summaryrefslogtreecommitdiffstats
path: root/meta/recipes-connectivity/openssh
diff options
context:
space:
mode:
authorScott Garman <scott.a.garman@intel.com>2010-08-31 18:33:01 (GMT)
committerRichard Purdie <rpurdie@linux.intel.com>2010-09-02 08:52:31 (GMT)
commit436d590c4a5b7b5942bac5b51af128bcdd30621f (patch)
treeceea9b9d54c51221fbe1555747bfadae8bfdb92d /meta/recipes-connectivity/openssh
parenta206fce2baac86c36aaf22755578d7b557f72b05 (diff)
downloadpoky-436d590c4a5b7b5942bac5b51af128bcdd30621f.tar.gz
openssh: new recipe addition
OpenSSH v5.6p1, derived from OpenEmbedded's recipe. Signed-off-by: Scott Garman <scott.a.garman@intel.com>
Diffstat (limited to 'meta/recipes-connectivity/openssh')
-rw-r--r--meta/recipes-connectivity/openssh/openssh-5.6p1/init88
-rw-r--r--meta/recipes-connectivity/openssh/openssh-5.6p1/nostrip.patch16
-rw-r--r--meta/recipes-connectivity/openssh/openssh-5.6p1/ssh_config46
-rw-r--r--meta/recipes-connectivity/openssh/openssh-5.6p1/sshd_config119
-rw-r--r--meta/recipes-connectivity/openssh/openssh_5.6p1.bb121
5 files changed, 390 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/openssh/openssh-5.6p1/init b/meta/recipes-connectivity/openssh/openssh-5.6p1/init
new file mode 100644
index 0000000..b16cbd6
--- /dev/null
+++ b/meta/recipes-connectivity/openssh/openssh-5.6p1/init
@@ -0,0 +1,88 @@
1#! /bin/sh
2set -e
3
4# /etc/init.d/ssh: start and stop the OpenBSD "secure shell" daemon
5
6test -x /usr/sbin/sshd || exit 0
7( /usr/sbin/sshd -\? 2>&1 | grep -q OpenSSH ) 2>/dev/null || exit 0
8
9if test -f /etc/default/ssh; then
10 . /etc/default/ssh
11fi
12
13check_for_no_start() {
14 # forget it if we're trying to start, and /etc/ssh/sshd_not_to_be_run exists
15 if [ -e /etc/ssh/sshd_not_to_be_run ]; then
16 echo "OpenBSD Secure Shell server not in use (/etc/ssh/sshd_not_to_be_run)"
17 exit 0
18 fi
19}
20
21check_privsep_dir() {
22 # Create the PrivSep empty dir if necessary
23 if [ ! -d /var/run/sshd ]; then
24 mkdir /var/run/sshd
25 chmod 0755 /var/run/sshd
26 fi
27}
28
29check_config() {
30 /usr/sbin/sshd -t || exit 1
31}
32
33check_keys() {
34 # create keys if necessary
35 if [ ! -f /etc/ssh/ssh_host_rsa_key ]; then
36 echo " generating ssh RSA key..."
37 ssh-keygen -q -f /etc/ssh/ssh_host_rsa_key -N '' -t rsa
38 fi
39 if [ ! -f /etc/ssh/ssh_host_dsa_key ]; then
40 echo " generating ssh DSA key..."
41 ssh-keygen -q -f /etc/ssh/ssh_host_dsa_key -N '' -t dsa
42 fi
43}
44
45export PATH="${PATH:+$PATH:}/usr/sbin:/sbin"
46
47case "$1" in
48 start)
49 check_for_no_start
50 echo "Starting OpenBSD Secure Shell server: sshd"
51 check_keys
52 check_privsep_dir
53 start-stop-daemon -S -x /usr/sbin/sshd -- $SSHD_OPTS
54 echo "done."
55 ;;
56 stop)
57 echo -n "Stopping OpenBSD Secure Shell server: sshd"
58 start-stop-daemon -K -x /usr/sbin/sshd
59 echo "."
60 ;;
61
62 reload|force-reload)
63 check_for_no_start
64 check_keys
65 check_config
66 echo -n "Reloading OpenBSD Secure Shell server's configuration"
67 start-stop-daemon -K -s 1 -x /usr/sbin/sshd
68 echo "."
69 ;;
70
71 restart)
72 check_keys
73 check_config
74 echo -n "Restarting OpenBSD Secure Shell server: sshd"
75 start-stop-daemon -K -x /usr/sbin/sshd
76 check_for_no_start
77 check_privsep_dir
78 sleep 2
79 start-stop-daemon -S -x /usr/sbin/sshd -- $SSHD_OPTS
80 echo "."
81 ;;
82
83 *)
84 echo "Usage: /etc/init.d/ssh {start|stop|reload|force-reload|restart}"
85 exit 1
86esac
87
88exit 0
diff --git a/meta/recipes-connectivity/openssh/openssh-5.6p1/nostrip.patch b/meta/recipes-connectivity/openssh/openssh-5.6p1/nostrip.patch
new file mode 100644
index 0000000..a88e18e
--- /dev/null
+++ b/meta/recipes-connectivity/openssh/openssh-5.6p1/nostrip.patch
@@ -0,0 +1,16 @@
1# Disable stripping binaries during make install.
2#
3# Signed-off-by: Scott Garman <scott.a.garman@intel.com>
4
5diff -ur openssh-5.6p1.orig/Makefile.in openssh-5.6p1/Makefile.in
6--- openssh-5.6p1.orig/Makefile.in 2010-05-11 23:51:39.000000000 -0700
7+++ openssh-5.6p1/Makefile.in 2010-08-30 16:49:54.000000000 -0700
8@@ -29,7 +29,7 @@
9 RAND_HELPER=$(libexecdir)/ssh-rand-helper
10 PRIVSEP_PATH=@PRIVSEP_PATH@
11 SSH_PRIVSEP_USER=@SSH_PRIVSEP_USER@
12-STRIP_OPT=@STRIP_OPT@
13+STRIP_OPT=
14
15 PATHS= -DSSHDIR=\"$(sysconfdir)\" \
16 -D_PATH_SSH_PROGRAM=\"$(SSH_PROGRAM)\" \
diff --git a/meta/recipes-connectivity/openssh/openssh-5.6p1/ssh_config b/meta/recipes-connectivity/openssh/openssh-5.6p1/ssh_config
new file mode 100644
index 0000000..4a4a649
--- /dev/null
+++ b/meta/recipes-connectivity/openssh/openssh-5.6p1/ssh_config
@@ -0,0 +1,46 @@
1# $OpenBSD: ssh_config,v 1.25 2009/02/17 01:28:32 djm Exp $
2
3# This is the ssh client system-wide configuration file. See
4# ssh_config(5) for more information. This file provides defaults for
5# users, and the values can be changed in per-user configuration files
6# or on the command line.
7
8# Configuration data is parsed as follows:
9# 1. command line options
10# 2. user-specific file
11# 3. system-wide file
12# Any configuration value is only changed the first time it is set.
13# Thus, host-specific definitions should be at the beginning of the
14# configuration file, and defaults at the end.
15
16# Site-wide defaults for some commonly used options. For a comprehensive
17# list of available options, their meanings and defaults, please see the
18# ssh_config(5) man page.
19
20Host *
21 ForwardAgent yes
22 ForwardX11 yes
23# RhostsRSAAuthentication no
24# RSAAuthentication yes
25# PasswordAuthentication yes
26# HostbasedAuthentication no
27# GSSAPIAuthentication no
28# GSSAPIDelegateCredentials no
29# BatchMode no
30# CheckHostIP yes
31# AddressFamily any
32# ConnectTimeout 0
33# StrictHostKeyChecking ask
34# IdentityFile ~/.ssh/identity
35# IdentityFile ~/.ssh/id_rsa
36# IdentityFile ~/.ssh/id_dsa
37# Port 22
38# Protocol 2,1
39# Cipher 3des
40# Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc
41# MACs hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160
42# EscapeChar ~
43# Tunnel no
44# TunnelDevice any:any
45# PermitLocalCommand no
46# VisualHostKey no
diff --git a/meta/recipes-connectivity/openssh/openssh-5.6p1/sshd_config b/meta/recipes-connectivity/openssh/openssh-5.6p1/sshd_config
new file mode 100644
index 0000000..4f9b626
--- /dev/null
+++ b/meta/recipes-connectivity/openssh/openssh-5.6p1/sshd_config
@@ -0,0 +1,119 @@
1# $OpenBSD: sshd_config,v 1.80 2008/07/02 02:24:18 djm Exp $
2
3# This is the sshd server system-wide configuration file. See
4# sshd_config(5) for more information.
5
6# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
7
8# The strategy used for options in the default sshd_config shipped with
9# OpenSSH is to specify options with their default value where
10# possible, but leave them commented. Uncommented options change a
11# default value.
12
13#Port 22
14#AddressFamily any
15#ListenAddress 0.0.0.0
16#ListenAddress ::
17
18# Disable legacy (protocol version 1) support in the server for new
19# installations. In future the default will change to require explicit
20# activation of protocol 1
21Protocol 2
22
23# HostKey for protocol version 1
24#HostKey /etc/ssh/ssh_host_key
25# HostKeys for protocol version 2
26#HostKey /etc/ssh/ssh_host_rsa_key
27#HostKey /etc/ssh/ssh_host_dsa_key
28
29# Lifetime and size of ephemeral version 1 server key
30#KeyRegenerationInterval 1h
31#ServerKeyBits 1024
32
33# Logging
34# obsoletes QuietMode and FascistLogging
35#SyslogFacility AUTH
36#LogLevel INFO
37
38# Authentication:
39
40#LoginGraceTime 2m
41#PermitRootLogin yes
42#StrictModes yes
43#MaxAuthTries 6
44#MaxSessions 10
45
46#RSAAuthentication yes
47#PubkeyAuthentication yes
48#AuthorizedKeysFile .ssh/authorized_keys
49
50# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
51#RhostsRSAAuthentication no
52# similar for protocol version 2
53#HostbasedAuthentication no
54# Change to yes if you don't trust ~/.ssh/known_hosts for
55# RhostsRSAAuthentication and HostbasedAuthentication
56#IgnoreUserKnownHosts no
57# Don't read the user's ~/.rhosts and ~/.shosts files
58#IgnoreRhosts yes
59
60# To disable tunneled clear text passwords, change to no here!
61#PasswordAuthentication yes
62#PermitEmptyPasswords no
63
64# Change to no to disable s/key passwords
65#ChallengeResponseAuthentication yes
66
67# Kerberos options
68#KerberosAuthentication no
69#KerberosOrLocalPasswd yes
70#KerberosTicketCleanup yes
71#KerberosGetAFSToken no
72
73# GSSAPI options
74#GSSAPIAuthentication no
75#GSSAPICleanupCredentials yes
76
77# Set this to 'yes' to enable PAM authentication, account processing,
78# and session processing. If this is enabled, PAM authentication will
79# be allowed through the ChallengeResponseAuthentication and
80# PasswordAuthentication. Depending on your PAM configuration,
81# PAM authentication via ChallengeResponseAuthentication may bypass
82# the setting of "PermitRootLogin without-password".
83# If you just want the PAM account and session checks to run without
84# PAM authentication, then enable this but set PasswordAuthentication
85# and ChallengeResponseAuthentication to 'no'.
86#UsePAM no
87
88#AllowAgentForwarding yes
89#AllowTcpForwarding yes
90#GatewayPorts no
91#X11Forwarding no
92#X11DisplayOffset 10
93#X11UseLocalhost yes
94#PrintMotd yes
95#PrintLastLog yes
96#TCPKeepAlive yes
97#UseLogin no
98UsePrivilegeSeparation yes
99#PermitUserEnvironment no
100Compression no
101ClientAliveInterval 15
102ClientAliveCountMax 4
103#UseDNS yes
104#PidFile /var/run/sshd.pid
105#MaxStartups 10
106#PermitTunnel no
107#ChrootDirectory none
108
109# no default banner path
110#Banner none
111
112# override default of no subsystems
113Subsystem sftp /usr/libexec/sftp-server
114
115# Example of overriding settings on a per-user basis
116#Match User anoncvs
117# X11Forwarding no
118# AllowTcpForwarding no
119# ForceCommand cvs server
diff --git a/meta/recipes-connectivity/openssh/openssh_5.6p1.bb b/meta/recipes-connectivity/openssh/openssh_5.6p1.bb
new file mode 100644
index 0000000..718e03a
--- /dev/null
+++ b/meta/recipes-connectivity/openssh/openssh_5.6p1.bb
@@ -0,0 +1,121 @@
1DESCRIPTION = "Secure rlogin/rsh/rcp/telnet replacement (OpenSSH) \
2Ssh (Secure Shell) is a program for logging into a remote machine \
3and for executing commands on a remote machine."
4HOMEPAGE = "http://openssh.org"
5SECTION = "console/network"
6LICENSE = "BSD"
7LIC_FILES_CHKSUM = "file://LICENCE;md5=7ae09218173be1643c998a4b71027f9b"
8
9PR = "r0"
10
11DEPENDS = "zlib openssl"
12DEPENDS += "${@base_contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}"
13
14PROVIDES = "ssh sshd"
15RPROVIDES = "ssh sshd"
16
17CONFLICTS_${PN} = "dropbear"
18RCONFLICTS_${PN}-sshd = "dropbear"
19RCONFLICTS_${PN}-keygen = "ssh-keygen"
20
21SRC_URI = "ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar.gz \
22 file://nostrip.patch \
23 file://sshd_config \
24 file://ssh_config \
25 file://init \
26 "
27SRC_URI[md5sum] = "e6ee52e47c768bf0ec42a232b5d18fb0"
28SRC_URI[sha256sum] = "538af53b2b8162c21a293bb004ae2bdb141abd250f61b4cea55244749f3c6c2b"
29
30inherit autotools
31
32# LFS support:
33CFLAGS += "-D__FILE_OFFSET_BITS=64"
34export LD = "${CC}"
35
36EXTRA_OECONF = "--with-rand-helper=no \
37 ${@base_contains('DISTRO_FEATURES', 'pam', '--with-pam', '--without-pam', d)} \
38 --without-zlib-version-check \
39 --with-privsep-path=/var/run/sshd \
40 --sysconfdir=${sysconfdir}/ssh \
41 --with-xauth=/usr/bin/xauth"
42
43# This is a workaround for uclibc because including stdio.h
44# pulls in pthreads.h and causes conflicts in function prototypes.
45# This results in compilation failure, so unless this is fixed,
46# disable pam for uclibc.
47EXTRA_OECONF_append_libc-uclibc=" --without-pam"
48
49do_configure_prepend () {
50 if [ ! -e acinclude.m4 -a -e aclocal.m4 ]; then
51 cp aclocal.m4 acinclude.m4
52 fi
53}
54
55do_compile_append () {
56 install -m 0644 ${WORKDIR}/sshd_config ${S}/
57 install -m 0644 ${WORKDIR}/ssh_config ${S}/
58}
59
60do_install_append () {
61 install -d ${D}${sysconfdir}/init.d
62 install -m 0755 ${WORKDIR}/init ${D}${sysconfdir}/init.d/sshd
63 mv ${D}${bindir}/scp ${D}${bindir}/scp.${PN}
64 mv ${D}${bindir}/ssh ${D}${bindir}/ssh.${PN}
65 rm -f ${D}${bindir}/slogin ${D}${datadir}/Ssh.bin
66 rmdir ${D}/var/run/sshd ${D}/var/run ${D}/var
67}
68
69PACKAGES =+ "${PN}-keygen ${PN}-scp ${PN}-ssh ${PN}-sshd ${PN}-sftp ${PN}-misc ${PN}-sftp-server"
70FILES_${PN}-scp = "${bindir}/scp.${PN}"
71FILES_${PN}-ssh = "${bindir}/ssh.${PN} ${sysconfdir}/ssh/ssh_config"
72FILES_${PN}-sshd = "${sbindir}/sshd ${sysconfdir}/init.d/sshd"
73FILES_${PN}-sshd += "${sysconfdir}/ssh/moduli ${sysconfdir}/ssh/sshd_config"
74FILES_${PN}-sftp = "${bindir}/sftp"
75FILES_${PN}-sftp-server = "${libdir}exec/sftp-server"
76FILES_${PN}-misc = "${bindir}/ssh* ${libdir}exec/ssh*"
77FILES_${PN}-keygen = "${bindir}/ssh-keygen"
78
79RDEPENDS_${PN} += "${PN}-scp ${PN}-ssh ${PN}-sshd ${PN}-keygen"
80DEPENDS_${PN}-sshd += "update-rc.d"
81RDEPENDS_${PN}-sshd += "update-rc.d ${PN}-keygen"
82
83pkg_postinst_${PN}-sshd () {
84 if [ "x$D" != "x" ]; then
85 exit 1
86 else
87 addgroup sshd
88 adduser --system --home /var/run/sshd --no-create-home --disabled-password --ingroup sshd -s /bin/false sshd
89 update-rc.d sshd defaults 9
90 fi
91}
92
93pkg_postinst_${PN}-scp () {
94 update-alternatives --install ${bindir}/scp scp scp.${PN} 90
95}
96
97pkg_postinst_${PN}-ssh () {
98 update-alternatives --install ${bindir}/ssh ssh ssh.${PN} 90
99}
100
101pkg_postrm_${PN}-ssh () {
102 update-alternatives --remove ${bindir}/ssh ssh.${PN}
103}
104
105pkg_postrm_${PN}-scp () {
106 update-alternatives --remove ${bindir}/scp scp.${PN}
107}
108
109pkg_postrm_${PN}-sshd () {
110 if [ "x$D" != "x" ]; then
111 exit 1
112 else
113 ${sysconfdir}/init.d/sshd stop
114 deluser sshd
115 delgroup sshd
116 update-rc.d -f sshd remove
117 fi
118}
119
120CONFFILES_${PN}-sshd = "${sysconfdir}/ssh/sshd_config"
121CONFFILES_${PN}-ssh = "${sysconfdir}/ssh/ssh_config"