kpriv/pkgsrc
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
pkgsrc/security/openssh/Makefile

157 lines
4.7 KiB
Makefile
Raw Normal View History

Remove CONFIGURE_ARGS for --mandir as this is now done for GNU_CONFIGURE.
2005-10-07 19:42:35 +02:00
# $NetBSD: Makefile,v 1.159 2005/10/07 17:42:35 reed Exp $
New openssh package [needs some cleanup] - it is not enabled by default (need to think what to do with the ssh conflict) - only tested under 1.4.1 so far
2000-01-17 06:34:32 +01:00
Update openssh to 4.2p1. This is from PR #31331. Thank you, Jason. Some changes different from patches provided in that PR are: - patch-aj, patch-aq, and patch-as not changed (they appeared to be identical to previous patches) - DragonFly support also added to configure script (patch-aa) because compilation failed due to missing crypt - and install-sysconf target removed from the installation target in Makefile.in (patch-ah). Just let the pkgsrc framework install this since it now will allow it to be removed correctly on deinstall. - use "pam" instead of "PAM" as option name in the post-install target. This removes patch-ai. This also now uses openssh-4.2p1-hpn11.diff patch. I didn't test with kerberos and hpn-patch options. I did test with PAM on Linux. (The PR reported that kerberos and hpn-patch options were tested for compiling.) I tested on NetBSD 2.0.2, Linux, and DragonFly. This includes two security fixes and several bug fixes and many improvemens. The changes are listed at http://www.mindrot.org/pipermail/openssh-unix-announce/2005-September/000083.html http://www.mindrot.org/pipermail/openssh-unix-announce/2005-May/000079.html TODO: get some of these patches committed upstream.
2005-09-21 20:07:09 +02:00
DISTNAME= openssh-4.2p1
PKGNAME= openssh-4.2.1
Be quiet pkglint: - Remove trailing white space from Makefile. - Add NetBSD Id to patch-aa and patch-ah.
2005-09-23 17:45:14 +02:00
PKGREVISION=
SVR4 packages have a limit of 9 chars for a package name. The automatic truncation in gensolpkg doesn't work for packages which have the same package name for the first 5-6 chars. e.g. amanda-server and amanda-client would be named amanda and amanda. Now, we add a SVR4_PKGNAME and use amacl for amanda-client and amase for amanda-server. All svr4 packages also have a vendor tag, so we have to reserve some chars for this tag, which is normaly 3 or 4 chars. Thats why we can only use 6 or 5 chars for SVR4_PKGNAME. I used 5 for all the packages, to give the vendor tag enough room. All p5-* packages and a few other packages have now a SVR4_PKGNAME.
2001-10-18 17:20:01 +02:00
SVR4_PKGNAME= ossh
New openssh package [needs some cleanup] - it is not enabled by default (need to think what to do with the ssh conflict) - only tested under 1.4.1 so far
2000-01-17 06:34:32 +01:00
CATEGORIES= security
move ftp.openssh.com to the top, as it's the only site which has the new distfile so far.
2003-09-17 01:06:22 +02:00
MASTER_SITES= ftp://ftp.openssh.com/pub/OpenBSD/OpenSSH/portable/ \
ftp://ftp7.usa.openbsd.org/pub/os/OpenBSD/OpenSSH/portable/ \
fix last
2003-04-22 11:50:01 +02:00
ftp://ftp.stealth.net/pub/mirrors/ftp.openssh.com/pub/OpenBSD/OpenSSH/portable/ \
add some faster mirrors to MASTER_SITES.
2003-04-10 22:20:55 +02:00
http://public.planetmirror.com.au/pub/OpenBSD/OpenSSH/portable/ \
ftp://gd.tuwien.ac.at/opsys/OpenBSD/OpenSSH/portable/ \
Put back MASTER_SITES.
2003-01-23 01:00:17 +01:00
ftp://ftp.openssh.com/pub/OpenBSD/OpenSSH/portable/old/
Add master site on ftp.openssh.com. Add note why we have both openssh.com entries.
2000-08-09 19:47:31 +02:00
# Don't delete the last entry -- it's there if the pkgsrc version is not
# up-to-date and the mirrors already removed the old distfile.
New openssh package [needs some cleanup] - it is not enabled by default (need to think what to do with the ssh conflict) - only tested under 1.4.1 so far
2000-01-17 06:34:32 +01:00
s/netbsd.org/NetBSD.org/
2003-07-18 00:50:55 +02:00
MAINTAINER= tech-pkg@NetBSD.org
correct homepage (www.openssh.org is not the official site!)
2000-03-07 13:02:35 +01:00
HOMEPAGE= http://www.openssh.com/
Update to new COMMENT style: COMMENT var in Makefile instead of pkg/COMMENT.
2001-02-17 18:42:09 +01:00
COMMENT= Open Source Secure shell client and server (remote login program)
New openssh package [needs some cleanup] - it is not enabled by default (need to think what to do with the ssh conflict) - only tested under 1.4.1 so far
2000-01-17 06:34:32 +01:00
Mechanical changes to 375 files to change dependency patterns of the form foo-* to foo-[0-9]*. This is to cause the dependencies to match only the packages whose base package name is "foo", and not those named "foo-bar". A concrete example is p5-Net-* matching p5-Net-DNS as well as p5-Net. Also change dependency examples in Packages.txt to reflect this.
2001-09-28 01:17:41 +02:00
CONFLICTS= sftp-[0-9]*
add CONFLICT with ssh2-nox11.
2004-07-25 14:36:03 +02:00
CONFLICTS+= ssh-[0-9]* ssh6-[0-9]*
CONFLICTS+= ssh2-[0-9]* ssh2-nox11-[0-9]*
Mark conflicts with openssh+gssapi.
2003-07-24 22:59:03 +02:00
CONFLICTS+= openssh+gssapi-[0-9]*
Add CONFLICTS with lsh (common man page).
2005-04-28 16:11:13 +02:00
CONFLICTS+= lsh>2.0
Add a CONFLICTS entry for sftp. Detected by pkgconflict.
2001-04-12 12:42:52 +02:00
Get rid of USE_PERL5. The new way to express needing the Perl executable around at either build-time or at run-time is: USE_TOOLS+= perl # build-time USE_TOOLS+= perl:run # run-time Also remove some places where perl5/buildlink3.mk was being included by a package Makefile, but all that the package wanted was the Perl executable.
2005-07-16 03:19:06 +02:00
USE_TOOLS+= perl
New openssh package [needs some cleanup] - it is not enabled by default (need to think what to do with the ssh conflict) - only tested under 1.4.1 so far
2000-01-17 06:34:32 +01:00
Reorganize crypto handling, as discussed on tech-pkg. Remove all RESTRICTED= variables that were predicated on former U.S. export regulations. Add CRYPTO=, as necessary, so it's still possible to exclude all crypto packages from a build by setting MKCRYPTO=no (but "lintpkgsrc -R" will no longer catch them). Specifically, - - All packages which set USE_SSL just lose their RESTRICTED variable, since MKCRYPTO responds to USE_SSL directly. - - realplayer7 and ns-flash keep their RESTRICTED, which is based on license terms, but also gain the CRYPTO variable. - - srp-client is now marked broken, since the distfile is evidently no longer available. On this, we're no worse off than before. [We haven't been mirroring the distfile, or testing the build!] - - isakmpd gets CRYPTO for RESTRICTED, but remains broken. - - crack loses all restrictions, as it does not evidently empower a user to utilize strong encryption (working definition: ability to encode a message that requires a secret key plus big number arithmetic to decode).
2000-09-09 21:40:14 +02:00
CRYPTO= yes
Drop trailing whitespace. Ok'ed by wiz.
2003-05-06 19:40:18 +02:00
# retain the following line, for IPv6-ready pkgsrc webpage
upgrade to 1.2.3. make it conflict with security/ssh6.
2000-03-26 16:36:24 +02:00
BUILD_DEFS+= USE_INET6
Replace MIRROR_DISTFILES and NO_CDROM with the more descriptive and more fine-grained NO_{BIN,SRC}_ON_{FTP,CDROM} definitions. MIRROR_DISTFILES and NO_CDROM are now dead.
2000-08-19 00:46:29 +02:00
* SSH_CONF_DIR has been obsoleted. Use PKG_SYSCONFDIR instead. * Build properly on systems that don't have /dev/urandom by testing for the presence of /dev/urandom, instead of just testing for Solaris. * Add disabled code to handle PAM (not quite working yet with security/PAM). * Make the sshd rc.d script more /etc/rc.subr-friendly. * Minimize amount of diffs from pristine OpenSSH sources.
2002-02-05 05:17:31 +01:00
INSTALL_TARGET= install-nokeys
PLIST_SRC= # empty
Noticed that the PAM +DISPLAY message was not displayed and extra pam file was not included in +CONTENTS. So moved the include of options.mk to after the PLIST_SRC and MESSAGE_SRC are defined as empty. (MESSAGE_SRC is redefined if Interix and if PAM PKG_OPTION was enabled then this still needs to be fixed.)
2005-05-25 21:37:18 +02:00
.include "options.mk"
nb5: Rework Interix support, based on work done by Interop Systems *before* a BSD-with-advertising license was added to their diffs, and other work done personally by me. sshd now works. Most permissions checks work properly. Privsep is off by default, and the sshd user is not created, on Interix until some problems with privsep are fixed (perhaps by abstracting the auth functionality out to openpam).
2005-03-08 00:29:49 +01:00
.if ${OPSYS} == "Interix"
MESSAGE file removed. As mentioned on tech-pkg in May, /etc/ssh.conf and /etc/sshd.conf is old (and I assume some configurations from there don't apply any more), user and group are not created automatically (only if PKG_CREATE_USERGROUP is at default YES), UsePrivilegeSeparation is the default, and seems to imply that openssh is insecure without it. Bump PKGREVISION. Change comment regarding MESSAGE.Interix. Removed unused MESSAGE_SUBST settings. Move one to the options.mk as it is for "pam" only.
2005-07-28 19:54:57 +02:00
# OpenSSH on Interix has some important caveats
nb5: Rework Interix support, based on work done by Interop Systems *before* a BSD-with-advertising license was added to their diffs, and other work done personally by me. sshd now works. Most permissions checks work properly. Privsep is off by default, and the sshd user is not created, on Interix until some problems with privsep are fixed (perhaps by abstracting the auth functionality out to openpam).
2005-03-08 00:29:49 +01:00
MESSAGE_SRC= ${.CURDIR}/MESSAGE.Interix
BUILDLINK_PASSTHRU_DIRS+= /usr/local/include/bind /usr/local/lib/bind
CONFIGURE_ENV+= ac_cv_func_openpty=no
CONFIGURE_ENV+= ac_cv_type_struct_timespec=yes
CPPFLAGS+= -I/usr/local/include/bind
LDFLAGS+= -L/usr/local/lib/bind
LIBS+= -lbind -ldb -lcrypt
.else # not Interix
The real user name in PKG_USERS does not need to be escaped with double backslashes anymore. A single backslash is enough. Changed the definition in all affected packages. For those that are not caught, an additional check is placed into bsd.pkginstall.mk.
2005-08-23 13:48:47 +02:00
PKG_USERS= ${OPENSSH_USER}:${OPENSSH_GROUP}:${OPENSSH_UID}:sshd\ privsep:${OPENSSH_CHROOT}:${NOLOGIN}
Add variables for openssh privilege separation to bsd.pkg.defaults.mk: OPENSSH_USER OPENSSH_UID OPENSSH_GROUP OPENSSH_GID OPENSSH_CHROOT Use these to automatically create user/group if they do not already exist. Assists platforms which do not have an 'sshd' user by default, while adding flexibility for NetBSD systems. Checked by Stoned Elipot <seb@netbsd.org>.
2002-08-31 12:08:59 +02:00
PKG_GROUPS= ${OPENSSH_GROUP}:${OPENSSH_GID}
nb5: Rework Interix support, based on work done by Interop Systems *before* a BSD-with-advertising license was added to their diffs, and other work done personally by me. sshd now works. Most permissions checks work properly. Privsep is off by default, and the sshd user is not created, on Interix until some problems with privsep are fixed (perhaps by abstracting the auth functionality out to openpam).
2005-03-08 00:29:49 +01:00
.endif
Convert to use bsd.options.mk with the following options: hpn-patch kerberos PAM (only Linux) The hpn-patch option uses the patch available in: http://www.psc.edu/networking/projects/hpn-ssh/ to enable high performance connections. Also use VARBASE intead of hardcoding /var. Bump PKGREVISION.
2004-11-25 20:25:28 +01:00
SSH_PID_DIR= ${VARBASE}/run # default directory for PID files
Add automatic ${VARIABLE} handling for MESSAGE files. Convert most MESSAGE files to new syntax (${VARIABLE} gets replaced, not @VARIABLE@, nor @@VARIABLE@@). By default, substitutions are done for LOCALBASE, PKGNAME, PREFIX, X11BASE, X11PREFIX; additional patterns can be added via MESSAGE_SUBST. Clean up some packages while I'm there; add RCS tags to most MESSAGEs. Remove some uninteresting MESSAGEs.
2001-01-29 12:34:21 +01:00
Back out previous and do it in a simpler way by setting PKG_SYSCONFSUBDIR (the subdirectory of ${PKG_SYSCONFBASE} where all of the config files for thii package will be found) to be "ssh".
2002-06-25 08:43:50 +02:00
PKG_SYSCONFSUBDIR= ssh
Add ability to update the in-tree OpenSSH directly from pkgsrc. This installs the binaries directly in /usr and places the manpages and example files in the correct hier(7) locations. We don't register installation in this case because the package database can't handle it. We deal with the ssh config files and directories as follows: NetBSD-1.5.* use /etc/ssh_config, /etc/sshd_config NetBSD-1.6 use /etc/ssh/ssh_config, /etc/ssh/sshd_config We also emit a warning in the MESSAGE file that /etc/ssh.conf and /etc/sshd.conf should be renamed in order to keep using them. Lastly, there is a new target "tarball" to generate a tarball of the installed files that might be used to install quickly on many machines, though it may be only of limited utility. These changes are only active if UPDATE_INTREE_OPENSSH is defined.
2002-06-28 19:10:16 +02:00
Instead of including bsd.pkg.install.mk directly in a package Makefile, have it be automatically included by bsd.pkg.mk if USE_PKGINSTALL is set to "YES". This enforces the requirement that bsd.pkg.install.mk be included at the end of a package Makefile. Idea suggested by Julio M. Merino Vidal <jmmv at menta.net>.
2003-01-28 23:03:00 +01:00
USE_PKGINSTALL= yes
Update openssh to 2.1.1p4. Package changes: * Factor out common post-install code from PLIST and package Makefile into files/INSTALL. * Enhance files/sshd.sh to handle start/stop/restart/status. * Check for usable installed version of OpenSSL. This bit possibly closes the following PRs: 10404, 10501, 10593 Changes from 2.1.1p3: * allow multiple whitespace but only one '=' between tokens * close can fail on AFS * allow leading whitespace in configuration files * Always create ~/.ssh with mode 700
2000-07-22 10:21:59 +02:00
GNU_CONFIGURE= yes
Force manual pages installation, because some systems like IRIX will install them like preformatted manual pages (cat). Reported by Georg Schwarz in PR pkg/24428.
2004-02-21 07:26:41 +01:00
CONFIGURE_ARGS+= --with-mantype=man
Back out previous and do it in a simpler way by setting PKG_SYSCONFSUBDIR (the subdirectory of ${PKG_SYSCONFBASE} where all of the config files for thii package will be found) to be "ssh".
2002-06-25 08:43:50 +02:00
CONFIGURE_ARGS+= --sysconfdir=${PKG_SYSCONFDIR}
* SSH_CONF_DIR has been obsoleted. Use PKG_SYSCONFDIR instead. * Build properly on systems that don't have /dev/urandom by testing for the presence of /dev/urandom, instead of just testing for Solaris. * Add disabled code to handle PAM (not quite working yet with security/PAM). * Make the sshd rc.d script more /etc/rc.subr-friendly. * Minimize amount of diffs from pristine OpenSSH sources.
2002-02-05 05:17:31 +01:00
CONFIGURE_ARGS+= --with-pid-dir=${SSH_PID_DIR}
Support building with S/Key support on Darwin, and move the check for libcrypt-before-libcrypto into a section that is protected by something we can set in the configure script (check_for_libcrypt_before). This should fix the latter part of pkg/18091 by grant beattie.
2002-08-28 06:55:18 +02:00
CONFIGURE_ARGS+= --with-ssl-dir=${SSLBASE}
CONFIGURE_ARGS+= --with-tcp-wrappers=${BUILDLINK_PREFIX.tcp_wrappers}
nb5: Rework Interix support, based on work done by Interop Systems *before* a BSD-with-advertising license was added to their diffs, and other work done personally by me. sshd now works. Most permissions checks work properly. Privsep is off by default, and the sshd user is not created, on Interix until some problems with privsep are fixed (perhaps by abstracting the auth functionality out to openpam).
2005-03-08 00:29:49 +01:00
.if ${OPSYS} != "Interix"
Add variables for openssh privilege separation to bsd.pkg.defaults.mk: OPENSSH_USER OPENSSH_UID OPENSSH_GROUP OPENSSH_GID OPENSSH_CHROOT Use these to automatically create user/group if they do not already exist. Assists platforms which do not have an 'sshd' user by default, while adding flexibility for NetBSD systems. Checked by Stoned Elipot <seb@netbsd.org>.
2002-08-31 12:08:59 +02:00
CONFIGURE_ARGS+= --with-privsep-path=${OPENSSH_CHROOT}
CONFIGURE_ARGS+= --with-privsep-user=${OPENSSH_USER}
nb5: Rework Interix support, based on work done by Interop Systems *before* a BSD-with-advertising license was added to their diffs, and other work done personally by me. sshd now works. Most permissions checks work properly. Privsep is off by default, and the sshd user is not created, on Interix until some problems with privsep are fixed (perhaps by abstracting the auth functionality out to openpam).
2005-03-08 00:29:49 +01:00
.endif
* SSH_CONF_DIR has been obsoleted. Use PKG_SYSCONFDIR instead. * Build properly on systems that don't have /dev/urandom by testing for the presence of /dev/urandom, instead of just testing for Solaris. * Add disabled code to handle PAM (not quite working yet with security/PAM). * Make the sshd rc.d script more /etc/rc.subr-friendly. * Minimize amount of diffs from pristine OpenSSH sources.
2002-02-05 05:17:31 +01:00
set LD=CC again for all platforms with an appropriate comment - I don't know why this didn't originally work as it should, but I've just tested it with gcc3 and Forte 8 on Solaris and I couldn't make it fail. fixes coredump problem on Solaris observed by some, and also PR pkg/23120 from Alex Gerasimoff. bump PKGREVISION to differentiate between broken and unbroken package.
2003-10-12 12:13:53 +02:00
# the openssh configure script finds and uses ${LD} if defined and
# defaults to ${CC} if not. we override LD here, since running the
# linker directly results in undefined symbols for obvious reasons.
#
Don't set LD=${CC} globally, but only pass it to CONFIGURE_ENV, which is the only relevant place that wants it.
2004-02-08 00:58:49 +01:00
CONFIGURE_ENV+= LD=${CC:Q}
On non-SunOS, bring back LD=${CC}
2003-09-23 22:53:52 +02:00
Fix up OpenSSH sources to allow building with S/Key support on NetBSD as well. Bump the PKGREVISION. XXX The right fix is to create a autoconf check for the number of args XXX that skeychallenge takes and do the right thing accordingly.
2004-04-28 06:00:17 +02:00
# Enable S/Key support on NetBSD, Darwin, and Solaris.
.if (${OPSYS} == "NetBSD") || (${OPSYS} == "Darwin") || (${OPSYS} == "SunOS")
Convert to bl3; update comments in Makefile.intree.
2004-04-26 01:36:52 +02:00
. include "../../security/skey/buildlink3.mk"
Support building with S/Key support on Darwin, and move the check for libcrypt-before-libcrypto into a section that is protected by something we can set in the configure script (check_for_libcrypt_before). This should fix the latter part of pkg/18091 by grant beattie.
2002-08-28 06:55:18 +02:00
CONFIGURE_ARGS+= --with-skey=${BUILDLINK_PREFIX.skey}
.else
CONFIGURE_ARGS+= --without-skey
Add skey support on Solaris.
2002-07-26 11:24:22 +02:00
.endif
Building with Kerberos 4 support doesn't work when using mit-krb5. Only allow building with Kerberos 4 support when using Heimdal and if the kerberosIV headers exist.
2004-04-28 05:54:08 +02:00
.if (${OPSYS} == "NetBSD") && exists(/usr/include/utmpx.h)
Add handling of utmpx/wtmpx on NetBSD-current. Bump PKGREVISION.
2004-04-27 14:30:23 +02:00
# if we have utmpx et al do not try to use login()
CONFIGURE_ARGS+= --disable-libutil
.endif
Building with Kerberos 4 support doesn't work when using mit-krb5. Only allow building with Kerberos 4 support when using Heimdal and if the kerberosIV headers exist.
2004-04-28 05:54:08 +02:00
.if (${OPSYS} == "SunOS") && (${OS_VERSION} == "5.8" || ${OS_VERSION} == "5.9")
Something in our framework interferes with configure disabling utmp/wtmp handling on Solaris >= 8 so do it explicitly.
2004-04-27 14:26:31 +02:00
CONFIGURE_ARGS+= --disable-utmp --disable-wtmp
.endif
Enable md5 passwords support in Linux. This closes PR pkg/25322 by Piotr Meyer.
2004-05-02 19:30:37 +02:00
.if ${OPSYS} == "Linux"
CONFIGURE_ARGS+= --enable-md5-password
.endif
Something in our framework interferes with configure disabling utmp/wtmp handling on Solaris >= 8 so do it explicitly.
2004-04-27 14:26:31 +02:00
The ssh-askpass program is in ${X11BASE}/bin or ${X11PREFIX}/bin depending on whether it's part of the X11 distribution or installed from pkgsrc. Use correct path depending on if ${X11BASE}/bin/ssh-askpass exists.
2000-09-05 11:43:02 +02:00
# The ssh-askpass program is in ${X11BASE}/bin or ${X11PREFIX}/bin depending
# on if it's part of the X11 distribution, or if it's installed from pkgsrc
* SSH_CONF_DIR has been obsoleted. Use PKG_SYSCONFDIR instead. * Build properly on systems that don't have /dev/urandom by testing for the presence of /dev/urandom, instead of just testing for Solaris. * Add disabled code to handle PAM (not quite working yet with security/PAM). * Make the sshd rc.d script more /etc/rc.subr-friendly. * Minimize amount of diffs from pristine OpenSSH sources.
2002-02-05 05:17:31 +01:00
# (security/ssh-askpass).
Set location of ssh-askpass to be ${X11PREFIX}/bin/ssh-askpass. Closes PR#10774.
2000-08-11 07:19:42 +02:00
#
The ssh-askpass program is in ${X11BASE}/bin or ${X11PREFIX}/bin depending on whether it's part of the X11 distribution or installed from pkgsrc. Use correct path depending on if ${X11BASE}/bin/ssh-askpass exists.
2000-09-05 11:43:02 +02:00
.if exists(${X11BASE}/bin/ssh-askpass)
* SSH_CONF_DIR has been obsoleted. Use PKG_SYSCONFDIR instead. * Build properly on systems that don't have /dev/urandom by testing for the presence of /dev/urandom, instead of just testing for Solaris. * Add disabled code to handle PAM (not quite working yet with security/PAM). * Make the sshd rc.d script more /etc/rc.subr-friendly. * Minimize amount of diffs from pristine OpenSSH sources.
2002-02-05 05:17:31 +01:00
ASKPASS_PROGRAM= ${X11BASE}/bin/ssh-askpass
The ssh-askpass program is in ${X11BASE}/bin or ${X11PREFIX}/bin depending on whether it's part of the X11 distribution or installed from pkgsrc. Use correct path depending on if ${X11BASE}/bin/ssh-askpass exists.
2000-09-05 11:43:02 +02:00
.else
* SSH_CONF_DIR has been obsoleted. Use PKG_SYSCONFDIR instead. * Build properly on systems that don't have /dev/urandom by testing for the presence of /dev/urandom, instead of just testing for Solaris. * Add disabled code to handle PAM (not quite working yet with security/PAM). * Make the sshd rc.d script more /etc/rc.subr-friendly. * Minimize amount of diffs from pristine OpenSSH sources.
2002-02-05 05:17:31 +01:00
ASKPASS_PROGRAM= ${X11PREFIX}/bin/ssh-askpass
The ssh-askpass program is in ${X11BASE}/bin or ${X11PREFIX}/bin depending on whether it's part of the X11 distribution or installed from pkgsrc. Use correct path depending on if ${X11BASE}/bin/ssh-askpass exists.
2000-09-05 11:43:02 +02:00
.endif
* SSH_CONF_DIR has been obsoleted. Use PKG_SYSCONFDIR instead. * Build properly on systems that don't have /dev/urandom by testing for the presence of /dev/urandom, instead of just testing for Solaris. * Add disabled code to handle PAM (not quite working yet with security/PAM). * Make the sshd rc.d script more /etc/rc.subr-friendly. * Minimize amount of diffs from pristine OpenSSH sources.
2002-02-05 05:17:31 +01:00
CONFIGURE_ENV+= ASKPASS_PROGRAM=${ASKPASS_PROGRAM}
MAKE_ENV+= ASKPASS_PROGRAM=${ASKPASS_PROGRAM}
Set location of ssh-askpass to be ${X11PREFIX}/bin/ssh-askpass. Closes PR#10774.
2000-08-11 07:19:42 +02:00
tell configure where to find xauth(1) so that X forwarding over ssh works when using pkgsrc X11. bump PKGREVISION.
2004-10-24 04:52:15 +02:00
# do the same for xauth
.if exists(${X11BASE}/bin/xauth)
CONFIGURE_ARGS+= --with-xauth=${X11BASE}/bin/xauth
.else
CONFIGURE_ARGS+= --with-xauth=${X11PREFIX}/bin/xauth
.endif
Merge CONF_FILES/SUPPORT_FILES and CONF_FILES_PERMS/SUPPORT_FILES_PERMS as the INSTALL and DEINSTALL scripts no longer distinguish between the two types of files. Drop SUPPORT_FILES{,_PERMS} and modify the packages in pkgsrc accordingly.
2005-08-19 20:12:36 +02:00
CONFS= ssh_config sshd_config moduli
Unify NetBSD and Solaris package lists and use dynamic modification.
2001-06-18 21:54:14 +02:00
* SSH_CONF_DIR has been obsoleted. Use PKG_SYSCONFDIR instead. * Build properly on systems that don't have /dev/urandom by testing for the presence of /dev/urandom, instead of just testing for Solaris. * Add disabled code to handle PAM (not quite working yet with security/PAM). * Make the sshd rc.d script more /etc/rc.subr-friendly. * Minimize amount of diffs from pristine OpenSSH sources.
2002-02-05 05:17:31 +01:00
.if exists(/dev/urandom)
Only use the NetBSD-specific MESSAGE.urandom for NetBSD. It says to use "pseudo-device rnd" kernel configuration. TODO: if the above instructions are fine for other operating systems with /dev/urandom then add.
2004-05-22 01:00:23 +02:00
. if ${OPSYS} == "NetBSD"
* SSH_CONF_DIR has been obsoleted. Use PKG_SYSCONFDIR instead. * Build properly on systems that don't have /dev/urandom by testing for the presence of /dev/urandom, instead of just testing for Solaris. * Add disabled code to handle PAM (not quite working yet with security/PAM). * Make the sshd rc.d script more /etc/rc.subr-friendly. * Minimize amount of diffs from pristine OpenSSH sources.
2002-02-05 05:17:31 +01:00
MESSAGE_SRC+= ${.CURDIR}/MESSAGE.urandom
Only use the NetBSD-specific MESSAGE.urandom for NetBSD. It says to use "pseudo-device rnd" kernel configuration. TODO: if the above instructions are fine for other operating systems with /dev/urandom then add.
2004-05-22 01:00:23 +02:00
. endif
* SSH_CONF_DIR has been obsoleted. Use PKG_SYSCONFDIR instead. * Build properly on systems that don't have /dev/urandom by testing for the presence of /dev/urandom, instead of just testing for Solaris. * Add disabled code to handle PAM (not quite working yet with security/PAM). * Make the sshd rc.d script more /etc/rc.subr-friendly. * Minimize amount of diffs from pristine OpenSSH sources.
2002-02-05 05:17:31 +01:00
.else
CONFIGURE_ARGS+= --without-random
CONFS+= ssh_prng_cmds
PLIST_SRC+= ${.CURDIR}/PLIST.prng
Make this package work under SunOS.
2001-01-10 17:05:52 +01:00
.endif
* SSH_CONF_DIR has been obsoleted. Use PKG_SYSCONFDIR instead. * Build properly on systems that don't have /dev/urandom by testing for the presence of /dev/urandom, instead of just testing for Solaris. * Add disabled code to handle PAM (not quite working yet with security/PAM). * Make the sshd rc.d script more /etc/rc.subr-friendly. * Minimize amount of diffs from pristine OpenSSH sources.
2002-02-05 05:17:31 +01:00
EGDIR= ${PREFIX}/share/examples/${PKGBASE}
CONF_FILES= # empty
.for FILE in ${CONFS}
Back out previous and do it in a simpler way by setting PKG_SYSCONFSUBDIR (the subdirectory of ${PKG_SYSCONFBASE} where all of the config files for thii package will be found) to be "ssh".
2002-06-25 08:43:50 +02:00
CONF_FILES+= ${EGDIR}/${FILE} ${PKG_SYSCONFDIR}/${FILE}
* SSH_CONF_DIR has been obsoleted. Use PKG_SYSCONFDIR instead. * Build properly on systems that don't have /dev/urandom by testing for the presence of /dev/urandom, instead of just testing for Solaris. * Add disabled code to handle PAM (not quite working yet with security/PAM). * Make the sshd rc.d script more /etc/rc.subr-friendly. * Minimize amount of diffs from pristine OpenSSH sources.
2002-02-05 05:17:31 +01:00
.endfor
Add variables for openssh privilege separation to bsd.pkg.defaults.mk: OPENSSH_USER OPENSSH_UID OPENSSH_GROUP OPENSSH_GID OPENSSH_CHROOT Use these to automatically create user/group if they do not already exist. Assists platforms which do not have an 'sshd' user by default, while adding flexibility for NetBSD systems. Checked by Stoned Elipot <seb@netbsd.org>.
2002-08-31 12:08:59 +02:00
OWN_DIRS= ${OPENSSH_CHROOT}
* SSH_CONF_DIR has been obsoleted. Use PKG_SYSCONFDIR instead. * Build properly on systems that don't have /dev/urandom by testing for the presence of /dev/urandom, instead of just testing for Solaris. * Add disabled code to handle PAM (not quite working yet with security/PAM). * Make the sshd rc.d script more /etc/rc.subr-friendly. * Minimize amount of diffs from pristine OpenSSH sources.
2002-02-05 05:17:31 +01:00
RCD_SCRIPTS= sshd
PLIST_SRC+= ${.CURDIR}/PLIST
FILES_SUBST+= SSH_PID_DIR=${SSH_PID_DIR}
Make this work more like the ssh package: - don't install setuid unless SSH_SUID=YES - use libwrap (--with-tcp-wrappers) on NetBSD I also want to fix S/Key support and Kerberos IV, so I've left some comments in Makefile for that.
2001-08-17 21:49:08 +02:00
Add definitions for DEINSTALL_EXTRA_TMPL and INSTALL_EXTRA_TMPL if USE_PKGINSTALL is "YES". bsd.pkg.install.mk will no longer automatically pick up a INSTALL/DEINSTALL script in the package directory and assume that you want it for the corresponding *_EXTRA_TMPL variable.
2003-08-31 00:51:11 +02:00
INSTALL_EXTRA_TMPL+= ${.CURDIR}/INSTALL
Building with Kerberos 4 support doesn't work when using mit-krb5. Only allow building with Kerberos 4 support when using Heimdal and if the kerberosIV headers exist.
2004-04-28 05:54:08 +02:00
.include "../../devel/zlib/buildlink3.mk"
.include "../../security/openssl/buildlink3.mk"
.include "../../security/tcp_wrappers/buildlink3.mk"
Clean this up, sync with the ssh package, and update to 1.2.2 (fixing PR 9304 by David Rankin <drankin@bohemians.lexington.ky.us>. Changes: 20000125 - Fix NULL pointer dereference in login.c. Fix from Andre Lucas <andre.lucas@dial.pipex.com> - Reorder PAM initialisation so it does not mess up lastlog. Reported by Andre Lucas <andre.lucas@dial.pipex.com> - Use preformatted manpages on SCO, report from Gary E. Miller <gem@rellim.com> - New URL for x11-ssh-askpass. - Fixpaths was missing /etc/ssh_known_hosts. Report from Jim Knoble <jmknoble@pobox.com> - Added 'DESTDIR' option to Makefile to ease package building. Patch from Jim Knoble <jmknoble@pobox.com> - Updated RPM spec files to use DESTDIR 20000124 - Pick up version 1.2.2 from OpenBSD CVS (no changes, just version number increment) 20000123 - OpenBSD CVS: - [packet.c] getsockname() requires initialized tolen; andy@guildsoftware.com - AIX patch from Matt Richards <v2matt@btv.ibm.com> and David Rankin <drankin@bohemians.lexington.ky.us> - Fix lastlog support, patch from Andre Lucas <andre.lucas@dial.pipex.com> 20000122 - Fix compilation of bsd-snprintf.c on Solaris, fix from Ben Taylor <bent@clark.net> - Merge preformatted manpage patch from Andre Lucas <andre.lucas@dial.pipex.com> - Make IPv4 use the default in RPM packages - Irix uses preformatted manpages - Missing htons() in bsd-bindresvport.c, fix from Holger Trapp <Holger.Trapp@Informatik.TU-Chemnitz.DE> - OpenBSD CVS updates: - [packet.c] use getpeername() in packet_connection_is_on_socket(), fixes sshd -i; from Holger.Trapp@Informatik.TU-Chemnitz.DE - [sshd.c] log with level log() not fatal() if peer behaves badly. - [readpass.c] instead of blocking SIGINT, catch it ourselves, so that we can clean the tty modes up and kill ourselves -- instead of our process group leader (scp, cvs, ...) going away and leaving us in noecho mode. people with cbreak shells never even noticed.. - [ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh.1 sshd.8] ie. -> i.e., 20000120 - Don't use getaddrinfo on AIX - Update to latest OpenBSD CVS: - [auth-rsa.c] - fix user/1056, sshd keeps restrictions; dbt@meat.net - [sshconnect.c] - disable agent fwding for proto 1.3, remove abuse of auth-rsa flags. - destroy keys earlier - split key exchange (kex) and user authentication (user-auth), ok: provos@ - [sshd.c] - no need for poll.h; from bright@wintelcom.net - disable agent fwding for proto 1.3, remove abuse of auth-rsa flags. - split key exchange (kex) and user authentication (user-auth), ok: provos@ - [sshd.c] - no need for poll.h; from bright@wintelcom.net - disable agent fwding for proto 1.3, remove abuse of auth-rsa flags. - split key exchange (kex) and user authentication (user-auth), ok: provos@ - Big manpage and config file cleanup from Andre Lucas <andre.lucas@dial.pipex.com> - Re-added latest (unmodified) OpenBSD manpages - Doc updates - NetBSD patch from David Rankin <drankin@bohemians.lexington.ky.us> and Christos Zoulas <christos@netbsd.org> 20000119 - SCO compile fixes from Gary E. Miller <gem@rellim.com> - Compile fix from Darren_Hall@progressive.com - Linux/glibc-2.1.2 takes a *long* time to look up names for AF_UNSPEC addresses using getaddrinfo(). Added a configure switch to make the default lookup mode AF_INET 20000118 - Fixed --with-pid-dir option - Makefile fix from Gary E. Miller <gem@rellim.com> - Compile fix for HPUX and Solaris from Andre Lucas <andre.lucas@dial.pipex.com>
2000-01-27 18:12:02 +01:00
post-install:
* SSH_CONF_DIR has been obsoleted. Use PKG_SYSCONFDIR instead. * Build properly on systems that don't have /dev/urandom by testing for the presence of /dev/urandom, instead of just testing for Solaris. * Add disabled code to handle PAM (not quite working yet with security/PAM). * Make the sshd rc.d script more /etc/rc.subr-friendly. * Minimize amount of diffs from pristine OpenSSH sources.
2002-02-05 05:17:31 +01:00
${INSTALL_DATA_DIR} ${EGDIR}
Merge CONF_FILES/SUPPORT_FILES and CONF_FILES_PERMS/SUPPORT_FILES_PERMS as the INSTALL and DEINSTALL scripts no longer distinguish between the two types of files. Drop SUPPORT_FILES{,_PERMS} and modify the packages in pkgsrc accordingly.
2005-08-19 20:12:36 +02:00
cd ${WRKSRC}; for file in ${CONFS}; do \
* SSH_CONF_DIR has been obsoleted. Use PKG_SYSCONFDIR instead. * Build properly on systems that don't have /dev/urandom by testing for the presence of /dev/urandom, instead of just testing for Solaris. * Add disabled code to handle PAM (not quite working yet with security/PAM). * Make the sshd rc.d script more /etc/rc.subr-friendly. * Minimize amount of diffs from pristine OpenSSH sources.
2002-02-05 05:17:31 +01:00
${INSTALL_DATA} $${file}.out ${EGDIR}/$${file}; \
Unify NetBSD and Solaris package lists and use dynamic modification.
2001-06-18 21:54:14 +02:00
done
Update openssh to 4.2p1. This is from PR #31331. Thank you, Jason. Some changes different from patches provided in that PR are: - patch-aj, patch-aq, and patch-as not changed (they appeared to be identical to previous patches) - DragonFly support also added to configure script (patch-aa) because compilation failed due to missing crypt - and install-sysconf target removed from the installation target in Makefile.in (patch-ah). Just let the pkgsrc framework install this since it now will allow it to be removed correctly on deinstall. - use "pam" instead of "PAM" as option name in the post-install target. This removes patch-ai. This also now uses openssh-4.2p1-hpn11.diff patch. I didn't test with kerberos and hpn-patch options. I did test with PAM on Linux. (The PR reported that kerberos and hpn-patch options were tested for compiling.) I tested on NetBSD 2.0.2, Linux, and DragonFly. This includes two security fixes and several bug fixes and many improvemens. The changes are listed at http://www.mindrot.org/pipermail/openssh-unix-announce/2005-September/000083.html http://www.mindrot.org/pipermail/openssh-unix-announce/2005-May/000079.html TODO: get some of these patches committed upstream.
2005-09-21 20:07:09 +02:00
.if !empty(PKG_OPTIONS:Mpam) && ${OPSYS} == "Linux"
The makefile had a comment saying PAM authentication causes memory faults, and haven't tracked down why yet. No allow PAM authentication if Linux (and USE_PAM is defined). This will close my 20846 PR from March 2003. Also, install the contrib/sshd.pam.generic file as the example sshd.pam instead of the FreeBSD version, but this okay since it was commented out in the first place. TODO: test the PAM support on other platforms and allow if USE_PAM is defined.
2004-05-22 00:54:43 +02:00
${INSTALL_DATA} ${WRKSRC}/contrib/sshd.pam.generic ${EGDIR}/sshd.pam
.endif
New openssh package [needs some cleanup] - it is not enabled by default (need to think what to do with the ssh conflict) - only tested under 1.4.1 so far
2000-01-17 06:34:32 +01:00
.include "../../mk/bsd.pkg.mk"
Reference in a new issue Copy permalink