main/openssh
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Changes made in this version:

Browse Source 
* Split into separate client and server packages
  * Cleaned up init file
  * Updated usher to support chroot into TARGET
This commit is contained in:
Jay Larson
2017-05-05 15:10:58 -05:00
parent 0f026048c8
commit ddaa5d79d7
5 changed files with 154 additions and 86 deletions
Download Patch File Download Diff File Expand all files Collapse all files

77
Makefile
View File

@@ -8,20 +8,63 @@
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details. # GNU General Public License for more details.
DEPENDS = glibc,openssl,zlib export SRCPKG = openssh
ARCH = x86_64 export DEPENDS = glibc,openssl,zlib
URL = http://www.openssh.com/ export ARCH = x86_64
export URL = http://www.openssh.com/
BRIEF = OpenSSH client and server
DESC = OpenSSH is the premier connectivity tool for remote login with the \ DESC = OpenSSH is the premier connectivity tool for remote login with the \
SSH protocol. SSH protocol.
SNAPVER = sr2 SNAPVER = 4
ARCHIVE := $(PWD)/SRC/$(shell ls SRC|egrep '(bz2|gz|tar|xz)$$'|tail -1) ARCHIVE := $(PWD)/SRC/$(shell ls SRC|egrep '(bz2|gz|tar|xz)$$'|tail -1)
TYPE := $(shell file -ib $(ARCHIVE)|cut -d';' -f1|tr -d '\n') TYPE := $(shell file -ib $(ARCHIVE)|cut -d';' -f1|tr -d '\n')
SRCDIR := $(shell tar -tf $(ARCHIVE)|head -1|sed 's/\/.*//') SRCDIR := $(shell tar -tf $(ARCHIVE)|head -1|sed 's/\/.*//')
PATCHDIR := $(PWD)/SRC/patches PATCHDIR := $(PWD)/SRC/patches
VERSION := $(shell echo $(SRCDIR)|egrep -o '\-[0-9].*'|sed 's/^-//')$(SNAPVER) export VERSION := $(shell echo $(SRCDIR)|egrep -o '\-[0-9].*'|\
sed 's/^-//')-$(SNAPVER)
include /usr/share/snap/Makefile.snaplinux CLIENT := $(PWD)/openssh-client
CLIENTROOT := $(CLIENT)/ROOT
SERVER := $(PWD)/openssh-server
SERVERROOT := $(SERVER)/ROOT
$(SERVERROOT): $(CLIENTROOT)
cd $(SERVER) && make -f ../Makefile.server && mv *.snap ../
$(CLIENTROOT): $(SRCDIR)/sshd
@install -v -d $(CLIENT)/SNAP && \
if [ -d $(CLIENTROOT) ]; then \
touch $(CLIENTROOT); \
else \
mkdir -v $(CLIENTROOT); \
fi
cd $(SRCDIR) && make install DESTDIR=$(CLIENTROOT) && \
install -v -d -m 755 $(CLIENTROOT)/usr/share/doc/openssh && \
install -v -m 755 contrib/ssh-copy-id $(CLIENTROOT)/usr/bin && \
install -v -m 644 contrib/ssh-copy-id.1 \
$(CLIENTROOT)/usr/share/man/man1 && \
install -v -m644 INSTALL LICENCE OVERVIEW README* \
$(CLIENTROOT)/usr/share/doc/openssh && \
gzip $(CLIENTROOT)/usr/share/doc/openssh/* && \
install -v -d $(SERVER)/SNAP && \
install -v -d $(SERVERROOT) && \
install -v -d -m 755 $(SERVERROOT)/etc/{ssh,init.d} && \
install -v -d -m 755 $(SERVERROOT)/usr/{libexec,sbin} && \
install -v -d -m 755 $(SERVERROOT)/usr/share/man/man{5,8} && \
install -v -m 755 $(PWD)/SNAP/sshd.init \
$(SERVERROOT)/etc/init.d/sshd && \
mv -v $(CLIENTROOT)/etc/ssh/sshd_config \
$(SERVERROOT)/etc/ssh/sshd_config && \
mv -v $(CLIENTROOT)/usr/libexec/sftp-server \
$(SERVERROOT)/usr/libexec/sftp-server && \
mv -v $(CLIENTROOT)/usr/sbin/sshd \
$(SERVERROOT)/usr/sbin/sshd && \
mv -v $(CLIENTROOT)/usr/share/man/man5/sshd_config.5 \
$(SERVERROOT)/usr/share/man/man5/sshd_config.5 && \
mv -v $(CLIENTROOT)/usr/share/man/man8/sftp-server.8 \
$(SERVERROOT)/usr/share/man/man8/sftp-server.8 && \
cd $(CLIENT) && make -f ../Makefile.client && mv *.snap ../
$(SRCDIR)/configure: $(ARCHIVE) $(SRCDIR)/configure: $(ARCHIVE)
@if [ '$(TYPE)' == 'application/x-bzip2' ]; then \ @if [ '$(TYPE)' == 'application/x-bzip2' ]; then \
@@ -56,30 +99,14 @@ $(SRCDIR)/config.log: $(SRCDIR)/configure
$(SRCDIR)/sshd: $(SRCDIR)/config.log $(SRCDIR)/sshd: $(SRCDIR)/config.log
@cd $(SRCDIR) && make @cd $(SRCDIR) && make
$(ROOT): $(SRCDIR)/sshd test: $(CLIENTROOT)
@if [ -d $(ROOT) ]; then \
touch $(ROOT); \
else \
mkdir -v $(ROOT); \
fi
@cd $(SRCDIR) && make install DESTDIR=$(ROOT) && \
install -v -d -m 755 $(ROOT)/etc/init.d && \
install -v -d -m 755 $(ROOT)/usr/share/doc/openssh && \
install -v -d -m 700 $(ROOT)/var/run/sshd && \
install -v -m 755 contrib/ssh-copy-id $(ROOT)/usr/bin && \
install -v -m 755 $(PWD)/SNAP/sshd.init $(ROOT)/etc/init.d/sshd && \
install -v -m 644 contrib/ssh-copy-id.1 \
$(ROOT)/usr/share/man/man1 && \
install -v -m644 INSTALL LICENCE OVERVIEW README* \
$(ROOT)/usr/share/doc/openssh
test: $(ROOT)
@cd $(SRCDIR); \ @cd $(SRCDIR); \
make tests make tests
clean: clean:
@rm -rvf $(ROOT) \ @rm -rvf $(ROOT) \
$(CLIENT) \
$(SERVER) \
$(SNAPINFO) \ $(SNAPINFO) \
$(MANIFEST) \ $(MANIFEST) \
$(FILES) \ $(FILES) \

15
Makefile.client Normal file
View File

@@ -0,0 +1,15 @@
# This file is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2 as
# published by the Free Software Foundation here:
# (http://www.gnu.org/licenses/gpl-2.0.html)
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
BRIEF = OpenSSH client
DESC = The OpenSSH client provides a secure method of remotely \
accessing computer systems
include /usr/share/snap/Makefile.snaplinux

14
Makefile.server Normal file
View File

@@ -0,0 +1,14 @@
# This file is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2 as
# published by the Free Software Foundation here:
# (http://www.gnu.org/licenses/gpl-2.0.html)
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
BRIEF = OpenSSH server
DESC = The OpenSSH server allows remote users to access the system securely
include /usr/share/snap/Makefile.snaplinux

43
SNAP/sshd.init
View File

@@ -2,8 +2,10 @@
### BEGIN INIT INFO ### BEGIN INIT INFO
# Provides: sshd # Provides: sshd
# Default-Start: 2 3 4 5 # Required-Start: $network $syslog
# Default-Stop: # Required-Stop: $network $syslog
# Default-Start: 3 4 5
# Default-Stop: 0 1 2 6
# Short-Description: OpenBSD Secure Shell server # Short-Description: OpenBSD Secure Shell server
### END INIT INFO ### END INIT INFO
@@ -19,40 +21,29 @@ check_privsep_dir() {
fi fi
} }
if ! test -f $DAEMON; then case "$1" in
log_info_msg "Failed to locate ssh daemon!"
log_failure_msg2
exit 1;
fi
case ${1} in
start) start)
check_privsep_dir check_privsep_dir
log_info_msg "Starting OpenBSD Secure Shell server" log_info_msg "Starting OpenBSD Secure Shell server"
$DAEMON $DAEMON && log_success_msg || log_failure_msg
evaluate_retval
;; ;;
stop) stop)
if ! test -f /var/run/sshd.pid; then
log_info_msg "No sshd running"
log_failure_msg2
exit 1
exit
fi
log_info_msg "Stopping OpenBSD Secure Shell server" log_info_msg "Stopping OpenBSD Secure Shell server"
kill -TERM $(cat /var/run/sshd.pid)
evaluate_retval if ! test -f /var/run/sshd.pid; then
echo -n " - No sshd running"
log_warning_msg
else
kill -TERM $(cat /var/run/sshd.pid) && log_success_msg || log_failure_msg
fi
;; ;;
restart) restart)
log_info_msg "Restarting OpenBSD Secure Shell server" $0 stop
kill -TERM $(cat /var/run/sshd.pid) sleep 1
$DAEMON $0 start
evaluate_retval
;; ;;
*) *)
echo "Usage: ${0} {start|stop|restart}" echo "Usage: $0 [start|stop|restart]"
exit 1 exit 1
;; ;;
esac esac

27
SNAP/usher
View File

@@ -5,6 +5,29 @@ case $1 in
exit 0 exit 0
;; ;;
postinst) postinst)
if [[ ${TARGET} ]]; then
if ! chroot ${TARGET} 'getent group sshd 2>&1' > /dev/null; then
if chroot ${TARGET} 'groupadd -g 50 sshd'; then
echo 'Created group sshd'
else
echo 'Failed to create group sshd!'
exit 1
fi
fi
if ! chroot ${TARGET} 'getent passwd sshd 2>&1 > /dev/null'; then
if chroot ${TARGET} 'useradd -c "sshd PrivSep" \
-d /var/lib/sshd -g sshd -s /bin/false -u 50 sshd'; then
echo 'Created user sshd'
else
echo 'Failed to create user sshd!'
exit 1
fi
fi
if [ ! -f ${TARGET}/etc/ssh/ssh_host_rsa_key ]; then
chroot ${TARGET} 'ssh-keygen -A'
fi
else
if ! getent group sshd 2>&1 > /dev/null; then if ! getent group sshd 2>&1 > /dev/null; then
if groupadd -g 50 sshd; then if groupadd -g 50 sshd; then
echo 'Created group sshd' echo 'Created group sshd'
@@ -13,7 +36,6 @@ case $1 in
exit 1 exit 1
fi fi
fi fi
if ! getent passwd sshd 2>&1 > /dev/null; then if ! getent passwd sshd 2>&1 > /dev/null; then
if useradd -c 'sshd PrivSep' -d /var/lib/sshd -g sshd \ if useradd -c 'sshd PrivSep' -d /var/lib/sshd -g sshd \
-s /bin/false -u 50 sshd; then -s /bin/false -u 50 sshd; then
@@ -24,11 +46,10 @@ case $1 in
fi fi
fi fi
chown root:root /var/run/sshd
if [ ! -f /etc/ssh/ssh_host_rsa_key ]; then if [ ! -f /etc/ssh/ssh_host_rsa_key ]; then
ssh-keygen -A ssh-keygen -A
fi fi
fi
;; ;;
prerm) prerm)
exit 0 exit 0