Ticket #70315: Portfile.openssh9.8p1

File Portfile.openssh9.8p1, 11.1 KB (added by artkiver (グレェ), 5 months ago)

Ever so slightly modified Portfile for OpenSSH 9.8p1 building upon danielluke's improvements/PR

Line 
1# -*- coding: utf-8; mode: tcl; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- vim:fenc=utf-8:ft=tcl:et:sw=4:ts=4:sts=4
2
3PortSystem          1.0
4
5PortGroup           compiler_blacklist_versions 1.0
6
7name                openssh
8version             9.8p1
9revision            0
10categories          net
11maintainers         {@artkiver gmail.com:artkiver} openmaintainer
12license             BSD
13installs_libs       no
14conflicts           pkixssh
15
16description         OpenSSH secure login server
17
18long_description    OpenSSH is a FREE version of the SSH protocol suite of \
19                    network connectivity tools that increasing numbers of people on the \
20                    Internet are coming to rely on. Many users of telnet, rlogin, ftp, \
21                    and other such programs might not realize that their password is \
22                    transmitted across the Internet unencrypted, but it is. OpenSSH \
23                    encrypts all traffic (including passwords) to effectively eliminate \
24                    eavesdropping, connection hijacking, and other network-level \
25                    attacks. Additionally, OpenSSH provides a myriad of secure \
26                    tunneling capabilities, as well as a variety of authentication \
27                    methods.
28
29homepage            https://www.openbsd.org/openssh/
30
31checksums           rmd160  8e9bc65c953590fd755febf4282f4bb04150b00d \
32                    sha256  dd8bd002a379b5d499dfb050dd1fa9af8029e80461f4bb6c523c49973f5a39f3 \
33                    size    1910393
34
35master_sites        openbsd:OpenSSH/portable \
36                    ftp://ftp.cise.ufl.edu/pub/mirrors/openssh/portable/ \
37                    http://openbsd.mirrors.pair.com/OpenSSH/portable
38
39if {${name} eq ${subport}} {
40    depends_lib         path:lib/libssl.dylib:openssl \
41                        port:libedit \
42                        port:ncurses \
43                        port:zlib
44    depends_run         port:ssh-copy-id
45
46    platform darwin 10 {
47        # /usr/bin/ranlib: object: libopenbsd-compat.a(base64.o) malformed object (unknown load command 2)
48        depends_build-append port:cctools
49    }
50
51    patch.pre_args-replace  -p0 -p1
52    patchfiles          launchd.patch \
53                        agent.patch \
54                        pam.patch \
55                        patch-sandbox-darwin.c-apple-sandbox-named-external.diff \
56                        patch-sshd-session.c-apple-sandbox-named-external.diff \
57                        macports-config.patch \
58
59    # We need a couple of patches
60    # - pam.patch
61    #   getpwnam(3) on OS X always returns "*********" in the pw_passwd field even
62    #   when run as root, so it can't be used for authentication. This patch just
63    #   forces the use of PAM regardless of the configuration.
64    # - patch-*-apple-sandbox-named-external.diff
65    #   Use Apple's sandbox_init(3) in addition to standard privilege separation.
66    #   This requires a sandbox profile (which we provide) and the sandbox_init(3)
67    #   call before the chroot(2) to privsep-path (${prefix}/var/empty), or it will
68    #   fail to load the sandbox description and libsandbox.1.dylib.
69    # - macports-config.patch
70    #   Changes the default configuration from the upstream-provided one by popular
71    #   request.
72    # - agent.patch
73    #   Adds -l flag to ssh-agent to work with launchd.
74
75    post-patch {
76        # reinplace prefix in path to sandbox definition added by
77        # patch-sandbox-darwin.c-apple-sandbox-named-external.diff
78        reinplace "s|@PREFIX@|${prefix}|g" ${worksrcpath}/sandbox-darwin.c
79    }
80
81    # We are patching configure.ac
82    use_autoreconf          yes
83
84    # strnvis(3) isn't actually "broken".  OpenBSD decided to be special and flip
85    # the order of arguments to strnvis and considers everyone else to be broken.
86    configure.cppflags-append -DBROKEN_STRNVIS=1
87
88    # Use Apple's sandboxing feature
89    configure.cppflags-append   -D__APPLE_SANDBOX_NAMED_EXTERNAL__ \
90                                -D__APPLE_API_STRICT_CONFORMANCE
91
92    # Support Apple's launchd in ssh-agent
93    configure.cppflags-append -D__APPLE_LAUNCHD__
94
95    configure.ldflags-append  -Wl,-search_paths_first
96    configure.args      --with-ssl-dir=${prefix} \
97                        --sysconfdir=${prefix}/etc/ssh \
98                        --with-privsep-path=/var/empty \
99                        --with-md5-passwords \
100                        --with-pid-dir=${prefix}/var/run \
101                        --with-pam \
102                        --mandir=${prefix}/share/man \
103                        --with-zlib=${prefix} \
104                        --without-kerberos5 \
105                        --with-libedit \
106                        --with-pie \
107                        --without-xauth \
108                        --without-ldns \
109                        --with-audit=bsm \
110                        --with-keychain=apple
111
112    use_parallel_build  yes
113
114    platform macosx {
115        if {${os.major} < 10 || (${os.major} == 10 && ${configure.build_arch} eq "ppc")} {
116            # See: https://trac.macports.org/ticket/60385
117            # clang does not work for ppc on 10.6.8 Rosetta
118            # See also: https://trac.macports.org/ticket/65613
119            configure.args-delete   --with-keychain=apple
120        } elseif {${os.major} <= 11} {
121            # clang is required to build the new Apple Keychain integration due
122            # to it using the Object Subscripting feature, c.f. #59397.
123            # We'll keep it simple and just blacklist any gcc version, cc
124            # (which could be anything), system clang versions prior to those
125            # shipped with Xcode 4.4.
126            # Regarding the macports-clang versions, any version in the
127            # MacPorts tree should suit our needs, since the clang
128            # documentation lists FOSS clang/llvm 3.1 as the first version to
129            # support Object Subscripting and the oldest version in our tree is
130            # now 3.3.
131            compiler.blacklist-append   *gcc* cc {clang < 421}
132        } elseif {(${os.major} >= 22 && ${configure.build_arch} eq "x86_64")} {
133            compiler.blacklist-append   {clang >= 1403 < 1500}
134        }
135    }
136
137    destroot.target     install-nokeys
138
139    test.run            yes
140    test.target         tests
141
142    post-destroot {
143        destroot.keepdirs ${destroot}${prefix}/var/run
144
145        # switch default port to avoid conflict with system sshd
146        reinplace "s|#Port 22|Port 2222|g" ${destroot}${prefix}/etc/ssh/sshd_config
147
148        # install sandbox definition
149        xinstall -m 755 -d ${destroot}${prefix}/share/${name}
150        xinstall -m 644 ${filespath}/com.openssh.sshd.sb ${destroot}${prefix}/share/${name}
151
152        file rename "${destroot}${prefix}/etc/ssh/sshd_config" "${destroot}${prefix}/etc/ssh/sshd_config.example"
153        file rename "${destroot}${prefix}/etc/ssh/ssh_config" "${destroot}${prefix}/etc/ssh/ssh_config.example"
154    }
155
156    post-activate {
157        if {![file exists "${prefix}/etc/ssh/sshd_config"]} {
158            copy "${prefix}/etc/ssh/sshd_config.example" "${prefix}/etc/ssh/sshd_config"
159        }
160        if {![file exists "${prefix}/etc/ssh/ssh_config"]} {
161            copy "${prefix}/etc/ssh/ssh_config.example" "${prefix}/etc/ssh/ssh_config"
162        }
163    }
164
165    variant xauth description {Build with support for xauth} {
166        configure.args-replace  --without-xauth \
167                                --with-xauth=${prefix}/bin/xauth
168        depends_run-append      port:xauth
169    }
170
171    variant kerberos5 description "Add Kerberos5 support" {
172        depends_lib-append      port:kerberos5
173        configure.args-delete   --without-kerberos5
174        configure.args-append   --with-kerberos5=${prefix}
175
176        if {${os.platform} eq "darwin"} {
177            post-extract {
178                xinstall -m 0755 -W "${filespath}" slogin "${worksrcpath}/"
179            }
180
181            pre-configure {
182                reinplace -W "${worksrcpath}" "s|@@PREFIX@@|${prefix}|" slogin
183            }
184
185            post-destroot {
186                xinstall -m 0755 ${worksrcpath}/slogin \
187                                 ${destroot}${prefix}/bin/
188            }
189        }
190    }
191
192    variant ldns description "Use ldns for DNSSEC support" {
193        configure.args-replace  --without-ldns \
194                                --with-ldns
195        depends_lib-append      port:ldns
196    }
197
198    variant fido2 description "Enable fido2 support" {
199        configure.args-delete  --without-security-key-builtin
200        configure.args-append  --with-security-key-builtin
201        depends_lib-append      port:libfido2
202    }
203
204
205    platform darwin {
206        # create link to /usr/include/pam because 'security' was renamed to 'pam'
207        # in OS X.
208        # And then again back to security in 10.6.
209        if {${os.major} < 10} {
210            pre-configure {
211                xinstall -d ${workpath}/include
212                file delete ${workpath}/include/security
213                ln -s /usr/include/pam ${workpath}/include/security
214                configure.cppflags-append "-I${workpath}/include"
215            }
216        }
217    }
218
219    platform darwin 9 {
220        # 10.5/ppc doesn't like the sandbox file we supply
221        configure.cppflags-delete -D__APPLE_SANDBOX_NAMED_EXTERNAL__
222    }
223
224    startupitem.create  yes
225    startupitem.name    OpenSSH
226    startupitem.start   \
227        "if \[ -x ${prefix}/sbin/sshd \]; then
228            if \[ ! -f ${prefix}/etc/ssh/ssh_host_dsa_key \]; then
229                ${prefix}/bin/ssh-keygen -t dsa -f \\
230                ${prefix}/etc/ssh/ssh_host_dsa_key -N \"\" -C `hostname`
231            fi
232            if \[ ! -f ${prefix}/etc/ssh/ssh_host_rsa_key \]; then
233                ${prefix}/bin/ssh-keygen -t rsa -f \\
234                ${prefix}/etc/ssh/ssh_host_rsa_key -N \"\" -C `hostname`
235            fi
236            if \[ ! -f ${prefix}/etc/ssh/ssh_host_ecdsa_key \]; then
237                ${prefix}/bin/ssh-keygen -t ecdsa -f \\
238                ${prefix}/etc/ssh/ssh_host_ecdsa_key -N \"\" -C `hostname`
239            fi
240            if \[ ! -f ${prefix}/etc/ssh/ssh_host_ed25519_key \]; then
241                ${prefix}/bin/ssh-keygen -t ed25519 -f \\
242                ${prefix}/etc/ssh/ssh_host_ed25519_key -N \"\" -C `hostname`
243            fi
244            ${prefix}/sbin/sshd
245        fi"
246    startupitem.stop    \
247        "if \[ -r ${prefix}/var/run/sshd.pid \]; then
248            kill `cat ${prefix}/var/run/sshd.pid`
249        fi"
250}
251
252subport ssh-copy-id {
253    revision            0
254    platforms           any
255    supported_archs     noarch
256    maintainers         {l2dy @l2dy} openmaintainer
257    description         Shell script to install your public key(s) on a remote machine
258    long_description    {*}${description}
259
260    # Make sure to not create multiple copies of the same distfile.
261    distname            openssh-${version}
262    dist_subdir         openssh
263
264    use_configure       no
265    build               {}
266
267    destroot {
268        xinstall -m 755 ${worksrcpath}/contrib/ssh-copy-id ${destroot}${prefix}/bin
269        xinstall -m 644 ${worksrcpath}/contrib/ssh-copy-id.1 ${destroot}${prefix}/share/man/man1
270    }
271}
272
273livecheck.type      regex
274livecheck.url       https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/
275livecheck.regex     openssh-(\[5-9\]+.\[0-9\]+p\[0-9\]+)[quotemeta ${extract.suffix}]