/[gentoo-x86]/net-misc/openssh/openssh-3.7.1_p1-r1.ebuild
Gentoo

Contents of /net-misc/openssh/openssh-3.7.1_p1-r1.ebuild

Parent Directory Parent Directory | Revision Log Revision Log


Revision 1.3 - (show annotations) (download)
Sat Sep 20 01:02:37 2003 UTC (16 years, 1 month ago) by pebenito
Branch: MAIN
Changes since 1.2: +4 -3 lines
fix selinux patch for 3.7.1_p1

1 # Copyright 1999-2003 Gentoo Technologies, Inc.
2 # Distributed under the terms of the GNU General Public License v2
3 # $Header: /home/cvsroot/gentoo-x86/net-misc/openssh/openssh-3.7.1_p1-r1.ebuild,v 1.2 2003/09/19 13:27:25 aliz Exp $
4
5 inherit eutils flag-o-matic ccc
6 [ `use kerberos` ] && append-flags -I/usr/include/gssapi
7
8 # Make it more portable between straight releases
9 # and _p? releases.
10 PARCH=${P/_/}
11
12 X509_PATCH=${PARCH}+x509g2.diff.gz
13 SELINUX_PATCH=openssh-3.7.1_p1-selinux.diff.bz2
14
15 S=${WORKDIR}/${PARCH}
16 DESCRIPTION="Port of OpenBSD's free SSH release"
17 HOMEPAGE="http://www.openssh.com/"
18 IUSE="ipv6 static pam tcpd kerberos skey selinux X509"
19 SRC_URI="ftp://ftp.openbsd.org/pub/unix/OpenBSD/OpenSSH/portable/${PARCH}.tar.gz
20 selinux? ( http://dev.gentoo.org/~pebenito/${SELINUX_PATCH} )
21 X509? ( http://roumenpetrov.info/openssh/x509g2/${X509_PATCH} )"
22
23 # openssh recognizes when openssl has been slightly upgraded and refuses to run.
24 # This new rev will use the new openssl.
25 RDEPEND="virtual/glibc
26 pam? ( >=sys-libs/pam-0.73
27 >=sys-apps/shadow-4.0.2-r2 )
28 kerberos? ( app-crypt/mit-krb5 )
29 selinux? ( sys-apps/selinux-small )
30 skey? ( app-admin/skey )
31 >=dev-libs/openssl-0.9.6d
32 sys-libs/zlib
33 >=sys-apps/sed-4"
34
35 DEPEND="${RDEPEND}
36 dev-lang/perl
37 sys-apps/groff
38 tcpd? ( >=sys-apps/tcp-wrappers-7.6 )"
39
40 SLOT="0"
41 LICENSE="as-is"
42 KEYWORDS="~x86 ~ppc ~sparc ~alpha ~mips ~hppa ~arm ~amd64 ~ia64"
43
44 src_unpack() {
45 unpack ${PARCH}.tar.gz ; cd ${S}
46
47 use selinux && epatch ${DISTDIR}/${SELINUX_PATCH}
48 use alpha && epatch ${FILESDIR}/${PN}-3.5_p1-gentoo-sshd-gcc3.patch
49 use X509 && epatch ${DISTDIR}/${X509_PATCH}
50
51 epatch ${FILESDIR}/${P}-connect-timeout.patch
52 epatch ${FILESDIR}/${P}-double-free.patch
53 epatch ${FILESDIR}/${P}-memory-leak.patch
54 epatch ${FILESDIR}/${P}-memory-bugs.patch
55
56 use skey && {
57 # prevent the conftest from violating the sandbox
58 sed -i 's#skey_keyinfo("")#"true"#g' configure
59 }
60 }
61
62 src_compile() {
63 local myconf
64
65 myconf="\
66 $( use_with tcpd tcp-wrappers ) \
67 $( use_with kerberos kerberos5 ) \
68 $( use_with pam ) \
69 $( use_with skey )"
70
71 use ipv6 || myconf="${myconf} --with-ipv4-default"
72
73 use skey && {
74 # make sure .sbss is large enough
75 use alpha && append-ldflags -mlarge-data
76 }
77
78 use selinux && append-flags "-DWITH_SELINUX"
79
80 ./configure \
81 --prefix=/usr \
82 --sysconfdir=/etc/ssh \
83 --mandir=/usr/share/man \
84 --libexecdir=/usr/lib/misc \
85 --datadir=/usr/share/openssh \
86 --disable-suid-ssh \
87 --with-privsep-path=/var/empty \
88 --with-privsep-user=sshd \
89 --with-md5-passwords \
90 --host=${CHOST} ${myconf} || die "bad configure"
91
92 use static && {
93 # statically link to libcrypto -- good for the boot cd
94 sed -i "s:-lcrypto:/usr/lib/libcrypto.a:g" Makefile
95 }
96
97 use selinux && {
98 #add -lsecure
99 sed -i "s:LIBS=\(.*\):LIBS=\1 -lsecure:" Makefile
100 }
101
102 emake || die "compile problem"
103 }
104
105 src_install() {
106 make install-files DESTDIR=${D} || die
107 chmod 600 ${D}/etc/ssh/sshd_config
108 dodoc ChangeLog CREDITS OVERVIEW README* TODO sshd_config
109 insinto /etc/pam.d ; newins ${FILESDIR}/sshd.pam sshd
110 exeinto /etc/init.d ; newexe ${FILESDIR}/sshd.rc6 sshd
111 keepdir /var/empty/.keep
112 }
113
114 pkg_preinst() {
115 userdel sshd 2> /dev/null
116 if ! groupmod sshd; then
117 groupadd -g 90 sshd 2> /dev/null || \
118 die "Failed to create sshd group"
119 fi
120 useradd -u 22 -g sshd -s /dev/null -d /var/empty -c "sshd" sshd || \
121 die "Failed to create sshd user"
122 }
123
124 pkg_postinst() {
125 # empty dir for the new priv separation auth chroot..
126 install -d -m0755 -o root -g root ${ROOT}/var/empty
127
128 ewarn "Remember to merge your config files in /etc/ssh/ and then"
129 ewarn "restart sshd: '/etc/init.d/sshd restart'."
130 ewarn
131 einfo "As of version 3.4 the default is to enable the UsePrivelegeSeparation"
132 einfo "functionality, but please ensure that you do not explicitly disable"
133 einfo "this in your configuration as disabling it opens security holes"
134 einfo
135 einfo "This revision has removed your sshd user id and replaced it with a"
136 einfo "new one with UID 22. If you have any scripts or programs that"
137 einfo "that referenced the old UID directly, you will need to update them."
138 einfo
139 use pam >/dev/null 2>&1 && {
140 einfo "Please be aware users need a valid shell in /etc/passwd"
141 einfo "in order to be allowed to login."
142 einfo
143 }
144 }

  ViewVC Help
Powered by ViewVC 1.1.20