diff options
| author | Igor Pashev <pashev.igor@gmail.com> | 2017-06-21 14:12:27 +0300 |
|---|---|---|
| committer | Igor Pashev <pashev.igor@gmail.com> | 2017-06-21 14:12:27 +0300 |
| commit | ff275b195141d4a932e7eebdf6f7319fb4f8d5db (patch) | |
| tree | 291ff37f61d017fa7caf7b1c6fdc7dceae71d835 | |
| parent | 31684bbc19b57842dfb8285f69ab3d19f9d0f0b5 (diff) | |
| download | openssh-ff275b195141d4a932e7eebdf6f7319fb4f8d5db.tar.gz | |
openssh (1:7.4p1-10+dyson1)HEADdyson/7.4p1-10+dyson1master
* Package for Dyson
* Added SMF service
* Added debian/patches/dyson.patch
* Changed VCS URLs in debian/control to Dyson ones
* Disable systemd on non-linux: no build dependencies, no installed
files
| -rw-r--r-- | debian/changelog | 11 | ||||
| -rw-r--r-- | debian/control | 9 | ||||
| -rwxr-xr-x | debian/openssh-server.install | 12 | ||||
| -rw-r--r-- | debian/openssh-server.smf/manifest/network/ssh.xml | 69 | ||||
| -rwxr-xr-x | debian/openssh-server.smf/method/openssh | 52 | ||||
| -rw-r--r-- | debian/patches/dyson.patch | 46 | ||||
| -rw-r--r-- | debian/patches/series | 1 | ||||
| -rwxr-xr-x | debian/rules | 27 |
8 files changed, 214 insertions, 13 deletions
diff --git a/debian/changelog b/debian/changelog index 7be0100..c63cca8 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,14 @@ +openssh (1:7.4p1-10+dyson1) unstable; urgency=medium + + * Package for Dyson + * Added SMF service + * Added debian/patches/dyson.patch + * Changed VCS URLs in debian/control to Dyson ones + * Disable systemd on non-linux: no build dependencies, no installed + files + + -- Igor Pashev <pashev.igor@gmail.com> Wed, 21 Jun 2017 13:33:28 +0300 + openssh (1:7.4p1-10) unstable; urgency=medium * Move privilege separation directory and PID file from /var/run/ to /run/ diff --git a/debian/control b/debian/control index 411731a..cde4a6c 100644 --- a/debian/control +++ b/debian/control @@ -6,7 +6,7 @@ Build-Depends: autotools-dev, debhelper (>= 9~), dh-autoreconf, dh-exec, - dh-systemd (>= 1.4), + dh-systemd (>= 1.4) [linux-any], dpkg-dev (>= 1.16.1~), libaudit-dev [linux-any], libedit-dev, @@ -16,14 +16,17 @@ Build-Depends: autotools-dev, libselinux1-dev [linux-any], libssl1.0-dev | libssl-dev (<< 1.1.0~), libsystemd-dev [linux-any], + libcontract1-dev [illumos-any], + libproject1-dev [illumos-any], + dh-smf [illumos-any], libwrap0-dev | libwrap-dev, zlib1g-dev (>= 1:1.2.3), Standards-Version: 3.9.8 Uploaders: Colin Watson <cjwatson@debian.org>, Matthew Vernon <matthew@debian.org>, Homepage: http://www.openssh.com/ -Vcs-Git: https://anonscm.debian.org/git/pkg-ssh/openssh.git -Vcs-Browser: https://anonscm.debian.org/cgit/pkg-ssh/openssh.git +Vcs-Git: http://cgit.osdyson.org/pkg-ssh/openssh.git +Vcs-Browser: http://cgit.osdyson.org/pkg-ssh/openssh.git Package: openssh-client Architecture: any diff --git a/debian/openssh-server.install b/debian/openssh-server.install index 7fdf609..22ba733 100755 --- a/debian/openssh-server.install +++ b/debian/openssh-server.install @@ -8,11 +8,13 @@ usr/share/man/man8/sshd.8 sshd_config => usr/share/openssh/sshd_config debian/openssh-server.ucf-md5sum => usr/share/openssh/sshd_config.md5sum -debian/openssh-server.if-up => etc/network/if-up.d/openssh-server -debian/openssh-server.ufw.profile => etc/ufw/applications.d/openssh-server -debian/systemd/ssh.socket lib/systemd/system -debian/systemd/ssh@.service lib/systemd/system -debian/systemd/sshd.conf usr/lib/tmpfiles.d +[!illumos-any] debian/openssh-server.if-up => etc/network/if-up.d/openssh-server +[!illumos-any] debian/openssh-server.ufw.profile => etc/ufw/applications.d/openssh-server + +[linux-any] debian/systemd/ssh.socket lib/systemd/system +[linux-any] debian/systemd/ssh@.service lib/systemd/system +[linux-any] debian/systemd/sshd.conf usr/lib/tmpfiles.d + debian/systemd/ssh-session-cleanup usr/lib/openssh # dh_apport would be neater, but at the time of writing it isn't in unstable diff --git a/debian/openssh-server.smf/manifest/network/ssh.xml b/debian/openssh-server.smf/manifest/network/ssh.xml new file mode 100644 index 0000000..2bb16fe --- /dev/null +++ b/debian/openssh-server.smf/manifest/network/ssh.xml @@ -0,0 +1,69 @@ +<?xml version="1.0"?> +<!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1"> +<service_bundle type="manifest" name="OpenSSH server"> + <service name="network/ssh" type="service" version="1"> + <instance name="default" enabled="true"> + <dependency name="fs-local" grouping="require_all" restart_on="none" type="service"> + <service_fmri value="svc:/system/filesystem/local"/> + </dependency> + <dependency name="net-loopback" grouping="require_all" restart_on="none" type="service"> + <service_fmri value="svc:/network/loopback"/> + </dependency> + <dependency name="net-physical" grouping="require_all" restart_on="none" type="service"> + <service_fmri value="svc:/network/physical"/> + </dependency> + <dependency name="config_data" grouping="require_all" restart_on="restart" type="path"> + <service_fmri value="file://localhost/etc/ssh/sshd_config"/> + </dependency> + <dependency name="fs-autofs" grouping="optional_all" restart_on="none" type="service"> + <service_fmri value="svc:/system/filesystem/autofs"/> + </dependency> + <dependency name="cryptosvc" grouping="optional_all" restart_on="none" type="service"> + <service_fmri value="svc:/system/cryptosvc"/> + </dependency> + <dependency name="network_ipfilter" grouping="optional_all" restart_on="error" type="service"> + <service_fmri value="svc:/network/ipfilter:default"/> + </dependency> + <dependency name="utmp" grouping="optional_all" restart_on="none" type="service"> + <service_fmri value="svc:/system/utmp"/> + </dependency> + <dependent name="ssh_multi-user-server" grouping="optional_all" restart_on="none"> + <service_fmri value="svc:/milestone/multi-user-server"/> + </dependent> + <exec_method type="method" name="start" exec="/lib/svc/method/openssh start" timeout_seconds="30"/> + <exec_method type="method" name="stop" exec=":kill" timeout_seconds="30"/> + <exec_method type="method" name="refresh" exec=":kill -HUP" timeout_seconds="30"/> + <property_group name="startd" type="framework"> + <propval name="ignore_error" type="astring" value="core,signal"/> + </property_group> + <property_group name="package" type="framework"> + <propval name="upgrade" type="astring" value="restart"/> + </property_group> + <property_group name="general" type="framework"> + <propval name="action_authorization" type="astring" value="solaris.smf.manage.ssh"/> + </property_group> + <!-- See man svc.ipfd --> + <property_group name="firewall_context" type="com.sun,fw_definition"> + <propval name="name" type="astring" value="ssh"/> + <propval name="ipf_method" type="astring" value="/lib/svc/method/network-ssh ipfilter"/> + </property_group> + <property_group name="firewall_config" type="com.sun,fw_configuration"> + <propval name="policy" type="astring" value="use_global"/> + <propval name="apply_to" type="astring" value=""/> + <propval name="exceptions" type="astring" value=""/> + <propval name="value_authorization" type="astring" value="solaris.smf.value.firewall.config"/> + </property_group> + <template> + <common_name> + <loctext xml:lang="C"> + OpenSSH server + </loctext> + </common_name> + <documentation> + <manpage title="sshd" section="8"/> + </documentation> + </template> + </instance> + <stability value="Stable"/> + </service> +</service_bundle> diff --git a/debian/openssh-server.smf/method/openssh b/debian/openssh-server.smf/method/openssh new file mode 100755 index 0000000..bb75217 --- /dev/null +++ b/debian/openssh-server.smf/method/openssh @@ -0,0 +1,52 @@ +#!/bin/sh + +have_ips=no +if [ -e /lib/svc/share/ipf_include.sh ]; then + . /lib/svc/share/ipf_include.sh + have_ips=yes +fi + +. /lib/svc/share/smf_include.sh + +create_ipf_rules() +{ + FMRI=$1 + ipf_file=`fmri_to_file ${FMRI} $IPF_SUFFIX` + policy=`get_policy ${FMRI}` + + # + # Get port from /etc/ssh/sshd_config + # + tports=`grep "^Port" /etc/ssh/sshd_config 2>/dev/null | \ + awk '{print $2}'` + + echo "# $FMRI" >$ipf_file + for port in $tports; do + generate_rules $FMRI $policy "tcp" "any" $port $ipf_file + done +} + +case $1 in +'ipfilter') + if [ $have_ips = yes ]; then + create_ipf_rules $2 + else + echo "WARNING: $0: ipfilter is not available" >&2 + fi + ;; + +'start') + if [ ! -d /var/run/sshd ]; then + mkdir /var/run/sshd + chmod 0755 /var/run/sshd + fi + /usr/sbin/sshd + ;; + +*) + echo "Usage: $0 { start | restart }" + exit 1 + ;; +esac + +exit $? diff --git a/debian/patches/dyson.patch b/debian/patches/dyson.patch new file mode 100644 index 0000000..a3e9e8d --- /dev/null +++ b/debian/patches/dyson.patch @@ -0,0 +1,46 @@ +Index: openssh-7.4p1/configure.ac +=================================================================== +--- openssh-7.4p1.orig/configure.ac ++++ openssh-7.4p1/configure.ac +@@ -902,7 +902,6 @@ mips-sony-bsd|mips-sony-newsos4) + if test "x$withval" != "xno" ; then + need_dash_r=1 + fi +- AC_DEFINE([PAM_SUN_CODEBASE]) + AC_DEFINE([LOGIN_NEEDS_UTMPX]) + AC_DEFINE([PAM_TTY_KLUDGE]) + AC_DEFINE([SSHPAM_CHAUTHTOK_NEEDS_RUID], [1], +@@ -916,6 +915,7 @@ mips-sony-bsd|mips-sony-newsos4) + AC_DEFINE([PASSWD_NEEDS_USERNAME], [1], [must supply username to passwd + in case the name is longer than 8 chars]) + AC_DEFINE([BROKEN_TCGETATTR_ICANON], [1], [tcgetattr with ICANON may hang]) ++ AC_DEFINE([PTY_ZEROREAD], [1], [read(2) can return 0 for a non-closed pty fd]) + external_path_file=/etc/default/login + # hardwire lastlog location (can't detect it on some versions) + conf_lastlog_location="/var/adm/lastlog" +Index: openssh-7.4p1/kex.h +=================================================================== +--- openssh-7.4p1.orig/kex.h ++++ openssh-7.4p1/kex.h +@@ -26,6 +26,8 @@ + #ifndef KEX_H + #define KEX_H + ++#include <signal.h> ++ + #include "mac.h" + #include "buffer.h" /* XXX for typedef */ + #include "key.h" /* XXX for typedef */ +Index: openssh-7.4p1/openbsd-compat/regress/closefromtest.c +=================================================================== +--- openssh-7.4p1.orig/openbsd-compat/regress/closefromtest.c ++++ openssh-7.4p1/openbsd-compat/regress/closefromtest.c +@@ -24,8 +24,6 @@ + + #define NUM_OPENS 10 + +-int closefrom(int); +- + void + fail(char *msg) + { diff --git a/debian/patches/series b/debian/patches/series index c5fc814..6ac722e 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -34,3 +34,4 @@ ssh-keygen-hash-corruption.patch ssh-keyscan-hash-port.patch ssh-keygen-null-deref.patch unbreak-unix-forwarding-for-root.patch +dyson.patch diff --git a/debian/rules b/debian/rules index c1aa978..751207e 100755 --- a/debian/rules +++ b/debian/rules @@ -1,5 +1,7 @@ #!/usr/bin/make -f +include /usr/share/dpkg/architecture.mk + # Uncomment this to turn on verbose mode. # export DH_VERBOSE=1 @@ -19,10 +21,6 @@ else -j$(patsubst parallel=%,%,$(filter parallel=%,$(DEB_BUILD_OPTIONS))) endif -DEB_HOST_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_HOST_GNU_TYPE) -DEB_BUILD_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_BUILD_GNU_TYPE) -DEB_HOST_ARCH ?= $(shell dpkg-architecture -qDEB_HOST_ARCH) - ifeq ($(DEB_BUILD_GNU_TYPE),$(DEB_HOST_GNU_TYPE)) CC := gcc PKG_CONFIG = pkg-config @@ -90,12 +88,18 @@ confflags += --with-pam confflags += --with-libedit confflags += --with-kerberos5=/usr confflags += --with-ssl-engine + ifeq ($(DEB_HOST_ARCH_OS),linux) confflags += --with-selinux confflags += --with-audit=linux confflags += --with-systemd endif +ifeq ($(DEB_HOST_ARCH_OS),illumos) +confflags += --with-solaris-projects +confflags += --with-solaris-contracts +endif + # The deb build wants xauth; the udeb build doesn't. confflags += --with-xauth=/usr/bin/xauth confflags_udeb += --without-xauth @@ -113,13 +117,22 @@ cflags_udeb := -Os cflags_udeb += -DSSH_EXTRAVERSION=\"$(SSH_EXTRAVERSION)\" confflags += --with-cflags='$(cflags)' confflags_udeb += --with-cflags='$(cflags_udeb)' +#ifeq ($(DEB_HOST_ARCH),illumos-amd64) +#cflags += -D_XOPEN_SOURCE=700 -D__EXTENSIONS__ +#cflags_udeb += -D_XOPEN_SOURCE=700 -D__EXTENSIONS__ +#endif # Linker flags. confflags += --with-ldflags='$(strip -Wl,--as-needed $(LDFLAGS))' confflags_udeb += --with-ldflags='-Wl,--as-needed' +dh_with := autoreconf +ifeq ($(DEB_HOST_ARCH_OS),linux) +dh_with += systemd +endif + %: - dh $@ --with=autoreconf,systemd + dh $@ $(dh_with:%=--with %) autoreconf: autoreconf -f -i @@ -206,11 +219,15 @@ override_dh_installdocs: mkdir -p debian/openssh-server/usr/share/doc/openssh-client override_dh_systemd_enable: +ifeq ($(DEB_HOST_ARCH_OS),linux) dh_systemd_enable -popenssh-server --name ssh ssh.service dh_systemd_enable -popenssh-server --name ssh --no-enable ssh.socket +endif override_dh_installinit: +ifneq ($(DEB_HOST_ARCH_OS),illumos) dh_installinit -R --name ssh +endif debian/openssh-server.sshd.pam: debian/openssh-server.sshd.pam.in ifeq ($(DEB_HOST_ARCH_OS),linux) |