From 134831e164524996d8ccb9f0a215258646066406 Mon Sep 17 00:00:00 2001 From: Stephan Raue Date: Tue, 3 May 2011 14:33:44 +0200 Subject: [PATCH] new package: add package 'openssh' Signed-off-by: Stephan Raue --- packages/network/install | 2 +- packages/network/openssh/build | 44 +++++++ packages/network/openssh/config/ssh_config | 47 +++++++ packages/network/openssh/config/sshd_config | 118 ++++++++++++++++++ packages/network/openssh/init.d/51_sshd | 72 +++++++++++ packages/network/openssh/install | 39 ++++++ packages/network/openssh/meta | 36 ++++++ .../openssh-5.8p2-000-crosscompiling.patch | 53 ++++++++ .../openssh-5.8p2-001-abstract_socket.patch | 49 ++++++++ 9 files changed, 459 insertions(+), 1 deletion(-) create mode 100755 packages/network/openssh/build create mode 100644 packages/network/openssh/config/ssh_config create mode 100644 packages/network/openssh/config/sshd_config create mode 100644 packages/network/openssh/init.d/51_sshd create mode 100755 packages/network/openssh/install create mode 100644 packages/network/openssh/meta create mode 100644 packages/network/openssh/patches/openssh-5.8p2-000-crosscompiling.patch create mode 100644 packages/network/openssh/patches/openssh-5.8p2-001-abstract_socket.patch diff --git a/packages/network/install b/packages/network/install index d85bd74c04..2fd089413d 100755 --- a/packages/network/install +++ b/packages/network/install @@ -23,8 +23,8 @@ . config/options $1 $SCRIPTS/install connman -$SCRIPTS/install dropbear $SCRIPTS/install ethtool +$SCRIPTS/install openssh if [ "$NETMOUNT" = "yes" ]; then $SCRIPTS/install netmount diff --git a/packages/network/openssh/build b/packages/network/openssh/build new file mode 100755 index 0000000000..62b0c5cc8a --- /dev/null +++ b/packages/network/openssh/build @@ -0,0 +1,44 @@ +#!/bin/sh + +################################################################################ +# This file is part of OpenELEC - http://www.openelec.tv +# Copyright (C) 2009-2011 Stephan Raue (stephan@openelec.tv) +# +# This Program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2, or (at your option) +# any later version. +# +# This Program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with OpenELEC.tv; see the file COPYING. If not, write to +# the Free Software Foundation, 675 Mass Ave, Cambridge, MA 02139, USA. +# http://www.gnu.org/copyleft/gpl.html +################################################################################ + +. config/options $1 + +export LD="$TARGET_CC" +export LDFLAGS="$TARGET_CFLAGS $TARGET_LDFLAGS" + +cd $PKG_BUILD +ac_cv_have_space_for_dirent_d_name=yes \ +./configure --host=$TARGET_NAME \ + --build=$HOST_NAME \ + --prefix=/usr \ + --sysconfdir=/etc \ + --disable-strip \ + --disable-lastlog \ + --disable-utmp \ + --disable-utmpx \ + --disable-wtmp \ + --disable-wtmpx \ + --without-rpath \ + --with-ssl-engine \ + --without-pam + +make diff --git a/packages/network/openssh/config/ssh_config b/packages/network/openssh/config/ssh_config new file mode 100644 index 0000000000..18936740f6 --- /dev/null +++ b/packages/network/openssh/config/ssh_config @@ -0,0 +1,47 @@ +# $OpenBSD: ssh_config,v 1.26 2010/01/11 01:39:46 dtucker Exp $ + +# This is the ssh client system-wide configuration file. See +# ssh_config(5) for more information. This file provides defaults for +# users, and the values can be changed in per-user configuration files +# or on the command line. + +# Configuration data is parsed as follows: +# 1. command line options +# 2. user-specific file +# 3. system-wide file +# Any configuration value is only changed the first time it is set. +# Thus, host-specific definitions should be at the beginning of the +# configuration file, and defaults at the end. + +# Site-wide defaults for some commonly used options. For a comprehensive +# list of available options, their meanings and defaults, please see the +# ssh_config(5) man page. + +# Host * +# ForwardAgent no +# ForwardX11 no +# RhostsRSAAuthentication no +# RSAAuthentication yes +# PasswordAuthentication yes +# HostbasedAuthentication no +# GSSAPIAuthentication no +# GSSAPIDelegateCredentials no +# BatchMode no +# CheckHostIP yes +# AddressFamily any +# ConnectTimeout 0 +# StrictHostKeyChecking ask +# IdentityFile ~/.ssh/identity +# IdentityFile ~/.ssh/id_rsa +# IdentityFile ~/.ssh/id_dsa +# Port 22 +# Protocol 2,1 +# Cipher 3des +# Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc +# MACs hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160 +# EscapeChar ~ +# Tunnel no +# TunnelDevice any:any +# PermitLocalCommand no +# VisualHostKey no +# ProxyCommand ssh -q -W %h:%p gateway.example.com diff --git a/packages/network/openssh/config/sshd_config b/packages/network/openssh/config/sshd_config new file mode 100644 index 0000000000..c382be2d32 --- /dev/null +++ b/packages/network/openssh/config/sshd_config @@ -0,0 +1,118 @@ +# $OpenBSD: sshd_config,v 1.82 2010/09/06 17:10:19 naddy Exp $ + +# This is the sshd server system-wide configuration file. See +# sshd_config(5) for more information. + +# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin + +# The strategy used for options in the default sshd_config shipped with +# OpenSSH is to specify options with their default value where +# possible, but leave them commented. Uncommented options change a +# default value. + +#Port 22 +#AddressFamily any +#ListenAddress 0.0.0.0 +#ListenAddress :: + +# The default requires explicit activation of protocol 1 +#Protocol 2 + +# HostKey for protocol version 1 +#HostKey ~/.cache/ssh/ssh_host_key +# HostKeys for protocol version 2 +HostKey ~/.cache/ssh/ssh_host_rsa_key +HostKey ~/.cache/ssh/ssh_host_dsa_key +#HostKey ~/.cache/ssh/ssh_host_ecdsa_key + +# Lifetime and size of ephemeral version 1 server key +#KeyRegenerationInterval 1h +#ServerKeyBits 1024 + +# Logging +# obsoletes QuietMode and FascistLogging +#SyslogFacility AUTH +#LogLevel INFO + +# Authentication: + +#LoginGraceTime 2m +#PermitRootLogin yes +#StrictModes yes +#MaxAuthTries 6 +#MaxSessions 10 + +#RSAAuthentication yes +#PubkeyAuthentication yes +#AuthorizedKeysFile .ssh/authorized_keys + +# For this to work you will also need host keys in /etc/ssh_known_hosts +#RhostsRSAAuthentication no +# similar for protocol version 2 +#HostbasedAuthentication no +# Change to yes if you don't trust ~/.ssh/known_hosts for +# RhostsRSAAuthentication and HostbasedAuthentication +#IgnoreUserKnownHosts no +# Don't read the user's ~/.rhosts and ~/.shosts files +#IgnoreRhosts yes + +# To disable tunneled clear text passwords, change to no here! +#PasswordAuthentication yes +#PermitEmptyPasswords no + +# Change to no to disable s/key passwords +#ChallengeResponseAuthentication yes + +# Kerberos options +#KerberosAuthentication no +#KerberosOrLocalPasswd yes +#KerberosTicketCleanup yes +#KerberosGetAFSToken no + +# GSSAPI options +#GSSAPIAuthentication no +#GSSAPICleanupCredentials yes + +# Set this to 'yes' to enable PAM authentication, account processing, +# and session processing. If this is enabled, PAM authentication will +# be allowed through the ChallengeResponseAuthentication and +# PasswordAuthentication. Depending on your PAM configuration, +# PAM authentication via ChallengeResponseAuthentication may bypass +# the setting of "PermitRootLogin without-password". +# If you just want the PAM account and session checks to run without +# PAM authentication, then enable this but set PasswordAuthentication +# and ChallengeResponseAuthentication to 'no'. +#UsePAM no + +#AllowAgentForwarding yes +#AllowTcpForwarding yes +#GatewayPorts no +#X11Forwarding no +#X11DisplayOffset 10 +#X11UseLocalhost yes +#PrintMotd yes +#PrintLastLog yes +#TCPKeepAlive yes +#UseLogin no +#UsePrivilegeSeparation yes +#PermitUserEnvironment no +#Compression delayed +#ClientAliveInterval 0 +#ClientAliveCountMax 3 +#UseDNS yes +#PidFile /var/run/sshd.pid +#MaxStartups 10 +#PermitTunnel no +#ChrootDirectory none + +# no default banner path +#Banner none + +# override default of no subsystems +Subsystem sftp /usr/libexec/sftp-server + +# Example of overriding settings on a per-user basis +#Match User anoncvs +# X11Forwarding no +# AllowTcpForwarding no +# ForceCommand cvs server diff --git a/packages/network/openssh/init.d/51_sshd b/packages/network/openssh/init.d/51_sshd new file mode 100644 index 0000000000..d00f8450d7 --- /dev/null +++ b/packages/network/openssh/init.d/51_sshd @@ -0,0 +1,72 @@ +################################################################################ +# Copyright (C) 2009-2010 OpenELEC.tv +# http://www.openelec.tv +# +# This Program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2, or (at your option) +# any later version. +# +# This Program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with OpenELEC.tv; see the file COPYING. If not, write to +# the Free Software Foundation, 675 Mass Ave, Cambridge, MA 02139, USA. +# http://www.gnu.org/copyleft/gpl.html +################################################################################ + +# start ssh server +# +# runlevels: openelec, textmode + +( + RSA1_KEY="/storage/.cache/ssh/ssh_host_key" + RSA2_KEY="/storage/.cache/ssh/ssh_host_rsa_key" + DSA2_KEY="/storage/.cache/ssh/ssh_host_dsa_key" + + KEYGEN="/usr/bin/ssh-keygen" + SSHD="/usr/sbin/sshd" + + # Check for the SSH1 RSA key + if [ ! -f $RSA1_KEY ] ; then + progress "SSH: generating SSH1 RSA key" + + mkdir -p /storage/.cache/ssh + $KEYGEN -q -t rsa1 -f $RSA1_KEY -C '' -N '' >&/dev/null + fi + + # Check for the SSH2 RSA key + if [ ! -f $RSA2_KEY ] ; then + progress "SSH: generating SSH2 RSA key" + + mkdir -p /storage/.cache/ssh + $KEYGEN -q -t rsa -f $RSA2_KEY -C '' -N '' >&/dev/null + fi + + # Check for the SSH2 DSA key + if [ ! -f $DSA2_KEY ] ; then + progress "SSH: generating SSH2 DSA key" + + mkdir -p /storage/.cache/ssh + $KEYGEN -q -t dsa -f $DSA2_KEY -C '' -N '' >&/dev/null + fi + + # Check for predifined known hosts file + if [ -f /etc/ssh/known_hosts -a ! -f $HOME/.ssh/known_hosts ] ; then + progress "SSH: setup predifined known hosts" + + mkdir -p /$HOME/.ssh + cp /etc/ssh/known_hosts $HOME/.ssh + fi + + progress "Starting SSH Server" + + wait_for_network + + mkdir -p /var/empty + $SSHD + +)& diff --git a/packages/network/openssh/install b/packages/network/openssh/install new file mode 100755 index 0000000000..ab23340cb3 --- /dev/null +++ b/packages/network/openssh/install @@ -0,0 +1,39 @@ +#!/bin/sh + +################################################################################ +# This file is part of OpenELEC - http://www.openelec.tv +# Copyright (C) 2009-2011 Stephan Raue (stephan@openelec.tv) +# +# This Program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2, or (at your option) +# any later version. +# +# This Program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with OpenELEC.tv; see the file COPYING. If not, write to +# the Free Software Foundation, 675 Mass Ave, Cambridge, MA 02139, USA. +# http://www.gnu.org/copyleft/gpl.html +################################################################################ + +. config/options $1 + +add_user sshd x 74 74 "Privilege-separated SSH" "/var/empty/sshd" "/bin/sh" +add_group sshd 74 + +mkdir -p $INSTALL/etc + cp $PKG_DIR/config/* $INSTALL/etc + +mkdir -p $INSTALL/usr/bin + cp $PKG_BUILD/scp $INSTALL/usr/bin/ + cp $PKG_BUILD/ssh $INSTALL/usr/bin/ + cp $PKG_BUILD/ssh-add $INSTALL/usr/bin/ + cp $PKG_BUILD/ssh-agent $INSTALL/usr/bin/ + cp $PKG_BUILD/ssh-keygen $INSTALL/usr/bin/ + +mkdir -p $INSTALL/usr/sbin + cp $PKG_BUILD/sshd $INSTALL/usr/sbin/ diff --git a/packages/network/openssh/meta b/packages/network/openssh/meta new file mode 100644 index 0000000000..c869342df1 --- /dev/null +++ b/packages/network/openssh/meta @@ -0,0 +1,36 @@ +################################################################################ +# This file is part of OpenELEC - http://www.openelec.tv +# Copyright (C) 2009-2011 Stephan Raue (stephan@openelec.tv) +# +# This Program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2, or (at your option) +# any later version. +# +# This Program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with OpenELEC.tv; see the file COPYING. If not, write to +# the Free Software Foundation, 675 Mass Ave, Cambridge, MA 02139, USA. +# http://www.gnu.org/copyleft/gpl.html +################################################################################ + +PKG_NAME="openssh" +PKG_VERSION="5.8p2" +PKG_REV="1" +PKG_ARCH="any" +PKG_LICENSE="OSS" +PKG_SITE="http://www.openssh.com/" +PKG_URL="ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/$PKG_NAME-$PKG_VERSION.tar.gz" +PKG_DEPENDS="zlib openssl" +PKG_BUILD_DEPENDS="toolchain zlib openssl" +PKG_PRIORITY="optional" +PKG_SECTION="network" +PKG_SHORTDESC="openssh: An open re-implementation of the SSH package" +PKG_LONGDESC="This is a Linux port of OpenBSD's excellent OpenSSH. OpenSSH is based on the last free version of Tatu Ylonen's SSH with all patent-encumbered algorithms removed, all known security bugs fixed, new features reintroduced, and many other clean-ups. SSH (Secure Shell) is a program to log into another computer over a network, to execute commands in a remote machine, and to move files from one machine to another. It provides strong authentication and secure communications over insecure channels. It is intended as a replacement for rlogin, rsh, rcp, and rdist." +PKG_IS_ADDON="no" + +PKG_AUTORECONF="yes" diff --git a/packages/network/openssh/patches/openssh-5.8p2-000-crosscompiling.patch b/packages/network/openssh/patches/openssh-5.8p2-000-crosscompiling.patch new file mode 100644 index 0000000000..95cc6c85cc --- /dev/null +++ b/packages/network/openssh/patches/openssh-5.8p2-000-crosscompiling.patch @@ -0,0 +1,53 @@ +diff -Naur openssh-5.8p1-old/configure.ac openssh-5.8p1-new/configure.ac +--- openssh-5.8p1-old/configure.ac 2011-02-21 17:41:23.000000000 -0800 ++++ openssh-5.8p1-new/configure.ac 2011-02-21 17:42:20.000000000 -0800 +@@ -41,7 +41,7 @@ + AC_PROG_RANLIB + AC_PROG_INSTALL + AC_PROG_EGREP +-AC_PATH_PROG(AR, ar) ++AC_PATH_TOOL(AR, ar) + AC_PATH_PROG(CAT, cat) + AC_PATH_PROG(KILL, kill) + AC_PATH_PROGS(PERL, perl5 perl) +@@ -1188,25 +1188,25 @@ + + AC_CHECK_DECLS(GLOB_NOMATCH, , , [#include ]) + +-AC_MSG_CHECKING([whether struct dirent allocates space for d_name]) +-AC_RUN_IFELSE( +- [AC_LANG_SOURCE([[ ++AC_CACHE_CHECK( ++ [whether struct dirent allocates space for d_name], ++ [ac_cv_have_space_for_dirent_d_name], ++ [AC_RUN_IFELSE( ++ [AC_LANG_SOURCE([[ + #include + #include + int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));} +- ]])], +- [AC_MSG_RESULT(yes)], +- [ +- AC_MSG_RESULT(no) +- AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME, 1, +- [Define if your struct dirent expects you to +- allocate extra space for d_name]) +- ], +- [ +- AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME]) +- AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME) +- ] ++ ]])], ++ [ ac_cv_have_space_for_dirent_d_name="yes" ], ++ [ ac_cv_have_space_for_dirent_d_name="no" ], ++ [ ac_cv_have_space_for_dirent_d_name="no" ] ++ )] + ) ++if test "x$ac_cv_have_space_for_dirent_d_name" = "xno" ; then ++ AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME, 1, ++ [Define if your struct dirent expects you to ++ allocate extra space for d_name]) ++fi + + AC_MSG_CHECKING([for /proc/pid/fd directory]) + if test -d "/proc/$$/fd" ; then diff --git a/packages/network/openssh/patches/openssh-5.8p2-001-abstract_socket.patch b/packages/network/openssh/patches/openssh-5.8p2-001-abstract_socket.patch new file mode 100644 index 0000000000..934cd1c343 --- /dev/null +++ b/packages/network/openssh/patches/openssh-5.8p2-001-abstract_socket.patch @@ -0,0 +1,49 @@ +diff -Naur openssh-5.8p1-old/channels.c openssh-5.8p1-new/channels.c +--- openssh-5.8p1-old/channels.c 2010-11-30 17:02:35.000000000 -0800 ++++ openssh-5.8p1-new/channels.c 2011-02-21 17:41:34.000000000 -0800 +@@ -61,6 +61,7 @@ + #include + #include + #include ++#include + + #include "openbsd-compat/sys-queue.h" + #include "xmalloc.h" +@@ -3353,6 +3354,8 @@ + { + int sock; + struct sockaddr_un addr; ++ int abstract = 0; ++ int addrsize = 0; + + sock = socket(AF_UNIX, SOCK_STREAM, 0); + if (sock < 0) +@@ -3360,8 +3363,15 @@ + memset(&addr, 0, sizeof(addr)); + addr.sun_family = AF_UNIX; + strlcpy(addr.sun_path, pathname, sizeof addr.sun_path); +- if (connect(sock, (struct sockaddr *)&addr, sizeof(addr)) == 0) ++ addrsize = offsetof(struct sockaddr_un, sun_path) + strlen(addr.sun_path); ++ if (addr.sun_path[0] = '@') ++ abstract = 1; ++ if (abstract) ++ addr.sun_path[0] = '\0'; ++ if (connect(sock, (struct sockaddr *)&addr, addrsize) == 0) + return sock; ++ if (abstract) ++ addr.sun_path[0] = '@'; + close(sock); + error("connect %.100s: %.100s", addr.sun_path, strerror(errno)); + return -1; +diff -Naur openssh-5.8p1-old/defines.h openssh-5.8p1-new/defines.h +--- openssh-5.8p1-old/defines.h 2011-01-17 02:15:31.000000000 -0800 ++++ openssh-5.8p1-new/defines.h 2011-02-21 17:41:34.000000000 -0800 +@@ -411,7 +411,7 @@ + # ifdef __hpux + # define X_UNIX_PATH "/var/spool/sockets/X11/%u" + # else +-# define X_UNIX_PATH "/tmp/.X11-unix/X%u" ++# define X_UNIX_PATH "@/tmp/.X11-unix/X%u" + # endif + #endif /* X_UNIX_PATH */ + #define _PATH_UNIX_X X_UNIX_PATH