moritzruth/void-packages
1
0
Fork 0
Code Releases Activity Actions 2

openssh: use sshd_config.d for customisation

Browse source
This commit is contained in:
Đoàn Trần Công Danh 2023-08-18 20:07:21 +07:00 committed by Leah Neukirchen
parent 27669137e9
commit a7f592e114
5 changed files with 57 additions and 20 deletions
Download patch file Download diff file Expand all files Collapse all files

14
srcpkgs/openssh/patches/config.patch
View file

@ -1,23 +1,23 @@
--- a/configure.ac --- a/configure.ac
+++ b/configure.ac +++ b/configure.ac
@@ -184,6 +184,7 @@ @@ -198,6 +198,7 @@ if test "$GCC" = "yes" || test "$GCC" =
OSSH_CHECK_CFLAG_COMPILE([-Wall]) OSSH_CHECK_CFLAG_COMPILE([-Wextra])
OSSH_CHECK_CFLAG_COMPILE([-Wpointer-arith]) OSSH_CHECK_CFLAG_COMPILE([-Wpointer-arith])
OSSH_CHECK_CFLAG_COMPILE([-Wuninitialized]) OSSH_CHECK_CFLAG_COMPILE([-Wuninitialized])
+ OSSH_CHECK_CFLAG_COMPILE([-Wimplicit-function-declaration]) + OSSH_CHECK_CFLAG_COMPILE([-Wimplicit-function-declaration])
OSSH_CHECK_CFLAG_COMPILE([-Wsign-compare]) OSSH_CHECK_CFLAG_COMPILE([-Wsign-compare])
OSSH_CHECK_CFLAG_COMPILE([-Wformat-security]) OSSH_CHECK_CFLAG_COMPILE([-Wformat-security])
OSSH_CHECK_CFLAG_COMPILE([-Wsizeof-pointer-memaccess]) OSSH_CHECK_CFLAG_COMPILE([-Wsizeof-pointer-memaccess])
@@ -1761,8 +1760,6 @@ @@ -1973,8 +1974,6 @@ AC_CHECK_FUNCS([ \
strcasestr \ strcasestr \
strdup \ strdup \
strerror \ strerror \
- strlcat \ - strlcat \
- strlcpy \ - strlcpy \
strmode \ strmode \
strndup \
strnlen \ strnlen \
strnvis \ @@ -2001,6 +2000,13 @@ AC_CHECK_FUNCS([ \
@@ -1785,6 +1781,13 @@
waitpid \ waitpid \
warn \ warn \
]) ])
@ -29,5 +29,5 @@
+], [], [], [[#include <string.h>]]) +], [], [], [[#include <string.h>]])
+AC_CHECK_DECLS([reallocarray], [], [], [[#include <stdlib.h>]]) +AC_CHECK_DECLS([reallocarray], [], [], [[#include <stdlib.h>]])
dnl Wide character support. AC_CHECK_DECLS([bzero, memmem])
AC_CHECK_FUNCS([mblen mbtowc nl_langinfo wcwidth])

4
srcpkgs/openssh/patches/ssh-musl-gssapi.patch
View file

@ -1,5 +1,5 @@
--- a/gss-serv.c 2022-10-03 16:51:42.000000000 +0200 --- a/gss-serv.c
+++ b/gss-serv.c 2022-11-09 13:28:59.124968270 +0100 +++ b/gss-serv.c
@@ -33,6 +33,7 @@ @@ -33,6 +33,7 @@
#include <stdarg.h> #include <stdarg.h>
#include <string.h> #include <string.h>

41
srcpkgs/openssh/patches/sshd_config.patch Normal file
View file

@ -0,0 +1,41 @@
--- a/sshd_config
+++ b/sshd_config
@@ -10,6 +10,11 @@
# possible, but leave them commented. Uncommented options override the
# default value.
+# To avoid conflicts with the packaged configuration, specify custom options
+# in drop-in files under /etc/ssh/sshd_config.d to override any defaults or
+# options set below.
+Include /etc/ssh/sshd_config.d/*.conf
+
#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
@@ -58,7 +63,7 @@ AuthorizedKeysFile .ssh/authorized_keys
#PermitEmptyPasswords no
# Change to no to disable s/key passwords
-#KbdInteractiveAuthentication yes
+KbdInteractiveAuthentication no
# Kerberos options
#KerberosAuthentication no
@@ -79,7 +84,7 @@ AuthorizedKeysFile .ssh/authorized_keys
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and KbdInteractiveAuthentication to 'no'.
-#UsePAM no
+UsePAM yes
#AllowAgentForwarding yes
#AllowTcpForwarding yes
@@ -88,7 +93,7 @@ AuthorizedKeysFile .ssh/authorized_keys
#X11DisplayOffset 10
#X11UseLocalhost yes
#PermitTTY yes
-#PrintMotd yes
+PrintMotd no
#PrintLastLog yes
#TCPKeepAlive yes
#PermitUserEnvironment no

6
srcpkgs/openssh/patches/time_t-32-bit.patch
View file

@ -1,6 +1,6 @@
--- openssh-9.2p1.orig/channels.c --- a/channels.c
+++ openssh-9.2p1/channels.c +++ b/channels.c
@@ -2558,7 +2558,7 @@ channel_handler(struct ssh *ssh, int tab @@ -2566,7 +2566,7 @@ channel_handler(struct ssh *ssh, int tab
if (table == CHAN_PRE && if (table == CHAN_PRE &&
c->type == SSH_CHANNEL_OPEN && c->type == SSH_CHANNEL_OPEN &&
c->inactive_deadline != 0 && c->lastused != 0 && c->inactive_deadline != 0 && c->lastused != 0 &&

12
srcpkgs/openssh/template
View file

@ -1,7 +1,7 @@
# Template file for 'openssh' # Template file for 'openssh'
pkgname=openssh pkgname=openssh
version=9.3p2 version=9.3p2
revision=2 revision=3
build_style=gnu-configure build_style=gnu-configure
configure_args="--datadir=/usr/share/openssh configure_args="--datadir=/usr/share/openssh
--sysconfdir=/etc/ssh --without-selinux --with-privsep-user=nobody --sysconfdir=/etc/ssh --without-selinux --with-privsep-user=nobody
@ -27,7 +27,9 @@ homepage="https://www.openssh.com"
distfiles="https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/${pkgname}-${version}.tar.gz" distfiles="https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/${pkgname}-${version}.tar.gz"
checksum=200ebe147f6cb3f101fd0cdf9e02442af7ddca298dffd9f456878e7ccac676e8 checksum=200ebe147f6cb3f101fd0cdf9e02442af7ddca298dffd9f456878e7ccac676e8
conf_files="/etc/ssh/moduli /etc/ssh/ssh_config /etc/ssh/sshd_config /etc/pam.d/sshd" conf_files="/etc/ssh/moduli /etc/ssh/ssh_config /etc/ssh/sshd_config /etc/pam.d/sshd"
make_dirs="/var/chroot/ssh 0755 root root" make_dirs="
/var/chroot/ssh 0755 root root
/etc/ssh/sshd_config.d 0755 root root"
# Package build options # Package build options
build_options="fido2 gssapi ldns ssl" build_options="fido2 gssapi ldns ssl"
@ -65,12 +67,6 @@ post_install() {
vman contrib/ssh-copy-id.1 vman contrib/ssh-copy-id.1
vlicense LICENCE vlicense LICENCE
# configure to use PAM
vsed -i ${DESTDIR}/etc/ssh/sshd_config \
-e 's|^#\(UsePAM\) no|\1 yes|g' \
-e 's|^#\(KbdInteractiveAuthentication\) yes|\1 no|g' \
-e 's|^#\(PrintMotd\) yes|\1 no|g'
vinstall ${FILESDIR}/sshd.pam 644 etc/pam.d sshd vinstall ${FILESDIR}/sshd.pam 644 etc/pam.d sshd
vsv sshd vsv sshd
} }