diff options
| author | jlam <jlam@pkgsrc.org> | 2002-02-05 04:17:31 +0000 |
|---|---|---|
| committer | jlam <jlam@pkgsrc.org> | 2002-02-05 04:17:31 +0000 |
| commit | f0540167c04e37e62b9f797e87eff333bab16a7c (patch) | |
| tree | 1b863098903ef1715423880e9b12ba1fc0b7aa99 /security | |
| parent | c47f6a256ec4d27948314cf19d0059d6af2ac958 (diff) | |
| download | pkgsrc-f0540167c04e37e62b9f797e87eff333bab16a7c.tar.gz | |
* SSH_CONF_DIR has been obsoleted. Use PKG_SYSCONFDIR instead.
* Build properly on systems that don't have /dev/urandom by testing for
the presence of /dev/urandom, instead of just testing for Solaris.
* Add disabled code to handle PAM (not quite working yet with security/PAM).
* Make the sshd rc.d script more /etc/rc.subr-friendly.
* Minimize amount of diffs from pristine OpenSSH sources.
Diffstat (limited to 'security')
| -rw-r--r-- | security/openssh/DEINSTALL | 18 | ||||
| -rw-r--r-- | security/openssh/INSTALL | 68 | ||||
| -rw-r--r-- | security/openssh/INSTALL.SunOS | 55 | ||||
| -rw-r--r-- | security/openssh/MESSAGE | 19 | ||||
| -rw-r--r-- | security/openssh/MESSAGE.pam | 9 | ||||
| -rw-r--r-- | security/openssh/MESSAGE.urandom | 8 | ||||
| -rw-r--r-- | security/openssh/Makefile | 120 | ||||
| -rw-r--r-- | security/openssh/PLIST | 4 | ||||
| -rw-r--r-- | security/openssh/PLIST.pam | 2 | ||||
| -rw-r--r-- | security/openssh/PLIST.prng | 2 | ||||
| -rw-r--r-- | security/openssh/distinfo | 8 | ||||
| -rw-r--r-- | security/openssh/files/sshd.sh | 125 | ||||
| -rw-r--r-- | security/openssh/patches/patch-aa | 72 | ||||
| -rw-r--r-- | security/openssh/patches/patch-ab | 57 | ||||
| -rw-r--r-- | security/openssh/patches/patch-ah | 83 |
15 files changed, 253 insertions, 397 deletions
diff --git a/security/openssh/DEINSTALL b/security/openssh/DEINSTALL deleted file mode 100644 index 771c31d155c..00000000000 --- a/security/openssh/DEINSTALL +++ /dev/null @@ -1,18 +0,0 @@ -#! /bin/sh -# -# $NetBSD: DEINSTALL,v 1.1 2001/11/01 01:17:04 zuntum Exp $ -# - -case "$2" in - DEINSTALL) cat <<EOF - -============================================================= -Note that ssh configuration, key, and random-seed files -(@SSH_CONF_DIR@/ssh*_config) are not removed in the deinstallation -process. You should remove those by hand, if you no longer -need them. -============================================================= - -EOF - ;; -esac diff --git a/security/openssh/INSTALL b/security/openssh/INSTALL deleted file mode 100644 index 37199358ebc..00000000000 --- a/security/openssh/INSTALL +++ /dev/null @@ -1,68 +0,0 @@ -#!/bin/sh -# -# $NetBSD: INSTALL,v 1.1 2001/11/01 01:17:04 zuntum Exp $ - -PKGNAME=$1 -STAGE=$2 - -case ${STAGE} in -PRE-INSTALL) - if ! dd if=/dev/urandom of=/dev/null bs=1 count=1 2>/dev/null >/dev/null - then - cat << EOF -=========================================================================== -You need a working /dev/urandom for ${PKGNAME} to work. - -Please make sure you have a kernel compiled from a config file -containing the line: - - pseudo-device rnd -=========================================================================== -EOF - exit 1 - fi - ;; -POST-INSTALL) - SSH_CONF_DIR=@SSH_CONF_DIR@ - SSH_EXAMPLE_DIR=${PKG_PREFIX}/share/examples/openssh - INSTALL_DATA="@INSTALL_DATA@" - - if [ ! -d ${SSH_CONF_DIR} ] - then - echo "Creating directory ${SSH_CONF_DIR} for ssh config files.." - @MKDIR@ ${SSH_CONF_DIR} - fi - for file in ssh_config sshd_config - do - if [ ! -f ${SSH_CONF_DIR}/${file} ] - then - echo "Installing example ${file} in ${SSH_CONF_DIR}.." - ${INSTALL_DATA} ${SSH_EXAMPLE_DIR}/${file} \ - ${SSH_CONF_DIR}/${file} - fi - done - if [ ! -f ${SSH_CONF_DIR}/ssh_host_key ] - then - echo "Generating an RSA1 secret host key in ${SSH_CONF_DIR}.." - ${PKG_PREFIX}/bin/ssh-keygen -t rsa1 -N "" \ - -f ${SSH_CONF_DIR}/ssh_host_key - fi - if [ ! -f ${SSH_CONF_DIR}/ssh_host_rsa_key ] - then - echo "Generating an RSA secret host key in ${SSH_CONF_DIR}.." - ${PKG_PREFIX}/bin/ssh-keygen -t rsa -N "" \ - -f ${SSH_CONF_DIR}/ssh_host_rsa_key - fi - if [ ! -f ${SSH_CONF_DIR}/ssh_host_dsa_key ] - then - echo "Generating a DSA secret host key in ${SSH_CONF_DIR}.." - ${PKG_PREFIX}/bin/ssh-keygen -t dsa -N "" \ - -f ${SSH_CONF_DIR}/ssh_host_dsa_key - fi - ;; -*) - echo "Unexpected argument: ${STAGE}" - exit 1 - ;; -esac -exit 0 diff --git a/security/openssh/INSTALL.SunOS b/security/openssh/INSTALL.SunOS deleted file mode 100644 index d06d4ccf818..00000000000 --- a/security/openssh/INSTALL.SunOS +++ /dev/null @@ -1,55 +0,0 @@ -#!/bin/sh -# -# $NetBSD: INSTALL.SunOS,v 1.2 2002/01/11 13:32:50 seb Exp $ - -PKGNAME=$1 -STAGE=$2 - -case ${STAGE} in -PRE-INSTALL) - ;; -POST-INSTALL) - SSH_CONF_DIR=@SSH_CONF_DIR@ - SSH_EXAMPLE_DIR=${PKG_PREFIX}/share/examples/openssh - INSTALL_DATA="@INSTALL_DATA@" - - if [ ! -d ${SSH_CONF_DIR} ] - then - echo "Creating directory ${SSH_CONF_DIR} for ssh config files.." - @MKDIR@ ${SSH_CONF_DIR} - fi - cd ${SSH_EXAMPLE_DIR} - for file in ssh_config ssh_prng_cmds sshd_config - do - if [ -f ${file} ] && [ ! -f ${SSH_CONF_DIR}/${file} ] - then - echo "Installing example ${file} in ${SSH_CONF_DIR}.." - ${INSTALL_DATA} ${file} \ - ${SSH_CONF_DIR}/${file} - fi - done - if [ ! -f ${SSH_CONF_DIR}/ssh_host_key ] - then - echo "Generating an RSA1 secret host key in ${SSH_CONF_DIR}.." - ${PKG_PREFIX}/bin/ssh-keygen -t rsa1 -N "" \ - -f ${SSH_CONF_DIR}/ssh_host_key - fi - if [ ! -f ${SSH_CONF_DIR}/ssh_host_rsa_key ] - then - echo "Generating a RSA secret host key in ${SSH_CONF_DIR}.." - ${PKG_PREFIX}/bin/ssh-keygen -t rsa -N "" \ - -f ${SSH_CONF_DIR}/ssh_host_rsa_key - fi - if [ ! -f ${SSH_CONF_DIR}/ssh_host_dsa_key ] - then - echo "Generating a DSA secret host key in ${SSH_CONF_DIR}.." - ${PKG_PREFIX}/bin/ssh-keygen -t dsa -N "" \ - -f ${SSH_CONF_DIR}/ssh_host_dsa_key - fi - ;; -*) - echo "Unexpected argument: ${STAGE}" - exit 1 - ;; -esac -exit 0 diff --git a/security/openssh/MESSAGE b/security/openssh/MESSAGE index 41ae6b87c62..9c7dcf724eb 100644 --- a/security/openssh/MESSAGE +++ b/security/openssh/MESSAGE @@ -1,20 +1,11 @@ ========================================================================== -$NetBSD: MESSAGE,v 1.2 2001/12/05 17:03:56 wiz Exp $ +$NetBSD: MESSAGE,v 1.3 2002/02/05 04:17:31 jlam Exp $ -If "starter" configuration files were installed (in ${SSH_CONF_DIR}) -when the package was installed, be sure to examine them (and the man pages -for ssh and sshd) to determine whether you want to make any changes. + *===* NOTICE *===* -Copies of the example configuration files are installed in -${PREFIX}/share/examples/openssh, so those can still be used for reference -after you have made changes to those installed in ${SSH_CONF_DIR}, or if -you had existing configuration files, which would not be overwritten in -the installation process. +The config files for ${PKGNAME} must be located in: -In general, you will want to set up /etc/rc.local to start sshd at boot -time. Something like the following should do the job: - -# Run sshd if installed and configured -${PREFIX}/etc/rc.d/sshd + ${PKG_SYSCONFDIR} +and the example files are located in ${EGDIR}. ========================================================================== diff --git a/security/openssh/MESSAGE.pam b/security/openssh/MESSAGE.pam new file mode 100644 index 00000000000..927eef9fc92 --- /dev/null +++ b/security/openssh/MESSAGE.pam @@ -0,0 +1,9 @@ +========================================================================== +$NetBSD: MESSAGE.pam,v 1.1 2002/02/05 04:17:31 jlam Exp $ + +To authenticate for SSH using PAM, add the contents of the file: + + ${EGDIR}/sshd.pam + +to your PAM configuration file. +========================================================================== diff --git a/security/openssh/MESSAGE.urandom b/security/openssh/MESSAGE.urandom new file mode 100644 index 00000000000..52641980c96 --- /dev/null +++ b/security/openssh/MESSAGE.urandom @@ -0,0 +1,8 @@ +=========================================================================== +$NetBSD: MESSAGE.urandom,v 1.1 2002/02/05 04:17:31 jlam Exp $ + +You will need a working /dev/urandom. Please make sure you have a kernel +compiled from a config file containing the line: + + pseudo-device rnd +=========================================================================== diff --git a/security/openssh/Makefile b/security/openssh/Makefile index f37b7d8f712..9d7bc8a38ad 100644 --- a/security/openssh/Makefile +++ b/security/openssh/Makefile @@ -1,4 +1,4 @@ -# $NetBSD: Makefile,v 1.60 2001/12/03 08:21:21 martti Exp $ +# $NetBSD: Makefile,v 1.61 2002/02/05 04:17:31 jlam Exp $ DISTNAME= openssh-3.0.2p1 PKGNAME= openssh-3.0.2.1 @@ -24,12 +24,9 @@ CRYPTO= yes # retain the following line, for IPv6-ready pkgsrc webpage BUILD_DEFS+= USE_INET6 #BUILD_DEFS+= KERBEROS -BUILD_DEFS+= SSH_CONF_DIR +BUILD_DEFS+= PKG_SYSCONFDIR BUILD_DEFS+= SSH_SUID -DEINSTALL_FILE= ${WRKDIR}/DEINSTALL -INSTALL_FILE= ${WRKDIR}/INSTALL - # matches what's in `Configure' (except sparc64 and alpha, see PR 10984) ONLY_FOR_PLATFORM= NetBSD-*-arm32 NetBSD-*-i386 \ NetBSD-*-m68k NetBSD-*-mips NetBSD-*-mipseb \ @@ -38,20 +35,38 @@ ONLY_FOR_PLATFORM= NetBSD-*-arm32 NetBSD-*-i386 \ .include "../../mk/bsd.prefs.mk" -SSH_CONF_DIR?= /etc +INSTALL_TARGET= install-nokeys +PLIST_SRC= # empty +MESSAGE_SRC= ${.CURDIR}/MESSAGE + +SSH_PID_DIR= /var/run # default directory for PID files +SSH_PID_DIR.SunOS= /etc # Solaris doesn't have a /var/run -MESSAGE_SUBST+= SSH_CONF_DIR=${SSH_CONF_DIR} +.if defined(SSH_PID_DIR.${OPSYS}) +SSH_PID_DIR= ${SSH_PID_DIR.${OPSYS}} +.endif USE_BUILDLINK_ONLY= yes GNU_CONFIGURE= yes -CONFIGURE_ARGS+= --sysconfdir=${SSH_CONF_DIR} +CONFIGURE_ARGS+= --sysconfdir=${PKG_SYSCONFDIR} +CONFIGURE_ARGS+= --with-pid-dir=${SSH_PID_DIR} CONFIGURE_ARGS+= --with-ssl-dir=${BUILDLINK_DIR} +CONFIGURE_ARGS+= --with-tcp-wrappers=${BUILDLINK_DIR} + +# XXX: PAM authentication causes memory faults, and I haven't tracked down +# XXX: why yet. For the moment, disable PAM authentication. +# +#.if defined(USE_PAM) +#.include "../../security/PAM/buildlink.mk" +#CONFIGURE_ARGS+= --with-pam +#PLIST_SRC+= ${.CURDIR}/PLIST.pam +#MESSAGE_SRC+= ${.CURDIR}/MESSAGE.pam +#.endif -.if ${OPSYS} == "NetBSD" -CONFIGURE_ARGS+= --with-tcp-wrappers # XXX: we have 4 args (4: sslen) to skeychallenge instead of 3 +#.if ${OPSYS} == "NetBSD" #CONFIGURE_ARGS+= --with-skey=/usr -.endif +#.endif # XXX: <krb.h> #.if defined(KERBEROS) @@ -64,68 +79,59 @@ CONFIGURE_ARGS+= --with-tcp-wrappers CONFIGURE_ARGS+= --disable-suid-ssh .endif -# Solaris normaly doesn't have a /var/run, thats why we put it in /etc -.if (${OPSYS} == SunOS) -CONFIGURE_ARGS+= --with-pid-dir=/etc -SSH_PID_DIR= /etc -.else -SSH_PID_DIR= /var/run -.endif - # The ssh-askpass program is in ${X11BASE}/bin or ${X11PREFIX}/bin depending # on if it's part of the X11 distribution, or if it's installed from pkgsrc -# (security/ssh-askpass). The configure process will lie about the compiled -# location of the ssh-askpass program. In reality, it uses what we give it -# below. +# (security/ssh-askpass). # .if exists(${X11BASE}/bin/ssh-askpass) -MAKE_ENV+= ASKPASS_PROGRAM=${X11BASE}/bin/ssh-askpass +ASKPASS_PROGRAM= ${X11BASE}/bin/ssh-askpass .else -MAKE_ENV+= ASKPASS_PROGRAM=${X11PREFIX}/bin/ssh-askpass +ASKPASS_PROGRAM= ${X11PREFIX}/bin/ssh-askpass .endif +CONFIGURE_ENV+= ASKPASS_PROGRAM=${ASKPASS_PROGRAM} +MAKE_ENV+= ASKPASS_PROGRAM=${ASKPASS_PROGRAM} -CHECK_FILES= bin/slogin man/man1/slogin.1 \ - share/examples/openssh/ssh_prng_cmds -PLIST_SRC= ${WRKDIR}/PLIST_DYNAMIC +CONFS= ssh_config sshd_config +SUPPS= moduli -.if (${OPSYS} == SunOS) -INSTALL_FILE= ${WRKDIR}/INSTALL.SunOS +.if exists(/dev/urandom) +MESSAGE_SRC+= ${.CURDIR}/MESSAGE.urandom +.else +CONFIGURE_ARGS+= --without-random +CONFS+= ssh_prng_cmds +PLIST_SRC+= ${.CURDIR}/PLIST.prng .endif -#post-patch: -# cd ${WRKSRC} ; autoreconf --force +EGDIR= ${PREFIX}/share/examples/${PKGBASE} +CONF_FILES= # empty +.for FILE in ${CONFS} +CONF_FILES+= ${EGDIR}/${FILE} ${PKG_SYSCONFDIR}/${FILE} +.endfor +SUPPORT_FILES= # empty +.for FILE in ${SUPPS} +SUPPORT_FILES+= ${EGDIR}/${FILE} ${PKG_SYSCONFDIR}/${FILE} +.endfor +RCD_SCRIPTS= sshd + +PLIST_SRC+= ${.CURDIR}/PLIST +FILES_SUBST+= SSH_PID_DIR=${SSH_PID_DIR} +MESSAGE_SUBST+= EGDIR=${EGDIR} post-build: - for FILE in \ - ${PKGDIR}/DEINSTALL \ - ${PKGDIR}/INSTALL \ - ${PKGDIR}/INSTALL.SunOS \ - ${FILESDIR}/sshd.sh; \ - do \ - ${SED} -e 's#@SSH_CONF_DIR@#${SSH_CONF_DIR}#g' \ - -e 's#@SSH_PID_DIR@#${SSH_PID_DIR}#g' \ - -e 's#@MKDIR@#${MKDIR}#g' \ - -e 's#@PREFIX@#${PREFIX}#g' \ - -e 's#@INSTALL_DATA@#${INSTALL_DATA}#g' \ - < $${FILE} > ${WRKDIR}/`basename $${FILE}`; \ - done - -pre-install: - PKG_PREFIX=${PREFIX} ${SH} ${INSTALL_FILE} ${PKGNAME} PRE-INSTALL + @${SED} ${FILES_SUBST_SED} ${FILESDIR}/sshd.sh > ${WRKDIR}/sshd post-install: - ${INSTALL_SCRIPT} ${WRKDIR}/sshd.sh ${PREFIX}/etc/rc.d/sshd - PKG_PREFIX=${PREFIX} ${SH} ${INSTALL_FILE} ${PKGNAME} POST-INSTALL - ${CP} ${PKGDIR}/PLIST ${PLIST_SRC} - cd ${PREFIX}; \ - for FILE in ${CHECK_FILES}; do \ - if [ ! -f $${FILE} ]; then \ - ${MV} ${PLIST_SRC} ${PLIST_SRC}.old; \ - ${GREP} -v "^$${FILE}" ${PLIST_SRC}.old >${PLIST_SRC}; \ - ${RM} ${PLIST_SRC}.old; \ - fi; \ + ${INSTALL_DATA_DIR} ${EGDIR} + cd ${WRKSRC}; for file in ${CONFS} ${SUPPS}; do \ + ${INSTALL_DATA} $${file}.out ${EGDIR}/$${file}; \ done +#.if defined(USE_PAM) +# ${INSTALL_DATA} ${WRKSRC}/contrib/sshd.pam.freebsd ${EGDIR}/sshd.pam +#.endif + ${INSTALL_SCRIPT} ${WRKDIR}/sshd ${PREFIX}/etc/rc.d/sshd .include "../../devel/zlib/buildlink.mk" .include "../../security/openssl/buildlink.mk" +.include "../../security/tcp_wrappers/buildlink.mk" +.include "../../mk/bsd.pkg.install.mk" .include "../../mk/bsd.pkg.mk" diff --git a/security/openssh/PLIST b/security/openssh/PLIST index 67b6927be2d..7068133532c 100644 --- a/security/openssh/PLIST +++ b/security/openssh/PLIST @@ -1,4 +1,4 @@ -@comment $NetBSD: PLIST,v 1.1 2001/11/01 01:17:04 zuntum Exp $ +@comment $NetBSD: PLIST,v 1.2 2002/02/05 04:17:31 jlam Exp $ bin/scp bin/sftp bin/slogin @@ -20,7 +20,7 @@ man/man1/ssh.1 man/man8/sftp-server.8 man/man8/sshd.8 sbin/sshd +share/examples/openssh/moduli share/examples/openssh/ssh_config -share/examples/openssh/ssh_prng_cmds share/examples/openssh/sshd_config @dirrm share/examples/openssh diff --git a/security/openssh/PLIST.pam b/security/openssh/PLIST.pam new file mode 100644 index 00000000000..7c01bc07488 --- /dev/null +++ b/security/openssh/PLIST.pam @@ -0,0 +1,2 @@ +@comment $NetBSD: PLIST.pam,v 1.1 2002/02/05 04:17:32 jlam Exp $ +share/examples/openssh/sshd.pam diff --git a/security/openssh/PLIST.prng b/security/openssh/PLIST.prng new file mode 100644 index 00000000000..107a756fcca --- /dev/null +++ b/security/openssh/PLIST.prng @@ -0,0 +1,2 @@ +@comment $NetBSD: PLIST.prng,v 1.1 2002/02/05 04:17:32 jlam Exp $ +share/examples/openssh/ssh_prng_cmds diff --git a/security/openssh/distinfo b/security/openssh/distinfo index ab7be93d78d..a6a6b1a0469 100644 --- a/security/openssh/distinfo +++ b/security/openssh/distinfo @@ -1,7 +1,7 @@ -$NetBSD: distinfo,v 1.8 2001/12/03 08:21:22 martti Exp $ +$NetBSD: distinfo,v 1.9 2002/02/05 04:17:32 jlam Exp $ SHA1 (openssh-3.0.2p1.tar.gz) = c9a7e02936ace163ea58ec42e8e3f95df27fef2a Size (openssh-3.0.2p1.tar.gz) = 781092 bytes -SHA1 (patch-aa) = 145bf76d30bb1869f58ce7509e2b2052f7423b1d -SHA1 (patch-ab) = 38bd428ecad2ac22e116baf729f06a241e837acb -SHA1 (patch-ah) = 0753da3a941094313a65e8e998fcc2a3434a6ae4 +SHA1 (patch-aa) = 275e035cbed29ec3e72d7b3c9290cec8068d742b +SHA1 (patch-ab) = 271811fc88fbed42f22fa1dc503dc88953b5d76f +SHA1 (patch-ah) = 0c75daaa11c6a6e32bce628b8f866008677f155f diff --git a/security/openssh/files/sshd.sh b/security/openssh/files/sshd.sh index c8d808f010f..43b637d08d1 100644 --- a/security/openssh/files/sshd.sh +++ b/security/openssh/files/sshd.sh @@ -1,56 +1,97 @@ #!/bin/sh # -# $NetBSD: sshd.sh,v 1.6 2001/10/19 09:42:08 veego Exp $ +# $NetBSD: sshd.sh,v 1.7 2002/02/05 04:17:32 jlam Exp $ # # PROVIDE: sshd # REQUIRE: DAEMON LOGIN +if [ -f /etc/rc.subr ] +then + . /etc/rc.subr +fi + name="sshd" +rcvar=$name +command="@PREFIX@/sbin/${name}" +keygen_command="@PREFIX@/bin/ssh-keygen" pidfile="@SSH_PID_DIR@/${name}.pid" +required_files="@PKG_SYSCONFDIR@/sshd_config" +extra_commands="keygen reload" -command=${1:-start} - -case ${command} in -start) - if [ ! -f @SSH_CONF_DIR@/ssh_host_key ] - then - @PREFIX@/bin/ssh-keygen -t rsa1 -N "" -f /etc/ssh_host_key - fi - if [ ! -f @SSH_CONF_DIR@/ssh_host_rsa_key ] - then - @PREFIX@/bin/ssh-keygen -t rsa -N "" -f /etc/ssh_host_rsa_key - fi - if [ ! -f @SSH_CONF_DIR@/ssh_host_dsa_key ] - then - @PREFIX@/bin/ssh-keygen -t dsa -N "" -f /etc/ssh_host_dsa_key - fi - if [ -x @PREFIX@/sbin/sshd -a -f @SSH_CONF_DIR@/sshd_config ] - then - echo "Starting ${name}." - @PREFIX@/sbin/sshd +sshd_keygen() +{ + ( + umask 022 + if [ -f @PKG_SYSCONFDIR@/ssh_host_key ]; then + @ECHO@ "You already have an RSA host key in @PKG_SYSCONFDIR@/ssh_host_key" + @ECHO@ "Skipping protocol version 1 RSA Key Generation" + else + ${keygen_command} -t rsa1 -b 1024 -f @PKG_SYSCONFDIR@/ssh_host_key -N '' fi - ;; -stop) - if [ -f ${pidfile} ]; then - pid=`head -1 ${pidfile}` - echo "Stopping ${name}." - kill -TERM ${pid} + + if [ -f @PKG_SYSCONFDIR@/ssh_host_dsa_key ]; then + @ECHO@ "You already have a DSA host key in @PKG_SYSCONFDIR@/ssh_host_dsa_key" + @ECHO@ "Skipping protocol version 2 DSA Key Generation" else - echo "${name} not running?" + ${keygen_command} -t dsa -f @PKG_SYSCONFDIR@/ssh_host_dsa_key -N '' fi - ;; -restart) - ( $0 stop ) - sleep 1 - $0 start - ;; -status) - if [ -f ${pidfile} ]; then - pid=`head -1 ${pidfile}` - echo "${name} is running as pid ${pid}." + + if [ -f @PKG_SYSCONFDIR@/ssh_host_rsa_key ]; then + @ECHO@ "You already have a RSA host key in @PKG_SYSCONFDIR@/ssh_host_rsa_key" + @ECHO@ "Skipping protocol version 2 RSA Key Generation" else - echo "${name} is not running." + ${keygen_command} -t rsa -f @PKG_SYSCONFDIR@/ssh_host_rsa_key -N '' + fi + ) +} + +sshd_precmd() +{ + if [ ! -f @PKG_SYSCONFDIR@/ssh_host_key -o \ + ! -f @PKG_SYSCONFDIR@/ssh_host_dsa_key -o \ + ! -f @PKG_SYSCONFDIR@/ssh_host_rsa_key ]; then + $0 keygen fi - ;; -esac -exit 0 +} + +keygen_cmd=sshd_keygen +start_precmd=sshd_precmd + +if [ -f /etc/rc.subr ] +then + load_rc_config $name + run_rc_command "$1" +else + case ${1:-start} in + start) + if [ -x ${command} -a -f ${required_files} ] + then + @ECHO@ "Starting ${name}." + eval ${start_precmd} + eval ${command} ${sshd_flags} ${command_args} + fi + ;; + stop) + if [ -f ${pidfile} ]; then + pid=`@HEAD@ -1 ${pidfile}` + @ECHO@ "Stopping ${name}." + kill -TERM ${pid} + else + @ECHO@ "${name} not running?" + fi + ;; + restart) + ( $0 stop ) + sleep 1 + $0 start + ;; + status) + if [ -f ${pidfile} ]; then + pid=`@HEAD@ -1 ${pidfile}` + @ECHO@ "${name} is running as pid ${pid}." + else + @ECHO@ "${name} is not running." + fi + ;; + esac +fi diff --git a/security/openssh/patches/patch-aa b/security/openssh/patches/patch-aa index 3d4f4f3adcf..c6247982231 100644 --- a/security/openssh/patches/patch-aa +++ b/security/openssh/patches/patch-aa @@ -1,43 +1,27 @@ -$NetBSD: patch-aa,v 1.18 2001/12/03 08:21:22 martti Exp $ +$NetBSD: patch-aa,v 1.19 2002/02/05 04:17:32 jlam Exp $ ---- configure.orig Sun Dec 2 00:38:55 2001 -+++ configure Mon Dec 3 08:41:49 2001 -@@ -3557,7 +3557,7 @@ - - ;; - *-*-netbsd*) -- need_dash_r=1 -+ #need_dash_r=1 # buildlink.mk +--- configure.orig Sat Dec 1 18:38:55 2001 ++++ configure +@@ -3587,8 +3587,6 @@ + CFLAGS="$CFLAGS" ;; - *-*-freebsd*) - check_for_libcrypt_later=1 -@@ -3589,7 +3589,7 @@ *-*-solaris*) - CPPFLAGS="$CPPFLAGS -I/usr/local/include" - LDFLAGS="$LDFLAGS -L/usr/local/lib -R/usr/local/lib" -- need_dash_r=1 -+ #need_dash_r=1 # buildlink.mk +- CPPFLAGS="$CPPFLAGS -I/usr/local/include" +- LDFLAGS="$LDFLAGS -L/usr/local/lib -R/usr/local/lib" + need_dash_r=1 cat >>confdefs.h <<\_ACEOF #define PAM_SUN_CODEBASE 1 - _ACEOF -@@ -6216,6 +6216,7 @@ - - # Check whether user wants TCP wrappers support - TCPW_MSG="no" -+TCPW_LIB="" - - # Check whether --with-tcp-wrappers or --without-tcp-wrappers was given. - if test "${with_tcp_wrappers+set}" = set; then -@@ -6252,6 +6253,8 @@ - #line 6252 "configure" - #include "confdefs.h" +@@ -4051,6 +4049,9 @@ + ;; + esac -+#include <sys/cdefs.h> -+#include <stdio.h> - #include <tcpd.h> - int deny_severity = 0, allow_severity = 0; ++# pkgsrc handles any rpath settings this package needs ++need_dash_r= ++ + # Allow user to specify flags -@@ -6289,6 +6292,7 @@ + # Check whether --with-cflags or --without-cflags was given. +@@ -6289,17 +6290,20 @@ _ACEOF TCPW_MSG="yes" @@ -45,19 +29,33 @@ $NetBSD: patch-aa,v 1.18 2001/12/03 08:21:22 martti Exp $ else echo "$as_me: failed program was:" >&5 -@@ -6300,6 +6304,7 @@ + cat conftest.$ac_ext >&5 + ++ TCPW_LIB="" + { { echo "$as_me:6297: error: *** libwrap missing" >&5 + echo "$as_me: error: *** libwrap missing" >&2;} + { (exit 1); exit 1; }; } fi rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext -+LIBS="$saved_LIBS" ++ LIBS="$saved_LIBS" fi fi; -@@ -15590,6 +15595,7 @@ +@@ -15590,6 +15594,7 @@ s,@TEST_MINUS_S_SH@,$TEST_MINUS_S_SH,;t t s,@LOGIN_PROGRAM_FALLBACK@,$LOGIN_PROGRAM_FALLBACK,;t t s,@LD@,$LD,;t t -+s,@TCPW_LIB@,$TCPW_LIB,g ++s,@TCPW_LIB@,$TCPW_LIB,;t t s,@NO_SFTP@,$NO_SFTP,;t t s,@rsh_path@,$rsh_path,;t t s,@xauth_path@,$xauth_path,;t t +@@ -16069,7 +16074,7 @@ + echo " User binaries: $B" + echo " System binaries: $C" + echo " Configuration files: $D" +-echo " Askpass program: $E" ++echo " Askpass program: ${ASKPASS_PROGRAM}" + echo " Manual pages: $F" + echo " PID file: $G" + echo " sshd default user PATH: $H" diff --git a/security/openssh/patches/patch-ab b/security/openssh/patches/patch-ab index de74fc5f58b..b984c99e908 100644 --- a/security/openssh/patches/patch-ab +++ b/security/openssh/patches/patch-ab @@ -1,33 +1,26 @@ -$NetBSD: patch-ab,v 1.6 2001/12/03 08:21:23 martti Exp $ +$NetBSD: patch-ab,v 1.7 2002/02/05 04:17:32 jlam Exp $ ---- configure.ac.orig Mon Dec 3 08:43:01 2001 -+++ configure.ac Mon Dec 3 08:44:59 2001 -@@ -132,7 +132,7 @@ - ) +--- configure.ac.orig Sat Nov 3 14:09:33 2001 ++++ configure.ac +@@ -150,8 +150,6 @@ + CFLAGS="$CFLAGS" ;; - *-*-netbsd*) -- need_dash_r=1 -+ #need_dash_r=1 # buildlink.mk - ;; - *-*-freebsd*) - check_for_libcrypt_later=1 -@@ -152,7 +152,7 @@ *-*-solaris*) - CPPFLAGS="$CPPFLAGS -I/usr/local/include" - LDFLAGS="$LDFLAGS -L/usr/local/lib -R/usr/local/lib" -- need_dash_r=1 -+ #need_dash_r=1 # buildlink.mk +- CPPFLAGS="$CPPFLAGS -I/usr/local/include" +- LDFLAGS="$LDFLAGS -L/usr/local/lib -R/usr/local/lib" + need_dash_r=1 AC_DEFINE(PAM_SUN_CODEBASE) AC_DEFINE(LOGIN_NEEDS_UTMPX) - AC_DEFINE(LOGIN_NEEDS_TERM) -@@ -518,6 +518,7 @@ +@@ -283,6 +281,9 @@ + ;; + esac - # Check whether user wants TCP wrappers support - TCPW_MSG="no" -+TCPW_LIB="" - AC_ARG_WITH(tcp-wrappers, - [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support - (optionally in PATH)], ++# pkgsrc handles any rpath settings this package needs ++need_dash_r= ++ + # Allow user to specify flags + AC_ARG_WITH(cflags, + [ --with-cflags Specify additional flags to pass to compiler], @@ -550,6 +551,8 @@ AC_MSG_CHECKING(for libwrap) AC_TRY_LINK( @@ -37,15 +30,18 @@ $NetBSD: patch-ab,v 1.6 2001/12/03 08:21:23 martti Exp $ #include <tcpd.h> int deny_severity = 0, allow_severity = 0; ], -@@ -558,6 +561,7 @@ +@@ -558,14 +561,18 @@ AC_MSG_RESULT(yes) AC_DEFINE(LIBWRAP) TCPW_MSG="yes" + TCPW_LIB="-lwrap" ], [ ++ TCPW_LIB="" AC_MSG_ERROR([*** libwrap missing]) -@@ -566,6 +570,7 @@ + ] + ) ++ LIBS="$saved_LIBS" fi ] ) @@ -53,3 +49,12 @@ $NetBSD: patch-ab,v 1.6 2001/12/03 08:21:23 martti Exp $ dnl Checks for library functions. AC_CHECK_FUNCS(arc4random atexit b64_ntop bcopy bindresvport_sa \ +@@ -2194,7 +2201,7 @@ + echo " User binaries: $B" + echo " System binaries: $C" + echo " Configuration files: $D" +-echo " Askpass program: $E" ++echo " Askpass program: ${ASKPASS_PROGRAM}" + echo " Manual pages: $F" + echo " PID file: $G" + echo " sshd default user PATH: $H" diff --git a/security/openssh/patches/patch-ah b/security/openssh/patches/patch-ah index 1785fd5e954..9273ba39db9 100644 --- a/security/openssh/patches/patch-ah +++ b/security/openssh/patches/patch-ah @@ -1,16 +1,8 @@ -$NetBSD: patch-ah,v 1.15 2001/12/03 08:21:23 martti Exp $ +$NetBSD: patch-ah,v 1.16 2002/02/05 04:17:32 jlam Exp $ ---- Makefile.in.orig Mon Nov 12 00:34:23 2001 -+++ Makefile.in Mon Dec 3 09:07:51 2001 -@@ -9,6 +9,7 @@ - mandir=@mandir@ - mansubdir=@mansubdir@ - sysconfdir=@sysconfdir@ -+examplesdir=@prefix@/share/examples/openssh - piddir=@piddir@ - srcdir=@srcdir@ - top_srcdir=@top_srcdir@ -@@ -16,7 +17,7 @@ +--- Makefile.in.orig Sun Nov 11 18:34:23 2001 ++++ Makefile.in +@@ -16,7 +16,7 @@ DESTDIR= VPATH=@srcdir@ SSH_PROGRAM=@bindir@/ssh @@ -19,31 +11,24 @@ $NetBSD: patch-ah,v 1.15 2001/12/03 08:21:23 martti Exp $ SFTP_SERVER=$(libexecdir)/sftp-server PATHS= -DETCDIR=\"$(sysconfdir)\" \ -@@ -30,6 +31,7 @@ +@@ -30,6 +30,7 @@ CFLAGS=@CFLAGS@ CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@ LIBS=@LIBS@ -+WRAP=@TCPW_LIB@ ++TCPW_LIB=@TCPW_LIB@ AR=@AR@ RANLIB=@RANLIB@ INSTALL=@INSTALL@ -@@ -98,7 +100,7 @@ +@@ -98,7 +99,7 @@ $(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) sshd$(EXEEXT): libssh.a $(LIBCOMPAT) $(SSHDOBJS) - $(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) -+ $(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(WRAP) $(LIBS) ++ $(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(TCPW_LIB) $(LIBS) scp$(EXEEXT): $(LIBCOMPAT) libssh.a scp.o $(LD) -o $@ scp.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) -@@ -176,13 +178,13 @@ - autoreconf - (cd scard && $(MAKE) -f Makefile.in distprep) - --install: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files host-key -+install: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files - install-nokeys: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files - +@@ -182,7 +183,7 @@ scard-install: (cd scard && $(MAKE) DESTDIR=$(DESTDIR) install) @@ -52,53 +37,3 @@ $NetBSD: patch-ah,v 1.15 2001/12/03 08:21:23 martti Exp $ $(srcdir)/mkinstalldirs $(DESTDIR)$(bindir) $(srcdir)/mkinstalldirs $(DESTDIR)$(sbindir) $(srcdir)/mkinstalldirs $(DESTDIR)$(mandir) -@@ -190,6 +192,7 @@ - $(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)/$(mansubdir)1 - $(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)/$(mansubdir)8 - $(srcdir)/mkinstalldirs $(DESTDIR)$(libexecdir) -+ $(srcdir)/mkinstalldirs $(DESTDIR)$(examplesdir) - $(INSTALL) -m $(SSH_MODE) -s ssh $(DESTDIR)$(bindir)/ssh - $(INSTALL) -m 0755 -s scp $(DESTDIR)$(bindir)/scp - $(INSTALL) -m 0755 -s ssh-add $(DESTDIR)$(bindir)/ssh-add -@@ -216,23 +219,11 @@ - if [ ! -d $(DESTDIR)$(sysconfdir) ]; then \ - $(srcdir)/mkinstalldirs $(DESTDIR)$(sysconfdir); \ - fi -- if [ ! -f $(DESTDIR)$(sysconfdir)/ssh_config ]; then \ -- $(INSTALL) -m 644 ssh_config.out $(DESTDIR)$(sysconfdir)/ssh_config; \ -- else \ -- echo "$(DESTDIR)$(sysconfdir)/ssh_config already exists, install will not overwrite"; \ -- fi -- if [ ! -f $(DESTDIR)$(sysconfdir)/sshd_config ]; then \ -- $(INSTALL) -m 644 sshd_config.out $(DESTDIR)$(sysconfdir)/sshd_config; \ -- else \ -- echo "$(DESTDIR)$(sysconfdir)/sshd_config already exists, install will not overwrite"; \ -- fi -+ $(INSTALL) -m 644 ssh_config.out $(DESTDIR)$(examplesdir)/ssh_config; \ -+ $(INSTALL) -m 644 sshd_config.out $(DESTDIR)$(examplesdir)/sshd_config; \ - if [ -f ssh_prng_cmds -a ! -z "$(INSTALL_SSH_PRNG_CMDS)" ]; then \ - $(PERL) $(srcdir)/fixprogs ssh_prng_cmds $(ENT); \ -- if [ ! -f $(DESTDIR)$(sysconfdir)/ssh_prng_cmds ] ; then \ -- $(INSTALL) -m 644 ssh_prng_cmds.out $(DESTDIR)$(sysconfdir)/ssh_prng_cmds; \ -- else \ -- echo "$(DESTDIR)$(sysconfdir)/ssh_prng_cmds already exists, install will not overwrite"; \ -- fi ; \ -+ $(INSTALL) -m 644 ssh_prng_cmds.out $(DESTDIR)$(examplesdir)/ssh_prng_cmds; \ - fi - if [ ! -f $(DESTDIR)$(sysconfdir)/moduli ]; then \ - if [ -f $(DESTDIR)$(sysconfdir)/primes ]; then \ -@@ -270,10 +261,10 @@ - ./ssh-keygen -t rsa -f $(DESTDIR)$(sysconfdir)/ssh_host_rsa_key -N "" - - uninstallall: uninstall -- -rm -f $(DESTDIR)$(sysconfdir)/ssh_config -- -rm -f $(DESTDIR)$(sysconfdir)/sshd_config -- -rm -f $(DESTDIR)$(sysconfdir)/ssh_prng_cmds -- -rmdir $(DESTDIR)$(sysconfdir) -+ -rm -f $(DESTDIR)$(examplesdir)/ssh_config -+ -rm -f $(DESTDIR)$(examplesdir)/sshd_config -+ -rm -f $(DESTDIR)$(examplesdir)/ssh_prng_cmds -+ -rmdir $(DESTDIR)$(examplesdir) - -rmdir $(DESTDIR)$(bindir) - -rmdir $(DESTDIR)$(sbindir) - -rmdir $(DESTDIR)$(mandir)/$(mansubdir)1 |