[Astlinux-commits] SF.net SVN: astlinux:[8244] branches/1.0

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Revision: 8244
          http://sourceforge.net/p/astlinux/code/8244
Author:   abelbeck
Date:     2017-03-29 18:10:05 +0000 (Wed, 29 Mar 2017)
Log Message:
-----------
openssh, build /stat/etc/ssh/moduli from the latest OpenBSD moduli but limited to bit lengths greater than 2000 and less than 5000, additionally automaticaly upgrade the current /etc/ssh/moduli if the current version does not match the latest version

Modified Paths:
--------------
    branches/1.0/package/openssh/openssh.mk
    branches/1.0/package/openssh/sshd.init

Removed Paths:
-------------
    branches/1.0/project/astlinux/target_skeleton/stat/etc/ssh/

Modified: branches/1.0/package/openssh/openssh.mk
===================================================================

--- branches/1.0/package/openssh/openssh.mk	2017-03-29 14:12:29 UTC (rev 8243)
+++ branches/1.0/package/openssh/openssh.mk	2017-03-29 18:10:05 UTC (rev 8244)
@@ -36,6 +36,15 @@
 	ln -snf /tmp/etc/ssh $(TARGET_DIR)/etc/ssh
 endef
 
+define OPENSSH_INSTALL_MODULI
+	grep '^#' $(@D)/moduli > $(@D)/moduli.astlinux
+	echo '# Note: Entries limited to bit sizes greater than 2000 and less than 5000' >> $(@D)/moduli.astlinux
+	awk '/^[^#]/ && $$5 > 2000 && $$5 < 5000' $(@D)/moduli >> $(@D)/moduli.astlinux
+	$(INSTALL) -D -m 644 $(@D)/moduli.astlinux $(TARGET_DIR)/stat/etc/ssh/moduli
+endef
+
 OPENSSH_POST_INSTALL_TARGET_HOOKS += OPENSSH_INSTALL_INITSCRIPT
 
+OPENSSH_POST_INSTALL_TARGET_HOOKS += OPENSSH_INSTALL_MODULI
+
 $(eval $(call AUTOTARGETS,package,openssh))

Modified: branches/1.0/package/openssh/sshd.init
===================================================================
--- branches/1.0/package/openssh/sshd.init	2017-03-29 14:12:29 UTC (rev 8243)
+++ branches/1.0/package/openssh/sshd.init	2017-03-29 18:10:05 UTC (rev 8244)
@@ -2,6 +2,24 @@
 
 . /etc/rc.conf
 
+upgrade_moduli()
+{
+  local old_file="$1" new_file="$2" old_ver new_ver
+
+  if [ ! -f "$old_file" ]; then
+    return 0
+  fi
+
+  old_ver="$(sed -n -r -e '1 s/^#.* moduli,v ([0-9.]+) .*$/\1/p' "$old_file")"
+  new_ver="$(sed -n -r -e '1 s/^#.* moduli,v ([0-9.]+) .*$/\1/p' "$new_file")"
+
+  if [ "$old_ver" != "$new_ver" ]; then
+    return 0
+  fi
+
+  return 1
+}
+
 init () {
   mkdir -p /var/run/sshd
 
@@ -52,9 +70,9 @@
   if [ ! -L /tmp/etc/ssh ]; then
     cp -a /stat/etc/ssh/* /tmp/etc/ssh/
   else
-    # or even if it is...
-    if [ ! -f /tmp/etc/ssh/moduli ]; then
-      cp -p /stat/etc/ssh/moduli /tmp/etc/ssh/
+    if upgrade_moduli /tmp/etc/ssh/moduli /stat/etc/ssh/moduli; then
+      echo "Upgrading ssh DH primes in /etc/ssh/moduli"
+      cp -p /stat/etc/ssh/moduli /tmp/etc/ssh/moduli
     fi
   fi
 

This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.



