #skey configure code triggers this
398 +
399 + use static && append-ldflags -static
400 +
401 + # Special settings for Gentoo/FreeBSD 9.0 or later (see bug #391011)
402 + if use elibc_FreeBSD && version_is_at_least 9.0 "$(uname -r|sed 's/\(.\..\).*/\1/')" ; then
403 + myconf="${myconf} --disable-utmp --disable-wtmp --disable-wtmpx"
404 + append-ldflags -lutil
405 + fi
406 +
407 + econf \
408 + --with-ldflags="${LDFLAGS}" \
409 + --disable-strip \
410 + --with-pid-dir="${EPREFIX}"/var/run \
411 + --sysconfdir="${EPREFIX}"/etc/ssh \
412 + --libexecdir="${EPREFIX}"/usr/$(get_libdir)/misc \
413 + --datadir="${EPREFIX}"/usr/share/openssh \
414 + --with-privsep-path="${EPREFIX}"/var/empty \
415 + --with-privsep-user=sshd \
416 + --with-md5-passwords \
417 + --with-ssl-engine \
418 + $(static_use_with pam) \
419 + $(static_use_with kerberos kerberos5 /usr) \
420 + ${LDAP_PATCH:+$(use X509 || ( use ldap && use_with ldap ))} \
421 + $(use_with ldns) \
422 + $(use_with libedit) \
423 + $(use_with selinux) \
424 + $(use_with skey) \
425 + $(use_with tcpd tcp-wrappers) \
426 + ${myconf}
427 +}
428 +
429 +src_install() {
430 + emake install-nokeys DESTDIR="${D}"
431 + fperms 600 /etc/ssh/sshd_config
432 + dobin contrib/ssh-copy-id
433 + newinitd "${FILESDIR}"/sshd.rc6.4 sshd
434 + newconfd "${FILESDIR}"/sshd.confd sshd
435 + keepdir /var/empty
436 +
437 + # not all openssl installs support ecc, or are functional #352645
438 + if ! grep -q '#define OPENSSL_HAS_ECC 1' config.h ; then
439 + elog "dev-libs/openssl was built with 'bindist' - disabling ecdsa support"
440 + sed -i 's:&& gen_key ecdsa::' "${ED}"/etc/init.d/sshd || die
441 + fi
442 +
443 + newpamd "${FILESDIR}"/sshd.pam_include.2 sshd
444 + if use pam ; then
445 + sed -i \
446 + -e "/^#UsePAM /s:.*:UsePAM yes:" \
447 + -e "/^#PasswordAuthentication /s:.*:PasswordAuthentication no:" \
448 + -e "/^#PrintMotd /s:.*:PrintMotd no:" \
449 + -e "/^#PrintLastLog /s:.*:PrintLastLog no:" \
450 + "${ED}"/etc/ssh/sshd_config || die "sed of configuration file failed"
451 + fi
452 +
453 + # Gentoo tweaks to default config files
454 + cat <<-EOF >> "${ED}"/etc/ssh/sshd_config
455 +
456 + # Allow client to pass locale environment variables #367017
457 + AcceptEnv LANG LC_*
458 + EOF
459 + cat <<-EOF >> "${ED}"/etc/ssh/ssh_config
460 +
461 + # Send locale environment variables #367017
462 + SendEnv LANG LC_*
463 + EOF
464 +
465 + # This instruction is from the HPN webpage,
466 + # Used for the server logging functionality
467 + if [[ -n ${HPN_PATCH} ]] && use hpn ; then
468 + keepdir /var/empty/dev
469 + fi
470 +
471 + if ! use X509 && [[ -n ${LDAP_PATCH} ]] && use ldap ; then
472 + insinto /etc/openldap/schema/
473 + newins openssh-lpk_openldap.schema openssh-lpk.schema
474 + fi
475 +
476 + doman contrib/ssh-copy-id.1
477 + dodoc ChangeLog CREDITS OVERVIEW README* TODO sshd_config
478 +
479 + diropts -m 0700
480 + dodir /etc/skel/.ssh
481 +
482 + systemd_dounit "${FILESDIR}"/sshd.{service,socket}
483 + systemd_newunit "${FILESDIR}"/sshd_at.service 'sshd@.service'
484 +}
485 +
486 +src_test() {
487 + local t tests skipped failed passed shell
488 + tests="interop-tests compat-tests"
489 + skipped=""
490 + shell=$(egetshell ${UID})
491 + if [[ ${shell} == */nologin ]] || [[ ${shell} == */false ]] ; then
492 + elog "Running the full OpenSSH testsuite"
493 + elog "requires a usable shell for the 'portage'"
494 + elog "user, so we will run a subset only."
495 + skipped="${skipped} tests"
496 + else
497 + tests="${tests} tests"
498 + fi
499 + # It will also attempt to write to the homedir .ssh
500 + local sshhome=${T}/homedir
501 + mkdir -p "${sshhome}"/.ssh
502 + for t in ${tests} ; do
503 + # Some tests read from stdin ...
504 + HOMEDIR="${sshhome}" \
505 + emake -k -j1 ${t} </dev/null \
506 + && passed="${passed}${t} " \
507 + || failed="${failed}${t} "
508 + done
509 + einfo "Passed tests: ${passed}"
510 + ewarn "Skipped tests: ${skipped}"
511 + if [[ -n ${failed} ]] ; then
512 + ewarn "Failed tests: ${failed}"
513 + die "Some tests failed: ${failed}"
514 + else
515 + einfo "Failed tests: ${failed}"
516 + return 0
517 + fi
518 +}
519 +
520 +pkg_preinst() {
521 + enewgroup sshd 22
522 + enewuser sshd 22 -1 /var/empty sshd
523 +}
524 +
525 +pkg_postinst() {
526 + if has_version "<${CATEGORY}/${PN}-5.8_p1" ; then
527 + elog "Starting with openssh-5.8p1, the server will default to a newer key"
528 + elog "algorithm (ECDSA). You are encouraged to manually update your stored"
529 + elog "keys list as servers update theirs. See ssh-keyscan(1) for more info."
530 + fi
531 + ewarn "Remember to merge your config files in /etc/ssh/ and then"
532 + ewarn "reload sshd: '/etc/init.d/sshd reload'."
533 + # This instruction is from the HPN webpage,
534 + # Used for the server logging functionality
535 + if [[ -n ${HPN_PATCH} ]] && use hpn ; then
536 + echo
537 + einfo "For the HPN server logging patch, you must ensure that"
538 + einfo "your syslog application also listens at /var/empty/dev/log."
539 + fi
540 +}
Report Message
Find on MARC Find on Google Groups