From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 53099158649 for ; Thu, 11 May 2023 20:04:05 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id E021BE0C9E; Thu, 11 May 2023 20:04:01 +0000 (UTC) Received: from smtp.gentoo.org (woodpecker.gentoo.org [140.211.166.183]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id C4FC8E0C9E for ; Thu, 11 May 2023 20:04:01 +0000 (UTC) Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id D2C1E340A9E for ; Thu, 11 May 2023 20:04:00 +0000 (UTC) Received: from localhost.localdomain (localhost [IPv6:::1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id 51602A7A for ; Thu, 11 May 2023 20:03:57 +0000 (UTC) From: "Sam James" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Sam James" Message-ID: <1683835424.51642f0e13ab03de8a6c3fc729185f96b1618200.sam@gentoo> Subject: [gentoo-commits] repo/gentoo:master commit in: net-misc/openssh/ X-VCS-Repository: repo/gentoo X-VCS-Files: net-misc/openssh/openssh-9.3_p1-r1.ebuild X-VCS-Directories: net-misc/openssh/ X-VCS-Committer: sam X-VCS-Committer-Name: Sam James X-VCS-Revision: 51642f0e13ab03de8a6c3fc729185f96b1618200 X-VCS-Branch: master Date: Thu, 11 May 2023 20:03:57 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply X-Archives-Salt: 6a6e8058-c9ef-4525-b252-ac39fb4adcff X-Archives-Hash: d4a96132fffdb6538457ab5943674ea8 commit: 51642f0e13ab03de8a6c3fc729185f96b1618200 Author: Sam James gentoo org> AuthorDate: Fri Mar 24 07:18:52 2023 +0000 Commit: Sam James gentoo org> CommitDate: Thu May 11 20:03:44 2023 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=51642f0e net-misc/openssh: use /etc/ssh/ssh_config.d and /etc/ssh/sshd_config.d for config dropins Debian patches this into their config already and we found ourselves wanting it when looking at handling the github.com SSH key change/rotation. /etc/ssh/ssh_config.d and /etc/ssh/sshd_config.d both become directories where users can add their own configuration files, but we also install the Gentoo snippets formerly in ssh_config and sshd_config in there instead. Signed-off-by: Sam James gentoo.org> net-misc/openssh/openssh-9.3_p1-r1.ebuild | 51 ++++++++++++++++++------------- 1 file changed, 29 insertions(+), 22 deletions(-) diff --git a/net-misc/openssh/openssh-9.3_p1-r1.ebuild b/net-misc/openssh/openssh-9.3_p1-r1.ebuild index 8e9ccf877d5d..83c262f034f8 100644 --- a/net-misc/openssh/openssh-9.3_p1-r1.ebuild +++ b/net-misc/openssh/openssh-9.3_p1-r1.ebuild @@ -241,39 +241,46 @@ tweak_ssh_configs() { LANGUAGE LC_ADDRESS LC_IDENTIFICATION LC_MEASUREMENT LC_NAME LC_PAPER LC_TELEPHONE ) - # First the server config. - cat <<-EOF >> "${ED}"/etc/ssh/sshd_config - - # Allow client to pass locale environment variables. #367017 - AcceptEnv ${locale_vars[*]} - - # Allow client to pass COLORTERM to match TERM. #658540 - AcceptEnv COLORTERM + dodir /etc/ssh/ssh_config.d /etc/ssh/sshd_config.d + cat <<-EOF >> "${ED}"/etc/ssh/ssh_config || die + Include "${EPREFIX}/etc/ssh/ssh_config.d/*.conf" + EOF + cat <<-EOF >> "${ED}"/etc/ssh/sshd_config || die + Include "${EPREFIX}/etc/ssh/sshd_config.d/*.conf" EOF - # Then the client config. - cat <<-EOF >> "${ED}"/etc/ssh/ssh_config - - # Send locale environment variables. #367017 + cat <<-EOF >> "${ED}"/etc/ssh/ssh_config.d/90gentoo.conf || die + # Send locale environment variables (bug #367017) SendEnv ${locale_vars[*]} - # Send COLORTERM to match TERM. #658540 + # Send COLORTERM to match TERM (bug #658540) SendEnv COLORTERM EOF + cat <<-EOF >> "${ED}"/etc/ssh/sshd_config.d/90gentoo.conf || die + # Allow client to pass locale environment variables (bug #367017) + AcceptEnv ${locale_vars[*]} + + # Allow client to pass COLORTERM to match TERM (bug #658540) + AcceptEnv COLORTERM + EOF + if use pam ; then - sed -i \ - -e "/^#UsePAM /s:.*:UsePAM yes:" \ - -e "/^#PasswordAuthentication /s:.*:PasswordAuthentication no:" \ - -e "/^#PrintMotd /s:.*:PrintMotd no:" \ - -e "/^#PrintLastLog /s:.*:PrintLastLog no:" \ - "${ED}"/etc/ssh/sshd_config || die + cat <<-EOF >> "${ED}"/etc/ssh/sshd_config.d/90gentoo-pam.conf || die + UsePAM yes + # This interferes with PAM. + PasswordAuthentication no + # PAM can do its own handling of MOTD. + PrintMotd no + PrintLastLog no + EOF fi if use livecd ; then - sed -i \ - -e '/^#PermitRootLogin/c# Allow root login with password on livecds.\nPermitRootLogin Yes' \ - "${ED}"/etc/ssh/sshd_config || die + cat <<-EOF >> "${ED}"/etc/ssh/sshd_config.d/90gentoo-livecd.conf || die + # Allow root login with password on livecds. + PermitRootLogin Yes + EOF fi }