202 lines
5.9 KiB
Makefile
202 lines
5.9 KiB
Makefile
# $NetBSD: Makefile,v 1.222 2014/10/09 13:44:53 wiz Exp $
|
|
|
|
DISTNAME= openssh-6.6p1
|
|
PKGNAME= openssh-6.6.1
|
|
PKGREVISION= 3
|
|
CATEGORIES= security
|
|
MASTER_SITES= ftp://ftp.openssh.com/pub/OpenBSD/OpenSSH/portable/ \
|
|
ftp://ftp3.usa.openbsd.org/pub/OpenBSD/OpenSSH/portable/ \
|
|
ftp://gd.tuwien.ac.at/opsys/OpenBSD/OpenSSH/portable/ \
|
|
ftp://ftp.freenet.de/pub/ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/ \
|
|
ftp://ftp.jaist.ac.jp/pub/OpenBSD/OpenSSH/portable/ \
|
|
ftp://ftp.belnet.be/packages/openbsd/OpenSSH/portable/
|
|
# Don't delete the last entry -- it's there if the pkgsrc version is not
|
|
# up-to-date and the mirrors already removed the old distfile.
|
|
|
|
MAINTAINER= pkgsrc-users@NetBSD.org
|
|
HOMEPAGE= http://www.openssh.com/
|
|
COMMENT= Open Source Secure shell client and server (remote login program)
|
|
|
|
CONFLICTS= sftp-[0-9]*
|
|
CONFLICTS+= ssh-[0-9]* ssh6-[0-9]*
|
|
CONFLICTS+= ssh2-[0-9]* ssh2-nox11-[0-9]*
|
|
CONFLICTS+= openssh+gssapi-[0-9]*
|
|
CONFLICTS+= lsh>2.0
|
|
|
|
USE_GCC_RUNTIME= yes
|
|
USE_TOOLS+= perl
|
|
|
|
CRYPTO= yes
|
|
|
|
# retain the following line, for IPv6-ready pkgsrc webpage
|
|
BUILD_DEFS+= IPV6_READY
|
|
|
|
PKG_GROUPS_VARS+= OPENSSH_GROUP
|
|
PKG_USERS_VARS+= OPENSSH_USER
|
|
BUILD_DEFS+= OPENSSH_CHROOT
|
|
BUILD_DEFS+= VARBASE
|
|
|
|
INSTALL_TARGET= install-nokeys
|
|
|
|
.include "options.mk"
|
|
|
|
.if ${OPSYS} == "Interix"
|
|
|
|
# OpenSSH on Interix has some important caveats
|
|
MESSAGE_SRC= ${.CURDIR}/MESSAGE.Interix
|
|
BUILDLINK_PASSTHRU_DIRS+= /usr/local/lib/bind
|
|
CONFIGURE_ENV+= ac_cv_func_openpty=no
|
|
CONFIGURE_ENV+= ac_cv_type_struct_timespec=yes
|
|
CPPFLAGS+= -DIOV_MAX=16 # default is INT_MAX, way too large
|
|
.if exists(/usr/local/include/bind/resolv.h)
|
|
CPPFLAGS+= -I/usr/local/include/bind
|
|
BUILDLINK_PASSTHRU_DIRS+= /usr/local/include/bind
|
|
.elif exists(/usr/local/bind/include/resolv.h)
|
|
CPPFLAGS+= -I/usr/local/bind/include
|
|
BUILDLINK_PASSTHRU_DIRS+= /usr/local/bind/include
|
|
.endif
|
|
LDFLAGS+= -L/usr/local/lib/bind
|
|
LIBS+= -lbind -ldb -lcrypt
|
|
|
|
.else # not Interix
|
|
|
|
PKG_GROUPS= ${OPENSSH_GROUP}
|
|
PKG_USERS= ${OPENSSH_USER}:${OPENSSH_GROUP}
|
|
|
|
PKG_GECOS.${OPENSSH_USER}= sshd privsep pseudo-user
|
|
PKG_HOME.${OPENSSH_USER}= ${OPENSSH_CHROOT}
|
|
|
|
.endif
|
|
|
|
SSH_PID_DIR= ${VARBASE}/run # default directory for PID files
|
|
|
|
PKG_SYSCONFSUBDIR= ssh
|
|
|
|
GNU_CONFIGURE= yes
|
|
CONFIGURE_ARGS+= --with-mantype=man
|
|
CONFIGURE_ARGS+= --sysconfdir=${PKG_SYSCONFDIR:Q}
|
|
CONFIGURE_ARGS+= --with-pid-dir=${SSH_PID_DIR:Q}
|
|
CONFIGURE_ARGS+= --with-ssl-dir=${SSLBASE:Q}
|
|
CONFIGURE_ARGS+= --with-tcp-wrappers=${BUILDLINK_PREFIX.tcp_wrappers}
|
|
|
|
.if ${OPSYS} != "Interix"
|
|
CONFIGURE_ARGS+= --with-privsep-path=${OPENSSH_CHROOT:Q}
|
|
CONFIGURE_ARGS+= --with-privsep-user=${OPENSSH_USER:Q}
|
|
.endif
|
|
|
|
# pkgsrc already enforces a "secure" version of zlib via dependencies,
|
|
# so skip this bogus version check.
|
|
CONFIGURE_ARGS+= --without-zlib-version-check
|
|
|
|
# the openssh configure script finds and uses ${LD} if defined and
|
|
# defaults to ${CC} if not. we override LD here, since running the
|
|
# linker directly results in undefined symbols for obvious reasons.
|
|
#
|
|
CONFIGURE_ENV+= LD=${CC:Q}
|
|
|
|
# Enable S/Key support on NetBSD, Darwin, and Solaris.
|
|
.if (${OPSYS} == "NetBSD") || (${OPSYS} == "Darwin") || (${OPSYS} == "SunOS")
|
|
. include "../../security/skey/buildlink3.mk"
|
|
CONFIGURE_ARGS+= --with-skey=${BUILDLINK_PREFIX.skey}
|
|
.else
|
|
CONFIGURE_ARGS+= --without-skey
|
|
.endif
|
|
|
|
.if (${OPSYS} == "NetBSD")
|
|
. if exists(/usr/include/utmpx.h)
|
|
# if we have utmpx et al do not try to use login()
|
|
CONFIGURE_ARGS+= --disable-libutil
|
|
. endif
|
|
#
|
|
# NetBSD current after 2011/03/12 has incompatible strnvis(3) and
|
|
# prior version don't have it. So, disable use of strnvis(3) now.
|
|
#
|
|
CONFIGURE_ENV+= ac_cv_func_strnvis=no
|
|
.endif
|
|
|
|
.if (${OPSYS} == "SunOS") && (${OS_VERSION} == "5.8" || ${OS_VERSION} == "5.9")
|
|
CONFIGURE_ARGS+= --disable-utmp --disable-wtmp
|
|
.endif
|
|
.if ${OPSYS} == "Linux"
|
|
CONFIGURE_ARGS+= --enable-md5-password
|
|
.endif
|
|
|
|
# The ssh-askpass program is in ${X11BASE}/bin or ${X11PREFIX}/bin depending
|
|
# on if it's part of the X11 distribution, or if it's installed from pkgsrc
|
|
# (security/ssh-askpass).
|
|
#
|
|
.if exists(${X11BASE}/bin/ssh-askpass)
|
|
ASKPASS_PROGRAM= ${X11BASE}/bin/ssh-askpass
|
|
.else
|
|
ASKPASS_PROGRAM= ${X11PREFIX}/bin/ssh-askpass
|
|
.endif
|
|
CONFIGURE_ENV+= ASKPASS_PROGRAM=${ASKPASS_PROGRAM:Q}
|
|
MAKE_ENV+= ASKPASS_PROGRAM=${ASKPASS_PROGRAM:Q}
|
|
|
|
# do the same for xauth
|
|
.if exists(${X11BASE}/bin/xauth)
|
|
CONFIGURE_ARGS+= --with-xauth=${X11BASE}/bin/xauth
|
|
.else
|
|
CONFIGURE_ARGS+= --with-xauth=${X11PREFIX}/bin/xauth
|
|
.endif
|
|
|
|
CONFS= ssh_config sshd_config moduli
|
|
|
|
PLIST_VARS+= prng
|
|
|
|
.if exists(/dev/urandom)
|
|
. if ${OPSYS} == "NetBSD"
|
|
MESSAGE_SRC+= ${.CURDIR}/MESSAGE.urandom
|
|
. endif
|
|
.else
|
|
CONFIGURE_ARGS+= --without-random
|
|
CONFS+= ssh_prng_cmds
|
|
PLIST.prng= yes
|
|
.endif
|
|
|
|
EGDIR= ${PREFIX}/share/examples/${PKGBASE}
|
|
CONF_FILES= # empty
|
|
.for f in ${CONFS}
|
|
CONF_FILES+= ${EGDIR}/${f} ${PKG_SYSCONFDIR}/${f}
|
|
.endfor
|
|
OWN_DIRS= ${OPENSSH_CHROOT}
|
|
RCD_SCRIPTS= sshd
|
|
RCD_SCRIPT_SRC.sshd= ${WRKDIR}/sshd.sh
|
|
SMF_METHODS= sshd
|
|
|
|
FILES_SUBST+= SSH_PID_DIR=${SSH_PID_DIR:Q}
|
|
|
|
SUBST_CLASSES+= patch
|
|
SUBST_STAGE.patch= pre-configure
|
|
SUBST_FILES.patch= session.c
|
|
SUBST_SED.patch= -e '/channel_input_port_forward_request/s/0/ROOTUID/'
|
|
SUBST_MESSAGE.patch= More patch a file.
|
|
|
|
.include "../../devel/zlib/buildlink3.mk"
|
|
.include "../../security/openssl/buildlink3.mk"
|
|
.include "../../security/tcp_wrappers/buildlink3.mk"
|
|
|
|
#
|
|
# type of key "ecdsa" isn't always supported depends on OpenSSL.
|
|
#
|
|
post-configure:
|
|
if ${EGREP} -q '^\#define[ ]+OPENSSL_HAS_ECC' \
|
|
${WRKSRC}/config.h; then \
|
|
${SED} -e '/HAVE_ECDSA/s/.*//' \
|
|
${FILESDIR}/sshd.sh > ${WRKDIR}/sshd.sh; \
|
|
else \
|
|
${SED} -e '/HAVE_ECDSA_START/,/HAVE_ECDSA_STOP/d' \
|
|
${FILESDIR}/sshd.sh > ${WRKDIR}/sshd.sh; \
|
|
fi
|
|
|
|
post-install:
|
|
${INSTALL_DATA_DIR} ${DESTDIR}${EGDIR}
|
|
cd ${WRKSRC}; for file in ${CONFS}; do \
|
|
${INSTALL_DATA} $${file}.out ${DESTDIR}${EGDIR}/$${file}; \
|
|
done
|
|
.if !empty(PKG_OPTIONS:Mpam) && ${OPSYS} == "Linux"
|
|
${INSTALL_DATA} ${WRKSRC}/contrib/sshd.pam.generic \
|
|
${DESTDIR}${EGDIR}/sshd.pam
|
|
.endif
|
|
|
|
.include "../../mk/bsd.pkg.mk"
|