Add new packages and build scripts for various libraries
- Added Nuklear GUI library with build script and configuration. - Introduced OpenH264 encoder/decoder with build configuration. - Added PortAudio library for audio I/O with custom build script. - Included Python Execnet for multi-Python deployment. - Added Pytest Xdist plugin for distributed testing. - Introduced Shaderc for shader compilation tools. - Added Snappy compression library with necessary patches and configuration. - Included SoundTouch audio processing library with build configuration. - Added SRT library for secure reliable transport. - Introduced VapourSynth video processing framework with configuration. - Added Vid.stab for video stabilization. - Included WebRTC Audio Processing library with build configuration. - Added X264 video encoding library with patches for POSIX compliance. - Introduced X265 video encoder with build configuration. - Added XKeyboard Config for X keyboard configuration files. - Included Xorg XKBComp for keyboard description compilation. - Added Xvidcore MPEG-4 video codec library with configuration. - Introduced ZeroMQ messaging system with patches and build configuration. - Added Zimg library for scaling and colorspace conversion.
This commit is contained in:
@@ -30,7 +30,7 @@ description = "source-based package manager designed for Linux, focuses on repro
|
||||
homepage = "https://gitlab.com/sfg-os/depot"
|
||||
license = "MIT"
|
||||
name = "depot"
|
||||
version = "0.32.1"
|
||||
version = "0.33.1"
|
||||
revision = 1
|
||||
|
||||
[[source]]
|
||||
|
||||
@@ -0,0 +1,74 @@
|
||||
[build]
|
||||
type = "autotools"
|
||||
|
||||
[build.flags]
|
||||
configure = [
|
||||
"--disable-lastlog",
|
||||
"--disable-strip",
|
||||
"--libexecdir=/usr/lib/ssh",
|
||||
"--sysconfdir=/etc/ssh",
|
||||
"--with-default-path='/usr/local/sbin:/usr/local/bin:/usr/bin'",
|
||||
"--with-libedit",
|
||||
"--with-pam",
|
||||
"--with-pid-dir=/run",
|
||||
"--with-privsep-path=/usr/share/empty.sshd",
|
||||
"--with-privsep-user=nobody",
|
||||
"--with-security-key-builtin",
|
||||
"--with-ssl-engine",
|
||||
"--with-xauth=/usr/bin/xauth",
|
||||
"--without-zlib-version-check",
|
||||
]
|
||||
post_install = [
|
||||
"install -Dm644 ../sshd.pam $DESTDIR/etc/pam.d/sshd",
|
||||
"install -D -m644 ../sshd.confd $DESTDIR/etc/conf.d/sshd",
|
||||
"install -Dm755 ./contrib/ssh-copy-id $DESTDIR/usr/bin/ssh-copy-id",
|
||||
"install -Dm644 ../sshd.nft $DESTDIR/usr/share/nftables.avail/50_sshd.nft",
|
||||
"mkdir -p $DESTDIR/etc/ssh/ssh_config.d",
|
||||
"mkdir -p $DESTDIR/etc/ssh/sshd_config.d",
|
||||
"install -Dm755 contrib/findssl.sh -t $DESTDIR/usr/bin/",
|
||||
"install -Dm644 contrib/ssh-copy-id.1 -t $DESTDIR/usr/share/man/man1/",
|
||||
]
|
||||
skip_tests = true
|
||||
keep = [ "etc/pam.d/sshd", "etc/conf.d/sshd" ]
|
||||
|
||||
[dependencies]
|
||||
build = [
|
||||
"linux-headers",
|
||||
"libfido2",
|
||||
]
|
||||
optional = [
|
||||
"libfido2",
|
||||
"sh",
|
||||
"x11-ssh-askpass",
|
||||
"xorg-xauth",
|
||||
]
|
||||
runtime = [
|
||||
"glibc",
|
||||
"libedit",
|
||||
"libxcrypt",
|
||||
"openssl",
|
||||
"pam",
|
||||
"zlib-ng",
|
||||
]
|
||||
|
||||
[package]
|
||||
description = "SSH protocol implementation for remote login, command execution and file transfer"
|
||||
homepage = "https://www.openssh.com/portable.html"
|
||||
license = [
|
||||
"0BSD",
|
||||
"BSD-2-Clause",
|
||||
"BSD-3-Clause",
|
||||
"ISC",
|
||||
"LicenseRef-Public-Domain",
|
||||
"MIT",
|
||||
]
|
||||
name = "openssh"
|
||||
version = "10.2p1"
|
||||
|
||||
[[source]]
|
||||
extract_dir = "$name-$version"
|
||||
sha256 = "ccc42c0419937959263fa1dbd16dafc18c56b984c03562d2937ce56a60f798b2"
|
||||
url = "https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/$name-$version.tar.gz"
|
||||
|
||||
[[manual_sources]]
|
||||
files = [ "sshd.initd", "sshd.confd", "sshd.nft", "sshd.pam" ]
|
||||
@@ -0,0 +1,26 @@
|
||||
# Configuration for /etc/init.d/sshd
|
||||
|
||||
# Path of sshd_config file.
|
||||
#cfgfile="/etc/ssh/sshd_config"
|
||||
|
||||
# Any random options you want to pass to sshd.
|
||||
# See the sshd(8) manpage for more info.
|
||||
#command_args=""
|
||||
|
||||
# Space-separated list of SSH host key types to generate if they do
|
||||
# not already exist. An empty value means generate all of the default
|
||||
# set of dsa, ecdsa, ed25519, and rsa types.
|
||||
#
|
||||
# Example: "ed25519 rsa".
|
||||
#
|
||||
#key_types_to_generate=""
|
||||
|
||||
# The number of bits to use for a generated ECDSA SSH host key.
|
||||
# Defaults to 256 bits if not set.
|
||||
#
|
||||
#ecdsa_bit_size="256"
|
||||
|
||||
# Number of bits for use for a generated RSA SSH host key.
|
||||
# Defaults to 3072 bits if not set.
|
||||
#
|
||||
#rsa_bit_size="3072"
|
||||
@@ -0,0 +1,159 @@
|
||||
#!/sbin/openrc-run
|
||||
|
||||
description="OpenBSD Secure Shell server"
|
||||
description_checkconfig="Verify configuration file"
|
||||
description_reload="Reload configuration"
|
||||
|
||||
extra_commands="checkconfig"
|
||||
extra_started_commands="reload"
|
||||
|
||||
# NOTE: SSHD_* variables are deprecated and will be removed in future!
|
||||
: "${sshd_disable_keygen:="${SSHD_DISABLE_KEYGEN:-"no"}"}"
|
||||
: "${cfgfile:=${SSHD_CONFIG:-"${SSHD_CONFDIR:-"/etc/ssh"}/sshd_config"}}"
|
||||
|
||||
pidfile="${SSHD_PIDFILE:-"/run/$RC_SVCNAME.pid"}"
|
||||
command="${SSHD_BINARY:-"/usr/sbin/sshd"}"
|
||||
command_args="${command_args:-${SSHD_OPTS:-}}"
|
||||
|
||||
required_files="$cfgfile"
|
||||
|
||||
generate_host_key_type() {
|
||||
local bit_size key_type
|
||||
|
||||
key_type=$1
|
||||
if [ ! -f /etc/ssh/ssh_host_"${key_type}"_key ]; then
|
||||
case $key_type in
|
||||
ecdsa) bit_size="$ecdsa_bit_size";;
|
||||
rsa) bit_size="$rsa_bit_size";;
|
||||
esac
|
||||
einfo "Generating $key_type SSH host key..."
|
||||
ssh-keygen \
|
||||
-q \
|
||||
-f /etc/ssh/ssh_host_"$key_type"_key \
|
||||
-N '' \
|
||||
-t "$key_type" \
|
||||
${bit_size:+ -b ${bit_size}} || return 1
|
||||
fi
|
||||
}
|
||||
|
||||
generate_host_keys() {
|
||||
local type
|
||||
|
||||
if [ -z "$key_types_to_generate" ] &&
|
||||
[ -z "$ecdsa_bit_size" ] && [ -z "$rsa_bit_size" ]; then
|
||||
ssh-keygen -A
|
||||
return
|
||||
fi
|
||||
for type in ${key_types_to_generate:-dsa ecdsa ed25519 rsa}; do
|
||||
generate_host_key_type "$type" || return 1
|
||||
done
|
||||
}
|
||||
|
||||
print_config() {
|
||||
"$command" -f "$cfgfile" -G 2>/dev/null
|
||||
}
|
||||
|
||||
match_config() {
|
||||
print_config | grep -iqxE -e "$1"
|
||||
}
|
||||
|
||||
print_listen_addresses() {
|
||||
print_config | awk '$1 == "listenaddress" && $2 !~ /^(0.0.0.0|\[::\])/ { print $2 }'
|
||||
}
|
||||
|
||||
depend() {
|
||||
use logger dns
|
||||
after entropy
|
||||
|
||||
if [ "${rc_need+set}" = "set" ] ; then
|
||||
: # Do nothing, the user has explicitly set rc_need
|
||||
else
|
||||
# shellcheck disable=SC2155
|
||||
local x addrs="$(print_listen_addresses)"
|
||||
if [ -n "$addrs" ] ; then
|
||||
need net
|
||||
ewarn "You are binding an interface in ListenAddress statement in your sshd_config!"
|
||||
ewarn "You must add rc_need=\"net.FOO\" to your /etc/conf.d/sshd"
|
||||
ewarn "where FOO is the interface(s) providing the following address(es):"
|
||||
for x in $addrs; do
|
||||
ewarn " ${x%:*}"
|
||||
done
|
||||
fi
|
||||
fi
|
||||
}
|
||||
|
||||
update_command() {
|
||||
if [ -x /usr/sbin/sshd.krb5 ] && command="/usr/sbin/sshd.krb5" \
|
||||
match_config "(Kerberos|GSSAPI)Authentication yes"; then
|
||||
command="${SSHD_BINARY:-"/usr/sbin/sshd.krb5"}"
|
||||
elif [ -x /usr/sbin/sshd.pam ] && command="/usr/sbin/sshd.pam" \
|
||||
match_config "UsePAM yes"; then
|
||||
command="${SSHD_BINARY:-"/usr/sbin/sshd.pam"}"
|
||||
fi
|
||||
}
|
||||
|
||||
checkconfig() {
|
||||
update_command
|
||||
warn_deprecated_var SSHD_BINARY
|
||||
warn_deprecated_var SSHD_CONFDIR
|
||||
warn_deprecated_var SSHD_CONFIG cfgfile
|
||||
warn_deprecated_var SSHD_DISABLE_KEYGEN sshd_disable_keygen
|
||||
warn_deprecated_var SSHD_OPTS command_args
|
||||
warn_deprecated_var SSHD_PIDFILE
|
||||
|
||||
if ! yesno "$sshd_disable_keygen"; then
|
||||
generate_host_keys || return 1
|
||||
fi
|
||||
|
||||
[ "$pidfile" != "/run/sshd.pid" ] \
|
||||
&& command_args="$command_args -o PidFile=$pidfile"
|
||||
|
||||
[ "$cfgfile" != "/etc/ssh/sshd_config" ] \
|
||||
&& command_args="$command_args -f $cfgfile"
|
||||
|
||||
# shellcheck disable=SC2086
|
||||
"$command" -t $command_args || return 1
|
||||
}
|
||||
|
||||
start_pre() {
|
||||
checkconfig
|
||||
}
|
||||
|
||||
stop_pre() {
|
||||
update_command
|
||||
if [ "${RC_CMD}" = "restart" ] ; then
|
||||
checkconfig || return 1
|
||||
fi
|
||||
}
|
||||
|
||||
stop_post() {
|
||||
if [ "$RC_RUNLEVEL" = "shutdown" ]; then
|
||||
_sshd_pids=$(pgrep "sshd-session:")
|
||||
if [ -n "$_sshd_pids" ]; then
|
||||
ebegin "Shutting down ssh connections"
|
||||
# shellcheck disable=SC2086
|
||||
kill -TERM $_sshd_pids >/dev/null 2>&1
|
||||
eend 0
|
||||
fi
|
||||
fi
|
||||
}
|
||||
|
||||
reload() {
|
||||
checkconfig || return 1
|
||||
|
||||
ebegin "Reloading $RC_SVCNAME"
|
||||
start-stop-daemon --signal HUP \
|
||||
--exec "$command" --pidfile "$pidfile"
|
||||
eend $?
|
||||
}
|
||||
|
||||
warn_deprecated_var() {
|
||||
local varname="$1"
|
||||
local replacement="${2:-}"
|
||||
|
||||
eval "test -n \"\$$varname\"" || return 0
|
||||
|
||||
ewarn "Variable \$$varname is deprecated and will be removed in the future!"
|
||||
# shellcheck disable=SC2015
|
||||
[ "$replacement" ] && ewarn "Use \$$replacement instead of \$$varname." ||:
|
||||
}
|
||||
@@ -0,0 +1,5 @@
|
||||
table inet filter {
|
||||
chain input {
|
||||
tcp dport 22 accept comment "accept SSH"
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,40 @@
|
||||
# Begin /etc/pam.d/sshd
|
||||
|
||||
# Set failure delay before next prompt to 3 seconds
|
||||
auth optional pam_faildelay.so delay=3000000
|
||||
|
||||
# Check to make sure that the user is allowed to sshd
|
||||
auth requisite pam_nosshd.so
|
||||
|
||||
# Check to make sure that root is allowed to sshd
|
||||
# Disabled by default. You will need to create /etc/securetty
|
||||
# file for this module to function. See man 5 securetty.
|
||||
#auth required pam_securetty.so
|
||||
|
||||
# Additional group memberships - disabled by default
|
||||
#auth optional pam_group.so
|
||||
|
||||
# include system auth settings
|
||||
auth include system-auth
|
||||
|
||||
# check access for the user
|
||||
account required pam_access.so
|
||||
|
||||
# include system account settings
|
||||
account include system-account
|
||||
|
||||
# Set default environment variables for the user
|
||||
session required pam_env.so
|
||||
|
||||
# Set resource limits for the user
|
||||
session required pam_limits.so
|
||||
|
||||
# Display the message of the day - Disabled by default
|
||||
#session optional pam_motd.so
|
||||
|
||||
# Check user's mail - Disabled by default
|
||||
#session optional pam_mail.so standard quiet
|
||||
|
||||
# include system session and password settings
|
||||
session include system-session
|
||||
password include system-password
|
||||
Reference in New Issue
Block a user