From: sgn <sgn@users.noreply.github.com>
To: ml@inbox.vuxu.org
Subject: [PR PATCH] openssh: use sshd_config.d for customisation
Date: Fri, 18 Aug 2023 15:09:09 +0200 [thread overview]
Message-ID: <gh-mailinglist-notifications-41a7ca26-5023-4802-975b-f1789d68868e-void-packages-45655@inbox.vuxu.org> (raw)
[-- Attachment #1: Type: text/plain, Size: 1260 bytes --]
There is a new pull request by sgn against master on the void-packages repository
https://github.com/sgn/void-packages openssh-sshd-config
https://github.com/void-linux/void-packages/pull/45655
openssh: use sshd_config.d for customisation
<!-- Uncomment relevant sections and delete options which are not applicable -->
#### Testing the changes
- I tested the changes in this PR: **YES**
<!--
#### New package
- This new package conforms to the [package requirements](https://github.com/void-linux/void-packages/blob/master/CONTRIBUTING.md#package-requirements): **YES**|**NO**
-->
<!-- Note: If the build is likely to take more than 2 hours, please add ci skip tag as described in
https://github.com/void-linux/void-packages/blob/master/CONTRIBUTING.md#continuous-integration
and test at least one native build and, if supported, at least one cross build.
Ignore this section if this PR is not skipping CI.
-->
<!--
#### Local build testing
- I built this PR locally for my native architecture, (ARCH-LIBC)
- I built this PR locally for these architectures (if supported. mark crossbuilds):
- aarch64-musl
- armv7l
- armv6l-musl
-->
A patch file from https://github.com/void-linux/void-packages/pull/45655.patch is attached
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-openssh-sshd-config-45655.patch --]
[-- Type: text/x-diff, Size: 3117 bytes --]
From 549697725012ccd368ff8f67aa63f2a36327a7a4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=C4=90o=C3=A0n=20Tr=E1=BA=A7n=20C=C3=B4ng=20Danh?=
<congdanhqx@gmail.com>
Date: Fri, 18 Aug 2023 20:07:21 +0700
Subject: [PATCH] openssh: use sshd_config.d for customisation
---
srcpkgs/openssh/patches/sshd_config.patch | 37 +++++++++++++++++++++++
srcpkgs/openssh/template | 12 +++-----
2 files changed, 41 insertions(+), 8 deletions(-)
create mode 100644 srcpkgs/openssh/patches/sshd_config.patch
diff --git a/srcpkgs/openssh/patches/sshd_config.patch b/srcpkgs/openssh/patches/sshd_config.patch
new file mode 100644
index 0000000000000..4be59e843bebc
--- /dev/null
+++ b/srcpkgs/openssh/patches/sshd_config.patch
@@ -0,0 +1,37 @@
+--- a/sshd_config
++++ b/sshd_config
+@@ -9,6 +9,7 @@
+ # OpenSSH is to specify options with their default value where
+ # possible, but leave them commented. Uncommented options override the
+ # default value.
++Include /etc/ssh/sshd_config.d/*.conf
+
+ #Port 22
+ #AddressFamily any
+@@ -58,7 +59,7 @@ AuthorizedKeysFile .ssh/authorized_keys
+ #PermitEmptyPasswords no
+
+ # Change to no to disable s/key passwords
+-#KbdInteractiveAuthentication yes
++KbdInteractiveAuthentication no
+
+ # Kerberos options
+ #KerberosAuthentication no
+@@ -79,7 +80,7 @@ AuthorizedKeysFile .ssh/authorized_keys
+ # If you just want the PAM account and session checks to run without
+ # PAM authentication, then enable this but set PasswordAuthentication
+ # and KbdInteractiveAuthentication to 'no'.
+-#UsePAM no
++UsePAM yes
+
+ #AllowAgentForwarding yes
+ #AllowTcpForwarding yes
+@@ -88,7 +89,7 @@ AuthorizedKeysFile .ssh/authorized_keys
+ #X11DisplayOffset 10
+ #X11UseLocalhost yes
+ #PermitTTY yes
+-#PrintMotd yes
++PrintMotd no
+ #PrintLastLog yes
+ #TCPKeepAlive yes
+ #PermitUserEnvironment no
diff --git a/srcpkgs/openssh/template b/srcpkgs/openssh/template
index a5c920fb10b2e..c92949cf91735 100644
--- a/srcpkgs/openssh/template
+++ b/srcpkgs/openssh/template
@@ -1,7 +1,7 @@
# Template file for 'openssh'
pkgname=openssh
version=9.3p2
-revision=2
+revision=3
build_style=gnu-configure
configure_args="--datadir=/usr/share/openssh
--sysconfdir=/etc/ssh --without-selinux --with-privsep-user=nobody
@@ -27,7 +27,9 @@ homepage="https://www.openssh.com"
distfiles="https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/${pkgname}-${version}.tar.gz"
checksum=200ebe147f6cb3f101fd0cdf9e02442af7ddca298dffd9f456878e7ccac676e8
conf_files="/etc/ssh/moduli /etc/ssh/ssh_config /etc/ssh/sshd_config /etc/pam.d/sshd"
-make_dirs="/var/chroot/ssh 0755 root root"
+make_dirs="
+ /var/chroot/ssh 0755 root root
+ /etc/ssh/sshd_config.d 0755 root root"
# Package build options
build_options="fido2 gssapi ldns ssl"
@@ -65,12 +67,6 @@ post_install() {
vman contrib/ssh-copy-id.1
vlicense LICENCE
- # configure to use PAM
- vsed -i ${DESTDIR}/etc/ssh/sshd_config \
- -e 's|^#\(UsePAM\) no|\1 yes|g' \
- -e 's|^#\(KbdInteractiveAuthentication\) yes|\1 no|g' \
- -e 's|^#\(PrintMotd\) yes|\1 no|g'
-
vinstall ${FILESDIR}/sshd.pam 644 etc/pam.d sshd
vsv sshd
}
next reply other threads:[~2023-08-18 13:09 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-08-18 13:09 sgn [this message]
2023-08-18 13:35 ` [PR REVIEW] " ahesford
2023-08-18 14:40 ` [PR PATCH] [Updated] " sgn
2023-08-22 12:39 ` [PR PATCH] [Merged]: " leahneukirchen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=gh-mailinglist-notifications-41a7ca26-5023-4802-975b-f1789d68868e-void-packages-45655@inbox.vuxu.org \
--to=sgn@users.noreply.github.com \
--cc=ml@inbox.vuxu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).