Add pam support, rebase to 3.14 (#45)

.github/workflows/external_trigger.yml

@@ -18,8 +18,8 @@ jobs:
           fi
           echo "**** External trigger running off of master branch. To disable this trigger, set a Github secret named \"PAUSE_EXTERNAL_TRIGGER_OPENSSH_SERVER_MASTER\". ****"
           echo "**** Retrieving external version ****"
-          EXT_RELEASE=$(curl -sL "http://nl.alpinelinux.org/alpine/v3.13/main/x86_64/APKINDEX.tar.gz" | tar -xz -C /tmp \
-            && awk '/^P:'"openssh-server"'$/,/V:/' /tmp/APKINDEX | sed -n 2p | sed 's/^V://')
+          EXT_RELEASE=$(curl -sL "http://dl-cdn.alpinelinux.org/alpine/v3.14/main/x86_64/APKINDEX.tar.gz" | tar -xz -C /tmp \
+            && awk '/^P:'"openssh-server-pam"'$/,/V:/' /tmp/APKINDEX | sed -n 2p | sed 's/^V://')
           if [ -z "${EXT_RELEASE}" ] || [ "${EXT_RELEASE}" == "null" ]; then
             echo "**** Can't retrieve external version, exiting ****"
             FAILURE_REASON="Can't retrieve external version for openssh-server branch master"

Dockerfile

@@ -1,4 +1,4 @@
-FROM ghcr.io/linuxserver/baseimage-alpine:3.13
+FROM ghcr.io/linuxserver/baseimage-alpine:3.14
 
 # set version label
 ARG BUILD_DATE
@@ -8,26 +8,26 @@ LABEL build_version="Linuxserver.io version:- ${VERSION} Build-date:- ${BUILD_DA
 LABEL maintainer="aptalca"
 
 RUN \
- echo "**** install runtime packages ****" && \
- apk add --no-cache --upgrade \
-	curl \
-	logrotate \
-	nano \
-	sudo && \
- echo "**** install openssh-server ****" && \
- if [ -z ${OPENSSH_RELEASE+x} ]; then \
-	OPENSSH_RELEASE=$(curl -sL "http://dl-cdn.alpinelinux.org/alpine/v3.13/main/x86_64/APKINDEX.tar.gz" | tar -xz -C /tmp \
-	&& awk '/^P:openssh-server$/,/V:/' /tmp/APKINDEX | sed -n 2p | sed 's/^V://'); \
- fi && \
- apk add --no-cache \
-	openssh-client==${OPENSSH_RELEASE} \
-	openssh-server==${OPENSSH_RELEASE} \
-	openssh-sftp-server==${OPENSSH_RELEASE} && \
- echo "**** setup openssh environment ****" && \
- sed -i 's/#PasswordAuthentication yes/PasswordAuthentication no/g' /etc/ssh/sshd_config && \
- usermod --shell /bin/bash abc && \
- rm -rf \
-	/tmp/*
+  echo "**** install runtime packages ****" && \
+  apk add --no-cache --upgrade \
+    curl \
+    logrotate \
+    nano \
+    sudo && \
+  echo "**** install openssh-server ****" && \
+  if [ -z ${OPENSSH_RELEASE+x} ]; then \
+    OPENSSH_RELEASE=$(curl -sL "http://dl-cdn.alpinelinux.org/alpine/v3.14/main/x86_64/APKINDEX.tar.gz" | tar -xz -C /tmp && \
+    awk '/^P:openssh-server-pam$/,/V:/' /tmp/APKINDEX | sed -n 2p | sed 's/^V://'); \
+  fi && \
+  apk add --no-cache \
+    openssh-client==${OPENSSH_RELEASE} \
+    openssh-server-pam==${OPENSSH_RELEASE} \
+    openssh-sftp-server==${OPENSSH_RELEASE} && \
+  echo "**** setup openssh environment ****" && \
+  sed -i 's/#PasswordAuthentication yes/PasswordAuthentication no/g' /etc/ssh/sshd_config && \
+  usermod --shell /bin/bash abc && \
+  rm -rf \
+    /tmp/*
 
 # add local files
 COPY /root /

Dockerfile.aarch64

@@ -1,4 +1,4 @@
-FROM ghcr.io/linuxserver/baseimage-alpine:arm64v8-3.13
+FROM ghcr.io/linuxserver/baseimage-alpine:arm64v8-3.14
 
 # set version label
 ARG BUILD_DATE
@@ -8,26 +8,26 @@ LABEL build_version="Linuxserver.io version:- ${VERSION} Build-date:- ${BUILD_DA
 LABEL maintainer="aptalca"
 
 RUN \
- echo "**** install runtime packages ****" && \
- apk add --no-cache --upgrade \
-	curl \
-	logrotate \
-	nano \
-	sudo && \
- echo "**** install openssh-server ****" && \
- if [ -z ${OPENSSH_RELEASE+x} ]; then \
-	OPENSSH_RELEASE=$(curl -sL "http://dl-cdn.alpinelinux.org/alpine/v3.13/main/x86_64/APKINDEX.tar.gz" | tar -xz -C /tmp \
-	&& awk '/^P:openssh-server$/,/V:/' /tmp/APKINDEX | sed -n 2p | sed 's/^V://'); \
- fi && \
- apk add --no-cache \
-	openssh-client==${OPENSSH_RELEASE} \
-	openssh-server==${OPENSSH_RELEASE} \
-	openssh-sftp-server==${OPENSSH_RELEASE} && \
- echo "**** setup openssh environment ****" && \
- sed -i 's/#PasswordAuthentication yes/PasswordAuthentication no/g' /etc/ssh/sshd_config && \
- usermod --shell /bin/bash abc && \
- rm -rf \
-	/tmp/*
+  echo "**** install runtime packages ****" && \
+  apk add --no-cache --upgrade \
+    curl \
+    logrotate \
+    nano \
+    sudo && \
+  echo "**** install openssh-server ****" && \
+  if [ -z ${OPENSSH_RELEASE+x} ]; then \
+    OPENSSH_RELEASE=$(curl -sL "http://dl-cdn.alpinelinux.org/alpine/v3.14/main/aarch64/APKINDEX.tar.gz" | tar -xz -C /tmp && \
+    awk '/^P:openssh-server-pam$/,/V:/' /tmp/APKINDEX | sed -n 2p | sed 's/^V://'); \
+  fi && \
+  apk add --no-cache \
+    openssh-client==${OPENSSH_RELEASE} \
+    openssh-server-pam==${OPENSSH_RELEASE} \
+    openssh-sftp-server==${OPENSSH_RELEASE} && \
+  echo "**** setup openssh environment ****" && \
+  sed -i 's/#PasswordAuthentication yes/PasswordAuthentication no/g' /etc/ssh/sshd_config && \
+  usermod --shell /bin/bash abc && \
+  rm -rf \
+    /tmp/*
 
 # add local files
 COPY /root /

Dockerfile.armhf

@@ -1,4 +1,4 @@
-FROM ghcr.io/linuxserver/baseimage-alpine:arm32v7-3.13
+FROM ghcr.io/linuxserver/baseimage-alpine:arm32v7-3.14
 
 # set version label
 ARG BUILD_DATE
@@ -8,26 +8,26 @@ LABEL build_version="Linuxserver.io version:- ${VERSION} Build-date:- ${BUILD_DA
 LABEL maintainer="aptalca"
 
 RUN \
- echo "**** install runtime packages ****" && \
- apk add --no-cache --upgrade \
-	curl \
-	logrotate \
-	nano \
-	sudo && \
- echo "**** install openssh-server ****" && \
- if [ -z ${OPENSSH_RELEASE+x} ]; then \
-	OPENSSH_RELEASE=$(curl -sL "http://dl-cdn.alpinelinux.org/alpine/v3.13/main/x86_64/APKINDEX.tar.gz" | tar -xz -C /tmp \
-	&& awk '/^P:openssh-server$/,/V:/' /tmp/APKINDEX | sed -n 2p | sed 's/^V://'); \
- fi && \
- apk add --no-cache \
-	openssh-client==${OPENSSH_RELEASE} \
-	openssh-server==${OPENSSH_RELEASE} \
-	openssh-sftp-server==${OPENSSH_RELEASE} && \
- echo "**** setup openssh environment ****" && \
- sed -i 's/#PasswordAuthentication yes/PasswordAuthentication no/g' /etc/ssh/sshd_config && \
- usermod --shell /bin/bash abc && \
- rm -rf \
-	/tmp/*
+  echo "**** install runtime packages ****" && \
+  apk add --no-cache --upgrade \
+    curl \
+    logrotate \
+    nano \
+    sudo && \
+  echo "**** install openssh-server ****" && \
+  if [ -z ${OPENSSH_RELEASE+x} ]; then \
+    OPENSSH_RELEASE=$(curl -sL "http://dl-cdn.alpinelinux.org/alpine/v3.14/main/armhf/APKINDEX.tar.gz" | tar -xz -C /tmp && \
+    awk '/^P:openssh-server-pam$/,/V:/' /tmp/APKINDEX | sed -n 2p | sed 's/^V://'); \
+  fi && \
+  apk add --no-cache \
+    openssh-client==${OPENSSH_RELEASE} \
+    openssh-server-pam==${OPENSSH_RELEASE} \
+    openssh-sftp-server==${OPENSSH_RELEASE} && \
+  echo "**** setup openssh environment ****" && \
+  sed -i 's/#PasswordAuthentication yes/PasswordAuthentication no/g' /etc/ssh/sshd_config && \
+  usermod --shell /bin/bash abc && \
+  rm -rf \
+    /tmp/*
 
 # add local files
 COPY /root /

Jenkinsfile

@@ -24,9 +24,9 @@ pipeline {
     DEV_DOCKERHUB_IMAGE = 'lsiodev/openssh-server'
     PR_DOCKERHUB_IMAGE = 'lspipepr/openssh-server'
     DIST_IMAGE = 'alpine'
-    DIST_TAG = '3.13'
-    DIST_REPO = 'http://nl.alpinelinux.org/alpine/v3.13/main/'
-    DIST_REPO_PACKAGES = 'openssh-server'
+    DIST_TAG = '3.14'
+    DIST_REPO = 'http://dl-cdn.alpinelinux.org/alpine/v3.14/main/'
+    DIST_REPO_PACKAGES = 'openssh-server-pam'
     MULTIARCH='true'
     CI='true'
     CI_WEB='false'

README.md

@@ -281,6 +281,7 @@ Once registered you can define the dockerfile to use with `-f Dockerfile.aarch64
 
 ## Versions
 
+* **28.06.21:** - Rebasing to alpine 3.14. Add support for PAM.
 * **10.02.21:** - Rebasing to alpine 3.13. Add openssh-client for scp.
 * **21.10.20:** - Implement s6-log for openssh, which adds local timestamps to logs and can be used with a log parser like fail2ban.
 * **20.10.20:** - Set umask for sftp.

jenkins-vars.yml

@@ -15,9 +15,9 @@ repo_vars:
   - DEV_DOCKERHUB_IMAGE = 'lsiodev/openssh-server'
   - PR_DOCKERHUB_IMAGE = 'lspipepr/openssh-server'
   - DIST_IMAGE = 'alpine'
-  - DIST_TAG = '3.13'
-  - DIST_REPO = 'http://nl.alpinelinux.org/alpine/v3.13/main/'
-  - DIST_REPO_PACKAGES = 'openssh-server'
+  - DIST_TAG = '3.14'
+  - DIST_REPO = 'http://dl-cdn.alpinelinux.org/alpine/v3.14/main/'
+  - DIST_REPO_PACKAGES = 'openssh-server-pam'
   - MULTIARCH='true'
   - CI='true'
   - CI_WEB='false'

readme-vars.yml

@@ -91,6 +91,7 @@ app_setup_block: |
 
 # changelog
 changelogs:
+  - { date: "28.06.21:", desc: "Rebasing to alpine 3.14. Add support for PAM." }
   - { date: "10.02.21:", desc: "Rebasing to alpine 3.13. Add openssh-client for scp." }
   - { date: "21.10.20:", desc: "Implement s6-log for openssh, which adds local timestamps to logs and can be used with a log parser like fail2ban." }
   - { date: "20.10.20:", desc: "Set umask for sftp." }

root/etc/cont-init.d/10-adduser

@@ -32,6 +32,23 @@ User uid:    $(id -u "$USER_NAME")
 User gid:    $(id -g "$USER_NAME")
 -------------------------------------
 "
+
+time32="$(date +%Y)"
+
+if [[ "${time32}" == "1970" || "${time32}" == "1969" ]] && [ "$(uname -m)" == "armv7l" ]; then
+  echo '
+@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
+
+Your DockerHost is most likely running an outdated version of libseccomp
+
+To fix this, please visit https://docs.linuxserver.io/faq#libseccomp
+
+Some apps might not behave correctly without this
+
+@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
+'
+fi
+
 chown "$USER_NAME":"$USER_NAME" /app
 chown "$USER_NAME":"$USER_NAME" /config
 chown "$USER_NAME":"$USER_NAME" /defaults

root/etc/services.d/openssh-server/run

@@ -3,4 +3,4 @@
 USER_NAME=${USER_NAME:-linuxserver.io}
 
 exec 2>&1 \
-        s6-setuidgid ${USER_NAME} /usr/sbin/sshd -D -e -p 2222
+        s6-setuidgid ${USER_NAME} /usr/sbin/sshd.pam -D -e -p 2222