blob: 0b465e7bedd64e73bfeb0fe04ff2b9c6c0525188 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
|
# Copyright 1999-2004 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/openssh-3.8.1_p1.ebuild,v 1.11 2004/06/25 00:03:09 agriffis Exp $
inherit eutils flag-o-matic ccc gnuconfig
# Make it more portable between straight releases
# and _p? releases.
PARCH=${P/_/}
X509_PATCH="${PARCH}+x509h.diff.gz"
SELINUX_PATCH="openssh-3.7.1_p1-selinux.diff"
S=${WORKDIR}/${PARCH}
DESCRIPTION="Port of OpenBSD's free SSH release"
HOMEPAGE="http://www.openssh.com/"
SRC_URI="mirror://openssh/${PARCH}.tar.gz
X509? ( http://roumenpetrov.info/openssh/x509h/${X509_PATCH} )"
LICENSE="as-is"
SLOT="0"
KEYWORDS="~x86 ppc ~sparc ~mips alpha arm hppa ~amd64 ~ia64 ~ppc64 s390"
IUSE="ipv6 static pam tcpd kerberos skey selinux chroot X509 ldap"
# openssh recognizes when openssl has been slightly upgraded and refuses to run.
# This new rev will use the new openssl.
RDEPEND="virtual/glibc
pam? ( >=sys-libs/pam-0.73
>=sys-apps/shadow-4.0.2-r2 )
!mips? ( kerberos? ( virtual/krb5 ) )
selinux? ( sys-libs/libselinux )
!ppc64? ( skey? ( >=app-admin/skey-1.1.5-r1 ) )
>=dev-libs/openssl-0.9.6d
>=sys-libs/zlib-1.1.4
!ppc64? ( tcpd? ( >=sys-apps/tcp-wrappers-7.6 ) )"
DEPEND="${RDEPEND}
virtual/os-headers
dev-lang/perl
sys-apps/groff
>=sys-apps/sed-4
sys-devel/autoconf"
PROVIDE="virtual/ssh"
src_unpack() {
unpack ${PARCH}.tar.gz ; cd ${S}
epatch ${FILESDIR}/${P}-resolv_functions.patch
use selinux && epatch ${FILESDIR}/${SELINUX_PATCH}
use alpha && epatch ${FILESDIR}/${PN}-3.5_p1-gentoo-sshd-gcc3.patch
use skey && epatch ${FILESDIR}/${P}-skey.patch
use chroot && epatch ${FILESDIR}/${P}-chroot.patch
use X509 && epatch ${DISTDIR}/${X509_PATCH}
}
src_compile() {
gnuconfig_update
# make sure .sbss is large enough
use skey && use alpha && append-ldflags -mlarge-data
use ldap && filter-flags -funroll-loops
use selinux && append-flags "-DWITH_SELINUX"
use static && append-ldflags -static
export LDFLAGS
autoconf
local myconf="\
$( use_with tcpd tcp-wrappers ) \
$( use_with pam ) \
$( use_with skey )"
use ipv6 || myconf="${myconf} --with-ipv4-default"
use kerberos && myconf="${myconf} --with-kerberos5=/usr" || \
myconf="${myconf} --without-kerberos5"
echo ${myconf}
./configure \
--prefix=/usr \
--sysconfdir=/etc/ssh \
--mandir=/usr/share/man \
--libexecdir=/usr/lib/misc \
--datadir=/usr/share/openssh \
--disable-suid-ssh \
--with-privsep-path=/var/empty \
--with-privsep-user=sshd \
--with-md5-passwords \
--host=${CHOST} \
${myconf} \
|| die "bad configure"
# use static && {
# # statically link to libcrypto -- good for the boot cd
# sed -i "s:-lcrypto:/usr/lib/libcrypto.a:g" Makefile
# }
emake || die "compile problem"
}
src_install() {
make install-files DESTDIR=${D} || die
chmod 600 ${D}/etc/ssh/sshd_config
dodoc ChangeLog CREDITS OVERVIEW README* TODO sshd_config
insinto /etc/pam.d ; newins ${FILESDIR}/sshd.pam sshd
exeinto /etc/init.d ; newexe ${FILESDIR}/sshd.rc6 sshd
keepdir /var/empty
dosed "/^#Protocol /s:.*:Protocol 2:" /etc/ssh/sshd_config
use pam && dosed "/^#UsePAM /s:.*:UsePAM yes:" /etc/ssh/sshd_config
}
pkg_postinst() {
enewgroup sshd 22
enewuser sshd 22 /bin/false /var/empty sshd
ewarn "Remember to merge your config files in /etc/ssh/ and then"
ewarn "restart sshd: '/etc/init.d/sshd restart'."
ewarn
einfo "As of version 3.4 the default is to enable the UsePrivelegeSeparation"
einfo "functionality, but please ensure that you do not explicitly disable"
einfo "this in your configuration as disabling it opens security holes"
einfo
einfo "This revision has removed your sshd user id and replaced it with a"
einfo "new one with UID 22. If you have any scripts or programs that"
einfo "that referenced the old UID directly, you will need to update them."
einfo
use pam >/dev/null 2>&1 && {
einfo "Please be aware users need a valid shell in /etc/passwd"
einfo "in order to be allowed to login."
einfo
}
}
|