From 736633fa866abdd7c155cabb02adf278c5237640 Mon Sep 17 00:00:00 2001 From: V3n3RiX Date: Sun, 22 Jan 2023 12:52:10 +0000 Subject: gentoo auto-resync : 22:01:2023 - 12:52:10 --- net-misc/Manifest.gz | Bin 54427 -> 54432 bytes net-misc/chrome-remote-desktop/Manifest | 4 +- .../chrome-remote-desktop-108.0.5359.33.ebuild | 144 ------ .../chrome-remote-desktop-110.0.5481.14.ebuild | 144 ++++++ net-misc/minidlna/Manifest | 4 +- net-misc/minidlna/minidlna-1.3.1-r1.ebuild | 110 ----- net-misc/minidlna/minidlna-1.3.2-r1.ebuild | 4 +- net-misc/openssh/Manifest | 3 + net-misc/openssh/openssh-9.1_p1-r3.ebuild | 518 +++++++++++++++++++++ 9 files changed, 670 insertions(+), 261 deletions(-) delete mode 100644 net-misc/chrome-remote-desktop/chrome-remote-desktop-108.0.5359.33.ebuild create mode 100644 net-misc/chrome-remote-desktop/chrome-remote-desktop-110.0.5481.14.ebuild delete mode 100644 net-misc/minidlna/minidlna-1.3.1-r1.ebuild create mode 100644 net-misc/openssh/openssh-9.1_p1-r3.ebuild (limited to 'net-misc') diff --git a/net-misc/Manifest.gz b/net-misc/Manifest.gz index 72b60c6dd4a5..a6ddafe8c3a2 100644 Binary files a/net-misc/Manifest.gz and b/net-misc/Manifest.gz differ diff --git a/net-misc/chrome-remote-desktop/Manifest b/net-misc/chrome-remote-desktop/Manifest index a5e2ef10f544..9a5290584e69 100644 --- a/net-misc/chrome-remote-desktop/Manifest +++ b/net-misc/chrome-remote-desktop/Manifest @@ -1,6 +1,6 @@ AUX chrome-remote-desktop-91.0.4472.10-always-sudo.patch 593 BLAKE2B 4cba2a4869437d2d392274c0f0586153406480eb1614297420e161285d981eedf03a4e090a309dfe55163e13387bf4c649586847ccee64dd2e88f9c7263b6b66 SHA512 f4aa5a2473c1872d06fea2611594f63c888717cd93618587b020dcb6aaeb7889443358dbc74da5c7763fb6ef08a6ecf9345d94874c582c799abbf8db8957c790 AUX chrome-remote-desktop.conf.d 283 BLAKE2B a0146298fa2e18e16911587de10aa3dd229cfb26a2d1865637cc4c69c317f4cb303b98daa7f91b6e69cc34c6fbbab3d19332396d4f5c11eeef4958401e26ff14 SHA512 5391c4a2d5787047f773abbf1c5a9dd3842160d768122edc32f0a0275e198882a41a3ca88526d52347f89d1fb4e1a51b6dc785c4dd4a0c0b5935e1e6eff30f49 AUX chrome-remote-desktop.rc 1183 BLAKE2B d1d56ac91a2ced2c6f13019f9d5c7f1d554c2fbd3f57842d6d0b791f2e90233e4d6e8a49155b634a5e20c0bad212a5bc5f63924b1a83d45db01b1fd69445fa07 SHA512 831391b6fcaeeda476a3064d6fff1fdcebb8037aba124814a81ad4a1336a68973f319a003d1ed0938eea68f5ddad179fe29fb12efa05fd204f7fa9c5fb8dd735 -DIST chrome-remote-desktop_108.0.5359.33_amd64.deb 17521372 BLAKE2B 3cfe63dca71407926ddd522f752c2745c3a3380568d8b207b39b667f53e983c7f7003e4d9e72946007a3eaed59c6cf5d870f586dc571c7ac68c37e7594649609 SHA512 6167f1c8539453c7552727e1b75c1c2ba12c3d189ccf412605942c2e0b1af7e30d11e6ed8f76820af7731a16c46c77c1444540540b86d4053e3aa7f5ec55df2c -EBUILD chrome-remote-desktop-108.0.5359.33.ebuild 4808 BLAKE2B 826f0b313a28da8840bbff8eb53cd8ec18a8de7aba0b97384582813fe7f15f935f0178e7165ce0eb4984c9c6a5a3eebd9a4f1e04d3eafb1c9d666f938bc46b8a SHA512 92128169e4a1ce6f168f9e8f6844095b761e07b7ae2ae7ee48d2972601f95a868d898563e0acef45b2a154eea93784e5b19cb47de3d41ac7b56b77f0b17c82ae +DIST chrome-remote-desktop_110.0.5481.14_amd64.deb 17742536 BLAKE2B 3a010b73f786e013aa4bf358811ab306e87681860c1db12b5e915c80b653da0a7e190ff36c78c91fa7a68a8873c7f66a23bb6bdb98630fd881b30c33f12559f7 SHA512 66a374f04664c26e15c5c42b2dbd942dd9cdbc23127733f2f1c136deff868509db80c17028b5f9cae48a460b22443f39af337313dfd865705134737d72372600 +EBUILD chrome-remote-desktop-110.0.5481.14.ebuild 4808 BLAKE2B 826f0b313a28da8840bbff8eb53cd8ec18a8de7aba0b97384582813fe7f15f935f0178e7165ce0eb4984c9c6a5a3eebd9a4f1e04d3eafb1c9d666f938bc46b8a SHA512 92128169e4a1ce6f168f9e8f6844095b761e07b7ae2ae7ee48d2972601f95a868d898563e0acef45b2a154eea93784e5b19cb47de3d41ac7b56b77f0b17c82ae MISC metadata.xml 248 BLAKE2B 2545c58c45b8fd57a236bab059e0bd3da47a3e0d3881d141a9b2dc2e275a2d8f0663d83366b45103b48fd257d62a4a2314a8dd6b79113f8b86c91a90524918c5 SHA512 1397e06cb2ad5941988872f37df6f54100aaa06bfc7ef30ba394f95191ddaa1e9f2180d8eb856eb10f9646d9cbc4a6f020805470633c492519e66e3de788439a diff --git a/net-misc/chrome-remote-desktop/chrome-remote-desktop-108.0.5359.33.ebuild b/net-misc/chrome-remote-desktop/chrome-remote-desktop-108.0.5359.33.ebuild deleted file mode 100644 index ea37c778c6ed..000000000000 --- a/net-misc/chrome-remote-desktop/chrome-remote-desktop-108.0.5359.33.ebuild +++ /dev/null @@ -1,144 +0,0 @@ -# Copyright 1999-2023 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -# Base URL: https://dl.google.com/linux/chrome-remote-desktop/deb/ -# Fetch the Release file: -# https://dl.google.com/linux/chrome-remote-desktop/deb/dists/stable/Release -# Which gives you the Packages file: -# https://dl.google.com/linux/chrome-remote-desktop/deb/dists/stable/main/binary-i386/Packages -# https://dl.google.com/linux/chrome-remote-desktop/deb/dists/stable/main/binary-amd64/Packages -# And finally gives you the file name: -# pool/main/c/chrome-remote-desktop/chrome-remote-desktop_29.0.1547.32_amd64.deb -# -# Use curl to find the answer: -# curl -q https://dl.google.com/linux/chrome-remote-desktop/deb/dists/stable/main/binary-amd64/Packages | grep ^Filename - -EAPI="7" - -PYTHON_COMPAT=( python3_{9,10} ) -PLOCALES="am ar bg bn ca cs da de el en_GB en es_419 es et fa fil fi fr gu he hi hr hu id it ja kn ko lt lv ml mr ms nb nl pl pt_BR pt_PT ro ru sk sl sr sv sw ta te th tr uk vi zh_CN zh_TW" - -inherit unpacker python-single-r1 optfeature plocale - -DESCRIPTION="access remote computers via Chrome!" -PLUGIN_URL="https://chrome.google.com/remotedesktop" -HOMEPAGE="https://support.google.com/chrome/answer/1649523 - https://chrome.google.com/remotedesktop" -BASE_URI="https://dl.google.com/linux/chrome-remote-desktop/deb/pool/main/c/${PN}/${PN}_${PV}" -SRC_URI="amd64? ( ${BASE_URI}_amd64.deb )" - -LICENSE="google-chrome" -SLOT="0" -KEYWORDS="-* ~amd64" -IUSE="" -REQUIRED_USE="${PYTHON_REQUIRED_USE}" -RESTRICT="bindist mirror" - -# Packages we execute, but don't link. -RDEPEND="app-admin/sudo - ${PYTHON_DEPS}" -# All the libs this package links against. -RDEPEND+=" - >=dev-libs/expat-2 - dev-libs/glib:2 - dev-libs/nspr - dev-libs/nss - $(python_gen_cond_dep 'dev-python/psutil[${PYTHON_USEDEP}]') - media-libs/fontconfig - media-libs/freetype:2 - sys-apps/dbus - sys-devel/gcc - sys-libs/glibc - sys-libs/libutempter - sys-libs/pam - x11-apps/xdpyinfo - x11-apps/setxkbmap - x11-libs/cairo - x11-libs/gtk+:3 - x11-libs/libX11 - x11-libs/libxcb - x11-libs/libXdamage - x11-libs/libXext - x11-libs/libXfixes - x11-libs/libxkbcommon - x11-libs/libXrandr - x11-libs/libXtst - x11-libs/pango" -# Settings we just need at runtime. -# TODO: Look at switching to xf86-video-dummy & xf86-input-void instead of xvfb. -# - The env var (CHROME_REMOTE_DESKTOP_USE_XORG) seems to be stripped before being checked. -# - The Xorg invocation uses absolute paths with -logfile & -config which are rejected. -# - The config takes over the active display in addition to starting up a virtual one. -RDEPEND+=" - x11-base/xorg-server[xvfb]" -DEPEND="$(unpacker_src_uri_depends)" - -S=${WORKDIR} - -QA_PREBUILT="/opt/google/chrome-remote-desktop/*" - -PATCHES=( - "${FILESDIR}"/${PN}-91.0.4472.10-always-sudo.patch #541708 -) - -src_prepare() { - default - - gunzip usr/share/doc/${PN}/*.gz || die - - cd opt/google/chrome-remote-desktop - python_fix_shebang chrome-remote-desktop - - cd remoting_locales - # These isn't always included. - rm -f fake-bidi* || die - PLOCALES=${PLOCALES//_/-} plocale_find_changes "${PWD}" '' '.pak' -} - -src_install() { - pushd opt/google/chrome-remote-desktop/remoting_locales >/dev/null || die - rm_pak() { local l=${1//_/-}; rm "${l}.pak" "${l}.pak.info"; } - plocale_for_each_disabled_locale rm_pak - popd >/dev/null - - insinto /etc - doins -r etc/opt - dosym ../opt/chrome/native-messaging-hosts /etc/chromium/native-messaging-hosts #581754 - - insinto /opt - doins -r opt/google - chmod a+rx "${ED}"/opt/google/${PN}/* || die - fperms +s /opt/google/${PN}/user-session - - dodir /etc/pam.d - dosym system-remote-login /etc/pam.d/${PN} - - dodoc usr/share/doc/${PN}/changelog* - - newinitd "${FILESDIR}"/${PN}.rc ${PN} - newconfd "${FILESDIR}"/${PN}.conf.d ${PN} -} - -pkg_postinst() { - optfeature "Dynamic resolution changes" "x11-apps/xrandr" - - if [[ -z ${REPLACING_VERSIONS} ]] ; then - elog "Two ways to launch the server:" - elog "(1) access an existing desktop" - elog " (a) install the Chrome plugin on the server & client:" - elog " ${PLUGIN_URL}" - elog " (b) on the server, run the Chrome plugin & enable remote access" - elog " (c) on the client, connect to the server" - elog "(2) headless system" - elog " (a) install the Chrome plugin on the client:" - elog " ${PLUGIN_URL}" - elog " (b) run ${EPREFIX}/opt/google/chrome-remote-desktop/start-host --help to get the auth URL" - elog " (c) when it redirects you to a blank page, look at the URL for a code=XXX field" - elog " (d) run start-host again, and past the code when asked for an authorization code" - elog " (e) on the client, connect to the server" - elog - elog "Configuration settings you might want to be aware of:" - elog " ~/.${PN}-session - shell script to start your session" - elog " /etc/init.d/${PN} - script to auto-restart server" - fi -} diff --git a/net-misc/chrome-remote-desktop/chrome-remote-desktop-110.0.5481.14.ebuild b/net-misc/chrome-remote-desktop/chrome-remote-desktop-110.0.5481.14.ebuild new file mode 100644 index 000000000000..ea37c778c6ed --- /dev/null +++ b/net-misc/chrome-remote-desktop/chrome-remote-desktop-110.0.5481.14.ebuild @@ -0,0 +1,144 @@ +# Copyright 1999-2023 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +# Base URL: https://dl.google.com/linux/chrome-remote-desktop/deb/ +# Fetch the Release file: +# https://dl.google.com/linux/chrome-remote-desktop/deb/dists/stable/Release +# Which gives you the Packages file: +# https://dl.google.com/linux/chrome-remote-desktop/deb/dists/stable/main/binary-i386/Packages +# https://dl.google.com/linux/chrome-remote-desktop/deb/dists/stable/main/binary-amd64/Packages +# And finally gives you the file name: +# pool/main/c/chrome-remote-desktop/chrome-remote-desktop_29.0.1547.32_amd64.deb +# +# Use curl to find the answer: +# curl -q https://dl.google.com/linux/chrome-remote-desktop/deb/dists/stable/main/binary-amd64/Packages | grep ^Filename + +EAPI="7" + +PYTHON_COMPAT=( python3_{9,10} ) +PLOCALES="am ar bg bn ca cs da de el en_GB en es_419 es et fa fil fi fr gu he hi hr hu id it ja kn ko lt lv ml mr ms nb nl pl pt_BR pt_PT ro ru sk sl sr sv sw ta te th tr uk vi zh_CN zh_TW" + +inherit unpacker python-single-r1 optfeature plocale + +DESCRIPTION="access remote computers via Chrome!" +PLUGIN_URL="https://chrome.google.com/remotedesktop" +HOMEPAGE="https://support.google.com/chrome/answer/1649523 + https://chrome.google.com/remotedesktop" +BASE_URI="https://dl.google.com/linux/chrome-remote-desktop/deb/pool/main/c/${PN}/${PN}_${PV}" +SRC_URI="amd64? ( ${BASE_URI}_amd64.deb )" + +LICENSE="google-chrome" +SLOT="0" +KEYWORDS="-* ~amd64" +IUSE="" +REQUIRED_USE="${PYTHON_REQUIRED_USE}" +RESTRICT="bindist mirror" + +# Packages we execute, but don't link. +RDEPEND="app-admin/sudo + ${PYTHON_DEPS}" +# All the libs this package links against. +RDEPEND+=" + >=dev-libs/expat-2 + dev-libs/glib:2 + dev-libs/nspr + dev-libs/nss + $(python_gen_cond_dep 'dev-python/psutil[${PYTHON_USEDEP}]') + media-libs/fontconfig + media-libs/freetype:2 + sys-apps/dbus + sys-devel/gcc + sys-libs/glibc + sys-libs/libutempter + sys-libs/pam + x11-apps/xdpyinfo + x11-apps/setxkbmap + x11-libs/cairo + x11-libs/gtk+:3 + x11-libs/libX11 + x11-libs/libxcb + x11-libs/libXdamage + x11-libs/libXext + x11-libs/libXfixes + x11-libs/libxkbcommon + x11-libs/libXrandr + x11-libs/libXtst + x11-libs/pango" +# Settings we just need at runtime. +# TODO: Look at switching to xf86-video-dummy & xf86-input-void instead of xvfb. +# - The env var (CHROME_REMOTE_DESKTOP_USE_XORG) seems to be stripped before being checked. +# - The Xorg invocation uses absolute paths with -logfile & -config which are rejected. +# - The config takes over the active display in addition to starting up a virtual one. +RDEPEND+=" + x11-base/xorg-server[xvfb]" +DEPEND="$(unpacker_src_uri_depends)" + +S=${WORKDIR} + +QA_PREBUILT="/opt/google/chrome-remote-desktop/*" + +PATCHES=( + "${FILESDIR}"/${PN}-91.0.4472.10-always-sudo.patch #541708 +) + +src_prepare() { + default + + gunzip usr/share/doc/${PN}/*.gz || die + + cd opt/google/chrome-remote-desktop + python_fix_shebang chrome-remote-desktop + + cd remoting_locales + # These isn't always included. + rm -f fake-bidi* || die + PLOCALES=${PLOCALES//_/-} plocale_find_changes "${PWD}" '' '.pak' +} + +src_install() { + pushd opt/google/chrome-remote-desktop/remoting_locales >/dev/null || die + rm_pak() { local l=${1//_/-}; rm "${l}.pak" "${l}.pak.info"; } + plocale_for_each_disabled_locale rm_pak + popd >/dev/null + + insinto /etc + doins -r etc/opt + dosym ../opt/chrome/native-messaging-hosts /etc/chromium/native-messaging-hosts #581754 + + insinto /opt + doins -r opt/google + chmod a+rx "${ED}"/opt/google/${PN}/* || die + fperms +s /opt/google/${PN}/user-session + + dodir /etc/pam.d + dosym system-remote-login /etc/pam.d/${PN} + + dodoc usr/share/doc/${PN}/changelog* + + newinitd "${FILESDIR}"/${PN}.rc ${PN} + newconfd "${FILESDIR}"/${PN}.conf.d ${PN} +} + +pkg_postinst() { + optfeature "Dynamic resolution changes" "x11-apps/xrandr" + + if [[ -z ${REPLACING_VERSIONS} ]] ; then + elog "Two ways to launch the server:" + elog "(1) access an existing desktop" + elog " (a) install the Chrome plugin on the server & client:" + elog " ${PLUGIN_URL}" + elog " (b) on the server, run the Chrome plugin & enable remote access" + elog " (c) on the client, connect to the server" + elog "(2) headless system" + elog " (a) install the Chrome plugin on the client:" + elog " ${PLUGIN_URL}" + elog " (b) run ${EPREFIX}/opt/google/chrome-remote-desktop/start-host --help to get the auth URL" + elog " (c) when it redirects you to a blank page, look at the URL for a code=XXX field" + elog " (d) run start-host again, and past the code when asked for an authorization code" + elog " (e) on the client, connect to the server" + elog + elog "Configuration settings you might want to be aware of:" + elog " ~/.${PN}-session - shell script to start your session" + elog " /etc/init.d/${PN} - script to auto-restart server" + fi +} diff --git a/net-misc/minidlna/Manifest b/net-misc/minidlna/Manifest index 26cec56cdd8d..e752799315ab 100644 --- a/net-misc/minidlna/Manifest +++ b/net-misc/minidlna/Manifest @@ -2,8 +2,6 @@ AUX minidlna-1.0.25.confd 313 BLAKE2B f08adcd103be5fcffa02d2c62ca85537cb5803336b AUX minidlna-1.1.2.service 230 BLAKE2B 13db2b522a5c27143106f7d45410f94c657133440a5e352794cc4fc48c818865b28087c666911c905efd3fb9c00b6aa9f79f9d0b014eae9130db0d40b5a0ec20 SHA512 0cfa770c43097007dce2c440512e4ca27e02678a08299c8343c91d2e9f70d4756bfd9527c6747a484c639e0e8467cad3d5f2f5a216684ce75495be084e6ac5df AUX minidlna-1.1.5.initd 682 BLAKE2B ea0522de80f8525c5db7a4cb70ac72fd68db9c2beb263d87ef4ab18a128f55117929c6d244de72e5e663e06579a551ff1aa9df385afd277135aa1a2ed0201bbb SHA512 918e282b91434c29d7510e3c04749cd5b2d11aa623fada13d60749793cd7635e4b671e74dc6b1c4e45de0c96b56a271f017a17438651f9d24c03a16df26e09d2 DIST minidlna-1.3.2.tar.gz 736820 BLAKE2B e35266be94e4585f399c80a6909318ce973d443506f6becdacdb00802ed0ce060ebf8401ff1b5dfef0b451f609d98f805c80b9a0c87e23d14084338047418620 SHA512 1dca810aeb59f19f530b5fd589beb04085b65ece94a55a54f2f7a0b771e7c5487493f13e6d9120e0b9aced08b0f98de58640dec26def214333dae1fea951f589 -DIST minidlna-1_3_1.tar.gz 299749 BLAKE2B 0c4e5b5dc8b4fb14609cc71eafb008dfab0ef81350ac5c7f1a83e65f54b1d87296b3f0a063dbda3bd642fc777c36a0f839d5426c03ae852b07827a2b7d38c765 SHA512 6e94f33070db04660b83285a13942173537866ab53f9375e3162131fd86948349991a6c60cb2800c46546d73e58222a008d4cee1914c826f3a2f450f1c95a0e5 DIST minidlna-gentoo-artwork.patch.xz 49372 BLAKE2B 37a5691ec0a6558ecfb0748b0d25a513e7339beaf4816f8e0265f3954db07c3e87eb436855cde5f3daa95b1c3af550c0cf544efaf0a81fa91563507f35414416 SHA512 3bdaadc2a2331e9ebf37ed80d1de7cebd6307ab068dc9cf067159b2c0754a765b2076c07e988602af4dd2d6c49c819da8a1f668258950e15592027b353f22b5e -EBUILD minidlna-1.3.1-r1.ebuild 2186 BLAKE2B 53a912b649cbb3b3994f14caee663d9784f237352e078ff60a9e1d22e26d8bcae7df515b95b8e8de58d7452aeba326ac8674c19c6b3bfc7f08c710e731d48ddb SHA512 b89bf10730c2a774bec2367fbe720205442706477c8b78945b4cee111148ca8985e1cbb5725f1c367782207f2aec277f102e3a15b77f7ee7f5f302e33ada6cbe -EBUILD minidlna-1.3.2-r1.ebuild 2074 BLAKE2B 942ebc1e64b87b56c44d163f038d9ec7312d509ce3d0116d7b053388d2c3f6f33dc7509aa0b543950cc022fb694d4b5b32567470eed420324e86487a7cd76fde SHA512 5470ef4929104c17fcb68e6ca4a8e6cd560485a72a2e01eee24d2d0af3a8b5feefe2f0dda22b9fb6aaa7ca8881cee04847bd87423d1caff03dd5b78cd9c53e73 +EBUILD minidlna-1.3.2-r1.ebuild 2073 BLAKE2B d5503a19aeb99ee3fd1697a4d7ad20e42ea8a61e142ff320b23dcab1b77cdb1c7d547846abe8c0a3fb9eff32ef1a64cafe2596d06c059ae4bd3675e48bd385de SHA512 e45b2385143f58461f5921b56eca2be9d2ef371a68795b928c0e4ebd2cd24b4b57674c790b593c10bab2f0de181677c1cca18f7885bf4aa777adb9b1b6528f14 MISC metadata.xml 513 BLAKE2B 6e851975b83efd7972d5d58c85093a36bf0f51845cb6ef1f7d7b37dab65dd913a5bbd6e5f163b2142eee11d6860b55e1bd346e23b5f4f427ca0812701149eede SHA512 99fe90016717a048a38feec908049f5f0c7b81045dc9e8953b204eb22e858f74b876fd5ae3765cbf88204f9f6ece87310dccb2123bdb1cc007e3c9049967a4e1 diff --git a/net-misc/minidlna/minidlna-1.3.1-r1.ebuild b/net-misc/minidlna/minidlna-1.3.1-r1.ebuild deleted file mode 100644 index d59a29aff929..000000000000 --- a/net-misc/minidlna/minidlna-1.3.1-r1.ebuild +++ /dev/null @@ -1,110 +0,0 @@ -# Copyright 1999-2022 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=8 - -inherit autotools systemd tmpfiles - -MY_P=${P//./_} -DESCRIPTION="DLNA/UPnP-AV compliant media server" -HOMEPAGE="https://sourceforge.net/projects/minidlna/" -# https://downloads.sourceforge.net/project/minidlna/${PN}/${PV}/${P}.tar.gz -SRC_URI=" - https://github.com/mgorny/minidlna/archive/v${PV//./_}.tar.gz - -> ${MY_P}.tar.gz - mirror://gentoo/minidlna-gentoo-artwork.patch.xz -" -S=${WORKDIR}/${MY_P} - -LICENSE="BSD GPL-2" -SLOT="0" -KEYWORDS="amd64 arm x86" -IUSE="netgear readynas zeroconf" - -DEPEND=" - dev-db/sqlite:3 - media-libs/flac:= - media-libs/libexif - media-libs/libid3tag:= - media-libs/libjpeg-turbo:= - media-libs/libogg - media-libs/libvorbis - media-video/ffmpeg:= - elibc_musl? ( sys-libs/queue-standalone ) - zeroconf? ( net-dns/avahi ) -" -RDEPEND=" - ${DEPEND} - acct-group/minidlna - acct-user/minidlna -" -BDEPEND=" - virtual/pkgconfig -" - -CONFIG_CHECK="~INOTIFY_USER" - -PATCHES=( - "${WORKDIR}"/minidlna-gentoo-artwork.patch -) - -src_prepare() { - sed -e "/log_dir/s:/var/log:/var/log/minidlna:" \ - -e "/db_dir/s:/var/cache/:/var/lib/:" \ - -i minidlna.conf || die - - default - eautoreconf -} - -src_configure() { - local myconf=( - --with-db-path=/var/lib/minidlna - --with-log-path=/var/log/minidlna - --enable-tivo - $(use_enable netgear) - $(use_enable readynas) - ) - use zeroconf || myconf+=( - ac_cv_lib_avahi_client_avahi_threaded_poll_new=no - ) - - econf "${myconf[@]}" -} - -src_test() { - : -} - -src_install() { - default - - #bug 536532 - dosym ../sbin/minidlnad /usr/bin/minidlna - - insinto /etc - doins minidlna.conf - - newconfd "${FILESDIR}"/minidlna-1.0.25.confd minidlna - newinitd "${FILESDIR}"/minidlna-1.1.5.initd minidlna - systemd_newunit "${FILESDIR}"/minidlna-1.1.2.service minidlna.service - newtmpfiles - minidlna.conf <<-EOF - d /run/minidlna 0755 minidlna minidlna - - EOF - - keepdir /var/{lib,log}/minidlna - - doman minidlnad.8 minidlna.conf.5 -} - -pkg_preinst() { - local my_is_new=yes - [[ -d ${EROOT}/var/lib/minidlna ]] && my_is_new=no - - fowners minidlna:minidlna /var/{lib,log}/minidlna - fperms 0750 /var/{lib,log}/minidlna -} - -pkg_postinst() { - tmpfiles_process minidlna.conf -} diff --git a/net-misc/minidlna/minidlna-1.3.2-r1.ebuild b/net-misc/minidlna/minidlna-1.3.2-r1.ebuild index 3e02635f1f99..e56727ba5429 100644 --- a/net-misc/minidlna/minidlna-1.3.2-r1.ebuild +++ b/net-misc/minidlna/minidlna-1.3.2-r1.ebuild @@ -1,4 +1,4 @@ -# Copyright 1999-2022 Gentoo Authors +# Copyright 1999-2023 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=8 @@ -14,7 +14,7 @@ SRC_URI=" LICENSE="BSD GPL-2" SLOT="0" -KEYWORDS="amd64 arm ~arm64 ~x86" +KEYWORDS="amd64 arm ~arm64 x86" IUSE="netgear readynas zeroconf" DEPEND=" diff --git a/net-misc/openssh/Manifest b/net-misc/openssh/Manifest index 58dc08edeeb3..5226a45ed7ec 100644 --- a/net-misc/openssh/Manifest +++ b/net-misc/openssh/Manifest @@ -21,14 +21,17 @@ DIST openssh-8_5_P1-hpn-DynWinNoneSwitch-15.2.diff 51428 BLAKE2B 370b88a7da7f148 DIST openssh-8_5_P1-hpn-PeakTput-15.2.diff 2429 BLAKE2B 849bf3c313719ab7a25c75e82d5dc5ac98365a038b2a66fe58d01eae5b20c7777258b94b5830e799d6909e75c69753cda05a910f3bdab9606fb7d5efa68e05f1 SHA512 c4a56fab55fabd1d902d45f235b603708d43f969920e45c9a57e557dccfa9cade2ec61f26d1ace938f6f73e79f17b12f119b5aea9166cbda8e3435b910500914 DIST openssh-9.1_p1-X509-glue-13.5.patch.xz 1092 BLAKE2B 19da945547472048d01a6ec26f28cba11afe1a0590a115582d1e21a852b6b66589b091ab4440d57952200522318aeffb7d9404e53f9532ae80e47685c24c4097 SHA512 96de9f59bacfd99aa9ef03362d55d88b3eea0acc57a11fb72e5c612bfb0f5e48455b0a0d0add9a8a5524b9d4701f47db1ff7859f1d3c2a12947b27292961cbd5 DIST openssh-9.1_p1-X509-glue-14.0.1.patch.xz 1096 BLAKE2B cf5568982c9b2b69ee9f99f3e80459aed7b89f1350362e550ae8db3e5eee4a6d2e07879f962262a05c9745d39f34a3ae83792595c61f0ac287226ee9e0ec2a1b SHA512 18c65c97cc8c436fa8e28c0ad9f0a3874f1fb745d75e0bfb76c180bc148ae14a5f6cc5c2b2fa7261d76a8e1234f28fe869bd7f64ed282bf39c88cc3f20932be5 +DIST openssh-9.1_p1-getentropy.patch 2818 BLAKE2B 883cd035ec4aee7df9951d7da11bec5a8b9645c7e9225495bb8c86e7e07e89d7c989d32d4db7c46118e20a045e1a07c1bbf98726a69a41351968ce4b04b6779e SHA512 5153a97116e0eed9d7d238478304991737ebb837e7253dd931390bfe287398760ef5134a801825e66d95dd9daf95ed9145a260e23b459b721bc27e628da1a6c0 DIST openssh-9.1_p1-hpn-15.2-X509-14.0.1-glue.patch.xz 5536 BLAKE2B 4629e62287f2bc36fe1eb830e4c47c5482e36650c1e725978e150e4f2a233d58b5bd1286024bdbef4d05586bb3e5d13c51fbd191dfe7429fdb06a278c564a777 SHA512 03467605b57ab3fb7ef2a9be175cf3708fa92234f3f0abfa74ea371c9ee90f2c01a3311022e282823c7bb67249d65aabf89f1574b917dc798c51847e57b0e33f DIST openssh-9.1_p1-hpn-15.2-X509-glue.patch.xz 5504 BLAKE2B 776b467ddde16e268536c5632b028a32db22b26d7bc11e2a9fa6c8e29528be3eb781066d6b30fb2f561a73a24c34a29963fcd7c872aa92dc19d715d8ffbf2cbe SHA512 aa753da5f75d90165f5922ead1dd495a15a4c581360d5862ec6f802caea54055da8e308c1919efa8e78b31a7ea082f8693dda0ab84ccee414c562ec062c50fb1 DIST openssh-9.1_p1-hpn-15.2-glue.patch.xz 3840 BLAKE2B 06fb14d8c6f52f1c6fae7971fc4da810c814d7b52063f8cc7e83356baa7ed70c84476c1d1cc896eba6d0d51813dc994e3c82278e66c04998431c8123a09fe7df SHA512 99c88c08fb384336a9680629bc04a89121780d64ee8b03ac164c4e446cc30b865004292e98516b6f857bd75e1b4393291427c046ffcabc1578629e6075636cbf +DIST openssh-9.1_p1-sandbox-writev.patch 819 BLAKE2B c2e4d507540e704b241ab9fb2c63774a2a5031879a746fcb65405f91ff8434ca1877509a5e87484dffc4b9d52da9d7f3b8e177cbbd75d9c632785ba269c3f86a SHA512 ce491ad3ee02a9f455fdd7ab5cbf16d286f439205d557deb4ef3b9d7e092ef5e9b98e682bdc0e65804ee557581133353116d508c60b0ba4a18e2cdcd3aed6bf1 DIST openssh-9.1p1+x509-13.5.diff.gz 1213948 BLAKE2B 5663a1c865c80f590642bb855f7d7a17e71e0db099deb4cea5750cfe734bd506b70a1b266fccc2a58174ae2b1b96a7f1ced56382d5d7e741b07e46422b03f7e6 SHA512 70a1f12e98b8fa8170c208803ee482aea2fcf6b9e41ecada5fabaa0288ed5a32574f42a7b50718bb484978f3c65f50e55966c9f555a9de100dc8d695b9aec531 DIST openssh-9.1p1+x509-14.0.1.diff.gz 1236304 BLAKE2B 389e652a7cca4d7322d784e516a9454b0c6cb540a64aa47c0b14ac80bd9ad5aa7aa72a00dbc9024aa7c1186b19f2c62f179b8a6463085dd1bdde15fd44e451e5 SHA512 da754497f3f7d173b273f710dab2e7dbc5bf5257c95e661687ff4dd6b5e1c696ac031785850d9a9eb5669f728cbe4fe26d256a7cbd6f137ecadaf38f153770d1 DIST openssh-9.1p1-sctp-1.2.patch.xz 6772 BLAKE2B 8393c1ca5f0df7e4d490cef5c38d50d45da83a9c3f650e9af15d95825f9e682a6aaf6a0e85fc1704d41d6567aec8f0b34e43b20652e0141008ccdbe91426dfac SHA512 6750394d0fb7b7f93a0e4f94204e53277cc341c5b2427130559e443557dbb95f2e85a71cfe8d40cfa17dd015b0f3880f79a1f868374e60e94e8385c9b45acec5 DIST openssh-9.1p1.tar.gz 1838747 BLAKE2B 287b6b1cc4858b27af88f4a4674670afff1fb5b99461892083393c53ef3747c5a0fcd90cba95d2c27465a919e00f7f42732c93af4f306665ba0393bbb7a534f5 SHA512 a1f02c407f6b621b1d0817d1a0c9a6839b67e416c84f3b76c63003b119035b24c19a1564b22691d1152e1d2d55f4dc7eb1af2d2318751e431a99c4efa77edc70 DIST openssh-9.1p1.tar.gz.asc 833 BLAKE2B 83efe3c705f6a02c25a9fc9bac2a4efd77470598d9e0fcb86dff2d265c58cffec1afecad3621769b2bd78ac25884f0ee20ae9b311e895db93e3bb552dffd6e74 SHA512 47dc7295f9694250bcbb86d7ca0830a47da4f3df7795bb05ebaf1590284ccce5317022c536bea1b09bd2fa4d8013295cc0de287ebe3f9dc605582077e9f11ddd EBUILD openssh-9.1_p1-r2.ebuild 17832 BLAKE2B 6d37ea764a10d477ecffacbaa263c032024433e11db68474db8613299072e9e4c3d511dbc49becd33a505f8ccee47d08cd01933cd6387f26cd529cecfa148988 SHA512 b82326fd6527132601e401c294d85dc9f728025867ed329c2b7b2a2ddbce9e7935caca29e5e8b1e3c45fe6bc65287e166d2af209f63bf58cee33187a5e2a787e +EBUILD openssh-9.1_p1-r3.ebuild 18290 BLAKE2B 518b7adb0a2077640ff83ff44c61ef709bd071d3f74ebd423e91abf427784badc6c5c73a0426d9406b94b9b8fd55f6fe13110a808145b1e3b49eb2c892bcb267 SHA512 0250e5d7ffb55a90f1909bc060ac9b3d0928d3c2ae3a155f3fc44819ec078928170d2de1460940506834938ad5fd6ad02bddd9e2db6832d4a59cd3c6599912aa EBUILD openssh-9.1_p1.ebuild 17810 BLAKE2B 302fca36aa0f354186744a3220f430e61c3f2ca1f3dda7de7c98f47e6a476715aee1a023451f27cfb1bb07ee50ec1bbc28a05e8f70c2937d391519b9a8423725 SHA512 871fc233d0532c5b84a171a46e3a9ccd5888833145413547e5d8c7bfc0a761280446c61440103dd132e2bd2f73cb6f35c0f90ae41a4975e3d9c2fd506ba0de29 MISC metadata.xml 1957 BLAKE2B f5921abe3735fc6b8f8c6e88f3c3c11201c32ac91f7426150a51619b430f8c15c2afb0a9dcb9b3b5099fe7e5f193a05514064029392df6d0815a7fb67c2b96cf SHA512 6189845b640943147020d4a0fe04be66f58433809edded6fe98824b51c704faef9c3fc4c0d7a604391afcfcee62c0a47e25d36024b9145c4f1e332fe27db7f0a diff --git a/net-misc/openssh/openssh-9.1_p1-r3.ebuild b/net-misc/openssh/openssh-9.1_p1-r3.ebuild new file mode 100644 index 000000000000..dbbb727af2ea --- /dev/null +++ b/net-misc/openssh/openssh-9.1_p1-r3.ebuild @@ -0,0 +1,518 @@ +# Copyright 1999-2023 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +inherit user-info flag-o-matic autotools pam systemd toolchain-funcs verify-sig + +# Make it more portable between straight releases +# and _p? releases. +PARCH=${P/_} + +# PV to USE for HPN patches +#HPN_PV="${PV^^}" +HPN_PV="8.5_P1" + +HPN_VER="15.2" +HPN_PATCHES=( + ${PN}-${HPN_PV/./_}-hpn-DynWinNoneSwitch-${HPN_VER}.diff + ${PN}-${HPN_PV/./_}-hpn-AES-CTR-${HPN_VER}.diff + ${PN}-${HPN_PV/./_}-hpn-PeakTput-${HPN_VER}.diff +) +HPN_GLUE_PATCH="${PN}-9.1_p1-hpn-${HPN_VER}-glue.patch" + +SCTP_VER="1.2" +SCTP_PATCH="${PARCH}-sctp-${SCTP_VER}.patch.xz" + +X509_VER="14.0.1" +X509_PATCH="${PARCH}+x509-${X509_VER}.diff.gz" +X509_GLUE_PATCH="${P}-X509-glue-${X509_VER}.patch" +X509_HPN_GLUE_PATCH="${PN}-9.1_p1-hpn-${HPN_VER}-X509-${X509_VER}-glue.patch" + +DESCRIPTION="Port of OpenBSD's free SSH release" +HOMEPAGE="https://www.openssh.com/" +SRC_URI="mirror://openbsd/OpenSSH/portable/${PARCH}.tar.gz + ${SCTP_PATCH:+sctp? ( https://dev.gentoo.org/~chutzpah/dist/openssh/${SCTP_PATCH} )} + ${HPN_VER:+hpn? ( + $(printf "mirror://sourceforge/project/hpnssh/Patches/HPN-SSH%%20${HPN_VER/./v}%%20${HPN_PV/_P/p}/%s\n" "${HPN_PATCHES[@]}") + https://dev.gentoo.org/~chutzpah/dist/openssh/${HPN_GLUE_PATCH}.xz + )} + ${X509_PATCH:+X509? ( + https://roumenpetrov.info/openssh/x509-${X509_VER}/${X509_PATCH} + https://dev.gentoo.org/~chutzpah/dist/openssh/${X509_GLUE_PATCH}.xz + ${HPN_VER:+hpn? ( https://dev.gentoo.org/~chutzpah/dist/openssh/${X509_HPN_GLUE_PATCH}.xz )} + )} + verify-sig? ( mirror://openbsd/OpenSSH/portable/${PARCH}.tar.gz.asc ) + https://github.com/openssh/openssh-portable/commit/da6038bd5cd55eb212eb2aec1fc8ae79bbf76156.patch -> ${PN}-9.1_p1-getentropy.patch + https://github.com/openssh/openssh-portable/commit/6283f4bd83eee714d0f5fc55802eff836b06fea8.patch -> ${PN}-9.1_p1-sandbox-writev.patch +" +VERIFY_SIG_OPENPGP_KEY_PATH=${BROOT}/usr/share/openpgp-keys/openssh.org.asc +S="${WORKDIR}/${PARCH}" + +LICENSE="BSD GPL-2" +SLOT="0" +KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ppc64 ~riscv ~s390 sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" +# Probably want to drop ssl defaulting to on in a future version. +IUSE="abi_mips_n32 audit debug hpn kerberos ldns libedit livecd pam +pie sctp security-key selinux +ssl static test X X509 xmss" + +RESTRICT="!test? ( test )" + +REQUIRED_USE=" + hpn? ( ssl ) + ldns? ( ssl ) + pie? ( !static ) + static? ( !kerberos !pam ) + X509? ( !sctp ssl !xmss ) + xmss? ( ssl ) + test? ( ssl ) +" + +# tests currently fail with XMSS +REQUIRED_USE+="test? ( !xmss )" + +# Blocker on older gcc-config for bug #872416 +LIB_DEPEND=" + !=dev-libs/libfido2-1.5.0:=[static-libs(+)] ) + selinux? ( >=sys-libs/libselinux-1.28[static-libs(+)] ) + ssl? ( >=dev-libs/openssl-1.1.1l-r1:0=[static-libs(+)] ) + virtual/libcrypt:=[static-libs(+)] + >=sys-libs/zlib-1.2.3:=[static-libs(+)] +" +RDEPEND=" + acct-group/sshd + acct-user/sshd + !static? ( ${LIB_DEPEND//\[static-libs(+)]} ) + pam? ( sys-libs/pam ) + kerberos? ( virtual/krb5 ) +" +DEPEND="${RDEPEND} + virtual/os-headers + kernel_linux? ( !prefix-guest? ( >=sys-kernel/linux-headers-5.1 ) ) + static? ( ${LIB_DEPEND} ) +" +RDEPEND="${RDEPEND} + pam? ( >=sys-auth/pambase-20081028 ) + !prefix? ( sys-apps/shadow ) + X? ( x11-apps/xauth ) +" +# Weird dep construct for newer gcc-config for bug #872416 +BDEPEND=" + sys-devel/autoconf + virtual/pkgconfig + || ( + >=sys-devel/gcc-config-2.6 + >=sys-devel/clang-toolchain-symlinks-14-r1:14 + >=sys-devel/clang-toolchain-symlinks-15-r1:15 + >=sys-devel/clang-toolchain-symlinks-16-r1:* + ) + verify-sig? ( sec-keys/openpgp-keys-openssh ) +" + +PATCHES=( + "${FILESDIR}/${PN}-7.9_p1-include-stdlib.patch" + "${FILESDIR}/${PN}-8.7_p1-GSSAPI-dns.patch" #165444 integrated into gsskex + "${FILESDIR}/${PN}-6.7_p1-openssl-ignore-status.patch" + "${FILESDIR}/${PN}-7.5_p1-disable-conch-interop-tests.patch" + "${FILESDIR}/${PN}-8.0_p1-fix-putty-tests.patch" + "${FILESDIR}/${PN}-8.0_p1-deny-shmget-shmat-shmdt-in-preauth-privsep-child.patch" + "${FILESDIR}/${PN}-8.9_p1-allow-ppoll_time64.patch" #834019 + "${FILESDIR}/${PN}-8.9_p1-gss-use-HOST_NAME_MAX.patch" #834044 + "${FILESDIR}/${PN}-9.1_p1-build-tests.patch" + "${DISTDIR}"/${PN}-9.1_p1-getentropy.patch # https://bugzilla.mindrot.org/show_bug.cgi?id=3487 + "${DISTDIR}"/${PN}-9.1_p1-sandbox-writev.patch # https://bugzilla.mindrot.org/show_bug.cgi?id=3512 +) + +pkg_pretend() { + # this sucks, but i'd rather have people unable to `emerge -u openssh` + # than not be able to log in to their server any more + local missing=() + check_feature() { use "${1}" && [[ -z ${!2} ]] && missing+=( "${1}" ); } + check_feature hpn HPN_VER + check_feature sctp SCTP_PATCH + check_feature X509 X509_PATCH + if [[ ${#missing[@]} -ne 0 ]] ; then + eerror "Sorry, but this version does not yet support features" + eerror "that you requested: ${missing[*]}" + eerror "Please mask ${PF} for now and check back later:" + eerror " # echo '=${CATEGORY}/${PF}' >> /etc/portage/package.mask" + die "Missing requested third party patch." + fi + + # Make sure people who are using tcp wrappers are notified of its removal. #531156 + if grep -qs '^ *sshd *:' "${EROOT}"/etc/hosts.{allow,deny} ; then + ewarn "Sorry, but openssh no longer supports tcp-wrappers, and it seems like" + ewarn "you're trying to use it. Update your ${EROOT}/etc/hosts.{allow,deny} please." + fi +} + +src_unpack() { + default + + # We don't have signatures for HPN, X509, so we have to write this ourselves + use verify-sig && verify-sig_verify_detached "${DISTDIR}"/${PARCH}.tar.gz{,.asc} +} + +src_prepare() { + sed -i \ + -e "/_PATH_XAUTH/s:/usr/X11R6/bin/xauth:${EPREFIX}/usr/bin/xauth:" \ + pathnames.h || die + + # don't break .ssh/authorized_keys2 for fun + sed -i '/^AuthorizedKeysFile/s:^:#:' sshd_config || die + + eapply "${PATCHES[@]}" + + [[ -d ${WORKDIR}/patches ]] && eapply "${WORKDIR}"/patches + + local PATCHSET_VERSION_MACROS=() + + if use X509 ; then + pushd "${WORKDIR}" &>/dev/null || die + eapply "${WORKDIR}/${X509_GLUE_PATCH}" + popd &>/dev/null || die + + eapply "${WORKDIR}"/${X509_PATCH%.*} + eapply "${FILESDIR}/${PN}-9.0_p1-X509-uninitialized-delay.patch" + + # We need to patch package version or any X.509 sshd will reject our ssh client + # with "userauth_pubkey: could not parse key: string is too large [preauth]" + # error + einfo "Patching package version for X.509 patch set ..." + sed -i \ + -e "s/^AC_INIT(\[OpenSSH\], \[Portable\]/AC_INIT([OpenSSH], [${X509_VER}]/" \ + "${S}"/configure.ac || die "Failed to patch package version for X.509 patch" + + einfo "Patching version.h to expose X.509 patch set ..." + sed -i \ + -e "/^#define SSH_PORTABLE.*/a #define SSH_X509 \"-PKIXSSH-${X509_VER}\"" \ + "${S}"/version.h || die "Failed to sed-in X.509 patch version" + PATCHSET_VERSION_MACROS+=( 'SSH_X509' ) + fi + + if use sctp ; then + eapply "${WORKDIR}"/${SCTP_PATCH%.*} + + einfo "Patching version.h to expose SCTP patch set ..." + sed -i \ + -e "/^#define SSH_PORTABLE/a #define SSH_SCTP \"-sctp-${SCTP_VER}\"" \ + "${S}"/version.h || die "Failed to sed-in SCTP patch version" + PATCHSET_VERSION_MACROS+=( 'SSH_SCTP' ) + + einfo "Disabling known failing test (cfgparse) caused by SCTP patch ..." + sed -i \ + -e "/\t\tcfgparse \\\/d" \ + "${S}"/regress/Makefile || die "Failed to disable known failing test (cfgparse) caused by SCTP patch" + fi + + if use hpn ; then + local hpn_patchdir="${T}/${P}-hpn${HPN_VER}" + mkdir "${hpn_patchdir}" || die + cp $(printf -- "${DISTDIR}/%s\n" "${HPN_PATCHES[@]}") "${hpn_patchdir}" || die + pushd "${hpn_patchdir}" &>/dev/null || die + eapply "${WORKDIR}/${HPN_GLUE_PATCH}" + use X509 && eapply "${WORKDIR}/${X509_HPN_GLUE_PATCH}" + use sctp && eapply "${FILESDIR}"/${PN}-8.5_p1-hpn-${HPN_VER}-sctp-glue.patch + popd &>/dev/null || die + + eapply "${hpn_patchdir}" + + use X509 || eapply "${FILESDIR}/openssh-8.6_p1-hpn-version.patch" + + einfo "Patching Makefile.in for HPN patch set ..." + sed -i \ + -e "/^LIBS=/ s/\$/ -lpthread/" \ + "${S}"/Makefile.in || die "Failed to patch Makefile.in" + + einfo "Patching version.h to expose HPN patch set ..." + sed -i \ + -e "/^#define SSH_PORTABLE/a #define SSH_HPN \"-hpn${HPN_VER//./v}\"" \ + "${S}"/version.h || die "Failed to sed-in HPN patch version" + PATCHSET_VERSION_MACROS+=( 'SSH_HPN' ) + + if [[ -n "${HPN_DISABLE_MTAES}" ]] ; then + einfo "Disabling known non-working MT AES cipher per default ..." + + cat > "${T}"/disable_mtaes.conf <<- EOF + + # HPN's Multi-Threaded AES CTR cipher is currently known to be broken + # and therefore disabled per default. + DisableMTAES yes + EOF + sed -i \ + -e "/^#HPNDisabled.*/r ${T}/disable_mtaes.conf" \ + "${S}"/sshd_config || die "Failed to disabled MT AES ciphers in sshd_config" + + sed -i \ + -e "/AcceptEnv.*_XXX_TEST$/a \\\tDisableMTAES\t\tyes" \ + "${S}"/regress/test-exec.sh || die "Failed to disable MT AES ciphers in test config" + fi + fi + + if use X509 || use sctp || use hpn ; then + einfo "Patching sshconnect.c to use SSH_RELEASE in send_client_banner() ..." + sed -i \ + -e "s/PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION/PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_RELEASE/" \ + "${S}"/sshconnect.c || die "Failed to patch send_client_banner() to use SSH_RELEASE (sshconnect.c)" + + einfo "Patching sshd.c to use SSH_RELEASE in sshd_exchange_identification() ..." + sed -i \ + -e "s/PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION/PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_RELEASE/" \ + "${S}"/sshd.c || die "Failed to patch sshd_exchange_identification() to use SSH_RELEASE (sshd.c)" + + einfo "Patching version.h to add our patch sets to SSH_RELEASE ..." + sed -i \ + -e "s/^#define SSH_RELEASE.*/#define SSH_RELEASE SSH_VERSION SSH_PORTABLE ${PATCHSET_VERSION_MACROS[*]}/" \ + "${S}"/version.h || die "Failed to patch SSH_RELEASE (version.h)" + fi + + sed -i \ + -e "/#UseLogin no/d" \ + "${S}"/sshd_config || die "Failed to remove removed UseLogin option (sshd_config)" + + eapply_user #473004 + + # These tests are currently incompatible with PORTAGE_TMPDIR/sandbox + sed -e '/\t\tpercent \\/ d' \ + -i regress/Makefile || die + + tc-export PKG_CONFIG + local sed_args=( + -e "s:-lcrypto:$(${PKG_CONFIG} --libs openssl):" + # Disable PATH reset, trust what portage gives us #254615 + -e 's:^PATH=/:#PATH=/:' + # Disable fortify flags ... our gcc does this for us + -e 's:-D_FORTIFY_SOURCE=2::' + ) + + # The -ftrapv flag ICEs on hppa #505182 + use hppa && sed_args+=( + -e '/CFLAGS/s:-ftrapv:-fdisable-this-test:' + -e '/OSSH_CHECK_CFLAG_LINK.*-ftrapv/d' + ) + # _XOPEN_SOURCE causes header conflicts on Solaris + [[ ${CHOST} == *-solaris* ]] && sed_args+=( + -e 's/-D_XOPEN_SOURCE//' + ) + sed -i "${sed_args[@]}" configure{.ac,} || die + + eautoreconf +} + +src_configure() { + addwrite /dev/ptmx + + use debug && append-cppflags -DSANDBOX_SECCOMP_FILTER_DEBUG + use static && append-ldflags -static + use xmss && append-cflags -DWITH_XMSS + + if [[ ${CHOST} == *-solaris* ]] ; then + # Solaris' glob.h doesn't have things like GLOB_TILDE, configure + # doesn't check for this, so force the replacement to be put in + # place + append-cppflags -DBROKEN_GLOB + fi + + # use replacement, RPF_ECHO_ON doesn't exist here + [[ ${CHOST} == *-darwin* ]] && export ac_cv_func_readpassphrase=no + + local myconf=( + --with-ldflags="${LDFLAGS}" + --disable-strip + --with-pid-dir="${EPREFIX}"$(usex kernel_linux '' '/var')/run + --sysconfdir="${EPREFIX}"/etc/ssh + --libexecdir="${EPREFIX}"/usr/$(get_libdir)/misc + --datadir="${EPREFIX}"/usr/share/openssh + --with-privsep-path="${EPREFIX}"/var/empty + --with-privsep-user=sshd + $(use_with audit audit linux) + $(use_with kerberos kerberos5 "${EPREFIX}"/usr) + # We apply the sctp patch conditionally, so can't pass --without-sctp + # unconditionally else we get unknown flag warnings. + $(use sctp && use_with sctp) + $(use_with ldns) + $(use_with libedit) + $(use_with pam) + $(use_with pie) + $(use_with selinux) + $(usex X509 '' "$(use_with security-key security-key-builtin)") + $(use_with ssl openssl) + $(use_with ssl ssl-engine) + $(use_with !elibc_Cygwin hardening) #659210 + ) + + if use elibc_musl; then + # musl defines bogus values for UTMP_FILE and WTMP_FILE + # https://bugs.gentoo.org/753230 + myconf+=( --disable-utmp --disable-wtmp ) + fi + + # Workaround for Clang 15 miscompilation with -fzero-call-used-regs=all + # bug #869839 (https://github.com/llvm/llvm-project/issues/57692) + tc-is-clang && myconf+=( --without-hardening ) + + econf "${myconf[@]}" +} + +src_test() { + local tests=( compat-tests ) + local shell=$(egetshell "${UID}") + if [[ ${shell} == */nologin ]] || [[ ${shell} == */false ]] ; then + ewarn "Running the full OpenSSH testsuite requires a usable shell for the 'portage'" + ewarn "user, so we will run a subset only." + tests+=( interop-tests ) + else + tests+=( tests ) + fi + + local -x SUDO= SSH_SK_PROVIDER= TEST_SSH_UNSAFE_PERMISSIONS=1 + mkdir -p "${HOME}"/.ssh || die + emake -j1 "${tests[@]}" > "${ED}"/etc/ssh/sshd_config + + # Allow client to pass locale environment variables. #367017 + AcceptEnv ${locale_vars[*]} + + # Allow client to pass COLORTERM to match TERM. #658540 + AcceptEnv COLORTERM + EOF + + # Then the client config. + cat <<-EOF >> "${ED}"/etc/ssh/ssh_config + + # Send locale environment variables. #367017 + SendEnv ${locale_vars[*]} + + # Send COLORTERM to match TERM. #658540 + SendEnv COLORTERM + EOF + + if use pam ; then + sed -i \ + -e "/^#UsePAM /s:.*:UsePAM yes:" \ + -e "/^#PasswordAuthentication /s:.*:PasswordAuthentication no:" \ + -e "/^#PrintMotd /s:.*:PrintMotd no:" \ + -e "/^#PrintLastLog /s:.*:PrintLastLog no:" \ + "${ED}"/etc/ssh/sshd_config || die + fi + + if use livecd ; then + sed -i \ + -e '/^#PermitRootLogin/c# Allow root login with password on livecds.\nPermitRootLogin Yes' \ + "${ED}"/etc/ssh/sshd_config || die + fi +} + +src_install() { + emake install-nokeys DESTDIR="${D}" + fperms 600 /etc/ssh/sshd_config + dobin contrib/ssh-copy-id + newinitd "${FILESDIR}"/sshd-r1.initd sshd + newconfd "${FILESDIR}"/sshd-r1.confd sshd + + if use pam; then + newpamd "${FILESDIR}"/sshd.pam_include.2 sshd + fi + + tweak_ssh_configs + + doman contrib/ssh-copy-id.1 + dodoc CREDITS OVERVIEW README* TODO sshd_config + use hpn && dodoc HPN-README + use X509 || dodoc ChangeLog + + diropts -m 0700 + dodir /etc/skel/.ssh + rmdir "${ED}"/var/empty || die + + systemd_dounit "${FILESDIR}"/sshd.{service,socket} + systemd_newunit "${FILESDIR}"/sshd_at.service 'sshd@.service' +} + +pkg_preinst() { + if ! use ssl && has_version "${CATEGORY}/${PN}[ssl]"; then + show_ssl_warning=1 + fi +} + +pkg_postinst() { + local old_ver + for old_ver in ${REPLACING_VERSIONS}; do + if ver_test "${old_ver}" -lt "5.8_p1"; then + elog "Starting with openssh-5.8p1, the server will default to a newer key" + elog "algorithm (ECDSA). You are encouraged to manually update your stored" + elog "keys list as servers update theirs. See ssh-keyscan(1) for more info." + fi + if ver_test "${old_ver}" -lt "7.0_p1"; then + elog "Starting with openssh-6.7, support for USE=tcpd has been dropped by upstream." + elog "Make sure to update any configs that you might have. Note that xinetd might" + elog "be an alternative for you as it supports USE=tcpd." + fi + if ver_test "${old_ver}" -lt "7.1_p1"; then #557388 #555518 + elog "Starting with openssh-7.0, support for ssh-dss keys were disabled due to their" + elog "weak sizes. If you rely on these key types, you can re-enable the key types by" + elog "adding to your sshd_config or ~/.ssh/config files:" + elog " PubkeyAcceptedKeyTypes=+ssh-dss" + elog "You should however generate new keys using rsa or ed25519." + + elog "Starting with openssh-7.0, the default for PermitRootLogin changed from 'yes'" + elog "to 'prohibit-password'. That means password auth for root users no longer works" + elog "out of the box. If you need this, please update your sshd_config explicitly." + fi + if ver_test "${old_ver}" -lt "7.6_p1"; then + elog "Starting with openssh-7.6p1, openssh upstream has removed ssh1 support entirely." + elog "Furthermore, rsa keys with less than 1024 bits will be refused." + fi + if ver_test "${old_ver}" -lt "7.7_p1"; then + elog "Starting with openssh-7.7p1, we no longer patch openssh to provide LDAP functionality." + elog "Install sys-auth/ssh-ldap-pubkey and use OpenSSH's \"AuthorizedKeysCommand\" option" + elog "if you need to authenticate against LDAP." + elog "See https://wiki.gentoo.org/wiki/SSH/LDAP_migration for more details." + fi + if ver_test "${old_ver}" -lt "8.2_p1"; then + ewarn "After upgrading to openssh-8.2p1 please restart sshd, otherwise you" + ewarn "will not be able to establish new sessions. Restarting sshd over a ssh" + ewarn "connection is generally safe." + fi + done + + if [[ -n ${show_ssl_warning} ]]; then + elog "Be aware that by disabling openssl support in openssh, the server and clients" + elog "no longer support dss/rsa/ecdsa keys. You will need to generate ed25519 keys" + elog "and update all clients/servers that utilize them." + fi + + if use hpn && [[ -n "${HPN_DISABLE_MTAES}" ]] ; then + elog "" + elog "HPN's multi-threaded AES CTR cipher is currently known to be broken" + elog "and therefore disabled at runtime per default." + elog "Make sure your sshd_config is up to date and contains" + elog "" + elog " DisableMTAES yes" + elog "" + elog "Otherwise you maybe unable to connect to this sshd using any AES CTR cipher." + elog "" + fi +} -- cgit v1.2.3