commit: f6e4cf7a86620913736c8e38d22db48d2e0d61a3 Author: Haelwenn (lanodan) Monnier <contact <AT> hacktivis <DOT> me> AuthorDate: Sun Jul 9 20:15:26 2023 +0000 Commit: Sam James <sam <AT> gentoo <DOT> org> CommitDate: Wed Jul 26 06:28:54 2023 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f6e4cf7a
net-misc/tinyssh: new package, add 20230101, 99999999 Signed-off-by: Haelwenn (lanodan) Monnier <contact <AT> hacktivis.me> Closes: https://github.com/gentoo/gentoo/pull/31817 Signed-off-by: Sam James <sam <AT> gentoo.org> net-misc/tinyssh/Manifest | 1 + net-misc/tinyssh/files/tinyssh-makekey.service | 8 +++ net-misc/tinyssh/files/tinyssh.confd | 7 +++ net-misc/tinyssh/files/tinyssh.initd | 30 +++++++++++ net-misc/tinyssh/files/tinyssh.service | 9 ++++ net-misc/tinyssh/files/tinyssh.socket | 13 +++++ net-misc/tinyssh/metadata.xml | 43 ++++++++++++++++ net-misc/tinyssh/tinyssh-20230101.ebuild | 71 ++++++++++++++++++++++++++ net-misc/tinyssh/tinyssh-99999999.ebuild | 71 ++++++++++++++++++++++++++ 9 files changed, 253 insertions(+) diff --git a/net-misc/tinyssh/Manifest b/net-misc/tinyssh/Manifest new file mode 100644 index 000000000000..4b4495c26cdb --- /dev/null +++ b/net-misc/tinyssh/Manifest @@ -0,0 +1 @@ +DIST tinyssh-20230101.tar.gz 249091 BLAKE2B 5efb6eab07c136763ab27588661618763d2ca174dce4b0f4b5fd5dcca56044f8361342de780931070cff8efe43f6efa68eaf912e9ae38febfcff733f79e23018 SHA512 6beaf266058a89a78c710abd1a02feff0641a93d0d92aa07a1ad1ba3f6b3344bc312bb5a4cd5c06c6dcc83d25e48a801f9cfcfbb3de0f73904f36d32d4430482 diff --git a/net-misc/tinyssh/files/tinyssh-makekey.service b/net-misc/tinyssh/files/tinyssh-makekey.service new file mode 100644 index 000000000000..841a516ce390 --- /dev/null +++ b/net-misc/tinyssh/files/tinyssh-makekey.service @@ -0,0 +1,8 @@ +[Unit] +Description=TinySSH Key Generation +ConditionPathIsDirectory=!/etc/tinyssh/keys + +[Service] +ExecStart=/usr/sbin/tinysshd-makekey /etc/tinyssh/keys +Type=oneshot +RemainAfterExit=true diff --git a/net-misc/tinyssh/files/tinyssh.confd b/net-misc/tinyssh/files/tinyssh.confd new file mode 100644 index 000000000000..d1aefde2be9f --- /dev/null +++ b/net-misc/tinyssh/files/tinyssh.confd @@ -0,0 +1,7 @@ +# TinySSH config file for /etc/init.d/tinyssh + +#TINYSSH_PORT="22" +#TINYSSH_IP="0.0.0.0" +#TINYSSH_CONFDIR="/etc/tinyssh" +#TINYSSH_KEYDIR="${TINYSSH_CONFDIR}/keys" +#TINYSSH_OPTS="-l -v" diff --git a/net-misc/tinyssh/files/tinyssh.initd b/net-misc/tinyssh/files/tinyssh.initd new file mode 100644 index 000000000000..095a7f4e1056 --- /dev/null +++ b/net-misc/tinyssh/files/tinyssh.initd @@ -0,0 +1,30 @@ +#!/sbin/openrc-run +# Copyright 1999-2022 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +TINYSSH_CONFDIR="${TINYSSH_CONFDIR:-/etc/tinyssh}" +TINYSSH_KEYDIR="${TINYSSH_KEYDIR:-${TINYSSH_CONFDIR}/keys}" + +TINYSSHD="/usr/sbin/tinysshd" +MAKEKEY="${TINYSSHD}-makekey" +PRINTKEY="/usr/bin/tinysshd-printkey" + +command="/usr/bin/tcpserver" +command_args="-HRDl0 ${TINYSSH_IP:-0.0.0.0} ${TINYSSH_PORT:-22} + ${TINYSSHD} ${TINYSSH_OPTS:--l -v} ${TINYSSH_KEYDIR}" +command_background=yes +pidfile="/run/${RC_SVCNAME}.pid" +start_stop_daemon_args="${SSD_OPTS}" + +depend() { + use net +} + +start_pre() { + if [ "${RC_CMD}" != "restart" ]; then + checkpath -d "${TINYSSH_CONFDIR}" + if ! ${PRINTKEY} "${TINYSSH_KEYDIR}" >/dev/null 2>&1; then + ${MAKEKEY} "${TINYSSH_KEYDIR}" || return 1 + fi + fi +} diff --git a/net-misc/tinyssh/files/tinyssh.service b/net-misc/tinyssh/files/tinyssh.service new file mode 100644 index 000000000000..f0fe93be778b --- /dev/null +++ b/net-misc/tinyssh/files/tinyssh.service @@ -0,0 +1,9 @@ +[Unit] +Description=TinySSH Per-Connection Daemon +Documentation=https://tinyssh.org +After=tinyssh-makekey.service + +[Service] +ExecStart=/usr/sbin/tinysshd /etc/tinyssh/keys +StandardInput=socket +StandardError=journal diff --git a/net-misc/tinyssh/files/tinyssh.socket b/net-misc/tinyssh/files/tinyssh.socket new file mode 100644 index 000000000000..9ca2b16b3fa4 --- /dev/null +++ b/net-misc/tinyssh/files/tinyssh.socket @@ -0,0 +1,13 @@ +[Unit] +Description=TinySSH service (socket-activated) +Documentation=https://tinyssh.org +Wants=tinyssh-makekey.service + +[Socket] +ListenStream=%i +Accept=true +KeepAlive=true +IPTOS=low-delay + +[Install] +WantedBy=sockets.target diff --git a/net-misc/tinyssh/metadata.xml b/net-misc/tinyssh/metadata.xml new file mode 100644 index 000000000000..3c123417d9f8 --- /dev/null +++ b/net-misc/tinyssh/metadata.xml @@ -0,0 +1,43 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd";> +<pkgmetadata> + <maintainer type="person" proxied="yes"> + <email>cont...@hacktivis.me</email> + </maintainer> + <maintainer type="project" proxied="proxy"> + <email>proxy-ma...@gentoo.org</email> + <name>Proxy Maintainers</name> + </maintainer> + <use> + <flag name="sodium">Use <pkg>dev-libs/libsodium</pkg> for cryptography</flag> + </use> + <upstream> + <remote-id type="github">janmojzis/tinyssh</remote-id> + <bugs-to>https://github.com/janmojzis/tinyssh/issues</bugs-to> + </upstream> + <longdescription lang="en"> +Features + + easy auditable - TinySSH has less than 100000 words of code + no dynamic memory allocation - TinySSH has all memory statically allocated (less than 1MB) + simple configuration - TinySSH can’t be misconfigured + reusing code - TinySSH is reusing libraries from CurveCP implementation + reusing software - TinySSH is using tcpserver/systemd socket/inetd for TCP connection + limited amount of features - TinySSH doesn’t have features such: SSH1 protocol, compression, … + no older cryptographic primitives - rsa, dsa, classic diffie-hellman, hmac-md5, hmac-sha1, 3des, arcfour, … + no copyright restrictions - TinySSH is in the public domain (see the licence) + no dependency on OpenSSL - TinySSH has its own crypto library compatible with NaCl, Libsodium + speed - TinySSH can be also compiled using high-speed NaCl library instead of internal. + +Security features + + cryptographic library (minimum 128-bit security, side-channel attack resistant, state-of-the-art crypto, …) + public-key authentication only (no password or hostbased authentication) + +Crypto primitives + + State-of-the-art crypto: ssh-ed25519, curve25519-sha...@libssh.org, chacha20-poly1...@openssh.com + Older standard: ecdsa-sha2-nistp256, ecdh-sha2-nistp256, aes256-ctr, hmac-sha2-256 removed in version 20190101 + Postquantum crypto: sntrup4591761x25519-sha...@tinyssh.org, chacha20-poly1...@openssh.com + </longdescription> +</pkgmetadata> diff --git a/net-misc/tinyssh/tinyssh-20230101.ebuild b/net-misc/tinyssh/tinyssh-20230101.ebuild new file mode 100644 index 000000000000..6a91309a999d --- /dev/null +++ b/net-misc/tinyssh/tinyssh-20230101.ebuild @@ -0,0 +1,71 @@ +# Copyright 1999-2023 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +inherit systemd toolchain-funcs + +DESCRIPTION="A small SSH server with state-of-the-art cryptography" +HOMEPAGE="https://tinyssh.org"; +if [[ "${PV}" == "99999999" ]]; then + inherit git-r3 + EGIT_REPO_URI="https://github.com/janmojzis/tinyssh.git"; +else + SRC_URI="https://github.com/janmojzis/${PN}/archive/${PV}.tar.gz -> ${P}.tar.gz" + KEYWORDS="~amd64 ~x86" +fi + +LICENSE="CC0-1.0" +SLOT="0" + +IUSE="+sodium" + +DEPEND=" + sodium? ( dev-libs/libsodium:= ) +" +RDEPEND=" + ${DEPEND} + sys-apps/ucspi-tcp +" + +src_prepare() { + # Leave optimization level to user CFLAGS + sed -i 's/-Os -fomit-frame-pointer -funroll-loops//g' ./conf-cc || die + + # Use make-tinysshcc.sh script, which has no tests and doesn't execute + # binaries. See https://github.com/janmojzis/tinyssh/issues/2 + sed -i 's/make-tinyssh\.sh/make-tinysshcc.sh/g' ./Makefile || die + + default +} + +src_compile() { + if use sodium + then + emake \ + CC="$(tc-getCC)" + LIBS="-lsodium" \ + CFLAGS="${CFLAGS} -I/usr/include/sodium" \ + LDFLAGS="${LDFLAGS} -L/usr/lib" + else + emake CC="$(tc-getCC)" + fi +} + +src_install() { + dosbin build/bin/tinysshd{,-makekey} + dobin build/bin/tinysshd-printkey + doman man/* + + newinitd "${FILESDIR}/${PN}.initd" "${PN}" + newconfd "${FILESDIR}/${PN}.confd" "${PN}" + + systemd_newunit "${FILESDIR}/${PN}.service" "${PN}@.service" + systemd_newunit "${FILESDIR}/${PN}.socket" "${PN}@.socket" + systemd_dounit "${FILESDIR}/${PN}-makekey.service" +} + +pkg_postinst() { + einfo "TinySSH is in beta stage, and ready for production use." + einfo "See https://tinyssh.org for more information." +} diff --git a/net-misc/tinyssh/tinyssh-99999999.ebuild b/net-misc/tinyssh/tinyssh-99999999.ebuild new file mode 100644 index 000000000000..6a91309a999d --- /dev/null +++ b/net-misc/tinyssh/tinyssh-99999999.ebuild @@ -0,0 +1,71 @@ +# Copyright 1999-2023 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +inherit systemd toolchain-funcs + +DESCRIPTION="A small SSH server with state-of-the-art cryptography" +HOMEPAGE="https://tinyssh.org"; +if [[ "${PV}" == "99999999" ]]; then + inherit git-r3 + EGIT_REPO_URI="https://github.com/janmojzis/tinyssh.git"; +else + SRC_URI="https://github.com/janmojzis/${PN}/archive/${PV}.tar.gz -> ${P}.tar.gz" + KEYWORDS="~amd64 ~x86" +fi + +LICENSE="CC0-1.0" +SLOT="0" + +IUSE="+sodium" + +DEPEND=" + sodium? ( dev-libs/libsodium:= ) +" +RDEPEND=" + ${DEPEND} + sys-apps/ucspi-tcp +" + +src_prepare() { + # Leave optimization level to user CFLAGS + sed -i 's/-Os -fomit-frame-pointer -funroll-loops//g' ./conf-cc || die + + # Use make-tinysshcc.sh script, which has no tests and doesn't execute + # binaries. See https://github.com/janmojzis/tinyssh/issues/2 + sed -i 's/make-tinyssh\.sh/make-tinysshcc.sh/g' ./Makefile || die + + default +} + +src_compile() { + if use sodium + then + emake \ + CC="$(tc-getCC)" + LIBS="-lsodium" \ + CFLAGS="${CFLAGS} -I/usr/include/sodium" \ + LDFLAGS="${LDFLAGS} -L/usr/lib" + else + emake CC="$(tc-getCC)" + fi +} + +src_install() { + dosbin build/bin/tinysshd{,-makekey} + dobin build/bin/tinysshd-printkey + doman man/* + + newinitd "${FILESDIR}/${PN}.initd" "${PN}" + newconfd "${FILESDIR}/${PN}.confd" "${PN}" + + systemd_newunit "${FILESDIR}/${PN}.service" "${PN}@.service" + systemd_newunit "${FILESDIR}/${PN}.socket" "${PN}@.socket" + systemd_dounit "${FILESDIR}/${PN}-makekey.service" +} + +pkg_postinst() { + einfo "TinySSH is in beta stage, and ready for production use." + einfo "See https://tinyssh.org for more information." +}
