1 | # -*- coding: utf-8; mode: tcl; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- vim:fenc=utf-8:ft=tcl:et:sw=4:ts=4:sts=4 |
---|
2 | |
---|
3 | PortSystem 1.0 |
---|
4 | |
---|
5 | PortGroup compiler_blacklist_versions 1.0 |
---|
6 | |
---|
7 | name openssh |
---|
8 | version 9.8p1 |
---|
9 | revision 0 |
---|
10 | categories net |
---|
11 | maintainers {@artkiver gmail.com:artkiver} openmaintainer |
---|
12 | license BSD |
---|
13 | installs_libs no |
---|
14 | conflicts pkixssh |
---|
15 | |
---|
16 | description OpenSSH secure login server |
---|
17 | |
---|
18 | long_description OpenSSH is a FREE version of the SSH protocol suite of \ |
---|
19 | network connectivity tools that increasing numbers of people on the \ |
---|
20 | Internet are coming to rely on. Many users of telnet, rlogin, ftp, \ |
---|
21 | and other such programs might not realize that their password is \ |
---|
22 | transmitted across the Internet unencrypted, but it is. OpenSSH \ |
---|
23 | encrypts all traffic (including passwords) to effectively eliminate \ |
---|
24 | eavesdropping, connection hijacking, and other network-level \ |
---|
25 | attacks. Additionally, OpenSSH provides a myriad of secure \ |
---|
26 | tunneling capabilities, as well as a variety of authentication \ |
---|
27 | methods. |
---|
28 | |
---|
29 | homepage https://www.openbsd.org/openssh/ |
---|
30 | |
---|
31 | checksums rmd160 8e9bc65c953590fd755febf4282f4bb04150b00d \ |
---|
32 | sha256 dd8bd002a379b5d499dfb050dd1fa9af8029e80461f4bb6c523c49973f5a39f3 \ |
---|
33 | size 1910393 |
---|
34 | |
---|
35 | master_sites openbsd:OpenSSH/portable \ |
---|
36 | ftp://ftp.cise.ufl.edu/pub/mirrors/openssh/portable/ \ |
---|
37 | http://openbsd.mirrors.pair.com/OpenSSH/portable |
---|
38 | |
---|
39 | if {${name} eq ${subport}} { |
---|
40 | depends_lib path:lib/libssl.dylib:openssl \ |
---|
41 | port:libedit \ |
---|
42 | port:ncurses \ |
---|
43 | port:zlib |
---|
44 | depends_run port:ssh-copy-id |
---|
45 | |
---|
46 | platform darwin 10 { |
---|
47 | # /usr/bin/ranlib: object: libopenbsd-compat.a(base64.o) malformed object (unknown load command 2) |
---|
48 | depends_build-append port:cctools |
---|
49 | } |
---|
50 | |
---|
51 | patch.pre_args-replace -p0 -p1 |
---|
52 | patchfiles launchd.patch \ |
---|
53 | agent.patch \ |
---|
54 | pam.patch \ |
---|
55 | patch-sandbox-darwin.c-apple-sandbox-named-external.diff \ |
---|
56 | patch-sshd-session.c-apple-sandbox-named-external.diff \ |
---|
57 | macports-config.patch \ |
---|
58 | |
---|
59 | # We need a couple of patches |
---|
60 | # - pam.patch |
---|
61 | # getpwnam(3) on OS X always returns "*********" in the pw_passwd field even |
---|
62 | # when run as root, so it can't be used for authentication. This patch just |
---|
63 | # forces the use of PAM regardless of the configuration. |
---|
64 | # - patch-*-apple-sandbox-named-external.diff |
---|
65 | # Use Apple's sandbox_init(3) in addition to standard privilege separation. |
---|
66 | # This requires a sandbox profile (which we provide) and the sandbox_init(3) |
---|
67 | # call before the chroot(2) to privsep-path (${prefix}/var/empty), or it will |
---|
68 | # fail to load the sandbox description and libsandbox.1.dylib. |
---|
69 | # - macports-config.patch |
---|
70 | # Changes the default configuration from the upstream-provided one by popular |
---|
71 | # request. |
---|
72 | # - agent.patch |
---|
73 | # Adds -l flag to ssh-agent to work with launchd. |
---|
74 | |
---|
75 | post-patch { |
---|
76 | # reinplace prefix in path to sandbox definition added by |
---|
77 | # patch-sandbox-darwin.c-apple-sandbox-named-external.diff |
---|
78 | reinplace "s|@PREFIX@|${prefix}|g" ${worksrcpath}/sandbox-darwin.c |
---|
79 | } |
---|
80 | |
---|
81 | # We are patching configure.ac |
---|
82 | use_autoreconf yes |
---|
83 | |
---|
84 | # strnvis(3) isn't actually "broken". OpenBSD decided to be special and flip |
---|
85 | # the order of arguments to strnvis and considers everyone else to be broken. |
---|
86 | configure.cppflags-append -DBROKEN_STRNVIS=1 |
---|
87 | |
---|
88 | # Use Apple's sandboxing feature |
---|
89 | configure.cppflags-append -D__APPLE_SANDBOX_NAMED_EXTERNAL__ \ |
---|
90 | -D__APPLE_API_STRICT_CONFORMANCE |
---|
91 | |
---|
92 | # Support Apple's launchd in ssh-agent |
---|
93 | configure.cppflags-append -D__APPLE_LAUNCHD__ |
---|
94 | |
---|
95 | configure.ldflags-append -Wl,-search_paths_first |
---|
96 | configure.args --with-ssl-dir=${prefix} \ |
---|
97 | --sysconfdir=${prefix}/etc/ssh \ |
---|
98 | --with-privsep-path=/var/empty \ |
---|
99 | --with-md5-passwords \ |
---|
100 | --with-pid-dir=${prefix}/var/run \ |
---|
101 | --with-pam \ |
---|
102 | --mandir=${prefix}/share/man \ |
---|
103 | --with-zlib=${prefix} \ |
---|
104 | --without-kerberos5 \ |
---|
105 | --with-libedit \ |
---|
106 | --with-pie \ |
---|
107 | --without-xauth \ |
---|
108 | --without-ldns \ |
---|
109 | --with-audit=bsm \ |
---|
110 | --with-keychain=apple |
---|
111 | |
---|
112 | use_parallel_build yes |
---|
113 | |
---|
114 | platform macosx { |
---|
115 | if {${os.major} < 10 || (${os.major} == 10 && ${configure.build_arch} eq "ppc")} { |
---|
116 | # See: https://trac.macports.org/ticket/60385 |
---|
117 | # clang does not work for ppc on 10.6.8 Rosetta |
---|
118 | # See also: https://trac.macports.org/ticket/65613 |
---|
119 | configure.args-delete --with-keychain=apple |
---|
120 | } elseif {${os.major} <= 11} { |
---|
121 | # clang is required to build the new Apple Keychain integration due |
---|
122 | # to it using the Object Subscripting feature, c.f. #59397. |
---|
123 | # We'll keep it simple and just blacklist any gcc version, cc |
---|
124 | # (which could be anything), system clang versions prior to those |
---|
125 | # shipped with Xcode 4.4. |
---|
126 | # Regarding the macports-clang versions, any version in the |
---|
127 | # MacPorts tree should suit our needs, since the clang |
---|
128 | # documentation lists FOSS clang/llvm 3.1 as the first version to |
---|
129 | # support Object Subscripting and the oldest version in our tree is |
---|
130 | # now 3.3. |
---|
131 | compiler.blacklist-append *gcc* cc {clang < 421} |
---|
132 | } elseif {(${os.major} >= 22 && ${configure.build_arch} eq "x86_64")} { |
---|
133 | compiler.blacklist-append {clang >= 1403 < 1500} |
---|
134 | } |
---|
135 | } |
---|
136 | |
---|
137 | destroot.target install-nokeys |
---|
138 | |
---|
139 | test.run yes |
---|
140 | test.target tests |
---|
141 | |
---|
142 | post-destroot { |
---|
143 | destroot.keepdirs ${destroot}${prefix}/var/run |
---|
144 | |
---|
145 | # switch default port to avoid conflict with system sshd |
---|
146 | reinplace "s|#Port 22|Port 2222|g" ${destroot}${prefix}/etc/ssh/sshd_config |
---|
147 | |
---|
148 | # install sandbox definition |
---|
149 | xinstall -m 755 -d ${destroot}${prefix}/share/${name} |
---|
150 | xinstall -m 644 ${filespath}/com.openssh.sshd.sb ${destroot}${prefix}/share/${name} |
---|
151 | |
---|
152 | file rename "${destroot}${prefix}/etc/ssh/sshd_config" "${destroot}${prefix}/etc/ssh/sshd_config.example" |
---|
153 | file rename "${destroot}${prefix}/etc/ssh/ssh_config" "${destroot}${prefix}/etc/ssh/ssh_config.example" |
---|
154 | } |
---|
155 | |
---|
156 | post-activate { |
---|
157 | if {![file exists "${prefix}/etc/ssh/sshd_config"]} { |
---|
158 | copy "${prefix}/etc/ssh/sshd_config.example" "${prefix}/etc/ssh/sshd_config" |
---|
159 | } |
---|
160 | if {![file exists "${prefix}/etc/ssh/ssh_config"]} { |
---|
161 | copy "${prefix}/etc/ssh/ssh_config.example" "${prefix}/etc/ssh/ssh_config" |
---|
162 | } |
---|
163 | } |
---|
164 | |
---|
165 | variant xauth description {Build with support for xauth} { |
---|
166 | configure.args-replace --without-xauth \ |
---|
167 | --with-xauth=${prefix}/bin/xauth |
---|
168 | depends_run-append port:xauth |
---|
169 | } |
---|
170 | |
---|
171 | variant kerberos5 description "Add Kerberos5 support" { |
---|
172 | depends_lib-append port:kerberos5 |
---|
173 | configure.args-delete --without-kerberos5 |
---|
174 | configure.args-append --with-kerberos5=${prefix} |
---|
175 | |
---|
176 | if {${os.platform} eq "darwin"} { |
---|
177 | post-extract { |
---|
178 | xinstall -m 0755 -W "${filespath}" slogin "${worksrcpath}/" |
---|
179 | } |
---|
180 | |
---|
181 | pre-configure { |
---|
182 | reinplace -W "${worksrcpath}" "s|@@PREFIX@@|${prefix}|" slogin |
---|
183 | } |
---|
184 | |
---|
185 | post-destroot { |
---|
186 | xinstall -m 0755 ${worksrcpath}/slogin \ |
---|
187 | ${destroot}${prefix}/bin/ |
---|
188 | } |
---|
189 | } |
---|
190 | } |
---|
191 | |
---|
192 | variant ldns description "Use ldns for DNSSEC support" { |
---|
193 | configure.args-replace --without-ldns \ |
---|
194 | --with-ldns |
---|
195 | depends_lib-append port:ldns |
---|
196 | } |
---|
197 | |
---|
198 | variant fido2 description "Enable fido2 support" { |
---|
199 | configure.args-delete --without-security-key-builtin |
---|
200 | configure.args-append --with-security-key-builtin |
---|
201 | depends_lib-append port:libfido2 |
---|
202 | } |
---|
203 | |
---|
204 | |
---|
205 | platform darwin { |
---|
206 | # create link to /usr/include/pam because 'security' was renamed to 'pam' |
---|
207 | # in OS X. |
---|
208 | # And then again back to security in 10.6. |
---|
209 | if {${os.major} < 10} { |
---|
210 | pre-configure { |
---|
211 | xinstall -d ${workpath}/include |
---|
212 | file delete ${workpath}/include/security |
---|
213 | ln -s /usr/include/pam ${workpath}/include/security |
---|
214 | configure.cppflags-append "-I${workpath}/include" |
---|
215 | } |
---|
216 | } |
---|
217 | } |
---|
218 | |
---|
219 | platform darwin 9 { |
---|
220 | # 10.5/ppc doesn't like the sandbox file we supply |
---|
221 | configure.cppflags-delete -D__APPLE_SANDBOX_NAMED_EXTERNAL__ |
---|
222 | } |
---|
223 | |
---|
224 | startupitem.create yes |
---|
225 | startupitem.name OpenSSH |
---|
226 | startupitem.start \ |
---|
227 | "if \[ -x ${prefix}/sbin/sshd \]; then |
---|
228 | if \[ ! -f ${prefix}/etc/ssh/ssh_host_dsa_key \]; then |
---|
229 | ${prefix}/bin/ssh-keygen -t dsa -f \\ |
---|
230 | ${prefix}/etc/ssh/ssh_host_dsa_key -N \"\" -C `hostname` |
---|
231 | fi |
---|
232 | if \[ ! -f ${prefix}/etc/ssh/ssh_host_rsa_key \]; then |
---|
233 | ${prefix}/bin/ssh-keygen -t rsa -f \\ |
---|
234 | ${prefix}/etc/ssh/ssh_host_rsa_key -N \"\" -C `hostname` |
---|
235 | fi |
---|
236 | if \[ ! -f ${prefix}/etc/ssh/ssh_host_ecdsa_key \]; then |
---|
237 | ${prefix}/bin/ssh-keygen -t ecdsa -f \\ |
---|
238 | ${prefix}/etc/ssh/ssh_host_ecdsa_key -N \"\" -C `hostname` |
---|
239 | fi |
---|
240 | if \[ ! -f ${prefix}/etc/ssh/ssh_host_ed25519_key \]; then |
---|
241 | ${prefix}/bin/ssh-keygen -t ed25519 -f \\ |
---|
242 | ${prefix}/etc/ssh/ssh_host_ed25519_key -N \"\" -C `hostname` |
---|
243 | fi |
---|
244 | ${prefix}/sbin/sshd |
---|
245 | fi" |
---|
246 | startupitem.stop \ |
---|
247 | "if \[ -r ${prefix}/var/run/sshd.pid \]; then |
---|
248 | kill `cat ${prefix}/var/run/sshd.pid` |
---|
249 | fi" |
---|
250 | } |
---|
251 | |
---|
252 | subport ssh-copy-id { |
---|
253 | revision 0 |
---|
254 | platforms any |
---|
255 | supported_archs noarch |
---|
256 | maintainers {l2dy @l2dy} openmaintainer |
---|
257 | description Shell script to install your public key(s) on a remote machine |
---|
258 | long_description {*}${description} |
---|
259 | |
---|
260 | # Make sure to not create multiple copies of the same distfile. |
---|
261 | distname openssh-${version} |
---|
262 | dist_subdir openssh |
---|
263 | |
---|
264 | use_configure no |
---|
265 | build {} |
---|
266 | |
---|
267 | destroot { |
---|
268 | xinstall -m 755 ${worksrcpath}/contrib/ssh-copy-id ${destroot}${prefix}/bin |
---|
269 | xinstall -m 644 ${worksrcpath}/contrib/ssh-copy-id.1 ${destroot}${prefix}/share/man/man1 |
---|
270 | } |
---|
271 | } |
---|
272 | |
---|
273 | livecheck.type regex |
---|
274 | livecheck.url https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/ |
---|
275 | livecheck.regex openssh-(\[5-9\]+.\[0-9\]+p\[0-9\]+)[quotemeta ${extract.suffix}] |
---|