From d7ed2b01311f15ba54fe8ea872aab7d59ab2b193 Mon Sep 17 00:00:00 2001 From: V3n3RiX Date: Fri, 29 Jan 2021 18:03:51 +0000 Subject: gentoo resync : 29.01.2021 --- net-misc/Manifest.gz | Bin 54741 -> 54774 bytes net-misc/asterisk/Manifest | 2 +- net-misc/asterisk/asterisk-13.38.1-r2.ebuild | 4 +- net-misc/bridge-utils/Manifest | 2 +- net-misc/bridge-utils/bridge-utils-1.6.ebuild | 4 +- net-misc/dahdi-tools/Manifest | 1 + net-misc/dahdi-tools/dahdi-tools-3.1.0-r1.ebuild | 64 +++ net-misc/dhcpcd/Manifest | 3 +- net-misc/dhcpcd/dhcpcd-8.1.9-r1.ebuild | 2 +- net-misc/dhcpcd/dhcpcd-8.1.9.ebuild | 144 ------ net-misc/dropbox/Manifest | 3 + net-misc/dropbox/dropbox-114.4.426.ebuild | 102 ++++ net-misc/electrum/Manifest | 2 +- net-misc/electrum/electrum-4.0.9-r1.ebuild | 93 ++++ net-misc/electrum/electrum-4.0.9.ebuild | 93 ---- net-misc/httpie/Manifest | 2 +- net-misc/httpie/httpie-2.3.0.ebuild | 4 +- net-misc/iputils/Manifest | 5 +- .../iputils/files/iputils-20200821-fclose.patch | 45 ++ .../iputils-20200821-getrandom-fallback.patch | 43 ++ .../files/iputils-20200821-install-sbindir.patch | 29 ++ net-misc/iputils/iputils-20200821-r2.ebuild | 178 +++++++ net-misc/iputils/iputils-20200821.ebuild | 174 ------- net-misc/memcached/Manifest | 4 +- net-misc/memcached/memcached-1.5.22.ebuild | 100 ---- net-misc/memcached/memcached-1.6.9.ebuild | 2 +- net-misc/netkit-rsh/Manifest | 2 +- net-misc/netkit-rsh/netkit-rsh-0.17-r10.ebuild | 74 --- net-misc/netkit-rsh/netkit-rsh-0.17-r11.ebuild | 77 +++ net-misc/networkmanager/Manifest | 3 +- .../files/networkmanager-1.28.0-dhcpcd9.patch | 265 +++++++++++ .../networkmanager/networkmanager-1.28.0-r1.ebuild | 349 ++++++++++++++ .../networkmanager/networkmanager-1.28.0.ebuild | 345 -------------- net-misc/ntp/Manifest | 2 +- net-misc/ntp/ntp-4.2.8_p15.ebuild | 2 +- net-misc/ntpsec/Manifest | 2 + net-misc/ntpsec/ntpsec-1.2.0.ebuild | 163 +++++++ net-misc/openssh/Manifest | 8 +- net-misc/openssh/openssh-8.1_p1-r4.ebuild | 469 ------------------- net-misc/openssh/openssh-8.1_p1-r5.ebuild | 471 +++++++++++++++++++ net-misc/openssh/openssh-8.2_p1-r7.ebuild | 484 ------------------- net-misc/openssh/openssh-8.2_p1-r8.ebuild | 486 +++++++++++++++++++ net-misc/openssh/openssh-8.3_p1-r5.ebuild | 509 -------------------- net-misc/openssh/openssh-8.3_p1-r6.ebuild | 511 ++++++++++++++++++++ net-misc/openssh/openssh-8.4_p1-r2.ebuild | 514 -------------------- net-misc/openssh/openssh-8.4_p1-r3.ebuild | 519 +++++++++++++++++++++ net-misc/proxytunnel/Manifest | 2 + .../proxytunnel/proxytunnel-1.10.20210128.ebuild | 45 ++ net-misc/radvd/Manifest | 2 + net-misc/radvd/radvd-2.19.ebuild | 73 +++ net-misc/remmina/Manifest | 1 + net-misc/remmina/remmina-1.4.10-r1.ebuild | 99 ++++ net-misc/seafile-client/Manifest | 2 + .../seafile-client/seafile-client-8.0.1.ebuild | 55 +++ net-misc/seafile/Manifest | 2 + net-misc/seafile/seafile-8.0.1.ebuild | 50 ++ net-misc/socat/Manifest | 3 - .../files/socat-1.7.4.0-32bit_build_fix.patch | 42 -- net-misc/socat/socat-1.7.4.0.ebuild | 67 --- net-misc/streamlink/Manifest | 7 +- net-misc/streamlink/streamlink-1.3.0-r2.ebuild | 80 ---- net-misc/streamlink/streamlink-2.0.0.ebuild | 76 +++ net-misc/streamlink/streamlink-9999.ebuild | 32 +- net-misc/suite3270/Manifest | 2 +- net-misc/suite3270/suite3270-4.0_p13.ebuild | 2 +- net-misc/youtube-dl/Manifest | 2 + net-misc/youtube-dl/youtube-dl-2021.01.24.1.ebuild | 71 +++ net-misc/zerotier/Manifest | 5 +- net-misc/zerotier/files/zerotier.init-r1 | 12 + net-misc/zerotier/zerotier-1.2.12.ebuild | 44 -- net-misc/zerotier/zerotier-1.6.2.ebuild | 80 ++++ 71 files changed, 4023 insertions(+), 3193 deletions(-) create mode 100644 net-misc/dahdi-tools/dahdi-tools-3.1.0-r1.ebuild delete mode 100644 net-misc/dhcpcd/dhcpcd-8.1.9.ebuild create mode 100644 net-misc/dropbox/dropbox-114.4.426.ebuild create mode 100644 net-misc/electrum/electrum-4.0.9-r1.ebuild delete mode 100644 net-misc/electrum/electrum-4.0.9.ebuild create mode 100644 net-misc/iputils/files/iputils-20200821-fclose.patch create mode 100644 net-misc/iputils/files/iputils-20200821-getrandom-fallback.patch create mode 100644 net-misc/iputils/files/iputils-20200821-install-sbindir.patch create mode 100644 net-misc/iputils/iputils-20200821-r2.ebuild delete mode 100644 net-misc/iputils/iputils-20200821.ebuild delete mode 100644 net-misc/memcached/memcached-1.5.22.ebuild delete mode 100644 net-misc/netkit-rsh/netkit-rsh-0.17-r10.ebuild create mode 100644 net-misc/netkit-rsh/netkit-rsh-0.17-r11.ebuild create mode 100644 net-misc/networkmanager/files/networkmanager-1.28.0-dhcpcd9.patch create mode 100644 net-misc/networkmanager/networkmanager-1.28.0-r1.ebuild delete mode 100644 net-misc/networkmanager/networkmanager-1.28.0.ebuild create mode 100644 net-misc/ntpsec/ntpsec-1.2.0.ebuild delete mode 100644 net-misc/openssh/openssh-8.1_p1-r4.ebuild create mode 100644 net-misc/openssh/openssh-8.1_p1-r5.ebuild delete mode 100644 net-misc/openssh/openssh-8.2_p1-r7.ebuild create mode 100644 net-misc/openssh/openssh-8.2_p1-r8.ebuild delete mode 100644 net-misc/openssh/openssh-8.3_p1-r5.ebuild create mode 100644 net-misc/openssh/openssh-8.3_p1-r6.ebuild delete mode 100644 net-misc/openssh/openssh-8.4_p1-r2.ebuild create mode 100644 net-misc/openssh/openssh-8.4_p1-r3.ebuild create mode 100644 net-misc/proxytunnel/proxytunnel-1.10.20210128.ebuild create mode 100644 net-misc/radvd/radvd-2.19.ebuild create mode 100644 net-misc/remmina/remmina-1.4.10-r1.ebuild create mode 100644 net-misc/seafile-client/seafile-client-8.0.1.ebuild create mode 100644 net-misc/seafile/seafile-8.0.1.ebuild delete mode 100644 net-misc/socat/files/socat-1.7.4.0-32bit_build_fix.patch delete mode 100644 net-misc/socat/socat-1.7.4.0.ebuild delete mode 100644 net-misc/streamlink/streamlink-1.3.0-r2.ebuild create mode 100644 net-misc/streamlink/streamlink-2.0.0.ebuild create mode 100644 net-misc/youtube-dl/youtube-dl-2021.01.24.1.ebuild create mode 100644 net-misc/zerotier/files/zerotier.init-r1 delete mode 100644 net-misc/zerotier/zerotier-1.2.12.ebuild create mode 100644 net-misc/zerotier/zerotier-1.6.2.ebuild (limited to 'net-misc') diff --git a/net-misc/Manifest.gz b/net-misc/Manifest.gz index df364daeb983..b3a9b68beccd 100644 Binary files a/net-misc/Manifest.gz and b/net-misc/Manifest.gz differ diff --git a/net-misc/asterisk/Manifest b/net-misc/asterisk/Manifest index 9835918f8160..85eafc5ba665 100644 --- a/net-misc/asterisk/Manifest +++ b/net-misc/asterisk/Manifest @@ -14,7 +14,7 @@ DIST asterisk-13.38.1.tar.gz 33705256 BLAKE2B c783ee40880455cee5a60b111f69d95fdc DIST asterisk-16.15.1.tar.gz 27796648 BLAKE2B 4daa0b121a789d0384d81c3b56951bfd7c919cae3de1d7eaa0ba50f01f428c1d56555838f9ce2b3fe24309b131310c59622ed114cd4f76ac7b06896ceb3da6fc SHA512 5ce6e1301825b142859087ba237b2c1b3e0687cac3fac28f35b043727cac26583697534b2726a65510e50ef27cf373b0c4cef60042f789aa6b875448a5f08914 DIST gentoo-asterisk-patchset-4.08.tar.bz2 2176 BLAKE2B 7f8c9b5fda855091e66b2534d2be23fb1616f565480459f71f766826e5deeeecb24899e2ee9eefe74323e892624d32ab954ec7e9be6a002431ff029fc13493ed SHA512 365c1b8628882c48c279e1fd77d982e6d0820ba7d7122e97bb4988f875d7010caa956798c833c3b01d389004fa08a63a9de2c1b452c9e5701c6106e29fd8e9e1 EBUILD asterisk-13.38.1-r1.ebuild 9456 BLAKE2B dcb95d4a66e3a79ec8493ca92103cba49f87d4a355208cb92602d8d16d81d37fb9d5d6225ad067dfff3eba475f00c7322024d986c12db77967e676a9fa32ede7 SHA512 9c8f127f40b7d87e9721e67d04c7be55101c1bcffcecddf98072cb3eb45e250af74421cbc65565fc70fd71158b9850ec4e2b22485a09842d186bcb6d2432141d -EBUILD asterisk-13.38.1-r2.ebuild 9787 BLAKE2B 656c7a18b9bbbe933f49644c26ebc466d69e6f0033e189e1618bc7a0622a655873f0f551683936532ba802fbfa350956d3ee78a73529e66483c874205d5ef83d SHA512 643f4d40847b8ff76a39110fda1909727710ce53a924cbc8aeacca324c14e04cb26edf7603fff116ca9a757f8bdb0cd92c2726bfdd372c716dffb987bfb1272c +EBUILD asterisk-13.38.1-r2.ebuild 9785 BLAKE2B 17ea2c5a061f396b041592c965e6b56e71c07c3b6632fa9fb649650fbdd4165581a32e8878cf4b3930fd15c0223ba60cb74465a274d7991a50c7e7eed2610754 SHA512 1d38cf39c17cc30adef4ad65d2d809c83dc47b8b3b25f78354c9674d14bd539ef0b7b3d77cd42be102ccfa1d6db294babc34288642517163bdf20de924878152 EBUILD asterisk-13.38.1.ebuild 9184 BLAKE2B da7b6e6754a5825d1960346d779820aace4450232a728890ef9555e637fb27d5e20312fdef9b0288b09544d3b669636aadf1dfb64f46040435ce64a1029c1538 SHA512 1f9b49e36fccdc32f80f9018e1c5e3c89dd10dc1ca89647fb0c148e0b66286f9bd01484f54290cfc9aa14da4b35ed36c41d2e691e84af9138311322ff60e7c3f EBUILD asterisk-16.15.1-r1.ebuild 9633 BLAKE2B 5a6dd460244d81b83f943c982008f79071685a547140d9bf1abed4f0b845ee9a416cb510f9d8c5e9b80fa7d1b351a6cfa2cd087672aafc5d552dd78c542268ce SHA512 74187eff38dff704c9f3de4b7a3f82f054b0c90c2aad6882acd8f227840663f7bc97c8845fcdd1301ddee22328e437004554c6c03bafdfa8a911267ec4009e4c EBUILD asterisk-16.15.1-r2.ebuild 10100 BLAKE2B 1ad9ba65ce8d89ddc53220f30803a4dc0248991b710c0b9d933343abcd63495b711914ecc6f6151cae6830bb39d01cf6dcea3e9fa8dce39c80b0994473422de1 SHA512 d07ada08b13ba033f0e28748084f512a39201ae9271f28fa84da41e9732e978da89d69a8f6f8796a7d0ca20eb3754b0a9dc2ff37b97a695a6a155c88de9a5155 diff --git a/net-misc/asterisk/asterisk-13.38.1-r2.ebuild b/net-misc/asterisk/asterisk-13.38.1-r2.ebuild index 638c1695a1f3..41cf296fe639 100644 --- a/net-misc/asterisk/asterisk-13.38.1-r2.ebuild +++ b/net-misc/asterisk/asterisk-13.38.1-r2.ebuild @@ -1,4 +1,4 @@ -# Copyright 1999-2020 Gentoo Authors +# Copyright 1999-2021 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=7 @@ -13,7 +13,7 @@ SRC_URI="https://downloads.asterisk.org/pub/telephony/asterisk/releases/${P}.tar https://downloads.uls.co.za/gentoo/asterisk/gentoo-asterisk-patchset-4.08.tar.bz2" LICENSE="GPL-2" SLOT="0/${PV%%.*}" -KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86" +KEYWORDS="amd64 ~arm ~arm64 ~ppc ~ppc64 x86" IUSE_VOICEMAIL_STORAGE=( +voicemail_storage_file diff --git a/net-misc/bridge-utils/Manifest b/net-misc/bridge-utils/Manifest index a0c3e6db02ea..872a6edc2705 100644 --- a/net-misc/bridge-utils/Manifest +++ b/net-misc/bridge-utils/Manifest @@ -1,4 +1,4 @@ AUX libbridge-substitute-AR-variable-from-configure.patch 942 BLAKE2B e1835eefb982957d2e3a1efa0244b4d9f72decbac8990579b19137df82e758589846e4175f3cc9ddc9e2990663b3ae146cf67b9f5a808255115d1a91d53a3d50 SHA512 b4aecaa7e7fae311effc2f9ccd4ee5ca2a1be007cb94e1eb873693805fcdbc880bfb0df53d592eef46d61d433c7b5a36dbe9e7c16b836b6a3f1452e4034f50d6 DIST bridge-utils-1.6.tar.xz 29904 BLAKE2B 4a816d2855a8f127dca3a19df326863848d36032c881a9093cd98b88f701d70486a9488e9761869629f29c6f5bc14305388eac3c22393a3e60dfdb3c9c4dda10 SHA512 b2ed39bc67349b7b91f2068cb505c0e3c89a8797d61e3d97ff957796cfe5fcef2c26dd788bd4215f628d69a4c8592377f4e632c3e181e87af3eaa238d8741e02 -EBUILD bridge-utils-1.6.ebuild 1437 BLAKE2B db6310f76e4b10f54a24bc472aa44c70fa6a9d0b45f2f87850da532b024729bbda3fea181316312d3584fd03104bbff94169f588ea67fadd5faf34f27fceae36 SHA512 324720b237f4b0ebded7892de8f348dbf0080c172aa4d8e4785480bf76a742c397ab0cf8dab12d8f3b03021429b6dde712a1950810b9fc276d119e1b1d357e3e +EBUILD bridge-utils-1.6.ebuild 1436 BLAKE2B 42f9eab53b9e394593c7b9f78f988a5558cbb0aca979e9adbfd96bed3824e2ab1aee9b974df1870a94a639778a90f19b1bd5af3a42dc9f646181bd55dfcb5367 SHA512 002a1d7fbf2f2b756f2c15d73b6d9e7acca1c6d3295a78a19e578de82967d50ace95167a98a060254195719369c5a9e7669b2d262be120f9a1a906619740843a MISC metadata.xml 491 BLAKE2B bf2e6636e5cd672907c0fa7a57894aadd2a56c6a86243d6894567e5819684dba5ef73419b9796d3e8e30e5d9048e13f4a11f714400f4b71dc2a61b8fee81467f SHA512 ec5ffecc293290fa0931f16fc447b5f9537d86db112462f6f865b1e4714e95c10d22fef326692d4506958956c3148061beba187e19b8549608f02ef974302bee diff --git a/net-misc/bridge-utils/bridge-utils-1.6.ebuild b/net-misc/bridge-utils/bridge-utils-1.6.ebuild index 47491b009b6a..273624c416b4 100644 --- a/net-misc/bridge-utils/bridge-utils-1.6.ebuild +++ b/net-misc/bridge-utils/bridge-utils-1.6.ebuild @@ -1,4 +1,4 @@ -# Copyright 1999-2020 Gentoo Authors +# Copyright 1999-2021 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=6 @@ -12,7 +12,7 @@ SRC_URI="https://www.kernel.org/pub/linux/utils/net/${PN}/${P}.tar.xz" LICENSE="GPL-2" SLOT="0" -KEYWORDS="amd64 arm ~arm64 ~hppa ~ia64 ~mips ppc ppc64 sparc x86" +KEYWORDS="amd64 arm arm64 ~hppa ~ia64 ~mips ppc ppc64 sparc x86" IUSE="selinux" DEPEND="virtual/os-headers" diff --git a/net-misc/dahdi-tools/Manifest b/net-misc/dahdi-tools/Manifest index 7ae96aecc312..b358c5747c8e 100644 --- a/net-misc/dahdi-tools/Manifest +++ b/net-misc/dahdi-tools/Manifest @@ -7,5 +7,6 @@ AUX dahdi-tools-3.1.0-fno-common.patch 1030 BLAKE2B ca9f8ce7116656f66107194c7cce AUX dahdi-tools-3.1.0-parallel-make-no-config.patch 681 BLAKE2B c72cc644d88514c836784511abd9d4c06009218a311dc937b32fe3bcd048ae17439a882ed6a5f159e619eea478d664552e59b7a2ff6b4331c9b44e7ed93033c8 SHA512 d368a0fb5b03618d4adb49c01a6ccb518a67b7e48a209b927878b71b68e4a4a1093574e394970f9d6426bd75b5ca737326f27fc8322654ce39f9b2b272813992 AUX dahdi.init2 582 BLAKE2B 2e273c929772428586f6800601cc0249a33f61c6aad474c19dd45d9d78a187a9fdd34d1ca26e0eed605fc9630c04b0b0ffd29214a5116749db94bf7609bb078a SHA512 684e8dea54a4f082345100f4d05ca286a085b99c46f0b3fa7300ca5d9a666657afb5405c1f14ac3ba4aba02ce39872e74b9c1cfe6321fd631fa6c39ae38e5ebb DIST dahdi-tools-3.1.0.tar.gz 607449 BLAKE2B aa8ef197cbdecf5c892386aa1c25c940ed3f7c24884f588dcca975d34ee7b4c41722d2529fa305d7568d03302e10e6eb4d5df36a899315e05bf243163500b22d SHA512 e0e5bf24e4834ca39ef7dc1af1bb7ef26bd258a8b2cb2406a7e1ffed25b4b1d44a5fce41d97c5ad7fc6ebb66f965759d2b49ffa6d89845786f43eadb89ff4694 +EBUILD dahdi-tools-3.1.0-r1.ebuild 2018 BLAKE2B 32d097769b4d741e32a6f9baba6b3c8ad3ed68412963c4122bba179bc367773d25c57f08e86c9956f3c1468010e3c3533987e917ab40d3203a1094c19c2fd4ff SHA512 14441431b504bfe0ebbf84e8d9d5614c625f54ce84d8977e6610e3f454fb5b1998790058967060d3f6c461f57bea2c511d9fb0b46895676f0e814094199f7c30 EBUILD dahdi-tools-3.1.0.ebuild 1692 BLAKE2B 7ed3148872c5975ad46517a4e687509610ebe57755be7e6ffbf5b1d8617f6a4ae12b7610d30eac5192199190e160d7ea6ee791e62f66deada89c40a39c15005e SHA512 e20f7a9fb034725b1b96a23630a5bfc37d2b90bf702343577328a1c1a078094ed93085e64f5be8a627570168916ab56efdbbe697f4fded5a5f774195b7f4d5f0 MISC metadata.xml 443 BLAKE2B 5a35a0f5e7aa8d8b19423f8aab317e7eef695b76f1b541a96af1c0f6194d3919a56260e3a461a0acbabd268f884265876b9601348179a976b620f39ca4bcab48 SHA512 d071770c4efce5c06137822cbf002d29c11b59f004afc537008417204851e05751df7b21140abc74e8439baa00d2e15bd596b4436f8e8aa5815ea8200018d007 diff --git a/net-misc/dahdi-tools/dahdi-tools-3.1.0-r1.ebuild b/net-misc/dahdi-tools/dahdi-tools-3.1.0-r1.ebuild new file mode 100644 index 000000000000..78ae825186b6 --- /dev/null +++ b/net-misc/dahdi-tools/dahdi-tools-3.1.0-r1.ebuild @@ -0,0 +1,64 @@ +# Copyright 1999-2021 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +inherit autotools bash-completion-r1 perl-functions + +DESCRIPTION="Userspace tools to configure the kernel modules from net-misc/dahdi" +HOMEPAGE="https://www.asterisk.org" +SRC_URI="https://downloads.asterisk.org/pub/telephony/${PN}/releases/${P}.tar.gz" + +LICENSE="LGPL-2.1" +SLOT="0" +KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86" +IUSE="ppp" +PATCHES=( + "${FILESDIR}/dahdi-nondigium-blacklist.patch" + "${FILESDIR}/dahdi-tools-3.1.0-parallel-make-no-config.patch" + "${FILESDIR}/dahdi-tools-3.1.0-fno-common.patch" + "${FILESDIR}/dahdi-tools-3.1.0-execinfo.patch" + "${FILESDIR}/dahdi-tools-3.1.0-cplusplusexternc.patch" +) + +DEPEND="dev-libs/newt + net-misc/dahdi + sys-kernel/linux-headers + virtual/libusb:0 + ppp? ( net-dialup/ppp )" +RDEPEND="${DEPEND} + dev-lang/perl:= + dev-perl/CGI" +BDEPEND="dev-lang/perl + sys-apps/file" + +src_prepare() { + default + eautoreconf +} + +src_configure() { + econf $(use_with ppp) --with-perllib="$(perl_get_vendorlib)" + sed -re 's/ -Werror($|[[:space:]])//' -i xpp/oct612x/Makefile.in || die "sed to eliminate -Werror failed." + sed -re '/[[:space:]]*-Werror[[:space:]]*\\$/ d' -i xpp/xtalk/Makefile || die "sed to eliminate -Werror failed." +} + +src_install() { + local bashcompdir="$(get_bashcompdir)" + local bashcmd bashcmdtarget + + emake DESTDIR="${ED}" bashcompdir="${bashcompdir}" udevrulesdir=/lib/udev/rules.d install + emake DESTDIR="${ED}" install-config + + dosbin patgen pattest patlooptest hdlcstress hdlctest hdlcgen hdlcverify timertest + + # install init scripts + newinitd "${FILESDIR}"/dahdi.init2 dahdi + newinitd "${FILESDIR}"/dahdi-autoconf.init2 dahdi-autoconf + newconfd "${FILESDIR}"/dahdi-autoconf.conf2 dahdi-autoconf + + bashcomp_alias dahdi $(sed -nre 's/^complete -F .* //p' "${ED}${bashcompdir}/dahdi" || + die "Error parsing dahdi bash completion file for commands") + + rm "${ED}"/usr/$(get_libdir)/libtonezone.{la,a} || die "Unable to remove static libs from install." +} diff --git a/net-misc/dhcpcd/Manifest b/net-misc/dhcpcd/Manifest index 95959871f993..6ba89c3db32a 100644 --- a/net-misc/dhcpcd/Manifest +++ b/net-misc/dhcpcd/Manifest @@ -6,8 +6,7 @@ DIST dhcpcd-8.1.9-patches-01.tar.xz 3208 BLAKE2B 38f59096c7fbe7beb3df11e492d3ef1 DIST dhcpcd-8.1.9.tar.xz 230288 BLAKE2B 5606ddfce37c67ac3d60257104fcf15bd7da65021b2c1261a45958b628cd066ccd9bc6b60bbb42f8280fcbbf9d4b1c7666b993c37f150b27ef2a0527a0fd5b96 SHA512 40ac106ffca60b32362aacdfae0fa3a2993a3eed72bf452322412a912f594aaade1c24b862233455033158a6e453ec75d6d14fa52df6b4c5ae435dd6ceb29f2a DIST dhcpcd-9.3.4.tar.xz 255212 BLAKE2B cd64dca55bd8adfcfa8ffb5f75a949c6f8aef9f1bf7925060590f7f5f0325e08de3c766c8ff780736eb2bed40ba3ae7b59c3cf3e03f2ad1bd7ff4c92aafb6370 SHA512 00125cbed9a20ba016cbb383c02ce61a58482dcf6c46144e573ee3759dbaf19b5f470eaf19038197d0ff4249c852773c537294bab30b5bf3f5bae4d754741517 DIST dhcpcd-9.4.0.tar.xz 256440 BLAKE2B 16d63e957dbdf49647806ebe69487edc96502f43af8b8b6c6e40311994611d2516e2c839fed41863b8509a0953421091577d4cb202ebda3b300f3b1c761c07ce SHA512 e2cff86564062e8d5f9c8f48f245ffa31406494e2fafadedabc1ba9932b534cbda064783ffdd7fb337544459aba2ef7e9b49ad0973120897dc04159747e8635f -EBUILD dhcpcd-8.1.9-r1.ebuild 4508 BLAKE2B f9e5b4a9a96877250ba0ffa8acea899271b6d0e68aebde6e346e82fd21606fd4e9731a963a65bd4dab92c4eb9e49573e047b92dd1f6dfa82f354149356b1edb9 SHA512 27e97d6e582f7f696645c43079791873df7815019b7107c4e99ec98b12f4ce18212c5a0db3ced54bab56de324d96d1ec6ae8917757f49a0016f8e845a007b32b -EBUILD dhcpcd-8.1.9.ebuild 4386 BLAKE2B 09d3f7a3bad9c03b427e18fe33d7aa54f1597b8a7389664d18c9cf01a21a5112a7a08177be703d9aee508f26c825f046b97f34b4e79e2bfef8b140e846bdc01c SHA512 1407f6718ecc06ccdd1728c4fbccb32e191bd731101529bf634ef53977f9f4a23eaefe568bd67592e2431df43c8f326b572c2d5cbacb15fe78ba369b6ff14597 +EBUILD dhcpcd-8.1.9-r1.ebuild 4505 BLAKE2B a1646a494c20d4d7038ec42941e4afaeac4cf1b2246f89eca4614ef060ad31813575218a3fdd121566001a0c41cf316ca50d91dde3ecd11603cd48c6d4bb47d0 SHA512 3ee0e788ceb7534702147458c192c57aed9e091a94cf0958f28f2a108890f1e07079aa024e964e9f529c62d2c1ce89cf3c54023d9f90ba34f41c9e24e3132ea4 EBUILD dhcpcd-9.3.4.ebuild 4613 BLAKE2B 7072757995a8936ad02afffed460ca109347410f27444e48dd28f3b58ca08a3506201a703292919da3a92032a4ec95c70f4f10e36e5a6791b17d1fa4830b56aa SHA512 9b7832ceb3ed64613dcaf52b8ab3b8a13737110197bdd275ea0a65ac7b0969d21e3be8c7153ab6cae727e0d22513aefe0aaa03708f0491f0c160e830cb415ebf EBUILD dhcpcd-9.4.0.ebuild 4613 BLAKE2B 7072757995a8936ad02afffed460ca109347410f27444e48dd28f3b58ca08a3506201a703292919da3a92032a4ec95c70f4f10e36e5a6791b17d1fa4830b56aa SHA512 9b7832ceb3ed64613dcaf52b8ab3b8a13737110197bdd275ea0a65ac7b0969d21e3be8c7153ab6cae727e0d22513aefe0aaa03708f0491f0c160e830cb415ebf EBUILD dhcpcd-9999.ebuild 4613 BLAKE2B 7072757995a8936ad02afffed460ca109347410f27444e48dd28f3b58ca08a3506201a703292919da3a92032a4ec95c70f4f10e36e5a6791b17d1fa4830b56aa SHA512 9b7832ceb3ed64613dcaf52b8ab3b8a13737110197bdd275ea0a65ac7b0969d21e3be8c7153ab6cae727e0d22513aefe0aaa03708f0491f0c160e830cb415ebf diff --git a/net-misc/dhcpcd/dhcpcd-8.1.9-r1.ebuild b/net-misc/dhcpcd/dhcpcd-8.1.9-r1.ebuild index c45dfd2e5609..87278eab090f 100644 --- a/net-misc/dhcpcd/dhcpcd-8.1.9-r1.ebuild +++ b/net-misc/dhcpcd/dhcpcd-8.1.9-r1.ebuild @@ -14,7 +14,7 @@ else MY_P="${MY_P/_rc/-rc}" SRC_URI="https://roy.marples.name/downloads/${PN}/${MY_P}.tar.xz https://dev.gentoo.org/~polynomial-c/${P}-patches-01.tar.xz" - KEYWORDS="~alpha amd64 ~arm arm64 ~hppa ~ia64 ~m68k ~mips ppc ~ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux" + KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv s390 sparc x86 ~amd64-linux ~x86-linux" S="${WORKDIR}/${MY_P}" fi diff --git a/net-misc/dhcpcd/dhcpcd-8.1.9.ebuild b/net-misc/dhcpcd/dhcpcd-8.1.9.ebuild deleted file mode 100644 index 78cc0a1b8c4c..000000000000 --- a/net-misc/dhcpcd/dhcpcd-8.1.9.ebuild +++ /dev/null @@ -1,144 +0,0 @@ -# Copyright 1999-2020 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=7 - -inherit systemd toolchain-funcs - -if [[ ${PV} == "9999" ]]; then - inherit git-r3 - EGIT_REPO_URI="https://roy.marples.name/git/dhcpcd.git" -else - MY_P="${P/_alpha/-alpha}" - MY_P="${MY_P/_beta/-beta}" - MY_P="${MY_P/_rc/-rc}" - SRC_URI="https://roy.marples.name/downloads/${PN}/${MY_P}.tar.xz" - KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv s390 sparc x86 ~amd64-linux ~x86-linux" - S="${WORKDIR}/${MY_P}" -fi - -DESCRIPTION="A fully featured, yet light weight RFC2131 compliant DHCP client" -HOMEPAGE="https://roy.marples.name/projects/dhcpcd" -LICENSE="BSD-2" -SLOT="0" -IUSE="elibc_glibc +embedded ipv6 kernel_linux +udev" - -COMMON_DEPEND="udev? ( virtual/udev )" -DEPEND="${COMMON_DEPEND}" -RDEPEND="${COMMON_DEPEND}" - -src_configure() { - local myeconfargs=( - --dbdir="${EPREFIX}/var/lib/dhcpcd" - --libexecdir="${EPREFIX}/lib/dhcpcd" - --localstatedir="${EPREFIX}/var" - --prefix="${EPREFIX}" - --with-hook=ntp.conf - $(use_enable embedded) - $(use_enable ipv6) - $(usex elibc_glibc '--with-hook=yp.conf' '') - $(usex kernel_linux '--rundir=${EPREFIX}/run' '') - $(usex udev '' '--without-dev --without-udev') - CC="$(tc-getCC)" - ) - econf "${myeconfargs[@]}" -} - -src_install() { - default - keepdir /var/lib/dhcpcd - newinitd "${FILESDIR}"/${PN}.initd ${PN} - systemd_dounit "${FILESDIR}"/${PN}.service -} - -pkg_postinst() { - local dbdir="${EROOT}"/var/lib/dhcpcd old_files=() - - local old_old_duid="${EROOT}"/var/lib/dhcpcd/dhcpcd.duid - local old_duid="${EROOT}"/etc/dhcpcd.duid - local new_duid="${dbdir}"/duid - if [[ -e "${old_old_duid}" ]] ; then - # Upgrade the duid file to the new format if needed - if ! grep -q '..:..:..:..:..:..' "${old_old_duid}"; then - sed -i -e 's/\(..\)/\1:/g; s/:$//g' "${old_old_duid}" - fi - - # Move the duid to /etc, a more sensible location - if [[ ! -e "${old_duid}" ]] ; then - cp -p "${old_old_duid}" "${new_duid}" - fi - old_files+=( "${old_old_duid}" ) - fi - - # dhcpcd-7 moves the files out of /etc - if [[ -e "${old_duid}" ]] ; then - if [[ ! -e "${new_duid}" ]] ; then - cp -p "${old_duid}" "${new_duid}" - fi - old_files+=( "${old_duid}" ) - fi - local old_secret="${EROOT}"/etc/dhcpcd.secret - local new_secret="${dbdir}"/secret - if [[ -e "${old_secret}" ]] ; then - if [[ ! -e "${new_secret}" ]] ; then - cp -p "${old_secret}" "${new_secret}" - fi - old_files+=( "${old_secret}" ) - fi - - # dhcpcd-7 renames some files in /var/lib/dhcpcd - local old_rdm="${dbdir}"/dhcpcd-rdm.monotonic - local new_rdm="${dbdir}"/rdm_monotonic - if [[ -e "${old_rdm}" ]] ; then - if [[ ! -e "${new_rdm}" ]] ; then - cp -p "${old_rdm}" "${new_rdm}" - fi - old_files+=( "${old_rdm}" ) - fi - local lease= - for lease in "${dbdir}"/dhcpcd-*.lease*; do - [[ -f "${lease}" ]] || continue - old_files+=( "${lease}" ) - local new_lease=$(basename "${lease}" | sed -e "s/dhcpcd-//") - [[ -e "${dbdir}/${new_lease}" ]] && continue - cp "${lease}" "${dbdir}/${new_lease}" - done - - # Warn about removing stale files - if [[ -n "${old_files[@]}" ]] ; then - elog - elog "dhcpcd-7 has copied dhcpcd.duid and dhcpcd.secret from" - elog "${EROOT}/etc to ${dbdir}" - elog "and copied leases in ${dbdir} to new files with the dhcpcd-" - elog "prefix dropped." - elog - elog "You should remove these files if you don't plan on reverting" - elog "to an older version:" - local old_file= - for old_file in ${old_files[@]}; do - elog " ${old_file}" - done - fi - - if [ -z "${REPLACING_VERSIONS}" ]; then - elog - elog "dhcpcd has zeroconf support active by default." - elog "This means it will always obtain an IP address even if no" - elog "DHCP server can be contacted, which will break any existing" - elog "failover support you may have configured in your net configuration." - elog "This behaviour can be controlled with the noipv4ll configuration" - elog "file option or the -L command line switch." - elog "See the dhcpcd and dhcpcd.conf man pages for more details." - - elog - elog "Dhcpcd has duid enabled by default, and this may cause issues" - elog "with some dhcp servers. For more information, see" - elog "https://bugs.gentoo.org/show_bug.cgi?id=477356" - fi - - if ! has_version net-dns/bind-tools; then - elog - elog "If you activate the lookup-hostname hook to look up your hostname" - elog "using the dns, you need to install net-dns/bind-tools." - fi -} diff --git a/net-misc/dropbox/Manifest b/net-misc/dropbox/Manifest index b4a0c4661d39..6a3358a9f045 100644 --- a/net-misc/dropbox/Manifest +++ b/net-misc/dropbox/Manifest @@ -3,8 +3,11 @@ AUX dropbox.initd 1581 BLAKE2B c23a753b7e4d1132d516d607e0eee35072130f6e66c59af00 AUX dropbox_at.service-r2 1582 BLAKE2B 7a5d8eb1e99d6a9f6cc7d903d8d2cb6b124b4a5217e978d05f0afb08de90b3634bb802bd075a053b84b0ec4f5ef6643d2efb00beb964f9f14dd3dd234806358b SHA512 ce465614c848103ac19d3782bf55508ab9b3a3f1c0159cd0ccb7daa7374f014382b30a99bf2eb5488ab4474cad953ce0b4710c8222e5196ea49672db5d183b85 DIST dropbox-lnx.x86-112.4.321.tar.gz 99004752 BLAKE2B adec5e29703d36ceadcaed1447b03d5edfd2249f06ab295c55c87684bf4b4c9c59a49a59b71158c17908753cb4dac51e17629cc2fb07c4b44d32d094cecae8e5 SHA512 222cb754713233b05fcf918995ca21d5b5663757304d1303534007872ea83e432641fa13b758b21dcd24568b63fd88b3fed1e45d15b0422226040e655796d369 DIST dropbox-lnx.x86-113.4.507.tar.gz 100113763 BLAKE2B 6340195b5d6d47b077e4a7b335c4c1d3298d6504503fb39bc71e407d7e8e09cd80afaed9df84dd4e7ea875a8adf28279d9d348f54905958034152fd201b4e4cf SHA512 4e74df30a7debd5c8e2aca4a2494178392d6646bc7dd1966a3aa730b43f0759251a046a7e9266ce68f683786ef9998e71718be1769c574019d688b6420f7ee17 +DIST dropbox-lnx.x86-114.4.426.tar.gz 100421824 BLAKE2B 1070be0d3607c8f3df0277dcae282bce704578d9c02fd191f32503dc1f152e6861b3945d19b186eda23ac8676b8e7da31050bc954a25e1b33fb4a4098d22f48c SHA512 d64ecd9889ab46c50ee6e2d7978afca3fa34fe3093f68ce2b328e488bb536a61a54c9c835be32765200e382dbaab3d8c025cf185998371793fb202c0998ab5f2 DIST dropbox-lnx.x86_64-112.4.321.tar.gz 103084021 BLAKE2B 96c15e627434557663712bd6f679efd11b8a6e353757becf1a09830e6f16fb5652159af9601ae1ca84ec397aee277161bcaf1988589b782c43ec433b7ed69a66 SHA512 e22c5595ba5dc90e3fcc958be92ac5fb403f76d8567a03bcfb14e5ea058147f23564de6a2d020a37da4f5a0c34dc85ccbc528bf1f1c683b370899e22f6e652ab DIST dropbox-lnx.x86_64-113.4.507.tar.gz 103671827 BLAKE2B 32bab397f2a964c63a733bdd5834cae5a872346fd56f539ce55df91755e8d4c9195e77723ca9d345fea5769163d15cd19406d28c9d4ff76b61d45ec77d729b78 SHA512 473282044032bab21e0d24c6987343b1cfdad98a4f608336d6c6af50e613e201ed71d56e5d231252e2eb3df236cdbba7c74ef1b6378fa88b1bce5995113d660d +DIST dropbox-lnx.x86_64-114.4.426.tar.gz 104003045 BLAKE2B f71e9aba191f7258588aeb2cf2459eb0d9311c5c56e711f9b2932b8dfe2070cc0f1a20d3cfc9fc710ad75093e18fa494f9a42a6ff23d3e231e76edd29146612a SHA512 c9d42944e81fdb1ad315c388acdfba4b3da53bf90b6265c8ca030152c39ac0a60e8d064b1c47df7d8ecaca8b0801ad0851a2252d2241580cfc479cbf76e9fc3b EBUILD dropbox-112.4.321.ebuild 2617 BLAKE2B 4c3c0dff5562ba9d40f10b6b5754a5f4ee8011bc7331a0ad9e2d89997a22e00752c8a062a24a4c49404fd6b2743f814b31e792c25ecbeecd0340a4edf33ddebb SHA512 3a89190dd79b8eb50e33262c3a76fd63476c09c42cdb7026abb72e4fd1eb109c92f0f6c09903af4874cb72c271998ceb21723a6f893fb954eade67c1be860765 EBUILD dropbox-113.4.507.ebuild 2619 BLAKE2B d06e213989e8f510e35428371d832f5a8b3828843ae8c932e563130fa79964a8e2a56d4ddab37d978e08579819f578aeffa94fa9700cdc12191b53699903e2ab SHA512 00717249a02ad1415ca9ae63dfed9d062474148800fe343a9b78f7156353b51403862cd52207222cefc9a67021c8c15509aac2d2bba9ea00de11f22bee0e885d +EBUILD dropbox-114.4.426.ebuild 2619 BLAKE2B d06e213989e8f510e35428371d832f5a8b3828843ae8c932e563130fa79964a8e2a56d4ddab37d978e08579819f578aeffa94fa9700cdc12191b53699903e2ab SHA512 00717249a02ad1415ca9ae63dfed9d062474148800fe343a9b78f7156353b51403862cd52207222cefc9a67021c8c15509aac2d2bba9ea00de11f22bee0e885d MISC metadata.xml 335 BLAKE2B 6b61d3baf32526555421f8507defe48e5dff38e51a27fdbe7a3006a1083f2334b5ea83d4d4d9cf87b45af211a267a31e8bec805a1db1766087090455268fe724 SHA512 ee923a78e49b35d74453bdf51ce5be59f695f5aaf54f7ff58eb2d3165dc9acf97371110f92456a5a39d862a5ebe967c3225489ba407c6ea1250443868255613a diff --git a/net-misc/dropbox/dropbox-114.4.426.ebuild b/net-misc/dropbox/dropbox-114.4.426.ebuild new file mode 100644 index 000000000000..a77b20f7a3b2 --- /dev/null +++ b/net-misc/dropbox/dropbox-114.4.426.ebuild @@ -0,0 +1,102 @@ +# Copyright 1999-2021 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +inherit desktop pax-utils systemd xdg + +DESCRIPTION="Dropbox daemon (pretends to be GUI-less)" +HOMEPAGE="https://www.dropbox.com/" +SRC_URI=" + amd64? ( https://clientupdates.dropboxstatic.com/dbx-releng/client/dropbox-lnx.x86_64-${PV}.tar.gz ) + x86? ( https://clientupdates.dropboxstatic.com/dbx-releng/client/dropbox-lnx.x86-${PV}.tar.gz )" + +LICENSE="BSD-2 CC-BY-ND-3.0 FTL MIT LGPL-2 openssl dropbox" +SLOT="0" +KEYWORDS="~amd64 ~x86 ~x86-linux" +IUSE="selinux X" + +RESTRICT="mirror strip" + +QA_PREBUILT="opt/.*" +QA_EXECSTACK="opt/dropbox/dropbox" + +BDEPEND="dev-util/patchelf" + +# Be sure to have GLIBCXX_3.4.9, #393125 +RDEPEND=" + X? ( + x11-themes/hicolor-icon-theme + ) + selinux? ( sec-policy/selinux-dropbox ) + app-arch/bzip2 + dev-libs/glib:2 + dev-libs/libffi-compat:6 + media-libs/fontconfig + media-libs/freetype + net-misc/wget + sys-libs/zlib + sys-libs/ncurses-compat:5 + virtual/opengl + x11-libs/libICE + x11-libs/libSM + x11-libs/libX11 +" + +src_unpack() { + unpack ${A} + mkdir -p "${S}" || die + mv "${WORKDIR}"/.dropbox-dist/* "${S}" || die + mv "${S}"/dropbox-lnx.*-${PV}/* "${S}" || die + rmdir "${S}"/dropbox-lnx.*-${PV}/ || die + rmdir .dropbox-dist || die +} + +src_prepare() { + default + # we supply all of these in RDEPEND + rm -vf libGL.so.1 libX11* libffi.so.6 || die + # some of these do not appear to be used + rm -vf libQt5{OpenGL,PrintSupport,Qml,Quick,Sql,WebKit,WebKitWidgets}.so.5 \ + PyQt5.QtPrintSupport.* PyQt5.QtQml.* PyQt5.QtQuick.* \ + wmctrl libdrm.so.2 libpopt.so.0 || die + if use X ; then + mv images/hicolor/16x16/status "${T}" || die + else + rm -vrf images || die + fi + patchelf --set-rpath '$ORIGIN' \ + apex._apex.*.so \ + nucleus_python.*.so \ + tprt.*.so \ + || die + pax-mark cm dropbox + mv README ACKNOWLEDGEMENTS "${T}" || die +} + +src_install() { + local targetdir="/opt/dropbox" + + insinto "${targetdir}" + doins -r * + fperms a+x "${targetdir}"/{dropbox,dropboxd} + dosym "${targetdir}/dropboxd" "/opt/bin/dropbox" + + use X && doicon -s 16 -c status "${T}"/status + + make_desktop_entry "${PN}" "Dropbox" "dropboxstatus-logo" + + newinitd "${FILESDIR}"/dropbox.initd dropbox + newconfd "${FILESDIR}"/dropbox.conf dropbox + systemd_newunit "${FILESDIR}"/dropbox_at.service-r2 "dropbox@.service" + + dodoc "${T}"/{README,ACKNOWLEDGEMENTS} +} + +pkg_postinst() { + einfo "Warning: while running, dropbox may attempt to autoupdate itself in" + einfo " your user's home directory. To prevent this, run the following as" + einfo " each user who will run dropbox:" + einfo "" + einfo "install -dm0 ~/.dropbox-dist" +} diff --git a/net-misc/electrum/Manifest b/net-misc/electrum/Manifest index e26dd8fc8db7..c12c599a9a18 100644 --- a/net-misc/electrum/Manifest +++ b/net-misc/electrum/Manifest @@ -1,5 +1,5 @@ AUX 3.1.2-no-user-root.patch 847 BLAKE2B 7c682268f4f76884b364fad9dfef63931ffb694c529b3fb17d6c579bf908872b4bfcca6edbe1aa30b93475aa4891283c196cd803579654988d1a1a73d42f1afa SHA512 e4d94693f4a01577b9c4e1e1ce8ef71e9d2ae74edb4c1cad11c6c5615ed50df3ed5f785ff69ff869f534cb4887e21c1cc263fa94972bebc31b5421e0b7be4173 AUX 3.3.2-desktop.patch 685 BLAKE2B b946f95ad017048e957e8567b7ce52ed085bb15daa155509ab08c447eb32d3d984696d636dbe46456a09dfb3ca93b1619bb6a4d90654ee46f43c662661debafe SHA512 a7c826e736f1661821d846ff8443dedeaa49a82f7e7a1a8f23924dbc1c9c12d71f5d8056e592ff8c6d44fc8bf4483f09e3b8d1e262b3ef408991f01ca1a283ff DIST electrum-4.0.9.gh.tar.gz 4435268 BLAKE2B e1dfe319f7b4beffd039164c97d247f5d267d9d99313480bf06f9b748d095b33859cd8ea5dd5a135b38a1a206858e08ce500af8982ef7a6e3b3f7ff0233b9637 SHA512 a9a04163c8d76006ca18e1c50f38cabd7c3d7d75b16c8504627b9eb49bf9dca91800e18a585e7afd0b98fafeeeb821b967bea29928a46d10f65f0abc3fb90887 -EBUILD electrum-4.0.9.ebuild 2259 BLAKE2B e35312a6120d7ceda9dffeb82aec6906fcd9a90bf6bbab6532e8f175f6071fe041082abe2eb561bb327087d5d76dafa206422be6b829869b61a339841b971461 SHA512 b338779cb71efb56ad25160315d181a33598a954f129359da9c4c776c220cdf72b2e8ab8a3757efe31f46da30ffe6630ac01c530e219caf5b3a6bac8f180b45d +EBUILD electrum-4.0.9-r1.ebuild 2260 BLAKE2B 1dbd886cb2cc22c269b81828b4df45d276d9424efef55fddb649672f60e8f4f51722adf499121805dde09b830670aa14d303f6cf6891b177fb697511c822759a SHA512 c7bd0ce09c2badf2aecb33d10a195d8c27360726cafbf0ea14f247f440b8e6178e08cd87a55db9e9d84dabb7433603daa53750c79cd667f760b51663628c7591 MISC metadata.xml 653 BLAKE2B f58eed53ddc5608c39d763bef2b9543ce30c65a97afe157b84522b1367d19594855c5f8e39424af90c88934938601d98c5877f7d1d081aa5cc5be45cf19044a2 SHA512 a2d76c85cf2e409a1b0aa6449e43e82f1d88a4d7fa72c6282c7f7e55819d13b04dc733e3b297635aca1cb65136822b447feedf76358b948738489f8e0de97ea6 diff --git a/net-misc/electrum/electrum-4.0.9-r1.ebuild b/net-misc/electrum/electrum-4.0.9-r1.ebuild new file mode 100644 index 000000000000..a48fd6c524dd --- /dev/null +++ b/net-misc/electrum/electrum-4.0.9-r1.ebuild @@ -0,0 +1,93 @@ +# Copyright 1999-2021 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI="7" + +PYTHON_COMPAT=( python3_{6..8} ) +PYTHON_REQ_USE="ncurses?" + +inherit desktop distutils-r1 xdg-utils + +DESCRIPTION="User friendly Bitcoin client" +HOMEPAGE="https://electrum.org/" +SRC_URI=" + https://github.com/spesmilo/electrum/archive/${PV}.tar.gz + -> ${P}.gh.tar.gz" + +LICENSE="MIT" +SLOT="0" +KEYWORDS="amd64 x86" +IUSE="cli ncurses qrcode +qt5" +REQUIRED_USE="|| ( cli ncurses qt5 )" + +RDEPEND="${PYTHON_DEPS} + dev-libs/libsecp256k1 + >=dev-python/aiohttp-socks-0.3[${PYTHON_USEDEP}] + =dev-python/aiorpcX-0.18*[${PYTHON_USEDEP}] + >=dev-python/attrs-19.2.0[${PYTHON_USEDEP}] + dev-python/bitstring[${PYTHON_USEDEP}] + dev-python/cryptography[${PYTHON_USEDEP}] + >=dev-python/dnspython-2[${PYTHON_USEDEP}] + dev-python/pbkdf2[${PYTHON_USEDEP}] + dev-python/PySocks[${PYTHON_USEDEP}] + dev-python/qrcode[${PYTHON_USEDEP}] + dev-python/requests[${PYTHON_USEDEP}] + dev-python/setuptools[${PYTHON_USEDEP}] + dev-python/six[${PYTHON_USEDEP}] + >=dev-python/protobuf-python-3.12[${PYTHON_USEDEP}] + qrcode? ( media-gfx/zbar[v4l] ) + qt5? ( + dev-python/PyQt5[gui,widgets,${PYTHON_USEDEP}] + ) + ncurses? ( $(python_gen_impl_dep 'ncurses') ) +" +BDEPEND=" + test? ( + dev-python/pyaes[${PYTHON_USEDEP}] + dev-python/pycryptodome[${PYTHON_USEDEP}] + ) +" + +distutils_enable_tests pytest + +src_prepare() { + eapply "${FILESDIR}/3.1.2-no-user-root.patch" + eapply "${FILESDIR}/3.3.2-desktop.patch" + + # Prevent icon from being installed in the wrong location + sed -i '/icons_dirname/d' setup.py || die + + # use backwards-compatible cryptodome API + sed -i -e 's:Cryptodome:Crypto:' electrum/crypto.py || die + + local bestgui + if use qt5; then + bestgui=qt + elif use ncurses; then + bestgui=text + else + bestgui=stdio + fi + sed -i 's/^\([[:space:]]*\)\(config_options\['\''cwd'\''\] = .*\)$/\1\2\n\1config_options.setdefault("gui", "'"${bestgui}"'")\n/' ${PN}/${PN} || die + + eapply_user + + xdg_environment_reset + distutils-r1_src_prepare +} + +src_install() { + doicon -s 128 electrum/gui/icons/${PN}.png + dodoc RELEASE-NOTES + distutils-r1_src_install +} + +pkg_postinst() { + xdg_icon_cache_update + xdg_desktop_database_update +} + +pkg_postrm() { + xdg_icon_cache_update + xdg_desktop_database_update +} diff --git a/net-misc/electrum/electrum-4.0.9.ebuild b/net-misc/electrum/electrum-4.0.9.ebuild deleted file mode 100644 index d7fd3b935ca9..000000000000 --- a/net-misc/electrum/electrum-4.0.9.ebuild +++ /dev/null @@ -1,93 +0,0 @@ -# Copyright 1999-2021 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI="7" - -PYTHON_COMPAT=( python3_{6..8} ) -PYTHON_REQ_USE="ncurses?" - -inherit desktop distutils-r1 xdg-utils - -DESCRIPTION="User friendly Bitcoin client" -HOMEPAGE="https://electrum.org/" -SRC_URI=" - https://github.com/spesmilo/electrum/archive/${PV}.tar.gz - -> ${P}.gh.tar.gz" - -LICENSE="MIT" -SLOT="0" -KEYWORDS="amd64 x86" -IUSE="cli ncurses qrcode +qt5" -REQUIRED_USE="|| ( cli ncurses qt5 )" - -RDEPEND="${PYTHON_DEPS} - dev-libs/libsecp256k1 - >=dev-python/aiohttp-socks-0.3[${PYTHON_USEDEP}] - =dev-python/aiorpcX-0.18*[${PYTHON_USEDEP}] - >=dev-python/attrs-19.2.0[${PYTHON_USEDEP}] - dev-python/bitstring[${PYTHON_USEDEP}] - dev-python/cryptography[${PYTHON_USEDEP}] - =dev-python/protobuf-python-3.12[${PYTHON_USEDEP}] - qrcode? ( media-gfx/zbar[v4l] ) - qt5? ( - dev-python/PyQt5[gui,widgets,${PYTHON_USEDEP}] - ) - ncurses? ( $(python_gen_impl_dep 'ncurses') ) -" -BDEPEND=" - test? ( - dev-python/pyaes[${PYTHON_USEDEP}] - dev-python/pycryptodome[${PYTHON_USEDEP}] - ) -" - -distutils_enable_tests pytest - -src_prepare() { - eapply "${FILESDIR}/3.1.2-no-user-root.patch" - eapply "${FILESDIR}/3.3.2-desktop.patch" - - # Prevent icon from being installed in the wrong location - sed -i '/icons_dirname/d' setup.py || die - - # use backwards-compatible cryptodome API - sed -i -e 's:Cryptodome:Crypto:' electrum/crypto.py || die - - local bestgui - if use qt5; then - bestgui=qt - elif use ncurses; then - bestgui=text - else - bestgui=stdio - fi - sed -i 's/^\([[:space:]]*\)\(config_options\['\''cwd'\''\] = .*\)$/\1\2\n\1config_options.setdefault("gui", "'"${bestgui}"'")\n/' ${PN}/${PN} || die - - eapply_user - - xdg_environment_reset - distutils-r1_src_prepare -} - -src_install() { - doicon -s 128 electrum/gui/icons/${PN}.png - dodoc RELEASE-NOTES - distutils-r1_src_install -} - -pkg_postinst() { - xdg_icon_cache_update - xdg_desktop_database_update -} - -pkg_postrm() { - xdg_icon_cache_update - xdg_desktop_database_update -} diff --git a/net-misc/httpie/Manifest b/net-misc/httpie/Manifest index 30202c6061cd..6fe75c8cfd6f 100644 --- a/net-misc/httpie/Manifest +++ b/net-misc/httpie/Manifest @@ -1,5 +1,5 @@ DIST httpie-2.2.0.tar.gz 1761927 BLAKE2B 3ce8acf4abf9cb189315e07e7f9c8dfc1b0a537696a2c9fd795e8e944c85c1df8e7e13fbaee68d3b93115296ba048e664d31245fe2c6b832123818292b4fac8d SHA512 00c1f34041854319816d7d643a79358723c27a3744f405d629b5361685745bfdd8ce0a0f127cb3d6746e46405d24562625ca37733a5955809d7bfc077ae5c533 DIST httpie-2.3.0.tar.gz 1769401 BLAKE2B e9bb5ca9ebb5fde3bed66ba15c46cccff1f8d5d01841f954fe4d19be92d3282cd3c19e1fc34b42fe1c36798438aa116f5bb91147864be9d8ee37030cb7796e16 SHA512 d0c5b46075892e9d6df76c1e3b430fcd768238c7fbdeda51368dc1bc7c657efc901088ccb7f1e6fc6e4f54dde4c9bcbe626dfa926c8ca1a6bcfd12e522414505 EBUILD httpie-2.2.0.ebuild 1049 BLAKE2B 14c805d3d274998fcd8dc8c559730024d38f54cd20b0dc8dbb585003330702f5c7bb4d549c5bf594810d00686dffde61abcb526649f1d021506a77c84841b526 SHA512 126244d16e874663315fe0ece6e7be2107f11974d8c7f0fd072860cc518eeef9705b7626ed95e12a4d218f51e30e4623c823c9c91e8f8e07fac66c2f45eead2f -EBUILD httpie-2.3.0.ebuild 1584 BLAKE2B c8d60fbff18093bf340e7c9daf0762620a0cb3e5b6da0728f877a12094adabc97398459ac5ba0a73d206fb2f87d7ea2e9d87588798dbeda863807b3bef719574 SHA512 1d4cccb1bedff4692cac69cc08a358ddffb1c907ad71f7247adb23220b0b0ea9251761102c7ce9be95a74582ca7b2e0268be772a470cf4a2f1f90d8645dc368b +EBUILD httpie-2.3.0.ebuild 1583 BLAKE2B 8b2ac0b899b204e6ea92d7e159efd0256cea761820469144091a1e8c748b0f1552ad74b2cbe4acd84c75d7adb94feba77c452164cc2e53e17b3c8e6e6deb1892 SHA512 55129562c9fec816f6dba80d415e3d5ca71b3c79a3f8965b99b79ea83f76e738762da1fe1f59ba9aa7eea128c33c36b7171d02a7262ce8d32e2a7e65a9dd595e MISC metadata.xml 749 BLAKE2B cb920766146fcc33952835a6e2fff7aeb12dff221655b53550a5158679639256529d51165dc25697ceac13113c6b34e3b174f75fb34e448c0d3121790324c06b SHA512 c3da003a8f72ab4df475211a13c35d83b0cbae2883fa7babecc3325c16ad967f80c25e6c28b35d1a120dba627a82ff629dde26aae62ad6e86494579e2e3eff3d diff --git a/net-misc/httpie/httpie-2.3.0.ebuild b/net-misc/httpie/httpie-2.3.0.ebuild index d0e3cc6c1872..0747450cda44 100644 --- a/net-misc/httpie/httpie-2.3.0.ebuild +++ b/net-misc/httpie/httpie-2.3.0.ebuild @@ -1,4 +1,4 @@ -# Copyright 1999-2020 Gentoo Authors +# Copyright 1999-2021 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=7 @@ -15,7 +15,7 @@ SRC_URI="https://github.com/jakubroztocil/httpie/archive/${PV}.tar.gz -> ${P}.ta LICENSE="BSD" SLOT="0" -KEYWORDS="~amd64 ~x86" +KEYWORDS="amd64 ~x86" IUSE="test" RESTRICT="!test? ( test )" diff --git a/net-misc/iputils/Manifest b/net-misc/iputils/Manifest index 23ff8aacdd54..f0c129ab79d4 100644 --- a/net-misc/iputils/Manifest +++ b/net-misc/iputils/Manifest @@ -2,11 +2,14 @@ AUX iputils-20150815-nonroot-floodping.patch 406 BLAKE2B 18c9adf92bb64ddae4a62aa AUX iputils-20190709-arping-revert-partially-fix-sent-vs-received-package.patch 1134 BLAKE2B cb6a700f3b0681e6abf5bfcfed3b5b4736aeba481e1b5334193cc32dab8e21134ed729d1b6b098495e46f59416f9d2c29f186b87143adcb2824f08058c7792ce SHA512 4e8bd9d4ae752dcdcb169eec1c42bc16d3f89cd1579140db74c3883da54145faea875513aca4bf8241208253b8950590fd615fe2ea7e448d431d509ff2e8dc03 AUX iputils-20190709-ping-fix-main-loop-over-multiple-addrinfo-results.patch 2852 BLAKE2B a9375c41ba6dde249ec2a0a287eef68228198c7132dd145550c55a6f42b29d2e53160ef9a99455e0f60e2bb738f1a2dbeff016f2ce6903ead58c75bdcafeb618 SHA512 e9f322620ce2e10830c7127fdb64e68ea7bad59620e8b1ffd10ec9ee9f49f74500f0efe25de62feb0e1dd3cbd37af744263b53deeae8d78d44a6b9d335686afc AUX iputils-20190709-ping-try-next-addrinfo-on-connect-failure.patch 7935 BLAKE2B 550fc998feb6accae244baf8334d522ffcd6c464756f465c17298bef5338c8e746345026b72c95ff86aa14ef85223ca8cad4e00040f66b4e7aab3526296fc411 SHA512 1da0f189d47cb0b31cea5d1ea8081fbb2be0e55fb5b206cb366dce467bf0e557a2b77b2c8007993bdc91006a5f290269ae70e5d7e50f7fa5bdde93b0079d4e07 +AUX iputils-20200821-fclose.patch 1764 BLAKE2B d74fa527970ede1c52f5a361debe06f46d81821356008429165d7ccd4952e61610b567d9c7008b8ba0d6cf909af8bcc5026dc4b724e441486ff15307f32659f7 SHA512 b17db5137e4ebd1a32d2e051152f6f726b2c6350356ba57262f68a57765f8129a4af27c78620b46ed927217e543937b8f4ba0969ae64aeaa6e67d07c361341fe +AUX iputils-20200821-getrandom-fallback.patch 1056 BLAKE2B 27cf7f9711f877bc55238cccc8714b17bf6e731d0e070e87ed915cf7d18f18019c768d2cea58048795772003408bbcc65c0a12f2fa3ca099b16d84e2ac558b7e SHA512 b1366b67dbee58744ac03dfda3d3daee4f86fada8cb5e44a9ed84ae669cfd2735aee6b21b80d7835e07ec5c42524f359601f6b09b0ac38dd93a18c319db98fe7 +AUX iputils-20200821-install-sbindir.patch 894 BLAKE2B 5947e4d94b802b23ba6160f47bf51208ebf5e056961fe8dee37c67a21dad3e485ebfaca0937089b65514f3c9ac14d0c161c200cdaa17f820e381679eef278214 SHA512 0cf552b0b2770aa061d8edf7a0b1a24ef58c8d1ded4d266224e56644281c9f19c724ee722eb7f35eac9c4a4e493089558a4d961686308a7ded3f776d2fca9553 DIST iputils-20190709.tar.gz 404101 BLAKE2B 38e66366cc13a77b7da1a85afe7245891c6c7069c218bc8d5d0dd3664d07a5c4004aa6fc56c192b90bfacf2e5e103997cd671a236aa0a9932a5818eca1e10744 SHA512 5db18ac49fa46ed810da4d508e78f4baf2d5c07e7f923eb49d005ad8745743d8861e5788b34a7e37fb7261cee7ddfb768b737eee9d200502ea53537142cac6b5 DIST iputils-20200821.tar.gz 504852 BLAKE2B 3ce31554937e28ca3edd204b4b4ba2d11a5eab4ed0d9257cc1f0df38e3ac4d9093f786f308c96c35e1b4909be5de51a0bfb25d890269d9bd7bdd3ea5f612c299 SHA512 4a57c3637cdd9aab2600682774e27370716cbdf1c7ac8ae61bf86c21c08701a5b697792df4aa95309b196eaa74f3cb6b2836a40f04da0e602156e982ac99d8c9 DIST iputils-manpages-20190709.tar.xz 27588 BLAKE2B 9780a96dfde077625a7a499182511066ede63ca364d2de729403354af7cea6b25629da1408ee2081f9da1b21756ee956d04642ea36d05ee02ef7ef05b66c1ad5 SHA512 4de796666426574bd134f4c4ea4d560d8e3eae8bd8ac19b89793fe252a1ef9eebd1833cafb72a2987118f3061eaf00da8a2468e8bced1568611f9391a1203066 DIST iputils-manpages-20200821.tar.xz 19200 BLAKE2B 7d139ccac181eb3d74e3dcd2ba28cb906a0002aa4922de3e37771e2063234fa12428fa44bab3b50e43c40576a66d585a7460cf550afbeacd665fc41a3333d11a SHA512 0dd385565c9a15dfce668d637e055004a347056ee56260a4e726e7aa5ba5a6374aea8e9fc848dfe36b7609e5d92cb8c21f3e88f2d63e7cfe299489e41a17dc33 EBUILD iputils-20190709-r1.ebuild 4987 BLAKE2B e3eae89daf8659c2b2906f1dd4fa12216b19ac2525fc5e11a7f43fc03794959813442c1a95d5b66dba1adb3850bd8b3022767b677e85e92e116a459cf6c2969a SHA512 e7857644e9f152d1d02e951f113c52bfbd7a21444d8ea302d986cbc777c936a9a687fb7dde8637defe95be71acf19b26bad66b346489db8d01050a795fb4c204 -EBUILD iputils-20200821.ebuild 4261 BLAKE2B d8a4ad95cec1b2844bfa24a361095ea65fa4790574ac98d790965f3fd46b72160612dff06f8af9b74dd053bc3ab69690e8dad70c456e0e3d72803e450be99a51 SHA512 27a7457a88419f85464c11a5ffb275ef760b99120d123afed63562328b372b2e53370cbcb8f8bbe6609504045a8f638d6c6117129639d5c0c67326fbedb559d6 +EBUILD iputils-20200821-r2.ebuild 4416 BLAKE2B 3b6053527978f651a281e431ccb9cd42fa098118696c2a9008b0428784e9e8dd77a3b27154c33b425204c16976cef162b04b4cadb5991d3e24456d21e18a7157 SHA512 3efad2ee4e6a67a3b3be3b0aa2d12e478c35856ad11aad2e8b0bca00311e7af807cf53ffe335c8fce129ad4ecc0d6c18e632af653b510ffe6a95571992f4ef4b EBUILD iputils-99999999.ebuild 4262 BLAKE2B feecdd0bf22c8d073a0bf7518a331a98ca3f25b3369a0c3b423af8ff6daf4c4cd784bea2b2c3778ad6afaa01945ab847ade6de2387363b49ecb69f9c2884214e SHA512 393681126d1272b16700ff36bd9597d66cc7000255eefc9bb48a4407869119dbdf6060bf57e29eb32279986552bfa10de4fb2a45be8bd495c4af37457fbbd2a3 MISC metadata.xml 1625 BLAKE2B c29d113e691929f035c7dffbe52e043c1552941565a51021efe401a299aebb5d818ff33a1c99ae086bdc5ecd5a1063db5180b8bd1107dc103e45a8c9450913d2 SHA512 86d64befb808172b14c5e5c53fdc901d51f380045dcc5f42cf770ec03c1722a78677824c2a4823357bdce438edc92cf3d3340436968935c615fa49c4173cc17e diff --git a/net-misc/iputils/files/iputils-20200821-fclose.patch b/net-misc/iputils/files/iputils-20200821-fclose.patch new file mode 100644 index 000000000000..cc370f0a5561 --- /dev/null +++ b/net-misc/iputils/files/iputils-20200821-fclose.patch @@ -0,0 +1,45 @@ +From e1c3d09b412ad0d022178344b8cbf748dc60f17f Mon Sep 17 00:00:00 2001 +From: Mike Gilbert +Date: Sun, 24 Jan 2021 23:29:27 -0500 +Subject: [PATCH] tftpd: recvfile: avoid closing the file twice + +The close_stream function calls fclose, so don't call it again. + +This resolves an abort in glibc: + + Message: Process 1038079 (tftpd) of user 65534 dumped core. + + Stack trace of thread 1038079: + #0 0x00007f5f650ed204 raise (libc.so.6 + 0x39204) + #1 0x00007f5f650d6547 abort (libc.so.6 + 0x22547) + #2 0x00007f5f6512f25f n/a (libc.so.6 + 0x7b25f) + #3 0x00007f5f651372fa n/a (libc.so.6 + 0x832fa) + #4 0x00007f5f65138dc2 n/a (libc.so.6 + 0x84dc2) + #5 0x00007f5f65124b2f fclose (libc.so.6 + 0x70b2f) + #6 0x000055571a50de73 recvfile (tftpd + 0x2e73) + #7 0x000055571a50e064 tftp (tftpd + 0x3064) + #8 0x000055571a50e387 tftpd_inetd (tftpd + 0x3387) + #9 0x000055571a50e50f main (tftpd + 0x350f) + #10 0x00007f5f650d7e6d __libc_start_main (libc.so.6 + 0x23e6d) + #11 0x000055571a50d3ca _start (tftpd + 0x23ca) + +Fixes: 5d6be65 ("tftpd: remove global variables by using a run state struct") + +Reviewed-by: Petr Vorel +Signed-off-by: Mike Gilbert +--- + tftpd/tftpd.c | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/tftpd/tftpd.c b/tftpd/tftpd.c +index 42998f9b..a09d32ba 100644 +--- a/tftpd/tftpd.c ++++ b/tftpd/tftpd.c +@@ -387,7 +387,6 @@ void recvfile(struct run_state *ctl, struct formats *pf) + write_behind(ctl->file, pf->f_convert); + if (close_stream(ctl->file)) + syslog(LOG_ERR, "tftpd: write error: %s\n", strerror(errno)); +- fclose(ctl->file); /* close data file */ + + ap->th_opcode = htons((uint16_t)ACK); /* send the "final" ack */ + ap->th_block = htons(block); diff --git a/net-misc/iputils/files/iputils-20200821-getrandom-fallback.patch b/net-misc/iputils/files/iputils-20200821-getrandom-fallback.patch new file mode 100644 index 000000000000..5b69e5c88fb7 --- /dev/null +++ b/net-misc/iputils/files/iputils-20200821-getrandom-fallback.patch @@ -0,0 +1,43 @@ +From 469b41ac89b9f6772ea31df8379669d205be95f8 Mon Sep 17 00:00:00 2001 +From: Nuno Silva +Date: Mon, 24 Aug 2020 19:34:53 +0100 +Subject: [PATCH] common: fix infinite loop when getrandom fails + +Fixes: https://github.com/iputils/iputils/issues/291 +--- + iputils_common.c | 14 ++++++++++---- + 1 file changed, 10 insertions(+), 4 deletions(-) + +diff --git a/iputils_common.c b/iputils_common.c +index 58eacd0..c41f201 100644 +--- a/iputils_common.c ++++ b/iputils_common.c +@@ -98,18 +98,24 @@ static unsigned int iputil_srand_fallback(void) + void iputils_srand(void) + { + unsigned int i; ++ + #if HAVE_GETRANDOM + ssize_t ret; + +- while ((ret = getrandom(&i, sizeof(i), GRND_NONBLOCK)) != sizeof(i)) { +- switch(errno) { ++ do { ++ errno = 0; ++ ret = getrandom(&i, sizeof(i), GRND_NONBLOCK); ++ switch (errno) { ++ case 0: ++ break; + case EINTR: + continue; + default: + i = iputil_srand_fallback(); +- break; ++ goto done; + } +- } ++ } while (ret != sizeof(i)); ++ done: + #else + i = iputil_srand_fallback(); + #endif diff --git a/net-misc/iputils/files/iputils-20200821-install-sbindir.patch b/net-misc/iputils/files/iputils-20200821-install-sbindir.patch new file mode 100644 index 000000000000..cb1575841ccd --- /dev/null +++ b/net-misc/iputils/files/iputils-20200821-install-sbindir.patch @@ -0,0 +1,29 @@ +From 8d1420f3019cd1caccf2ffa15a5873f0c61ab529 Mon Sep 17 00:00:00 2001 +From: Mike Gilbert +Date: Sun, 24 Jan 2021 22:39:03 -0500 +Subject: [PATCH] tftpd: install into sbindir + +The xinet.d config expects the daemon to live in sbindir. + +Closes: https://github.com/iputils/iputils/pull/310 + +Reviewed-by: Petr Vorel +Signed-off-by: Mike Gilbert +--- + tftpd/meson.build | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/tftpd/meson.build b/tftpd/meson.build +index 6e508a24..b4cf6812 100644 +--- a/tftpd/meson.build ++++ b/tftpd/meson.build +@@ -3,7 +3,8 @@ inc = include_directories('..') + executable('tftpd', ['tftpd.c', 'tftpsubs.c', git_version_h], + include_directories : inc, + link_with : [libcommon], +- install: true) ++ install: true, ++ install_dir: sbindir) + + subs = configuration_data() + subs.set('sbindir', sbindir) diff --git a/net-misc/iputils/iputils-20200821-r2.ebuild b/net-misc/iputils/iputils-20200821-r2.ebuild new file mode 100644 index 000000000000..5219577cf6b7 --- /dev/null +++ b/net-misc/iputils/iputils-20200821-r2.ebuild @@ -0,0 +1,178 @@ +# Copyright 1999-2021 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +# For released versions, we precompile the man/html pages and store +# them in a tarball on our mirrors. This avoids ugly issues while +# building stages, and reduces depedencies. +# To regenerate man/html pages emerge iputils-99999999[doc] with +# EGIT_COMMIT set to release tag, all USE flags enabled and +# tar ${S}/doc folder. + +EAPI="7" + +PLOCALES="de fr ja pt_BR tr uk zh_CN" + +inherit fcaps flag-o-matic l10n meson systemd toolchain-funcs + +if [[ ${PV} == "99999999" ]] ; then + EGIT_REPO_URI="https://github.com/iputils/iputils.git" + inherit git-r3 +else + SRC_URI="https://github.com/iputils/iputils/archive/s${PV}.tar.gz -> ${P}.tar.gz + https://dev.gentoo.org/~whissi/dist/iputils/${PN}-manpages-${PV}.tar.xz" + KEYWORDS="~alpha ~amd64 ~arm ~arm64 hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 sparc ~x86 ~amd64-linux ~x86-linux" +fi + +DESCRIPTION="Network monitoring tools including ping and ping6" +HOMEPAGE="https://wiki.linuxfoundation.org/networking/iputils" + +LICENSE="BSD GPL-2+ rdisc" +SLOT="0" +IUSE="+arping caps clockdiff doc gcrypt idn ipv6 libressl nettle nls rarpd rdisc ssl static tftpd tracepath traceroute6" + +BDEPEND="virtual/pkgconfig" + +LIB_DEPEND=" + caps? ( sys-libs/libcap[static-libs(+)] ) + idn? ( net-dns/libidn2:=[static-libs(+)] ) + nls? ( sys-devel/gettext[static-libs(+)] ) +" + +RDEPEND=" + traceroute6? ( !net-analyzer/traceroute ) + !static? ( ${LIB_DEPEND//\[static-libs(+)]} ) +" + +DEPEND=" + ${RDEPEND} + virtual/os-headers + static? ( ${LIB_DEPEND} ) +" + +if [[ ${PV} == "99999999" ]] ; then + DEPEND+=" + app-text/docbook-xml-dtd:4.2 + app-text/docbook-xml-dtd:4.5 + app-text/docbook-xsl-ns-stylesheets + app-text/docbook-xsl-stylesheets + dev-libs/libxslt:0 + " +fi + +[ "${PV}" == "99999999" ] || S="${WORKDIR}/${PN}-s${PV}" + +PATCHES=( + "${FILESDIR}/iputils-20200821-getrandom-fallback.patch" + "${FILESDIR}/iputils-20200821-fclose.patch" + "${FILESDIR}/iputils-20200821-install-sbindir.patch" +) + +src_prepare() { + default + + l10n_get_locales > po/LINGUAS || die +} + +src_configure() { + use static && append-ldflags -static + + local emesonargs=( + -DUSE_CAP="$(usex caps true false)" + -DUSE_IDN="$(usex idn true false)" + -DBUILD_ARPING="$(usex arping true false)" + -DBUILD_CLOCKDIFF="$(usex clockdiff true false)" + -DBUILD_PING="true" + -DBUILD_RARPD="$(usex rarpd true false)" + -DBUILD_RDISC="$(usex rdisc true false)" + -DENABLE_RDISC_SERVER="$(usex rdisc true false)" + -DBUILD_TFTPD="$(usex tftpd true false)" + -DBUILD_TRACEPATH="$(usex tracepath true false)" + -DBUILD_TRACEROUTE6="$(usex ipv6 $(usex traceroute6 true false) false)" + -DBUILD_NINFOD="false" + -DNINFOD_MESSAGES="false" + -DNO_SETCAP_OR_SUID="true" + -Dsystemdunitdir="$(systemd_get_systemunitdir)" + -DUSE_GETTEXT="$(usex nls true false)" + ) + + if [[ "${PV}" == 99999999 ]] ; then + emesonargs+=( + -DBUILD_HTML_MANS="$(usex doc true false)" + -DBUILD_MANS="true" + ) + else + emesonargs+=( + -DBUILD_HTML_MANS="false" + -DBUILD_MANS="false" + ) + fi + + meson_src_configure +} + +src_compile() { + tc-export CC + meson_src_compile +} + +src_install() { + meson_src_install + + dodir /bin + local my_bin + for my_bin in $(usex arping arping '') ping ; do + mv "${ED}"/usr/bin/${my_bin} "${ED}"/bin/ || die + done + dosym ping /bin/ping4 + + if use tracepath ; then + dosym tracepath /usr/bin/tracepath4 + fi + + if use ipv6 ; then + dosym ping /bin/ping6 + + if use tracepath ; then + dosym tracepath /usr/bin/tracepath6 + dosym tracepath.8 /usr/share/man/man8/tracepath6.8 + fi + fi + + if [[ "${PV}" != 99999999 ]] ; then + local -a man_pages + local -a html_man_pages + + while IFS= read -r -u 3 -d $'\0' my_bin + do + my_bin=$(basename "${my_bin}") + [[ -z "${my_bin}" ]] && continue + + if [[ -f "${S}/doc/${my_bin}.8" ]] ; then + man_pages+=( ${my_bin}.8 ) + fi + + if [[ -f "${S}/doc/${my_bin}.html" ]] ; then + html_man_pages+=( ${my_bin}.html ) + fi + done 3< <(find "${ED}"/{bin,usr/bin,usr/sbin} -type f -perm -a+x -print0 2>/dev/null) + + pushd doc &>/dev/null || die + doman "${man_pages[@]}" + if use doc ; then + docinto html + dodoc "${html_man_pages[@]}" + fi + popd &>/dev/null || die + else + if use doc ; then + mv "${ED}"/usr/share/${PN} "${ED}"/usr/share/doc/${PF}/html || die + fi + fi +} + +pkg_postinst() { + fcaps cap_net_raw \ + bin/ping \ + $(usex arping 'bin/arping' '') \ + $(usex clockdiff 'usr/bin/clockdiff' '') +} diff --git a/net-misc/iputils/iputils-20200821.ebuild b/net-misc/iputils/iputils-20200821.ebuild deleted file mode 100644 index 035fe9df7914..000000000000 --- a/net-misc/iputils/iputils-20200821.ebuild +++ /dev/null @@ -1,174 +0,0 @@ -# Copyright 1999-2020 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -# For released versions, we precompile the man/html pages and store -# them in a tarball on our mirrors. This avoids ugly issues while -# building stages, and reduces depedencies. -# To regenerate man/html pages emerge iputils-99999999[doc] with -# EGIT_COMMIT set to release tag, all USE flags enabled and -# tar ${S}/doc folder. - -EAPI="7" - -PLOCALES="de fr ja pt_BR tr uk zh_CN" - -inherit fcaps flag-o-matic l10n meson systemd toolchain-funcs - -if [[ ${PV} == "99999999" ]] ; then - EGIT_REPO_URI="https://github.com/iputils/iputils.git" - inherit git-r3 -else - SRC_URI="https://github.com/iputils/iputils/archive/s${PV}.tar.gz -> ${P}.tar.gz - https://dev.gentoo.org/~whissi/dist/iputils/${PN}-manpages-${PV}.tar.xz" - KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux" -fi - -DESCRIPTION="Network monitoring tools including ping and ping6" -HOMEPAGE="https://wiki.linuxfoundation.org/networking/iputils" - -LICENSE="BSD GPL-2+ rdisc" -SLOT="0" -IUSE="+arping caps clockdiff doc gcrypt idn ipv6 libressl nettle nls rarpd rdisc ssl static tftpd tracepath traceroute6" - -BDEPEND="virtual/pkgconfig" - -LIB_DEPEND=" - caps? ( sys-libs/libcap[static-libs(+)] ) - idn? ( net-dns/libidn2:=[static-libs(+)] ) - nls? ( sys-devel/gettext[static-libs(+)] ) -" - -RDEPEND=" - traceroute6? ( !net-analyzer/traceroute ) - !static? ( ${LIB_DEPEND//\[static-libs(+)]} ) -" - -DEPEND=" - ${RDEPEND} - virtual/os-headers - static? ( ${LIB_DEPEND} ) -" - -if [[ ${PV} == "99999999" ]] ; then - DEPEND+=" - app-text/docbook-xml-dtd:4.2 - app-text/docbook-xml-dtd:4.5 - app-text/docbook-xsl-ns-stylesheets - app-text/docbook-xsl-stylesheets - dev-libs/libxslt:0 - " -fi - -[ "${PV}" == "99999999" ] || S="${WORKDIR}/${PN}-s${PV}" - -PATCHES=() - -src_prepare() { - default - - l10n_get_locales > po/LINGUAS || die -} - -src_configure() { - use static && append-ldflags -static - - local emesonargs=( - -DUSE_CAP="$(usex caps true false)" - -DUSE_IDN="$(usex idn true false)" - -DBUILD_ARPING="$(usex arping true false)" - -DBUILD_CLOCKDIFF="$(usex clockdiff true false)" - -DBUILD_PING="true" - -DBUILD_RARPD="$(usex rarpd true false)" - -DBUILD_RDISC="$(usex rdisc true false)" - -DENABLE_RDISC_SERVER="$(usex rdisc true false)" - -DBUILD_TFTPD="$(usex tftpd true false)" - -DBUILD_TRACEPATH="$(usex tracepath true false)" - -DBUILD_TRACEROUTE6="$(usex ipv6 $(usex traceroute6 true false) false)" - -DBUILD_NINFOD="false" - -DNINFOD_MESSAGES="false" - -DNO_SETCAP_OR_SUID="true" - -Dsystemdunitdir="$(systemd_get_systemunitdir)" - -DUSE_GETTEXT="$(usex nls true false)" - ) - - if [[ "${PV}" == 99999999 ]] ; then - emesonargs+=( - -DBUILD_HTML_MANS="$(usex doc true false)" - -DBUILD_MANS="true" - ) - else - emesonargs+=( - -DBUILD_HTML_MANS="false" - -DBUILD_MANS="false" - ) - fi - - meson_src_configure -} - -src_compile() { - tc-export CC - meson_src_compile -} - -src_install() { - meson_src_install - - dodir /bin - local my_bin - for my_bin in $(usex arping arping '') ping ; do - mv "${ED}"/usr/bin/${my_bin} "${ED}"/bin/ || die - done - dosym ping /bin/ping4 - - if use tracepath ; then - dosym tracepath /usr/bin/tracepath4 - fi - - if use ipv6 ; then - dosym ping /bin/ping6 - - if use tracepath ; then - dosym tracepath /usr/bin/tracepath6 - dosym tracepath.8 /usr/share/man/man8/tracepath6.8 - fi - fi - - if [[ "${PV}" != 99999999 ]] ; then - local -a man_pages - local -a html_man_pages - - while IFS= read -r -u 3 -d $'\0' my_bin - do - my_bin=$(basename "${my_bin}") - [[ -z "${my_bin}" ]] && continue - - if [[ -f "${S}/doc/${my_bin}.8" ]] ; then - man_pages+=( ${my_bin}.8 ) - fi - - if [[ -f "${S}/doc/${my_bin}.html" ]] ; then - html_man_pages+=( ${my_bin}.html ) - fi - done 3< <(find "${ED}"/{bin,usr/bin,usr/sbin} -type f -perm -a+x -print0 2>/dev/null) - - pushd doc &>/dev/null || die - doman "${man_pages[@]}" - if use doc ; then - docinto html - dodoc "${html_man_pages[@]}" - fi - popd &>/dev/null || die - else - if use doc ; then - mv "${ED}"/usr/share/${PN} "${ED}"/usr/share/doc/${PF}/html || die - fi - fi -} - -pkg_postinst() { - fcaps cap_net_raw \ - bin/ping \ - $(usex arping 'bin/arping' '') \ - $(usex clockdiff 'usr/bin/clockdiff' '') -} diff --git a/net-misc/memcached/Manifest b/net-misc/memcached/Manifest index 18fdc5789cd7..9af0f86767d0 100644 --- a/net-misc/memcached/Manifest +++ b/net-misc/memcached/Manifest @@ -6,8 +6,6 @@ AUX memcached-1.5.21-hash-fix-build-failure-against-gcc-10.patch 1470 BLAKE2B 98 AUX memcached.confd 872 BLAKE2B d57dfb6da370f5e980b9e7143323a6cf51fecea802e5d034ca92b0e26280cbd99db3c487f57ef8f1d6ebfae49db44852b88018a95f8d2b0e0a1c6ce16bbaa5c0 SHA512 77dd11565172336c3db24663510ab15ce3c919a656d1c7a12b0bae830c1576247844f84e6b4fe10c96a54f2e64ae8f6c502eee3d84d68ea1d370fea99a586f63 AUX memcached.init2 2200 BLAKE2B 9bc5fe76047b7559aec93030829963111353fb5adc3ba558cb672bb96aa642c7e8df87a49d5081d7a33892c6896e91a291a497d74d6985767a364c9697713391 SHA512 873a0bb0ef7eb31f8749e040b7a4db0188367f3c5f953984a98ca21877ddde440085e338cacceb45dc80f4e833129056525143dab1efae4a838c72143f2ae61a AUX memcached.service 273 BLAKE2B bfe217d2ec7fd9aead468f4f5b100843287a49bef163dd106349f3275acbffaca60e09c8b723a566a96065d8208eb52f44f7c3ad24a8aaf3980471e8d0478b77 SHA512 647f06160142c5e38e4009203609bf2152dd1bdd4b94be9e2bf3c5741e631419fc9cf300575a65a905956eec916d736c4e3b3d3e3c80438f1b33cd10fe4dcd95 -DIST memcached-1.5.22.tar.gz 532713 BLAKE2B 90787522f36d9d4389438334572725df18050ae67bda2d97cde67b01492ca81772ddf7e83e02f71031ca909402a68f3db085ef6bece6e032ce580676a8a722f3 SHA512 19804c2847679eb018a0221b0717ebbcd2cd33b7f03176cc0d77b7405152dc944d3f5c39d0d81fcb6c08a2fa9317959e25587e7cb50718fdb6675288b2b078aa DIST memcached-1.6.9.tar.gz 556137 BLAKE2B 429d0d5de480d0a17a2c9942f595fab125d60ef1f3ff88754ab6e97eb9acdb71b26e40323babc7197e41d1605a82d2f094ce5638d2f4442467c8f652e20aaa44 SHA512 2169225aefe6bd7481d919ae3ef95ed85d2ed595f49daceeb13d2dc268097d4aee98cf604824fca103efcdffa7461bb26814209906a5dabf1a5d30af43f6a66c -EBUILD memcached-1.5.22.ebuild 2934 BLAKE2B cb3e916ad63d33c7444716b6e527a5c39c22c5dfd745cbb473e8dc8cad02e9a73603edd59cdf6b5f46e99ff41147604ec657857f511d1751ce687f257d9cebd9 SHA512 0205da0a3219f7f9cbab4c921f73e0296adbe5d8fc13c33684439ba7134a13ef0b92ac091bf96d8abb728e7617c3e5d7aa6ae925a4b52ab1349d1d92448d6d86 -EBUILD memcached-1.6.9.ebuild 2863 BLAKE2B 2adb9d76d4f455bed92c214363f4153ad4475d4f6e9521f1a96b3b45f2690615425398fa97caabe96913e50dcf2326102777a831eda333e8709ef5a485d0157d SHA512 7de4fbbe08633e6c377674036c3c0f7144d137efb22014f89a2781be535d146995bb815bcbdb29e08192d709887a8e8b9b72d4e8af561baa800e02afcff9e4cc +EBUILD memcached-1.6.9.ebuild 2862 BLAKE2B d3bdc627a9b86a5172b012ccdae7571be16b389e60b6592e091926cd1f43f9252975489681767a71212dbe8831e7b97ebd2aedf74beb3707ba2d3f454cdafee3 SHA512 59c4444f115d101324897805560aff909fcd6699d0d26e1de065e2a9d48517596cce2ac2b90e1998cb81a860008b03a67539d90aa59c7e2fbd6f9615f498416f MISC metadata.xml 1134 BLAKE2B 3313deb6a6fda71074f08e202dcd43b53fcd4ab9af50b78b84aac67309f3c2a4a966f874c9d8f5c4688542e6fe03d4e2f7b3f854842638210ab64fc35bcdab30 SHA512 c3ce23016f9ea9067f6628f246866e3fcee6624f1a21360e448c7eebc3babd8fa3717966e58eeb0b6fd9885730609fa732a3e10b0a4dfaa57b0f0acc85c20bb4 diff --git a/net-misc/memcached/memcached-1.5.22.ebuild b/net-misc/memcached/memcached-1.5.22.ebuild deleted file mode 100644 index 8bf787f27bb8..000000000000 --- a/net-misc/memcached/memcached-1.5.22.ebuild +++ /dev/null @@ -1,100 +0,0 @@ -# Copyright 1999-2021 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=7 -inherit autotools eutils flag-o-matic systemd - -MY_PV="${PV/_rc/-rc}" -MY_P="${PN}-${MY_PV}" - -DESCRIPTION="High-performance, distributed memory object caching system" -HOMEPAGE="http://memcached.org/" -SRC_URI="https://www.memcached.org/files/${MY_P}.tar.gz - https://www.memcached.org/files/old/${MY_P}.tar.gz" - -LICENSE="BSD" -SLOT="0" -KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~mips ppc ppc64 s390 sparc x86 ~amd64-linux ~x86-linux ~ppc-macos" -IUSE="debug sasl seccomp selinux slabs-reassign test" # hugetlbfs later - -RDEPEND=">=dev-libs/libevent-1.4:= - dev-lang/perl - sasl? ( dev-libs/cyrus-sasl ) - seccomp? ( sys-libs/libseccomp ) - selinux? ( sec-policy/selinux-memcached )" -DEPEND="${RDEPEND} - acct-user/memcached - test? ( virtual/perl-Test-Harness >=dev-perl/Cache-Memcached-1.24 )" - -S="${WORKDIR}/${MY_P}" - -RESTRICT="!test? ( test )" - -PATCHES=( - "${FILESDIR}/${PN}-1.2.2-fbsd.patch" - "${FILESDIR}/${PN}-1.4.0-fix-as-needed-linking.patch" - "${FILESDIR}/${PN}-1.4.4-as-needed.patch" - "${FILESDIR}/${PN}-1.4.17-EWOULDBLOCK.patch" - "${FILESDIR}/${PN}-1.5.21-hash-fix-build-failure-against-gcc-10.patch" -) - -src_prepare() { - sed -i -e 's,-Werror,,g' configure.ac || die - sed -i -e 's,AM_CONFIG_HEADER,AC_CONFIG_HEADERS,' configure.ac || die - eautoreconf - use slabs-reassign && append-flags -DALLOW_SLABS_REASSIGN - - # Tweak upstream systemd unit to use Gentoo variables/envfile. - # As noted by bug #587440 - sed -i -e '/^ExecStart/{ - s,{USER},{MEMCACHED_RUNAS},g; - s,{CACHESIZE},{MEMUSAGE},g; - s,OPTIONS,MISC_OPTS,g; - }; - /Environment=/{s,OPTIONS,MISC_OPTS,g;}; - /EnvironmentFile=/{s,/sysconfig/,/conf.d/,g;}; - ' \ - "${S}"/scripts/memcached.service - default -} - -src_configure() { - econf \ - --disable-docs \ - $(use_enable sasl) - # The xml2rfc tool to build the additional docs requires TCL :-( - # `use_enable doc docs` -} - -src_compile() { - # There is a heavy degree of per-object compile flags - # Users do NOT know better than upstream. Trying to compile the testapp and - # the -debug version with -DNDEBUG _WILL_ fail. - append-flags -UNDEBUG -pthread - emake testapp memcached-debug CFLAGS="${CFLAGS}" - filter-flags -UNDEBUG - emake -} - -src_install() { - emake DESTDIR="${D}" install - dobin scripts/memcached-tool - use debug && dobin memcached-debug - - dodoc AUTHORS ChangeLog NEWS README.md doc/{CONTRIBUTORS,*.txt} - - newconfd "${FILESDIR}/memcached.confd" memcached - newinitd "${FILESDIR}/memcached.init2" memcached - systemd_dounit "${S}/scripts/memcached.service" -} - -pkg_postinst() { - elog "With this version of Memcached Gentoo now supports multiple instances." - elog "To enable this you should create a symlink in /etc/init.d/ for each instance" - elog "to /etc/init.d/memcached and create the matching conf files in /etc/conf.d/" - elog "Please see Gentoo bug #122246 for more info" -} - -src_test() { - emake -j1 test -} diff --git a/net-misc/memcached/memcached-1.6.9.ebuild b/net-misc/memcached/memcached-1.6.9.ebuild index a78e6283331d..21021457846f 100644 --- a/net-misc/memcached/memcached-1.6.9.ebuild +++ b/net-misc/memcached/memcached-1.6.9.ebuild @@ -14,7 +14,7 @@ SRC_URI="https://www.memcached.org/files/${MY_P}.tar.gz LICENSE="BSD" SLOT="0" -KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~mips ppc ppc64 ~s390 sparc x86 ~amd64-linux ~x86-linux ~ppc-macos" +KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~mips ppc ppc64 s390 sparc x86 ~amd64-linux ~x86-linux ~ppc-macos" IUSE="debug sasl seccomp selinux slabs-reassign test" # hugetlbfs later RDEPEND=">=dev-libs/libevent-1.4:= diff --git a/net-misc/netkit-rsh/Manifest b/net-misc/netkit-rsh/Manifest index dd7164dc2245..aa9b55cbed54 100644 --- a/net-misc/netkit-rsh/Manifest +++ b/net-misc/netkit-rsh/Manifest @@ -7,5 +7,5 @@ AUX rsh.xinetd 279 BLAKE2B db403023417d537fb944c677553f71e782d80dfe08dc5f9388156 DIST netkit-rsh-0.17-patches-3.tar.lzma 13875 BLAKE2B 80470c4a9fdbfebd351217e48ec178c1d2c58e49f454eadd514ed76e3653fde1d21cd19f7a3400762e6fb4d4bb2f9cfefebbf042ef5bf1903d67ebbe17254515 SHA512 0d9c6a8a8d13264b8f2eb6b62e6c65b67cf8b09bd36043acae405c7b2154724733db15d653e4f7ac7d21feebcfa6cd365ca89993fc77eabc5a709d7a6383b187 DIST netkit-rsh-0.17.tar.gz 58268 BLAKE2B 7790a91f95c51f4aa538ad614e65ecba5a565e4761c7d8167f4d175bb8bcc27cb48b569f93064285dad983e602f03bcb816da58b02b54290adcd9cabe73cd88e SHA512 0d8da4a779da137f7b3f158ad010b71f2357c86a2160dbd19331cbf45f86a46110cdfdfd3c4ba2d19ddf3634917bf981eb91bfde02c3cdbc946df8695db75218 DIST rexec-1.5.tar.gz 18469 BLAKE2B cbb694520332a0768b8337e854baf232271a30ac328dcf4b8b16d28dc3710ad58173e135cb9eb9726b07709bcd78ef627cea550c98e00dc86bea7c64e52aa3d1 SHA512 7ed455a921ad71749154bd8e586ac2a624f357b56be17db73b9ed7c1ca1bc19cfb9aee748f79cc649184dfb535ffe5e887643b73a25c3fb6520d4e19fae7333a -EBUILD netkit-rsh-0.17-r10.ebuild 1726 BLAKE2B 5254589c1309a4c1872381084ff065a6b4a8166c9d49041fc4a0482efac3d247a8faafc0b92685a3ac104df8453a34462675131f0fd4b8a25c5203fa9fc52544 SHA512 4cf67d3b08b5c5e1a8cd6c214b22673ff70d186f996a9d01a44f4aeeada6eba40781110b8f9b35ff38e6e53f4cf45eb713faec699df694b1c5ed4a07f16e9425 +EBUILD netkit-rsh-0.17-r11.ebuild 1756 BLAKE2B fc76672decb22265ba3abae1669f04a46f4364ebb489c38095b9fbd632008fb65297eedb3d14690cc1fde7cf86e232b22135dac158aef5acbb92bc221da25767 SHA512 2a63e4b97360dd5108cf237568ef6ff64e122e172844ed264899023061f78c47363e17dcbd6dffa5c3585158eb588b1fbac77f02dd68a63b246a2d5e07bc84ae MISC metadata.xml 253 BLAKE2B 295e9d6d93aaa12af413972e1590c67087801cc09c9aa6b59d4606c0f4106d1dacf2baa9858559083b4c6d91beeef218d0729e8593a33788958da6d2897e8ce2 SHA512 54a9069aeb4165d2dff3d473c8001bc51613aac9dff3f7f5e9971a9891a737a31511ffa11cbd523febe581ac1d9de2bdf2f40410f0c4239138f2ccca3ef15555 diff --git a/net-misc/netkit-rsh/netkit-rsh-0.17-r10.ebuild b/net-misc/netkit-rsh/netkit-rsh-0.17-r10.ebuild deleted file mode 100644 index 1a2b3b50ee4e..000000000000 --- a/net-misc/netkit-rsh/netkit-rsh-0.17-r10.ebuild +++ /dev/null @@ -1,74 +0,0 @@ -# Copyright 1999-2020 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=7 - -inherit pam toolchain-funcs fcaps - -PATCHVER="3" - -DESCRIPTION="Netkit's Remote Shell Suite: rexec{,d} rlogin{,d} rsh{,d}" -HOMEPAGE="ftp://ftp.uk.linux.org/pub/linux/Networking/netkit/" -SRC_URI="ftp://ftp.uk.linux.org/pub/linux/Networking/netkit/${P}.tar.gz - mirror://gentoo/rexec-1.5.tar.gz - mirror://gentoo/${P}-patches-${PATCHVER}.tar.lzma" - -LICENSE="BSD" -SLOT="0" -KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~m68k ~mips ppc ppc64 s390 sparc x86 ~amd64-linux ~x86-linux" -IUSE="pam" - -RDEPEND=" - sys-libs/ncurses:0 - pam? ( >=sys-auth/pambase-20080219.1 )" -DEPEND="${RDEPEND}" -BDEPEND="app-arch/xz-utils" - -FILECAPS=( cap_net_bind_service usr/bin/r{cp,login,sh} ) - -src_prepare() { - rm -r rexec || die - mv ../rexec rexec || die - - [[ -n ${PATCHVER} ]] && eapply "${WORKDIR}"/patch - eapply_user - - if tc-is-cross-compiler ; then - # Can't do runtime tests when cross-compiling - sed -i -e "s|./__conftest|: ./__conftest|" configure || die - fi -} - -src_configure() { - tc-export CC - ${CONFIG_SHELL:-/bin/sh} ./configure $(usex pam '' '--without-pam') || die - - sed -i \ - -e "s:-pipe -O2:${CFLAGS}:" \ - -e "/^LDFLAGS=$/d" \ - -e "s:-Wpointer-arith::" \ - MCONFIG || die -} - -src_install() { - insinto /etc/xinetd.d - - local b - for b in rcp rexec{,d} rlogin{,d} rsh{,d} ; do - if [[ ${b} == *d ]] ; then - dosbin ${b}/${b} - dosym ${b} /usr/sbin/in.${b} - doman ${b}/${b}.8 - else - dobin ${b}/${b} - doman ${b}/${b}.1 - if [[ ${b} != rcp ]]; then - newins "${FILESDIR}"/${b}.xinetd ${b} - newpamd "${FILESDIR}/${b}.pamd-pambase" ${b} - fi - fi - done - - dodoc README ChangeLog BUGS - newdoc rexec/README README.rexec -} diff --git a/net-misc/netkit-rsh/netkit-rsh-0.17-r11.ebuild b/net-misc/netkit-rsh/netkit-rsh-0.17-r11.ebuild new file mode 100644 index 000000000000..9b64b5b6e695 --- /dev/null +++ b/net-misc/netkit-rsh/netkit-rsh-0.17-r11.ebuild @@ -0,0 +1,77 @@ +# Copyright 1999-2021 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +inherit pam toolchain-funcs fcaps + +PATCHVER="3" + +DESCRIPTION="Netkit's Remote Shell Suite: rexec{,d} rlogin{,d} rsh{,d}" +HOMEPAGE="ftp://ftp.uk.linux.org/pub/linux/Networking/netkit/" +SRC_URI="ftp://ftp.uk.linux.org/pub/linux/Networking/netkit/${P}.tar.gz + mirror://gentoo/rexec-1.5.tar.gz + mirror://gentoo/${P}-patches-${PATCHVER}.tar.lzma" + +LICENSE="BSD" +SLOT="0" +KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~m68k ~mips ppc ppc64 s390 sparc x86 ~amd64-linux ~x86-linux" +IUSE="pam" + +RDEPEND=" + sys-libs/ncurses:0 + pam? ( >=sys-auth/pambase-20080219.1 )" +DEPEND="${RDEPEND}" +BDEPEND="app-arch/xz-utils" + +FILECAPS=( cap_net_bind_service usr/bin/r{cp,login,sh} ) + +src_prepare() { + rm -r rexec || die + mv ../rexec rexec || die + + [[ -n ${PATCHVER} ]] && eapply "${WORKDIR}"/patch + eapply_user + + if tc-is-cross-compiler ; then + # Can't do runtime tests when cross-compiling + sed -i -e "s|./__conftest|: ./__conftest|" configure || die + fi +} + +src_configure() { + tc-export CC + ${CONFIG_SHELL:-/bin/sh} ./configure $(usex pam '' '--without-pam') || die + + sed -i \ + -e "s:-pipe -O2:${CFLAGS}:" \ + -e "/^LDFLAGS=$/d" \ + -e "s:-Wpointer-arith::" \ + MCONFIG || die +} + +src_install() { + insinto /etc/xinetd.d + + local b + for b in rcp rexec{,d} rlogin{,d} rsh{,d} ; do + if [[ ${b} == *d ]] ; then + dosbin ${b}/${b} + dosym ${b} /usr/sbin/in.${b} + doman ${b}/${b}.8 + else + dobin ${b}/${b} + doman ${b}/${b}.1 + if [[ ${b} != rcp ]]; then + newins "${FILESDIR}"/${b}.xinetd ${b} + + if use pam; then + newpamd "${FILESDIR}/${b}.pamd-pambase" ${b} + fi + fi + fi + done + + dodoc README ChangeLog BUGS + newdoc rexec/README README.rexec +} diff --git a/net-misc/networkmanager/Manifest b/net-misc/networkmanager/Manifest index b202a31d5ab4..03618080f14a 100644 --- a/net-misc/networkmanager/Manifest +++ b/net-misc/networkmanager/Manifest @@ -4,6 +4,7 @@ AUX conf.d.NetworkManager 230 BLAKE2B 987b6b39c6c8b14a788575241575f9a0761f320117 AUX init.d.NetworkManager-r2 1880 BLAKE2B d765a298955cdcf0c62518488fc9f02f97c31ee645c7b15ed73914397e02266e1b72a32af1d9f8007ae81119e9223b3e41184aa58b9fa328ed72e0ebec91acd8 SHA512 f06e7e6b6ebeb991471cf6e71c44687210a115fd008505ebe01de1b52a059952c2b191789d217412ae30daaaecf8bc028c89daf536af793eac23cfcd62ba9ad4 AUX networkmanager-1.20.6-dont_call_helpers_with_full_paths.patch 574 BLAKE2B 179dfdcdb97bfc66adbeb58ca0e0b8f95f6d1cc0687fef338bc25ac59b4dc83e20e547d419ef8cea482c6302a05bbce8279c868f00c0cb173f42ebdc6a4bdcae SHA512 ab3e96bbd88b4a5c0aac59dc8de437be78f2e77762d6bc9c99e3b1ff1d7db39a054c4fd9ba9e2f6f9907da1ef66c8af310562addaa79ecd9e9812564f609a273 AUX networkmanager-1.26.4-iwd-fixes-pr640.patch 5730 BLAKE2B e22539fef2e4582ab156decbe26667724de181eb2349f7dcb29c41eaf9f918addb4a6e25a43e8b743e118cab56e3f69cc83e0e8ee777560c227165fad67664b9 SHA512 690d128ac153b2147f13f8596858be6e6120c0a744da1cb5e2dad5ce6ae9518565ab15a9a00612771d153ed5e13d60a42f93fae6b7ba177513c9d1bf0a4d701a +AUX networkmanager-1.28.0-dhcpcd9.patch 10608 BLAKE2B fb5512d4b290ae668b41b2d1f387643e8d7c1c235ec255c292e419551c3a67a06463f43293ea75f8dd9700bde2d045e86eafe313384c22609cb8422117ac092f SHA512 7f9a2a3b7f861cc2c8e4b066449e6574ac74227b7a45ae8e9ca79c81a232d292a62216edff0620042f9556193e3841aa8cf5e8ecdbc2edfc9df0751e2d1f5303 DIST NetworkManager-1.22.10.tar.bz2 6292347 BLAKE2B b6cb06a0630685714cdd3c8b8e1d788a6e979c2d7f232259e682fdc9e1f5569259731fdbbea65b6e8321561ecb8354b6f7a0b10843eb17cbe6f5937af8d9d898 SHA512 61b6214188a3cd281d0d5a5b8bfc402f8a19d8beaa6a3a2bd85983991cc66d62b2c3785d7ca652373903d53331610cd63a45d94bdb355196d939c48f42be29c1 DIST NetworkManager-1.26.0.tar.xz 4956796 BLAKE2B 752b6b47387bac5787d06be7f31cc7387798d0c917977c8e72d6d21538a86c167003901d628e596109aec28816f56fd8cd6bf2b46a8d4918a7e6cf1946586550 SHA512 46035fda8f154497ba4a634e4bf7f0a11f579d0d3f4ffdcea7d47ea0bde6dd0183885491f5453255af7b163ae3db4f0c62c3161913a8c30c35b6475887235b6d DIST NetworkManager-1.26.2.tar.xz 4972240 BLAKE2B f9f0879ad01d7aee8edc28b33a08d903637b0a9c0738d64480394d0298a02e4fa4277f6a14a7fec62eeb7e1ca50646f47d08f735827b5dbe698070669fd558c4 SHA512 4029bf5224523d851a36766376813c7edc85c2fef3600ceaffc0c7e6faadcfebf843a406ee071bdc59c21bceb7bf3de8c87fca6bb2f2116d9eddbb70e11bf517 @@ -15,5 +16,5 @@ EBUILD networkmanager-1.26.0-r1.ebuild 11208 BLAKE2B f69905ebe2031f6e707c9c1907e EBUILD networkmanager-1.26.2-r1.ebuild 11214 BLAKE2B b9bf75442380146f2b7eb73f8022cbd30eaecb47e9f48ab96300e26471ecfa1949f076749b23604cc8c5b34264858788cf638c74221bbc5bef2d04e0f219e19d SHA512 eb92e2db85fb28e961494c6425eab2f3a03d61c4efa94d5cdbf1393b7f4d90e55b6cc958f2ec7c0079250f8a51827d42a477ec459bffaa508e6817f4ab8c0d12 EBUILD networkmanager-1.26.4.ebuild 11353 BLAKE2B a8940cf649a0da4ba84dbc5daeba55f87360efb744f722d743d4550df223c20ae7a4defb1e9b168005d2fdac0a139d290840c2713a42d9e666d901a8beb8a880 SHA512 5b36c4a6f28098480ac33b506cb01ffb89e7d8aff575b0019ecc67e0bd3f9df80c3be8c0d0b2f460cfb82f77c84ae41f1635901987a7d48062b741bbed66b1ba EBUILD networkmanager-1.26.6.ebuild 11359 BLAKE2B f129d1aa0f60a115786e6833fd6cfa43f7b28174fd83cf74c09db9fb69222235e2a424ea8a0993bf4ca14dd24f5e942961f2780a1fdb6806a0ead0f616a6fae7 SHA512 2568a02a564e5be9135880e6e80d587eae81fccbf1469c78830f3580da69ab02d6090a0371697919d39082da6ef50c6a35aeb1318fa7c25a1159c321767a677c -EBUILD networkmanager-1.28.0.ebuild 11194 BLAKE2B 8da159c9aab4f097f47e02ff3b5742afb9b3d667aa053d54fe9d342f8e6f8a7acceeaa26827bdb51991abc3c42b17f5fd6dbb2e3ee2098fcaa9939c8da0ddb6a SHA512 9448c3ee69ef0790733524e932d1f134f4dc11660cf5489442d45ed2e92cc45964dc52c94d9af47e696b08873547b376e511854d71d48cf9cb6a4755dd5ba2c7 +EBUILD networkmanager-1.28.0-r1.ebuild 11257 BLAKE2B 90019d8979bd30efc7f440bd58ed74c829384cd9e7813ad67a811eb14d8abb24443b0538a99fafa4e24fa1c7e8d1fa5849ad0edc5cf704c627d3b65e8dbdf97a SHA512 0c4563bdee518f149bb4592198ff9f6048273f1c4d9152799e4d1f9da20eccc02ee3bffc774e4f962c38796a94244ea0bf0388079adf0f35aa3a17071ee12564 MISC metadata.xml 2182 BLAKE2B 699e4c087f213e132e3787d7c2f913b23bf79f4fb78037bd92510de0655863eb7ad2148a615b68b84ad14309624c25802bcbf65ee3052a6b84d20d2b8657bae6 SHA512 f8fbb50dbe481b3530e8ac6446c43e385095f04ad36c33a3ac73964675468b0d4cf47eab8698bc338d5fabc1f9f9ad2ad99edffac69aace897c88fa88f1dcfe3 diff --git a/net-misc/networkmanager/files/networkmanager-1.28.0-dhcpcd9.patch b/net-misc/networkmanager/files/networkmanager-1.28.0-dhcpcd9.patch new file mode 100644 index 000000000000..cfa642dd29b0 --- /dev/null +++ b/net-misc/networkmanager/files/networkmanager-1.28.0-dhcpcd9.patch @@ -0,0 +1,265 @@ +From a58a89213bf4d0cefb155fef1ec9425f7a6ca5c8 Mon Sep 17 00:00:00 2001 +From: Roy Marples +Date: Tue, 19 Jan 2021 05:04:31 +0000 +Subject: [PATCH] DHCP: Support dhcpcd-9.x + +This locks NM into dhcpcd-9.3.3 as that is the first version to support +the --noconfigure option. Older versions are no longer supported by NM +because they do modify the host which is undesirable. + +Due to the way dhcpcd-9 uses privilege separation and that it re-parents +itself to PID 1, the main process cannot be reaped or waited for. +So we rely on dhcpcd correctly cleaning up after itself. +A new function nm_dhcp_client_stop_watch_child() has been added +so that dhcpcd can perform similar cleanup to the equivalent stop call. + +As part of this change, the STOP and STOPPED reasons are mapped to +NM_DHCP_STATE_DONE and PREINIT is mapped to a new state NM_DHCP_STATE_NOOP +which means NM should just ignore this state. + +https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/668 +--- + NEWS | 3 ++ + src/dhcp/nm-dhcp-client.c | 20 +++++++++- + src/dhcp/nm-dhcp-client.h | 3 ++ + src/dhcp/nm-dhcp-dhcpcd.c | 82 ++++++++++++++++++++------------------- + 4 files changed, 67 insertions(+), 41 deletions(-) + +diff --git a/NEWS b/NEWS +index 8a48587e5..958bbe91c 100644 +--- a/NEWS ++++ b/NEWS +@@ -45,6 +45,9 @@ USE AT YOUR OWN RISK. NOT RECOMMENDED FOR PRODUCTION USE! + cmdline argument actually generates a connection which disables both + ipv4 and ipv6. Previously the generated connection would disable ipv4 + but ipv6 would be set to the 'auto' method. ++* The dhcpcd plugin now requires a minimum version of dhcpcd-9.3.3 with ++ the --noconfigure option. Using an older version will cause dhcpcd to ++ exit with a status code of 1. + + ============================================= + NetworkManager-1.26 +diff --git a/src/dhcp/nm-dhcp-client.c b/src/dhcp/nm-dhcp-client.c +index 46ab48959..56f599abf 100644 +--- a/src/dhcp/nm-dhcp-client.c ++++ b/src/dhcp/nm-dhcp-client.c +@@ -367,10 +367,13 @@ reason_to_state(NMDhcpClient *self, const char *iface, const char *reason) + else if (g_ascii_strcasecmp(reason, "nak") == 0 || g_ascii_strcasecmp(reason, "expire") == 0 + || g_ascii_strcasecmp(reason, "expire6") == 0) + return NM_DHCP_STATE_EXPIRE; +- else if (g_ascii_strcasecmp(reason, "end") == 0) ++ else if (g_ascii_strcasecmp(reason, "end") == 0 || g_ascii_strcasecmp(reason, "stop") == 0 ++ || g_ascii_strcasecmp(reason, "stopped") == 0) + return NM_DHCP_STATE_DONE; + else if (g_ascii_strcasecmp(reason, "fail") == 0 || g_ascii_strcasecmp(reason, "abend") == 0) + return NM_DHCP_STATE_FAIL; ++ else if (g_ascii_strcasecmp(reason, "preinit") == 0) ++ return NM_DHCP_STATE_NOOP; + + _LOGD("unmapped DHCP state '%s'", reason); + return NM_DHCP_STATE_UNKNOWN; +@@ -547,6 +550,18 @@ nm_dhcp_client_watch_child(NMDhcpClient *self, pid_t pid) + priv->watch_id = g_child_watch_add(pid, daemon_watch_cb, self); + } + ++void ++nm_dhcp_client_stop_watch_child(NMDhcpClient *self, pid_t pid) ++{ ++ NMDhcpClientPrivate *priv = NM_DHCP_CLIENT_GET_PRIVATE(self); ++ ++ g_return_if_fail(priv->pid == pid); ++ priv->pid = -1; ++ ++ watch_cleanup(self); ++ timeout_cleanup(self); ++} ++ + gboolean + nm_dhcp_client_start_ip4(NMDhcpClient *self, + GBytes * client_id, +@@ -874,6 +889,9 @@ nm_dhcp_client_handle_event(gpointer unused, + state_to_string(new_state), + reason); + ++ if (new_state == NM_DHCP_STATE_NOOP) ++ return TRUE; ++ + if (NM_IN_SET(new_state, NM_DHCP_STATE_BOUND, NM_DHCP_STATE_EXTENDED)) { + GVariantIter iter; + const char * name; +diff --git a/src/dhcp/nm-dhcp-client.h b/src/dhcp/nm-dhcp-client.h +index 05faa9ea5..46446849a 100644 +--- a/src/dhcp/nm-dhcp-client.h ++++ b/src/dhcp/nm-dhcp-client.h +@@ -55,6 +55,7 @@ typedef enum { + NM_DHCP_STATE_EXPIRE, /* lease expired or NAKed */ + NM_DHCP_STATE_FAIL, /* failed for some reason */ + NM_DHCP_STATE_TERMINATED, /* client is no longer running */ ++ NM_DHCP_STATE_NOOP, /* state is a non operation for NetworkManager */ + __NM_DHCP_STATE_MAX, + NM_DHCP_STATE_MAX = __NM_DHCP_STATE_MAX - 1, + } NMDhcpState; +@@ -183,6 +184,8 @@ void nm_dhcp_client_start_timeout(NMDhcpClient *self); + + void nm_dhcp_client_watch_child(NMDhcpClient *self, pid_t pid); + ++void nm_dhcp_client_stop_watch_child(NMDhcpClient *self, pid_t pid); ++ + void nm_dhcp_client_set_state(NMDhcpClient *self, + NMDhcpState new_state, + NMIPConfig * ip_config, +diff --git a/src/dhcp/nm-dhcp-dhcpcd.c b/src/dhcp/nm-dhcp-dhcpcd.c +index b2b5d28bd..7cb003859 100644 +--- a/src/dhcp/nm-dhcp-dhcpcd.c ++++ b/src/dhcp/nm-dhcp-dhcpcd.c +@@ -1,6 +1,6 @@ + /* SPDX-License-Identifier: GPL-2.0+ */ + /* +- * Copyright (C) 2008 Roy Marples ++ * Copyright (C) 2008,2020 Roy Marples + * Copyright (C) 2010 Dan Williams + */ + +@@ -40,7 +40,6 @@ static GType nm_dhcp_dhcpcd_get_type(void); + /*****************************************************************************/ + + typedef struct { +- char * pid_file; + NMDhcpListener *dhcp_listener; + } NMDhcpDhcpcdPrivate; + +@@ -71,39 +70,37 @@ ip4_start(NMDhcpClient *client, + const char * last_ip4_address, + GError ** error) + { +- NMDhcpDhcpcd * self = NM_DHCP_DHCPCD(client); +- NMDhcpDhcpcdPrivate *priv = NM_DHCP_DHCPCD_GET_PRIVATE(self); +- gs_unref_ptrarray GPtrArray *argv = NULL; +- pid_t pid = -1; +- GError * local = NULL; +- gs_free char * cmd_str = NULL; +- gs_free char * binary_name = NULL; ++ NMDhcpDhcpcd * self = NM_DHCP_DHCPCD(client); ++ gs_unref_ptrarray GPtrArray *argv = NULL; ++ pid_t pid; ++ GError * local; ++ gs_free char * cmd_str = NULL; + const char * iface; + const char * dhcpcd_path; + const char * hostname; + +- g_return_val_if_fail(priv->pid_file == NULL, FALSE); ++ pid = nm_dhcp_client_get_pid(client); ++ g_return_val_if_fail(pid == -1, FALSE); + + iface = nm_dhcp_client_get_iface(client); + +- /* dhcpcd does not allow custom pidfiles; the pidfile is always +- * RUNSTATEDIR "dhcpcd-.pid". +- */ +- priv->pid_file = g_strdup_printf(RUNSTATEDIR "/dhcpcd-%s.pid", iface); +- + dhcpcd_path = nm_dhcp_dhcpcd_get_path(); + if (!dhcpcd_path) { + nm_utils_error_set_literal(error, NM_UTILS_ERROR_UNKNOWN, "dhcpcd binary not found"); + return FALSE; + } + +- /* Kill any existing dhcpcd from the pidfile */ +- binary_name = g_path_get_basename(dhcpcd_path); +- nm_dhcp_client_stop_existing(priv->pid_file, binary_name); +- + argv = g_ptr_array_new(); + g_ptr_array_add(argv, (gpointer) dhcpcd_path); + ++ /* Don't configure anything, we will do that instead. ++ * This requires dhcpcd-9.3.3 or newer. ++ * Older versions only had an option not to install a default route, ++ * dhcpcd still added addresses and other routes so we no longer support that ++ * as it doesn't fit how NetworkManager wants to work. ++ */ ++ g_ptr_array_add(argv, (gpointer) "--noconfigure"); ++ + g_ptr_array_add(argv, (gpointer) "-B"); /* Don't background on lease (disable fork()) */ + + g_ptr_array_add(argv, (gpointer) "-K"); /* Disable built-in carrier detection */ +@@ -113,8 +110,6 @@ ip4_start(NMDhcpClient *client, + /* --noarp. Don't request or claim the address by ARP; this also disables IPv4LL. */ + g_ptr_array_add(argv, (gpointer) "-A"); + +- g_ptr_array_add(argv, (gpointer) "-G"); /* Let NM handle routing */ +- + g_ptr_array_add(argv, (gpointer) "-c"); /* Set script file */ + g_ptr_array_add(argv, (gpointer) nm_dhcp_helper_path); + +@@ -146,8 +141,8 @@ ip4_start(NMDhcpClient *client, + if (!g_spawn_async(NULL, + (char **) argv->pdata, + NULL, +- G_SPAWN_DO_NOT_REAP_CHILD | G_SPAWN_STDOUT_TO_DEV_NULL +- | G_SPAWN_STDERR_TO_DEV_NULL, ++ G_SPAWN_STDOUT_TO_DEV_NULL | G_SPAWN_STDERR_TO_DEV_NULL ++ | G_SPAWN_DO_NOT_REAP_CHILD, + nm_utils_setpgid, + NULL, + &pid, +@@ -169,23 +164,32 @@ ip4_start(NMDhcpClient *client, + static void + stop(NMDhcpClient *client, gboolean release) + { +- NMDhcpDhcpcd * self = NM_DHCP_DHCPCD(client); +- NMDhcpDhcpcdPrivate *priv = NM_DHCP_DHCPCD_GET_PRIVATE(self); +- int errsv; +- +- NM_DHCP_CLIENT_CLASS(nm_dhcp_dhcpcd_parent_class)->stop(client, release); +- +- if (priv->pid_file) { +- if (remove(priv->pid_file) == -1) { +- errsv = errno; +- _LOGD("could not remove dhcp pid file \"%s\": %d (%s)", +- priv->pid_file, +- errsv, +- nm_strerror_native(errsv)); +- } ++ NMDhcpDhcpcd *self = NM_DHCP_DHCPCD(client); ++ pid_t pid; ++ int sig, errsv; ++ ++ pid = nm_dhcp_client_get_pid(client); ++ sig = release ? SIGALRM : SIGTERM; ++ _LOGD("sending %s to dhcpcd pid %d", sig == SIGALRM ? "SIGALRM" : "SIGTERM", pid); ++ ++ /* dhcpcd-9.x features privilege separation. ++ * It's not our job to track all these processes so we rely on dhcpcd ++ * to always cleanup after itself. ++ * Because it also re-parents itself to PID 1, the process cannot be ++ * reaped or waited for. ++ * As such, just send the correct signal. ++ */ ++ if (kill(pid, sig) == -1) { ++ errsv = errno; ++ _LOGE("failed to kill dhcpcd %d:%s", errsv, strerror(errsv)); + } + +- /* FIXME: implement release... */ ++ /* When this function exits NM expects the PID to be -1. ++ * This means we also need to stop watching the pid. ++ * If we need to know the exit status then we need to refactor NM ++ * to allow a non -1 to mean we're waiting to exit still. ++ */ ++ nm_dhcp_client_stop_watch_child(client, pid); + } + + /*****************************************************************************/ +@@ -214,8 +218,6 @@ dispose(GObject *object) + g_clear_object(&priv->dhcp_listener); + } + +- nm_clear_g_free(&priv->pid_file); +- + G_OBJECT_CLASS(nm_dhcp_dhcpcd_parent_class)->dispose(object); + } + +-- +2.30.0 + diff --git a/net-misc/networkmanager/networkmanager-1.28.0-r1.ebuild b/net-misc/networkmanager/networkmanager-1.28.0-r1.ebuild new file mode 100644 index 000000000000..f4c0c507020b --- /dev/null +++ b/net-misc/networkmanager/networkmanager-1.28.0-r1.ebuild @@ -0,0 +1,349 @@ +# Copyright 1999-2021 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 +GNOME_ORG_MODULE="NetworkManager" +VALA_USE_DEPEND="vapigen" +PYTHON_COMPAT=( python3_{6..9} ) + +inherit bash-completion-r1 gnome2 linux-info multilib python-any-r1 systemd readme.gentoo-r1 vala virtualx udev multilib-minimal + +DESCRIPTION="A set of co-operative tools that make networking simple and straightforward" +HOMEPAGE="https://wiki.gnome.org/Projects/NetworkManager" + +LICENSE="GPL-2+" +SLOT="0" + +IUSE="audit bluetooth connection-sharing dhclient dhcpcd elogind gnutls +introspection iwd kernel_linux +nss +modemmanager ncurses ofono ovs policykit +ppp resolvconf selinux systemd teamd test vala +wext +wifi" +RESTRICT="!test? ( test )" + +REQUIRED_USE=" + bluetooth? ( modemmanager ) + iwd? ( wifi ) + vala? ( introspection ) + wext? ( wifi ) + || ( nss gnutls ) + ?? ( elogind systemd ) +" + +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~ia64 ~ppc ~ppc64 ~sparc ~x86" + +# gobject-introspection-0.10.3 is needed due to gnome bug 642300 +# wpa_supplicant-0.7.3-r3 is needed due to bug 359271 +COMMON_DEPEND=" + >=dev-libs/glib-2.40:2[${MULTILIB_USEDEP}] + policykit? ( >=sys-auth/polkit-0.106 ) + net-libs/libndp[${MULTILIB_USEDEP}] + >=net-misc/curl-7.24 + net-misc/iputils + sys-apps/util-linux[${MULTILIB_USEDEP}] + sys-libs/readline:0= + >=virtual/libudev-175:=[${MULTILIB_USEDEP}] + audit? ( sys-process/audit ) + bluetooth? ( >=net-wireless/bluez-5 ) + connection-sharing? ( + net-dns/dnsmasq[dbus,dhcp] + net-firewall/iptables ) + dhclient? ( >=net-misc/dhcp-4[client] ) + dhcpcd? ( >=net-misc/dhcpcd-9.3.3 ) + elogind? ( >=sys-auth/elogind-219 ) + introspection? ( >=dev-libs/gobject-introspection-0.10.3:= ) + modemmanager? ( >=net-misc/modemmanager-0.7.991:0= + net-misc/mobile-broadband-provider-info ) + ncurses? ( >=dev-libs/newt-0.52.15 ) + nss? ( >=dev-libs/nss-3.11:=[${MULTILIB_USEDEP}] ) + !nss? ( gnutls? ( + dev-libs/libgcrypt:0=[${MULTILIB_USEDEP}] + >=net-libs/gnutls-2.12:=[${MULTILIB_USEDEP}] ) ) + ofono? ( net-misc/ofono ) + ovs? ( dev-libs/jansson ) + ppp? ( >=net-dialup/ppp-2.4.5:=[ipv6] ) + resolvconf? ( net-dns/openresolv ) + selinux? ( sys-libs/libselinux ) + systemd? ( >=sys-apps/systemd-209:0= ) + teamd? ( + dev-libs/jansson + >=net-misc/libteam-1.9 + ) +" +RDEPEND="${COMMON_DEPEND} + acct-group/plugdev + || ( + net-misc/iputils[arping(+)] + net-analyzer/arping + ) + wifi? ( + !iwd? ( >=net-wireless/wpa_supplicant-0.7.3-r3[dbus] ) + iwd? ( net-wireless/iwd ) + ) +" +DEPEND="${COMMON_DEPEND} + >=sys-kernel/linux-headers-3.18 + " +BDEPEND=" + dev-util/gdbus-codegen + dev-util/glib-utils + dev-util/gtk-doc-am + >=dev-util/intltool-0.40 + >=sys-devel/gettext-0.17 + virtual/pkgconfig + introspection? ( + $(python_gen_any_dep 'dev-python/pygobject:3[${PYTHON_USEDEP}]') + dev-lang/perl + dev-libs/libxslt + ) + vala? ( $(vala_depend) ) + test? ( + $(python_gen_any_dep ' + dev-python/dbus-python[${PYTHON_USEDEP}] + dev-python/pygobject:3[${PYTHON_USEDEP}]') + ) +" + +PATCHES=( + "${FILESDIR}/${PN}-1.28.0-dhcpcd9.patch" +) + +python_check_deps() { + if use introspection; then + has_version "dev-python/pygobject:3[${PYTHON_USEDEP}]" || return + fi + if use test; then + has_version "dev-python/dbus-python[${PYTHON_USEDEP}]" && + has_version "dev-python/pygobject:3[${PYTHON_USEDEP}]" + fi +} + +sysfs_deprecated_check() { + ebegin "Checking for SYSFS_DEPRECATED support" + + if { linux_chkconfig_present SYSFS_DEPRECATED_V2; }; then + eerror "Please disable SYSFS_DEPRECATED_V2 support in your kernel config and recompile your kernel" + eerror "or NetworkManager will not work correctly." + eerror "See https://bugs.gentoo.org/333639 for more info." + die "CONFIG_SYSFS_DEPRECATED_V2 support detected!" + fi + eend $? +} + +pkg_pretend() { + if use kernel_linux; then + get_version + if linux_config_exists; then + sysfs_deprecated_check + else + ewarn "Was unable to determine your kernel .config" + ewarn "Please note that if CONFIG_SYSFS_DEPRECATED_V2 is set in your kernel .config, NetworkManager will not work correctly." + ewarn "See https://bugs.gentoo.org/333639 for more info." + fi + + fi +} + +pkg_setup() { + if use connection-sharing; then + if kernel_is lt 5 1; then + CONFIG_CHECK="~NF_NAT_IPV4 ~NF_NAT_MASQUERADE_IPV4" + else + CONFIG_CHECK="~NF_NAT ~NF_NAT_MASQUERADE" + fi + linux-info_pkg_setup + fi + if use introspection || use test; then + python-any-r1_pkg_setup + fi +} + +src_prepare() { + DOC_CONTENTS="To modify system network connections without needing to enter the + root password, add your user account to the 'plugdev' group." + + use vala && vala_src_prepare + gnome2_src_prepare + + sed -i \ + -e 's#/usr/bin/sed#/bin/sed#' \ + data/84-nm-drivers.rules \ + || die +} + +multilib_src_configure() { + local myconf=( + --disable-more-warnings + --disable-static + --localstatedir=/var + --with-runstatedir=/run + --disable-lto + --disable-qt + --without-netconfig + --with-dbus-sys-dir=/etc/dbus-1/system.d + $(multilib_native_with nmcli) + --with-udev-dir="$(get_udevdir)" + --with-config-plugins-default=keyfile + --with-iptables=/sbin/iptables + --with-ebpf=yes + $(multilib_native_enable concheck) + --with-nm-cloud-setup=$(multilib_is_native_abi && echo yes || echo no) + --with-crypto=$(usex nss nss gnutls) + # elogind lacks multilib for now, and consolekit doesn't require linking against, so we use it as a fake option + # This SHOULD be removable once elogind has that. We abuse the fact that 'consolekit' does nothing at buildtime. + # (There is no off switch, and we do not support upower.) + # bug #747358 + --with-session-tracking=$(multilib_native_usex systemd systemd $(multilib_native_usex elogind elogind consolekit)) + --with-suspend-resume=$(multilib_native_usex systemd systemd $(multilib_native_usex elogind elogind consolekit)) + $(multilib_native_use_with audit libaudit) + $(multilib_native_use_enable bluetooth bluez5-dun) + --without-dhcpcanon + $(use_with dhclient) + $(use_with dhcpcd) + --with-config-dhcp-default=internal + $(multilib_native_use_enable introspection) + $(multilib_native_use_enable ppp) + --without-libpsl + $(multilib_native_use_with modemmanager modem-manager-1) + $(multilib_native_use_with ncurses nmtui) + $(multilib_native_use_with ofono) + $(multilib_native_use_enable ovs) + $(multilib_native_use_enable policykit polkit) + $(multilib_native_use_with resolvconf) + $(multilib_native_use_with selinux) + $(multilib_native_use_with systemd systemd-journal) + $(multilib_native_use_enable teamd teamdctl) + $(multilib_native_use_enable test tests) + $(multilib_native_use_enable vala) + --without-valgrind + $(multilib_native_use_with wifi iwd) + $(multilib_native_use_with wext) + $(multilib_native_use_enable wifi) + ) + + # Same hack as net-dialup/pptpd to get proper plugin dir for ppp, bug #519986 + if use ppp; then + local PPPD_VER=`best_version net-dialup/ppp` + PPPD_VER=${PPPD_VER#*/*-} #reduce it to ${PV}-${PR} + PPPD_VER=${PPPD_VER%%[_-]*} # main version without beta/pre/patch/revision + myconf+=( --with-pppd-plugin-dir=/usr/$(get_libdir)/pppd/${PPPD_VER} ) + fi + + # unit files directory needs to be passed only when systemd is enabled, + # otherwise systemd support is not disabled completely, bug #524534 + use systemd && myconf+=( --with-systemdsystemunitdir="$(systemd_get_systemunitdir)" ) + + if multilib_is_native_abi; then + # work-around man out-of-source brokenness, must be done before configure + ln -s "${S}/docs" docs || die + ln -s "${S}/man" man || die + fi + + ECONF_SOURCE=${S} gnome2_src_configure "${myconf[@]}" +} + +multilib_src_compile() { + if multilib_is_native_abi; then + emake + else + local targets=( + libnm/libnm.la + ) + emake "${targets[@]}" + fi +} + +multilib_src_test() { + if use test && multilib_is_native_abi; then + python_setup + virtx emake check + fi +} + +multilib_src_install() { + if multilib_is_native_abi; then + # Install completions at proper place, bug #465100 + gnome2_src_install completiondir="$(get_bashcompdir)" + insinto /usr/lib/NetworkManager/conf.d #702476 + doins "${S}"/examples/nm-conf.d/31-mac-addr-change.conf + else + local targets=( + install-libLTLIBRARIES + install-libnmincludeHEADERS + install-nodist_libnmincludeHEADERS + install-pkgconfigDATA + ) + emake DESTDIR="${D}" "${targets[@]}" + fi +} + +multilib_src_install_all() { + einstalldocs + ! use systemd && readme.gentoo_create_doc + + newinitd "${FILESDIR}/init.d.NetworkManager-r2" NetworkManager + newconfd "${FILESDIR}/conf.d.NetworkManager" NetworkManager + + # Need to keep the /etc/NetworkManager/dispatched.d for dispatcher scripts + keepdir /etc/NetworkManager/dispatcher.d + + # Provide openrc net dependency only when nm is connected + exeinto /etc/NetworkManager/dispatcher.d + newexe "${FILESDIR}/10-openrc-status-r4" 10-openrc-status + sed -e "s:@EPREFIX@:${EPREFIX}:g" \ + -i "${ED}/etc/NetworkManager/dispatcher.d/10-openrc-status" || die + + keepdir /etc/NetworkManager/system-connections + chmod 0600 "${ED}"/etc/NetworkManager/system-connections/.keep* # bug #383765, upstream bug #754594 + + # Allow users in plugdev group to modify system connections + insinto /usr/share/polkit-1/rules.d/ + doins "${FILESDIR}/01-org.freedesktop.NetworkManager.settings.modify.system.rules" + + if use iwd; then + # This goes to $nmlibdir/conf.d/ and $nmlibdir is '${prefix}'/lib/$PACKAGE, thus always lib, not get_libdir + cat <<-EOF > "${ED}"/usr/lib/NetworkManager/conf.d/iwd.conf + [device] + wifi.backend=iwd + EOF + fi + + # Empty + rmdir "${ED}"/var{/lib{/NetworkManager,},} || die +} + +pkg_postinst() { + gnome2_pkg_postinst + systemd_reenable NetworkManager.service + ! use systemd && readme.gentoo_print_elog + + if [[ -e "${EROOT}/etc/NetworkManager/nm-system-settings.conf" ]]; then + ewarn "The ${PN} system configuration file has moved to a new location." + ewarn "You must migrate your settings from ${EROOT}/etc/NetworkManager/nm-system-settings.conf" + ewarn "to ${EROOT}/etc/NetworkManager/NetworkManager.conf" + ewarn + ewarn "After doing so, you can remove ${EROOT}/etc/NetworkManager/nm-system-settings.conf" + fi + + # NM fallbacks to plugin specified at compile time (upstream bug #738611) + # but still show a warning to remember people to have cleaner config file + if [[ -e "${EROOT}/etc/NetworkManager/NetworkManager.conf" ]]; then + if grep plugins "${EROOT}/etc/NetworkManager/NetworkManager.conf" | grep -q ifnet; then + ewarn + ewarn "You seem to use 'ifnet' plugin in ${EROOT}/etc/NetworkManager/NetworkManager.conf" + ewarn "Since it won't be used, you will need to stop setting ifnet plugin there." + ewarn + fi + fi + + # NM shows lots of errors making nmcli almost unusable, bug #528748 upstream bug #690457 + if grep -r "psk-flags=1" "${EROOT}"/etc/NetworkManager/; then + ewarn "You have psk-flags=1 setting in above files, you will need to" + ewarn "either reconfigure affected networks or, at least, set the flag" + ewarn "value to '0'." + fi + + if use dhclient || use dhcpcd; then + ewarn "You have enabled USE=dhclient and/or USE=dhcpcd, but NetworkManager since" + ewarn "version 1.20 defaults to the internal DHCP client. If the internal client" + ewarn "works for you, and you're happy with, the alternative USE flags can be" + ewarn "disabled. If you want to use dhclient or dhcpcd, then you need to tweak" + ewarn "the main.dhcp configuration option to use one of them instead of internal." + fi +} diff --git a/net-misc/networkmanager/networkmanager-1.28.0.ebuild b/net-misc/networkmanager/networkmanager-1.28.0.ebuild deleted file mode 100644 index 58a738efe185..000000000000 --- a/net-misc/networkmanager/networkmanager-1.28.0.ebuild +++ /dev/null @@ -1,345 +0,0 @@ -# Copyright 1999-2021 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=7 -GNOME_ORG_MODULE="NetworkManager" -VALA_USE_DEPEND="vapigen" -PYTHON_COMPAT=( python3_{6..9} ) - -inherit bash-completion-r1 gnome2 linux-info multilib python-any-r1 systemd readme.gentoo-r1 vala virtualx udev multilib-minimal - -DESCRIPTION="A set of co-operative tools that make networking simple and straightforward" -HOMEPAGE="https://wiki.gnome.org/Projects/NetworkManager" - -LICENSE="GPL-2+" -SLOT="0" - -IUSE="audit bluetooth connection-sharing dhclient dhcpcd elogind gnutls +introspection iwd kernel_linux +nss +modemmanager ncurses ofono ovs policykit +ppp resolvconf selinux systemd teamd test vala +wext +wifi" -RESTRICT="!test? ( test )" - -REQUIRED_USE=" - bluetooth? ( modemmanager ) - iwd? ( wifi ) - vala? ( introspection ) - wext? ( wifi ) - || ( nss gnutls ) - ?? ( elogind systemd ) -" - -KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~ia64 ~ppc ~ppc64 ~sparc ~x86" - -# gobject-introspection-0.10.3 is needed due to gnome bug 642300 -# wpa_supplicant-0.7.3-r3 is needed due to bug 359271 -COMMON_DEPEND=" - >=dev-libs/glib-2.40:2[${MULTILIB_USEDEP}] - policykit? ( >=sys-auth/polkit-0.106 ) - net-libs/libndp[${MULTILIB_USEDEP}] - >=net-misc/curl-7.24 - net-misc/iputils - sys-apps/util-linux[${MULTILIB_USEDEP}] - sys-libs/readline:0= - >=virtual/libudev-175:=[${MULTILIB_USEDEP}] - audit? ( sys-process/audit ) - bluetooth? ( >=net-wireless/bluez-5 ) - connection-sharing? ( - net-dns/dnsmasq[dbus,dhcp] - net-firewall/iptables ) - dhclient? ( >=net-misc/dhcp-4[client] ) - dhcpcd? ( net-misc/dhcpcd ) - elogind? ( >=sys-auth/elogind-219 ) - introspection? ( >=dev-libs/gobject-introspection-0.10.3:= ) - modemmanager? ( >=net-misc/modemmanager-0.7.991:0= - net-misc/mobile-broadband-provider-info ) - ncurses? ( >=dev-libs/newt-0.52.15 ) - nss? ( >=dev-libs/nss-3.11:=[${MULTILIB_USEDEP}] ) - !nss? ( gnutls? ( - dev-libs/libgcrypt:0=[${MULTILIB_USEDEP}] - >=net-libs/gnutls-2.12:=[${MULTILIB_USEDEP}] ) ) - ofono? ( net-misc/ofono ) - ovs? ( dev-libs/jansson ) - ppp? ( >=net-dialup/ppp-2.4.5:=[ipv6] ) - resolvconf? ( net-dns/openresolv ) - selinux? ( sys-libs/libselinux ) - systemd? ( >=sys-apps/systemd-209:0= ) - teamd? ( - dev-libs/jansson - >=net-misc/libteam-1.9 - ) -" -RDEPEND="${COMMON_DEPEND} - acct-group/plugdev - || ( - net-misc/iputils[arping(+)] - net-analyzer/arping - ) - wifi? ( - !iwd? ( >=net-wireless/wpa_supplicant-0.7.3-r3[dbus] ) - iwd? ( net-wireless/iwd ) - ) -" -DEPEND="${COMMON_DEPEND} - >=sys-kernel/linux-headers-3.18 - " -BDEPEND=" - dev-util/gdbus-codegen - dev-util/glib-utils - dev-util/gtk-doc-am - >=dev-util/intltool-0.40 - >=sys-devel/gettext-0.17 - virtual/pkgconfig - introspection? ( - $(python_gen_any_dep 'dev-python/pygobject:3[${PYTHON_USEDEP}]') - dev-lang/perl - dev-libs/libxslt - ) - vala? ( $(vala_depend) ) - test? ( - $(python_gen_any_dep ' - dev-python/dbus-python[${PYTHON_USEDEP}] - dev-python/pygobject:3[${PYTHON_USEDEP}]') - ) -" - -python_check_deps() { - if use introspection; then - has_version "dev-python/pygobject:3[${PYTHON_USEDEP}]" || return - fi - if use test; then - has_version "dev-python/dbus-python[${PYTHON_USEDEP}]" && - has_version "dev-python/pygobject:3[${PYTHON_USEDEP}]" - fi -} - -sysfs_deprecated_check() { - ebegin "Checking for SYSFS_DEPRECATED support" - - if { linux_chkconfig_present SYSFS_DEPRECATED_V2; }; then - eerror "Please disable SYSFS_DEPRECATED_V2 support in your kernel config and recompile your kernel" - eerror "or NetworkManager will not work correctly." - eerror "See https://bugs.gentoo.org/333639 for more info." - die "CONFIG_SYSFS_DEPRECATED_V2 support detected!" - fi - eend $? -} - -pkg_pretend() { - if use kernel_linux; then - get_version - if linux_config_exists; then - sysfs_deprecated_check - else - ewarn "Was unable to determine your kernel .config" - ewarn "Please note that if CONFIG_SYSFS_DEPRECATED_V2 is set in your kernel .config, NetworkManager will not work correctly." - ewarn "See https://bugs.gentoo.org/333639 for more info." - fi - - fi -} - -pkg_setup() { - if use connection-sharing; then - if kernel_is lt 5 1; then - CONFIG_CHECK="~NF_NAT_IPV4 ~NF_NAT_MASQUERADE_IPV4" - else - CONFIG_CHECK="~NF_NAT ~NF_NAT_MASQUERADE" - fi - linux-info_pkg_setup - fi - if use introspection || use test; then - python-any-r1_pkg_setup - fi -} - -src_prepare() { - DOC_CONTENTS="To modify system network connections without needing to enter the - root password, add your user account to the 'plugdev' group." - - use vala && vala_src_prepare - gnome2_src_prepare - - sed -i \ - -e 's#/usr/bin/sed#/bin/sed#' \ - data/84-nm-drivers.rules \ - || die -} - -multilib_src_configure() { - local myconf=( - --disable-more-warnings - --disable-static - --localstatedir=/var - --with-runstatedir=/run - --disable-lto - --disable-qt - --without-netconfig - --with-dbus-sys-dir=/etc/dbus-1/system.d - $(multilib_native_with nmcli) - --with-udev-dir="$(get_udevdir)" - --with-config-plugins-default=keyfile - --with-iptables=/sbin/iptables - --with-ebpf=yes - $(multilib_native_enable concheck) - --with-nm-cloud-setup=$(multilib_is_native_abi && echo yes || echo no) - --with-crypto=$(usex nss nss gnutls) - # elogind lacks multilib for now, and consolekit doesn't require linking against, so we use it as a fake option - # This SHOULD be removable once elogind has that. We abuse the fact that 'consolekit' does nothing at buildtime. - # (There is no off switch, and we do not support upower.) - # bug #747358 - --with-session-tracking=$(multilib_native_usex systemd systemd $(multilib_native_usex elogind elogind consolekit)) - --with-suspend-resume=$(multilib_native_usex systemd systemd $(multilib_native_usex elogind elogind consolekit)) - $(multilib_native_use_with audit libaudit) - $(multilib_native_use_enable bluetooth bluez5-dun) - --without-dhcpcanon - $(use_with dhclient) - $(use_with dhcpcd) - --with-config-dhcp-default=internal - $(multilib_native_use_enable introspection) - $(multilib_native_use_enable ppp) - --without-libpsl - $(multilib_native_use_with modemmanager modem-manager-1) - $(multilib_native_use_with ncurses nmtui) - $(multilib_native_use_with ofono) - $(multilib_native_use_enable ovs) - $(multilib_native_use_enable policykit polkit) - $(multilib_native_use_with resolvconf) - $(multilib_native_use_with selinux) - $(multilib_native_use_with systemd systemd-journal) - $(multilib_native_use_enable teamd teamdctl) - $(multilib_native_use_enable test tests) - $(multilib_native_use_enable vala) - --without-valgrind - $(multilib_native_use_with wifi iwd) - $(multilib_native_use_with wext) - $(multilib_native_use_enable wifi) - ) - - # Same hack as net-dialup/pptpd to get proper plugin dir for ppp, bug #519986 - if use ppp; then - local PPPD_VER=`best_version net-dialup/ppp` - PPPD_VER=${PPPD_VER#*/*-} #reduce it to ${PV}-${PR} - PPPD_VER=${PPPD_VER%%[_-]*} # main version without beta/pre/patch/revision - myconf+=( --with-pppd-plugin-dir=/usr/$(get_libdir)/pppd/${PPPD_VER} ) - fi - - # unit files directory needs to be passed only when systemd is enabled, - # otherwise systemd support is not disabled completely, bug #524534 - use systemd && myconf+=( --with-systemdsystemunitdir="$(systemd_get_systemunitdir)" ) - - if multilib_is_native_abi; then - # work-around man out-of-source brokenness, must be done before configure - ln -s "${S}/docs" docs || die - ln -s "${S}/man" man || die - fi - - ECONF_SOURCE=${S} gnome2_src_configure "${myconf[@]}" -} - -multilib_src_compile() { - if multilib_is_native_abi; then - emake - else - local targets=( - libnm/libnm.la - ) - emake "${targets[@]}" - fi -} - -multilib_src_test() { - if use test && multilib_is_native_abi; then - python_setup - virtx emake check - fi -} - -multilib_src_install() { - if multilib_is_native_abi; then - # Install completions at proper place, bug #465100 - gnome2_src_install completiondir="$(get_bashcompdir)" - insinto /usr/lib/NetworkManager/conf.d #702476 - doins "${S}"/examples/nm-conf.d/31-mac-addr-change.conf - else - local targets=( - install-libLTLIBRARIES - install-libnmincludeHEADERS - install-nodist_libnmincludeHEADERS - install-pkgconfigDATA - ) - emake DESTDIR="${D}" "${targets[@]}" - fi -} - -multilib_src_install_all() { - einstalldocs - ! use systemd && readme.gentoo_create_doc - - newinitd "${FILESDIR}/init.d.NetworkManager-r2" NetworkManager - newconfd "${FILESDIR}/conf.d.NetworkManager" NetworkManager - - # Need to keep the /etc/NetworkManager/dispatched.d for dispatcher scripts - keepdir /etc/NetworkManager/dispatcher.d - - # Provide openrc net dependency only when nm is connected - exeinto /etc/NetworkManager/dispatcher.d - newexe "${FILESDIR}/10-openrc-status-r4" 10-openrc-status - sed -e "s:@EPREFIX@:${EPREFIX}:g" \ - -i "${ED}/etc/NetworkManager/dispatcher.d/10-openrc-status" || die - - keepdir /etc/NetworkManager/system-connections - chmod 0600 "${ED}"/etc/NetworkManager/system-connections/.keep* # bug #383765, upstream bug #754594 - - # Allow users in plugdev group to modify system connections - insinto /usr/share/polkit-1/rules.d/ - doins "${FILESDIR}/01-org.freedesktop.NetworkManager.settings.modify.system.rules" - - if use iwd; then - # This goes to $nmlibdir/conf.d/ and $nmlibdir is '${prefix}'/lib/$PACKAGE, thus always lib, not get_libdir - cat <<-EOF > "${ED}"/usr/lib/NetworkManager/conf.d/iwd.conf - [device] - wifi.backend=iwd - EOF - fi - - # Empty - rmdir "${ED}"/var{/lib{/NetworkManager,},} || die -} - -pkg_postinst() { - gnome2_pkg_postinst - systemd_reenable NetworkManager.service - ! use systemd && readme.gentoo_print_elog - - if [[ -e "${EROOT}/etc/NetworkManager/nm-system-settings.conf" ]]; then - ewarn "The ${PN} system configuration file has moved to a new location." - ewarn "You must migrate your settings from ${EROOT}/etc/NetworkManager/nm-system-settings.conf" - ewarn "to ${EROOT}/etc/NetworkManager/NetworkManager.conf" - ewarn - ewarn "After doing so, you can remove ${EROOT}/etc/NetworkManager/nm-system-settings.conf" - fi - - # NM fallbacks to plugin specified at compile time (upstream bug #738611) - # but still show a warning to remember people to have cleaner config file - if [[ -e "${EROOT}/etc/NetworkManager/NetworkManager.conf" ]]; then - if grep plugins "${EROOT}/etc/NetworkManager/NetworkManager.conf" | grep -q ifnet; then - ewarn - ewarn "You seem to use 'ifnet' plugin in ${EROOT}/etc/NetworkManager/NetworkManager.conf" - ewarn "Since it won't be used, you will need to stop setting ifnet plugin there." - ewarn - fi - fi - - # NM shows lots of errors making nmcli almost unusable, bug #528748 upstream bug #690457 - if grep -r "psk-flags=1" "${EROOT}"/etc/NetworkManager/; then - ewarn "You have psk-flags=1 setting in above files, you will need to" - ewarn "either reconfigure affected networks or, at least, set the flag" - ewarn "value to '0'." - fi - - if use dhclient || use dhcpcd; then - ewarn "You have enabled USE=dhclient and/or USE=dhcpcd, but NetworkManager since" - ewarn "version 1.20 defaults to the internal DHCP client. If the internal client" - ewarn "works for you, and you're happy with, the alternative USE flags can be" - ewarn "disabled. If you want to use dhclient or dhcpcd, then you need to tweak" - ewarn "the main.dhcp configuration option to use one of them instead of internal." - fi -} diff --git a/net-misc/ntp/Manifest b/net-misc/ntp/Manifest index ab1684dc1f68..5c91c4af64cb 100644 --- a/net-misc/ntp/Manifest +++ b/net-misc/ntp/Manifest @@ -21,5 +21,5 @@ AUX sntp.service-r3 320 BLAKE2B b47a7a4dab78c0ea9f85b861d7f5f2926e5302839db34b92 AUX sntp.service.conf 119 BLAKE2B ee94067e5aef213a15d211e36362f2b4e8e66dfc739be686966e6ee738375a5b8df68a4216c0d8e14c11223945be82a5f221d46d94e15349753a358542b7c9ae SHA512 7c5c397bb51f0192e927079044c7ffb91ae158c55f725be50d09bd618e6a4d37dd93c0f8e4bad726d1d9ada276bf73ad9567e00e0c30f4bf47344e4214f4b4b8 DIST ntp-4.2.8p15-manpages.tar.xz 25700 BLAKE2B 6a225bc19dcebee31cb8e0d621963863d567a882655b57be8b65a16f9d3dd138787c7c6b9ff08853306f2e9b11d65cb76e3215cc5b2262a91c411d437974fc18 SHA512 21721550864b4e7e91bf20ca894109253439b737799dfc803e1496b3454199f34646f40e0156c08a39d5914e5a92f35908cec0245e1e2627c75c0e64939ba028 DIST ntp-4.2.8p15.tar.gz 7015970 BLAKE2B 5697d6623d79686f9ca9ad907172bf942383067d1e9817117d20db042e9f7410644f236f1a0d77ab6bf6ec468476e12ea65b494a28f0dd8674bf08fc8875cfef SHA512 f5ad765e45fc302263dd40e94c287698fd235b94f3684e49f1d5d09d7d8bdd6b8c0fb96ecdabffea3d233e1e79b3c9687b76dc204ba76bad3f554682f4a97794 -EBUILD ntp-4.2.8_p15.ebuild 4587 BLAKE2B f2a0323a230697b6eea522ef4cc0526478b6d25a6b3af5a600f812014cb6943eaa2cf642d7f17d3baeb083f4821157b347749b2523332cf3659ac9f96ef26822 SHA512 7a64a10afb9483d2cf1527b17b659b521b188cb21d9576cb2fc8ab672858d3b5ded6edbb705f551de6fa4528a9b7109e6c6a72633b4543a57e39d4831c68278e +EBUILD ntp-4.2.8_p15.ebuild 4586 BLAKE2B 69f4006e6f2646861cdec4ed7d4c93a449950016ce6fbd6b686e599942020d56a2ad0900cff8b87088fdecf2646dd07a328a9ca9399c82dc63b063547c24a87a SHA512 5bad1b11f17169fb0acddf141713d34fb3273801a3a0b9d4257eee7a194e25851a333d4cc8a844cd2b2acd61d2e3c379708384bd3f6c157cd8313ed7ec151978 MISC metadata.xml 1014 BLAKE2B 133457965d766f0db56bbca2755a7e4c37319237843dbb92e7b2563194cc2282500010e76877d9cd5d6c9a56f8b815ffab1bdc84d76446310f3cee5476ff7f52 SHA512 37f6b14a86b13c20ecc83967332599b26e958015798e341ca3e1c1d79a666a3b69904c4aeb5ff298477d2b5fd709a2fe09271dbe41910e3f439bef47efa6b650 diff --git a/net-misc/ntp/ntp-4.2.8_p15.ebuild b/net-misc/ntp/ntp-4.2.8_p15.ebuild index 1405367f2d42..dbad8c7dc8db 100644 --- a/net-misc/ntp/ntp-4.2.8_p15.ebuild +++ b/net-misc/ntp/ntp-4.2.8_p15.ebuild @@ -13,7 +13,7 @@ SRC_URI="http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-${PV:0:3}/${MY_P}.tar LICENSE="HPND BSD ISC" SLOT="0" -KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv s390 sparc x86 ~amd64-linux ~x86-linux" +KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv s390 sparc x86 ~amd64-linux ~x86-linux" IUSE="caps debug ipv6 libressl openntpd parse-clocks readline samba selinux snmp ssl +threads vim-syntax zeroconf" COMMON_DEPEND="readline? ( >=sys-libs/readline-4.1:0= ) diff --git a/net-misc/ntpsec/Manifest b/net-misc/ntpsec/Manifest index ca97b0b5cfe2..6eb096611ae3 100644 --- a/net-misc/ntpsec/Manifest +++ b/net-misc/ntpsec/Manifest @@ -6,6 +6,8 @@ AUX ntpsec-1.1.8-fix-missing-scmp_sys-on-aarch64.patch 536 BLAKE2B cac17041a05d0 AUX ntpsec-1.1.9-remove-asciidoctor-from-config.patch 680 BLAKE2B 7204a831b3dc0dba7f268febd10fa7599ef6b9bee30199ce10529d2d326719f5b376d301aabfef3beacecd4af813bcef1d6a65d61ab00996d72f1240f83ef8e3 SHA512 3e012ad70507f440ed3a4aca4886a96e40d49a0dd7c14572f664633a56139cb7767e07ee1bb5e8295fc32052914364660c928d11369b6f80193ae7e190e5a48e AUX ntpsec-no-bsd.patch 1538 BLAKE2B 6abb7acf23149a5a47f8e479bff090966e7e6161fc0d5bca1f9e5b9396d90898a783e7d309d6cdbdf689ea12314c804aa7a39f05b3f11d75a95eb337cea95b55 SHA512 7ddb346c7f0c9b30ea08ac28eaa39cf86e3d6cee7eaeba3bc7fe0883acd5087966e4e7beb298cee02607dfa3198a8c1dfcd9ce43ead820de3bb7014cefe75302 DIST ntpsec-1.1.9.tar.gz 2606066 BLAKE2B bbc482333c7f86936fa20751df1b427bc24be159969050caf5751e26724714bbf6491b120986563497f015c96ac9cdbdf0e999c6446a68798aff23076f631ecc SHA512 e04267aa675a5b528f3478d00329a569ecb9bbe2b6ad18697020854d2ee451bc188c4603cd5f420a08a7e3bf047d2db1301416f57f9156df23aceb1f57303b0b +DIST ntpsec-1.2.0.tar.gz 2625968 BLAKE2B 23ceae5a1f241fcf5a17801fec2f15f9b9d9d64a108bebe29bdc75196303091eaf0efee7df67ce10acefb7c8dba90ce1144a0c0c5432797d7659714d162f26bb SHA512 9e18b3ca2f786a1ea323ba2384b51cff3d862115cea1ae576fc98172c476ac5e7d0d0fc873e47be0b19b050204ea9ed49669d94e66eb94525068dd1b08a8ae71 EBUILD ntpsec-1.1.9.ebuild 4197 BLAKE2B 956af55af711b07390c1d600a6b3ad6b4ddd3effdd0f295c85e4b7a1c0ec3b9fd70286a772140afb4cb94fd292ae5be2fc843dad6e7fd34cc2dfc2b92eae4be8 SHA512 ed39608122eb5d414ddabc35e63676d40e0b1d0375247442a9a19383c0069f37530c1985d6cd3589a05468e16418464d5e53a6c6482998ea28f968e77730a2a6 +EBUILD ntpsec-1.2.0.ebuild 4321 BLAKE2B cc414051b27bfb5e901808961fbeb3b1d494de1ad1c4ccaa41ea8b37967427ec6c804f7db2e0eef6d4a65406154693f55687b7d596974d4b7c437f14e41fd2a3 SHA512 b1026b782588adac5e72e34e7b7b53cec039d9b7d2f6a0f0f3bb61fe901e63b836e516ae872634153f951396b5a1ac0d66f4a41d472a50a71d78cba2292070d4 EBUILD ntpsec-9999.ebuild 4056 BLAKE2B c47d9c0fe4c01f1d66f1dc115f801cf95a6d8a7646f621c6e127b898581eb211520ea63e2eef43999039c32d6cc2eafd15fe8721ef4a5484e3528658ab11385f SHA512 c64b7cac7418191e75aa827e800f535a193165f5395215ffa3aca99a6ed0675d5a5c060eb5a3ed662882f2b3911977b918fe9366b49c7a7053f2f186ec60c1d5 MISC metadata.xml 2078 BLAKE2B c15f3c9143653044f1da8fdf1e36298df819a6266ca369c511a9d4247cf32d93377b26f4898070c60d59b4737581b22b27a1097de38c314ec03cc908a18a31d3 SHA512 691f4b463d437616d897d979538e20726eda0a4835f3209639ef0ae7ecbcea6fd01c7bfd1849b91bfdd37e71b8306daa07cf6223a08848c7e45f8128135fa6fc diff --git a/net-misc/ntpsec/ntpsec-1.2.0.ebuild b/net-misc/ntpsec/ntpsec-1.2.0.ebuild new file mode 100644 index 000000000000..bc77d00d178c --- /dev/null +++ b/net-misc/ntpsec/ntpsec-1.2.0.ebuild @@ -0,0 +1,163 @@ +# Copyright 1999-2021 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 + +PYTHON_COMPAT=( python3_{6..9} ) +PYTHON_REQ_USE='threads(+)' + +inherit flag-o-matic python-r1 waf-utils systemd + +if [[ ${PV} == *9999* ]]; then + inherit git-r3 + EGIT_REPO_URI="https://gitlab.com/NTPsec/ntpsec.git" +else + SRC_URI="ftp://ftp.ntpsec.org/pub/releases/${PN}-${PV}.tar.gz" + RESTRICT="mirror" + KEYWORDS="~amd64 ~arm ~arm64 ~x86" +fi + +DESCRIPTION="The NTP reference implementation, refactored" +HOMEPAGE="https://www.ntpsec.org/" + +NTPSEC_REFCLOCK=( + oncore trimble truetime gpsd jjy generic spectracom + shm pps hpgps zyfer arbiter nmea neoclock modem + local) + +IUSE_NTPSEC_REFCLOCK=${NTPSEC_REFCLOCK[@]/#/rclock_} + +LICENSE="HPND MIT BSD-2 BSD CC-BY-SA-4.0" +SLOT="0" +IUSE="${IUSE_NTPSEC_REFCLOCK} debug doc early gdb heat libbsd nist ntpviz samba seccomp smear tests" #ionice +REQUIRED_USE="${PYTHON_REQUIRED_USE} nist? ( rclock_local )" + +# net-misc/pps-tools oncore,pps +CDEPEND="${PYTHON_DEPS} + sys-libs/libcap + dev-python/psutil[${PYTHON_USEDEP}] + libbsd? ( dev-libs/libbsd:0= ) + dev-libs/openssl:0= + seccomp? ( sys-libs/libseccomp ) +" +RDEPEND="${CDEPEND} + ntpviz? ( sci-visualization/gnuplot media-fonts/liberation-fonts ) + !net-misc/ntp + !net-misc/openntpd + acct-group/ntp + acct-user/ntp +" +DEPEND="${CDEPEND} + >=app-text/asciidoc-8.6.8 + dev-libs/libxslt + app-text/docbook-xsl-stylesheets + sys-devel/bison + rclock_oncore? ( net-misc/pps-tools ) + rclock_pps? ( net-misc/pps-tools ) +" + +PATCHES=( + "${FILESDIR}/${PN}-1.1.8-fix-missing-scmp_sys-on-aarch64.patch" + "${FILESDIR}/${PN}-1.1.9-remove-asciidoctor-from-config.patch" +) + +WAF_BINARY="${S}/waf" + +src_prepare() { + default + # Remove autostripping of binaries + sed -i -e '/Strip binaries/d' wscript + if ! use libbsd ; then + epatch "${FILESDIR}/${PN}-no-bsd.patch" + fi + # remove extra default pool servers + sed -i '/use-pool/s/^/#/' "${S}"/etc/ntp.d/default.conf + python_copy_sources +} + +src_configure() { + is-flagq -flto* && filter-flags -flto* -fuse-linker-plugin + + local string_127="" + local rclocks=""; + local CLOCKSTRING="" + + for refclock in ${NTPSEC_REFCLOCK[@]} ; do + if use rclock_${refclock} ; then + string_127+="$refclock," + fi + done + CLOCKSTRING="`echo ${string_127}|sed 's|,$||'`" + + local myconf=( + --nopyc + --nopyo + --enable-pylib ext + --refclock="${CLOCKSTRING}" + --build-epoch="$(date +%s)" + $(use doc || echo "--disable-doc") + $(use early && echo "--enable-early-droproot") + $(use gdb && echo "--enable-debug-gdb") + $(use samba && echo "--enable-mssntp") + $(use seccomp && echo "--enable-seccomp") + $(use smear && echo "--enable-leap-smear") + $(use tests && echo "--alltests") + $(use debug && echo "--enable-debug") + ) + + python_configure() { + waf-utils_src_configure "${myconf[@]}" + } + python_foreach_impl run_in_build_dir python_configure +} + +src_compile() { + unset MAKEOPTS + python_compile() { + waf-utils_src_compile + } + python_foreach_impl run_in_build_dir python_compile +} + +src_install() { + python_install() { + waf-utils_src_install + } + python_foreach_impl run_in_build_dir python_install + python_foreach_impl python_optimize + + # Install heat generating scripts + use heat && dosbin "${S}"/contrib/ntpheat{,usb} + + # Install the openrc files + newinitd "${FILESDIR}"/ntpd.rc-r2 ntp + newconfd "${FILESDIR}"/ntpd.confd ntp + + # Install the systemd unit file + systemd_newunit "${FILESDIR}"/ntpd-r1.service ntpd.service + + # Prepare a directory for the ntp.drift file + mkdir -pv "${ED}"/var/lib/ntp + chown ntp:ntp "${ED}"/var/lib/ntp + chmod 770 "${ED}"/var/lib/ntp + keepdir /var/lib/ntp + + # Install a log rotate script + mkdir -pv "${ED}"/etc/logrotate.d + cp -v "${S}"/etc/logrotate-config.ntpd "${ED}"/etc/logrotate.d/ntpd + + # Install the configuration file and sample configuration + cp -v "${FILESDIR}"/ntp.conf "${ED}"/etc/ntp.conf + cp -Rv "${S}"/etc/ntp.d/ "${ED}"/etc/ + + # move doc files to /usr/share/doc/"${P}" + use doc && mv -v "${ED}"/usr/share/doc/"${PN}" "${ED}"/usr/share/doc/"${P}"/html +} + +pkg_postinst() { + einfo "If you want to serve time on your local network, then" + einfo "you should disable all the ref_clocks unless you have" + einfo "one and can get stable time from it. Feel free to try" + einfo "it but PPS probably won't work unless you have a UART" + einfo "GPS that actually provides PPS messages." +} diff --git a/net-misc/openssh/Manifest b/net-misc/openssh/Manifest index ea485dca117a..d2d5155c47c5 100644 --- a/net-misc/openssh/Manifest +++ b/net-misc/openssh/Manifest @@ -52,8 +52,8 @@ DIST openssh-8_1_P1-hpn-PeakTput-14.20.diff 2012 BLAKE2B e42c43128f1d82b4de1517e DIST openssh-8_3_P1-hpn-AES-CTR-14.22.diff 29963 BLAKE2B 19b82f4ff820f52dafaa5b3f09f8a0a67f318771c1c7276b9d37e4a6412052c9c53347f880f2d78981af3830432704b9ad74b375241965326530ae23ec8d74a2 SHA512 49f2778831dc768850870a1755da9cdd7d3bc83fa87069070f5a1d357ce9bdadeb2506c8ff3c6b055708da12a70e9ede7ed0e8a29fcab441abb55c9d483663be DIST openssh-8_3_P1-hpn-DynWinNoneSwitch-14.22.diff 42783 BLAKE2B 10940c35ae6bdc33e58bc9abd9cd7a551d4ca76a175400acb872906805bd04d384f57e81049b183d7d892ce1b5f7a138e197366369fe12e5c9dc1349850b0582 SHA512 c09162b96e0ffadc59c6076507bc843e6f8f2fb372140b84181f5fb2894225b1e05a831d85ba689c35c322b5a99302b9db77c324f978f1a46a16b185b3cb28dd DIST openssh-8_3_P1-hpn-PeakTput-14.22.diff 2012 BLAKE2B 701f46da022e7ecf35b57f41bf5682a37be453c175928d3ff3df09292275e6021f6108a20c02eec9d636e85ee5a8e05b7233ada180edf1209a3dc4b139d58858 SHA512 026f65c62e4c05b69661094d41bf338df608e2a9b23ef95588062e3bd68729733dae32adab783609a6eca810ccdcbddee25e7649a534c9a283a03282f73438bb -EBUILD openssh-8.1_p1-r4.ebuild 16449 BLAKE2B 405605bea6246ce0003dc1bba0077bea05d26e55f13ceda2dbe48d3f4a5cbd00a18e4ec85d2d4495200f31a93b9cb24705f85a01693ef7da9a9451f456b66492 SHA512 066909ba9b01e333a3e20ae965b7282179069f26971cca25c4b48bf03348c2c4589e431ceefa3a59b4658b91d7cb75652b32271ca8285d51542adc288253be96 -EBUILD openssh-8.2_p1-r7.ebuild 16875 BLAKE2B 7b5e94f6432b9471ff3bd79f0a0db35fd7f2c752a0921171b736229bffc31bed854d4bfcab75141670a95c310b943c302590f4ea7721f9aa7212033979fc1274 SHA512 7920af478491afadc9d3550c44e6bfc797767b9c0a775ec3ef5e4d116f5d80712261dee5f11ef179bff4ed8c7ce1a66cf6e21cc33f42c0dd41c917c8b7c48402 -EBUILD openssh-8.3_p1-r5.ebuild 17606 BLAKE2B c10216a426742ca807f6ca7be4adc8462c1c66571f80091eba53ed218de4c182e4e1a44df2afa2c6cbd0a4a250001c6890f5fe8b5855f85ae08901f5aff4bc9e SHA512 cb5a66c09184a57936e652e82f9eb3ae169d50d9213d173b30836013039b538e1c3af2a0c452676d8c15c064e054c8940e8e3d5da4123ce8f56fdf3a837e521a -EBUILD openssh-8.4_p1-r2.ebuild 17679 BLAKE2B b6c9c35a26accdf248e57d66a4e5dc530cc40a7f1c92c6343c37ffba60188a8ab28fdf78b1f4afd306eb86cab12152d769800ec9cdfc2448ec88da396200a9a0 SHA512 0102006a643de2ce3e101fadb43c7d7f2b381ad1331c6d9ede0ae98ac422ead9e327b10b3c2e73498e0a8558f4045ac3be3d9642e89de0e6658869cb01f1955b +EBUILD openssh-8.1_p1-r5.ebuild 16472 BLAKE2B e070e5ea54fbc3a941003a03bfed11b8d2ea79d39687cf7ccacae7b6f23e4b006ae91c149aba9d5247cd47ab8debd19f2e968e1c0d0a50a8e2a921a25bbb9e28 SHA512 fc5030fb70ade22710946b56a19b75f6d0bd5bba43c4748c51877c88e3233983d383468170e8dd115bfe64554b88226560e74b9bf6c8d2c2bd78490ec0165a89 +EBUILD openssh-8.2_p1-r8.ebuild 16898 BLAKE2B 384984351a2916ea1c2b7bc327fb01fe68f6a7590356e5f54e30ea5a046762d3d11d511765a4155102376ba57d5bc163059fb52e2efb927613d113a2f870b366 SHA512 12676c70496c7a88057ef79ba2d8d9b1f817ae487b9d298998427d8008794261a6f2a11dd00a598df9c5a28b29dd69b3fbb47828917cfe6abdf85d8af7f17c2c +EBUILD openssh-8.3_p1-r6.ebuild 17629 BLAKE2B b5b09882a21c914466e69ff8aa6f17cac5f55f42f4e21c766254bc4a4cb38519fa60f58444176280f2cba09825d44ba2c1c40682516a01362b72eec3c0da72ba SHA512 0bf82550094b7c82a4403469730878c62921e553d2af8402d5a6c98039564c50ee004099a2a8d755909ff172a37f20a482ac936967ad3a366be8ab0e1a8b6274 +EBUILD openssh-8.4_p1-r3.ebuild 17822 BLAKE2B 33429fc7138dafc13940b6956af610fc15e4d16efd2cc8b318e510365c86c96b73de3961d8506e072ca2972a0e97fa7155af457e310c307d339f451657affbec SHA512 0d37ad65c202611424972d3cb2d5cd43bc57ef2cbf96165fae3a053c45c512c59d060430155292148702df079a60f569e508fdfdccfafc2dbb8fc4c3f2aacb86 MISC metadata.xml 2101 BLAKE2B fabe0e83b78f80666415646d7b85b296c8026f5e7465705555d03237a289208238e182919e75bec29d1113a5b7483a66b53a421e8881533af5d25c79521d9a08 SHA512 b9eb68f11fa10e763f529da88e252a94ccd89b41e857f39bf7c887ddc38c1bfd4aa9e9383a69c506080531f396ad5fdd9e1f811529a04864447a7b3e833c0e9f diff --git a/net-misc/openssh/openssh-8.1_p1-r4.ebuild b/net-misc/openssh/openssh-8.1_p1-r4.ebuild deleted file mode 100644 index 8ca157b9c135..000000000000 --- a/net-misc/openssh/openssh-8.1_p1-r4.ebuild +++ /dev/null @@ -1,469 +0,0 @@ -# Copyright 1999-2021 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=7 - -inherit user-info flag-o-matic multilib autotools pam systemd toolchain-funcs - -# Make it more portable between straight releases -# and _p? releases. -PARCH=${P/_} -HPN_PV="${PV^^}" - -HPN_VER="14.20" -HPN_PATCHES=( - ${PN}-${HPN_PV/./_}-hpn-DynWinNoneSwitch-${HPN_VER}.diff - ${PN}-${HPN_PV/./_}-hpn-AES-CTR-${HPN_VER}.diff - ${PN}-${HPN_PV/./_}-hpn-PeakTput-${HPN_VER}.diff -) - -SCTP_VER="1.2" SCTP_PATCH="${PARCH}-sctp-${SCTP_VER}.patch.xz" -X509_VER="12.3" X509_PATCH="${PARCH}+x509-${X509_VER}.diff.gz" - -PATCH_SET="openssh-7.9p1-patches-1.0" - -DESCRIPTION="Port of OpenBSD's free SSH release" -HOMEPAGE="https://www.openssh.com/" -SRC_URI="mirror://openbsd/OpenSSH/portable/${PARCH}.tar.gz - https://dev.gentoo.org/~chutzpah/dist/openssh/${P}-glibc-2.31-patches.tar.xz - ${SCTP_PATCH:+sctp? ( https://dev.gentoo.org/~chutzpah/dist/openssh/${SCTP_PATCH} )} - ${HPN_VER:+hpn? ( $(printf "mirror://sourceforge/hpnssh/HPN-SSH%%20${HPN_VER/./v}%%20${HPN_PV/_P/p}/%s\n" "${HPN_PATCHES[@]}") )} - ${X509_PATCH:+X509? ( https://roumenpetrov.info/openssh/x509-${X509_VER}/${X509_PATCH} )} -" -S="${WORKDIR}/${PARCH}" - -LICENSE="BSD GPL-2" -SLOT="0" -KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv s390 sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" -# Probably want to drop ssl defaulting to on in a future version. -IUSE="abi_mips_n32 audit bindist debug hpn kerberos kernel_linux ldns libedit libressl livecd pam +pie sctp selinux +ssl static test X X509 xmss" - -RESTRICT="!test? ( test )" - -REQUIRED_USE=" - ldns? ( ssl ) - pie? ( !static ) - static? ( !kerberos !pam ) - X509? ( !sctp ssl ) - test? ( ssl ) -" - -LIB_DEPEND=" - audit? ( sys-process/audit[static-libs(+)] ) - ldns? ( - net-libs/ldns[static-libs(+)] - !bindist? ( net-libs/ldns[ecdsa,ssl(+)] ) - bindist? ( net-libs/ldns[-ecdsa,ssl(+)] ) - ) - libedit? ( dev-libs/libedit:=[static-libs(+)] ) - sctp? ( net-misc/lksctp-tools[static-libs(+)] ) - selinux? ( >=sys-libs/libselinux-1.28[static-libs(+)] ) - ssl? ( - !libressl? ( - || ( - ( - >=dev-libs/openssl-1.0.1:0[bindist=] - =dev-libs/openssl-1.1.0g:0[bindist=] - ) - dev-libs/openssl:0=[static-libs(+)] - ) - libressl? ( dev-libs/libressl:0=[static-libs(+)] ) - ) - virtual/libcrypt:=[static-libs(+)] - >=sys-libs/zlib-1.2.3:=[static-libs(+)] -" -RDEPEND=" - acct-group/sshd - acct-user/sshd - !static? ( ${LIB_DEPEND//\[static-libs(+)]} ) - pam? ( sys-libs/pam ) - kerberos? ( virtual/krb5 ) -" -DEPEND="${RDEPEND} - virtual/os-headers - kernel_linux? ( >=sys-kernel/linux-headers-5.1 ) - static? ( ${LIB_DEPEND} ) -" -RDEPEND="${RDEPEND} - pam? ( >=sys-auth/pambase-20081028 ) - userland_GNU? ( !prefix? ( sys-apps/shadow ) ) - X? ( x11-apps/xauth ) -" -BDEPEND=" - virtual/pkgconfig - sys-devel/autoconf -" - -pkg_pretend() { - # this sucks, but i'd rather have people unable to `emerge -u openssh` - # than not be able to log in to their server any more - maybe_fail() { [[ -z ${!2} ]] && echo "$1" ; } - local fail=" - $(use hpn && maybe_fail hpn HPN_VER) - $(use sctp && maybe_fail sctp SCTP_PATCH) - $(use X509 && maybe_fail X509 X509_PATCH) - " - fail=$(echo ${fail}) - if [[ -n ${fail} ]] ; then - eerror "Sorry, but this version does not yet support features" - eerror "that you requested: ${fail}" - eerror "Please mask ${PF} for now and check back later:" - eerror " # echo '=${CATEGORY}/${PF}' >> /etc/portage/package.mask" - die "booooo" - fi - - # Make sure people who are using tcp wrappers are notified of its removal. #531156 - if grep -qs '^ *sshd *:' "${EROOT}"/etc/hosts.{allow,deny} ; then - ewarn "Sorry, but openssh no longer supports tcp-wrappers, and it seems like" - ewarn "you're trying to use it. Update your ${EROOT}/etc/hosts.{allow,deny} please." - fi -} - -src_prepare() { - sed -i \ - -e "/_PATH_XAUTH/s:/usr/X11R6/bin/xauth:${EPREFIX}/usr/bin/xauth:" \ - pathnames.h || die - - # don't break .ssh/authorized_keys2 for fun - sed -i '/^AuthorizedKeysFile/s:^:#:' sshd_config || die - - eapply "${FILESDIR}"/${PN}-7.9_p1-include-stdlib.patch - eapply "${FILESDIR}"/${PN}-8.1_p1-GSSAPI-dns.patch #165444 integrated into gsskex - eapply "${FILESDIR}"/${PN}-6.7_p1-openssl-ignore-status.patch - eapply "${FILESDIR}"/${PN}-7.5_p1-disable-conch-interop-tests.patch - eapply "${FILESDIR}"/${PN}-8.0_p1-fix-putty-tests.patch - eapply "${FILESDIR}"/${PN}-8.0_p1-deny-shmget-shmat-shmdt-in-preauth-privsep-child.patch - eapply "${FILESDIR}"/${PN}-8.1_p1-tests-2020.patch - - [[ -d ${WORKDIR}/patches ]] && eapply "${WORKDIR}"/patches - - local PATCHSET_VERSION_MACROS=() - - if use X509 ; then - pushd "${WORKDIR}" &>/dev/null || die - eapply "${FILESDIR}/${P}-X509-glue-"${X509_VER}".patch" - popd &>/dev/null || die - - eapply "${WORKDIR}"/${X509_PATCH%.*} - eapply "${FILESDIR}"/${P}-X509-$(ver_cut 1-2 ${X509_VER})-tests.patch - - # We need to patch package version or any X.509 sshd will reject our ssh client - # with "userauth_pubkey: could not parse key: string is too large [preauth]" - # error - einfo "Patching package version for X.509 patch set ..." - sed -i \ - -e "s/^AC_INIT(\[OpenSSH\], \[Portable\]/AC_INIT([OpenSSH], [${X509_VER}]/" \ - "${S}"/configure.ac || die "Failed to patch package version for X.509 patch" - - einfo "Patching version.h to expose X.509 patch set ..." - sed -i \ - -e "/^#define SSH_PORTABLE.*/a #define SSH_X509 \"-PKIXSSH-${X509_VER}\"" \ - "${S}"/version.h || die "Failed to sed-in X.509 patch version" - PATCHSET_VERSION_MACROS+=( 'SSH_X509' ) - fi - - if use sctp ; then - eapply "${WORKDIR}"/${SCTP_PATCH%.*} - - einfo "Patching version.h to expose SCTP patch set ..." - sed -i \ - -e "/^#define SSH_PORTABLE/a #define SSH_SCTP \"-sctp-${SCTP_VER}\"" \ - "${S}"/version.h || die "Failed to sed-in SCTP patch version" - PATCHSET_VERSION_MACROS+=( 'SSH_SCTP' ) - - einfo "Disabling know failing test (cfgparse) caused by SCTP patch ..." - sed -i \ - -e "/\t\tcfgparse \\\/d" \ - "${S}"/regress/Makefile || die "Failed to disable known failing test (cfgparse) caused by SCTP patch" - fi - - if use hpn ; then - local hpn_patchdir="${T}/${P}-hpn${HPN_VER}" - mkdir "${hpn_patchdir}" || die - cp $(printf -- "${DISTDIR}/%s\n" "${HPN_PATCHES[@]}") "${hpn_patchdir}" || die - pushd "${hpn_patchdir}" &>/dev/null || die - eapply "${FILESDIR}"/${PN}-8.1_p1-hpn-${HPN_VER}-glue.patch - if use X509; then - # einfo "Will disable MT AES cipher due to incompatbility caused by X509 patch set" - # # X509 and AES-CTR-MT don't get along, let's just drop it - # rm openssh-${HPN_PV//./_}-hpn-AES-CTR-${HPN_VER}.diff || die - eapply "${FILESDIR}"/${PN}-8.0_p1-hpn-${HPN_VER}-X509-glue.patch - fi - use sctp && eapply "${FILESDIR}"/${PN}-8.1_p1-hpn-${HPN_VER}-sctp-glue.patch - popd &>/dev/null || die - - eapply "${hpn_patchdir}" - - use X509 || eapply "${FILESDIR}/openssh-8.0_p1-hpn-version.patch" - - einfo "Patching Makefile.in for HPN patch set ..." - sed -i \ - -e "/^LIBS=/ s/\$/ -lpthread/" \ - "${S}"/Makefile.in || die "Failed to patch Makefile.in" - - einfo "Patching version.h to expose HPN patch set ..." - sed -i \ - -e "/^#define SSH_PORTABLE/a #define SSH_HPN \"-hpn${HPN_VER//./v}\"" \ - "${S}"/version.h || die "Failed to sed-in HPN patch version" - PATCHSET_VERSION_MACROS+=( 'SSH_HPN' ) - - if [[ -n "${HPN_DISABLE_MTAES}" ]] ; then - einfo "Disabling known non-working MT AES cipher per default ..." - - cat > "${T}"/disable_mtaes.conf <<- EOF - - # HPN's Multi-Threaded AES CTR cipher is currently known to be broken - # and therefore disabled per default. - DisableMTAES yes - EOF - sed -i \ - -e "/^#HPNDisabled.*/r ${T}/disable_mtaes.conf" \ - "${S}"/sshd_config || die "Failed to disabled MT AES ciphers in sshd_config" - - sed -i \ - -e "/AcceptEnv.*_XXX_TEST$/a \\\tDisableMTAES\t\tyes" \ - "${S}"/regress/test-exec.sh || die "Failed to disable MT AES ciphers in test config" - fi - fi - - if use X509 || use sctp || use hpn ; then - einfo "Patching sshconnect.c to use SSH_RELEASE in send_client_banner() ..." - sed -i \ - -e "s/PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION/PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_RELEASE/" \ - "${S}"/sshconnect.c || die "Failed to patch send_client_banner() to use SSH_RELEASE (sshconnect.c)" - - einfo "Patching sshd.c to use SSH_RELEASE in sshd_exchange_identification() ..." - sed -i \ - -e "s/PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION/PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_RELEASE/" \ - "${S}"/sshd.c || die "Failed to patch sshd_exchange_identification() to use SSH_RELEASE (sshd.c)" - - einfo "Patching version.h to add our patch sets to SSH_RELEASE ..." - sed -i \ - -e "s/^#define SSH_RELEASE.*/#define SSH_RELEASE SSH_VERSION SSH_PORTABLE ${PATCHSET_VERSION_MACROS[*]}/" \ - "${S}"/version.h || die "Failed to patch SSH_RELEASE (version.h)" - fi - - sed -i \ - -e "/#UseLogin no/d" \ - "${S}"/sshd_config || die "Failed to remove removed UseLogin option (sshd_config)" - - eapply_user #473004 - - tc-export PKG_CONFIG - local sed_args=( - -e "s:-lcrypto:$(${PKG_CONFIG} --libs openssl):" - # Disable PATH reset, trust what portage gives us #254615 - -e 's:^PATH=/:#PATH=/:' - # Disable fortify flags ... our gcc does this for us - -e 's:-D_FORTIFY_SOURCE=2::' - ) - - # The -ftrapv flag ICEs on hppa #505182 - use hppa && sed_args+=( - -e '/CFLAGS/s:-ftrapv:-fdisable-this-test:' - -e '/OSSH_CHECK_CFLAG_LINK.*-ftrapv/d' - ) - # _XOPEN_SOURCE causes header conflicts on Solaris - [[ ${CHOST} == *-solaris* ]] && sed_args+=( - -e 's/-D_XOPEN_SOURCE//' - ) - sed -i "${sed_args[@]}" configure{.ac,} || die - - eautoreconf -} - -src_configure() { - addwrite /dev/ptmx - - use debug && append-cppflags -DSANDBOX_SECCOMP_FILTER_DEBUG - use static && append-ldflags -static - use xmss && append-cflags -DWITH_XMSS - - local myconf=( - --with-ldflags="${LDFLAGS}" - --disable-strip - --with-pid-dir="${EPREFIX}"$(usex kernel_linux '' '/var')/run - --sysconfdir="${EPREFIX}"/etc/ssh - --libexecdir="${EPREFIX}"/usr/$(get_libdir)/misc - --datadir="${EPREFIX}"/usr/share/openssh - --with-privsep-path="${EPREFIX}"/var/empty - --with-privsep-user=sshd - $(use_with audit audit linux) - $(use_with kerberos kerberos5 "${EPREFIX}"/usr) - # We apply the sctp patch conditionally, so can't pass --without-sctp - # unconditionally else we get unknown flag warnings. - $(use sctp && use_with sctp) - $(use_with ldns ldns "${EPREFIX}"/usr) - $(use_with libedit) - $(use_with pam) - $(use_with pie) - $(use_with selinux) - $(use_with ssl openssl) - $(use_with ssl md5-passwords) - $(use_with ssl ssl-engine) - $(use_with !elibc_Cygwin hardening) #659210 - ) - - # stackprotect is broken on musl x86 and ppc - use elibc_musl && ( use x86 || use ppc ) && myconf+=( --without-stackprotect ) - - # The seccomp sandbox is broken on x32, so use the older method for now. #553748 - use amd64 && [[ ${ABI} == "x32" ]] && myconf+=( --with-sandbox=rlimit ) - - econf "${myconf[@]}" -} - -src_test() { - local t skipped=() failed=() passed=() - local tests=( interop-tests compat-tests ) - - local shell=$(egetshell "${UID}") - if [[ ${shell} == */nologin ]] || [[ ${shell} == */false ]] ; then - elog "Running the full OpenSSH testsuite requires a usable shell for the 'portage'" - elog "user, so we will run a subset only." - skipped+=( tests ) - else - tests+=( tests ) - fi - - # It will also attempt to write to the homedir .ssh. - local sshhome=${T}/homedir - mkdir -p "${sshhome}"/.ssh - for t in "${tests[@]}" ; do - # Some tests read from stdin ... - HOMEDIR="${sshhome}" HOME="${sshhome}" SUDO="" \ - emake -k -j1 ${t} > "${ED}"/etc/ssh/sshd_config - - # Allow client to pass locale environment variables. #367017 - AcceptEnv ${locale_vars[*]} - - # Allow client to pass COLORTERM to match TERM. #658540 - AcceptEnv COLORTERM - EOF - - # Then the client config. - cat <<-EOF >> "${ED}"/etc/ssh/ssh_config - - # Send locale environment variables. #367017 - SendEnv ${locale_vars[*]} - - # Send COLORTERM to match TERM. #658540 - SendEnv COLORTERM - EOF - - if use pam ; then - sed -i \ - -e "/^#UsePAM /s:.*:UsePAM yes:" \ - -e "/^#PasswordAuthentication /s:.*:PasswordAuthentication no:" \ - -e "/^#PrintMotd /s:.*:PrintMotd no:" \ - -e "/^#PrintLastLog /s:.*:PrintLastLog no:" \ - "${ED}"/etc/ssh/sshd_config || die - fi - - if use livecd ; then - sed -i \ - -e '/^#PermitRootLogin/c# Allow root login with password on livecds.\nPermitRootLogin Yes' \ - "${ED}"/etc/ssh/sshd_config || die - fi -} - -src_install() { - emake install-nokeys DESTDIR="${D}" - fperms 600 /etc/ssh/sshd_config - dobin contrib/ssh-copy-id - newinitd "${FILESDIR}"/sshd-r1.initd sshd - newconfd "${FILESDIR}"/sshd-r1.confd sshd - - newpamd "${FILESDIR}"/sshd.pam_include.2 sshd - - tweak_ssh_configs - - doman contrib/ssh-copy-id.1 - dodoc CREDITS OVERVIEW README* TODO sshd_config - use hpn && dodoc HPN-README - use X509 || dodoc ChangeLog - - diropts -m 0700 - dodir /etc/skel/.ssh - - keepdir /var/empty - - systemd_dounit "${FILESDIR}"/sshd.{service,socket} - systemd_newunit "${FILESDIR}"/sshd_at.service 'sshd@.service' -} - -pkg_postinst() { - if has_version "<${CATEGORY}/${PN}-5.8_p1" ; then - elog "Starting with openssh-5.8p1, the server will default to a newer key" - elog "algorithm (ECDSA). You are encouraged to manually update your stored" - elog "keys list as servers update theirs. See ssh-keyscan(1) for more info." - fi - if has_version "<${CATEGORY}/${PN}-7.0_p1" ; then - elog "Starting with openssh-6.7, support for USE=tcpd has been dropped by upstream." - elog "Make sure to update any configs that you might have. Note that xinetd might" - elog "be an alternative for you as it supports USE=tcpd." - fi - if has_version "<${CATEGORY}/${PN}-7.1_p1" ; then #557388 #555518 - elog "Starting with openssh-7.0, support for ssh-dss keys were disabled due to their" - elog "weak sizes. If you rely on these key types, you can re-enable the key types by" - elog "adding to your sshd_config or ~/.ssh/config files:" - elog " PubkeyAcceptedKeyTypes=+ssh-dss" - elog "You should however generate new keys using rsa or ed25519." - - elog "Starting with openssh-7.0, the default for PermitRootLogin changed from 'yes'" - elog "to 'prohibit-password'. That means password auth for root users no longer works" - elog "out of the box. If you need this, please update your sshd_config explicitly." - fi - if has_version "<${CATEGORY}/${PN}-7.6_p1" ; then - elog "Starting with openssh-7.6p1, openssh upstream has removed ssh1 support entirely." - elog "Furthermore, rsa keys with less than 1024 bits will be refused." - fi - if has_version "<${CATEGORY}/${PN}-7.7_p1" ; then - elog "Starting with openssh-7.7p1, we no longer patch openssh to provide LDAP functionality." - elog "Install sys-auth/ssh-ldap-pubkey and use OpenSSH's \"AuthorizedKeysCommand\" option" - elog "if you need to authenticate against LDAP." - elog "See https://wiki.gentoo.org/wiki/SSH/LDAP_migration for more details." - fi - if ! use ssl && has_version "${CATEGORY}/${PN}[ssl]" ; then - elog "Be aware that by disabling openssl support in openssh, the server and clients" - elog "no longer support dss/rsa/ecdsa keys. You will need to generate ed25519 keys" - elog "and update all clients/servers that utilize them." - fi - - if use hpn && [[ -n "${HPN_DISABLE_MTAES}" ]] ; then - elog "" - elog "HPN's multi-threaded AES CTR cipher is currently known to be broken" - elog "and therefore disabled at runtime per default." - elog "Make sure your sshd_config is up to date and contains" - elog "" - elog " DisableMTAES yes" - elog "" - elog "Otherwise you maybe unable to connect to this sshd using any AES CTR cipher." - elog "" - fi -} diff --git a/net-misc/openssh/openssh-8.1_p1-r5.ebuild b/net-misc/openssh/openssh-8.1_p1-r5.ebuild new file mode 100644 index 000000000000..e055a207b9d5 --- /dev/null +++ b/net-misc/openssh/openssh-8.1_p1-r5.ebuild @@ -0,0 +1,471 @@ +# Copyright 1999-2021 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +inherit user-info flag-o-matic multilib autotools pam systemd toolchain-funcs + +# Make it more portable between straight releases +# and _p? releases. +PARCH=${P/_} +HPN_PV="${PV^^}" + +HPN_VER="14.20" +HPN_PATCHES=( + ${PN}-${HPN_PV/./_}-hpn-DynWinNoneSwitch-${HPN_VER}.diff + ${PN}-${HPN_PV/./_}-hpn-AES-CTR-${HPN_VER}.diff + ${PN}-${HPN_PV/./_}-hpn-PeakTput-${HPN_VER}.diff +) + +SCTP_VER="1.2" SCTP_PATCH="${PARCH}-sctp-${SCTP_VER}.patch.xz" +X509_VER="12.3" X509_PATCH="${PARCH}+x509-${X509_VER}.diff.gz" + +PATCH_SET="openssh-7.9p1-patches-1.0" + +DESCRIPTION="Port of OpenBSD's free SSH release" +HOMEPAGE="https://www.openssh.com/" +SRC_URI="mirror://openbsd/OpenSSH/portable/${PARCH}.tar.gz + https://dev.gentoo.org/~chutzpah/dist/openssh/${P}-glibc-2.31-patches.tar.xz + ${SCTP_PATCH:+sctp? ( https://dev.gentoo.org/~chutzpah/dist/openssh/${SCTP_PATCH} )} + ${HPN_VER:+hpn? ( $(printf "mirror://sourceforge/hpnssh/HPN-SSH%%20${HPN_VER/./v}%%20${HPN_PV/_P/p}/%s\n" "${HPN_PATCHES[@]}") )} + ${X509_PATCH:+X509? ( https://roumenpetrov.info/openssh/x509-${X509_VER}/${X509_PATCH} )} +" +S="${WORKDIR}/${PARCH}" + +LICENSE="BSD GPL-2" +SLOT="0" +KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv s390 sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" +# Probably want to drop ssl defaulting to on in a future version. +IUSE="abi_mips_n32 audit bindist debug hpn kerberos kernel_linux ldns libedit libressl livecd pam +pie sctp selinux +ssl static test X X509 xmss" + +RESTRICT="!test? ( test )" + +REQUIRED_USE=" + ldns? ( ssl ) + pie? ( !static ) + static? ( !kerberos !pam ) + X509? ( !sctp ssl ) + test? ( ssl ) +" + +LIB_DEPEND=" + audit? ( sys-process/audit[static-libs(+)] ) + ldns? ( + net-libs/ldns[static-libs(+)] + !bindist? ( net-libs/ldns[ecdsa,ssl(+)] ) + bindist? ( net-libs/ldns[-ecdsa,ssl(+)] ) + ) + libedit? ( dev-libs/libedit:=[static-libs(+)] ) + sctp? ( net-misc/lksctp-tools[static-libs(+)] ) + selinux? ( >=sys-libs/libselinux-1.28[static-libs(+)] ) + ssl? ( + !libressl? ( + || ( + ( + >=dev-libs/openssl-1.0.1:0[bindist=] + =dev-libs/openssl-1.1.0g:0[bindist=] + ) + dev-libs/openssl:0=[static-libs(+)] + ) + libressl? ( dev-libs/libressl:0=[static-libs(+)] ) + ) + virtual/libcrypt:=[static-libs(+)] + >=sys-libs/zlib-1.2.3:=[static-libs(+)] +" +RDEPEND=" + acct-group/sshd + acct-user/sshd + !static? ( ${LIB_DEPEND//\[static-libs(+)]} ) + pam? ( sys-libs/pam ) + kerberos? ( virtual/krb5 ) +" +DEPEND="${RDEPEND} + virtual/os-headers + kernel_linux? ( >=sys-kernel/linux-headers-5.1 ) + static? ( ${LIB_DEPEND} ) +" +RDEPEND="${RDEPEND} + pam? ( >=sys-auth/pambase-20081028 ) + userland_GNU? ( !prefix? ( sys-apps/shadow ) ) + X? ( x11-apps/xauth ) +" +BDEPEND=" + virtual/pkgconfig + sys-devel/autoconf +" + +pkg_pretend() { + # this sucks, but i'd rather have people unable to `emerge -u openssh` + # than not be able to log in to their server any more + maybe_fail() { [[ -z ${!2} ]] && echo "$1" ; } + local fail=" + $(use hpn && maybe_fail hpn HPN_VER) + $(use sctp && maybe_fail sctp SCTP_PATCH) + $(use X509 && maybe_fail X509 X509_PATCH) + " + fail=$(echo ${fail}) + if [[ -n ${fail} ]] ; then + eerror "Sorry, but this version does not yet support features" + eerror "that you requested: ${fail}" + eerror "Please mask ${PF} for now and check back later:" + eerror " # echo '=${CATEGORY}/${PF}' >> /etc/portage/package.mask" + die "booooo" + fi + + # Make sure people who are using tcp wrappers are notified of its removal. #531156 + if grep -qs '^ *sshd *:' "${EROOT}"/etc/hosts.{allow,deny} ; then + ewarn "Sorry, but openssh no longer supports tcp-wrappers, and it seems like" + ewarn "you're trying to use it. Update your ${EROOT}/etc/hosts.{allow,deny} please." + fi +} + +src_prepare() { + sed -i \ + -e "/_PATH_XAUTH/s:/usr/X11R6/bin/xauth:${EPREFIX}/usr/bin/xauth:" \ + pathnames.h || die + + # don't break .ssh/authorized_keys2 for fun + sed -i '/^AuthorizedKeysFile/s:^:#:' sshd_config || die + + eapply "${FILESDIR}"/${PN}-7.9_p1-include-stdlib.patch + eapply "${FILESDIR}"/${PN}-8.1_p1-GSSAPI-dns.patch #165444 integrated into gsskex + eapply "${FILESDIR}"/${PN}-6.7_p1-openssl-ignore-status.patch + eapply "${FILESDIR}"/${PN}-7.5_p1-disable-conch-interop-tests.patch + eapply "${FILESDIR}"/${PN}-8.0_p1-fix-putty-tests.patch + eapply "${FILESDIR}"/${PN}-8.0_p1-deny-shmget-shmat-shmdt-in-preauth-privsep-child.patch + eapply "${FILESDIR}"/${PN}-8.1_p1-tests-2020.patch + + [[ -d ${WORKDIR}/patches ]] && eapply "${WORKDIR}"/patches + + local PATCHSET_VERSION_MACROS=() + + if use X509 ; then + pushd "${WORKDIR}" &>/dev/null || die + eapply "${FILESDIR}/${P}-X509-glue-"${X509_VER}".patch" + popd &>/dev/null || die + + eapply "${WORKDIR}"/${X509_PATCH%.*} + eapply "${FILESDIR}"/${P}-X509-$(ver_cut 1-2 ${X509_VER})-tests.patch + + # We need to patch package version or any X.509 sshd will reject our ssh client + # with "userauth_pubkey: could not parse key: string is too large [preauth]" + # error + einfo "Patching package version for X.509 patch set ..." + sed -i \ + -e "s/^AC_INIT(\[OpenSSH\], \[Portable\]/AC_INIT([OpenSSH], [${X509_VER}]/" \ + "${S}"/configure.ac || die "Failed to patch package version for X.509 patch" + + einfo "Patching version.h to expose X.509 patch set ..." + sed -i \ + -e "/^#define SSH_PORTABLE.*/a #define SSH_X509 \"-PKIXSSH-${X509_VER}\"" \ + "${S}"/version.h || die "Failed to sed-in X.509 patch version" + PATCHSET_VERSION_MACROS+=( 'SSH_X509' ) + fi + + if use sctp ; then + eapply "${WORKDIR}"/${SCTP_PATCH%.*} + + einfo "Patching version.h to expose SCTP patch set ..." + sed -i \ + -e "/^#define SSH_PORTABLE/a #define SSH_SCTP \"-sctp-${SCTP_VER}\"" \ + "${S}"/version.h || die "Failed to sed-in SCTP patch version" + PATCHSET_VERSION_MACROS+=( 'SSH_SCTP' ) + + einfo "Disabling know failing test (cfgparse) caused by SCTP patch ..." + sed -i \ + -e "/\t\tcfgparse \\\/d" \ + "${S}"/regress/Makefile || die "Failed to disable known failing test (cfgparse) caused by SCTP patch" + fi + + if use hpn ; then + local hpn_patchdir="${T}/${P}-hpn${HPN_VER}" + mkdir "${hpn_patchdir}" || die + cp $(printf -- "${DISTDIR}/%s\n" "${HPN_PATCHES[@]}") "${hpn_patchdir}" || die + pushd "${hpn_patchdir}" &>/dev/null || die + eapply "${FILESDIR}"/${PN}-8.1_p1-hpn-${HPN_VER}-glue.patch + if use X509; then + # einfo "Will disable MT AES cipher due to incompatbility caused by X509 patch set" + # # X509 and AES-CTR-MT don't get along, let's just drop it + # rm openssh-${HPN_PV//./_}-hpn-AES-CTR-${HPN_VER}.diff || die + eapply "${FILESDIR}"/${PN}-8.0_p1-hpn-${HPN_VER}-X509-glue.patch + fi + use sctp && eapply "${FILESDIR}"/${PN}-8.1_p1-hpn-${HPN_VER}-sctp-glue.patch + popd &>/dev/null || die + + eapply "${hpn_patchdir}" + + use X509 || eapply "${FILESDIR}/openssh-8.0_p1-hpn-version.patch" + + einfo "Patching Makefile.in for HPN patch set ..." + sed -i \ + -e "/^LIBS=/ s/\$/ -lpthread/" \ + "${S}"/Makefile.in || die "Failed to patch Makefile.in" + + einfo "Patching version.h to expose HPN patch set ..." + sed -i \ + -e "/^#define SSH_PORTABLE/a #define SSH_HPN \"-hpn${HPN_VER//./v}\"" \ + "${S}"/version.h || die "Failed to sed-in HPN patch version" + PATCHSET_VERSION_MACROS+=( 'SSH_HPN' ) + + if [[ -n "${HPN_DISABLE_MTAES}" ]] ; then + einfo "Disabling known non-working MT AES cipher per default ..." + + cat > "${T}"/disable_mtaes.conf <<- EOF + + # HPN's Multi-Threaded AES CTR cipher is currently known to be broken + # and therefore disabled per default. + DisableMTAES yes + EOF + sed -i \ + -e "/^#HPNDisabled.*/r ${T}/disable_mtaes.conf" \ + "${S}"/sshd_config || die "Failed to disabled MT AES ciphers in sshd_config" + + sed -i \ + -e "/AcceptEnv.*_XXX_TEST$/a \\\tDisableMTAES\t\tyes" \ + "${S}"/regress/test-exec.sh || die "Failed to disable MT AES ciphers in test config" + fi + fi + + if use X509 || use sctp || use hpn ; then + einfo "Patching sshconnect.c to use SSH_RELEASE in send_client_banner() ..." + sed -i \ + -e "s/PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION/PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_RELEASE/" \ + "${S}"/sshconnect.c || die "Failed to patch send_client_banner() to use SSH_RELEASE (sshconnect.c)" + + einfo "Patching sshd.c to use SSH_RELEASE in sshd_exchange_identification() ..." + sed -i \ + -e "s/PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION/PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_RELEASE/" \ + "${S}"/sshd.c || die "Failed to patch sshd_exchange_identification() to use SSH_RELEASE (sshd.c)" + + einfo "Patching version.h to add our patch sets to SSH_RELEASE ..." + sed -i \ + -e "s/^#define SSH_RELEASE.*/#define SSH_RELEASE SSH_VERSION SSH_PORTABLE ${PATCHSET_VERSION_MACROS[*]}/" \ + "${S}"/version.h || die "Failed to patch SSH_RELEASE (version.h)" + fi + + sed -i \ + -e "/#UseLogin no/d" \ + "${S}"/sshd_config || die "Failed to remove removed UseLogin option (sshd_config)" + + eapply_user #473004 + + tc-export PKG_CONFIG + local sed_args=( + -e "s:-lcrypto:$(${PKG_CONFIG} --libs openssl):" + # Disable PATH reset, trust what portage gives us #254615 + -e 's:^PATH=/:#PATH=/:' + # Disable fortify flags ... our gcc does this for us + -e 's:-D_FORTIFY_SOURCE=2::' + ) + + # The -ftrapv flag ICEs on hppa #505182 + use hppa && sed_args+=( + -e '/CFLAGS/s:-ftrapv:-fdisable-this-test:' + -e '/OSSH_CHECK_CFLAG_LINK.*-ftrapv/d' + ) + # _XOPEN_SOURCE causes header conflicts on Solaris + [[ ${CHOST} == *-solaris* ]] && sed_args+=( + -e 's/-D_XOPEN_SOURCE//' + ) + sed -i "${sed_args[@]}" configure{.ac,} || die + + eautoreconf +} + +src_configure() { + addwrite /dev/ptmx + + use debug && append-cppflags -DSANDBOX_SECCOMP_FILTER_DEBUG + use static && append-ldflags -static + use xmss && append-cflags -DWITH_XMSS + + local myconf=( + --with-ldflags="${LDFLAGS}" + --disable-strip + --with-pid-dir="${EPREFIX}"$(usex kernel_linux '' '/var')/run + --sysconfdir="${EPREFIX}"/etc/ssh + --libexecdir="${EPREFIX}"/usr/$(get_libdir)/misc + --datadir="${EPREFIX}"/usr/share/openssh + --with-privsep-path="${EPREFIX}"/var/empty + --with-privsep-user=sshd + $(use_with audit audit linux) + $(use_with kerberos kerberos5 "${EPREFIX}"/usr) + # We apply the sctp patch conditionally, so can't pass --without-sctp + # unconditionally else we get unknown flag warnings. + $(use sctp && use_with sctp) + $(use_with ldns ldns "${EPREFIX}"/usr) + $(use_with libedit) + $(use_with pam) + $(use_with pie) + $(use_with selinux) + $(use_with ssl openssl) + $(use_with ssl md5-passwords) + $(use_with ssl ssl-engine) + $(use_with !elibc_Cygwin hardening) #659210 + ) + + # stackprotect is broken on musl x86 and ppc + use elibc_musl && ( use x86 || use ppc ) && myconf+=( --without-stackprotect ) + + # The seccomp sandbox is broken on x32, so use the older method for now. #553748 + use amd64 && [[ ${ABI} == "x32" ]] && myconf+=( --with-sandbox=rlimit ) + + econf "${myconf[@]}" +} + +src_test() { + local t skipped=() failed=() passed=() + local tests=( interop-tests compat-tests ) + + local shell=$(egetshell "${UID}") + if [[ ${shell} == */nologin ]] || [[ ${shell} == */false ]] ; then + elog "Running the full OpenSSH testsuite requires a usable shell for the 'portage'" + elog "user, so we will run a subset only." + skipped+=( tests ) + else + tests+=( tests ) + fi + + # It will also attempt to write to the homedir .ssh. + local sshhome=${T}/homedir + mkdir -p "${sshhome}"/.ssh + for t in "${tests[@]}" ; do + # Some tests read from stdin ... + HOMEDIR="${sshhome}" HOME="${sshhome}" SUDO="" \ + emake -k -j1 ${t} > "${ED}"/etc/ssh/sshd_config + + # Allow client to pass locale environment variables. #367017 + AcceptEnv ${locale_vars[*]} + + # Allow client to pass COLORTERM to match TERM. #658540 + AcceptEnv COLORTERM + EOF + + # Then the client config. + cat <<-EOF >> "${ED}"/etc/ssh/ssh_config + + # Send locale environment variables. #367017 + SendEnv ${locale_vars[*]} + + # Send COLORTERM to match TERM. #658540 + SendEnv COLORTERM + EOF + + if use pam ; then + sed -i \ + -e "/^#UsePAM /s:.*:UsePAM yes:" \ + -e "/^#PasswordAuthentication /s:.*:PasswordAuthentication no:" \ + -e "/^#PrintMotd /s:.*:PrintMotd no:" \ + -e "/^#PrintLastLog /s:.*:PrintLastLog no:" \ + "${ED}"/etc/ssh/sshd_config || die + fi + + if use livecd ; then + sed -i \ + -e '/^#PermitRootLogin/c# Allow root login with password on livecds.\nPermitRootLogin Yes' \ + "${ED}"/etc/ssh/sshd_config || die + fi +} + +src_install() { + emake install-nokeys DESTDIR="${D}" + fperms 600 /etc/ssh/sshd_config + dobin contrib/ssh-copy-id + newinitd "${FILESDIR}"/sshd-r1.initd sshd + newconfd "${FILESDIR}"/sshd-r1.confd sshd + + if use pam; then + newpamd "${FILESDIR}"/sshd.pam_include.2 sshd + fi + + tweak_ssh_configs + + doman contrib/ssh-copy-id.1 + dodoc CREDITS OVERVIEW README* TODO sshd_config + use hpn && dodoc HPN-README + use X509 || dodoc ChangeLog + + diropts -m 0700 + dodir /etc/skel/.ssh + + keepdir /var/empty + + systemd_dounit "${FILESDIR}"/sshd.{service,socket} + systemd_newunit "${FILESDIR}"/sshd_at.service 'sshd@.service' +} + +pkg_postinst() { + if has_version "<${CATEGORY}/${PN}-5.8_p1" ; then + elog "Starting with openssh-5.8p1, the server will default to a newer key" + elog "algorithm (ECDSA). You are encouraged to manually update your stored" + elog "keys list as servers update theirs. See ssh-keyscan(1) for more info." + fi + if has_version "<${CATEGORY}/${PN}-7.0_p1" ; then + elog "Starting with openssh-6.7, support for USE=tcpd has been dropped by upstream." + elog "Make sure to update any configs that you might have. Note that xinetd might" + elog "be an alternative for you as it supports USE=tcpd." + fi + if has_version "<${CATEGORY}/${PN}-7.1_p1" ; then #557388 #555518 + elog "Starting with openssh-7.0, support for ssh-dss keys were disabled due to their" + elog "weak sizes. If you rely on these key types, you can re-enable the key types by" + elog "adding to your sshd_config or ~/.ssh/config files:" + elog " PubkeyAcceptedKeyTypes=+ssh-dss" + elog "You should however generate new keys using rsa or ed25519." + + elog "Starting with openssh-7.0, the default for PermitRootLogin changed from 'yes'" + elog "to 'prohibit-password'. That means password auth for root users no longer works" + elog "out of the box. If you need this, please update your sshd_config explicitly." + fi + if has_version "<${CATEGORY}/${PN}-7.6_p1" ; then + elog "Starting with openssh-7.6p1, openssh upstream has removed ssh1 support entirely." + elog "Furthermore, rsa keys with less than 1024 bits will be refused." + fi + if has_version "<${CATEGORY}/${PN}-7.7_p1" ; then + elog "Starting with openssh-7.7p1, we no longer patch openssh to provide LDAP functionality." + elog "Install sys-auth/ssh-ldap-pubkey and use OpenSSH's \"AuthorizedKeysCommand\" option" + elog "if you need to authenticate against LDAP." + elog "See https://wiki.gentoo.org/wiki/SSH/LDAP_migration for more details." + fi + if ! use ssl && has_version "${CATEGORY}/${PN}[ssl]" ; then + elog "Be aware that by disabling openssl support in openssh, the server and clients" + elog "no longer support dss/rsa/ecdsa keys. You will need to generate ed25519 keys" + elog "and update all clients/servers that utilize them." + fi + + if use hpn && [[ -n "${HPN_DISABLE_MTAES}" ]] ; then + elog "" + elog "HPN's multi-threaded AES CTR cipher is currently known to be broken" + elog "and therefore disabled at runtime per default." + elog "Make sure your sshd_config is up to date and contains" + elog "" + elog " DisableMTAES yes" + elog "" + elog "Otherwise you maybe unable to connect to this sshd using any AES CTR cipher." + elog "" + fi +} diff --git a/net-misc/openssh/openssh-8.2_p1-r7.ebuild b/net-misc/openssh/openssh-8.2_p1-r7.ebuild deleted file mode 100644 index b40fb15e5003..000000000000 --- a/net-misc/openssh/openssh-8.2_p1-r7.ebuild +++ /dev/null @@ -1,484 +0,0 @@ -# Copyright 1999-2021 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=7 - -inherit user-info flag-o-matic multilib autotools pam systemd toolchain-funcs - -# Make it more portable between straight releases -# and _p? releases. -PARCH=${P/_} -HPN_PV="8.1_P1" - -HPN_VER="14.20" -HPN_PATCHES=( - ${PN}-${HPN_PV/./_}-hpn-DynWinNoneSwitch-${HPN_VER}.diff - ${PN}-${HPN_PV/./_}-hpn-AES-CTR-${HPN_VER}.diff - ${PN}-${HPN_PV/./_}-hpn-PeakTput-${HPN_VER}.diff -) - -SCTP_VER="1.2" SCTP_PATCH="${PARCH}-sctp-${SCTP_VER}.patch.xz" -X509_VER="12.4.3" X509_PATCH="${PARCH}+x509-${X509_VER}.diff.gz" - -DESCRIPTION="Port of OpenBSD's free SSH release" -HOMEPAGE="https://www.openssh.com/" -SRC_URI="mirror://openbsd/OpenSSH/portable/${PARCH}.tar.gz - ${SCTP_PATCH:+sctp? ( https://dev.gentoo.org/~chutzpah/dist/openssh/${SCTP_PATCH} )} - ${HPN_VER:+hpn? ( $(printf "mirror://sourceforge/hpnssh/HPN-SSH%%20${HPN_VER/./v}%%20${HPN_PV/_P/p}/%s\n" "${HPN_PATCHES[@]}") )} - ${X509_PATCH:+X509? ( https://roumenpetrov.info/openssh/x509-${X509_VER}/${X509_PATCH} )} -" -S="${WORKDIR}/${PARCH}" - -LICENSE="BSD GPL-2" -SLOT="0" -KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" -# Probably want to drop ssl defaulting to on in a future version. -IUSE="abi_mips_n32 audit bindist debug hpn kerberos kernel_linux ldns libedit libressl livecd pam +pie sctp security-key selinux +ssl static test X X509 xmss" - -RESTRICT="!test? ( test )" - -REQUIRED_USE=" - ldns? ( ssl ) - pie? ( !static ) - static? ( !kerberos !pam ) - X509? ( !sctp !security-key ssl !xmss ) - xmss? ( || ( ssl libressl ) ) - test? ( ssl ) -" - -LIB_DEPEND=" - audit? ( sys-process/audit[static-libs(+)] ) - ldns? ( - net-libs/ldns[static-libs(+)] - !bindist? ( net-libs/ldns[ecdsa,ssl(+)] ) - bindist? ( net-libs/ldns[-ecdsa,ssl(+)] ) - ) - libedit? ( dev-libs/libedit:=[static-libs(+)] ) - sctp? ( net-misc/lksctp-tools[static-libs(+)] ) - security-key? ( dev-libs/libfido2:=[static-libs(+)] ) - selinux? ( >=sys-libs/libselinux-1.28[static-libs(+)] ) - ssl? ( - !libressl? ( - || ( - ( - >=dev-libs/openssl-1.0.1:0[bindist=] - =dev-libs/openssl-1.1.0g:0[bindist=] - ) - dev-libs/openssl:0=[static-libs(+)] - ) - libressl? ( dev-libs/libressl:0=[static-libs(+)] ) - ) - virtual/libcrypt:=[static-libs(+)] - >=sys-libs/zlib-1.2.3:=[static-libs(+)] -" -RDEPEND=" - acct-group/sshd - acct-user/sshd - !static? ( ${LIB_DEPEND//\[static-libs(+)]} ) - pam? ( sys-libs/pam ) - kerberos? ( virtual/krb5 ) -" -DEPEND="${RDEPEND} - virtual/os-headers - kernel_linux? ( >=sys-kernel/linux-headers-5.1 ) - static? ( ${LIB_DEPEND} ) -" -RDEPEND="${RDEPEND} - pam? ( >=sys-auth/pambase-20081028 ) - userland_GNU? ( !prefix? ( sys-apps/shadow ) ) - X? ( x11-apps/xauth ) -" -BDEPEND=" - virtual/pkgconfig - sys-devel/autoconf -" - -pkg_pretend() { - # this sucks, but i'd rather have people unable to `emerge -u openssh` - # than not be able to log in to their server any more - maybe_fail() { [[ -z ${!2} ]] && echo "$1" ; } - local fail=" - $(use hpn && maybe_fail hpn HPN_VER) - $(use sctp && maybe_fail sctp SCTP_PATCH) - $(use X509 && maybe_fail X509 X509_PATCH) - " - fail=$(echo ${fail}) - if [[ -n ${fail} ]] ; then - eerror "Sorry, but this version does not yet support features" - eerror "that you requested: ${fail}" - eerror "Please mask ${PF} for now and check back later:" - eerror " # echo '=${CATEGORY}/${PF}' >> /etc/portage/package.mask" - die "booooo" - fi - - # Make sure people who are using tcp wrappers are notified of its removal. #531156 - if grep -qs '^ *sshd *:' "${EROOT}"/etc/hosts.{allow,deny} ; then - ewarn "Sorry, but openssh no longer supports tcp-wrappers, and it seems like" - ewarn "you're trying to use it. Update your ${EROOT}/etc/hosts.{allow,deny} please." - fi -} - -src_prepare() { - sed -i \ - -e "/_PATH_XAUTH/s:/usr/X11R6/bin/xauth:${EPREFIX}/usr/bin/xauth:" \ - pathnames.h || die - - # don't break .ssh/authorized_keys2 for fun - sed -i '/^AuthorizedKeysFile/s:^:#:' sshd_config || die - - eapply "${FILESDIR}"/${PN}-7.9_p1-include-stdlib.patch - eapply "${FILESDIR}"/${PN}-8.2_p1-GSSAPI-dns.patch #165444 integrated into gsskex - eapply "${FILESDIR}"/${PN}-6.7_p1-openssl-ignore-status.patch - eapply "${FILESDIR}"/${PN}-7.5_p1-disable-conch-interop-tests.patch - eapply "${FILESDIR}"/${PN}-8.0_p1-fix-putty-tests.patch - eapply "${FILESDIR}"/${PN}-8.0_p1-deny-shmget-shmat-shmdt-in-preauth-privsep-child.patch - - [[ -d ${WORKDIR}/patches ]] && eapply "${WORKDIR}"/patches - - local PATCHSET_VERSION_MACROS=() - - if use X509 ; then - pushd "${WORKDIR}" &>/dev/null || die - eapply "${FILESDIR}/${P}-X509-glue-"${X509_VER}".patch" - popd &>/dev/null || die - - eapply "${WORKDIR}"/${X509_PATCH%.*} - eapply "${FILESDIR}"/${P}-X509-${X509_VER}-tests.patch - - # We need to patch package version or any X.509 sshd will reject our ssh client - # with "userauth_pubkey: could not parse key: string is too large [preauth]" - # error - einfo "Patching package version for X.509 patch set ..." - sed -i \ - -e "s/^AC_INIT(\[OpenSSH\], \[Portable\]/AC_INIT([OpenSSH], [${X509_VER}]/" \ - "${S}"/configure.ac || die "Failed to patch package version for X.509 patch" - - einfo "Patching version.h to expose X.509 patch set ..." - sed -i \ - -e "/^#define SSH_PORTABLE.*/a #define SSH_X509 \"-PKIXSSH-${X509_VER}\"" \ - "${S}"/version.h || die "Failed to sed-in X.509 patch version" - PATCHSET_VERSION_MACROS+=( 'SSH_X509' ) - fi - - if use sctp ; then - eapply "${WORKDIR}"/${SCTP_PATCH%.*} - - einfo "Patching version.h to expose SCTP patch set ..." - sed -i \ - -e "/^#define SSH_PORTABLE/a #define SSH_SCTP \"-sctp-${SCTP_VER}\"" \ - "${S}"/version.h || die "Failed to sed-in SCTP patch version" - PATCHSET_VERSION_MACROS+=( 'SSH_SCTP' ) - - einfo "Disabling know failing test (cfgparse) caused by SCTP patch ..." - sed -i \ - -e "/\t\tcfgparse \\\/d" \ - "${S}"/regress/Makefile || die "Failed to disable known failing test (cfgparse) caused by SCTP patch" - fi - - if use hpn ; then - local hpn_patchdir="${T}/${P}-hpn${HPN_VER}" - mkdir "${hpn_patchdir}" || die - cp $(printf -- "${DISTDIR}/%s\n" "${HPN_PATCHES[@]}") "${hpn_patchdir}" || die - pushd "${hpn_patchdir}" &>/dev/null || die - eapply "${FILESDIR}"/${P}-hpn-${HPN_VER}-glue.patch - eapply "${FILESDIR}"/${P}-hpn-${HPN_VER}-libressl.patch - if use X509; then - # einfo "Will disable MT AES cipher due to incompatbility caused by X509 patch set" - # # X509 and AES-CTR-MT don't get along, let's just drop it - # rm openssh-${HPN_PV//./_}-hpn-AES-CTR-${HPN_VER}.diff || die - eapply "${FILESDIR}"/${P}-hpn-${HPN_VER}-X509-glue.patch - fi - use sctp && eapply "${FILESDIR}"/${P}-hpn-${HPN_VER}-sctp-glue.patch - popd &>/dev/null || die - - eapply "${hpn_patchdir}" - - use X509 || eapply "${FILESDIR}/openssh-8.0_p1-hpn-version.patch" - - einfo "Patching Makefile.in for HPN patch set ..." - sed -i \ - -e "/^LIBS=/ s/\$/ -lpthread/" \ - "${S}"/Makefile.in || die "Failed to patch Makefile.in" - - einfo "Patching version.h to expose HPN patch set ..." - sed -i \ - -e "/^#define SSH_PORTABLE/a #define SSH_HPN \"-hpn${HPN_VER//./v}\"" \ - "${S}"/version.h || die "Failed to sed-in HPN patch version" - PATCHSET_VERSION_MACROS+=( 'SSH_HPN' ) - - if [[ -n "${HPN_DISABLE_MTAES}" ]] ; then - einfo "Disabling known non-working MT AES cipher per default ..." - - cat > "${T}"/disable_mtaes.conf <<- EOF - - # HPN's Multi-Threaded AES CTR cipher is currently known to be broken - # and therefore disabled per default. - DisableMTAES yes - EOF - sed -i \ - -e "/^#HPNDisabled.*/r ${T}/disable_mtaes.conf" \ - "${S}"/sshd_config || die "Failed to disabled MT AES ciphers in sshd_config" - - sed -i \ - -e "/AcceptEnv.*_XXX_TEST$/a \\\tDisableMTAES\t\tyes" \ - "${S}"/regress/test-exec.sh || die "Failed to disable MT AES ciphers in test config" - fi - fi - - if use X509 || use sctp || use hpn ; then - einfo "Patching sshconnect.c to use SSH_RELEASE in send_client_banner() ..." - sed -i \ - -e "s/PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION/PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_RELEASE/" \ - "${S}"/sshconnect.c || die "Failed to patch send_client_banner() to use SSH_RELEASE (sshconnect.c)" - - einfo "Patching sshd.c to use SSH_RELEASE in sshd_exchange_identification() ..." - sed -i \ - -e "s/PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION/PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_RELEASE/" \ - "${S}"/sshd.c || die "Failed to patch sshd_exchange_identification() to use SSH_RELEASE (sshd.c)" - - einfo "Patching version.h to add our patch sets to SSH_RELEASE ..." - sed -i \ - -e "s/^#define SSH_RELEASE.*/#define SSH_RELEASE SSH_VERSION SSH_PORTABLE ${PATCHSET_VERSION_MACROS[*]}/" \ - "${S}"/version.h || die "Failed to patch SSH_RELEASE (version.h)" - fi - - sed -i \ - -e "/#UseLogin no/d" \ - "${S}"/sshd_config || die "Failed to remove removed UseLogin option (sshd_config)" - - eapply_user #473004 - - tc-export PKG_CONFIG - local sed_args=( - -e "s:-lcrypto:$(${PKG_CONFIG} --libs openssl):" - # Disable PATH reset, trust what portage gives us #254615 - -e 's:^PATH=/:#PATH=/:' - # Disable fortify flags ... our gcc does this for us - -e 's:-D_FORTIFY_SOURCE=2::' - ) - - # The -ftrapv flag ICEs on hppa #505182 - use hppa && sed_args+=( - -e '/CFLAGS/s:-ftrapv:-fdisable-this-test:' - -e '/OSSH_CHECK_CFLAG_LINK.*-ftrapv/d' - ) - # _XOPEN_SOURCE causes header conflicts on Solaris - [[ ${CHOST} == *-solaris* ]] && sed_args+=( - -e 's/-D_XOPEN_SOURCE//' - ) - sed -i "${sed_args[@]}" configure{.ac,} || die - - eautoreconf -} - -src_configure() { - addwrite /dev/ptmx - - use debug && append-cppflags -DSANDBOX_SECCOMP_FILTER_DEBUG - use static && append-ldflags -static - use xmss && append-cflags -DWITH_XMSS - - local myconf=( - --with-ldflags="${LDFLAGS}" - --disable-strip - --with-pid-dir="${EPREFIX}"$(usex kernel_linux '' '/var')/run - --sysconfdir="${EPREFIX}"/etc/ssh - --libexecdir="${EPREFIX}"/usr/$(get_libdir)/misc - --datadir="${EPREFIX}"/usr/share/openssh - --with-privsep-path="${EPREFIX}"/var/empty - --with-privsep-user=sshd - $(use_with audit audit linux) - $(use_with kerberos kerberos5 "${EPREFIX}"/usr) - # We apply the sctp patch conditionally, so can't pass --without-sctp - # unconditionally else we get unknown flag warnings. - $(use sctp && use_with sctp) - $(use_with ldns ldns "${EPREFIX}"/usr) - $(use_with libedit) - $(use_with pam) - $(use_with pie) - $(use_with selinux) - $(use_with security-key security-key-builtin) - $(use_with ssl openssl) - $(use_with ssl md5-passwords) - $(use_with ssl ssl-engine) - $(use_with !elibc_Cygwin hardening) #659210 - ) - - # stackprotect is broken on musl x86 and ppc - use elibc_musl && ( use x86 || use ppc ) && myconf+=( --without-stackprotect ) - - # The seccomp sandbox is broken on x32, so use the older method for now. #553748 - use amd64 && [[ ${ABI} == "x32" ]] && myconf+=( --with-sandbox=rlimit ) - - econf "${myconf[@]}" -} - -src_test() { - local t skipped=() failed=() passed=() - local tests=( interop-tests compat-tests ) - - local shell=$(egetshell "${UID}") - if [[ ${shell} == */nologin ]] || [[ ${shell} == */false ]] ; then - elog "Running the full OpenSSH testsuite requires a usable shell for the 'portage'" - elog "user, so we will run a subset only." - skipped+=( tests ) - else - tests+=( tests ) - fi - - # It will also attempt to write to the homedir .ssh. - local sshhome=${T}/homedir - mkdir -p "${sshhome}"/.ssh - for t in "${tests[@]}" ; do - # Some tests read from stdin ... - HOMEDIR="${sshhome}" HOME="${sshhome}" SUDO="" \ - emake -k -j1 ${t} > "${ED}"/etc/ssh/sshd_config - - # Allow client to pass locale environment variables. #367017 - AcceptEnv ${locale_vars[*]} - - # Allow client to pass COLORTERM to match TERM. #658540 - AcceptEnv COLORTERM - EOF - - # Then the client config. - cat <<-EOF >> "${ED}"/etc/ssh/ssh_config - - # Send locale environment variables. #367017 - SendEnv ${locale_vars[*]} - - # Send COLORTERM to match TERM. #658540 - SendEnv COLORTERM - EOF - - if use pam ; then - sed -i \ - -e "/^#UsePAM /s:.*:UsePAM yes:" \ - -e "/^#PasswordAuthentication /s:.*:PasswordAuthentication no:" \ - -e "/^#PrintMotd /s:.*:PrintMotd no:" \ - -e "/^#PrintLastLog /s:.*:PrintLastLog no:" \ - "${ED}"/etc/ssh/sshd_config || die - fi - - if use livecd ; then - sed -i \ - -e '/^#PermitRootLogin/c# Allow root login with password on livecds.\nPermitRootLogin Yes' \ - "${ED}"/etc/ssh/sshd_config || die - fi -} - -src_install() { - emake install-nokeys DESTDIR="${D}" - fperms 600 /etc/ssh/sshd_config - dobin contrib/ssh-copy-id - newinitd "${FILESDIR}"/sshd-r1.initd sshd - newconfd "${FILESDIR}"/sshd-r1.confd sshd - - newpamd "${FILESDIR}"/sshd.pam_include.2 sshd - - tweak_ssh_configs - - doman contrib/ssh-copy-id.1 - dodoc CREDITS OVERVIEW README* TODO sshd_config - use hpn && dodoc HPN-README - use X509 || dodoc ChangeLog - - diropts -m 0700 - dodir /etc/skel/.ssh - - keepdir /var/empty - - systemd_dounit "${FILESDIR}"/sshd.{service,socket} - systemd_newunit "${FILESDIR}"/sshd_at.service 'sshd@.service' -} - -pkg_preinst() { - if ! use ssl && has_version "${CATEGORY}/${PN}[ssl]"; then - show_ssl_warning=1 - fi -} - -pkg_postinst() { - local old_ver - for old_ver in ${REPLACING_VERSIONS}; do - if ver_test "${old_ver}" -lt "5.8_p1"; then - elog "Starting with openssh-5.8p1, the server will default to a newer key" - elog "algorithm (ECDSA). You are encouraged to manually update your stored" - elog "keys list as servers update theirs. See ssh-keyscan(1) for more info." - fi - if ver_test "${old_ver}" -lt "7.0_p1"; then - elog "Starting with openssh-6.7, support for USE=tcpd has been dropped by upstream." - elog "Make sure to update any configs that you might have. Note that xinetd might" - elog "be an alternative for you as it supports USE=tcpd." - fi - if ver_test "${old_ver}" -lt "7.1_p1"; then #557388 #555518 - elog "Starting with openssh-7.0, support for ssh-dss keys were disabled due to their" - elog "weak sizes. If you rely on these key types, you can re-enable the key types by" - elog "adding to your sshd_config or ~/.ssh/config files:" - elog " PubkeyAcceptedKeyTypes=+ssh-dss" - elog "You should however generate new keys using rsa or ed25519." - - elog "Starting with openssh-7.0, the default for PermitRootLogin changed from 'yes'" - elog "to 'prohibit-password'. That means password auth for root users no longer works" - elog "out of the box. If you need this, please update your sshd_config explicitly." - fi - if ver_test "${old_ver}" -lt "7.6_p1"; then - elog "Starting with openssh-7.6p1, openssh upstream has removed ssh1 support entirely." - elog "Furthermore, rsa keys with less than 1024 bits will be refused." - fi - if ver_test "${old_ver}" -lt "7.7_p1"; then - elog "Starting with openssh-7.7p1, we no longer patch openssh to provide LDAP functionality." - elog "Install sys-auth/ssh-ldap-pubkey and use OpenSSH's \"AuthorizedKeysCommand\" option" - elog "if you need to authenticate against LDAP." - elog "See https://wiki.gentoo.org/wiki/SSH/LDAP_migration for more details." - fi - if ver_test "${old_ver}" -lt "8.2_p1"; then - ewarn "After upgrading to openssh-8.2p1 please restart sshd, otherwise you" - ewarn "will not be able to establish new sessions. Restarting sshd over a ssh" - ewarn "connection is generally safe." - fi - done - - if [[ -n ${show_ssl_warning} ]]; then - elog "Be aware that by disabling openssl support in openssh, the server and clients" - elog "no longer support dss/rsa/ecdsa keys. You will need to generate ed25519 keys" - elog "and update all clients/servers that utilize them." - fi - - if use hpn && [[ -n "${HPN_DISABLE_MTAES}" ]] ; then - elog "" - elog "HPN's multi-threaded AES CTR cipher is currently known to be broken" - elog "and therefore disabled at runtime per default." - elog "Make sure your sshd_config is up to date and contains" - elog "" - elog " DisableMTAES yes" - elog "" - elog "Otherwise you maybe unable to connect to this sshd using any AES CTR cipher." - elog "" - fi -} diff --git a/net-misc/openssh/openssh-8.2_p1-r8.ebuild b/net-misc/openssh/openssh-8.2_p1-r8.ebuild new file mode 100644 index 000000000000..595226626d73 --- /dev/null +++ b/net-misc/openssh/openssh-8.2_p1-r8.ebuild @@ -0,0 +1,486 @@ +# Copyright 1999-2021 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +inherit user-info flag-o-matic multilib autotools pam systemd toolchain-funcs + +# Make it more portable between straight releases +# and _p? releases. +PARCH=${P/_} +HPN_PV="8.1_P1" + +HPN_VER="14.20" +HPN_PATCHES=( + ${PN}-${HPN_PV/./_}-hpn-DynWinNoneSwitch-${HPN_VER}.diff + ${PN}-${HPN_PV/./_}-hpn-AES-CTR-${HPN_VER}.diff + ${PN}-${HPN_PV/./_}-hpn-PeakTput-${HPN_VER}.diff +) + +SCTP_VER="1.2" SCTP_PATCH="${PARCH}-sctp-${SCTP_VER}.patch.xz" +X509_VER="12.4.3" X509_PATCH="${PARCH}+x509-${X509_VER}.diff.gz" + +DESCRIPTION="Port of OpenBSD's free SSH release" +HOMEPAGE="https://www.openssh.com/" +SRC_URI="mirror://openbsd/OpenSSH/portable/${PARCH}.tar.gz + ${SCTP_PATCH:+sctp? ( https://dev.gentoo.org/~chutzpah/dist/openssh/${SCTP_PATCH} )} + ${HPN_VER:+hpn? ( $(printf "mirror://sourceforge/hpnssh/HPN-SSH%%20${HPN_VER/./v}%%20${HPN_PV/_P/p}/%s\n" "${HPN_PATCHES[@]}") )} + ${X509_PATCH:+X509? ( https://roumenpetrov.info/openssh/x509-${X509_VER}/${X509_PATCH} )} +" +S="${WORKDIR}/${PARCH}" + +LICENSE="BSD GPL-2" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" +# Probably want to drop ssl defaulting to on in a future version. +IUSE="abi_mips_n32 audit bindist debug hpn kerberos kernel_linux ldns libedit libressl livecd pam +pie sctp security-key selinux +ssl static test X X509 xmss" + +RESTRICT="!test? ( test )" + +REQUIRED_USE=" + ldns? ( ssl ) + pie? ( !static ) + static? ( !kerberos !pam ) + X509? ( !sctp !security-key ssl !xmss ) + xmss? ( || ( ssl libressl ) ) + test? ( ssl ) +" + +LIB_DEPEND=" + audit? ( sys-process/audit[static-libs(+)] ) + ldns? ( + net-libs/ldns[static-libs(+)] + !bindist? ( net-libs/ldns[ecdsa,ssl(+)] ) + bindist? ( net-libs/ldns[-ecdsa,ssl(+)] ) + ) + libedit? ( dev-libs/libedit:=[static-libs(+)] ) + sctp? ( net-misc/lksctp-tools[static-libs(+)] ) + security-key? ( dev-libs/libfido2:=[static-libs(+)] ) + selinux? ( >=sys-libs/libselinux-1.28[static-libs(+)] ) + ssl? ( + !libressl? ( + || ( + ( + >=dev-libs/openssl-1.0.1:0[bindist=] + =dev-libs/openssl-1.1.0g:0[bindist=] + ) + dev-libs/openssl:0=[static-libs(+)] + ) + libressl? ( dev-libs/libressl:0=[static-libs(+)] ) + ) + virtual/libcrypt:=[static-libs(+)] + >=sys-libs/zlib-1.2.3:=[static-libs(+)] +" +RDEPEND=" + acct-group/sshd + acct-user/sshd + !static? ( ${LIB_DEPEND//\[static-libs(+)]} ) + pam? ( sys-libs/pam ) + kerberos? ( virtual/krb5 ) +" +DEPEND="${RDEPEND} + virtual/os-headers + kernel_linux? ( >=sys-kernel/linux-headers-5.1 ) + static? ( ${LIB_DEPEND} ) +" +RDEPEND="${RDEPEND} + pam? ( >=sys-auth/pambase-20081028 ) + userland_GNU? ( !prefix? ( sys-apps/shadow ) ) + X? ( x11-apps/xauth ) +" +BDEPEND=" + virtual/pkgconfig + sys-devel/autoconf +" + +pkg_pretend() { + # this sucks, but i'd rather have people unable to `emerge -u openssh` + # than not be able to log in to their server any more + maybe_fail() { [[ -z ${!2} ]] && echo "$1" ; } + local fail=" + $(use hpn && maybe_fail hpn HPN_VER) + $(use sctp && maybe_fail sctp SCTP_PATCH) + $(use X509 && maybe_fail X509 X509_PATCH) + " + fail=$(echo ${fail}) + if [[ -n ${fail} ]] ; then + eerror "Sorry, but this version does not yet support features" + eerror "that you requested: ${fail}" + eerror "Please mask ${PF} for now and check back later:" + eerror " # echo '=${CATEGORY}/${PF}' >> /etc/portage/package.mask" + die "booooo" + fi + + # Make sure people who are using tcp wrappers are notified of its removal. #531156 + if grep -qs '^ *sshd *:' "${EROOT}"/etc/hosts.{allow,deny} ; then + ewarn "Sorry, but openssh no longer supports tcp-wrappers, and it seems like" + ewarn "you're trying to use it. Update your ${EROOT}/etc/hosts.{allow,deny} please." + fi +} + +src_prepare() { + sed -i \ + -e "/_PATH_XAUTH/s:/usr/X11R6/bin/xauth:${EPREFIX}/usr/bin/xauth:" \ + pathnames.h || die + + # don't break .ssh/authorized_keys2 for fun + sed -i '/^AuthorizedKeysFile/s:^:#:' sshd_config || die + + eapply "${FILESDIR}"/${PN}-7.9_p1-include-stdlib.patch + eapply "${FILESDIR}"/${PN}-8.2_p1-GSSAPI-dns.patch #165444 integrated into gsskex + eapply "${FILESDIR}"/${PN}-6.7_p1-openssl-ignore-status.patch + eapply "${FILESDIR}"/${PN}-7.5_p1-disable-conch-interop-tests.patch + eapply "${FILESDIR}"/${PN}-8.0_p1-fix-putty-tests.patch + eapply "${FILESDIR}"/${PN}-8.0_p1-deny-shmget-shmat-shmdt-in-preauth-privsep-child.patch + + [[ -d ${WORKDIR}/patches ]] && eapply "${WORKDIR}"/patches + + local PATCHSET_VERSION_MACROS=() + + if use X509 ; then + pushd "${WORKDIR}" &>/dev/null || die + eapply "${FILESDIR}/${P}-X509-glue-"${X509_VER}".patch" + popd &>/dev/null || die + + eapply "${WORKDIR}"/${X509_PATCH%.*} + eapply "${FILESDIR}"/${P}-X509-${X509_VER}-tests.patch + + # We need to patch package version or any X.509 sshd will reject our ssh client + # with "userauth_pubkey: could not parse key: string is too large [preauth]" + # error + einfo "Patching package version for X.509 patch set ..." + sed -i \ + -e "s/^AC_INIT(\[OpenSSH\], \[Portable\]/AC_INIT([OpenSSH], [${X509_VER}]/" \ + "${S}"/configure.ac || die "Failed to patch package version for X.509 patch" + + einfo "Patching version.h to expose X.509 patch set ..." + sed -i \ + -e "/^#define SSH_PORTABLE.*/a #define SSH_X509 \"-PKIXSSH-${X509_VER}\"" \ + "${S}"/version.h || die "Failed to sed-in X.509 patch version" + PATCHSET_VERSION_MACROS+=( 'SSH_X509' ) + fi + + if use sctp ; then + eapply "${WORKDIR}"/${SCTP_PATCH%.*} + + einfo "Patching version.h to expose SCTP patch set ..." + sed -i \ + -e "/^#define SSH_PORTABLE/a #define SSH_SCTP \"-sctp-${SCTP_VER}\"" \ + "${S}"/version.h || die "Failed to sed-in SCTP patch version" + PATCHSET_VERSION_MACROS+=( 'SSH_SCTP' ) + + einfo "Disabling know failing test (cfgparse) caused by SCTP patch ..." + sed -i \ + -e "/\t\tcfgparse \\\/d" \ + "${S}"/regress/Makefile || die "Failed to disable known failing test (cfgparse) caused by SCTP patch" + fi + + if use hpn ; then + local hpn_patchdir="${T}/${P}-hpn${HPN_VER}" + mkdir "${hpn_patchdir}" || die + cp $(printf -- "${DISTDIR}/%s\n" "${HPN_PATCHES[@]}") "${hpn_patchdir}" || die + pushd "${hpn_patchdir}" &>/dev/null || die + eapply "${FILESDIR}"/${P}-hpn-${HPN_VER}-glue.patch + eapply "${FILESDIR}"/${P}-hpn-${HPN_VER}-libressl.patch + if use X509; then + # einfo "Will disable MT AES cipher due to incompatbility caused by X509 patch set" + # # X509 and AES-CTR-MT don't get along, let's just drop it + # rm openssh-${HPN_PV//./_}-hpn-AES-CTR-${HPN_VER}.diff || die + eapply "${FILESDIR}"/${P}-hpn-${HPN_VER}-X509-glue.patch + fi + use sctp && eapply "${FILESDIR}"/${P}-hpn-${HPN_VER}-sctp-glue.patch + popd &>/dev/null || die + + eapply "${hpn_patchdir}" + + use X509 || eapply "${FILESDIR}/openssh-8.0_p1-hpn-version.patch" + + einfo "Patching Makefile.in for HPN patch set ..." + sed -i \ + -e "/^LIBS=/ s/\$/ -lpthread/" \ + "${S}"/Makefile.in || die "Failed to patch Makefile.in" + + einfo "Patching version.h to expose HPN patch set ..." + sed -i \ + -e "/^#define SSH_PORTABLE/a #define SSH_HPN \"-hpn${HPN_VER//./v}\"" \ + "${S}"/version.h || die "Failed to sed-in HPN patch version" + PATCHSET_VERSION_MACROS+=( 'SSH_HPN' ) + + if [[ -n "${HPN_DISABLE_MTAES}" ]] ; then + einfo "Disabling known non-working MT AES cipher per default ..." + + cat > "${T}"/disable_mtaes.conf <<- EOF + + # HPN's Multi-Threaded AES CTR cipher is currently known to be broken + # and therefore disabled per default. + DisableMTAES yes + EOF + sed -i \ + -e "/^#HPNDisabled.*/r ${T}/disable_mtaes.conf" \ + "${S}"/sshd_config || die "Failed to disabled MT AES ciphers in sshd_config" + + sed -i \ + -e "/AcceptEnv.*_XXX_TEST$/a \\\tDisableMTAES\t\tyes" \ + "${S}"/regress/test-exec.sh || die "Failed to disable MT AES ciphers in test config" + fi + fi + + if use X509 || use sctp || use hpn ; then + einfo "Patching sshconnect.c to use SSH_RELEASE in send_client_banner() ..." + sed -i \ + -e "s/PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION/PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_RELEASE/" \ + "${S}"/sshconnect.c || die "Failed to patch send_client_banner() to use SSH_RELEASE (sshconnect.c)" + + einfo "Patching sshd.c to use SSH_RELEASE in sshd_exchange_identification() ..." + sed -i \ + -e "s/PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION/PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_RELEASE/" \ + "${S}"/sshd.c || die "Failed to patch sshd_exchange_identification() to use SSH_RELEASE (sshd.c)" + + einfo "Patching version.h to add our patch sets to SSH_RELEASE ..." + sed -i \ + -e "s/^#define SSH_RELEASE.*/#define SSH_RELEASE SSH_VERSION SSH_PORTABLE ${PATCHSET_VERSION_MACROS[*]}/" \ + "${S}"/version.h || die "Failed to patch SSH_RELEASE (version.h)" + fi + + sed -i \ + -e "/#UseLogin no/d" \ + "${S}"/sshd_config || die "Failed to remove removed UseLogin option (sshd_config)" + + eapply_user #473004 + + tc-export PKG_CONFIG + local sed_args=( + -e "s:-lcrypto:$(${PKG_CONFIG} --libs openssl):" + # Disable PATH reset, trust what portage gives us #254615 + -e 's:^PATH=/:#PATH=/:' + # Disable fortify flags ... our gcc does this for us + -e 's:-D_FORTIFY_SOURCE=2::' + ) + + # The -ftrapv flag ICEs on hppa #505182 + use hppa && sed_args+=( + -e '/CFLAGS/s:-ftrapv:-fdisable-this-test:' + -e '/OSSH_CHECK_CFLAG_LINK.*-ftrapv/d' + ) + # _XOPEN_SOURCE causes header conflicts on Solaris + [[ ${CHOST} == *-solaris* ]] && sed_args+=( + -e 's/-D_XOPEN_SOURCE//' + ) + sed -i "${sed_args[@]}" configure{.ac,} || die + + eautoreconf +} + +src_configure() { + addwrite /dev/ptmx + + use debug && append-cppflags -DSANDBOX_SECCOMP_FILTER_DEBUG + use static && append-ldflags -static + use xmss && append-cflags -DWITH_XMSS + + local myconf=( + --with-ldflags="${LDFLAGS}" + --disable-strip + --with-pid-dir="${EPREFIX}"$(usex kernel_linux '' '/var')/run + --sysconfdir="${EPREFIX}"/etc/ssh + --libexecdir="${EPREFIX}"/usr/$(get_libdir)/misc + --datadir="${EPREFIX}"/usr/share/openssh + --with-privsep-path="${EPREFIX}"/var/empty + --with-privsep-user=sshd + $(use_with audit audit linux) + $(use_with kerberos kerberos5 "${EPREFIX}"/usr) + # We apply the sctp patch conditionally, so can't pass --without-sctp + # unconditionally else we get unknown flag warnings. + $(use sctp && use_with sctp) + $(use_with ldns ldns "${EPREFIX}"/usr) + $(use_with libedit) + $(use_with pam) + $(use_with pie) + $(use_with selinux) + $(use_with security-key security-key-builtin) + $(use_with ssl openssl) + $(use_with ssl md5-passwords) + $(use_with ssl ssl-engine) + $(use_with !elibc_Cygwin hardening) #659210 + ) + + # stackprotect is broken on musl x86 and ppc + use elibc_musl && ( use x86 || use ppc ) && myconf+=( --without-stackprotect ) + + # The seccomp sandbox is broken on x32, so use the older method for now. #553748 + use amd64 && [[ ${ABI} == "x32" ]] && myconf+=( --with-sandbox=rlimit ) + + econf "${myconf[@]}" +} + +src_test() { + local t skipped=() failed=() passed=() + local tests=( interop-tests compat-tests ) + + local shell=$(egetshell "${UID}") + if [[ ${shell} == */nologin ]] || [[ ${shell} == */false ]] ; then + elog "Running the full OpenSSH testsuite requires a usable shell for the 'portage'" + elog "user, so we will run a subset only." + skipped+=( tests ) + else + tests+=( tests ) + fi + + # It will also attempt to write to the homedir .ssh. + local sshhome=${T}/homedir + mkdir -p "${sshhome}"/.ssh + for t in "${tests[@]}" ; do + # Some tests read from stdin ... + HOMEDIR="${sshhome}" HOME="${sshhome}" SUDO="" \ + emake -k -j1 ${t} > "${ED}"/etc/ssh/sshd_config + + # Allow client to pass locale environment variables. #367017 + AcceptEnv ${locale_vars[*]} + + # Allow client to pass COLORTERM to match TERM. #658540 + AcceptEnv COLORTERM + EOF + + # Then the client config. + cat <<-EOF >> "${ED}"/etc/ssh/ssh_config + + # Send locale environment variables. #367017 + SendEnv ${locale_vars[*]} + + # Send COLORTERM to match TERM. #658540 + SendEnv COLORTERM + EOF + + if use pam ; then + sed -i \ + -e "/^#UsePAM /s:.*:UsePAM yes:" \ + -e "/^#PasswordAuthentication /s:.*:PasswordAuthentication no:" \ + -e "/^#PrintMotd /s:.*:PrintMotd no:" \ + -e "/^#PrintLastLog /s:.*:PrintLastLog no:" \ + "${ED}"/etc/ssh/sshd_config || die + fi + + if use livecd ; then + sed -i \ + -e '/^#PermitRootLogin/c# Allow root login with password on livecds.\nPermitRootLogin Yes' \ + "${ED}"/etc/ssh/sshd_config || die + fi +} + +src_install() { + emake install-nokeys DESTDIR="${D}" + fperms 600 /etc/ssh/sshd_config + dobin contrib/ssh-copy-id + newinitd "${FILESDIR}"/sshd-r1.initd sshd + newconfd "${FILESDIR}"/sshd-r1.confd sshd + + if use pam; then + newpamd "${FILESDIR}"/sshd.pam_include.2 sshd + fi + + tweak_ssh_configs + + doman contrib/ssh-copy-id.1 + dodoc CREDITS OVERVIEW README* TODO sshd_config + use hpn && dodoc HPN-README + use X509 || dodoc ChangeLog + + diropts -m 0700 + dodir /etc/skel/.ssh + + keepdir /var/empty + + systemd_dounit "${FILESDIR}"/sshd.{service,socket} + systemd_newunit "${FILESDIR}"/sshd_at.service 'sshd@.service' +} + +pkg_preinst() { + if ! use ssl && has_version "${CATEGORY}/${PN}[ssl]"; then + show_ssl_warning=1 + fi +} + +pkg_postinst() { + local old_ver + for old_ver in ${REPLACING_VERSIONS}; do + if ver_test "${old_ver}" -lt "5.8_p1"; then + elog "Starting with openssh-5.8p1, the server will default to a newer key" + elog "algorithm (ECDSA). You are encouraged to manually update your stored" + elog "keys list as servers update theirs. See ssh-keyscan(1) for more info." + fi + if ver_test "${old_ver}" -lt "7.0_p1"; then + elog "Starting with openssh-6.7, support for USE=tcpd has been dropped by upstream." + elog "Make sure to update any configs that you might have. Note that xinetd might" + elog "be an alternative for you as it supports USE=tcpd." + fi + if ver_test "${old_ver}" -lt "7.1_p1"; then #557388 #555518 + elog "Starting with openssh-7.0, support for ssh-dss keys were disabled due to their" + elog "weak sizes. If you rely on these key types, you can re-enable the key types by" + elog "adding to your sshd_config or ~/.ssh/config files:" + elog " PubkeyAcceptedKeyTypes=+ssh-dss" + elog "You should however generate new keys using rsa or ed25519." + + elog "Starting with openssh-7.0, the default for PermitRootLogin changed from 'yes'" + elog "to 'prohibit-password'. That means password auth for root users no longer works" + elog "out of the box. If you need this, please update your sshd_config explicitly." + fi + if ver_test "${old_ver}" -lt "7.6_p1"; then + elog "Starting with openssh-7.6p1, openssh upstream has removed ssh1 support entirely." + elog "Furthermore, rsa keys with less than 1024 bits will be refused." + fi + if ver_test "${old_ver}" -lt "7.7_p1"; then + elog "Starting with openssh-7.7p1, we no longer patch openssh to provide LDAP functionality." + elog "Install sys-auth/ssh-ldap-pubkey and use OpenSSH's \"AuthorizedKeysCommand\" option" + elog "if you need to authenticate against LDAP." + elog "See https://wiki.gentoo.org/wiki/SSH/LDAP_migration for more details." + fi + if ver_test "${old_ver}" -lt "8.2_p1"; then + ewarn "After upgrading to openssh-8.2p1 please restart sshd, otherwise you" + ewarn "will not be able to establish new sessions. Restarting sshd over a ssh" + ewarn "connection is generally safe." + fi + done + + if [[ -n ${show_ssl_warning} ]]; then + elog "Be aware that by disabling openssl support in openssh, the server and clients" + elog "no longer support dss/rsa/ecdsa keys. You will need to generate ed25519 keys" + elog "and update all clients/servers that utilize them." + fi + + if use hpn && [[ -n "${HPN_DISABLE_MTAES}" ]] ; then + elog "" + elog "HPN's multi-threaded AES CTR cipher is currently known to be broken" + elog "and therefore disabled at runtime per default." + elog "Make sure your sshd_config is up to date and contains" + elog "" + elog " DisableMTAES yes" + elog "" + elog "Otherwise you maybe unable to connect to this sshd using any AES CTR cipher." + elog "" + fi +} diff --git a/net-misc/openssh/openssh-8.3_p1-r5.ebuild b/net-misc/openssh/openssh-8.3_p1-r5.ebuild deleted file mode 100644 index 20705683e44f..000000000000 --- a/net-misc/openssh/openssh-8.3_p1-r5.ebuild +++ /dev/null @@ -1,509 +0,0 @@ -# Copyright 1999-2021 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=7 - -inherit user-info flag-o-matic multilib autotools pam systemd toolchain-funcs - -# Make it more portable between straight releases -# and _p? releases. -PARCH=${P/_} - -# PV to USE for HPN patches -#HPN_PV="${PV^^}" -HPN_PV="8.1_P1" - -HPN_VER="14.20" -HPN_PATCHES=( - ${PN}-${HPN_PV/./_}-hpn-DynWinNoneSwitch-${HPN_VER}.diff - ${PN}-${HPN_PV/./_}-hpn-AES-CTR-${HPN_VER}.diff - ${PN}-${HPN_PV/./_}-hpn-PeakTput-${HPN_VER}.diff -) - -SCTP_VER="1.2" SCTP_PATCH="${PARCH}-sctp-${SCTP_VER}.patch.xz" -X509_VER="12.5.1" X509_PATCH="${PARCH}+x509-${X509_VER}.diff.gz" - -DESCRIPTION="Port of OpenBSD's free SSH release" -HOMEPAGE="https://www.openssh.com/" -SRC_URI="mirror://openbsd/OpenSSH/portable/${PARCH}.tar.gz - ${SCTP_PATCH:+sctp? ( https://dev.gentoo.org/~chutzpah/dist/openssh/${SCTP_PATCH} )} - ${HPN_VER:+hpn? ( $(printf "mirror://sourceforge/hpnssh/HPN-SSH%%20${HPN_VER/./v}%%20${HPN_PV/_P/p}/%s\n" "${HPN_PATCHES[@]}") )} - ${X509_PATCH:+X509? ( https://roumenpetrov.info/openssh/x509-${X509_VER}/${X509_PATCH} )} -" -S="${WORKDIR}/${PARCH}" - -LICENSE="BSD GPL-2" -SLOT="0" -KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" -# Probably want to drop ssl defaulting to on in a future version. -IUSE="abi_mips_n32 audit bindist debug hpn kerberos kernel_linux ldns libedit libressl livecd pam +pie +scp sctp security-key selinux +ssl static test X X509 xmss" - -RESTRICT="!test? ( test )" - -REQUIRED_USE=" - ldns? ( ssl ) - pie? ( !static ) - static? ( !kerberos !pam ) - X509? ( !sctp !security-key ssl !xmss ) - xmss? ( || ( ssl libressl ) ) - test? ( ssl ) -" - -LIB_DEPEND=" - audit? ( sys-process/audit[static-libs(+)] ) - ldns? ( - net-libs/ldns[static-libs(+)] - !bindist? ( net-libs/ldns[ecdsa,ssl(+)] ) - bindist? ( net-libs/ldns[-ecdsa,ssl(+)] ) - ) - libedit? ( dev-libs/libedit:=[static-libs(+)] ) - sctp? ( net-misc/lksctp-tools[static-libs(+)] ) - security-key? ( >=dev-libs/libfido2-1.4.0:=[static-libs(+)] ) - selinux? ( >=sys-libs/libselinux-1.28[static-libs(+)] ) - ssl? ( - !libressl? ( - || ( - ( - >=dev-libs/openssl-1.0.1:0[bindist=] - =dev-libs/openssl-1.1.0g:0[bindist=] - ) - dev-libs/openssl:0=[static-libs(+)] - ) - libressl? ( dev-libs/libressl:0=[static-libs(+)] ) - ) - virtual/libcrypt:=[static-libs(+)] - >=sys-libs/zlib-1.2.3:=[static-libs(+)] -" -RDEPEND=" - acct-group/sshd - acct-user/sshd - !static? ( ${LIB_DEPEND//\[static-libs(+)]} ) - pam? ( sys-libs/pam ) - kerberos? ( virtual/krb5 ) -" -DEPEND="${RDEPEND} - virtual/os-headers - kernel_linux? ( >=sys-kernel/linux-headers-5.1 ) - static? ( ${LIB_DEPEND} ) -" -RDEPEND="${RDEPEND} - pam? ( >=sys-auth/pambase-20081028 ) - userland_GNU? ( !prefix? ( sys-apps/shadow ) ) - X? ( x11-apps/xauth ) -" -BDEPEND=" - virtual/pkgconfig - sys-devel/autoconf -" - -pkg_pretend() { - # this sucks, but i'd rather have people unable to `emerge -u openssh` - # than not be able to log in to their server any more - maybe_fail() { [[ -z ${!2} ]] && echo "$1" ; } - local fail=" - $(use hpn && maybe_fail hpn HPN_VER) - $(use sctp && maybe_fail sctp SCTP_PATCH) - $(use X509 && maybe_fail X509 X509_PATCH) - " - fail=$(echo ${fail}) - if [[ -n ${fail} ]] ; then - eerror "Sorry, but this version does not yet support features" - eerror "that you requested: ${fail}" - eerror "Please mask ${PF} for now and check back later:" - eerror " # echo '=${CATEGORY}/${PF}' >> /etc/portage/package.mask" - die "booooo" - fi - - # Make sure people who are using tcp wrappers are notified of its removal. #531156 - if grep -qs '^ *sshd *:' "${EROOT}"/etc/hosts.{allow,deny} ; then - ewarn "Sorry, but openssh no longer supports tcp-wrappers, and it seems like" - ewarn "you're trying to use it. Update your ${EROOT}/etc/hosts.{allow,deny} please." - fi -} - -src_prepare() { - sed -i \ - -e "/_PATH_XAUTH/s:/usr/X11R6/bin/xauth:${EPREFIX}/usr/bin/xauth:" \ - pathnames.h || die - - # don't break .ssh/authorized_keys2 for fun - sed -i '/^AuthorizedKeysFile/s:^:#:' sshd_config || die - - eapply "${FILESDIR}"/${PN}-7.9_p1-include-stdlib.patch - eapply "${FILESDIR}"/${PN}-8.2_p1-GSSAPI-dns.patch #165444 integrated into gsskex - eapply "${FILESDIR}"/${PN}-6.7_p1-openssl-ignore-status.patch - eapply "${FILESDIR}"/${PN}-7.5_p1-disable-conch-interop-tests.patch - eapply "${FILESDIR}"/${PN}-8.0_p1-fix-putty-tests.patch - eapply "${FILESDIR}"/${PN}-8.0_p1-deny-shmget-shmat-shmdt-in-preauth-privsep-child.patch - - # workaround for https://bugs.gentoo.org/734984 - use X509 || eapply "${FILESDIR}"/${PN}-8.3_p1-sha2-include.patch - - [[ -d ${WORKDIR}/patches ]] && eapply "${WORKDIR}"/patches - - local PATCHSET_VERSION_MACROS=() - - if use X509 ; then - pushd "${WORKDIR}" &>/dev/null || die - eapply "${FILESDIR}/${P}-X509-glue-"${X509_VER}".patch" - popd &>/dev/null || die - - eapply "${WORKDIR}"/${X509_PATCH%.*} - - # We need to patch package version or any X.509 sshd will reject our ssh client - # with "userauth_pubkey: could not parse key: string is too large [preauth]" - # error - einfo "Patching package version for X.509 patch set ..." - sed -i \ - -e "s/^AC_INIT(\[OpenSSH\], \[Portable\]/AC_INIT([OpenSSH], [${X509_VER}]/" \ - "${S}"/configure.ac || die "Failed to patch package version for X.509 patch" - - einfo "Patching version.h to expose X.509 patch set ..." - sed -i \ - -e "/^#define SSH_PORTABLE.*/a #define SSH_X509 \"-PKIXSSH-${X509_VER}\"" \ - "${S}"/version.h || die "Failed to sed-in X.509 patch version" - PATCHSET_VERSION_MACROS+=( 'SSH_X509' ) - fi - - if use sctp ; then - eapply "${WORKDIR}"/${SCTP_PATCH%.*} - - einfo "Patching version.h to expose SCTP patch set ..." - sed -i \ - -e "/^#define SSH_PORTABLE/a #define SSH_SCTP \"-sctp-${SCTP_VER}\"" \ - "${S}"/version.h || die "Failed to sed-in SCTP patch version" - PATCHSET_VERSION_MACROS+=( 'SSH_SCTP' ) - - einfo "Disabling know failing test (cfgparse) caused by SCTP patch ..." - sed -i \ - -e "/\t\tcfgparse \\\/d" \ - "${S}"/regress/Makefile || die "Failed to disable known failing test (cfgparse) caused by SCTP patch" - fi - - if use hpn ; then - local hpn_patchdir="${T}/${P}-hpn${HPN_VER}" - mkdir "${hpn_patchdir}" || die - cp $(printf -- "${DISTDIR}/%s\n" "${HPN_PATCHES[@]}") "${hpn_patchdir}" || die - pushd "${hpn_patchdir}" &>/dev/null || die - eapply "${FILESDIR}"/${P}-hpn-${HPN_VER}-glue.patch - eapply "${FILESDIR}"/${PN}-8.2_p1-hpn-${HPN_VER}-libressl.patch - if use X509; then - # einfo "Will disable MT AES cipher due to incompatbility caused by X509 patch set" - # # X509 and AES-CTR-MT don't get along, let's just drop it - # rm openssh-${HPN_PV//./_}-hpn-AES-CTR-${HPN_VER}.diff || die - - eapply "${FILESDIR}"/${PN}-8.2_p1-hpn-${HPN_VER}-X509-glue.patch - fi - use sctp && eapply "${FILESDIR}"/${PN}-8.2_p1-hpn-${HPN_VER}-sctp-glue.patch - popd &>/dev/null || die - - eapply "${hpn_patchdir}" - - use X509 || eapply "${FILESDIR}/openssh-8.0_p1-hpn-version.patch" - - einfo "Patching Makefile.in for HPN patch set ..." - sed -i \ - -e "/^LIBS=/ s/\$/ -lpthread/" \ - "${S}"/Makefile.in || die "Failed to patch Makefile.in" - - einfo "Patching version.h to expose HPN patch set ..." - sed -i \ - -e "/^#define SSH_PORTABLE/a #define SSH_HPN \"-hpn${HPN_VER//./v}\"" \ - "${S}"/version.h || die "Failed to sed-in HPN patch version" - PATCHSET_VERSION_MACROS+=( 'SSH_HPN' ) - - if [[ -n "${HPN_DISABLE_MTAES}" ]] ; then - einfo "Disabling known non-working MT AES cipher per default ..." - - cat > "${T}"/disable_mtaes.conf <<- EOF - - # HPN's Multi-Threaded AES CTR cipher is currently known to be broken - # and therefore disabled per default. - DisableMTAES yes - EOF - sed -i \ - -e "/^#HPNDisabled.*/r ${T}/disable_mtaes.conf" \ - "${S}"/sshd_config || die "Failed to disabled MT AES ciphers in sshd_config" - - sed -i \ - -e "/AcceptEnv.*_XXX_TEST$/a \\\tDisableMTAES\t\tyes" \ - "${S}"/regress/test-exec.sh || die "Failed to disable MT AES ciphers in test config" - fi - fi - - if use X509 || use sctp || use hpn ; then - einfo "Patching sshconnect.c to use SSH_RELEASE in send_client_banner() ..." - sed -i \ - -e "s/PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION/PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_RELEASE/" \ - "${S}"/sshconnect.c || die "Failed to patch send_client_banner() to use SSH_RELEASE (sshconnect.c)" - - einfo "Patching sshd.c to use SSH_RELEASE in sshd_exchange_identification() ..." - sed -i \ - -e "s/PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION/PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_RELEASE/" \ - "${S}"/sshd.c || die "Failed to patch sshd_exchange_identification() to use SSH_RELEASE (sshd.c)" - - einfo "Patching version.h to add our patch sets to SSH_RELEASE ..." - sed -i \ - -e "s/^#define SSH_RELEASE.*/#define SSH_RELEASE SSH_VERSION SSH_PORTABLE ${PATCHSET_VERSION_MACROS[*]}/" \ - "${S}"/version.h || die "Failed to patch SSH_RELEASE (version.h)" - fi - - sed -i \ - -e "/#UseLogin no/d" \ - "${S}"/sshd_config || die "Failed to remove removed UseLogin option (sshd_config)" - - eapply_user #473004 - - # These tests are currently incompatible with PORTAGE_TMPDIR/sandbox - sed -e '/\t\tpercent \\/ d' \ - -i regress/Makefile || die - - tc-export PKG_CONFIG - local sed_args=( - -e "s:-lcrypto:$(${PKG_CONFIG} --libs openssl):" - # Disable PATH reset, trust what portage gives us #254615 - -e 's:^PATH=/:#PATH=/:' - # Disable fortify flags ... our gcc does this for us - -e 's:-D_FORTIFY_SOURCE=2::' - ) - - # The -ftrapv flag ICEs on hppa #505182 - use hppa && sed_args+=( - -e '/CFLAGS/s:-ftrapv:-fdisable-this-test:' - -e '/OSSH_CHECK_CFLAG_LINK.*-ftrapv/d' - ) - # _XOPEN_SOURCE causes header conflicts on Solaris - [[ ${CHOST} == *-solaris* ]] && sed_args+=( - -e 's/-D_XOPEN_SOURCE//' - ) - sed -i "${sed_args[@]}" configure{.ac,} || die - - eautoreconf -} - -src_configure() { - addwrite /dev/ptmx - - use debug && append-cppflags -DSANDBOX_SECCOMP_FILTER_DEBUG - use static && append-ldflags -static - use xmss && append-cflags -DWITH_XMSS - - if [[ ${CHOST} == *-solaris* ]] ; then - # Solaris' glob.h doesn't have things like GLOB_TILDE, configure - # doesn't check for this, so force the replacement to be put in - # place - append-cppflags -DBROKEN_GLOB - fi - - local myconf=( - --with-ldflags="${LDFLAGS}" - --disable-strip - --with-pid-dir="${EPREFIX}"$(usex kernel_linux '' '/var')/run - --sysconfdir="${EPREFIX}"/etc/ssh - --libexecdir="${EPREFIX}"/usr/$(get_libdir)/misc - --datadir="${EPREFIX}"/usr/share/openssh - --with-privsep-path="${EPREFIX}"/var/empty - --with-privsep-user=sshd - $(use_with audit audit linux) - $(use_with kerberos kerberos5 "${EPREFIX}"/usr) - # We apply the sctp patch conditionally, so can't pass --without-sctp - # unconditionally else we get unknown flag warnings. - $(use sctp && use_with sctp) - $(use_with ldns ldns "${EPREFIX}"/usr) - $(use_with libedit) - $(use_with pam) - $(use_with pie) - $(use_with selinux) - $(usex X509 '' "$(use_with security-key security-key-builtin)") - $(use_with ssl openssl) - $(use_with ssl md5-passwords) - $(use_with ssl ssl-engine) - $(use_with !elibc_Cygwin hardening) #659210 - ) - - # stackprotect is broken on musl x86 and ppc - use elibc_musl && ( use x86 || use ppc ) && myconf+=( --without-stackprotect ) - - # The seccomp sandbox is broken on x32, so use the older method for now. #553748 - use amd64 && [[ ${ABI} == "x32" ]] && myconf+=( --with-sandbox=rlimit ) - - econf "${myconf[@]}" -} - -src_test() { - local t skipped=() failed=() passed=() - local tests=( interop-tests compat-tests ) - - local shell=$(egetshell "${UID}") - if [[ ${shell} == */nologin ]] || [[ ${shell} == */false ]] ; then - elog "Running the full OpenSSH testsuite requires a usable shell for the 'portage'" - elog "user, so we will run a subset only." - skipped+=( tests ) - else - tests+=( tests ) - fi - - # It will also attempt to write to the homedir .ssh. - local sshhome=${T}/homedir - mkdir -p "${sshhome}"/.ssh - for t in "${tests[@]}" ; do - # Some tests read from stdin ... - HOMEDIR="${sshhome}" HOME="${sshhome}" TMPDIR="${T}" \ - SUDO="" SSH_SK_PROVIDER="" \ - TEST_SSH_UNSAFE_PERMISSIONS=1 \ - emake -k -j1 ${t} > "${ED}"/etc/ssh/sshd_config - - # Allow client to pass locale environment variables. #367017 - AcceptEnv ${locale_vars[*]} - - # Allow client to pass COLORTERM to match TERM. #658540 - AcceptEnv COLORTERM - EOF - - # Then the client config. - cat <<-EOF >> "${ED}"/etc/ssh/ssh_config - - # Send locale environment variables. #367017 - SendEnv ${locale_vars[*]} - - # Send COLORTERM to match TERM. #658540 - SendEnv COLORTERM - EOF - - if use pam ; then - sed -i \ - -e "/^#UsePAM /s:.*:UsePAM yes:" \ - -e "/^#PasswordAuthentication /s:.*:PasswordAuthentication no:" \ - -e "/^#PrintMotd /s:.*:PrintMotd no:" \ - -e "/^#PrintLastLog /s:.*:PrintLastLog no:" \ - "${ED}"/etc/ssh/sshd_config || die - fi - - if use livecd ; then - sed -i \ - -e '/^#PermitRootLogin/c# Allow root login with password on livecds.\nPermitRootLogin Yes' \ - "${ED}"/etc/ssh/sshd_config || die - fi -} - -src_install() { - emake install-nokeys DESTDIR="${D}" - fperms 600 /etc/ssh/sshd_config - dobin contrib/ssh-copy-id - newinitd "${FILESDIR}"/sshd-r1.initd sshd - newconfd "${FILESDIR}"/sshd-r1.confd sshd - - newpamd "${FILESDIR}"/sshd.pam_include.2 sshd - - tweak_ssh_configs - - doman contrib/ssh-copy-id.1 - dodoc CREDITS OVERVIEW README* TODO sshd_config - use hpn && dodoc HPN-README - use X509 || dodoc ChangeLog - - diropts -m 0700 - dodir /etc/skel/.ssh - - # https://bugs.gentoo.org/733802 - if ! use scp; then - rm "${ED}"/usr/{bin/scp,share/man/man1/scp.1} \ - || die "failed to remove scp" - fi - - keepdir /var/empty - - systemd_dounit "${FILESDIR}"/sshd.{service,socket} - systemd_newunit "${FILESDIR}"/sshd_at.service 'sshd@.service' -} - -pkg_preinst() { - if ! use ssl && has_version "${CATEGORY}/${PN}[ssl]"; then - show_ssl_warning=1 - fi -} - -pkg_postinst() { - local old_ver - for old_ver in ${REPLACING_VERSIONS}; do - if ver_test "${old_ver}" -lt "5.8_p1"; then - elog "Starting with openssh-5.8p1, the server will default to a newer key" - elog "algorithm (ECDSA). You are encouraged to manually update your stored" - elog "keys list as servers update theirs. See ssh-keyscan(1) for more info." - fi - if ver_test "${old_ver}" -lt "7.0_p1"; then - elog "Starting with openssh-6.7, support for USE=tcpd has been dropped by upstream." - elog "Make sure to update any configs that you might have. Note that xinetd might" - elog "be an alternative for you as it supports USE=tcpd." - fi - if ver_test "${old_ver}" -lt "7.1_p1"; then #557388 #555518 - elog "Starting with openssh-7.0, support for ssh-dss keys were disabled due to their" - elog "weak sizes. If you rely on these key types, you can re-enable the key types by" - elog "adding to your sshd_config or ~/.ssh/config files:" - elog " PubkeyAcceptedKeyTypes=+ssh-dss" - elog "You should however generate new keys using rsa or ed25519." - - elog "Starting with openssh-7.0, the default for PermitRootLogin changed from 'yes'" - elog "to 'prohibit-password'. That means password auth for root users no longer works" - elog "out of the box. If you need this, please update your sshd_config explicitly." - fi - if ver_test "${old_ver}" -lt "7.6_p1"; then - elog "Starting with openssh-7.6p1, openssh upstream has removed ssh1 support entirely." - elog "Furthermore, rsa keys with less than 1024 bits will be refused." - fi - if ver_test "${old_ver}" -lt "7.7_p1"; then - elog "Starting with openssh-7.7p1, we no longer patch openssh to provide LDAP functionality." - elog "Install sys-auth/ssh-ldap-pubkey and use OpenSSH's \"AuthorizedKeysCommand\" option" - elog "if you need to authenticate against LDAP." - elog "See https://wiki.gentoo.org/wiki/SSH/LDAP_migration for more details." - fi - if ver_test "${old_ver}" -lt "8.2_p1"; then - ewarn "After upgrading to openssh-8.2p1 please restart sshd, otherwise you" - ewarn "will not be able to establish new sessions. Restarting sshd over a ssh" - ewarn "connection is generally safe." - fi - done - - if [[ -n ${show_ssl_warning} ]]; then - elog "Be aware that by disabling openssl support in openssh, the server and clients" - elog "no longer support dss/rsa/ecdsa keys. You will need to generate ed25519 keys" - elog "and update all clients/servers that utilize them." - fi - - if use hpn && [[ -n "${HPN_DISABLE_MTAES}" ]] ; then - elog "" - elog "HPN's multi-threaded AES CTR cipher is currently known to be broken" - elog "and therefore disabled at runtime per default." - elog "Make sure your sshd_config is up to date and contains" - elog "" - elog " DisableMTAES yes" - elog "" - elog "Otherwise you maybe unable to connect to this sshd using any AES CTR cipher." - elog "" - fi -} diff --git a/net-misc/openssh/openssh-8.3_p1-r6.ebuild b/net-misc/openssh/openssh-8.3_p1-r6.ebuild new file mode 100644 index 000000000000..ef9e80ab84f4 --- /dev/null +++ b/net-misc/openssh/openssh-8.3_p1-r6.ebuild @@ -0,0 +1,511 @@ +# Copyright 1999-2021 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +inherit user-info flag-o-matic multilib autotools pam systemd toolchain-funcs + +# Make it more portable between straight releases +# and _p? releases. +PARCH=${P/_} + +# PV to USE for HPN patches +#HPN_PV="${PV^^}" +HPN_PV="8.1_P1" + +HPN_VER="14.20" +HPN_PATCHES=( + ${PN}-${HPN_PV/./_}-hpn-DynWinNoneSwitch-${HPN_VER}.diff + ${PN}-${HPN_PV/./_}-hpn-AES-CTR-${HPN_VER}.diff + ${PN}-${HPN_PV/./_}-hpn-PeakTput-${HPN_VER}.diff +) + +SCTP_VER="1.2" SCTP_PATCH="${PARCH}-sctp-${SCTP_VER}.patch.xz" +X509_VER="12.5.1" X509_PATCH="${PARCH}+x509-${X509_VER}.diff.gz" + +DESCRIPTION="Port of OpenBSD's free SSH release" +HOMEPAGE="https://www.openssh.com/" +SRC_URI="mirror://openbsd/OpenSSH/portable/${PARCH}.tar.gz + ${SCTP_PATCH:+sctp? ( https://dev.gentoo.org/~chutzpah/dist/openssh/${SCTP_PATCH} )} + ${HPN_VER:+hpn? ( $(printf "mirror://sourceforge/hpnssh/HPN-SSH%%20${HPN_VER/./v}%%20${HPN_PV/_P/p}/%s\n" "${HPN_PATCHES[@]}") )} + ${X509_PATCH:+X509? ( https://roumenpetrov.info/openssh/x509-${X509_VER}/${X509_PATCH} )} +" +S="${WORKDIR}/${PARCH}" + +LICENSE="BSD GPL-2" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" +# Probably want to drop ssl defaulting to on in a future version. +IUSE="abi_mips_n32 audit bindist debug hpn kerberos kernel_linux ldns libedit libressl livecd pam +pie +scp sctp security-key selinux +ssl static test X X509 xmss" + +RESTRICT="!test? ( test )" + +REQUIRED_USE=" + ldns? ( ssl ) + pie? ( !static ) + static? ( !kerberos !pam ) + X509? ( !sctp !security-key ssl !xmss ) + xmss? ( || ( ssl libressl ) ) + test? ( ssl ) +" + +LIB_DEPEND=" + audit? ( sys-process/audit[static-libs(+)] ) + ldns? ( + net-libs/ldns[static-libs(+)] + !bindist? ( net-libs/ldns[ecdsa,ssl(+)] ) + bindist? ( net-libs/ldns[-ecdsa,ssl(+)] ) + ) + libedit? ( dev-libs/libedit:=[static-libs(+)] ) + sctp? ( net-misc/lksctp-tools[static-libs(+)] ) + security-key? ( >=dev-libs/libfido2-1.4.0:=[static-libs(+)] ) + selinux? ( >=sys-libs/libselinux-1.28[static-libs(+)] ) + ssl? ( + !libressl? ( + || ( + ( + >=dev-libs/openssl-1.0.1:0[bindist=] + =dev-libs/openssl-1.1.0g:0[bindist=] + ) + dev-libs/openssl:0=[static-libs(+)] + ) + libressl? ( dev-libs/libressl:0=[static-libs(+)] ) + ) + virtual/libcrypt:=[static-libs(+)] + >=sys-libs/zlib-1.2.3:=[static-libs(+)] +" +RDEPEND=" + acct-group/sshd + acct-user/sshd + !static? ( ${LIB_DEPEND//\[static-libs(+)]} ) + pam? ( sys-libs/pam ) + kerberos? ( virtual/krb5 ) +" +DEPEND="${RDEPEND} + virtual/os-headers + kernel_linux? ( >=sys-kernel/linux-headers-5.1 ) + static? ( ${LIB_DEPEND} ) +" +RDEPEND="${RDEPEND} + pam? ( >=sys-auth/pambase-20081028 ) + userland_GNU? ( !prefix? ( sys-apps/shadow ) ) + X? ( x11-apps/xauth ) +" +BDEPEND=" + virtual/pkgconfig + sys-devel/autoconf +" + +pkg_pretend() { + # this sucks, but i'd rather have people unable to `emerge -u openssh` + # than not be able to log in to their server any more + maybe_fail() { [[ -z ${!2} ]] && echo "$1" ; } + local fail=" + $(use hpn && maybe_fail hpn HPN_VER) + $(use sctp && maybe_fail sctp SCTP_PATCH) + $(use X509 && maybe_fail X509 X509_PATCH) + " + fail=$(echo ${fail}) + if [[ -n ${fail} ]] ; then + eerror "Sorry, but this version does not yet support features" + eerror "that you requested: ${fail}" + eerror "Please mask ${PF} for now and check back later:" + eerror " # echo '=${CATEGORY}/${PF}' >> /etc/portage/package.mask" + die "booooo" + fi + + # Make sure people who are using tcp wrappers are notified of its removal. #531156 + if grep -qs '^ *sshd *:' "${EROOT}"/etc/hosts.{allow,deny} ; then + ewarn "Sorry, but openssh no longer supports tcp-wrappers, and it seems like" + ewarn "you're trying to use it. Update your ${EROOT}/etc/hosts.{allow,deny} please." + fi +} + +src_prepare() { + sed -i \ + -e "/_PATH_XAUTH/s:/usr/X11R6/bin/xauth:${EPREFIX}/usr/bin/xauth:" \ + pathnames.h || die + + # don't break .ssh/authorized_keys2 for fun + sed -i '/^AuthorizedKeysFile/s:^:#:' sshd_config || die + + eapply "${FILESDIR}"/${PN}-7.9_p1-include-stdlib.patch + eapply "${FILESDIR}"/${PN}-8.2_p1-GSSAPI-dns.patch #165444 integrated into gsskex + eapply "${FILESDIR}"/${PN}-6.7_p1-openssl-ignore-status.patch + eapply "${FILESDIR}"/${PN}-7.5_p1-disable-conch-interop-tests.patch + eapply "${FILESDIR}"/${PN}-8.0_p1-fix-putty-tests.patch + eapply "${FILESDIR}"/${PN}-8.0_p1-deny-shmget-shmat-shmdt-in-preauth-privsep-child.patch + + # workaround for https://bugs.gentoo.org/734984 + use X509 || eapply "${FILESDIR}"/${PN}-8.3_p1-sha2-include.patch + + [[ -d ${WORKDIR}/patches ]] && eapply "${WORKDIR}"/patches + + local PATCHSET_VERSION_MACROS=() + + if use X509 ; then + pushd "${WORKDIR}" &>/dev/null || die + eapply "${FILESDIR}/${P}-X509-glue-"${X509_VER}".patch" + popd &>/dev/null || die + + eapply "${WORKDIR}"/${X509_PATCH%.*} + + # We need to patch package version or any X.509 sshd will reject our ssh client + # with "userauth_pubkey: could not parse key: string is too large [preauth]" + # error + einfo "Patching package version for X.509 patch set ..." + sed -i \ + -e "s/^AC_INIT(\[OpenSSH\], \[Portable\]/AC_INIT([OpenSSH], [${X509_VER}]/" \ + "${S}"/configure.ac || die "Failed to patch package version for X.509 patch" + + einfo "Patching version.h to expose X.509 patch set ..." + sed -i \ + -e "/^#define SSH_PORTABLE.*/a #define SSH_X509 \"-PKIXSSH-${X509_VER}\"" \ + "${S}"/version.h || die "Failed to sed-in X.509 patch version" + PATCHSET_VERSION_MACROS+=( 'SSH_X509' ) + fi + + if use sctp ; then + eapply "${WORKDIR}"/${SCTP_PATCH%.*} + + einfo "Patching version.h to expose SCTP patch set ..." + sed -i \ + -e "/^#define SSH_PORTABLE/a #define SSH_SCTP \"-sctp-${SCTP_VER}\"" \ + "${S}"/version.h || die "Failed to sed-in SCTP patch version" + PATCHSET_VERSION_MACROS+=( 'SSH_SCTP' ) + + einfo "Disabling know failing test (cfgparse) caused by SCTP patch ..." + sed -i \ + -e "/\t\tcfgparse \\\/d" \ + "${S}"/regress/Makefile || die "Failed to disable known failing test (cfgparse) caused by SCTP patch" + fi + + if use hpn ; then + local hpn_patchdir="${T}/${P}-hpn${HPN_VER}" + mkdir "${hpn_patchdir}" || die + cp $(printf -- "${DISTDIR}/%s\n" "${HPN_PATCHES[@]}") "${hpn_patchdir}" || die + pushd "${hpn_patchdir}" &>/dev/null || die + eapply "${FILESDIR}"/${P}-hpn-${HPN_VER}-glue.patch + eapply "${FILESDIR}"/${PN}-8.2_p1-hpn-${HPN_VER}-libressl.patch + if use X509; then + # einfo "Will disable MT AES cipher due to incompatbility caused by X509 patch set" + # # X509 and AES-CTR-MT don't get along, let's just drop it + # rm openssh-${HPN_PV//./_}-hpn-AES-CTR-${HPN_VER}.diff || die + + eapply "${FILESDIR}"/${PN}-8.2_p1-hpn-${HPN_VER}-X509-glue.patch + fi + use sctp && eapply "${FILESDIR}"/${PN}-8.2_p1-hpn-${HPN_VER}-sctp-glue.patch + popd &>/dev/null || die + + eapply "${hpn_patchdir}" + + use X509 || eapply "${FILESDIR}/openssh-8.0_p1-hpn-version.patch" + + einfo "Patching Makefile.in for HPN patch set ..." + sed -i \ + -e "/^LIBS=/ s/\$/ -lpthread/" \ + "${S}"/Makefile.in || die "Failed to patch Makefile.in" + + einfo "Patching version.h to expose HPN patch set ..." + sed -i \ + -e "/^#define SSH_PORTABLE/a #define SSH_HPN \"-hpn${HPN_VER//./v}\"" \ + "${S}"/version.h || die "Failed to sed-in HPN patch version" + PATCHSET_VERSION_MACROS+=( 'SSH_HPN' ) + + if [[ -n "${HPN_DISABLE_MTAES}" ]] ; then + einfo "Disabling known non-working MT AES cipher per default ..." + + cat > "${T}"/disable_mtaes.conf <<- EOF + + # HPN's Multi-Threaded AES CTR cipher is currently known to be broken + # and therefore disabled per default. + DisableMTAES yes + EOF + sed -i \ + -e "/^#HPNDisabled.*/r ${T}/disable_mtaes.conf" \ + "${S}"/sshd_config || die "Failed to disabled MT AES ciphers in sshd_config" + + sed -i \ + -e "/AcceptEnv.*_XXX_TEST$/a \\\tDisableMTAES\t\tyes" \ + "${S}"/regress/test-exec.sh || die "Failed to disable MT AES ciphers in test config" + fi + fi + + if use X509 || use sctp || use hpn ; then + einfo "Patching sshconnect.c to use SSH_RELEASE in send_client_banner() ..." + sed -i \ + -e "s/PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION/PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_RELEASE/" \ + "${S}"/sshconnect.c || die "Failed to patch send_client_banner() to use SSH_RELEASE (sshconnect.c)" + + einfo "Patching sshd.c to use SSH_RELEASE in sshd_exchange_identification() ..." + sed -i \ + -e "s/PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION/PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_RELEASE/" \ + "${S}"/sshd.c || die "Failed to patch sshd_exchange_identification() to use SSH_RELEASE (sshd.c)" + + einfo "Patching version.h to add our patch sets to SSH_RELEASE ..." + sed -i \ + -e "s/^#define SSH_RELEASE.*/#define SSH_RELEASE SSH_VERSION SSH_PORTABLE ${PATCHSET_VERSION_MACROS[*]}/" \ + "${S}"/version.h || die "Failed to patch SSH_RELEASE (version.h)" + fi + + sed -i \ + -e "/#UseLogin no/d" \ + "${S}"/sshd_config || die "Failed to remove removed UseLogin option (sshd_config)" + + eapply_user #473004 + + # These tests are currently incompatible with PORTAGE_TMPDIR/sandbox + sed -e '/\t\tpercent \\/ d' \ + -i regress/Makefile || die + + tc-export PKG_CONFIG + local sed_args=( + -e "s:-lcrypto:$(${PKG_CONFIG} --libs openssl):" + # Disable PATH reset, trust what portage gives us #254615 + -e 's:^PATH=/:#PATH=/:' + # Disable fortify flags ... our gcc does this for us + -e 's:-D_FORTIFY_SOURCE=2::' + ) + + # The -ftrapv flag ICEs on hppa #505182 + use hppa && sed_args+=( + -e '/CFLAGS/s:-ftrapv:-fdisable-this-test:' + -e '/OSSH_CHECK_CFLAG_LINK.*-ftrapv/d' + ) + # _XOPEN_SOURCE causes header conflicts on Solaris + [[ ${CHOST} == *-solaris* ]] && sed_args+=( + -e 's/-D_XOPEN_SOURCE//' + ) + sed -i "${sed_args[@]}" configure{.ac,} || die + + eautoreconf +} + +src_configure() { + addwrite /dev/ptmx + + use debug && append-cppflags -DSANDBOX_SECCOMP_FILTER_DEBUG + use static && append-ldflags -static + use xmss && append-cflags -DWITH_XMSS + + if [[ ${CHOST} == *-solaris* ]] ; then + # Solaris' glob.h doesn't have things like GLOB_TILDE, configure + # doesn't check for this, so force the replacement to be put in + # place + append-cppflags -DBROKEN_GLOB + fi + + local myconf=( + --with-ldflags="${LDFLAGS}" + --disable-strip + --with-pid-dir="${EPREFIX}"$(usex kernel_linux '' '/var')/run + --sysconfdir="${EPREFIX}"/etc/ssh + --libexecdir="${EPREFIX}"/usr/$(get_libdir)/misc + --datadir="${EPREFIX}"/usr/share/openssh + --with-privsep-path="${EPREFIX}"/var/empty + --with-privsep-user=sshd + $(use_with audit audit linux) + $(use_with kerberos kerberos5 "${EPREFIX}"/usr) + # We apply the sctp patch conditionally, so can't pass --without-sctp + # unconditionally else we get unknown flag warnings. + $(use sctp && use_with sctp) + $(use_with ldns ldns "${EPREFIX}"/usr) + $(use_with libedit) + $(use_with pam) + $(use_with pie) + $(use_with selinux) + $(usex X509 '' "$(use_with security-key security-key-builtin)") + $(use_with ssl openssl) + $(use_with ssl md5-passwords) + $(use_with ssl ssl-engine) + $(use_with !elibc_Cygwin hardening) #659210 + ) + + # stackprotect is broken on musl x86 and ppc + use elibc_musl && ( use x86 || use ppc ) && myconf+=( --without-stackprotect ) + + # The seccomp sandbox is broken on x32, so use the older method for now. #553748 + use amd64 && [[ ${ABI} == "x32" ]] && myconf+=( --with-sandbox=rlimit ) + + econf "${myconf[@]}" +} + +src_test() { + local t skipped=() failed=() passed=() + local tests=( interop-tests compat-tests ) + + local shell=$(egetshell "${UID}") + if [[ ${shell} == */nologin ]] || [[ ${shell} == */false ]] ; then + elog "Running the full OpenSSH testsuite requires a usable shell for the 'portage'" + elog "user, so we will run a subset only." + skipped+=( tests ) + else + tests+=( tests ) + fi + + # It will also attempt to write to the homedir .ssh. + local sshhome=${T}/homedir + mkdir -p "${sshhome}"/.ssh + for t in "${tests[@]}" ; do + # Some tests read from stdin ... + HOMEDIR="${sshhome}" HOME="${sshhome}" TMPDIR="${T}" \ + SUDO="" SSH_SK_PROVIDER="" \ + TEST_SSH_UNSAFE_PERMISSIONS=1 \ + emake -k -j1 ${t} > "${ED}"/etc/ssh/sshd_config + + # Allow client to pass locale environment variables. #367017 + AcceptEnv ${locale_vars[*]} + + # Allow client to pass COLORTERM to match TERM. #658540 + AcceptEnv COLORTERM + EOF + + # Then the client config. + cat <<-EOF >> "${ED}"/etc/ssh/ssh_config + + # Send locale environment variables. #367017 + SendEnv ${locale_vars[*]} + + # Send COLORTERM to match TERM. #658540 + SendEnv COLORTERM + EOF + + if use pam ; then + sed -i \ + -e "/^#UsePAM /s:.*:UsePAM yes:" \ + -e "/^#PasswordAuthentication /s:.*:PasswordAuthentication no:" \ + -e "/^#PrintMotd /s:.*:PrintMotd no:" \ + -e "/^#PrintLastLog /s:.*:PrintLastLog no:" \ + "${ED}"/etc/ssh/sshd_config || die + fi + + if use livecd ; then + sed -i \ + -e '/^#PermitRootLogin/c# Allow root login with password on livecds.\nPermitRootLogin Yes' \ + "${ED}"/etc/ssh/sshd_config || die + fi +} + +src_install() { + emake install-nokeys DESTDIR="${D}" + fperms 600 /etc/ssh/sshd_config + dobin contrib/ssh-copy-id + newinitd "${FILESDIR}"/sshd-r1.initd sshd + newconfd "${FILESDIR}"/sshd-r1.confd sshd + + if use pam; then + newpamd "${FILESDIR}"/sshd.pam_include.2 sshd + fi + + tweak_ssh_configs + + doman contrib/ssh-copy-id.1 + dodoc CREDITS OVERVIEW README* TODO sshd_config + use hpn && dodoc HPN-README + use X509 || dodoc ChangeLog + + diropts -m 0700 + dodir /etc/skel/.ssh + + # https://bugs.gentoo.org/733802 + if ! use scp; then + rm "${ED}"/usr/{bin/scp,share/man/man1/scp.1} \ + || die "failed to remove scp" + fi + + keepdir /var/empty + + systemd_dounit "${FILESDIR}"/sshd.{service,socket} + systemd_newunit "${FILESDIR}"/sshd_at.service 'sshd@.service' +} + +pkg_preinst() { + if ! use ssl && has_version "${CATEGORY}/${PN}[ssl]"; then + show_ssl_warning=1 + fi +} + +pkg_postinst() { + local old_ver + for old_ver in ${REPLACING_VERSIONS}; do + if ver_test "${old_ver}" -lt "5.8_p1"; then + elog "Starting with openssh-5.8p1, the server will default to a newer key" + elog "algorithm (ECDSA). You are encouraged to manually update your stored" + elog "keys list as servers update theirs. See ssh-keyscan(1) for more info." + fi + if ver_test "${old_ver}" -lt "7.0_p1"; then + elog "Starting with openssh-6.7, support for USE=tcpd has been dropped by upstream." + elog "Make sure to update any configs that you might have. Note that xinetd might" + elog "be an alternative for you as it supports USE=tcpd." + fi + if ver_test "${old_ver}" -lt "7.1_p1"; then #557388 #555518 + elog "Starting with openssh-7.0, support for ssh-dss keys were disabled due to their" + elog "weak sizes. If you rely on these key types, you can re-enable the key types by" + elog "adding to your sshd_config or ~/.ssh/config files:" + elog " PubkeyAcceptedKeyTypes=+ssh-dss" + elog "You should however generate new keys using rsa or ed25519." + + elog "Starting with openssh-7.0, the default for PermitRootLogin changed from 'yes'" + elog "to 'prohibit-password'. That means password auth for root users no longer works" + elog "out of the box. If you need this, please update your sshd_config explicitly." + fi + if ver_test "${old_ver}" -lt "7.6_p1"; then + elog "Starting with openssh-7.6p1, openssh upstream has removed ssh1 support entirely." + elog "Furthermore, rsa keys with less than 1024 bits will be refused." + fi + if ver_test "${old_ver}" -lt "7.7_p1"; then + elog "Starting with openssh-7.7p1, we no longer patch openssh to provide LDAP functionality." + elog "Install sys-auth/ssh-ldap-pubkey and use OpenSSH's \"AuthorizedKeysCommand\" option" + elog "if you need to authenticate against LDAP." + elog "See https://wiki.gentoo.org/wiki/SSH/LDAP_migration for more details." + fi + if ver_test "${old_ver}" -lt "8.2_p1"; then + ewarn "After upgrading to openssh-8.2p1 please restart sshd, otherwise you" + ewarn "will not be able to establish new sessions. Restarting sshd over a ssh" + ewarn "connection is generally safe." + fi + done + + if [[ -n ${show_ssl_warning} ]]; then + elog "Be aware that by disabling openssl support in openssh, the server and clients" + elog "no longer support dss/rsa/ecdsa keys. You will need to generate ed25519 keys" + elog "and update all clients/servers that utilize them." + fi + + if use hpn && [[ -n "${HPN_DISABLE_MTAES}" ]] ; then + elog "" + elog "HPN's multi-threaded AES CTR cipher is currently known to be broken" + elog "and therefore disabled at runtime per default." + elog "Make sure your sshd_config is up to date and contains" + elog "" + elog " DisableMTAES yes" + elog "" + elog "Otherwise you maybe unable to connect to this sshd using any AES CTR cipher." + elog "" + fi +} diff --git a/net-misc/openssh/openssh-8.4_p1-r2.ebuild b/net-misc/openssh/openssh-8.4_p1-r2.ebuild deleted file mode 100644 index 894176403737..000000000000 --- a/net-misc/openssh/openssh-8.4_p1-r2.ebuild +++ /dev/null @@ -1,514 +0,0 @@ -# Copyright 1999-2021 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=7 - -inherit user-info flag-o-matic multilib autotools pam systemd toolchain-funcs - -# Make it more portable between straight releases -# and _p? releases. -PARCH=${P/_} - -# PV to USE for HPN patches -#HPN_PV="${PV^^}" -HPN_PV="8.3_P1" - -HPN_VER="14.22" -HPN_PATCHES=( - ${PN}-${HPN_PV/./_}-hpn-DynWinNoneSwitch-${HPN_VER}.diff - ${PN}-${HPN_PV/./_}-hpn-AES-CTR-${HPN_VER}.diff - ${PN}-${HPN_PV/./_}-hpn-PeakTput-${HPN_VER}.diff -) - -SCTP_VER="1.2" SCTP_PATCH="${PARCH}-sctp-${SCTP_VER}.patch.xz" -X509_VER="12.6" X509_PATCH="${PARCH}+x509-${X509_VER}.diff.gz" - -DESCRIPTION="Port of OpenBSD's free SSH release" -HOMEPAGE="https://www.openssh.com/" -SRC_URI="mirror://openbsd/OpenSSH/portable/${PARCH}.tar.gz - ${SCTP_PATCH:+sctp? ( https://dev.gentoo.org/~chutzpah/dist/openssh/${SCTP_PATCH} )} - ${HPN_VER:+hpn? ( $(printf "mirror://sourceforge/project/hpnssh/Patches/HPN-SSH%%20${HPN_VER/./v}%%20${HPN_PV/_P/p}/%s\n" "${HPN_PATCHES[@]}") )} - ${X509_PATCH:+X509? ( https://roumenpetrov.info/openssh/x509-${X509_VER}/${X509_PATCH} )} -" -S="${WORKDIR}/${PARCH}" - -LICENSE="BSD GPL-2" -SLOT="0" -KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv s390 sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" -# Probably want to drop ssl defaulting to on in a future version. -IUSE="abi_mips_n32 audit bindist debug hpn kerberos kernel_linux ldns libedit libressl livecd pam +pie +scp sctp security-key selinux +ssl static test X X509 xmss" - -RESTRICT="!test? ( test )" - -REQUIRED_USE=" - ldns? ( ssl ) - pie? ( !static ) - static? ( !kerberos !pam ) - X509? ( !sctp !security-key ssl !xmss ) - xmss? ( || ( ssl libressl ) ) - test? ( ssl ) -" - -LIB_DEPEND=" - audit? ( sys-process/audit[static-libs(+)] ) - ldns? ( - net-libs/ldns[static-libs(+)] - !bindist? ( net-libs/ldns[ecdsa,ssl(+)] ) - bindist? ( net-libs/ldns[-ecdsa,ssl(+)] ) - ) - libedit? ( dev-libs/libedit:=[static-libs(+)] ) - sctp? ( net-misc/lksctp-tools[static-libs(+)] ) - security-key? ( >=dev-libs/libfido2-1.5.0:=[static-libs(+)] ) - selinux? ( >=sys-libs/libselinux-1.28[static-libs(+)] ) - ssl? ( - !libressl? ( - || ( - ( - >=dev-libs/openssl-1.0.1:0[bindist=] - =dev-libs/openssl-1.1.0g:0[bindist=] - ) - dev-libs/openssl:0=[static-libs(+)] - ) - libressl? ( dev-libs/libressl:0=[static-libs(+)] ) - ) - virtual/libcrypt:=[static-libs(+)] - >=sys-libs/zlib-1.2.3:=[static-libs(+)] -" -RDEPEND=" - acct-group/sshd - acct-user/sshd - !static? ( ${LIB_DEPEND//\[static-libs(+)]} ) - pam? ( sys-libs/pam ) - kerberos? ( virtual/krb5 ) -" -DEPEND="${RDEPEND} - virtual/os-headers - kernel_linux? ( !prefix-guest? ( >=sys-kernel/linux-headers-5.1 ) ) - static? ( ${LIB_DEPEND} ) -" -RDEPEND="${RDEPEND} - pam? ( >=sys-auth/pambase-20081028 ) - userland_GNU? ( !prefix? ( sys-apps/shadow ) ) - X? ( x11-apps/xauth ) -" -BDEPEND=" - virtual/pkgconfig - sys-devel/autoconf -" - -pkg_pretend() { - # this sucks, but i'd rather have people unable to `emerge -u openssh` - # than not be able to log in to their server any more - maybe_fail() { [[ -z ${!2} ]] && echo "$1" ; } - local fail=" - $(use hpn && maybe_fail hpn HPN_VER) - $(use sctp && maybe_fail sctp SCTP_PATCH) - $(use X509 && maybe_fail X509 X509_PATCH) - " - fail=$(echo ${fail}) - if [[ -n ${fail} ]] ; then - eerror "Sorry, but this version does not yet support features" - eerror "that you requested: ${fail}" - eerror "Please mask ${PF} for now and check back later:" - eerror " # echo '=${CATEGORY}/${PF}' >> /etc/portage/package.mask" - die "booooo" - fi - - # Make sure people who are using tcp wrappers are notified of its removal. #531156 - if grep -qs '^ *sshd *:' "${EROOT}"/etc/hosts.{allow,deny} ; then - ewarn "Sorry, but openssh no longer supports tcp-wrappers, and it seems like" - ewarn "you're trying to use it. Update your ${EROOT}/etc/hosts.{allow,deny} please." - fi -} - -src_prepare() { - sed -i \ - -e "/_PATH_XAUTH/s:/usr/X11R6/bin/xauth:${EPREFIX}/usr/bin/xauth:" \ - pathnames.h || die - - # don't break .ssh/authorized_keys2 for fun - sed -i '/^AuthorizedKeysFile/s:^:#:' sshd_config || die - - eapply "${FILESDIR}"/${PN}-7.9_p1-include-stdlib.patch - eapply "${FILESDIR}"/${PN}-8.2_p1-GSSAPI-dns.patch #165444 integrated into gsskex - eapply "${FILESDIR}"/${PN}-6.7_p1-openssl-ignore-status.patch - eapply "${FILESDIR}"/${PN}-7.5_p1-disable-conch-interop-tests.patch - eapply "${FILESDIR}"/${PN}-8.0_p1-fix-putty-tests.patch - eapply "${FILESDIR}"/${PN}-8.0_p1-deny-shmget-shmat-shmdt-in-preauth-privsep-child.patch - - # https://bugs.gentoo.org/749026 - use X509 || eapply "${FILESDIR}"/${PN}-8.4_p1-fix-ssh-copy-id.patch - - # workaround for https://bugs.gentoo.org/734984 - use X509 || eapply "${FILESDIR}"/${PN}-8.3_p1-sha2-include.patch - - [[ -d ${WORKDIR}/patches ]] && eapply "${WORKDIR}"/patches - - local PATCHSET_VERSION_MACROS=() - - if use X509 ; then - pushd "${WORKDIR}" &>/dev/null || die - eapply "${FILESDIR}/${P}-X509-glue-"${X509_VER}".patch" - popd &>/dev/null || die - - eapply "${WORKDIR}"/${X509_PATCH%.*} - - # We need to patch package version or any X.509 sshd will reject our ssh client - # with "userauth_pubkey: could not parse key: string is too large [preauth]" - # error - einfo "Patching package version for X.509 patch set ..." - sed -i \ - -e "s/^AC_INIT(\[OpenSSH\], \[Portable\]/AC_INIT([OpenSSH], [${X509_VER}]/" \ - "${S}"/configure.ac || die "Failed to patch package version for X.509 patch" - - einfo "Patching version.h to expose X.509 patch set ..." - sed -i \ - -e "/^#define SSH_PORTABLE.*/a #define SSH_X509 \"-PKIXSSH-${X509_VER}\"" \ - "${S}"/version.h || die "Failed to sed-in X.509 patch version" - PATCHSET_VERSION_MACROS+=( 'SSH_X509' ) - fi - - if use sctp ; then - eapply "${WORKDIR}"/${SCTP_PATCH%.*} - - einfo "Patching version.h to expose SCTP patch set ..." - sed -i \ - -e "/^#define SSH_PORTABLE/a #define SSH_SCTP \"-sctp-${SCTP_VER}\"" \ - "${S}"/version.h || die "Failed to sed-in SCTP patch version" - PATCHSET_VERSION_MACROS+=( 'SSH_SCTP' ) - - einfo "Disabling know failing test (cfgparse) caused by SCTP patch ..." - sed -i \ - -e "/\t\tcfgparse \\\/d" \ - "${S}"/regress/Makefile || die "Failed to disable known failing test (cfgparse) caused by SCTP patch" - fi - - if use hpn ; then - local hpn_patchdir="${T}/${P}-hpn${HPN_VER}" - mkdir "${hpn_patchdir}" || die - cp $(printf -- "${DISTDIR}/%s\n" "${HPN_PATCHES[@]}") "${hpn_patchdir}" || die - pushd "${hpn_patchdir}" &>/dev/null || die - eapply "${FILESDIR}"/${P}-hpn-${HPN_VER}-glue.patch - eapply "${FILESDIR}"/${PN}-8.4_p1-hpn-${HPN_VER}-libressl.patch - use X509 && eapply "${FILESDIR}"/${PN}-8.4_p1-hpn-${HPN_VER}-X509-glue.patch - use sctp && eapply "${FILESDIR}"/${PN}-8.4_p1-hpn-${HPN_VER}-sctp-glue.patch - popd &>/dev/null || die - - eapply "${hpn_patchdir}" - - use X509 || eapply "${FILESDIR}/openssh-8.0_p1-hpn-version.patch" - - einfo "Patching Makefile.in for HPN patch set ..." - sed -i \ - -e "/^LIBS=/ s/\$/ -lpthread/" \ - "${S}"/Makefile.in || die "Failed to patch Makefile.in" - - einfo "Patching version.h to expose HPN patch set ..." - sed -i \ - -e "/^#define SSH_PORTABLE/a #define SSH_HPN \"-hpn${HPN_VER//./v}\"" \ - "${S}"/version.h || die "Failed to sed-in HPN patch version" - PATCHSET_VERSION_MACROS+=( 'SSH_HPN' ) - - if [[ -n "${HPN_DISABLE_MTAES}" ]] ; then - einfo "Disabling known non-working MT AES cipher per default ..." - - cat > "${T}"/disable_mtaes.conf <<- EOF - - # HPN's Multi-Threaded AES CTR cipher is currently known to be broken - # and therefore disabled per default. - DisableMTAES yes - EOF - sed -i \ - -e "/^#HPNDisabled.*/r ${T}/disable_mtaes.conf" \ - "${S}"/sshd_config || die "Failed to disabled MT AES ciphers in sshd_config" - - sed -i \ - -e "/AcceptEnv.*_XXX_TEST$/a \\\tDisableMTAES\t\tyes" \ - "${S}"/regress/test-exec.sh || die "Failed to disable MT AES ciphers in test config" - fi - fi - - if use X509 || use sctp || use hpn ; then - einfo "Patching sshconnect.c to use SSH_RELEASE in send_client_banner() ..." - sed -i \ - -e "s/PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION/PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_RELEASE/" \ - "${S}"/sshconnect.c || die "Failed to patch send_client_banner() to use SSH_RELEASE (sshconnect.c)" - - einfo "Patching sshd.c to use SSH_RELEASE in sshd_exchange_identification() ..." - sed -i \ - -e "s/PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION/PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_RELEASE/" \ - "${S}"/sshd.c || die "Failed to patch sshd_exchange_identification() to use SSH_RELEASE (sshd.c)" - - einfo "Patching version.h to add our patch sets to SSH_RELEASE ..." - sed -i \ - -e "s/^#define SSH_RELEASE.*/#define SSH_RELEASE SSH_VERSION SSH_PORTABLE ${PATCHSET_VERSION_MACROS[*]}/" \ - "${S}"/version.h || die "Failed to patch SSH_RELEASE (version.h)" - fi - - sed -i \ - -e "/#UseLogin no/d" \ - "${S}"/sshd_config || die "Failed to remove removed UseLogin option (sshd_config)" - - eapply_user #473004 - - # These tests are currently incompatible with PORTAGE_TMPDIR/sandbox - sed -e '/\t\tpercent \\/ d' \ - -i regress/Makefile || die - - tc-export PKG_CONFIG - local sed_args=( - -e "s:-lcrypto:$(${PKG_CONFIG} --libs openssl):" - # Disable PATH reset, trust what portage gives us #254615 - -e 's:^PATH=/:#PATH=/:' - # Disable fortify flags ... our gcc does this for us - -e 's:-D_FORTIFY_SOURCE=2::' - ) - - # The -ftrapv flag ICEs on hppa #505182 - use hppa && sed_args+=( - -e '/CFLAGS/s:-ftrapv:-fdisable-this-test:' - -e '/OSSH_CHECK_CFLAG_LINK.*-ftrapv/d' - ) - # _XOPEN_SOURCE causes header conflicts on Solaris - [[ ${CHOST} == *-solaris* ]] && sed_args+=( - -e 's/-D_XOPEN_SOURCE//' - ) - sed -i "${sed_args[@]}" configure{.ac,} || die - - eautoreconf -} - -src_configure() { - addwrite /dev/ptmx - - use debug && append-cppflags -DSANDBOX_SECCOMP_FILTER_DEBUG - use static && append-ldflags -static - use xmss && append-cflags -DWITH_XMSS - - if [[ ${CHOST} == *-solaris* ]] ; then - # Solaris' glob.h doesn't have things like GLOB_TILDE, configure - # doesn't check for this, so force the replacement to be put in - # place - append-cppflags -DBROKEN_GLOB - fi - - local myconf=( - --with-ldflags="${LDFLAGS}" - --disable-strip - --with-pid-dir="${EPREFIX}"$(usex kernel_linux '' '/var')/run - --sysconfdir="${EPREFIX}"/etc/ssh - --libexecdir="${EPREFIX}"/usr/$(get_libdir)/misc - --datadir="${EPREFIX}"/usr/share/openssh - --with-privsep-path="${EPREFIX}"/var/empty - --with-privsep-user=sshd - $(use_with audit audit linux) - $(use_with kerberos kerberos5 "${EPREFIX}"/usr) - # We apply the sctp patch conditionally, so can't pass --without-sctp - # unconditionally else we get unknown flag warnings. - $(use sctp && use_with sctp) - $(use_with ldns ldns "${EPREFIX}"/usr) - $(use_with libedit) - $(use_with pam) - $(use_with pie) - $(use_with selinux) - $(usex X509 '' "$(use_with security-key security-key-builtin)") - $(use_with ssl openssl) - $(use_with ssl md5-passwords) - $(use_with ssl ssl-engine) - $(use_with !elibc_Cygwin hardening) #659210 - ) - - if use elibc_musl; then - # stackprotect is broken on musl x86 and ppc - if use x86 || use ppc; then - myconf+=( --without-stackprotect ) - fi - - # musl defines bogus values for UTMP_FILE and WTMP_FILE - # https://bugs.gentoo.org/753230 - myconf+=( --disable-utmp --disable-wtmp ) - fi - - # The seccomp sandbox is broken on x32, so use the older method for now. #553748 - use amd64 && [[ ${ABI} == "x32" ]] && myconf+=( --with-sandbox=rlimit ) - - econf "${myconf[@]}" -} - -src_test() { - local t skipped=() failed=() passed=() - local tests=( interop-tests compat-tests ) - - local shell=$(egetshell "${UID}") - if [[ ${shell} == */nologin ]] || [[ ${shell} == */false ]] ; then - elog "Running the full OpenSSH testsuite requires a usable shell for the 'portage'" - elog "user, so we will run a subset only." - skipped+=( tests ) - else - tests+=( tests ) - fi - - # It will also attempt to write to the homedir .ssh. - local sshhome=${T}/homedir - mkdir -p "${sshhome}"/.ssh - for t in "${tests[@]}" ; do - # Some tests read from stdin ... - HOMEDIR="${sshhome}" HOME="${sshhome}" TMPDIR="${T}" \ - SUDO="" SSH_SK_PROVIDER="" \ - TEST_SSH_UNSAFE_PERMISSIONS=1 \ - emake -k -j1 ${t} > "${ED}"/etc/ssh/sshd_config - - # Allow client to pass locale environment variables. #367017 - AcceptEnv ${locale_vars[*]} - - # Allow client to pass COLORTERM to match TERM. #658540 - AcceptEnv COLORTERM - EOF - - # Then the client config. - cat <<-EOF >> "${ED}"/etc/ssh/ssh_config - - # Send locale environment variables. #367017 - SendEnv ${locale_vars[*]} - - # Send COLORTERM to match TERM. #658540 - SendEnv COLORTERM - EOF - - if use pam ; then - sed -i \ - -e "/^#UsePAM /s:.*:UsePAM yes:" \ - -e "/^#PasswordAuthentication /s:.*:PasswordAuthentication no:" \ - -e "/^#PrintMotd /s:.*:PrintMotd no:" \ - -e "/^#PrintLastLog /s:.*:PrintLastLog no:" \ - "${ED}"/etc/ssh/sshd_config || die - fi - - if use livecd ; then - sed -i \ - -e '/^#PermitRootLogin/c# Allow root login with password on livecds.\nPermitRootLogin Yes' \ - "${ED}"/etc/ssh/sshd_config || die - fi -} - -src_install() { - emake install-nokeys DESTDIR="${D}" - fperms 600 /etc/ssh/sshd_config - dobin contrib/ssh-copy-id - newinitd "${FILESDIR}"/sshd-r1.initd sshd - newconfd "${FILESDIR}"/sshd-r1.confd sshd - - newpamd "${FILESDIR}"/sshd.pam_include.2 sshd - - tweak_ssh_configs - - doman contrib/ssh-copy-id.1 - dodoc CREDITS OVERVIEW README* TODO sshd_config - use hpn && dodoc HPN-README - use X509 || dodoc ChangeLog - - diropts -m 0700 - dodir /etc/skel/.ssh - - # https://bugs.gentoo.org/733802 - if ! use scp; then - rm "${ED}"/usr/{bin/scp,share/man/man1/scp.1} \ - || die "failed to remove scp" - fi - - rmdir "${ED}"/var/empty || die - - systemd_dounit "${FILESDIR}"/sshd.{service,socket} - systemd_newunit "${FILESDIR}"/sshd_at.service 'sshd@.service' -} - -pkg_preinst() { - if ! use ssl && has_version "${CATEGORY}/${PN}[ssl]"; then - show_ssl_warning=1 - fi -} - -pkg_postinst() { - local old_ver - for old_ver in ${REPLACING_VERSIONS}; do - if ver_test "${old_ver}" -lt "5.8_p1"; then - elog "Starting with openssh-5.8p1, the server will default to a newer key" - elog "algorithm (ECDSA). You are encouraged to manually update your stored" - elog "keys list as servers update theirs. See ssh-keyscan(1) for more info." - fi - if ver_test "${old_ver}" -lt "7.0_p1"; then - elog "Starting with openssh-6.7, support for USE=tcpd has been dropped by upstream." - elog "Make sure to update any configs that you might have. Note that xinetd might" - elog "be an alternative for you as it supports USE=tcpd." - fi - if ver_test "${old_ver}" -lt "7.1_p1"; then #557388 #555518 - elog "Starting with openssh-7.0, support for ssh-dss keys were disabled due to their" - elog "weak sizes. If you rely on these key types, you can re-enable the key types by" - elog "adding to your sshd_config or ~/.ssh/config files:" - elog " PubkeyAcceptedKeyTypes=+ssh-dss" - elog "You should however generate new keys using rsa or ed25519." - - elog "Starting with openssh-7.0, the default for PermitRootLogin changed from 'yes'" - elog "to 'prohibit-password'. That means password auth for root users no longer works" - elog "out of the box. If you need this, please update your sshd_config explicitly." - fi - if ver_test "${old_ver}" -lt "7.6_p1"; then - elog "Starting with openssh-7.6p1, openssh upstream has removed ssh1 support entirely." - elog "Furthermore, rsa keys with less than 1024 bits will be refused." - fi - if ver_test "${old_ver}" -lt "7.7_p1"; then - elog "Starting with openssh-7.7p1, we no longer patch openssh to provide LDAP functionality." - elog "Install sys-auth/ssh-ldap-pubkey and use OpenSSH's \"AuthorizedKeysCommand\" option" - elog "if you need to authenticate against LDAP." - elog "See https://wiki.gentoo.org/wiki/SSH/LDAP_migration for more details." - fi - if ver_test "${old_ver}" -lt "8.2_p1"; then - ewarn "After upgrading to openssh-8.2p1 please restart sshd, otherwise you" - ewarn "will not be able to establish new sessions. Restarting sshd over a ssh" - ewarn "connection is generally safe." - fi - done - - if [[ -n ${show_ssl_warning} ]]; then - elog "Be aware that by disabling openssl support in openssh, the server and clients" - elog "no longer support dss/rsa/ecdsa keys. You will need to generate ed25519 keys" - elog "and update all clients/servers that utilize them." - fi - - if use hpn && [[ -n "${HPN_DISABLE_MTAES}" ]] ; then - elog "" - elog "HPN's multi-threaded AES CTR cipher is currently known to be broken" - elog "and therefore disabled at runtime per default." - elog "Make sure your sshd_config is up to date and contains" - elog "" - elog " DisableMTAES yes" - elog "" - elog "Otherwise you maybe unable to connect to this sshd using any AES CTR cipher." - elog "" - fi -} diff --git a/net-misc/openssh/openssh-8.4_p1-r3.ebuild b/net-misc/openssh/openssh-8.4_p1-r3.ebuild new file mode 100644 index 000000000000..fc00136b3125 --- /dev/null +++ b/net-misc/openssh/openssh-8.4_p1-r3.ebuild @@ -0,0 +1,519 @@ +# Copyright 1999-2021 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +inherit user-info flag-o-matic multilib autotools pam systemd toolchain-funcs + +# Make it more portable between straight releases +# and _p? releases. +PARCH=${P/_} + +# PV to USE for HPN patches +#HPN_PV="${PV^^}" +HPN_PV="8.3_P1" + +HPN_VER="14.22" +HPN_PATCHES=( + ${PN}-${HPN_PV/./_}-hpn-DynWinNoneSwitch-${HPN_VER}.diff + ${PN}-${HPN_PV/./_}-hpn-AES-CTR-${HPN_VER}.diff + ${PN}-${HPN_PV/./_}-hpn-PeakTput-${HPN_VER}.diff +) + +SCTP_VER="1.2" SCTP_PATCH="${PARCH}-sctp-${SCTP_VER}.patch.xz" +X509_VER="12.6" X509_PATCH="${PARCH}+x509-${X509_VER}.diff.gz" + +DESCRIPTION="Port of OpenBSD's free SSH release" +HOMEPAGE="https://www.openssh.com/" +SRC_URI="mirror://openbsd/OpenSSH/portable/${PARCH}.tar.gz + ${SCTP_PATCH:+sctp? ( https://dev.gentoo.org/~chutzpah/dist/openssh/${SCTP_PATCH} )} + ${HPN_VER:+hpn? ( $(printf "mirror://sourceforge/project/hpnssh/Patches/HPN-SSH%%20${HPN_VER/./v}%%20${HPN_PV/_P/p}/%s\n" "${HPN_PATCHES[@]}") )} + ${X509_PATCH:+X509? ( https://roumenpetrov.info/openssh/x509-${X509_VER}/${X509_PATCH} )} +" +S="${WORKDIR}/${PARCH}" + +LICENSE="BSD GPL-2" +SLOT="0" +KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv s390 sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" +# Probably want to drop ssl defaulting to on in a future version. +IUSE="abi_mips_n32 audit bindist debug hpn kerberos kernel_linux ldns libedit libressl livecd pam +pie +scp sctp security-key selinux +ssl static test X X509 xmss" + +RESTRICT="!test? ( test )" + +REQUIRED_USE=" + ldns? ( ssl ) + pie? ( !static ) + static? ( !kerberos !pam ) + X509? ( !sctp !security-key ssl !xmss ) + xmss? ( || ( ssl libressl ) ) + test? ( ssl ) +" + +LIB_DEPEND=" + audit? ( sys-process/audit[static-libs(+)] ) + ldns? ( + net-libs/ldns[static-libs(+)] + !bindist? ( net-libs/ldns[ecdsa,ssl(+)] ) + bindist? ( net-libs/ldns[-ecdsa,ssl(+)] ) + ) + libedit? ( dev-libs/libedit:=[static-libs(+)] ) + sctp? ( net-misc/lksctp-tools[static-libs(+)] ) + security-key? ( >=dev-libs/libfido2-1.5.0:=[static-libs(+)] ) + selinux? ( >=sys-libs/libselinux-1.28[static-libs(+)] ) + ssl? ( + !libressl? ( + || ( + ( + >=dev-libs/openssl-1.0.1:0[bindist=] + =dev-libs/openssl-1.1.0g:0[bindist=] + ) + dev-libs/openssl:0=[static-libs(+)] + ) + libressl? ( dev-libs/libressl:0=[static-libs(+)] ) + ) + virtual/libcrypt:=[static-libs(+)] + >=sys-libs/zlib-1.2.3:=[static-libs(+)] +" +RDEPEND=" + acct-group/sshd + acct-user/sshd + !static? ( ${LIB_DEPEND//\[static-libs(+)]} ) + pam? ( sys-libs/pam ) + kerberos? ( virtual/krb5 ) +" +DEPEND="${RDEPEND} + virtual/os-headers + kernel_linux? ( !prefix-guest? ( >=sys-kernel/linux-headers-5.1 ) ) + static? ( ${LIB_DEPEND} ) +" +RDEPEND="${RDEPEND} + pam? ( >=sys-auth/pambase-20081028 ) + userland_GNU? ( !prefix? ( sys-apps/shadow ) ) + X? ( x11-apps/xauth ) +" +BDEPEND=" + virtual/pkgconfig + sys-devel/autoconf +" + +pkg_pretend() { + # this sucks, but i'd rather have people unable to `emerge -u openssh` + # than not be able to log in to their server any more + maybe_fail() { [[ -z ${!2} ]] && echo "$1" ; } + local fail=" + $(use hpn && maybe_fail hpn HPN_VER) + $(use sctp && maybe_fail sctp SCTP_PATCH) + $(use X509 && maybe_fail X509 X509_PATCH) + " + fail=$(echo ${fail}) + if [[ -n ${fail} ]] ; then + eerror "Sorry, but this version does not yet support features" + eerror "that you requested: ${fail}" + eerror "Please mask ${PF} for now and check back later:" + eerror " # echo '=${CATEGORY}/${PF}' >> /etc/portage/package.mask" + die "booooo" + fi + + # Make sure people who are using tcp wrappers are notified of its removal. #531156 + if grep -qs '^ *sshd *:' "${EROOT}"/etc/hosts.{allow,deny} ; then + ewarn "Sorry, but openssh no longer supports tcp-wrappers, and it seems like" + ewarn "you're trying to use it. Update your ${EROOT}/etc/hosts.{allow,deny} please." + fi +} + +src_prepare() { + sed -i \ + -e "/_PATH_XAUTH/s:/usr/X11R6/bin/xauth:${EPREFIX}/usr/bin/xauth:" \ + pathnames.h || die + + # don't break .ssh/authorized_keys2 for fun + sed -i '/^AuthorizedKeysFile/s:^:#:' sshd_config || die + + eapply "${FILESDIR}"/${PN}-7.9_p1-include-stdlib.patch + eapply "${FILESDIR}"/${PN}-8.2_p1-GSSAPI-dns.patch #165444 integrated into gsskex + eapply "${FILESDIR}"/${PN}-6.7_p1-openssl-ignore-status.patch + eapply "${FILESDIR}"/${PN}-7.5_p1-disable-conch-interop-tests.patch + eapply "${FILESDIR}"/${PN}-8.0_p1-fix-putty-tests.patch + eapply "${FILESDIR}"/${PN}-8.0_p1-deny-shmget-shmat-shmdt-in-preauth-privsep-child.patch + + # https://bugs.gentoo.org/749026 + use X509 || eapply "${FILESDIR}"/${PN}-8.4_p1-fix-ssh-copy-id.patch + + # workaround for https://bugs.gentoo.org/734984 + use X509 || eapply "${FILESDIR}"/${PN}-8.3_p1-sha2-include.patch + + [[ -d ${WORKDIR}/patches ]] && eapply "${WORKDIR}"/patches + + local PATCHSET_VERSION_MACROS=() + + if use X509 ; then + pushd "${WORKDIR}" &>/dev/null || die + eapply "${FILESDIR}/${P}-X509-glue-"${X509_VER}".patch" + popd &>/dev/null || die + + eapply "${WORKDIR}"/${X509_PATCH%.*} + + # We need to patch package version or any X.509 sshd will reject our ssh client + # with "userauth_pubkey: could not parse key: string is too large [preauth]" + # error + einfo "Patching package version for X.509 patch set ..." + sed -i \ + -e "s/^AC_INIT(\[OpenSSH\], \[Portable\]/AC_INIT([OpenSSH], [${X509_VER}]/" \ + "${S}"/configure.ac || die "Failed to patch package version for X.509 patch" + + einfo "Patching version.h to expose X.509 patch set ..." + sed -i \ + -e "/^#define SSH_PORTABLE.*/a #define SSH_X509 \"-PKIXSSH-${X509_VER}\"" \ + "${S}"/version.h || die "Failed to sed-in X.509 patch version" + PATCHSET_VERSION_MACROS+=( 'SSH_X509' ) + fi + + if use sctp ; then + eapply "${WORKDIR}"/${SCTP_PATCH%.*} + + einfo "Patching version.h to expose SCTP patch set ..." + sed -i \ + -e "/^#define SSH_PORTABLE/a #define SSH_SCTP \"-sctp-${SCTP_VER}\"" \ + "${S}"/version.h || die "Failed to sed-in SCTP patch version" + PATCHSET_VERSION_MACROS+=( 'SSH_SCTP' ) + + einfo "Disabling know failing test (cfgparse) caused by SCTP patch ..." + sed -i \ + -e "/\t\tcfgparse \\\/d" \ + "${S}"/regress/Makefile || die "Failed to disable known failing test (cfgparse) caused by SCTP patch" + fi + + if use hpn ; then + local hpn_patchdir="${T}/${P}-hpn${HPN_VER}" + mkdir "${hpn_patchdir}" || die + cp $(printf -- "${DISTDIR}/%s\n" "${HPN_PATCHES[@]}") "${hpn_patchdir}" || die + pushd "${hpn_patchdir}" &>/dev/null || die + eapply "${FILESDIR}"/${P}-hpn-${HPN_VER}-glue.patch + eapply "${FILESDIR}"/${PN}-8.4_p1-hpn-${HPN_VER}-libressl.patch + use X509 && eapply "${FILESDIR}"/${PN}-8.4_p1-hpn-${HPN_VER}-X509-glue.patch + use sctp && eapply "${FILESDIR}"/${PN}-8.4_p1-hpn-${HPN_VER}-sctp-glue.patch + popd &>/dev/null || die + + eapply "${hpn_patchdir}" + + use X509 || eapply "${FILESDIR}/openssh-8.0_p1-hpn-version.patch" + + einfo "Patching Makefile.in for HPN patch set ..." + sed -i \ + -e "/^LIBS=/ s/\$/ -lpthread/" \ + "${S}"/Makefile.in || die "Failed to patch Makefile.in" + + einfo "Patching version.h to expose HPN patch set ..." + sed -i \ + -e "/^#define SSH_PORTABLE/a #define SSH_HPN \"-hpn${HPN_VER//./v}\"" \ + "${S}"/version.h || die "Failed to sed-in HPN patch version" + PATCHSET_VERSION_MACROS+=( 'SSH_HPN' ) + + if [[ -n "${HPN_DISABLE_MTAES}" ]] ; then + einfo "Disabling known non-working MT AES cipher per default ..." + + cat > "${T}"/disable_mtaes.conf <<- EOF + + # HPN's Multi-Threaded AES CTR cipher is currently known to be broken + # and therefore disabled per default. + DisableMTAES yes + EOF + sed -i \ + -e "/^#HPNDisabled.*/r ${T}/disable_mtaes.conf" \ + "${S}"/sshd_config || die "Failed to disabled MT AES ciphers in sshd_config" + + sed -i \ + -e "/AcceptEnv.*_XXX_TEST$/a \\\tDisableMTAES\t\tyes" \ + "${S}"/regress/test-exec.sh || die "Failed to disable MT AES ciphers in test config" + fi + fi + + if use X509 || use sctp || use hpn ; then + einfo "Patching sshconnect.c to use SSH_RELEASE in send_client_banner() ..." + sed -i \ + -e "s/PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION/PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_RELEASE/" \ + "${S}"/sshconnect.c || die "Failed to patch send_client_banner() to use SSH_RELEASE (sshconnect.c)" + + einfo "Patching sshd.c to use SSH_RELEASE in sshd_exchange_identification() ..." + sed -i \ + -e "s/PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION/PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_RELEASE/" \ + "${S}"/sshd.c || die "Failed to patch sshd_exchange_identification() to use SSH_RELEASE (sshd.c)" + + einfo "Patching version.h to add our patch sets to SSH_RELEASE ..." + sed -i \ + -e "s/^#define SSH_RELEASE.*/#define SSH_RELEASE SSH_VERSION SSH_PORTABLE ${PATCHSET_VERSION_MACROS[*]}/" \ + "${S}"/version.h || die "Failed to patch SSH_RELEASE (version.h)" + fi + + sed -i \ + -e "/#UseLogin no/d" \ + "${S}"/sshd_config || die "Failed to remove removed UseLogin option (sshd_config)" + + eapply_user #473004 + + # These tests are currently incompatible with PORTAGE_TMPDIR/sandbox + sed -e '/\t\tpercent \\/ d' \ + -i regress/Makefile || die + + tc-export PKG_CONFIG + local sed_args=( + -e "s:-lcrypto:$(${PKG_CONFIG} --libs openssl):" + # Disable PATH reset, trust what portage gives us #254615 + -e 's:^PATH=/:#PATH=/:' + # Disable fortify flags ... our gcc does this for us + -e 's:-D_FORTIFY_SOURCE=2::' + ) + + # The -ftrapv flag ICEs on hppa #505182 + use hppa && sed_args+=( + -e '/CFLAGS/s:-ftrapv:-fdisable-this-test:' + -e '/OSSH_CHECK_CFLAG_LINK.*-ftrapv/d' + ) + # _XOPEN_SOURCE causes header conflicts on Solaris + [[ ${CHOST} == *-solaris* ]] && sed_args+=( + -e 's/-D_XOPEN_SOURCE//' + ) + sed -i "${sed_args[@]}" configure{.ac,} || die + + eautoreconf +} + +src_configure() { + addwrite /dev/ptmx + + use debug && append-cppflags -DSANDBOX_SECCOMP_FILTER_DEBUG + use static && append-ldflags -static + use xmss && append-cflags -DWITH_XMSS + + if [[ ${CHOST} == *-solaris* ]] ; then + # Solaris' glob.h doesn't have things like GLOB_TILDE, configure + # doesn't check for this, so force the replacement to be put in + # place + append-cppflags -DBROKEN_GLOB + fi + + # use replacement, RPF_ECHO_ON doesn't exist here + [[ ${CHOST} == *-darwin* ]] && export ac_cv_func_readpassphrase=no + + local myconf=( + --with-ldflags="${LDFLAGS}" + --disable-strip + --with-pid-dir="${EPREFIX}"$(usex kernel_linux '' '/var')/run + --sysconfdir="${EPREFIX}"/etc/ssh + --libexecdir="${EPREFIX}"/usr/$(get_libdir)/misc + --datadir="${EPREFIX}"/usr/share/openssh + --with-privsep-path="${EPREFIX}"/var/empty + --with-privsep-user=sshd + $(use_with audit audit linux) + $(use_with kerberos kerberos5 "${EPREFIX}"/usr) + # We apply the sctp patch conditionally, so can't pass --without-sctp + # unconditionally else we get unknown flag warnings. + $(use sctp && use_with sctp) + $(use_with ldns ldns "${EPREFIX}"/usr) + $(use_with libedit) + $(use_with pam) + $(use_with pie) + $(use_with selinux) + $(usex X509 '' "$(use_with security-key security-key-builtin)") + $(use_with ssl openssl) + $(use_with ssl md5-passwords) + $(use_with ssl ssl-engine) + $(use_with !elibc_Cygwin hardening) #659210 + ) + + if use elibc_musl; then + # stackprotect is broken on musl x86 and ppc + if use x86 || use ppc; then + myconf+=( --without-stackprotect ) + fi + + # musl defines bogus values for UTMP_FILE and WTMP_FILE + # https://bugs.gentoo.org/753230 + myconf+=( --disable-utmp --disable-wtmp ) + fi + + # The seccomp sandbox is broken on x32, so use the older method for now. #553748 + use amd64 && [[ ${ABI} == "x32" ]] && myconf+=( --with-sandbox=rlimit ) + + econf "${myconf[@]}" +} + +src_test() { + local t skipped=() failed=() passed=() + local tests=( interop-tests compat-tests ) + + local shell=$(egetshell "${UID}") + if [[ ${shell} == */nologin ]] || [[ ${shell} == */false ]] ; then + elog "Running the full OpenSSH testsuite requires a usable shell for the 'portage'" + elog "user, so we will run a subset only." + skipped+=( tests ) + else + tests+=( tests ) + fi + + # It will also attempt to write to the homedir .ssh. + local sshhome=${T}/homedir + mkdir -p "${sshhome}"/.ssh + for t in "${tests[@]}" ; do + # Some tests read from stdin ... + HOMEDIR="${sshhome}" HOME="${sshhome}" TMPDIR="${T}" \ + SUDO="" SSH_SK_PROVIDER="" \ + TEST_SSH_UNSAFE_PERMISSIONS=1 \ + emake -k -j1 ${t} > "${ED}"/etc/ssh/sshd_config + + # Allow client to pass locale environment variables. #367017 + AcceptEnv ${locale_vars[*]} + + # Allow client to pass COLORTERM to match TERM. #658540 + AcceptEnv COLORTERM + EOF + + # Then the client config. + cat <<-EOF >> "${ED}"/etc/ssh/ssh_config + + # Send locale environment variables. #367017 + SendEnv ${locale_vars[*]} + + # Send COLORTERM to match TERM. #658540 + SendEnv COLORTERM + EOF + + if use pam ; then + sed -i \ + -e "/^#UsePAM /s:.*:UsePAM yes:" \ + -e "/^#PasswordAuthentication /s:.*:PasswordAuthentication no:" \ + -e "/^#PrintMotd /s:.*:PrintMotd no:" \ + -e "/^#PrintLastLog /s:.*:PrintLastLog no:" \ + "${ED}"/etc/ssh/sshd_config || die + fi + + if use livecd ; then + sed -i \ + -e '/^#PermitRootLogin/c# Allow root login with password on livecds.\nPermitRootLogin Yes' \ + "${ED}"/etc/ssh/sshd_config || die + fi +} + +src_install() { + emake install-nokeys DESTDIR="${D}" + fperms 600 /etc/ssh/sshd_config + dobin contrib/ssh-copy-id + newinitd "${FILESDIR}"/sshd-r1.initd sshd + newconfd "${FILESDIR}"/sshd-r1.confd sshd + + if use pam; then + newpamd "${FILESDIR}"/sshd.pam_include.2 sshd + fi + + tweak_ssh_configs + + doman contrib/ssh-copy-id.1 + dodoc CREDITS OVERVIEW README* TODO sshd_config + use hpn && dodoc HPN-README + use X509 || dodoc ChangeLog + + diropts -m 0700 + dodir /etc/skel/.ssh + + # https://bugs.gentoo.org/733802 + if ! use scp; then + rm "${ED}"/usr/{bin/scp,share/man/man1/scp.1} \ + || die "failed to remove scp" + fi + + rmdir "${ED}"/var/empty || die + + systemd_dounit "${FILESDIR}"/sshd.{service,socket} + systemd_newunit "${FILESDIR}"/sshd_at.service 'sshd@.service' +} + +pkg_preinst() { + if ! use ssl && has_version "${CATEGORY}/${PN}[ssl]"; then + show_ssl_warning=1 + fi +} + +pkg_postinst() { + local old_ver + for old_ver in ${REPLACING_VERSIONS}; do + if ver_test "${old_ver}" -lt "5.8_p1"; then + elog "Starting with openssh-5.8p1, the server will default to a newer key" + elog "algorithm (ECDSA). You are encouraged to manually update your stored" + elog "keys list as servers update theirs. See ssh-keyscan(1) for more info." + fi + if ver_test "${old_ver}" -lt "7.0_p1"; then + elog "Starting with openssh-6.7, support for USE=tcpd has been dropped by upstream." + elog "Make sure to update any configs that you might have. Note that xinetd might" + elog "be an alternative for you as it supports USE=tcpd." + fi + if ver_test "${old_ver}" -lt "7.1_p1"; then #557388 #555518 + elog "Starting with openssh-7.0, support for ssh-dss keys were disabled due to their" + elog "weak sizes. If you rely on these key types, you can re-enable the key types by" + elog "adding to your sshd_config or ~/.ssh/config files:" + elog " PubkeyAcceptedKeyTypes=+ssh-dss" + elog "You should however generate new keys using rsa or ed25519." + + elog "Starting with openssh-7.0, the default for PermitRootLogin changed from 'yes'" + elog "to 'prohibit-password'. That means password auth for root users no longer works" + elog "out of the box. If you need this, please update your sshd_config explicitly." + fi + if ver_test "${old_ver}" -lt "7.6_p1"; then + elog "Starting with openssh-7.6p1, openssh upstream has removed ssh1 support entirely." + elog "Furthermore, rsa keys with less than 1024 bits will be refused." + fi + if ver_test "${old_ver}" -lt "7.7_p1"; then + elog "Starting with openssh-7.7p1, we no longer patch openssh to provide LDAP functionality." + elog "Install sys-auth/ssh-ldap-pubkey and use OpenSSH's \"AuthorizedKeysCommand\" option" + elog "if you need to authenticate against LDAP." + elog "See https://wiki.gentoo.org/wiki/SSH/LDAP_migration for more details." + fi + if ver_test "${old_ver}" -lt "8.2_p1"; then + ewarn "After upgrading to openssh-8.2p1 please restart sshd, otherwise you" + ewarn "will not be able to establish new sessions. Restarting sshd over a ssh" + ewarn "connection is generally safe." + fi + done + + if [[ -n ${show_ssl_warning} ]]; then + elog "Be aware that by disabling openssl support in openssh, the server and clients" + elog "no longer support dss/rsa/ecdsa keys. You will need to generate ed25519 keys" + elog "and update all clients/servers that utilize them." + fi + + if use hpn && [[ -n "${HPN_DISABLE_MTAES}" ]] ; then + elog "" + elog "HPN's multi-threaded AES CTR cipher is currently known to be broken" + elog "and therefore disabled at runtime per default." + elog "Make sure your sshd_config is up to date and contains" + elog "" + elog " DisableMTAES yes" + elog "" + elog "Otherwise you maybe unable to connect to this sshd using any AES CTR cipher." + elog "" + fi +} diff --git a/net-misc/proxytunnel/Manifest b/net-misc/proxytunnel/Manifest index 7cc8d4d21d7b..ae1b12c3904f 100644 --- a/net-misc/proxytunnel/Manifest +++ b/net-misc/proxytunnel/Manifest @@ -1,4 +1,6 @@ DIST proxytunnel-1.10.20200907.tar.gz 54711 BLAKE2B 79b5fc459ece793997b4407679498af29c53aa495802259f95ec600665fca815f9e43cafcbf1d0407c4f7184c21e7dae3f899413dbeeaf0924034e1bbd26cddb SHA512 f04570e87a0fda024661135b6598f87f1d7407c368fe3453300a655fefedb66ade96a742223de08b500ba9fc1fdc2e6519005ea38529ceaa3c1815f5012fca84 +DIST proxytunnel-1.10.20210128.tar.gz 54702 BLAKE2B e873f20c37b5c0dc66a2a6767cfb8d9f73e7cfceaf99e03750eb5fd72acd33bd42281c2eec7e1a72ccecdd7fcd62c8592926c55c206aad220ed5b0b9bc3d357e SHA512 188ab239362cc7c9fd05ddaeaa85aee45c9040ac8f39f10cd0a97c2b92f49a9f5b854690b945109474492955c46b1f5c87e3251bfe68b22d3f1b3a21cf17eda0 EBUILD proxytunnel-1.10.20200907.ebuild 1099 BLAKE2B f0583623d03bd83e41af0154343767de36dcc426789cff6272422c19d703f045ca38608dd4123454517d4253f56c3116940f3a3fd52bcf254d3f28dfab6a2f5a SHA512 44d288b26633cde054f04560c0123e158acc23a76957e1b208e3333b828c15cf801f3a9108f29919c6250aab8a90968d2a23a1b1e5d0b5987d5906d4cceb4acd +EBUILD proxytunnel-1.10.20210128.ebuild 1099 BLAKE2B 232f1d29172e64b49632f180cf16646cb41204aeb043796fe831c73d06d3ebd3accb2a92c6aaad3126470f6954163636b67e98d6004245b7dd79f4126335b126 SHA512 2b28ade2060edee28e6e991d18728eeb0482fb445c7fafb3a28b85c94cf34a59f4e717b1da5ba3e1d9cd3bad43fe34ed75273aa6201e8d3b70d708afa682ae64 EBUILD proxytunnel-9999.ebuild 1099 BLAKE2B f0583623d03bd83e41af0154343767de36dcc426789cff6272422c19d703f045ca38608dd4123454517d4253f56c3116940f3a3fd52bcf254d3f28dfab6a2f5a SHA512 44d288b26633cde054f04560c0123e158acc23a76957e1b208e3333b828c15cf801f3a9108f29919c6250aab8a90968d2a23a1b1e5d0b5987d5906d4cceb4acd MISC metadata.xml 717 BLAKE2B da3b819d7e0caeee376359837cf0a6294eee0363ad857369816fbf595e6add90666feeea356a9864d71a3987f7393ac7483bd4fe800bae67364291da420a2c39 SHA512 ecf80d876bccd3c2c98cb6a46e543e6adbe5a52a1666b6678cd86def313593d5200189f67cec5d85150e7a308139089786c416ee0a2d6bfe58d800b0fc7a18da diff --git a/net-misc/proxytunnel/proxytunnel-1.10.20210128.ebuild b/net-misc/proxytunnel/proxytunnel-1.10.20210128.ebuild new file mode 100644 index 000000000000..e15bad2afce3 --- /dev/null +++ b/net-misc/proxytunnel/proxytunnel-1.10.20210128.ebuild @@ -0,0 +1,45 @@ +# Copyright 1999-2021 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +inherit flag-o-matic toolchain-funcs + +DESCRIPTION="Connect stdin and stdout to a server via an HTTPS proxy" +HOMEPAGE="https://github.com/proxytunnel/proxytunnel/ https://proxytunnel.sourceforge.net/" + +LICENSE="GPL-2" +SLOT="0" +IUSE="static" + +RDEPEND="dev-libs/openssl:=" +DEPEND="${RDEPEND} + app-text/asciidoc + app-text/xmlto + " +BDEPEND="virtual/pkgconfig" + +DOCS=( CHANGES CREDITS INSTALL.md KNOWN_ISSUES LICENSE.txt README.md RELNOTES TODO ) + +if [[ ${PV} == *9999 ]] ; then + EGIT_REPO_URI="https://github.com/${PN}/${PN}.git" + inherit git-r3 +else + SRC_URI="https://github.com/${PN}/${PN}/archive/v${PV}.tar.gz -> ${P}.tar.gz" + KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86" +fi + +src_prepare() { + default + sed -i -e 's/libssl/libssl libcrypto/' Makefile || die "Sed failed!" +} + +src_compile() { + use static && append-ldflags -static + emake CC="$(tc-getCC)" +} + +src_install() { + emake install prefix="${EPREFIX}"/usr DESTDIR="${D}" + einstalldocs +} diff --git a/net-misc/radvd/Manifest b/net-misc/radvd/Manifest index 90a6bb5872b2..9bc6a3094d25 100644 --- a/net-misc/radvd/Manifest +++ b/net-misc/radvd/Manifest @@ -4,8 +4,10 @@ AUX radvd.conf 337 BLAKE2B 67d50a761449b35389580ac956758f5c8c9373a14294a9e98e823 AUX radvd.service 603 BLAKE2B fb573b528050d772926f3cb3cf82984b946345f636b661583f3aa5ef720a664cc13b20b8435ad2bcdd5bbdbad6451530384cd869f6d33d4e6f2ccf014ff9871b SHA512 3371d18e71ddb7672e929152d9f93201b49c1ce08c77d59cbcac7654362690a9ab97db08519f5fbe210738595aa52f30f5972cacca988b9274e2218c21bc7dd2 DIST radvd-2.17.tar.gz 214937 BLAKE2B 1eec22e09607c0396f9539aef203b76d5beca18d1fdf5aa0ff202dcb2ff0e36ed8af74fc7900eb7b16012bfb0672f9660f17c88c222ac0269947d3cf4a270db3 SHA512 117a42c2c007d730b956cf999ac281f50a1a9b57c9428fe0f860cb211ac234ec62f59fead244a80191aaa15ef4ce96fb7dba9bd1a3cb6c3b29f1b6897d7a6132 DIST radvd-2.18.tar.gz 224183 BLAKE2B 4bacf9e17b78286a032ca5e6b6424aa8742d2e42b3a00a67e5d8beeda139a70a574e69c0d8fde2c2754b6e9c9e92a97dfb6a2a67b4b3ce91740aa8edee994c5e SHA512 b66068ec40d4f228f679946039d7c696bf611eb55b88cb37bbea5e748cf7cdda796dc0b12e0f1e54b26a6af21750c8714ea18a152ef932741c0f0a6a7a9de59a +DIST radvd-2.19.tar.gz 222794 BLAKE2B 1c877d5a9eda6bda41b5c20ac9c1e28a26defc192fe14fc2d65888280bc96fc1ff6f4212ccaeac5f7e899087b2805772ed4c0cbbda163b2a87c79a2c178eda2b SHA512 caa621fd77e34ff6858d60a41b0ee02aff967ac14f2b84c402359744f4bece5c1563419860431c328adc0385e9893ed1f2421d652247a3aa0dfc0aaad1e01233 EBUILD radvd-2.17-r1.ebuild 1563 BLAKE2B 3d700ee7f07141534734ad387a018014453a66a84a7db8b7d47190dddf28b0933f3848a5d8c9f8c305365e9b4b6be89d995aa7c5cd70f1d8bd7969c8814309dc SHA512 8d9aca47b5825001b1de77687b4a3050ff77c85d29d555cf00768ea95fb33f828264a6a301d649beb645a59a6e2c4dcf85a9f72b12e283a40c37fa5da1940fdb EBUILD radvd-2.17-r2.ebuild 1618 BLAKE2B 05259d6d5c99d5cc261e750a99dbaa42bbc96f40cb9e7d601ad0795dfab99fc345910d1be7462704f7c190bcfeb37dec3ffe5439f46cb4c27fe3770f986fe5f7 SHA512 d08531d71eb7129ad205104fa2dd3ef6fbaae3ecc309beab55affbaca4974a6b1b90c3db4891852970fe7260be7d9a8b1d5c816fe4b3dc303d2b118d6802e83f EBUILD radvd-2.18-r1.ebuild 1647 BLAKE2B 364c3fedeeae8a531fd53dfbb7590901c202cf9bd13d36e29301ffc52c93bf2f1bdfaa05936de43b4578ef02a8728a100915af0f04b4639bc435ddc2be195933 SHA512 06a1d255577bfa41b2cf3e56ecf6eeb848c040677c6a47d5f5f34590f211a70b057a77dcd1631ccd21af7301283a2a5d7891d7079916ea548d2d8cdb30feeffc EBUILD radvd-2.18.ebuild 1582 BLAKE2B 9ef9bf5052600be82f8f37378dd11f7097a97056d4bc9fab37b0fa5855f54a225c7b8abdf6a64199d25f927bc04b7b75b091eea3e20938f892631eb0a16b52db SHA512 434ff0f3cd7c313860cbefb866633010f4219811ac501673280180ec7aa3c515b90484e3266b109dc0a37869d8458570a3af2d50e0a15e4174b71500a4eba43f +EBUILD radvd-2.19.ebuild 1647 BLAKE2B 982af1f4c21837c855f74cd15ba829450c6de59c1c49a4285137c284edd1b4acdc21b48dfd91cc23534ef4954528f56080708a331a94c51d624676798a4b7e53 SHA512 2c979af17ef2bb8d8d039a6a3387e9f853da0183e9259e74cde24275bf01dee1d742d64e872fd9a1a457ca0985ca244deb2badb9c02d0132e17cb02b483c7072 MISC metadata.xml 357 BLAKE2B 7a671f4f2fc8439f4fb80a70b5e436e9002464600ce9ad0c9aacdc22d7c3d090e26ac30431d39107ab1081f6238528b91e67d3e1e59a7ba64a85e92c584bc4d8 SHA512 d81daf7b68978a8012b5c5de47074fa35bfcd457f99ef873f0ac46409022d93c41eac5bd7492f7af1b9f7b1bae94da7eb8e6fa537414b6371ca77ba13b70e1c1 diff --git a/net-misc/radvd/radvd-2.19.ebuild b/net-misc/radvd/radvd-2.19.ebuild new file mode 100644 index 000000000000..f11d60a013da --- /dev/null +++ b/net-misc/radvd/radvd-2.19.ebuild @@ -0,0 +1,73 @@ +# Copyright 1999-2021 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 + +inherit systemd user eutils readme.gentoo-r1 toolchain-funcs + +DESCRIPTION="Linux IPv6 Router Advertisement Daemon" +HOMEPAGE="http://v6web.litech.org/radvd/" +SRC_URI="http://v6web.litech.org/radvd/dist/${P}.tar.gz" + +LICENSE="BSD" +SLOT="0" +KEYWORDS="~amd64 ~arm ~arm64 ~hppa ~ppc ~ppc64 ~sparc ~x86" +IUSE="kernel_FreeBSD selinux test" +RESTRICT="!test? ( test )" + +CDEPEND="dev-libs/libdaemon" +DEPEND="${CDEPEND} + sys-devel/bison + sys-devel/flex + virtual/pkgconfig + test? ( dev-libs/check )" +RDEPEND="${CDEPEND} + selinux? ( sec-policy/selinux-radvd ) +" +DOCS=( CHANGES README TODO radvd.conf.example ) + +PATCHES=( +) + +pkg_setup() { + enewgroup radvd + enewuser radvd -1 -1 /dev/null radvd +} + +src_configure() { + econf --with-pidfile=/run/radvd/radvd.pid \ + --with-systemdsystemunitdir=no \ + $(use_with test check) +} + +src_compile() { + emake AR="$(tc-getAR)" +} + +src_install() { + default + + insinto /usr/share/doc/${PF}/html + doins INTRO.html + + newinitd "${FILESDIR}"/${PN}-2.15.init ${PN} + newconfd "${FILESDIR}"/${PN}.conf ${PN} + + systemd_dounit "${FILESDIR}"/${PN}.service + + if use kernel_FreeBSD ; then + sed -i -e \ + 's/^SYSCTL_FORWARD=.*$/SYSCTL_FORWARD=net.inet6.ip6.forwarding/g' \ + "${D}"/etc/init.d/${PN} || die + fi + + readme.gentoo_create_doc +} + +DISABLE_AUTOFORMATTING=1 +DOC_CONTENTS="Please create a configuration file ${ROOT}etc/radvd.conf. +See ${ROOT}usr/share/doc/${PF} for an example. + +grsecurity users should allow a specific group to read /proc +and add the radvd user to that group, otherwise radvd may +segfault on startup." diff --git a/net-misc/remmina/Manifest b/net-misc/remmina/Manifest index c56787ff7461..1a496c6c6927 100644 --- a/net-misc/remmina/Manifest +++ b/net-misc/remmina/Manifest @@ -1,3 +1,4 @@ DIST Remmina-v1.4.10.tar.gz 2072202 BLAKE2B 38b6a3cca9b5956a252d4d4433910d46d0d36a2232a2a107b1e556f118f3b1a6d3c02b0bea26a39a52d572c1380dbb5bdac1acd8d6ba07c97b9acc9a64a9142f SHA512 89fed0b0ed17ac1db57a1d9ad33b80f4d17f6cfb4ff7db9b6434d9d4dabf708971e4d93dd573dbf606d1899311e564f159a656223d66bc4a9d7a15a29b5b5963 +EBUILD remmina-1.4.10-r1.ebuild 2532 BLAKE2B 8f81ab82ed4a7376650ffb1f58aa3c585200fdb035c0f45932703d7fa35ddb91bf1d8885825d8938d094429a18f7ff393b7b335d3c2ae7addeaeb409d46f29e8 SHA512 a70677a1ff8074fc13cd340a9ffcdc7569ac8b5fad6cdb77c4c26ab9a323408a4f2a024d1684ae9fde318044cfd1c74439c14af4299122876ab07abf3ce64dfd EBUILD remmina-1.4.10.ebuild 2500 BLAKE2B 966b7a8753277b7b2494582eda605c337a13456afdb907195f730f5cddbbde7701edb6edfadd08383a8cb32134be815fa67bc62ab93628e980bcbef8658189fb SHA512 52b13e1bc91d55a991eb3967b5a676ee82debe3856153058d5ec222d1bc5c59ff04b772ae1439a2b9cbc890d3d9ebdb19ab3cbe7c0086a77d86c392bafa33fc5 MISC metadata.xml 1084 BLAKE2B e4bb4c696f1ef71959b779ccad19d3ee380a6e846e42b1e02caf2a772df07d168bb9623b8f29cfdcc7fb37f60523e6c1fc471f016ea3437c18b3e7512a4bcad4 SHA512 c0b50eca7d4cdd6dfa201aabec7c195b7dca44938ee627919a000bdc47fc95acd4107936a61399fab2c78dfcd3b97ce06753e97fc6bb21015758afe91337a346 diff --git a/net-misc/remmina/remmina-1.4.10-r1.ebuild b/net-misc/remmina/remmina-1.4.10-r1.ebuild new file mode 100644 index 000000000000..42c9eab621b2 --- /dev/null +++ b/net-misc/remmina/remmina-1.4.10-r1.ebuild @@ -0,0 +1,99 @@ +# Copyright 1999-2021 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +inherit cmake optfeature xdg + +MY_P="${PN^}-v${PV}" + +DESCRIPTION="A GTK+ RDP, SPICE, VNC, XDMCP and SSH client" +HOMEPAGE="https://remmina.org/" +SRC_URI="https://gitlab.com/Remmina/Remmina/-/archive/v${PV}/${MY_P}.tar.gz" + +LICENSE="GPL-2+-with-openssl-exception" +SLOT="0" +KEYWORDS="~amd64 ~arm64 ~x86" +IUSE="appindicator crypt cups examples gnome-keyring kwallet libressl nls spice ssh rdp telemetry telepathy vnc webkit zeroconf" + +DEPEND=" + app-emulation/spice-protocol + dev-libs/glib:2 + dev-libs/json-glib + dev-libs/libsodium:= + net-libs/libsoup + x11-libs/gdk-pixbuf + x11-libs/gtk+:3 + x11-libs/libX11 + x11-libs/libxkbfile + appindicator? ( dev-libs/libappindicator:3 ) + crypt? ( dev-libs/libgcrypt:0= ) + rdp? ( >=net-misc/freerdp-2.0.0_rc4_p1129[X] + =net-dns/avahi-0.8-r2[dbus,gtk] ) +" +BDEPEND=" + dev-util/intltool + virtual/pkgconfig + nls? ( sys-devel/gettext ) +" + +RDEPEND=" + ${DEPEND} + virtual/freedesktop-icon-theme +" + +DOCS=( AUTHORS CHANGELOG.md README.md THANKS.md ) + +S="${WORKDIR}/${MY_P}" + +src_prepare() { + xdg_environment_reset + cmake_src_prepare +} + +src_configure() { + local mycmakeargs=( + -DWITH_APPINDICATOR=$(usex appindicator) + -DWITH_GCRYPT=$(usex crypt) + -DWITH_EXAMPLES=$(usex examples) + -DWITH_LIBSECRET=$(usex gnome-keyring) + -DWITH_KF5WALLET=$(usex kwallet) + -DWITH_GETTEXT=$(usex nls) + -DWITH_TRANSLATIONS=$(usex nls) + -DWITH_FREERDP=$(usex rdp) + -DWITH_CUPS=$(usex cups) + -DWITH_SPICE=$(usex spice) + -DWITH_LIBSSH=$(usex ssh) + -DWITH_VTE=$(usex ssh) + -DWITH_TELEPATHY=$(usex telepathy) + -DWITH_LIBVNCSERVER=$(usex vnc) + -DWITH_WWW=$(usex webkit) + -DWITH_AVAHI=$(usex zeroconf) + -DWITH_NEWS=$(usex telemetry) + -DWITH_ICON_CACHE=OFF + -DWITH_UPDATE_DESKTOP_DB=OFF + ) + cmake_src_configure +} + +pkg_postinst() { + xdg_pkg_postinst + + elog "To get additional features, some optional runtime dependencies" + elog "may be installed:" + elog "" + optfeature "encrypted VNC connections" net-libs/libvncserver[gcrypt] + optfeature "XDMCP support" x11-base/xorg-server[xephyr] +} diff --git a/net-misc/seafile-client/Manifest b/net-misc/seafile-client/Manifest index 3f0f8ce1a0e3..efea8ec30701 100644 --- a/net-misc/seafile-client/Manifest +++ b/net-misc/seafile-client/Manifest @@ -3,6 +3,8 @@ AUX seafile-client-7.0.9-qt-5.15.patch 1036 BLAKE2B dc81224ff712d12c19dc90edb037 AUX seafile-client-select-qt5.patch 807 BLAKE2B bc28c24a114899fa4d864a3ea10d1d2ab08410d0360e8499d40aee2a26358b5bc401edd8e57121306a5e840b674c50930840c3b8723eae1930421eaf3dbfe919 SHA512 565cd7a3b4f187ef52b9a95b0d657a35cc9722c78e92dfc413b64f781c3cae129aba23ab302f80c7526ccab234b0354709e95d1e79d356a502cce47370524f41 DIST seafile-client-7.0.10.tar.gz 2368056 BLAKE2B 8b446a818cc3a238bd92831843f1991632e9417ba92d043065aaf43e2a4d74aa00d331e32136a195558dc780ae124c8b1e7b2b2969f3cff8169635df7470f876 SHA512 cab11292ab1957b1682e0d3ee1ddd8e794c52bba7cf08ed39e8f598d3549247c20214d907d1e3792c06a36d8bea55c0bd25ce9aa3a802c262f9af785da7cb340 DIST seafile-client-7.0.9.tar.gz 2367747 BLAKE2B 60a488a22e094d4783c7da50e8852d7204e16791613d113f729bacc21a40883edc25469f8ce1a8dab52b4ed0ea73b691a831fb0c01a885aeeae7bd276e2781ff SHA512 665a252a321744cd84b96230f5318528aad23a0a089e5049913c34a6c254356c7cc996e45e2a50d432d114f13b089b8d12062b3a1a4d1a0b6f1cbf9688ad32b6 +DIST seafile-client-8.0.1.tar.gz 11679293 BLAKE2B 52ad28fb316d99240692883218e626a8ca33f8265d62dadfc2eed400c889d47e9aa7887ea6c6fd994596537a5db163b334fb72c791b38529f7219c5a25c813d3 SHA512 ca5dd5a6b27316e1f6fb670e3286d24015d99391c0e1447e2ed42f3d4f72769d6a3dda78bc388ad8d303d4ab1167e4e50844574ecd6f61149b1966e99a3a7719 EBUILD seafile-client-7.0.10.ebuild 1209 BLAKE2B 2543c25fe156d1b337ba19bbbe5250a46a42e84a58384a1e0e02c23253da75fa98adab3d155089ef9b8edbee01e3a878e3646a2538c38758267d0a81df6608a2 SHA512 67ed286ace247497a574cac503617d20e18b01d3eb848f02dd78fecbaa7112456d0d2b2c2ab475a4ed26586d2f9b77a96c122262e8ef67d70a78c3e9d4fa76be EBUILD seafile-client-7.0.9-r1.ebuild 1195 BLAKE2B 4e5370331f2bfdc0007b62203fa167f7cfb3f35369d491fe0eac51375fe01b2714814e7b8a154f0110ea980da0bc487c8efbde77c45b75240a75002c5393bd33 SHA512 457f1bd1be04819ae66a0b097c3df4532497d84bf1ea7a3b903d830ba4e754f8a26959607a0717c0cc98cfed106b58a3905a21b03b91f32e9d7d6b7f94c1c840 +EBUILD seafile-client-8.0.1.ebuild 1209 BLAKE2B 8a6849cec8c10a120dc563c2ed582b287775c4ae0974574881d16cace8a94fd222cdb66d0c85fe69c50d21a75bbc37a5337685187123609f85c2a69fe9dfd161 SHA512 1495645504888704558c130ad0de57f6d2223fd3182b6829552f829c374b5e0ed0d8a5c0dcadce828775a388ffab6941f5c37d00b0725dfdf98ee2d6c8a2d995 MISC metadata.xml 546 BLAKE2B 26e43bd101f64bdfae0d36dad1035e71f5a0ef31ea3bf5c5bc4b82a9208c892cb7241f50133fa969291e390bbdbd3b9473dc346c65f53d13d4483224e07484c8 SHA512 818714efd9851b566058ae6aba37a7860f0971f54e944f3386e14e9cd2053bca1d18d70ad653051a2c705af6807e5eea656d99eab52263055622c073384e9f83 diff --git a/net-misc/seafile-client/seafile-client-8.0.1.ebuild b/net-misc/seafile-client/seafile-client-8.0.1.ebuild new file mode 100644 index 000000000000..778e77ff9371 --- /dev/null +++ b/net-misc/seafile-client/seafile-client-8.0.1.ebuild @@ -0,0 +1,55 @@ +# Copyright 1999-2021 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +inherit cmake xdg-utils + +DESCRIPTION="Seafile desktop client" +HOMEPAGE="https://www.seafile.com/ https://github.com/haiwen/seafile-client/" +SRC_URI="https://github.com/haiwen/${PN}/archive/v${PV}.tar.gz -> ${P}.tar.gz" + +LICENSE="Apache-2.0" +SLOT="0" +KEYWORDS="~amd64 ~x86" +IUSE="libressl shibboleth test" +RESTRICT="!test? ( test )" + +RDEPEND="dev-db/sqlite:3 + dev-libs/libevent + dev-libs/jansson + dev-qt/qtcore:5 + dev-qt/qtdbus:5 + dev-qt/qtgui:5 + dev-qt/qtnetwork:5 + dev-qt/qtwidgets:5 + !libressl? ( dev-libs/openssl:= ) + libressl? ( dev-libs/libressl:= ) + net-libs/libsearpc + ~net-misc/seafile-${PV} + shibboleth? ( dev-qt/qtwebengine:5[widgets] )" +DEPEND="${RDEPEND} + test? ( dev-qt/qttest:5 )" +BDEPEND="dev-qt/linguist-tools:5" + +PATCHES=( + "${FILESDIR}/${PN}-select-qt5.patch" + "${FILESDIR}/${PN}-7.0.9-libressl.patch" + "${FILESDIR}/${PN}-7.0.9-qt-5.15.patch" +) + +src_configure() { + local mycmakeargs=( + -DBUILD_SHIBBOLETH_SUPPORT="$(usex shibboleth)" + -DBUILD_TESTING="$(usex test)" + ) + cmake_src_configure +} + +pkg_postinst() { + xdg_icon_cache_update +} + +pkg_postrm() { + xdg_icon_cache_update +} diff --git a/net-misc/seafile/Manifest b/net-misc/seafile/Manifest index 2ccb88889721..6446952ef0e3 100644 --- a/net-misc/seafile/Manifest +++ b/net-misc/seafile/Manifest @@ -1,5 +1,7 @@ DIST seafile-7.0.10.tar.gz 707294 BLAKE2B 7f31d09480a7be09c957a79442bc0c952a4b3802fe17d660cb4ae7d157fcb656280751ed5033e399a705fc24c8b0a232e55e5f289792bdb69abec304c85d3473 SHA512 6c5870e75d52f4409fc6f7e3884d3e9208693997b25a6347980a8d164ec6a3348f4b3f5a532f11b9221822aa0ec9125b9d9af8ba7abc4d392cd5b5f602df9289 DIST seafile-7.0.9.tar.gz 706859 BLAKE2B 2cbd12bfdda9c2cc13d38233a56d0d2f52ad04e03bd14c90c6ff086756fb7ab4f63319906030f9a5f4ec2625dbe23b2892c069f2b5d50c6997b23deaf2cb61d7 SHA512 4c87e7a4a6a4cef631cbfbeb1bde3c8c9e0915d5fe4597d5b3a4b8aa15e9650e97b51ee6a3b0bae4d235ec53149dca01aed7acd704da593c97da0a17e352a75d +DIST seafile-8.0.1.tar.gz 731105 BLAKE2B ac4b79112e40196cce2dbc64bb94a852b3f81ea08e0a833d45a297c02f5f66432345647b9a34aef67d8108d16eb5e3648002a070bb556a70be63b8c0314af9bb SHA512 dd6366c06bfa25f16f5d3b2ef83b39b5886e834697891c274a3b4eafec3aabf72858dd4d341452e8d4fb8cd1166d30bb8a783dddb4370c02526e3a00ed9fdb3c EBUILD seafile-7.0.10.ebuild 1222 BLAKE2B a2a38af895e5e4c745491bb677bce3d46e1e91761ecb99a0269f0a22a5e5b780f840d7a18273fcbbcfed232c665cad873e705cbb35fb8fe83790ce29ff5d8e60 SHA512 7a53c843787eff55e96522ff34acd6aa36d085da316f24dcf083fd0760b25e960397fc69fe0fb4e518795102f5a6e1a700f33d1adf1f02c6cae5ba840509b45e EBUILD seafile-7.0.9.ebuild 1149 BLAKE2B 57df7615b831ebd67d1bcefd62bc8a3079027c02db113e2367ebf93f0fb71f4862d8d8bd4e4ff2420a6fa2ebfa6875e56d066cbdd51514eff04dc733a6c10b63 SHA512 d2b4ef7e7c0f2bc6802b1a3d93cf21d6a34d81ddd98c736de49ed8f078901090a3bc77bcb6bd2b09dd4252a08f674a5bf6bf23ad6282a22dd758c3440fce7326 +EBUILD seafile-8.0.1.ebuild 1226 BLAKE2B 26faa0b85e5188b7380a92dd86b49103ffcf3c80bc0f37256fc810b1683de989837d2936625e445725cf25cd9ffebf65f8e7c4710f1313a0a5fad0536245caef SHA512 e24197367d767b70259a43dfa509b492eec60f39c7604ad1adb423893d8ebc0c61765d891c802bc029b087d339a6f0fb96c8c094d5aa787d82b7ea8e8b6b4e2c MISC metadata.xml 447 BLAKE2B c90112a457648a9be79fa0a4858ba7451d86158070a1a4798ac88e3724eb3f39ddef039f904801d460ca607e9143ae7af58bf58a0024d8a6f513055f64fdee43 SHA512 d2af0ed21d876d212283140c20a3192c1d09c88e496c21c455a79962ad20547a9d32688ded73c6951388720e4abb9496afca405aee6ed5ac126f107bea3ee7eb diff --git a/net-misc/seafile/seafile-8.0.1.ebuild b/net-misc/seafile/seafile-8.0.1.ebuild new file mode 100644 index 000000000000..b64c19dc047b --- /dev/null +++ b/net-misc/seafile/seafile-8.0.1.ebuild @@ -0,0 +1,50 @@ +# Copyright 1999-2021 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +PYTHON_COMPAT=(python3_{6,7,8,9}) + +WANT_AUTOMAKE=1.16 + +inherit autotools python-single-r1 vala + +DESCRIPTION="File syncing and sharing software with file encryption and group sharing" +HOMEPAGE="https://www.seafile.com/ https://github.com/haiwen/seafile/" +SRC_URI="https://github.com/haiwen/${PN}/archive/v${PV}.tar.gz -> ${P}.tar.gz" + +LICENSE="GPL-2+-with-openssl-exception" +SLOT="0" +KEYWORDS="~amd64 ~x86" +IUSE="libressl" +REQUIRED_USE="${PYTHON_REQUIRED_USE}" + +RDEPEND="${PYTHON_DEPS} + $(python_gen_cond_dep ' + dev-python/future[${PYTHON_MULTI_USEDEP}] + ') + !libressl? ( dev-libs/openssl:= ) + libressl? ( dev-libs/libressl:= ) + dev-db/sqlite:3 + dev-libs/glib:2 + dev-libs/jansson + dev-libs/libevent + net-libs/libsearpc[${PYTHON_SINGLE_USEDEP}] + net-misc/curl + sys-libs/zlib" +DEPEND="${RDEPEND} + $(vala_depend)" + +src_prepare() { + default + sed -i -e 's/valac /${VALAC} /' lib/Makefile.am || die + eautoreconf + vala_src_prepare +} + +src_install() { + default + # Remove unnecessary .la files, as recommended by ltprune.eclass + find "${ED}" -name '*.la' -o -name '*.a' -delete || die + python_fix_shebang "${ED}"/usr/bin +} diff --git a/net-misc/socat/Manifest b/net-misc/socat/Manifest index eaa362a60037..e029e9198194 100644 --- a/net-misc/socat/Manifest +++ b/net-misc/socat/Manifest @@ -1,14 +1,11 @@ AUX socat-1.7.3.0-filan-build.patch 1164 BLAKE2B ea158041a421fdfbbcfb14f050920f9f6ea9d99097d74c9c81c63c5816595f2ef8475b3add04d9efd8d19498382520a4f686d73c85b1df1879d5997b2f4da635 SHA512 479a189bbc0546e8838f40e770902c0c82d5fd042e1d94731d0036f66448810dd5ffcd5297b3ad4e474db8e037d211e65648a5f35f41827d7a320d6b2b8208bf AUX socat-1.7.3.1-stddef_h.patch 1272 BLAKE2B 1693a96be8fc27c102ef48fd16a1c719ff240b7330800ee26876f2b9a0b21671d79da3244f87894ee2f65ca833f34e9636ed7ace4f19951fa4443abe26a2bb9c SHA512 294acc9f05526eb47bc2cc01603b1c5bc553c4a2ffaaf63b87b66eb653930c0f8139fb8c4d72ddec10482e35ae3a6ba144a6555c8ba64066c30cc4132f10f2bf AUX socat-1.7.3.4-fno-common.patch 497 BLAKE2B b1329f43afd86989d527a292ec188ebacfd269efe68bb649c6652cc7eb49d43363b0e0925c40cfa2e52a318a7eb84ae4822db98a5cbed69b394481f168def9ca SHA512 0dd7c92f8da42e99409b086ba48e757aa0fcdc404b771ce6d8f43296c72ab939bb98c202056312df5424332f9209b4f2b32b212b90c9d5819fb98ab0d890bc24 -AUX socat-1.7.4.0-32bit_build_fix.patch 1221 BLAKE2B f62b549c4ecce4df792c2ada29f251f0fdd142f593637abe962d42a9bb6af65bfac94e47846a612b97ee639c69addfdfc2de09a8bc4d2b062da2610b0e89f88d SHA512 734e74acfafbd3b1eadd71177198e9ee4f841f43c0da23f546026f56ae9649b99f04636361c46f5399e222a3e397ce02e635043b13c301e216426d98e4aa7131 AUX socat-2.0.0_beta9-libressl.patch 9738 BLAKE2B c790d2e6486ace62f410680d93679177dacdda1dc03700711163bf66d73bd728ccc3c0e4ad45c7a8c65eaf47239c7558044e0683a80fdf75eab51e09df36ee63 SHA512 183972f5354872557a6ad131f1c8276b0250729aaa6659cd202dcf534d8b4bc41dd19cc6525bc888c325c670922ba382c684103ecdd8a385e5d27f52f321c7ed DIST socat-1.7.3.4.tar.bz2 490552 BLAKE2B 68db1674a3156b28c10340e515f346de83d4e953570f3a3cdee9402db9f276285a8f46db14978b4651df6d0fa90fb496696f151afb3e826172daa444ee35e666 SHA512 f338d28e5fd9d7ebb9e30b0fa700bcd5ff50ff9e668403474963a3310ba2b5f68b5236b928872c18e4b1ee95328374987e7e263ac7655a0d9b3fc9da77281123 -DIST socat-1.7.4.0.tar.bz2 509023 BLAKE2B 97ad5f5a52375aea4d2afbb4ac6143a86bfa057aed602d552b015f6c9fc6a3a0cc65b1717573b3c60bed482da908197366bd1d282ee1db6fd86a229484d2bb9f SHA512 c4d166c2259271a70f81d6c4972549549c3fc60a9e47cc03eff1dd4d71c298ac39c177ae3c053dc0c97c2770fe8d157fd0bc6f2c14aef91625f868894d5d7c61 DIST socat-1.7.4.1.tar.bz2 510101 BLAKE2B 9b7ca0a0add173c39d736d470079bf8e1330a8b11497128cc2b5edb019277682697f1f71f6d3d4a526a74a7297e4aace25493acea98ea95a885c52e5a9c34568 SHA512 7fa069bff294a01baebfd790faed027391ab1f47f09f0990e6dcb1c7cce5f3cdc20638fecb10e82c10b6342d903de9481f6d85a0debcc0368c882417dafbc756 DIST socat-2.0.0-b9.tar.bz2 516673 BLAKE2B 808c8821b89ae2463074f87915dfae10f82b66ac6cd0b6ff56ab18f57c704e5a2a3ce76650152dccce41e4bd00e3a937948d4ade0a915b1f0e917c7543c6fc31 SHA512 f728bd634feeeacd2f0e4020c1c6aafdadaef3ba9da818d9ae1195e9f48fb693b2bea8dbbb208af8daddd8d6405217113d5ce31d05c2e9b27f5d2fba6b1cc834 EBUILD socat-1.7.3.4.ebuild 1586 BLAKE2B 7dfdd2075cee949d3252488fb60a5d3370bf540463857521a06b5e3fc32ae75195a4383e8dc18673322ef3db9ab2f25209ac638e67e7ad65bc113a3d4285b50b SHA512 716db6a19271e18a9f08386ef2906f55d7c483186e3622fca19075b2fbcbb57c3f22fc7adf62398528b576afff040aa6bef3dbf6d6ccd9f0fc919dc1f9faaa07 -EBUILD socat-1.7.4.0.ebuild 1589 BLAKE2B 0be8375683d1948e56b7454ccd73c285d4871eb747b7c5efb21cd4f34717252ba55c0c1a2df485fa0a4374f098f826a4a7d2db6c551f282f9bc5994657edc547 SHA512 b5fc6b3535db3b43912832b976aace63fde55c7360da0f93fdad14c51d0084a9bd000c1c9a3bebecf48fcf77f99841ffe279dc51aa1971bceb341ca1ae2fe6c4 EBUILD socat-1.7.4.1.ebuild 1534 BLAKE2B 1ab55137a27da5a25d6cb8d3ebf72f7b52aa0161a8ade16892fd68d0c6e40922996228050d51d72ce8e13f712574aa85249a550e9e6b3b65eb7e606e6d12a970 SHA512 3e3a47d3e41a8dfa9dda7c625d33d04f34c1a22695ff866db5dcf2234d9e8725a4ce80d241032a991df65d2086a204a660c8695ec1130f3cf245a32a58720fe8 EBUILD socat-2.0.0_beta9.ebuild 1684 BLAKE2B 8b12d6c8f85d1f3d161238100f994c1f85862b1abc0d5759eca22d5e743821d1cccd2e1f505b19faf8ad4d65803fe26fd1a388b8a21802f000ec94d9f145a360 SHA512 5c3c58e869b297dfffded35ff69b6f34574901472196863bd8f29d52e4957129923c2f0738dc0a0b64c6cebbcb421be20ff008561ab53bfc91f543a0f96726d1 EBUILD socat-9999.ebuild 1406 BLAKE2B c68fd7bf03d58f1bd16266304afab4cc73e2e129be5facb7416ed0a765fd198b02a76e5459b4dda831e2c4765c6cd9d4e0669dd024795161f38909c62d882116 SHA512 6ab7b9aa353e917b8aa46f2179bbcff95fa03e1e59ff4a8f68c512cbc8a582d5e288bd79a2a251c47837b60318640a1005392e0ebc72844a08327e41effdcc18 diff --git a/net-misc/socat/files/socat-1.7.4.0-32bit_build_fix.patch b/net-misc/socat/files/socat-1.7.4.0-32bit_build_fix.patch deleted file mode 100644 index 0b391ed8929a..000000000000 --- a/net-misc/socat/files/socat-1.7.4.0-32bit_build_fix.patch +++ /dev/null @@ -1,42 +0,0 @@ -2021-01-08: Quick fix to a compilation failure especially on 32 bit systems - ---- socat-1.7.4.0/compat.h -+++ socat-1.7.4.0/compat.h -@@ -134,6 +134,8 @@ - # define F_uint64_t "%u" - # elif HAVE_BASIC_UINT64_T==6 - # define F_uint64_t "%lu" -+# elif HAVE_BASIC_UINT64_T==8 -+# define F_uint64_t "%llu" - # else - # error "HAVE_BASIC_UINT64_T is out of range:" HAVE_BASIC_UINT64_T - # endif -@@ -147,7 +149,7 @@ - # elif HAVE_BASIC_INT16_T==3 - # define F_int16_t "%d" - # elif HAVE_BASIC_INT16_T==5 --# define F_int16_t "%l" -+# define F_int16_t "%ld" - # else - # error "HAVE_BASIC_INT16_T is out of range:" HAVE_BASIC_INT16_T - # endif -@@ -161,7 +163,7 @@ - # elif HAVE_BASIC_INT32_T==3 - # define F_int32_t "%d" - # elif HAVE_BASIC_INT32_T==5 --# define F_int32_t "%l" -+# define F_int32_t "%ld" - # else - # error "HAVE_BASIC_INT32_T is out of range:" HAVE_BASIC_INT32_T - # endif -@@ -175,7 +177,9 @@ - # elif HAVE_BASIC_INT64_T==3 - # define F_int64_t "%d" - # elif HAVE_BASIC_INT64_T==5 --# define F_int64_t "%l" -+# define F_int64_t "%ld" -+# elif HAVE_BASIC_INT64_T==7 -+# define F_int64_t "%lld" - # else - # error "HAVE_BASIC_INT64_T is out of range:" HAVE_BASIC_INT64_T - # endif diff --git a/net-misc/socat/socat-1.7.4.0.ebuild b/net-misc/socat/socat-1.7.4.0.ebuild deleted file mode 100644 index 4b62fa74485a..000000000000 --- a/net-misc/socat/socat-1.7.4.0.ebuild +++ /dev/null @@ -1,67 +0,0 @@ -# Copyright 1999-2021 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=7 - -inherit flag-o-matic toolchain-funcs - -MY_P=${P/_beta/-b} -DESCRIPTION="Multipurpose relay (SOcket CAT)" -HOMEPAGE="http://www.dest-unreach.org/socat/ https://repo.or.cz/socat.git" -SRC_URI="http://www.dest-unreach.org/socat/download/${MY_P}.tar.bz2" -S="${WORKDIR}/${MY_P}" - -LICENSE="GPL-2" -SLOT="0" -KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos" -IUSE="bindist libressl ssl readline ipv6 tcpd" - -DEPEND=" - ssl? ( - !libressl? ( dev-libs/openssl:0= ) - libressl? ( dev-libs/libressl:= ) - ) - readline? ( sys-libs/readline:= ) - tcpd? ( sys-apps/tcp-wrappers ) -" -RDEPEND="${DEPEND}" - -# Tests are a large bash script -# Hard to disable individual tests needing network or privileges -RESTRICT=" - test - ssl? ( readline? ( bindist ) ) -" - -DOCS=( BUGREPORTS CHANGES DEVELOPMENT EXAMPLES FAQ FILES PORTING README SECURITY ) - -PATCHES=( - "${FILESDIR}/${P}-32bit_build_fix.patch" -) - -pkg_setup() { - # bug #587740 - if use readline && use ssl; then - elog "You are enabling both readline and openssl USE flags, the licenses" - elog "for these packages conflict. You may not be able to legally" - elog "redistribute the resulting binary." - fi -} - -src_configure() { - filter-flags '-Wno-error*' #293324 - tc-export AR - - econf \ - $(use_enable ssl openssl) \ - $(use_enable readline) \ - $(use_enable ipv6 ip6) \ - $(use_enable tcpd libwrap) -} - -src_install() { - default - - docinto html - dodoc doc/*.html doc/*.css -} diff --git a/net-misc/streamlink/Manifest b/net-misc/streamlink/Manifest index ae230f42c48d..151aa9021a7e 100644 --- a/net-misc/streamlink/Manifest +++ b/net-misc/streamlink/Manifest @@ -1,6 +1,7 @@ -DIST streamlink-1.3.0.tar.gz 694190 BLAKE2B cd262290cd81f1954567e217eaf9568c00180ee7f6955c8227b7067488d685385fe8b4b3bcd6004e7e8f7f66236696a48e744cb24c4d00f2111f00633ffeb1bf SHA512 5a114e0b1e617b2a41f8fe00f9bd6846843dd7643b4283d2fe30ea869cc9d6f495458b0ddb97955a87b7ad64e5628343262af5068b8a7a19d0d84a32020b3365 DIST streamlink-1.3.1.tar.gz 695736 BLAKE2B 377fdfb6a90b2e680697dda57b4237a14b63df1e33af5fcbf8333ebd3bc85f877e0e3c4698ab965d766560234cc0ddb7399c8b43eac1b3bbbc4984bfd2ed2194 SHA512 d6c299c6ea444d5b5956a752be8a5c192ca2aae25087db4045035c53fa078396b1bf89203cd55a82630c33492117323892caa5cf27c9dc9ea4b64602dbfdd87c -EBUILD streamlink-1.3.0-r2.ebuild 2058 BLAKE2B 59e8674d7cd8626c7720370a626ea3da8f0d85d9629aebc842aff2cbcc929d4e39c0c3b24081bf5f18b43d635381034d3bff82fa049c98f16b90bb7c2af6f0a6 SHA512 a9577b8586ec067701d9cc70598022fce711ec134e9ff4b269f1a7a850ee3f0964e277053b96e0f6716247aa73a05b6eb6db4b1bc8963f83e8668e265e6a6553 +DIST streamlink-2.0.0.tar.gz 497816 BLAKE2B e0d8ebf2ae72bb2dc9c9a22810577a34ae6fe3a81bb75b03f5186c69170b9ed94311c1e018bd2a2a0e9a5fc1d8f8470de431f602bd3c8bb2d215c9c8d87dc867 SHA512 ce8b34670ea991ddd9b86eb4f05233468ad9df7ea743ed047cd2e3de8d0844dcded082df1215273e8a22ac5386dd17f64c80662b80fb8dbfae421b7f18c146d6 +DIST streamlink.1-2.0.0.man.xz 12956 BLAKE2B e4e24f1f04a4edabcc9973005a1097a6ed0cf450bf65624fee9dee13c39312e96d48a91c5558b5b4f2e1122510ea64d497588c42c1c6f2a83f1bb6fd92843419 SHA512 3d857b953a10a4c4ca9906cd03d170a7b76ecf724c3627571b90fa584c729cce54f492438c7e9aae32fc65b5c0561e0d325b0b1f9bcc69a98bc000b81e5492c9 EBUILD streamlink-1.3.1-r1.ebuild 2060 BLAKE2B d8c5a8929e7996b0ba791ca114409d882dc236f1a5c2346dcddc14566d25534bd790f9d6f3d2227b62442f635908161fd9ade62ee539500555b78ad6098c35b6 SHA512 7dd52874f571b4c22901a9b39faadf534deb019d7c83385a9897c1fa583c848faca60d2e36c5eacb8d25663090bf995d91d81e25ce6474523bd540fda42e3e57 -EBUILD streamlink-9999.ebuild 2060 BLAKE2B d8c5a8929e7996b0ba791ca114409d882dc236f1a5c2346dcddc14566d25534bd790f9d6f3d2227b62442f635908161fd9ade62ee539500555b78ad6098c35b6 SHA512 7dd52874f571b4c22901a9b39faadf534deb019d7c83385a9897c1fa583c848faca60d2e36c5eacb8d25663090bf995d91d81e25ce6474523bd540fda42e3e57 +EBUILD streamlink-2.0.0.ebuild 1858 BLAKE2B e217664cd89d379da81ea55d94729627b454382e7c5a633823dfdfa8f764e2b50d7f43aba14d3f5953c68f4e680f17ca2d1c1f80d83f20726e90874fb287fd34 SHA512 4f6e57657a96bc883ea300b59cdfa876b2be1d8051be304724f6676822a17d05cfafbeb059a4f7b8d05c9fe7ecaa47c18f9f9cbd643b27e10f9b09dff69c4aca +EBUILD streamlink-9999.ebuild 1858 BLAKE2B e217664cd89d379da81ea55d94729627b454382e7c5a633823dfdfa8f764e2b50d7f43aba14d3f5953c68f4e680f17ca2d1c1f80d83f20726e90874fb287fd34 SHA512 4f6e57657a96bc883ea300b59cdfa876b2be1d8051be304724f6676822a17d05cfafbeb059a4f7b8d05c9fe7ecaa47c18f9f9cbd643b27e10f9b09dff69c4aca MISC metadata.xml 330 BLAKE2B ad3caca1dc3dd2ea5915a6d14f9741ba7352d8a961939dacf89efdcae0cf1203343ca11ea230efc30cf69d359e09e7cd06218404943f8e4e3853a5c6676f7ff6 SHA512 73730cc94810711b86088a41beba0d0da4f20c4ca377c24122ebeac1ea68e712d03d0e79518df847aa15cb9d8a3f04658715f0b75dfaa1a6dfbedc0a15c33672 diff --git a/net-misc/streamlink/streamlink-1.3.0-r2.ebuild b/net-misc/streamlink/streamlink-1.3.0-r2.ebuild deleted file mode 100644 index 6f6674f9723b..000000000000 --- a/net-misc/streamlink/streamlink-1.3.0-r2.ebuild +++ /dev/null @@ -1,80 +0,0 @@ -# Copyright 1999-2020 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=7 - -if [[ ${PV} = 9999* ]]; then - EGIT_REPO_URI="https://github.com/streamlink/${PN}.git" - GIT_ECLASS="git-r3" -fi - -PYTHON_COMPAT=( python3_{6,7} ) -PYTHON_REQ_USE='xml(+),threads(+)' -DISTUTILS_SINGLE_IMPL=1 -DISTUTILS_USE_SETUPTOOLS=rdepend - -inherit distutils-r1 $GIT_ECLASS - -DESCRIPTION="CLI for extracting streams from websites to a video player of your choice" -HOMEPAGE="https://streamlink.github.io/" - -if [[ ${PV} != 9999* ]]; then - SRC_URI="https://github.com/streamlink/${PN}/releases/download/${PV}/${P}.tar.gz" - KEYWORDS="~amd64 ~x86" -fi - -LICENSE="BSD-2 Apache-2.0" -SLOT="0" -IUSE="doc test" -RESTRICT="!test? ( test )" - -# >=urllib3-1.23 only needed for python2, but requests pulls some version anyways, so we might as well guarantee at least that ver for py3 too -DEPEND=" - $(python_gen_cond_dep ' - >dev-python/requests-2.21.0[${PYTHON_MULTI_USEDEP}] - >=dev-python/urllib3-1.23[${PYTHON_MULTI_USEDEP}] - dev-python/isodate[${PYTHON_MULTI_USEDEP}] - dev-python/websocket-client[${PYTHON_MULTI_USEDEP}] - dev-python/pycountry[${PYTHON_MULTI_USEDEP}] - >=dev-python/pycryptodome-3.4.3[${PYTHON_MULTI_USEDEP}] - ') -" -RDEPEND="${DEPEND} - media-video/rtmpdump - media-video/ffmpeg -" -BDEPEND=" - $(python_gen_cond_dep ' - doc? ( - dev-python/sphinx[${PYTHON_MULTI_USEDEP}] - dev-python/docutils[${PYTHON_MULTI_USEDEP}] - dev-python/recommonmark[${PYTHON_MULTI_USEDEP}] - ) - test? ( - dev-python/mock[${PYTHON_MULTI_USEDEP}] - dev-python/requests-mock[${PYTHON_MULTI_USEDEP}] - dev-python/pytest[${PYTHON_MULTI_USEDEP}] - dev-python/freezegun[${PYTHON_MULTI_USEDEP}] - ) - ')" - -python_configure_all() { - # Avoid iso-639, iso3166 dependencies since we use pycountry. - export STREAMLINK_USE_PYCOUNTRY=1 -} - -python_compile_all() { - use doc && emake -C docs html man -} - -python_test() { - esetup.py test -} - -python_install_all() { - if use doc; then - local HTML_DOCS=( docs/_build/html/. ) - doman docs/_build/man/* - fi - distutils-r1_python_install_all -} diff --git a/net-misc/streamlink/streamlink-2.0.0.ebuild b/net-misc/streamlink/streamlink-2.0.0.ebuild new file mode 100644 index 000000000000..43cd8b5f34a6 --- /dev/null +++ b/net-misc/streamlink/streamlink-2.0.0.ebuild @@ -0,0 +1,76 @@ +# Copyright 1999-2021 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +if [[ ${PV} = 9999* ]]; then + EGIT_REPO_URI="https://github.com/streamlink/${PN}.git" + GIT_ECLASS="git-r3" +fi + +PYTHON_COMPAT=( python3_{6,7,8} ) +PYTHON_REQ_USE='xml(+),threads(+)' +DISTUTILS_SINGLE_IMPL=1 +DISTUTILS_USE_SETUPTOOLS=rdepend + +inherit distutils-r1 $GIT_ECLASS + +DESCRIPTION="CLI for extracting streams from websites to a video player of your choice" +HOMEPAGE="https://streamlink.github.io/" + +if [[ ${PV} != 9999* ]]; then + SRC_URI="https://github.com/streamlink/${PN}/releases/download/${PV}/${P}.tar.gz" + SRC_URI+=" https://dev.gentoo.org/~leio/distfiles/streamlink.1-${PV}.man.xz" + KEYWORDS="~amd64 ~x86" +fi + +LICENSE="BSD-2 Apache-2.0" +SLOT="0" +IUSE="test" +RESTRICT="!test? ( test )" + +DEPEND=" + $(python_gen_cond_dep ' + >dev-python/requests-2.21.0[${PYTHON_MULTI_USEDEP}] + dev-python/isodate[${PYTHON_MULTI_USEDEP}] + dev-python/websocket-client[${PYTHON_MULTI_USEDEP}] + dev-python/pycountry[${PYTHON_MULTI_USEDEP}] + >=dev-python/pycryptodome-3.4.3[${PYTHON_MULTI_USEDEP}] + ') +" +RDEPEND="${DEPEND} + media-video/rtmpdump + media-video/ffmpeg +" +BDEPEND=" + $(python_gen_cond_dep ' + test? ( + dev-python/mock[${PYTHON_MULTI_USEDEP}] + dev-python/requests-mock[${PYTHON_MULTI_USEDEP}] + dev-python/pytest[${PYTHON_MULTI_USEDEP}] + >=dev-python/freezegun-1.0.0[${PYTHON_MULTI_USEDEP}] + ) + ')" + +src_prepare() { + distutils-r1_src_prepare + if [[ ${PV} != 9999* ]]; then + mv ${WORKDIR}/streamlink.1-${PV}.man ${WORKDIR}/streamlink.1 || die + fi +} + +python_configure_all() { + # Avoid iso-639, iso3166 dependencies since we use pycountry. + export STREAMLINK_USE_PYCOUNTRY=1 +} + +python_test() { + esetup.py test +} + +python_install_all() { + distutils-r1_python_install_all + if [[ ${PV} != 9999* ]]; then + doman ${WORKDIR}/streamlink.1 + fi +} diff --git a/net-misc/streamlink/streamlink-9999.ebuild b/net-misc/streamlink/streamlink-9999.ebuild index e1b66ef0065e..43cd8b5f34a6 100644 --- a/net-misc/streamlink/streamlink-9999.ebuild +++ b/net-misc/streamlink/streamlink-9999.ebuild @@ -1,4 +1,4 @@ -# Copyright 1999-2020 Gentoo Authors +# Copyright 1999-2021 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=7 @@ -20,19 +20,18 @@ HOMEPAGE="https://streamlink.github.io/" if [[ ${PV} != 9999* ]]; then SRC_URI="https://github.com/streamlink/${PN}/releases/download/${PV}/${P}.tar.gz" + SRC_URI+=" https://dev.gentoo.org/~leio/distfiles/streamlink.1-${PV}.man.xz" KEYWORDS="~amd64 ~x86" fi LICENSE="BSD-2 Apache-2.0" SLOT="0" -IUSE="doc test" +IUSE="test" RESTRICT="!test? ( test )" -# >=urllib3-1.23 only needed for python2, but requests pulls some version anyways, so we might as well guarantee at least that ver for py3 too DEPEND=" $(python_gen_cond_dep ' >dev-python/requests-2.21.0[${PYTHON_MULTI_USEDEP}] - >=dev-python/urllib3-1.23[${PYTHON_MULTI_USEDEP}] dev-python/isodate[${PYTHON_MULTI_USEDEP}] dev-python/websocket-client[${PYTHON_MULTI_USEDEP}] dev-python/pycountry[${PYTHON_MULTI_USEDEP}] @@ -45,36 +44,33 @@ RDEPEND="${DEPEND} " BDEPEND=" $(python_gen_cond_dep ' - doc? ( - dev-python/sphinx[${PYTHON_MULTI_USEDEP}] - dev-python/docutils[${PYTHON_MULTI_USEDEP}] - dev-python/recommonmark[${PYTHON_MULTI_USEDEP}] - ) test? ( dev-python/mock[${PYTHON_MULTI_USEDEP}] dev-python/requests-mock[${PYTHON_MULTI_USEDEP}] dev-python/pytest[${PYTHON_MULTI_USEDEP}] - dev-python/freezegun[${PYTHON_MULTI_USEDEP}] + >=dev-python/freezegun-1.0.0[${PYTHON_MULTI_USEDEP}] ) ')" +src_prepare() { + distutils-r1_src_prepare + if [[ ${PV} != 9999* ]]; then + mv ${WORKDIR}/streamlink.1-${PV}.man ${WORKDIR}/streamlink.1 || die + fi +} + python_configure_all() { # Avoid iso-639, iso3166 dependencies since we use pycountry. export STREAMLINK_USE_PYCOUNTRY=1 } -python_compile_all() { - use doc && emake -C docs html man -} - python_test() { esetup.py test } python_install_all() { - if use doc; then - local HTML_DOCS=( docs/_build/html/. ) - doman docs/_build/man/* - fi distutils-r1_python_install_all + if [[ ${PV} != 9999* ]]; then + doman ${WORKDIR}/streamlink.1 + fi } diff --git a/net-misc/suite3270/Manifest b/net-misc/suite3270/Manifest index c6527adbfe56..cb360ad74dc9 100644 --- a/net-misc/suite3270/Manifest +++ b/net-misc/suite3270/Manifest @@ -2,5 +2,5 @@ AUX suite3270-3.5_p8-tinfo.patch 2733 BLAKE2B ea2d966d5138e33289d803223a4e49f4dc DIST suite3270-3.6ga8-src.tgz 3296047 BLAKE2B 98bcee4591c3eea12c7127aa2eeb39613f6f090c041ceab7a7b0f1bf0e946c3048ba2f93eaacf2bbaf04b44ba78a8895f6b7acdcf20baea19a408464f83f4d62 SHA512 88a00bec19ae7be92e5bc0edd6ae1e27bef7fbbf8c3f419efda3ba2b3a0cb5e72693916cd44d50166d5745ce0f9d8497641481cedbb0bb3149567b6f51b1a987 DIST suite3270-4.0ga13-src.tgz 3317494 BLAKE2B 898f279143006e1fc1f470bda3917afe85957de745676dc915f9c94292824ba0e10fc2ccf0a47e307c41e48741a3da7c066c45f63c917295e0522122226b79dd SHA512 bdf9c5d129419c87b45907186e5f158d8623009151357e4d8a3d08ffff2f3729449cead84d005227bfb32968ae363d1a29350692cabe9bf8b71f760eda3f496b EBUILD suite3270-3.6_p8.ebuild 2126 BLAKE2B 6af9b8a731e933740f3ebf1f260251d7c91806f32bc70f3bf26a914227c7ef7bd9592fb898f1a8e2fbb7eeed0c703cfbd82a2bdbe0973512007f674fc2b8b908 SHA512 6d834fc4455625b414b2b19b509b71dc6a19501ff301fe15acb49c0e0fb632ef5d3ffac10e72e7ea593c00541c4bf0010a526d9c14c6e9ca077d76ef09672a33 -EBUILD suite3270-4.0_p13.ebuild 2052 BLAKE2B f59a294a5a3da6de4ffd156b05a762364d762cd565dcc53abb18ec72109e0f03cb9e2e3a1da820fbdc670ade0d8e4bb0adc562fd62eed523f8c4d55e30551424 SHA512 0c79ed9ef4827493dcf26e13090cbee69552da80ba6d78e56f035d41f65555fc3208d42cdea31c903d23e8ae1a05c5d47e1969c0cc3bb1174be6686b90d0e7e8 +EBUILD suite3270-4.0_p13.ebuild 2049 BLAKE2B 1cfd6fab141ed6e19a3a0f86191e3ea5b1871441b0834df0a910e8868939d853b9a4e18a5bd24f974b1e523f86d3c46c7d11ddb6520c3776e9d69f8891aead47 SHA512 ef537f29d1254d144e833b19b905300a699969330810126e162a8b76307cf9699d3103cb61ff4832ec72dfbccf8cfe19159bbb234b667a574a1e7256edb8883e MISC metadata.xml 463 BLAKE2B 5035d30c690419dbe52b4caf68981eb40c858f09787189439dda81dd57096276a029201b0ea3eb67840a14552d9c4dcf21eb00003ea530b79b85219cc607c19b SHA512 ef297d66d1c0b2c7ab6f8d0c489f355267124cd1f0cc09d18cf1b2cd33458be4c8e1716e84753ba6e49903a90fb676fb7ae908205672f927656ebd9c11879e45 diff --git a/net-misc/suite3270/suite3270-4.0_p13.ebuild b/net-misc/suite3270/suite3270-4.0_p13.ebuild index e19e219259f5..cd058cd5019a 100644 --- a/net-misc/suite3270/suite3270-4.0_p13.ebuild +++ b/net-misc/suite3270/suite3270-4.0_p13.ebuild @@ -21,7 +21,7 @@ SRC_URI="mirror://sourceforge/x3270/${MY_P}-src.tgz" LICENSE="GPL-2" SLOT="0" -KEYWORDS="~amd64 ~ppc ~s390 ~sparc ~x86" +KEYWORDS="amd64 ~ppc s390 sparc ~x86" IUSE="cjk doc ncurses ssl tcl X" RDEPEND="ssl? ( dev-libs/openssl:0= ) diff --git a/net-misc/youtube-dl/Manifest b/net-misc/youtube-dl/Manifest index e162b8d204ba..f1c7eee07292 100644 --- a/net-misc/youtube-dl/Manifest +++ b/net-misc/youtube-dl/Manifest @@ -1,4 +1,6 @@ DIST youtube-dl-2021.01.16.tar.gz 3275243 BLAKE2B 970bfff5db0aca7e386027e20f2b4d7e6b7209037820f3e0960f2e19b3b8e0aaf0f62bacb1794a15f359108533cbc396dddea99c84a8c88c13891329d2685326 SHA512 01b73f2e626df69249057ddc205d49dc7d6d16c66f4349fcdde5990615d1d13e0b5db15d65fb35e0c1328f7dc67d1473183228778614ccb7a3c9d27e80a0a38d +DIST youtube-dl-2021.01.24.1.tar.gz 3288395 BLAKE2B f0adc4ed7627cfda3b7729afd0e4617c1d78b44b5cb84186251eacdfb54bdd0ad2395253899a1aed1ba708856e872ca0537baf316f08b289140bdacb3976e9d6 SHA512 b5ab1e03f38b5628487fdfa22febd594f87d42c228fcc0b03966205ca3fbc6fa6103388f8736ad22e7d517359823d8ca6cc61aeb80fdd69db06a82d55437bacb EBUILD youtube-dl-2021.01.16.ebuild 2131 BLAKE2B 9b7c85878f0260e8df0b3cb11654f9f1d80cd3a2dc93c5fad50b35cc18f89369cfe5cefeaa7461e0e34d005195f01a85c3c6c13db375bd5c3518bba410cbc23d SHA512 2b55a07be0dd75e9b5ca14ad58d466304727ef50cc8b622c04ef42e0164073ced817d7f7bdf1cfd315794e5e13390fb3e47f4e88d5496f4ea8df24e30155945c +EBUILD youtube-dl-2021.01.24.1.ebuild 2136 BLAKE2B ca2ebdc11f14acc9d57bf95b725ac45027942aa92c8b60c0f6d5cb5a7d90c511e4c11cb82845b067963ec6f635b3d8ad5564f639af9984964cf605d4b7bb2785 SHA512 fc56dae6b52494f0eb8c8cf00bf1331c64a857628d86881846e5a89544d6d0ea4d7b2ac5c9cadb6c9169b3ec5fd3479d34be6b487b8d00efe4b53b119f97256a EBUILD youtube-dl-9999.ebuild 2074 BLAKE2B 7eb91fceeba248ff2a1b40ab97139da9a33211b2fe79c66ae6aa29a2b6fe1f2b4e400f4dcc655573d46b6fa9a7f3cb7baddc75a32739b89507db9d4f4f96eba3 SHA512 f9768251f05033b9df5a0ea82d9e62f6d8fcf651dbbcf72a300bba4caf22ca5b99af73b830eba2d5483ae9b227d99f02bfa015319303f7f7300e6106f1e0b342 MISC metadata.xml 377 BLAKE2B dde3a782cb62c9f3b65479ba2496706e5c02b19b32aa3ed4be66a8d819485f04d62d6d0c383eaa65409551f6696d990077af553f1095163db8226cc9bfcc8339 SHA512 367f0cec4f63096ea8832cc8a8eb3bbc4c5b14b26f8a9bf4189ae7337381ec9f2444475521156e3f3965242f5b1a9bce456a286c80c22b9f05a11d41ac73b623 diff --git a/net-misc/youtube-dl/youtube-dl-2021.01.24.1.ebuild b/net-misc/youtube-dl/youtube-dl-2021.01.24.1.ebuild new file mode 100644 index 000000000000..9d465c616942 --- /dev/null +++ b/net-misc/youtube-dl/youtube-dl-2021.01.24.1.ebuild @@ -0,0 +1,71 @@ +# Copyright 1999-2021 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +PYTHON_COMPAT=(python3_{6..9}) + +DISTUTILS_USE_SETUPTOOLS=rdepend + +inherit bash-completion-r1 distutils-r1 readme.gentoo-r1 + +DESCRIPTION="Download videos from YouTube.com (and more sites...)" +HOMEPAGE="https://youtube-dl.org/ https://github.com/ytdl-org/youtube-dl/" +SRC_URI="https://youtube-dl.org/downloads/${PV}/${P}.tar.gz" +S=${WORKDIR}/${PN} + +LICENSE="public-domain" +KEYWORDS="~amd64 ~arm ~arm64 ~hppa ~ppc ~ppc64 ~x86 ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-solaris" +SLOT="0" + +RDEPEND=" + dev-python/pycryptodome[${PYTHON_USEDEP}] +" + +distutils_enable_tests nose + +src_prepare() { + sed -i -e '/flake8/d' Makefile || die + distutils-r1_src_prepare +} + +python_test() { + emake offlinetest +} + +python_install_all() { + doman youtube-dl.1 + + newbashcomp youtube-dl.bash-completion youtube-dl + + insinto /usr/share/zsh/site-functions + newins youtube-dl.zsh _youtube-dl + + insinto /usr/share/fish/vendor_completions.d + doins youtube-dl.fish + + distutils-r1_python_install_all + + rm -r "${ED}"/usr/etc || die + rm -r "${ED}"/usr/share/doc/youtube_dl || die +} + +pkg_postinst() { + elog "youtube-dl(1) / https://bugs.gentoo.org/355661 /" + elog "https://github.com/rg3/youtube-dl/blob/master/README.md#faq :" + elog + elog "youtube-dl works fine on its own on most sites. However, if you want" + elog "to convert video/audio, you'll need ffmpeg (media-video/ffmpeg)." + elog "On some sites - most notably YouTube - videos can be retrieved in" + elog "a higher quality format without sound. youtube-dl will detect whether" + elog "ffmpeg is present and automatically pick the best option." + elog + elog "Videos or video formats streamed via RTMP protocol can only be" + elog "downloaded when rtmpdump (media-video/rtmpdump) is installed." + elog + elog "Downloading MMS and RTSP videos requires either mplayer" + elog "(media-video/mplayer) or mpv (media-video/mpv) to be installed." + elog + elog "If you want youtube-dl to embed thumbnails from the metadata into the" + elog "resulting MP4 files, consider installing media-video/atomicparsley" +} diff --git a/net-misc/zerotier/Manifest b/net-misc/zerotier/Manifest index fc4f54546efc..a959fccc64b3 100644 --- a/net-misc/zerotier/Manifest +++ b/net-misc/zerotier/Manifest @@ -2,9 +2,10 @@ AUX zerotier-1.4.6-add-armv7a-support.patch 419 BLAKE2B 8670511fb18c3833d17b601e AUX zerotier-1.4.6-fixup-neon-support.patch 2667 BLAKE2B 39feb92294b2221fa61fbfe93c894bad4218528161854f74d5b5e9c301aef86b9f5a84de567d5050463d323a309179b4efb8e95eb09b22424c4ecfcc065a3da6 SHA512 f032b95f485ae264577f4c7f579a9f4e9ab4a82a5c806c6dc9bd37fb4262d60d98088a19b27a545893d1deedbefb7f1ffdeb52ac102d0b3cfbb82c46b3abca9a AUX zerotier-1.4.6-respect-ldflags.patch 455 BLAKE2B 2add558b3770e35d9318965eee27219366af4660935d2ee1261bc7735cbd77405ec8c8677f95ad31e02a0f81a9b9f1984b89ba2aeff3b919a84adfdebf7518bf SHA512 8b00309912e64a33086173f0c14649115bf82d5ceaf838642dc604e6ae1ec49d883c90ad5fcd93c9291fb7491cdd06b4d609ffc80c512425ee7c9988bb67149f AUX zerotier.init 437 BLAKE2B a43cc014d5ad311d14b13324e118c73c694623621c252ad6957af53064ccb53cda7c028cf2348e6999508262e86576fdd5c02feba81af6e1a9a88653bbd7a0e7 SHA512 938dcdf16228ca62a14c18658d746054590104dc50028d5dc4d56dba139dfc894d88d567e918533820df81723d56411cc046050b4b7c0e11e1128bef599fb12a +AUX zerotier.init-r1 285 BLAKE2B cb30206b6b2fa00e9b77bee83d0ef61bc864146337e06c6900a6e5bcad95dab87dc88f30a1407f87ecea839b99f5aadd7807719ffaefd7be4137986284d1e43e SHA512 911a90d14bbacb2e5a139d50716850d7286f893769bf0f7fb02a0829293d5fb233ad44255b8ffc5c1d4aee4fbe1361be0f1826732b50de07bd1d418f77651faa AUX zerotier.service 179 BLAKE2B 8c27616a5092084a2450f08e5046528ce25f7697fca914436d9dddd003538e4d9bcfb50126e522936cf997d5f225f32751f59229d28cd6e85778b6b1bed8edb2 SHA512 80b685e2e6e851af924c1f84970be761e15086f52280819d75279b947f0e2a11f890035570b85becef85f208ef8f7952323f85fb811984701ff9f39e37d6c701 -DIST zerotier-1.2.12.tar.gz 6058902 BLAKE2B 851d0d871fac7f6cdd9feafb375f97181f9155c265f13e44122424bd7adcaff10e3f2c2a4484d2e2ad1f4f2f174fc723681451c1a728c9aa324bdcb02300af57 SHA512 a35029993d9266f3529a9922daa606b0d56a332514545f8cfab2092a4c9db4fc7217223f3bd7dbe59e536de325ee9b4f0226d673c0f0ec5859cf2937e8a4a2d4 DIST zerotier-1.4.6.tar.gz 13055818 BLAKE2B 46003d9c3ad09e30dbefaa441422ed4570bdbdfb99f2f24fb82246f9e970501d38d96c19dc9771a1d0d30bc49bd8be2b79ebd2e5c8bd85e88b738b29f0a1dcc3 SHA512 72f00602f67190d03ac0c8caa6b79e7f346b10745bdf772c68f77a3a940cdd718d05ec642bc862a6235aab9bd3bfefb0c57571f358ae55f38761f45500f0f189 -EBUILD zerotier-1.2.12.ebuild 914 BLAKE2B b321d596dcc72e2495c2a324b79a5d9a630f1e280a0ed40b7876dc2af359c166fb9024a00f49db1b19ca13a5dea2b5c69bacaf4254729c95e0fc58c8f15f6a46 SHA512 a102dc5a09237e6a98e4b8bf51c3397d4fc9ea698bdc6847c5efe5d31f0333f9281c3700abc6b477ef95e9cda68ede2a080cada13b1b2a6316ff87a2238d6d53 +DIST zerotier-1.6.2.tar.gz 16020599 BLAKE2B 91da6c85f8d3dfd993a9aea9cd2a8b33e560d5475413fde8bef0a69df7d89503a66b1967ac336bd2213f6ffc35e452f665d37ceb8d9ae53cf5e5d4d352775e74 SHA512 8abb31ba8aed4c187a4e88ffe6f536ed7d0fe2421f89ae706eef620cc9508372a089ce9e9579df372e21b6dab271bea91e2d12b424dd85ece8c19885a6caa643 EBUILD zerotier-1.4.6.ebuild 1802 BLAKE2B 3fa9f53c3568d53c528a20610d58400e3d51ec02d6b6c3781350fddcd133dc8c30aae6f74d4b6a43e06708bc3b71281b60a1c0958b2e1390d0caeb62d5c04d23 SHA512 712437b743c70d5941f72206c0ab9025b85809453ddf5c33e8d18ace4a9771f3c5c861b491758cc2f2b8ee455a50738f7d0b16ac3d87784998ba966f8d56fbb1 +EBUILD zerotier-1.6.2.ebuild 1776 BLAKE2B aa98cbb7880d7e034fbd403285202058313586975a9244f7691c77de9c96e60706a90be3e5cf32f9be34922e4e6468a2b7227a866c4298bcd15cf6817f2065d8 SHA512 19be19a84d78d8e3fa979d0cdb2c890e11b078c83b1f6d9e5b667998d9508757796aea75582cb3e29311aaf0dc3f663825dcc0a433782f88954cf1298e10b67f MISC metadata.xml 482 BLAKE2B 8aaebdfd4d9a6454f3a426fb472a12e50f64e7cc356795b10175f9a3e3bfc5a181f503d609bb431b9619e73675ffa6e24059452696cdbe6f2d4aeff5f3a8cd11 SHA512 54bdb668f32bc05faee9dca6f29c3648127abe60c5338a4f1cdb71b3812e33314f1e6b691801caeb3fc3e5dfaa8ccc89b9f73469eb964321fc9f983ec669dadc diff --git a/net-misc/zerotier/files/zerotier.init-r1 b/net-misc/zerotier/files/zerotier.init-r1 new file mode 100644 index 000000000000..ee3097b58690 --- /dev/null +++ b/net-misc/zerotier/files/zerotier.init-r1 @@ -0,0 +1,12 @@ +#!/sbin/openrc-run +# Copyright 1999-2021 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +description="ZeroTier - Global Area Networking" +pidfile="/run/${SVCNAME}.pid" +command="/usr/sbin/zerotier-one" +command_background=true + +depend() { + use net +} diff --git a/net-misc/zerotier/zerotier-1.2.12.ebuild b/net-misc/zerotier/zerotier-1.2.12.ebuild deleted file mode 100644 index 6f5351d0790d..000000000000 --- a/net-misc/zerotier/zerotier-1.2.12.ebuild +++ /dev/null @@ -1,44 +0,0 @@ -# Copyright 1999-2019 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=6 - -inherit flag-o-matic systemd toolchain-funcs - -HOMEPAGE="https://www.zerotier.com/" -DESCRIPTION="A software-based managed Ethernet switch for planet Earth" -SRC_URI="https://github.com/zerotier/ZeroTierOne/archive/${PV}.tar.gz -> ${P}.tar.gz" - -LICENSE="GPL-3" -SLOT="0" -KEYWORDS="~amd64 ~arm ~arm64 ~x86" - -S="${WORKDIR}/ZeroTierOne-${PV}" - -RDEPEND=" - dev-libs/json-glib:= - net-libs/http-parser:= - net-libs/libnatpmp:= - net-libs/miniupnpc:=" - -DEPEND="${RDEPEND}" - -DOCS=( README.md AUTHORS.md ) - -src_compile() { - append-ldflags -Wl,-z,noexecstack - emake CXX="$(tc-getCXX)" STRIP=: one -} - -src_test() { - emake selftest - ./zerotier-selftest || die -} - -src_install() { - default - - newinitd "${FILESDIR}/${PN}".init "${PN}" - systemd_dounit "${FILESDIR}/${PN}".service - doman doc/zerotier-{cli.1,idtool.1,one.8} -} diff --git a/net-misc/zerotier/zerotier-1.6.2.ebuild b/net-misc/zerotier/zerotier-1.6.2.ebuild new file mode 100644 index 000000000000..fdfc4d61007e --- /dev/null +++ b/net-misc/zerotier/zerotier-1.6.2.ebuild @@ -0,0 +1,80 @@ +# Copyright 1999-2021 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +inherit flag-o-matic llvm systemd toolchain-funcs + +HOMEPAGE="https://www.zerotier.com/" +DESCRIPTION="A software-based managed Ethernet switch for planet Earth" +SRC_URI="https://github.com/zerotier/ZeroTierOne/archive/${PV}.tar.gz -> ${P}.tar.gz" + +LICENSE="BSL-1.1" +SLOT="0" +KEYWORDS="~amd64 ~arm ~arm64 ~x86" +IUSE="clang neon" + +S="${WORKDIR}/ZeroTierOne-${PV}" + +RDEPEND=" + dev-libs/json-glib + net-libs/libnatpmp + net-libs/miniupnpc:= + clang? ( >=sys-devel/clang-6:* )" + +DEPEND="${RDEPEND}" + +PATCHES=( + "${FILESDIR}/${PN}-1.4.6-respect-ldflags.patch" + "${FILESDIR}/${PN}-1.4.6-add-armv7a-support.patch" +) + +DOCS=( README.md AUTHORS.md ) + +LLVM_MAX_SLOT=11 + +llvm_check_deps() { + if use clang ; then + if ! has_version --host-root "sys-devel/clang:${LLVM_SLOT}" ; then + ewarn "sys-devel/clang:${LLVM_SLOT} is missing! Cannot use LLVM slot ${LLVM_SLOT} ..." + return 1 + fi + + if ! has_version --host-root "=sys-devel/lld-${LLVM_SLOT}*" ; then + ewarn "=sys-devel/lld-${LLVM_SLOT}* is missing! Cannot use LLVM slot ${LLVM_SLOT} ..." + return 1 + fi + + einfo "Will use LLVM slot ${LLVM_SLOT}!" + fi +} + +pkg_setup() { + if use clang && ! tc-is-clang ; then + export CC=${CHOST}-clang + export CXX=${CHOST}-clang++ + else + tc-export CXX CC + fi + use neon || export ZT_DISABLE_NEON=1 +} + +src_compile() { + append-ldflags -Wl,-z,noexecstack + emake CXX="${CXX}" STRIP=: one +} + +src_test() { + emake selftest + ./zerotier-selftest || die +} + +src_install() { + default + # remove pre-zipped man pages + rm "${ED}"/usr/share/man/{man1,man8}/* || die + + newinitd "${FILESDIR}/${PN}".init-r1 "${PN}" + systemd_dounit "${FILESDIR}/${PN}".service + doman doc/zerotier-{cli.1,idtool.1,one.8} +} -- cgit v1.2.3