File:  [cvs.NetBSD.org] / pkgsrc / security / openssh / Makefile
Revision 1.246: download - view: text, annotated - select for diffs
Sat Jul 9 06:38:56 2016 UTC (8 years, 5 months ago) by wiz
Branches: MAIN
CVS tags: HEAD
Bump PKGREVISION for perl-5.24.0 for everything mentioning perl.

# $NetBSD: Makefile,v 1.246 2016/07/09 06:38:56 wiz Exp $

DISTNAME=		openssh-7.2p2
PKGNAME=		${DISTNAME:S/p2/.2/}
PKGREVISION=		3
CATEGORIES=		security
MASTER_SITES=		${MASTER_SITE_OPENBSD:=OpenSSH/portable/}

MAINTAINER=		pkgsrc-users@NetBSD.org
HOMEPAGE=		http://www.openssh.com/
COMMENT=		Open Source Secure shell client and server (remote login program)

CONFLICTS=		sftp-[0-9]*
CONFLICTS+=		ssh-[0-9]* ssh6-[0-9]*
CONFLICTS+=		ssh2-[0-9]* ssh2-nox11-[0-9]*
CONFLICTS+=		openssh+gssapi-[0-9]*
CONFLICTS+=		lsh>2.0
BROKEN_FOR_PLATFORM+=	OpenBSD-*-*

USE_GCC_RUNTIME=	yes
USE_TOOLS+=		autoconf perl

CRYPTO=			yes

# retain the following line, for IPv6-ready pkgsrc webpage
BUILD_DEFS+=		IPV6_READY

PKG_GROUPS_VARS+=	OPENSSH_GROUP
PKG_USERS_VARS+=	OPENSSH_USER
BUILD_DEFS+=		OPENSSH_CHROOT
BUILD_DEFS+=		VARBASE

INSTALL_TARGET=		install-nokeys

.include "options.mk"

# fixes: dyld: Symbol not found: _allow_severity
CONFIGURE_ARGS.Darwin+=	--disable-strip

# OpenSSH on Interix has some important caveats
.if ${OPSYS} == "Interix"
MESSAGE_SRC=		${.CURDIR}/MESSAGE.Interix
BUILDLINK_PASSTHRU_DIRS+= /usr/local/lib/bind
CONFIGURE_ENV+=		ac_cv_func_openpty=no
CONFIGURE_ENV+=		ac_cv_type_struct_timespec=yes
CPPFLAGS+=		-DIOV_MAX=16 # default is INT_MAX, way too large
.if exists(/usr/local/include/bind/resolv.h)
CPPFLAGS+=		-I/usr/local/include/bind
BUILDLINK_PASSTHRU_DIRS+= /usr/local/include/bind
.elif exists(/usr/local/bind/include/resolv.h)
CPPFLAGS+=		-I/usr/local/bind/include
BUILDLINK_PASSTHRU_DIRS+= /usr/local/bind/include
.endif
LDFLAGS+=		-L/usr/local/lib/bind
LIBS+=			-lbind -ldb -lcrypt

.else # not Interix

PKG_GROUPS=		${OPENSSH_GROUP}
PKG_USERS=		${OPENSSH_USER}:${OPENSSH_GROUP}

PKG_GECOS.${OPENSSH_USER}=	sshd privsep pseudo-user
PKG_HOME.${OPENSSH_USER}=	${OPENSSH_CHROOT}

.endif

SSH_PID_DIR=		${VARBASE}/run	# default directory for PID files

PKG_SYSCONFSUBDIR=	ssh

GNU_CONFIGURE=		yes
CONFIGURE_ARGS+=	--with-mantype=man
CONFIGURE_ARGS+=	--sysconfdir=${PKG_SYSCONFDIR:Q}
CONFIGURE_ARGS+=	--with-pid-dir=${SSH_PID_DIR:Q}
CONFIGURE_ARGS+=	--with-tcp-wrappers=${BUILDLINK_PREFIX.tcp_wrappers}

.if ${OPSYS} != "Interix"
CONFIGURE_ARGS+=	--with-privsep-path=${OPENSSH_CHROOT:Q}
CONFIGURE_ARGS+=	--with-privsep-user=${OPENSSH_USER:Q}
.endif

# pkgsrc already enforces a "secure" version of zlib via dependencies,
# so skip this bogus version check.
CONFIGURE_ARGS+=	--without-zlib-version-check

.if ${_PKGSRC_MKPIE} != "no"
CONFIGURE_ARGS+=	--with-pie
.endif

# the openssh configure script finds and uses ${LD} if defined and
# defaults to ${CC} if not. we override LD here, since running the
# linker directly results in undefined symbols for obvious reasons.
#
CONFIGURE_ENV+=		LD=${CC:Q}

# Enable S/Key support on NetBSD, Darwin, and Solaris.
.if (${OPSYS} == "NetBSD") || (${OPSYS} == "Darwin") || (${OPSYS} == "SunOS")
.  include "../../security/skey/buildlink3.mk"
CONFIGURE_ARGS+=	--with-skey=${BUILDLINK_PREFIX.skey}
.else
CONFIGURE_ARGS+=	--without-skey
.endif

.if (${OPSYS} == "NetBSD")
.  if exists(/usr/include/utmpx.h)
# if we have utmpx et al do not try to use login()
CONFIGURE_ARGS+=	--disable-libutil
.  endif
#
# NetBSD current after 2011/03/12 has incompatible strnvis(3) and
# prior version don't have it.  So, disable use of strnvis(3) now.
#
CONFIGURE_ENV+=		ac_cv_func_strnvis=no
#
# workaround for ./configure problem, pkg/50936
#
CONFIGURE_ENV+=		ac_cv_func_reallocarray=no
.endif

.if (${OPSYS} == "SunOS") && (${OS_VERSION} == "5.8" || ${OS_VERSION} == "5.9")
CONFIGURE_ARGS+=	--disable-utmp --disable-wtmp
.endif

CONFIGURE_ARGS.Linux+=	--enable-md5-password

# The ssh-askpass program is in ${X11BASE}/bin or ${PREFIX}/bin depending
# on if it's part of the X11 distribution, or if it's installed from pkgsrc
# (security/ssh-askpass).
#
.if exists(${X11BASE}/bin/ssh-askpass)
ASKPASS_PROGRAM=	${X11BASE}/bin/ssh-askpass
.else
ASKPASS_PROGRAM=	${PREFIX}/bin/ssh-askpass
.endif
CONFIGURE_ENV+=		ASKPASS_PROGRAM=${ASKPASS_PROGRAM:Q}
MAKE_ENV+=		ASKPASS_PROGRAM=${ASKPASS_PROGRAM:Q}

# do the same for xauth
.if exists(${X11BASE}/bin/xauth)
CONFIGURE_ARGS+=	--with-xauth=${X11BASE}/bin/xauth
.else
CONFIGURE_ARGS+=	--with-xauth=${PREFIX}/bin/xauth
.endif

CONFS=			ssh_config sshd_config moduli

PLIST_VARS+=		darwin prng

.if exists(/dev/urandom)
.  if ${OPSYS} == "NetBSD"
MESSAGE_SRC+=		${.CURDIR}/MESSAGE.urandom
.  endif
.else
CONFIGURE_ARGS+=	--without-random
CONFS+=			ssh_prng_cmds
PLIST.prng=		yes
.endif

EGDIR=			${PREFIX}/share/examples/${PKGBASE}

# enable privsep patches
.if ${OPSYS} == "Darwin"
CONF_FILES+=		${EGDIR}/org.openssh.sshd.sb ${PKG_SYSCONFDIR}/org.openssh.sshd.sb
CPPFLAGS+=		-D__APPLE_SANDBOX_NAMED_EXTERNAL__
PLIST.darwin=		yes
.endif

.for f in ${CONFS}
CONF_FILES+=		${EGDIR}/${f} ${PKG_SYSCONFDIR}/${f}
.endfor
OWN_DIRS=		${OPENSSH_CHROOT}
RCD_SCRIPTS=		sshd
RCD_SCRIPT_SRC.sshd=	${WRKDIR}/sshd.sh
SMF_METHODS=		sshd

FILES_SUBST+=		SSH_PID_DIR=${SSH_PID_DIR:Q}

SUBST_CLASSES+=		patch
SUBST_STAGE.patch=	pre-configure
SUBST_FILES.patch=	session.c sandbox-darwin.c
SUBST_SED.patch=	-e '/channel_input_port_forward_request/s/0/ROOTUID/'
SUBST_VARS.patch=	PKG_SYSCONFDIR

.include "../../devel/zlib/buildlink3.mk"
.include "../../security/tcp_wrappers/buildlink3.mk"

#
# type of key "ecdsa" isn't always supported depends on OpenSSL.
#
pre-configure:
	cd ${WRKSRC} && autoconf -i

post-configure:
	if ${EGREP} -q '^\#define[ 	]+OPENSSL_HAS_ECC' \
	    ${WRKSRC}/config.h; then \
		${SED} -e '/HAVE_ECDSA/s/.*//' \
			${FILESDIR}/sshd.sh > ${WRKDIR}/sshd.sh; \
	else \
		${SED} -e '/HAVE_ECDSA_START/,/HAVE_ECDSA_STOP/d' \
			${FILESDIR}/sshd.sh > ${WRKDIR}/sshd.sh; \
	fi
	${SED} -e 's,@VARBASE@,${VARBASE:Q},g' \
		< ${FILESDIR}/org.openssh.sshd.sb.in \
		> ${WRKDIR}/org.openssh.sshd.sb

post-install:
	${INSTALL_DATA_DIR} ${DESTDIR}${EGDIR}
	cd ${WRKSRC}; for file in ${CONFS}; do				\
		${INSTALL_DATA} $${file}.out ${DESTDIR}${EGDIR}/$${file};		\
	done
.if !empty(PKG_OPTIONS:Mpam) && ${OPSYS} == "Linux"
	${INSTALL_DATA} ${WRKSRC}/contrib/sshd.pam.generic \
	  ${DESTDIR}${EGDIR}/sshd.pam
.endif
.if ${OPSYS} == "Darwin"
	${INSTALL_DATA} ${WRKDIR}/org.openssh.sshd.sb \
		${DESTDIR}${EGDIR}/org.openssh.sshd.sb
.endif

.include "../../mk/bsd.pkg.mk"

CVSweb <webmaster@jp.NetBSD.org>