156 lines
4.6 KiB
Makefile
156 lines
4.6 KiB
Makefile
# New ports collection makefile for: ssh
|
|
# Date created: 30 Jul 1995
|
|
# Whom: torstenb@FreeBSD.org
|
|
#
|
|
# $FreeBSD$
|
|
#
|
|
# Maximal ssh package requires YES values for
|
|
# WITH_PERL, WITH_TCPWRAP
|
|
#
|
|
|
|
PORTNAME= ssh
|
|
PORTVERSION= 1.2.27
|
|
CATEGORIES= security ipv6
|
|
MASTER_SITES= ftp://ftp.cs.hut.fi/pub/ssh/ \
|
|
ftp://ftp.bitcon.no/.4/console/system/ \
|
|
ftp://ftp.kddlabs.co.jp/.0/security/Crypto/SSH/ \
|
|
ftp://ftp.vision.net.au/ftp7/linuxberg/files/console/system/ \
|
|
ftp://ftp.comp.hkbu.edu.hk/.6/unix/ \
|
|
ftp://ftp.du.se/disk1/mirrors/ssh/
|
|
|
|
MAINTAINER= kris@FreeBSD.org
|
|
|
|
.if defined(USA_RESIDENT) && ${USA_RESIDENT} == YES
|
|
CONFIGURE_ARGS+= --with-rsaref
|
|
LIB_DEPENDS+= rsaref.2:${PORTSDIR}/security/rsaref
|
|
BUILD_DEPENDS+= /nonexistent:${PORTSDIR}/security/rsaref:extract
|
|
.endif
|
|
|
|
RESTRICTED= "Crypto: export-controlled"
|
|
|
|
USE_AUTOCONF= YES
|
|
GNU_CONFIGURE= YES
|
|
USE_PERL5= YES
|
|
CONFIGURE_ENV+= PERL=${PERL5}
|
|
|
|
CONFIGURE_ARGS+= --with-etcdir=${PREFIX}/etc
|
|
|
|
# Uncomment if all your users are in their own group and their homedir
|
|
# is writeable by that group. Beware the security implications!
|
|
#
|
|
#CONFIGURE_ARGS+= --enable-group-writeability
|
|
|
|
# Uncomment if you want to allow ssh to emulate an unencrypted rsh connection
|
|
# over a secure medium (i.e. allow SSH connections without encryption).
|
|
# This is normally dangerous since it can lead to the disclosure of keys
|
|
# and passwords.
|
|
#
|
|
#CONFIGURE_ARGS+= --with-none
|
|
|
|
.if defined(KRB5_HOME) && exists(${KRB5_HOME})
|
|
CONFIGURE_ARGS+=--with-kerberos5=${KRB5_HOME} --enable-kerberos-tgt-passing \
|
|
--disable-suid-ssh
|
|
.endif
|
|
|
|
# Include support for the SecureID card
|
|
# Warning: untested !
|
|
#
|
|
.if defined(WITH_SECUREID)
|
|
CONFIGURE_ARGS+= --with-secureid
|
|
.endif
|
|
|
|
# Don't use IDEA. IDEA can be freely used for non-commercial use. However,
|
|
# commercial use may require a licence in a number of countries. Since SSH
|
|
# itself may not be used for commercial purposes without a license, we
|
|
# enable IDEA by default since the user would already be getting himself
|
|
# into trouble.
|
|
#
|
|
.if defined(WITHOUT_IDEA)
|
|
CONFIGURE_ARGS+= --without-idea
|
|
.endif
|
|
|
|
MAN1= scp1.1 ssh-add1.1 ssh-agent1.1 ssh-keygen1.1 ssh1.1 \
|
|
make-ssh-known-hosts1.1
|
|
MAN8= sshd1.8
|
|
MLINKS= make-ssh-known-hosts1.1 make-ssh-known-hosts.1 \
|
|
scp1.1 scp.1 \
|
|
ssh-add1.1 ssh-add.1 \
|
|
ssh-agent1.1 ssh-agent.1 \
|
|
ssh-keygen1.1 ssh-keygen.1 \
|
|
ssh1.1 ssh.1 \
|
|
ssh.1 slogin.1 \
|
|
ssh1.1 slogin1.1 \
|
|
sshd1.8 sshd.8
|
|
|
|
pre-patch:
|
|
@${MV} -f ${WRKSRC}/make-ssh-known-hosts.pl \
|
|
${WRKSRC}/make-ssh-known-hosts.pl.in
|
|
|
|
fetch-depends:
|
|
.if !defined(USA_RESIDENT) || ${USA_RESIDENT} != YES && ${USA_RESIDENT} != NO
|
|
@ ${ECHO}
|
|
@ ${ECHO} You must set the variable USA_RESIDENT to YES if you are a
|
|
@ ${ECHO} United States resident, otherwise NO.
|
|
@ ${ECHO} If you are a US resident then this port must also fetch
|
|
@ ${ECHO} the RSAREF2 library from sources abroad \(RSA Inc. holds a
|
|
@ ${ECHO} patent on RSA and public key crypto in general in the United
|
|
@ ${ECHO} States so using RSA implementations other than RSAREF there
|
|
@ ${ECHO} may violate US patent law\).
|
|
@ ${FALSE}
|
|
.endif
|
|
|
|
post-install:
|
|
@if [ ! -f ${PREFIX}/etc/ssh_host_key ]; then \
|
|
${ECHO} "Generating a secret host key..."; \
|
|
${PREFIX}/bin/ssh-keygen -f ${PREFIX}/etc/ssh_host_key -N ""; \
|
|
fi
|
|
@if [ ! -f ${PREFIX}/etc/rc.d/sshd.sh ]; then \
|
|
${ECHO} "Installing ${PREFIX}/etc/rc.d/sshd.sh startup file."; \
|
|
${SED} -e 's+!!PREFIX!!+${PREFIX}+g' ${FILESDIR}/sshd.sh \
|
|
> ${PREFIX}/etc/rc.d/sshd.sh; \
|
|
${CHMOD} 751 ${PREFIX}/etc/rc.d/sshd.sh; \
|
|
fi
|
|
|
|
.include <bsd.port.pre.mk>
|
|
|
|
# Include tcp-wrapper support (call remote identd)
|
|
.if exists(/usr/include/tcpd.h)
|
|
CONFIGURE_ARGS+= --with-libwrap
|
|
.else
|
|
.if defined(WITH_TCPWRAP) || (exists(${PREFIX}/lib/libwrap.a) \
|
|
&& !defined(WITHOUT_TCPWRAP))
|
|
CONFIGURE_ENV+= LDFLAGS=-L${PREFIX}/lib CFLAGS="${CFLAGS} -I${PREFIX}/include"
|
|
CONFIGURE_ARGS+= --with-libwrap
|
|
LIB_DEPENDS+= wrap.7:${PORTSDIR}/security/tcp_wrapper
|
|
.endif
|
|
.endif
|
|
|
|
# Original IPv6 patches were obtained from ftp://ftp.kyoto.wide.ad.jp/IPv6/ssh/
|
|
# ssh-1.2.27-IPv6-1.5-patch.gz
|
|
# We still use WITH_INET6 here and try to support pre 4.0 machines with kame
|
|
# IPv6 stack
|
|
.if ${OSVERSION} >= 400014 || ( ${OSVERSION} < 400014 && defined(WITH_INET6) )
|
|
CONFIGURE_ARGS+= --enable-ipv6
|
|
.else
|
|
CONFIGURE_ARGS+= --disable-ipv6
|
|
.endif
|
|
|
|
# Include SOCKS firewall support
|
|
.if defined(WITH_SOCKS)
|
|
CONFIGURE_ARGS+= --with-socks="-L${PREFIX}/lib -lsocks5" --with-socks5
|
|
.endif
|
|
|
|
# Include extra files if X11 is installed
|
|
.if defined(WITH_X11) || (exists(${X11BASE}/lib/libX11.a) \
|
|
&& !defined(WITHOUT_X11))
|
|
USE_XLIB= yes
|
|
PLIST:= ${WRKDIR}/PLIST
|
|
pre-install:
|
|
@${CAT} ${PKGDIR}/PLIST.X11 > ${PLIST}
|
|
@${CAT} ${PKGDIR}/PLIST >> ${PLIST}
|
|
.else
|
|
CONFIGURE_ARGS+= --without-x
|
|
.endif
|
|
|
|
.include <bsd.port.post.mk>
|