Date: Thursday, December 6, 2018 @ 03:32:34 Author: seblu Revision: 411614
archrelease: copy trunk to community-x86_64 Added: sslh/repos/community-x86_64/PKGBUILD (from rev 411613, sslh/trunk/PKGBUILD) sslh/repos/community-x86_64/sslh-fork.service (from rev 411613, sslh/trunk/sslh-fork.service) sslh/repos/community-x86_64/sslh-select.service (from rev 411613, sslh/trunk/sslh-select.service) sslh/repos/community-x86_64/sslh.cfg (from rev 411613, sslh/trunk/sslh.cfg) sslh/repos/community-x86_64/sslh.install (from rev 411613, sslh/trunk/sslh.install) sslh/repos/community-x86_64/sslh.service (from rev 411613, sslh/trunk/sslh.service) sslh/repos/community-x86_64/sslh.sysusers (from rev 411613, sslh/trunk/sslh.sysusers) Deleted: sslh/repos/community-x86_64/PKGBUILD sslh/repos/community-x86_64/sslh-fork.service sslh/repos/community-x86_64/sslh-select.service sslh/repos/community-x86_64/sslh.cfg sslh/repos/community-x86_64/sslh.install sslh/repos/community-x86_64/sslh.service sslh/repos/community-x86_64/sslh.sysusers ---------------------+ PKGBUILD | 113 ++++++++++++++++++++++++-------------------------- sslh-fork.service | 54 +++++++++++------------ sslh-select.service | 54 +++++++++++------------ sslh.cfg | 42 +++++++++--------- sslh.install | 54 +++++++++++------------ sslh.service | 50 +++++++++++----------- sslh.sysusers | 2 7 files changed, 184 insertions(+), 185 deletions(-) Deleted: PKGBUILD =================================================================== --- PKGBUILD 2018-12-06 03:32:23 UTC (rev 411613) +++ PKGBUILD 2018-12-06 03:32:34 UTC (rev 411614) @@ -1,57 +0,0 @@ -# $Id: PKGBUILD 171217 2016-04-16 22:11:23Z seblu $ -# Maintainer: Sébastien "Seblu" Luttringer <se...@archlinux.org> -# Contributor: Le_suisse <lesuisse.dev+aur at gmail dot com> -# Contributor: Jason Rodriguez <jason-...@catloaf.net> - -pkgname=sslh -pkgver=1.19c -pkgrel=1 -pkgdesc='SSL/SSH/OpenVPN/XMPP/tinc port multiplexer' -arch=('x86_64') -url='https://www.rutschle.net/tech/sslh/README.html' -license=('GPL2') -makedepends=('systemd') -depends=('glibc' 'libcap' 'libconfig' 'pcre' 'libsystemd') -backup=('etc/sslh.cfg') -install=$pkgname.install -source=("https://www.rutschle.net/tech/sslh/$pkgname-v$pkgver.tar.gz"{,.asc} - 'sslh.cfg' - 'sslh.service' - 'sslh-select.service' - 'sslh-fork.service') -validpgpkeys=('CDDDBADBEA4B72748E007D326C056F7AC7934136') # Yves Rutschle <y...@rutschle.net> -md5sums=('a9bfd58cd3a51b8e1fa5277404c7041a' - 'SKIP' - '67a119213538aabf5d70a756ae7a99d0' - 'ecbb46c46874d7b620202926d36b8478' - '2b98633ee61bc5a809a4f75479628b2f' - 'ca5ec0adf9149f1db4e09af659391659') - -build() { - cd $pkgname-v$pkgver - make VERSION=\"v$pkgver\" USELIBCAP=1 USESYSTEMD=1 all systemd-sslh-generator -} - -package() { - # default arch config - install -Dm 644 sslh.cfg "$pkgdir/etc/sslh.cfg" - # manually install to have both ssl-fork and ssl-select - cd $pkgname-v$pkgver - install -Dm 755 sslh-fork "$pkgdir/usr/bin/sslh-fork" - install -Dm 755 sslh-select "$pkgdir/usr/bin/sslh-select" - ln -s sslh-fork "$pkgdir/usr/bin/sslh" - # install manpage - install -Dm 644 sslh.8.gz "$pkgdir/usr/share/man/man8/sslh.8.gz" - ln -s sslh.8.gz "$pkgdir/usr/share/man/man8/sslh-fork.8.gz" - ln -s sslh.8.gz "$pkgdir/usr/share/man/man8/sslh-select.8.gz" - # install examples files - install -Dm 644 basic.cfg "$pkgdir/usr/share/doc/$pkgname/basic.cfg" - install -Dm 644 example.cfg "$pkgdir/usr/share/doc/$pkgname/example.cfg" - # systemd - install -dm 755 "$pkgdir"/usr/lib/systemd/{system,system-generators} - install -Dm 755 systemd-sslh-generator "$pkgdir/usr/lib/systemd/system-generators/systemd-sslh-generator" - cd "$pkgdir" - install -Dm 644 "$srcdir"/sslh{,-fork,-select}.service usr/lib/systemd/system -} - -# vim:set ts=2 sw=2 et: Copied: sslh/repos/community-x86_64/PKGBUILD (from rev 411613, sslh/trunk/PKGBUILD) =================================================================== --- PKGBUILD (rev 0) +++ PKGBUILD 2018-12-06 03:32:34 UTC (rev 411614) @@ -0,0 +1,56 @@ +# Maintainer: Sébastien "Seblu" Luttringer <se...@archlinux.org> +# Contributor: Le_suisse <lesuisse.dev+aur at gmail dot com> +# Contributor: Jason Rodriguez <jason-...@catloaf.net> + +pkgname=sslh +pkgver=1.20 +pkgrel=1 +pkgdesc='SSL/SSH/OpenVPN/XMPP/tinc port multiplexer' +arch=('x86_64') +url='https://www.rutschle.net/tech/sslh/README.html' +license=('GPL2') +makedepends=('systemd') +depends=('glibc' 'libcap' 'libconfig' 'pcre' 'libsystemd') +backup=('etc/sslh.cfg') +install=$pkgname.install +source=("https://www.rutschle.net/tech/sslh/$pkgname-v$pkgver.tar.gz"{,.asc} + 'sslh.cfg' + 'sslh.service' + 'sslh-select.service' + 'sslh-fork.service') +validpgpkeys=('CDDDBADBEA4B72748E007D326C056F7AC7934136') # Yves Rutschle <y...@rutschle.net> +md5sums=('6a69c6128d0349e5fb22167675d18aee' + 'SKIP' + '67a119213538aabf5d70a756ae7a99d0' + 'ecbb46c46874d7b620202926d36b8478' + '2b98633ee61bc5a809a4f75479628b2f' + 'ca5ec0adf9149f1db4e09af659391659') + +build() { + cd $pkgname-v$pkgver + make VERSION=\"v$pkgver\" USELIBCAP=1 USESYSTEMD=1 all systemd-sslh-generator +} + +package() { + # default arch config + install -Dm 644 sslh.cfg "$pkgdir/etc/sslh.cfg" + # manually install to have both ssl-fork and ssl-select + cd $pkgname-v$pkgver + install -Dm 755 sslh-fork "$pkgdir/usr/bin/sslh-fork" + install -Dm 755 sslh-select "$pkgdir/usr/bin/sslh-select" + ln -s sslh-fork "$pkgdir/usr/bin/sslh" + # install manpage + install -Dm 644 sslh.8.gz "$pkgdir/usr/share/man/man8/sslh.8.gz" + ln -s sslh.8.gz "$pkgdir/usr/share/man/man8/sslh-fork.8.gz" + ln -s sslh.8.gz "$pkgdir/usr/share/man/man8/sslh-select.8.gz" + # install examples files + install -Dm 644 basic.cfg "$pkgdir/usr/share/doc/$pkgname/basic.cfg" + install -Dm 644 example.cfg "$pkgdir/usr/share/doc/$pkgname/example.cfg" + # systemd + install -dm 755 "$pkgdir"/usr/lib/systemd/{system,system-generators} + install -Dm 755 systemd-sslh-generator "$pkgdir/usr/lib/systemd/system-generators/systemd-sslh-generator" + cd "$pkgdir" + install -Dm 644 "$srcdir"/sslh{,-fork,-select}.service usr/lib/systemd/system +} + +# vim:set ts=2 sw=2 et: Deleted: sslh-fork.service =================================================================== --- sslh-fork.service 2018-12-06 03:32:23 UTC (rev 411613) +++ sslh-fork.service 2018-12-06 03:32:34 UTC (rev 411614) @@ -1,27 +0,0 @@ -[Unit] -Description=SSL/SSH multiplexer (fork mode) -Conflicts=sslh-select.service sslh.socket -After=network.target - -[Service] -ExecStart=/usr/bin/sslh-fork --config --foreground -KillMode=process -ProtectSystem=strict -ProtectHome=true -ProtectKernelModules=true -ProtectKernelTunables=true -ProtectControlGroups=true -PrivateTmp=true -PrivateDevices=true -SecureBits=noroot-locked -MountFlags=private -NoNewPrivileges=true -CapabilityBoundingSet=CAP_SETGID CAP_SETUID CAP_NET_BIND_SERVICE -AmbientCapabilities=CAP_NET_BIND_SERVICE -RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX -MemoryDenyWriteExecute=true -User=sslh -DynamicUser=true - -[Install] -WantedBy=multi-user.target Copied: sslh/repos/community-x86_64/sslh-fork.service (from rev 411613, sslh/trunk/sslh-fork.service) =================================================================== --- sslh-fork.service (rev 0) +++ sslh-fork.service 2018-12-06 03:32:34 UTC (rev 411614) @@ -0,0 +1,27 @@ +[Unit] +Description=SSL/SSH multiplexer (fork mode) +Conflicts=sslh-select.service sslh.socket +After=network.target + +[Service] +ExecStart=/usr/bin/sslh-fork --config --foreground +KillMode=process +ProtectSystem=strict +ProtectHome=true +ProtectKernelModules=true +ProtectKernelTunables=true +ProtectControlGroups=true +PrivateTmp=true +PrivateDevices=true +SecureBits=noroot-locked +MountFlags=private +NoNewPrivileges=true +CapabilityBoundingSet=CAP_SETGID CAP_SETUID CAP_NET_BIND_SERVICE +AmbientCapabilities=CAP_NET_BIND_SERVICE +RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX +MemoryDenyWriteExecute=true +User=sslh +DynamicUser=true + +[Install] +WantedBy=multi-user.target Deleted: sslh-select.service =================================================================== --- sslh-select.service 2018-12-06 03:32:23 UTC (rev 411613) +++ sslh-select.service 2018-12-06 03:32:34 UTC (rev 411614) @@ -1,27 +0,0 @@ -[Unit] -Description=SSL/SSH multiplexer (select mode) -Conflicts=sslh-fork.service sslh.socket -After=network.target - -[Service] -ExecStart=/usr/bin/sslh-select --config --foreground -KillMode=process -ProtectSystem=strict -ProtectHome=true -ProtectKernelModules=true -ProtectKernelTunables=true -ProtectControlGroups=true -PrivateTmp=true -PrivateDevices=true -SecureBits=noroot-locked -MountFlags=private -NoNewPrivileges=true -CapabilityBoundingSet=CAP_SETGID CAP_SETUID CAP_NET_BIND_SERVICE -AmbientCapabilities=CAP_NET_BIND_SERVICE -RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX -MemoryDenyWriteExecute=true -User=sslh -DynamicUser=true - -[Install] -WantedBy=multi-user.target Copied: sslh/repos/community-x86_64/sslh-select.service (from rev 411613, sslh/trunk/sslh-select.service) =================================================================== --- sslh-select.service (rev 0) +++ sslh-select.service 2018-12-06 03:32:34 UTC (rev 411614) @@ -0,0 +1,27 @@ +[Unit] +Description=SSL/SSH multiplexer (select mode) +Conflicts=sslh-fork.service sslh.socket +After=network.target + +[Service] +ExecStart=/usr/bin/sslh-select --config --foreground +KillMode=process +ProtectSystem=strict +ProtectHome=true +ProtectKernelModules=true +ProtectKernelTunables=true +ProtectControlGroups=true +PrivateTmp=true +PrivateDevices=true +SecureBits=noroot-locked +MountFlags=private +NoNewPrivileges=true +CapabilityBoundingSet=CAP_SETGID CAP_SETUID CAP_NET_BIND_SERVICE +AmbientCapabilities=CAP_NET_BIND_SERVICE +RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX +MemoryDenyWriteExecute=true +User=sslh +DynamicUser=true + +[Install] +WantedBy=multi-user.target Deleted: sslh.cfg =================================================================== --- sslh.cfg 2018-12-06 03:32:23 UTC (rev 411613) +++ sslh.cfg 2018-12-06 03:32:34 UTC (rev 411614) @@ -1,21 +0,0 @@ -# Default Arch configuration -# You can find more examples in /usr/share/doc/sslh - -timeout: 2; - -listen: -( - { host: "0.0.0.0"; port: "443"; } -); - -protocols: -( - { name: "ssh"; service: "ssh"; host: "localhost"; port: "22"; probe: "builtin"; }, - { name: "openvpn"; host: "localhost"; port: "1194"; probe: "builtin"; }, - { name: "xmpp"; host: "localhost"; port: "5222"; probe: "builtin"; }, - { name: "http"; host: "localhost"; port: "80"; probe: "builtin"; }, - { name: "ssl"; host: "localhost"; port: "8443"; probe: "builtin"; }, - { name: "anyprot"; host: "localhost"; port: "8443"; probe: "builtin"; } -); - -# vim:set ts=4 sw=4 et: Copied: sslh/repos/community-x86_64/sslh.cfg (from rev 411613, sslh/trunk/sslh.cfg) =================================================================== --- sslh.cfg (rev 0) +++ sslh.cfg 2018-12-06 03:32:34 UTC (rev 411614) @@ -0,0 +1,21 @@ +# Default Arch configuration +# You can find more examples in /usr/share/doc/sslh + +timeout: 2; + +listen: +( + { host: "0.0.0.0"; port: "443"; } +); + +protocols: +( + { name: "ssh"; service: "ssh"; host: "localhost"; port: "22"; probe: "builtin"; }, + { name: "openvpn"; host: "localhost"; port: "1194"; probe: "builtin"; }, + { name: "xmpp"; host: "localhost"; port: "5222"; probe: "builtin"; }, + { name: "http"; host: "localhost"; port: "80"; probe: "builtin"; }, + { name: "ssl"; host: "localhost"; port: "8443"; probe: "builtin"; }, + { name: "anyprot"; host: "localhost"; port: "8443"; probe: "builtin"; } +); + +# vim:set ts=4 sw=4 et: Deleted: sslh.install =================================================================== --- sslh.install 2018-12-06 03:32:23 UTC (rev 411613) +++ sslh.install 2018-12-06 03:32:34 UTC (rev 411614) @@ -1,27 +0,0 @@ -#!/bin/sh - -# arg 1: the new package version -# arg 2: the old package version -post_upgrade() { - if (( "$(vercmp $2 1.14-1)" <= 0 )); then - cat << EOF -===> sslh systemd service has been splitted in sslh-fork.service and sslh-select.service -EOF - fi - if (( "$(vercmp $2 1.16-3)" < 0 )); then - cat << EOF -===> sslh may runs as unprivileged sslh user. Check your setup. -EOF - fi - if (( "$(vercmp $2 1.19b)" < 0 )); then - cat << EOF -===> Default config path is now /etc/sslh.cfg (as required by systemd generator) -=====> Rename your /etc/sslh.conf into /etc/sslh.cfg -===> sslh unit files security has been improved. -=====> You may need to remove the PIDfile option in your /etc/sslh.cfg. -===> sslh user is now created at unit startup (via DynamicUser) -EOF - fi -} - -# vim:set ts=2 sw=2 ft=sh et: Copied: sslh/repos/community-x86_64/sslh.install (from rev 411613, sslh/trunk/sslh.install) =================================================================== --- sslh.install (rev 0) +++ sslh.install 2018-12-06 03:32:34 UTC (rev 411614) @@ -0,0 +1,27 @@ +#!/bin/sh + +# arg 1: the new package version +# arg 2: the old package version +post_upgrade() { + if (( "$(vercmp $2 1.14-1)" <= 0 )); then + cat << EOF +===> sslh systemd service has been splitted in sslh-fork.service and sslh-select.service +EOF + fi + if (( "$(vercmp $2 1.16-3)" < 0 )); then + cat << EOF +===> sslh may runs as unprivileged sslh user. Check your setup. +EOF + fi + if (( "$(vercmp $2 1.19b)" < 0 )); then + cat << EOF +===> Default config path is now /etc/sslh.cfg (as required by systemd generator) +=====> Rename your /etc/sslh.conf into /etc/sslh.cfg +===> sslh unit files security has been improved. +=====> You may need to remove the PIDfile option in your /etc/sslh.cfg. +===> sslh user is now created at unit startup (via DynamicUser) +EOF + fi +} + +# vim:set ts=2 sw=2 ft=sh et: Deleted: sslh.service =================================================================== --- sslh.service 2018-12-06 03:32:23 UTC (rev 411613) +++ sslh.service 2018-12-06 03:32:34 UTC (rev 411614) @@ -1,25 +0,0 @@ -[Unit] -Description=SSL/SSH multiplexer (socket mode) -Conflicts=sslh-fork.service sslh-select.service -Requires=sslh.socket -PartOf=sslh.socket - -[Service] -ExecStart=/usr/bin/sslh --config --foreground -KillMode=process -ProtectSystem=strict -ProtectHome=true -ProtectKernelModules=true -ProtectKernelTunables=true -ProtectControlGroups=true -PrivateTmp=true -PrivateDevices=true -SecureBits=noroot-locked -MountFlags=private -NoNewPrivileges=true -CapabilityBoundingSet=CAP_SETGID CAP_SETUID CAP_NET_BIND_SERVICE -AmbientCapabilities=CAP_NET_BIND_SERVICE -RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX -MemoryDenyWriteExecute=true -User=sslh -DynamicUser=true Copied: sslh/repos/community-x86_64/sslh.service (from rev 411613, sslh/trunk/sslh.service) =================================================================== --- sslh.service (rev 0) +++ sslh.service 2018-12-06 03:32:34 UTC (rev 411614) @@ -0,0 +1,25 @@ +[Unit] +Description=SSL/SSH multiplexer (socket mode) +Conflicts=sslh-fork.service sslh-select.service +Requires=sslh.socket +PartOf=sslh.socket + +[Service] +ExecStart=/usr/bin/sslh --config --foreground +KillMode=process +ProtectSystem=strict +ProtectHome=true +ProtectKernelModules=true +ProtectKernelTunables=true +ProtectControlGroups=true +PrivateTmp=true +PrivateDevices=true +SecureBits=noroot-locked +MountFlags=private +NoNewPrivileges=true +CapabilityBoundingSet=CAP_SETGID CAP_SETUID CAP_NET_BIND_SERVICE +AmbientCapabilities=CAP_NET_BIND_SERVICE +RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX +MemoryDenyWriteExecute=true +User=sslh +DynamicUser=true Deleted: sslh.sysusers =================================================================== --- sslh.sysusers 2018-12-06 03:32:23 UTC (rev 411613) +++ sslh.sysusers 2018-12-06 03:32:34 UTC (rev 411614) @@ -1 +0,0 @@ -u sslh - - - Copied: sslh/repos/community-x86_64/sslh.sysusers (from rev 411613, sslh/trunk/sslh.sysusers) =================================================================== --- sslh.sysusers (rev 0) +++ sslh.sysusers 2018-12-06 03:32:34 UTC (rev 411614) @@ -0,0 +1 @@ +u sslh - - -