Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/noloader/build-scripts

Collection of build scripts useful when testing on downlevel, abandonware and ransomware clients
https://github.com/noloader/build-scripts

build-system package-manager shell

Last synced: 3 months ago
JSON representation

Collection of build scripts useful when testing on downlevel, abandonware and ransomware clients

Host: GitHub
URL: https://github.com/noloader/build-scripts
Owner: noloader
Created: 2017-03-31T05:01:36.000Z (almost 8 years ago)
Default Branch: master
Last Pushed: 2024-03-30T21:02:35.000Z (10 months ago)
Last Synced: 2024-08-18T08:07:31.348Z (6 months ago)
Topics: build-system, package-manager, shell
Language: Shell
Homepage:
Size: 65.4 MB
Stars: 68
Watchers: 6
Forks: 20
Open Issues: 2
Metadata Files:
- Readme: README-Darwin.md
- Audit: audit-checksec-bins.sh

Awesome Lists containing this project

README

# Darwin

The Build-Scripts should work out-of-the-box for modern Darwin, like OS X 10.5. Once you run the setup recipes you should be able to build most programs with the scripts.

Modern OpenSSH no longer supports DSA keys by default. Default DSA support was disabled at OpenSSH 7.9. You should ensure you have an Ecdsa or Ed25519 key (or enable DSA keys in `sshd_config`). Also see [OpenSSH Release Notes](https://www.openssh.com/releasenotes.html).

After installing OpenSSH you should also tune `sshd_config` to suit your taste. You can disable password logins, enable public key logins, etc.

## System Integrity Protection

OS X 10.12 added System Integrity Protection (SIP). If SIP is in effect, then you have to disable SIP to modify the Launch Daemon and install `ssh-8.plist`. Also see [Disabling and Enabling System Integrity Protection](https://developer.apple.com/documentation/security/disabling_and_enabling_system_integrity_protection) and [About macOS Recovery on Intel-based Mac computers](https://support.apple.com/en-us/HT201314)..

## Setup

Once you clone the repo you should perform a one-time setup. The setup installs updated CA certificates and builds a modern Wget. `setup-cacerts.sh` installs a local copy of 11 CA certificates in `$HOME/.build-scripts/cacerts`. They are used to download source code packages for programs and libraries. `setup-wget.sh` installs a local copy of `wget` in `$HOME/.build-scripts/wget`. It is a reduced-functionality version of Wget with only HTTPS, IPv4, IPv6 and large-file support. It is anemic but functional enough to download packages over HTTPS.

```
$ ./setup-cacerts.sh
...

$ ./setup-wget.sh
...
```

You can build the fully-functional version of Wget by running `./build-wget.sh`, but it is not needed for OpenSSH.

## OpenSSH

The following steps should be performed to update OpenSSH. The new OpenSSH is permanently installed at `/opt/ssh` (as opposed to a location like `/usr/local`). `/opt/ssh` will have a standard filesystem below it.

```
$ INSTX_PREFIX=/opt/ssh ./build-openssh.sh
```

After building and installing OpenSSH you have to tell Darwin to use it. To do so you create a plist and tell the launch daemon about it.

First, generate new keys and/or copy existing keys to `$INSTX_PREFIX/etc`. You probably have new keys from `make install`, so copy existing keys as required.

Second, create or copy an existing `sshd_config` to `$INSTX_PREFIX/etc`.

Third, open `/System/Library/LaunchDaemons/ssh-8.plist` in a text editor. Add the following launch configuration.

```

Label
com.openssh.sshd.8
Program
/opt/ssh/sbin/sshd
ProgramArguments

/opt/ssh/sbin/sshd
-i
-e
-f
/opt/ssh/etc/sshd_config

SHAuthorizationRight
system.preferences
Sockets

Listeners

SockServiceName
22

StandardErrorPath
/var/log/sshd.8.log
inetdCompatibility

Wait

```

Be sure to use a name like `com.openssh.sshd.8` to avoid collisions with Apple's SSH service.

Finally, load the new configuration.

```
sudo launchctl load -w /System/Library/LaunchDaemons/ssh-8.plist
```

If needed, you can disable Apple's SSH daemon with the following.

```
sudo launchctl unload -w /System/Library/LaunchDaemons/ssh.plist
```