diff options
Diffstat (limited to 'net-misc/tinyssh')
-rw-r--r-- | net-misc/tinyssh/Manifest | 9 | ||||
-rw-r--r-- | net-misc/tinyssh/files/tinyssh-makekey.service | 8 | ||||
-rw-r--r-- | net-misc/tinyssh/files/tinyssh.confd | 7 | ||||
-rw-r--r-- | net-misc/tinyssh/files/tinyssh.initd | 30 | ||||
-rw-r--r-- | net-misc/tinyssh/files/tinyssh.service | 9 | ||||
-rw-r--r-- | net-misc/tinyssh/files/tinyssh.socket | 13 | ||||
-rw-r--r-- | net-misc/tinyssh/metadata.xml | 43 | ||||
-rw-r--r-- | net-misc/tinyssh/tinyssh-20230101.ebuild | 71 | ||||
-rw-r--r-- | net-misc/tinyssh/tinyssh-99999999.ebuild | 71 |
9 files changed, 261 insertions, 0 deletions
diff --git a/net-misc/tinyssh/Manifest b/net-misc/tinyssh/Manifest new file mode 100644 index 000000000000..4325b30b264a --- /dev/null +++ b/net-misc/tinyssh/Manifest @@ -0,0 +1,9 @@ +AUX tinyssh-makekey.service 186 BLAKE2B 2e433a22acb4c29a620a7d42b473536f88de1934af8d67bf7c8ca5d18989d85235cd6a7fee0c543c10792f354fc0266d93bdf11b48889046b8ef06fd628945ae SHA512 b890e6e61f88fa3f738ad042ecc5c5712449b7afb3849203b2528a27b9b6ac43d03f6656386cf3cdbc8ad4b3c205fcc3362a84f8894a3cf6edf77e2e689cb7e4 +AUX tinyssh.confd 184 BLAKE2B 6165de2e40d5025eba45390b95dc41f6056c1f4886dc4c60dc81e0973037fb249d9dfe7551c0828f9c9991085b675615c92e41e1185bec303edb63dd94c15d34 SHA512 9cda5967554a04547dce75ecaba9c09328a171998889ec821bfc8f1e9d30e115763d3a75a1572f5d4d829630e0c7146f0827dbc84ac876d533e8e7b99556aa24 +AUX tinyssh.initd 807 BLAKE2B e133e79f49fef0f65e9230cbc7fca2d541261652a4acb07a6aeedb45aa40293334afa9c85328de91917c840d6bf56e56602b551d925ab98d44a7da5584eae984 SHA512 519b7849b18375a3fb99d65a0a335f72d01192d4b40c70fc40554b931811b394537bf65c7aa7a177d1b93577d71322a63fe2d9bce3717a89a36b759a013156c9 +AUX tinyssh.service 214 BLAKE2B c02041eeb9109fef53a5d08f66d1807eb545d1da1dd9f38f4da4e07860e1fe80bc58a15bed98b7dfc8a9205e1d8852a0d726afc6fe256b187c75212834778f8f SHA512 220c2507b329bc4e4d38caccce8f278ee61d2b9ed6874f36c8e69785edb5021cbb2796d6f5bb51b60d45f1f00306799f5ffbdb26d83fe6db14f69198d4e27d43 +AUX tinyssh.socket 222 BLAKE2B 4bc71c8a1f8c45280350324af7c53f891f937b6854bf9647086db7339dd89a47254a8d9f3ced88352ce76cab0d02c326f2109e38c87f81b86336703336bd2a49 SHA512 e3cfb592135d8e1f99781ce17ed580a1854dd70bc8102971ef61654ec32933ae1e8e40f5cb79440b21115764fd301c18b25d59dc722367819f8991cb386dabbc +DIST tinyssh-20230101.tar.gz 249091 BLAKE2B 5efb6eab07c136763ab27588661618763d2ca174dce4b0f4b5fd5dcca56044f8361342de780931070cff8efe43f6efa68eaf912e9ae38febfcff733f79e23018 SHA512 6beaf266058a89a78c710abd1a02feff0641a93d0d92aa07a1ad1ba3f6b3344bc312bb5a4cd5c06c6dcc83d25e48a801f9cfcfbb3de0f73904f36d32d4430482 +EBUILD tinyssh-20230101.ebuild 1666 BLAKE2B 18fea31f8a77c768a7237f2ef60ec3ce065a49add36ed8be70727470d3d2091026ac79a9776d5b017bc33bef71efbd173d4bf843a53c8b3523e20cac0a721ebb SHA512 4f351233ba130906366b2cb216171787a8b85eec56d9319579522225ba3e93475f1b3ea71b7d9ab4ccf4d80fe85ed1bccb120f0c08e15856203879812bd85110 +EBUILD tinyssh-99999999.ebuild 1666 BLAKE2B 18fea31f8a77c768a7237f2ef60ec3ce065a49add36ed8be70727470d3d2091026ac79a9776d5b017bc33bef71efbd173d4bf843a53c8b3523e20cac0a721ebb SHA512 4f351233ba130906366b2cb216171787a8b85eec56d9319579522225ba3e93475f1b3ea71b7d9ab4ccf4d80fe85ed1bccb120f0c08e15856203879812bd85110 +MISC metadata.xml 2107 BLAKE2B 6e166d2ea373129eb377c030dac7eae8ac06937cdd4ffd2c1afdc4abae691569be7ae5a46a634e9c2a4c13bbfbc915285ee8244f13d88d2219f94dbca38da58f SHA512 845cc482edd4e62a12e3cf3d01699b2e44d4ac9424170c7b867719c5c400aaafd5cb150866f4af309c208211dbba80a52e52bb72ec09d4cf7bbb4a4556a60232 diff --git a/net-misc/tinyssh/files/tinyssh-makekey.service b/net-misc/tinyssh/files/tinyssh-makekey.service new file mode 100644 index 000000000000..841a516ce390 --- /dev/null +++ b/net-misc/tinyssh/files/tinyssh-makekey.service @@ -0,0 +1,8 @@ +[Unit] +Description=TinySSH Key Generation +ConditionPathIsDirectory=!/etc/tinyssh/keys + +[Service] +ExecStart=/usr/sbin/tinysshd-makekey /etc/tinyssh/keys +Type=oneshot +RemainAfterExit=true diff --git a/net-misc/tinyssh/files/tinyssh.confd b/net-misc/tinyssh/files/tinyssh.confd new file mode 100644 index 000000000000..d1aefde2be9f --- /dev/null +++ b/net-misc/tinyssh/files/tinyssh.confd @@ -0,0 +1,7 @@ +# TinySSH config file for /etc/init.d/tinyssh + +#TINYSSH_PORT="22" +#TINYSSH_IP="0.0.0.0" +#TINYSSH_CONFDIR="/etc/tinyssh" +#TINYSSH_KEYDIR="${TINYSSH_CONFDIR}/keys" +#TINYSSH_OPTS="-l -v" diff --git a/net-misc/tinyssh/files/tinyssh.initd b/net-misc/tinyssh/files/tinyssh.initd new file mode 100644 index 000000000000..095a7f4e1056 --- /dev/null +++ b/net-misc/tinyssh/files/tinyssh.initd @@ -0,0 +1,30 @@ +#!/sbin/openrc-run +# Copyright 1999-2022 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +TINYSSH_CONFDIR="${TINYSSH_CONFDIR:-/etc/tinyssh}" +TINYSSH_KEYDIR="${TINYSSH_KEYDIR:-${TINYSSH_CONFDIR}/keys}" + +TINYSSHD="/usr/sbin/tinysshd" +MAKEKEY="${TINYSSHD}-makekey" +PRINTKEY="/usr/bin/tinysshd-printkey" + +command="/usr/bin/tcpserver" +command_args="-HRDl0 ${TINYSSH_IP:-0.0.0.0} ${TINYSSH_PORT:-22} + ${TINYSSHD} ${TINYSSH_OPTS:--l -v} ${TINYSSH_KEYDIR}" +command_background=yes +pidfile="/run/${RC_SVCNAME}.pid" +start_stop_daemon_args="${SSD_OPTS}" + +depend() { + use net +} + +start_pre() { + if [ "${RC_CMD}" != "restart" ]; then + checkpath -d "${TINYSSH_CONFDIR}" + if ! ${PRINTKEY} "${TINYSSH_KEYDIR}" >/dev/null 2>&1; then + ${MAKEKEY} "${TINYSSH_KEYDIR}" || return 1 + fi + fi +} diff --git a/net-misc/tinyssh/files/tinyssh.service b/net-misc/tinyssh/files/tinyssh.service new file mode 100644 index 000000000000..f0fe93be778b --- /dev/null +++ b/net-misc/tinyssh/files/tinyssh.service @@ -0,0 +1,9 @@ +[Unit] +Description=TinySSH Per-Connection Daemon +Documentation=https://tinyssh.org +After=tinyssh-makekey.service + +[Service] +ExecStart=/usr/sbin/tinysshd /etc/tinyssh/keys +StandardInput=socket +StandardError=journal diff --git a/net-misc/tinyssh/files/tinyssh.socket b/net-misc/tinyssh/files/tinyssh.socket new file mode 100644 index 000000000000..9ca2b16b3fa4 --- /dev/null +++ b/net-misc/tinyssh/files/tinyssh.socket @@ -0,0 +1,13 @@ +[Unit] +Description=TinySSH service (socket-activated) +Documentation=https://tinyssh.org +Wants=tinyssh-makekey.service + +[Socket] +ListenStream=%i +Accept=true +KeepAlive=true +IPTOS=low-delay + +[Install] +WantedBy=sockets.target diff --git a/net-misc/tinyssh/metadata.xml b/net-misc/tinyssh/metadata.xml new file mode 100644 index 000000000000..3c123417d9f8 --- /dev/null +++ b/net-misc/tinyssh/metadata.xml @@ -0,0 +1,43 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> + <maintainer type="person" proxied="yes"> + <email>contact@hacktivis.me</email> + </maintainer> + <maintainer type="project" proxied="proxy"> + <email>proxy-maint@gentoo.org</email> + <name>Proxy Maintainers</name> + </maintainer> + <use> + <flag name="sodium">Use <pkg>dev-libs/libsodium</pkg> for cryptography</flag> + </use> + <upstream> + <remote-id type="github">janmojzis/tinyssh</remote-id> + <bugs-to>https://github.com/janmojzis/tinyssh/issues</bugs-to> + </upstream> + <longdescription lang="en"> +Features + + easy auditable - TinySSH has less than 100000 words of code + no dynamic memory allocation - TinySSH has all memory statically allocated (less than 1MB) + simple configuration - TinySSH can’t be misconfigured + reusing code - TinySSH is reusing libraries from CurveCP implementation + reusing software - TinySSH is using tcpserver/systemd socket/inetd for TCP connection + limited amount of features - TinySSH doesn’t have features such: SSH1 protocol, compression, … + no older cryptographic primitives - rsa, dsa, classic diffie-hellman, hmac-md5, hmac-sha1, 3des, arcfour, … + no copyright restrictions - TinySSH is in the public domain (see the licence) + no dependency on OpenSSL - TinySSH has its own crypto library compatible with NaCl, Libsodium + speed - TinySSH can be also compiled using high-speed NaCl library instead of internal. + +Security features + + cryptographic library (minimum 128-bit security, side-channel attack resistant, state-of-the-art crypto, …) + public-key authentication only (no password or hostbased authentication) + +Crypto primitives + + State-of-the-art crypto: ssh-ed25519, curve25519-sha256@libssh.org, chacha20-poly1305@openssh.com + Older standard: ecdsa-sha2-nistp256, ecdh-sha2-nistp256, aes256-ctr, hmac-sha2-256 removed in version 20190101 + Postquantum crypto: sntrup4591761x25519-sha512@tinyssh.org, chacha20-poly1305@openssh.com + </longdescription> +</pkgmetadata> diff --git a/net-misc/tinyssh/tinyssh-20230101.ebuild b/net-misc/tinyssh/tinyssh-20230101.ebuild new file mode 100644 index 000000000000..6a91309a999d --- /dev/null +++ b/net-misc/tinyssh/tinyssh-20230101.ebuild @@ -0,0 +1,71 @@ +# Copyright 1999-2023 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +inherit systemd toolchain-funcs + +DESCRIPTION="A small SSH server with state-of-the-art cryptography" +HOMEPAGE="https://tinyssh.org" +if [[ "${PV}" == "99999999" ]]; then + inherit git-r3 + EGIT_REPO_URI="https://github.com/janmojzis/tinyssh.git" +else + SRC_URI="https://github.com/janmojzis/${PN}/archive/${PV}.tar.gz -> ${P}.tar.gz" + KEYWORDS="~amd64 ~x86" +fi + +LICENSE="CC0-1.0" +SLOT="0" + +IUSE="+sodium" + +DEPEND=" + sodium? ( dev-libs/libsodium:= ) +" +RDEPEND=" + ${DEPEND} + sys-apps/ucspi-tcp +" + +src_prepare() { + # Leave optimization level to user CFLAGS + sed -i 's/-Os -fomit-frame-pointer -funroll-loops//g' ./conf-cc || die + + # Use make-tinysshcc.sh script, which has no tests and doesn't execute + # binaries. See https://github.com/janmojzis/tinyssh/issues/2 + sed -i 's/make-tinyssh\.sh/make-tinysshcc.sh/g' ./Makefile || die + + default +} + +src_compile() { + if use sodium + then + emake \ + CC="$(tc-getCC)" + LIBS="-lsodium" \ + CFLAGS="${CFLAGS} -I/usr/include/sodium" \ + LDFLAGS="${LDFLAGS} -L/usr/lib" + else + emake CC="$(tc-getCC)" + fi +} + +src_install() { + dosbin build/bin/tinysshd{,-makekey} + dobin build/bin/tinysshd-printkey + doman man/* + + newinitd "${FILESDIR}/${PN}.initd" "${PN}" + newconfd "${FILESDIR}/${PN}.confd" "${PN}" + + systemd_newunit "${FILESDIR}/${PN}.service" "${PN}@.service" + systemd_newunit "${FILESDIR}/${PN}.socket" "${PN}@.socket" + systemd_dounit "${FILESDIR}/${PN}-makekey.service" +} + +pkg_postinst() { + einfo "TinySSH is in beta stage, and ready for production use." + einfo "See https://tinyssh.org for more information." +} diff --git a/net-misc/tinyssh/tinyssh-99999999.ebuild b/net-misc/tinyssh/tinyssh-99999999.ebuild new file mode 100644 index 000000000000..6a91309a999d --- /dev/null +++ b/net-misc/tinyssh/tinyssh-99999999.ebuild @@ -0,0 +1,71 @@ +# Copyright 1999-2023 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +inherit systemd toolchain-funcs + +DESCRIPTION="A small SSH server with state-of-the-art cryptography" +HOMEPAGE="https://tinyssh.org" +if [[ "${PV}" == "99999999" ]]; then + inherit git-r3 + EGIT_REPO_URI="https://github.com/janmojzis/tinyssh.git" +else + SRC_URI="https://github.com/janmojzis/${PN}/archive/${PV}.tar.gz -> ${P}.tar.gz" + KEYWORDS="~amd64 ~x86" +fi + +LICENSE="CC0-1.0" +SLOT="0" + +IUSE="+sodium" + +DEPEND=" + sodium? ( dev-libs/libsodium:= ) +" +RDEPEND=" + ${DEPEND} + sys-apps/ucspi-tcp +" + +src_prepare() { + # Leave optimization level to user CFLAGS + sed -i 's/-Os -fomit-frame-pointer -funroll-loops//g' ./conf-cc || die + + # Use make-tinysshcc.sh script, which has no tests and doesn't execute + # binaries. See https://github.com/janmojzis/tinyssh/issues/2 + sed -i 's/make-tinyssh\.sh/make-tinysshcc.sh/g' ./Makefile || die + + default +} + +src_compile() { + if use sodium + then + emake \ + CC="$(tc-getCC)" + LIBS="-lsodium" \ + CFLAGS="${CFLAGS} -I/usr/include/sodium" \ + LDFLAGS="${LDFLAGS} -L/usr/lib" + else + emake CC="$(tc-getCC)" + fi +} + +src_install() { + dosbin build/bin/tinysshd{,-makekey} + dobin build/bin/tinysshd-printkey + doman man/* + + newinitd "${FILESDIR}/${PN}.initd" "${PN}" + newconfd "${FILESDIR}/${PN}.confd" "${PN}" + + systemd_newunit "${FILESDIR}/${PN}.service" "${PN}@.service" + systemd_newunit "${FILESDIR}/${PN}.socket" "${PN}@.socket" + systemd_dounit "${FILESDIR}/${PN}-makekey.service" +} + +pkg_postinst() { + einfo "TinySSH is in beta stage, and ready for production use." + einfo "See https://tinyssh.org for more information." +} |