Attachment #17606 for bug #28567




S=${WORKDIR}/${PARCH}
DESCRIPTION="Port of OpenBSD's free SSH release"
HOMEPAGE="http://www.openssh.com/"
IUSE="ipv6 static pam tcpd kerberos selinux X509 daemontools"
SRC_URI="ftp://ftp.openbsd.org/pub/unix/OpenBSD/OpenSSH/portable/${PARCH}.tar.gz
	selinux? http://lostlogicx.com/gentoo/openssh_3.6p1-5.se1.diff.bz2
	X509? http://roumenpetrov.info/openssh/x509g2/${X509_PATCH}"

	pam? ( >=sys-libs/pam-0.73
		>=sys-apps/shadow-4.0.2-r2 )
	kerberos? ( app-crypt/mit-krb5 )
	daemontools? ( >=sys-apps/daemontools-0.76 )
	selinux? ( sys-apps/selinux-small )
	afs? ( net-fs/openafs
		app-crypt/kth-krb ) :

LICENSE="as-is"
KEYWORDS="~x86 ~ppc ~sparc ~alpha ~mips ~hppa ~arm ~amd64"

pkg_setup() {
	if use daemontools ; then
		if ! grep -q ^sshlog /etc/group ; then
			groupadd sshlog || die "Failed to add group: sshlog"
		fi
    
		if ! grep -q ^sshlog /etc/passwd ; then
			useradd -g sshlog -d /dev/null -s /dev/null sshlog || die "Failed to add user: sshlog"
		fi
	fi 
}   

src_unpack() {
	unpack ${PARCH}.tar.gz ; cd ${S}


	dodoc ChangeLog CREDITS OVERVIEW README* TODO sshd_config
	insinto /etc/pam.d  ; newins ${FILESDIR}/sshd.pam sshd
	exeinto /etc/init.d ; newexe ${FILESDIR}/sshd.rc6 sshd
	if use daemontools && [ ! -d /etc/ssh/supervise ] ; then
		diropts -m 755 -o root
		dodir /etc/ssh/supervise /etc/ssh/supervise/log
		exeinto /etc/ssh/supervise ; newexe ${FILESDIR}/sshd.supervise.run run 
		exeinto /etc/ssh/supervise/log ; newexe ${FILESDIR}/sshd.supervise.log run

		diropts -m 755 -o sshlog -g sshlog
		dodir /var/log/sshd
		keepdir /var/log/sshd
    fi

	touch ${D}/var/empty/.keep
}


	# empty dir for the new priv separation auth chroot..
	install -d -m0755 -o root -g root ${ROOT}/var/empty

	if [ ! -e /etc/ssh/ssh_host_key ] ; then
		einfo "Generating Hostkey..."
		/usr/bin/ssh-keygen -t rsa1 -b 1024 -f /etc/ssh/ssh_host_key -N ''
	fi 
	if [ ! -e /etc/ssh/ssh_host_dsa_key ] ; then
		einfo "Generating DSA-Hostkey..."
		/usr/bin/ssh-keygen -d -f /etc/ssh/ssh_host_dsa_key -N ''
	fi 
	if [ ! -e /etc/ssh/ssh_host_rsa_key ] ; then
		einfo "Generating RSA-Hostkey..."
		/usr/bin/ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N ''
	fi

	einfo
	einfo "Remember to merge your config files in /etc/ssh!"
	einfo "As of version 3.4 the default is to enable the UsePrivelegeSeparation"

Return to bug 28567

Lines 12-18 Link Here

(-)openssh-3.6.1_p2-r2.ebuild (-1 / +38 lines)
12	S=${WORKDIR}/${PARCH}	12	S=${WORKDIR}/${PARCH}
13	DESCRIPTION="Port of OpenBSD's free SSH release"	13	DESCRIPTION="Port of OpenBSD's free SSH release"
14	HOMEPAGE="http://www.openssh.com/"	14	HOMEPAGE="http://www.openssh.com/"
15	IUSE="ipv6 static pam tcpd kerberos selinux X509"	15	IUSE="ipv6 static pam tcpd kerberos selinux X509 daemontools"
16	SRC_URI="ftp://ftp.openbsd.org/pub/unix/OpenBSD/OpenSSH/portable/${PARCH}.tar.gz	16	SRC_URI="ftp://ftp.openbsd.org/pub/unix/OpenBSD/OpenSSH/portable/${PARCH}.tar.gz
17	selinux? http://lostlogicx.com/gentoo/openssh_3.6p1-5.se1.diff.bz2	17	selinux? http://lostlogicx.com/gentoo/openssh_3.6p1-5.se1.diff.bz2
18	X509? http://roumenpetrov.info/openssh/x509g2/${X509_PATCH}"	18	X509? http://roumenpetrov.info/openssh/x509g2/${X509_PATCH}"
Lines 23-28 Link Here
23	pam? ( >=sys-libs/pam-0.73	23	pam? ( >=sys-libs/pam-0.73
24	>=sys-apps/shadow-4.0.2-r2 )	24	>=sys-apps/shadow-4.0.2-r2 )
25	kerberos? ( app-crypt/mit-krb5 )	25	kerberos? ( app-crypt/mit-krb5 )
		26	daemontools? ( >=sys-apps/daemontools-0.76 )
26	selinux? ( sys-apps/selinux-small )	27	selinux? ( sys-apps/selinux-small )
27	afs? ( net-fs/openafs	28	afs? ( net-fs/openafs
28	app-crypt/kth-krb ) :	29	app-crypt/kth-krb ) :
Lines 40-45 Link Here
40	LICENSE="as-is"	41	LICENSE="as-is"
41	KEYWORDS="~x86 ~ppc ~sparc ~alpha ~mips ~hppa ~arm ~amd64"	42	KEYWORDS="~x86 ~ppc ~sparc ~alpha ~mips ~hppa ~arm ~amd64"
42		43
		44	pkg_setup() {
		45	if use daemontools ; then
		46	if ! grep -q ^sshlog /etc/group ; then
		47	groupadd sshlog \|\| die "Failed to add group: sshlog"
		48	fi
		49
		50	if ! grep -q ^sshlog /etc/passwd ; then
		51	useradd -g sshlog -d /dev/null -s /dev/null sshlog \|\| die "Failed to add user: sshlog"
		52	fi
		53	fi
		54	}
		55
43	src_unpack() {	56	src_unpack() {
44	unpack ${PARCH}.tar.gz ; cd ${S}	57	unpack ${PARCH}.tar.gz ; cd ${S}
45		58
Lines 101-106 Link Here
101	dodoc ChangeLog CREDITS OVERVIEW README* TODO sshd_config	114	dodoc ChangeLog CREDITS OVERVIEW README* TODO sshd_config
102	insinto /etc/pam.d ; newins ${FILESDIR}/sshd.pam sshd	115	insinto /etc/pam.d ; newins ${FILESDIR}/sshd.pam sshd
103	exeinto /etc/init.d ; newexe ${FILESDIR}/sshd.rc6 sshd	116	exeinto /etc/init.d ; newexe ${FILESDIR}/sshd.rc6 sshd
		117	if use daemontools && [ ! -d /etc/ssh/supervise ] ; then
		118	diropts -m 755 -o root
		119	dodir /etc/ssh/supervise /etc/ssh/supervise/log
		120	exeinto /etc/ssh/supervise ; newexe ${FILESDIR}/sshd.supervise.run run
		121	exeinto /etc/ssh/supervise/log ; newexe ${FILESDIR}/sshd.supervise.log run
		122
		123	diropts -m 755 -o sshlog -g sshlog
		124	dodir /var/log/sshd
		125	keepdir /var/log/sshd
		126	fi
		127
104	touch ${D}/var/empty/.keep	128	touch ${D}/var/empty/.keep
105	}	129	}
106		130
Lines 118-123 Link Here
118	# empty dir for the new priv separation auth chroot..	142	# empty dir for the new priv separation auth chroot..
119	install -d -m0755 -o root -g root ${ROOT}/var/empty	143	install -d -m0755 -o root -g root ${ROOT}/var/empty
120		144
		145	if [ ! -e /etc/ssh/ssh_host_key ] ; then
		146	einfo "Generating Hostkey..."
		147	/usr/bin/ssh-keygen -t rsa1 -b 1024 -f /etc/ssh/ssh_host_key -N ''
		148	fi
		149	if [ ! -e /etc/ssh/ssh_host_dsa_key ] ; then
		150	einfo "Generating DSA-Hostkey..."
		151	/usr/bin/ssh-keygen -d -f /etc/ssh/ssh_host_dsa_key -N ''
		152	fi
		153	if [ ! -e /etc/ssh/ssh_host_rsa_key ] ; then
		154	einfo "Generating RSA-Hostkey..."
		155	/usr/bin/ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N ''
		156	fi
		157
121	einfo	158	einfo
122	einfo "Remember to merge your config files in /etc/ssh!"	159	einfo "Remember to merge your config files in /etc/ssh!"
123	einfo "As of version 3.4 the default is to enable the UsePrivelegeSeparation"	160	einfo "As of version 3.4 the default is to enable the UsePrivelegeSeparation"