added feature request for chrooting via sshd bug #26615

author: Ned Ludd <solar@gentoo.org> 2004-01-08 10:07:50 +0000
committer: Ned Ludd <solar@gentoo.org> 2004-01-08 10:07:50 +0000
commit: 01b82972e1b2f17d4e8ee9e60afa93c975ab2e32 (patch)
tree: 037ed0b21283b641b992294cd646c07c4e7266c3 /net-misc
parent: slight tweaks to ebuild for reusability (Manifest recommit) (diff)
download: gentoo-2-01b82972e1b2f17d4e8ee9e60afa93c975ab2e32.tar.gz
gentoo-2-01b82972e1b2f17d4e8ee9e60afa93c975ab2e32.tar.bz2
gentoo-2-01b82972e1b2f17d4e8ee9e60afa93c975ab2e32.zip
10 files changed, 240 insertions, 259 deletions
diff --git a/net-misc/openssh/ChangeLog b/net-misc/openssh/ChangeLog
index 642acb1a51e9..eed90b2e7f13 100644
--- a/net-misc/openssh/ChangeLog
+++ b/net-misc/openssh/ChangeLog
@@ -1,6 +1,17 @@
 # ChangeLog for net-misc/openssh
-# Copyright 2002-2003 Gentoo Technologies, Inc.; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/ChangeLog,v 1.59 2004/01/04 12:02:17 aliz Exp $
+# Copyright 2002-2004 Gentoo Technologies, Inc.; Distributed under the GPL v2
+# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/ChangeLog,v 1.60 2004/01/08 10:07:50 solar Exp $
+
+  08 Jan 2004; <solar@gentoo.org> openssh-3.5_p1-r1.ebuild,
+  openssh-3.6.1_p2.ebuild, openssh-3.7.1_p2-r1.ebuild,
+  openssh-3.7.1_p2-r2.ebuild:
+  ppc64/mips nightmare.. had to remove tcpd and skey support for various arches
+  due to other things not being marked stable on those arches
+
+*openssh-3.7.1_p2-r2 (08 Jan 2004)
+
+  08 Jan 2004; <solar@gentoo.org> openssh-3.7.1_p2-r2.ebuild:
+  added feature request for chrooting via sshd bug #26615
 
   04 Jan 2004; Daniel Ahlberg <aliz@gentoo.org> openssh-3.7.1_p2-r1.ebuild:
   Changeing sshd user shell. Closing #35063.
diff --git a/net-misc/openssh/Manifest b/net-misc/openssh/Manifest
index d6d08434a001..ccab321eb329 100644
--- a/net-misc/openssh/Manifest
+++ b/net-misc/openssh/Manifest
@@ -1,13 +1,16 @@
 MD5 0bdab2263983cea3dfaa7872d917be1f openssh-3.5_p1-r1.ebuild 3562
 MD5 76d150d377a2b8aaf6a3a9e6b02a0080 openssh-3.7.1_p2-r1.ebuild 4004
-MD5 092b770f6fb3c69d8acf92b42ca717df openssh-3.6.1_p2.ebuild 3586
+MD5 8b4e75847ff495b2f7261f28fcec1319 openssh-3.7.1_p2-r2.ebuild 4114
 MD5 320135796bde07c625d009bf82458083 ChangeLog 9519
+MD5 092b770f6fb3c69d8acf92b42ca717df openssh-3.6.1_p2.ebuild 3586
 MD5 0feff9b09e482567359625301bddce1c metadata.xml 1329
+MD5 8f421fd8d19a104dc78150e4b1904a46 files/digest-openssh-3.5_p1-r1 65
 MD5 2cb187d8f60994c5e1b5fef2bcb6e85d files/openssh-3.5_p1-gentoo-sshd-gcc3.patch 315
-MD5 49cc9062ff27ad7d4e8f94b136ed76a2 files/openssh-3.7.1_p1-selinux.diff 3394
-MD5 31789e51878741d2af4b1312db79fa2f files/digest-openssh-3.6.1_p2 67
-MD5 b31110303673214476c57e1bed28e1ce files/openssh-skeychallenge-args.diff 925
 MD5 b86ae0c43a704c4ee2abd2ce5c955f8f files/sshd.pam 294
 MD5 17b2fa077852f2c2990ec97c51bf198b files/sshd.rc6 1233
-MD5 8f421fd8d19a104dc78150e4b1904a46 files/digest-openssh-3.5_p1-r1 65
+MD5 31789e51878741d2af4b1312db79fa2f files/digest-openssh-3.6.1_p2 67
+MD5 49cc9062ff27ad7d4e8f94b136ed76a2 files/openssh-3.7.1_p1-selinux.diff 3394
 MD5 2f8fc1bd837220c9708d9d8b0730fe2c files/digest-openssh-3.7.1_p2-r1 142
+MD5 b31110303673214476c57e1bed28e1ce files/openssh-skeychallenge-args.diff 925
+MD5 8f72054fc8c55107b5bf7ce13a8ad083 files/openssh-3.7.1_p2-chroot.patch 2884
+MD5 2f8fc1bd837220c9708d9d8b0730fe2c files/digest-openssh-3.7.1_p2-r2 142
diff --git a/net-misc/openssh/files/digest-openssh-3.5_p1-r1 b/net-misc/openssh/files/digest-openssh-3.5_p1-r1
deleted file mode 100644
index e24f781804e4..000000000000
--- a/net-misc/openssh/files/digest-openssh-3.5_p1-r1
+++ /dev/null
@@ -1 +0,0 @@
-MD5 42bd78508d208b55843c84dd54dea848 openssh-3.5p1.tar.gz 851486
diff --git a/net-misc/openssh/files/digest-openssh-3.6.1_p2 b/net-misc/openssh/files/digest-openssh-3.6.1_p2
deleted file mode 100644
index 70f355454a00..000000000000
--- a/net-misc/openssh/files/digest-openssh-3.6.1_p2
+++ /dev/null
@@ -1 +0,0 @@
-MD5 f3879270bffe479e1bd057aa36258696 openssh-3.6.1p2.tar.gz 879629
diff --git a/net-misc/openssh/files/digest-openssh-3.7.1_p2-r2 b/net-misc/openssh/files/digest-openssh-3.7.1_p2-r2
new file mode 100644
index 000000000000..920c333856ca
--- /dev/null
+++ b/net-misc/openssh/files/digest-openssh-3.7.1_p2-r2
@@ -0,0 +1,2 @@
+MD5 61cf5b059938718308836d00f6764a94 openssh-3.7.1p2.tar.gz 792280
+MD5 83e000a867eba10ef7f18c169d979360 openssh-3.7.1p2+x509g2.diff.gz 125455
diff --git a/net-misc/openssh/files/openssh-3.7.1_p2-chroot.patch b/net-misc/openssh/files/openssh-3.7.1_p2-chroot.patch
new file mode 100644
index 000000000000..13625995a88e
--- /dev/null
+++ b/net-misc/openssh/files/openssh-3.7.1_p2-chroot.patch
@@ -0,0 +1,74 @@
+################################################################################
+################################################################################
+#                                                                              #
+# Original patch by Ricardo Cerqueira <rmcc@clix.pt>                           #
+#                                                                              #
+# Updated by James Dennis <james@firstaidmusic.com> for openssh-3.7.1p2        #
+#                                                                              #
+# A patch to cause sshd to chroot when it encounters the magic token           #
+# '/./' in a users home directory. The directory portion before the            #
+# token is the directory to chroot() to, the portion after the                 #
+# token is the user's home directory relative to the new root.                 #
+#                                                                              #
+# Patch source using: patch -p0 < /path/to/patch                               #
+#                                                                              #
+# Systems with a bad diff (doesn't understand -u or -N) should use gnu diff.   #
+# Solaris may store this as gdiff under /opt/sfw/bin. I can't say much about   #
+# other systems (unless you email me your experiences!).                       #
+#                                                                              #
+################################################################################
+################################################################################
+
+diff -uNr openssh-3.7.1p2/session.c openssh-3.7.1p2-chroot/session.c
+--- openssh-3.7.1p2/session.c	Tue Sep 23 04:59:08 2003
++++ openssh-3.7.1p2-chroot/session.c	Fri Sep 26 13:42:52 2003
+@@ -58,6 +58,8 @@
+ #include "session.h"
+ #include "monitor_wrap.h"
+ 
++#define CHROOT
++
+ #ifdef GSSAPI
+ #include "ssh-gss.h"
+ #endif
+@@ -1231,6 +1233,12 @@
+ void
+ do_setusercontext(struct passwd *pw)
+ {
++
++#ifdef CHROOT
++	char *user_dir;
++	char *new_root;
++#endif /* CHROOT */
++
+ #ifndef HAVE_CYGWIN
+ 	if (getuid() == 0 || geteuid() == 0)
+ #endif /* HAVE_CYGWIN */
+@@ -1268,6 +1276,27 @@
+ 			exit(1);
+ 		}
+ 		endgrent();
++
++#ifdef CHROOT
++       user_dir = xstrdup(pw->pw_dir);
++       new_root = user_dir + 1;
++
++       while((new_root = strchr(new_root, '.')) != NULL) {
++           new_root--;
++           if(strncmp(new_root, "/./", 3) == 0) {
++               *new_root = '\0';
++               new_root += 2;
++
++               if(chroot(user_dir) != 0)
++                   fatal("Couldn't chroot to user directory % s", user_dir);
++                   pw->pw_dir = new_root;
++                   break;
++               }
++               new_root += 2;
++       }
++#endif /* CHROOT */
++
++
+ # ifdef USE_PAM
+ 		/*
+ 		 * PAM credentials may take the form of supplementary groups. 
diff --git a/net-misc/openssh/openssh-3.5_p1-r1.ebuild b/net-misc/openssh/openssh-3.5_p1-r1.ebuild
deleted file mode 100644
index 47705a5f3f4a..000000000000
--- a/net-misc/openssh/openssh-3.5_p1-r1.ebuild
+++ /dev/null
@@ -1,123 +0,0 @@
-# Copyright 1999-2003 Gentoo Technologies, Inc.
-# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/openssh-3.5_p1-r1.ebuild,v 1.20 2003/12/08 07:38:37 vapier Exp $
-
-inherit eutils
-
-# Make it more portable between straight releases
-# and _p? releases.
-PARCH=${P/_/}
-S=${WORKDIR}/${PARCH}
-DESCRIPTION="Port of OpenBSD's free SSH release"
-HOMEPAGE="http://www.openssh.com/"
-SRC_URI="ftp://ftp.openbsd.org/pub/unix/OpenBSD/OpenSSH/portable/${PARCH}.tar.gz"
-
-LICENSE="as-is"
-SLOT="0"
-KEYWORDS="x86 ppc sparc alpha mips hppa arm"
-IUSE="ipv6 static pam tcpd kerberos"
-
-# openssh recognizes when openssl has been slightly upgraded and refuses to run.
-# This new rev will use the new openssl.
-RDEPEND="virtual/glibc
-	pam? ( >=sys-libs/pam-0.73 >=sys-apps/shadow-4.0.2-r2 )
-	kerberos? ( app-crypt/mit-krb5 )
-	>=dev-libs/openssl-0.9.6d
-	sys-libs/zlib"
-
-DEPEND="${RDEPEND}
-	dev-lang/perl
-	sys-apps/groff
-	tcpd? ( >=sys-apps/tcp-wrappers-7.6 )"
-PROVIDE="virtual/ssh"
-
-src_unpack() {
-	unpack ${A}
-	cd ${S}
-
-	if [ `use alpha` ]; then
-		 epatch ${FILESDIR}/${P}-gentoo-sshd-gcc3.patch || die
-	fi
-}
-
-src_compile() {
-	local myconf
-	use tcpd || myconf="${myconf} --without-tcp-wrappers"
-	use tcpd && myconf="${myconf} --with-tcp-wrappers"
-	use pam  || myconf="${myconf} --without-pam"
-	use pam  && myconf="${myconf} --with-pam"
-	use ipv6 || myconf="${myconf} --with-ipv4-default"
-
-	# app-crypt/mit-krb5
-	use kerberos && myconf="${myconf} --with-kerberos5"
-
-	# app-crypt/kth-krb
-	# KTH's implementation of kerberos IV
-	# KTH_KRB="yes" emerge openssh-3.5_p1-r1.ebuild
-	if [ ! -z $KTH_KRB ]; then
-		myconf="${myconf} --with-kerberos4=/usr/athena"
-	fi
-
-	./configure \
-		--prefix=/usr \
-		--sysconfdir=/etc/ssh \
-		--mandir=/usr/share/man \
-		--libexecdir=/usr/lib/misc \
-		--datadir=/usr/share/openssh \
-		--disable-suid-ssh \
-		--with-privsep-path=/var/empty \
-		--with-privsep-user=sshd \
-		--with-md5-passwords \
-		--host=${CHOST} ${myconf} || die "bad configure"
-
-	if [ "`use static`" ]
-	then
-		# statically link to libcrypto -- good for the boot cd
-		perl -pi -e "s|-lcrypto|/usr/lib/libcrypto.a|g" Makefile
-	fi
-
-	emake || die "compile problem"
-}
-
-src_install() {
-	make install-files DESTDIR=${D} || die
-	chmod 600 ${D}/etc/ssh/sshd_config
-	dodoc ChangeLog CREDITS OVERVIEW README* TODO sshd_config
-	insinto /etc/pam.d  ; newins ${FILESDIR}/sshd.pam sshd
-	exeinto /etc/init.d ; newexe ${FILESDIR}/sshd.rc6 sshd
-	keepdir /var/empty
-}
-
-pkg_preinst() {
-
-	userdel sshd 2> /dev/null
-	if ! groupmod sshd; then
-		groupadd -g 90 sshd 2> /dev/null || \
-			die "Failed to create sshd group"
-	fi
-	useradd -u 22 -g sshd -s /dev/null -d /var/empty -c "sshd" sshd || \
-		die "Failed to create sshd user"
-
-}
-
-pkg_postinst() {
-
-	# empty dir for the new priv separation auth chroot..
-	install -d -m0755 -o root -g root ${ROOT}/var/empty
-
-	einfo
-	einfo "Remember to merge your config files in /etc/ssh!"
-	einfo "As of version 3.4 the default is to enable the UsePrivelegeSeparation"
-	einfo "functionality, but please ensure that you do not explicitly disable"
-	einfo "this in your configuration as disabling it opens security holes"
-	einfo
-	einfo "This revision has removed your sshd user id and replaced it with a"
-	einfo "new one with UID 22.  If you have any scripts or programs that"
-	einfo "that referenced the old UID directly, you will need to update them."
-	einfo
-	if use pam >/dev/null 2>&1; then
-		einfo "Please be aware users need a valid shell in /etc/passwd"
-		einfo "in order to be allowed to login."
-		einfo
-	fi
-}
diff --git a/net-misc/openssh/openssh-3.6.1_p2.ebuild b/net-misc/openssh/openssh-3.6.1_p2.ebuild
deleted file mode 100644
index 69deab43cccb..000000000000
--- a/net-misc/openssh/openssh-3.6.1_p2.ebuild
+++ /dev/null
@@ -1,123 +0,0 @@
-# Copyright 1999-2003 Gentoo Technologies, Inc.
-# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/openssh-3.6.1_p2.ebuild,v 1.10 2003/12/08 07:38:37 vapier Exp $
-
-inherit eutils
-
-# Make it more portable between straight releases
-# and _p? releases.
-PARCH=${P/_/}
-S=${WORKDIR}/${PARCH}
-DESCRIPTION="Port of OpenBSD's free SSH release"
-HOMEPAGE="http://www.openssh.com/"
-SRC_URI="ftp://ftp.openbsd.org/pub/unix/OpenBSD/OpenSSH/portable/${PARCH}.tar.gz"
-
-LICENSE="as-is"
-SLOT="0"
-KEYWORDS="x86 ppc sparc alpha mips hppa arm amd64"
-IUSE="ipv6 static pam tcpd kerberos"
-
-# openssh recognizes when openssl has been slightly upgraded and refuses to run.
-# This new rev will use the new openssl.
-RDEPEND="virtual/glibc
-	pam? ( >=sys-libs/pam-0.73 >=sys-apps/shadow-4.0.2-r2 )
-	kerberos? ( app-crypt/mit-krb5 )
-	>=dev-libs/openssl-0.9.6d
-	sys-libs/zlib"
-
-DEPEND="${RDEPEND}
-	dev-lang/perl
-	sys-apps/groff
-	tcpd? ( >=sys-apps/tcp-wrappers-7.6 )"
-PROVIDE="virtual/ssh"
-
-src_unpack() {
-	unpack ${PARCH}.tar.gz
-	cd ${S}
-
-	if [ `use alpha` ]; then
-		 epatch ${FILESDIR}/${PN}-3.5_p1-gentoo-sshd-gcc3.patch || die
-	fi
-}
-
-src_compile() {
-	local myconf
-	use tcpd || myconf="${myconf} --without-tcp-wrappers"
-	use tcpd && myconf="${myconf} --with-tcp-wrappers"
-	use pam  || myconf="${myconf} --without-pam"
-	use pam  && myconf="${myconf} --with-pam"
-	use ipv6 || myconf="${myconf} --with-ipv4-default"
-
-	# app-crypt/mit-krb5
-	use kerberos && myconf="${myconf} --with-kerberos5"
-
-	# app-crypt/kth-krb
-	# KTH's implementation of kerberos IV
-	# KTH_KRB="yes" emerge openssh-3.5_p1-r1.ebuild
-	if [ ! -z $KTH_KRB ]; then
-		myconf="${myconf} --with-kerberos4=/usr/athena"
-	fi
-
-	./configure \
-		--prefix=/usr \
-		--sysconfdir=/etc/ssh \
-		--mandir=/usr/share/man \
-		--libexecdir=/usr/lib/misc \
-		--datadir=/usr/share/openssh \
-		--disable-suid-ssh \
-		--with-privsep-path=/var/empty \
-		--with-privsep-user=sshd \
-		--with-md5-passwords \
-		--host=${CHOST} ${myconf} || die "bad configure"
-
-	if [ "`use static`" ]
-	then
-		# statically link to libcrypto -- good for the boot cd
-		perl -pi -e "s|-lcrypto|/usr/lib/libcrypto.a|g" Makefile
-	fi
-
-	emake || die "compile problem"
-}
-
-src_install() {
-	make install-files DESTDIR=${D} || die
-	chmod 600 ${D}/etc/ssh/sshd_config
-	dodoc ChangeLog CREDITS OVERVIEW README* TODO sshd_config
-	insinto /etc/pam.d  ; newins ${FILESDIR}/sshd.pam sshd
-	exeinto /etc/init.d ; newexe ${FILESDIR}/sshd.rc6 sshd
-	keepdir /var/empty
-}
-
-pkg_preinst() {
-
-	userdel sshd 2> /dev/null
-	if ! groupmod sshd; then
-		groupadd -g 90 sshd 2> /dev/null || \
-			die "Failed to create sshd group"
-	fi
-	useradd -u 22 -g sshd -s /dev/null -d /var/empty -c "sshd" sshd || \
-		die "Failed to create sshd user"
-
-}
-
-pkg_postinst() {
-
-	# empty dir for the new priv separation auth chroot..
-	install -d -m0755 -o root -g root ${ROOT}/var/empty
-
-	einfo
-	einfo "Remember to merge your config files in /etc/ssh!"
-	einfo "As of version 3.4 the default is to enable the UsePrivelegeSeparation"
-	einfo "functionality, but please ensure that you do not explicitly disable"
-	einfo "this in your configuration as disabling it opens security holes"
-	einfo
-	einfo "This revision has removed your sshd user id and replaced it with a"
-	einfo "new one with UID 22.  If you have any scripts or programs that"
-	einfo "that referenced the old UID directly, you will need to update them."
-	einfo
-	if use pam >/dev/null 2>&1; then
-		einfo "Please be aware users need a valid shell in /etc/passwd"
-		einfo "in order to be allowed to login."
-		einfo
-	fi
-}
diff --git a/net-misc/openssh/openssh-3.7.1_p2-r1.ebuild b/net-misc/openssh/openssh-3.7.1_p2-r1.ebuild
index b5ba915ba780..1f8b62c529b7 100644
--- a/net-misc/openssh/openssh-3.7.1_p2-r1.ebuild
+++ b/net-misc/openssh/openssh-3.7.1_p2-r1.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2004 Gentoo Technologies, Inc.
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/openssh-3.7.1_p2-r1.ebuild,v 1.7 2004/01/04 12:02:17 aliz Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/openssh-3.7.1_p2-r1.ebuild,v 1.8 2004/01/08 10:07:50 solar Exp $
 
 inherit eutils flag-o-matic ccc gnuconfig
 [ `use kerberos` ] && append-flags -I/usr/include/gssapi
@@ -28,9 +28,9 @@ IUSE="ipv6 static pam tcpd kerberos skey selinux X509"
 RDEPEND="virtual/glibc
 	pam? ( >=sys-libs/pam-0.73
 		>=sys-apps/shadow-4.0.2-r2 )
-	kerberos? ( app-crypt/mit-krb5 )
+	!mips? ( kerberos? ( app-crypt/mit-krb5 ) )
 	selinux? ( sys-libs/libselinux )
-	skey? ( >=app-admin/skey-1.1.5-r1 )
+	!ppc64? ( skey? ( >=app-admin/skey-1.1.5-r1 ) )
 	>=dev-libs/openssl-0.9.6d
 	>=sys-libs/zlib-1.1.4
 	>=sys-apps/sed-4"
@@ -38,7 +38,7 @@ RDEPEND="virtual/glibc
 DEPEND="${RDEPEND}
 	dev-lang/perl
 	sys-apps/groff
-	tcpd? ( >=sys-apps/tcp-wrappers-7.6 )"
+	!ppc64? ( tcpd? ( >=sys-apps/tcp-wrappers-7.6 ) )"
 PROVIDE="virtual/ssh"
 
 src_unpack() {
diff --git a/net-misc/openssh/openssh-3.7.1_p2-r2.ebuild b/net-misc/openssh/openssh-3.7.1_p2-r2.ebuild
new file mode 100644
index 000000000000..f19fb23db2bd
--- /dev/null
+++ b/net-misc/openssh/openssh-3.7.1_p2-r2.ebuild
@@ -0,0 +1,139 @@
+# Copyright 1999-2004 Gentoo Technologies, Inc.
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/openssh-3.7.1_p2-r2.ebuild,v 1.1 2004/01/08 10:07:50 solar Exp $
+
+inherit eutils flag-o-matic ccc gnuconfig
+[ `use kerberos` ] && append-flags -I/usr/include/gssapi
+
+# Make it more portable between straight releases
+# and _p? releases.
+PARCH=${P/_/}
+
+X509_PATCH="${PARCH}+x509g2.diff.gz"
+SELINUX_PATCH="openssh-3.7.1_p1-selinux.diff"
+
+S=${WORKDIR}/${PARCH}
+DESCRIPTION="Port of OpenBSD's free SSH release"
+HOMEPAGE="http://www.openssh.com/"
+SRC_URI="mirror://openssh/${PARCH}.tar.gz
+	X509? ( http://roumenpetrov.info/openssh/x509g2/${X509_PATCH} )"
+
+LICENSE="as-is"
+SLOT="0"
+KEYWORDS="~x86 ~ppc ~sparc ~alpha ~mips ~hppa ~arm ~amd64 ~ia64 ~ppc64"
+IUSE="ipv6 static pam tcpd kerberos skey selinux X509 chroot"
+
+# openssh recognizes when openssl has been slightly upgraded and refuses to run.
+# This new rev will use the new openssl.
+RDEPEND="virtual/glibc
+	pam? ( >=sys-libs/pam-0.73
+		>=sys-apps/shadow-4.0.2-r2 )
+	!mips? ( kerberos? ( app-crypt/mit-krb5 ) )
+	selinux? ( sys-libs/libselinux )
+	!ppc64? ( skey? ( >=app-admin/skey-1.1.5-r1 ) )
+	>=dev-libs/openssl-0.9.6d
+	>=sys-libs/zlib-1.1.4
+	>=sys-apps/sed-4"
+
+DEPEND="${RDEPEND}
+	dev-lang/perl
+	sys-apps/groff
+	!ppc64? ( tcpd? ( >=sys-apps/tcp-wrappers-7.6 ) )"
+PROVIDE="virtual/ssh"
+
+src_unpack() {
+	unpack ${PARCH}.tar.gz ; cd ${S}
+
+	use selinux && epatch ${FILESDIR}/${SELINUX_PATCH}
+	use alpha && epatch ${FILESDIR}/${PN}-3.5_p1-gentoo-sshd-gcc3.patch
+	use X509 && epatch ${DISTDIR}/${X509_PATCH}
+
+	# looks like this one was rewriten somewhat.
+	# epatch ${FILESDIR}/${P}-memory-bugs.patch
+
+	use skey && {
+		# prevent the conftest from violating the sandbox
+		sed -i 's#skey_keyinfo("")#"true"#g' configure
+
+		# updates to skey implementation.
+		epatch ${FILESDIR}/${PN}-skeychallenge-args.diff
+	}
+
+	# feature request bug #26615
+	use chroot && epatch ${FILESDIR}/${PN}-${PV}-chroot.patch
+}
+
+src_compile() {
+	local myconf
+
+	# Allow OpenSSH to detect mips systems
+	use mips && gnuconfig_update
+
+	myconf="\
+		$( use_with tcpd tcp-wrappers ) \
+		$( use_with kerberos kerberos5 ) \
+		$( use_with pam ) \
+		$( use_with skey )"
+
+	use ipv6 || myconf="${myconf} --with-ipv4-default"
+
+	use skey && {
+		# make sure .sbss is large enough
+		use alpha && append-ldflags -mlarge-data
+	}
+
+	use selinux && append-flags "-DWITH_SELINUX"
+
+	./configure \
+		--prefix=/usr \
+		--sysconfdir=/etc/ssh \
+		--mandir=/usr/share/man \
+		--libexecdir=/usr/lib/misc \
+		--datadir=/usr/share/openssh \
+		--disable-suid-ssh \
+		--with-privsep-path=/var/empty \
+		--with-privsep-user=sshd \
+		--with-md5-passwords \
+		--host=${CHOST} ${myconf} || die "bad configure"
+
+	use static && {
+		# statically link to libcrypto -- good for the boot cd
+		sed -i "s:-lcrypto:/usr/lib/libcrypto.a:g" Makefile
+	}
+
+	emake || die "compile problem"
+}
+
+src_install() {
+	make install-files DESTDIR=${D} || die
+	chmod 600 ${D}/etc/ssh/sshd_config
+	dodoc ChangeLog CREDITS OVERVIEW README* TODO sshd_config
+	insinto /etc/pam.d  ; newins ${FILESDIR}/sshd.pam sshd
+	exeinto /etc/init.d ; newexe ${FILESDIR}/sshd.rc6 sshd
+	keepdir /var/empty
+}
+
+pkg_postinst() {
+	# empty dir for the new priv separation auth chroot..
+	install -d -m0755 -o root -g root ${ROOT}/var/empty
+
+	enewgroup sshd 22
+	enewuser sshd 22 /bin/false /var/empty sshd
+
+	ewarn "Remember to merge your config files in /etc/ssh/ and then"
+	ewarn "restart sshd: '/etc/init.d/sshd restart'."
+	ewarn
+	einfo "As of version 3.4 the default is to enable the UsePrivelegeSeparation"
+	einfo "functionality, but please ensure that you do not explicitly disable"
+	einfo "this in your configuration as disabling it opens security holes"
+	einfo
+	einfo "This revision has removed your sshd user id and replaced it with a"
+	einfo "new one with UID 22.  If you have any scripts or programs that"
+	einfo "that referenced the old UID directly, you will need to update them."
+	einfo
+	use pam >/dev/null 2>&1 && {
+		einfo "Please be aware users need a valid shell in /etc/passwd"
+		einfo "in order to be allowed to login."
+		einfo
+	}
+}
author	Ned Ludd <solar@gentoo.org>	2004-01-08 10:07:50 +0000
committer	Ned Ludd <solar@gentoo.org>	2004-01-08 10:07:50 +0000
commit	01b82972e1b2f17d4e8ee9e60afa93c975ab2e32 (patch)
tree	037ed0b21283b641b992294cd646c07c4e7266c3 /net-misc
parent	slight tweaks to ebuild for reusability (Manifest recommit) (diff)
download	gentoo-2-01b82972e1b2f17d4e8ee9e60afa93c975ab2e32.tar.gz gentoo-2-01b82972e1b2f17d4e8ee9e60afa93c975ab2e32.tar.bz2 gentoo-2-01b82972e1b2f17d4e8ee9e60afa93c975ab2e32.zip