sshd upgrade

cookbooks/sshd/.github/workflows/chef.yml

@@ -0,0 +1,31 @@
+name: Chef
+
+on:
+  push:
+    branches: [ master ]
+  pull_request:
+    branches: [ master ]
+
+jobs:
+  dokken:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        os: ['centos-6', 'centos-7', 'centos-8', 'debian-8', 'debian-9', 'debian-10', 'ubuntu-1604', 'ubuntu-1804', 'ubuntu-2004']
+        suite: ['default', 'sshd-config']
+      fail-fast: false
+    steps:
+    - name: Check out code
+      uses: actions/checkout@master
+    - name: Install Chef
+      uses: actionshub/chef-install@main
+    - name: Linting
+      run: cookstyle -f simple || (echo "Run 'cookstyle -a' to correct cookstyle errors." && exit 1)
+    - name: test-kitchen
+      uses: actionshub/test-kitchen@main
+      with:
+        suite: ${{ matrix.suite }}
+        os: ${{ matrix.os }}
+      env:
+        CHEF_LICENSE: accept-no-persist
+        KITCHEN_LOCAL_YAML: .kitchen.dokken.yml

cookbooks/sshd/.kitchen.dokken.yml

@@ -0,0 +1,80 @@
+driver:
+  name: dokken
+  privileged: true # because Docker and SystemD/Upstart
+  chef_version: current
+
+transport:
+  name: dokken
+
+provisioner:
+  name: dokken
+  client_rb:
+    chef_license: "accept-silent"
+  deprecations_as_errors: false
+
+platforms:
+  - name: centos-6
+    driver:
+      image: dokken/centos-6
+      pid_one_command: /sbin/init
+  - name: centos-7
+    driver:
+      image: dokken/centos-7
+      pid_one_command: /usr/lib/systemd/systemd
+  - name: centos-8
+    driver:
+      image: dokken/centos-8
+      pid_one_command: /usr/lib/systemd/systemd
+
+  - name: debian-8
+    driver:
+      image: dokken/debian-8
+      pid_one_command: /bin/systemd
+      intermediate_instructions:
+        - RUN /usr/bin/apt-get update
+  - name: debian-9
+    driver:
+      image: dokken/debian-9
+      pid_one_command: /bin/systemd
+      intermediate_instructions:
+        - RUN /usr/bin/apt-get update
+  - name: debian-10
+    driver:
+      image: dokken/debian-10
+      pid_one_command: /bin/systemd
+      intermediate_instructions:
+        - RUN /usr/bin/apt-get update
+
+  - name: ubuntu-16.04
+    driver:
+      image: dokken/ubuntu-16.04
+      pid_one_command: /bin/systemd
+      intermediate_instructions:
+        - RUN /usr/bin/apt-get update
+  - name: ubuntu-18.04
+    driver:
+      image: dokken/ubuntu-18.04
+      pid_one_command: /bin/systemd
+      intermediate_instructions:
+        - RUN /usr/bin/apt-get update
+  - name: ubuntu-20.04
+    driver:
+      image: dokken/ubuntu-20.04
+      pid_one_command: /bin/systemd
+      intermediate_instructions:
+        - RUN /usr/bin/apt-get update
+
+suites:
+  - name: default
+    run_list:
+      - recipe[sshd-test::default]
+
+  - name: sshd_config
+    run_list:
+      - recipe[sshd-test::default]
+    attributes:
+      sshd:
+        sshd_config:
+          ServerKeyBits: 2048
+          ListenAddress: 0.0.0.0
+          PasswordAuthentication: 'no'

cookbooks/sshd/.kitchen.yml

@@ -9,13 +9,15 @@ verifier:
   name: inspec
 
 platforms:
-- name: ubuntu-18.04
+- name: centos-6.10
+- name: centos-7.8
+- name: centos-8.2
+- name: debian-8.8
+- name: debian-9.12
+- name: debian-10.4
 - name: ubuntu-16.04
-- name: ubuntu-14.04
-- name: debian-8.5
-- name: debian-9.0
-- name: centos-7.2
-- name: centos-6.6
+- name: ubuntu-18.04
+- name: ubuntu-20.04
 
 suites:
   - name: default

cookbooks/sshd/CHANGELOG.md

@@ -3,6 +3,42 @@ sshd CHANGELOG
 
 This file is used to list changes made in each version of the sshd cookbook.
 
+3.1.1
+-----
+
+- Enable `unify_mode`, for Chef-18 support
+
+
+3.1.0
+-----
+
+- Add Arch and Amazon linux platforms. Replace foodcritic in Gemfile in favor of cookstyle - [@jhboricua](https://github.com/jhboricua)
+
+
+3.0.0
+-----
+
+- Rename resource from `openssh_server` to `sshd_server`
+- Add platforms: centos-8 debian-10 and ubuntu-20
+- Apply cookstyle linting
+
+```ruby
+# Old notation
+sshd_server '/etc/sshd_config' do
+  Port 1234
+  X11Forward 'no'
+end
+
+# New notation
+sshd_server '/etc/sshd_config' do
+  sshd_config(
+    Port: 1234,
+    X11Forward: 'no'
+  )
+end
+```
+
+
 2.0.0
 -----
 
@@ -14,7 +50,7 @@ This file is used to list changes made in each version of the sshd cookbook.
 
 ```ruby
 # Old notation
-openssh_server '/etc/sshd_config' do
+open_server '/etc/sshd_config' do
   Port 1234
   X11Forward 'no'
 end

cookbooks/sshd/Gemfile

@@ -1,8 +1,7 @@
 source 'https://rubygems.org'
 
 group :lint do
-  gem 'foodcritic'
-  gem 'rubocop'
+  gem 'cookstyle'
 end
 
 group :unit do

cookbooks/sshd/README.md

@@ -91,13 +91,13 @@ depends 'sshd'
 To install and configure openssh-server from other recipes, use the following resource:
 
 ```ruby
-openssh_server node['sshd']['config_file']
+sshd_server node['sshd']['config_file']
 ```
 
 or, if you need a configuration which differs from the default
 
 ```ruby
-openssh_server '/etc/sshd_config' do
+sshd_server '/etc/sshd_config' do
   sshd_config(
     Port: 1234,
     X11Forward: 'no'
@@ -108,7 +108,7 @@ end
 The resource accepts all configuration options `sshd_config` supports.
 
 ```ruby
-openssh_server node['sshd']['config_file'] do
+sshd_server node['sshd']['config_file'] do
   sshd_config(
     Port:        1234
     X11Forward:  'yes'
@@ -132,7 +132,7 @@ end
 In case you need it, you can also use a custom template to use for `sshd_config`
 
 ```ruby
-openssh_server node['sshd']['config_file'] do
+sshd_server node['sshd']['config_file'] do
   cookbook 'mycookbook'
   source   'mytemplate.erb'
 end
@@ -189,4 +189,4 @@ Contributions of any sort are very welcome!
 # License and Authors
 
 Authors: Chris Aumann <[email protected]>
-Contributors: Jeremy Olliver, Andy Thompson, Peter Walz, Kevin Olbrich, Johnny Martin
+Contributors: Jeremy Olliver, Andy Thompson, Peter Walz, Kevin Olbrich, Johnny Martin, Renato Covarrubias, Jose A. Hernandez

cookbooks/sshd/attributes/default.rb

@@ -1,8 +1,8 @@
 #
-# Cookbook Name:: sshd
+# Cookbook:: sshd
 # Attributes:: default
 #
-# Copyright 2012, Chris Aumann
+# Copyright:: 2012, Chris Aumann
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -20,35 +20,31 @@
 
 # The package to install
 default['sshd']['package'] =
-  case node['platform']
-  when 'archlinux', 'suse'
+  if platform?('arch', 'suse')
     'openssh'
   else
     'openssh-server'
   end
 
 # Path to 'sshd' executable
 default['sshd']['sshd_path'] =
-  case node['platform']
-  when 'redhat', 'centos'
+  if platform?('redhat', 'centos')
     node['platform_version'].to_i >= 7 ? '/sbin/sshd' : '/usr/sbin/sshd'
   else
     '/usr/sbin/sshd'
   end
 
 # Path to 'sshd_config' configuration file
 default['sshd']['config_file'] =
-  case node['platform_family']
-  when 'mac_os_x'
+  if platform_family?('mac_os_x')
     '/etc/sshd_config'
   else
     '/etc/ssh/sshd_config'
   end
 
 # OpenSSH service name
 default['sshd']['service_name'] =
-  case node['platform_family']
-  when 'debian'
+  if platform_family?('debian')
     'ssh'
   else
     'sshd'
@@ -76,22 +72,32 @@
   case node['platform_family']
   when 'debian', 'mac_os_x'
     '0o644'
-  when 'rhel', 'fedora'
+  when 'amazon', 'arch', 'fedora', 'rhel'
     '0o600'
   end
 
 # Initialize sftp subsystem
 default['sshd']['sshd_config']['Subsystem'] =
   case node['platform_family']
+  when 'arch'
+    'sftp /usr/lib/ssh/sftp-server'
   when 'debian'
     'sftp /usr/lib/openssh/sftp-server'
-  when 'rhel', 'fedora'
+  when 'amazon', 'fedora', 'rhel'
     'sftp /usr/libexec/openssh/sftp-server'
   when 'mac_os_x'
     'sftp /usr/libexec/sftp-server'
   end
 
 case node['platform_family']
+when 'amazon'
+  default['sshd']['sshd_config']['SyslogFacility'] = 'AUTHPRIV'
+  default['sshd']['sshd_config']['AcceptEnv'] = 'LANG LANGUAGE LC_* XMODIFIERS'
+
+when 'arch'
+  default['sshd']['sshd_config']['SyslogFacility'] = 'AUTH'
+  default['sshd']['sshd_config']['X11Forwarding'] = 'no'
+
 when 'debian'
   # On debian-like systems, pam takes care of the motd
   default['sshd']['sshd_config']['PrintMotd'] = 'no'

cookbooks/sshd/libraries/helpers.rb

@@ -1,8 +1,8 @@
 #
-# Cookbook Name:: sshd
+# Cookbook:: sshd
 # Library:: helpers
 #
-# Copyright 2012, Chris Aumann
+# Copyright:: 2012, Chris Aumann
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -35,12 +35,14 @@ def generate_sshd_config(config)
       # Generate the configuration file.
       # Sort the hash, so Chef doesn't restart if nothing changed but the order
       config.sort.each do |e|
-        key, value = e[0], e[1]
+        key = e[0]
+        value = e[1]
 
         # Hashes are conditional blocks, which have to be placed at the end of the file
         if value.is_a? Hash
           value.sort.each do |se|
-            k, v = se[0], se[1]
+            k = se[0]
+            v = se[1]
             conditional_blocks << "#{key} #{k}\n"
             Array(v).each { |x, y| conditional_blocks << "    #{x} #{y}\n" }
           end

cookbooks/sshd/libraries/matchers.rb

@@ -1,5 +1 @@
-if defined?(ChefSpec)
-  def create_opensshd_server(resource_name)
-    ChefSpec::Matchers::ResourceMatcher.new(:openssh_server, :create, resource_name)
-  end
-end
+