[gentoo-commits] repo/gentoo:master commit in: net-misc/openssh/

[Sam James]

commit:     51642f0e13ab03de8a6c3fc729185f96b1618200
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Fri Mar 24 07:18:52 2023 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Thu May 11 20:03:44 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=51642f0e

net-misc/openssh: use /etc/ssh/ssh_config.d and /etc/ssh/sshd_config.d for 
config dropins

Debian patches this into their config already and we found ourselves wanting
it when looking at handling the github.com SSH key change/rotation.

/etc/ssh/ssh_config.d and /etc/ssh/sshd_config.d both become directories
where users can add their own configuration files, but we also install the 
Gentoo
snippets formerly in ssh_config and sshd_config in there instead.

Signed-off-by: Sam James <sam <AT> gentoo.org>

 net-misc/openssh/openssh-9.3_p1-r1.ebuild | 51 ++++++++++++++++++-------------
 1 file changed, 29 insertions(+), 22 deletions(-)

diff --git a/net-misc/openssh/openssh-9.3_p1-r1.ebuild 
b/net-misc/openssh/openssh-9.3_p1-r1.ebuild
index 8e9ccf877d5d..83c262f034f8 100644
--- a/net-misc/openssh/openssh-9.3_p1-r1.ebuild
+++ b/net-misc/openssh/openssh-9.3_p1-r1.ebuild
@@ -241,39 +241,46 @@ tweak_ssh_configs() {
                LANGUAGE LC_ADDRESS LC_IDENTIFICATION LC_MEASUREMENT LC_NAME 
LC_PAPER LC_TELEPHONE
        )
 
-       # First the server config.
-       cat <<-EOF >> "${ED}"/etc/ssh/sshd_config
-
-       # Allow client to pass locale environment variables. #367017
-       AcceptEnv ${locale_vars[*]}
-
-       # Allow client to pass COLORTERM to match TERM. #658540
-       AcceptEnv COLORTERM
+       dodir /etc/ssh/ssh_config.d /etc/ssh/sshd_config.d
+       cat <<-EOF >> "${ED}"/etc/ssh/ssh_config || die
+       Include "${EPREFIX}/etc/ssh/ssh_config.d/*.conf"
+       EOF
+       cat <<-EOF >> "${ED}"/etc/ssh/sshd_config || die
+       Include "${EPREFIX}/etc/ssh/sshd_config.d/*.conf"
        EOF
 
-       # Then the client config.
-       cat <<-EOF >> "${ED}"/etc/ssh/ssh_config
-
-       # Send locale environment variables. #367017
+       cat <<-EOF >> "${ED}"/etc/ssh/ssh_config.d/90gentoo.conf || die
+       # Send locale environment variables (bug #367017)
        SendEnv ${locale_vars[*]}
 
-       # Send COLORTERM to match TERM. #658540
+       # Send COLORTERM to match TERM (bug #658540)
        SendEnv COLORTERM
        EOF
 
+       cat <<-EOF >> "${ED}"/etc/ssh/sshd_config.d/90gentoo.conf || die
+       # Allow client to pass locale environment variables (bug #367017)
+       AcceptEnv ${locale_vars[*]}
+
+       # Allow client to pass COLORTERM to match TERM (bug #658540)
+       AcceptEnv COLORTERM
+       EOF
+
        if use pam ; then
-               sed -i \
-                       -e "/^#UsePAM /s:.*:UsePAM yes:" \
-                       -e "/^#PasswordAuthentication 
/s:.*:PasswordAuthentication no:" \
-                       -e "/^#PrintMotd /s:.*:PrintMotd no:" \
-                       -e "/^#PrintLastLog /s:.*:PrintLastLog no:" \
-                       "${ED}"/etc/ssh/sshd_config || die
+               cat <<-EOF >> "${ED}"/etc/ssh/sshd_config.d/90gentoo-pam.conf 
|| die
+               UsePAM yes
+               # This interferes with PAM.
+               PasswordAuthentication no
+               # PAM can do its own handling of MOTD.
+               PrintMotd no
+               PrintLastLog no
+               EOF
        fi
 
        if use livecd ; then
-               sed -i \
-                       -e '/^#PermitRootLogin/c# Allow root login with 
password on livecds.\nPermitRootLogin Yes' \
-                       "${ED}"/etc/ssh/sshd_config || die
+               cat <<-EOF >> 
"${ED}"/etc/ssh/sshd_config.d/90gentoo-livecd.conf || die
+               # Allow root login with password on livecds.
+               PermitRootLogin Yes
+               EOF
        fi
 }