blob: 7f54979d74eabee515180c6f4539e3063e89dd09 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
|
# New ports collection makefile for: openssh
# Date created: 18 Mar 1999
# Whom: dwcjr@inethouston.net
#
# $FreeBSD$
#
PORTNAME= openssh
DISTVERSION= 5.0p1
PORTEPOCH= 1
CATEGORIES= security ipv6
.if defined(OPENSSH_SNAPSHOT)
MASTER_SITES= http://www.mindrot.org/openssh_snap/
.else
MASTER_SITES= ${MASTER_SITE_OPENBSD}
MASTER_SITE_SUBDIR= OpenSSH/portable
.endif
PKGNAMESUFFIX= ${PORTABLE_SUFFIX}${GSSAPI_SUFFIX}${BASE_SUFFIX}
DISTNAME= # empty
MAINTAINER= mnag@FreeBSD.org
COMMENT= The portable version of OpenBSD's OpenSSH
.if defined(OPENSSH_SNAPSHOT)
PORTREVISION!= date -v-1d +%Y%m%d
NO_CHECKSUM= yes
DISTNAME+= ${PORTNAME}-SNAP-${PORTREVISION}
.else
DISTNAME+= ${PORTNAME}-${DISTVERSION}
.endif
WRKSRC= ${WRKDIR}/${PORTNAME}-${DISTVERSION}
MAN1= sftp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 scp.1 ssh.1
MLINKS= ssh.1 slogin.1
MAN5= ssh_config.5 sshd_config.5
MAN8= sftp-server.8 sshd.8 ssh-keysign.8
CONFLICTS?= openssh-3.* ssh-1.* ssh2-3.*
USE_OPENSSL= yes
GNU_CONFIGURE= yes
CONFIGURE_ARGS= --prefix=${PREFIX} --with-md5-passwords \
--without-zlib-version-check --with-ssl-engine
PRECIOUS= ssh_config sshd_config ssh_host_key ssh_host_key.pub \
ssh_host_rsa_key ssh_host_rsa_key.pub ssh_host_dsa_key \
ssh_host_dsa_key.pub
ETCOLD= ${PREFIX}/etc
PORTABLE_SUFFIX= -portable
SUDO?= # empty
MAKE_ENV+= SUDO="${SUDO}"
OPTIONS= PAM "Enable pam(3) support" on \
TCP_WRAPPERS "Enable tcp_wrappers support" on \
LIBEDIT "Enable readline support to sftp(1)" on \
KERBEROS "Enable kerberos (autodetection)" on \
SUID_SSH "Enable suid SSH (Recommended off)" off \
GSSAPI "Enable GSSAPI support (req: KERBEROS)" off \
KERB_GSSAPI "Enable Kerberos/GSSAPI patch (req: GSSAPI)" off \
OPENSSH_CHROOT "Enable CHROOT support" off \
OPENSC "Enable OpenSC smartcard support" off \
OPENSCPINPATCH "Enable OpenSC PIN patch" off \
HPN "Enable HPN-SSH patch" off \
LPK "Enable LDAP Public Key (LPK) patch" off \
OVERWRITE_BASE "OpenSSH overwrite base" off
.include <bsd.port.pre.mk>
.if ${OSVERSION} >= 800037
BROKEN= does not compile
.endif
# Preserve deprecated OPENSSH_OVERWRITE_BASE settings
.if defined(OPENSSH_OVERWRITE_BASE)
WITH_OVERWRITE_BASE= yes
.endif
.if !defined(WITHOUT_PAM) && exists(/usr/include/security/pam_modules.h)
CONFIGURE_ARGS+= --with-pam
.endif
.if !defined(WITHOUT_TCP_WRAPPERS) && exists(/usr/include/tcpd.h)
CONFIGURE_ARGS+= --with-tcp-wrappers
.endif
.if !defined(WITHOUT_LIBEDIT)
CONFIGURE_ARGS+= --with-libedit
.endif
.if !defined(WITH_SUID_SSH)
CONFIGURE_ARGS+= --disable-suid-ssh
.endif
.if !defined(WITHOUT_KERBEROS)
.if defined(KRB5_HOME) && exists(${KRB5_HOME}) || defined(WITH_GSSAPI)
.if defined(WITH_KERB_GSSAPI)
PATCH_DIST_STRIP= -p0
PATCH_SITES+= http://www.sxw.org.uk/computing/patches/
PATCHFILES+= openssh-5.0p1-gsskex-20080404.patch
.endif
PORTABLE_SUFFIX= # empty
GSSAPI_SUFFIX= -gssapi
CONFLICTS+= openssh-portable-*-[0-9]*
CONFIGURE_ARGS+= --with-kerberos5=${KRB5_HOME}
.if ${OPENSSLBASE} == "/usr"
CONFIGURE_ARGS+= --without-rpath
LDFLAGS= # empty
.endif
.else
CONFLICTS+= openssh-gssapi-*-[0-9]*
CONFIGURE_ARGS+= --with-rpath=${OPENSSLRPATH}
.if exists(/usr/include/krb5.h)
CONFIGURE_ARGS+= --with-kerberos5
EXTRA_PATCHES+= ${FILESDIR}/gss-serv.c.patch
.endif
.endif
.endif
.if ${OPENSSLBASE} != "/usr"
CONFIGURE_ARGS+= --with-ssl-dir=${OPENSSLBASE}
.endif
.if defined(WITH_OPENSSH_CHROOT)
CFLAGS+= -DCHROOT
.endif
.if defined(WITH_OPENSC)
LIB_DEPENDS+= opensc.2:${PORTSDIR}/security/opensc
CONFIGURE_ARGS+= --with-opensc=${LOCALBASE}
.endif
# See http://bugzilla.mindrot.org/show_bug.cgi?id=608
.if defined(WITH_OPENSCPINPATCH)
EXTRA_PATCHES+= ${FILESDIR}/scardpin.patch
.endif
.if defined(WITH_HPN) && defined(WITH_LPK)
BROKEN= HPN and LPK patches are incompatible
.endif
.if defined(WITH_HPN)
PATCH_DIST_STRIP= -p1
PATCH_SITES+= http://www.psc.edu/networking/projects/hpn-ssh/
PATCHFILES+= openssh-5.0p1-hpn13v3.diff.gz
.endif
# See http://dev.inversepath.com/trac/openssh-lpk
.if defined(WITH_LPK)
EXTRA_PATCHES= ${FILESDIR}/openssh-lpk-5.0p1-0.3.9.patch
USE_OPENLDAP= yes
CPPFLAGS+= "-I${LOCALBASE}/include -DWITH_LDAP_PUBKEY"
CONFIGURE_ARGS+= --with-libs='-lldap' --with-ldflags='-L${LOCALBASE}/lib' \
--with-cppflags='-I${LOCALBASE}/include -DWITH_LDAP_PUBKEY'
.endif
.if defined(WITH_OVERWRITE_BASE)
WITH_OPENSSL_BASE= yes
BASE_SUFFIX= -overwrite-base
CONFIGURE_ARGS+= --localstatedir=/var
EMPTYDIR= /var/empty
PREFIX= /usr
ETCSSH= /etc/ssh
USE_RC_SUBR= yes
SUB_FILES+= openssh
PLIST_SUB+= NOTBASE="@comment "
PLIST_SUB+= BASE=""
PLIST_SUB+= BASEPREFIX="${PREFIX}"
.else
.if exists(/var/empty)
EMPTYDIR= /var/empty
.else
EMPTYDIR= ${PREFIX}/empty
.endif
ETCSSH= ${PREFIX}/etc/ssh
USE_RC_SUBR= openssh
PLIST_SUB+= NOTBASE=""
PLIST_SUB+= BASE="@comment "
.endif
# After all
SUB_LIST+= ETCSSH="${ETCSSH}"
PLIST_SUB+= EMPTYDIR="${EMPTYDIR}"
CONFIGURE_ARGS+= --sysconfdir=${ETCSSH} --with-privsep-path=${EMPTYDIR}
RC_SCRIPT_NAME= openssh${RC_SUBR_SUFFIX}
post-extract:
.if defined(OPENSSH_SNAPSHOT)
@# rc.d script have same name of openssh snapshot dir
@${MV} ${WRKDIR}/${PORTNAME} ${WRKDIR}/${PORTNAME}-${DISTVERSION}
.endif
post-patch:
@${REINPLACE_CMD} -e 's|-ldes|-lcrypto|g' ${WRKSRC}/configure
.if defined(WITH_OVERWRITE_BASE)
@${REINPLACE_CMD} -e 's|%%PREFIX%%|${LOCALBASE}|' \
-e 's|%%RC_SCRIPT_NAME%%|${RC_SCRIPT_NAME}|' ${WRKSRC}/sshd.8
.else
@${REINPLACE_CMD} -e 's|%%PREFIX%%|${PREFIX}|' \
-e 's|%%RC_SCRIPT_NAME%%|${RC_SCRIPT_NAME}|' ${WRKSRC}/sshd.8
.endif
@${REINPLACE_CMD} -E -e 's|SSH_VERSION|TMP_SSH_VERSION|' \
-e 's|.*SSH_RELEASE.*||' ${WRKSRC}/version.h
@${ECHO_CMD} '#define FREEBSD_PORT_VERSION " FreeBSD-${PKGNAME}"' >> \
${WRKSRC}/version.h
@${ECHO_CMD} '#define SSH_VERSION TMP_SSH_VERSION SSH_PORTABLE FREEBSD_PORT_VERSION' >> \
${WRKSRC}/version.h
@${ECHO_CMD} '#define SSH_RELEASE TMP_SSH_VERSION SSH_PORTABLE FREEBSD_PORT_VERSION' >> \
${WRKSRC}/version.h
.if defined(WITH_HPN)
@${REINPLACE_CMD} -e 's|TMP_SSH_VERSION SSH_PORTABLE|TMP_SSH_VERSION SSH_PORTABLE SSH_HPN|' \
${WRKSRC}/version.h
.endif
pre-install:
.if defined(WITH_OVERWRITE_BASE)
@${MKDIR} ${EMPTYDIR}
.else
@${MKDIR} ${PREFIX}/empty
.endif
if ! pw groupshow sshd; then pw groupadd sshd -g 22; fi
if ! pw usershow sshd; then pw useradd sshd -g sshd -u 22 \
-h - -d ${EMPTYDIR} -s /nonexistent -c "sshd privilege separation"; fi
.if !exists(${ETCSSH})
@${MKDIR} ${ETCSSH}
.endif
.for i in ${PRECIOUS}
.if exists(${ETCOLD}/${i}) && !exists(${ETCSSH}/${i})
@${ECHO_MSG} "==> Linking ${ETCSSH}/${i} from old layout."
${LN} ${ETCOLD}/${i} ${ETCSSH}/${i}
.endif
.endfor
post-install:
${INSTALL_DATA} -c ${WRKSRC}/ssh_config.out ${ETCSSH}/ssh_config-dist
${INSTALL_DATA} -c ${WRKSRC}/sshd_config.out ${ETCSSH}/sshd_config-dist
.if defined(WITH_OVERWRITE_BASE)
@${ECHO_CMD} "===> Installing rc.d startup script(s)"
@${ECHO_CMD} "@cwd ${LOCALBASE}" >> ${TMPPLIST}
@${INSTALL_SCRIPT} ${WRKDIR}/openssh ${LOCALBASE}/etc/rc.d/${RC_SCRIPT_NAME}
@${ECHO_CMD} "etc/rc.d/${RC_SCRIPT_NAME}" >> ${TMPPLIST}
@${ECHO_CMD} "@cwd ${PREFIX}" >> ${TMPPLIST}
.endif
@${CAT} ${PKGMESSAGE}
test: build
(cd ${WRKSRC}/regress && ${SETENV} ${MAKE_ENV} TEST_SHELL=/bin/sh \
PATH=${WRKSRC}:${PREFIX}/bin:${PREFIX}/sbin:${PATH} \
${MAKE} ${MAKE_FLAGS} ${MAKEFILE} ${MAKE_ARGS})
.include <bsd.port.post.mk>
|
