* [PR PATCH] openssh: use sshd_config.d for customisation
@ 2023-08-18 13:09 sgn
2023-08-18 13:35 ` [PR REVIEW] " ahesford
` (2 more replies)
0 siblings, 3 replies; 4+ messages in thread
From: sgn @ 2023-08-18 13:09 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 1260 bytes --]
There is a new pull request by sgn against master on the void-packages repository
https://github.com/sgn/void-packages openssh-sshd-config
https://github.com/void-linux/void-packages/pull/45655
openssh: use sshd_config.d for customisation
<!-- Uncomment relevant sections and delete options which are not applicable -->
#### Testing the changes
- I tested the changes in this PR: **YES**
<!--
#### New package
- This new package conforms to the [package requirements](https://github.com/void-linux/void-packages/blob/master/CONTRIBUTING.md#package-requirements): **YES**|**NO**
-->
<!-- Note: If the build is likely to take more than 2 hours, please add ci skip tag as described in
https://github.com/void-linux/void-packages/blob/master/CONTRIBUTING.md#continuous-integration
and test at least one native build and, if supported, at least one cross build.
Ignore this section if this PR is not skipping CI.
-->
<!--
#### Local build testing
- I built this PR locally for my native architecture, (ARCH-LIBC)
- I built this PR locally for these architectures (if supported. mark crossbuilds):
- aarch64-musl
- armv7l
- armv6l-musl
-->
A patch file from https://github.com/void-linux/void-packages/pull/45655.patch is attached
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-openssh-sshd-config-45655.patch --]
[-- Type: text/x-diff, Size: 3117 bytes --]
From 549697725012ccd368ff8f67aa63f2a36327a7a4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=C4=90o=C3=A0n=20Tr=E1=BA=A7n=20C=C3=B4ng=20Danh?=
<congdanhqx@gmail.com>
Date: Fri, 18 Aug 2023 20:07:21 +0700
Subject: [PATCH] openssh: use sshd_config.d for customisation
---
srcpkgs/openssh/patches/sshd_config.patch | 37 +++++++++++++++++++++++
srcpkgs/openssh/template | 12 +++-----
2 files changed, 41 insertions(+), 8 deletions(-)
create mode 100644 srcpkgs/openssh/patches/sshd_config.patch
diff --git a/srcpkgs/openssh/patches/sshd_config.patch b/srcpkgs/openssh/patches/sshd_config.patch
new file mode 100644
index 0000000000000..4be59e843bebc
--- /dev/null
+++ b/srcpkgs/openssh/patches/sshd_config.patch
@@ -0,0 +1,37 @@
+--- a/sshd_config
++++ b/sshd_config
+@@ -9,6 +9,7 @@
+ # OpenSSH is to specify options with their default value where
+ # possible, but leave them commented. Uncommented options override the
+ # default value.
++Include /etc/ssh/sshd_config.d/*.conf
+
+ #Port 22
+ #AddressFamily any
+@@ -58,7 +59,7 @@ AuthorizedKeysFile .ssh/authorized_keys
+ #PermitEmptyPasswords no
+
+ # Change to no to disable s/key passwords
+-#KbdInteractiveAuthentication yes
++KbdInteractiveAuthentication no
+
+ # Kerberos options
+ #KerberosAuthentication no
+@@ -79,7 +80,7 @@ AuthorizedKeysFile .ssh/authorized_keys
+ # If you just want the PAM account and session checks to run without
+ # PAM authentication, then enable this but set PasswordAuthentication
+ # and KbdInteractiveAuthentication to 'no'.
+-#UsePAM no
++UsePAM yes
+
+ #AllowAgentForwarding yes
+ #AllowTcpForwarding yes
+@@ -88,7 +89,7 @@ AuthorizedKeysFile .ssh/authorized_keys
+ #X11DisplayOffset 10
+ #X11UseLocalhost yes
+ #PermitTTY yes
+-#PrintMotd yes
++PrintMotd no
+ #PrintLastLog yes
+ #TCPKeepAlive yes
+ #PermitUserEnvironment no
diff --git a/srcpkgs/openssh/template b/srcpkgs/openssh/template
index a5c920fb10b2e..c92949cf91735 100644
--- a/srcpkgs/openssh/template
+++ b/srcpkgs/openssh/template
@@ -1,7 +1,7 @@
# Template file for 'openssh'
pkgname=openssh
version=9.3p2
-revision=2
+revision=3
build_style=gnu-configure
configure_args="--datadir=/usr/share/openssh
--sysconfdir=/etc/ssh --without-selinux --with-privsep-user=nobody
@@ -27,7 +27,9 @@ homepage="https://www.openssh.com"
distfiles="https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/${pkgname}-${version}.tar.gz"
checksum=200ebe147f6cb3f101fd0cdf9e02442af7ddca298dffd9f456878e7ccac676e8
conf_files="/etc/ssh/moduli /etc/ssh/ssh_config /etc/ssh/sshd_config /etc/pam.d/sshd"
-make_dirs="/var/chroot/ssh 0755 root root"
+make_dirs="
+ /var/chroot/ssh 0755 root root
+ /etc/ssh/sshd_config.d 0755 root root"
# Package build options
build_options="fido2 gssapi ldns ssl"
@@ -65,12 +67,6 @@ post_install() {
vman contrib/ssh-copy-id.1
vlicense LICENCE
- # configure to use PAM
- vsed -i ${DESTDIR}/etc/ssh/sshd_config \
- -e 's|^#\(UsePAM\) no|\1 yes|g' \
- -e 's|^#\(KbdInteractiveAuthentication\) yes|\1 no|g' \
- -e 's|^#\(PrintMotd\) yes|\1 no|g'
-
vinstall ${FILESDIR}/sshd.pam 644 etc/pam.d sshd
vsv sshd
}
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PR REVIEW] openssh: use sshd_config.d for customisation
2023-08-18 13:09 [PR PATCH] openssh: use sshd_config.d for customisation sgn
@ 2023-08-18 13:35 ` ahesford
2023-08-18 14:40 ` [PR PATCH] [Updated] " sgn
2023-08-22 12:39 ` [PR PATCH] [Merged]: " leahneukirchen
2 siblings, 0 replies; 4+ messages in thread
From: ahesford @ 2023-08-18 13:35 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 386 bytes --]
New review comment by ahesford on void-packages repository
https://github.com/void-linux/void-packages/pull/45655#discussion_r1298459852
Comment:
```suggestion
# To avoid conflicts with the packaged configuration, specify custom options
# in drop-in files under /etc/ssh/sshd_config.d to override any defaults or
# options set below.
+Include /etc/ssh/sshd_config.d/*.conf
```
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PR PATCH] [Updated] openssh: use sshd_config.d for customisation
2023-08-18 13:09 [PR PATCH] openssh: use sshd_config.d for customisation sgn
2023-08-18 13:35 ` [PR REVIEW] " ahesford
@ 2023-08-18 14:40 ` sgn
2023-08-22 12:39 ` [PR PATCH] [Merged]: " leahneukirchen
2 siblings, 0 replies; 4+ messages in thread
From: sgn @ 2023-08-18 14:40 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 1265 bytes --]
There is an updated pull request by sgn against master on the void-packages repository
https://github.com/sgn/void-packages openssh-sshd-config
https://github.com/void-linux/void-packages/pull/45655
openssh: use sshd_config.d for customisation
<!-- Uncomment relevant sections and delete options which are not applicable -->
#### Testing the changes
- I tested the changes in this PR: **YES**
<!--
#### New package
- This new package conforms to the [package requirements](https://github.com/void-linux/void-packages/blob/master/CONTRIBUTING.md#package-requirements): **YES**|**NO**
-->
<!-- Note: If the build is likely to take more than 2 hours, please add ci skip tag as described in
https://github.com/void-linux/void-packages/blob/master/CONTRIBUTING.md#continuous-integration
and test at least one native build and, if supported, at least one cross build.
Ignore this section if this PR is not skipping CI.
-->
<!--
#### Local build testing
- I built this PR locally for my native architecture, (ARCH-LIBC)
- I built this PR locally for these architectures (if supported. mark crossbuilds):
- aarch64-musl
- armv7l
- armv6l-musl
-->
A patch file from https://github.com/void-linux/void-packages/pull/45655.patch is attached
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-openssh-sshd-config-45655.patch --]
[-- Type: text/x-diff, Size: 5799 bytes --]
From fb668d6d25040c681c16e5987e7cf2cc379e863a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=C4=90o=C3=A0n=20Tr=E1=BA=A7n=20C=C3=B4ng=20Danh?=
<congdanhqx@gmail.com>
Date: Fri, 18 Aug 2023 20:07:21 +0700
Subject: [PATCH] openssh: use sshd_config.d for customisation
---
srcpkgs/openssh/patches/config.patch | 14 +++----
srcpkgs/openssh/patches/ssh-musl-gssapi.patch | 4 +-
srcpkgs/openssh/patches/sshd_config.patch | 41 +++++++++++++++++++
srcpkgs/openssh/patches/time_t-32-bit.patch | 6 +--
srcpkgs/openssh/template | 12 ++----
5 files changed, 57 insertions(+), 20 deletions(-)
create mode 100644 srcpkgs/openssh/patches/sshd_config.patch
diff --git a/srcpkgs/openssh/patches/config.patch b/srcpkgs/openssh/patches/config.patch
index abe054396261e..3375ba576d2e5 100644
--- a/srcpkgs/openssh/patches/config.patch
+++ b/srcpkgs/openssh/patches/config.patch
@@ -1,23 +1,23 @@
--- a/configure.ac
+++ b/configure.ac
-@@ -184,6 +184,7 @@
- OSSH_CHECK_CFLAG_COMPILE([-Wall])
+@@ -198,6 +198,7 @@ if test "$GCC" = "yes" || test "$GCC" =
+ OSSH_CHECK_CFLAG_COMPILE([-Wextra])
OSSH_CHECK_CFLAG_COMPILE([-Wpointer-arith])
OSSH_CHECK_CFLAG_COMPILE([-Wuninitialized])
+ OSSH_CHECK_CFLAG_COMPILE([-Wimplicit-function-declaration])
OSSH_CHECK_CFLAG_COMPILE([-Wsign-compare])
OSSH_CHECK_CFLAG_COMPILE([-Wformat-security])
OSSH_CHECK_CFLAG_COMPILE([-Wsizeof-pointer-memaccess])
-@@ -1761,8 +1760,6 @@
+@@ -1973,8 +1974,6 @@ AC_CHECK_FUNCS([ \
strcasestr \
strdup \
strerror \
- strlcat \
- strlcpy \
strmode \
+ strndup \
strnlen \
- strnvis \
-@@ -1785,6 +1781,13 @@
+@@ -2001,6 +2000,13 @@ AC_CHECK_FUNCS([ \
waitpid \
warn \
])
@@ -29,5 +29,5 @@
+], [], [], [[#include <string.h>]])
+AC_CHECK_DECLS([reallocarray], [], [], [[#include <stdlib.h>]])
- dnl Wide character support.
- AC_CHECK_FUNCS([mblen mbtowc nl_langinfo wcwidth])
+ AC_CHECK_DECLS([bzero, memmem])
+
diff --git a/srcpkgs/openssh/patches/ssh-musl-gssapi.patch b/srcpkgs/openssh/patches/ssh-musl-gssapi.patch
index a0ac6dceb08f2..2a3947c170fe0 100644
--- a/srcpkgs/openssh/patches/ssh-musl-gssapi.patch
+++ b/srcpkgs/openssh/patches/ssh-musl-gssapi.patch
@@ -1,5 +1,5 @@
---- a/gss-serv.c 2022-10-03 16:51:42.000000000 +0200
-+++ b/gss-serv.c 2022-11-09 13:28:59.124968270 +0100
+--- a/gss-serv.c
++++ b/gss-serv.c
@@ -33,6 +33,7 @@
#include <stdarg.h>
#include <string.h>
diff --git a/srcpkgs/openssh/patches/sshd_config.patch b/srcpkgs/openssh/patches/sshd_config.patch
new file mode 100644
index 0000000000000..aa87fdc677bde
--- /dev/null
+++ b/srcpkgs/openssh/patches/sshd_config.patch
@@ -0,0 +1,41 @@
+--- a/sshd_config
++++ b/sshd_config
+@@ -10,6 +10,11 @@
+ # possible, but leave them commented. Uncommented options override the
+ # default value.
+
++# To avoid conflicts with the packaged configuration, specify custom options
++# in drop-in files under /etc/ssh/sshd_config.d to override any defaults or
++# options set below.
++Include /etc/ssh/sshd_config.d/*.conf
++
+ #Port 22
+ #AddressFamily any
+ #ListenAddress 0.0.0.0
+@@ -58,7 +63,7 @@ AuthorizedKeysFile .ssh/authorized_keys
+ #PermitEmptyPasswords no
+
+ # Change to no to disable s/key passwords
+-#KbdInteractiveAuthentication yes
++KbdInteractiveAuthentication no
+
+ # Kerberos options
+ #KerberosAuthentication no
+@@ -79,7 +84,7 @@ AuthorizedKeysFile .ssh/authorized_keys
+ # If you just want the PAM account and session checks to run without
+ # PAM authentication, then enable this but set PasswordAuthentication
+ # and KbdInteractiveAuthentication to 'no'.
+-#UsePAM no
++UsePAM yes
+
+ #AllowAgentForwarding yes
+ #AllowTcpForwarding yes
+@@ -88,7 +93,7 @@ AuthorizedKeysFile .ssh/authorized_keys
+ #X11DisplayOffset 10
+ #X11UseLocalhost yes
+ #PermitTTY yes
+-#PrintMotd yes
++PrintMotd no
+ #PrintLastLog yes
+ #TCPKeepAlive yes
+ #PermitUserEnvironment no
diff --git a/srcpkgs/openssh/patches/time_t-32-bit.patch b/srcpkgs/openssh/patches/time_t-32-bit.patch
index 8c11f3714ec68..f70e260ac98ff 100644
--- a/srcpkgs/openssh/patches/time_t-32-bit.patch
+++ b/srcpkgs/openssh/patches/time_t-32-bit.patch
@@ -1,6 +1,6 @@
---- openssh-9.2p1.orig/channels.c
-+++ openssh-9.2p1/channels.c
-@@ -2558,7 +2558,7 @@ channel_handler(struct ssh *ssh, int tab
+--- a/channels.c
++++ b/channels.c
+@@ -2566,7 +2566,7 @@ channel_handler(struct ssh *ssh, int tab
if (table == CHAN_PRE &&
c->type == SSH_CHANNEL_OPEN &&
c->inactive_deadline != 0 && c->lastused != 0 &&
diff --git a/srcpkgs/openssh/template b/srcpkgs/openssh/template
index a5c920fb10b2e..c92949cf91735 100644
--- a/srcpkgs/openssh/template
+++ b/srcpkgs/openssh/template
@@ -1,7 +1,7 @@
# Template file for 'openssh'
pkgname=openssh
version=9.3p2
-revision=2
+revision=3
build_style=gnu-configure
configure_args="--datadir=/usr/share/openssh
--sysconfdir=/etc/ssh --without-selinux --with-privsep-user=nobody
@@ -27,7 +27,9 @@ homepage="https://www.openssh.com"
distfiles="https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/${pkgname}-${version}.tar.gz"
checksum=200ebe147f6cb3f101fd0cdf9e02442af7ddca298dffd9f456878e7ccac676e8
conf_files="/etc/ssh/moduli /etc/ssh/ssh_config /etc/ssh/sshd_config /etc/pam.d/sshd"
-make_dirs="/var/chroot/ssh 0755 root root"
+make_dirs="
+ /var/chroot/ssh 0755 root root
+ /etc/ssh/sshd_config.d 0755 root root"
# Package build options
build_options="fido2 gssapi ldns ssl"
@@ -65,12 +67,6 @@ post_install() {
vman contrib/ssh-copy-id.1
vlicense LICENCE
- # configure to use PAM
- vsed -i ${DESTDIR}/etc/ssh/sshd_config \
- -e 's|^#\(UsePAM\) no|\1 yes|g' \
- -e 's|^#\(KbdInteractiveAuthentication\) yes|\1 no|g' \
- -e 's|^#\(PrintMotd\) yes|\1 no|g'
-
vinstall ${FILESDIR}/sshd.pam 644 etc/pam.d sshd
vsv sshd
}
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PR PATCH] [Merged]: openssh: use sshd_config.d for customisation
2023-08-18 13:09 [PR PATCH] openssh: use sshd_config.d for customisation sgn
2023-08-18 13:35 ` [PR REVIEW] " ahesford
2023-08-18 14:40 ` [PR PATCH] [Updated] " sgn
@ 2023-08-22 12:39 ` leahneukirchen
2 siblings, 0 replies; 4+ messages in thread
From: leahneukirchen @ 2023-08-22 12:39 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 1105 bytes --]
There's a merged pull request on the void-packages repository
openssh: use sshd_config.d for customisation
https://github.com/void-linux/void-packages/pull/45655
Description:
<!-- Uncomment relevant sections and delete options which are not applicable -->
#### Testing the changes
- I tested the changes in this PR: **YES**
<!--
#### New package
- This new package conforms to the [package requirements](https://github.com/void-linux/void-packages/blob/master/CONTRIBUTING.md#package-requirements): **YES**|**NO**
-->
<!-- Note: If the build is likely to take more than 2 hours, please add ci skip tag as described in
https://github.com/void-linux/void-packages/blob/master/CONTRIBUTING.md#continuous-integration
and test at least one native build and, if supported, at least one cross build.
Ignore this section if this PR is not skipping CI.
-->
<!--
#### Local build testing
- I built this PR locally for my native architecture, (ARCH-LIBC)
- I built this PR locally for these architectures (if supported. mark crossbuilds):
- aarch64-musl
- armv7l
- armv6l-musl
-->
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2023-08-22 12:39 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-08-18 13:09 [PR PATCH] openssh: use sshd_config.d for customisation sgn
2023-08-18 13:35 ` [PR REVIEW] " ahesford
2023-08-18 14:40 ` [PR PATCH] [Updated] " sgn
2023-08-22 12:39 ` [PR PATCH] [Merged]: " leahneukirchen
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).