security/openssh/Makefile

   1 # $NetBSD: Makefile,v 1.210 2013/02/06 23:23:40 jperkin Exp $
   2
   3 DISTNAME=               openssh-6.2p1
   4 PKGNAME=                openssh-6.2.1
   5 SVR4_PKGNAME=           ossh
   6 CATEGORIES=             security
   7 MASTER_SITES=           ftp://ftp.openssh.com/pub/OpenBSD/OpenSSH/portable/ \
   8                         ftp://ftp3.usa.openbsd.org/pub/OpenBSD/OpenSSH/portable/ \
   9                         ftp://gd.tuwien.ac.at/opsys/OpenBSD/OpenSSH/portable/ \
  10                         ftp://ftp.freenet.de/pub/ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/ \
  11                         ftp://ftp.jaist.ac.jp/pub/OpenBSD/OpenSSH/portable/ \
  12                         ftp://ftp.belnet.be/packages/openbsd/OpenSSH/portable/
  13 # Don't delete the last entry -- it's there if the pkgsrc version is not
  14 # up-to-date and the mirrors already removed the old distfile.
  15
  16 MAINTAINER=             pkgsrc-users@NetBSD.org
  17 HOMEPAGE=               http://www.openssh.com/
  18 COMMENT=                Open Source Secure shell client and server (remote login program)
  19
  20 CONFLICTS=              sftp-[0-9]*
  21 CONFLICTS+=             ssh-[0-9]* ssh6-[0-9]*
  22 CONFLICTS+=             ssh2-[0-9]* ssh2-nox11-[0-9]*
  23 CONFLICTS+=             openssh+gssapi-[0-9]*
  24 CONFLICTS+=             lsh>2.0
  25
  26 USE_TOOLS+=             perl
  27
  28 CRYPTO=                 yes
  29
  30 # retain the following line, for IPv6-ready pkgsrc webpage
  31 BUILD_DEFS+=            IPV6_READY
  32
  33 PKG_GROUPS_VARS+=       OPENSSH_GROUP
  34 PKG_USERS_VARS+=        OPENSSH_USER
  35 BUILD_DEFS+=            OPENSSH_CHROOT
  36 BUILD_DEFS+=            VARBASE
  37
  38 INSTALL_TARGET=         install-nokeys
  39 PLIST_SRC=              # empty
  40
  41 .include "options.mk"
  42
  43 .if ${OPSYS} == "Interix"
  44
  45 # OpenSSH on Interix has some important caveats
  46 MESSAGE_SRC=            ${.CURDIR}/MESSAGE.Interix
  47 BUILDLINK_PASSTHRU_DIRS+= /usr/local/lib/bind
  48 CONFIGURE_ENV+=         ac_cv_func_openpty=no
  49 CONFIGURE_ENV+=         ac_cv_type_struct_timespec=yes
  50 CPPFLAGS+=              -DIOV_MAX=16 # default is INT_MAX, way too large
  51 .if exists(/usr/local/include/bind/resolv.h)
  52 CPPFLAGS+=              -I/usr/local/include/bind
  53 BUILDLINK_PASSTHRU_DIRS+= /usr/local/include/bind
  54 .elif exists(/usr/local/bind/include/resolv.h)
  55 CPPFLAGS+=              -I/usr/local/bind/include
  56 BUILDLINK_PASSTHRU_DIRS+= /usr/local/bind/include
  57 .endif
  58 LDFLAGS+=               -L/usr/local/lib/bind
  59 LIBS+=                  -lbind -ldb -lcrypt
  60
  61 .else # not Interix
  62
  63 PKG_GROUPS=             ${OPENSSH_GROUP}
  64 PKG_USERS=              ${OPENSSH_USER}:${OPENSSH_GROUP}
  65
  66 PKG_GECOS.${OPENSSH_USER}=      sshd privsep pseudo-user
  67 PKG_HOME.${OPENSSH_USER}=       ${OPENSSH_CHROOT}
  68
  69 .endif
  70
  71 SSH_PID_DIR=            ${VARBASE}/run  # default directory for PID files
  72
  73 PKG_SYSCONFSUBDIR=      ssh
  74
  75 GNU_CONFIGURE=          yes
  76 CONFIGURE_ARGS+=        --with-mantype=man
  77 CONFIGURE_ARGS+=        --sysconfdir=${PKG_SYSCONFDIR:Q}
  78 CONFIGURE_ARGS+=        --with-pid-dir=${SSH_PID_DIR:Q}
  79 CONFIGURE_ARGS+=        --with-ssl-dir=${SSLBASE:Q}
  80 CONFIGURE_ARGS+=        --with-tcp-wrappers=${BUILDLINK_PREFIX.tcp_wrappers}
  81
  82 .if ${OPSYS} != "Interix"
  83 CONFIGURE_ARGS+=        --with-privsep-path=${OPENSSH_CHROOT:Q}
  84 CONFIGURE_ARGS+=        --with-privsep-user=${OPENSSH_USER:Q}
  85 .endif
  86
  87 # pkgsrc already enforces a "secure" version of zlib via dependencies,
  88 # so skip this bogus version check.
  89 CONFIGURE_ARGS+=        --without-zlib-version-check
  90
  91 # the openssh configure script finds and uses ${LD} if defined and
  92 # defaults to ${CC} if not. we override LD here, since running the
  93 # linker directly results in undefined symbols for obvious reasons.
  94 #
  95 CONFIGURE_ENV+=         LD=${CC:Q}
  96
  97 # Enable S/Key support on NetBSD, Darwin, and Solaris.
  98 .if (${OPSYS} == "NetBSD") || (${OPSYS} == "Darwin") || (${OPSYS} == "SunOS")
  99 .  include "../../security/skey/buildlink3.mk"
 100 CONFIGURE_ARGS+=        --with-skey=${BUILDLINK_PREFIX.skey}
 101 .else
 102 CONFIGURE_ARGS+=        --without-skey
 103 .endif
 104
 105 .if (${OPSYS} == "NetBSD")
 106 .  if exists(/usr/include/utmpx.h)
 107 # if we have utmpx et al do not try to use login()
 108 CONFIGURE_ARGS+=        --disable-libutil
 109 .  endif
 110 #
 111 # NetBSD current after 2011/03/12 has incompatible strnvis(3) and
 112 # prior version don't have it.  So, disable use of strnvis(3) now.
 113 #
 114 CONFIGURE_ENV+=         ac_cv_func_strnvis=no
 115 .endif
 116
 117 .if (${OPSYS} == "SunOS") && (${OS_VERSION} == "5.8" || ${OS_VERSION} == "5.9")
 118 CONFIGURE_ARGS+=        --disable-utmp --disable-wtmp
 119 .endif
 120 .if ${OPSYS} == "Linux"
 121 CONFIGURE_ARGS+=        --enable-md5-password
 122 .endif
 123
 124 # The ssh-askpass program is in ${X11BASE}/bin or ${X11PREFIX}/bin depending
 125 # on if it's part of the X11 distribution, or if it's installed from pkgsrc
 126 # (security/ssh-askpass).
 127 #
 128 .if exists(${X11BASE}/bin/ssh-askpass)
 129 ASKPASS_PROGRAM=        ${X11BASE}/bin/ssh-askpass
 130 .else
 131 ASKPASS_PROGRAM=        ${X11PREFIX}/bin/ssh-askpass
 132 .endif
 133 CONFIGURE_ENV+=         ASKPASS_PROGRAM=${ASKPASS_PROGRAM:Q}
 134 MAKE_ENV+=              ASKPASS_PROGRAM=${ASKPASS_PROGRAM:Q}
 135
 136 # do the same for xauth
 137 .if exists(${X11BASE}/bin/xauth)
 138 CONFIGURE_ARGS+=        --with-xauth=${X11BASE}/bin/xauth
 139 .else
 140 CONFIGURE_ARGS+=        --with-xauth=${X11PREFIX}/bin/xauth
 141 .endif
 142
 143 CONFS=                  ssh_config sshd_config moduli
 144
 145 .if exists(/dev/urandom)
 146 .  if ${OPSYS} == "NetBSD"
 147 MESSAGE_SRC+=           ${.CURDIR}/MESSAGE.urandom
 148 .  endif
 149 .else
 150 CONFIGURE_ARGS+=        --without-random
 151 CONFS+=                 ssh_prng_cmds
 152 PLIST_SRC+=             ${.CURDIR}/PLIST.prng
 153 .endif
 154
 155 EGDIR=                  ${PREFIX}/share/examples/${PKGBASE}
 156 CONF_FILES=             # empty
 157 .for f in ${CONFS}
 158 CONF_FILES+=            ${EGDIR}/${f} ${PKG_SYSCONFDIR}/${f}
 159 .endfor
 160 OWN_DIRS=               ${OPENSSH_CHROOT}
 161 RCD_SCRIPTS=            sshd
 162 RCD_SCRIPT_SRC.sshd=    ${WRKDIR}/sshd.sh
 163
 164 PLIST_SRC+=             ${.CURDIR}/PLIST
 165 FILES_SUBST+=           SSH_PID_DIR=${SSH_PID_DIR:Q}
 166
 167 SUBST_CLASSES+=         patch
 168 SUBST_STAGE.patch=      pre-configure
 169 SUBST_FILES.patch=      session.c
 170 SUBST_SED.patch=        -e '/channel_input_port_forward_request/s/0/ROOTUID/'
 171 SUBST_MESSAGE.patch=    More patch a file.
 172
 173 .include "../../devel/zlib/buildlink3.mk"
 174 .include "../../security/openssl/buildlink3.mk"
 175 .include "../../security/tcp_wrappers/buildlink3.mk"
 176
 177 #
 178 # type of key "ecdsa" isn't always supported depends on OpenSSL.
 179 #
 180 post-configure:
 181         if ${EGREP} -q '^\#define[      ]+OPENSSL_HAS_ECC' \
 182             ${WRKSRC}/config.h; then \
 183                 ${SED} -e '/HAVE_ECDSA/s/.*//' \
 184                         ${FILESDIR}/sshd.sh > ${WRKDIR}/sshd.sh; \
 185         else \
 186                 ${SED} -e '/HAVE_ECDSA_START/,/HAVE_ECDSA_STOP/d' \
 187                         ${FILESDIR}/sshd.sh > ${WRKDIR}/sshd.sh; \
 188         fi
 189
 190 post-install:
 191         ${INSTALL_DATA_DIR} ${DESTDIR}${EGDIR}
 192         cd ${WRKSRC}; for file in ${CONFS}; do                          \
 193                 ${INSTALL_DATA} $${file}.out ${DESTDIR}${EGDIR}/$${file};               \
 194         done
 195 .if !empty(PKG_OPTIONS:Mpam) && ${OPSYS} == "Linux"
 196         ${INSTALL_DATA} ${WRKSRC}/contrib/sshd.pam.generic \
 197           ${DESTDIR}${EGDIR}/sshd.pam
 198 .endif
 199
 200 .include "../../mk/bsd.pkg.mk"