blob: 6be8f32ad17492fca4661e3fc89e39b0361bccd1 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
|
# $NetBSD: Makefile,v 1.207 2012/10/03 21:57:25 wiz Exp $
DISTNAME= openssh-5.8p2
PKGNAME= openssh-5.8.2
PKGREVISION= 6
SVR4_PKGNAME= ossh
CATEGORIES= security
MASTER_SITES= ftp://ftp.openssh.com/pub/OpenBSD/OpenSSH/portable/ \
ftp://ftp3.usa.openbsd.org/pub/OpenBSD/OpenSSH/portable/ \
ftp://gd.tuwien.ac.at/opsys/OpenBSD/OpenSSH/portable/ \
ftp://ftp.freenet.de/pub/ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/ \
ftp://ftp.jaist.ac.jp/pub/OpenBSD/OpenSSH/portable/ \
ftp://ftp.belnet.be/packages/openbsd/OpenSSH/portable/
# Don't delete the last entry -- it's there if the pkgsrc version is not
# up-to-date and the mirrors already removed the old distfile.
MAINTAINER= pkgsrc-users@NetBSD.org
HOMEPAGE= http://www.openssh.com/
COMMENT= Open Source Secure shell client and server (remote login program)
CONFLICTS= sftp-[0-9]*
CONFLICTS+= ssh-[0-9]* ssh6-[0-9]*
CONFLICTS+= ssh2-[0-9]* ssh2-nox11-[0-9]*
CONFLICTS+= openssh+gssapi-[0-9]*
CONFLICTS+= lsh>2.0
PKG_DESTDIR_SUPPORT= user-destdir
USE_TOOLS+= perl
CRYPTO= yes
# retain the following line, for IPv6-ready pkgsrc webpage
BUILD_DEFS+= IPV6_READY
PKG_GROUPS_VARS+= OPENSSH_GROUP
PKG_USERS_VARS+= OPENSSH_USER
BUILD_DEFS+= OPENSSH_CHROOT
BUILD_DEFS+= VARBASE
INSTALL_TARGET= install-nokeys
PLIST_SRC= # empty
.include "options.mk"
.if ${OPSYS} == "Interix"
# OpenSSH on Interix has some important caveats
MESSAGE_SRC= ${.CURDIR}/MESSAGE.Interix
BUILDLINK_PASSTHRU_DIRS+= /usr/local/lib/bind
CONFIGURE_ENV+= ac_cv_func_openpty=no
CONFIGURE_ENV+= ac_cv_type_struct_timespec=yes
CPPFLAGS+= -DIOV_MAX=16 # default is INT_MAX, way too large
.if exists(/usr/local/include/bind/resolv.h)
CPPFLAGS+= -I/usr/local/include/bind
BUILDLINK_PASSTHRU_DIRS+= /usr/local/include/bind
.elif exists(/usr/local/bind/include/resolv.h)
CPPFLAGS+= -I/usr/local/bind/include
BUILDLINK_PASSTHRU_DIRS+= /usr/local/bind/include
.endif
LDFLAGS+= -L/usr/local/lib/bind
LIBS+= -lbind -ldb -lcrypt
.else # not Interix
PKG_GROUPS= ${OPENSSH_GROUP}
PKG_USERS= ${OPENSSH_USER}:${OPENSSH_GROUP}
PKG_GECOS.${OPENSSH_USER}= sshd privsep pseudo-user
PKG_HOME.${OPENSSH_USER}= ${OPENSSH_CHROOT}
.endif
SSH_PID_DIR= ${VARBASE}/run # default directory for PID files
PKG_SYSCONFSUBDIR= ssh
GNU_CONFIGURE= yes
CONFIGURE_ARGS+= --with-mantype=man
CONFIGURE_ARGS+= --sysconfdir=${PKG_SYSCONFDIR:Q}
CONFIGURE_ARGS+= --with-pid-dir=${SSH_PID_DIR:Q}
CONFIGURE_ARGS+= --with-ssl-dir=${SSLBASE:Q}
CONFIGURE_ARGS+= --with-tcp-wrappers=${BUILDLINK_PREFIX.tcp_wrappers}
.if ${OPSYS} != "Interix"
CONFIGURE_ARGS+= --with-privsep-path=${OPENSSH_CHROOT:Q}
CONFIGURE_ARGS+= --with-privsep-user=${OPENSSH_USER:Q}
.endif
# pkgsrc already enforces a "secure" version of zlib via dependencies,
# so skip this bogus version check.
CONFIGURE_ARGS+= --without-zlib-version-check
# the openssh configure script finds and uses ${LD} if defined and
# defaults to ${CC} if not. we override LD here, since running the
# linker directly results in undefined symbols for obvious reasons.
#
CONFIGURE_ENV+= LD=${CC:Q}
# Enable S/Key support on NetBSD, Darwin, and Solaris.
.if (${OPSYS} == "NetBSD") || (${OPSYS} == "Darwin") || (${OPSYS} == "SunOS")
. include "../../security/skey/buildlink3.mk"
CONFIGURE_ARGS+= --with-skey=${BUILDLINK_PREFIX.skey}
.else
CONFIGURE_ARGS+= --without-skey
.endif
.if (${OPSYS} == "NetBSD")
. if exists(/usr/include/utmpx.h)
# if we have utmpx et al do not try to use login()
CONFIGURE_ARGS+= --disable-libutil
. endif
#
# NetBSD current after 2011/03/12 has incompatible strnvis(3) and
# prior version don't have it. So, disable use of strnvis(3) now.
#
CONFIGURE_ENV+= ac_cv_func_strnvis=no
.endif
.if (${OPSYS} == "SunOS") && (${OS_VERSION} == "5.8" || ${OS_VERSION} == "5.9")
CONFIGURE_ARGS+= --disable-utmp --disable-wtmp
.endif
.if ${OPSYS} == "Linux"
CONFIGURE_ARGS+= --enable-md5-password
.endif
# The ssh-askpass program is in ${X11BASE}/bin or ${X11PREFIX}/bin depending
# on if it's part of the X11 distribution, or if it's installed from pkgsrc
# (security/ssh-askpass).
#
.if exists(${X11BASE}/bin/ssh-askpass)
ASKPASS_PROGRAM= ${X11BASE}/bin/ssh-askpass
.else
ASKPASS_PROGRAM= ${X11PREFIX}/bin/ssh-askpass
.endif
CONFIGURE_ENV+= ASKPASS_PROGRAM=${ASKPASS_PROGRAM:Q}
MAKE_ENV+= ASKPASS_PROGRAM=${ASKPASS_PROGRAM:Q}
# do the same for xauth
.if exists(${X11BASE}/bin/xauth)
CONFIGURE_ARGS+= --with-xauth=${X11BASE}/bin/xauth
.else
CONFIGURE_ARGS+= --with-xauth=${X11PREFIX}/bin/xauth
.endif
CONFS= ssh_config sshd_config moduli
.if exists(/dev/urandom)
. if ${OPSYS} == "NetBSD"
MESSAGE_SRC+= ${.CURDIR}/MESSAGE.urandom
. endif
.else
CONFIGURE_ARGS+= --without-random
CONFS+= ssh_prng_cmds
PLIST_SRC+= ${.CURDIR}/PLIST.prng
.endif
EGDIR= ${PREFIX}/share/examples/${PKGBASE}
CONF_FILES= # empty
.for f in ${CONFS}
CONF_FILES+= ${EGDIR}/${f} ${PKG_SYSCONFDIR}/${f}
.endfor
OWN_DIRS= ${OPENSSH_CHROOT}
RCD_SCRIPTS= sshd
RCD_SCRIPT_SRC.sshd= ${WRKDIR}/sshd.sh
PLIST_SRC+= ${.CURDIR}/PLIST
FILES_SUBST+= SSH_PID_DIR=${SSH_PID_DIR:Q}
SUBST_CLASSES+= patch
SUBST_STAGE.patch= pre-configure
SUBST_FILES.patch= session.c
SUBST_SED.patch= -e '/channel_input_port_forward_request/s/0/ROOTUID/'
SUBST_MESSAGE.patch= More patch a file.
.include "../../devel/zlib/buildlink3.mk"
.include "../../security/openssl/buildlink3.mk"
.include "../../security/tcp_wrappers/buildlink3.mk"
.if !empty(PKG_OPTIONS:Mldap)
DOCDIR= ${PREFIX}/share/doc/openssh
INSTALLATION_DIRS+= ${DOCDIR}
pre-configure:
cd ${WRKSRC} && autoconf
.endif
#
# type of key "ecdsa" isn't always supported depends on OpenSSL.
#
post-configure:
if ${EGREP} -q '^\#define[ ]+OPENSSL_HAS_ECC' \
${WRKSRC}/config.h; then \
${SED} -e '/HAVE_ECDSA/s/.*//' \
${FILESDIR}/sshd.sh > ${WRKDIR}/sshd.sh; \
else \
${SED} -e '/HAVE_ECDSA_START/,/HAVE_ECDSA_STOP/d' \
${FILESDIR}/sshd.sh > ${WRKDIR}/sshd.sh; \
fi
post-install:
${INSTALL_DATA_DIR} ${DESTDIR}${EGDIR}
cd ${WRKSRC}; for file in ${CONFS}; do \
${INSTALL_DATA} $${file}.out ${DESTDIR}${EGDIR}/$${file}; \
done
.if !empty(PKG_OPTIONS:Mpam) && ${OPSYS} == "Linux"
${INSTALL_DATA} ${WRKSRC}/contrib/sshd.pam.generic \
${DESTDIR}${EGDIR}/sshd.pam
.endif
.if !empty(PKG_OPTIONS:Mldap)
${INSTALL_DATA} ${WRKSRC}/README.lpk \
${DESTDIR}${DOCDIR}
cd ${WRKSRC}; for file in ${LPK_CONFS}; do \
${INSTALL_DATA} $${file} ${DESTDIR}${EGDIR}/$${file}; \
done
.endif
.include "../../mk/bsd.pkg.mk"
|