diff options
| author |   Mike Frysinger <vapier@gentoo.org> | 2013-03-24 01:55:32 +0000 |
|---|---|---|
| committer | Mike Frysinger <vapier@gentoo.org> | 2013-03-24 01:55:32 +0000 |
| commit | 51b325ccb3f05301868c30db23e8cb0886c96627 (patch) | |
| tree | 25f1f4b27ca7d3be444eb731fab6a6b2ff50439d /net-misc | |
| parent | Remove patch. (diff) | |
| download | historical-51b325ccb3f05301868c30db23e8cb0886c96627.tar.gz historical-51b325ccb3f05301868c30db23e8cb0886c96627.tar.bz2 historical-51b325ccb3f05301868c30db23e8cb0886c96627.zip | |
Initial version. Needs ldap, and a little more testing w/custom hpn patch.
Package-Manager: portage-2.2.0_alpha164/cvs/Linux x86_64
Manifest-Sign-Key: 0xFB7C4156
Diffstat (limited to 'net-misc')
| -rw-r--r-- | net-misc/openssh/ChangeLog | 7 | ||||
| -rw-r--r-- | net-misc/openssh/Manifest | 22 | ||||
| -rw-r--r-- | net-misc/openssh/openssh-6.2_p1.ebuild | 319 |
3 files changed, 343 insertions, 5 deletions
diff --git a/net-misc/openssh/ChangeLog b/net-misc/openssh/ChangeLog index 4c4919479082..54a4609328f9 100644 --- a/net-misc/openssh/ChangeLog +++ b/net-misc/openssh/ChangeLog @@ -1,6 +1,11 @@ # ChangeLog for net-misc/openssh # Copyright 1999-2013 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/ChangeLog,v 1.466 2013/02/21 05:30:13 zmedico Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/ChangeLog,v 1.467 2013/03/24 01:55:26 vapier Exp $ + +*openssh-6.2_p1 (24 Mar 2013) + + 24 Mar 2013; Mike Frysinger <vapier@gentoo.org> +openssh-6.2_p1.ebuild: + Initial version. Needs ldap, and a little more testing w/custom hpn patch. 21 Feb 2013; Zac Medico <zmedico@gentoo.org> openssh-6.1_p1-r1.ebuild: Fix for prefix and add ~arm-linux + ~x86-linux keywords. diff --git a/net-misc/openssh/Manifest b/net-misc/openssh/Manifest index 39406faf1250..dd0f6ad00d9d 100644 --- a/net-misc/openssh/Manifest +++ b/net-misc/openssh/Manifest @@ -42,7 +42,10 @@ DIST openssh-6.0p1-hpn13v12.diff.gz 20223 SHA256 b6158c10fac153dd2a9f5d9b29df1e4 DIST openssh-6.0p1.tar.gz 1126034 SHA256 589d48e952d6c017e667873486b5df63222f9133d417d0002bd6429d9bd882de SHA512 4fe1f7e0d5e572575b11253916354b333a7eca558720885d5dceb7c89dc5da81cd57feaa4be756dfa4f3e9ef508e5f460e5fda221765191b1c02ae37431a444e WHIRLPOOL 7853155dfd35962ae31958600b6d4f94a3a916dac942f5f533cde3d85c8ea64066b887d66d7722bd647196f57df7ed27f62d5ec4588868754b6cdf999a404001 DIST openssh-6.1p1+x509-7.2.1.diff.gz 208071 SHA256 02d3703d419fc72be819a4e7fc8cbbb269182862465b6a99cc7b2af32d75a181 SHA512 6c1786c2c32d884e7b8f15e39912ca1d8fb54b1132ffae6d8d4f262356a16267a8e549a822911d0f40eabe49015080ae35fdec521f90e0ef4d05554339f35fa0 WHIRLPOOL 7f260caebdc58fe415b3cb93b08600942a6b171b45df8ff1279d4280930a7103cbefac63ec7f32fdbf9bdcf64278c39bfd55c2dcb41ea5c4934574930494df67 DIST openssh-6.1p1-hpn13v11.diff.bz2 19999 SHA256 08bfc1f3c582f23b3ce386e78baf37be4af03645fc6eef87f1ef819cc273ecc7 SHA512 4e21384ef4d0b7539c9b7aecb158748b959db7ec84fa023f7969c2db50794e1f68bab375cdea9c2ae8fe16b759650e250aa21d6b8772a1c671d2e1e59adef08a WHIRLPOOL 3918c2c118908e67de4523c8d1f142ca4b2d2d7c045c2337b2f7914096108cf1a138009a838519d292e53fec454ced3a9590bbddf93096bd377196bd7d73ed55 +DIST openssh-6.1p1-hpn13v14.diff.bz2 18404 SHA256 40002f62054f35a1f0af0b5bc41223fa57c057c6c11db21e531008717cfa5fc2 SHA512 631e92428edca222a67cef0694e9401c4350d6307e3264b3bf3ad72ee1983d50353d708d0de99332103ae02effcb5b20b07fc508b1c17e8cd819b3d75f2a00c9 WHIRLPOOL c474c427bf4c5c3ed6628f170e93452203da567342242b3e3a2eb7baef70d32ab34d25317e19f6e56766862328c9daaba2d88578c96b145e5415e14e816adad3 DIST openssh-6.1p1.tar.gz 1134820 SHA256 d1c157f6c0852e90c191cc7c9018a583b51e3db4035489cb262639d337a1c411 SHA512 1cd58f18b047fa92a3155fa215d69c04e1f03914488a21bcda5434899df6055567e59f77063f0080b0cb437bb2396d3bf4050ed0c5ea2d1dc20d6fd928d5a76c WHIRLPOOL a1ecf33e8c4048c59e55d38cc8bb3f89357ac8fb74fdbb57e24e111e1749620fe6f7e329a744e3cfc9ced3e445539ce85926c7877a0f12475ccf14f124f9234b +DIST openssh-6.2p1+x509-7.4.1.diff.gz 215496 SHA256 cdfa0ac38184062de7e0af36eeda7713095fbcffffb598d785047f6f47e48eae SHA512 b82d57f3f408dcbd825d4d6173de7f0b629fd18268cc68b1e08c42e8d96a41596b765617ff9cc7896323f483e91e8f34ed4899fafd82e673131075fac392b631 WHIRLPOOL 72e97a1d3a79c81d791e7953d9a7dc5a454c390786753a7c72fad5062c9695f11f05f50b070031f7c55138f7a7b28bde4cf01db896313de62b99b318738abeb3 +DIST openssh-6.2p1.tar.gz 1182181 SHA256 58690267d7455f444e87c2f8cd9be91fc686ffc0c02d1ebd0be2ab68149f7160 SHA512 ffc866110f8e6c53581186f73593489fc54d75b5d193f9e9589ec484b541efa23d8ee48b28e3a0a3a0d7f8183d5de00c416c2217938a5e47211c49da7bc7a7e7 WHIRLPOOL 29049819284779d833aad4c9b94db89be9620c19a6893a0c57f1697945dc9815befebff16cdb8bf2e4e8b6f1acce04bf5beb1efb1896c562bd9cb3642597ab8a DIST openssh-lpk-5.9p1-0.3.14.patch.gz 18335 SHA256 1a922d57a2e7020bf597135437a57080d7d046c9f41a7a53559945ddddbe0892 SHA512 eb4641d30e221eaa409d22ab423e38c1a31dd9dfeacbf978c94827194cb838cc0f832bf96aa4c494a71a5d5d1b90fc6789e8469e35d82ffcaf54305f07ccdb9b WHIRLPOOL 6748426d6d0cda07729744d8993d96a762134a61acf757afc1618ada5cbd9752d9211a89be831e5a4f1744f70cc4fc643b5f745d1f785b53a4e1dbf9d7c92680 DIST openssh-lpk-6.0p1-0.3.14.patch.gz 18401 SHA256 d0f3d55fd92ecc45aa6120d6ea919c903e4828ce0c2b07612c742a2aa7648beb SHA512 ebf680b90bc289c0d69c22fd6fd666032cdcf4c3850ecdf03e264200d60c50a12f4a5254907c6ab850727216e7837176be5564ae22b68d9b80a67c62f372a9dd WHIRLPOOL 4f8b32c77fc2a9205d283109ccd787a3f37757c18060da39c63147ff09f6b922f4a57ca1ba8d0cdc692f3f1eaba3e5e88eb4287f728ddaaf544d2d425c0cca91 DIST openssh-lpk-6.1p1-0.3.14.patch.gz 18458 SHA256 2d0e40116e021913668519a42743f89b8fb77f8d5beed863d620cc79999b0b79 SHA512 9cfd83e650cedbc3950b8cf80d0b36fbb7dff8fbe7d017378f9a2ae18189fa6e459e323dae6cd1fa1d82ff948f628563892d0a0f30113b3a8ba5269fe051e784 WHIRLPOOL c1ee5570f0bfb3191c602d575e0e05cabe7d42183bd78c07cac19a2743a59f110728e309fcee6f0b6abc7b141ae8c701d92d010d2b7737739b4cac92406552fa @@ -51,12 +54,23 @@ EBUILD openssh-6.0_p1-r1.ebuild 9488 SHA256 f99e6f51f5fc1809cc093e84834699097802 EBUILD openssh-6.0_p1.ebuild 9485 SHA256 32c4280a8babafa169543a919f4cf31231c3d759a7c116b42e3c3981242c0d59 SHA512 bae20dfbea14cfc30f16c7619d63a4a4cb2546d9d5e903e93e3c4d18745c1398d42ab6580a3e10609d81e1020b8f54c35b6413e168775efd3cb8fab064d67f8a WHIRLPOOL 24d16d37714e69a0d4593b745feeb54853e8d7b2de799be8ed76c0e09fe9459da8a3bfbb67b36f120345fc24fdc307a346c4fcb79b95fd8831e8944383f36759 EBUILD openssh-6.1_p1-r1.ebuild 10236 SHA256 575cedb9ed947517d8c934658bb87e37a9d09b986f76c94b937ef5922d861c17 SHA512 04b8f3b995ece67ae6d2a0f1f8c8fda93e408a7f351884cbe89b91470e5d82fbf469184f66cf2db6e11f6e40cbbae049276995e112428da424dcd8e93ecf9444 WHIRLPOOL efb7dc795f7060407843e266f69150ea44f98d3198941f7d21b9bed7e58f697a9c524fcd9b2851af11e119d1e9594e91845d05684c62bce61ba878230c56d250 EBUILD openssh-6.1_p1.ebuild 9582 SHA256 e4e060b08be1ae2238889463ad257e6d3b60ccc33c0bd6e5f73e63155795b2cc SHA512 dc3376d4317fe4692b0e3a62acfe7307df0208744dfd35f585eee9768e16493b81dc1ac854f32050dc21470cf1e7681a71c463c4e15a86d8a4b1c99dfdbc83fd WHIRLPOOL d2e7fe4d73ee58318b2b3099d18596db58d2d988e26a1792b9d68dadd3a0fbcda20bf52faf8006913614c995cd7cb7a2e69492c12ede66016639466206fbbc98 -MISC ChangeLog 75887 SHA256 b5781f708e796e2ad7cdb7e369248ea70992db5a251996ed13169aba6e23054b SHA512 86c8f9684e755c7e51cd9982657fccaaf46b7bc914105c84ed1485f23ac9f927901a55b09c5f992f0c210f2216484c5598c267db3ba89acc4ea2499483dd5587 WHIRLPOOL e655cdb5922121f9f3444f4b310f91f232700b924304fb178a54132881086c57894718deeee04898f53b015469ab15705346c54b2b31a97a014955dcfe6fdf05 +EBUILD openssh-6.2_p1.ebuild 10219 SHA256 badfb6405c67f413650190dc8ee567b5b05625dba7367b6455cc6b7e46685c56 SHA512 a4f207a10d9be36a32d5ba81ca78d93b0de2d714683de5b29a83d77ebf10c88f57f8b86f0fcfc4dcca093a7b27e922c53063694552e1e89fda8c811964f638d1 WHIRLPOOL 18ddf15835c07fc5f940c1b3992159f3abba1befda481748fdc43b3689d61d28c38ce1ecdff43a202edc99573373860409e71ac39434c8e73a1371c435a15e80 +MISC ChangeLog 76070 SHA256 962dc367a3153c5acf631f4e7ecd6a8738fd3e844627564487d0ecbae13b1251 SHA512 1c4b9962137a20cd51b120231e4abb77bf49ff0a00abb93886e26ef950bbbd9f0698411c29ce807ced6dbd5e1190385b6a7c3237c0131b5582fc14a3c5020e45 WHIRLPOOL a11ed9eb46a806b367a3146b105b494103c08c9811bafedb081a7b3b9f6e7bc06c3c89b4201e38b1934b66c655fc0157cd1e1982d6562871e6e0257bbef21336 MISC metadata.xml 1749 SHA256 efc4abf9bfbc17c1312052e84e77058539851b2e9d0fffb16b2c13bcfda08993 SHA512 18e254f223ddd5bba1b1c4f0ecdd78bffe446a23108bc649d73d8ba626e2940a5a9c5878ab1f8b2689434876e76260fe5a9970649a1287f51033862cf0d5ce36 WHIRLPOOL acb0ce741349f25dbfd58a02a72f5ca45a42ba5441b96766a91b381ed9735efe5105fd6dfaf576bf2dfdd4ef0ed542f81601d74378bc526aac9c0165672dffac -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (GNU/Linux) -iEYEAREIAAYFAlElsOcACgkQ/ejvha5XGaNpPgCfWa0l571A+CYVXmmJYjM9A4XI -eaUAn37drG7hn008BqgecRO5CDUSD5io -=gm+j +iQIcBAEBCAAGBQJRTl4KAAoJELEHsLL7fEFWKmgQAKMP5GbIsPMZAGDbT0LuVe+z +o97q2Rvq6g/zkjFJcLHJLpV9LEJn1N+8e2gIsHomWh1Amcwo9Uv5rT9fOf1FPG4r +CubNIuK5cgN4yW8D6+hKPTXX+y+/kpKtqU6JoFk566RGQn3DpXXEC1seCm204vY1 +eqM6sT6Fqjg3cx3dbO09u+sXCiFB5R0KaIQi6KJFtoUZuM4KXv2LK0JoRXNET/6j +GHoSGXqlGbUO8he+aJY/u4jAZKjJTOxMv39kKd27DrsuFFVA4KyQ0O3yxap8Q9Mr +ZB8XMkR4ENG6ULpJah3YWNsss/Dywb3dROhtYQe9dtdVL0j/NcyhqLSoybsEPSui +d9II+lQIMzqZthOBRyT/8eKVKTFc90VetNJ4mKIcZSRFhC12ODDXA8ZsR7ILBmR2 +LZZlZPeI6tX4FhEFEc2aBqCECY8qsfwgE8Cil7p4/bR64kjF7mmBJZd81J1bDbpq +JrtLTR4I9yohb3UFb90rtflO+KVMGqlRLeiJYCjkE4rAD2jRh/aYprK1VPJduNwr +GH8VXRPJq5C07gghhcNQfHNuFyWVkXtaSCLpz/0obGCndxfdlqqZKjao1tYXsVWq +6fpq7PDoZXHXINnlYBxT6D29y3o1VIV5wDehwHOGC6BI3jlRuKLVmN/4TZKrdCBs +nHPJxVKJGGlRtiUeasIG +=yrk+ -----END PGP SIGNATURE----- diff --git a/net-misc/openssh/openssh-6.2_p1.ebuild b/net-misc/openssh/openssh-6.2_p1.ebuild new file mode 100644 index 000000000000..ac17d68980e6 --- /dev/null +++ b/net-misc/openssh/openssh-6.2_p1.ebuild @@ -0,0 +1,319 @@ +# Copyright 1999-2013 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/openssh-6.2_p1.ebuild,v 1.1 2013/03/24 01:55:26 vapier Exp $ + +EAPI="4" +inherit eutils user flag-o-matic multilib autotools pam systemd versionator + +# Make it more portable between straight releases +# and _p? releases. +PARCH=${P/_} + +HPN_PATCH="${PARCH/6.2/6.1}-hpn13v14.diff.bz2" +#LDAP_PATCH="${PARCH/-/-lpk-}-0.3.14.patch.gz" +X509_VER="7.4.1" X509_PATCH="${PARCH}+x509-${X509_VER}.diff.gz" + +DESCRIPTION="Port of OpenBSD's free SSH release" +HOMEPAGE="http://www.openssh.org/" +SRC_URI="mirror://openbsd/OpenSSH/portable/${PARCH}.tar.gz + ${HPN_PATCH:+hpn? ( mirror://gentoo/${HPN_PATCH} )} + ${LDAP_PATCH:+ldap? ( mirror://gentoo/${LDAP_PATCH} )} + ${X509_PATCH:+X509? ( http://roumenpetrov.info/openssh/x509-${X509_VER}/${X509_PATCH} )} + " + +LICENSE="BSD GPL-2" +SLOT="0" +#KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux" +IUSE="bindist ${HPN_PATCH:++}hpn kerberos ldap ldns libedit pam selinux skey static tcpd X X509" + +LIB_DEPEND="selinux? ( >=sys-libs/libselinux-1.28[static-libs(+)] ) + skey? ( >=sys-auth/skey-1.1.5-r1[static-libs(+)] ) + libedit? ( dev-libs/libedit[static-libs(+)] ) + >=dev-libs/openssl-0.9.6d:0[bindist=] + dev-libs/openssl[static-libs(+)] + >=sys-libs/zlib-1.2.3[static-libs(+)] + tcpd? ( >=sys-apps/tcp-wrappers-7.6[static-libs(+)] )" +RDEPEND=" + !static? ( + ${LIB_DEPEND//\[static-libs(+)]} + ldns? ( + !bindist? ( net-libs/ldns[ecdsa,ssl] ) + bindist? ( net-libs/ldns[-ecdsa,ssl] ) + ) + ) + pam? ( virtual/pam ) + kerberos? ( virtual/krb5 ) + ldap? ( net-nds/openldap )" +DEPEND="${RDEPEND} + static? ( + ${LIB_DEPEND} + ldns? ( + !bindist? ( net-libs/ldns[ecdsa,ssl,static-libs(+)] ) + bindist? ( net-libs/ldns[-ecdsa,ssl,static-libs(+)] ) + ) + ) + virtual/pkgconfig + virtual/os-headers + sys-devel/autoconf" +RDEPEND="${RDEPEND} + pam? ( >=sys-auth/pambase-20081028 ) + userland_GNU? ( virtual/shadow ) + X? ( x11-apps/xauth )" + +S=${WORKDIR}/${PARCH} + +pkg_setup() { + # this sucks, but i'd rather have people unable to `emerge -u openssh` + # than not be able to log in to their server any more + maybe_fail() { [[ -z ${!2} ]] && echo ${1} ; } + local fail=" + $(use X509 && maybe_fail X509 X509_PATCH) + $(use ldap && maybe_fail ldap LDAP_PATCH) + $(use hpn && maybe_fail hpn HPN_PATCH) + " + fail=$(echo ${fail}) + if [[ -n ${fail} ]] ; then + eerror "Sorry, but this version does not yet support features" + eerror "that you requested: ${fail}" + eerror "Please mask ${PF} for now and check back later:" + eerror " # echo '=${CATEGORY}/${PF}' >> /etc/portage/package.mask" + die "booooo" + fi +} + +save_version() { + # version.h patch conflict avoidence + mv version.h version.h.$1 + cp -f version.h.pristine version.h +} + +src_prepare() { + sed -i \ + -e '/_PATH_XAUTH/s:/usr/X11R6/bin/xauth:${EPREFIX}/usr/bin/xauth:' \ + pathnames.h || die + # keep this as we need it to avoid the conflict between LPK and HPN changing + # this file. + cp version.h version.h.pristine + + # don't break .ssh/authorized_keys2 for fun + sed -i '/^AuthorizedKeysFile/s:^:#:' sshd_config || die + + epatch "${FILESDIR}"/${PN}-5.9_p1-sshd-gssapi-multihomed.patch #378361 + if use X509 ; then + pushd .. >/dev/null + epatch "${FILESDIR}"/${PN}-6.1_p1-x509-glue.patch + popd >/dev/null + epatch "${WORKDIR}"/${X509_PATCH%.*} + epatch "${FILESDIR}"/${PN}-6.1_p1-x509-hpn-glue.patch + save_version X509 + fi + if ! use X509 ; then + if [[ -n ${LDAP_PATCH} ]] && use ldap ; then + epatch "${WORKDIR}"/${LDAP_PATCH%.*} + save_version LPK + fi + else + use ldap && ewarn "Sorry, X509 and LDAP conflict internally, disabling LDAP" + fi + epatch "${FILESDIR}"/${PN}-4.7_p1-GSSAPI-dns.patch #165444 integrated into gsskex + if [[ -n ${HPN_PATCH} ]] && use hpn; then + epatch "${WORKDIR}"/${HPN_PATCH%.*} + epatch "${FILESDIR}"/${PN}-6.0_p1-hpn-progressmeter.patch + save_version HPN + # The AES-CTR multithreaded variant is broken, and causes random hangs + # when combined background threading and control sockets. To avoid + # this, we change the internal table to use the non-multithread version + # for the meantime. Do NOT remove this in new versions. See bug #354113 + # comment #6 for testcase. + # Upstream reference: http://www.psc.edu/networking/projects/hpn-ssh/ + ## Additionally, the MT-AES-CTR mode cipher replaces the default ST-AES-CTR mode + ## cipher. Be aware that if the client process is forked using the -f command line + ## option the process will hang as the parent thread gets 'divorced' from the key + ## generation threads. This issue will be resolved as soon as possible + sed -i -r \ + -e 's:(aes(...)-ctr.*SSH_CIPHER_SSH2.*)evp_aes_ctr_mt:\1EVP_aes_\2_ctr:' \ + cipher.c || die + fi + + tc-export PKG_CONFIG + local sed_args=( + -e "s:-lcrypto:$(${PKG_CONFIG} --libs openssl):" + # Disable PATH reset, trust what portage gives us #254615 + -e 's:^PATH=/:#PATH=/:' + # Disable fortify flags ... our gcc does this for us + -e 's:-D_FORTIFY_SOURCE=2::' + ) + sed -i "${sed_args[@]}" configure{,.ac} || die + + # Now we can build a sane merged version.h + ( + sed '/^#define SSH_RELEASE/d' version.h.* | sort -u + macros=() + for p in HPN LPK X509 ; do [ -e version.h.${p} ] && macros+=( SSH_${p} ) ; done + printf '#define SSH_RELEASE SSH_VERSION SSH_PORTABLE %s\n' "${macros}" + ) > version.h + + eautoreconf +} + +static_use_with() { + local flag=$1 + if use static && use ${flag} ; then + ewarn "Disabling '${flag}' support because of USE='static'" + # rebuild args so that we invert the first one (USE flag) + # but otherwise leave everything else working so we can + # just leverage use_with + shift + [[ -z $1 ]] && flag="${flag} ${flag}" + set -- !${flag} "$@" + fi + use_with "$@" +} + +src_configure() { + local myconf + addwrite /dev/ptmx + addpredict /etc/skey/skeykeys #skey configure code triggers this + + use static && append-ldflags -static + + # Special settings for Gentoo/FreeBSD 9.0 or later (see bug #391011) + if use elibc_FreeBSD && version_is_at_least 9.0 "$(uname -r|sed 's/\(.\..\).*/\1/')" ; then + myconf="${myconf} --disable-utmp --disable-wtmp --disable-wtmpx" + append-ldflags -lutil + fi + + econf \ + --with-ldflags="${LDFLAGS}" \ + --disable-strip \ + --with-pid-dir="${EPREFIX}"/var/run \ + --sysconfdir="${EPREFIX}"/etc/ssh \ + --libexecdir="${EPREFIX}"/usr/$(get_libdir)/misc \ + --datadir="${EPREFIX}"/usr/share/openssh \ + --with-privsep-path="${EPREFIX}"/var/empty \ + --with-privsep-user=sshd \ + --with-md5-passwords \ + --with-ssl-engine \ + $(static_use_with pam) \ + $(static_use_with kerberos kerberos5 /usr) \ + ${LDAP_PATCH:+$(use X509 || ( use ldap && use_with ldap ))} \ + $(use_with ldns) \ + $(use_with libedit) \ + $(use_with selinux) \ + $(use_with skey) \ + $(use_with tcpd tcp-wrappers) \ + ${myconf} +} + +src_install() { + emake install-nokeys DESTDIR="${D}" + fperms 600 /etc/ssh/sshd_config + dobin contrib/ssh-copy-id + newinitd "${FILESDIR}"/sshd.rc6.4 sshd + newconfd "${FILESDIR}"/sshd.confd sshd + keepdir /var/empty + + # not all openssl installs support ecc, or are functional #352645 + if ! grep -q '#define OPENSSL_HAS_ECC 1' config.h ; then + elog "dev-libs/openssl was built with 'bindist' - disabling ecdsa support" + sed -i 's:&& gen_key ecdsa::' "${ED}"/etc/init.d/sshd || die + fi + + newpamd "${FILESDIR}"/sshd.pam_include.2 sshd + if use pam ; then + sed -i \ + -e "/^#UsePAM /s:.*:UsePAM yes:" \ + -e "/^#PasswordAuthentication /s:.*:PasswordAuthentication no:" \ + -e "/^#PrintMotd /s:.*:PrintMotd no:" \ + -e "/^#PrintLastLog /s:.*:PrintLastLog no:" \ + "${ED}"/etc/ssh/sshd_config || die "sed of configuration file failed" + fi + + # Gentoo tweaks to default config files + cat <<-EOF >> "${ED}"/etc/ssh/sshd_config + + # Allow client to pass locale environment variables #367017 + AcceptEnv LANG LC_* + EOF + cat <<-EOF >> "${ED}"/etc/ssh/ssh_config + + # Send locale environment variables #367017 + SendEnv LANG LC_* + EOF + + # This instruction is from the HPN webpage, + # Used for the server logging functionality + if [[ -n ${HPN_PATCH} ]] && use hpn ; then + keepdir /var/empty/dev + fi + + if use ldap ; then + insinto /etc/openldap/schema/ + newins openssh-lpk_openldap.schema openssh-lpk.schema + fi + + doman contrib/ssh-copy-id.1 + dodoc ChangeLog CREDITS OVERVIEW README* TODO sshd_config + + diropts -m 0700 + dodir /etc/skel/.ssh + + systemd_dounit "${FILESDIR}"/sshd.{service,socket} + systemd_newunit "${FILESDIR}"/sshd_at.service 'sshd@.service' +} + +src_test() { + local t tests skipped failed passed shell + tests="interop-tests compat-tests" + skipped="" + shell=$(egetshell ${UID}) + if [[ ${shell} == */nologin ]] || [[ ${shell} == */false ]] ; then + elog "Running the full OpenSSH testsuite" + elog "requires a usable shell for the 'portage'" + elog "user, so we will run a subset only." + skipped="${skipped} tests" + else + tests="${tests} tests" + fi + # It will also attempt to write to the homedir .ssh + local sshhome=${T}/homedir + mkdir -p "${sshhome}"/.ssh + for t in ${tests} ; do + # Some tests read from stdin ... + HOMEDIR="${sshhome}" \ + emake -k -j1 ${t} </dev/null \ + && passed="${passed}${t} " \ + || failed="${failed}${t} " + done + einfo "Passed tests: ${passed}" + ewarn "Skipped tests: ${skipped}" + if [[ -n ${failed} ]] ; then + ewarn "Failed tests: ${failed}" + die "Some tests failed: ${failed}" + else + einfo "Failed tests: ${failed}" + return 0 + fi +} + +pkg_preinst() { + enewgroup sshd 22 + enewuser sshd 22 -1 /var/empty sshd +} + +pkg_postinst() { + if has_version "<${CATEGORY}/${PN}-5.8_p1" ; then + elog "Starting with openssh-5.8p1, the server will default to a newer key" + elog "algorithm (ECDSA). You are encouraged to manually update your stored" + elog "keys list as servers update theirs. See ssh-keyscan(1) for more info." + fi + ewarn "Remember to merge your config files in /etc/ssh/ and then" + ewarn "reload sshd: '/etc/init.d/sshd reload'." + # This instruction is from the HPN webpage, + # Used for the server logging functionality + if [[ -n ${HPN_PATCH} ]] && use hpn ; then + echo + einfo "For the HPN server logging patch, you must ensure that" + einfo "your syslog application also listens at /var/empty/dev/log." + fi +} |