openssh: enable PIE, disable kerberos and pam_cracklib.

This commit is contained in:
Juan RP 2014-04-22 12:55:59 +02:00
parent fdcd5dc1c3
commit 6a7b8e1973

View file

@ -3,15 +3,15 @@ _desc="The OpenSSH implementation of SSH protocol"
pkgname=openssh pkgname=openssh
version=6.6p1 version=6.6p1
revision=2 revision=3
build_style=gnu-configure build_style=gnu-configure
configure_args="--without-tcp-wrappers --datadir=/usr/share/openssh configure_args="--without-tcp-wrappers --datadir=/usr/share/openssh
--sysconfdir=/etc/ssh --without-selinux --with-privsep-user=nobody --sysconfdir=/etc/ssh --without-selinux --with-privsep-user=nobody
--with-mantype=man --without-rpath --with-xauth=/usr/bin/xauth --with-mantype=man --without-rpath --with-xauth=/usr/bin/xauth
--with-ssl-engine --disable-strip --with-privsep-path=/var/chroot/ssh --with-ssl-engine --disable-strip --with-privsep-path=/var/chroot/ssh
--with-pid-dir=/run --with-pam --with-kerberos5=${XBPS_CROSS_BASE}/usr LD=$CC" --with-pid-dir=/run --with-pam --with-pie --without-kerberos5 LD=$CC"
hostmakedepends="perl" hostmakedepends="perl"
makedepends="zlib-devel openssl-devel pam-devel mit-krb5-devel" makedepends="zlib-devel openssl-devel pam-devel"
short_desc="${_desc} - client" short_desc="${_desc} - client"
replaces="openssh-client<6.1p1" replaces="openssh-client<6.1p1"
conf_files="/etc/ssh/moduli /etc/ssh/ssh_config" conf_files="/etc/ssh/moduli /etc/ssh/ssh_config"
@ -34,6 +34,8 @@ post_install() {
-e 's|^#\(PrintMotd\) yes|\1 no|g' \ -e 's|^#\(PrintMotd\) yes|\1 no|g' \
${DESTDIR}/etc/ssh/sshd_config ${DESTDIR}/etc/ssh/sshd_config
# Disable pam_cracklib
sed '/pam_cracklib.*/d' -i ${DESTDIR}/etc/pam.d/sshd
# Enable pam_systemd.so by default. # Enable pam_systemd.so by default.
printf "session\trequired\tpam_systemd.so\n" >> \ printf "session\trequired\tpam_systemd.so\n" >> \
${DESTDIR}/etc/pam.d/sshd ${DESTDIR}/etc/pam.d/sshd