Date: Sunday, September 19, 2021 @ 00:25:02 Author: seblu Revision: 1017107
archrelease: copy trunk to community-x86_64 Added: sslh/repos/community-x86_64/PKGBUILD (from rev 1017106, sslh/trunk/PKGBUILD) sslh/repos/community-x86_64/sslh-fork.service (from rev 1017106, sslh/trunk/sslh-fork.service) sslh/repos/community-x86_64/sslh-select.service (from rev 1017106, sslh/trunk/sslh-select.service) sslh/repos/community-x86_64/sslh.cfg (from rev 1017106, sslh/trunk/sslh.cfg) sslh/repos/community-x86_64/sslh.install (from rev 1017106, sslh/trunk/sslh.install) sslh/repos/community-x86_64/sslh.service (from rev 1017106, sslh/trunk/sslh.service) sslh/repos/community-x86_64/sslh.sysusers (from rev 1017106, sslh/trunk/sslh.sysusers) Deleted: sslh/repos/community-x86_64/PKGBUILD sslh/repos/community-x86_64/sslh-fork.service sslh/repos/community-x86_64/sslh-select.service sslh/repos/community-x86_64/sslh.cfg sslh/repos/community-x86_64/sslh.install sslh/repos/community-x86_64/sslh.service sslh/repos/community-x86_64/sslh.sysusers ---------------------+ PKGBUILD | 141 +++++++++++++++++++++++++------------------------- sslh-fork.service | 54 +++++++++---------- sslh-select.service | 54 +++++++++---------- sslh.cfg | 42 +++++++------- sslh.install | 54 +++++++++---------- sslh.service | 50 ++++++++--------- sslh.sysusers | 2 7 files changed, 199 insertions(+), 198 deletions(-) Deleted: PKGBUILD =================================================================== --- PKGBUILD 2021-09-19 00:24:55 UTC (rev 1017106) +++ PKGBUILD 2021-09-19 00:25:02 UTC (rev 1017107) @@ -1,70 +0,0 @@ -# Maintainer: Sébastien "Seblu" Luttringer -# Contributor: Le_suisse <lesuisse.dev+aur at gmail dot com> -# Contributor: Jason Rodriguez <jason-...@catloaf.net> - -pkgname=sslh -_pkgver=1.22b -pkgver=1.22.b -pkgrel=1 -pkgdesc='SSL/SSH/OpenVPN/XMPP/tinc port multiplexer' -arch=('x86_64') -url='https://www.rutschle.net/tech/sslh/README.html' -license=('GPL2') -makedepends=('systemd') -depends=('glibc' 'libcap' 'libconfig' 'pcre' 'systemd-libs') -backup=('etc/sslh.cfg') -install=$pkgname.install -source=("https://www.rutschle.net/tech/sslh/$pkgname-v$_pkgver.tar.gz"{,.asc} - 'sslh.cfg' - 'sslh.service' - 'sslh-select.service' - 'sslh-fork.service') -validpgpkeys=('CDDDBADBEA4B72748E007D326C056F7AC7934136') # Yves Rutschle <y...@rutschle.net> -sha256sums=('5ef48dd9dacec8dc04c100f273952e534be9ae1ef02baa52708a8ecdbd4173cc' - 'SKIP' - '3feff7e2c096bc18d8f0073141c1017dccd4abbbc491fa16b55afd5c5ff6352c' - '49ed1c88b0de079bc31a94e600b63edd7ea95b4aa9b5f533c15db1221d0892db' - '5824ae86ced9142c37343367bd737661c2da826fba244cea7072685347be2250' - 'd41f7cb8a3a3d8fc11608bc552014f03177ac3cdd8c5c6157d7d1a557d91cacb') - -prepare() { - cd $pkgname-v$_pkgver - # apply patch from the source array (should be a pacman feature) - local src - for src in "${source[@]}"; do - src="${src%%::*}" - src="${src##*/}" - [[ $src = *.patch ]] || continue - echo "Applying patch $src..." - patch -Np1 < "../$src" - done -} - -build() { - cd $pkgname-v$_pkgver - make VERSION=\"v$pkgver\" USELIBCAP=1 USESYSTEMD=1 all systemd-sslh-generator -} - -package() { - # default arch config - install -Dm 644 sslh.cfg "$pkgdir/etc/sslh.cfg" - # manually install to have both ssl-fork and ssl-select - cd $pkgname-v$_pkgver - install -Dm 755 sslh-fork "$pkgdir/usr/bin/sslh-fork" - install -Dm 755 sslh-select "$pkgdir/usr/bin/sslh-select" - ln -s sslh-fork "$pkgdir/usr/bin/sslh" - # install manpage - install -Dm 644 sslh.8.gz "$pkgdir/usr/share/man/man8/sslh.8.gz" - ln -s sslh.8.gz "$pkgdir/usr/share/man/man8/sslh-fork.8.gz" - ln -s sslh.8.gz "$pkgdir/usr/share/man/man8/sslh-select.8.gz" - # install examples files - install -Dm 644 basic.cfg "$pkgdir/usr/share/doc/$pkgname/basic.cfg" - install -Dm 644 example.cfg "$pkgdir/usr/share/doc/$pkgname/example.cfg" - # systemd - install -dm 755 "$pkgdir"/usr/lib/systemd/{system,system-generators} - install -Dm 755 systemd-sslh-generator "$pkgdir/usr/lib/systemd/system-generators/systemd-sslh-generator" - cd "$pkgdir" - install -Dm 644 "$srcdir"/sslh{,-fork,-select}.service usr/lib/systemd/system -} - -# vim:set ts=2 sw=2 et: Copied: sslh/repos/community-x86_64/PKGBUILD (from rev 1017106, sslh/trunk/PKGBUILD) =================================================================== --- PKGBUILD (rev 0) +++ PKGBUILD 2021-09-19 00:25:02 UTC (rev 1017107) @@ -0,0 +1,71 @@ +# Maintainer: Sébastien "Seblu" Luttringer +# Contributor: Le_suisse <lesuisse.dev+aur at gmail dot com> +# Contributor: Jason Rodriguez <jason-...@catloaf.net> + +pkgname=sslh +_pkgver=1.22c +# Remember: 1.22a < 1.22b < 1.22 +pkgver=1.22.c +pkgrel=1 +pkgdesc='SSL/SSH/OpenVPN/XMPP/tinc port multiplexer' +arch=('x86_64') +url='https://www.rutschle.net/tech/sslh/README.html' +license=('GPL2') +makedepends=('systemd') +depends=('glibc' 'libcap' 'libconfig' 'pcre' 'systemd-libs') +backup=('etc/sslh.cfg') +install=$pkgname.install +source=("https://www.rutschle.net/tech/sslh/$pkgname-v$_pkgver.tar.gz"{,.asc} + 'sslh.cfg' + 'sslh.service' + 'sslh-select.service' + 'sslh-fork.service') +validpgpkeys=('CDDDBADBEA4B72748E007D326C056F7AC7934136') # Yves Rutschle <y...@rutschle.net> +sha256sums=('8e3742d14edf4119350cfdc7bb96b89134d9218eb6d2a6e1f70891ca18a649b1' + 'SKIP' + '3feff7e2c096bc18d8f0073141c1017dccd4abbbc491fa16b55afd5c5ff6352c' + '49ed1c88b0de079bc31a94e600b63edd7ea95b4aa9b5f533c15db1221d0892db' + '5824ae86ced9142c37343367bd737661c2da826fba244cea7072685347be2250' + 'd41f7cb8a3a3d8fc11608bc552014f03177ac3cdd8c5c6157d7d1a557d91cacb') + +prepare() { + cd $pkgname-v$_pkgver + # apply patch from the source array (should be a pacman feature) + local src + for src in "${source[@]}"; do + src="${src%%::*}" + src="${src##*/}" + [[ $src = *.patch ]] || continue + echo "Applying patch $src..." + patch -Np1 < "../$src" + done +} + +build() { + cd $pkgname-v$_pkgver + make VERSION=\"v$pkgver\" USELIBCAP=1 USESYSTEMD=1 all systemd-sslh-generator +} + +package() { + # default arch config + install -Dm 644 sslh.cfg "$pkgdir/etc/sslh.cfg" + # manually install to have both ssl-fork and ssl-select + cd $pkgname-v$_pkgver + install -Dm 755 sslh-fork "$pkgdir/usr/bin/sslh-fork" + install -Dm 755 sslh-select "$pkgdir/usr/bin/sslh-select" + ln -s sslh-fork "$pkgdir/usr/bin/sslh" + # install manpage + install -Dm 644 sslh.8.gz "$pkgdir/usr/share/man/man8/sslh.8.gz" + ln -s sslh.8.gz "$pkgdir/usr/share/man/man8/sslh-fork.8.gz" + ln -s sslh.8.gz "$pkgdir/usr/share/man/man8/sslh-select.8.gz" + # install examples files + install -Dm 644 basic.cfg "$pkgdir/usr/share/doc/$pkgname/basic.cfg" + install -Dm 644 example.cfg "$pkgdir/usr/share/doc/$pkgname/example.cfg" + # systemd + install -dm 755 "$pkgdir"/usr/lib/systemd/{system,system-generators} + install -Dm 755 systemd-sslh-generator "$pkgdir/usr/lib/systemd/system-generators/systemd-sslh-generator" + cd "$pkgdir" + install -Dm 644 "$srcdir"/sslh{,-fork,-select}.service usr/lib/systemd/system +} + +# vim:set ts=2 sw=2 et: Deleted: sslh-fork.service =================================================================== --- sslh-fork.service 2021-09-19 00:24:55 UTC (rev 1017106) +++ sslh-fork.service 2021-09-19 00:25:02 UTC (rev 1017107) @@ -1,27 +0,0 @@ -[Unit] -Description=SSL/SSH multiplexer (fork mode) -Conflicts=sslh-select.service sslh.socket -After=network.target - -[Service] -ExecStart=/usr/bin/sslh-fork --config /etc/sslh.cfg --foreground -KillMode=process -ProtectSystem=strict -ProtectHome=true -ProtectKernelModules=true -ProtectKernelTunables=true -ProtectControlGroups=true -PrivateTmp=true -PrivateDevices=true -SecureBits=noroot-locked -MountFlags=private -NoNewPrivileges=true -CapabilityBoundingSet=CAP_SETGID CAP_SETUID CAP_NET_BIND_SERVICE -AmbientCapabilities=CAP_NET_BIND_SERVICE -RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX -MemoryDenyWriteExecute=true -User=sslh -DynamicUser=true - -[Install] -WantedBy=multi-user.target Copied: sslh/repos/community-x86_64/sslh-fork.service (from rev 1017106, sslh/trunk/sslh-fork.service) =================================================================== --- sslh-fork.service (rev 0) +++ sslh-fork.service 2021-09-19 00:25:02 UTC (rev 1017107) @@ -0,0 +1,27 @@ +[Unit] +Description=SSL/SSH multiplexer (fork mode) +Conflicts=sslh-select.service sslh.socket +After=network.target + +[Service] +ExecStart=/usr/bin/sslh-fork --config /etc/sslh.cfg --foreground +KillMode=process +ProtectSystem=strict +ProtectHome=true +ProtectKernelModules=true +ProtectKernelTunables=true +ProtectControlGroups=true +PrivateTmp=true +PrivateDevices=true +SecureBits=noroot-locked +MountFlags=private +NoNewPrivileges=true +CapabilityBoundingSet=CAP_SETGID CAP_SETUID CAP_NET_BIND_SERVICE +AmbientCapabilities=CAP_NET_BIND_SERVICE +RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX +MemoryDenyWriteExecute=true +User=sslh +DynamicUser=true + +[Install] +WantedBy=multi-user.target Deleted: sslh-select.service =================================================================== --- sslh-select.service 2021-09-19 00:24:55 UTC (rev 1017106) +++ sslh-select.service 2021-09-19 00:25:02 UTC (rev 1017107) @@ -1,27 +0,0 @@ -[Unit] -Description=SSL/SSH multiplexer (select mode) -Conflicts=sslh-fork.service sslh.socket -After=network.target - -[Service] -ExecStart=/usr/bin/sslh-select --config /etc/sslh.cfg --foreground -KillMode=process -ProtectSystem=strict -ProtectHome=true -ProtectKernelModules=true -ProtectKernelTunables=true -ProtectControlGroups=true -PrivateTmp=true -PrivateDevices=true -SecureBits=noroot-locked -MountFlags=private -NoNewPrivileges=true -CapabilityBoundingSet=CAP_SETGID CAP_SETUID CAP_NET_BIND_SERVICE -AmbientCapabilities=CAP_NET_BIND_SERVICE -RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX -MemoryDenyWriteExecute=true -User=sslh -DynamicUser=true - -[Install] -WantedBy=multi-user.target Copied: sslh/repos/community-x86_64/sslh-select.service (from rev 1017106, sslh/trunk/sslh-select.service) =================================================================== --- sslh-select.service (rev 0) +++ sslh-select.service 2021-09-19 00:25:02 UTC (rev 1017107) @@ -0,0 +1,27 @@ +[Unit] +Description=SSL/SSH multiplexer (select mode) +Conflicts=sslh-fork.service sslh.socket +After=network.target + +[Service] +ExecStart=/usr/bin/sslh-select --config /etc/sslh.cfg --foreground +KillMode=process +ProtectSystem=strict +ProtectHome=true +ProtectKernelModules=true +ProtectKernelTunables=true +ProtectControlGroups=true +PrivateTmp=true +PrivateDevices=true +SecureBits=noroot-locked +MountFlags=private +NoNewPrivileges=true +CapabilityBoundingSet=CAP_SETGID CAP_SETUID CAP_NET_BIND_SERVICE +AmbientCapabilities=CAP_NET_BIND_SERVICE +RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX +MemoryDenyWriteExecute=true +User=sslh +DynamicUser=true + +[Install] +WantedBy=multi-user.target Deleted: sslh.cfg =================================================================== --- sslh.cfg 2021-09-19 00:24:55 UTC (rev 1017106) +++ sslh.cfg 2021-09-19 00:25:02 UTC (rev 1017107) @@ -1,21 +0,0 @@ -# Default Arch configuration -# You can find more examples in /usr/share/doc/sslh - -timeout: 2; - -listen: -( - { host: "0.0.0.0"; port: "443"; } -); - -protocols: -( - { name: "ssh"; service: "ssh"; host: "localhost"; port: "22"; probe: "builtin"; }, - { name: "openvpn"; host: "localhost"; port: "1194"; probe: "builtin"; }, - { name: "xmpp"; host: "localhost"; port: "5222"; probe: "builtin"; }, - { name: "http"; host: "localhost"; port: "80"; probe: "builtin"; }, - { name: "tls"; host: "localhost"; port: "8443"; probe: "builtin"; }, - { name: "anyprot"; host: "localhost"; port: "8443"; probe: "builtin"; } -); - -# vim:set ts=4 sw=4 et: Copied: sslh/repos/community-x86_64/sslh.cfg (from rev 1017106, sslh/trunk/sslh.cfg) =================================================================== --- sslh.cfg (rev 0) +++ sslh.cfg 2021-09-19 00:25:02 UTC (rev 1017107) @@ -0,0 +1,21 @@ +# Default Arch configuration +# You can find more examples in /usr/share/doc/sslh + +timeout: 2; + +listen: +( + { host: "0.0.0.0"; port: "443"; } +); + +protocols: +( + { name: "ssh"; service: "ssh"; host: "localhost"; port: "22"; probe: "builtin"; }, + { name: "openvpn"; host: "localhost"; port: "1194"; probe: "builtin"; }, + { name: "xmpp"; host: "localhost"; port: "5222"; probe: "builtin"; }, + { name: "http"; host: "localhost"; port: "80"; probe: "builtin"; }, + { name: "tls"; host: "localhost"; port: "8443"; probe: "builtin"; }, + { name: "anyprot"; host: "localhost"; port: "8443"; probe: "builtin"; } +); + +# vim:set ts=4 sw=4 et: Deleted: sslh.install =================================================================== --- sslh.install 2021-09-19 00:24:55 UTC (rev 1017106) +++ sslh.install 2021-09-19 00:25:02 UTC (rev 1017107) @@ -1,27 +0,0 @@ -#!/bin/sh - -# arg 1: the new package version -# arg 2: the old package version -post_upgrade() { - if (( "$(vercmp $2 1.14-1)" <= 0 )); then - cat << EOF -===> sslh systemd service has been splitted in sslh-fork.service and sslh-select.service -EOF - fi - if (( "$(vercmp $2 1.16-3)" < 0 )); then - cat << EOF -===> sslh may runs as unprivileged sslh user. Check your setup. -EOF - fi - if (( "$(vercmp $2 1.19b)" < 0 )); then - cat << EOF -===> Default config path is now /etc/sslh.cfg (as required by systemd generator) -=====> Rename your /etc/sslh.conf into /etc/sslh.cfg -===> sslh unit files security has been improved. -=====> You may need to remove the PIDfile option in your /etc/sslh.cfg. -===> sslh user is now created at unit startup (via DynamicUser) -EOF - fi -} - -# vim:set ts=2 sw=2 ft=sh et: Copied: sslh/repos/community-x86_64/sslh.install (from rev 1017106, sslh/trunk/sslh.install) =================================================================== --- sslh.install (rev 0) +++ sslh.install 2021-09-19 00:25:02 UTC (rev 1017107) @@ -0,0 +1,27 @@ +#!/bin/sh + +# arg 1: the new package version +# arg 2: the old package version +post_upgrade() { + if (( "$(vercmp $2 1.14-1)" <= 0 )); then + cat << EOF +===> sslh systemd service has been splitted in sslh-fork.service and sslh-select.service +EOF + fi + if (( "$(vercmp $2 1.16-3)" < 0 )); then + cat << EOF +===> sslh may runs as unprivileged sslh user. Check your setup. +EOF + fi + if (( "$(vercmp $2 1.19b)" < 0 )); then + cat << EOF +===> Default config path is now /etc/sslh.cfg (as required by systemd generator) +=====> Rename your /etc/sslh.conf into /etc/sslh.cfg +===> sslh unit files security has been improved. +=====> You may need to remove the PIDfile option in your /etc/sslh.cfg. +===> sslh user is now created at unit startup (via DynamicUser) +EOF + fi +} + +# vim:set ts=2 sw=2 ft=sh et: Deleted: sslh.service =================================================================== --- sslh.service 2021-09-19 00:24:55 UTC (rev 1017106) +++ sslh.service 2021-09-19 00:25:02 UTC (rev 1017107) @@ -1,25 +0,0 @@ -[Unit] -Description=SSL/SSH multiplexer (socket mode) -Conflicts=sslh-fork.service sslh-select.service -Requires=sslh.socket -PartOf=sslh.socket - -[Service] -ExecStart=/usr/bin/sslh --config /etc/sslh.cfg --foreground -KillMode=process -ProtectSystem=strict -ProtectHome=true -ProtectKernelModules=true -ProtectKernelTunables=true -ProtectControlGroups=true -PrivateTmp=true -PrivateDevices=true -SecureBits=noroot-locked -MountFlags=private -NoNewPrivileges=true -CapabilityBoundingSet=CAP_SETGID CAP_SETUID CAP_NET_BIND_SERVICE -AmbientCapabilities=CAP_NET_BIND_SERVICE -RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX -MemoryDenyWriteExecute=true -User=sslh -DynamicUser=true Copied: sslh/repos/community-x86_64/sslh.service (from rev 1017106, sslh/trunk/sslh.service) =================================================================== --- sslh.service (rev 0) +++ sslh.service 2021-09-19 00:25:02 UTC (rev 1017107) @@ -0,0 +1,25 @@ +[Unit] +Description=SSL/SSH multiplexer (socket mode) +Conflicts=sslh-fork.service sslh-select.service +Requires=sslh.socket +PartOf=sslh.socket + +[Service] +ExecStart=/usr/bin/sslh --config /etc/sslh.cfg --foreground +KillMode=process +ProtectSystem=strict +ProtectHome=true +ProtectKernelModules=true +ProtectKernelTunables=true +ProtectControlGroups=true +PrivateTmp=true +PrivateDevices=true +SecureBits=noroot-locked +MountFlags=private +NoNewPrivileges=true +CapabilityBoundingSet=CAP_SETGID CAP_SETUID CAP_NET_BIND_SERVICE +AmbientCapabilities=CAP_NET_BIND_SERVICE +RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX +MemoryDenyWriteExecute=true +User=sslh +DynamicUser=true Deleted: sslh.sysusers =================================================================== --- sslh.sysusers 2021-09-19 00:24:55 UTC (rev 1017106) +++ sslh.sysusers 2021-09-19 00:25:02 UTC (rev 1017107) @@ -1 +0,0 @@ -u sslh - - - Copied: sslh/repos/community-x86_64/sslh.sysusers (from rev 1017106, sslh/trunk/sslh.sysusers) =================================================================== --- sslh.sysusers (rev 0) +++ sslh.sysusers 2021-09-19 00:25:02 UTC (rev 1017107) @@ -0,0 +1 @@ +u sslh - - -