diff options
Diffstat (limited to 'net-misc')
-rw-r--r-- | net-misc/Manifest.gz | bin | 54292 -> 54282 bytes | |||
-rw-r--r-- | net-misc/frr/Manifest | 3 | ||||
-rw-r--r-- | net-misc/frr/files/frr-8.4.2-musl-gcc12.patch | 21 | ||||
-rw-r--r-- | net-misc/frr/frr-8.4.2.ebuild | 150 | ||||
-rw-r--r-- | net-misc/openssh/Manifest | 4 | ||||
-rw-r--r-- | net-misc/openssh/files/sshd.service.1 | 15 | ||||
-rw-r--r-- | net-misc/openssh/files/sshd_at.service.1 | 8 | ||||
-rw-r--r-- | net-misc/openssh/openssh-9.2_p1-r1.ebuild (renamed from net-misc/openssh/openssh-9.2_p1.ebuild) | 21 |
8 files changed, 212 insertions, 10 deletions
diff --git a/net-misc/Manifest.gz b/net-misc/Manifest.gz Binary files differindex 503be79c49bc..0b7c2d490fec 100644 --- a/net-misc/Manifest.gz +++ b/net-misc/Manifest.gz diff --git a/net-misc/frr/Manifest b/net-misc/frr/Manifest index e05d41191990..aa2c9ae8000d 100644 --- a/net-misc/frr/Manifest +++ b/net-misc/frr/Manifest @@ -1,9 +1,12 @@ AUX frr-7.5-ipctl-forwarding.patch 731 BLAKE2B 9c97d7fdc7b7facb59a73f4b693c285ebd91cb0ba8f7fea0ef49d5eddd8660100315ca7d74ece8d553cdd8ad79a9a0b1a4c173c6dedf90e0be2bdc72d948b2be SHA512 56bdeb8a1f350fea3ad8ed0cdba28964b00384878853e584746d8ce80c6f9ea5ca5adc4539e314f7fd82203c08d5f2ce6adeec61dac9a7a28282131d0d371447 AUX frr-8.4.1-logrotate.patch 2487 BLAKE2B f3eb9b9ce25dd9dd796668ecef5dfeb51b5f3ea3428ef4c03bd78becaf26deb5cb59aa56918fdc3c0230a8905d7edf4a12582ab4e6f7d297e3c94c62b7468b0c SHA512 8658dd1280d201d9f3a7f8caa6c5bf513133a3928ba97334202b0fed84dc03f12c82d76cbb8aeae3f363024d2373161c9bda74e1d9a27a085071c524c9941ad0 +AUX frr-8.4.2-musl-gcc12.patch 525 BLAKE2B 8aa00d5a41445e6a035e77481bf6dc3cf45380d7fe91e0d884cc32a19f3594d8822376837d87988803950ca3bb90914a387767b9d766bfb8784567c989e1160e SHA512 1d3ebc40533037aad992d64f207ecc6ebbe599bedfa3f83cd0e4820e3579daea50ffcc8376bc24154ce0fe1cac9002de6e43665f8addfdf38554e82fd502e8fe AUX frr-openrc-v1 7078 BLAKE2B d5c0276540fa09318f6e92575dd7e03f3bc6ebfce186d062c2d65fa49c502b3b4de0fd32914ce7c4708bb6f6188296f75d387e0384c142381bb77cfb706c7e1c SHA512 8e6f0e58863402f0169b8a7625d049bf85db60bebe40a42dfb450a1bddfcd6f8f436002de6c1ff599c8f848e4ba85a70e4058cb55a9a49fafb1e69a8e7eb9f57 AUX frr.pam 969 BLAKE2B 227dc91f51fab504229fa5489486fed1aa393d33c024849724ea3fb934e3fd78ee6c9147240133d458ec52021f13e8a27a2d8a0b4625415007c4595222b815ee SHA512 9a169d58232eba7481aee83d92b4e104b6c4ca95e5b31befe29117fbcebc187ad87c061f37ec7c571ff5702101a329ae0c113cf714e2d0dcd39ca4212734a9ed DIST frr-8.2.2.tar.gz 9439460 BLAKE2B 7ea4b44e3d167677e087ac8767c470b91c485e52f9e45513fb6da8498ff3c56e84dd90257eff3b0067c061e7596578968017cbec7de7ea951b6f80134332e1bf SHA512 52d8e82979823f61ec6f117db1eb41b23fd8ad3197ae3f9d2cfa3ad9d96636a3d2f0b36720b2041a9261c8b639ddd48e46a2351ce41cb596f7dc432cddf29256 DIST frr-8.4.1.tar.gz 9886182 BLAKE2B be270f34e9ffdbf87a10c7bbd73e9f244128821f1c014060880015e4e7e06165dbc1dc3253894bda5dc1a0607a5bdbad21a70532e9019f1e06d0abd24beffff1 SHA512 69f936580d2e7838e1f15fdfa71a4fa00e7acaa93df4cdbd6129560fbcd45f3754cf5d03b4c9331bf4850477560d63d5509d185098583d19fa93d9e960e1483a +DIST frr-8.4.2.tar.gz 9893223 BLAKE2B 670fb131c2959b0ce4f3133ef38caeb7832275844b16f8582a693033f5466ad0eb98ab45ed9615e0a121ab80bf034edafe7ee816c47d767bd8a13b52f3138eac SHA512 1ee9d17ef3b85c5c10df624a6560bcacb2b5daa3d6231e457f06d9eb6e5ccf375064a46e809d851c23cb6daf7a4299d1f25be589992ef729e80f9bad41a8d7f7 EBUILD frr-8.2.2.ebuild 3482 BLAKE2B 1ecdd7877961ea2ba1629754dcaf13f8f6f784ec97f2156028028818205d19562db8a49abfa4476b8dcc5cba2abcdba744cb14cc1bd00812d4edc3e7e8f13ad1 SHA512 11153b799fc929bef902330fc1349f37ecfb0ebb7c1f2bacd795a50c42fc6f256c488b02df3538143bd4825c3ebf8ba78629b55296c91997d421f61faa02c800 EBUILD frr-8.4.1.ebuild 3527 BLAKE2B 5cf9bc7c4b68d50208f522287ae4ae08f8c5efab7e4d467c5ed25b098eb768e4489d3f07364d45c8f5ad992066df14275e1e36ac9735d4e4990c07fcfd1f6c17 SHA512 4c2d8c0f39ce1a1e568453d2820bb7e78cfad084de8edfd4124ec84fce7ccadacf41f8aedb9dca79b92837f0468e5523e031c1877e710e22645609a21773f2c7 +EBUILD frr-8.4.2.ebuild 3571 BLAKE2B 17dba82c3ac741a59cb6b3c19cbc0776c6f4f22c5a6322e8199b085ecdbba816f0f6ed1d74b3705358a1fe6adbe35c463a309e7a622de24616d90ae9ac3bdc33 SHA512 18bc611dee687f1ce3ac2c02e68a5c25394084e46df34b4d0b2c319b904a37929d8439f430c60338109d07ad1365bea41efd788d6129182041b2bd2c446d640e MISC metadata.xml 845 BLAKE2B 5a563fb20d00884598122763e39d8ce4ef6f7a28b811517a4a01b892636c1ec7cfcf3b0e8bccf838882a8fac309bdbda8dd4fd093f7f58795bd0b711087aeff5 SHA512 1ba4423cf6be189aeec21a0f3a6623c48d61c39fca94dc7dc675fcfdd472c6063b3eefe3f11f5b0de385e759a5488f464a413b7ba1bfc8ae9913563bac6dd264 diff --git a/net-misc/frr/files/frr-8.4.2-musl-gcc12.patch b/net-misc/frr/files/frr-8.4.2-musl-gcc12.patch new file mode 100644 index 000000000000..3c9374aefd6d --- /dev/null +++ b/net-misc/frr/files/frr-8.4.2-musl-gcc12.patch @@ -0,0 +1,21 @@ +https://github.com/FRRouting/frr/pull/12741 + +From def86a45a473a45bf8ac39ac4b82be3d09ae9cae Mon Sep 17 00:00:00 2001 +From: Sam James <sam@gentoo.org> +Date: Sat, 4 Feb 2023 23:29:59 +0000 +Subject: [PATCH] pceplib: add <time.h> include for time_t + +Fixes build on musl. Used for time_t in the header. + +Bug: https://bugs.gentoo.org/862558 +--- a/pceplib/pcep_utils_counters.h ++++ b/pceplib/pcep_utils_counters.h +@@ -30,6 +30,7 @@ + + #include <stdbool.h> + #include <stdint.h> ++#include <time.h> + + #ifdef __cplusplus + extern "C" { + diff --git a/net-misc/frr/frr-8.4.2.ebuild b/net-misc/frr/frr-8.4.2.ebuild new file mode 100644 index 000000000000..ada6b8925460 --- /dev/null +++ b/net-misc/frr/frr-8.4.2.ebuild @@ -0,0 +1,150 @@ +# Copyright 2020-2023 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +PYTHON_COMPAT=( python3_{9..11} ) +inherit autotools pam python-single-r1 systemd + +DESCRIPTION="The FRRouting Protocol Suite" +HOMEPAGE="https://frrouting.org/" +SRC_URI="https://github.com/FRRouting/frr/archive/${P}.tar.gz" +# FRR tarballs have weird format. +S="${WORKDIR}/frr-${P}" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~amd64 ~arm64 ~x86" +IUSE="doc fpm grpc ipv6 nhrp ospfapi pam rpki snmp test" +REQUIRED_USE="${PYTHON_REQUIRED_USE}" +RESTRICT="!test? ( test )" + +COMMON_DEPEND=" + ${PYTHON_DEPS} + acct-user/frr + dev-libs/json-c:0= + >=net-libs/libyang-2.0.0 + sys-libs/libcap + sys-libs/readline:0= + virtual/libcrypt:= + grpc? ( net-libs/grpc:= ) + nhrp? ( net-dns/c-ares:0= ) + pam? ( sys-libs/pam ) + rpki? ( >=net-libs/rtrlib-0.8.0[ssh] ) + snmp? ( net-analyzer/net-snmp:= ) +" +BDEPEND=" + ~dev-util/clippy-${PV} + sys-devel/flex + app-alternatives/yacc + doc? ( dev-python/sphinx ) +" +DEPEND=" + ${COMMON_DEPEND} + elibc_musl? ( sys-libs/queue-standalone ) + test? ( $(python_gen_cond_dep 'dev-python/pytest[${PYTHON_USEDEP}]') ) +" +RDEPEND=" + ${COMMON_DEPEND} + $(python_gen_cond_dep 'dev-python/ipaddr[${PYTHON_USEDEP}]') + !net-misc/quagga +" + +PATCHES=( + "${FILESDIR}"/${PN}-7.5-ipctl-forwarding.patch + "${FILESDIR}"/${PN}-8.4.1-logrotate.patch + "${FILESDIR}"/${PN}-8.4.2-musl-gcc12.patch +) + +src_prepare() { + default + + python_fix_shebang tools + eautoreconf +} + +src_configure() { + local myconf=( + --disable-static + --with-pkg-extra-version="-gentoo" + --enable-configfile-mask=0640 + --enable-logfile-mask=0640 + --prefix="${EPREFIX}"/usr + --libdir="${EPREFIX}"/usr/lib/frr + --sbindir="${EPREFIX}"/usr/lib/frr + --libexecdir="${EPREFIX}"/usr/lib/frr + --sysconfdir="${EPREFIX}"/etc/frr + --localstatedir="${EPREFIX}"/run/frr + --with-moduledir="${EPREFIX}"/usr/lib/frr/modules + --with-clippy="${BROOT}"/usr/bin/clippy + --enable-user=frr + --enable-group=frr + --enable-vty-group=frr + --enable-multipath=64 + $(use_enable doc) + $(use_enable fpm) + $(use_enable grpc) + $(use_enable ipv6 ospf6d) + $(use_enable ipv6 ripngd) + $(use_enable ipv6 rtadv) + $(use_enable kernel_linux realms) + $(use_enable nhrp nhrpd) + $(usex ospfapi '--enable-ospfclient' '' '' '') + $(use_enable rpki) + $(use_enable snmp) + ) + + econf "${myconf[@]}" +} + +src_compile() { + default + + use doc && emake -C doc html +} + +src_install() { + default + find "${ED}" -name '*.la' -delete || die + + # Install user documentation if asked + use doc && dodoc -r doc/user/_build/html + + # Create configuration directory with correct permissions + keepdir /etc/frr + fowners frr:frr /etc/frr + fperms 775 /etc/frr + + # Create logs directory with the correct permissions + keepdir /var/log/frr + fowners frr:frr /var/log/frr + fperms 775 /var/log/frr + + # Install the default configuration files + insinto /etc/frr + doins tools/etc/frr/vtysh.conf + doins tools/etc/frr/frr.conf + doins tools/etc/frr/daemons + + # Fix permissions/owners. + fowners frr:frr /etc/frr/vtysh.conf + fowners frr:frr /etc/frr/frr.conf + fowners frr:frr /etc/frr/daemons + fperms 640 /etc/frr/vtysh.conf + fperms 640 /etc/frr/frr.conf + fperms 640 /etc/frr/daemons + + # Install logrotate configuration + insinto /etc/logrotate.d + newins redhat/frr.logrotate frr + + # Install PAM configuration file + use pam && newpamd "${FILESDIR}"/frr.pam frr + + # Install init scripts + systemd_dounit tools/frr.service + newinitd "${FILESDIR}"/frr-openrc-v1 frr + + # Conflict files, installed by net-libs/libsmi, bug #758383 + rm "${ED}"/usr/share/yang/ietf-interfaces.yang || die +} diff --git a/net-misc/openssh/Manifest b/net-misc/openssh/Manifest index e44331728f86..7d26d8a979b9 100644 --- a/net-misc/openssh/Manifest +++ b/net-misc/openssh/Manifest @@ -14,8 +14,10 @@ AUX sshd-r1.confd 774 BLAKE2B df3f3f28cb4d35b49851399b52408c42e242ae3168ff3fc79a AUX sshd-r1.initd 2675 BLAKE2B 47e87cec2d15b90aae362ce0c8e8ba08dada9ebc244e28be1fe67d24deb00675d3d9b8fef40def8a9224a3e2d15ab717574a3d837e099133c1cf013079588b55 SHA512 257d6437162b76c4a3a648ecc5d4739ca7eaa60b192fde91422c6c05d0de6adfa9635adc24d57dc3da6beb92b1b354ffe8fddad3db453efb610195d5509a4e27 AUX sshd.pam_include.2 156 BLAKE2B 91ebefbb1264fe3fe98df0a72ac22a4cd8a787b3b391af5769798e0b0185f0a588bc089d229c76138fd2db39fbe6bd33924f0d53e0513074d9c2d7abf88dcb78 SHA512 d3f7e6ca8c9f2b5060ebccb259316bb59c9a7e158e8ef9466765a20db263a4043a590811f1a3ab072b718dbd70898bc69b77e0b19603d7f394b5ac1bd0a4a56c AUX sshd.service 259 BLAKE2B e65ea7227658295584c3fdee3bf46f098c1c5a53a0b433e88ae8d43f0823fade25846a5f3abbacf939a13af8195a888d0ffb937e8da943478e76eea7c0e13c82 SHA512 9656ae4c045ba47ad28f983e50d1119d51c1d0a7471fe8e792d6f734a71c8d4d900431b591f2f40bb8af3a382e6215933ae32eff56de6da0f2f166d6fb855987 +AUX sshd.service.1 298 BLAKE2B 7a4f2e2656096b09a8b435d393ea9b0a7bd10a2a9f0e9d9cf49b9ae9600cccfb19a64e09f4cf718e8054fc997f21656f609eb3af15ee2e3576531a88b5709842 SHA512 efc936ca412999e3b1acabe6cf4e87c033fe468cede1c3c499499e252cf7cdeca0841e5e1862ebe316ff3f4bf758fba674f08d081b403713e154b6bbc37da365 AUX sshd.socket 136 BLAKE2B 22e218c831fc384a3151ef97c391253738fa9002e20cf4628c6fe3d52d4b0ac3b957da58f816950669d0a6f8f2786251c6dfc31bbb863f837a3f52631341dc2e SHA512 4d31d373b7bdae917dc0cf05418c71d4743e98e354aefcf055f88f55c9c644a5a0e0e605dbb8372c1b98d17c0ea1c8c0fee27d38ab8dbe23c7e420a6a78c6d42 AUX sshd_at.service 177 BLAKE2B 0e78184f58cb4c68fb834953fac3ce01f9e39e9eb1a84c03f720205f5b611365c9a48fba445962c06c7e18bdb310cdb9ffe4fc49e95f69608922d224b00c890b SHA512 423120ea2e1ac0b92575ce4eb05347483f902238dc104848e74088f49483c37d30c27364e7fe8599b3e85562159c69284ecf25a4c5394b4cfa18c5c77c6beacd +AUX sshd_at.service.1 163 BLAKE2B b5c77d69e3860d365ba96a5b2fe14514bda9425e170fc7f324dcaf95fb02756ef9c5c2658904e812232f40fac9a3c2f4abf61b9129038bde66bb7d3a992d2606 SHA512 fbfe0aed3a5e99f15dc68838975cc49a206d697fb3549d8b31db25617dc7b7b8dd2397d865d89f305d5da391cd56a69277c2215c4335fccb4dd6a9b95ba34e2f DIST openssh-8_5_P1-hpn-AES-CTR-15.2.diff 30096 BLAKE2B f0c020dd2403806c79d4c37a019996d275655b04997301e247f5c4dd7fad35d12b3b7c25afb1b078d915ef2a4ae02f736f0aec9ba2a8c56a405d7ca303bcadf7 SHA512 4c2dbf99a9b5953fdb955f700272bbaeaa025f108a8860d2190197962b849f8385327af82c4d6a3a130a7fba35a74a8ec9437d642867601acb29817c49632a8f DIST openssh-8_5_P1-hpn-DynWinNoneSwitch-15.2.diff 51428 BLAKE2B 370b88a7da7f148bf5a4d445f05cf593b486e9df53bba027e2e179726f534b68cf9d94edd6e53024e0b6ff5f20e568727bc9d26c94d0d415603602a80d3ad241 SHA512 2d8d887901164b33b2799ff3ec72e86a39ae4a1696e52bcee0872dbae7772fcc534351e6e7f87126ee71b164c74e9091350f14b782f4b242a09f09b4f50d047a DIST openssh-8_5_P1-hpn-PeakTput-15.2.diff 2429 BLAKE2B 849bf3c313719ab7a25c75e82d5dc5ac98365a038b2a66fe58d01eae5b20c7777258b94b5830e799d6909e75c69753cda05a910f3bdab9606fb7d5efa68e05f1 SHA512 c4a56fab55fabd1d902d45f235b603708d43f969920e45c9a57e557dccfa9cade2ec61f26d1ace938f6f73e79f17b12f119b5aea9166cbda8e3435b910500914 @@ -33,5 +35,5 @@ DIST openssh-9.2p1-sctp-1.2.patch.xz 6828 BLAKE2B 8a57b85ce5d18dca34ef71b486f2f2 DIST openssh-9.2p1.tar.gz 1852380 BLAKE2B 8d0b5e43cb42cba105a1fe303c447a2b85151cb33ec7ed47747d75c5a61d0f07f0ee4b1020b79c13eb8de4b451c5a844a8afc7ebbbea7ffeceafc3bf59cb8d21 SHA512 c4b79ef3a05b96bfc477ffb31f734635bffd5be213ab58e043111c3232dbe999ff24665fa1069518237cffa5126ded0dda8984e1b8f098f4f09b8c1dae20e604 DIST openssh-9.2p1.tar.gz.asc 833 BLAKE2B 36210757aaa4ee8e6bdf4cfbb5590e6c54a617817d1657ebb446e54530d01a9e9f5559408b3d424d5efdb4ba06f0c02755637f5480dc81f9b4e32963de91087a SHA512 2a56f8946ed00fcd5a92935e090523d40b5c3747e25661d575b799b1825bf5e47a95eed5e7ed968fe042349c2c7d94d6b0e6bf2d9145b5c6ff5df2ca538d56e5 EBUILD openssh-9.1_p1-r3.ebuild 18562 BLAKE2B 8fd485e9a362653105f7eaededc3785b21e7e183ed555cc007adb936c3182721d68a637b10fb83a655ccc3bb82dc22a06301457a25a699ddf20e670bfe053cc4 SHA512 81f8748b45b019e7c1025efa6d5b7b5b22bd37792915206c0dc262db8befdfb143d072de10c9bb8fa0002e09ad0309e740598e9bb8d91f830797b571fa86d269 -EBUILD openssh-9.2_p1.ebuild 17834 BLAKE2B c1a4f5e033eeda367cb92461a7647c8006c61f5795ad89b120505d528cfe2a857d9c28b9c1100b732b48dcd9c018fb3ff389522385aa6dd8cf2b589fcfb97aef SHA512 8e14c5dc1c239eb56a38a071fa7b215e423b7b5b884557287785642b0b71f41377013f8298bffe03d8d24317b414035004f42135c760e1d2f9e2759a76c76093 +EBUILD openssh-9.2_p1-r1.ebuild 18262 BLAKE2B c217ae3cae457b776d77ce8fd89e0f16e00f33e241843b3fc7400ebd45b60dea3c7deb610fd95548d3f905ff4eaeb1214993c712330fe2387c6658e8998e5858 SHA512 09acf9d10695b1b0a9e09995d3684d595f12fb3b6156bd6f9216a867acd7cf502e38d9d57d6ddbb8568d125373efaa808cedbef255a0e75afd7c24ccbf6373cb MISC metadata.xml 1957 BLAKE2B f5921abe3735fc6b8f8c6e88f3c3c11201c32ac91f7426150a51619b430f8c15c2afb0a9dcb9b3b5099fe7e5f193a05514064029392df6d0815a7fb67c2b96cf SHA512 6189845b640943147020d4a0fe04be66f58433809edded6fe98824b51c704faef9c3fc4c0d7a604391afcfcee62c0a47e25d36024b9145c4f1e332fe27db7f0a diff --git a/net-misc/openssh/files/sshd.service.1 b/net-misc/openssh/files/sshd.service.1 new file mode 100644 index 000000000000..a541164cd7f2 --- /dev/null +++ b/net-misc/openssh/files/sshd.service.1 @@ -0,0 +1,15 @@ +[Unit] +Description=OpenSSH server daemon +After=network.target auditd.service + +[Service] +ExecStartPre=/usr/bin/ssh-keygen -A +ExecStart=/usr/sbin/sshd -D -e +ExecReload=/bin/kill -HUP $MAINPID +KillMode=process +OOMPolicy=continue +Restart=on-failure +RestartSec=42s + +[Install] +WantedBy=multi-user.target diff --git a/net-misc/openssh/files/sshd_at.service.1 b/net-misc/openssh/files/sshd_at.service.1 new file mode 100644 index 000000000000..e43a457994f4 --- /dev/null +++ b/net-misc/openssh/files/sshd_at.service.1 @@ -0,0 +1,8 @@ +[Unit] +Description=OpenSSH per-connection server daemon +After=auditd.service + +[Service] +ExecStart=-/usr/sbin/sshd -i -e +StandardInput=socket +StandardError=journal diff --git a/net-misc/openssh/openssh-9.2_p1.ebuild b/net-misc/openssh/openssh-9.2_p1-r1.ebuild index 9fa1599bd620..8a348bd91862 100644 --- a/net-misc/openssh/openssh-9.2_p1.ebuild +++ b/net-misc/openssh/openssh-9.2_p1-r1.ebuild @@ -1,7 +1,7 @@ # Copyright 1999-2023 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 -EAPI=7 +EAPI=8 inherit user-info flag-o-matic autotools pam systemd toolchain-funcs verify-sig @@ -269,10 +269,6 @@ src_prepare() { "${S}"/version.h || die "Failed to patch SSH_RELEASE (version.h)" fi - sed -i \ - -e "/#UseLogin no/d" \ - "${S}"/sshd_config || die "Failed to remove removed UseLogin option (sshd_config)" - eapply_user #473004 # These tests are currently incompatible with PORTAGE_TMPDIR/sandbox @@ -282,8 +278,6 @@ src_prepare() { tc-export PKG_CONFIG local sed_args=( -e "s:-lcrypto:$(${PKG_CONFIG} --libs openssl):" - # Disable PATH reset, trust what portage gives us #254615 - -e 's:^PATH=/:#PATH=/:' # Disable fortify flags ... our gcc does this for us -e 's:-D_FORTIFY_SOURCE=2::' ) @@ -443,8 +437,9 @@ src_install() { dodir /etc/skel/.ssh rmdir "${ED}"/var/empty || die - systemd_dounit "${FILESDIR}"/sshd.{service,socket} - systemd_newunit "${FILESDIR}"/sshd_at.service 'sshd@.service' + systemd_dounit "${FILESDIR}"/sshd.socket + systemd_newunit "${FILESDIR}"/sshd.service.1 sshd.service + systemd_newunit "${FILESDIR}"/sshd_at.service.1 'sshd@.service' } pkg_preinst() { @@ -492,6 +487,14 @@ pkg_postinst() { ewarn "will not be able to establish new sessions. Restarting sshd over a ssh" ewarn "connection is generally safe." fi + if ver_test "${old_ver}" -lt "9.2_p1-r1" && systemd_is_booted; then + ewarn "From openssh-9.2_p1-r1 the supplied systemd unit file defaults to" + ewarn "'Restart=on-failure', which causes the service to automatically restart if it" + ewarn "terminates with an unclean exit code or signal. This feature is useful for most users," + ewarn "but it can increase the vulnerability of the system in the event of a future exploit." + ewarn "If you have a web-facing setup or are concerned about security, it is recommended to" + ewarn "set 'Restart=no' in your sshd unit file." + fi done if [[ -n ${show_ssl_warning} ]]; then |