/[gentoo-x86]/net-misc/openssh/openssh-4.3_p2-r1.ebuild
Gentoo

Contents of /net-misc/openssh/openssh-4.3_p2-r1.ebuild

Parent Directory Parent Directory | Revision Log Revision Log


Revision 1.20 - (show annotations) (download)
Sat Dec 30 02:02:58 2006 UTC (12 years, 11 months ago) by vapier
Branch: MAIN
CVS Tags: HEAD
Changes since 1.19: +1 -1 lines
FILE REMOVED
old

1 # Copyright 1999-2006 Gentoo Foundation
2 # Distributed under the terms of the GNU General Public License v2
3 # $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/openssh-4.3_p2-r1.ebuild,v 1.19 2006/12/07 08:44:26 flameeyes Exp $
4
5 inherit eutils flag-o-matic ccc pam
6
7 # Make it more portable between straight releases
8 # and _p? releases.
9 PARCH=${P/_/}
10
11 X509_PATCH="${PARCH}+x509-5.3.diff.gz"
12 SECURID_PATCH="${PARCH}+SecurID_v1.3.2.patch"
13 LDAP_PATCH="${PARCH/-4.3p2/-lpk-4.3p1}-0.3.7.patch"
14 HPN_PATCH="${PARCH/p2/p1}-hpn11.diff"
15
16 DESCRIPTION="Port of OpenBSD's free SSH release"
17 HOMEPAGE="http://www.openssh.com/"
18 SRC_URI="mirror://openbsd/OpenSSH/portable/${PARCH}.tar.gz
19 hpn? ( http://www.psc.edu/networking/projects/hpn-ssh/${HPN_PATCH} )
20 X509? ( http://roumenpetrov.info/openssh/x509-5.3/${X509_PATCH} )
21 smartcard? ( http://www.omniti.com/~jesus/projects/${SECURID_PATCH} )
22 ldap? ( http://www.opendarwin.org/projects/openssh-lpk/files/${LDAP_PATCH} )"
23
24 LICENSE="as-is"
25 SLOT="0"
26 KEYWORDS="alpha amd64 arm hppa ia64 m68k mips ppc ppc64 s390 sh sparc x86"
27 IUSE="ipv6 static pam tcpd kerberos skey selinux chroot X509 ldap smartcard sftplogging hpn libedit"
28
29 RDEPEND="pam? ( virtual/pam )
30 kerberos? ( virtual/krb5 )
31 selinux? ( >=sys-libs/libselinux-1.28 )
32 skey? ( >=app-admin/skey-1.1.5-r1 )
33 ldap? ( net-nds/openldap )
34 libedit? ( dev-libs/libedit )
35 >=dev-libs/openssl-0.9.6d
36 >=sys-libs/zlib-1.2.3
37 smartcard? ( dev-libs/opensc )
38 tcpd? ( >=sys-apps/tcp-wrappers-7.6 )
39 sys-apps/shadow"
40
41 DEPEND="${RDEPEND}
42 virtual/os-headers
43 sys-devel/autoconf"
44
45
46 PROVIDE="virtual/ssh"
47
48 S=${WORKDIR}/${PARCH}
49
50 src_unpack() {
51 unpack ${PARCH}.tar.gz
52 cd "${S}"
53
54 sed -i \
55 -e '/_PATH_XAUTH/s:/usr/X11R6/bin/xauth:/usr/bin/xauth:' \
56 pathnames.h || die
57
58 epatch "${FILESDIR}"/openssh-4.3_p2-configure.patch #137921
59 epatch "${FILESDIR}"/openssh-4.3_p1-krb5-typos.patch #124494
60 use X509 && epatch "${DISTDIR}"/${X509_PATCH}
61 use sftplogging && epatch "${FILESDIR}"/openssh-4.2_p1-sftplogging-1.4-gentoo.patch.bz2
62 use chroot && epatch "${FILESDIR}"/openssh-3.9_p1-chroot.patch
63 if use X509 ; then
64 cp "${FILESDIR}"/openssh-4.3_p2-selinux.patch .
65 epatch "${FILESDIR}"/openssh-4.3_p2-selinux.patch.glue ./openssh-4.3_p2-selinux.patch
66 else
67 epatch "${FILESDIR}"/openssh-4.3_p2-selinux.patch
68 fi
69 use smartcard && epatch "${FILESDIR}"/openssh-3.9_p1-opensc.patch
70 if ! use X509 ; then
71 if [[ -n ${SECURID_PATCH} ]] && use smartcard ; then
72 epatch "${DISTDIR}"/${SECURID_PATCH}
73 use ldap && epatch "${FILESDIR}"/openssh-4.0_p1-smartcard-ldap-happy.patch
74 fi
75 if use ldap ; then
76 use sftplogging \
77 && ewarn "Sorry, sftplogging and ldap don't get along, disabling ldap" \
78 || epatch "${DISTDIR}"/${LDAP_PATCH}
79 fi
80 elif [[ -n ${SECURID_PATCH} ]] && use smartcard || use ldap ; then
81 ewarn "Sorry, x509 and smartcard/ldap don't get along"
82 fi
83 [[ -n ${HPN_PATCH} ]] && use hpn && epatch "${DISTDIR}"/${HPN_PATCH}
84
85 sed -i '/LD.*ssh-keysign/s:$: '$(bindnow-flags)':' Makefile.in || die "setuid"
86
87 autoconf || die "autoconf failed"
88 }
89
90 src_compile() {
91 addwrite /dev/ptmx
92 addpredict /etc/skey/skeykeys #skey configure code triggers this
93
94 local myconf
95 # make sure .sbss is large enough
96 use skey && use alpha && append-ldflags -mlarge-data
97 if use ldap ; then
98 filter-flags -funroll-loops
99 myconf="${myconf} --with-ldap"
100 fi
101 use selinux && append-flags -DWITH_SELINUX && append-ldflags -lselinux
102
103 if use static ; then
104 append-ldflags -static
105 use pam && ewarn "Disabling pam support becuse of static flag"
106 myconf="${myconf} --without-pam"
107 else
108 myconf="${myconf} $(use_with pam)"
109 fi
110
111 use ipv6 || myconf="${myconf} --with-ipv4-default"
112
113 econf \
114 --with-ldflags="${LDFLAGS}" \
115 --disable-strip \
116 --sysconfdir=/etc/ssh \
117 --libexecdir=/usr/$(get_libdir)/misc \
118 --datadir=/usr/share/openssh \
119 --disable-suid-ssh \
120 --with-privsep-path=/var/empty \
121 --with-privsep-user=sshd \
122 --with-md5-passwords \
123 $(use_with libedit) \
124 $(use_with kerberos kerberos5 /usr) \
125 $(use_with tcpd tcp-wrappers) \
126 $(use_with skey) \
127 $(use_with smartcard opensc) \
128 ${myconf} \
129 || die "bad configure"
130
131 emake || die "compile problem"
132 }
133
134 src_install() {
135 make install-nokeys DESTDIR="${D}" || die
136 fperms 600 /etc/ssh/sshd_config
137 dobin contrib/ssh-copy-id
138 newinitd "${FILESDIR}"/sshd.rc6 sshd
139 newconfd "${FILESDIR}"/sshd.confd sshd
140 keepdir /var/empty
141
142 newpamd "${FILESDIR}"/sshd.pam_include sshd
143 dosed "/^#Protocol /s:.*:Protocol 2:" /etc/ssh/sshd_config
144 use pam \
145 && dosed "/^#UsePAM /s:.*:UsePAM yes:" /etc/ssh/sshd_config \
146 && dosed "/^#PasswordAuthentication /s:.*:PasswordAuthentication no:" /etc/ssh/sshd_config
147
148 doman contrib/ssh-copy-id.1
149 dodoc ChangeLog CREDITS OVERVIEW README* TODO sshd_config
150 }
151
152 pkg_postinst() {
153 enewgroup sshd 22
154 enewuser sshd 22 -1 /var/empty sshd
155
156 ewarn "Remember to merge your config files in /etc/ssh/ and then"
157 ewarn "restart sshd: '/etc/init.d/sshd restart'."
158 ewarn
159 einfo "As of version 3.4 the default is to enable the UsePrivelegeSeparation"
160 einfo "functionality, but please ensure that you do not explicitly disable"
161 einfo "this in your configuration as disabling it opens security holes"
162 einfo
163 einfo "This revision has removed your sshd user id and replaced it with a"
164 einfo "new one with UID 22. If you have any scripts or programs that"
165 einfo "that referenced the old UID directly, you will need to update them."
166 einfo
167 if use pam ; then
168 einfo "Please be aware users need a valid shell in /etc/passwd"
169 einfo "in order to be allowed to login."
170 einfo
171 fi
172 }

  ViewVC Help
Powered by ViewVC 1.1.20