mirrors/flatcar-scripts
1
0
Fork 0
mirror of https://github.com/flatcar/scripts.git synced 2025-08-20 05:51:18 +02:00
Code Issues Packages Projects Releases Wiki Activity

net-misc/openssh: Apply CoreOS changes

Browse Source 
These changes were applied to the ebuild and files:

  - Drop the bindist USE flag.
  - Drop the init.d files.
  - Remove the socket unit's rate limiting.
  - Restore the oslogin README.
This commit is contained in:
David Michael 2018-10-07 20:12:37 +00:00
parent f6927a3de4
commit 6277a5ff8b
5 changed files with 6 additions and 129 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
sdk_container/src/third_party/coreos-overlay/net-misc/openssh/README vendored Normal file
View File

@ -0,0 +1,2 @@
If sshd.pam_include.2 changes make sure to apply the change to sys-auth/google-oslogin
Those files must be kept in sync.

33
sdk_container/src/third_party/coreos-overlay/net-misc/openssh/files/sshd-r1.confd vendored
View File

@ -1,33 +0,0 @@
# /etc/conf.d/sshd: config file for /etc/init.d/sshd
# Where is your sshd_config file stored?
SSHD_CONFDIR="${RC_PREFIX%/}/etc/ssh"
# Any random options you want to pass to sshd.
# See the sshd(8) manpage for more info.
SSHD_OPTS=""
# Wait one second (length chosen arbitrarily) to see if sshd actually
# creates a PID file, or if it crashes for some reason like not being
# able to bind to the address in ListenAddress.
#SSHD_SSD_OPTS="--wait 1000"
# Pid file to use (needs to be absolute path).
#SSHD_PIDFILE="${RC_PREFIX%/}/run/sshd.pid"
# Path to the sshd binary (needs to be absolute path).
#SSHD_BINARY="${RC_PREFIX%/}/usr/sbin/sshd"
# Path to the ssh-keygen binary (needs to be absolute path).
#SSHD_KEYGEN_BINARY="${RC_PREFIX%/}/usr/bin/ssh-keygen"

89
sdk_container/src/third_party/coreos-overlay/net-misc/openssh/files/sshd.initd vendored
View File

@ -1,89 +0,0 @@
#!/sbin/openrc-run
# Copyright 1999-2018 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
extra_commands="checkconfig"
extra_started_commands="reload"
: ${SSHD_CONFDIR:=${RC_PREFIX%/}/etc/ssh}
: ${SSHD_CONFIG:=${SSHD_CONFDIR}/sshd_config}
: ${SSHD_PIDFILE:=${RC_PREFIX%/}/run/${SVCNAME}.pid}
: ${SSHD_BINARY:=${RC_PREFIX%/}/usr/sbin/sshd}
: ${SSHD_KEYGEN_BINARY:=${RC_PREFIX%/}/usr/bin/ssh-keygen}
command="${SSHD_BINARY}"
pidfile="${SSHD_PIDFILE}"
command_args="${SSHD_OPTS} -o PidFile=${pidfile} -f ${SSHD_CONFIG}"
# Wait one second (length chosen arbitrarily) to see if sshd actually
# creates a PID file, or if it crashes for some reason like not being
# able to bind to the address in ListenAddress (bug 617596).
: ${SSHD_SSD_OPTS:=--wait 1000}
start_stop_daemon_args="${SSHD_SSD_OPTS}"
depend() {
# Entropy can be used by ssh-keygen, among other things, but
# is not strictly required (bug 470020).
use logger dns entropy
if [ "${rc_need+set}" = "set" ] ; then
: # Do nothing, the user has explicitly set rc_need
else
local x warn_addr
for x in $(awk '/^ListenAddress/{ print $2 }' "$SSHD_CONFIG" 2>/dev/null) ; do
case "${x}" in
0.0.0.0|0.0.0.0:*) ;;
::|\[::\]*) ;;
*) warn_addr="${warn_addr} ${x}" ;;
esac
done
if [ -n "${warn_addr}" ] ; then
need net
ewarn "You are binding an interface in ListenAddress statement in your sshd_config!"
ewarn "You must add rc_need=\"net.FOO\" to your ${RC_PREFIX%/}/etc/conf.d/sshd"
ewarn "where FOO is the interface(s) providing the following address(es):"
ewarn "${warn_addr}"
fi
fi
}
checkconfig() {
checkpath --mode 0755 --directory "${RC_PREFIX%/}/var/empty"
if [ ! -e "${SSHD_CONFIG}" ] ; then
eerror "You need an ${SSHD_CONFIG} file to run sshd"
eerror "There is a sample file in /usr/share/doc/openssh"
return 1
fi
${SSHD_KEYGEN_BINARY} -A || return 2
"${command}" -t ${command_args} || return 3
}
start_pre() {
# If this isn't a restart, make sure that the user's config isn't
# busted before we try to start the daemon (this will produce
# better error messages than if we just try to start it blindly).
#
# If, on the other hand, this *is* a restart, then the stop_pre
# action will have ensured that the config is usable and we don't
# need to do that again.
if [ "${RC_CMD}" != "restart" ] ; then
checkconfig || return $?
fi
}
stop_pre() {
# If this is a restart, check to make sure the user's config
# isn't busted before we stop the running daemon.
if [ "${RC_CMD}" = "restart" ] ; then
checkconfig || return $?
fi
}
reload() {
checkconfig || return $?
ebegin "Reloading ${SVCNAME}"
start-stop-daemon --signal HUP --pidfile "${pidfile}"
eend $?
}

1
sdk_container/src/third_party/coreos-overlay/net-misc/openssh/files/sshd.socket vendored
View File

@ -5,6 +5,7 @@ Conflicts=sshd.service
[Socket] [Socket]
ListenStream=22 ListenStream=22
Accept=yes Accept=yes
TriggerLimitBurst=0
[Install] [Install]
WantedBy=sockets.target WantedBy=sockets.target

10
sdk_container/src/third_party/coreos-overlay/net-misc/openssh/openssh-7.7_p1-r9.ebuild vendored
View File

@ -28,7 +28,7 @@ LICENSE="BSD GPL-2"
SLOT="0" SLOT="0"
KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~ppc-aix ~x64-cygwin ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~ppc-aix ~x64-cygwin ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
# Probably want to drop ssl defaulting to on in a future version. # Probably want to drop ssl defaulting to on in a future version.
IUSE="abi_mips_n32 audit bindist debug hpn kerberos kernel_linux ldns libedit libressl livecd pam +pie sctp selinux skey +ssl static test X X509" IUSE="abi_mips_n32 audit debug hpn kerberos kernel_linux ldns libedit libressl livecd pam +pie sctp selinux skey +ssl static test X X509"
RESTRICT="!test? ( test )" RESTRICT="!test? ( test )"
REQUIRED_USE="ldns? ( ssl ) REQUIRED_USE="ldns? ( ssl )
pie? ( !static ) pie? ( !static )
@ -39,9 +39,7 @@ REQUIRED_USE="ldns? ( ssl )
LIB_DEPEND=" LIB_DEPEND="
audit? ( sys-process/audit[static-libs(+)] ) audit? ( sys-process/audit[static-libs(+)] )
ldns? ( ldns? (
net-libs/ldns[static-libs(+)] net-libs/ldns[ecdsa,ssl(+),static-libs(+)]
!bindist? ( net-libs/ldns[ecdsa,ssl(+)] )
bindist? ( net-libs/ldns[-ecdsa,ssl(+)] )
) )
libedit? ( dev-libs/libedit:=[static-libs(+)] ) libedit? ( dev-libs/libedit:=[static-libs(+)] )
sctp? ( net-misc/lksctp-tools[static-libs(+)] ) sctp? ( net-misc/lksctp-tools[static-libs(+)] )
@ -49,7 +47,7 @@ LIB_DEPEND="
skey? ( >=sys-auth/skey-1.1.5-r1[static-libs(+)] ) skey? ( >=sys-auth/skey-1.1.5-r1[static-libs(+)] )
ssl? ( ssl? (
!libressl? ( !libressl? (
>=dev-libs/openssl-1.0.1:0=[bindist=] >=dev-libs/openssl-1.0.1:0=[-bindist(-)]
dev-libs/openssl:0=[static-libs(+)] dev-libs/openssl:0=[static-libs(+)]
) )
libressl? ( dev-libs/libressl:0=[static-libs(+)] ) libressl? ( dev-libs/libressl:0=[static-libs(+)] )
@ -367,8 +365,6 @@ src_install() {
emake install-nokeys DESTDIR="${D}" emake install-nokeys DESTDIR="${D}"
fperms 600 /etc/ssh/sshd_config fperms 600 /etc/ssh/sshd_config
dobin contrib/ssh-copy-id dobin contrib/ssh-copy-id
newinitd "${FILESDIR}"/sshd.initd sshd
newconfd "${FILESDIR}"/sshd-r1.confd sshd
newpamd "${FILESDIR}"/sshd.pam_include.2 sshd newpamd "${FILESDIR}"/sshd.pam_include.2 sshd