aboutsummaryrefslogtreecommitdiffstats
path: root/security/ssh/Makefile
blob: c11b16033aa382b4214284a9fb129b7a030c0a10 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
# New ports collection makefile for:    ssh
# Date created:     30 Jul 1995
# Whom:         torstenb@FreeBSD.org
#
# $FreeBSD$
#
# Maximal ssh package requires YES values for
# WITH_PERL, WITH_TCPWRAP
#

PORTNAME=   ssh
PORTVERSION=    1.2.27
CATEGORIES= security net ipv6
MASTER_SITES=   ftp://ftp.cs.hut.fi/pub/ssh/ \
        ftp://ftp.bitcon.no/.4/console/system/ \
        ftp://ftp.kddlabs.co.jp/.0/security/Crypto/SSH/ \
        ftp://ftp.vision.net.au/ftp7/linuxberg/files/console/system/ \
        ftp://ftp.comp.hkbu.edu.hk/.6/unix/ \
        ftp://ftp.du.se/disk1/mirrors/ssh/

MAINTAINER= kris@FreeBSD.org

.if defined(USA_RESIDENT) && ${USA_RESIDENT} == YES
CONFIGURE_ARGS+= --with-rsaref
LIB_DEPENDS+=   rsaref.2:${PORTSDIR}/security/rsaref
BUILD_DEPENDS+= /nonexistent:${PORTSDIR}/security/rsaref:extract
.endif

RESTRICTED= "Crypto: export-controlled"

USE_AUTOCONF=   YES
GNU_CONFIGURE=  YES
USE_PERL5=  YES
CONFIGURE_ENV+= PERL=${PERL5}

CONFIGURE_ARGS+= --with-etcdir=${PREFIX}/etc

# Uncomment if all your users are in their own group and their homedir
# is writeable by that group.  Beware the security implications!
#
#CONFIGURE_ARGS+= --enable-group-writeability

# Uncomment if you want to allow ssh to emulate an unencrypted rsh connection
# over a secure medium (i.e. allow SSH connections without encryption).
# This is normally dangerous since it can lead to the disclosure of keys
# and passwords.
#
#CONFIGURE_ARGS+= --with-none

.if defined(KRB5_HOME) && exists(${KRB5_HOME})
CONFIGURE_ARGS+=--with-kerberos5=${KRB5_HOME} --enable-kerberos-tgt-passing \
    --disable-suid-ssh
.endif

# Include support for the SecureID card
# Warning: untested !
#
.if defined(WITH_SECUREID)
CONFIGURE_ARGS+= --with-secureid
.endif

# Don't use IDEA. IDEA can be freely used for non-commercial use. However,
# commercial use may require a licence in a number of countries. Since SSH
# itself may not be used for commercial purposes without a license, we
# enable IDEA by default since the user would already be getting himself
# into trouble.
#
.if defined(WITHOUT_IDEA)
CONFIGURE_ARGS+= --without-idea
.endif

MAN1=       scp1.1 ssh-add1.1 ssh-agent1.1 ssh-keygen1.1 ssh1.1 \
        make-ssh-known-hosts1.1
MAN8=       sshd1.8
MLINKS=     make-ssh-known-hosts1.1 make-ssh-known-hosts.1 \
        scp1.1 scp.1 \
        ssh-add1.1 ssh-add.1 \
        ssh-agent1.1 ssh-agent.1 \
        ssh-keygen1.1 ssh-keygen.1 \
        ssh1.1 ssh.1 \
        ssh.1 slogin.1 \
        ssh1.1 slogin1.1 \
        sshd1.8 sshd.8

pre-patch:
    @${MV} -f ${WRKSRC}/make-ssh-known-hosts.pl \
        ${WRKSRC}/make-ssh-known-hosts.pl.in

fetch-depends:
.if !defined(USA_RESIDENT) || ${USA_RESIDENT} != YES && ${USA_RESIDENT} != NO
    @ ${ECHO}
    @ ${ECHO} You must set the variable USA_RESIDENT to YES if you are a
    @ ${ECHO} United States resident, otherwise NO.
    @ ${ECHO} If you are a US resident then this port must also fetch
    @ ${ECHO} the RSAREF2 library from sources abroad \(RSA Inc. holds a
    @ ${ECHO} patent on RSA and public key crypto in general in the United
    @ ${ECHO} States so using RSA implementations other than RSAREF there
    @ ${ECHO} may violate US patent law\).
    @ ${FALSE}
.endif

post-install:
    @if [ ! -f ${PREFIX}/etc/ssh_host_key ]; then \
        ${ECHO} "Generating a secret host key..."; \
        ${PREFIX}/bin/ssh-keygen -f ${PREFIX}/etc/ssh_host_key -N ""; \
    fi
    @if [ ! -f ${PREFIX}/etc/rc.d/sshd.sh ]; then \
        ${ECHO} "Installing ${PREFIX}/etc/rc.d/sshd.sh startup file."; \
        ${SED} -e 's+!!PREFIX!!+${PREFIX}+g' ${FILESDIR}/sshd.sh \
            > ${PREFIX}/etc/rc.d/sshd.sh; \
        ${CHMOD} 751 ${PREFIX}/etc/rc.d/sshd.sh; \
    fi

.include <bsd.port.pre.mk>

# Include tcp-wrapper support (call remote identd)
.if exists(/usr/include/tcpd.h)
CONFIGURE_ARGS+= --with-libwrap
.else
.if defined(WITH_TCPWRAP) || (exists(${PREFIX}/lib/libwrap.a) \
    && !defined(WITHOUT_TCPWRAP))
CONFIGURE_ENV+= LDFLAGS=-L${PREFIX}/lib CFLAGS="${CFLAGS} -I${PREFIX}/include"
CONFIGURE_ARGS+= --with-libwrap
LIB_DEPENDS+=   wrap.7:${PORTSDIR}/security/tcp_wrapper
.endif
.endif

# Original IPv6 patches were obtained from ftp://ftp.kyoto.wide.ad.jp/IPv6/ssh/
# ssh-1.2.27-IPv6-1.5-patch.gz
# We still use WITH_INET6 here and try to support pre 4.0 machines with kame
# IPv6 stack
.if ${OSVERSION} >= 400014 || ( ${OSVERSION} < 400014 && defined(WITH_INET6) )
CONFIGURE_ARGS+=    --enable-ipv6
.else
CONFIGURE_ARGS+=    --disable-ipv6
.endif

# Include SOCKS firewall support
.if defined(WITH_SOCKS)
CONFIGURE_ARGS+= --with-socks="-L${PREFIX}/lib -lsocks5" --with-socks5
.endif

# Include extra files if X11 is installed
.if defined(WITH_X11) || (exists(${X11BASE}/lib/libX11.a) \
    && !defined(WITHOUT_X11))
USE_XLIB=   yes
PLIST:=     ${WRKDIR}/PLIST
pre-install:
    @${CAT} ${PKGDIR}/PLIST.X11 > ${PLIST}
    @${CAT} ${PKGDIR}/PLIST >> ${PLIST}
.else
CONFIGURE_ARGS+= --without-x
.endif

.include <bsd.port.post.mk>