diff options
author | markm <markm@FreeBSD.org> | 1998-03-19 22:57:20 +0800 |
---|---|---|
committer | markm <markm@FreeBSD.org> | 1998-03-19 22:57:20 +0800 |
commit | 75a3af9916fdfeb409e4662436de8adef2b2fc9a (patch) | |
tree | 5d58caf7125b72232cbea3dcdde835c5fb1f313f /x11/XFree86-4 | |
parent | 832deefaec77702881ccdfb47c5b3685bbb2378a (diff) | |
download | freebsd-ports-gnome-75a3af9916fdfeb409e4662436de8adef2b2fc9a.tar.gz freebsd-ports-gnome-75a3af9916fdfeb409e4662436de8adef2b2fc9a.tar.zst freebsd-ports-gnome-75a3af9916fdfeb409e4662436de8adef2b2fc9a.zip |
Enable all sorts of useful security features:
o XDM-AUTHORIZATION-1 is more automated for the non-USA case.
o PST's KerberosIV patches are reinstated for XDM. This is NOT
a full-blown KerberosIV implementation for X - this will
just get you a TGT when you log in - THATS ALL!
o Enable compilation of SecureRPC. The use of SecureRPC at the
moment is frought with danger! I have no idea how safe or
good the implementation is. Enable at your own peril!! (Secure
RPC is only available for those folk using 3.0-Current).
Also allow XF86Setup to use TK-8.0.
OK'ed By: JMZ
Diffstat (limited to 'x11/XFree86-4')
-rw-r--r-- | x11/XFree86-4/Makefile | 23 | ||||
-rw-r--r-- | x11/XFree86-4/distinfo | 1 | ||||
-rw-r--r-- | x11/XFree86-4/scripts/configure | 98 |
3 files changed, 102 insertions, 20 deletions
diff --git a/x11/XFree86-4/Makefile b/x11/XFree86-4/Makefile index 336feb66a126..291015e30d33 100644 --- a/x11/XFree86-4/Makefile +++ b/x11/XFree86-4/Makefile @@ -3,7 +3,7 @@ # Date created: 5 January 1995 # Whom: jmz # -# $Id: Makefile,v 1.37 1997/12/04 10:52:50 asami Exp $ +# $Id: Makefile,v 1.38 1998/03/08 17:13:18 jmz Exp $ # DISTNAME= xc @@ -25,6 +25,27 @@ ALL_TARGET= World INSTALL_TARGET= install install.man DIST_SUBDIR= xc +.if defined(XDM_DES) && (${USA_RESIDENT} != YES && ${USA_RESIDENT} != NO) +pre-fetch: + @${ECHO} + @${ECHO} You must set variable USA_RESIDENT to YES or NO. + @false +.elif defined(USA_RESIDENT) +.if ${USA_RESIDENT} == NO +pre-fetch: +MASTER_SITES+= ftp://psych.psy.uq.oz.au/pub/X11R5/ \ + ftp://ftp.internat.freebsd.org/pub/FreeBSD/X11-Crypto/ \ + ftp://ftp3.za.freebsd.org/pub/FreeBSD/X11-Crypto/ +DISTFILES+= Wraphelp.c +IGNOREFILES= Wraphelp.c +.endif +.if ${USA_RESIDENT} == YES +pre-fetch: + @${ECHO} + @${ECHO} Assuming that you have fetched a USA-Legal Wraphelp.c. +.endif +.endif + pre-install: ${MKDIR} /usr/X11R6 post-install: diff --git a/x11/XFree86-4/distinfo b/x11/XFree86-4/distinfo index b1738b48754e..4ef8149a82c5 100644 --- a/x11/XFree86-4/distinfo +++ b/x11/XFree86-4/distinfo @@ -1,2 +1,3 @@ MD5 (xc/X332src-1.tgz) = 61c0340f91c883e214886fb81d1eefc3 MD5 (xc/X332src-2.tgz) = d7b5370405afaf1097952911d1b5303d +MD5 (xc/Wraphelp.c) = IGNORE diff --git a/x11/XFree86-4/scripts/configure b/x11/XFree86-4/scripts/configure index fcc38caf0028..f2e61f73a8d9 100644 --- a/x11/XFree86-4/scripts/configure +++ b/x11/XFree86-4/scripts/configure @@ -21,35 +21,38 @@ rm -f $F # Tk detection tkversion= -###### only tk 4.2/tcl 7.6 is known to work -for v in 2; do - if [ -f /usr/local/lib/libtk4$v.a ]; then +for v in 42 80; do + if [ -f /usr/local/lib/libtk$v.a ]; then tkversion=$v + case $tkversion in + 42) + tclversion=76 + tclLversion=7.6 + tkLversion=4.2 + ;; + 80) + tclversion=80 + tclLversion=8.0 + tkLversion=8.0 + ;; + esac fi done if [ X$tkversion != X ]; then - echo "Using tk-4.$tkversion" + echo "Using tk-$tkLversion" echo "#define HasTk YES" >>$F echo "#define TkLibDir /usr/local/lib" >>$F - echo "#define TkIncDir /usr/local/include/tk4.$tkversion" >>$F - echo "#define TkLibName tk4$tkversion" >>$F + echo "#define TkIncDir /usr/local/include/tk$tkLversion" >>$F + echo "#define TkLibName tk$tkversion" >>$F echo "#define HasTcl YES" >>$F echo "#define TclLibDir /usr/local/lib" >>$F - case $tkversion in - 1) - tclversion=5 - ;; - 2) - tclversion=6 - ;; - esac - echo "#define TclIncDir /usr/local/include/tcl7.$tclversion" >>$F - echo "#define TclLibName tcl7$tclversion" >>$F + echo "#define TclIncDir /usr/local/include/tcl$tclLversion" >>$F + echo "#define TclLibName tcl$tclversion" >>$F else cat <<EOF -*** I don't see the static library for tk version 4.2 in /usr/local/lib. +*** I don't see the static library for tk version $tkversion in /usr/local/lib. *** XF86Setup will not be installed. If you want to build this program -*** install tk 4.2 first. +*** install tk 4.2 or 8.0 first. EOF fi @@ -168,6 +171,20 @@ yesno "Build static libraries in addition to shared libraries? [YES] " if [ $answ = YES ]; then echo "#define ForceNormalLib YES" >> $F fi + +cat <<'END' + + FreeBSD-3.x has support for Secure RPC. DO NOT ENABLE THIS ON FreeBSD-2.* !! + + While this scheme is not used for general purpose encryption, + some countries restrict the use of strong cryptography. + +END +yesno "Build with Secure RPC? [YES] " +if [ $answ = YES ]; then + echo "#define HasSecureRPC YES" >> $F +fi + cat <<'END' MIT supplies an authentication mechanism that relies upon DES, this is @@ -212,6 +229,43 @@ if [ $cpwh != NO ]; then echo "#define HasXdmAuth $answ" >> $F fi +cat <<'END' + + XDM can be built so that it will get a KerberosIV TGT for your users + when they log in. This requires that you have Kerberos on your system + when you do this build. + + Source code for this authentication mechanism may not be exported from + the United States, however, there are compatible replacements for this + mechanism available elsewhere. Also, while this scheme is not used for + general purpose encryption, some countries restrict the use of strong + cryptography. + + Even if you answer YES to the following question, KerberosIV support + will not be enabled if the kerberos libraries are unavailable. + +END +yesno "Do you want to enable KerberosIV support? [YES] " +cpkb=NO +if [ $answ = YES ]; then + LIBKRB=/usr/lib/libkrb.a + K4PATCH=$FILESDIR/kerberos4.diffs + K4XDM="$FILESDIR/krb4auth.c $FILESDIR/krb4auth.h" + XDMDIR=$WRKDIR/xc/programs/xdm/ + + if [ -f $LIBKRB ] ; then + echo "==> KerberosIV found in system libraries." + cpkb=YES + else + echo "==> Kerberos libraries not found on system." + echo "==> KerberosIV support NOT enabled." + cpkb=NO + fi +fi +if [ $cpkb != NO ]; then + echo "#define HasKrb4 $answ" >> $F +fi + echo echo "End of configuration questions. No more user input required" echo @@ -223,6 +277,12 @@ if [ X$cpwh != XNO ]; then cp $cpwh $WH fi -cat $F >> $WRKSRC/config/cf/xf86site.def +if [ X$cpkb != XNO ]; then + cp $K4XDM $XDMDIR + echo "===> Applying KerberosIV patches" + patch -s -d $WRKDIR/xc -E -p0 < $K4PATCH +fi + +cat $F >> $WRKDIR/xc/config/cf/xf86site.def exit 0 |