Context Navigation

Back to Ticket #70315

Ticket #70315: Portfile.openssh9.8p1

File Portfile.openssh9.8p1, 11.1 KB (added by artkiver (グレェ), 4 days ago)
Ever so slightly modified Portfile for OpenSSH 9.8p1 building upon danielluke's improvements/PR

Line
1	# -- coding: utf-8; mode: tcl; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -- vim:fenc=utf-8:ft=tcl:et:sw=4:ts=4:sts=4
2
3	PortSystem 1.0
4
5	PortGroup compiler_blacklist_versions 1.0
6
7	name openssh
8	version 9.8p1
9	revision 0
10	categories net
11	maintainers {@artkiver gmail.com:artkiver} openmaintainer
12	license BSD
13	installs_libs no
14	conflicts pkixssh
15
16	description OpenSSH secure login server
17
18	long_description OpenSSH is a FREE version of the SSH protocol suite of \
19	network connectivity tools that increasing numbers of people on the \
20	Internet are coming to rely on. Many users of telnet, rlogin, ftp, \
21	and other such programs might not realize that their password is \
22	transmitted across the Internet unencrypted, but it is. OpenSSH \
23	encrypts all traffic (including passwords) to effectively eliminate \
24	eavesdropping, connection hijacking, and other network-level \
25	attacks. Additionally, OpenSSH provides a myriad of secure \
26	tunneling capabilities, as well as a variety of authentication \
27	methods.
28
29	homepage https://www.openbsd.org/openssh/
30
31	checksums rmd160 8e9bc65c953590fd755febf4282f4bb04150b00d \
32	sha256 dd8bd002a379b5d499dfb050dd1fa9af8029e80461f4bb6c523c49973f5a39f3 \
33	size 1910393
34
35	master_sites openbsd:OpenSSH/portable \
36	ftp://ftp.cise.ufl.edu/pub/mirrors/openssh/portable/ \
37	http://openbsd.mirrors.pair.com/OpenSSH/portable
38
39	if {${name} eq ${subport}} {
40	depends_lib path:lib/libssl.dylib:openssl \
41	port:libedit \
42	port:ncurses \
43	port:zlib
44	depends_run port:ssh-copy-id
45
46	platform darwin 10 {
47	# /usr/bin/ranlib: object: libopenbsd-compat.a(base64.o) malformed object (unknown load command 2)
48	depends_build-append port:cctools
49	}
50
51	patch.pre_args-replace -p0 -p1
52	patchfiles launchd.patch \
53	agent.patch \
54	pam.patch \
55	patch-sandbox-darwin.c-apple-sandbox-named-external.diff \
56	patch-sshd-session.c-apple-sandbox-named-external.diff \
57	macports-config.patch \
58
59	# We need a couple of patches
60	# - pam.patch
61	# getpwnam(3) on OS X always returns "*********" in the pw_passwd field even
62	# when run as root, so it can't be used for authentication. This patch just
63	# forces the use of PAM regardless of the configuration.
64	# - patch-*-apple-sandbox-named-external.diff
65	# Use Apple's sandbox_init(3) in addition to standard privilege separation.
66	# This requires a sandbox profile (which we provide) and the sandbox_init(3)
67	# call before the chroot(2) to privsep-path (${prefix}/var/empty), or it will
68	# fail to load the sandbox description and libsandbox.1.dylib.
69	# - macports-config.patch
70	# Changes the default configuration from the upstream-provided one by popular
71	# request.
72	# - agent.patch
73	# Adds -l flag to ssh-agent to work with launchd.
74
75	post-patch {
76	# reinplace prefix in path to sandbox definition added by
77	# patch-sandbox-darwin.c-apple-sandbox-named-external.diff
78	reinplace "s\|@PREFIX@\|${prefix}\|g" ${worksrcpath}/sandbox-darwin.c
79	}
80
81	# We are patching configure.ac
82	use_autoreconf yes
83
84	# strnvis(3) isn't actually "broken". OpenBSD decided to be special and flip
85	# the order of arguments to strnvis and considers everyone else to be broken.
86	configure.cppflags-append -DBROKEN_STRNVIS=1
87
88	# Use Apple's sandboxing feature
89	configure.cppflags-append -D__APPLE_SANDBOX_NAMED_EXTERNAL__ \
90	-D__APPLE_API_STRICT_CONFORMANCE
91
92	# Support Apple's launchd in ssh-agent
93	configure.cppflags-append -D__APPLE_LAUNCHD__
94
95	configure.ldflags-append -Wl,-search_paths_first
96	configure.args --with-ssl-dir=${prefix} \
97	--sysconfdir=${prefix}/etc/ssh \
98	--with-privsep-path=/var/empty \
99	--with-md5-passwords \
100	--with-pid-dir=${prefix}/var/run \
101	--with-pam \
102	--mandir=${prefix}/share/man \
103	--with-zlib=${prefix} \
104	--without-kerberos5 \
105	--with-libedit \
106	--with-pie \
107	--without-xauth \
108	--without-ldns \
109	--with-audit=bsm \
110	--with-keychain=apple
111
112	use_parallel_build yes
113
114	platform macosx {
115	if {${os.major} < 10 \|\| (${os.major} == 10 && ${configure.build_arch} eq "ppc")} {
116	# See: https://trac.macports.org/ticket/60385
117	# clang does not work for ppc on 10.6.8 Rosetta
118	# See also: https://trac.macports.org/ticket/65613
119	configure.args-delete --with-keychain=apple
120	} elseif {${os.major} <= 11} {
121	# clang is required to build the new Apple Keychain integration due
122	# to it using the Object Subscripting feature, c.f. #59397.
123	# We'll keep it simple and just blacklist any gcc version, cc
124	# (which could be anything), system clang versions prior to those
125	# shipped with Xcode 4.4.
126	# Regarding the macports-clang versions, any version in the
127	# MacPorts tree should suit our needs, since the clang
128	# documentation lists FOSS clang/llvm 3.1 as the first version to
129	# support Object Subscripting and the oldest version in our tree is
130	# now 3.3.
131	compiler.blacklist-append gcc cc {clang < 421}
132	} elseif {(${os.major} >= 22 && ${configure.build_arch} eq "x86_64")} {
133	compiler.blacklist-append {clang >= 1403 < 1500}
134	}
135	}
136
137	destroot.target install-nokeys
138
139	test.run yes
140	test.target tests
141
142	post-destroot {
143	destroot.keepdirs ${destroot}${prefix}/var/run
144
145	# switch default port to avoid conflict with system sshd
146	reinplace "s\|#Port 22\|Port 2222\|g" ${destroot}${prefix}/etc/ssh/sshd_config
147
148	# install sandbox definition
149	xinstall -m 755 -d ${destroot}${prefix}/share/${name}
150	xinstall -m 644 ${filespath}/com.openssh.sshd.sb ${destroot}${prefix}/share/${name}
151
152	file rename "${destroot}${prefix}/etc/ssh/sshd_config" "${destroot}${prefix}/etc/ssh/sshd_config.example"
153	file rename "${destroot}${prefix}/etc/ssh/ssh_config" "${destroot}${prefix}/etc/ssh/ssh_config.example"
154	}
155
156	post-activate {
157	if {![file exists "${prefix}/etc/ssh/sshd_config"]} {
158	copy "${prefix}/etc/ssh/sshd_config.example" "${prefix}/etc/ssh/sshd_config"
159	}
160	if {![file exists "${prefix}/etc/ssh/ssh_config"]} {
161	copy "${prefix}/etc/ssh/ssh_config.example" "${prefix}/etc/ssh/ssh_config"
162	}
163	}
164
165	variant xauth description {Build with support for xauth} {
166	configure.args-replace --without-xauth \
167	--with-xauth=${prefix}/bin/xauth
168	depends_run-append port:xauth
169	}
170
171	variant kerberos5 description "Add Kerberos5 support" {
172	depends_lib-append port:kerberos5
173	configure.args-delete --without-kerberos5
174	configure.args-append --with-kerberos5=${prefix}
175
176	if {${os.platform} eq "darwin"} {
177	post-extract {
178	xinstall -m 0755 -W "${filespath}" slogin "${worksrcpath}/"
179	}
180
181	pre-configure {
182	reinplace -W "${worksrcpath}" "s\|@@PREFIX@@\|${prefix}\|" slogin
183	}
184
185	post-destroot {
186	xinstall -m 0755 ${worksrcpath}/slogin \
187	${destroot}${prefix}/bin/
188	}
189	}
190	}
191
192	variant ldns description "Use ldns for DNSSEC support" {
193	configure.args-replace --without-ldns \
194	--with-ldns
195	depends_lib-append port:ldns
196	}
197
198	variant fido2 description "Enable fido2 support" {
199	configure.args-delete --without-security-key-builtin
200	configure.args-append --with-security-key-builtin
201	depends_lib-append port:libfido2
202	}
203
204
205	platform darwin {
206	# create link to /usr/include/pam because 'security' was renamed to 'pam'
207	# in OS X.
208	# And then again back to security in 10.6.
209	if {${os.major} < 10} {
210	pre-configure {
211	xinstall -d ${workpath}/include
212	file delete ${workpath}/include/security
213	ln -s /usr/include/pam ${workpath}/include/security
214	configure.cppflags-append "-I${workpath}/include"
215	}
216	}
217	}
218
219	platform darwin 9 {
220	# 10.5/ppc doesn't like the sandbox file we supply
221	configure.cppflags-delete -D__APPLE_SANDBOX_NAMED_EXTERNAL__
222	}
223
224	startupitem.create yes
225	startupitem.name OpenSSH
226	startupitem.start \
227	"if \[ -x ${prefix}/sbin/sshd \]; then
228	if \[ ! -f ${prefix}/etc/ssh/ssh_host_dsa_key \]; then
229	${prefix}/bin/ssh-keygen -t dsa -f \\
230	${prefix}/etc/ssh/ssh_host_dsa_key -N \"\" -C `hostname`
231	fi
232	if \[ ! -f ${prefix}/etc/ssh/ssh_host_rsa_key \]; then
233	${prefix}/bin/ssh-keygen -t rsa -f \\
234	${prefix}/etc/ssh/ssh_host_rsa_key -N \"\" -C `hostname`
235	fi
236	if \[ ! -f ${prefix}/etc/ssh/ssh_host_ecdsa_key \]; then
237	${prefix}/bin/ssh-keygen -t ecdsa -f \\
238	${prefix}/etc/ssh/ssh_host_ecdsa_key -N \"\" -C `hostname`
239	fi
240	if \[ ! -f ${prefix}/etc/ssh/ssh_host_ed25519_key \]; then
241	${prefix}/bin/ssh-keygen -t ed25519 -f \\
242	${prefix}/etc/ssh/ssh_host_ed25519_key -N \"\" -C `hostname`
243	fi
244	${prefix}/sbin/sshd
245	fi"
246	startupitem.stop \
247	"if \[ -r ${prefix}/var/run/sshd.pid \]; then
248	kill `cat ${prefix}/var/run/sshd.pid`
249	fi"
250	}
251
252	subport ssh-copy-id {
253	revision 0
254	platforms any
255	supported_archs noarch
256	maintainers {l2dy @l2dy} openmaintainer
257	description Shell script to install your public key(s) on a remote machine
258	long_description {*}${description}
259
260	# Make sure to not create multiple copies of the same distfile.
261	distname openssh-${version}
262	dist_subdir openssh
263
264	use_configure no
265	build {}
266
267	destroot {
268	xinstall -m 755 ${worksrcpath}/contrib/ssh-copy-id ${destroot}${prefix}/bin
269	xinstall -m 644 ${worksrcpath}/contrib/ssh-copy-id.1 ${destroot}${prefix}/share/man/man1
270	}
271	}
272
273	livecheck.type regex
274	livecheck.url https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/
275	livecheck.regex openssh-(\[5-9\]+.\[0-9\]+p\[0-9\]+)[quotemeta ${extract.suffix}]

Download in other formats:

Original Format