* [PR PATCH] openssh: use sshd_config.d for customisation @ 2023-08-18 13:09 sgn 2023-08-18 13:35 ` [PR REVIEW] " ahesford ` (2 more replies) 0 siblings, 3 replies; 4+ messages in thread From: sgn @ 2023-08-18 13:09 UTC (permalink / raw) To: ml [-- Attachment #1: Type: text/plain, Size: 1260 bytes --] There is a new pull request by sgn against master on the void-packages repository https://github.com/sgn/void-packages openssh-sshd-config https://github.com/void-linux/void-packages/pull/45655 openssh: use sshd_config.d for customisation <!-- Uncomment relevant sections and delete options which are not applicable --> #### Testing the changes - I tested the changes in this PR: **YES** <!-- #### New package - This new package conforms to the [package requirements](https://github.com/void-linux/void-packages/blob/master/CONTRIBUTING.md#package-requirements): **YES**|**NO** --> <!-- Note: If the build is likely to take more than 2 hours, please add ci skip tag as described in https://github.com/void-linux/void-packages/blob/master/CONTRIBUTING.md#continuous-integration and test at least one native build and, if supported, at least one cross build. Ignore this section if this PR is not skipping CI. --> <!-- #### Local build testing - I built this PR locally for my native architecture, (ARCH-LIBC) - I built this PR locally for these architectures (if supported. mark crossbuilds): - aarch64-musl - armv7l - armv6l-musl --> A patch file from https://github.com/void-linux/void-packages/pull/45655.patch is attached [-- Warning: decoded text below may be mangled, UTF-8 assumed --] [-- Attachment #2: github-pr-openssh-sshd-config-45655.patch --] [-- Type: text/x-diff, Size: 3117 bytes --] From 549697725012ccd368ff8f67aa63f2a36327a7a4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C4=90o=C3=A0n=20Tr=E1=BA=A7n=20C=C3=B4ng=20Danh?= <congdanhqx@gmail.com> Date: Fri, 18 Aug 2023 20:07:21 +0700 Subject: [PATCH] openssh: use sshd_config.d for customisation --- srcpkgs/openssh/patches/sshd_config.patch | 37 +++++++++++++++++++++++ srcpkgs/openssh/template | 12 +++----- 2 files changed, 41 insertions(+), 8 deletions(-) create mode 100644 srcpkgs/openssh/patches/sshd_config.patch diff --git a/srcpkgs/openssh/patches/sshd_config.patch b/srcpkgs/openssh/patches/sshd_config.patch new file mode 100644 index 0000000000000..4be59e843bebc --- /dev/null +++ b/srcpkgs/openssh/patches/sshd_config.patch @@ -0,0 +1,37 @@ +--- a/sshd_config ++++ b/sshd_config +@@ -9,6 +9,7 @@ + # OpenSSH is to specify options with their default value where + # possible, but leave them commented. Uncommented options override the + # default value. ++Include /etc/ssh/sshd_config.d/*.conf + + #Port 22 + #AddressFamily any +@@ -58,7 +59,7 @@ AuthorizedKeysFile .ssh/authorized_keys + #PermitEmptyPasswords no + + # Change to no to disable s/key passwords +-#KbdInteractiveAuthentication yes ++KbdInteractiveAuthentication no + + # Kerberos options + #KerberosAuthentication no +@@ -79,7 +80,7 @@ AuthorizedKeysFile .ssh/authorized_keys + # If you just want the PAM account and session checks to run without + # PAM authentication, then enable this but set PasswordAuthentication + # and KbdInteractiveAuthentication to 'no'. +-#UsePAM no ++UsePAM yes + + #AllowAgentForwarding yes + #AllowTcpForwarding yes +@@ -88,7 +89,7 @@ AuthorizedKeysFile .ssh/authorized_keys + #X11DisplayOffset 10 + #X11UseLocalhost yes + #PermitTTY yes +-#PrintMotd yes ++PrintMotd no + #PrintLastLog yes + #TCPKeepAlive yes + #PermitUserEnvironment no diff --git a/srcpkgs/openssh/template b/srcpkgs/openssh/template index a5c920fb10b2e..c92949cf91735 100644 --- a/srcpkgs/openssh/template +++ b/srcpkgs/openssh/template @@ -1,7 +1,7 @@ # Template file for 'openssh' pkgname=openssh version=9.3p2 -revision=2 +revision=3 build_style=gnu-configure configure_args="--datadir=/usr/share/openssh --sysconfdir=/etc/ssh --without-selinux --with-privsep-user=nobody @@ -27,7 +27,9 @@ homepage="https://www.openssh.com" distfiles="https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/${pkgname}-${version}.tar.gz" checksum=200ebe147f6cb3f101fd0cdf9e02442af7ddca298dffd9f456878e7ccac676e8 conf_files="/etc/ssh/moduli /etc/ssh/ssh_config /etc/ssh/sshd_config /etc/pam.d/sshd" -make_dirs="/var/chroot/ssh 0755 root root" +make_dirs=" + /var/chroot/ssh 0755 root root + /etc/ssh/sshd_config.d 0755 root root" # Package build options build_options="fido2 gssapi ldns ssl" @@ -65,12 +67,6 @@ post_install() { vman contrib/ssh-copy-id.1 vlicense LICENCE - # configure to use PAM - vsed -i ${DESTDIR}/etc/ssh/sshd_config \ - -e 's|^#\(UsePAM\) no|\1 yes|g' \ - -e 's|^#\(KbdInteractiveAuthentication\) yes|\1 no|g' \ - -e 's|^#\(PrintMotd\) yes|\1 no|g' - vinstall ${FILESDIR}/sshd.pam 644 etc/pam.d sshd vsv sshd } ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PR REVIEW] openssh: use sshd_config.d for customisation 2023-08-18 13:09 [PR PATCH] openssh: use sshd_config.d for customisation sgn @ 2023-08-18 13:35 ` ahesford 2023-08-18 14:40 ` [PR PATCH] [Updated] " sgn 2023-08-22 12:39 ` [PR PATCH] [Merged]: " leahneukirchen 2 siblings, 0 replies; 4+ messages in thread From: ahesford @ 2023-08-18 13:35 UTC (permalink / raw) To: ml [-- Attachment #1: Type: text/plain, Size: 386 bytes --] New review comment by ahesford on void-packages repository https://github.com/void-linux/void-packages/pull/45655#discussion_r1298459852 Comment: ```suggestion # To avoid conflicts with the packaged configuration, specify custom options # in drop-in files under /etc/ssh/sshd_config.d to override any defaults or # options set below. +Include /etc/ssh/sshd_config.d/*.conf ``` ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PR PATCH] [Updated] openssh: use sshd_config.d for customisation 2023-08-18 13:09 [PR PATCH] openssh: use sshd_config.d for customisation sgn 2023-08-18 13:35 ` [PR REVIEW] " ahesford @ 2023-08-18 14:40 ` sgn 2023-08-22 12:39 ` [PR PATCH] [Merged]: " leahneukirchen 2 siblings, 0 replies; 4+ messages in thread From: sgn @ 2023-08-18 14:40 UTC (permalink / raw) To: ml [-- Attachment #1: Type: text/plain, Size: 1265 bytes --] There is an updated pull request by sgn against master on the void-packages repository https://github.com/sgn/void-packages openssh-sshd-config https://github.com/void-linux/void-packages/pull/45655 openssh: use sshd_config.d for customisation <!-- Uncomment relevant sections and delete options which are not applicable --> #### Testing the changes - I tested the changes in this PR: **YES** <!-- #### New package - This new package conforms to the [package requirements](https://github.com/void-linux/void-packages/blob/master/CONTRIBUTING.md#package-requirements): **YES**|**NO** --> <!-- Note: If the build is likely to take more than 2 hours, please add ci skip tag as described in https://github.com/void-linux/void-packages/blob/master/CONTRIBUTING.md#continuous-integration and test at least one native build and, if supported, at least one cross build. Ignore this section if this PR is not skipping CI. --> <!-- #### Local build testing - I built this PR locally for my native architecture, (ARCH-LIBC) - I built this PR locally for these architectures (if supported. mark crossbuilds): - aarch64-musl - armv7l - armv6l-musl --> A patch file from https://github.com/void-linux/void-packages/pull/45655.patch is attached [-- Warning: decoded text below may be mangled, UTF-8 assumed --] [-- Attachment #2: github-pr-openssh-sshd-config-45655.patch --] [-- Type: text/x-diff, Size: 5799 bytes --] From fb668d6d25040c681c16e5987e7cf2cc379e863a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C4=90o=C3=A0n=20Tr=E1=BA=A7n=20C=C3=B4ng=20Danh?= <congdanhqx@gmail.com> Date: Fri, 18 Aug 2023 20:07:21 +0700 Subject: [PATCH] openssh: use sshd_config.d for customisation --- srcpkgs/openssh/patches/config.patch | 14 +++---- srcpkgs/openssh/patches/ssh-musl-gssapi.patch | 4 +- srcpkgs/openssh/patches/sshd_config.patch | 41 +++++++++++++++++++ srcpkgs/openssh/patches/time_t-32-bit.patch | 6 +-- srcpkgs/openssh/template | 12 ++---- 5 files changed, 57 insertions(+), 20 deletions(-) create mode 100644 srcpkgs/openssh/patches/sshd_config.patch diff --git a/srcpkgs/openssh/patches/config.patch b/srcpkgs/openssh/patches/config.patch index abe054396261e..3375ba576d2e5 100644 --- a/srcpkgs/openssh/patches/config.patch +++ b/srcpkgs/openssh/patches/config.patch @@ -1,23 +1,23 @@ --- a/configure.ac +++ b/configure.ac -@@ -184,6 +184,7 @@ - OSSH_CHECK_CFLAG_COMPILE([-Wall]) +@@ -198,6 +198,7 @@ if test "$GCC" = "yes" || test "$GCC" = + OSSH_CHECK_CFLAG_COMPILE([-Wextra]) OSSH_CHECK_CFLAG_COMPILE([-Wpointer-arith]) OSSH_CHECK_CFLAG_COMPILE([-Wuninitialized]) + OSSH_CHECK_CFLAG_COMPILE([-Wimplicit-function-declaration]) OSSH_CHECK_CFLAG_COMPILE([-Wsign-compare]) OSSH_CHECK_CFLAG_COMPILE([-Wformat-security]) OSSH_CHECK_CFLAG_COMPILE([-Wsizeof-pointer-memaccess]) -@@ -1761,8 +1760,6 @@ +@@ -1973,8 +1974,6 @@ AC_CHECK_FUNCS([ \ strcasestr \ strdup \ strerror \ - strlcat \ - strlcpy \ strmode \ + strndup \ strnlen \ - strnvis \ -@@ -1785,6 +1781,13 @@ +@@ -2001,6 +2000,13 @@ AC_CHECK_FUNCS([ \ waitpid \ warn \ ]) @@ -29,5 +29,5 @@ +], [], [], [[#include <string.h>]]) +AC_CHECK_DECLS([reallocarray], [], [], [[#include <stdlib.h>]]) - dnl Wide character support. - AC_CHECK_FUNCS([mblen mbtowc nl_langinfo wcwidth]) + AC_CHECK_DECLS([bzero, memmem]) + diff --git a/srcpkgs/openssh/patches/ssh-musl-gssapi.patch b/srcpkgs/openssh/patches/ssh-musl-gssapi.patch index a0ac6dceb08f2..2a3947c170fe0 100644 --- a/srcpkgs/openssh/patches/ssh-musl-gssapi.patch +++ b/srcpkgs/openssh/patches/ssh-musl-gssapi.patch @@ -1,5 +1,5 @@ ---- a/gss-serv.c 2022-10-03 16:51:42.000000000 +0200 -+++ b/gss-serv.c 2022-11-09 13:28:59.124968270 +0100 +--- a/gss-serv.c ++++ b/gss-serv.c @@ -33,6 +33,7 @@ #include <stdarg.h> #include <string.h> diff --git a/srcpkgs/openssh/patches/sshd_config.patch b/srcpkgs/openssh/patches/sshd_config.patch new file mode 100644 index 0000000000000..aa87fdc677bde --- /dev/null +++ b/srcpkgs/openssh/patches/sshd_config.patch @@ -0,0 +1,41 @@ +--- a/sshd_config ++++ b/sshd_config +@@ -10,6 +10,11 @@ + # possible, but leave them commented. Uncommented options override the + # default value. + ++# To avoid conflicts with the packaged configuration, specify custom options ++# in drop-in files under /etc/ssh/sshd_config.d to override any defaults or ++# options set below. ++Include /etc/ssh/sshd_config.d/*.conf ++ + #Port 22 + #AddressFamily any + #ListenAddress 0.0.0.0 +@@ -58,7 +63,7 @@ AuthorizedKeysFile .ssh/authorized_keys + #PermitEmptyPasswords no + + # Change to no to disable s/key passwords +-#KbdInteractiveAuthentication yes ++KbdInteractiveAuthentication no + + # Kerberos options + #KerberosAuthentication no +@@ -79,7 +84,7 @@ AuthorizedKeysFile .ssh/authorized_keys + # If you just want the PAM account and session checks to run without + # PAM authentication, then enable this but set PasswordAuthentication + # and KbdInteractiveAuthentication to 'no'. +-#UsePAM no ++UsePAM yes + + #AllowAgentForwarding yes + #AllowTcpForwarding yes +@@ -88,7 +93,7 @@ AuthorizedKeysFile .ssh/authorized_keys + #X11DisplayOffset 10 + #X11UseLocalhost yes + #PermitTTY yes +-#PrintMotd yes ++PrintMotd no + #PrintLastLog yes + #TCPKeepAlive yes + #PermitUserEnvironment no diff --git a/srcpkgs/openssh/patches/time_t-32-bit.patch b/srcpkgs/openssh/patches/time_t-32-bit.patch index 8c11f3714ec68..f70e260ac98ff 100644 --- a/srcpkgs/openssh/patches/time_t-32-bit.patch +++ b/srcpkgs/openssh/patches/time_t-32-bit.patch @@ -1,6 +1,6 @@ ---- openssh-9.2p1.orig/channels.c -+++ openssh-9.2p1/channels.c -@@ -2558,7 +2558,7 @@ channel_handler(struct ssh *ssh, int tab +--- a/channels.c ++++ b/channels.c +@@ -2566,7 +2566,7 @@ channel_handler(struct ssh *ssh, int tab if (table == CHAN_PRE && c->type == SSH_CHANNEL_OPEN && c->inactive_deadline != 0 && c->lastused != 0 && diff --git a/srcpkgs/openssh/template b/srcpkgs/openssh/template index a5c920fb10b2e..c92949cf91735 100644 --- a/srcpkgs/openssh/template +++ b/srcpkgs/openssh/template @@ -1,7 +1,7 @@ # Template file for 'openssh' pkgname=openssh version=9.3p2 -revision=2 +revision=3 build_style=gnu-configure configure_args="--datadir=/usr/share/openssh --sysconfdir=/etc/ssh --without-selinux --with-privsep-user=nobody @@ -27,7 +27,9 @@ homepage="https://www.openssh.com" distfiles="https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/${pkgname}-${version}.tar.gz" checksum=200ebe147f6cb3f101fd0cdf9e02442af7ddca298dffd9f456878e7ccac676e8 conf_files="/etc/ssh/moduli /etc/ssh/ssh_config /etc/ssh/sshd_config /etc/pam.d/sshd" -make_dirs="/var/chroot/ssh 0755 root root" +make_dirs=" + /var/chroot/ssh 0755 root root + /etc/ssh/sshd_config.d 0755 root root" # Package build options build_options="fido2 gssapi ldns ssl" @@ -65,12 +67,6 @@ post_install() { vman contrib/ssh-copy-id.1 vlicense LICENCE - # configure to use PAM - vsed -i ${DESTDIR}/etc/ssh/sshd_config \ - -e 's|^#\(UsePAM\) no|\1 yes|g' \ - -e 's|^#\(KbdInteractiveAuthentication\) yes|\1 no|g' \ - -e 's|^#\(PrintMotd\) yes|\1 no|g' - vinstall ${FILESDIR}/sshd.pam 644 etc/pam.d sshd vsv sshd } ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PR PATCH] [Merged]: openssh: use sshd_config.d for customisation 2023-08-18 13:09 [PR PATCH] openssh: use sshd_config.d for customisation sgn 2023-08-18 13:35 ` [PR REVIEW] " ahesford 2023-08-18 14:40 ` [PR PATCH] [Updated] " sgn @ 2023-08-22 12:39 ` leahneukirchen 2 siblings, 0 replies; 4+ messages in thread From: leahneukirchen @ 2023-08-22 12:39 UTC (permalink / raw) To: ml [-- Attachment #1: Type: text/plain, Size: 1105 bytes --] There's a merged pull request on the void-packages repository openssh: use sshd_config.d for customisation https://github.com/void-linux/void-packages/pull/45655 Description: <!-- Uncomment relevant sections and delete options which are not applicable --> #### Testing the changes - I tested the changes in this PR: **YES** <!-- #### New package - This new package conforms to the [package requirements](https://github.com/void-linux/void-packages/blob/master/CONTRIBUTING.md#package-requirements): **YES**|**NO** --> <!-- Note: If the build is likely to take more than 2 hours, please add ci skip tag as described in https://github.com/void-linux/void-packages/blob/master/CONTRIBUTING.md#continuous-integration and test at least one native build and, if supported, at least one cross build. Ignore this section if this PR is not skipping CI. --> <!-- #### Local build testing - I built this PR locally for my native architecture, (ARCH-LIBC) - I built this PR locally for these architectures (if supported. mark crossbuilds): - aarch64-musl - armv7l - armv6l-musl --> ^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2023-08-22 12:39 UTC | newest] Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2023-08-18 13:09 [PR PATCH] openssh: use sshd_config.d for customisation sgn 2023-08-18 13:35 ` [PR REVIEW] " ahesford 2023-08-18 14:40 ` [PR PATCH] [Updated] " sgn 2023-08-22 12:39 ` [PR PATCH] [Merged]: " leahneukirchen
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).