* SSH_CONF_DIR has been obsoleted. Use PKG_SYSCONFDIR instead.

* Build properly on systems that don't have /dev/urandom by testing for the presence of /dev/urandom, instead of just testing for Solaris. * Add disabled code to handle PAM (not quite working yet with security/PAM). * Make the sshd rc.d script more /etc/rc.subr-friendly. * Minimize amount of diffs from pristine OpenSSH sources.
2002-02-05 04:17:31 +00:00 · 2002-02-05 04:17:31 +00:00 · f0540167c0
commit f0540167c0
parent c47f6a256e
15 changed files with 255 additions and 399 deletions
--- a/security/openssh/DEINSTALL
+++ b/security/openssh/DEINSTALL
@ -1,18 +0,0 @@
-#! /bin/sh
-#
-# $NetBSD: DEINSTALL,v 1.1 2001/11/01 01:17:04 zuntum Exp $
-#
-
-case "$2" in
-	DEINSTALL) cat <<EOF
-
-=============================================================
-Note that ssh configuration, key, and random-seed files
-(@SSH_CONF_DIR@/ssh*_config) are not removed in the deinstallation
-process.  You should remove those by hand, if you no longer
-need them.
-=============================================================
-
-EOF
-	;;
-esac
--- a/security/openssh/INSTALL
+++ b/security/openssh/INSTALL
@ -1,68 +0,0 @@
-#!/bin/sh
-#
-# $NetBSD: INSTALL,v 1.1 2001/11/01 01:17:04 zuntum Exp $
-
-PKGNAME=$1
-STAGE=$2
-
-case ${STAGE} in
-PRE-INSTALL)
-	if ! dd if=/dev/urandom of=/dev/null bs=1 count=1 2>/dev/null >/dev/null
-	then
-		cat << EOF
-===========================================================================
-You need a working /dev/urandom for ${PKGNAME} to work.
-
-Please make sure you have a kernel compiled from a config file
-containing the line:
-
-	pseudo-device	rnd
-===========================================================================
-EOF
-		exit 1
-	fi
-	;;
-POST-INSTALL)
-	SSH_CONF_DIR=@SSH_CONF_DIR@
-	SSH_EXAMPLE_DIR=${PKG_PREFIX}/share/examples/openssh
-	INSTALL_DATA="@INSTALL_DATA@"
-
-	if [ ! -d ${SSH_CONF_DIR} ]
-	then
-		echo "Creating directory ${SSH_CONF_DIR} for ssh config files.."
-		@MKDIR@ ${SSH_CONF_DIR}
-	fi
-	for file in ssh_config sshd_config
-	do
-		if [ ! -f ${SSH_CONF_DIR}/${file} ]
-		then
-			echo "Installing example ${file} in ${SSH_CONF_DIR}.."
-			${INSTALL_DATA} ${SSH_EXAMPLE_DIR}/${file} \
-				${SSH_CONF_DIR}/${file}
-		fi
-	done
-	if [ ! -f ${SSH_CONF_DIR}/ssh_host_key ]
-	then
-		echo "Generating an RSA1 secret host key in ${SSH_CONF_DIR}.."
-		${PKG_PREFIX}/bin/ssh-keygen -t rsa1 -N "" \
-			-f ${SSH_CONF_DIR}/ssh_host_key
-	fi
-	if [ ! -f ${SSH_CONF_DIR}/ssh_host_rsa_key ]
-	then
-		echo "Generating an RSA secret host key in ${SSH_CONF_DIR}.."
-		${PKG_PREFIX}/bin/ssh-keygen -t rsa -N "" \
-			-f ${SSH_CONF_DIR}/ssh_host_rsa_key
-	fi
-	if [ ! -f ${SSH_CONF_DIR}/ssh_host_dsa_key ]
-	then
-		echo "Generating a DSA secret host key in ${SSH_CONF_DIR}.."
-		${PKG_PREFIX}/bin/ssh-keygen -t dsa -N "" \
-			-f ${SSH_CONF_DIR}/ssh_host_dsa_key
-	fi
-	;;
-*)
-	echo "Unexpected argument: ${STAGE}"
-	exit 1
-	;;
-esac
-exit 0
--- a/security/openssh/INSTALL.SunOS
+++ b/security/openssh/INSTALL.SunOS
@ -1,55 +0,0 @@
-#!/bin/sh
-#
-# $NetBSD: INSTALL.SunOS,v 1.2 2002/01/11 13:32:50 seb Exp $
-
-PKGNAME=$1
-STAGE=$2
-
-case ${STAGE} in
-PRE-INSTALL)
-	;;
-POST-INSTALL)
-	SSH_CONF_DIR=@SSH_CONF_DIR@
-	SSH_EXAMPLE_DIR=${PKG_PREFIX}/share/examples/openssh
-	INSTALL_DATA="@INSTALL_DATA@"
-
-	if [ ! -d ${SSH_CONF_DIR} ]
-	then
-		echo "Creating directory ${SSH_CONF_DIR} for ssh config files.."
-		@MKDIR@ ${SSH_CONF_DIR}
-	fi
-	cd ${SSH_EXAMPLE_DIR}
-	for file in ssh_config ssh_prng_cmds sshd_config
-	do
-		if [ -f ${file} ] && [ ! -f ${SSH_CONF_DIR}/${file} ]
-		then
-			echo "Installing example ${file} in ${SSH_CONF_DIR}.."
-			${INSTALL_DATA} ${file} \
-				${SSH_CONF_DIR}/${file}
-		fi
-	done
-	if [ ! -f ${SSH_CONF_DIR}/ssh_host_key ]
-	then
-		echo "Generating an RSA1 secret host key in ${SSH_CONF_DIR}.."
-		${PKG_PREFIX}/bin/ssh-keygen -t rsa1 -N "" \
-			-f ${SSH_CONF_DIR}/ssh_host_key
-	fi
-	if [ ! -f ${SSH_CONF_DIR}/ssh_host_rsa_key ]
-	then
-		echo "Generating a RSA secret host key in ${SSH_CONF_DIR}.."
-		${PKG_PREFIX}/bin/ssh-keygen -t rsa -N "" \
-			-f ${SSH_CONF_DIR}/ssh_host_rsa_key
-	fi
-	if [ ! -f ${SSH_CONF_DIR}/ssh_host_dsa_key ]
-	then
-		echo "Generating a DSA secret host key in ${SSH_CONF_DIR}.."
-		${PKG_PREFIX}/bin/ssh-keygen -t dsa -N "" \
-			-f ${SSH_CONF_DIR}/ssh_host_dsa_key
-	fi
-	;;
-*)
-	echo "Unexpected argument: ${STAGE}"
-	exit 1
-	;;
-esac
-exit 0
--- a/security/openssh/MESSAGE
+++ b/security/openssh/MESSAGE
@ -1,20 +1,11 @@
 ==========================================================================
-$NetBSD: MESSAGE,v 1.2 2001/12/05 17:03:56 wiz Exp $
+$NetBSD: MESSAGE,v 1.3 2002/02/05 04:17:31 jlam Exp $

-If "starter" configuration files were installed (in ${SSH_CONF_DIR})
-when the package was installed, be sure to examine them (and the man pages
-for ssh and sshd) to determine whether you want to make any changes.
+                           *===* NOTICE *===*

-Copies of the example configuration files are installed in
-${PREFIX}/share/examples/openssh, so those can still be used for reference
-after you have made changes to those installed in ${SSH_CONF_DIR}, or if
-you had existing configuration files, which would not be overwritten in
-the installation process.
+The config files for ${PKGNAME} must be located in:

-In general, you will want to set up /etc/rc.local to start sshd at boot
-time.  Something like the following should do the job:
-
-# Run sshd if installed and configured
-${PREFIX}/etc/rc.d/sshd
+	${PKG_SYSCONFDIR}

+and the example files are located in ${EGDIR}.
 ==========================================================================
--- a/security/openssh/MESSAGE.pam
+++ b/security/openssh/MESSAGE.pam
@ -0,0 +1,9 @@
+==========================================================================
+$NetBSD: MESSAGE.pam,v 1.1 2002/02/05 04:17:31 jlam Exp $
+
+To authenticate for SSH using PAM, add the contents of the file:
+
+	${EGDIR}/sshd.pam
+
+to your PAM configuration file.
+==========================================================================
--- a/security/openssh/MESSAGE.urandom
+++ b/security/openssh/MESSAGE.urandom
@ -0,0 +1,8 @@
+===========================================================================
+$NetBSD: MESSAGE.urandom,v 1.1 2002/02/05 04:17:31 jlam Exp $
+
+You will need a working /dev/urandom.  Please make sure you have a kernel
+compiled from a config file containing the line:
+
+	pseudo-device	rnd
+===========================================================================
--- a/security/openssh/Makefile
+++ b/security/openssh/Makefile
@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.60 2001/12/03 08:21:21 martti Exp $
+# $NetBSD: Makefile,v 1.61 2002/02/05 04:17:31 jlam Exp $

 DISTNAME=		openssh-3.0.2p1
 PKGNAME=		openssh-3.0.2.1
@ -24,12 +24,9 @@ CRYPTO=			yes
 # retain the following line, for IPv6-ready pkgsrc webpage 
 BUILD_DEFS+=		USE_INET6
 #BUILD_DEFS+=		KERBEROS
-BUILD_DEFS+=		SSH_CONF_DIR
+BUILD_DEFS+=		PKG_SYSCONFDIR
 BUILD_DEFS+=		SSH_SUID

-DEINSTALL_FILE=		${WRKDIR}/DEINSTALL
-INSTALL_FILE=		${WRKDIR}/INSTALL
-
 # matches what's in `Configure' (except sparc64 and alpha, see PR 10984)
 ONLY_FOR_PLATFORM=	NetBSD-*-arm32 NetBSD-*-i386 \
 			NetBSD-*-m68k NetBSD-*-mips NetBSD-*-mipseb \
@ -38,20 +35,38 @@ ONLY_FOR_PLATFORM=	NetBSD-*-arm32 NetBSD-*-i386 \

 .include "../../mk/bsd.prefs.mk"

-SSH_CONF_DIR?=		/etc
+INSTALL_TARGET=		install-nokeys
+PLIST_SRC=		# empty
+MESSAGE_SRC=		${.CURDIR}/MESSAGE

-MESSAGE_SUBST+=		SSH_CONF_DIR=${SSH_CONF_DIR}
+SSH_PID_DIR=		/var/run	# default directory for PID files
+SSH_PID_DIR.SunOS=	/etc		# Solaris doesn't have a /var/run
+
+.if defined(SSH_PID_DIR.${OPSYS})
+SSH_PID_DIR=		${SSH_PID_DIR.${OPSYS}}
+.endif

 USE_BUILDLINK_ONLY=	yes
 GNU_CONFIGURE=		yes
-CONFIGURE_ARGS+=	--sysconfdir=${SSH_CONF_DIR}
+CONFIGURE_ARGS+=	--sysconfdir=${PKG_SYSCONFDIR}
+CONFIGURE_ARGS+=	--with-pid-dir=${SSH_PID_DIR}
 CONFIGURE_ARGS+=	--with-ssl-dir=${BUILDLINK_DIR}
+CONFIGURE_ARGS+=	--with-tcp-wrappers=${BUILDLINK_DIR}
+
+# XXX: PAM authentication causes memory faults, and I haven't tracked down
+# XXX: why yet.  For the moment, disable PAM authentication.
+#
+#.if defined(USE_PAM)
+#.include "../../security/PAM/buildlink.mk"
+#CONFIGURE_ARGS+=	--with-pam
+#PLIST_SRC+=		${.CURDIR}/PLIST.pam
+#MESSAGE_SRC+=		${.CURDIR}/MESSAGE.pam
+#.endif

-.if ${OPSYS} == "NetBSD"
-CONFIGURE_ARGS+=	--with-tcp-wrappers
 # XXX: we have 4 args (4: sslen) to skeychallenge instead of 3
+#.if ${OPSYS} == "NetBSD"
 #CONFIGURE_ARGS+=	--with-skey=/usr
-.endif
+#.endif

 # XXX: <krb.h>
 #.if defined(KERBEROS)
@ -64,68 +79,59 @@ CONFIGURE_ARGS+=	--with-tcp-wrappers
 CONFIGURE_ARGS+=	--disable-suid-ssh
 .endif

-# Solaris normaly doesn't have a /var/run, thats why we put it in /etc
-.if (${OPSYS} == SunOS)
-CONFIGURE_ARGS+=	--with-pid-dir=/etc
-SSH_PID_DIR=		/etc
-.else
-SSH_PID_DIR=		/var/run
-.endif
-
 # The ssh-askpass program is in ${X11BASE}/bin or ${X11PREFIX}/bin depending
 # on if it's part of the X11 distribution, or if it's installed from pkgsrc
-# (security/ssh-askpass).  The configure process will lie about the compiled
-# location of the ssh-askpass program.  In reality, it uses what we give it
-# below.
+# (security/ssh-askpass).
 #
 .if exists(${X11BASE}/bin/ssh-askpass)
-MAKE_ENV+=		ASKPASS_PROGRAM=${X11BASE}/bin/ssh-askpass
+ASKPASS_PROGRAM=	${X11BASE}/bin/ssh-askpass
 .else
-MAKE_ENV+=		ASKPASS_PROGRAM=${X11PREFIX}/bin/ssh-askpass
+ASKPASS_PROGRAM=	${X11PREFIX}/bin/ssh-askpass
+.endif
+CONFIGURE_ENV+=		ASKPASS_PROGRAM=${ASKPASS_PROGRAM}
+MAKE_ENV+=		ASKPASS_PROGRAM=${ASKPASS_PROGRAM}
+
+CONFS=			ssh_config sshd_config
+SUPPS=			moduli
+
+.if exists(/dev/urandom)
+MESSAGE_SRC+=		${.CURDIR}/MESSAGE.urandom
+.else
+CONFIGURE_ARGS+=	--without-random
+CONFS+=			ssh_prng_cmds
+PLIST_SRC+=		${.CURDIR}/PLIST.prng
 .endif

-CHECK_FILES=	bin/slogin man/man1/slogin.1 \
-		share/examples/openssh/ssh_prng_cmds
-PLIST_SRC=	${WRKDIR}/PLIST_DYNAMIC
+EGDIR=			${PREFIX}/share/examples/${PKGBASE}
+CONF_FILES=		# empty
+.for FILE in ${CONFS}
+CONF_FILES+=		${EGDIR}/${FILE} ${PKG_SYSCONFDIR}/${FILE}
+.endfor
+SUPPORT_FILES=		# empty
+.for FILE in ${SUPPS}
+SUPPORT_FILES+=		${EGDIR}/${FILE} ${PKG_SYSCONFDIR}/${FILE}
+.endfor
+RCD_SCRIPTS=		sshd

-.if (${OPSYS} == SunOS)
-INSTALL_FILE=		${WRKDIR}/INSTALL.SunOS
-.endif
-
-#post-patch:
-#	cd ${WRKSRC} ; autoreconf --force
+PLIST_SRC+=		${.CURDIR}/PLIST
+FILES_SUBST+=		SSH_PID_DIR=${SSH_PID_DIR}
+MESSAGE_SUBST+=		EGDIR=${EGDIR}

 post-build:
-	for FILE in \
-		${PKGDIR}/DEINSTALL	\
-		${PKGDIR}/INSTALL	\
-		${PKGDIR}/INSTALL.SunOS	\
-		${FILESDIR}/sshd.sh;	\
-	do \
-		${SED}	-e 's#@SSH_CONF_DIR@#${SSH_CONF_DIR}#g' \
-			-e 's#@SSH_PID_DIR@#${SSH_PID_DIR}#g' \
-			-e 's#@MKDIR@#${MKDIR}#g' \
-			-e 's#@PREFIX@#${PREFIX}#g' \
-			-e 's#@INSTALL_DATA@#${INSTALL_DATA}#g' \
-			< $${FILE} > ${WRKDIR}/`basename $${FILE}`; \
-	done
-
-pre-install:
-	PKG_PREFIX=${PREFIX} ${SH} ${INSTALL_FILE} ${PKGNAME} PRE-INSTALL
+	@${SED} ${FILES_SUBST_SED} ${FILESDIR}/sshd.sh > ${WRKDIR}/sshd

 post-install:
-	${INSTALL_SCRIPT} ${WRKDIR}/sshd.sh ${PREFIX}/etc/rc.d/sshd
-	PKG_PREFIX=${PREFIX} ${SH} ${INSTALL_FILE} ${PKGNAME} POST-INSTALL
-	${CP} ${PKGDIR}/PLIST ${PLIST_SRC}
-	cd ${PREFIX}; \
-	for FILE in ${CHECK_FILES}; do \
-	  if [ ! -f $${FILE} ]; then \
-	    ${MV} ${PLIST_SRC} ${PLIST_SRC}.old; \
-	    ${GREP} -v "^$${FILE}" ${PLIST_SRC}.old >${PLIST_SRC}; \
-	    ${RM} ${PLIST_SRC}.old; \
-	  fi; \
+	${INSTALL_DATA_DIR} ${EGDIR}
+	cd ${WRKSRC}; for file in ${CONFS} ${SUPPS}; do			\
+		${INSTALL_DATA} $${file}.out ${EGDIR}/$${file};		\
 	done
+#.if defined(USE_PAM)
+#	${INSTALL_DATA} ${WRKSRC}/contrib/sshd.pam.freebsd ${EGDIR}/sshd.pam
+#.endif
+	${INSTALL_SCRIPT} ${WRKDIR}/sshd ${PREFIX}/etc/rc.d/sshd

 .include "../../devel/zlib/buildlink.mk"
 .include "../../security/openssl/buildlink.mk"
+.include "../../security/tcp_wrappers/buildlink.mk"
+.include "../../mk/bsd.pkg.install.mk"
 .include "../../mk/bsd.pkg.mk"
--- a/security/openssh/PLIST
+++ b/security/openssh/PLIST
@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.1 2001/11/01 01:17:04 zuntum Exp $
+@comment $NetBSD: PLIST,v 1.2 2002/02/05 04:17:31 jlam Exp $
 bin/scp
 bin/sftp
 bin/slogin
@ -20,7 +20,7 @@ man/man1/ssh.1
 man/man8/sftp-server.8
 man/man8/sshd.8
 sbin/sshd
+share/examples/openssh/moduli
 share/examples/openssh/ssh_config
-share/examples/openssh/ssh_prng_cmds
 share/examples/openssh/sshd_config
@dirrm share/examples/openssh
--- a/security/openssh/PLIST.pam
+++ b/security/openssh/PLIST.pam
@ -0,0 +1,2 @@
+@comment $NetBSD: PLIST.pam,v 1.1 2002/02/05 04:17:32 jlam Exp $
+share/examples/openssh/sshd.pam
--- a/security/openssh/PLIST.prng
+++ b/security/openssh/PLIST.prng
@ -0,0 +1,2 @@
+@comment $NetBSD: PLIST.prng,v 1.1 2002/02/05 04:17:32 jlam Exp $
+share/examples/openssh/ssh_prng_cmds
--- a/security/openssh/distinfo
+++ b/security/openssh/distinfo
@ -1,7 +1,7 @@
-$NetBSD: distinfo,v 1.8 2001/12/03 08:21:22 martti Exp $
+$NetBSD: distinfo,v 1.9 2002/02/05 04:17:32 jlam Exp $

 SHA1 (openssh-3.0.2p1.tar.gz) = c9a7e02936ace163ea58ec42e8e3f95df27fef2a
 Size (openssh-3.0.2p1.tar.gz) = 781092 bytes
-SHA1 (patch-aa) = 145bf76d30bb1869f58ce7509e2b2052f7423b1d
-SHA1 (patch-ab) = 38bd428ecad2ac22e116baf729f06a241e837acb
-SHA1 (patch-ah) = 0753da3a941094313a65e8e998fcc2a3434a6ae4
+SHA1 (patch-aa) = 275e035cbed29ec3e72d7b3c9290cec8068d742b
+SHA1 (patch-ab) = 271811fc88fbed42f22fa1dc503dc88953b5d76f
+SHA1 (patch-ah) = 0c75daaa11c6a6e32bce628b8f866008677f155f
--- a/security/openssh/files/sshd.sh
+++ b/security/openssh/files/sshd.sh
@ -1,56 +1,97 @@
 #!/bin/sh
 #
-# $NetBSD: sshd.sh,v 1.6 2001/10/19 09:42:08 veego Exp $
+# $NetBSD: sshd.sh,v 1.7 2002/02/05 04:17:32 jlam Exp $
 #
 # PROVIDE: sshd
 # REQUIRE: DAEMON LOGIN

+if [ -f /etc/rc.subr ]
+then
+	. /etc/rc.subr
+fi
+
 name="sshd"
+rcvar=$name
+command="@PREFIX@/sbin/${name}"
+keygen_command="@PREFIX@/bin/ssh-keygen"
 pidfile="@SSH_PID_DIR@/${name}.pid"
+required_files="@PKG_SYSCONFDIR@/sshd_config"
+extra_commands="keygen reload"

-command=${1:-start}
+sshd_keygen()
+{
+	(
+	umask 022
+	if [ -f @PKG_SYSCONFDIR@/ssh_host_key ]; then
+		@ECHO@ "You already have an RSA host key in @PKG_SYSCONFDIR@/ssh_host_key"
+		@ECHO@ "Skipping protocol version 1 RSA Key Generation"
+	else
+		${keygen_command} -t rsa1 -b 1024 -f @PKG_SYSCONFDIR@/ssh_host_key -N ''
+	fi

-case ${command} in
-start)
-	if [ ! -f @SSH_CONF_DIR@/ssh_host_key ]
-	then
-		@PREFIX@/bin/ssh-keygen -t rsa1 -N "" -f /etc/ssh_host_key
-	fi
-	if [ ! -f @SSH_CONF_DIR@/ssh_host_rsa_key ]
-	then
-		@PREFIX@/bin/ssh-keygen -t rsa -N "" -f /etc/ssh_host_rsa_key
-	fi
-	if [ ! -f @SSH_CONF_DIR@/ssh_host_dsa_key ]
-	then
-		@PREFIX@/bin/ssh-keygen -t dsa -N "" -f /etc/ssh_host_dsa_key
-	fi
-	if [ -x @PREFIX@/sbin/sshd -a -f @SSH_CONF_DIR@/sshd_config ]
-	then
-		echo "Starting ${name}."
-		@PREFIX@/sbin/sshd
-	fi
-	;;
-stop)
-	if [ -f ${pidfile} ]; then
-		pid=`head -1 ${pidfile}`
-		echo "Stopping ${name}."
-		kill -TERM ${pid}
+	if [ -f @PKG_SYSCONFDIR@/ssh_host_dsa_key ]; then
+		@ECHO@ "You already have a DSA host key in @PKG_SYSCONFDIR@/ssh_host_dsa_key"
+		@ECHO@ "Skipping protocol version 2 DSA Key Generation"
 	else
-		echo "${name} not running?"
+		${keygen_command} -t dsa -f @PKG_SYSCONFDIR@/ssh_host_dsa_key -N ''
 	fi
-	;;
-restart)
-	( $0 stop )
-	sleep 1
-	$0 start
-	;;
-status)
-	if [ -f ${pidfile} ]; then
-		pid=`head -1 ${pidfile}`
-		echo "${name} is running as pid ${pid}."
+
+	if [ -f @PKG_SYSCONFDIR@/ssh_host_rsa_key ]; then
+		@ECHO@ "You already have a RSA host key in @PKG_SYSCONFDIR@/ssh_host_rsa_key"
+		@ECHO@ "Skipping protocol version 2 RSA Key Generation"
 	else
-		echo "${name} is not running."
+		${keygen_command} -t rsa -f @PKG_SYSCONFDIR@/ssh_host_rsa_key -N ''
 	fi
-	;;
-esac
-exit 0
+	)
+}
+
+sshd_precmd()
+{
+	if [ ! -f @PKG_SYSCONFDIR@/ssh_host_key -o \
+	     ! -f @PKG_SYSCONFDIR@/ssh_host_dsa_key -o \
+	     ! -f @PKG_SYSCONFDIR@/ssh_host_rsa_key ]; then
+		$0 keygen
+	fi
+}
+
+keygen_cmd=sshd_keygen
+start_precmd=sshd_precmd
+
+if [ -f /etc/rc.subr ]
+then
+	load_rc_config $name
+	run_rc_command "$1"
+else
+	case ${1:-start} in
+	start)
+		if [ -x ${command} -a -f ${required_files} ]
+		then
+			@ECHO@ "Starting ${name}."
+			eval ${start_precmd}
+			eval ${command} ${sshd_flags} ${command_args}
+		fi
+		;;
+	stop)
+		if [ -f ${pidfile} ]; then
+			pid=`@HEAD@ -1 ${pidfile}`
+			@ECHO@ "Stopping ${name}."
+			kill -TERM ${pid}
+		else
+			@ECHO@ "${name} not running?"
+		fi
+		;;
+	restart)
+		( $0 stop )
+		sleep 1
+		$0 start
+		;;
+	status)
+		if [ -f ${pidfile} ]; then
+			pid=`@HEAD@ -1 ${pidfile}`
+			@ECHO@ "${name} is running as pid ${pid}."
+		else
+			@ECHO@ "${name} is not running."
+		fi
+		;;
+	esac
+fi
--- a/security/openssh/patches/patch-aa
+++ b/security/openssh/patches/patch-aa
@ -1,43 +1,27 @@
-$NetBSD: patch-aa,v 1.18 2001/12/03 08:21:22 martti Exp $
+$NetBSD: patch-aa,v 1.19 2002/02/05 04:17:32 jlam Exp $

--- configure.orig	Sun Dec  2 00:38:55 2001
-+++ configure	Mon Dec  3 08:41:49 2001
-@@ -3557,7 +3557,7 @@
- 
+--- configure.orig	Sat Dec  1 18:38:55 2001
+++ configure
+@@ -3587,8 +3587,6 @@
+ 	CFLAGS="$CFLAGS"
 	;;
- *-*-netbsd*)
-	need_dash_r=1
-+	#need_dash_r=1		# buildlink.mk
- 	;;
- *-*-freebsd*)
- 	check_for_libcrypt_later=1
-@@ -3589,7 +3589,7 @@
 *-*-solaris*)
- 	CPPFLAGS="$CPPFLAGS -I/usr/local/include"
- 	LDFLAGS="$LDFLAGS -L/usr/local/lib -R/usr/local/lib"
-	need_dash_r=1
-+	#need_dash_r=1		# buildlink.mk
+-	CPPFLAGS="$CPPFLAGS -I/usr/local/include"
+-	LDFLAGS="$LDFLAGS -L/usr/local/lib -R/usr/local/lib"
+ 	need_dash_r=1
 	cat >>confdefs.h <<\_ACEOF
 #define PAM_SUN_CODEBASE 1
- _ACEOF
-@@ -6216,6 +6216,7 @@
+@@ -4051,6 +4049,9 @@
+ 	;;
+ esac
 
- # Check whether user wants TCP wrappers support
- TCPW_MSG="no"
-+TCPW_LIB=""
+# pkgsrc handles any rpath settings this package needs
+need_dash_r=
+
+ # Allow user to specify flags
 
- # Check whether --with-tcp-wrappers or --without-tcp-wrappers was given.
- if test "${with_tcp_wrappers+set}" = set; then
-@@ -6252,6 +6253,8 @@
- #line 6252 "configure"
- #include "confdefs.h"
- 
-+#include <sys/cdefs.h>
-+#include <stdio.h>
- #include <tcpd.h>
- 					int deny_severity = 0, allow_severity = 0;
- 
-@@ -6289,6 +6292,7 @@
+ # Check whether --with-cflags or --without-cflags was given.
+@@ -6289,17 +6290,20 @@
 _ACEOF
 
 					TCPW_MSG="yes"
@ -45,19 +29,33 @@ $NetBSD: patch-aa,v 1.18 2001/12/03 08:21:22 martti Exp $
 
 else
   echo "$as_me: failed program was:" >&5
-@@ -6300,6 +6304,7 @@
+ cat conftest.$ac_ext >&5
+ 
+					TCPW_LIB=""
+ 					{ { echo "$as_me:6297: error: *** libwrap missing" >&5
+ echo "$as_me: error: *** libwrap missing" >&2;}
+    { (exit 1); exit 1; }; }
 
 fi
 rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
-+LIBS="$saved_LIBS"
+			LIBS="$saved_LIBS"
 		fi
 
 fi;
-@@ -15590,6 +15595,7 @@
+@@ -15590,6 +15594,7 @@
 s,@TEST_MINUS_S_SH@,$TEST_MINUS_S_SH,;t t
 s,@LOGIN_PROGRAM_FALLBACK@,$LOGIN_PROGRAM_FALLBACK,;t t
 s,@LD@,$LD,;t t
-+s,@TCPW_LIB@,$TCPW_LIB,g
+s,@TCPW_LIB@,$TCPW_LIB,;t t
 s,@NO_SFTP@,$NO_SFTP,;t t
 s,@rsh_path@,$rsh_path,;t t
 s,@xauth_path@,$xauth_path,;t t
+@@ -16069,7 +16074,7 @@
+ echo "                 User binaries: $B"
+ echo "               System binaries: $C"
+ echo "           Configuration files: $D"
+-echo "               Askpass program: $E"
+echo "               Askpass program: ${ASKPASS_PROGRAM}"
+ echo "                  Manual pages: $F"
+ echo "                      PID file: $G"
+ echo "        sshd default user PATH: $H"
--- a/security/openssh/patches/patch-ab
+++ b/security/openssh/patches/patch-ab
@ -1,33 +1,26 @@
-$NetBSD: patch-ab,v 1.6 2001/12/03 08:21:23 martti Exp $
+$NetBSD: patch-ab,v 1.7 2002/02/05 04:17:32 jlam Exp $

--- configure.ac.orig	Mon Dec  3 08:43:01 2001
-+++ configure.ac	Mon Dec  3 08:44:59 2001
-@@ -132,7 +132,7 @@
-         )
+--- configure.ac.orig	Sat Nov  3 14:09:33 2001
+++ configure.ac
+@@ -150,8 +150,6 @@
+ 	CFLAGS="$CFLAGS"
 	;;
- *-*-netbsd*)
-	need_dash_r=1
-+	#need_dash_r=1		# buildlink.mk
- 	;;
- *-*-freebsd*)
- 	check_for_libcrypt_later=1
-@@ -152,7 +152,7 @@
 *-*-solaris*)
- 	CPPFLAGS="$CPPFLAGS -I/usr/local/include"
- 	LDFLAGS="$LDFLAGS -L/usr/local/lib -R/usr/local/lib" 
-	need_dash_r=1
-+	#need_dash_r=1		# buildlink.mk
+-	CPPFLAGS="$CPPFLAGS -I/usr/local/include"
+-	LDFLAGS="$LDFLAGS -L/usr/local/lib -R/usr/local/lib" 
+ 	need_dash_r=1
 	AC_DEFINE(PAM_SUN_CODEBASE)
 	AC_DEFINE(LOGIN_NEEDS_UTMPX)
- 	AC_DEFINE(LOGIN_NEEDS_TERM)
-@@ -518,6 +518,7 @@
+@@ -283,6 +281,9 @@
+ 	;;
+ esac
 
- # Check whether user wants TCP wrappers support
- TCPW_MSG="no"
-+TCPW_LIB=""
- AC_ARG_WITH(tcp-wrappers,
- 	[  --with-tcp-wrappers[[=PATH]]      Enable tcpwrappers support
-                             (optionally in PATH)],
+# pkgsrc handles any rpath settings this package needs
+need_dash_r=
+
+ # Allow user to specify flags
+ AC_ARG_WITH(cflags,
+ 	[  --with-cflags           Specify additional flags to pass to compiler],
@@ -550,6 +551,8 @@
 			AC_MSG_CHECKING(for libwrap)
 			AC_TRY_LINK(
@ -37,15 +30,18 @@ $NetBSD: patch-ab,v 1.6 2001/12/03 08:21:23 martti Exp $
 #include <tcpd.h>
 					int deny_severity = 0, allow_severity = 0;
 				],
-@@ -558,6 +561,7 @@
+@@ -558,14 +561,18 @@
 					AC_MSG_RESULT(yes)
 					AC_DEFINE(LIBWRAP)
 					TCPW_MSG="yes"
 +					TCPW_LIB="-lwrap"
 				],
 				[
+					TCPW_LIB=""
 					AC_MSG_ERROR([*** libwrap missing])
-@@ -566,6 +570,7 @@
+ 				]
+ 			)
+			LIBS="$saved_LIBS"
 		fi
 	]
 )
@ -53,3 +49,12 @@ $NetBSD: patch-ab,v 1.6 2001/12/03 08:21:23 martti Exp $
 
 dnl    Checks for library functions.
 AC_CHECK_FUNCS(arc4random atexit b64_ntop bcopy bindresvport_sa \
+@@ -2194,7 +2201,7 @@
+ echo "                 User binaries: $B"
+ echo "               System binaries: $C"
+ echo "           Configuration files: $D"
+-echo "               Askpass program: $E"
+echo "               Askpass program: ${ASKPASS_PROGRAM}"
+ echo "                  Manual pages: $F"
+ echo "                      PID file: $G"
+ echo "        sshd default user PATH: $H"
--- a/security/openssh/patches/patch-ah
+++ b/security/openssh/patches/patch-ah
@ -1,16 +1,8 @@
-$NetBSD: patch-ah,v 1.15 2001/12/03 08:21:23 martti Exp $
+$NetBSD: patch-ah,v 1.16 2002/02/05 04:17:32 jlam Exp $

--- Makefile.in.orig	Mon Nov 12 00:34:23 2001
-+++ Makefile.in	Mon Dec  3 09:07:51 2001
-@@ -9,6 +9,7 @@
- mandir=@mandir@
- mansubdir=@mansubdir@
- sysconfdir=@sysconfdir@
-+examplesdir=@prefix@/share/examples/openssh
- piddir=@piddir@
- srcdir=@srcdir@
- top_srcdir=@top_srcdir@
-@@ -16,7 +17,7 @@
+--- Makefile.in.orig	Sun Nov 11 18:34:23 2001
+++ Makefile.in
+@@ -16,7 +16,7 @@
 DESTDIR=
 VPATH=@srcdir@
 SSH_PROGRAM=@bindir@/ssh
@ -19,31 +11,24 @@ $NetBSD: patch-ah,v 1.15 2001/12/03 08:21:23 martti Exp $
 SFTP_SERVER=$(libexecdir)/sftp-server
 
 PATHS= -DETCDIR=\"$(sysconfdir)\" \
-@@ -30,6 +31,7 @@
+@@ -30,6 +30,7 @@
 CFLAGS=@CFLAGS@
 CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@
 LIBS=@LIBS@
-+WRAP=@TCPW_LIB@
+TCPW_LIB=@TCPW_LIB@
 AR=@AR@
 RANLIB=@RANLIB@
 INSTALL=@INSTALL@
-@@ -98,7 +100,7 @@
+@@ -98,7 +99,7 @@
 	$(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
 
 sshd$(EXEEXT): libssh.a	$(LIBCOMPAT) $(SSHDOBJS)
 -	$(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
-+	$(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(WRAP) $(LIBS)
+	$(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(TCPW_LIB) $(LIBS)
 
 scp$(EXEEXT): $(LIBCOMPAT) libssh.a scp.o
 	$(LD) -o $@ scp.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
-@@ -176,13 +178,13 @@
- 	autoreconf
- 	(cd scard && $(MAKE) -f Makefile.in distprep)
- 
-install: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files host-key
-+install: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files
- install-nokeys: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files
- 
+@@ -182,7 +183,7 @@
 scard-install:
 	(cd scard && $(MAKE) DESTDIR=$(DESTDIR) install)
 
@ -52,53 +37,3 @@ $NetBSD: patch-ah,v 1.15 2001/12/03 08:21:23 martti Exp $
 	$(srcdir)/mkinstalldirs $(DESTDIR)$(bindir)
 	$(srcdir)/mkinstalldirs $(DESTDIR)$(sbindir)
 	$(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)
-@@ -190,6 +192,7 @@
- 	$(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)/$(mansubdir)1
- 	$(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)/$(mansubdir)8
- 	$(srcdir)/mkinstalldirs $(DESTDIR)$(libexecdir)
-+	$(srcdir)/mkinstalldirs $(DESTDIR)$(examplesdir)
- 	$(INSTALL) -m $(SSH_MODE) -s ssh $(DESTDIR)$(bindir)/ssh
- 	$(INSTALL) -m 0755 -s scp $(DESTDIR)$(bindir)/scp
- 	$(INSTALL) -m 0755 -s ssh-add $(DESTDIR)$(bindir)/ssh-add
-@@ -216,23 +219,11 @@
- 	if [ ! -d $(DESTDIR)$(sysconfdir) ]; then \
- 		$(srcdir)/mkinstalldirs $(DESTDIR)$(sysconfdir); \
- 	fi
-	if [ ! -f $(DESTDIR)$(sysconfdir)/ssh_config ]; then \
-		$(INSTALL) -m 644 ssh_config.out $(DESTDIR)$(sysconfdir)/ssh_config; \
-	else \
-		echo "$(DESTDIR)$(sysconfdir)/ssh_config already exists, install will not overwrite"; \
-	fi
-	if [ ! -f $(DESTDIR)$(sysconfdir)/sshd_config ]; then \
-		$(INSTALL) -m 644 sshd_config.out $(DESTDIR)$(sysconfdir)/sshd_config; \
-	else \
-		echo "$(DESTDIR)$(sysconfdir)/sshd_config already exists, install will not overwrite"; \
-	fi
-+	$(INSTALL) -m 644 ssh_config.out $(DESTDIR)$(examplesdir)/ssh_config; \
-+	$(INSTALL) -m 644 sshd_config.out $(DESTDIR)$(examplesdir)/sshd_config; \
- 	if [ -f ssh_prng_cmds -a ! -z "$(INSTALL_SSH_PRNG_CMDS)" ]; then \
- 		$(PERL) $(srcdir)/fixprogs ssh_prng_cmds $(ENT); \
-		if [ ! -f $(DESTDIR)$(sysconfdir)/ssh_prng_cmds ] ; then \
-			$(INSTALL) -m 644 ssh_prng_cmds.out $(DESTDIR)$(sysconfdir)/ssh_prng_cmds; \
-		else \
-			echo "$(DESTDIR)$(sysconfdir)/ssh_prng_cmds already exists, install will not overwrite"; \
-		fi ; \
-+		$(INSTALL) -m 644 ssh_prng_cmds.out $(DESTDIR)$(examplesdir)/ssh_prng_cmds; \
- 	fi
- 	if [ ! -f $(DESTDIR)$(sysconfdir)/moduli ]; then \
- 		if [ -f $(DESTDIR)$(sysconfdir)/primes ]; then \
-@@ -270,10 +261,10 @@
- 	./ssh-keygen -t rsa -f $(DESTDIR)$(sysconfdir)/ssh_host_rsa_key -N ""
- 
- uninstallall:	uninstall
-	-rm -f $(DESTDIR)$(sysconfdir)/ssh_config
-	-rm -f $(DESTDIR)$(sysconfdir)/sshd_config
-	-rm -f $(DESTDIR)$(sysconfdir)/ssh_prng_cmds
-	-rmdir $(DESTDIR)$(sysconfdir)
-+	-rm -f $(DESTDIR)$(examplesdir)/ssh_config
-+	-rm -f $(DESTDIR)$(examplesdir)/sshd_config
-+	-rm -f $(DESTDIR)$(examplesdir)/ssh_prng_cmds
-+	-rmdir $(DESTDIR)$(examplesdir)
- 	-rmdir $(DESTDIR)$(bindir)
- 	-rmdir $(DESTDIR)$(sbindir)
- 	-rmdir $(DESTDIR)$(mandir)/$(mansubdir)1