summaryrefslogtreecommitdiff
path: root/security/ssh/Makefile
blob: 6317b30b5b3ea788f27a5e411754971da06064ab (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
# New ports collection makefile for:	ssh
# Date created:		30 Jul 1995
# Whom:			torstenb@FreeBSD.org
#
# $FreeBSD$
#
# Maximal ssh package requires YES values for
# WITH_PERL, WITH_TCPWRAP
#

PORTNAME=	ssh
PORTVERSION=	1.2.33
PORTREVISION=	1
CATEGORIES=	security ipv6
MASTER_SITES=	ftp://ftp.tokyonet.ad.jp/pub/security/ssh/ \
		ftp://ftp.tokyonet.ad.jp/pub/security/ssh/old/ \
		ftp://ftp.dei.uc.pt/pub/ssh/ \
		ftp://ftp.ssh.com/ \
		ftp://ftp.nsysu.edu.tw/Unix/Security/ssh/old/ \
		ftp://ftp.cronyx.ru/mirror/ssh/old/

MAINTAINER=	ports@FreeBSD.org

USE_AUTOCONF=	YES
GNU_CONFIGURE=	YES
USE_PERL5=	YES
CONFIGURE_ENV+= PERL=${PERL5}

CONFIGURE_ARGS+= --with-etcdir=${PREFIX}/etc

# Uncomment if all your users are in their own group and their homedir
# is writeable by that group.  Beware the security implications!
#
#CONFIGURE_ARGS+= --enable-group-writeability

# Uncomment if you want to allow ssh to emulate an unencrypted rsh connection
# over a secure medium (i.e. allow SSH connections without encryption).
# This is normally dangerous since it can lead to the disclosure of keys
# and passwords.
#
#CONFIGURE_ARGS+= --with-none

.if defined(KRB5_HOME) && exists(${KRB5_HOME})
CONFIGURE_ARGS+=--with-kerberos5=${KRB5_HOME} --enable-kerberos-tgt-passing \
	--disable-suid-ssh
.endif

# Include support for the SecureID card
# Warning: untested !
#
.if defined(WITH_SECUREID)
CONFIGURE_ARGS+= --with-secureid
.endif

# Don't use IDEA. IDEA can be freely used for non-commercial use. However,
# commercial use may require a licence in a number of countries. Since SSH
# itself may not be used for commercial purposes without a license, we
# enable IDEA by default since the user would already be getting himself
# into trouble.
#
.if defined(WITHOUT_IDEA)
CONFIGURE_ARGS+= --without-idea
.endif

.include <bsd.port.pre.mk>

.if ${OSVERSION} > 500023
LIB_DEPENDS+=	gmp.3:${PORTSDIR}/math/libgmp-freebsd
MAKE_ENV+=	GMPINCDIR="${LOCALBASE}/include" \
		GMPLIBDIR="${LOCALBASE}/lib"
.endif

.if (${OSVERSION} >= 400016 && !defined(REALLY_WANT_SSH))
FORBIDDEN=		"OpenSSH is a superior version of SSH which has been included in the FreeBSD base system since 4.0-RELEASE. This port is now deprecated. To override this warning set the REALLY_WANT_SSH environment variable and rebuild."
.endif

MAN1=		scp1.1 ssh-add1.1 ssh-agent1.1 ssh-keygen1.1 ssh1.1 \
		make-ssh-known-hosts1.1
MAN8=		sshd1.8
MLINKS=		make-ssh-known-hosts1.1 make-ssh-known-hosts.1 \
		scp1.1 scp.1 \
		ssh-add1.1 ssh-add.1 \
		ssh-agent1.1 ssh-agent.1 \
		ssh-keygen1.1 ssh-keygen.1 \
		ssh1.1 ssh.1 \
		ssh.1 slogin.1 \
		ssh1.1 slogin1.1 \
		sshd1.8 sshd.8

pre-patch:
	@${MV} -f ${WRKSRC}/make-ssh-known-hosts.pl \
	    ${WRKSRC}/make-ssh-known-hosts.pl.in

post-install:
	@if [ ! -f ${PREFIX}/etc/ssh_host_key ]; then \
	    ${ECHO} "Generating a secret host key..."; \
	    ${PREFIX}/bin/ssh-keygen -f ${PREFIX}/etc/ssh_host_key -N ""; \
	fi; \
	if [ "`grep ssh /etc/inetd.conf|grep -v ^#ssh`" = "" ]; then \
	    if [ ! -f ${PREFIX}/etc/rc.d/sshd.sh ]; then \
		${ECHO} "Installing ${PREFIX}/etc/rc.d/sshd.sh startup file."; \
		${SED} -e 's+!!PREFIX!!+${PREFIX}+g' ${FILESDIR}/sshd.sh \
		    > ${PREFIX}/etc/rc.d/sshd.sh; \
		${CHMOD} 751 ${PREFIX}/etc/rc.d/sshd.sh; \
	    fi; \
	fi

# Include tcp-wrapper support (call remote identd)
.if exists(/usr/include/tcpd.h)
CONFIGURE_ARGS+= --with-libwrap
.else
.if defined(WITH_TCPWRAP) || (exists(${PREFIX}/lib/libwrap.a) \
	&& !defined(WITHOUT_TCPWRAP))
CONFIGURE_ENV+= LDFLAGS=-L${PREFIX}/lib CFLAGS="${CFLAGS} -I${PREFIX}/include"
CONFIGURE_ARGS+= --with-libwrap
LIB_DEPENDS+=	wrap.7:${PORTSDIR}/security/tcp_wrapper
.endif
.endif

# Original IPv6 patches were obtained from ftp://ftp.kyoto.wide.ad.jp/IPv6/ssh/
# ssh-1.2.27-IPv6-1.5-patch.gz
# We still use WITH_INET6 here and try to support pre 4.0 machines with kame
# IPv6 stack
.if ${OSVERSION} >= 400014 || ( ${OSVERSION} < 400014 && defined(WITH_INET6) )
CONFIGURE_ARGS+=	--enable-ipv6
.else
CONFIGURE_ARGS+=	--disable-ipv6
.endif

# Include SOCKS firewall support
.if defined(WITH_SOCKS)
CONFIGURE_ARGS+= --with-socks="-L${PREFIX}/lib -lsocks5" --with-socks5
.endif

# Include extra files if X11 is installed
.if defined(WITH_X11) || (exists(${X11BASE}/lib/libX11.a) \
	&& !defined(WITHOUT_X11))
USE_XLIB=	yes
PLIST:=		${WRKDIR}/PLIST
pre-install:
	@${CAT} ${PKGDIR}/pkg-plist.x11 ${PKGDIR}/pkg-plist > ${PLIST}
.else
CONFIGURE_ARGS+= --without-x
.endif

.include <bsd.port.post.mk>