search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
updated on Sat Jan 21 16:18:39 UTC 2012
[aur-mirror.git] / openssh-hardened / PKGBUILD
blob2231199b27a809d2b13aff2151dfde65058b45a5
1 # $Id: PKGBUILD 127399 2011-06-14 16:51:03Z bisson $
2 # Maintainer: Gaetan Bisson <bisson@archlinux.org>
3 # Contributor: Aaron Griffin <aaron@archlinux.org>
4 # Contributor: judd <jvinet@zeroflux.org>
5
6 pkgname=openssh-hardened
7 pkgver=5.8p2
8 pkgrel=10
9 pkgdesc='Free version of the SSH connectivity tools'
10 arch=('i686' 'x86_64')
11 license=('custom:BSD')
12 url='http://www.openssh.org/portable.html'
13 backup=('etc/ssh/ssh_config' 'etc/ssh/sshd_config' 'etc/pam.d/sshd' 'etc/conf.d/sshd')
14 depends=('tcp_wrappers' 'krb5' 'openssl-hardened=1.0.0.d-3' 'libedit')
15 source=("ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${pkgver}.tar.gz"
16         'authfile.c.patch'
17         'sshd.confd'
18         'sshd.pam'
19         'sshd')
20 sha1sums=('64798328d310e4f06c9f01228107520adbc8b3e5'
21           '3669cb5ca6149f69015df5ce8e60b82c540eb0a4'
22           'ec102deb69cad7d14f406289d2fc11fee6eddbdd'
23           '07fecd5880b1c4fdd8c94ddb2e89ddce88effdc1'
24           '6b7f8ebf0c1cc37137a7d9a53447ac8a0ee6a2b5')
25 replaces=('openssh<=5.8p2-8')
26 provides=('openssh=5.8p2-8')
27 conflicts=('openssh=>5.8p2-8')
28
29 build() {
30         pkgname="openssh"
31         cd "${srcdir}/${pkgname}-${pkgver}"
32
33         # SSP is done natively already.
34         export CFLAGS="${CFLAGS} -fPIE -D_FORTIFY_SOURCE=2"
35         export LDFLAGS="-pie ${LDFLAGS} -Wl,-z,relro -Wl,-z,now"
36         patch -p1 -i ../authfile.c.patch # fix FS#24693 using http://anoncvs.mindrot.org/index.cgi/openssh/authfile.c?revision=1.95
37
38         ./configure \
39                 --prefix=/usr \
40                 --libexecdir=/usr/lib/ssh \
41                 --sysconfdir=/etc/ssh \
42                 --with-privsep-user=nobody \
43                 --with-md5-passwords \
44                 --with-pam \
45                 --with-mantype=man \
46                 --mandir=/usr/share/man \
47                 --with-xauth=/usr/bin/xauth \
48                 --with-kerberos5=/usr \
49                 --with-ssl-engine \
50                 --with-libedit=/usr/lib \
51                 --disable-strip --with-tcp-wrappers
52
53         make
54 }
55
56 package() {
57         pkgname="openssh"
58         cd "${srcdir}/${pkgname}-${pkgver}"
59         make DESTDIR="${pkgdir}" install
60
61         install -Dm755 ../sshd "${pkgdir}"/etc/rc.d/sshd
62         install -Dm644 ../sshd.pam "${pkgdir}"/etc/pam.d/sshd
63         install -Dm644 ../sshd.confd "${pkgdir}"/etc/conf.d/sshd
64         install -Dm644 LICENCE "${pkgdir}/usr/share/licenses/${pkgname}/LICENCE"
65
66         rm "${pkgdir}"/usr/share/man/man1/slogin.1
67         ln -sf ssh.1.gz "${pkgdir}"/usr/share/man/man1/slogin.1.gz
68
69         # additional contrib scripts that we like
70         install -Dm755 contrib/findssl.sh "${pkgdir}"/usr/bin/findssl.sh
71         install -Dm755 contrib/ssh-copy-id "${pkgdir}"/usr/bin/ssh-copy-id
72         install -Dm644 contrib/ssh-copy-id.1 "${pkgdir}"/usr/share/man/man1/ssh-copy-id.1
73
74         # PAM is a common, standard feature to have
75         sed -i  -e '/^#ChallengeResponseAuthentication yes$/c ChallengeResponseAuthentication no' \
76                 -e '/^#UsePAM no$/c UsePAM yes' \
77                 "${pkgdir}"/etc/ssh/sshd_config
78 pkgname="openssh-hardened"
79 }
AUR mirror