net-misc/openssh/openssh-4.0_p1-r1.ebuild

# Copyright 1999-2005 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/openssh-4.0_p1-r1.ebuild,v 1.14 2005/08/24 00:07:24 vapier Exp $

inherit eutils flag-o-matic ccc pam

# Make it more portable between straight releases
# and _p? releases.
PARCH=${P/_/}

SFTPLOG_PATCH_VER="1.2"
X509_PATCH="${PARCH}+x509-5.1.diff.gz"
SELINUX_PATCH="openssh-3.9_p1-selinux.diff"
SECURID_PATCH="${PARCH}+SecurID_v1.3.1.patch"
LDAP_PATCH="${PARCH/-/-lpk-}-0.3.4.patch"
HPN_PATCH="${PARCH}-hpn11.diff"

DESCRIPTION="Port of OpenBSD's free SSH release"
HOMEPAGE="http://www.openssh.com/"
SRC_URI="mirror://openbsd/OpenSSH/portable/${PARCH}.tar.gz
        ldap? ( http://www.opendarwin.org/en/projects/openssh-lpk/files/${LDAP_PATCH} )
        X509? ( http://roumenpetrov.info/openssh/x509-5.1/${X509_PATCH} )
        hpn? ( http://www.psc.edu/networking/projects/hpn-ssh/${HPN_PATCH} )
        smartcard? ( http://www.omniti.com/~jesus/projects/${SECURID_PATCH} )"


LICENSE="as-is"
SLOT="0"
KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86"
IUSE="ipv6 static pam tcpd kerberos skey selinux chroot X509 ldap smartcard sftplogging hpn libedit"

RDEPEND="pam? ( virtual/pam )
        kerberos? ( virtual/krb5 )
        selinux? ( sys-libs/libselinux )
        skey? ( >=app-admin/skey-1.1.5-r1 )
        ldap? ( net-nds/openldap )
        libedit? ( dev-libs/libedit )
        >=dev-libs/openssl-0.9.6d
        >=sys-libs/zlib-1.1.4
        smartcard? ( dev-libs/opensc )
        tcpd? ( >=sys-apps/tcp-wrappers-7.6 )"
DEPEND="${RDEPEND}
        virtual/os-headers
        sys-devel/autoconf"
PROVIDE="virtual/ssh"

S=${WORKDIR}/${PARCH}

src_unpack() {
        unpack ${PARCH}.tar.gz
        cd "${S}"

        #epatch "${FILESDIR}"/openssh-3.9_p1-largekey.patch.bz2
        epatch "${FILESDIR}"/openssh-3.9_p1-configure-openct.patch #78730
        epatch "${FILESDIR}"/openssh-3.9_p1-kerberos-detection.patch #80811

        use X509 && epatch ${DISTDIR}/${X509_PATCH}
        use sftplogging && epatch ${FILESDIR}/openssh-4.0_p1-sftplogging-1.2-gentoo.patch.bz2
        use skey && epatch ${FILESDIR}/openssh-3.9_p1-skey.patch.bz2
        use chroot && epatch ${FILESDIR}/openssh-3.9_p1-chroot.patch
        use selinux && epatch ${FILESDIR}/${SELINUX_PATCH}.bz2
        use smartcard && epatch ${FILESDIR}/openssh-3.9_p1-opensc.patch.bz2
        if ! use X509 ; then
                use smartcard && epatch ${DISTDIR}/${SECURID_PATCH}
                use smartcard && use ldap && epatch ${FILESDIR}/openssh-4.0_p1-smartcard-ldap-happy.patch
                if use sftplogging ; then
                        ewarn "Sorry, sftplogging and ldap don't get along"
                else
                        use ldap && epatch ${DISTDIR}/${LDAP_PATCH}
                fi
        elif use smartcard || use ldap ; then
                ewarn "Sorry, x509 and smartcard/ldap don't get along"
        fi
        use hpn && epatch ${DISTDIR}/${HPN_PATCH}

        sed -i '/LD.*ssh-keysign/s:$: -Wl,-z,now:' Makefile.in || die "setuid"

        autoconf || die "autoconf failed"
}

src_compile() {
        local myconf

        addwrite /dev/ptmx

        # make sure .sbss is large enough
        use skey && use alpha && append-ldflags -mlarge-data
        if use ldap ; then
                filter-flags -funroll-loops
                append-ldflags -lldap
                append-flags -DWITH_LDAP_PUBKEY
        fi
        use selinux && append-flags "-DWITH_SELINUX"

        if use static ; then
                append-ldflags -static
                use pam && ewarn "Disabling pam support becuse of static flag"
                myconf="${myconf} --without-pam"
        else
                myconf="${myconf} $(use_with pam)"
        fi

        use ipv6 || myconf="${myconf} --with-ipv4-default"

        econf \
                --with-ldflags="${LDFLAGS}" \
                --disable-strip \
                --sysconfdir=/etc/ssh \
                --libexecdir=/usr/$(get_libdir)/misc \
                --datadir=/usr/share/openssh \
                --disable-suid-ssh \
                --with-privsep-path=/var/empty \
                --with-privsep-user=sshd \
                --with-md5-passwords \
                $(use_with libedit) \
                $(use_with kerberos kerberos5 /usr) \
                $(use_with tcpd tcp-wrappers) \
                $(use_with skey) \
                $(use_with smartcard opensc) \
                ${myconf} \
                || die "bad configure"

        emake || die "compile problem"
}

src_install() {
        make install-nokeys DESTDIR="${D}" || die
        fperms 600 /etc/ssh/sshd_config
        dobin contrib/ssh-copy-id
        newinitd "${FILESDIR}"/sshd.rc6 sshd
        keepdir /var/empty

        newpamd "${FILESDIR}"/sshd.pam_include sshd
        dosed "/^#Protocol /s:.*:Protocol 2:" /etc/ssh/sshd_config
        use pam \
                && dosed "/^#UsePAM /s:.*:UsePAM yes:" /etc/ssh/sshd_config \
                && dosed "/^#PasswordAuthentication /s:.*:PasswordAuthentication no:" /etc/ssh/sshd_config

        doman contrib/ssh-copy-id.1
        dodoc ChangeLog CREDITS OVERVIEW README* TODO sshd_config
}

pkg_postinst() {
        enewgroup sshd 22
        enewuser sshd 22 -1 /var/empty sshd

        ewarn "Remember to merge your config files in /etc/ssh/ and then"
        ewarn "restart sshd: '/etc/init.d/sshd restart'."
        ewarn
        einfo "As of version 3.4 the default is to enable the UsePrivelegeSeparation"
        einfo "functionality, but please ensure that you do not explicitly disable"
        einfo "this in your configuration as disabling it opens security holes"
        einfo
        einfo "This revision has removed your sshd user id and replaced it with a"
        einfo "new one with UID 22.  If you have any scripts or programs that"
        einfo "that referenced the old UID directly, you will need to update them."
        einfo
        if use pam ; then
                einfo "Please be aware users need a valid shell in /etc/passwd"
                einfo "in order to be allowed to login."
                einfo
        fi
}
1	# Copyright 1999-2005 Gentoo Foundation
2	# Distributed under the terms of the GNU General Public License v2
3	# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/openssh-4.0_p1-r1.ebuild,v 1.14 2005/08/24 00:07:24 vapier Exp $
4
5	inherit eutils flag-o-matic ccc pam
6
7	# Make it more portable between straight releases
8	# and _p? releases.
9	PARCH=${P/_/}
10
11	SFTPLOG_PATCH_VER="1.2"
12	X509_PATCH="${PARCH}+x509-5.1.diff.gz"
13	SELINUX_PATCH="openssh-3.9_p1-selinux.diff"
14	SECURID_PATCH="${PARCH}+SecurID_v1.3.1.patch"
15	LDAP_PATCH="${PARCH/-/-lpk-}-0.3.4.patch"
16	HPN_PATCH="${PARCH}-hpn11.diff"
17
18	DESCRIPTION="Port of OpenBSD's free SSH release"
19	HOMEPAGE="http://www.openssh.com/"
20	SRC_URI="mirror://openbsd/OpenSSH/portable/${PARCH}.tar.gz
21	ldap? ( http://www.opendarwin.org/en/projects/openssh-lpk/files/${LDAP_PATCH} )
22	X509? ( http://roumenpetrov.info/openssh/x509-5.1/${X509_PATCH} )
23	hpn? ( http://www.psc.edu/networking/projects/hpn-ssh/${HPN_PATCH} )
24	smartcard? ( http://www.omniti.com/~jesus/projects/${SECURID_PATCH} )"
25
26
27	LICENSE="as-is"
28	SLOT="0"
29	KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86"
30	IUSE="ipv6 static pam tcpd kerberos skey selinux chroot X509 ldap smartcard sftplogging hpn libedit"
31
32	RDEPEND="pam? ( virtual/pam )
33	kerberos? ( virtual/krb5 )
34	selinux? ( sys-libs/libselinux )
35	skey? ( >=app-admin/skey-1.1.5-r1 )
36	ldap? ( net-nds/openldap )
37	libedit? ( dev-libs/libedit )
38	>=dev-libs/openssl-0.9.6d
39	>=sys-libs/zlib-1.1.4
40	smartcard? ( dev-libs/opensc )
41	tcpd? ( >=sys-apps/tcp-wrappers-7.6 )"
42	DEPEND="${RDEPEND}
43	virtual/os-headers
44	sys-devel/autoconf"
45	PROVIDE="virtual/ssh"
46
47	S=${WORKDIR}/${PARCH}
48
49	src_unpack() {
50	unpack ${PARCH}.tar.gz
51	cd "${S}"
52
53	#epatch "${FILESDIR}"/openssh-3.9_p1-largekey.patch.bz2
54	epatch "${FILESDIR}"/openssh-3.9_p1-configure-openct.patch #78730
55	epatch "${FILESDIR}"/openssh-3.9_p1-kerberos-detection.patch #80811
56
57	use X509 && epatch ${DISTDIR}/${X509_PATCH}
58	use sftplogging && epatch ${FILESDIR}/openssh-4.0_p1-sftplogging-1.2-gentoo.patch.bz2
59	use skey && epatch ${FILESDIR}/openssh-3.9_p1-skey.patch.bz2
60	use chroot && epatch ${FILESDIR}/openssh-3.9_p1-chroot.patch
61	use selinux && epatch ${FILESDIR}/${SELINUX_PATCH}.bz2
62	use smartcard && epatch ${FILESDIR}/openssh-3.9_p1-opensc.patch.bz2
63	if ! use X509 ; then
64	use smartcard && epatch ${DISTDIR}/${SECURID_PATCH}
65	use smartcard && use ldap && epatch ${FILESDIR}/openssh-4.0_p1-smartcard-ldap-happy.patch
66	if use sftplogging ; then
67	ewarn "Sorry, sftplogging and ldap don't get along"
68	else
69	use ldap && epatch ${DISTDIR}/${LDAP_PATCH}
70	fi
71	elif use smartcard \|\| use ldap ; then
72	ewarn "Sorry, x509 and smartcard/ldap don't get along"
73	fi
74	use hpn && epatch ${DISTDIR}/${HPN_PATCH}
75
76	sed -i '/LD.*ssh-keysign/s:$: -Wl,-z,now:' Makefile.in \|\| die "setuid"
77
78	autoconf \|\| die "autoconf failed"
79	}
80
81	src_compile() {
82	local myconf
83
84	addwrite /dev/ptmx
85
86	# make sure .sbss is large enough
87	use skey && use alpha && append-ldflags -mlarge-data
88	if use ldap ; then
89	filter-flags -funroll-loops
90	append-ldflags -lldap
91	append-flags -DWITH_LDAP_PUBKEY
92	fi
93	use selinux && append-flags "-DWITH_SELINUX"
94
95	if use static ; then
96	append-ldflags -static
97	use pam && ewarn "Disabling pam support becuse of static flag"
98	myconf="${myconf} --without-pam"
99	else
100	myconf="${myconf} $(use_with pam)"
101	fi
102
103	use ipv6 \|\| myconf="${myconf} --with-ipv4-default"
104
105	econf \
106	--with-ldflags="${LDFLAGS}" \
107	--disable-strip \
108	--sysconfdir=/etc/ssh \
109	--libexecdir=/usr/$(get_libdir)/misc \
110	--datadir=/usr/share/openssh \
111	--disable-suid-ssh \
112	--with-privsep-path=/var/empty \
113	--with-privsep-user=sshd \
114	--with-md5-passwords \
115	$(use_with libedit) \
116	$(use_with kerberos kerberos5 /usr) \
117	$(use_with tcpd tcp-wrappers) \
118	$(use_with skey) \
119	$(use_with smartcard opensc) \
120	${myconf} \
121	\|\| die "bad configure"
122
123	emake \|\| die "compile problem"
124	}
125
126	src_install() {
127	make install-nokeys DESTDIR="${D}" \|\| die
128	fperms 600 /etc/ssh/sshd_config
129	dobin contrib/ssh-copy-id
130	newinitd "${FILESDIR}"/sshd.rc6 sshd
131	keepdir /var/empty
132
133	newpamd "${FILESDIR}"/sshd.pam_include sshd
134	dosed "/^#Protocol /s:.*:Protocol 2:" /etc/ssh/sshd_config
135	use pam \
136	&& dosed "/^#UsePAM /s:.*:UsePAM yes:" /etc/ssh/sshd_config \
137	&& dosed "/^#PasswordAuthentication /s:.*:PasswordAuthentication no:" /etc/ssh/sshd_config
138
139	doman contrib/ssh-copy-id.1
140	dodoc ChangeLog CREDITS OVERVIEW README* TODO sshd_config
141	}
142
143	pkg_postinst() {
144	enewgroup sshd 22
145	enewuser sshd 22 -1 /var/empty sshd
146
147	ewarn "Remember to merge your config files in /etc/ssh/ and then"
148	ewarn "restart sshd: '/etc/init.d/sshd restart'."
149	ewarn
150	einfo "As of version 3.4 the default is to enable the UsePrivelegeSeparation"
151	einfo "functionality, but please ensure that you do not explicitly disable"
152	einfo "this in your configuration as disabling it opens security holes"
153	einfo
154	einfo "This revision has removed your sshd user id and replaced it with a"
155	einfo "new one with UID 22. If you have any scripts or programs that"
156	einfo "that referenced the old UID directly, you will need to update them."
157	einfo
158	if use pam ; then
159	einfo "Please be aware users need a valid shell in /etc/passwd"
160	einfo "in order to be allowed to login."
161	einfo
162	fi
163	}