src/secure/usr.bin/ssh, branch main

Remove MK_GSSAPI

2025-08-20T18:42:20+00:00

For MIT Kerberos, MK_GSSAPI has no meaning: GSSAPI is a required part of
Kerberos and is always built if MK_KERBEROS is enabled.  Backport this
behaviour to Heimdal so it works the same way.

While here, change Heimdal's libcom_err and compile_et to be selected by
MK_KERBEROS, not MK_KERBEROS_SUPPORT, since these are part of Kerberos
and third-party users might need it even if Kerberos support is disabled
in the base system.  This means MK_KERBEROS_SUPPORT installs the same
files with both MIT and Heimdal.

Reviewed by:	cy
Differential Revision:	https://reviews.freebsd.org/D51859

gssapi,krb5: Replace libgssapi with the MIT version

2025-08-07T17:17:00+00:00

lib/libgssapi is based on Heimdal. As on Linux systems, the MIT
libgssapi_krb5 replaces it. With both gssapi libraries and header files
installed results in broken buildworld (gssd) and ports that will not
build without modifications to support the MIT gssapi in an alternate
location.

73ed0c7992fd removed the MIT GSSAPI headers from /usr/include. Apps using
MIT KRB5 gssapi functions and structures will fail to build without this
patch.

This patch includes a temporary patch to usr.sbin/gssd to allow it
to build with this patch. rmacklem@ has a patch for this and for
kgssapi that uses this patch to resolve kgssapi issues for NFS with
Kerberos.

This patch is an updated version of D51661 to allow it to build following
additional patchs to the tree.

This should have been implmented with 7e35117eb07f.

Fixes:			7e35117eb07f, 73ed0c7992fd
Differential Revision:	https://reviews.freebsd.org/D51661

secure: Adapt Makefile to ssh-sk-client everywhere

2025-04-17T19:12:39+00:00

Upstream commit 7b47b40b1 ("adapt Makefile to ssh-sk-client everywhere")
adapted the Makefiles to ssh-sk-client.  Do the same here.

Reviewed by:	emaste
Approved by:	emaste (mentor)
Differential Revision:	https://reviews.freebsd.org/D49795

ssh: Consolidate HAVE_LDNS / LIBWRAP in ssh.mk

2025-02-20T23:33:46+00:00

Commit 9d63429fa163 ("ssh: move common Makefile boilerplate to a new
ssh.mk") introduced ssh.mk for common OpenSSH paths and flags, as part
of enabling FIDO/U2F.  Move duplicated MK_LDNS and MK_TCP_WRAPPERS
handling there.

Reviewed by:	kevans
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D31896

ssh: tidy include handling

2025-02-20T22:39:48+00:00

Centralize optional krb5_config.h handling in ssh.mk.  Do not add
headers (that are committed to the src tree) to SRCS as there is no
need.

Reviewed by:	imp, jlduran, kevans (all earlier)
MFC after:	1 month
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D34409

ssh: Move XAUTH_PATH setting to ssh.mk

2025-02-10T16:22:42+00:00

XAUTH_PATH is normally set (in the upstream build infrastructure) in
config.h.  We previously set it in ssh and sshd's Makefiles if LOCALBASE
is set, and over time have sometimes also defined it in config.h.

Leave it unset in config.h and move the CFLAGS logic to to ssh.mk so
that it will be set when building all ssh libraries and programs but
still be set by LOCALBASE.

Reviewed by:	jlduran
Sponsored by:	The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D48907

Remove residual blank line at start of Makefile

2024-07-15T22:43:39+00:00

This is a residual of the $FreeBSD$ removal.

MFC After: 3 days (though I'll just run the command on the branches)
Sponsored by: Netflix

Remove $FreeBSD$: one-line sh pattern

2023-08-16T17:55:03+00:00

Remove /^\s*#[#!]?\s*\$FreeBSD\$.*$\n/

Update/fix Makefile.depend for userland

2023-04-19T00:14:23+00:00

ssh: move common Makefile boilerplate to a new ssh.mk

2021-11-03T23:38:05+00:00

This moves SSHDIR and ssh_namespace.h handling to a common location,
and will simplify future work such as adding U2F support (D32509).

Reviewed by:	kevans
MFC after:	1 week
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D32808