net-misc/tinyssh: new package, add 20230101, 99999999

Signed-off-by: Haelwenn (lanodan) Monnier <contact@hacktivis.me>
Closes: https://github.com/gentoo/gentoo/pull/31817
Signed-off-by: Sam James <sam@gentoo.org>

9 files changed, 253 insertions, 0 deletions

diff --git a/net-misc/tinyssh/Manifest b/net-misc/tinyssh/Manifest
new file mode 100644
index 000000000000..4b4495c26cdb
--- /dev/null
+++ b/net-misc/tinyssh/Manifest
@@ -0,0 +1 @@
+DIST tinyssh-20230101.tar.gz 249091 BLAKE2B 5efb6eab07c136763ab27588661618763d2ca174dce4b0f4b5fd5dcca56044f8361342de780931070cff8efe43f6efa68eaf912e9ae38febfcff733f79e23018 SHA512 6beaf266058a89a78c710abd1a02feff0641a93d0d92aa07a1ad1ba3f6b3344bc312bb5a4cd5c06c6dcc83d25e48a801f9cfcfbb3de0f73904f36d32d4430482
diff --git a/net-misc/tinyssh/files/tinyssh-makekey.service b/net-misc/tinyssh/files/tinyssh-makekey.service
new file mode 100644
index 000000000000..841a516ce390
--- /dev/null
+++ b/net-misc/tinyssh/files/tinyssh-makekey.service
@@ -0,0 +1,8 @@
+[Unit]
+Description=TinySSH Key Generation
+ConditionPathIsDirectory=!/etc/tinyssh/keys
+
+[Service]
+ExecStart=/usr/sbin/tinysshd-makekey /etc/tinyssh/keys
+Type=oneshot
+RemainAfterExit=true
diff --git a/net-misc/tinyssh/files/tinyssh.confd b/net-misc/tinyssh/files/tinyssh.confd
new file mode 100644
index 000000000000..d1aefde2be9f
--- /dev/null
+++ b/net-misc/tinyssh/files/tinyssh.confd
@@ -0,0 +1,7 @@
+# TinySSH config file for /etc/init.d/tinyssh
+
+#TINYSSH_PORT="22"
+#TINYSSH_IP="0.0.0.0"
+#TINYSSH_CONFDIR="/etc/tinyssh"
+#TINYSSH_KEYDIR="${TINYSSH_CONFDIR}/keys"
+#TINYSSH_OPTS="-l -v"
diff --git a/net-misc/tinyssh/files/tinyssh.initd b/net-misc/tinyssh/files/tinyssh.initd
new file mode 100644
index 000000000000..095a7f4e1056
--- /dev/null
+++ b/net-misc/tinyssh/files/tinyssh.initd
@@ -0,0 +1,30 @@
+#!/sbin/openrc-run
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+TINYSSH_CONFDIR="${TINYSSH_CONFDIR:-/etc/tinyssh}"
+TINYSSH_KEYDIR="${TINYSSH_KEYDIR:-${TINYSSH_CONFDIR}/keys}"
+
+TINYSSHD="/usr/sbin/tinysshd"
+MAKEKEY="${TINYSSHD}-makekey"
+PRINTKEY="/usr/bin/tinysshd-printkey"
+
+command="/usr/bin/tcpserver"
+command_args="-HRDl0 ${TINYSSH_IP:-0.0.0.0} ${TINYSSH_PORT:-22}
+	${TINYSSHD} ${TINYSSH_OPTS:--l -v} ${TINYSSH_KEYDIR}"
+command_background=yes
+pidfile="/run/${RC_SVCNAME}.pid"
+start_stop_daemon_args="${SSD_OPTS}"
+
+depend() {
+	use net
+}
+
+start_pre() {
+	if [ "${RC_CMD}" != "restart" ]; then
+		checkpath -d "${TINYSSH_CONFDIR}"
+		if ! ${PRINTKEY} "${TINYSSH_KEYDIR}" >/dev/null 2>&1; then
+			${MAKEKEY} "${TINYSSH_KEYDIR}" || return 1
+		fi
+	fi
+}
diff --git a/net-misc/tinyssh/files/tinyssh.service b/net-misc/tinyssh/files/tinyssh.service
new file mode 100644
index 000000000000..f0fe93be778b
--- /dev/null
+++ b/net-misc/tinyssh/files/tinyssh.service
@@ -0,0 +1,9 @@
+[Unit]
+Description=TinySSH Per-Connection Daemon
+Documentation=https://tinyssh.org
+After=tinyssh-makekey.service
+
+[Service]
+ExecStart=/usr/sbin/tinysshd /etc/tinyssh/keys
+StandardInput=socket
+StandardError=journal
diff --git a/net-misc/tinyssh/files/tinyssh.socket b/net-misc/tinyssh/files/tinyssh.socket
new file mode 100644
index 000000000000..9ca2b16b3fa4
--- /dev/null
+++ b/net-misc/tinyssh/files/tinyssh.socket
@@ -0,0 +1,13 @@
+[Unit]
+Description=TinySSH service (socket-activated)
+Documentation=https://tinyssh.org
+Wants=tinyssh-makekey.service
+
+[Socket]
+ListenStream=%i
+Accept=true
+KeepAlive=true
+IPTOS=low-delay
+
+[Install]
+WantedBy=sockets.target
diff --git a/net-misc/tinyssh/metadata.xml b/net-misc/tinyssh/metadata.xml
new file mode 100644
index 000000000000..3c123417d9f8
--- /dev/null
+++ b/net-misc/tinyssh/metadata.xml
@@ -0,0 +1,43 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+  <maintainer type="person" proxied="yes">
+    <email>contact@hacktivis.me</email>
+  </maintainer>
+  <maintainer type="project" proxied="proxy">
+    <email>proxy-maint@gentoo.org</email>
+    <name>Proxy Maintainers</name>
+  </maintainer>
+  <use>
+    <flag name="sodium">Use <pkg>dev-libs/libsodium</pkg> for cryptography</flag>
+  </use>
+  <upstream>
+    <remote-id type="github">janmojzis/tinyssh</remote-id>
+    <bugs-to>https://github.com/janmojzis/tinyssh/issues</bugs-to>
+  </upstream>
+  <longdescription lang="en">
+Features
+
+    easy auditable - TinySSH has less than 100000 words of code
+    no dynamic memory allocation - TinySSH has all memory statically allocated (less than 1MB)
+    simple configuration - TinySSH can’t be misconfigured
+    reusing code - TinySSH is reusing libraries from CurveCP implementation
+    reusing software - TinySSH is using tcpserver/systemd socket/inetd for TCP connection
+    limited amount of features - TinySSH doesn’t have features such: SSH1 protocol, compression, …
+    no older cryptographic primitives - rsa, dsa, classic diffie-hellman, hmac-md5, hmac-sha1, 3des, arcfour, …
+    no copyright restrictions - TinySSH is in the public domain (see the licence)
+    no dependency on OpenSSL - TinySSH has its own crypto library compatible with NaCl, Libsodium
+    speed - TinySSH can be also compiled using high-speed NaCl library instead of internal.
+
+Security features
+
+    cryptographic library (minimum 128-bit security, side-channel attack resistant, state-of-the-art crypto, …)
+    public-key authentication only (no password or hostbased authentication)
+
+Crypto primitives
+
+    State-of-the-art crypto: ssh-ed25519, curve25519-sha256@libssh.org, chacha20-poly1305@openssh.com
+    Older standard: ecdsa-sha2-nistp256, ecdh-sha2-nistp256, aes256-ctr, hmac-sha2-256 removed in version 20190101
+    Postquantum crypto: sntrup4591761x25519-sha512@tinyssh.org, chacha20-poly1305@openssh.com
+  </longdescription>
+</pkgmetadata>
diff --git a/net-misc/tinyssh/tinyssh-20230101.ebuild b/net-misc/tinyssh/tinyssh-20230101.ebuild
new file mode 100644
index 000000000000..6a91309a999d
--- /dev/null
+++ b/net-misc/tinyssh/tinyssh-20230101.ebuild
@@ -0,0 +1,71 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit systemd toolchain-funcs
+
+DESCRIPTION="A small SSH server with state-of-the-art cryptography"
+HOMEPAGE="https://tinyssh.org"
+if [[ "${PV}" == "99999999" ]]; then
+	inherit git-r3
+	EGIT_REPO_URI="https://github.com/janmojzis/tinyssh.git"
+else
+	SRC_URI="https://github.com/janmojzis/${PN}/archive/${PV}.tar.gz -> ${P}.tar.gz"
+	KEYWORDS="~amd64 ~x86"
+fi
+
+LICENSE="CC0-1.0"
+SLOT="0"
+
+IUSE="+sodium"
+
+DEPEND="
+	sodium? ( dev-libs/libsodium:= )
+"
+RDEPEND="
+	${DEPEND}
+	sys-apps/ucspi-tcp
+"
+
+src_prepare() {
+	# Leave optimization level to user CFLAGS
+	sed -i 's/-Os -fomit-frame-pointer -funroll-loops//g' ./conf-cc || die
+
+	# Use make-tinysshcc.sh script, which has no tests and doesn't execute
+	# binaries. See https://github.com/janmojzis/tinyssh/issues/2
+	sed -i 's/make-tinyssh\.sh/make-tinysshcc.sh/g' ./Makefile || die
+
+	default
+}
+
+src_compile() {
+	if use sodium
+	then
+		emake \
+			CC="$(tc-getCC)"
+			LIBS="-lsodium" \
+			CFLAGS="${CFLAGS} -I/usr/include/sodium" \
+			LDFLAGS="${LDFLAGS} -L/usr/lib"
+	else
+		emake CC="$(tc-getCC)"
+	fi
+}
+
+src_install() {
+	dosbin build/bin/tinysshd{,-makekey}
+	dobin build/bin/tinysshd-printkey
+	doman man/*
+
+	newinitd "${FILESDIR}/${PN}.initd" "${PN}"
+	newconfd "${FILESDIR}/${PN}.confd" "${PN}"
+
+	systemd_newunit "${FILESDIR}/${PN}.service" "${PN}@.service"
+	systemd_newunit "${FILESDIR}/${PN}.socket" "${PN}@.socket"
+	systemd_dounit "${FILESDIR}/${PN}-makekey.service"
+}
+
+pkg_postinst() {
+	einfo "TinySSH is in beta stage, and ready for production use."
+	einfo "See https://tinyssh.org for more information."
+}
diff --git a/net-misc/tinyssh/tinyssh-99999999.ebuild b/net-misc/tinyssh/tinyssh-99999999.ebuild
new file mode 100644
index 000000000000..6a91309a999d
--- /dev/null
+++ b/net-misc/tinyssh/tinyssh-99999999.ebuild
@@ -0,0 +1,71 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit systemd toolchain-funcs
+
+DESCRIPTION="A small SSH server with state-of-the-art cryptography"
+HOMEPAGE="https://tinyssh.org"
+if [[ "${PV}" == "99999999" ]]; then
+	inherit git-r3
+	EGIT_REPO_URI="https://github.com/janmojzis/tinyssh.git"
+else
+	SRC_URI="https://github.com/janmojzis/${PN}/archive/${PV}.tar.gz -> ${P}.tar.gz"
+	KEYWORDS="~amd64 ~x86"
+fi
+
+LICENSE="CC0-1.0"
+SLOT="0"
+
+IUSE="+sodium"
+
+DEPEND="
+	sodium? ( dev-libs/libsodium:= )
+"
+RDEPEND="
+	${DEPEND}
+	sys-apps/ucspi-tcp
+"
+
+src_prepare() {
+	# Leave optimization level to user CFLAGS
+	sed -i 's/-Os -fomit-frame-pointer -funroll-loops//g' ./conf-cc || die
+
+	# Use make-tinysshcc.sh script, which has no tests and doesn't execute
+	# binaries. See https://github.com/janmojzis/tinyssh/issues/2
+	sed -i 's/make-tinyssh\.sh/make-tinysshcc.sh/g' ./Makefile || die
+
+	default
+}
+
+src_compile() {
+	if use sodium
+	then
+		emake \
+			CC="$(tc-getCC)"
+			LIBS="-lsodium" \
+			CFLAGS="${CFLAGS} -I/usr/include/sodium" \
+			LDFLAGS="${LDFLAGS} -L/usr/lib"
+	else
+		emake CC="$(tc-getCC)"
+	fi
+}
+
+src_install() {
+	dosbin build/bin/tinysshd{,-makekey}
+	dobin build/bin/tinysshd-printkey
+	doman man/*
+
+	newinitd "${FILESDIR}/${PN}.initd" "${PN}"
+	newconfd "${FILESDIR}/${PN}.confd" "${PN}"
+
+	systemd_newunit "${FILESDIR}/${PN}.service" "${PN}@.service"
+	systemd_newunit "${FILESDIR}/${PN}.socket" "${PN}@.socket"
+	systemd_dounit "${FILESDIR}/${PN}-makekey.service"
+}
+
+pkg_postinst() {
+	einfo "TinySSH is in beta stage, and ready for production use."
+	einfo "See https://tinyssh.org for more information."
+}