gentoo auto-resync : 25:03:2024 - 19:01:08

author: V3n3RiX <venerix@koprulu.sector> 2024-03-25 19:01:08 +0000
committer: V3n3RiX <venerix@koprulu.sector> 2024-03-25 19:01:08 +0000
commit: fc68863e718441fe15bb0dea2ca03ea06a6f558d (patch)
tree: 5cfeda3e589273a4fa9d6c84119acf0db4c2453c /net-misc/openssh
parent: ecf595717796995cab38a07093dc9597d55d0ea6 (diff)
2 files changed, 49 insertions, 33 deletions
diff --git a/net-misc/openssh/Manifest b/net-misc/openssh/Manifest
index 56935ca511a3..c88aa091efa5 100644
--- a/net-misc/openssh/Manifest
+++ b/net-misc/openssh/Manifest
@@ -15,5 +15,5 @@ DIST openssh-9.7p1.tar.gz.asc 833 BLAKE2B a95e952be48bd55a07d0a95a49dc06c326816c
 EBUILD openssh-9.6_p1-r1.ebuild 14012 BLAKE2B 879504585f4ad5de7e93d54535ebd7a3f82a7b1d7cee1661386f0883d32dc0aa56304b5f2c587f6c21569312736d8408ce91eda7e5c55a0f845197f4cf048e25 SHA512 67a580e5c3888a7253216238147fb51bea2b5bffca75bfa69188b5f6d35ae2bbc18afcc621adfae724e08e992488446268e4e0a07b3c34efa33453f3befb2967
 EBUILD openssh-9.6_p1-r2.ebuild 14105 BLAKE2B 0dc5ac19fd1edbf1114ce98c576245302fb74b97b2f45a501b14c2dd206d4db9a453195ee50d2d9e8edb91766f6ed3c92965c828b9cd8f60f7a42f519f9cf319 SHA512 794e8ca280500f61e7df99e0a1273cfbfe25b0736b0bcb8f4aa4b5486bb915bece9bc6831559755ef8af9af88ff66ad17201ec7f51db22dda99413642235a142
 EBUILD openssh-9.6_p1-r3.ebuild 13891 BLAKE2B 98bc143f607c06d5d8c705b563cad80e1a29ad1d18506e0d5c2b1f13581db2ee09d04f78dcbfb8366d1b0a93c59fad9e0f4cf6b5d7243bae0d973c4b44b3e9b0 SHA512 908304266b8d9329c3ed582a3d2da507f889654f72754da2fe5f1655099517721c786ece314ae8f9802fea8e6e2eeae96c3c0cf8517d4503f5b8c2b6961ac176
-EBUILD openssh-9.7_p1.ebuild 13786 BLAKE2B bfbff35850e942f8e9d50f8f08cec61e78427b4bdbfa3664c69f2455742403c66f36a4f715fee1c29f3938bbfc03121896f37b9681f012662454df29302edaed SHA512 04829d73fdf1374fe6ddeaa892d05d2c03611b7142fbf4c615d8e38264005b37e67711f0219441dd9ab896e28e7a100312fb5362b1d707749edaee7b9757e0f8
+EBUILD openssh-9.7_p1-r2.ebuild 14066 BLAKE2B ada1b60519d235b78468cd5a0ab142e2bc4c897faa14b222025ce376dc4c7e5d6ebff8ac54ee2e8b8628b0a5ea6b5894908b1ae45aac7de11e40d780f009373b SHA512 76da8edc2524f830ffb5abc5a50fc8806f3907e3e197055b472e3c6f27bb3d7166c636616b3863b978a750d393d444559f6c6f690326ca809e6042cf753860f9
 MISC metadata.xml 1788 BLAKE2B d04d3030f70f3615522672fa56e684acaa67ddce8d16cce86ba8911fb8fc11ed152be012ecf560427d271868c4841a7422aaa644305947302d3ebab62bdb577d SHA512 bd328e3a33ce04b989149333db5f774f1b52540f12ef83b08b7fcf136ae2a3a9c83bef42c28991d3536249098ca0b9ffd21e583d93599580510d8619e9fd01ca
diff --git a/net-misc/openssh/openssh-9.7_p1.ebuild b/net-misc/openssh/openssh-9.7_p1-r2.ebuild
index 9508c8162da3..3b0c7f2125a0 100644
--- a/net-misc/openssh/openssh-9.7_p1.ebuild
+++ b/net-misc/openssh/openssh-9.7_p1-r2.ebuild
@@ -217,24 +217,18 @@ src_configure() {
 	econf "${myconf[@]}"
 }
 
-src_test() {
-	local tests=( compat-tests )
-	local shell=$(egetshell "${UID}")
-	if [[ ${shell} == */nologin ]] || [[ ${shell} == */false ]] ; then
-		ewarn "Running the full OpenSSH testsuite requires a usable shell for the 'portage'"
-		ewarn "user, so we will run a subset only."
-		tests+=( interop-tests )
-	else
-		tests+=( tests )
-	fi
+tweak_ssh_configs() {
+	cat <<-EOF >> ssh_config.out || die
 
-	local -x SUDO= SSH_SK_PROVIDER= TEST_SSH_UNSAFE_PERMISSIONS=1
-	mkdir -p "${HOME}"/.ssh || die
-	emake -j1 "${tests[@]}" </dev/null
+	Include "${EPREFIX}/etc/ssh/ssh_config.d/*.conf"
+	EOF
+	cat <<-EOF >> sshd_config.out || die
+
+	Include "${EPREFIX}/etc/ssh/sshd_config.d/*.conf"
+	EOF
 }
 
-# Gentoo tweaks to default config files.
-tweak_ssh_configs() {
+create_config_dropins() {
 	local locale_vars=(
 		# These are language variables that POSIX defines.
 		# http://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap08.html#tag_08_02
@@ -245,15 +239,9 @@ tweak_ssh_configs() {
 		LANGUAGE LC_ADDRESS LC_IDENTIFICATION LC_MEASUREMENT LC_NAME LC_PAPER LC_TELEPHONE
 	)
 
-	dodir /etc/ssh/ssh_config.d /etc/ssh/sshd_config.d
-	cat <<-EOF >> "${ED}"/etc/ssh/ssh_config || die
-	Include "${EPREFIX}/etc/ssh/ssh_config.d/*.conf"
-	EOF
-	cat <<-EOF >> "${ED}"/etc/ssh/sshd_config || die
-	Include "${EPREFIX}/etc/ssh/sshd_config.d/*.conf"
-	EOF
+	mkdir -p "${WORKDIR}"/etc/ssh/ssh{,d}_config.d || die
 
-	cat <<-EOF >> "${ED}"/etc/ssh/ssh_config.d/9999999gentoo.conf || die
+	cat <<-EOF > "${WORKDIR}"/etc/ssh/ssh_config.d/9999999gentoo.conf || die
 	# Send locale environment variables (bug #367017)
 	SendEnv ${locale_vars[*]}
 
@@ -261,16 +249,16 @@ tweak_ssh_configs() {
 	SendEnv COLORTERM
 	EOF
 
-	cat <<-EOF >> "${ED}"/etc/ssh/ssh_config.d/9999999gentoo-security.conf || die
+	cat <<-EOF > "${WORKDIR}"/etc/ssh/ssh_config.d/9999999gentoo-security.conf || die
 	RevokedHostKeys "${EPREFIX}/etc/ssh/ssh_revoked_hosts"
 	EOF
 
-	cat <<-EOF >> "${ED}"/etc/ssh/ssh_revoked_hosts || die
+	cat <<-EOF > "${WORKDIR}"/etc/ssh/ssh_revoked_hosts || die
 	# https://github.blog/2023-03-23-we-updated-our-rsa-ssh-host-key/
 	ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==
 	EOF
 
-	cat <<-EOF >> "${ED}"/etc/ssh/sshd_config.d/9999999gentoo.conf || die
+	cat <<-EOF > "${WORKDIR}"/etc/ssh/sshd_config.d/9999999gentoo.conf || die
 	# Allow client to pass locale environment variables (bug #367017)
 	AcceptEnv ${locale_vars[*]}
 
@@ -279,7 +267,7 @@ tweak_ssh_configs() {
 	EOF
 
 	if use pam ; then
-		cat <<-EOF >> "${ED}"/etc/ssh/sshd_config.d/9999999gentoo-pam.conf || die
+		cat <<-EOF > "${WORKDIR}"/etc/ssh/sshd_config.d/9999999gentoo-pam.conf || die
 		UsePAM yes
 		# This interferes with PAM.
 		PasswordAuthentication no
@@ -290,13 +278,35 @@ tweak_ssh_configs() {
 	fi
 
 	if use livecd ; then
-		cat <<-EOF >> "${ED}"/etc/ssh/sshd_config.d/9999999gentoo-livecd.conf || die
+		cat <<-EOF > "${WORKDIR}"/etc/ssh/sshd_config.d/9999999gentoo-livecd.conf || die
 		# Allow root login with password on livecds.
 		PermitRootLogin Yes
 		EOF
 	fi
 }
 
+src_compile() {
+	default
+	tweak_ssh_configs
+	create_config_dropins
+}
+
+src_test() {
+	local tests=( compat-tests )
+	local shell=$(egetshell "${UID}")
+	if [[ ${shell} == */nologin ]] || [[ ${shell} == */false ]] ; then
+		ewarn "Running the full OpenSSH testsuite requires a usable shell for the 'portage'"
+		ewarn "user, so we will run a subset only."
+		tests+=( interop-tests )
+	else
+		tests+=( tests )
+	fi
+
+	local -x SUDO= SSH_SK_PROVIDER= TEST_SSH_UNSAFE_PERMISSIONS=1
+	mkdir -p "${HOME}"/.ssh || die
+	emake -j1 "${tests[@]}" </dev/null
+}
+
 src_install() {
 	emake install-nokeys DESTDIR="${D}"
 	fperms 600 /etc/ssh/sshd_config
@@ -308,18 +318,24 @@ src_install() {
 		newpamd "${FILESDIR}"/sshd.pam_include.2 sshd
 	fi
 
-	tweak_ssh_configs
-
 	doman contrib/ssh-copy-id.1
 	dodoc ChangeLog CREDITS OVERVIEW README* TODO sshd_config
 
-	diropts -m 0700
-	dodir /etc/skel/.ssh
 	rmdir "${ED}"/var/empty || die
 
 	systemd_dounit "${FILESDIR}"/sshd.socket
 	systemd_newunit "${FILESDIR}"/sshd.service.1 sshd.service
 	systemd_newunit "${FILESDIR}"/sshd_at.service.1 'sshd@.service'
+
+	# Install dropins with explicit mode, bug 906638, 915840
+	diropts -m0755
+	insopts -m0644
+	insinto /etc/ssh
+	doins -r "${WORKDIR}"/etc/ssh/ssh_config.d
+	doins "${WORKDIR}"/etc/ssh/ssh_revoked_hosts
+	diropts -m0700
+	insopts -m0600
+	doins -r "${WORKDIR}"/etc/ssh/sshd_config.d
 }
 
 pkg_preinst() {
author	V3n3RiX <venerix@koprulu.sector>	2024-03-25 19:01:08 +0000
committer	V3n3RiX <venerix@koprulu.sector>	2024-03-25 19:01:08 +0000
commit	fc68863e718441fe15bb0dea2ca03ea06a6f558d (patch)
tree	5cfeda3e589273a4fa9d6c84119acf0db4c2453c /net-misc/openssh
parent	ecf595717796995cab38a07093dc9597d55d0ea6 (diff)