mirrors/flatcar-scripts
1
0
Fork 0
mirror of https://github.com/flatcar/scripts.git synced 2025-08-23 15:31:05 +02:00
Code Issues Packages Projects Releases Wiki Activity

prune(net-misc/openssh): moved to coreos-overlay

Browse Source
This commit is contained in:
Alex Crawford 2016-04-08 13:17:40 -07:00
parent 33ce6d7060
commit cb2cce45d9
37 changed files with 0 additions and 6899 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

221
sdk_container/src/third_party/portage-stable/net-misc/openssh/ChangeLog vendored
View File

@ -1,221 +0,0 @@
# ChangeLog for net-misc/openssh
# Copyright 1999-2015 Gentoo Foundation; Distributed under the GPL v2
# (auto-generated from git log)
*openssh-6.9_p1-r2 (09 Aug 2015)
*openssh-6.9_p1-r1 (09 Aug 2015)
*openssh-6.8_p1-r5 (09 Aug 2015)
*openssh-6.7_p1-r4 (09 Aug 2015)
*openssh-6.7_p1 (09 Aug 2015)
09 Aug 2015; Robin H. Johnson <robbat2@gentoo.org>
+files/openssh-4.7_p1-GSSAPI-dns.patch,
+files/openssh-6.3_p1-x509-hpn14v2-glue.patch,
+files/openssh-6.6.1_p1-x509-glue.patch,
+files/openssh-6.6.1_p1-x509-hpn14v5-glue.patch,
+files/openssh-6.7_p1-openssl-ignore-status.patch,
+files/openssh-6.7_p1-sctp-x509-glue.patch,
+files/openssh-6.7_p1-sshd-gssapi-multihomed.patch,
+files/openssh-6.7_p1-x509-glue.patch,
+files/openssh-6.7_p1-xmalloc-include.patch,
+files/openssh-6.8_p1-sctp-x509-glue.patch,
+files/openssh-6.8_p1-ssh-keygen-no-ssh1.patch,
+files/openssh-6.8_p1-sshd-gssapi-multihomed.patch,
+files/openssh-6.8_p1-ssl-engine-configure.patch,
+files/openssh-6.8_p1-teraterm-hpn-glue.patch,
+files/openssh-6.8_p1-teraterm.patch,
+files/openssh-6.9_p1-x509-warnings.patch, +files/sshd.confd,
+files/sshd.pam_include.2, +files/sshd.rc6.4, +files/sshd.service,
+files/sshd.socket, +files/sshd_at.service, +metadata.xml,
+openssh-6.7_p1.ebuild, +openssh-6.7_p1-r4.ebuild,
+openssh-6.8_p1-r5.ebuild, +openssh-6.9_p1-r1.ebuild,
+openssh-6.9_p1-r2.ebuild:
proj/gentoo: Initial commit
This commit represents a new era for Gentoo:
Storing the gentoo-x86 tree in Git, as converted from CVS.
This commit is the start of the NEW history.
Any historical data is intended to be grafted onto this point.
Creation process:
1. Take final CVS checkout snapshot
2. Remove ALL ChangeLog* files
3. Transform all Manifests to thin
4. Remove empty Manifests
5. Convert all stale $Header$/$Id$ CVS keywords to non-expanded Git $Id$
5.1. Do not touch files with -kb/-ko keyword flags.
Signed-off-by: Robin H. Johnson <robbat2@gentoo.org>
X-Thanks: Alec Warner <antarus@gentoo.org> - did the GSoC 2006 migration
tests
X-Thanks: Robin H. Johnson <robbat2@gentoo.org> - infra guy, herding this
project
X-Thanks: Nguyen Thai Ngoc Duy <pclouds@gentoo.org> - Former Gentoo
developer, wrote Git features for the migration
X-Thanks: Brian Harring <ferringb@gentoo.org> - wrote much python to improve
cvs2svn
X-Thanks: Rich Freeman <rich0@gentoo.org> - validation scripts
X-Thanks: Patrick Lauer <patrick@gentoo.org> - Gentoo dev, running new 2014
work in migration
X-Thanks: Michał Górny <mgorny@gentoo.org> - scripts, QA, nagging
X-Thanks: All of other Gentoo developers - many ideas and lots of paint on
the bikeshed
09 Aug 2015; Ulrich Müller <ulm@gentoo.org> files/sshd.rc6.4:
[QA] Remove executable bit from files, bug 550434.
12 Aug 2015; Mike Frysinger <vapier@gentoo.org> openssh-6.9_p1-r2.ebuild:
relax USE=tcpd check to a warning #531156
*openssh-7.0_p1 (12 Aug 2015)
12 Aug 2015; Mike Frysinger <vapier@gentoo.org>
files/openssh-6.8_p1-ssl-engine-configure.patch, +openssh-7.0_p1.ebuild:
version bump to 7.0_p1 #557340
12 Aug 2015; Patrick McLean <chutzpah@gentoo.org>
+files/openssh-7.0_p1-sctp-x509-glue.patch, openssh-7.0_p1.ebuild:
Update X509 patch to version 8.5 and re-enable USE flag
Package-Manager: portage-2.2.20.1
13 Aug 2015; Mike Frysinger <vapier@gentoo.org> openssh-7.0_p1.ebuild:
add warnings about key support in newer versions #557388
*openssh-7.1_p1 (21 Aug 2015)
21 Aug 2015; Lars Wendler <polynomial-c@gentoo.org> +openssh-7.1_p1.ebuild:
Bump to version 7.1_p1
Package-Manager: portage-2.2.20.1
Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>
24 Aug 2015; Justin Lecher <jlec@gentoo.org> metadata.xml,
openssh-6.7_p1.ebuild, openssh-6.7_p1-r4.ebuild, openssh-6.8_p1-r5.ebuild,
openssh-6.9_p1-r1.ebuild, openssh-6.9_p1-r2.ebuild, openssh-7.0_p1.ebuild,
openssh-7.1_p1.ebuild:
Use https by default
Convert all URLs for sites supporting encrypted connections from http to
https
Signed-off-by: Justin Lecher <jlec@gentoo.org>
24 Aug 2015; Mike Gilbert <floppym@gentoo.org> metadata.xml:
Revert DOCTYPE SYSTEM https changes in metadata.xml
repoman does not yet accept the https version.
This partially reverts eaaface92ee81f30a6ac66fe7acbcc42c00dc450.
Bug: https://bugs.gentoo.org/552720
24 Aug 2015; Patrick McLean <chutzpah@gentoo.org>
+files/openssh-7.1_p1-hpn-x509-glue.patch, openssh-7.1_p1.ebuild:
Re-enable the X509 USE flag for version 7.1p1
Package-Manager: portage-2.2.20.1
12 Sep 2015; Zero_Chaos <zerochaos@gentoo.org> openssh-6.9_p1-r2.ebuild,
openssh-7.0_p1.ebuild, openssh-7.1_p1.ebuild:
relax bindist use flag deps slightly to allow for actual
buildable/functional options
Package-Manager: portage-2.2.20.1
12 Sep 2015; Mike Frysinger <vapier@gentoo.org> openssh-6.9_p1-r2.ebuild,
openssh-7.0_p1.ebuild, openssh-7.1_p1.ebuild:
require newer openssl
This matches the INSTALL guidelines in the source code.
13 Sep 2015; Zero_Chaos <zerochaos@gentoo.org> openssh-6.9_p1-r2.ebuild,
openssh-7.0_p1.ebuild, openssh-7.1_p1.ebuild:
revert improper 4411ff42539dc7917a8db314327c6fbe699a616f
Package-Manager: portage-2.2.20.1
14 Sep 2015; Mike Frysinger <vapier@gentoo.org> openssh-6.9_p1-r2.ebuild,
openssh-7.0_p1.ebuild, openssh-7.1_p1.ebuild:
fix openssl[static-libs] dep to match SLOT=0 #560306
Since we use (+) in the dep, we might match the non-zero openssl dep
in which case portage won't pull in static-libs support in SLOT=0.
*openssh-7.1_p1-r1 (20 Sep 2015)
20 Sep 2015; Julian Ospald <hasufell@gentoo.org> +openssh-7.1_p1-r1.ebuild:
add libressl support
26 Sep 2015; Mike Frysinger <vapier@gentoo.org> openssh-7.1_p1-r1.ebuild:
note ssh-dss client config options too
*openssh-7.1_p1-r2 (29 Oct 2015)
29 Oct 2015; Mike Frysinger <vapier@gentoo.org> +openssh-7.1_p1-r2.ebuild:
fix tun window size in hpn mode #564236
29 Oct 2015; Mike Frysinger <vapier@gentoo.org> openssh-7.1_p1.ebuild,
openssh-7.1_p1-r1.ebuild, openssh-7.1_p1-r2.ebuild:
make hpn-x509 glue patch application more robust #564380
Rather than encode the full name of the hpn patchset in the glue patch,
apply it from the hpn patchset dir.
30 Oct 2015; Yuta Satoh <nigoro@gentoo.gr.jp> openssh-7.1_p1-r2.ebuild:
Drop special settings for Gentoo/FreeBSD 9.0 or later.
03 Nov 2015; Mikle Kolyada <zlogene@gentoo.org> openssh-7.1_p1-r2.ebuild:
amd64 stable wrt bug #555518
Package-Manager: portage-2.2.20.1
03 Nov 2015; Agostino Sarubbo <ago@gentoo.org> openssh-7.1_p1-r2.ebuild:
x86 stable wrt bug #555518
Package-Manager: portage-2.2.20.1
RepoMan-Options: --include-arches="x86"
04 Nov 2015; Agostino Sarubbo <ago@gentoo.org> openssh-7.1_p1-r2.ebuild:
ppc stable wrt bug #555518
Package-Manager: portage-2.2.20.1
RepoMan-Options: --include-arches="ppc"
05 Nov 2015; Agostino Sarubbo <ago@gentoo.org> openssh-7.1_p1-r2.ebuild:
sparc stable wrt bug #555518
Package-Manager: portage-2.2.20.1
RepoMan-Options: --include-arches="sparc"
05 Nov 2015; Markus Meier <maekke@gentoo.org> openssh-7.1_p1-r2.ebuild:
arm stable, bug #555518
Package-Manager: portage-2.2.23
RepoMan-Options: --include-arches="arm"
06 Nov 2015; Jeroen Roovers <jer@gentoo.org> openssh-7.1_p1-r2.ebuild:
Stable for HPPA PPC64 (bug #555518).
Package-Manager: portage-2.2.24
RepoMan-Options: --ignore-arches
10 Nov 2015; Mike Frysinger <vapier@gentoo.org> openssh-7.1_p1-r2.ebuild:
warn about change in default root config #555518#16
10 Nov 2015; Mike Frysinger <vapier@gentoo.org> openssh-6.7_p1.ebuild,
openssh-6.7_p1-r4.ebuild, openssh-6.8_p1-r5.ebuild,
openssh-6.9_p1-r1.ebuild, openssh-6.9_p1-r2.ebuild, openssh-7.0_p1.ebuild,
openssh-7.1_p1.ebuild, openssh-7.1_p1-r1.ebuild, openssh-7.1_p1-r2.ebuild:
drop skey addpredict
The openssh configure script changed a long time ago to not compile+run a
skey test program. It's only compile+link now which means the code does
not try to access any paths and we can drop this sandbox logic.
10 Nov 2015; Mike Frysinger <vapier@gentoo.org> openssh-7.1_p1-r2.ebuild:
mark arm64/ia64/m68k/s390/sh stable #555518
15 Nov 2015; Matt Turner <mattst88@gentoo.org> openssh-7.1_p1-r2.ebuild:
alpha stable, bug 555518.

2518
sdk_container/src/third_party/portage-stable/net-misc/openssh/ChangeLog-2015 vendored
View File

File diff suppressed because it is too large Load Diff

57
sdk_container/src/third_party/portage-stable/net-misc/openssh/Manifest vendored
View File

@ -1,57 +0,0 @@
AUX openssh-4.7_p1-GSSAPI-dns.patch 4494 SHA256 88a08f349258d4be5b2faa838a89fe1aa0196502990b745ac0e3a70dda30a0d7 SHA512 4d00a9ed79f66b92502c3e5ee580523f63d7b3643fe1bd330ff97994acce527d4d285d38199cef66eddc0ef68afabf7b268abc60cba871bac5d2e99045d4ac11 WHIRLPOOL 2f118fd2f016c529dbc31e8f2b6b418931e6770ab02c28b7feeaba93e84e7fcd1c742f4420a43a9fec0bdfaa4d4bc7cf14fb860c0a56c68a30e7b136fb60bcdb
AUX openssh-6.3_p1-x509-hpn14v2-glue.patch 1451 SHA256 d7179b3c16edd065977aaf56a410e2b9b237206fb619474f312972b430b73c8d SHA512 02577e3f718ff994bb4e962189f17048b4c03104d0a1981683f3c6a1d6d30701db368e132102c8396da2c0f5eb2f6602b26f32f74d19382af34bd9a93fc508f3 WHIRLPOOL b7d224d71634f380bd31b3a1dd3e588a29582255f717a6a308738ad58b485b693d827a53704479995ec2ebca53c9dc9b2113d8de52a1336b67ce83943f946b77
AUX openssh-6.6.1_p1-x509-glue.patch 635 SHA256 381794bdfc4880da4411041ab1f795cba303644b0a35e88f0f452fca8c2bfbb8 SHA512 6d3adefc5449f812052221b69c588f9948e6116dd5c5644db4e0426264f06fd9a15f04364c2484ce03267f4a84b8806de7d7a7c9140538d73be9e7b50f4eeb47 WHIRLPOOL 823249e96f7175eef09f86dbcc67f6158c23f453eaa940a33c18a838389204cd3a43f5dccd39b6004e05cb05ea327d33be91c2ee1eb4525f13dc29e6943ea6b6
AUX openssh-6.6.1_p1-x509-hpn14v5-glue.patch 1003 SHA256 a8506f57fb67be25fcba9ee462abc083876f3524b442428a07cf0bbe78735bf5 SHA512 d63eba36ea8488de8bd77fd0b2d005a208f8cf77ae6cf161a063d7efb049b66c7d9f8a12e8fb2f85b73276ba07e52d766bbae26dfd5f2a8537cdd7d991ba94aa WHIRLPOOL a52b2ddbd65bbee865b9fee8dcac6d29cf3a7af61431550bc2f32f9b147bc03fb448cf65e56531c11ec6bb2361515b47a6d9c13db62723e631ea0ef3fc937f6c
AUX openssh-6.7_p1-openssl-ignore-status.patch 765 SHA256 b068cc30d4bce5c457cea78233396c9793864ec909f810dd0be87d913673433a SHA512 ab15d6dfdb8d59946684501f6f30ac0eb82676855b7b57f19f2027a7ada072f9062fcb96911111a50cfc3838492faddd282db381ec83d22462644ccddccf0ae7 WHIRLPOOL c0a4ff69d65eeb40c1ace8d5be6f8e59044a8f16dc6b37e87393e79ab80935abf30a9d2a6babc043aba0477f5f79412e1ae5d373daba580178fd85ca1f60e60b
AUX openssh-6.7_p1-sctp-x509-glue.patch 1326 SHA256 42eb87eda1685e19add23c1304f17dabd99a1a38a57bfe2bfbb70ab85f6d385e SHA512 7f014e2b1893a5240680e2e14475d61b9b6047d1be3fe404d5971a899c122cc624546e9e5b31bfee5905cf7b4605a0871c3b00ed5c2bd28d84755a49392e1a69 WHIRLPOOL 8d6888163068dbc486bc4eff0dd7d4053f68b9848347eb520dd7d382b0b8c74e3016f7f3ed401c2c2dfd48e73a9077fb9777d39c0f236cc500c53393be426b42
AUX openssh-6.7_p1-sshd-gssapi-multihomed.patch 5489 SHA256 d2a1735b523709a4b4ceaa57862ecb21a95656678bacc5b7da59dc46187ad997 SHA512 a8b8d2c2ab4520c8c7315f6130ee44fec48935a129ce7c7e51a068a4de2c7528980437246b61e4abc4cff614466f8054c554cdbaad4eb0d1f4afcfb434c30bbc WHIRLPOOL e4b97398c324360576a04792357f66be3ed9f17e4113f75275f8422ee0b7ecf28073c7cde01a63e24fa0901b14db822d22d7d2c5936bbee3bd5874a867066967
AUX openssh-6.7_p1-x509-glue.patch 1633 SHA256 58031e90e0bf220028934ab590af6ccfc45722629b2416df13d84f10c9b94478 SHA512 364ca0280be5cc83d1dedf7727323fd5fc0093c6dbcf9cc8ccaa30ee754b866584be28da1166953f03faf8745d6364e33fad7daad9be9a29681a8674eb9d292b WHIRLPOOL b79a6cff897be78793bbf2ca03154103aa1380647b8c53e104155fd68122568a8e7dea23996213b192e4269f980b1035d3ca395dbd2c318fd81a45f44d110c31
AUX openssh-6.7_p1-xmalloc-include.patch 390 SHA256 ea43a6a211d8cae4a078b748736f43d4a9d11804ace65886dec826b878dec28e SHA512 b51d9149418217828bdc53c234e248f8be1703b480ccf808814d37cd2589bccdbecff0046d2f2d0e4626420d0d4c2e02d25a9cc07ae31b365cd0b848ccc02035 WHIRLPOOL 04b298eb481fef585b055eb3d706cca55ad6efed6168246f0031e5f614085ae5e70cbb77717047d6c70d7d13a6846657e4a0089d4b8cdf5d9d05652ee22f7209
AUX openssh-6.8_p1-sctp-x509-glue.patch 2937 SHA256 fe79e3e828f8599e7bad787c6e35bce5f6781a0875c56b250f0d7fde83e2f841 SHA512 776a4eab916ff64d255fb19dca26f0cb1cebb0a5d0c2dbcb40ecbf97b122fb20123532897fb962b27fae375c059ef0dc00c771bf47b67bd092a5ebb3f2252216 WHIRLPOOL c8126624b4be260f8fe40a4a9d7142b6f77ee15504e2d280c6429360ebbf53103974746d5746fe4b27edec6246f01afa1d921d1b5a2d46ae808e4bb41afbb181
AUX openssh-6.8_p1-ssh-keygen-no-ssh1.patch 1209 SHA256 2ef08a14aab7d5c761670321ed6c66fb8e66c467625ce22448b2d1c020686b66 SHA512 1fae1c0b36b5e792861e83868d55de9e3df85270fda4aaf465c83e2deaf47045429f94c84d1abd270be4fc7519a42e3676839edda588322273e6ebd3ff37a570 WHIRLPOOL 93619f61208f86cc3857a5d2283343645614d7285b56f4585e073405e16c396272cb590e96225f09046de8fe918de5e1a81504385dda2ca3a0d467d0fdfde76f
AUX openssh-6.8_p1-sshd-gssapi-multihomed.patch 5464 SHA256 5f3506f0d45c22de85cf170c7dfeff134a144ec94f9fc1c57c5b3b797ee82756 SHA512 7bfbf720af2728abb55f73b67609967f34da27fea9a9dd6e0293e486a03d7d1167f506623771792d782707bfe58b46c69675bb3c5ad83332b7a50ee748176fbc WHIRLPOOL 81432c4ba7e34d216d73f63945f3c8d52d9113c07fb1f7c3dd5b39ac96223d38d2321a6d6de21b58b29767576c2a779a5703fa2e5727cd3fe4981581e822155d
AUX openssh-6.8_p1-ssl-engine-configure.patch 936 SHA256 cb3f34ef031aa5360b082468b4afb8b7fd2c778c990c2f20fda250167725ff88 SHA512 4b7840f719ad58c1f196327a52534f0a21264ce47e8df4a335e9f58d9d5eae33dbb9a75a2a714c3bdae6bee04728e66020ed57eb521fc1164521c4c5aa4a9a93 WHIRLPOOL 662d6eedb091021d5da4cdbd6d623e3678e54fb75cb52d8afdc4ef9c31f98d95f8445c2fde834d622b0aabf8b9593244847da574201ed176c350747526a28fe5
AUX openssh-6.8_p1-teraterm-hpn-glue.patch 536 SHA256 846aa1a470e27767103c8c390a3ed9087aeaffc1d2bf8d4f5779af6274dfbbc9 SHA512 26ebfa3e0c39ed62fc9eb81a95e47d2543714f731f0b983d8d79ff2b0c19ab1b0bf8f7ba13f360ec633bd1ee219da9a6b2a0027c72766188beb3a380fd6c3224 WHIRLPOOL 34ac035a9c059d72e94ff3efab763c8a50749b9497c644c7b4685e22295d0c517daaf4bfaace73deeb2d003bea1e53fd84c94bd67c3b89d1c1f085ef845bf486
AUX openssh-6.8_p1-teraterm.patch 1814 SHA256 e73e938524f15c4dc3368e7ba6b7d74ee2e83a7f0e97ed5460787d7caad04be1 SHA512 f39134d2257d86c5bf128754f8c1024057b9b1882984d5d70b86d2676d761b4a16681e76ae3f47f3abd23a07a75b6ebde6652431d9a86d5c3b9745c36577b8dc WHIRLPOOL c7d4dc5f2843fb6bc462d733a841b52599a9d49b344dc0a6fa71348624060736c02489130ae16692c5e1619200c954278df73a3f1020a77fe8712f99b329faaa
AUX openssh-6.9_p1-x509-warnings.patch 904 SHA256 6a52292b024704c7793188a0fc066336ec5cc7c8297071b2993618a332292c00 SHA512 11ea56ce2a7b87d046d1458e30947dd7f09c8959197e7fbadb57aec46fbd6a0694a2bd05b69978b1f719da2560f19e14d9ea10f6eca6f5b211f335505edd8c2b WHIRLPOOL 22dc4e2144534e180075e90ffe240a07bbd915b27a150e07f0d75889ad7a9103f8d1e5d477320df2b0f40e18d8c33fd99ad3cde7695557b69014318f219dc8dd
AUX openssh-7.0_p1-sctp-x509-glue.patch 2655 SHA256 f01218be5cc344797d6a1db034e6916b0383ea7188d0341ec1e4a3281c5917a6 SHA512 b53aaca05e671be9d8456e7d1aea3ed32afd333922f39c58aa3f9c2539a2d40bdf02ec23c438602e9a590702bcdf96901fb09dfaad93f4ab3fc735d7d189752d WHIRLPOOL 1d6a1947accb77fbd5b578d9e57a51f6ffc9d0d30c806beabea9b2a672ce1af17a283422fb58c835edd8370a5dbe4500ef515ec59af8a3948af5fc15a58a6da0
AUX openssh-7.1_p1-hpn-x509-glue.patch 535 SHA256 28fabcb503632c57f4f4dfdbdd3e5f2eea97a1f1f216e19125d382820db484b5 SHA512 7f81586e8f755a2451bee962da6a76285fa1609cf761e1ed335e14b07dc28dd0dd9741654a26039d1029e34a45950cdf869132a137461118d9fd1ca142675010 WHIRLPOOL 4e55dd712f7e24f03d7a72017e7238c7bbda53aa54e4068a37a7dadc0f73f4777f9a8c58fefe4d671755ab24c747108dc57af6a08918f70e3425abe7faadc96a
AUX sshd.confd 396 SHA256 29c6d57ac3ec6018cadc6ba6cd9b90c9ed46e20049b970fdcc68ee2481a2ee41 SHA512 b9ae816af54a55e134a9307e376f05367b815f1b3fd545c2a2c312d18aedcf907f413e8bad8db980cdd9aad4011a72a79e1e94594f69500939a9cb46287f2f81 WHIRLPOOL 69f43e6192e009a4663d130f7e40ee8b13c6eb9cc7d960b5e0e22f5d477649c88806a9d219efef211f4346582c2bb51e40d230a8191e5953dbe08bfff976ae53
AUX sshd.pam_include.2 156 SHA256 166136e27d653e0bf481a6ca79fecb7d9fa2fc3d597d041f97df595f65a8193c SHA512 d3f7e6ca8c9f2b5060ebccb259316bb59c9a7e158e8ef9466765a20db263a4043a590811f1a3ab072b718dbd70898bc69b77e0b19603d7f394b5ac1bd0a4a56c WHIRLPOOL ba7a0a8c3bb39c5fda69de34b822a19696398e0a8789211ac1faae787ee34f9639eb35efe29c67f874b5f9fe674742503e570f441c005974f4a0c93468b8970b
AUX sshd.rc6.4 2114 SHA256 b577e0ac07558205e2229b32bf52ab52d050acda3748708d9a36dc4365a3a725 SHA512 8bde7a1acf3a743982f0d1c951319adf9a401839a17c0bc55e5541940440187e08d46e0def650bcc758669841bcabb9d80afe81f37efee39bb451f131a58f0eb WHIRLPOOL fa4372c2673762bb5f2a9a67e0fea130b45ba7b76244c972fd14845b3689d9f841ffcd5ca21dcbaa58d547eea385936e65ef4a48279c95bc795c6b4cc90b2ddb
AUX sshd.service 242 SHA256 1351c43fe8287f61255ace9fa20790f770d69296b4dd31b0c583983d4cc59843 SHA512 77f50c85a2c944995a39819916eb860cfdc1aff90986e93282e669a0de73c287ecb92d550fd118cfcc8ab538eab677e0d103b23cd959b7e8d9801bc37250c39c WHIRLPOOL 0f5c48d709274c526ceee4f26e35dcb00816ffa9d6661acc1e4e462acb38c3c6108b0e87783eff9da1b1868127c5550c57a5a0a9d7270b927ac4b92191876989
AUX sshd.socket 136 SHA256 c055abcd10c5d372119cbc3708661ddffccdee7a1de1282559c54d03e2f109d9 SHA512 4d31d373b7bdae917dc0cf05418c71d4743e98e354aefcf055f88f55c9c644a5a0e0e605dbb8372c1b98d17c0ea1c8c0fee27d38ab8dbe23c7e420a6a78c6d42 WHIRLPOOL 102d87b708c31e5994e8005437c78b1aa756c6def4ee9ae2fa9be1438f328fc28c9152a4ff2528941be18f1311594490ecd98b66716ec74e970aa3725a98e2e5
AUX sshd_at.service 176 SHA256 332f5ffc30456fe2494095c2aabd1e6e02075ce224e2d49708ac7ccf6d341998 SHA512 662a9c2668902633e6dbcb9435ac35bec3e224afdb2ab6a1df908618536ae9fc1958ba1d611e146c01fddb0c8f41eefdc26de78f45b7f165b1d6b2ee2f23be2a WHIRLPOOL aeb32351380dd674ef7a2e7b537f43116c189f7fddb8bdb8b2c109e9f62b0a73cc0f29f2d46270e658ab6409b8d3671ce9e0d0ba7c0d3674c2f85291a73e6df1
DIST openssh-6.7_p1-sctp.patch.xz 7408 SHA256 b33e82309195f2a3f21a9fb14e6da2080b096dcf0d6f1c36c93cdeac683fdd59 SHA512 35da5e58f857e8b24e63b4058e946b71fdf0fecc637cb7af0ba8913869e5aadf8317805838936c84dc24421f03c5c91e1670761bed152fdf325c5a509f1b5d04 WHIRLPOOL cc7bace4aa60d720914e3a6a4ff650b7543d9e4963deab12c19cb5d798547b4fe547690946ff8955e121339e9a3d0ebe06f3ff758cca4bb81a09ac43fc877f58
DIST openssh-6.7p1+x509-8.2.diff.gz 241798 SHA256 85acfcd560b40d4533b82a4e3f443b7137b377868bab424dacdf00581c83240f SHA512 d33ece7ddf382235b032875cf961845b308dc5e4cd1888cb68fee11c95066bb90938f9043cb9410f372efb578b61dfd5d50341da95a92fab5a4c209ac54e1f5e WHIRLPOOL b1fe2b88f0e77312099171f5c83dc670abc4c40d215fdff1e43161e44f806de9e0537cfa3a0001e1c7bbc0d0aed555079455f88b8ff313b00d8e9a19dabcb7d8
DIST openssh-6.7p1-hpnssh14v5.tar.xz 25652 SHA256 7284db65548b6b04142930da86972f96b1f5aa8ad3fc125134412f904f369d7e SHA512 21929805f40c79684ee3ecdb2b495d3204dca90b932aa633c4e0f6a093a417259cdeee10b3e49f3dff426febc6792f45ee23cc0688f05bf047630f3016e0926a WHIRLPOOL 5515cd4c745b061a3e92ac03e8121fb3ffc4b2ff116140625ca7ab2c0211c673b6345e5b08134df8b1743e03f9964017e789e1f0b9da99a0fd5970e14665e681
DIST openssh-6.7p1.tar.gz 1351367 SHA256 b2f8394eae858dabbdef7dac10b99aec00c95462753e80342e530bbb6f725507 SHA512 2469dfcd289948374843311dd9e5f7e144ce1cebd4bfce0d387d0b75cb59f3e1af1b9ebf96bd4ab6407dfa77a013c5d25742971053e61cae2541054aeaca559d WHIRLPOOL ac8ce86d0f6c78c4cb3624b480f189f951d508db38b22d7a5550b7302d5277c1c7d18eaa713d52139abc0f77edacfdb03ced2603125e3ddf9bc09c69e6b70518
DIST openssh-6.8_p1-sctp.patch.xz 7388 SHA256 2c74dd00aaae9f4de908d8e5685ae982779a5069996b98d55e8408eada739a19 SHA512 f93a1d27bc3e57a6d4fa717c9d5ece4f28196f8539cb2f2efc4285dce9a2e94a3f5a59d18fc01ea73a94e90630cee7621240455fce146f781cf7091a828f2db0 WHIRLPOOL 7fb3346c3444654988303ff2a941345c00412a8012d6d419c9e4f870ef4c3362f92a4020d7bff2dc5d1ff9e42cf7287c4346909f8db07154783d5359a73a7476
DIST openssh-6.8_p1-x509-8.3.1-glue.patch.xz 141096 SHA256 1e8c911b1403e47a37c24d0ebbfa36d46204c06b38d93ed9ae6d2a0953d3bba6 SHA512 942f09f20d898b4865707b5b48012545d7f8171353427ddb773cffaf1b8c664f48375cb85292592ccba63da695e99def42d17c52a61bb93b89827f53cf3ad918 WHIRLPOOL 66ace7a191a562485ee144516912dee52c84fcfbe8b710b3429211cd9d849dc24d4419c5fa6fd3968f9ab250cf474a692db326c2ac3ef930081b8a5777875a73
DIST openssh-6.8p1+x509-8.3.1.diff.gz 351502 SHA256 64d0b7cd428352a2d77d9decb02ec744eca4433bcb35288745859eb19ccf4fcf SHA512 6525b7ddae13752f145bda42fe6d65ec40a8c9d44766b749cf49ff904d6b1941e088e560c2a532a3dc0003ac1e29d56a28ea3ed1533ee5abcd696cd80ae88d8e WHIRLPOOL 32f45411d250b7c46f2408bfca6b12223e901fa15c27db449c06cd5b1ab7a0e853fffed5971ca635c5080d1796196a8661b8d1503bdcdb28d61e0d082f28590b
DIST openssh-6.8p1-r5-hpnssh14v5.tar.xz 27240 SHA256 4fe25701ea8717e88bf2355a76fb5370819f927af99efba3e4f06fe3264fbf58 SHA512 29a2086c6bf868bb1c8d2601e1ac83a82de48ed9f9cf6a3762b3f899112d939507b563d0117b4bec87008dd0434e0735e4a4f8c779a64d719d3873224918d16c WHIRLPOOL a4f3e841530d08363c94dfb55911e79f130668e459dc2e1ebb477c14dcf7d3bd71ad63c55e0ff2ba80684e67a8f40867b0a9fd01aabe3fe1533ef604f84a76b3
DIST openssh-6.8p1.tar.gz 1475953 SHA256 3ff64ce73ee124480b5bf767b9830d7d3c03bbcb6abe716b78f0192c37ce160e SHA512 7c4457e4525a56cdabb1164ffaf6bed1c094294ae7d06dd3484dcffcd87738fcffe7019b6cae0032c254b0389832644522d5a9f2603b50637ffeb9999b5fcede WHIRLPOOL 3ac9cc4fe0b11ca66c0220618d0ef0c5925e5605d4d3d55c9579b708c478cf8613b7575fe213aba57054d97d3290baac4eba26b7a630d22477ec947f22327a5a
DIST openssh-6.9p1+x509-8.4.diff.gz 425687 SHA256 0ed8bfff0d2ecd9f3791ae1f168ca3270bb66d7ab7bc0a8ff2d61d2ab829c3fb SHA512 596cb65408db06fb299b92160147685b001dc23929ecf5c4bd11a8b0475d79695c7b4dbe8a878d7fbcd944155935fd62a14e35c79204b39e413f5eaa961ef76c WHIRLPOOL 771fa0f4f6a20ed49ba201605fcdcbfc41a0f094ef4a89ca2433ee51b7c8bf99cc266f26bd7877c61ff92e9a50c7d65119ba75ba64eaa029bd567bab3ee243c2
DIST openssh-6.9p1-hpnssh14v5.tar.xz 25164 SHA256 67c0b043525c838522d17ba8ed3ffa81aa212ae0f43c3d989a3e649fd0a2ca48 SHA512 bef32f6dd97e949e0973d30248401b86233ca66ace750c5050158a748fe279db46c8ee59b6f3de2193f52bab3a1c19372296b86136d7d65a312769008d0acf3a WHIRLPOOL 65241de2409bfe452b0bcf6282f0571a2bbf6d02d4d5cb97db78bd42e8be439c47da8a54d33272a85d50d648e2e4af56b574bc8add56c65e2ff9ccd59b90f65c
DIST openssh-6.9p1-r1-hpnssh14v5.tar.xz 21396 SHA256 84e9e28a1488ccf66e29a7c90442b3bc4833a6fa186260fb6853b5a1b19c0beb SHA512 476064dbdb3d82b86ad7c481a4a301ff0d46bd281fe7ca0c29f34ae50b0034028760997ae2c934a265499c154f4534d35ead647aa63d1a4545ed503a5364eada WHIRLPOOL 74eaf2fe0a6ecd0e2fa5078034628d4c76c75b121f3c813ff8a098ab28363daa3800d03936046aa3aebbfdab3afd31ef30a207399f5e305d7f71e5f3c7e4f4a7
DIST openssh-6.9p1.tar.gz 1487617 SHA256 6e074df538f357d440be6cf93dc581a21f22d39e236f217fcd8eacbb6c896cfe SHA512 68fec9b4e512fe126a5d35b01e2cc656d810b75052ed8a36bc85cd0a05de7318b15ed287bc95cf9bcb3fa2f385029151d85aced55e07fbcc79e6c779bee6751d WHIRLPOOL 1dcb291383c9f934b512f61ce9f6e0319f22e112ce3f6eace2a868ca0f99c709c65bae14a9815e2ef237f8132fe72c583cffb7ea20bdfa2aaa77cf347967be7f
DIST openssh-7.0p1+x509-8.5.diff.gz 411960 SHA256 6000557f1ddae06aff8837d440d93342a923fada571fec59fc5dedf388fb5f9e SHA512 1241419ea32a21b0ef15fb3845344c9b1126ecee94265b074e60af794eacdb39a98983040a61b9f169e0a6d5a0a248e1bbf9d9b3e56df50cb382441a26dddafd WHIRLPOOL 117e8c9bb05ded7fdf261e9aca709540e0a3817bc5b3e70472e8c802063e37ee24feae4c1b3a909177ab163e53c2d614b4f0fc75aad1ca44c0e0584eeff55a81
DIST openssh-7.0p1-hpnssh14v5.tar.xz 21428 SHA256 6032c4547c9f83a6f648ac7c39cdad2bd6fd725e5f3ab2411c5b30298aae1451 SHA512 d4cf4a628c11515bfe8c3a91b4b7039fca28c2f89ad1dde062c4cb433b984b10dec2d37b1f338f18aa7813e60d8608b65ca95b930edc33086710b82780875942 WHIRLPOOL 7b686f243c98017453b3da3e98b7524650b4a0a75fda6add80c7c233d468194d1d1333ffa4445c20856d807548aaa356c87a03ca87d8995a4b7ba350c7714d1e
DIST openssh-7.0p1.tar.gz 1493376 SHA256 fd5932493a19f4c81153d812ee4e042b49bbd3b759ab3d9344abecc2bc1485e5 SHA512 d82aa8e85630c3e2102e69da477185e0d30d84211d7d4ee0a1d9822bd234d649fe369bf91ce3d2b5ef0caee687d383cb761b682d3bf24bccbd2ce9a1fe9d9f50 WHIRLPOOL bb8007450ffee580df5a73e3d6ab9b54b7151c46c3b996516e5cb776034be21cbef1281a520279655137e218a757d8092cba3f66e216c6b4c6828876540cb5df
DIST openssh-7.1p1+x509-8.6.diff.gz 413931 SHA256 cbf661a1fec080dc9ed335a290414154326c2a13f124985db050b86a91073d52 SHA512 c91d0f1b69b6d34984e94b391ad022271e73d0634cef2df355ba555366bc38d30649b478f245b6c51ce79d71adf1b693bc97826e6c6013a78e7ccfb7023b4bcc WHIRLPOOL 4ed4427e80026996c43a188d7d45f2c53fa6a7fd842a248b1225b27f3e9037e761f0ed172d79b53ada81c24d958a2193e94d918f6ca1320e45d5e68379845981
DIST openssh-7.1p1-hpnssh14v9.tar.xz 21580 SHA256 a795c2f2621f537b3fd98172cbd1f7c71869e4da78cd280d123fa19ae4262b97 SHA512 6ce151949bf81b5518b95092a2f18d2f24581954e2c629deaf3c1d10136f32f830567aafb9b4045547e95e3ab63cf750e240eac40e2b9caa6d71cb2b132821ec WHIRLPOOL 8e3c9a1d79112092a6cb42c6766ccdf61e5d8fcd366ea5c7d3bab94cf309bcc12f3761476a288158638a340023aa24519d888caac19fb0ef25fa56bdab06412c
DIST openssh-7.1p1.tar.gz 1493170 SHA256 fc0a6d2d1d063d5c66dffd952493d0cda256cad204f681de0f84ef85b2ad8428 SHA512 f1491ca5a0a733eb27ede966590642a412cb7be7178dcb7b9e5844bbdc8383032f4b00435192b95fc0365b6fe74d6c5ac8d6facbe9d51e1532d049e2f784e8f7 WHIRLPOOL a650a93657f930d20dc3fa24ab720857f63f7cd0a82d1906cf1e58145e866129207851d5e587d678655e5731fa73221ab9b6ea0754533100c25fe2acaa442e05
DIST openssh-lpk-6.7p1-0.3.14.patch.xz 16920 SHA256 0203e6e44e41d58ec46d1611d7efc985134e662bbee51632c29f43ae809003f0 SHA512 344ccde4a04aeb1500400f779e64b2d8a5ad2970de3c4c343ca9605758e22d3812ef5453cd3221b18ad74a9762583c62417879107e4e1dda1398a6a65bcd04b2 WHIRLPOOL 5b6beeb743d04deea70c8b471a328b5f056fd4651e1370c7882e5d12f54fa2170486dcd6f97aa8c58e80af9a2d4012e2dfbcf53185317976d309783ca8d6cf73
DIST openssh-lpk-6.8p1-0.3.14.patch.xz 16940 SHA256 d5f048dc7e9d3fca085c152fc31306f1d8fa793e524c538295915b075ec085b0 SHA512 2470b6b46f8c7ac985f82d14b788a3eb81a468a1d5013cb7f89257d9dd78b6037e24bf54ac57b757db8ed1df24332d659cf918c11ea73592fd24a69c25a54081 WHIRLPOOL b041ee9e0efdf370686f11df4131ab5e5ffb2f11cc66c386a8223bf563c5b78ab9443f06e4adc2e506e440cdec9dc5b20f5972cd8d691d786d2f903bb49b947b
EBUILD openssh-6.7_p1-r4.ebuild 9962 SHA256 d5ee5fc5b008ed2a42dab88a2ee3b988ccd14e93683b895b952589796f2585fe SHA512 419e9d536bc5e4b6dc6be430d20fd1c0264c314bb9ed60c9e197e6d3adb1bff909caf20167078a98b6c6b5510eb4a5e4986d2e9d3e65fac3fee96ee83d13193d WHIRLPOOL f5ea97bfaf39efa2d2fab55d8dad16f5d8cf5aa7ad6069ce93288eb415a450aab3eb25f3c8d1ece478f0a438ec9a37460a7dcdc4f676e92d67118a362b9edbe0
EBUILD openssh-6.7_p1.ebuild 9895 SHA256 6d55ff5b4ea32b940f37980bc950922c996998b29ff8f16731a62d4e8e6c15c1 SHA512 7b078e8910250eba2bb39f7e43c8f1f691462194f66e78845bd0ef61751aca88cea43dcb0a395e1b7382093e1a1585bacce75efc82610ce2017dd8d71c9327d0 WHIRLPOOL ffdd64ad99c21061e34562e7f482b87a86fa44c54edf72ac5f44c59f40a46265f8f1693b7d684555c8087ce701efbe54a7314ad4ce7b7f60e21d38f9c30f5e0b
EBUILD openssh-6.8_p1-r5.ebuild 10402 SHA256 31b415473a164acddf74006fe8dfedf6761727511f2a3d8682510e8fcfa5664d SHA512 b1b8a582c9bf71f147c6881d751feccbdfc66fb23c7278abe1fd15670fcf904bc4625ecffaf72fa1d743333345faeb5aebc47148849cd6bf28258c71f1cdeba4 WHIRLPOOL f92a028e1b638dee5dbe2cebe0b0a6ea3a5da982e34d6839da0359ce856f8ef57369db17ddb08149a25b1c4fd274fe4ae6d5dbd03d8870dc27fa49e6288354bd
EBUILD openssh-6.9_p1-r1.ebuild 10048 SHA256 5e7f1e77587f1ed120c659d322399d4b273f5c2c70790603c29f24b09cf04100 SHA512 49be48792087b37d30bb123117034cd771cac3e175ef7fecf926ff2ecf117da4c874d62fd1c2ac54c2b767ecc326f9474dbece49ce718a795ae20d19c2ad5cb8 WHIRLPOOL a9b0f0c2b8f187dda30389069599261b74f676b2e3f2f6303d49c8d9da71104e1050e4f1f276032367a8dd1e94bbca758fd36f0aa2caa69c8707cc3b27c8aefd
EBUILD openssh-6.9_p1-r2.ebuild 9765 SHA256 3aba2e3be73521662168957f8280241e3df91d680e2ca53b3a5bc0767a149c08 SHA512 d5482cae7f61ab259688e7ff77dd9fd776a6c5eb97c22365b171641db72dc9fb9d2025d3e4cc2e128bdd4a9e5dd04097090d50b6f64f7c72383fd86700d4402b WHIRLPOOL a761aaecd8f6f72f0b72dc1db8e19e32f3077b75cd413f33d5b3358c96fb49e4f9cf068467924d67a19f6b5217dbb5068e935d150c3c17871e6614b9d1d112a7
EBUILD openssh-7.0_p1.ebuild 10478 SHA256 05bab74c747f77bfe968ce9371be64844412c23a1229c4d1597a472503db0d3e SHA512 578482c3f9b6f8a5183046483079bc3d895bd7f8deb0e1860f5afe6cb651fbb2be69557f9dc60000e54e7381870ea4239f6381377d7d772bd2ce30e212d0dea5 WHIRLPOOL 634d0dbfad64a39d510d11be4be97f35c338b8f20cd976e936ddf3eb845283bafc3eb2cc8d3de426501de841210401a1c8cfebf179e7fbd11d04d2a8d366773b
EBUILD openssh-7.1_p1-r1.ebuild 10628 SHA256 872b21e52174c3c99b372ed98c20aa03fdacf9bd97e4c851ce3b808a7f0e9c35 SHA512 9af7362eb6f2415011476e4591f811719d9ab727c5745ef1cdd52eb64fbf825d64a00a3575e41cb3d720bd9658410d6da450c94871c336058a5cfbe0dfd789b2 WHIRLPOOL 6cb7816f52d488a94a59ba87030b2c01400528886627bf98df2d22d33d4f0659ea96e477d198280ec140f2f776b07cfa536ea311645d6717085d0fbecc10a6e7
EBUILD openssh-7.1_p1-r2.ebuild 10633 SHA256 8997385c50f1dd8bdf5332c86f2d52addbd9127195c8cadf79c4bbbc09e41cdf SHA512 c58e4e57459c4cf63c7636a10213032c118c48069fa2dd52f0055209ebd1aec434602f5cc6342659d861955c599c8fba53f802b5a2f1b8effa5f2c38f06ba490 WHIRLPOOL aa77e4be2cf7130db21c89ed6c94040ed77dce254198a50af03a073e947f8fb73b487c77b74ad801c126769fd978a233227caa8ba5bbfebcd5bafe5a602ee8b2
EBUILD openssh-7.1_p1.ebuild 10525 SHA256 c979f16f19cda5596874edc1a18cc2fe296d56156ae46cc62e52473ddc79d7d9 SHA512 dcbb07dc1a1c1963343e10bfa63db468de1dde32ac85eaf2b8058ea24e6be578b1a4bf7c52aa27fb06a748a17fd874fa209341d980599f77d32bfcce8b8f029c WHIRLPOOL 578559127d1dbe26a1d76b7546895ba45da2f59a15ad403bfe69920260e62aa89395a73695d0ae38331d7e76db70b311bfd66e1594364714eb33f23fb7a35045
MISC ChangeLog 8368 SHA256 2ca18433f2cd75ed2345bb2a83dfaa2d5e8b12da44ac2c5a082f30b60b0cbfeb SHA512 ff073eef05797e40e321bcf980fc5f20e274444ed4a82e2deb251c6117d4a05d21dfd53a6d8de90cb3d963afe14297bbc0408edabb63e9f5969891efc2117435 WHIRLPOOL 9d0a121948ed25cc7fab1df3c227e7e60158f5fdd009ae00b0041691f8be91b4dc415cc50357ad2e5e0ee72dc32c20fa798eccce65897e8faaa0d5149eec31df
MISC ChangeLog-2015 95783 SHA256 53b51ee42a1faf42d80733382986e4fd606366b7bb6350c76f44df851e071890 SHA512 95a4f4243cb8cd8901208adc3632e191ab27a5ea2ce947e832264833262d8bd1e74a7e4f3545d6f2da8d2b473a59cfc7014aa88d5b0ea30e348c4f5d9323c8e5 WHIRLPOOL 5b56a38ddcf0308b681fc1c1fe8107c37ea1385e30ebc435d22f73c38947f9afdbb37ffb1c22bc48c83117cb91b946831cd83bab2807c248292fd2822002f828
MISC metadata.xml 2129 SHA256 f786d2849baa9c48bf58e1e5d71dec826998961dc96ae13937c2853900b4a289 SHA512 a8ce6d4781f98279cc7666a36f0e80229358d61a2ef9f7486d26233b523780963d43b2cca332301901a22a15ac2e79d2abce399028b47c95d65bccc49f609376 WHIRLPOOL c59d747bc802dd8e3c3bcc3d0e7168c1ad00ba48f74226e5da5dd1a1ea769882861c0bcd9bcb117fc92d8fca746f7d69a39b77a4dfcb5c0279f672bba2cb3eec

127
sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-4.7_p1-GSSAPI-dns.patch vendored
View File

@ -1,127 +0,0 @@
http://bugs.gentoo.org/165444
https://bugzilla.mindrot.org/show_bug.cgi?id=1008
Index: readconf.c
===================================================================
RCS file: /cvs/openssh/readconf.c,v
retrieving revision 1.135
diff -u -r1.135 readconf.c
--- readconf.c 5 Aug 2006 02:39:40 -0000 1.135
+++ readconf.c 19 Aug 2006 11:59:52 -0000
@@ -126,6 +126,7 @@
oClearAllForwardings, oNoHostAuthenticationForLocalhost,
oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout,
oAddressFamily, oGssAuthentication, oGssDelegateCreds,
+ oGssTrustDns,
oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly,
oSendEnv, oControlPath, oControlMaster, oHashKnownHosts,
oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand,
@@ -163,9 +164,11 @@
#if defined(GSSAPI)
{ "gssapiauthentication", oGssAuthentication },
{ "gssapidelegatecredentials", oGssDelegateCreds },
+ { "gssapitrustdns", oGssTrustDns },
#else
{ "gssapiauthentication", oUnsupported },
{ "gssapidelegatecredentials", oUnsupported },
+ { "gssapitrustdns", oUnsupported },
#endif
{ "fallbacktorsh", oDeprecated },
{ "usersh", oDeprecated },
@@ -444,6 +447,10 @@
intptr = &options->gss_deleg_creds;
goto parse_flag;
+ case oGssTrustDns:
+ intptr = &options->gss_trust_dns;
+ goto parse_flag;
+
case oBatchMode:
intptr = &options->batch_mode;
goto parse_flag;
@@ -1010,6 +1017,7 @@
options->challenge_response_authentication = -1;
options->gss_authentication = -1;
options->gss_deleg_creds = -1;
+ options->gss_trust_dns = -1;
options->password_authentication = -1;
options->kbd_interactive_authentication = -1;
options->kbd_interactive_devices = NULL;
@@ -1100,6 +1108,8 @@
options->gss_authentication = 0;
if (options->gss_deleg_creds == -1)
options->gss_deleg_creds = 0;
+ if (options->gss_trust_dns == -1)
+ options->gss_trust_dns = 0;
if (options->password_authentication == -1)
options->password_authentication = 1;
if (options->kbd_interactive_authentication == -1)
Index: readconf.h
===================================================================
RCS file: /cvs/openssh/readconf.h,v
retrieving revision 1.63
diff -u -r1.63 readconf.h
--- readconf.h 5 Aug 2006 02:39:40 -0000 1.63
+++ readconf.h 19 Aug 2006 11:59:52 -0000
@@ -45,6 +45,7 @@
/* Try S/Key or TIS, authentication. */
int gss_authentication; /* Try GSS authentication */
int gss_deleg_creds; /* Delegate GSS credentials */
+ int gss_trust_dns; /* Trust DNS for GSS canonicalization */
int password_authentication; /* Try password
* authentication. */
int kbd_interactive_authentication; /* Try keyboard-interactive auth. */
Index: ssh_config.5
===================================================================
RCS file: /cvs/openssh/ssh_config.5,v
retrieving revision 1.97
diff -u -r1.97 ssh_config.5
--- ssh_config.5 5 Aug 2006 01:34:51 -0000 1.97
+++ ssh_config.5 19 Aug 2006 11:59:53 -0000
@@ -483,7 +483,16 @@
Forward (delegate) credentials to the server.
The default is
.Dq no .
-Note that this option applies to protocol version 2 only.
+Note that this option applies to protocol version 2 connections using GSSAPI.
+.It Cm GSSAPITrustDns
+Set to
+.Dq yes to indicate that the DNS is trusted to securely canonicalize
+the name of the host being connected to. If
+.Dq no, the hostname entered on the
+command line will be passed untouched to the GSSAPI library.
+The default is
+.Dq no .
+This option only applies to protocol version 2 connections using GSSAPI.
.It Cm HashKnownHosts
Indicates that
.Xr ssh 1
Index: sshconnect2.c
===================================================================
RCS file: /cvs/openssh/sshconnect2.c,v
retrieving revision 1.151
diff -u -r1.151 sshconnect2.c
--- sshconnect2.c 18 Aug 2006 14:33:34 -0000 1.151
+++ sshconnect2.c 19 Aug 2006 11:59:53 -0000
@@ -499,6 +499,12 @@
static u_int mech = 0;
OM_uint32 min;
int ok = 0;
+ const char *gss_host;
+
+ if (options.gss_trust_dns)
+ gss_host = get_canonical_hostname(1);
+ else
+ gss_host = authctxt->host;
/* Try one GSSAPI method at a time, rather than sending them all at
* once. */
@@ -511,7 +517,7 @@
/* My DER encoding requires length<128 */
if (gss_supported->elements[mech].length < 128 &&
ssh_gssapi_check_mechanism(&gssctxt,
- &gss_supported->elements[mech], authctxt->host)) {
+ &gss_supported->elements[mech], gss_host)) {
ok = 1; /* Mechanism works */
} else {
mech++;

51
sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.3_p1-x509-hpn14v2-glue.patch vendored
View File

@ -1,51 +0,0 @@
--- openssh-6.3p1/Makefile.in
+++ openssh-6.3p1/Makefile.in
@@ -45,7 +45,7 @@
CC=@CC@
LD=@LD@
CFLAGS=@CFLAGS@
-CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ @LDAP_CPPFLAGS@ $(PATHS) @DEFS@
+CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@
LIBS=@LIBS@
K5LIBS=@K5LIBS@
GSSLIBS=@GSSLIBS@
@@ -53,6 +53,7 @@
SSHDLIBS=@SSHDLIBS@
LIBEDIT=@LIBEDIT@
LIBLDAP=@LDAP_LDFLAGS@ @LDAP_LIBS@
+CPPFLAGS+=@LDAP_CPPFLAGS@
AR=@AR@
AWK=@AWK@
RANLIB=@RANLIB@
--- openssh-6.3p1/sshconnect.c
+++ openssh-6.3p1/sshconnect.c
@@ -465,7 +465,7 @@
{
/* Send our own protocol version identification. */
if (compat20) {
- xasprintf(&client_version_string, "SSH-%d.%d-%.100s PKIX\r\n",
+ xasprintf(&client_version_string, "SSH-%d.%d-%.100s\r\n",
PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION);
} else {
xasprintf(&client_version_string, "SSH-%d.%d-%.100s\n",
--- openssh-6.3p1/sshd.c
+++ openssh-6.3p1/sshd.c
@@ -472,8 +472,8 @@
comment = "";
}
- xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s%s%s",
- major, minor, SSH_VERSION, comment,
+ xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s%s",
+ major, minor, SSH_VERSION,
*options.version_addendum == '\0' ? "" : " ",
options.version_addendum, newline);
--- openssh-6.3p1/version.h
+++ openssh-6.3p1/version.h
@@ -3,4 +3,5 @@
#define SSH_VERSION "OpenSSH_6.3"
#define SSH_PORTABLE "p1"
+#define SSH_X509 " PKIX"
#define SSH_RELEASE SSH_VERSION SSH_PORTABLE

17
sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.6.1_p1-x509-glue.patch vendored
View File

@ -1,17 +0,0 @@
Make x509 apply after openssh-5.9_p1-sshd-gssapi-multihomed.patch.
--- openssh-6.6p1+x509-8.0.diff
+++ openssh-6.6p1+x509-8.0.diff
@@ -16337,10 +16337,10 @@
.It Cm ChallengeResponseAuthentication
Specifies whether challenge-response authentication is allowed (e.g. via
PAM or though authentication styles supported in
-@@ -499,6 +576,16 @@
+@@ -514,6 +591,16 @@
+ This facility is provided to assist with operation on multi homed machines.
The default is
.Dq yes .
- Note that this option applies to protocol version 2 only.
+.It Cm HostbasedAlgorithms
+Specifies the protocol version 2 algorithms used in
+.Dq hostbased

26
sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.6.1_p1-x509-hpn14v5-glue.patch vendored
View File

@ -1,26 +0,0 @@
make the hpn patch apply when the x509 patch has also been applied
--- openssh-6.6.1p1-hpnssh14v5.diff
+++ openssh-6.6.1p1-hpnssh14v5.diff
@@ -1742,18 +1742,14 @@
if (options->ip_qos_interactive == -1)
options->ip_qos_interactive = IPTOS_LOWDELAY;
if (options->ip_qos_bulk == -1)
-@@ -345,9 +392,10 @@
+@@ -345,6 +392,7 @@
sUsePrivilegeSeparation, sAllowAgentForwarding,
sHostCertificate,
sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile,
-+ sTcpRcvBufPoll, sHPNDisabled, sHPNBufferSize,
++ sTcpRcvBufPoll, sHPNDisabled, sHPNBufferSize, sNoneEnabled,
sKexAlgorithms, sIPQoS, sVersionAddendum,
sAuthorizedKeysCommand, sAuthorizedKeysCommandUser,
-- sAuthenticationMethods, sHostKeyAgent,
-+ sAuthenticationMethods, sNoneEnabled, sHostKeyAgent,
- sDeprecated, sUnsupported
- } ServerOpCodes;
-
+ sAuthenticationMethods, sHostKeyAgent,
@@ -468,6 +516,10 @@
{ "revokedkeys", sRevokedKeys, SSHCFG_ALL },
{ "trustedusercakeys", sTrustedUserCAKeys, SSHCFG_ALL },

17
sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.7_p1-openssl-ignore-status.patch vendored
View File

@ -1,17 +0,0 @@
the last nibble of the openssl version represents the status. that is,
whether it is a beta or release. when it comes to version checks in
openssh, this component does not matter, so ignore it.
https://bugzilla.mindrot.org/show_bug.cgi?id=2212
--- a/openbsd-compat/openssl-compat.c
+++ b/openbsd-compat/openssl-compat.c
@@ -58,7 +58,7 @@ ssh_compatible_openssl(long headerver, long libver)
* For versions >= 1.0.0, major,minor,status must match and library
* fix version must be equal to or newer than the header.
*/
- mask = 0xfff0000fL; /* major,minor,status */
+ mask = 0xfff00000L; /* major,minor,status */
hfix = (headerver & 0x000ff000) >> 12;
lfix = (libver & 0x000ff000) >> 12;
if ( (headerver & mask) == (libver & mask) && lfix >= hfix)

42
sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.7_p1-sctp-x509-glue.patch vendored
View File

@ -1,42 +0,0 @@
--- openssh-6.7_p1-sctp.patch.orig 2014-11-24 10:34:31.817538707 -0800
+++ openssh-6.7_p1-sctp.patch 2014-11-24 10:38:52.744990154 -0800
@@ -195,14 +195,6 @@
.Op Fl c Ar cipher
.Op Fl F Ar ssh_config
.Op Fl i Ar identity_file
-@@ -178,6 +178,7 @@ For full details of the options listed b
- .It ServerAliveCountMax
- .It StrictHostKeyChecking
- .It TCPKeepAlive
-+.It Transport
- .It UsePrivilegedPort
- .It User
- .It UserKnownHostsFile
@@ -218,6 +219,8 @@ and
to print debugging messages about their progress.
This is helpful in
@@ -482,14 +474,6 @@
.Op Fl b Ar bind_address
.Op Fl c Ar cipher_spec
.Op Fl D Oo Ar bind_address : Oc Ns Ar port
-@@ -473,6 +473,7 @@ For full details of the options listed b
- .It StreamLocalBindUnlink
- .It StrictHostKeyChecking
- .It TCPKeepAlive
-+.It Transport
- .It Tunnel
- .It TunnelDevice
- .It UsePrivilegedPort
@@ -665,6 +666,8 @@ Trusted X11 forwardings are not subjecte
controls.
.It Fl y
@@ -527,7 +511,7 @@
- again:
+
- while ((opt = getopt(ac, av, "1246ab:c:e:fgi:kl:m:no:p:qstvx"
+ while ((opt = getopt(ac, av, "1246ab:c:e:fgi:kl:m:no:p:qstvx" SCTP_OPT
- "ACD:E:F:I:KL:MNO:PQ:R:S:TVw:W:XYy")) != -1) {
+ "ACD:E:F:" ENGCONFIG "I:KL:MNO:PQ:R:S:TVw:W:XYy")) != -1) {
switch (opt) {
case '1':
@@ -732,6 +738,11 @@ main(int ac, char **av)

162
sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.7_p1-sshd-gssapi-multihomed.patch vendored
View File

@ -1,162 +0,0 @@
https://bugs.gentoo.org/378361
https://bugzilla.mindrot.org/show_bug.cgi?id=928
--- a/gss-serv.c
+++ b/gss-serv.c
@@ -41,9 +41,12 @@
#include "channels.h"
#include "session.h"
#include "misc.h"
+#include "servconf.h"
#include "ssh-gss.h"
+extern ServerOptions options;
+
static ssh_gssapi_client gssapi_client =
{ GSS_C_EMPTY_BUFFER, GSS_C_EMPTY_BUFFER,
GSS_C_NO_CREDENTIAL, NULL, {NULL, NULL, NULL}};
@@ -77,25 +80,32 @@ ssh_gssapi_acquire_cred(Gssctxt *ctx)
char lname[NI_MAXHOST];
gss_OID_set oidset;
- gss_create_empty_oid_set(&status, &oidset);
- gss_add_oid_set_member(&status, ctx->oid, &oidset);
-
- if (gethostname(lname, sizeof(lname))) {
- gss_release_oid_set(&status, &oidset);
- return (-1);
- }
+ if (options.gss_strict_acceptor) {
+ gss_create_empty_oid_set(&status, &oidset);
+ gss_add_oid_set_member(&status, ctx->oid, &oidset);
+
+ if (gethostname(lname, MAXHOSTNAMELEN)) {
+ gss_release_oid_set(&status, &oidset);
+ return (-1);
+ }
+
+ if (GSS_ERROR(ssh_gssapi_import_name(ctx, lname))) {
+ gss_release_oid_set(&status, &oidset);
+ return (ctx->major);
+ }
+
+ if ((ctx->major = gss_acquire_cred(&ctx->minor,
+ ctx->name, 0, oidset, GSS_C_ACCEPT, &ctx->creds,
+ NULL, NULL)))
+ ssh_gssapi_error(ctx);
- if (GSS_ERROR(ssh_gssapi_import_name(ctx, lname))) {
gss_release_oid_set(&status, &oidset);
return (ctx->major);
+ } else {
+ ctx->name = GSS_C_NO_NAME;
+ ctx->creds = GSS_C_NO_CREDENTIAL;
}
-
- if ((ctx->major = gss_acquire_cred(&ctx->minor,
- ctx->name, 0, oidset, GSS_C_ACCEPT, &ctx->creds, NULL, NULL)))
- ssh_gssapi_error(ctx);
-
- gss_release_oid_set(&status, &oidset);
- return (ctx->major);
+ return GSS_S_COMPLETE;
}
/* Privileged */
--- a/servconf.c
+++ b/servconf.c
@@ -86,6 +86,7 @@ initialize_server_options(ServerOptions
options->kerberos_get_afs_token = -1;
options->gss_authentication=-1;
options->gss_cleanup_creds = -1;
+ options->gss_strict_acceptor = -1;
options->password_authentication = -1;
options->kbd_interactive_authentication = -1;
options->challenge_response_authentication = -1;
@@ -200,6 +201,8 @@ fill_default_server_options(ServerOption
options->gss_authentication = 0;
if (options->gss_cleanup_creds == -1)
options->gss_cleanup_creds = 1;
+ if (options->gss_strict_acceptor == -1)
+ options->gss_strict_acceptor = 0;
if (options->password_authentication == -1)
options->password_authentication = 1;
if (options->kbd_interactive_authentication == -1)
@@ -277,7 +280,8 @@ typedef enum {
sBanner, sUseDNS, sHostbasedAuthentication,
sHostbasedUsesNameFromPacketOnly, sClientAliveInterval,
sClientAliveCountMax, sAuthorizedKeysFile,
- sGssAuthentication, sGssCleanupCreds, sAcceptEnv, sPermitTunnel,
+ sGssAuthentication, sGssCleanupCreds, sGssStrictAcceptor,
+ sAcceptEnv, sPermitTunnel,
sMatch, sPermitOpen, sForceCommand, sChrootDirectory,
sUsePrivilegeSeparation, sAllowAgentForwarding,
sZeroKnowledgePasswordAuthentication, sHostCertificate,
@@ -327,9 +331,11 @@ static struct {
#ifdef GSSAPI
{ "gssapiauthentication", sGssAuthentication, SSHCFG_ALL },
{ "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL },
+ { "gssapistrictacceptorcheck", sGssStrictAcceptor, SSHCFG_GLOBAL },
#else
{ "gssapiauthentication", sUnsupported, SSHCFG_ALL },
{ "gssapicleanupcredentials", sUnsupported, SSHCFG_GLOBAL },
+ { "gssapistrictacceptorcheck", sUnsupported, SSHCFG_GLOBAL },
#endif
{ "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL },
{ "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL },
@@ -850,6 +856,10 @@ process_server_config_line(ServerOptions
case sGssCleanupCreds:
intptr = &options->gss_cleanup_creds;
+ goto parse_flag;
+
+ case sGssStrictAcceptor:
+ intptr = &options->gss_strict_acceptor;
goto parse_flag;
case sPasswordAuthentication:
--- a/servconf.h
+++ b/servconf.h
@@ -92,6 +92,7 @@ typedef struct {
* authenticated with Kerberos. */
int gss_authentication; /* If true, permit GSSAPI authentication */
int gss_cleanup_creds; /* If true, destroy cred cache on logout */
+ int gss_strict_acceptor; /* If true, restrict the GSSAPI acceptor name */
int password_authentication; /* If true, permit password
* authentication. */
int kbd_interactive_authentication; /* If true, permit */
--- a/sshd_config
+++ b/sshd_config
@@ -69,6 +69,7 @@
# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes
+#GSSAPIStrictAcceptorCheck yes
# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
--- a/sshd_config.5
+++ b/sshd_config.5
@@ -386,6 +386,21 @@ on logout.
The default is
.Dq yes .
Note that this option applies to protocol version 2 only.
+.It Cm GSSAPIStrictAcceptorCheck
+Determines whether to be strict about the identity of the GSSAPI acceptor
+a client authenticates against.
+If set to
+.Dq yes
+then the client must authenticate against the
+.Pa host
+service on the current hostname.
+If set to
+.Dq no
+then the client may authenticate against any service key stored in the
+machine's default store.
+This facility is provided to assist with operation on multi homed machines.
+The default is
+.Dq yes .
.It Cm HostbasedAuthentication
Specifies whether rhosts or /etc/hosts.equiv authentication together
with successful public key client host authentication is allowed

46
sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.7_p1-x509-glue.patch vendored
View File

@ -1,46 +0,0 @@
--- openssh-6.7p1.orig/sshd_config.5 2014-11-24 10:24:29.356244415 -0800
+++ openssh-6.7p1/sshd_config.5 2014-11-24 10:23:49.415029039 -0800
@@ -610,21 +610,6 @@
The default is
.Dq yes .
Note that this option applies to protocol version 2 only.
-.It Cm GSSAPIStrictAcceptorCheck
-Determines whether to be strict about the identity of the GSSAPI acceptor
-a client authenticates against.
-If set to
-.Dq yes
-then the client must authenticate against the
-.Pa host
-service on the current hostname.
-If set to
-.Dq no
-then the client may authenticate against any service key stored in the
-machine's default store.
-This facility is provided to assist with operation on multi homed machines.
-The default is
-.Dq yes .
.It Cm HostbasedAuthentication
Specifies whether rhosts or /etc/hosts.equiv authentication together
with successful public key client host authentication is allowed
@@ -651,6 +636,21 @@
attempting to resolve the name from the TCP connection itself.
The default is
.Dq no .
+.It Cm GSSAPIStrictAcceptorCheck
+Determines whether to be strict about the identity of the GSSAPI acceptor
+a client authenticates against.
+If set to
+.Dq yes
+then the client must authenticate against the
+.Pa host
+service on the current hostname.
+If set to
+.Dq no
+then the client may authenticate against any service key stored in the
+machine's default store.
+This facility is provided to assist with operation on multi homed machines.
+The default is
+.Dq yes .
.It Cm HostCertificate
Specifies a file containing a public host certificate.
The certificate's public key must match a private host key already specified

11
sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.7_p1-xmalloc-include.patch vendored
View File

@ -1,11 +0,0 @@
diff -ur openssh-6.7p1.orig/ssh-rsa.c openssh-6.7p1/ssh-rsa.c
--- openssh-6.7p1.orig/ssh-rsa.c 2015-02-24 14:52:54.512197868 -0800
+++ openssh-6.7p1/ssh-rsa.c 2015-02-27 11:48:54.173951646 -0800
@@ -34,6 +34,7 @@
#include "sshkey.h"
#include "digest.h"
#include "evp-compat.h"
+#include "xmalloc.h"
/*NOTE: Do not define USE_LEGACY_RSA_... if build
is with FIPS capable OpenSSL */

90
sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.8_p1-sctp-x509-glue.patch vendored
View File

@ -1,90 +0,0 @@
--- openssh-6.8_p1-sctp.patch.orig 2015-03-18 17:52:40.563506822 -0700
+++ openssh-6.8_p1-sctp.patch 2015-03-18 18:14:30.919753194 -0700
@@ -184,34 +184,6 @@
int port; /* Port to connect. */
int address_family;
int connection_attempts; /* Max attempts (seconds) before
---- a/scp.1
-+++ b/scp.1
-@@ -19,7 +19,7 @@
- .Sh SYNOPSIS
- .Nm scp
- .Bk -words
--.Op Fl 12346BCpqrv
-+.Op Fl 12346BCpqrvz
- .Op Fl c Ar cipher
- .Op Fl F Ar ssh_config
- .Op Fl i Ar identity_file
-@@ -178,6 +178,7 @@ For full details of the options listed b
- .It ServerAliveCountMax
- .It StrictHostKeyChecking
- .It TCPKeepAlive
-+.It Transport
- .It UpdateHostKeys
- .It UsePrivilegedPort
- .It User
-@@ -218,6 +219,8 @@ and
- to print debugging messages about their progress.
- This is helpful in
- debugging connection, authentication, and configuration problems.
-+.It Fl z
-+Use the SCTP protocol for connection instead of TCP which is the default.
- .El
- .Sh EXIT STATUS
- .Ex -std scp
--- a/scp.c
+++ b/scp.c
@@ -395,7 +395,11 @@ main(int argc, char **argv)
@@ -471,34 +443,6 @@
int protocol; /* Supported protocol versions. */
struct ForwardOptions fwd_opts; /* forwarding options */
SyslogFacility log_facility; /* Facility for system logging. */
---- a/ssh.1
-+++ b/ssh.1
-@@ -43,7 +43,7 @@
- .Sh SYNOPSIS
- .Nm ssh
- .Bk -words
--.Op Fl 1246AaCfGgKkMNnqsTtVvXxYy
-+.Op Fl 1246AaCfGgKkMNnqsTtVvXxYyz
- .Op Fl b Ar bind_address
- .Op Fl c Ar cipher_spec
- .Op Fl D Oo Ar bind_address : Oc Ns Ar port
-@@ -473,6 +473,7 @@ For full details of the options listed b
- .It StreamLocalBindUnlink
- .It StrictHostKeyChecking
- .It TCPKeepAlive
-+.It Transport
- .It Tunnel
- .It TunnelDevice
- .It UsePrivilegedPort
-@@ -665,6 +666,8 @@ Trusted X11 forwardings are not subjecte
- controls.
- .It Fl y
- Send log information using the
-+.It Fl z
-+Use the SCTP protocol for connection instead of TCP which is the default.
- .Xr syslog 3
- system module.
- By default this information is sent to stderr.
--- a/ssh.c
+++ b/ssh.c
@@ -194,12 +194,17 @@ extern int muxserver_sock;
@@ -520,13 +464,11 @@
" [-D [bind_address:]port] [-E log_file] [-e escape_char]\n"
" [-F configfile] [-I pkcs11] [-i identity_file]\n"
" [-L [bind_address:]port:host:hostport] [-l login_name] [-m mac_spec]\n"
-@@ -506,7 +512,7 @@ main(int ac, char **av)
- argv0 = av[0];
+@@ -506,4 +512,4 @@ main(int ac, char **av)
- again:
-- while ((opt = getopt(ac, av, "1246ab:c:e:fgi:kl:m:no:p:qstvx"
-+ while ((opt = getopt(ac, av, "1246ab:c:e:fgi:kl:m:no:p:qstvx" SCTP_OPT
- "ACD:E:F:GI:KL:MNO:PQ:R:S:TVw:W:XYy")) != -1) {
+- while ((opt = getopt(ac, av, "1246ab:c:de:fgi:kl:m:no:p:qstvx"
++ while ((opt = getopt(ac, av, "1246ab:c:de:fgi:kl:m:no:p:qstvx" SCTP_OPT
+ "ACD:E:F:" ENGCONFIG "I:KL:MNO:PQ:R:S:TVw:W:XYy")) != -1) {
switch (opt) {
case '1':
@@ -732,6 +738,11 @@ main(int ac, char **av)

40
sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.8_p1-ssh-keygen-no-ssh1.patch vendored
View File

@ -1,40 +0,0 @@
https://bugs.gentoo.org/544078
https://bugzilla.mindrot.org/show_bug.cgi?id=2369
From 117c961c8d1f0537973df5a6a937389b4b7b61b4 Mon Sep 17 00:00:00 2001
From: "djm@openbsd.org" <djm@openbsd.org>
Date: Mon, 23 Mar 2015 06:06:38 +0000
Subject: [PATCH] upstream commit
for ssh-keygen -A, don't try (and fail) to generate ssh
v.1 keys when compiled without SSH1 support RSA/DSA/ECDSA keys when compiled
without OpenSSL based on patch by Mike Frysinger; bz#2369
---
ssh-keygen.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/ssh-keygen.c b/ssh-keygen.c
index a3c2362..96dd8b4 100644
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@@ -948,12 +948,16 @@ do_gen_all_hostkeys(struct passwd *pw)
char *key_type_display;
char *path;
} key_types[] = {
+#ifdef WITH_OPENSSL
+#ifdef WITH_SSH1
{ "rsa1", "RSA1", _PATH_HOST_KEY_FILE },
+#endif /* WITH_SSH1 */
{ "rsa", "RSA" ,_PATH_HOST_RSA_KEY_FILE },
{ "dsa", "DSA", _PATH_HOST_DSA_KEY_FILE },
#ifdef OPENSSL_HAS_ECC
{ "ecdsa", "ECDSA",_PATH_HOST_ECDSA_KEY_FILE },
-#endif
+#endif /* OPENSSL_HAS_ECC */
+#endif /* WITH_OPENSSL */
{ "ed25519", "ED25519",_PATH_HOST_ED25519_KEY_FILE },
{ NULL, NULL, NULL }
};
--
2.3.3

162
sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.8_p1-sshd-gssapi-multihomed.patch vendored
View File

@ -1,162 +0,0 @@
https://bugs.gentoo.org/378361
https://bugzilla.mindrot.org/show_bug.cgi?id=928
--- a/gss-serv.c
+++ b/gss-serv.c
@@ -41,9 +41,12 @@
#include "channels.h"
#include "session.h"
#include "misc.h"
+#include "servconf.h"
#include "ssh-gss.h"
+extern ServerOptions options;
+
static ssh_gssapi_client gssapi_client =
{ GSS_C_EMPTY_BUFFER, GSS_C_EMPTY_BUFFER,
GSS_C_NO_CREDENTIAL, NULL, {NULL, NULL, NULL, NULL}};
@@ -77,25 +80,32 @@ ssh_gssapi_acquire_cred(Gssctxt *ctx)
char lname[NI_MAXHOST];
gss_OID_set oidset;
- gss_create_empty_oid_set(&status, &oidset);
- gss_add_oid_set_member(&status, ctx->oid, &oidset);
-
- if (gethostname(lname, sizeof(lname))) {
- gss_release_oid_set(&status, &oidset);
- return (-1);
- }
+ if (options.gss_strict_acceptor) {
+ gss_create_empty_oid_set(&status, &oidset);
+ gss_add_oid_set_member(&status, ctx->oid, &oidset);
+
+ if (gethostname(lname, MAXHOSTNAMELEN)) {
+ gss_release_oid_set(&status, &oidset);
+ return (-1);
+ }
+
+ if (GSS_ERROR(ssh_gssapi_import_name(ctx, lname))) {
+ gss_release_oid_set(&status, &oidset);
+ return (ctx->major);
+ }
+
+ if ((ctx->major = gss_acquire_cred(&ctx->minor,
+ ctx->name, 0, oidset, GSS_C_ACCEPT, &ctx->creds,
+ NULL, NULL)))
+ ssh_gssapi_error(ctx);
- if (GSS_ERROR(ssh_gssapi_import_name(ctx, lname))) {
gss_release_oid_set(&status, &oidset);
return (ctx->major);
+ } else {
+ ctx->name = GSS_C_NO_NAME;
+ ctx->creds = GSS_C_NO_CREDENTIAL;
}
-
- if ((ctx->major = gss_acquire_cred(&ctx->minor,
- ctx->name, 0, oidset, GSS_C_ACCEPT, &ctx->creds, NULL, NULL)))
- ssh_gssapi_error(ctx);
-
- gss_release_oid_set(&status, &oidset);
- return (ctx->major);
+ return GSS_S_COMPLETE;
}
/* Privileged */
--- a/servconf.c
+++ b/servconf.c
@@ -86,6 +86,7 @@ initialize_server_options(ServerOptions
options->kerberos_get_afs_token = -1;
options->gss_authentication=-1;
options->gss_cleanup_creds = -1;
+ options->gss_strict_acceptor = -1;
options->password_authentication = -1;
options->kbd_interactive_authentication = -1;
options->challenge_response_authentication = -1;
@@ -200,6 +201,8 @@ fill_default_server_options(ServerOption
options->gss_authentication = 0;
if (options->gss_cleanup_creds == -1)
options->gss_cleanup_creds = 1;
+ if (options->gss_strict_acceptor == -1)
+ options->gss_strict_acceptor = 0;
if (options->password_authentication == -1)
options->password_authentication = 1;
if (options->kbd_interactive_authentication == -1)
@@ -277,7 +280,8 @@ typedef enum {
sBanner, sUseDNS, sHostbasedAuthentication,
sHostbasedUsesNameFromPacketOnly, sHostbasedAcceptedKeyTypes,
sClientAliveInterval, sClientAliveCountMax, sAuthorizedKeysFile,
- sGssAuthentication, sGssCleanupCreds, sAcceptEnv, sPermitTunnel,
+ sGssAuthentication, sGssCleanupCreds, sGssStrictAcceptor,
+ sAcceptEnv, sPermitTunnel,
sMatch, sPermitOpen, sForceCommand, sChrootDirectory,
sUsePrivilegeSeparation, sAllowAgentForwarding,
sHostCertificate,
@@ -327,9 +331,11 @@ static struct {
#ifdef GSSAPI
{ "gssapiauthentication", sGssAuthentication, SSHCFG_ALL },
{ "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL },
+ { "gssapistrictacceptorcheck", sGssStrictAcceptor, SSHCFG_GLOBAL },
#else
{ "gssapiauthentication", sUnsupported, SSHCFG_ALL },
{ "gssapicleanupcredentials", sUnsupported, SSHCFG_GLOBAL },
+ { "gssapistrictacceptorcheck", sUnsupported, SSHCFG_GLOBAL },
#endif
{ "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL },
{ "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL },
@@ -850,6 +856,10 @@ process_server_config_line(ServerOptions
case sGssCleanupCreds:
intptr = &options->gss_cleanup_creds;
+ goto parse_flag;
+
+ case sGssStrictAcceptor:
+ intptr = &options->gss_strict_acceptor;
goto parse_flag;
case sPasswordAuthentication:
--- a/servconf.h
+++ b/servconf.h
@@ -92,6 +92,7 @@ typedef struct {
* authenticated with Kerberos. */
int gss_authentication; /* If true, permit GSSAPI authentication */
int gss_cleanup_creds; /* If true, destroy cred cache on logout */
+ int gss_strict_acceptor; /* If true, restrict the GSSAPI acceptor name */
int password_authentication; /* If true, permit password
* authentication. */
int kbd_interactive_authentication; /* If true, permit */
--- a/sshd_config
+++ b/sshd_config
@@ -69,6 +69,7 @@
# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes
+#GSSAPIStrictAcceptorCheck yes
# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
--- a/sshd_config.5
+++ b/sshd_config.5
@@ -386,6 +386,21 @@ on logout.
The default is
.Dq yes .
Note that this option applies to protocol version 2 only.
+.It Cm GSSAPIStrictAcceptorCheck
+Determines whether to be strict about the identity of the GSSAPI acceptor
+a client authenticates against.
+If set to
+.Dq yes
+then the client must authenticate against the
+.Pa host
+service on the current hostname.
+If set to
+.Dq no
+then the client may authenticate against any service key stored in the
+machine's default store.
+This facility is provided to assist with operation on multi homed machines.
+The default is
+.Dq yes .
.It Cm HostbasedAcceptedKeyTypes
Specifies the key types that will be accepted for hostbased authentication
as a comma-separated pattern list.

33
sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.8_p1-ssl-engine-configure.patch vendored
View File

@ -1,33 +0,0 @@
https://github.com/openssh/openssh-portable/pull/29
From 003ed46d1bd94bac29c53b26ae70f6321ea11c80 Mon Sep 17 00:00:00 2001
From: Mike Frysinger <vapier@gentoo.org>
Date: Wed, 18 Mar 2015 12:37:24 -0400
Subject: [PATCH] do not abort when --without-ssl-engine --without-openssl is
set
---
configure.ac | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/configure.ac b/configure.ac
index b4d6598..7806d20 100644
--- a/configure.ac
+++ b/configure.ac
@@ -2276,10 +2276,10 @@ openssl_engine=no
AC_ARG_WITH([ssl-engine],
[ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ],
[
- if test "x$openssl" = "xno" ; then
- AC_MSG_ERROR([cannot use --with-ssl-engine when OpenSSL disabled])
- fi
if test "x$withval" != "xno" ; then
+ if test "x$openssl" = "xno" ; then
+ AC_MSG_ERROR([cannot use --with-ssl-engine when OpenSSL disabled])
+ fi
openssl_engine=yes
fi
]
--
2.3.2

15
sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.8_p1-teraterm-hpn-glue.patch vendored
View File

@ -1,15 +0,0 @@
--- a/0005-support-dynamically-sized-receive-buffers.patch
+++ b/0005-support-dynamically-sized-receive-buffers.patch
@@ -411,10 +411,10 @@ index af2f007..41b782b 100644
--- a/compat.h
+++ b/compat.h
@@ -60,6 +60,7 @@
- #define SSH_NEW_OPENSSH 0x04000000
#define SSH_BUG_DYNAMIC_RPORT 0x08000000
#define SSH_BUG_CURVE25519PAD 0x10000000
-+#define SSH_BUG_LARGEWINDOW 0x20000000
+ #define SSH_BUG_HOSTKEYS 0x20000000
++#define SSH_BUG_LARGEWINDOW 0x40000000
void enable_compat13(void);
void enable_compat20(void);

69
sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.8_p1-teraterm.patch vendored
View File

@ -1,69 +0,0 @@
https://bugs.gentoo.org/547944
From d8f391caef62378463a0e6b36f940170dadfe605 Mon Sep 17 00:00:00 2001
From: "dtucker@openbsd.org" <dtucker@openbsd.org>
Date: Fri, 10 Apr 2015 05:16:50 +0000
Subject: [PATCH] upstream commit
Don't send hostkey advertisments
(hostkeys-00@openssh.com) to current versions of Tera Term as they can't
handle them. Newer versions should be OK. Patch from Bryan Drewery and
IWAMOTO Kouichi, ok djm@
---
compat.c | 13 ++++++++++++-
compat.h | 3 ++-
sshd.c | 6 +++++-
3 files changed, 19 insertions(+), 3 deletions(-)
diff --git a/compat.c b/compat.c
index 2498168..0934de9 100644
--- a/compat.c
+++ b/compat.c
@@ -167,6 +167,17 @@ compat_datafellows(const char *version)
SSH_BUG_SCANNER },
{ "Probe-*",
SSH_BUG_PROBE },
+ { "TeraTerm SSH*,"
+ "TTSSH/1.5.*,"
+ "TTSSH/2.1*,"
+ "TTSSH/2.2*,"
+ "TTSSH/2.3*,"
+ "TTSSH/2.4*,"
+ "TTSSH/2.5*,"
+ "TTSSH/2.6*,"
+ "TTSSH/2.70*,"
+ "TTSSH/2.71*,"
+ "TTSSH/2.72*", SSH_BUG_HOSTKEYS },
{ NULL, 0 }
};
diff --git a/compat.h b/compat.h
index af2f007..83507f0 100644
--- a/compat.h
+++ b/compat.h
@@ -60,6 +60,7 @@
#define SSH_NEW_OPENSSH 0x04000000
#define SSH_BUG_DYNAMIC_RPORT 0x08000000
#define SSH_BUG_CURVE25519PAD 0x10000000
+#define SSH_BUG_HOSTKEYS 0x20000000
void enable_compat13(void);
void enable_compat20(void);
diff --git a/sshd.c b/sshd.c
index 6aa17fa..60b0cd4 100644
--- a/sshd.c
+++ b/sshd.c
@@ -928,6 +928,10 @@ notify_hostkeys(struct ssh *ssh)
int i, nkeys, r;
char *fp;
+ /* Some clients cannot cope with the hostkeys message, skip those. */
+ if (datafellows & SSH_BUG_HOSTKEYS)
+ return;
+
if ((buf = sshbuf_new()) == NULL)
fatal("%s: sshbuf_new", __func__);
for (i = nkeys = 0; i < options.num_host_key_files; i++) {
--
2.3.6

24
sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-6.9_p1-x509-warnings.patch vendored
View File

@ -1,24 +0,0 @@
diff -ur openssh-6.9p1.orig/sshconnect2.c openssh-6.9p1/sshconnect2.c
--- openssh-6.9p1.orig/sshconnect2.c 2015-07-01 14:56:26.766316866 -0700
+++ openssh-6.9p1/sshconnect2.c 2015-07-01 14:59:22.828692366 -0700
@@ -1404,7 +1404,7 @@
static int
get_allowed_keytype(Key *k) {
char *pattern;
- char *alg;
+ const char *alg;
if (k->type == KEY_RSA1 || k->type == KEY_UNSPEC)
return KEY_UNSPEC;
diff -ur openssh-6.9p1.orig/x509_nm_cmp.c openssh-6.9p1/x509_nm_cmp.c
--- openssh-6.9p1.orig/x509_nm_cmp.c 2015-07-01 14:56:26.129311890 -0700
+++ openssh-6.9p1/x509_nm_cmp.c 2015-07-01 14:59:14.086624068 -0700
@@ -133,7 +133,7 @@
tag = M_ASN1_STRING_type(in);
if (tag != V_ASN1_UTF8STRING) {
/*OpenSSL method surprisingly require non-const(!?) ASN1_STRING!*/
- return(ASN1_STRING_to_UTF8(out, in));
+ return(ASN1_STRING_to_UTF8(out, (ASN1_STRING *) in));
}
l = M_ASN1_STRING_length(in);

74
sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-7.0_p1-sctp-x509-glue.patch vendored
View File

@ -1,74 +0,0 @@
--- openssh-6.8_p1-sctp.patch.1 2015-08-12 16:01:13.854769013 -0700
+++ openssh-6.8_p1-sctp.patch 2015-08-12 16:00:38.208488789 -0700
@@ -195,14 +195,6 @@
.Op Fl c Ar cipher
.Op Fl F Ar ssh_config
.Op Fl i Ar identity_file
-@@ -178,6 +178,7 @@ For full details of the options listed b
- .It ServerAliveCountMax
- .It StrictHostKeyChecking
- .It TCPKeepAlive
-+.It Transport
- .It UpdateHostKeys
- .It UsePrivilegedPort
- .It User
@@ -218,6 +219,8 @@ and
to print debugging messages about their progress.
This is helpful in
@@ -477,19 +469,11 @@
.Sh SYNOPSIS
.Nm ssh
.Bk -words
--.Op Fl 1246AaCfGgKkMNnqsTtVvXxYy
-+.Op Fl 1246AaCfGgKkMNnqsTtVvXxYyz
+-.Op Fl 1246AaCdfgKkMNnqsTtVvXxYy
++.Op Fl 1246AaCdfgKkMNnqsTtVvXxYyz
.Op Fl b Ar bind_address
.Op Fl c Ar cipher_spec
.Op Fl D Oo Ar bind_address : Oc Ns Ar port
-@@ -473,6 +473,7 @@ For full details of the options listed b
- .It StreamLocalBindUnlink
- .It StrictHostKeyChecking
- .It TCPKeepAlive
-+.It Transport
- .It Tunnel
- .It TunnelDevice
- .It UsePrivilegedPort
@@ -665,6 +666,8 @@ Trusted X11 forwardings are not subjecte
controls.
.It Fl y
@@ -501,7 +485,7 @@
By default this information is sent to stderr.
--- a/ssh.c
+++ b/ssh.c
-@@ -194,12 +194,17 @@ extern int muxserver_sock;
+@@ -194,11 +194,16 @@ extern int muxserver_sock;
extern u_int muxclient_command;
/* Prints a help message to the user. This function never returns. */
@@ -515,18 +499,17 @@
usage(void)
{
fprintf(stderr,
--"usage: ssh [-1246AaCfGgKkMNnqsTtVvXxYy] [-b bind_address] [-c cipher_spec]\n"
-+"usage: ssh [-1246AaCfGgKkMNnqsTtVvXxYy" SCTP_OPT "] [-b bind_address] [-c cipher_spec]\n"
+-"usage: ssh [-1246AaCdfgKkMNnqsTtVvXxYy] [-b bind_address] [-c cipher_spec]\n"
++"usage: ssh [-1246AaCdfgKkMNnqsTtVvXxYy" SCTP_OPT "] [-b bind_address] [-c cipher_spec]\n"
" [-D [bind_address:]port] [-E log_file] [-e escape_char]\n"
" [-F configfile] [-I pkcs11] [-i identity_file]\n"
- " [-L [bind_address:]port:host:hostport] [-l login_name] [-m mac_spec]\n"
@@ -506,7 +512,7 @@ main(int ac, char **av)
- argv0 = av[0];
+ # define ENGCONFIG ""
+ #endif
- again:
-- while ((opt = getopt(ac, av, "1246ab:c:e:fgi:kl:m:no:p:qstvx"
-+ while ((opt = getopt(ac, av, "1246ab:c:e:fgi:kl:m:no:p:qstvx" SCTP_OPT
- "ACD:E:F:GI:KL:MNO:PQ:R:S:TVw:W:XYy")) != -1) {
+- while ((opt = getopt(ac, av, "1246ab:c:de:fgi:kl:m:no:p:qstvx"
++ while ((opt = getopt(ac, av, "1246ab:c:de:fgi:kl:m:no:p:qstvx" SCTP_OPT
+ "ACD:E:F:" ENGCONFIG "I:KL:MNO:PQ:R:S:TVw:W:XYy")) != -1) {
switch (opt) {
case '1':
@@ -732,6 +738,11 @@ main(int ac, char **av)

11
sdk_container/src/third_party/portage-stable/net-misc/openssh/files/openssh-7.1_p1-hpn-x509-glue.patch vendored
View File

@ -1,11 +0,0 @@
--- openssh-7.0p1-hpnssh14v5/0002-add-support-for-the-NONE-cipher.patch.orig 2015-08-24 11:17:05.379280954 -0700
+++ openssh-7.0p1-hpnssh14v5/0002-add-support-for-the-NONE-cipher.patch 2015-08-24 11:19:30.788424050 -0700
@@ -80,7 +80,7 @@
+ else
+ fatal("Pre-authentication none cipher requests are not allowed.");
+ }
- debug("kex: %s %s %s %s",
+ debug("kex: %s cipher: %s MAC: %s compression: %s",
ctos ? "client->server" : "server->client",
newkeys->enc.name,
diff --git a/myproposal.h b/myproposal.h

21
sdk_container/src/third_party/portage-stable/net-misc/openssh/files/sshd.confd vendored
View File

@ -1,21 +0,0 @@
# /etc/conf.d/sshd: config file for /etc/init.d/sshd
# Where is your sshd_config file stored?
SSHD_CONFDIR="/etc/ssh"
# Any random options you want to pass to sshd.
# See the sshd(8) manpage for more info.
SSHD_OPTS=""
# Pid file to use (needs to be absolute path).
#SSHD_PIDFILE="/var/run/sshd.pid"
# Path to the sshd binary (needs to be absolute path).
#SSHD_BINARY="/usr/sbin/sshd"

4
sdk_container/src/third_party/portage-stable/net-misc/openssh/files/sshd.pam_include.2 vendored
View File

@ -1,4 +0,0 @@
auth include system-remote-login
account include system-remote-login
password include system-remote-login
session include system-remote-login

85
sdk_container/src/third_party/portage-stable/net-misc/openssh/files/sshd.rc6.4 vendored
View File

@ -1,85 +0,0 @@
#!/sbin/runscript
# Copyright 1999-2015 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Id$
extra_commands="checkconfig"
extra_started_commands="reload"
: ${SSHD_CONFDIR:=/etc/ssh}
: ${SSHD_CONFIG:=${SSHD_CONFDIR}/sshd_config}
: ${SSHD_PIDFILE:=/var/run/${SVCNAME}.pid}
: ${SSHD_BINARY:=/usr/sbin/sshd}
depend() {
use logger dns
if [ "${rc_need+set}" = "set" ] ; then
: # Do nothing, the user has explicitly set rc_need
else
local x warn_addr
for x in $(awk '/^ListenAddress/{ print $2 }' "$SSHD_CONFIG" 2>/dev/null) ; do
case "${x}" in
0.0.0.0|0.0.0.0:*) ;;
::|\[::\]*) ;;
*) warn_addr="${warn_addr} ${x}" ;;
esac
done
if [ -n "${warn_addr}" ] ; then
need net
ewarn "You are binding an interface in ListenAddress statement in your sshd_config!"
ewarn "You must add rc_need=\"net.FOO\" to your /etc/conf.d/sshd"
ewarn "where FOO is the interface(s) providing the following address(es):"
ewarn "${warn_addr}"
fi
fi
}
checkconfig() {
if [ ! -d /var/empty ] ; then
mkdir -p /var/empty || return 1
fi
if [ ! -e "${SSHD_CONFIG}" ] ; then
eerror "You need an ${SSHD_CONFIG} file to run sshd"
eerror "There is a sample file in /usr/share/doc/openssh"
return 1
fi
ssh-keygen -A || return 1
[ "${SSHD_PIDFILE}" != "/var/run/sshd.pid" ] \
&& SSHD_OPTS="${SSHD_OPTS} -o PidFile=${SSHD_PIDFILE}"
[ "${SSHD_CONFIG}" != "/etc/ssh/sshd_config" ] \
&& SSHD_OPTS="${SSHD_OPTS} -f ${SSHD_CONFIG}"
"${SSHD_BINARY}" -t ${SSHD_OPTS} || return 1
}
start() {
checkconfig || return 1
ebegin "Starting ${SVCNAME}"
start-stop-daemon --start --exec "${SSHD_BINARY}" \
--pidfile "${SSHD_PIDFILE}" \
-- ${SSHD_OPTS}
eend $?
}
stop() {
if [ "${RC_CMD}" = "restart" ] ; then
checkconfig || return 1
fi
ebegin "Stopping ${SVCNAME}"
start-stop-daemon --stop --exec "${SSHD_BINARY}" \
--pidfile "${SSHD_PIDFILE}" --quiet
eend $?
}
reload() {
checkconfig || return 1
ebegin "Reloading ${SVCNAME}"
start-stop-daemon --signal HUP \
--exec "${SSHD_BINARY}" --pidfile "${SSHD_PIDFILE}"
eend $?
}

11
sdk_container/src/third_party/portage-stable/net-misc/openssh/files/sshd.service vendored
View File

@ -1,11 +0,0 @@
[Unit]
Description=OpenSSH server daemon
After=syslog.target network.target auditd.service
[Service]
ExecStartPre=/usr/bin/ssh-keygen -A
ExecStart=/usr/sbin/sshd -D -e
ExecReload=/bin/kill -HUP $MAINPID
[Install]
WantedBy=multi-user.target

10
sdk_container/src/third_party/portage-stable/net-misc/openssh/files/sshd.socket vendored
View File

@ -1,10 +0,0 @@
[Unit]
Description=OpenSSH Server Socket
Conflicts=sshd.service
[Socket]
ListenStream=22
Accept=yes
[Install]
WantedBy=sockets.target

8
sdk_container/src/third_party/portage-stable/net-misc/openssh/files/sshd_at.service vendored
View File

@ -1,8 +0,0 @@
[Unit]
Description=OpenSSH per-connection server daemon
After=syslog.target auditd.service
[Service]
ExecStart=-/usr/sbin/sshd -i -e
StandardInput=socket
StandardError=syslog

37
sdk_container/src/third_party/portage-stable/net-misc/openssh/metadata.xml vendored
View File

@ -1,37 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
<pkgmetadata>
<herd>base-system</herd>
<maintainer restrict="net-misc/openssh[ldap]">
<email>robbat2@gentoo.org</email>
<description>LPK issues. Only assign if it's a direct LPK issue. Do not directly assign for anything else.</description>
</maintainer>
<longdescription>
OpenSSH is a FREE version of the SSH protocol suite of network connectivity tools that
increasing numbers of people on the Internet are coming to rely on. Many users of telnet,
rlogin, ftp, and other such programs might not realize that their password is transmitted
across the Internet unencrypted, but it is. OpenSSH encrypts all traffic (including passwords)
to effectively eliminate eavesdropping, connection hijacking, and other network-level attacks.
Additionally, OpenSSH provides a myriad of secure tunneling capabilities, as well as a variety
of authentication methods.
The OpenSSH suite includes the ssh program which replaces rlogin and telnet, scp which
replaces rcp, and sftp which replaces ftp. Also included is sshd which is the server side of
the package, and the other basic utilities like ssh-add, ssh-agent, ssh-keysign, ssh-keyscan,
ssh-keygen and sftp-server. OpenSSH supports SSH protocol versions 1.3, 1.5, and 2.0.
</longdescription>
<use>
<flag name="bindist">Disable EC/RC5 algorithms in OpenSSL for patent reasons.</flag>
<flag name="hpn">Enable high performance ssh</flag>
<flag name="ldap">Add support for storing SSH public keys in LDAP</flag>
<flag name="ldns">Use LDNS for DNSSEC/SSHFP validation.</flag>
<flag name="sctp">Support for Stream Control Transmission Protocol</flag>
<flag name="ssh1">Support the legacy/weak SSH1 protocol</flag>
<flag name="ssl">Enable additional crypto algorithms via OpenSSL</flag>
<flag name="X509">Adds support for X.509 certificate authentication</flag>
</use>
<upstream>
<remote-id type="cpe">cpe:/a:openssh:openssh</remote-id>
<remote-id type="sourceforge">hpnssh</remote-id>
</upstream>
</pkgmetadata>

323
sdk_container/src/third_party/portage-stable/net-misc/openssh/openssh-6.7_p1-r4.ebuild vendored
View File

@ -1,323 +0,0 @@
# Copyright 1999-2015 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Id$
EAPI="4"
inherit eutils user flag-o-matic multilib autotools pam systemd versionator
# Make it more portable between straight releases
# and _p? releases.
PARCH=${P/_}
HPN_PATCH="${PN}-6.7p1-hpnssh14v5.tar.xz"
LDAP_PATCH="${PN}-lpk-6.7p1-0.3.14.patch.xz"
X509_VER="8.2" X509_PATCH="${PARCH}+x509-${X509_VER}.diff.gz"
DESCRIPTION="Port of OpenBSD's free SSH release"
HOMEPAGE="http://www.openssh.org/"
SRC_URI="mirror://openbsd/OpenSSH/portable/${PARCH}.tar.gz
mirror://gentoo/${P}-sctp.patch.xz
${HPN_PATCH:+hpn? (
mirror://gentoo/${HPN_PATCH}
https://dev.gentoo.org/~vapier/dist/${HPN_PATCH}
mirror://sourceforge/hpnssh/${HPN_PATCH}
)}
${LDAP_PATCH:+ldap? ( mirror://gentoo/${LDAP_PATCH} )}
${X509_PATCH:+X509? ( http://roumenpetrov.info/openssh/x509-${X509_VER}/${X509_PATCH} )}
"
LICENSE="BSD GPL-2"
SLOT="0"
KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
IUSE="bindist ${HPN_PATCH:++}hpn kerberos kernel_linux ldap ldns libedit pam +pie sctp selinux skey static X X509"
REQUIRED_USE="pie? ( !static )"
LIB_DEPEND="sctp? ( net-misc/lksctp-tools[static-libs(+)] )
selinux? ( >=sys-libs/libselinux-1.28[static-libs(+)] )
skey? ( >=sys-auth/skey-1.1.5-r1[static-libs(+)] )
libedit? ( dev-libs/libedit[static-libs(+)] )
>=dev-libs/openssl-0.9.6d:0[bindist=]
dev-libs/openssl[static-libs(+)]
>=sys-libs/zlib-1.2.3[static-libs(+)]"
RDEPEND="
!static? (
${LIB_DEPEND//\[static-libs(+)]}
ldns? (
!bindist? ( net-libs/ldns[ecdsa,ssl] )
bindist? ( net-libs/ldns[-ecdsa,ssl] )
)
)
pam? ( virtual/pam )
kerberos? ( virtual/krb5 )
ldap? ( net-nds/openldap )"
DEPEND="${RDEPEND}
static? (
${LIB_DEPEND}
ldns? (
!bindist? ( net-libs/ldns[ecdsa,ssl,static-libs(+)] )
bindist? ( net-libs/ldns[-ecdsa,ssl,static-libs(+)] )
)
)
virtual/pkgconfig
virtual/os-headers
sys-devel/autoconf"
RDEPEND="${RDEPEND}
pam? ( >=sys-auth/pambase-20081028 )
userland_GNU? ( virtual/shadow )
X? ( x11-apps/xauth )"
S=${WORKDIR}/${PARCH}
pkg_setup() {
# this sucks, but i'd rather have people unable to `emerge -u openssh`
# than not be able to log in to their server any more
maybe_fail() { [[ -z ${!2} ]] && echo "$1" ; }
local fail="
$(use X509 && maybe_fail X509 X509_PATCH)
$(use ldap && maybe_fail ldap LDAP_PATCH)
$(use hpn && maybe_fail hpn HPN_PATCH)
"
fail=$(echo ${fail})
if [[ -n ${fail} ]] ; then
eerror "Sorry, but this version does not yet support features"
eerror "that you requested: ${fail}"
eerror "Please mask ${PF} for now and check back later:"
eerror " # echo '=${CATEGORY}/${PF}' >> /etc/portage/package.mask"
die "booooo"
fi
}
save_version() {
# version.h patch conflict avoidence
mv version.h version.h.$1
cp -f version.h.pristine version.h
}
src_prepare() {
sed -i \
-e "/_PATH_XAUTH/s:/usr/X11R6/bin/xauth:${EPREFIX}/usr/bin/xauth:" \
pathnames.h || die
# keep this as we need it to avoid the conflict between LPK and HPN changing
# this file.
cp version.h version.h.pristine
# don't break .ssh/authorized_keys2 for fun
sed -i '/^AuthorizedKeysFile/s:^:#:' sshd_config || die
epatch "${FILESDIR}"/${PN}-6.7_p1-sshd-gssapi-multihomed.patch #378361
if use X509 ; then
pushd .. >/dev/null
epatch "${FILESDIR}"/${P}-x509-glue.patch
epatch "${FILESDIR}"/${P}-sctp-x509-glue.patch
popd >/dev/null
epatch "${WORKDIR}"/${X509_PATCH%.*}
epatch "${FILESDIR}"/${PN}-6.3_p1-x509-hpn14v2-glue.patch
epatch "${FILESDIR}"/${PN}-6.7_p1-xmalloc-include.patch
save_version X509
fi
if ! use X509 ; then
if [[ -n ${LDAP_PATCH} ]] && use ldap ; then
epatch "${WORKDIR}"/${LDAP_PATCH%.*}
save_version LPK
fi
else
use ldap && ewarn "Sorry, X509 and LDAP conflict internally, disabling LDAP"
fi
epatch "${FILESDIR}"/${PN}-4.7_p1-GSSAPI-dns.patch #165444 integrated into gsskex
epatch "${FILESDIR}"/${PN}-6.7_p1-openssl-ignore-status.patch
epatch "${WORKDIR}"/${PN}-6.7_p1-sctp.patch
if [[ -n ${HPN_PATCH} ]] && use hpn; then
epatch "${WORKDIR}"/${HPN_PATCH%.*}/*
save_version HPN
fi
tc-export PKG_CONFIG
local sed_args=(
-e "s:-lcrypto:$(${PKG_CONFIG} --libs openssl):"
# Disable PATH reset, trust what portage gives us #254615
-e 's:^PATH=/:#PATH=/:'
# Disable fortify flags ... our gcc does this for us
-e 's:-D_FORTIFY_SOURCE=2::'
)
# The -ftrapv flag ICEs on hppa #505182
use hppa && sed_args+=(
-e '/CFLAGS/s:-ftrapv:-fdisable-this-test:'
-e '/OSSH_CHECK_CFLAG_LINK.*-ftrapv/d'
)
sed -i "${sed_args[@]}" configure{.ac,} || die
epatch_user #473004
# Now we can build a sane merged version.h
(
sed '/^#define SSH_RELEASE/d' version.h.* | sort -u
macros=()
for p in HPN LPK X509 ; do [ -e version.h.${p} ] && macros+=( SSH_${p} ) ; done
printf '#define SSH_RELEASE SSH_VERSION SSH_PORTABLE %s\n' "${macros}"
) > version.h
eautoreconf
}
static_use_with() {
local flag=$1
if use static && use ${flag} ; then
ewarn "Disabling '${flag}' support because of USE='static'"
# rebuild args so that we invert the first one (USE flag)
# but otherwise leave everything else working so we can
# just leverage use_with
shift
[[ -z $1 ]] && flag="${flag} ${flag}"
set -- !${flag} "$@"
fi
use_with "$@"
}
src_configure() {
local myconf=()
addwrite /dev/ptmx
use static && append-ldflags -static
# Special settings for Gentoo/FreeBSD 9.0 or later (see bug #391011)
if use elibc_FreeBSD && version_is_at_least 9.0 "$(uname -r|sed 's/\(.\..\).*/\1/')" ; then
myconf+=( --disable-utmp --disable-wtmp --disable-wtmpx )
append-ldflags -lutil
fi
econf \
--with-ldflags="${LDFLAGS}" \
--disable-strip \
--with-pid-dir="${EPREFIX}"$(usex kernel_linux '' '/var')/run \
--sysconfdir="${EPREFIX}"/etc/ssh \
--libexecdir="${EPREFIX}"/usr/$(get_libdir)/misc \
--datadir="${EPREFIX}"/usr/share/openssh \
--with-privsep-path="${EPREFIX}"/var/empty \
--with-privsep-user=sshd \
--with-md5-passwords \
--with-ssl-engine \
$(static_use_with pam) \
$(static_use_with kerberos kerberos5 "${EPREFIX}"/usr) \
${LDAP_PATCH:+$(use X509 || ( use ldap && use_with ldap ))} \
$(use_with ldns) \
$(use_with libedit) \
$(use_with pie) \
$(use_with sctp) \
$(use_with selinux) \
$(use_with skey) \
"${myconf[@]}"
}
src_install() {
emake install-nokeys DESTDIR="${D}"
fperms 600 /etc/ssh/sshd_config
dobin contrib/ssh-copy-id
newinitd "${FILESDIR}"/sshd.rc6.4 sshd
newconfd "${FILESDIR}"/sshd.confd sshd
keepdir /var/empty
# not all openssl installs support ecc, or are functional #352645
if ! grep -q '#define OPENSSL_HAS_ECC 1' config.h ; then
elog "dev-libs/openssl was built with 'bindist' - disabling ecdsa support"
sed -i 's:&& gen_key ecdsa::' "${ED}"/etc/init.d/sshd || die
fi
newpamd "${FILESDIR}"/sshd.pam_include.2 sshd
if use pam ; then
sed -i \
-e "/^#UsePAM /s:.*:UsePAM yes:" \
-e "/^#PasswordAuthentication /s:.*:PasswordAuthentication no:" \
-e "/^#PrintMotd /s:.*:PrintMotd no:" \
-e "/^#PrintLastLog /s:.*:PrintLastLog no:" \
"${ED}"/etc/ssh/sshd_config || die "sed of configuration file failed"
fi
# Gentoo tweaks to default config files
cat <<-EOF >> "${ED}"/etc/ssh/sshd_config
# Allow client to pass locale environment variables #367017
AcceptEnv LANG LC_*
EOF
cat <<-EOF >> "${ED}"/etc/ssh/ssh_config
# Send locale environment variables #367017
SendEnv LANG LC_*
EOF
# This instruction is from the HPN webpage,
# Used for the server logging functionality
if [[ -n ${HPN_PATCH} ]] && use hpn ; then
keepdir /var/empty/dev
fi
if ! use X509 && [[ -n ${LDAP_PATCH} ]] && use ldap ; then
insinto /etc/openldap/schema/
newins openssh-lpk_openldap.schema openssh-lpk.schema
fi
doman contrib/ssh-copy-id.1
dodoc ChangeLog CREDITS OVERVIEW README* TODO sshd_config
diropts -m 0700
dodir /etc/skel/.ssh
systemd_dounit "${FILESDIR}"/sshd.{service,socket}
systemd_newunit "${FILESDIR}"/sshd_at.service 'sshd@.service'
}
src_test() {
local t tests skipped failed passed shell
tests="interop-tests compat-tests"
skipped=""
shell=$(egetshell ${UID})
if [[ ${shell} == */nologin ]] || [[ ${shell} == */false ]] ; then
elog "Running the full OpenSSH testsuite"
elog "requires a usable shell for the 'portage'"
elog "user, so we will run a subset only."
skipped="${skipped} tests"
else
tests="${tests} tests"
fi
# It will also attempt to write to the homedir .ssh
local sshhome=${T}/homedir
mkdir -p "${sshhome}"/.ssh
for t in ${tests} ; do
# Some tests read from stdin ...
HOMEDIR="${sshhome}" \
emake -k -j1 ${t} </dev/null \
&& passed="${passed}${t} " \
|| failed="${failed}${t} "
done
einfo "Passed tests: ${passed}"
ewarn "Skipped tests: ${skipped}"
if [[ -n ${failed} ]] ; then
ewarn "Failed tests: ${failed}"
die "Some tests failed: ${failed}"
else
einfo "Failed tests: ${failed}"
return 0
fi
}
pkg_preinst() {
enewgroup sshd 22
enewuser sshd 22 -1 /var/empty sshd
}
pkg_postinst() {
if has_version "<${CATEGORY}/${PN}-5.8_p1" ; then
elog "Starting with openssh-5.8p1, the server will default to a newer key"
elog "algorithm (ECDSA). You are encouraged to manually update your stored"
elog "keys list as servers update theirs. See ssh-keyscan(1) for more info."
fi
ewarn "Remember to merge your config files in /etc/ssh/ and then"
ewarn "reload sshd: '/etc/init.d/sshd reload'."
# This instruction is from the HPN webpage,
# Used for the server logging functionality
if [[ -n ${HPN_PATCH} ]] && use hpn ; then
einfo "For the HPN server logging patch, you must ensure that"
einfo "your syslog application also listens at /var/empty/dev/log."
fi
elog "Note: openssh-6.7 versions no longer support USE=tcpd as upstream has"
elog " dropped it. Make sure to update any configs that you might have."
}

322
sdk_container/src/third_party/portage-stable/net-misc/openssh/openssh-6.7_p1.ebuild vendored
View File

@ -1,322 +0,0 @@
# Copyright 1999-2014 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Id$
EAPI="4"
inherit eutils user flag-o-matic multilib autotools pam systemd versionator
# Make it more portable between straight releases
# and _p? releases.
PARCH=${P/_}
HPN_PATCH="${PN}-6.7p1-hpnssh14v5.tar.xz"
LDAP_PATCH="${PN}-lpk-6.7p1-0.3.14.patch.xz"
#X509_VER="8.1" X509_PATCH="${PARCH/6.7/6.6}+x509-${X509_VER}.diff.gz"
DESCRIPTION="Port of OpenBSD's free SSH release"
HOMEPAGE="http://www.openssh.org/"
SRC_URI="mirror://openbsd/OpenSSH/portable/${PARCH}.tar.gz
mirror://gentoo/${P}-sctp.patch.xz
${HPN_PATCH:+hpn? (
mirror://gentoo/${HPN_PATCH}
https://dev.gentoo.org/~vapier/dist/${HPN_PATCH}
mirror://sourceforge/hpnssh/${HPN_PATCH}
)}
${LDAP_PATCH:+ldap? ( mirror://gentoo/${LDAP_PATCH} )}
${X509_PATCH:+X509? ( http://roumenpetrov.info/openssh/x509-${X509_VER}/${X509_PATCH} )}
"
LICENSE="BSD GPL-2"
SLOT="0"
KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
IUSE="bindist ${HPN_PATCH:++}hpn kerberos ldap ldns libedit pam +pie sctp selinux skey static X X509"
REQUIRED_USE="pie? ( !static )"
LIB_DEPEND="sctp? ( net-misc/lksctp-tools[static-libs(+)] )
selinux? ( >=sys-libs/libselinux-1.28[static-libs(+)] )
skey? ( >=sys-auth/skey-1.1.5-r1[static-libs(+)] )
libedit? ( dev-libs/libedit[static-libs(+)] )
>=dev-libs/openssl-0.9.6d:0[bindist=]
dev-libs/openssl[static-libs(+)]
>=sys-libs/zlib-1.2.3[static-libs(+)]"
RDEPEND="
!static? (
${LIB_DEPEND//\[static-libs(+)]}
ldns? (
!bindist? ( net-libs/ldns[ecdsa,ssl] )
bindist? ( net-libs/ldns[-ecdsa,ssl] )
)
)
pam? ( virtual/pam )
kerberos? ( virtual/krb5 )
ldap? ( net-nds/openldap )"
DEPEND="${RDEPEND}
static? (
${LIB_DEPEND}
ldns? (
!bindist? ( net-libs/ldns[ecdsa,ssl,static-libs(+)] )
bindist? ( net-libs/ldns[-ecdsa,ssl,static-libs(+)] )
)
)
virtual/pkgconfig
virtual/os-headers
sys-devel/autoconf"
RDEPEND="${RDEPEND}
pam? ( >=sys-auth/pambase-20081028 )
userland_GNU? ( virtual/shadow )
X? ( x11-apps/xauth )"
S=${WORKDIR}/${PARCH}
pkg_setup() {
# this sucks, but i'd rather have people unable to `emerge -u openssh`
# than not be able to log in to their server any more
maybe_fail() { [[ -z ${!2} ]] && echo "$1" ; }
local fail="
$(use X509 && maybe_fail X509 X509_PATCH)
$(use ldap && maybe_fail ldap LDAP_PATCH)
$(use hpn && maybe_fail hpn HPN_PATCH)
"
fail=$(echo ${fail})
if [[ -n ${fail} ]] ; then
eerror "Sorry, but this version does not yet support features"
eerror "that you requested: ${fail}"
eerror "Please mask ${PF} for now and check back later:"
eerror " # echo '=${CATEGORY}/${PF}' >> /etc/portage/package.mask"
die "booooo"
fi
}
save_version() {
# version.h patch conflict avoidence
mv version.h version.h.$1
cp -f version.h.pristine version.h
}
src_prepare() {
sed -i \
-e "/_PATH_XAUTH/s:/usr/X11R6/bin/xauth:${EPREFIX}/usr/bin/xauth:" \
pathnames.h || die
# keep this as we need it to avoid the conflict between LPK and HPN changing
# this file.
cp version.h version.h.pristine
# don't break .ssh/authorized_keys2 for fun
sed -i '/^AuthorizedKeysFile/s:^:#:' sshd_config || die
epatch "${FILESDIR}"/${PN}-6.7_p1-sshd-gssapi-multihomed.patch #378361
if use X509 ; then
pushd .. >/dev/null
epatch "${FILESDIR}"/${PN}-6.6.1_p1-x509-glue.patch
use hpn && epatch "${FILESDIR}"/${PN}-6.6.1_p1-x509-hpn14v5-glue.patch
popd >/dev/null
epatch "${WORKDIR}"/${X509_PATCH%.*}
epatch "${FILESDIR}"/${PN}-6.3_p1-x509-hpn14v2-glue.patch
save_version X509
fi
if ! use X509 ; then
if [[ -n ${LDAP_PATCH} ]] && use ldap ; then
epatch "${WORKDIR}"/${LDAP_PATCH%.*}
save_version LPK
fi
else
use ldap && ewarn "Sorry, X509 and LDAP conflict internally, disabling LDAP"
fi
epatch "${FILESDIR}"/${PN}-4.7_p1-GSSAPI-dns.patch #165444 integrated into gsskex
epatch "${FILESDIR}"/${PN}-6.7_p1-openssl-ignore-status.patch
epatch "${WORKDIR}"/${PN}-6.7_p1-sctp.patch
if [[ -n ${HPN_PATCH} ]] && use hpn; then
epatch "${WORKDIR}"/${HPN_PATCH%.*}/*
save_version HPN
fi
tc-export PKG_CONFIG
local sed_args=(
-e "s:-lcrypto:$(${PKG_CONFIG} --libs openssl):"
# Disable PATH reset, trust what portage gives us #254615
-e 's:^PATH=/:#PATH=/:'
# Disable fortify flags ... our gcc does this for us
-e 's:-D_FORTIFY_SOURCE=2::'
)
# The -ftrapv flag ICEs on hppa #505182
use hppa && sed_args+=(
-e '/CFLAGS/s:-ftrapv:-fdisable-this-test:'
-e '/OSSH_CHECK_CFLAG_LINK.*-ftrapv/d'
)
sed -i "${sed_args[@]}" configure{.ac,} || die
epatch_user #473004
# Now we can build a sane merged version.h
(
sed '/^#define SSH_RELEASE/d' version.h.* | sort -u
macros=()
for p in HPN LPK X509 ; do [ -e version.h.${p} ] && macros+=( SSH_${p} ) ; done
printf '#define SSH_RELEASE SSH_VERSION SSH_PORTABLE %s\n' "${macros}"
) > version.h
eautoreconf
}
static_use_with() {
local flag=$1
if use static && use ${flag} ; then
ewarn "Disabling '${flag}' support because of USE='static'"
# rebuild args so that we invert the first one (USE flag)
# but otherwise leave everything else working so we can
# just leverage use_with
shift
[[ -z $1 ]] && flag="${flag} ${flag}"
set -- !${flag} "$@"
fi
use_with "$@"
}
src_configure() {
local myconf=()
addwrite /dev/ptmx
use static && append-ldflags -static
# Special settings for Gentoo/FreeBSD 9.0 or later (see bug #391011)
if use elibc_FreeBSD && version_is_at_least 9.0 "$(uname -r|sed 's/\(.\..\).*/\1/')" ; then
myconf+=( --disable-utmp --disable-wtmp --disable-wtmpx )
append-ldflags -lutil
fi
econf \
--with-ldflags="${LDFLAGS}" \
--disable-strip \
--with-pid-dir="${EPREFIX}"/var/run \
--sysconfdir="${EPREFIX}"/etc/ssh \
--libexecdir="${EPREFIX}"/usr/$(get_libdir)/misc \
--datadir="${EPREFIX}"/usr/share/openssh \
--with-privsep-path="${EPREFIX}"/var/empty \
--with-privsep-user=sshd \
--with-md5-passwords \
--with-ssl-engine \
$(static_use_with pam) \
$(static_use_with kerberos kerberos5 "${EPREFIX}"/usr) \
${LDAP_PATCH:+$(use X509 || ( use ldap && use_with ldap ))} \
$(use_with ldns) \
$(use_with libedit) \
$(use_with pie) \
$(use_with sctp) \
$(use_with selinux) \
$(use_with skey) \
"${myconf[@]}"
}
src_install() {
emake install-nokeys DESTDIR="${D}"
fperms 600 /etc/ssh/sshd_config
dobin contrib/ssh-copy-id
newinitd "${FILESDIR}"/sshd.rc6.4 sshd
newconfd "${FILESDIR}"/sshd.confd sshd
keepdir /var/empty
# not all openssl installs support ecc, or are functional #352645
if ! grep -q '#define OPENSSL_HAS_ECC 1' config.h ; then
elog "dev-libs/openssl was built with 'bindist' - disabling ecdsa support"
sed -i 's:&& gen_key ecdsa::' "${ED}"/etc/init.d/sshd || die
fi
newpamd "${FILESDIR}"/sshd.pam_include.2 sshd
if use pam ; then
sed -i \
-e "/^#UsePAM /s:.*:UsePAM yes:" \
-e "/^#PasswordAuthentication /s:.*:PasswordAuthentication no:" \
-e "/^#PrintMotd /s:.*:PrintMotd no:" \
-e "/^#PrintLastLog /s:.*:PrintLastLog no:" \
"${ED}"/etc/ssh/sshd_config || die "sed of configuration file failed"
fi
# Gentoo tweaks to default config files
cat <<-EOF >> "${ED}"/etc/ssh/sshd_config
# Allow client to pass locale environment variables #367017
AcceptEnv LANG LC_*
EOF
cat <<-EOF >> "${ED}"/etc/ssh/ssh_config
# Send locale environment variables #367017
SendEnv LANG LC_*
EOF
# This instruction is from the HPN webpage,
# Used for the server logging functionality
if [[ -n ${HPN_PATCH} ]] && use hpn ; then
keepdir /var/empty/dev
fi
if ! use X509 && [[ -n ${LDAP_PATCH} ]] && use ldap ; then
insinto /etc/openldap/schema/
newins openssh-lpk_openldap.schema openssh-lpk.schema
fi
doman contrib/ssh-copy-id.1
dodoc ChangeLog CREDITS OVERVIEW README* TODO sshd_config
diropts -m 0700
dodir /etc/skel/.ssh
systemd_dounit "${FILESDIR}"/sshd.{service,socket}
systemd_newunit "${FILESDIR}"/sshd_at.service 'sshd@.service'
}
src_test() {
local t tests skipped failed passed shell
tests="interop-tests compat-tests"
skipped=""
shell=$(egetshell ${UID})
if [[ ${shell} == */nologin ]] || [[ ${shell} == */false ]] ; then
elog "Running the full OpenSSH testsuite"
elog "requires a usable shell for the 'portage'"
elog "user, so we will run a subset only."
skipped="${skipped} tests"
else
tests="${tests} tests"
fi
# It will also attempt to write to the homedir .ssh
local sshhome=${T}/homedir
mkdir -p "${sshhome}"/.ssh
for t in ${tests} ; do
# Some tests read from stdin ...
HOMEDIR="${sshhome}" \
emake -k -j1 ${t} </dev/null \
&& passed="${passed}${t} " \
|| failed="${failed}${t} "
done
einfo "Passed tests: ${passed}"
ewarn "Skipped tests: ${skipped}"
if [[ -n ${failed} ]] ; then
ewarn "Failed tests: ${failed}"
die "Some tests failed: ${failed}"
else
einfo "Failed tests: ${failed}"
return 0
fi
}
pkg_preinst() {
enewgroup sshd 22
enewuser sshd 22 -1 /var/empty sshd
}
pkg_postinst() {
if has_version "<${CATEGORY}/${PN}-5.8_p1" ; then
elog "Starting with openssh-5.8p1, the server will default to a newer key"
elog "algorithm (ECDSA). You are encouraged to manually update your stored"
elog "keys list as servers update theirs. See ssh-keyscan(1) for more info."
fi
ewarn "Remember to merge your config files in /etc/ssh/ and then"
ewarn "reload sshd: '/etc/init.d/sshd reload'."
# This instruction is from the HPN webpage,
# Used for the server logging functionality
if [[ -n ${HPN_PATCH} ]] && use hpn ; then
einfo "For the HPN server logging patch, you must ensure that"
einfo "your syslog application also listens at /var/empty/dev/log."
fi
elog "Note: openssh-6.7 versions no longer support USE=tcpd as upstream has"
elog " dropped it. Make sure to update any configs that you might have."
}

331
sdk_container/src/third_party/portage-stable/net-misc/openssh/openssh-6.8_p1-r5.ebuild vendored
View File

@ -1,331 +0,0 @@
# Copyright 1999-2015 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Id$
EAPI="4"
inherit eutils user flag-o-matic multilib autotools pam systemd versionator
# Make it more portable between straight releases
# and _p? releases.
PARCH=${P/_}
HPN_PATCH="${PN}-6.8p1-r5-hpnssh14v5.tar.xz"
LDAP_PATCH="${PN}-lpk-6.8p1-0.3.14.patch.xz"
X509_VER="8.3.1" X509_PATCH="${PARCH}+x509-${X509_VER}.diff.gz"
DESCRIPTION="Port of OpenBSD's free SSH release"
HOMEPAGE="http://www.openssh.org/"
SRC_URI="mirror://openbsd/OpenSSH/portable/${PARCH}.tar.gz
mirror://gentoo/${P}-sctp.patch.xz
${HPN_PATCH:+hpn? (
mirror://gentoo/${HPN_PATCH}
https://dev.gentoo.org/~vapier/dist/${HPN_PATCH}
mirror://sourceforge/hpnssh/${HPN_PATCH}
)}
${LDAP_PATCH:+ldap? ( mirror://gentoo/${LDAP_PATCH} )}
${X509_PATCH:+X509? (
http://roumenpetrov.info/openssh/x509-${X509_VER}/${X509_PATCH}
mirror://gentoo/${P}-x509-${X509_VER}-glue.patch.xz
)}
"
LICENSE="BSD GPL-2"
SLOT="0"
KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
# Probably want to drop ssh1/ssl defaulting to on in a future version.
IUSE="bindist debug ${HPN_PATCH:++}hpn kerberos kernel_linux ldap ldns libedit pam +pie sctp selinux skey +ssh1 +ssl static X X509"
REQUIRED_USE="pie? ( !static )
ssh1? ( ssl )
static? ( !kerberos !pam )
X509? ( !ldap ssl )"
LIB_DEPEND="sctp? ( net-misc/lksctp-tools[static-libs(+)] )
selinux? ( >=sys-libs/libselinux-1.28[static-libs(+)] )
skey? ( >=sys-auth/skey-1.1.5-r1[static-libs(+)] )
libedit? ( dev-libs/libedit[static-libs(+)] )
ssl? (
>=dev-libs/openssl-0.9.6d:0[bindist=]
dev-libs/openssl[static-libs(+)]
)
>=sys-libs/zlib-1.2.3[static-libs(+)]"
RDEPEND="
!static? (
${LIB_DEPEND//\[static-libs(+)]}
ldns? (
!bindist? ( net-libs/ldns[ecdsa,ssl] )
bindist? ( net-libs/ldns[-ecdsa,ssl] )
)
)
pam? ( virtual/pam )
kerberos? ( virtual/krb5 )
ldap? ( net-nds/openldap )"
DEPEND="${RDEPEND}
static? (
${LIB_DEPEND}
ldns? (
!bindist? ( net-libs/ldns[ecdsa,ssl,static-libs(+)] )
bindist? ( net-libs/ldns[-ecdsa,ssl,static-libs(+)] )
)
)
virtual/pkgconfig
virtual/os-headers
sys-devel/autoconf"
RDEPEND="${RDEPEND}
pam? ( >=sys-auth/pambase-20081028 )
userland_GNU? ( virtual/shadow )
X? ( x11-apps/xauth )"
S=${WORKDIR}/${PARCH}
pkg_setup() {
# this sucks, but i'd rather have people unable to `emerge -u openssh`
# than not be able to log in to their server any more
maybe_fail() { [[ -z ${!2} ]] && echo "$1" ; }
local fail="
$(use X509 && maybe_fail X509 X509_PATCH)
$(use ldap && maybe_fail ldap LDAP_PATCH)
$(use hpn && maybe_fail hpn HPN_PATCH)
"
fail=$(echo ${fail})
if [[ -n ${fail} ]] ; then
eerror "Sorry, but this version does not yet support features"
eerror "that you requested: ${fail}"
eerror "Please mask ${PF} for now and check back later:"
eerror " # echo '=${CATEGORY}/${PF}' >> /etc/portage/package.mask"
die "booooo"
fi
# Make sure people who are using tcp wrappers are notified of its removal. #531156
if grep -qs '^ *sshd *:' "${EROOT}"/etc/hosts.{allow,deny} ; then
eerror "Sorry, but openssh no longer supports tcp-wrappers, and it seems like"
eerror "you're trying to use it. Update your ${EROOT}etc/hosts.{allow,deny} please."
die "USE=tcpd no longer works"
fi
}
save_version() {
# version.h patch conflict avoidence
mv version.h version.h.$1
cp -f version.h.pristine version.h
}
src_prepare() {
sed -i \
-e "/_PATH_XAUTH/s:/usr/X11R6/bin/xauth:${EPREFIX}/usr/bin/xauth:" \
pathnames.h || die
# keep this as we need it to avoid the conflict between LPK and HPN changing
# this file.
cp version.h version.h.pristine
# don't break .ssh/authorized_keys2 for fun
sed -i '/^AuthorizedKeysFile/s:^:#:' sshd_config || die
epatch "${FILESDIR}"/${PN}-6.8_p1-sshd-gssapi-multihomed.patch #378361
if use X509 ; then
pushd .. >/dev/null
epatch "${WORKDIR}"/${P}-x509-${X509_VER}-glue.patch
epatch "${FILESDIR}"/${P}-sctp-x509-glue.patch
popd >/dev/null
epatch "${WORKDIR}"/${X509_PATCH%.*}
epatch "${FILESDIR}"/${PN}-6.3_p1-x509-hpn14v2-glue.patch
save_version X509
fi
if use ldap ; then
epatch "${WORKDIR}"/${LDAP_PATCH%.*}
save_version LPK
fi
epatch "${FILESDIR}"/${PN}-4.7_p1-GSSAPI-dns.patch #165444 integrated into gsskex
epatch "${FILESDIR}"/${PN}-6.7_p1-openssl-ignore-status.patch
epatch "${FILESDIR}"/${PN}-6.8_p1-ssh-keygen-no-ssh1.patch #544078
epatch "${FILESDIR}"/${PN}-6.8_p1-teraterm.patch #547944
# The X509 patchset fixes this independently.
use X509 || epatch "${FILESDIR}"/${PN}-6.8_p1-ssl-engine-configure.patch
epatch "${WORKDIR}"/${P}-sctp.patch
if use hpn ; then
# The teraterm patch pulled in an upstream update.
pushd "${WORKDIR}"/${HPN_PATCH%.*.*} >/dev/null
epatch "${FILESDIR}"/${PN}-6.8_p1-teraterm-hpn-glue.patch
popd >/dev/null
EPATCH_FORCE="yes" EPATCH_SUFFIX="patch" \
EPATCH_MULTI_MSG="Applying HPN patchset ..." \
epatch "${WORKDIR}"/${HPN_PATCH%.*.*}
save_version HPN
fi
tc-export PKG_CONFIG
local sed_args=(
-e "s:-lcrypto:$(${PKG_CONFIG} --libs openssl):"
# Disable PATH reset, trust what portage gives us #254615
-e 's:^PATH=/:#PATH=/:'
# Disable fortify flags ... our gcc does this for us
-e 's:-D_FORTIFY_SOURCE=2::'
)
# The -ftrapv flag ICEs on hppa #505182
use hppa && sed_args+=(
-e '/CFLAGS/s:-ftrapv:-fdisable-this-test:'
-e '/OSSH_CHECK_CFLAG_LINK.*-ftrapv/d'
)
sed -i "${sed_args[@]}" configure{.ac,} || die
epatch_user #473004
# Now we can build a sane merged version.h
(
sed '/^#define SSH_RELEASE/d' version.h.* | sort -u
macros=()
for p in HPN LPK X509 ; do [ -e version.h.${p} ] && macros+=( SSH_${p} ) ; done
printf '#define SSH_RELEASE SSH_VERSION SSH_PORTABLE %s\n' "${macros}"
) > version.h
eautoreconf
}
src_configure() {
addwrite /dev/ptmx
use debug && append-cppflags -DSANDBOX_SECCOMP_FILTER_DEBUG
use static && append-ldflags -static
local myconf=(
--with-ldflags="${LDFLAGS}"
--disable-strip
--with-pid-dir="${EPREFIX}"$(usex kernel_linux '' '/var')/run
--sysconfdir="${EPREFIX}"/etc/ssh
--libexecdir="${EPREFIX}"/usr/$(get_libdir)/misc
--datadir="${EPREFIX}"/usr/share/openssh
--with-privsep-path="${EPREFIX}"/var/empty
--with-privsep-user=sshd
$(use_with kerberos kerberos5 "${EPREFIX}"/usr)
# We apply the ldap patch conditionally, so can't pass --without-ldap
# unconditionally else we get unknown flag warnings.
$(use ldap && use_with ldap)
$(use_with ldns)
$(use_with libedit)
$(use_with pam)
$(use_with pie)
$(use_with sctp)
$(use_with selinux)
$(use_with skey)
$(use_with ssh1)
# The X509 patch deletes this option entirely.
$(use X509 || use_with ssl openssl)
$(use_with ssl md5-passwords)
$(use_with ssl ssl-engine)
)
# Special settings for Gentoo/FreeBSD 9.0 or later (see bug #391011)
if use elibc_FreeBSD && version_is_at_least 9.0 "$(uname -r|sed 's/\(.\..\).*/\1/')" ; then
myconf+=( --disable-utmp --disable-wtmp --disable-wtmpx )
append-ldflags -lutil
fi
econf "${myconf[@]}"
}
src_install() {
emake install-nokeys DESTDIR="${D}"
fperms 600 /etc/ssh/sshd_config
dobin contrib/ssh-copy-id
newinitd "${FILESDIR}"/sshd.rc6.4 sshd
newconfd "${FILESDIR}"/sshd.confd sshd
keepdir /var/empty
newpamd "${FILESDIR}"/sshd.pam_include.2 sshd
if use pam ; then
sed -i \
-e "/^#UsePAM /s:.*:UsePAM yes:" \
-e "/^#PasswordAuthentication /s:.*:PasswordAuthentication no:" \
-e "/^#PrintMotd /s:.*:PrintMotd no:" \
-e "/^#PrintLastLog /s:.*:PrintLastLog no:" \
"${ED}"/etc/ssh/sshd_config || die
fi
# Gentoo tweaks to default config files
cat <<-EOF >> "${ED}"/etc/ssh/sshd_config
# Allow client to pass locale environment variables #367017
AcceptEnv LANG LC_*
EOF
cat <<-EOF >> "${ED}"/etc/ssh/ssh_config
# Send locale environment variables #367017
SendEnv LANG LC_*
EOF
# This instruction is from the HPN webpage,
# Used for the server logging functionality
if [[ -n ${HPN_PATCH} ]] && use hpn ; then
keepdir /var/empty/dev
fi
if ! use X509 && [[ -n ${LDAP_PATCH} ]] && use ldap ; then
insinto /etc/openldap/schema/
newins openssh-lpk_openldap.schema openssh-lpk.schema
fi
doman contrib/ssh-copy-id.1
dodoc ChangeLog CREDITS OVERVIEW README* TODO sshd_config
diropts -m 0700
dodir /etc/skel/.ssh
systemd_dounit "${FILESDIR}"/sshd.{service,socket}
systemd_newunit "${FILESDIR}"/sshd_at.service 'sshd@.service'
}
src_test() {
local t tests skipped failed passed shell
tests="interop-tests compat-tests"
skipped=""
shell=$(egetshell ${UID})
if [[ ${shell} == */nologin ]] || [[ ${shell} == */false ]] ; then
elog "Running the full OpenSSH testsuite"
elog "requires a usable shell for the 'portage'"
elog "user, so we will run a subset only."
skipped="${skipped} tests"
else
tests="${tests} tests"
fi
# It will also attempt to write to the homedir .ssh
local sshhome=${T}/homedir
mkdir -p "${sshhome}"/.ssh
for t in ${tests} ; do
# Some tests read from stdin ...
HOMEDIR="${sshhome}" \
emake -k -j1 ${t} </dev/null \
&& passed="${passed}${t} " \
|| failed="${failed}${t} "
done
einfo "Passed tests: ${passed}"
ewarn "Skipped tests: ${skipped}"
if [[ -n ${failed} ]] ; then
ewarn "Failed tests: ${failed}"
die "Some tests failed: ${failed}"
else
einfo "Failed tests: ${failed}"
return 0
fi
}
pkg_preinst() {
enewgroup sshd 22
enewuser sshd 22 -1 /var/empty sshd
}
pkg_postinst() {
if has_version "<${CATEGORY}/${PN}-5.8_p1" ; then
elog "Starting with openssh-5.8p1, the server will default to a newer key"
elog "algorithm (ECDSA). You are encouraged to manually update your stored"
elog "keys list as servers update theirs. See ssh-keyscan(1) for more info."
fi
ewarn "Remember to merge your config files in /etc/ssh/ and then"
ewarn "reload sshd: '/etc/init.d/sshd reload'."
# This instruction is from the HPN webpage,
# Used for the server logging functionality
if [[ -n ${HPN_PATCH} ]] && use hpn ; then
einfo "For the HPN server logging patch, you must ensure that"
einfo "your syslog application also listens at /var/empty/dev/log."
fi
elog "Note: openssh-6.7 versions no longer support USE=tcpd as upstream has"
elog " dropped it. Make sure to update any configs that you might have."
}

322
sdk_container/src/third_party/portage-stable/net-misc/openssh/openssh-6.9_p1-r1.ebuild vendored
View File

@ -1,322 +0,0 @@
# Copyright 1999-2015 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Id$
EAPI="4"
inherit eutils user flag-o-matic multilib autotools pam systemd versionator
# Make it more portable between straight releases
# and _p? releases.
PARCH=${P/_}
HPN_PATCH="${PN}-6.9p1-hpnssh14v5.tar.xz"
LDAP_PATCH="${PN}-lpk-6.8p1-0.3.14.patch.xz"
X509_VER="8.4" X509_PATCH="${PN}-6.9p1+x509-${X509_VER}.diff.gz"
DESCRIPTION="Port of OpenBSD's free SSH release"
HOMEPAGE="http://www.openssh.org/"
SRC_URI="mirror://openbsd/OpenSSH/portable/${PARCH}.tar.gz
mirror://gentoo/${PN}-6.8_p1-sctp.patch.xz
${HPN_PATCH:+hpn? (
mirror://gentoo/${HPN_PATCH}
https://dev.gentoo.org/~polynomial-c/${HPN_PATCH}
mirror://sourceforge/hpnssh/${HPN_PATCH}
)}
${LDAP_PATCH:+ldap? ( mirror://gentoo/${LDAP_PATCH} )}
${X509_PATCH:+X509? ( http://roumenpetrov.info/openssh/x509-${X509_VER}/${X509_PATCH} )}
"
LICENSE="BSD GPL-2"
SLOT="0"
KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
# Probably want to drop ssl defaulting to on in a future version.
IUSE="bindist debug ${HPN_PATCH:++}hpn kerberos kernel_linux ldap ldns libedit pam +pie sctp selinux skey ssh1 +ssl static X X509"
REQUIRED_USE="pie? ( !static )
ssh1? ( ssl )
static? ( !kerberos !pam )
X509? ( !ldap ssl )"
LIB_DEPEND="sctp? ( net-misc/lksctp-tools[static-libs(+)] )
selinux? ( >=sys-libs/libselinux-1.28[static-libs(+)] )
skey? ( >=sys-auth/skey-1.1.5-r1[static-libs(+)] )
libedit? ( dev-libs/libedit[static-libs(+)] )
ssl? (
>=dev-libs/openssl-0.9.6d:0[bindist=]
dev-libs/openssl[static-libs(+)]
)
>=sys-libs/zlib-1.2.3[static-libs(+)]"
RDEPEND="
!static? (
${LIB_DEPEND//\[static-libs(+)]}
ldns? (
!bindist? ( net-libs/ldns[ecdsa,ssl] )
bindist? ( net-libs/ldns[-ecdsa,ssl] )
)
)
pam? ( virtual/pam )
kerberos? ( virtual/krb5 )
ldap? ( net-nds/openldap )"
DEPEND="${RDEPEND}
static? (
${LIB_DEPEND}
ldns? (
!bindist? ( net-libs/ldns[ecdsa,ssl,static-libs(+)] )
bindist? ( net-libs/ldns[-ecdsa,ssl,static-libs(+)] )
)
)
virtual/pkgconfig
virtual/os-headers
sys-devel/autoconf"
RDEPEND="${RDEPEND}
pam? ( >=sys-auth/pambase-20081028 )
userland_GNU? ( virtual/shadow )
X? ( x11-apps/xauth )"
S=${WORKDIR}/${PARCH}
pkg_setup() {
# this sucks, but i'd rather have people unable to `emerge -u openssh`
# than not be able to log in to their server any more
maybe_fail() { [[ -z ${!2} ]] && echo "$1" ; }
local fail="
$(use X509 && maybe_fail X509 X509_PATCH)
$(use ldap && maybe_fail ldap LDAP_PATCH)
$(use hpn && maybe_fail hpn HPN_PATCH)
"
fail=$(echo ${fail})
if [[ -n ${fail} ]] ; then
eerror "Sorry, but this version does not yet support features"
eerror "that you requested: ${fail}"
eerror "Please mask ${PF} for now and check back later:"
eerror " # echo '=${CATEGORY}/${PF}' >> /etc/portage/package.mask"
die "booooo"
fi
# Make sure people who are using tcp wrappers are notified of its removal. #531156
if grep -qs '^ *sshd *:' "${EROOT}"/etc/hosts.{allow,deny} ; then
eerror "Sorry, but openssh no longer supports tcp-wrappers, and it seems like"
eerror "you're trying to use it. Update your ${EROOT}etc/hosts.{allow,deny} please."
die "USE=tcpd no longer works"
fi
}
save_version() {
# version.h patch conflict avoidence
mv version.h version.h.$1
cp -f version.h.pristine version.h
}
src_prepare() {
sed -i \
-e "/_PATH_XAUTH/s:/usr/X11R6/bin/xauth:${EPREFIX}/usr/bin/xauth:" \
pathnames.h || die
# keep this as we need it to avoid the conflict between LPK and HPN changing
# this file.
cp version.h version.h.pristine
# don't break .ssh/authorized_keys2 for fun
sed -i '/^AuthorizedKeysFile/s:^:#:' sshd_config || die
if use X509 ; then
pushd .. >/dev/null
#epatch "${WORKDIR}"/${PN}-6.8_p1-x509-${X509_VER}-glue.patch
epatch "${FILESDIR}"/${PN}-6.8_p1-sctp-x509-glue.patch
popd >/dev/null
epatch "${WORKDIR}"/${X509_PATCH%.*}
epatch "${FILESDIR}"/${PN}-6.3_p1-x509-hpn14v2-glue.patch
epatch "${FILESDIR}"/${PN}-6.9_p1-x509-warnings.patch
save_version X509
fi
if use ldap ; then
epatch "${WORKDIR}"/${LDAP_PATCH%.*}
save_version LPK
fi
epatch "${FILESDIR}"/${PN}-4.7_p1-GSSAPI-dns.patch #165444 integrated into gsskex
epatch "${FILESDIR}"/${PN}-6.7_p1-openssl-ignore-status.patch
# The X509 patchset fixes this independently.
use X509 || epatch "${FILESDIR}"/${PN}-6.8_p1-ssl-engine-configure.patch
epatch "${WORKDIR}"/${PN}-6.8_p1-sctp.patch
if use hpn ; then
EPATCH_FORCE="yes" EPATCH_SUFFIX="patch" \
EPATCH_MULTI_MSG="Applying HPN patchset ..." \
epatch "${WORKDIR}"/${HPN_PATCH%.*.*}
save_version HPN
fi
tc-export PKG_CONFIG
local sed_args=(
-e "s:-lcrypto:$(${PKG_CONFIG} --libs openssl):"
# Disable PATH reset, trust what portage gives us #254615
-e 's:^PATH=/:#PATH=/:'
# Disable fortify flags ... our gcc does this for us
-e 's:-D_FORTIFY_SOURCE=2::'
)
# The -ftrapv flag ICEs on hppa #505182
use hppa && sed_args+=(
-e '/CFLAGS/s:-ftrapv:-fdisable-this-test:'
-e '/OSSH_CHECK_CFLAG_LINK.*-ftrapv/d'
)
sed -i "${sed_args[@]}" configure{.ac,} || die
epatch_user #473004
# Now we can build a sane merged version.h
(
sed '/^#define SSH_RELEASE/d' version.h.* | sort -u
macros=()
for p in HPN LPK X509 ; do [ -e version.h.${p} ] && macros+=( SSH_${p} ) ; done
printf '#define SSH_RELEASE SSH_VERSION SSH_PORTABLE %s\n' "${macros}"
) > version.h
eautoreconf
}
src_configure() {
addwrite /dev/ptmx
use debug && append-cppflags -DSANDBOX_SECCOMP_FILTER_DEBUG
use static && append-ldflags -static
local myconf=(
--with-ldflags="${LDFLAGS}"
--disable-strip
--with-pid-dir="${EPREFIX}"$(usex kernel_linux '' '/var')/run
--sysconfdir="${EPREFIX}"/etc/ssh
--libexecdir="${EPREFIX}"/usr/$(get_libdir)/misc
--datadir="${EPREFIX}"/usr/share/openssh
--with-privsep-path="${EPREFIX}"/var/empty
--with-privsep-user=sshd
$(use_with kerberos kerberos5 "${EPREFIX}"/usr)
# We apply the ldap patch conditionally, so can't pass --without-ldap
# unconditionally else we get unknown flag warnings.
$(use ldap && use_with ldap)
$(use_with ldns)
$(use_with libedit)
$(use_with pam)
$(use_with pie)
$(use_with sctp)
$(use_with selinux)
$(use_with skey)
$(use_with ssh1)
# The X509 patch deletes this option entirely.
$(use X509 || use_with ssl openssl)
$(use_with ssl md5-passwords)
$(use_with ssl ssl-engine)
)
# Special settings for Gentoo/FreeBSD 9.0 or later (see bug #391011)
if use elibc_FreeBSD && version_is_at_least 9.0 "$(uname -r|sed 's/\(.\..\).*/\1/')" ; then
myconf+=( --disable-utmp --disable-wtmp --disable-wtmpx )
append-ldflags -lutil
fi
econf "${myconf[@]}"
}
src_install() {
emake install-nokeys DESTDIR="${D}"
fperms 600 /etc/ssh/sshd_config
dobin contrib/ssh-copy-id
newinitd "${FILESDIR}"/sshd.rc6.4 sshd
newconfd "${FILESDIR}"/sshd.confd sshd
keepdir /var/empty
newpamd "${FILESDIR}"/sshd.pam_include.2 sshd
if use pam ; then
sed -i \
-e "/^#UsePAM /s:.*:UsePAM yes:" \
-e "/^#PasswordAuthentication /s:.*:PasswordAuthentication no:" \
-e "/^#PrintMotd /s:.*:PrintMotd no:" \
-e "/^#PrintLastLog /s:.*:PrintLastLog no:" \
"${ED}"/etc/ssh/sshd_config || die
fi
# Gentoo tweaks to default config files
cat <<-EOF >> "${ED}"/etc/ssh/sshd_config
# Allow client to pass locale environment variables #367017
AcceptEnv LANG LC_*
EOF
cat <<-EOF >> "${ED}"/etc/ssh/ssh_config
# Send locale environment variables #367017
SendEnv LANG LC_*
EOF
# This instruction is from the HPN webpage,
# Used for the server logging functionality
if [[ -n ${HPN_PATCH} ]] && use hpn ; then
keepdir /var/empty/dev
fi
if ! use X509 && [[ -n ${LDAP_PATCH} ]] && use ldap ; then
insinto /etc/openldap/schema/
newins openssh-lpk_openldap.schema openssh-lpk.schema
fi
doman contrib/ssh-copy-id.1
dodoc ChangeLog CREDITS OVERVIEW README* TODO sshd_config
diropts -m 0700
dodir /etc/skel/.ssh
systemd_dounit "${FILESDIR}"/sshd.{service,socket}
systemd_newunit "${FILESDIR}"/sshd_at.service 'sshd@.service'
}
src_test() {
local t tests skipped failed passed shell
tests="interop-tests compat-tests"
skipped=""
shell=$(egetshell ${UID})
if [[ ${shell} == */nologin ]] || [[ ${shell} == */false ]] ; then
elog "Running the full OpenSSH testsuite"
elog "requires a usable shell for the 'portage'"
elog "user, so we will run a subset only."
skipped="${skipped} tests"
else
tests="${tests} tests"
fi
# It will also attempt to write to the homedir .ssh
local sshhome=${T}/homedir
mkdir -p "${sshhome}"/.ssh
for t in ${tests} ; do
# Some tests read from stdin ...
HOMEDIR="${sshhome}" \
emake -k -j1 ${t} </dev/null \
&& passed="${passed}${t} " \
|| failed="${failed}${t} "
done
einfo "Passed tests: ${passed}"
ewarn "Skipped tests: ${skipped}"
if [[ -n ${failed} ]] ; then
ewarn "Failed tests: ${failed}"
die "Some tests failed: ${failed}"
else
einfo "Failed tests: ${failed}"
return 0
fi
}
pkg_preinst() {
enewgroup sshd 22
enewuser sshd 22 -1 /var/empty sshd
}
pkg_postinst() {
if has_version "<${CATEGORY}/${PN}-5.8_p1" ; then
elog "Starting with openssh-5.8p1, the server will default to a newer key"
elog "algorithm (ECDSA). You are encouraged to manually update your stored"
elog "keys list as servers update theirs. See ssh-keyscan(1) for more info."
fi
ewarn "Remember to merge your config files in /etc/ssh/ and then"
ewarn "reload sshd: '/etc/init.d/sshd reload'."
# This instruction is from the HPN webpage,
# Used for the server logging functionality
if [[ -n ${HPN_PATCH} ]] && use hpn ; then
einfo "For the HPN server logging patch, you must ensure that"
einfo "your syslog application also listens at /var/empty/dev/log."
fi
elog "Note: openssh-6.7 versions no longer support USE=tcpd as upstream has"
elog " dropped it. Make sure to update any configs that you might have."
}

310
sdk_container/src/third_party/portage-stable/net-misc/openssh/openssh-6.9_p1-r2.ebuild vendored
View File

@ -1,310 +0,0 @@
# Copyright 1999-2015 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Id$
EAPI="4"
inherit eutils user flag-o-matic multilib autotools pam systemd versionator
# Make it more portable between straight releases
# and _p? releases.
PARCH=${P/_}
HPN_PATCH="${PN}-6.9p1-r1-hpnssh14v5.tar.xz"
LDAP_PATCH="${PN}-lpk-6.8p1-0.3.14.patch.xz"
X509_VER="8.4" X509_PATCH="${PN}-6.9p1+x509-${X509_VER}.diff.gz"
DESCRIPTION="Port of OpenBSD's free SSH release"
HOMEPAGE="http://www.openssh.org/"
SRC_URI="mirror://openbsd/OpenSSH/portable/${PARCH}.tar.gz
mirror://gentoo/${PN}-6.8_p1-sctp.patch.xz
${HPN_PATCH:+hpn? (
mirror://gentoo/${HPN_PATCH}
https://dev.gentoo.org/~polynomial-c/${HPN_PATCH}
mirror://sourceforge/hpnssh/${HPN_PATCH}
)}
${LDAP_PATCH:+ldap? ( mirror://gentoo/${LDAP_PATCH} )}
${X509_PATCH:+X509? ( http://roumenpetrov.info/openssh/x509-${X509_VER}/${X509_PATCH} )}
"
LICENSE="BSD GPL-2"
SLOT="0"
KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
# Probably want to drop ssl defaulting to on in a future version.
IUSE="bindist debug ${HPN_PATCH:++}hpn kerberos kernel_linux ldap ldns libedit pam +pie sctp selinux skey ssh1 +ssl static X X509"
REQUIRED_USE="ldns? ( ssl )
pie? ( !static )
ssh1? ( ssl )
static? ( !kerberos !pam )
X509? ( !ldap ssl )"
LIB_DEPEND="
ldns? (
net-libs/ldns[static-libs(+)]
!bindist? ( net-libs/ldns[ecdsa,ssl] )
bindist? ( net-libs/ldns[-ecdsa,ssl] )
)
libedit? ( dev-libs/libedit[static-libs(+)] )
sctp? ( net-misc/lksctp-tools[static-libs(+)] )
selinux? ( >=sys-libs/libselinux-1.28[static-libs(+)] )
skey? ( >=sys-auth/skey-1.1.5-r1[static-libs(+)] )
ssl? (
>=dev-libs/openssl-0.9.8f:0[bindist=]
dev-libs/openssl:0[static-libs(+)]
)
>=sys-libs/zlib-1.2.3[static-libs(+)]"
RDEPEND="
!static? ( ${LIB_DEPEND//\[static-libs(+)]} )
pam? ( virtual/pam )
kerberos? ( virtual/krb5 )
ldap? ( net-nds/openldap )"
DEPEND="${RDEPEND}
static? ( ${LIB_DEPEND} )
virtual/pkgconfig
virtual/os-headers
sys-devel/autoconf"
RDEPEND="${RDEPEND}
pam? ( >=sys-auth/pambase-20081028 )
userland_GNU? ( virtual/shadow )
X? ( x11-apps/xauth )"
S=${WORKDIR}/${PARCH}
pkg_setup() {
# this sucks, but i'd rather have people unable to `emerge -u openssh`
# than not be able to log in to their server any more
maybe_fail() { [[ -z ${!2} ]] && echo "$1" ; }
local fail="
$(use X509 && maybe_fail X509 X509_PATCH)
$(use ldap && maybe_fail ldap LDAP_PATCH)
$(use hpn && maybe_fail hpn HPN_PATCH)
"
fail=$(echo ${fail})
if [[ -n ${fail} ]] ; then
eerror "Sorry, but this version does not yet support features"
eerror "that you requested: ${fail}"
eerror "Please mask ${PF} for now and check back later:"
eerror " # echo '=${CATEGORY}/${PF}' >> /etc/portage/package.mask"
die "booooo"
fi
# Make sure people who are using tcp wrappers are notified of its removal. #531156
if grep -qs '^ *sshd *:' "${EROOT}"/etc/hosts.{allow,deny} ; then
ewarn "Sorry, but openssh no longer supports tcp-wrappers, and it seems like"
ewarn "you're trying to use it. Update your ${EROOT}etc/hosts.{allow,deny} please."
fi
}
save_version() {
# version.h patch conflict avoidence
mv version.h version.h.$1
cp -f version.h.pristine version.h
}
src_prepare() {
sed -i \
-e "/_PATH_XAUTH/s:/usr/X11R6/bin/xauth:${EPREFIX}/usr/bin/xauth:" \
pathnames.h || die
# keep this as we need it to avoid the conflict between LPK and HPN changing
# this file.
cp version.h version.h.pristine
# don't break .ssh/authorized_keys2 for fun
sed -i '/^AuthorizedKeysFile/s:^:#:' sshd_config || die
if use X509 ; then
pushd .. >/dev/null
#epatch "${WORKDIR}"/${PN}-6.8_p1-x509-${X509_VER}-glue.patch
epatch "${FILESDIR}"/${PN}-6.8_p1-sctp-x509-glue.patch
popd >/dev/null
epatch "${WORKDIR}"/${X509_PATCH%.*}
epatch "${FILESDIR}"/${PN}-6.3_p1-x509-hpn14v2-glue.patch
epatch "${FILESDIR}"/${PN}-6.9_p1-x509-warnings.patch
save_version X509
fi
if use ldap ; then
epatch "${WORKDIR}"/${LDAP_PATCH%.*}
save_version LPK
fi
epatch "${FILESDIR}"/${PN}-4.7_p1-GSSAPI-dns.patch #165444 integrated into gsskex
epatch "${FILESDIR}"/${PN}-6.7_p1-openssl-ignore-status.patch
# The X509 patchset fixes this independently.
use X509 || epatch "${FILESDIR}"/${PN}-6.8_p1-ssl-engine-configure.patch
epatch "${WORKDIR}"/${PN}-6.8_p1-sctp.patch
if use hpn ; then
EPATCH_FORCE="yes" EPATCH_SUFFIX="patch" \
EPATCH_MULTI_MSG="Applying HPN patchset ..." \
epatch "${WORKDIR}"/${HPN_PATCH%.*.*}
save_version HPN
fi
tc-export PKG_CONFIG
local sed_args=(
-e "s:-lcrypto:$(${PKG_CONFIG} --libs openssl):"
# Disable PATH reset, trust what portage gives us #254615
-e 's:^PATH=/:#PATH=/:'
# Disable fortify flags ... our gcc does this for us
-e 's:-D_FORTIFY_SOURCE=2::'
)
# The -ftrapv flag ICEs on hppa #505182
use hppa && sed_args+=(
-e '/CFLAGS/s:-ftrapv:-fdisable-this-test:'
-e '/OSSH_CHECK_CFLAG_LINK.*-ftrapv/d'
)
sed -i "${sed_args[@]}" configure{.ac,} || die
epatch_user #473004
# Now we can build a sane merged version.h
(
sed '/^#define SSH_RELEASE/d' version.h.* | sort -u
macros=()
for p in HPN LPK X509 ; do [ -e version.h.${p} ] && macros+=( SSH_${p} ) ; done
printf '#define SSH_RELEASE SSH_VERSION SSH_PORTABLE %s\n' "${macros}"
) > version.h
eautoreconf
}
src_configure() {
addwrite /dev/ptmx
use debug && append-cppflags -DSANDBOX_SECCOMP_FILTER_DEBUG
use static && append-ldflags -static
local myconf=(
--with-ldflags="${LDFLAGS}"
--disable-strip
--with-pid-dir="${EPREFIX}"$(usex kernel_linux '' '/var')/run
--sysconfdir="${EPREFIX}"/etc/ssh
--libexecdir="${EPREFIX}"/usr/$(get_libdir)/misc
--datadir="${EPREFIX}"/usr/share/openssh
--with-privsep-path="${EPREFIX}"/var/empty
--with-privsep-user=sshd
$(use_with kerberos kerberos5 "${EPREFIX}"/usr)
# We apply the ldap patch conditionally, so can't pass --without-ldap
# unconditionally else we get unknown flag warnings.
$(use ldap && use_with ldap)
$(use_with ldns)
$(use_with libedit)
$(use_with pam)
$(use_with pie)
$(use_with sctp)
$(use_with selinux)
$(use_with skey)
$(use_with ssh1)
# The X509 patch deletes this option entirely.
$(use X509 || use_with ssl openssl)
$(use_with ssl md5-passwords)
$(use_with ssl ssl-engine)
)
# The seccomp sandbox is broken on x32, so use the older method for now. #553748
use amd64 && [[ ${ABI} == "x32" ]] && myconf+=( --with-sandbox=rlimit )
# Special settings for Gentoo/FreeBSD 9.0 or later (see bug #391011)
if use elibc_FreeBSD && version_is_at_least 9.0 "$(uname -r|sed 's/\(.\..\).*/\1/')" ; then
myconf+=( --disable-utmp --disable-wtmp --disable-wtmpx )
append-ldflags -lutil
fi
econf "${myconf[@]}"
}
src_install() {
emake install-nokeys DESTDIR="${D}"
fperms 600 /etc/ssh/sshd_config
dobin contrib/ssh-copy-id
newinitd "${FILESDIR}"/sshd.rc6.4 sshd
newconfd "${FILESDIR}"/sshd.confd sshd
keepdir /var/empty
newpamd "${FILESDIR}"/sshd.pam_include.2 sshd
if use pam ; then
sed -i \
-e "/^#UsePAM /s:.*:UsePAM yes:" \
-e "/^#PasswordAuthentication /s:.*:PasswordAuthentication no:" \
-e "/^#PrintMotd /s:.*:PrintMotd no:" \
-e "/^#PrintLastLog /s:.*:PrintLastLog no:" \
"${ED}"/etc/ssh/sshd_config || die
fi
# Gentoo tweaks to default config files
cat <<-EOF >> "${ED}"/etc/ssh/sshd_config
# Allow client to pass locale environment variables #367017
AcceptEnv LANG LC_*
EOF
cat <<-EOF >> "${ED}"/etc/ssh/ssh_config
# Send locale environment variables #367017
SendEnv LANG LC_*
EOF
if ! use X509 && [[ -n ${LDAP_PATCH} ]] && use ldap ; then
insinto /etc/openldap/schema/
newins openssh-lpk_openldap.schema openssh-lpk.schema
fi
doman contrib/ssh-copy-id.1
dodoc ChangeLog CREDITS OVERVIEW README* TODO sshd_config
diropts -m 0700
dodir /etc/skel/.ssh
systemd_dounit "${FILESDIR}"/sshd.{service,socket}
systemd_newunit "${FILESDIR}"/sshd_at.service 'sshd@.service'
}
src_test() {
local t tests skipped failed passed shell
tests="interop-tests compat-tests"
skipped=""
shell=$(egetshell ${UID})
if [[ ${shell} == */nologin ]] || [[ ${shell} == */false ]] ; then
elog "Running the full OpenSSH testsuite"
elog "requires a usable shell for the 'portage'"
elog "user, so we will run a subset only."
skipped="${skipped} tests"
else
tests="${tests} tests"
fi
# It will also attempt to write to the homedir .ssh
local sshhome=${T}/homedir
mkdir -p "${sshhome}"/.ssh
for t in ${tests} ; do
# Some tests read from stdin ...
HOMEDIR="${sshhome}" \
emake -k -j1 ${t} </dev/null \
&& passed="${passed}${t} " \
|| failed="${failed}${t} "
done
einfo "Passed tests: ${passed}"
ewarn "Skipped tests: ${skipped}"
if [[ -n ${failed} ]] ; then
ewarn "Failed tests: ${failed}"
die "Some tests failed: ${failed}"
else
einfo "Failed tests: ${failed}"
return 0
fi
}
pkg_preinst() {
enewgroup sshd 22
enewuser sshd 22 -1 /var/empty sshd
}
pkg_postinst() {
if has_version "<${CATEGORY}/${PN}-5.8_p1" ; then
elog "Starting with openssh-5.8p1, the server will default to a newer key"
elog "algorithm (ECDSA). You are encouraged to manually update your stored"
elog "keys list as servers update theirs. See ssh-keyscan(1) for more info."
fi
if has_version "<${CATEGORY}/${PN}-6.9_p1" ; then
elog "Starting with openssh-6.9p1, ssh1 support is disabled by default."
fi
ewarn "Remember to merge your config files in /etc/ssh/ and then"
ewarn "reload sshd: '/etc/init.d/sshd reload'."
elog "Note: openssh-6.7 versions no longer support USE=tcpd as upstream has"
elog " dropped it. Make sure to update any configs that you might have."
}

323
sdk_container/src/third_party/portage-stable/net-misc/openssh/openssh-7.0_p1.ebuild vendored
View File

@ -1,323 +0,0 @@
# Copyright 1999-2015 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Id$
EAPI="4"
inherit eutils user flag-o-matic multilib autotools pam systemd versionator
# Make it more portable between straight releases
# and _p? releases.
PARCH=${P/_}
HPN_PATCH="${PN}-7.0p1-hpnssh14v5.tar.xz"
LDAP_PATCH="${PN}-lpk-6.8p1-0.3.14.patch.xz"
X509_VER="8.5" X509_PATCH="${PN}-${PV//_/}+x509-${X509_VER}.diff.gz"
DESCRIPTION="Port of OpenBSD's free SSH release"
HOMEPAGE="http://www.openssh.org/"
SRC_URI="mirror://openbsd/OpenSSH/portable/${PARCH}.tar.gz
mirror://gentoo/${PN}-6.8_p1-sctp.patch.xz
${HPN_PATCH:+hpn? (
mirror://gentoo/${HPN_PATCH}
https://dev.gentoo.org/~polynomial-c/${HPN_PATCH}
mirror://sourceforge/hpnssh/${HPN_PATCH}
)}
${LDAP_PATCH:+ldap? ( mirror://gentoo/${LDAP_PATCH} )}
${X509_PATCH:+X509? ( http://roumenpetrov.info/openssh/x509-${X509_VER}/${X509_PATCH} )}
"
LICENSE="BSD GPL-2"
SLOT="0"
KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
# Probably want to drop ssl defaulting to on in a future version.
IUSE="bindist debug ${HPN_PATCH:++}hpn kerberos kernel_linux ldap ldns libedit pam +pie sctp selinux skey ssh1 +ssl static X X509"
REQUIRED_USE="ldns? ( ssl )
pie? ( !static )
ssh1? ( ssl )
static? ( !kerberos !pam )
X509? ( !ldap ssl )"
LIB_DEPEND="
ldns? (
net-libs/ldns[static-libs(+)]
!bindist? ( net-libs/ldns[ecdsa,ssl] )
bindist? ( net-libs/ldns[-ecdsa,ssl] )
)
libedit? ( dev-libs/libedit[static-libs(+)] )
sctp? ( net-misc/lksctp-tools[static-libs(+)] )
selinux? ( >=sys-libs/libselinux-1.28[static-libs(+)] )
skey? ( >=sys-auth/skey-1.1.5-r1[static-libs(+)] )
ssl? (
>=dev-libs/openssl-0.9.8f:0[bindist=]
dev-libs/openssl:0[static-libs(+)]
)
>=sys-libs/zlib-1.2.3[static-libs(+)]"
RDEPEND="
!static? ( ${LIB_DEPEND//\[static-libs(+)]} )
pam? ( virtual/pam )
kerberos? ( virtual/krb5 )
ldap? ( net-nds/openldap )"
DEPEND="${RDEPEND}
static? ( ${LIB_DEPEND} )
virtual/pkgconfig
virtual/os-headers
sys-devel/autoconf"
RDEPEND="${RDEPEND}
pam? ( >=sys-auth/pambase-20081028 )
userland_GNU? ( virtual/shadow )
X? ( x11-apps/xauth )"
S=${WORKDIR}/${PARCH}
pkg_setup() {
# this sucks, but i'd rather have people unable to `emerge -u openssh`
# than not be able to log in to their server any more
maybe_fail() { [[ -z ${!2} ]] && echo "$1" ; }
local fail="
$(use X509 && maybe_fail X509 X509_PATCH)
$(use ldap && maybe_fail ldap LDAP_PATCH)
$(use hpn && maybe_fail hpn HPN_PATCH)
"
fail=$(echo ${fail})
if [[ -n ${fail} ]] ; then
eerror "Sorry, but this version does not yet support features"
eerror "that you requested: ${fail}"
eerror "Please mask ${PF} for now and check back later:"
eerror " # echo '=${CATEGORY}/${PF}' >> /etc/portage/package.mask"
die "booooo"
fi
# Make sure people who are using tcp wrappers are notified of its removal. #531156
if grep -qs '^ *sshd *:' "${EROOT}"/etc/hosts.{allow,deny} ; then
ewarn "Sorry, but openssh no longer supports tcp-wrappers, and it seems like"
ewarn "you're trying to use it. Update your ${EROOT}etc/hosts.{allow,deny} please."
fi
}
save_version() {
# version.h patch conflict avoidence
mv version.h version.h.$1
cp -f version.h.pristine version.h
}
src_prepare() {
sed -i \
-e "/_PATH_XAUTH/s:/usr/X11R6/bin/xauth:${EPREFIX}/usr/bin/xauth:" \
pathnames.h || die
# keep this as we need it to avoid the conflict between LPK and HPN changing
# this file.
cp version.h version.h.pristine
# don't break .ssh/authorized_keys2 for fun
sed -i '/^AuthorizedKeysFile/s:^:#:' sshd_config || die
if use X509 ; then
pushd .. >/dev/null
#epatch "${WORKDIR}"/${PN}-6.8_p1-x509-${X509_VER}-glue.patch
epatch "${FILESDIR}"/${PN}-7.0_p1-sctp-x509-glue.patch
popd >/dev/null
epatch "${WORKDIR}"/${X509_PATCH%.*}
epatch "${FILESDIR}"/${PN}-6.3_p1-x509-hpn14v2-glue.patch
epatch "${FILESDIR}"/${PN}-6.9_p1-x509-warnings.patch
save_version X509
fi
if use ldap ; then
epatch "${WORKDIR}"/${LDAP_PATCH%.*}
save_version LPK
fi
epatch "${FILESDIR}"/${PN}-4.7_p1-GSSAPI-dns.patch #165444 integrated into gsskex
epatch "${FILESDIR}"/${PN}-6.7_p1-openssl-ignore-status.patch
# The X509 patchset fixes this independently.
use X509 || epatch "${FILESDIR}"/${PN}-6.8_p1-ssl-engine-configure.patch
epatch "${WORKDIR}"/${PN}-6.8_p1-sctp.patch
if use hpn ; then
EPATCH_FORCE="yes" EPATCH_SUFFIX="patch" \
EPATCH_MULTI_MSG="Applying HPN patchset ..." \
epatch "${WORKDIR}"/${HPN_PATCH%.*.*}
save_version HPN
fi
tc-export PKG_CONFIG
local sed_args=(
-e "s:-lcrypto:$(${PKG_CONFIG} --libs openssl):"
# Disable PATH reset, trust what portage gives us #254615
-e 's:^PATH=/:#PATH=/:'
# Disable fortify flags ... our gcc does this for us
-e 's:-D_FORTIFY_SOURCE=2::'
)
# The -ftrapv flag ICEs on hppa #505182
use hppa && sed_args+=(
-e '/CFLAGS/s:-ftrapv:-fdisable-this-test:'
-e '/OSSH_CHECK_CFLAG_LINK.*-ftrapv/d'
)
sed -i "${sed_args[@]}" configure{.ac,} || die
epatch_user #473004
# Now we can build a sane merged version.h
(
sed '/^#define SSH_RELEASE/d' version.h.* | sort -u
macros=()
for p in HPN LPK X509 ; do [ -e version.h.${p} ] && macros+=( SSH_${p} ) ; done
printf '#define SSH_RELEASE SSH_VERSION SSH_PORTABLE %s\n' "${macros}"
) > version.h
eautoreconf
}
src_configure() {
addwrite /dev/ptmx
use debug && append-cppflags -DSANDBOX_SECCOMP_FILTER_DEBUG
use static && append-ldflags -static
local myconf=(
--with-ldflags="${LDFLAGS}"
--disable-strip
--with-pid-dir="${EPREFIX}"$(usex kernel_linux '' '/var')/run
--sysconfdir="${EPREFIX}"/etc/ssh
--libexecdir="${EPREFIX}"/usr/$(get_libdir)/misc
--datadir="${EPREFIX}"/usr/share/openssh
--with-privsep-path="${EPREFIX}"/var/empty
--with-privsep-user=sshd
$(use_with kerberos kerberos5 "${EPREFIX}"/usr)
# We apply the ldap patch conditionally, so can't pass --without-ldap
# unconditionally else we get unknown flag warnings.
$(use ldap && use_with ldap)
$(use_with ldns)
$(use_with libedit)
$(use_with pam)
$(use_with pie)
$(use_with sctp)
$(use_with selinux)
$(use_with skey)
$(use_with ssh1)
# The X509 patch deletes this option entirely.
$(use X509 || use_with ssl openssl)
$(use_with ssl md5-passwords)
$(use_with ssl ssl-engine)
)
# The seccomp sandbox is broken on x32, so use the older method for now. #553748
use amd64 && [[ ${ABI} == "x32" ]] && myconf+=( --with-sandbox=rlimit )
# Special settings for Gentoo/FreeBSD 9.0 or later (see bug #391011)
if use elibc_FreeBSD && version_is_at_least 9.0 "$(uname -r|sed 's/\(.\..\).*/\1/')" ; then
myconf+=( --disable-utmp --disable-wtmp --disable-wtmpx )
append-ldflags -lutil
fi
econf "${myconf[@]}"
}
src_install() {
emake install-nokeys DESTDIR="${D}"
fperms 600 /etc/ssh/sshd_config
dobin contrib/ssh-copy-id
newinitd "${FILESDIR}"/sshd.rc6.4 sshd
newconfd "${FILESDIR}"/sshd.confd sshd
keepdir /var/empty
newpamd "${FILESDIR}"/sshd.pam_include.2 sshd
if use pam ; then
sed -i \
-e "/^#UsePAM /s:.*:UsePAM yes:" \
-e "/^#PasswordAuthentication /s:.*:PasswordAuthentication no:" \
-e "/^#PrintMotd /s:.*:PrintMotd no:" \
-e "/^#PrintLastLog /s:.*:PrintLastLog no:" \
"${ED}"/etc/ssh/sshd_config || die
fi
# Gentoo tweaks to default config files
cat <<-EOF >> "${ED}"/etc/ssh/sshd_config
# Allow client to pass locale environment variables #367017
AcceptEnv LANG LC_*
EOF
cat <<-EOF >> "${ED}"/etc/ssh/ssh_config
# Send locale environment variables #367017
SendEnv LANG LC_*
EOF
if ! use X509 && [[ -n ${LDAP_PATCH} ]] && use ldap ; then
insinto /etc/openldap/schema/
newins openssh-lpk_openldap.schema openssh-lpk.schema
fi
doman contrib/ssh-copy-id.1
dodoc ChangeLog CREDITS OVERVIEW README* TODO sshd_config
diropts -m 0700
dodir /etc/skel/.ssh
systemd_dounit "${FILESDIR}"/sshd.{service,socket}
systemd_newunit "${FILESDIR}"/sshd_at.service 'sshd@.service'
}
src_test() {
local t tests skipped failed passed shell
tests="interop-tests compat-tests"
skipped=""
shell=$(egetshell ${UID})
if [[ ${shell} == */nologin ]] || [[ ${shell} == */false ]] ; then
elog "Running the full OpenSSH testsuite"
elog "requires a usable shell for the 'portage'"
elog "user, so we will run a subset only."
skipped="${skipped} tests"
else
tests="${tests} tests"
fi
# It will also attempt to write to the homedir .ssh
local sshhome=${T}/homedir
mkdir -p "${sshhome}"/.ssh
for t in ${tests} ; do
# Some tests read from stdin ...
HOMEDIR="${sshhome}" \
emake -k -j1 ${t} </dev/null \
&& passed="${passed}${t} " \
|| failed="${failed}${t} "
done
einfo "Passed tests: ${passed}"
ewarn "Skipped tests: ${skipped}"
if [[ -n ${failed} ]] ; then
ewarn "Failed tests: ${failed}"
die "Some tests failed: ${failed}"
else
einfo "Failed tests: ${failed}"
return 0
fi
}
pkg_preinst() {
enewgroup sshd 22
enewuser sshd 22 -1 /var/empty sshd
}
pkg_postinst() {
if has_version "<${CATEGORY}/${PN}-5.8_p1" ; then
elog "Starting with openssh-5.8p1, the server will default to a newer key"
elog "algorithm (ECDSA). You are encouraged to manually update your stored"
elog "keys list as servers update theirs. See ssh-keyscan(1) for more info."
fi
if has_version "<${CATEGORY}/${PN}-6.9_p1" ; then
elog "Starting with openssh-6.9p1, ssh1 support is disabled by default."
fi
if has_version "<${CATEGORY}/${PN}-7.0_p1" ; then
elog "Starting with openssh-6.7, support for USE=tcpd has been dropped by upstream."
elog "Make sure to update any configs that you might have. Note that xinetd might"
elog "be an alternative for you as it supports USE=tcpd."
fi
if has_version "<${CATEGORY}/${PN}-7.1_p1" ; then #557388
elog "Starting with openssh-7.0, support for ssh-dss keys were disabled due to their"
elog "weak sizes. If you rely on these key types, you can re-enable the key types by"
elog "adding to your sshd_config:"
elog " PubkeyAcceptedKeyTypes=+ssh-dss"
elog "You should however generate new keys using rsa or ed25519."
fi
if ! use ssl && has_version "${CATEGORY}/${PN}[ssl]" ; then
elog "Be aware that by disabling openssl support in openssh, the server and clients"
elog "no longer support dss/rsa/ecdsa keys. You will need to generate ed25519 keys"
elog "and update all clients/servers that utilize them."
fi
}

328
sdk_container/src/third_party/portage-stable/net-misc/openssh/openssh-7.1_p1-r1.ebuild vendored
View File

@ -1,328 +0,0 @@
# Copyright 1999-2015 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Id$
EAPI="4"
inherit eutils user flag-o-matic multilib autotools pam systemd versionator
# Make it more portable between straight releases
# and _p? releases.
PARCH=${P/_}
HPN_PATCH="${PN}-7.0p1-hpnssh14v5.tar.xz"
LDAP_PATCH="${PN}-lpk-6.8p1-0.3.14.patch.xz"
X509_VER="8.6" X509_PATCH="${PN}-${PV//_/}+x509-${X509_VER}.diff.gz"
DESCRIPTION="Port of OpenBSD's free SSH release"
HOMEPAGE="http://www.openssh.org/"
SRC_URI="mirror://openbsd/OpenSSH/portable/${PARCH}.tar.gz
mirror://gentoo/${PN}-6.8_p1-sctp.patch.xz
${HPN_PATCH:+hpn? (
mirror://gentoo/${HPN_PATCH}
https://dev.gentoo.org/~polynomial-c/${HPN_PATCH}
mirror://sourceforge/hpnssh/${HPN_PATCH}
)}
${LDAP_PATCH:+ldap? ( mirror://gentoo/${LDAP_PATCH} )}
${X509_PATCH:+X509? ( http://roumenpetrov.info/openssh/x509-${X509_VER}/${X509_PATCH} )}
"
LICENSE="BSD GPL-2"
SLOT="0"
KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
# Probably want to drop ssl defaulting to on in a future version.
IUSE="bindist debug ${HPN_PATCH:++}hpn kerberos kernel_linux ldap ldns libedit libressl pam +pie sctp selinux skey ssh1 +ssl static X X509"
REQUIRED_USE="ldns? ( ssl )
pie? ( !static )
ssh1? ( ssl )
static? ( !kerberos !pam )
X509? ( !ldap ssl )"
LIB_DEPEND="
ldns? (
net-libs/ldns[static-libs(+)]
!bindist? ( net-libs/ldns[ecdsa,ssl] )
bindist? ( net-libs/ldns[-ecdsa,ssl] )
)
libedit? ( dev-libs/libedit[static-libs(+)] )
sctp? ( net-misc/lksctp-tools[static-libs(+)] )
selinux? ( >=sys-libs/libselinux-1.28[static-libs(+)] )
skey? ( >=sys-auth/skey-1.1.5-r1[static-libs(+)] )
ssl? (
!libressl? (
>=dev-libs/openssl-0.9.8f:0[bindist=]
dev-libs/openssl:0[static-libs(+)]
)
libressl? ( dev-libs/libressl[static-libs(+)] )
)
>=sys-libs/zlib-1.2.3[static-libs(+)]"
RDEPEND="
!static? ( ${LIB_DEPEND//\[static-libs(+)]} )
pam? ( virtual/pam )
kerberos? ( virtual/krb5 )
ldap? ( net-nds/openldap )"
DEPEND="${RDEPEND}
static? ( ${LIB_DEPEND} )
virtual/pkgconfig
virtual/os-headers
sys-devel/autoconf"
RDEPEND="${RDEPEND}
pam? ( >=sys-auth/pambase-20081028 )
userland_GNU? ( virtual/shadow )
X? ( x11-apps/xauth )"
S=${WORKDIR}/${PARCH}
pkg_setup() {
# this sucks, but i'd rather have people unable to `emerge -u openssh`
# than not be able to log in to their server any more
maybe_fail() { [[ -z ${!2} ]] && echo "$1" ; }
local fail="
$(use X509 && maybe_fail X509 X509_PATCH)
$(use ldap && maybe_fail ldap LDAP_PATCH)
$(use hpn && maybe_fail hpn HPN_PATCH)
"
fail=$(echo ${fail})
if [[ -n ${fail} ]] ; then
eerror "Sorry, but this version does not yet support features"
eerror "that you requested: ${fail}"
eerror "Please mask ${PF} for now and check back later:"
eerror " # echo '=${CATEGORY}/${PF}' >> /etc/portage/package.mask"
die "booooo"
fi
# Make sure people who are using tcp wrappers are notified of its removal. #531156
if grep -qs '^ *sshd *:' "${EROOT}"/etc/hosts.{allow,deny} ; then
ewarn "Sorry, but openssh no longer supports tcp-wrappers, and it seems like"
ewarn "you're trying to use it. Update your ${EROOT}etc/hosts.{allow,deny} please."
fi
}
save_version() {
# version.h patch conflict avoidence
mv version.h version.h.$1
cp -f version.h.pristine version.h
}
src_prepare() {
sed -i \
-e "/_PATH_XAUTH/s:/usr/X11R6/bin/xauth:${EPREFIX}/usr/bin/xauth:" \
pathnames.h || die
# keep this as we need it to avoid the conflict between LPK and HPN changing
# this file.
cp version.h version.h.pristine
# don't break .ssh/authorized_keys2 for fun
sed -i '/^AuthorizedKeysFile/s:^:#:' sshd_config || die
if use X509 ; then
pushd .. >/dev/null
pushd ${HPN_PATCH%.*.*} >/dev/null
epatch "${FILESDIR}"/${PN}-7.1_p1-hpn-x509-glue.patch
popd >/dev/null
epatch "${FILESDIR}"/${PN}-7.0_p1-sctp-x509-glue.patch
popd >/dev/null
epatch "${WORKDIR}"/${X509_PATCH%.*}
epatch "${FILESDIR}"/${PN}-6.3_p1-x509-hpn14v2-glue.patch
epatch "${FILESDIR}"/${PN}-6.9_p1-x509-warnings.patch
save_version X509
fi
if use ldap ; then
epatch "${WORKDIR}"/${LDAP_PATCH%.*}
save_version LPK
fi
epatch "${FILESDIR}"/${PN}-4.7_p1-GSSAPI-dns.patch #165444 integrated into gsskex
epatch "${FILESDIR}"/${PN}-6.7_p1-openssl-ignore-status.patch
# The X509 patchset fixes this independently.
use X509 || epatch "${FILESDIR}"/${PN}-6.8_p1-ssl-engine-configure.patch
epatch "${WORKDIR}"/${PN}-6.8_p1-sctp.patch
if use hpn ; then
EPATCH_FORCE="yes" EPATCH_SUFFIX="patch" \
EPATCH_MULTI_MSG="Applying HPN patchset ..." \
epatch "${WORKDIR}"/${HPN_PATCH%.*.*}
save_version HPN
fi
tc-export PKG_CONFIG
local sed_args=(
-e "s:-lcrypto:$(${PKG_CONFIG} --libs openssl):"
# Disable PATH reset, trust what portage gives us #254615
-e 's:^PATH=/:#PATH=/:'
# Disable fortify flags ... our gcc does this for us
-e 's:-D_FORTIFY_SOURCE=2::'
)
# The -ftrapv flag ICEs on hppa #505182
use hppa && sed_args+=(
-e '/CFLAGS/s:-ftrapv:-fdisable-this-test:'
-e '/OSSH_CHECK_CFLAG_LINK.*-ftrapv/d'
)
sed -i "${sed_args[@]}" configure{.ac,} || die
epatch_user #473004
# Now we can build a sane merged version.h
(
sed '/^#define SSH_RELEASE/d' version.h.* | sort -u
macros=()
for p in HPN LPK X509 ; do [ -e version.h.${p} ] && macros+=( SSH_${p} ) ; done
printf '#define SSH_RELEASE SSH_VERSION SSH_PORTABLE %s\n' "${macros}"
) > version.h
eautoreconf
}
src_configure() {
addwrite /dev/ptmx
use debug && append-cppflags -DSANDBOX_SECCOMP_FILTER_DEBUG
use static && append-ldflags -static
local myconf=(
--with-ldflags="${LDFLAGS}"
--disable-strip
--with-pid-dir="${EPREFIX}"$(usex kernel_linux '' '/var')/run
--sysconfdir="${EPREFIX}"/etc/ssh
--libexecdir="${EPREFIX}"/usr/$(get_libdir)/misc
--datadir="${EPREFIX}"/usr/share/openssh
--with-privsep-path="${EPREFIX}"/var/empty
--with-privsep-user=sshd
$(use_with kerberos kerberos5 "${EPREFIX}"/usr)
# We apply the ldap patch conditionally, so can't pass --without-ldap
# unconditionally else we get unknown flag warnings.
$(use ldap && use_with ldap)
$(use_with ldns)
$(use_with libedit)
$(use_with pam)
$(use_with pie)
$(use_with sctp)
$(use_with selinux)
$(use_with skey)
$(use_with ssh1)
# The X509 patch deletes this option entirely.
$(use X509 || use_with ssl openssl)
$(use_with ssl md5-passwords)
$(use_with ssl ssl-engine)
)
# The seccomp sandbox is broken on x32, so use the older method for now. #553748
use amd64 && [[ ${ABI} == "x32" ]] && myconf+=( --with-sandbox=rlimit )
# Special settings for Gentoo/FreeBSD 9.0 or later (see bug #391011)
if use elibc_FreeBSD && version_is_at_least 9.0 "$(uname -r|sed 's/\(.\..\).*/\1/')" ; then
myconf+=( --disable-utmp --disable-wtmp --disable-wtmpx )
append-ldflags -lutil
fi
econf "${myconf[@]}"
}
src_install() {
emake install-nokeys DESTDIR="${D}"
fperms 600 /etc/ssh/sshd_config
dobin contrib/ssh-copy-id
newinitd "${FILESDIR}"/sshd.rc6.4 sshd
newconfd "${FILESDIR}"/sshd.confd sshd
keepdir /var/empty
newpamd "${FILESDIR}"/sshd.pam_include.2 sshd
if use pam ; then
sed -i \
-e "/^#UsePAM /s:.*:UsePAM yes:" \
-e "/^#PasswordAuthentication /s:.*:PasswordAuthentication no:" \
-e "/^#PrintMotd /s:.*:PrintMotd no:" \
-e "/^#PrintLastLog /s:.*:PrintLastLog no:" \
"${ED}"/etc/ssh/sshd_config || die
fi
# Gentoo tweaks to default config files
cat <<-EOF >> "${ED}"/etc/ssh/sshd_config
# Allow client to pass locale environment variables #367017
AcceptEnv LANG LC_*
EOF
cat <<-EOF >> "${ED}"/etc/ssh/ssh_config
# Send locale environment variables #367017
SendEnv LANG LC_*
EOF
if ! use X509 && [[ -n ${LDAP_PATCH} ]] && use ldap ; then
insinto /etc/openldap/schema/
newins openssh-lpk_openldap.schema openssh-lpk.schema
fi
doman contrib/ssh-copy-id.1
dodoc ChangeLog CREDITS OVERVIEW README* TODO sshd_config
diropts -m 0700
dodir /etc/skel/.ssh
systemd_dounit "${FILESDIR}"/sshd.{service,socket}
systemd_newunit "${FILESDIR}"/sshd_at.service 'sshd@.service'
}
src_test() {
local t tests skipped failed passed shell
tests="interop-tests compat-tests"
skipped=""
shell=$(egetshell ${UID})
if [[ ${shell} == */nologin ]] || [[ ${shell} == */false ]] ; then
elog "Running the full OpenSSH testsuite"
elog "requires a usable shell for the 'portage'"
elog "user, so we will run a subset only."
skipped="${skipped} tests"
else
tests="${tests} tests"
fi
# It will also attempt to write to the homedir .ssh
local sshhome=${T}/homedir
mkdir -p "${sshhome}"/.ssh
for t in ${tests} ; do
# Some tests read from stdin ...
HOMEDIR="${sshhome}" \
emake -k -j1 ${t} </dev/null \
&& passed="${passed}${t} " \
|| failed="${failed}${t} "
done
einfo "Passed tests: ${passed}"
ewarn "Skipped tests: ${skipped}"
if [[ -n ${failed} ]] ; then
ewarn "Failed tests: ${failed}"
die "Some tests failed: ${failed}"
else
einfo "Failed tests: ${failed}"
return 0
fi
}
pkg_preinst() {
enewgroup sshd 22
enewuser sshd 22 -1 /var/empty sshd
}
pkg_postinst() {
if has_version "<${CATEGORY}/${PN}-5.8_p1" ; then
elog "Starting with openssh-5.8p1, the server will default to a newer key"
elog "algorithm (ECDSA). You are encouraged to manually update your stored"
elog "keys list as servers update theirs. See ssh-keyscan(1) for more info."
fi
if has_version "<${CATEGORY}/${PN}-6.9_p1" ; then
elog "Starting with openssh-6.9p1, ssh1 support is disabled by default."
fi
if has_version "<${CATEGORY}/${PN}-7.0_p1" ; then
elog "Starting with openssh-6.7, support for USE=tcpd has been dropped by upstream."
elog "Make sure to update any configs that you might have. Note that xinetd might"
elog "be an alternative for you as it supports USE=tcpd."
fi
if has_version "<${CATEGORY}/${PN}-7.1_p1" ; then #557388
elog "Starting with openssh-7.0, support for ssh-dss keys were disabled due to their"
elog "weak sizes. If you rely on these key types, you can re-enable the key types by"
elog "adding to your sshd_config or ~/.ssh/config files:"
elog " PubkeyAcceptedKeyTypes=+ssh-dss"
elog "You should however generate new keys using rsa or ed25519."
fi
if ! use ssl && has_version "${CATEGORY}/${PN}[ssl]" ; then
elog "Be aware that by disabling openssl support in openssh, the server and clients"
elog "no longer support dss/rsa/ecdsa keys. You will need to generate ed25519 keys"
elog "and update all clients/servers that utilize them."
fi
}

326
sdk_container/src/third_party/portage-stable/net-misc/openssh/openssh-7.1_p1-r2.ebuild vendored
View File

@ -1,326 +0,0 @@
# Copyright 1999-2015 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Id$
EAPI="4"
inherit eutils user flag-o-matic multilib autotools pam systemd versionator
# Make it more portable between straight releases
# and _p? releases.
PARCH=${P/_}
HPN_PATCH="${PARCH}-hpnssh14v9.tar.xz"
LDAP_PATCH="${PN}-lpk-6.8p1-0.3.14.patch.xz"
X509_VER="8.6" X509_PATCH="${PN}-${PV//_/}+x509-${X509_VER}.diff.gz"
DESCRIPTION="Port of OpenBSD's free SSH release"
HOMEPAGE="http://www.openssh.org/"
SRC_URI="mirror://openbsd/OpenSSH/portable/${PARCH}.tar.gz
mirror://gentoo/${PN}-6.8_p1-sctp.patch.xz
${HPN_PATCH:+hpn? (
mirror://gentoo/${HPN_PATCH}
https://dev.gentoo.org/~polynomial-c/${HPN_PATCH}
mirror://sourceforge/hpnssh/${HPN_PATCH}
)}
${LDAP_PATCH:+ldap? ( mirror://gentoo/${LDAP_PATCH} )}
${X509_PATCH:+X509? ( http://roumenpetrov.info/openssh/x509-${X509_VER}/${X509_PATCH} )}
"
LICENSE="BSD GPL-2"
SLOT="0"
KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
# Probably want to drop ssl defaulting to on in a future version.
IUSE="bindist debug ${HPN_PATCH:++}hpn kerberos kernel_linux ldap ldns libedit libressl pam +pie sctp selinux skey ssh1 +ssl static X X509"
REQUIRED_USE="ldns? ( ssl )
pie? ( !static )
ssh1? ( ssl )
static? ( !kerberos !pam )
X509? ( !ldap ssl )"
LIB_DEPEND="
ldns? (
net-libs/ldns[static-libs(+)]
!bindist? ( net-libs/ldns[ecdsa,ssl] )
bindist? ( net-libs/ldns[-ecdsa,ssl] )
)
libedit? ( dev-libs/libedit[static-libs(+)] )
sctp? ( net-misc/lksctp-tools[static-libs(+)] )
selinux? ( >=sys-libs/libselinux-1.28[static-libs(+)] )
skey? ( >=sys-auth/skey-1.1.5-r1[static-libs(+)] )
ssl? (
!libressl? (
>=dev-libs/openssl-0.9.8f:0[bindist=]
dev-libs/openssl:0[static-libs(+)]
)
libressl? ( dev-libs/libressl[static-libs(+)] )
)
>=sys-libs/zlib-1.2.3[static-libs(+)]"
RDEPEND="
!static? ( ${LIB_DEPEND//\[static-libs(+)]} )
pam? ( virtual/pam )
kerberos? ( virtual/krb5 )
ldap? ( net-nds/openldap )"
DEPEND="${RDEPEND}
static? ( ${LIB_DEPEND} )
virtual/pkgconfig
virtual/os-headers
sys-devel/autoconf"
RDEPEND="${RDEPEND}
pam? ( >=sys-auth/pambase-20081028 )
userland_GNU? ( virtual/shadow )
X? ( x11-apps/xauth )"
S=${WORKDIR}/${PARCH}
pkg_setup() {
# this sucks, but i'd rather have people unable to `emerge -u openssh`
# than not be able to log in to their server any more
maybe_fail() { [[ -z ${!2} ]] && echo "$1" ; }
local fail="
$(use X509 && maybe_fail X509 X509_PATCH)
$(use ldap && maybe_fail ldap LDAP_PATCH)
$(use hpn && maybe_fail hpn HPN_PATCH)
"
fail=$(echo ${fail})
if [[ -n ${fail} ]] ; then
eerror "Sorry, but this version does not yet support features"
eerror "that you requested: ${fail}"
eerror "Please mask ${PF} for now and check back later:"
eerror " # echo '=${CATEGORY}/${PF}' >> /etc/portage/package.mask"
die "booooo"
fi
# Make sure people who are using tcp wrappers are notified of its removal. #531156
if grep -qs '^ *sshd *:' "${EROOT}"/etc/hosts.{allow,deny} ; then
ewarn "Sorry, but openssh no longer supports tcp-wrappers, and it seems like"
ewarn "you're trying to use it. Update your ${EROOT}etc/hosts.{allow,deny} please."
fi
}
save_version() {
# version.h patch conflict avoidence
mv version.h version.h.$1
cp -f version.h.pristine version.h
}
src_prepare() {
sed -i \
-e "/_PATH_XAUTH/s:/usr/X11R6/bin/xauth:${EPREFIX}/usr/bin/xauth:" \
pathnames.h || die
# keep this as we need it to avoid the conflict between LPK and HPN changing
# this file.
cp version.h version.h.pristine
# don't break .ssh/authorized_keys2 for fun
sed -i '/^AuthorizedKeysFile/s:^:#:' sshd_config || die
if use X509 ; then
pushd .. >/dev/null
pushd ${HPN_PATCH%.*.*} >/dev/null
epatch "${FILESDIR}"/${PN}-7.1_p1-hpn-x509-glue.patch
popd >/dev/null
epatch "${FILESDIR}"/${PN}-7.0_p1-sctp-x509-glue.patch
popd >/dev/null
epatch "${WORKDIR}"/${X509_PATCH%.*}
epatch "${FILESDIR}"/${PN}-6.3_p1-x509-hpn14v2-glue.patch
epatch "${FILESDIR}"/${PN}-6.9_p1-x509-warnings.patch
save_version X509
fi
if use ldap ; then
epatch "${WORKDIR}"/${LDAP_PATCH%.*}
save_version LPK
fi
epatch "${FILESDIR}"/${PN}-4.7_p1-GSSAPI-dns.patch #165444 integrated into gsskex
epatch "${FILESDIR}"/${PN}-6.7_p1-openssl-ignore-status.patch
# The X509 patchset fixes this independently.
use X509 || epatch "${FILESDIR}"/${PN}-6.8_p1-ssl-engine-configure.patch
epatch "${WORKDIR}"/${PN}-6.8_p1-sctp.patch
if use hpn ; then
EPATCH_FORCE="yes" EPATCH_SUFFIX="patch" \
EPATCH_MULTI_MSG="Applying HPN patchset ..." \
epatch "${WORKDIR}"/${HPN_PATCH%.*.*}
save_version HPN
fi
tc-export PKG_CONFIG
local sed_args=(
-e "s:-lcrypto:$(${PKG_CONFIG} --libs openssl):"
# Disable PATH reset, trust what portage gives us #254615
-e 's:^PATH=/:#PATH=/:'
# Disable fortify flags ... our gcc does this for us
-e 's:-D_FORTIFY_SOURCE=2::'
)
# The -ftrapv flag ICEs on hppa #505182
use hppa && sed_args+=(
-e '/CFLAGS/s:-ftrapv:-fdisable-this-test:'
-e '/OSSH_CHECK_CFLAG_LINK.*-ftrapv/d'
)
sed -i "${sed_args[@]}" configure{.ac,} || die
epatch_user #473004
# Now we can build a sane merged version.h
(
sed '/^#define SSH_RELEASE/d' version.h.* | sort -u
macros=()
for p in HPN LPK X509 ; do [ -e version.h.${p} ] && macros+=( SSH_${p} ) ; done
printf '#define SSH_RELEASE SSH_VERSION SSH_PORTABLE %s\n' "${macros}"
) > version.h
eautoreconf
}
src_configure() {
addwrite /dev/ptmx
use debug && append-cppflags -DSANDBOX_SECCOMP_FILTER_DEBUG
use static && append-ldflags -static
local myconf=(
--with-ldflags="${LDFLAGS}"
--disable-strip
--with-pid-dir="${EPREFIX}"$(usex kernel_linux '' '/var')/run
--sysconfdir="${EPREFIX}"/etc/ssh
--libexecdir="${EPREFIX}"/usr/$(get_libdir)/misc
--datadir="${EPREFIX}"/usr/share/openssh
--with-privsep-path="${EPREFIX}"/var/empty
--with-privsep-user=sshd
$(use_with kerberos kerberos5 "${EPREFIX}"/usr)
# We apply the ldap patch conditionally, so can't pass --without-ldap
# unconditionally else we get unknown flag warnings.
$(use ldap && use_with ldap)
$(use_with ldns)
$(use_with libedit)
$(use_with pam)
$(use_with pie)
$(use_with sctp)
$(use_with selinux)
$(use_with skey)
$(use_with ssh1)
# The X509 patch deletes this option entirely.
$(use X509 || use_with ssl openssl)
$(use_with ssl md5-passwords)
$(use_with ssl ssl-engine)
)
# The seccomp sandbox is broken on x32, so use the older method for now. #553748
use amd64 && [[ ${ABI} == "x32" ]] && myconf+=( --with-sandbox=rlimit )
econf "${myconf[@]}"
}
src_install() {
emake install-nokeys DESTDIR="${D}"
fperms 600 /etc/ssh/sshd_config
dobin contrib/ssh-copy-id
newinitd "${FILESDIR}"/sshd.rc6.4 sshd
newconfd "${FILESDIR}"/sshd.confd sshd
keepdir /var/empty
newpamd "${FILESDIR}"/sshd.pam_include.2 sshd
if use pam ; then
sed -i \
-e "/^#UsePAM /s:.*:UsePAM yes:" \
-e "/^#PasswordAuthentication /s:.*:PasswordAuthentication no:" \
-e "/^#PrintMotd /s:.*:PrintMotd no:" \
-e "/^#PrintLastLog /s:.*:PrintLastLog no:" \
"${ED}"/etc/ssh/sshd_config || die
fi
# Gentoo tweaks to default config files
cat <<-EOF >> "${ED}"/etc/ssh/sshd_config
# Allow client to pass locale environment variables #367017
AcceptEnv LANG LC_*
EOF
cat <<-EOF >> "${ED}"/etc/ssh/ssh_config
# Send locale environment variables #367017
SendEnv LANG LC_*
EOF
if ! use X509 && [[ -n ${LDAP_PATCH} ]] && use ldap ; then
insinto /etc/openldap/schema/
newins openssh-lpk_openldap.schema openssh-lpk.schema
fi
doman contrib/ssh-copy-id.1
dodoc ChangeLog CREDITS OVERVIEW README* TODO sshd_config
diropts -m 0700
dodir /etc/skel/.ssh
systemd_dounit "${FILESDIR}"/sshd.{service,socket}
systemd_newunit "${FILESDIR}"/sshd_at.service 'sshd@.service'
}
src_test() {
local t tests skipped failed passed shell
tests="interop-tests compat-tests"
skipped=""
shell=$(egetshell ${UID})
if [[ ${shell} == */nologin ]] || [[ ${shell} == */false ]] ; then
elog "Running the full OpenSSH testsuite"
elog "requires a usable shell for the 'portage'"
elog "user, so we will run a subset only."
skipped="${skipped} tests"
else
tests="${tests} tests"
fi
# It will also attempt to write to the homedir .ssh
local sshhome=${T}/homedir
mkdir -p "${sshhome}"/.ssh
for t in ${tests} ; do
# Some tests read from stdin ...
HOMEDIR="${sshhome}" \
emake -k -j1 ${t} </dev/null \
&& passed="${passed}${t} " \
|| failed="${failed}${t} "
done
einfo "Passed tests: ${passed}"
ewarn "Skipped tests: ${skipped}"
if [[ -n ${failed} ]] ; then
ewarn "Failed tests: ${failed}"
die "Some tests failed: ${failed}"
else
einfo "Failed tests: ${failed}"
return 0
fi
}
pkg_preinst() {
enewgroup sshd 22
enewuser sshd 22 -1 /var/empty sshd
}
pkg_postinst() {
if has_version "<${CATEGORY}/${PN}-5.8_p1" ; then
elog "Starting with openssh-5.8p1, the server will default to a newer key"
elog "algorithm (ECDSA). You are encouraged to manually update your stored"
elog "keys list as servers update theirs. See ssh-keyscan(1) for more info."
fi
if has_version "<${CATEGORY}/${PN}-6.9_p1" ; then
elog "Starting with openssh-6.9p1, ssh1 support is disabled by default."
fi
if has_version "<${CATEGORY}/${PN}-7.0_p1" ; then
elog "Starting with openssh-6.7, support for USE=tcpd has been dropped by upstream."
elog "Make sure to update any configs that you might have. Note that xinetd might"
elog "be an alternative for you as it supports USE=tcpd."
fi
if has_version "<${CATEGORY}/${PN}-7.1_p1" ; then #557388 #555518
elog "Starting with openssh-7.0, support for ssh-dss keys were disabled due to their"
elog "weak sizes. If you rely on these key types, you can re-enable the key types by"
elog "adding to your sshd_config or ~/.ssh/config files:"
elog " PubkeyAcceptedKeyTypes=+ssh-dss"
elog "You should however generate new keys using rsa or ed25519."
elog "Starting with openssh-7.0, the default for PermitRootLogin changed from 'yes'"
elog "to 'prohibit-password'. That means password auth for root users no longer works"
elog "out of the box. If you need this, please update your sshd_config explicitly."
fi
if ! use ssl && has_version "${CATEGORY}/${PN}[ssl]" ; then
elog "Be aware that by disabling openssl support in openssh, the server and clients"
elog "no longer support dss/rsa/ecdsa keys. You will need to generate ed25519 keys"
elog "and update all clients/servers that utilize them."
fi
}

325
sdk_container/src/third_party/portage-stable/net-misc/openssh/openssh-7.1_p1.ebuild vendored
View File

@ -1,325 +0,0 @@
# Copyright 1999-2015 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Id$
EAPI="4"
inherit eutils user flag-o-matic multilib autotools pam systemd versionator
# Make it more portable between straight releases
# and _p? releases.
PARCH=${P/_}
HPN_PATCH="${PN}-7.0p1-hpnssh14v5.tar.xz"
LDAP_PATCH="${PN}-lpk-6.8p1-0.3.14.patch.xz"
X509_VER="8.6" X509_PATCH="${PN}-${PV//_/}+x509-${X509_VER}.diff.gz"
DESCRIPTION="Port of OpenBSD's free SSH release"
HOMEPAGE="http://www.openssh.org/"
SRC_URI="mirror://openbsd/OpenSSH/portable/${PARCH}.tar.gz
mirror://gentoo/${PN}-6.8_p1-sctp.patch.xz
${HPN_PATCH:+hpn? (
mirror://gentoo/${HPN_PATCH}
https://dev.gentoo.org/~polynomial-c/${HPN_PATCH}
mirror://sourceforge/hpnssh/${HPN_PATCH}
)}
${LDAP_PATCH:+ldap? ( mirror://gentoo/${LDAP_PATCH} )}
${X509_PATCH:+X509? ( http://roumenpetrov.info/openssh/x509-${X509_VER}/${X509_PATCH} )}
"
LICENSE="BSD GPL-2"
SLOT="0"
KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
# Probably want to drop ssl defaulting to on in a future version.
IUSE="bindist debug ${HPN_PATCH:++}hpn kerberos kernel_linux ldap ldns libedit pam +pie sctp selinux skey ssh1 +ssl static X X509"
REQUIRED_USE="ldns? ( ssl )
pie? ( !static )
ssh1? ( ssl )
static? ( !kerberos !pam )
X509? ( !ldap ssl )"
LIB_DEPEND="
ldns? (
net-libs/ldns[static-libs(+)]
!bindist? ( net-libs/ldns[ecdsa,ssl] )
bindist? ( net-libs/ldns[-ecdsa,ssl] )
)
libedit? ( dev-libs/libedit[static-libs(+)] )
sctp? ( net-misc/lksctp-tools[static-libs(+)] )
selinux? ( >=sys-libs/libselinux-1.28[static-libs(+)] )
skey? ( >=sys-auth/skey-1.1.5-r1[static-libs(+)] )
ssl? (
>=dev-libs/openssl-0.9.8f:0[bindist=]
dev-libs/openssl:0[static-libs(+)]
)
>=sys-libs/zlib-1.2.3[static-libs(+)]"
RDEPEND="
!static? ( ${LIB_DEPEND//\[static-libs(+)]} )
pam? ( virtual/pam )
kerberos? ( virtual/krb5 )
ldap? ( net-nds/openldap )"
DEPEND="${RDEPEND}
static? ( ${LIB_DEPEND} )
virtual/pkgconfig
virtual/os-headers
sys-devel/autoconf"
RDEPEND="${RDEPEND}
pam? ( >=sys-auth/pambase-20081028 )
userland_GNU? ( virtual/shadow )
X? ( x11-apps/xauth )"
S=${WORKDIR}/${PARCH}
pkg_setup() {
# this sucks, but i'd rather have people unable to `emerge -u openssh`
# than not be able to log in to their server any more
maybe_fail() { [[ -z ${!2} ]] && echo "$1" ; }
local fail="
$(use X509 && maybe_fail X509 X509_PATCH)
$(use ldap && maybe_fail ldap LDAP_PATCH)
$(use hpn && maybe_fail hpn HPN_PATCH)
"
fail=$(echo ${fail})
if [[ -n ${fail} ]] ; then
eerror "Sorry, but this version does not yet support features"
eerror "that you requested: ${fail}"
eerror "Please mask ${PF} for now and check back later:"
eerror " # echo '=${CATEGORY}/${PF}' >> /etc/portage/package.mask"
die "booooo"
fi
# Make sure people who are using tcp wrappers are notified of its removal. #531156
if grep -qs '^ *sshd *:' "${EROOT}"/etc/hosts.{allow,deny} ; then
ewarn "Sorry, but openssh no longer supports tcp-wrappers, and it seems like"
ewarn "you're trying to use it. Update your ${EROOT}etc/hosts.{allow,deny} please."
fi
}
save_version() {
# version.h patch conflict avoidence
mv version.h version.h.$1
cp -f version.h.pristine version.h
}
src_prepare() {
sed -i \
-e "/_PATH_XAUTH/s:/usr/X11R6/bin/xauth:${EPREFIX}/usr/bin/xauth:" \
pathnames.h || die
# keep this as we need it to avoid the conflict between LPK and HPN changing
# this file.
cp version.h version.h.pristine
# don't break .ssh/authorized_keys2 for fun
sed -i '/^AuthorizedKeysFile/s:^:#:' sshd_config || die
if use X509 ; then
pushd .. >/dev/null
pushd ${HPN_PATCH%.*.*} >/dev/null
epatch "${FILESDIR}"/${PN}-7.1_p1-hpn-x509-glue.patch
popd >/dev/null
epatch "${FILESDIR}"/${PN}-7.0_p1-sctp-x509-glue.patch
popd >/dev/null
epatch "${WORKDIR}"/${X509_PATCH%.*}
epatch "${FILESDIR}"/${PN}-6.3_p1-x509-hpn14v2-glue.patch
epatch "${FILESDIR}"/${PN}-6.9_p1-x509-warnings.patch
save_version X509
fi
if use ldap ; then
epatch "${WORKDIR}"/${LDAP_PATCH%.*}
save_version LPK
fi
epatch "${FILESDIR}"/${PN}-4.7_p1-GSSAPI-dns.patch #165444 integrated into gsskex
epatch "${FILESDIR}"/${PN}-6.7_p1-openssl-ignore-status.patch
# The X509 patchset fixes this independently.
use X509 || epatch "${FILESDIR}"/${PN}-6.8_p1-ssl-engine-configure.patch
epatch "${WORKDIR}"/${PN}-6.8_p1-sctp.patch
if use hpn ; then
EPATCH_FORCE="yes" EPATCH_SUFFIX="patch" \
EPATCH_MULTI_MSG="Applying HPN patchset ..." \
epatch "${WORKDIR}"/${HPN_PATCH%.*.*}
save_version HPN
fi
tc-export PKG_CONFIG
local sed_args=(
-e "s:-lcrypto:$(${PKG_CONFIG} --libs openssl):"
# Disable PATH reset, trust what portage gives us #254615
-e 's:^PATH=/:#PATH=/:'
# Disable fortify flags ... our gcc does this for us
-e 's:-D_FORTIFY_SOURCE=2::'
)
# The -ftrapv flag ICEs on hppa #505182
use hppa && sed_args+=(
-e '/CFLAGS/s:-ftrapv:-fdisable-this-test:'
-e '/OSSH_CHECK_CFLAG_LINK.*-ftrapv/d'
)
sed -i "${sed_args[@]}" configure{.ac,} || die
epatch_user #473004
# Now we can build a sane merged version.h
(
sed '/^#define SSH_RELEASE/d' version.h.* | sort -u
macros=()
for p in HPN LPK X509 ; do [ -e version.h.${p} ] && macros+=( SSH_${p} ) ; done
printf '#define SSH_RELEASE SSH_VERSION SSH_PORTABLE %s\n' "${macros}"
) > version.h
eautoreconf
}
src_configure() {
addwrite /dev/ptmx
use debug && append-cppflags -DSANDBOX_SECCOMP_FILTER_DEBUG
use static && append-ldflags -static
local myconf=(
--with-ldflags="${LDFLAGS}"
--disable-strip
--with-pid-dir="${EPREFIX}"$(usex kernel_linux '' '/var')/run
--sysconfdir="${EPREFIX}"/etc/ssh
--libexecdir="${EPREFIX}"/usr/$(get_libdir)/misc
--datadir="${EPREFIX}"/usr/share/openssh
--with-privsep-path="${EPREFIX}"/var/empty
--with-privsep-user=sshd
$(use_with kerberos kerberos5 "${EPREFIX}"/usr)
# We apply the ldap patch conditionally, so can't pass --without-ldap
# unconditionally else we get unknown flag warnings.
$(use ldap && use_with ldap)
$(use_with ldns)
$(use_with libedit)
$(use_with pam)
$(use_with pie)
$(use_with sctp)
$(use_with selinux)
$(use_with skey)
$(use_with ssh1)
# The X509 patch deletes this option entirely.
$(use X509 || use_with ssl openssl)
$(use_with ssl md5-passwords)
$(use_with ssl ssl-engine)
)
# The seccomp sandbox is broken on x32, so use the older method for now. #553748
use amd64 && [[ ${ABI} == "x32" ]] && myconf+=( --with-sandbox=rlimit )
# Special settings for Gentoo/FreeBSD 9.0 or later (see bug #391011)
if use elibc_FreeBSD && version_is_at_least 9.0 "$(uname -r|sed 's/\(.\..\).*/\1/')" ; then
myconf+=( --disable-utmp --disable-wtmp --disable-wtmpx )
append-ldflags -lutil
fi
econf "${myconf[@]}"
}
src_install() {
emake install-nokeys DESTDIR="${D}"
fperms 600 /etc/ssh/sshd_config
dobin contrib/ssh-copy-id
newinitd "${FILESDIR}"/sshd.rc6.4 sshd
newconfd "${FILESDIR}"/sshd.confd sshd
keepdir /var/empty
newpamd "${FILESDIR}"/sshd.pam_include.2 sshd
if use pam ; then
sed -i \
-e "/^#UsePAM /s:.*:UsePAM yes:" \
-e "/^#PasswordAuthentication /s:.*:PasswordAuthentication no:" \
-e "/^#PrintMotd /s:.*:PrintMotd no:" \
-e "/^#PrintLastLog /s:.*:PrintLastLog no:" \
"${ED}"/etc/ssh/sshd_config || die
fi
# Gentoo tweaks to default config files
cat <<-EOF >> "${ED}"/etc/ssh/sshd_config
# Allow client to pass locale environment variables #367017
AcceptEnv LANG LC_*
EOF
cat <<-EOF >> "${ED}"/etc/ssh/ssh_config
# Send locale environment variables #367017
SendEnv LANG LC_*
EOF
if ! use X509 && [[ -n ${LDAP_PATCH} ]] && use ldap ; then
insinto /etc/openldap/schema/
newins openssh-lpk_openldap.schema openssh-lpk.schema
fi
doman contrib/ssh-copy-id.1
dodoc ChangeLog CREDITS OVERVIEW README* TODO sshd_config
diropts -m 0700
dodir /etc/skel/.ssh
systemd_dounit "${FILESDIR}"/sshd.{service,socket}
systemd_newunit "${FILESDIR}"/sshd_at.service 'sshd@.service'
}
src_test() {
local t tests skipped failed passed shell
tests="interop-tests compat-tests"
skipped=""
shell=$(egetshell ${UID})
if [[ ${shell} == */nologin ]] || [[ ${shell} == */false ]] ; then
elog "Running the full OpenSSH testsuite"
elog "requires a usable shell for the 'portage'"
elog "user, so we will run a subset only."
skipped="${skipped} tests"
else
tests="${tests} tests"
fi
# It will also attempt to write to the homedir .ssh
local sshhome=${T}/homedir
mkdir -p "${sshhome}"/.ssh
for t in ${tests} ; do
# Some tests read from stdin ...
HOMEDIR="${sshhome}" \
emake -k -j1 ${t} </dev/null \
&& passed="${passed}${t} " \
|| failed="${failed}${t} "
done
einfo "Passed tests: ${passed}"
ewarn "Skipped tests: ${skipped}"
if [[ -n ${failed} ]] ; then
ewarn "Failed tests: ${failed}"
die "Some tests failed: ${failed}"
else
einfo "Failed tests: ${failed}"
return 0
fi
}
pkg_preinst() {
enewgroup sshd 22
enewuser sshd 22 -1 /var/empty sshd
}
pkg_postinst() {
if has_version "<${CATEGORY}/${PN}-5.8_p1" ; then
elog "Starting with openssh-5.8p1, the server will default to a newer key"
elog "algorithm (ECDSA). You are encouraged to manually update your stored"
elog "keys list as servers update theirs. See ssh-keyscan(1) for more info."
fi
if has_version "<${CATEGORY}/${PN}-6.9_p1" ; then
elog "Starting with openssh-6.9p1, ssh1 support is disabled by default."
fi
if has_version "<${CATEGORY}/${PN}-7.0_p1" ; then
elog "Starting with openssh-6.7, support for USE=tcpd has been dropped by upstream."
elog "Make sure to update any configs that you might have. Note that xinetd might"
elog "be an alternative for you as it supports USE=tcpd."
fi
if has_version "<${CATEGORY}/${PN}-7.1_p1" ; then #557388
elog "Starting with openssh-7.0, support for ssh-dss keys were disabled due to their"
elog "weak sizes. If you rely on these key types, you can re-enable the key types by"
elog "adding to your sshd_config:"
elog " PubkeyAcceptedKeyTypes=+ssh-dss"
elog "You should however generate new keys using rsa or ed25519."
fi
if ! use ssl && has_version "${CATEGORY}/${PN}[ssl]" ; then
elog "Be aware that by disabling openssl support in openssh, the server and clients"
elog "no longer support dss/rsa/ecdsa keys. You will need to generate ed25519 keys"
elog "and update all clients/servers that utilize them."
fi
}