# -*- coding: utf-8; mode: tcl; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- vim:fenc=utf-8:ft=tcl:et:sw=4:ts=4:sts=4 # $Id$ PortSystem 1.0 name openssh version 6.2p2 revision 3 conflicts ssh-copy-id categories net platforms darwin maintainers nomaintainer license BSD installs_libs no description OpenSSH secure login server long_description OpenSSH is a FREE version of the SSH protocol suite of \ network connectivity tools that increasing numbers of people on the \ Internet are coming to rely on. Many users of telnet, rlogin, ftp, \ and other such programs might not realize that their password is \ transmitted across the Internet unencrypted, but it is. OpenSSH \ encrypts all traffic (including passwords) to effectively eliminate \ eavesdropping, connection hijacking, and other network-level \ attacks. Additionally, OpenSSH provides a myriad of secure \ tunneling capabilities, as well as a variety of authentication \ methods. homepage http://www.openbsd.org/openssh/ checksums ${distfiles} \ rmd160 1fab1ae5f2db71b6f9e8bbbab574334c3985bd2d \ sha256 7f29b9d2ad672ae0f9e1dcbff871fc5c2e60a194e90c766432e32161b842313b master_sites openbsd:OpenSSH/portable \ http://mirror.mcs.anl.gov/openssh/portable/ \ ftp://ftp.cise.ufl.edu/pub/mirrors/openssh/portable/ \ ftp://reflection.ncsa.uiuc.edu/pub/OpenBSD/OpenSSH/portable/ \ ftp://mirror.mcs.anl.gov/pub/openssh/portable/ \ ftp://ftp.cse.buffalo.edu/pub/OpenBSD/OpenSSH/portable/ \ ftp://openbsd.mirrors.pair.com/ftp/OpenSSH/portable \ ftp://openbsd.secsup.org/pub/openbsd/OpenSSH/portable/ depends_lib port:openssl \ port:zlib \ port:kerberos5 patchfiles launchd.patch # Specified -fno-builtin because GCC 3.3 has log() as a builtin # (from math.h) while OpenSSH has its own log() function # -- from fink. configure.cppflags-append -fno-builtin configure.args --with-ssl-dir=${prefix} \ --sysconfdir=${prefix}/etc/ssh \ --with-privsep-path=${prefix}/var/empty \ --with-md5-passwords \ --with-pid-dir=${prefix}/var/run \ --with-tcp-wrappers \ --with-pam \ --mandir=${prefix}/share/man \ --with-zlib=${prefix} \ --with-kerberos5=${prefix} \ --with-libedit \ --without-xauth use_parallel_build yes destroot.target install-nokeys if {${os.major} >= 12} { depends_lib-append port:tcp_wrappers } post-destroot { destroot.keepdirs ${destroot}${prefix}/var/run ${destroot}${prefix}/var/empty reinplace "s|#Port 22|Port 2222|g" ${destroot}${prefix}/etc/ssh/sshd_config xinstall -m 755 ${worksrcpath}/contrib/ssh-copy-id ${destroot}${prefix}/bin xinstall -m 644 ${worksrcpath}/contrib/ssh-copy-id.1 ${destroot}${prefix}/share/man/man1 file rename "${destroot}${prefix}/etc/ssh/sshd_config" "${destroot}${prefix}/etc/ssh/sshd_config.example" file rename "${destroot}${prefix}/etc/ssh/ssh_config" "${destroot}${prefix}/etc/ssh/ssh_config.example" } post-activate { if {![file exists "${prefix}/etc/ssh/sshd_config"]} { file copy "${prefix}/etc/ssh/sshd_config.example" "${prefix}/etc/ssh/sshd_config" } if {![file exists "${prefix}/etc/ssh/ssh_config"]} { file copy "${prefix}/etc/ssh/ssh_config.example" "${prefix}/etc/ssh/ssh_config" } } default_variants +xauth variant xauth description {Build with support for xauth} { configure.args-delete --without-xauth configure.args-append --with-xauth=${prefix}/bin/xauth depends_run-append port:xauth } variant no_x11 requires xauth description {Legacy compatibility variant} {} # Disable HPN variant since it currently doesn't work with 6.2 #variant hpn description "apply high performance patch" { # # http://www.psc.edu/index.php/hpn-ssh # #patch_sites-append http://www.psc.edu/index.php/component/remository/func-download/861/chk,20152cee1847ff688dabbe20eab6505c/no_html,1/?dummy=:hpn # patch_sites-append googlecode:latian-linux:hpn # set hpn_patchfile ${distname}-hpn13v14.diff.gz # patchfiles-append ${hpn_patchfile}:hpn # checksums-append ${hpn_patchfile} \ # rmd160 e422c76f2aad6efd2b5101fbe0018df3f95bf5cb \ # sha256 d8dada89de2f17f89c1ac40e4cf4e87b69eecde15a1f84baeddd991aa9d1aa91 # # patch.pre_args # post-patch { # reinplace "s|TMP_SSH_VERSION SSH_PORTABLE|TMP_SSH_VERSION SSH_PORTABLE SH_HPN|" ${worksrcpath}/version.h # } #} variant gsskex description "Add OpenSSH GSSAPI key exchange patch" { set extra_cppflags [concat \ "-F/System/Library/Frameworks/DirectoryService.framework" \ "-F/System/Library/Frameworks/CoreFoundation.framework" \ "-D_UTMPX_COMPAT -D__APPLE_LAUNCHD__ -D__APPLE_MEMBERSHIP__" \ "-D__APPLE_XSAN__"] use_autoreconf yes patch.pre_args -p0 patchfiles-append openssh-6.2p2-gsskex-all-20110125.patch \ 0002-Apple-keychain-integration-other-changes.patch configure.args-append --with-4in6 \ --with-audit=bsm \ --with-keychain=apple \ --disable-utmp \ --disable-wtmp \ --with-privsep-user=_sshd \ CFLAGS="-fPIE -O2" \ CPPFLAGS="$extra_cppflags" \ LDFLAGS="-Wl,-pie -framework CoreFoundation -framework DirectoryService" } variant ldns description "Use ldns for DNSSEC support" { configure.args-append --with-ldns depends_lib-append port:ldns } platform darwin { # create link to /usr/include/pam because 'security' was renamed to 'pam' # in OS X. pre-configure { xinstall -d ${workpath}/include file delete ${workpath}/include/security ln -s /usr/include/pam ${workpath}/include/security } } startupitem.create yes startupitem.name OpenSSH startupitem.start \ "if \[ -x ${prefix}/sbin/sshd ]; then if \[ ! -f ${prefix}/etc/ssh/ssh_host_key \]; then ${prefix}/bin/ssh-keygen -t rsa1 -f \\ ${prefix}/etc/ssh/ssh_host_key -N \"\" -C `hostname` fi if \[ ! -f ${prefix}/etc/ssh/ssh_host_dsa_key \]; then ${prefix}/bin/ssh-keygen -t dsa -f \\ ${prefix}/etc/ssh/ssh_host_dsa_key -N \"\" -C `hostname` fi if \[ ! -f ${prefix}/etc/ssh/ssh_host_rsa_key \]; then ${prefix}/bin/ssh-keygen -t rsa -f \\ ${prefix}/etc/ssh/ssh_host_rsa_key -N \"\" -C `hostname` fi ${prefix}/sbin/sshd fi" startupitem.stop \ "if \[ -r ${prefix}/var/run/sshd.pid \]; then kill `cat ${prefix}/var/run/sshd.pid` fi" livecheck.type regex livecheck.regex OpenSSH ((\[5-9\].\[0-9\])(p\[0-9\]))