blob: 9686385cebd3f70f35feb853c000d66cb6d03bbe (
plain) (
tree)
|
|
# Contributor: Leonardo Arena <rnalrd@alpinelinux.org>
# Contributor: Valery Kartel <valery.kartel@gmail.com>
# Maintainer: Horst Burkhardt <horst@adelielinux.org>
pkgname=openssh
pkgver=9.3_p1
_myver=${pkgver%_*}${pkgver#*_}
pkgrel=0
pkgdesc="Remote login tool using encrypted SSH protocol"
url="https://www.openssh.com/portable.html"
arch="all"
options="suid !check"
license="BSD-1-Clause AND BSD-2-Clause AND BSD-3-Clause"
depends="openssh-client openssh-sftp-server openssh-server"
makedepends_build="linux-pam-dev gettext-tiny"
makedepends_host="openssl-dev zlib-dev linux-headers linux-pam-dev
gettext-tiny-dev utmps-dev"
makedepends="$makedepends_build $makedepends_host"
subpackages="$pkgname-doc
$pkgname-keygen
$pkgname-client
$pkgname-keysign
$pkgname-sftp-server:sftp
$pkgname-server
$pkgname-openrc
"
source="https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/$pkgname-$_myver.tar.gz
disable-forwarding-by-default.patch
fix-utmpx.patch
sftp-interactive.patch
time64-seccomp.patch
sshd.initd
sshd.confd
"
# secfixes:
# 9.0_p1-r0:
# - CVE-2021-41617
# - CVE-2021-28041
# - CVE-2020-14145
# 7.9_p1-r2:
# - CVE-2018-20685
# 7.9_p1:
# - CVE-2018-15473
# 7.7_p1:
# - CVE-2017-15906
# 7.4_p1:
# - CVE-2016-10009
# - CVE-2016-10010
# - CVE-2016-10011
# - CVE-2016-10012
builddir="$srcdir"/$pkgname-$_myver
build() {
export LD="$CC"
LIBS="-lutmps -lskarnet" ./configure --build=$CBUILD \
--host=$CHOST \
--prefix=/usr \
--sysconfdir=/etc/ssh \
--libexecdir=/usr/lib/ssh \
--mandir=/usr/share/man \
--with-pid-dir=/run \
--with-mantype=man \
--with-ldflags="${LDFLAGS}" \
--enable-lastlog \
--disable-strip \
--enable-wtmp \
--with-privsep-path=/var/empty \
--with-xauth=/usr/bin/xauth \
--with-privsep-user=sshd \
--with-ssl-engine \
--with-pam
make
}
package() {
make DESTDIR="$pkgdir" install
mkdir -p "$pkgdir"/var/empty
install -D -m755 "$srcdir"/sshd.initd \
"$pkgdir"/etc/init.d/sshd
install -D -m644 "$srcdir"/sshd.confd \
"$pkgdir"/etc/conf.d/sshd
install -Dm644 "$builddir"/contrib/ssh-copy-id.1 \
"$pkgdir"/usr/share/man/man1/ssh-copy-id.1
}
keygen() {
pkgdesc="Helper program for generating SSH keys"
depends=""
install -d "$subpkgdir"/usr/bin
mv "$pkgdir"/usr/bin/ssh-keygen \
"$subpkgdir"/usr/bin/
}
client() {
pkgdesc="OpenBSD's SSH client"
depends="openssh-keygen"
install -d "$subpkgdir"/usr/bin \
"$subpkgdir"/usr/lib/ssh \
"$subpkgdir"/etc/ssh \
"$subpkgdir"/var/empty
mv "$pkgdir"/usr/bin/* \
"$subpkgdir"/usr/bin/
mv "$pkgdir"/etc/ssh/ssh_config \
"$pkgdir"/etc/ssh/moduli \
"$subpkgdir"/etc/ssh/
install -Dm755 "$builddir"/contrib/findssl.sh \
"$subpkgdir"/usr/bin/findssl.sh
install -Dm755 "$builddir"/contrib/ssh-copy-id \
"$subpkgdir"/usr/bin/ssh-copy-id
install -Dm755 "$builddir"/ssh-pkcs11-helper \
"$subpkgdir"/usr/bin/ssh-pkcs11-helper
}
keysign() {
pkgdesc="Helper program for SSH host-based authentication"
depends="openssh-client"
install -d "$subpkgdir"/usr/lib/ssh
mv "$pkgdir"/usr/lib/ssh/ssh-keysign \
"$subpkgdir"/usr/lib/ssh/
}
sftp() {
pkgdesc="SFTP server module for OpenSSH"
depends=""
install -d "$subpkgdir"/usr/lib/ssh
mv "$pkgdir"/usr/lib/ssh/sftp-server \
"$subpkgdir"/usr/lib/ssh/
}
server() {
pkgdesc="OpenSSH server"
depends="openssh-client openssh-keygen"
replaces="openssh-server-common"
install -d "$subpkgdir"/usr/sbin
install -d "$subpkgdir"/etc/ssh
mv "$pkgdir"/usr/sbin/sshd "$subpkgdir"/usr/sbin/
mv "$pkgdir"/etc/ssh/sshd_config "$subpkgdir"/etc/ssh/
}
openrc() {
default_openrc
depends="openssh-server"
install_if="openssh-server=$pkgver-r$pkgrel openrc"
}
sha512sums="087ff6fe5f6caab4c6c3001d906399e02beffad7277280f11187420c2939fd4befdcb14643862a657ce4cad2f115b82a0a1a2c99df6ee54dcd76b53647637c19 openssh-9.3p1.tar.gz
f3d5960572ddf49635d4edbdff45835df1b538a81840db169c36b39862e6fa8b0393ca90626000b758f59567ff6810b2537304098652483b3b31fb438a061de6 disable-forwarding-by-default.patch
70bffa6c061a02dd790dbaa68cd0b488395aa2312039b037e1a707e8cf7465754bf376d943d351914b64044c074af7504e845de865dec45ea00d992c2bbb8925 fix-utmpx.patch
34c0673f550e7afcd47eda4fe1da48fb42e5344c95ba8064c9c3c137fda9c43635b0f7b8145d0300f59c79f75a396ebd467afb54cdaa42aa251d624d0752dc84 sftp-interactive.patch
ad5b209f7f3fff69c10bae34da143e071e107a2141eee94f393532d6bb04a36bfe6d9b5d2c08b713f67118503c38d11b4aad689df1df7c8a918d52db8326821d time64-seccomp.patch
964c0f8538ba25bdc9cdbd1467bbdfb2090e38492ff0ef7c64473785713fe26d752ea6a7b0ee7a0b34e08f4d3b4bccf6a69e6c456f0c57d0d0c581aa8a046936 sshd.initd
ce0abddbd2004891f88efd8522c4b37a4989290269fab339c0fa9aacc051f7fd3b20813e192e92e0e64315750041cb74012d4321260f4865ff69d7a935b259d4 sshd.confd"
|