source: trunk/dports/net/openssh/Portfile @ 139229

Last change on this file since 139229 was 139229, checked in by jeremyhu@…, 4 years ago

misc: Change port:openssl dependency to path:lib/libssl.dylib:openssl

This should allow usage of libressl as a replacement for openssl in relevant
ports. Not all ports have been tested, but libressl aims for API
compatibility with OpenSSL, so it is expected to work.

  • Property svn:eol-style set to native
  • Property svn:keywords set to Id
File size: 9.6 KB
Line 
1# -*- coding: utf-8; mode: tcl; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- vim:fenc=utf-8:ft=tcl:et:sw=4:ts=4:sts=4
2# $Id: Portfile 139229 2015-08-08 03:10:35Z jeremyhu@macports.org $
3
4PortSystem          1.0
5
6name                openssh
7version             6.9p1
8revision            1
9categories          net
10platforms           darwin
11maintainers         nomaintainer
12license             BSD
13installs_libs       no
14
15description         OpenSSH secure login server
16
17long_description    OpenSSH is a FREE version of the SSH protocol suite of \
18                    network connectivity tools that increasing numbers of people on the \
19                    Internet are coming to rely on. Many users of telnet, rlogin, ftp, \
20                    and other such programs might not realize that their password is \
21                    transmitted across the Internet unencrypted, but it is. OpenSSH \
22                    encrypts all traffic (including passwords) to effectively eliminate \
23                    eavesdropping, connection hijacking, and other network-level \
24                    attacks. Additionally, OpenSSH provides a myriad of secure \
25                    tunneling capabilities, as well as a variety of authentication \
26                    methods.
27
28homepage            http://www.openbsd.org/openssh/
29
30checksums           ${distfiles} \
31                    rmd160  4fb2f0a0280db51024bf72b0f5cd3912d25cb59a \
32                    sha256  6e074df538f357d440be6cf93dc581a21f22d39e236f217fcd8eacbb6c896cfe
33
34master_sites        openbsd:OpenSSH/portable \
35                    ftp://ftp.cise.ufl.edu/pub/mirrors/openssh/portable/ \
36                    ftp://reflection.ncsa.uiuc.edu/pub/OpenBSD/OpenSSH/portable/ \
37                    ftp://ftp.cse.buffalo.edu/pub/OpenBSD/OpenSSH/portable/ \
38                    ftp://openbsd.mirrors.pair.com/ftp/OpenSSH/portable \
39                    ftp://openbsd.secsup.org/pub/openbsd/OpenSSH/portable/
40
41depends_lib         path:lib/libssl.dylib:openssl \
42                    port:zlib
43
44# the HPN patch needs this, so rewrite all other patches to support it, too
45patch.args          -p1
46patchfiles          launchd.patch \
47                    pam.patch \
48                    patch-sandbox-darwin.c-apple-sandbox-named-external.diff \
49                    patch-sshd.c-apple-sandbox-named-external.diff
50
51# We need a couple of patches
52# - pam.patch
53#   getpwnam(3) on OS X always returns "*********" in the pw_passwd field even
54#   when run as root, so it can't be used for authentication. This patch just
55#   forces the use of PAM regardless of the configuration.
56# - patch-*-apple-sandbox-named-external.diff
57#   Use Apple's sandbox_init(3) in addition to standard privilege separation.
58#   This requires a sandbox profile (which we provide) and the sandbox_init(3)
59#   call before the chroot(2) to privsep-path ($prefix/var/empty), or it will
60#   fail to load the sandbox description and libsandbox.1.dylib.
61
62post-patch {
63    # reinplace prefix in path to sandbox definition added by
64    # patch-sandbox-darwin.c-apple-sandbox-named-external.diff
65    reinplace "s|@PREFIX@|${prefix}|g" ${worksrcpath}/sandbox-darwin.c
66}
67
68# Use Apple's sandboxing feature
69configure.cppflags-append -D__APPLE_SANDBOX_NAMED_EXTERNAL__
70configure.ldflags-append  -Wl,-search_paths_first
71configure.args      --with-ssl-dir=${prefix} \
72                    --sysconfdir=${prefix}/etc/ssh \
73                    --with-privsep-path=/var/empty \
74                    --with-md5-passwords \
75                    --with-pid-dir=${prefix}/var/run \
76                    --with-tcp-wrappers \
77                    --with-pam \
78                    --mandir=${prefix}/share/man \
79                    --with-zlib=${prefix} \
80                    --without-kerberos5 \
81                    --with-libedit \
82                    --with-pie \
83                    --without-xauth
84
85use_parallel_build  yes
86
87destroot.target     install-nokeys
88
89test.run            yes
90test.target         tests
91
92if {${os.major} >= 12} {
93    depends_lib-append  port:tcp_wrappers
94}
95
96post-destroot {
97    destroot.keepdirs ${destroot}${prefix}/var/run
98
99    # switch default port to avoid conflict with system sshd
100    reinplace "s|#Port 22|Port 2222|g" ${destroot}${prefix}/etc/ssh/sshd_config
101
102    # provide ssh-copy-id
103    xinstall -m 755 ${worksrcpath}/contrib/ssh-copy-id ${destroot}${prefix}/bin
104    xinstall -m 644 ${worksrcpath}/contrib/ssh-copy-id.1 ${destroot}${prefix}/share/man/man1
105
106    # install sandbox definition
107    xinstall -m 755 -d ${destroot}${prefix}/share/${name}
108    xinstall -m 644 ${filespath}/org.openssh.sshd.sb ${destroot}${prefix}/share/${name}
109
110    file rename "${destroot}${prefix}/etc/ssh/sshd_config" "${destroot}${prefix}/etc/ssh/sshd_config.example"
111    file rename "${destroot}${prefix}/etc/ssh/ssh_config" "${destroot}${prefix}/etc/ssh/ssh_config.example"
112}
113
114post-activate {
115    if {![file exists "${prefix}/etc/ssh/sshd_config"]} {
116        copy "${prefix}/etc/ssh/sshd_config.example" "${prefix}/etc/ssh/sshd_config"
117    }
118    if {![file exists "${prefix}/etc/ssh/ssh_config"]} {
119        copy "${prefix}/etc/ssh/ssh_config.example" "${prefix}/etc/ssh/ssh_config"
120    }
121}
122
123variant xauth description {Build with support for xauth} {
124    configure.args-delete   --without-xauth
125    configure.args-append   --with-xauth=${prefix}/bin/xauth
126    depends_run-append      port:xauth
127}
128
129variant hpn conflicts gsskex description {Apply high performance patch} {
130    # http://www.psc.edu/index.php/hpn-ssh
131    # http://www.freshports.org/security/openssh-portable/ is usually quick in
132    # updating the HPN patch for new versions, take a look there, too.
133
134    # Formerly from FreeBSD, now copied over from FreeBSD's ports directory.
135    #patch_sites-append     http://mirror.shatow.net/freebsd/${name}/ \
136    #                       freebsd
137    #set hpn_patchfile      ${name}-6.7p1-hpnssh14v5.diff.gz
138    #checksums-append       ${hpn_patchfile} \
139    #                       rmd160  0cf7ffdd9b60d518d76076faf31df6a7a6d4ae52 \
140    #                       sha256  846ad51577de8308d60dbfaa58ba18d112d0732fdf21063ebc78407fc8e4a7b6
141
142    set hpn_patchfile       ${name}-${version}-hpnssh14v5.diff
143    patchfiles-append       ${hpn_patchfile}
144
145    configure.cppflags-append -DHPN_ENABLED=1
146}
147
148variant none_cipher conflicts gsskex requires hpn description {Enable optional NONE cipher in HPN patchset} {
149    configure.cppflags-append -DNONE_CIPHER_ENABLED=1
150}
151
152variant gsskex conflicts hpn requires kerberos5 description "Add OpenSSH GSSAPI key exchange patch" {
153    use_autoreconf          yes
154    patchfiles-append       0002-Apple-keychain-integration-other-changes.patch \
155                            openssh-6.7p1-gsskex-all-20141021-284f364.patch
156    configure.cppflags-append \
157                            -F/System/Library/Frameworks/DirectoryService.framework \
158                            -F/System/Library/Frameworks/CoreFoundation.framework \
159                            -D_UTMPX_COMPAT \
160                            -D__APPLE_LAUNCHD__ \
161                            -D__APPLE_MEMBERSHIP__ \
162                            -D__APPLE_XSAN__
163    configure.ldflags-append \
164                            -Wl,-pie \
165                            -framework CoreFoundation \
166                            -framework DirectoryService
167    configure.cflags-append -fPIE
168    configure.args-append   --with-4in6 \
169                            --with-audit=bsm \
170                            --with-keychain=apple \
171                            --disable-utmp \
172                            --disable-wtmp \
173                            --with-privsep-user=_sshd
174}
175
176variant kerberos5 description "Add Kerberos5 support" {
177    depends_lib-append      port:kerberos5
178    configure.args-delete   --without-kerberos5
179    configure.args-append   --with-kerberos5=${prefix}
180}
181
182variant ldns description "Use ldns for DNSSEC support" {
183    configure.args-append   --with-ldns
184    depends_lib-append      port:ldns
185}
186
187default_variants            +kerberos5 +xauth
188
189platform darwin {
190    # create link to /usr/include/pam because 'security' was renamed to 'pam'
191    # in OS X.
192    pre-configure {
193        xinstall -d ${workpath}/include
194        file delete ${workpath}/include/security
195        ln -s /usr/include/pam ${workpath}/include/security
196    }
197}
198
199platform darwin 9 {
200    # 10.5/ppc doesn't like the sandbox file we supply
201    configure.cppflags-delete -D__APPLE_SANDBOX_NAMED_EXTERNAL__
202}
203
204startupitem.create  yes
205startupitem.name    OpenSSH
206startupitem.start   \
207    "if \[ -x ${prefix}/sbin/sshd ]; then
208        if \[ ! -f ${prefix}/etc/ssh/ssh_host_key \]; then
209            ${prefix}/bin/ssh-keygen -t rsa1 -f \\
210            ${prefix}/etc/ssh/ssh_host_key -N \"\" -C `hostname`
211        fi
212        if \[ ! -f ${prefix}/etc/ssh/ssh_host_dsa_key \]; then
213            ${prefix}/bin/ssh-keygen -t dsa -f \\
214            ${prefix}/etc/ssh/ssh_host_dsa_key -N \"\" -C `hostname`
215        fi
216        if \[ ! -f ${prefix}/etc/ssh/ssh_host_rsa_key \]; then
217            ${prefix}/bin/ssh-keygen -t rsa -f \\
218            ${prefix}/etc/ssh/ssh_host_rsa_key -N \"\" -C `hostname`
219        fi
220        if \[ ! -f ${prefix}/etc/ssh/ssh_host_ecdsa_key \]; then
221            ${prefix}/bin/ssh-keygen -t ecdsa -f \\
222            ${prefix}/etc/ssh/ssh_host_ecdsa_key -N \"\" -C `hostname`
223        fi
224        if \[ ! -f ${prefix}/etc/ssh/ssh_host_ed25519_key \]; then
225            ${prefix}/bin/ssh-keygen -t ed25519 -f \\
226            ${prefix}/etc/ssh/ssh_host_ed25519_key -N \"\" -C `hostname`
227        fi
228        ${prefix}/sbin/sshd
229    fi"
230startupitem.stop    \
231    "if \[ -r ${prefix}/var/run/sshd.pid \]; then
232        kill `cat ${prefix}/var/run/sshd.pid`
233    fi"
234
235livecheck.type      regex
236livecheck.url       http://openbsd.cs.fau.de/pub/OpenBSD/OpenSSH/portable/
237livecheck.regex     openssh-(\[5-9\].\[0-9\]p\[0-9\])[quotemeta ${extract.suffix}]
Note: See TracBrowser for help on using the repository browser.