summaryrefslogtreecommitdiff
path: root/security/ssh6/Makefile
blob: 6d76edc6a764a8fbb14db72351edf3d1b9edc706 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
# $NetBSD: Makefile,v 1.10 2001/01/29 11:34:42 wiz Exp $
# FreeBSD Id: Makefile,v 1.47 1997/11/10 22:04:42 dima Exp
#

# We do not upgrade to 1.2.28 and beyond, intentionally.  There was license
# change between 1.2.27 and 1.2.28, and the new license prohibits us from
# modifying/redistributing it.
#
DISTNAME=		ssh-1.2.27
PKGNAME=		ssh6-1.2.27
CATEGORIES=		security net
MASTER_SITES=		ftp://ftp.cs.hut.fi/pub/ssh/ \
			ftp://ftp.funet.fi/pub/unix/security/login/ssh/ \
			ftp://ftp.cert.dfn.de/pub/tools/net/ssh/
DISTFILES=		${DISTNAME}${EXTRACT_SUFX}

MAINTAINER=		packages@netbsd.org
HOMEPAGE=		http://www.cs.hut.fi/ssh/

CONFLICTS=		openssh-[0-9]* ssh-[0-9]*

CRYPTO=			YES
LICENSE=		no-commercial-use
USE_RSAREF2=		NO

EXTRACT_ONLY=		${DISTNAME}${EXTRACT_SUFX}
CFLAGS=			-O2
GNU_CONFIGURE=		YES

.include "../../mk/bsd.prefs.mk"

# Use SSH_CONF_DIR from /etc/mk.conf, if defined; otherwise default to /etc
SSH_CONF_DIR?=		/etc

CONFIGURE_ARGS+=	--with-etcdir=${SSH_CONF_DIR} --with-libwrap

#Uncomment if all your users are in their own group and their homedir
#is writeable by that group.  Beware the security implications!
#CONFIGURE_ARGS+=	--enable-group-writeability

#Uncomment if you want to allow ssh to emulate an unencrypted rsh connection
#over a secure medium.  This is normally dangerous since it can lead to the
#disclosure keys and passwords.
#CONFIGURE_ARGS+=	--with-none

.if defined(USE_RSAREF2) && ${USE_RSAREF2} == YES
DEPENDS+=		rsaref-2.0p3:../../security/rsaref
CONFIGURE_ARGS+=	--with-rsaref="${LOCALBASE}/lib"
CONFIGURE_ENV+=		LDFLAGS="-Wl,-R${LOCALBASE}/lib"
CFLAGS+=		-I${LOCALBASE}/include
.endif

# Include support for the SecureID card
# Warning: untested !
.if defined(USE_SECUREID) && ${USE_SECUREID} == YES
CONFIGURE_ARGS+=	--with-secureid
.endif

# If rsh is elsewhere to /usr/bin/rsh
.if defined(SSH_RSHPATH)
CONFIGURE_ARGS+=       --with-rsh=${SSH_RSHPATH}
.endif

# By default, use IDEA.  IDEA can be freely used for non-commercial use.
# However, commercial use may require a license in a number of countries.
#
USE_IDEA?=		YES

# Handle deprecated option SSH_DONT_USE_IDEA.
#
.if defined(SSH_DONT_USE_IDEA) && ${SSH_DONT_USE_IDEA} == YES
USE_IDEA=		NO
.endif

.if ${USE_IDEA} != "YES"
CONFIGURE_ARGS+=	--without-idea
.endif

# Include SOCKS firewall support
.if defined(USE_SOCKS) && (${USE_SOCKS} == 4 || ${USE_SOCKS} == 5)
BROKEN=			SOCKS support currently unavailable
CONFIGURE_ARGS+= 	--with-socks${USE_SOCKS}="-L${LOCALBASE}/lib -lsocks${USE_SOCKS}"
CFLAGS+=	 	-I${LOCALBASE}/include
.if ${USE_SOCKS} == 4
DEPENDS+=		socks4-2.2:../../net/socks4
.else
DEPENDS+=		socks5-1.0.2:../../net/socks5
.endif
.endif

# The original Kerberos v4 patches were fetched from
# http://www.monkey.org/~dugsong/ssh-afs/
# PATCH_SITES+=		ftp://ftp.monkey.org/pub/users/dugsong/
# PATCHFILES+=		ssh-1.2.27-afs-kerberos.patch-1
# MD5 (ssh-1.2.27-afs-kerberos.patch-1) = d440f74958d9c3805b76dbc13e97e87d

.if defined(KERBEROS) && ${KERBEROS} == 4
USE_KERBEROS=		yes
CONFIGURE_ARGS+=	--with-krb4=/usr
.endif

# XXX KERBEROS 5 SUPPORT BROKEN WITH HEIMDAL
#.if defined(KERBEROS) && ${KERBEROS} == 5
#USE_KERBEROS=	yes
#CONFIGURE_ARGS+=--with-krb5=/usr
#.else
#CONFIGURE_ARGS+=--without-krb5
#.endif

# Find X11 libraries with xpkgwedge
.if defined(USE_LOCALBASE_FOR_X11)
CONFIGURE_ARGS+=	--x-libraries=${X11BASE}/lib --x-includes=${X11BASE}/include
.endif

# Enable support for TIS authentication server
.if defined(USE_TIS) && ${USE_TIS} == YES
CONFIGURE_ARGS+=	--with-tis=${LOCALBASE}
.endif

# Don't install "ssh" setuid
.if !defined(SSH_SUID) || ${SSH_SUID} != YES
CONFIGURE_ARGS+=	--disable-suid-ssh
.endif

# Make libwrap also compare against forwards (off by default)
.if defined(LIBWRAP_FWD) && ${LIBWRAP_FWD} == YES
CFLAGS+=		-DLIBWRAP_FWD
.endif

# The original IPv6 patches were fetched from
# PATCH_SITES+=		ftp://ftp.kyoto.wide.ad.jp/IPv6/ssh/
# PATCHFILES+=		ssh-1.2.27-IPv6-1.5-patch.gz
# MD5 (ssh-1.2.27-IPv6-1.5-patch.gz) = b854131fe8aa025abeef32cecfe1b037

.if defined(USE_INET6) && ${USE_INET6} == YES
CONFIGURE_ARGS+=	--enable-ipv6
.else
CONFIGURE_ARGS+=	--disable-ipv6
.endif

# be more effective on M68060 machines
.if defined(M68060)
CONFIGURE_ARGS+=	--disable-asm
CFLAGS+=		-m68060
.endif

DEINSTALL_FILE=	${WRKDIR}/DEINSTALL
PLIST_SRC=	${WRKDIR}/PLIST
MESSAGE_SUBST+=	SSH_CONF_DIR=${SSH_CONF_DIR}

pre-patch:
	@${MV} -f ${WRKSRC}/make-ssh-known-hosts.pl \
	    ${WRKSRC}/make-ssh-known-hosts.pl.in
	@# SSH DES and AFS/Kerberos DES conflict.
	@${MV} -f ${WRKSRC}/des.h ${WRKSRC}/ssh-des.h

fetch-depends:
.if !defined(USE_RSAREF2) || ${USE_RSAREF2} != YES && ${USE_RSAREF2} != NO
	@${ECHO}
	@${ECHO} The variable USE_RSAREF2 must be set to either YES or NO
	@${ECHO} in order to build this package.  USA residents that are
	@${ECHO} not licensees of the RSA algorithm MUST set this variable
	@${ECHO} to YES.  Users outside the USA MUST set this variable to
	@${ECHO} NO.  Licensees may choose -- NO is faster.
	@${ECHO}
	@${ECHO} You may also want to set USE_IDEA to NO if this program
	@${ECHO} will be used for a commercial purpose.  There are other
	@${ECHO} configure options\; look at the pkg Makefile for more info.
	@${FALSE}
.endif

post-patch:
	@# Make sure that "automake" is never run.
	@${FIND} ${WRKSRC} -name Makefile.in -print | xargs ${TOUCH} ${TOUCH_FLAGS}

post-build:
	@cd ${PKGDIR}; \
	for FILE in DEINSTALL PLIST ${FILESDIR}/sshd.sh; do \
	  ${SED} -e 's#@SSH_CONF_DIR@#${SSH_CONF_DIR}#g' \
	    -e 's#@PREFIX@#${PREFIX}#g' \
	    <$${FILE} >${WRKDIR}/`basename $${FILE}`; \
	done
	@if [ -x ${WRKSRC}/ssh-askpass ]; then \
	  ${ECHO} bin/ssh-askpass >>${PLIST_SRC}; \
	  ${ECHO} bin/ssh-askpass1 >>${PLIST_SRC}; \
	fi

post-install:
	@${MKDIR} ${PREFIX}/share/examples/ssh
	@${MKDIR} ${WRKDIR}${SSH_CONF_DIR}
	(cd ${WRKSRC}; ${SETENV} ${MAKE_ENV} ${MAKE_PROGRAM} ${MAKE_FLAGS} \
		-f ${MAKEFILE} install_prefix=${WRKDIR} install-configs)
	${INSTALL_DATA} ${WRKDIR}${SSH_CONF_DIR}/ssh_config \
		${WRKDIR}${SSH_CONF_DIR}/sshd_config ${PREFIX}/share/examples/ssh
	@${RM} -rf ${WRKDIR}${SSH_CONF_DIR}
	@if [ ! -f ${SSH_CONF_DIR}/ssh_host_key ]; then \
		${ECHO} "Generating a secret host key..."; \
		${PREFIX}/bin/ssh-keygen \
			-f ${SSH_CONF_DIR}/ssh_host_key -N ""; \
	fi
	${INSTALL_SCRIPT} ${WRKDIR}/sshd.sh ${PREFIX}/etc/rc.d/sshd

BUILD_DEFS+=		USE_IDEA SSH_CONF_DIR SSH_SUID USE_RSAREF2
BUILD_DEFS+=		LIBWRAP_FWD M68060 USE_SOCKS USE_INET6

.include "../../mk/bsd.pkg.mk"