mirrors/flatcar-scripts
1
0
Fork 0
mirror of https://github.com/flatcar/scripts.git synced 2025-08-15 00:46:58 +02:00
Code Issues Packages Projects Releases Wiki Activity

net-misc/openssh: Apply Flatcar patches

Browse Source 
- Drop the init.d files.
- Remove the socket unit's rate limiting.
- Mark the package as stable.

Signed-off-by: Sayan Chowdhury <schowdhury@microsoft.com>
Signed-off-by: Dongsu Park <dpark@linux.microsoft.com>
This commit is contained in:
Sayan Chowdhury 2021-10-12 11:56:41 +05:30 committed by Dongsu Park
parent 52919f1e29
commit d6ec6e5281
4 changed files with 2 additions and 123 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
sdk_container/src/third_party/coreos-overlay/net-misc/openssh/files/sshd-r1.confd vendored
View File

@ -1,33 +0,0 @@
# /etc/conf.d/sshd: config file for /etc/init.d/sshd
# Where is your sshd_config file stored?
SSHD_CONFDIR="${RC_PREFIX%/}/etc/ssh"
# Any random options you want to pass to sshd.
# See the sshd(8) manpage for more info.
SSHD_OPTS=""
# Wait one second (length chosen arbitrarily) to see if sshd actually
# creates a PID file, or if it crashes for some reason like not being
# able to bind to the address in ListenAddress.
#SSHD_SSD_OPTS="--wait 1000"
# Pid file to use (needs to be absolute path).
#SSHD_PIDFILE="${RC_PREFIX%/}/run/sshd.pid"
# Path to the sshd binary (needs to be absolute path).
#SSHD_BINARY="${RC_PREFIX%/}/usr/sbin/sshd"
# Path to the ssh-keygen binary (needs to be absolute path).
#SSHD_KEYGEN_BINARY="${RC_PREFIX%/}/usr/bin/ssh-keygen"

87
sdk_container/src/third_party/coreos-overlay/net-misc/openssh/files/sshd-r1.initd vendored
View File

@ -1,87 +0,0 @@
#!/sbin/openrc-run
# Copyright 1999-2019 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
extra_commands="checkconfig"
extra_started_commands="reload"
: ${SSHD_CONFDIR:=${RC_PREFIX%/}/etc/ssh}
: ${SSHD_CONFIG:=${SSHD_CONFDIR}/sshd_config}
: ${SSHD_PIDFILE:=${RC_PREFIX%/}/run/${SVCNAME}.pid}
: ${SSHD_BINARY:=${RC_PREFIX%/}/usr/sbin/sshd}
: ${SSHD_KEYGEN_BINARY:=${RC_PREFIX%/}/usr/bin/ssh-keygen}
command="${SSHD_BINARY}"
pidfile="${SSHD_PIDFILE}"
command_args="${SSHD_OPTS} -o PidFile=${pidfile} -f ${SSHD_CONFIG}"
# Wait one second (length chosen arbitrarily) to see if sshd actually
# creates a PID file, or if it crashes for some reason like not being
# able to bind to the address in ListenAddress (bug 617596).
: ${SSHD_SSD_OPTS:=--wait 1000}
start_stop_daemon_args="${SSHD_SSD_OPTS}"
depend() {
# Entropy can be used by ssh-keygen, among other things, but
# is not strictly required (bug 470020).
use logger dns entropy
if [ "${rc_need+set}" = "set" ] ; then
: # Do nothing, the user has explicitly set rc_need
else
local x warn_addr
for x in $(awk '/^ListenAddress/{ print $2 }' "$SSHD_CONFIG" 2>/dev/null) ; do
case "${x}" in
0.0.0.0|0.0.0.0:*) ;;
::|\[::\]*) ;;
*) warn_addr="${warn_addr} ${x}" ;;
esac
done
if [ -n "${warn_addr}" ] ; then
need net
ewarn "You are binding an interface in ListenAddress statement in your sshd_config!"
ewarn "You must add rc_need=\"net.FOO\" to your ${RC_PREFIX%/}/etc/conf.d/sshd"
ewarn "where FOO is the interface(s) providing the following address(es):"
ewarn "${warn_addr}"
fi
fi
}
checkconfig() {
checkpath --mode 0755 --directory "${RC_PREFIX%/}/var/empty"
if [ ! -e "${SSHD_CONFIG}" ] ; then
eerror "You need an ${SSHD_CONFIG} file to run sshd"
eerror "There is a sample file in /usr/share/doc/openssh"
return 1
fi
${SSHD_KEYGEN_BINARY} -A || return 2
"${command}" -t ${command_args} || return 3
}
start_pre() {
# Make sure that the user's config isn't busted before we try
# to start the daemon (this will produce better error messages
# than if we just try to start it blindly).
#
# We always need to call checkconfig because this function will
# also generate any missing host key and you can start a
# non-running service with "restart" argument.
checkconfig || return $?
}
stop_pre() {
# If this is a restart, check to make sure the user's config
# isn't busted before we stop the running daemon.
if [ "${RC_CMD}" = "restart" ] ; then
checkconfig || return $?
fi
}
reload() {
checkconfig || return $?
ebegin "Reloading ${SVCNAME}"
start-stop-daemon --signal HUP --pidfile "${pidfile}"
eend $?
}

1
sdk_container/src/third_party/coreos-overlay/net-misc/openssh/files/sshd.socket vendored
View File

@ -5,6 +5,7 @@ Conflicts=sshd.service
[Socket] [Socket]
ListenStream=22 ListenStream=22
Accept=yes Accept=yes
TriggerLimitBurst=0
[Install] [Install]
WantedBy=sockets.target WantedBy=sockets.target

4
sdk_container/src/third_party/coreos-overlay/net-misc/openssh/openssh-9.2_p1-r2.ebuild vendored
View File

@ -50,7 +50,7 @@ S="${WORKDIR}/${PARCH}"
LICENSE="BSD GPL-2" LICENSE="BSD GPL-2"
SLOT="0" SLOT="0"
KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" KEYWORDS="~alpha amd64 ~arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
# Probably want to drop ssl defaulting to on in a future version. # Probably want to drop ssl defaulting to on in a future version.
IUSE="abi_mips_n32 audit debug hpn kerberos ldns libedit livecd pam +pie sctp security-key selinux +ssl static test X X509 xmss" IUSE="abi_mips_n32 audit debug hpn kerberos ldns libedit livecd pam +pie sctp security-key selinux +ssl static test X X509 xmss"
@ -419,8 +419,6 @@ src_install() {
emake install-nokeys DESTDIR="${D}" emake install-nokeys DESTDIR="${D}"
fperms 600 /etc/ssh/sshd_config fperms 600 /etc/ssh/sshd_config
dobin contrib/ssh-copy-id dobin contrib/ssh-copy-id
newinitd "${FILESDIR}"/sshd-r1.initd sshd
newconfd "${FILESDIR}"/sshd-r1.confd sshd
if use pam; then if use pam; then
newpamd "${FILESDIR}"/sshd.pam_include.2 sshd newpamd "${FILESDIR}"/sshd.pam_include.2 sshd