openssh 9.6p1-1

PKGBUILD

@@ -0,0 +1,83 @@
+# Maintainer: Future Linux Team <futurelinux@163.com>
+
+pkgname=openssh
+pkgver=9.6p1
+pkgrel=1
+pkgdesc="SSH protocol implementation for remote login, command execution and file transfer"
+arch=('x86_64')
+url="https://www.openssh.com/portable.html"
+license=('BSD-2-Clause' 'BSD-3-Clause' 'ISC' 'LicenseRef-Public-Domain' 'MIT')
+groups=('base-devel')
+depends=('glibc')
+makedepends=('libxcrypt' 'openssl' 'linux-pam' 'zlib')
+backup=(etc/pam.d/sshd
+	etc/ssh/ssh_config
+	etc/ssh/sshd_config)
+install=${pkgname}.install
+source=(https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/${pkgname}-${pkgver}.tar.gz
+	sshd.service
+	sshd@.service
+	sshd.socket
+	sshd.pam)
+sha256sums=(910211c07255a8c5ad654391b40ee59800710dd8119dd5362de09385aa7a777c
+	d5315c06d024b450bdff521c5680257609006d3b9bec9bfb9fee8c07ce2821ab
+	c764855f85eb06e453e56099b2fdb010ee5833d5086588478e1208b7cf72be92
+	efc5cf5e700036acdae0602bc551f71adf9a29af8b85505db7195382fc475f03
+	15e711122662d6c7cc7f671b688f1e1709c543d2e61e61e2832c52d6d55f0530)
+
+ prepare() {
+ 	cd ${pkgname}-${pkgver}
+
+ 	# remove variable (but useless) first line in config (related to upstream VCS)
+ 	sed '/^#.*\$.*\$$/d' -i ssh{,d}_config
+
+ 	# prepend configuration option to include drop-in configuration files for sshd_config
+ 	printf "# Include drop-in configurations\nInclude /etc/ssh/sshd_config.d/*.conf\n" | cat - sshd_config > sshd_config.tmp
+ 	mv -v sshd_config.tmp sshd_config
+ 	# prepend configuration option to include drop-in configuration files for ssh_config
+ 	printf "# Include drop-in configurations\nInclude /etc/ssh/ssh_config.d/*.conf\n" | cat - ssh_config > ssh_config.tmp
+ 	mv -v ssh_config.tmp ssh_config
+
+ }
+
+ build() {
+ 	cd ${pkgname}-${pkgver}
+
+ 	${CONFIGURE}                                     \
+ 		--sysconfdir=/etc/ssh                    \
+ 		--with-privsep-path=/var/lib/sshd        \
+ 		--with-default-path=/usr/bin             \
+ 		--with-superuser-path=/usr/sbin:/usr/bin \
+ 		--with-pid-dir=/run                      \
+ 		--with-pam                               \
+ 		--with-ssl-engine                        \
+ 		--with-privsep-user=nobody
+
+ 	make
+ }
+
+package() {
+	cd ${pkgname}-${pkgver}
+
+	make DESTDIR=${pkgdir} install
+
+	install -v -m755    contrib/ssh-copy-id ${pkgdir}/usr/bin
+
+	install -v -m644    contrib/ssh-copy-id.1 ${pkgdir}/usr/share/man/man1
+	install -vdm755 -d  ${pkgdir}/usr/share/doc/${pkgname}-${pkgver}
+	install -v -m644    INSTALL LICENCE OVERVIEW README* ${pkgdir}/usr/share/doc/${pkgname}-${pkgver}
+
+	install -v -g sys -m700 -d ${pkgdir}/var/lib/sshd
+
+	install -Dm 644 ${srcdir}/sshd.pam ${pkgdir}/etc/pam.d/sshd
+
+	install -Dm 644 ${srcdir}/sshd.service  ${pkgdir}/usr/lib/systemd/system/sshd.service
+	install -Dm 644 ${srcdir}/sshd@.service ${pkgdir}/usr/lib/systemd/system/sshd@.service
+	install -Dm 644 ${srcdir}/sshd.socket   ${pkgdir}/usr/lib/systemd/system/sshd.socket
+
+	# PAM feature
+	sed -i	-e '/^#ChallengeResponseAuthentication yes$/c ChallengeResponseAuthentication no' \
+			-e '/^#PrintMotd yes$/c PrintMotd no # pam does that' \
+			-e '/^#UsePAM no$/c UsePAM yes' \
+			${pkgdir}/etc/ssh/sshd_config
+}

openssh.install

@@ -0,0 +1,33 @@
+# This is a default template for a post-install scriptlet.
+# Uncomment only required functions and remove any functions
+# you don't need (and this header).
+
+post_install() {
+	if [ "$(getent group sshd | cut -d ":" -f 3)" != "52" ]; then
+		groupadd -g 50 sshd
+	fi
+	if [ "$(getent passwd sshd | cut -d ":" -f 3)" != "52" ]; then
+		useradd -c 'sshd PrivSep' \
+			-d /var/lib/sshd  \
+			-g sshd           \
+			-s /bin/false     \
+			-u 50 sshd
+	fi
+
+	systemctl enable sshd.service
+	usr/bin/ssh-keygen -A
+}
+
+post_upgrade() {
+	post_install
+}
+
+pre_remove() {
+	systemctl stop sshd.service
+	systemctl disable sshd.service
+}
+
+post_remove() {
+	groupdel sshd 2>/dev/null || true
+	userdel sshd 2>/dev/null  || true
+}

sshd.pam

@@ -0,0 +1,42 @@
+# Begin /etc/pam.d/sshd
+
+# Set failure delay before next prompt to 3 seconds
+auth      optional    pam_faildelay.so  delay=3000000
+
+# Check to make sure that the user is allowed to login
+auth      requisite   pam_nologin.so
+
+# Check to make sure that root is allowed to login
+# Disabled by default. You will need to create /etc/securetty
+# file for this module to function. See man 5 securetty.
+#auth      required    pam_securetty.so
+
+# Additional group memberships - disabled by default
+#auth      optional    pam_group.so
+
+# include system auth settings
+auth      include     system-auth
+
+# check access for the user
+account   required    pam_access.so
+
+# include system account settings
+account   include     system-account
+
+# Set default environment variables for the user
+session   required    pam_env.so
+
+# Set resource limits for the user
+session   required    pam_limits.so
+
+# Display the message of the day - Disabled by default
+#session   optional    pam_motd.so
+
+# Check user's mail - Disabled by default
+#session   optional    pam_mail.so      standard quiet
+
+# include system session and password settings
+session   include     system-session
+password  include     system-password
+
+# End /etc/pam.d/sshd

sshd.service

@@ -0,0 +1,11 @@
+[Unit]
+Description=OpenSSH Daemon
+
+[Service]
+ExecStart=/usr/sbin/sshd -D
+ExecReload=/bin/kill -HUP $MAINPID
+KillMode=process
+Restart=always
+
+[Install]
+WantedBy=multi-user.target

sshd.socket

@@ -0,0 +1,9 @@
+[Unit]
+Conflicts=sshd.service
+
+[Socket]
+ListenStream=22
+Accept=yes
+
+[Install]
+WantedBy=sockets.target

sshd@.service

@@ -0,0 +1,7 @@
+[Unit]
+Description=SSH Per-Connection Server
+
+[Service]
+ExecStart=-/usr/sbin/sshd -i
+StandardInput=socket
+StandardError=syslog