diff options
Diffstat (limited to 'network/sslh')
| -rw-r--r-- | network/sslh/README | 45 | ||||
| -rw-r--r-- | network/sslh/doinst.sh | 4 | ||||
| -rw-r--r-- | network/sslh/git2tarxz.sh | 46 | ||||
| -rw-r--r-- | network/sslh/rc.sslh | 16 | ||||
| -rw-r--r-- | network/sslh/slack-desc | 8 | ||||
| -rw-r--r-- | network/sslh/sslh.SlackBuild | 124 | ||||
| -rw-r--r-- | network/sslh/sslh.default | 4 | ||||
| -rw-r--r-- | network/sslh/sslh.info | 10 |
8 files changed, 186 insertions, 71 deletions
diff --git a/network/sslh/README b/network/sslh/README index 085d021b28..df3f42e0f2 100644 --- a/network/sslh/README +++ b/network/sslh/README @@ -1,11 +1,34 @@ -sslh accepts connections on specified ports, and forwards -them further based on tests performed on the first data -packet sent by the remote client. - -Probes for HTTP, SSL, SSH, OpenVPN, tinc, XMPP are -implemented, and any other protocol that can be tested using -a regular expression, can be recognised. A typical use case -is to allow serving several services on port 443 (e.g. to -connect to SSH from inside a corporate firewall, which -almost never block port 443) while still serving HTTPS on -that port. +sslh (applicative protocol multiplexer) + +sslh accepts connections on specified ports, and forwards them further +based on tests performed on the first data packet sent by the remote +client. + +Probes for HTTP, SSL, SSH, OpenVPN, tinc, XMPP are implemented. +Any other protocol that can be tested using a regular expression can +be recognised. A typical use case is to allow serving several services +on port 443 (e.g. to connect to SSH from inside a corporate firewall, +which almost never block port 443) while still serving HTTPS on that +port. + +There's a tutorial on using sslh, here: + +https://www.unixmen.com/sslh-a-sslssh-multiplexer-for-linux/ + +To start sslh as a daemon at boot, add this code to +/etc/rc.d/rc.local: + +[ -x /etc/rc.d/rc.sslh ] && /etc/rc.d/rc.sslh start + +Before doing this, it's advisable to have a look at the example config +files in /etc/sslh/*.cfg. The actual config file is sslh.cfg; the +others are just examples. + +Optional dependencies: + +libev - needed for sslh-ev executable. Most people won't need this; see +the sslh documentation for details. Will be autodetected. + +libbsd - allows sslh-fork to change its process title (as shown in +'ps'), so each forked process shows what protocol and what connection +it is serving. Autodetected. diff --git a/network/sslh/doinst.sh b/network/sslh/doinst.sh index 21de93c717..b8df211d5c 100644 --- a/network/sslh/doinst.sh +++ b/network/sslh/doinst.sh @@ -1,14 +1,11 @@ config() { NEW="$1" OLD="$(dirname $NEW)/$(basename $NEW .new)" - # If there's no config file by that name, mv it over: if [ ! -r $OLD ]; then mv $NEW $OLD elif [ "$(cat $OLD | md5sum)" = "$(cat $NEW | md5sum)" ]; then - # toss the redundant copy rm $NEW fi - # Otherwise, we leave the .new copy for the admin to consider... } preserve_perms() { @@ -24,3 +21,4 @@ preserve_perms() { preserve_perms etc/rc.d/rc.sslh.new config etc/sslh/sslh.cfg.new +config etc/default/sslh.new diff --git a/network/sslh/git2tarxz.sh b/network/sslh/git2tarxz.sh new file mode 100644 index 0000000000..3430dbcb6a --- /dev/null +++ b/network/sslh/git2tarxz.sh @@ -0,0 +1,46 @@ +#!/bin/sh + +# Create source tarball from git repo, with generated version +# number. + +# Note that this script doesn't need to be run as root. It does +# need to be able to write to the current directory it's run from. + +# Takes one optional argument, which is the commit or tag to create +# a tarball of. With no arg, HEAD is used. + +PRGNAM=sslh +CLONE_URL=https://github.com/yrutschle/sslh + +set -e + +GITDIR=$( mktemp -dt $PRGNAM.git.XXXXXX ) +rm -rf $GITDIR +git clone $CLONE_URL $GITDIR + +CWD="$( pwd )" +cd $GITDIR + +if [ "$1" != "" ]; then + git reset --hard "$1" || exit 1 +fi + +VERTAG=$( git tag --sort=version:refname | tail -1 | sed 's,^v,,' ) + +GIT_SHA=$( git rev-parse --short HEAD ) + +DATE=$( git log --date=format:%Y%m%d --format=%cd | head -1 ) + +VERSION=${VERTAG}+${DATE}_${GIT_SHA} + +rm -rf .git +find . -name .gitignore -print0 | xargs -0 rm -f + +cd "$CWD" +rm -rf $PRGNAM-$VERSION $PRGNAM-$VERSION.tar.xz +mv $GITDIR $PRGNAM-$VERSION +tar cvfJ $PRGNAM-$VERSION.tar.xz $PRGNAM-$VERSION + +echo +echo "Created tarball: $PRGNAM-$VERSION.tar.xz" +echo "VERSION=$VERSION" diff --git a/network/sslh/rc.sslh b/network/sslh/rc.sslh index 74c95ca56d..e375c67b0b 100644 --- a/network/sslh/rc.sslh +++ b/network/sslh/rc.sslh @@ -5,30 +5,34 @@ # Start/stop/restart the sslh daemon. # +PATH="/bin:/sbin:/usr/bin:/usr/sbin" +export PATH + NAME="sslh" -config="/etc/${NAME}/${NAME}.cfg" pidfile="/var/run/${NAME}.pid" +source /etc/default/$NAME || exit 1 + start() { if [[ -z $(pidof -o %PPID $NAME) ]]; then rm $pidfile &>/dev/null fi if [ ! -f $pidfile ]; then - echo "Start services: $NAME" - ${NAME} -F $config >/dev/null 2>&1 + echo "Starting SSL multiplexer: $NAME $SSLH_OPTS" + $NAME $SSLH_OPTS >/dev/null 2>&1 else - echo "Services $NAME already running." + echo "Service $NAME already running." fi } stop() { if [ -f $pidfile ]; then - echo "Stop services: $NAME" + echo "Stopping $NAME" kill $(cat $pidfile) >/dev/null 2>&1 rm $pidfile &>/dev/null else - echo "Services $NAME is not running." + echo "Service $NAME is not running." fi } diff --git a/network/sslh/slack-desc b/network/sslh/slack-desc index 0c90805d1e..57d4e92926 100644 --- a/network/sslh/slack-desc +++ b/network/sslh/slack-desc @@ -6,14 +6,14 @@ # customary to leave one space after the ':' except on otherwise blank lines. |-----handy-ruler------------------------------------------------------| -sslh: sslh (Applicative protocol multiplexer) +sslh: sslh (applicative protocol multiplexer) sslh: sslh: sslh accepts connections on specified ports, and forwards them sslh: further based on tests performed on the first data packet sent by sslh: the remote client. sslh: -sslh: Probes for HTTP, SSL, SSH, OpenVPN, tinc, XMPP are implemented, and -sslh: any other protocol that can be tested using a regular expression, +sslh: Probes for HTTP, SSL, SSH, OpenVPN, tinc, XMPP are implemented. +sslh: Any other protocol that can be tested using a regular expression sslh: can be recognised. sslh: -sslh: +sslh: This package built @WITHBSD@ libbsd and @WITHEV@ libev. diff --git a/network/sslh/sslh.SlackBuild b/network/sslh/sslh.SlackBuild index 0b2eda07c8..bb21aca0af 100644 --- a/network/sslh/sslh.SlackBuild +++ b/network/sslh/sslh.SlackBuild @@ -2,14 +2,29 @@ # Slackware build script for sslh -# -# Script created by mara <mara@fail.pp.ua> -# +# Script originally created by mara <email removed>. +# Modified, updated, and now maintained by B. Watson <urchlay@slackware.uk>. +# Original script had no license. Modified version is licensed under +# the WTFPL. See http://www.wtfpl.net/txt/copying/ for details. + +# 20250706 bkw: normally I would go with the latest release, but there +# are some pretty important-looking fixes in the last few git commits. +# There's not a single line of mara's original script left, other than +# boilerplate code copied from the SBo template, so I don't feel bad +# relicensing it. + +# 20250719 bkw: +# - updated for latest git, v2.2.4+20250630_11da63c. +# - fix almost everything: README, slack-desc, rc script... +# - allow libev to be optional and autodetected. +# - document option libbsd dep in README. +# - add /etc/default/sslh and make the rc.sslh script use it. +# - make slack-desc reflect optional deps used. cd $(dirname $0) ; CWD=$(pwd) PRGNAM=sslh -VERSION=${VERSION:-1.18} +VERSION=${VERSION:-2.2.4+20250630_11da63c} BUILD=${BUILD:-1} TAG=${TAG:-_SBo} PKGTYPE=${PKGTYPE:-tgz} @@ -22,9 +37,6 @@ if [ -z "$ARCH" ]; then esac fi -# If the variable PRINT_PACKAGE_NAME is set, then this script will report what -# the name of the created package would be, and then exit. This information -# could be useful to other scripts. if [ ! -z "${PRINT_PACKAGE_NAME}" ]; then echo "$PRGNAM-$VERSION-$ARCH-$BUILD$TAG.$PKGTYPE" exit 0 @@ -40,7 +52,7 @@ if [ "$ARCH" = "i586" ]; then elif [ "$ARCH" = "i686" ]; then SLKCFLAGS="-O2 -march=i686 -mtune=i686" LIBDIRSUFFIX="" -elif [ "$ARCH" = "x86_64" ]; then +elif [ "$ARCH" = "x86_64" -o "$ARCH" = "aarch64" ]; then SLKCFLAGS="-O2 -fPIC" LIBDIRSUFFIX="64" else @@ -53,43 +65,71 @@ set -e rm -rf $PKG mkdir -p $TMP $PKG $OUTPUT cd $TMP -rm -rf $PRGNAM-v$VERSION -tar xvf $CWD/$PRGNAM-v$VERSION.tar.gz -cd $PRGNAM-v$VERSION +rm -rf $PRGNAM-$VERSION +tar xvf $CWD/$PRGNAM-$VERSION.tar.xz +cd $PRGNAM-$VERSION chown -R root:root . -find -L . \ - \( -perm 777 -o -perm 775 -o -perm 750 -o -perm 711 -o -perm 555 \ - -o -perm 511 \) -exec chmod 755 {} \; -o \ - \( -perm 666 -o -perm 664 -o -perm 640 -o -perm 600 -o -perm 444 \ - -o -perm 440 -o -perm 400 \) -exec chmod 644 {} \; - -# fix slackware path in manpage -sed -i 's/init.d/rc.d/' sslh.pod -sed -i 's+/etc/default+/etc/sslh+' sslh.pod -make VERSION=\"v$VERSION\" - -# install initscripts -install -Dm 644 $CWD/rc.sslh $PKG/etc/rc.d/rc.sslh.new -# install example file -install -Dm 0644 example.cfg $PKG/etc/sslh/sslh.cfg.new -# manually install to have both ssl-fork and ssl-select -install -Dm 0755 sslh-fork $PKG/usr/bin/sslh-fork -install -Dm 0755 sslh-select $PKG/usr/bin/sslh-select -ln -s sslh-fork $PKG/usr/bin/sslh -# install manpage -install -Dm 0644 sslh.8.gz $PKG/usr/man/man8/sslh.8.gz - -find $PKG -print0 | xargs -0 file | grep -e "executable" -e "shared object" | grep ELF \ - | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null || true - -find $PKG/usr/man -type f -exec gzip -9 {} \; -for i in $( find $PKG/usr/man -type l ) ; do ln -s $( readlink $i ).gz $i.gz ; rm $i ; done - -mkdir -p $PKG/usr/doc/$PRGNAM-$VERSION -cat $CWD/$PRGNAM.SlackBuild > $PKG/usr/doc/$PRGNAM-$VERSION/$PRGNAM.SlackBuild +find -L . -perm /111 -a \! -perm 755 -a -exec chmod 755 {} + -o \ + \! -perm /111 -a \! -perm 644 -a -exec chmod 644 {} + + +# fix slackware paths in manpage +sed -i 's,init.d/sslh,rc.d/rc.sslh,' sslh.pod + +# 20250706 bkw: configure script ignores CFLAGS in the env. +sed -i "s/-O2/$SLKCFLAGS/" Makefile.in + +# 20250706 bkw: -lnsl allows configure to detect libwrap properly. +LIBS="-lnsl" \ +./configure \ + --prefix=/usr \ + --libdir=/usr/lib${LIBDIRSUFFIX} \ + --sysconfdir=/etc \ + --localstatedir=/var \ + --docdir=/usr/doc/$PRGNAM-$VERSION \ + --build=$ARCH-slackware-linux + +# 20250707 bkw: manual install, since there's 3 binaries and only +# one gets installed with 'make install'. +PBIN=$PKG/usr/sbin +PMAN=$PKG/usr/man/man8 +mkdir -p $PBIN $PMAN + +make sslh-fork sslh-select sslh.8.gz +install -m0644 -oroot -groot sslh.8.gz $PMAN +make sslh-ev || true # allow this to fail (if optional libev is missing) + +for i in ev fork select; do + bin=sslh-$i + if [ -e $bin ]; then + install -s -m0755 -oroot -groot $bin $PBIN + ln -s sslh.8.gz $PMAN/$bin.8.gz + fi +done + +ln -s sslh-fork $PBIN/sslh + +WITHBSD=WITHOUT; WITHEV=WITHOUT +objdump -p $PKG/usr/sbin/sslh | grep -q 'NEEDED.*libbsd' && WITHBSD=WITH +[ -e $PKG/usr/sbin/sslh-ev ] && WITHEV=WITH + +mkdir -p $PKG/etc/{rc.d,sslh,default} +cp -a *.cfg $PKG/etc/sslh +cat basic.cfg > $PKG/etc/sslh/sslh.cfg.new +cat $CWD/rc.sslh > $PKG/etc/rc.d/rc.sslh.new +cat $CWD/sslh.default > $PKG/etc/default/sslh.new + +# 20250707 bkw: don't need these in a slackware package: +rm -f doc/README.MacOSX doc/README.Windows.md doc/INSTALL.md + +PKGDOC=$PKG/usr/doc/$PRGNAM-$VERSION +mkdir -p $PKGDOC +cp -a COPYING ChangeLog README* TODO doc/* $PKGDOC +cat $CWD/$PRGNAM.SlackBuild > $PKGDOC/$PRGNAM.SlackBuild mkdir -p $PKG/install -cat $CWD/slack-desc > $PKG/install/slack-desc +sed -e "s,@WITHBSD@,$WITHBSD," -e "s,@WITHEV@,$WITHEV," \ + < $CWD/slack-desc \ + > $PKG/install/slack-desc cat $CWD/doinst.sh > $PKG/install/doinst.sh cd $PKG diff --git a/network/sslh/sslh.default b/network/sslh/sslh.default new file mode 100644 index 0000000000..55752d9a61 --- /dev/null +++ b/network/sslh/sslh.default @@ -0,0 +1,4 @@ +# Default options for the sslh daemon, read by /etc/rc.d/rc.sslh +# See sslh(8) for the options supported by sslh. + +SSLH_OPTS="-F /etc/sslh/sslh.cfg" diff --git a/network/sslh/sslh.info b/network/sslh/sslh.info index b5de12942e..06994c78c2 100644 --- a/network/sslh/sslh.info +++ b/network/sslh/sslh.info @@ -1,10 +1,10 @@ PRGNAM="sslh" -VERSION="1.18" +VERSION="2.2.4+20250630_11da63c" HOMEPAGE="http://www.rutschle.net/tech/sslh.shtml" -DOWNLOAD="http://www.rutschle.net/tech/sslh/sslh-v1.18.tar.gz" -MD5SUM="0e3568d5d234516c634d4df156473298" +DOWNLOAD="https://slackware.uk/~urchlay/src/sslh-2.2.4+20250630_11da63c.tar.xz" +MD5SUM="b23c8abe5cf3bf4495e59c30b7d5d4ff" DOWNLOAD_x86_64="" MD5SUM_x86_64="" REQUIRES="libconfig" -MAINTAINER="mara" -EMAIL="mara@fail.pp.ua" +MAINTAINER="B. Watson" +EMAIL="urchlay@slackware.uk" |