net-misc/openssh: Apply Flatcar patches

- Drop the init.d files.
- Remove the socket unit's rate limiting.
- Mark the package as stable.

Signed-off-by: Sayan Chowdhury <schowdhury@microsoft.com>
Signed-off-by: Dongsu Park <dpark@linux.microsoft.com>

sdk_container/src/third_party/coreos-overlay/net-misc/openssh/files/sshd-r1.confd

@@ -1,33 +0,0 @@
-# /etc/conf.d/sshd: config file for /etc/init.d/sshd
-
-# Where is your sshd_config file stored?
-
-SSHD_CONFDIR="${RC_PREFIX%/}/etc/ssh"
-
-
-# Any random options you want to pass to sshd.
-# See the sshd(8) manpage for more info.
-
-SSHD_OPTS=""
-
-
-# Wait one second (length chosen arbitrarily) to see if sshd actually
-# creates a PID file, or if it crashes for some reason like not being
-# able to bind to the address in ListenAddress.
-
-#SSHD_SSD_OPTS="--wait 1000"
-
-
-# Pid file to use (needs to be absolute path).
-
-#SSHD_PIDFILE="${RC_PREFIX%/}/run/sshd.pid"
-
-
-# Path to the sshd binary (needs to be absolute path).
-
-#SSHD_BINARY="${RC_PREFIX%/}/usr/sbin/sshd"
-
-
-# Path to the ssh-keygen binary (needs to be absolute path).
-
-#SSHD_KEYGEN_BINARY="${RC_PREFIX%/}/usr/bin/ssh-keygen"

sdk_container/src/third_party/coreos-overlay/net-misc/openssh/files/sshd-r1.initd

@@ -1,87 +0,0 @@
-#!/sbin/openrc-run
-# Copyright 1999-2019 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-extra_commands="checkconfig"
-extra_started_commands="reload"
-
-: ${SSHD_CONFDIR:=${RC_PREFIX%/}/etc/ssh}
-: ${SSHD_CONFIG:=${SSHD_CONFDIR}/sshd_config}
-: ${SSHD_PIDFILE:=${RC_PREFIX%/}/run/${SVCNAME}.pid}
-: ${SSHD_BINARY:=${RC_PREFIX%/}/usr/sbin/sshd}
-: ${SSHD_KEYGEN_BINARY:=${RC_PREFIX%/}/usr/bin/ssh-keygen}
-
-command="${SSHD_BINARY}"
-pidfile="${SSHD_PIDFILE}"
-command_args="${SSHD_OPTS} -o PidFile=${pidfile} -f ${SSHD_CONFIG}"
-
-# Wait one second (length chosen arbitrarily) to see if sshd actually
-# creates a PID file, or if it crashes for some reason like not being
-# able to bind to the address in ListenAddress (bug 617596).
-: ${SSHD_SSD_OPTS:=--wait 1000}
-start_stop_daemon_args="${SSHD_SSD_OPTS}"
-
-depend() {
-	# Entropy can be used by ssh-keygen, among other things, but
-	# is not strictly required (bug 470020).
-	use logger dns entropy
-	if [ "${rc_need+set}" = "set" ] ; then
-		: # Do nothing, the user has explicitly set rc_need
-	else
-		local x warn_addr
-		for x in $(awk '/^ListenAddress/{ print $2 }' "$SSHD_CONFIG" 2>/dev/null) ; do
-			case "${x}" in
-				0.0.0.0|0.0.0.0:*) ;;
-				::|\[::\]*) ;;
-				*) warn_addr="${warn_addr} ${x}" ;;
-			esac
-		done
-		if [ -n "${warn_addr}" ] ; then
-			need net
-			ewarn "You are binding an interface in ListenAddress statement in your sshd_config!"
-			ewarn "You must add rc_need=\"net.FOO\" to your ${RC_PREFIX%/}/etc/conf.d/sshd"
-			ewarn "where FOO is the interface(s) providing the following address(es):"
-			ewarn "${warn_addr}"
-		fi
-	fi
-}
-
-checkconfig() {
-	checkpath --mode 0755 --directory "${RC_PREFIX%/}/var/empty"
-
-	if [ ! -e "${SSHD_CONFIG}" ] ; then
-		eerror "You need an ${SSHD_CONFIG} file to run sshd"
-		eerror "There is a sample file in /usr/share/doc/openssh"
-		return 1
-	fi
-
-	${SSHD_KEYGEN_BINARY} -A || return 2
-
-	"${command}" -t ${command_args} || return 3
-}
-
-start_pre() {
-	# Make sure that the user's config isn't busted before we try
-	# to start the daemon (this will produce better error messages
-	# than if we just try to start it blindly).
-	#
-	# We always need to call checkconfig because this function will
-	# also generate any missing host key and you can start a
-	# non-running service with "restart" argument.
-	checkconfig || return $?
-}
-
-stop_pre() {
-	# If this is a restart, check to make sure the user's config
-	# isn't busted before we stop the running daemon.
-	if [ "${RC_CMD}" = "restart" ] ; then
-		checkconfig || return $?
-	fi
-}
-
-reload() {
-	checkconfig || return $?
-	ebegin "Reloading ${SVCNAME}"
-	start-stop-daemon --signal HUP --pidfile "${pidfile}"
-	eend $?
-}

sdk_container/src/third_party/coreos-overlay/net-misc/openssh/files/sshd.socket

@@ -5,6 +5,7 @@ Conflicts=sshd.service
 [Socket]
 ListenStream=22
 Accept=yes
+TriggerLimitBurst=0
 
 [Install]
 WantedBy=sockets.target

sdk_container/src/third_party/coreos-overlay/net-misc/openssh/openssh-9.2_p1-r2.ebuild

@@ -50,7 +50,7 @@ S="${WORKDIR}/${PARCH}"
 
 LICENSE="BSD GPL-2"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+KEYWORDS="~alpha amd64 ~arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
 # Probably want to drop ssl defaulting to on in a future version.
 IUSE="abi_mips_n32 audit debug hpn kerberos ldns libedit livecd pam +pie sctp security-key selinux +ssl static test X X509 xmss"
 
@@ -419,8 +419,6 @@ src_install() {
 	emake install-nokeys DESTDIR="${D}"
 	fperms 600 /etc/ssh/sshd_config
 	dobin contrib/ssh-copy-id
-	newinitd "${FILESDIR}"/sshd-r1.initd sshd
-	newconfd "${FILESDIR}"/sshd-r1.confd sshd
 
 	if use pam; then
 		newpamd "${FILESDIR}"/sshd.pam_include.2 sshd