From f077c65490e4dd852ddcd932983e76d571a57a83 Mon Sep 17 00:00:00 2001 From: Bertrand Jacquin Date: Thu, 11 Oct 2007 15:27:38 +0200 Subject: New openssh padlock (http://bugs.gentoo.org/show_bug.cgi?id=162967) --- net-misc/openssh/Manifest | 44 +++++- net-misc/openssh/files/digest-openssh-4.5_p1-r1 | 12 ++ net-misc/openssh/files/digest-openssh-4.7_p1-r1 | 12 ++ net-misc/openssh/files/digest-openssh-4.7_p1-r2 | 12 ++ .../files/openssh-4.4_p1-ldap-hpn-glue.patch | 54 +++++++ net-misc/openssh/files/openssh-4.5_p1-padlock.diff | 35 +++++ .../openssh/files/openssh-4.7_p1-GSSAPI-dns.patch | 127 ++++++++++++++++ .../openssh/files/openssh-4.7_p1-engines.patch | 140 +++++++++++++++++ net-misc/openssh/files/sshd.pam_include.1 | 8 + net-misc/openssh/openssh-4.7_p1-r1.ebuild | 165 +++++++++++++++++++++ net-misc/openssh/openssh-4.7_p1-r2.ebuild | 165 +++++++++++++++++++++ 11 files changed, 771 insertions(+), 3 deletions(-) create mode 100644 net-misc/openssh/files/digest-openssh-4.5_p1-r1 create mode 100644 net-misc/openssh/files/digest-openssh-4.7_p1-r1 create mode 100644 net-misc/openssh/files/digest-openssh-4.7_p1-r2 create mode 100644 net-misc/openssh/files/openssh-4.4_p1-ldap-hpn-glue.patch create mode 100644 net-misc/openssh/files/openssh-4.5_p1-padlock.diff create mode 100644 net-misc/openssh/files/openssh-4.7_p1-GSSAPI-dns.patch create mode 100644 net-misc/openssh/files/openssh-4.7_p1-engines.patch create mode 100644 net-misc/openssh/files/sshd.pam_include.1 create mode 100644 net-misc/openssh/openssh-4.7_p1-r1.ebuild create mode 100644 net-misc/openssh/openssh-4.7_p1-r2.ebuild (limited to 'net-misc') diff --git a/net-misc/openssh/Manifest b/net-misc/openssh/Manifest index 52af5014..859d7dfe 100644 --- a/net-misc/openssh/Manifest +++ b/net-misc/openssh/Manifest @@ -1,3 +1,19 @@ +AUX openssh-4.4_p1-ldap-hpn-glue.patch 1538 RMD160 eba0400a328f23b9329429d2da65b80ead546d4d SHA1 7190e861e8be4f03ae42ad43ba1770fdca95d46a SHA256 63e9f729fbb40babdf5cd2b4d87f4d1cb5a9aaed60bf7a8c072c22f9a6fb36ab +MD5 92fc9d4dc7c7dbc67eabe2e98bde325f files/openssh-4.4_p1-ldap-hpn-glue.patch 1538 +RMD160 eba0400a328f23b9329429d2da65b80ead546d4d files/openssh-4.4_p1-ldap-hpn-glue.patch 1538 +SHA256 63e9f729fbb40babdf5cd2b4d87f4d1cb5a9aaed60bf7a8c072c22f9a6fb36ab files/openssh-4.4_p1-ldap-hpn-glue.patch 1538 +AUX openssh-4.5_p1-padlock.diff 1671 RMD160 39ba64e4395e26f6fa9a32ebd89e7524f3bda2a1 SHA1 ee46ce71be4a0a925a6c01889988bc6b014fc46f SHA256 ce6c2150522de13ba9f044810d80b4076eecced629182b893798d66a7dc68dc5 +MD5 fe7c4aaea0b0a416f17b636ee9afed5b files/openssh-4.5_p1-padlock.diff 1671 +RMD160 39ba64e4395e26f6fa9a32ebd89e7524f3bda2a1 files/openssh-4.5_p1-padlock.diff 1671 +SHA256 ce6c2150522de13ba9f044810d80b4076eecced629182b893798d66a7dc68dc5 files/openssh-4.5_p1-padlock.diff 1671 +AUX openssh-4.7_p1-GSSAPI-dns.patch 4494 RMD160 4e02e0a85c0e33c917ec8c22b4e1c173a9d7d79e SHA1 d8a81eb92a49763106cfa5b319c22c6f188508ef SHA256 88a08f349258d4be5b2faa838a89fe1aa0196502990b745ac0e3a70dda30a0d7 +MD5 a1b7493d01ea45e160530ca3268901fe files/openssh-4.7_p1-GSSAPI-dns.patch 4494 +RMD160 4e02e0a85c0e33c917ec8c22b4e1c173a9d7d79e files/openssh-4.7_p1-GSSAPI-dns.patch 4494 +SHA256 88a08f349258d4be5b2faa838a89fe1aa0196502990b745ac0e3a70dda30a0d7 files/openssh-4.7_p1-GSSAPI-dns.patch 4494 +AUX openssh-4.7_p1-engines.patch 4202 RMD160 33648508fc66d422eaea17ff5ed756ceb641083e SHA1 9b63b26544c13655ee60148f90e86b26085d61fd SHA256 0258978c9093a266d7db96c3203b7ed8b68437d0a5ce3378d6a1144f8a1e36d9 +MD5 42811aa5a84e29497b3c4c5ebe4e75ae files/openssh-4.7_p1-engines.patch 4202 +RMD160 33648508fc66d422eaea17ff5ed756ceb641083e files/openssh-4.7_p1-engines.patch 4202 +SHA256 0258978c9093a266d7db96c3203b7ed8b68437d0a5ce3378d6a1144f8a1e36d9 files/openssh-4.7_p1-engines.patch 4202 AUX sshd.confd 396 RMD160 029680b2281961130a815ef599750c4fc4e84987 SHA1 23c283d0967944b6125be26ed4628f49abf586b2 SHA256 29c6d57ac3ec6018cadc6ba6cd9b90c9ed46e20049b970fdcc68ee2481a2ee41 MD5 b35e9f3829f4cfca07168fcba98749c7 files/sshd.confd 396 RMD160 029680b2281961130a815ef599750c4fc4e84987 files/sshd.confd 396 @@ -6,6 +22,10 @@ AUX sshd.pam_include 205 RMD160 6b20ea83c69ef613d75daf43515aaec88d4cd815 SHA1 12 MD5 2b66f75047edfac5d5e6cdbffa35383e files/sshd.pam_include 205 RMD160 6b20ea83c69ef613d75daf43515aaec88d4cd815 files/sshd.pam_include 205 SHA256 8d59135e96f4eff6b80c143b82cced7beb0bbca19ff91b479f1ba92916243d5e files/sshd.pam_include 205 +AUX sshd.pam_include.1 205 RMD160 3051b92836a496c7c431f41585de688f7c9f51a7 SHA1 b9eca146fcea016b7146f1ac11cf3d072d887b27 SHA256 3185075821bb1f76cdc584c28f690a7338f8db5489d5fce73fe4bcbbfd3dfbfa +MD5 480ed3c58a7cfbb8d1f3bca057af1eb9 files/sshd.pam_include.1 205 +RMD160 3051b92836a496c7c431f41585de688f7c9f51a7 files/sshd.pam_include.1 205 +SHA256 3185075821bb1f76cdc584c28f690a7338f8db5489d5fce73fe4bcbbfd3dfbfa files/sshd.pam_include.1 205 AUX sshd.rc6 2046 RMD160 68df8ff7933b7a232882b2a6140fe1a2637609b6 SHA1 c3f74dbd764d570f69e60f18a081f19e3cefb037 SHA256 6569cb934cb1d5b9016c2828ff8c79b5c8477dd27b7078c609445cfc16692e9e MD5 c3acc27dddafb1e8c6d437e668e08c25 files/sshd.rc6 2046 RMD160 68df8ff7933b7a232882b2a6140fe1a2637609b6 files/sshd.rc6 2046 @@ -15,11 +35,29 @@ DIST openssh-4.5p1+x509-5.5.2.diff.gz 137561 RMD160 2e7597bc97d634ecc3d434cc714c DIST openssh-4.5p1-engines.diff 4190 RMD160 f20464e72d6138df287c694e0dc7c47c3a601b88 SHA1 ba47f2557b08c68464f1ed09cfd2767967e38670 SHA256 48e1dd6e218f9583fb896b19c7632b8b023e511dc9fc697e5834c8e7181592f6 DIST openssh-4.5p1-hpn12v14.diff.gz 15791 RMD160 1f937174d5418d578da5d9dfab16b5cc8960efc5 SHA1 8bea17b13e7e91135785f4222252c28d08c9c887 SHA256 5cc6cd882cbb94498483b44722b3e81c8e6d7854dc2b2c57e1d56040bfdc23bd DIST openssh-4.5p1.tar.gz 965925 RMD160 3f70b6f4228e84c7b9b8b3bee7fd3875f3e3bad3 SHA1 2eefcbbeb9e4fa16fa4500dec107d1a09d3d02d7 SHA256 7046b9d372f9e31ca654a66492310c188470480ddab300eb715dbf5e2177ae55 +DIST openssh-4.7p1+x509-6.0.1.diff.gz 147459 RMD160 4ac66d2422f7137dd0af3aae697308266a0ce0cb SHA1 b3b2d163f4505877d9ec58267edd7ee9dd46793c SHA256 2a5524161ac01e44980d74765f6f843d77aa96643879e9ce16120f1a4eb3ebd0 +DIST openssh-4.7p1-hpn12v18.diff.gz 16094 RMD160 7b35eb1a3f6f3b703ac7f155f620bff63a900a0e SHA1 8ab61d12b5bcf70d0ffe9cb1d157136d20ebb22c SHA256 45e6ea24e2722cab9b4e143952bf6539024aa8cc93353b88807c910330bb735b +DIST openssh-4.7p1.tar.gz 991119 RMD160 b828e79d3d1a931cb77651ec7d7276cf3ba22d90 SHA1 58357db9e64ba6382bef3d73d1d386fcdc0508f4 SHA256 d47133f0c6737d2889bf8da7bdf389fc2268d1c7fa3cd11a52451501eab548bc DIST openssh-lpk-4.4p1-0.3.7.patch 61187 RMD160 90b0bbe07a3617f6eecb9f77c1a38c5f4dd4dcaf SHA1 b1854a4391c5d11f1a5ab09059643bbaf2278009 SHA256 c74aa642b4b2eeceb0c3f554752d172f8d5a7cd30f2aae517e93ef3bf1bd24e7 +DIST openssh-lpk-4.6p1-0.3.9.patch 61605 RMD160 1bf1830192c3eba43c66c3c6469740724cb1ecf2 SHA1 2d0d41f6913d6e899e58a4b569afa30aadf82092 SHA256 e12335e8bf020508ea3866db07b306f4c965e3f9de262c06f62fad494e93107e EBUILD openssh-4.5_p1-r1.ebuild 5573 RMD160 f0f1336dffb2eb92af883b18c850f2f9bb201d0c SHA1 2cd9ca7bbd9b25a7f97645e9f453b324e5494c9a SHA256 7c95b14eb03eb2f4d150ce43744a384a10bbed67d10b66db914d354aace86201 MD5 52ca8a17777a04b98d06be2221abca6b openssh-4.5_p1-r1.ebuild 5573 RMD160 f0f1336dffb2eb92af883b18c850f2f9bb201d0c openssh-4.5_p1-r1.ebuild 5573 SHA256 7c95b14eb03eb2f4d150ce43744a384a10bbed67d10b66db914d354aace86201 openssh-4.5_p1-r1.ebuild 5573 -MD5 aba975f88f0adfab72938ca76c488b61 files/digest-openssh-4.5_p1-r1 1584 -RMD160 ff35f63baac9cb01986718a9e171da1d2d3a1c5d files/digest-openssh-4.5_p1-r1 1584 -SHA256 d2234f3b58e6ce9fc342ad82e0be4aa8bec6c63355e05638f481dd5cdecbb0ea files/digest-openssh-4.5_p1-r1 1584 +EBUILD openssh-4.7_p1-r1.ebuild 5050 RMD160 903d72bae274e223771cbbec71ad95d8a485cf22 SHA1 a89a06c1d11e7a36f6eb7f9a5c7e833de997c2b0 SHA256 c872ee9c8d6ee86ce8f6c636bf44fe34e6fe910de4a9fe673855248ee353f0a7 +MD5 b25f13c6bb303ba308d26af059a5f5ae openssh-4.7_p1-r1.ebuild 5050 +RMD160 903d72bae274e223771cbbec71ad95d8a485cf22 openssh-4.7_p1-r1.ebuild 5050 +SHA256 c872ee9c8d6ee86ce8f6c636bf44fe34e6fe910de4a9fe673855248ee353f0a7 openssh-4.7_p1-r1.ebuild 5050 +EBUILD openssh-4.7_p1-r2.ebuild 5051 RMD160 6eb00af7bd7bbc5ef2fdd2c9061acd350b2c5682 SHA1 be630dd4cfe9a865a7fbd1d54908744df11ad46e SHA256 5c2edf5778a89f89324254e033c8d8c9ba28f8335e815fbb3146cba2e5396275 +MD5 c41ce1b397fd24e2010e7054aac8aa05 openssh-4.7_p1-r2.ebuild 5051 +RMD160 6eb00af7bd7bbc5ef2fdd2c9061acd350b2c5682 openssh-4.7_p1-r2.ebuild 5051 +SHA256 5c2edf5778a89f89324254e033c8d8c9ba28f8335e815fbb3146cba2e5396275 openssh-4.7_p1-r2.ebuild 5051 +MD5 5f3a88ce93eeb8274dfc77b135cc1ffc files/digest-openssh-4.5_p1-r1 1148 +RMD160 daaca9774698b71aea25b6ccc048503ce36de05d files/digest-openssh-4.5_p1-r1 1148 +SHA256 79caddaa0398aea86ac42f7d9cc99434e54ca87b28ccfacb34ebb72284ae5a80 files/digest-openssh-4.5_p1-r1 1148 +MD5 6c07bd07ea68282f47cae4179a40a21b files/digest-openssh-4.7_p1-r1 1051 +RMD160 1f82940b0b46562f4071c859d8203ae9c958804b files/digest-openssh-4.7_p1-r1 1051 +SHA256 c8d141315a8420711012ab9fca4936ee8c480d10ee3e00f8bca530c0a1437cb1 files/digest-openssh-4.7_p1-r1 1051 +MD5 6c07bd07ea68282f47cae4179a40a21b files/digest-openssh-4.7_p1-r2 1051 +RMD160 1f82940b0b46562f4071c859d8203ae9c958804b files/digest-openssh-4.7_p1-r2 1051 +SHA256 c8d141315a8420711012ab9fca4936ee8c480d10ee3e00f8bca530c0a1437cb1 files/digest-openssh-4.7_p1-r2 1051 diff --git a/net-misc/openssh/files/digest-openssh-4.5_p1-r1 b/net-misc/openssh/files/digest-openssh-4.5_p1-r1 new file mode 100644 index 00000000..098158cf --- /dev/null +++ b/net-misc/openssh/files/digest-openssh-4.5_p1-r1 @@ -0,0 +1,12 @@ +RMD160 45d5734f7e65709cce581f1f85c06f60a73b825b openssh-4.4p1+SecurID_v1.3.2.patch 48240 +SHA256 189ad59139d86e5c808650add131af20ade00439713c3abcfac9a4e53580a196 openssh-4.4p1+SecurID_v1.3.2.patch 48240 +RMD160 2e7597bc97d634ecc3d434cc714cc5b1d4076fec openssh-4.5p1+x509-5.5.2.diff.gz 137561 +SHA256 580b9b2be2a5224852f9979180fa9570059c1aa398b908dc1907d2a5a5e1f4a2 openssh-4.5p1+x509-5.5.2.diff.gz 137561 +RMD160 f20464e72d6138df287c694e0dc7c47c3a601b88 openssh-4.5p1-engines.diff 4190 +SHA256 48e1dd6e218f9583fb896b19c7632b8b023e511dc9fc697e5834c8e7181592f6 openssh-4.5p1-engines.diff 4190 +RMD160 1f937174d5418d578da5d9dfab16b5cc8960efc5 openssh-4.5p1-hpn12v14.diff.gz 15791 +SHA256 5cc6cd882cbb94498483b44722b3e81c8e6d7854dc2b2c57e1d56040bfdc23bd openssh-4.5p1-hpn12v14.diff.gz 15791 +RMD160 3f70b6f4228e84c7b9b8b3bee7fd3875f3e3bad3 openssh-4.5p1.tar.gz 965925 +SHA256 7046b9d372f9e31ca654a66492310c188470480ddab300eb715dbf5e2177ae55 openssh-4.5p1.tar.gz 965925 +RMD160 90b0bbe07a3617f6eecb9f77c1a38c5f4dd4dcaf openssh-lpk-4.4p1-0.3.7.patch 61187 +SHA256 c74aa642b4b2eeceb0c3f554752d172f8d5a7cd30f2aae517e93ef3bf1bd24e7 openssh-lpk-4.4p1-0.3.7.patch 61187 diff --git a/net-misc/openssh/files/digest-openssh-4.7_p1-r1 b/net-misc/openssh/files/digest-openssh-4.7_p1-r1 new file mode 100644 index 00000000..f3462cb6 --- /dev/null +++ b/net-misc/openssh/files/digest-openssh-4.7_p1-r1 @@ -0,0 +1,12 @@ +MD5 4a1b1e35074a17f08077e19af665d516 openssh-4.7p1+x509-6.0.1.diff.gz 147459 +RMD160 4ac66d2422f7137dd0af3aae697308266a0ce0cb openssh-4.7p1+x509-6.0.1.diff.gz 147459 +SHA256 2a5524161ac01e44980d74765f6f843d77aa96643879e9ce16120f1a4eb3ebd0 openssh-4.7p1+x509-6.0.1.diff.gz 147459 +MD5 5b536701ee999a29bb622c2f41745ef8 openssh-4.7p1-hpn12v18.diff.gz 16094 +RMD160 7b35eb1a3f6f3b703ac7f155f620bff63a900a0e openssh-4.7p1-hpn12v18.diff.gz 16094 +SHA256 45e6ea24e2722cab9b4e143952bf6539024aa8cc93353b88807c910330bb735b openssh-4.7p1-hpn12v18.diff.gz 16094 +MD5 50a800fd2c6def9e9a53068837e87b91 openssh-4.7p1.tar.gz 991119 +RMD160 b828e79d3d1a931cb77651ec7d7276cf3ba22d90 openssh-4.7p1.tar.gz 991119 +SHA256 d47133f0c6737d2889bf8da7bdf389fc2268d1c7fa3cd11a52451501eab548bc openssh-4.7p1.tar.gz 991119 +MD5 f43a8aae7d69e72f0ec07bc96e46b328 openssh-lpk-4.6p1-0.3.9.patch 61605 +RMD160 1bf1830192c3eba43c66c3c6469740724cb1ecf2 openssh-lpk-4.6p1-0.3.9.patch 61605 +SHA256 e12335e8bf020508ea3866db07b306f4c965e3f9de262c06f62fad494e93107e openssh-lpk-4.6p1-0.3.9.patch 61605 diff --git a/net-misc/openssh/files/digest-openssh-4.7_p1-r2 b/net-misc/openssh/files/digest-openssh-4.7_p1-r2 new file mode 100644 index 00000000..f3462cb6 --- /dev/null +++ b/net-misc/openssh/files/digest-openssh-4.7_p1-r2 @@ -0,0 +1,12 @@ +MD5 4a1b1e35074a17f08077e19af665d516 openssh-4.7p1+x509-6.0.1.diff.gz 147459 +RMD160 4ac66d2422f7137dd0af3aae697308266a0ce0cb openssh-4.7p1+x509-6.0.1.diff.gz 147459 +SHA256 2a5524161ac01e44980d74765f6f843d77aa96643879e9ce16120f1a4eb3ebd0 openssh-4.7p1+x509-6.0.1.diff.gz 147459 +MD5 5b536701ee999a29bb622c2f41745ef8 openssh-4.7p1-hpn12v18.diff.gz 16094 +RMD160 7b35eb1a3f6f3b703ac7f155f620bff63a900a0e openssh-4.7p1-hpn12v18.diff.gz 16094 +SHA256 45e6ea24e2722cab9b4e143952bf6539024aa8cc93353b88807c910330bb735b openssh-4.7p1-hpn12v18.diff.gz 16094 +MD5 50a800fd2c6def9e9a53068837e87b91 openssh-4.7p1.tar.gz 991119 +RMD160 b828e79d3d1a931cb77651ec7d7276cf3ba22d90 openssh-4.7p1.tar.gz 991119 +SHA256 d47133f0c6737d2889bf8da7bdf389fc2268d1c7fa3cd11a52451501eab548bc openssh-4.7p1.tar.gz 991119 +MD5 f43a8aae7d69e72f0ec07bc96e46b328 openssh-lpk-4.6p1-0.3.9.patch 61605 +RMD160 1bf1830192c3eba43c66c3c6469740724cb1ecf2 openssh-lpk-4.6p1-0.3.9.patch 61605 +SHA256 e12335e8bf020508ea3866db07b306f4c965e3f9de262c06f62fad494e93107e openssh-lpk-4.6p1-0.3.9.patch 61605 diff --git a/net-misc/openssh/files/openssh-4.4_p1-ldap-hpn-glue.patch b/net-misc/openssh/files/openssh-4.4_p1-ldap-hpn-glue.patch new file mode 100644 index 00000000..20e796b5 --- /dev/null +++ b/net-misc/openssh/files/openssh-4.4_p1-ldap-hpn-glue.patch @@ -0,0 +1,54 @@ +allow ldap and hpn patches to play nice + +--- servconf.c ++++ servconf.c +@@ -116,24 +116,6 @@ + options->num_allow_groups = 0; + options->num_deny_groups = 0; + options->ciphers = NULL; +- options->macs = NULL; +- options->protocol = SSH_PROTO_UNKNOWN; +- options->gateway_ports = -1; +- options->num_subsystems = 0; +- options->max_startups_begin = -1; +- options->max_startups_rate = -1; +- options->max_startups = -1; +- options->max_authtries = -1; +- options->banner = NULL; +- options->use_dns = -1; +- options->client_alive_interval = -1; +- options->client_alive_count_max = -1; +- options->authorized_keys_file = NULL; +- options->authorized_keys_file2 = NULL; +- options->num_accept_env = 0; +- options->permit_tun = -1; +- options->num_permitted_opens = -1; +- options->adm_forced_command = NULL; + #ifdef WITH_LDAP_PUBKEY + /* XXX dirty */ + options->lpk.ld = NULL; +@@ -152,6 +134,24 @@ + options->lpk.flags = FLAG_EMPTY; + #endif + ++ options->macs = NULL; ++ options->protocol = SSH_PROTO_UNKNOWN; ++ options->gateway_ports = -1; ++ options->num_subsystems = 0; ++ options->max_startups_begin = -1; ++ options->max_startups_rate = -1; ++ options->max_startups = -1; ++ options->max_authtries = -1; ++ options->banner = NULL; ++ options->use_dns = -1; ++ options->client_alive_interval = -1; ++ options->client_alive_count_max = -1; ++ options->authorized_keys_file = NULL; ++ options->authorized_keys_file2 = NULL; ++ options->num_accept_env = 0; ++ options->permit_tun = -1; ++ options->num_permitted_opens = -1; ++ options->adm_forced_command = NULL; + } + + void diff --git a/net-misc/openssh/files/openssh-4.5_p1-padlock.diff b/net-misc/openssh/files/openssh-4.5_p1-padlock.diff new file mode 100644 index 00000000..6c56bd87 --- /dev/null +++ b/net-misc/openssh/files/openssh-4.5_p1-padlock.diff @@ -0,0 +1,35 @@ +--- openssh-4.5_p1.ebuild 2007-01-08 21:06:30.000000000 +0100 ++++ openssh-4.5_p1-padlock.ebuild 2007-01-20 19:52:40.000000000 +0100 +@@ -15,6 +15,7 @@ + SECURID_PATCH="${PARCH/4.5/4.4}+SecurID_v1.3.2.patch" + LDAP_PATCH="${PARCH/-4.5p1/-lpk-4.4p1}-0.3.7.patch" + HPN_PATCH="${PARCH}-hpn12v14.diff.gz" ++PADLOCK_PATCH="openssh-4.5p1-engines.diff" + + DESCRIPTION="Port of OpenBSD's free SSH release" + HOMEPAGE="http://www.openssh.com/" +@@ -22,12 +23,13 @@ + X509? ( http://roumenpetrov.info/openssh/x509-5.5.2/${X509_PATCH} ) + ldap? ( http://dev.inversepath.com/openssh-lpk/${LDAP_PATCH} ) + hpn? ( http://www.psc.edu/networking/projects/hpn-ssh/${HPN_PATCH} ) +- smartcard? ( http://omniti.com/~jesus/projects/${SECURID_PATCH} )" ++ smartcard? ( http://omniti.com/~jesus/projects/${SECURID_PATCH} ) ++ padlock? ( http://www.logix.cz/michal/devel/padlock/contrib/${PADLOCK_PATCH} )" + + LICENSE="as-is" + SLOT="0" + KEYWORDS="alpha amd64 arm hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc ~sparc-fbsd x86 ~x86-fbsd" +-IUSE="static pam tcpd kerberos skey selinux chroot X509 ldap smartcard hpn libedit X" ++IUSE="static pam tcpd kerberos skey selinux chroot X509 ldap smartcard hpn libedit X padlock" + + RDEPEND="pam? ( virtual/pam ) + kerberos? ( virtual/krb5 ) +@@ -75,6 +77,8 @@ + use X509 && epatch "${DISTDIR}"/${X509_PATCH} "${FILESDIR}"/${PN}-4.4_p1-x509-hpn-glue.patch + use chroot && epatch "${FILESDIR}"/openssh-4.3_p1-chroot.patch + use smartcard && epatch "${FILESDIR}"/openssh-3.9_p1-opensc.patch ++ use padlock && epatch "${DISTDIR}"/${PADLOCK_PATCH} ++ + if ! use X509 ; then + if [[ -n ${SECURID_PATCH} ]] && use smartcard ; then + epatch "${DISTDIR}"/${SECURID_PATCH} \ diff --git a/net-misc/openssh/files/openssh-4.7_p1-GSSAPI-dns.patch b/net-misc/openssh/files/openssh-4.7_p1-GSSAPI-dns.patch new file mode 100644 index 00000000..c81ae5cb --- /dev/null +++ b/net-misc/openssh/files/openssh-4.7_p1-GSSAPI-dns.patch @@ -0,0 +1,127 @@ +http://bugs.gentoo.org/165444 +https://bugzilla.mindrot.org/show_bug.cgi?id=1008 + +Index: readconf.c +=================================================================== +RCS file: /cvs/openssh/readconf.c,v +retrieving revision 1.135 +diff -u -r1.135 readconf.c +--- readconf.c 5 Aug 2006 02:39:40 -0000 1.135 ++++ readconf.c 19 Aug 2006 11:59:52 -0000 +@@ -126,6 +126,7 @@ + oClearAllForwardings, oNoHostAuthenticationForLocalhost, + oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout, + oAddressFamily, oGssAuthentication, oGssDelegateCreds, ++ oGssTrustDns, + oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly, + oSendEnv, oControlPath, oControlMaster, oHashKnownHosts, + oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand, +@@ -163,9 +164,11 @@ + #if defined(GSSAPI) + { "gssapiauthentication", oGssAuthentication }, + { "gssapidelegatecredentials", oGssDelegateCreds }, ++ { "gssapitrustdns", oGssTrustDns }, + #else + { "gssapiauthentication", oUnsupported }, + { "gssapidelegatecredentials", oUnsupported }, ++ { "gssapitrustdns", oUnsupported }, + #endif + { "fallbacktorsh", oDeprecated }, + { "usersh", oDeprecated }, +@@ -444,6 +447,10 @@ + intptr = &options->gss_deleg_creds; + goto parse_flag; + ++ case oGssTrustDns: ++ intptr = &options->gss_trust_dns; ++ goto parse_flag; ++ + case oBatchMode: + intptr = &options->batch_mode; + goto parse_flag; +@@ -1010,6 +1017,7 @@ + options->challenge_response_authentication = -1; + options->gss_authentication = -1; + options->gss_deleg_creds = -1; ++ options->gss_trust_dns = -1; + options->password_authentication = -1; + options->kbd_interactive_authentication = -1; + options->kbd_interactive_devices = NULL; +@@ -1100,6 +1108,8 @@ + options->gss_authentication = 0; + if (options->gss_deleg_creds == -1) + options->gss_deleg_creds = 0; ++ if (options->gss_trust_dns == -1) ++ options->gss_trust_dns = 0; + if (options->password_authentication == -1) + options->password_authentication = 1; + if (options->kbd_interactive_authentication == -1) +Index: readconf.h +=================================================================== +RCS file: /cvs/openssh/readconf.h,v +retrieving revision 1.63 +diff -u -r1.63 readconf.h +--- readconf.h 5 Aug 2006 02:39:40 -0000 1.63 ++++ readconf.h 19 Aug 2006 11:59:52 -0000 +@@ -45,6 +45,7 @@ + /* Try S/Key or TIS, authentication. */ + int gss_authentication; /* Try GSS authentication */ + int gss_deleg_creds; /* Delegate GSS credentials */ ++ int gss_trust_dns; /* Trust DNS for GSS canonicalization */ + int password_authentication; /* Try password + * authentication. */ + int kbd_interactive_authentication; /* Try keyboard-interactive auth. */ +Index: ssh_config.5 +=================================================================== +RCS file: /cvs/openssh/ssh_config.5,v +retrieving revision 1.97 +diff -u -r1.97 ssh_config.5 +--- ssh_config.5 5 Aug 2006 01:34:51 -0000 1.97 ++++ ssh_config.5 19 Aug 2006 11:59:53 -0000 +@@ -483,7 +483,16 @@ + Forward (delegate) credentials to the server. + The default is + .Dq no . +-Note that this option applies to protocol version 2 only. ++Note that this option applies to protocol version 2 connections using GSSAPI. ++.It Cm GSSAPITrustDns ++Set to ++.Dq yes to indicate that the DNS is trusted to securely canonicalize ++the name of the host being connected to. If ++.Dq no, the hostname entered on the ++command line will be passed untouched to the GSSAPI library. ++The default is ++.Dq no . ++This option only applies to protocol version 2 connections using GSSAPI. + .It Cm HashKnownHosts + Indicates that + .Xr ssh 1 +Index: sshconnect2.c +=================================================================== +RCS file: /cvs/openssh/sshconnect2.c,v +retrieving revision 1.151 +diff -u -r1.151 sshconnect2.c +--- sshconnect2.c 18 Aug 2006 14:33:34 -0000 1.151 ++++ sshconnect2.c 19 Aug 2006 11:59:53 -0000 +@@ -499,6 +499,12 @@ + static u_int mech = 0; + OM_uint32 min; + int ok = 0; ++ const char *gss_host; ++ ++ if (options.gss_trust_dns) ++ gss_host = get_canonical_hostname(1); ++ else ++ gss_host = authctxt->host; + + /* Try one GSSAPI method at a time, rather than sending them all at + * once. */ +@@ -511,7 +517,7 @@ + /* My DER encoding requires length<128 */ + if (gss_supported->elements[mech].length < 128 && + ssh_gssapi_check_mechanism(&gssctxt, +- &gss_supported->elements[mech], authctxt->host)) { ++ &gss_supported->elements[mech], gss_host)) { + ok = 1; /* Mechanism works */ + } else { + mech++; diff --git a/net-misc/openssh/files/openssh-4.7_p1-engines.patch b/net-misc/openssh/files/openssh-4.7_p1-engines.patch new file mode 100644 index 00000000..6da355e4 --- /dev/null +++ b/net-misc/openssh/files/openssh-4.7_p1-engines.patch @@ -0,0 +1,140 @@ +diff -urN openssh-4.7p1.orig/ssh-add.c openssh-4.7p1/ssh-add.c +--- openssh-4.7p1.orig/ssh-add.c 2006-09-01 07:38:37.000000000 +0200 ++++ openssh-4.7p1/ssh-add.c 2007-05-19 02:52:09.000000000 +0200 +@@ -42,6 +42,7 @@ + #include + + #include ++#include + + #include + #include +@@ -343,6 +344,11 @@ + + SSLeay_add_all_algorithms(); + ++ /* Init available hardware crypto engines. */ ++ ENGINE_load_builtin_engines(); ++ ENGINE_register_all_complete(); ++ ENGINE_set_default_ciphers(ENGINE_by_id("padlock")); ++ + /* At first, get a connection to the authentication agent. */ + ac = ssh_get_authentication_connection(); + if (ac == NULL) { +diff -urN openssh-4.7p1.orig/ssh-agent.c openssh-4.7p1/ssh-agent.c +--- openssh-4.7p1.orig/ssh-agent.c 2007-02-28 11:19:58.000000000 +0100 ++++ openssh-4.7p1/ssh-agent.c 2007-05-19 02:52:09.000000000 +0200 +@@ -51,6 +51,7 @@ + + #include + #include ++#include + + #include + #include +@@ -1043,6 +1044,11 @@ + + SSLeay_add_all_algorithms(); + ++ /* Init available hardware crypto engines. */ ++ ENGINE_load_builtin_engines(); ++ ENGINE_register_all_complete(); ++ ENGINE_set_default_ciphers(ENGINE_by_id("padlock")); ++ + __progname = ssh_get_progname(av[0]); + init_rng(); + seed_rng(); +diff -urN openssh-4.7p1.orig/ssh-keygen.c openssh-4.7p1/ssh-keygen.c +--- openssh-4.7p1.orig/ssh-keygen.c 2007-02-19 12:10:25.000000000 +0100 ++++ openssh-4.7p1/ssh-keygen.c 2007-05-19 02:52:09.000000000 +0200 +@@ -21,6 +21,7 @@ + + #include + #include ++#include + + #include + #include +@@ -1073,6 +1074,12 @@ + __progname = ssh_get_progname(argv[0]); + + SSLeay_add_all_algorithms(); ++ ++ /* Init available hardware crypto engines. */ ++ ENGINE_load_builtin_engines(); ++ ENGINE_register_all_complete(); ++ ENGINE_set_default_ciphers(ENGINE_by_id("padlock")); ++ + log_init(argv[0], SYSLOG_LEVEL_INFO, SYSLOG_FACILITY_USER, 1); + + init_rng(); +diff -urN openssh-4.7p1.orig/ssh-keysign.c openssh-4.7p1/ssh-keysign.c +--- openssh-4.7p1.orig/ssh-keysign.c 2006-09-01 07:38:37.000000000 +0200 ++++ openssh-4.7p1/ssh-keysign.c 2007-05-19 02:52:09.000000000 +0200 +@@ -38,6 +38,7 @@ + #include + #include + #include ++#include + + #include "xmalloc.h" + #include "log.h" +@@ -195,6 +196,12 @@ + fatal("could not open any host key"); + + SSLeay_add_all_algorithms(); ++ ++ /* Init available hardware crypto engines. */ ++ ENGINE_load_builtin_engines(); ++ ENGINE_register_all_complete(); ++ ENGINE_set_default_ciphers(ENGINE_by_id("padlock")); ++ + for (i = 0; i < 256; i++) + rnd[i] = arc4random(); + RAND_seed(rnd, sizeof(rnd)); +diff -urN openssh-4.7p1.orig/ssh.c openssh-4.7p1/ssh.c +--- openssh-4.7p1.orig/ssh.c 2007-01-05 06:30:17.000000000 +0100 ++++ openssh-4.7p1/ssh.c 2007-05-19 02:52:09.000000000 +0200 +@@ -72,6 +72,7 @@ + + #include + #include ++#include + + #include "xmalloc.h" + #include "ssh.h" +@@ -556,6 +557,11 @@ + SSLeay_add_all_algorithms(); + ERR_load_crypto_strings(); + ++ /* Init available hardware crypto engines. */ ++ ENGINE_load_builtin_engines(); ++ ENGINE_register_all_complete(); ++ ENGINE_set_default_ciphers(ENGINE_by_id("padlock")); ++ + /* Initialize the command to execute on remote host. */ + buffer_init(&command); + +diff -urN openssh-4.7p1.orig/sshd.c openssh-4.7p1/sshd.c +--- openssh-4.7p1.orig/sshd.c 2007-02-25 10:37:22.000000000 +0100 ++++ openssh-4.7p1/sshd.c 2007-05-19 02:52:09.000000000 +0200 +@@ -75,6 +75,7 @@ + #include + #include + #include ++#include + #ifdef HAVE_SECUREWARE + #include + #include +@@ -1027,6 +1028,11 @@ + for (i = 0; i < options.max_startups; i++) + startup_pipes[i] = -1; + ++ /* Init available hardware crypto engines. */ ++ ENGINE_load_builtin_engines(); ++ ENGINE_register_all_complete(); ++ ENGINE_set_default_ciphers(ENGINE_by_id("padlock")); ++ + /* + * Stay listening for connections until the system crashes or + * the daemon is killed with a signal. diff --git a/net-misc/openssh/files/sshd.pam_include.1 b/net-misc/openssh/files/sshd.pam_include.1 new file mode 100644 index 00000000..567ba4ac --- /dev/null +++ b/net-misc/openssh/files/sshd.pam_include.1 @@ -0,0 +1,8 @@ +#%PAM-1.0 + +auth required pam_shells.so +auth required pam_nologin.so +auth include system-auth +account include system-auth +password include system-auth +session include system-auth diff --git a/net-misc/openssh/openssh-4.7_p1-r1.ebuild b/net-misc/openssh/openssh-4.7_p1-r1.ebuild new file mode 100644 index 00000000..299c50f7 --- /dev/null +++ b/net-misc/openssh/openssh-4.7_p1-r1.ebuild @@ -0,0 +1,165 @@ +# Copyright 1999-2007 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/openssh-4.7_p1-r2.ebuild,v 1.2 2007/10/08 22:29:37 vapier Exp $ + +inherit eutils flag-o-matic ccc multilib autotools pam + +# Make it more portable between straight releases +# and _p? releases. +PARCH=${P/_/} + +X509_PATCH="${PARCH}+x509-6.0.1.diff.gz" +LDAP_PATCH="${PARCH/openssh-4.7/openssh-lpk-4.6}-0.3.9.patch" +HPN_PATCH="${PARCH}-hpn12v18.diff.gz" + +DESCRIPTION="Port of OpenBSD's free SSH release" +HOMEPAGE="http://www.openssh.com/" +SRC_URI="mirror://openbsd/OpenSSH/portable/${PARCH}.tar.gz + ldap? ( http://dev.inversepath.com/openssh-lpk/${LDAP_PATCH} ) + X509? ( http://roumenpetrov.info/openssh/x509-6.0.1/${X509_PATCH} ) + hpn? ( http://www.psc.edu/networking/projects/hpn-ssh/${HPN_PATCH} )" + +LICENSE="as-is" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~sparc-fbsd x86 ~x86-fbsd" +IUSE="static pam tcpd kerberos skey selinux chroot X509 ldap smartcard hpn libedit X padlock" + +RDEPEND="pam? ( virtual/pam ) + kerberos? ( virtual/krb5 ) + selinux? ( >=sys-libs/libselinux-1.28 ) + skey? ( >=app-admin/skey-1.1.5-r1 ) + ldap? ( net-nds/openldap ) + libedit? ( dev-libs/libedit ) + >=dev-libs/openssl-0.9.6d + >=sys-libs/zlib-1.2.3 + smartcard? ( dev-libs/opensc ) + tcpd? ( >=sys-apps/tcp-wrappers-7.6 ) + X? ( x11-apps/xauth ) + userland_GNU? ( sys-apps/shadow )" +DEPEND="${RDEPEND} + dev-util/pkgconfig + virtual/os-headers + sys-devel/autoconf" +PROVIDE="virtual/ssh" + +S=${WORKDIR}/${PARCH} + +pkg_setup() { + # this sucks, but i'd rather have people unable to `emerge -u openssh` + # than not be able to log in to their server any more + maybe_fail() { [[ -z ${!2} ]] && use ${1} && echo ${1} ; } + local fail=" + $(maybe_fail X509 X509_PATCH) + $(maybe_fail ldap LDAP_PATCH) + " + fail=$(echo ${fail}) + if [[ -n ${fail} ]] ; then + eerror "Sorry, but this version does not yet support features" + eerror "that you requested: ${fail}" + eerror "Please mask ${PF} for now and check back later:" + eerror " # echo '=${CATEGORY}/${PF}' >> /etc/portage/package.mask" + die "booooo" + fi +} + +src_unpack() { + unpack ${PARCH}.tar.gz + cd "${S}" + + sed -i \ + -e '/_PATH_XAUTH/s:/usr/X11R6/bin/xauth:/usr/bin/xauth:' \ + pathnames.h || die + + use X509 && epatch "${DISTDIR}"/${X509_PATCH} "${FILESDIR}"/${PN}-4.4_p1-x509-hpn-glue.patch + use chroot && epatch "${FILESDIR}"/openssh-4.3_p1-chroot.patch + use smartcard && epatch "${FILESDIR}"/openssh-3.9_p1-opensc.patch + if ! use X509 ; then + if [[ -n ${LDAP_PATCH} ]] && use ldap ; then + epatch "${DISTDIR}"/${LDAP_PATCH} "${FILESDIR}"/${PN}-4.4_p1-ldap-hpn-glue.patch + fi + elif use ldap ; then + ewarn "Sorry, X509 and ldap don't get along, disabling ldap" + fi + [[ -n ${HPN_PATCH} ]] && use hpn && epatch "${DISTDIR}"/${HPN_PATCH} + epatch "${FILESDIR}"/${P}-GSSAPI-dns.patch #165444 + + # Use OpenSSL engines - padlock by default if available + use padlock && epatch "${FILESDIR}"/${P}-engines.patch + + sed -i "s:-lcrypto:$(pkg-config --libs openssl):" configure{,.ac} || die + + eautoreconf +} + +src_compile() { + addwrite /dev/ptmx + addpredict /etc/skey/skeykeys #skey configure code triggers this + + local myconf="" + if use static ; then + append-ldflags -static + use pam && ewarn "Disabling pam support becuse of static flag" + myconf="${myconf} --without-pam" + else + myconf="${myconf} $(use_with pam)" + fi + + econf \ + --with-ldflags="${LDFLAGS}" \ + --disable-strip \ + --sysconfdir=/etc/ssh \ + --libexecdir=/usr/$(get_libdir)/misc \ + --datadir=/usr/share/openssh \ + --disable-suid-ssh \ + --with-privsep-path=/var/empty \ + --with-privsep-user=sshd \ + --with-md5-passwords \ + --with-ssl-engine \ + $(use_with ldap) \ + $(use_with libedit) \ + $(use_with kerberos kerberos5 /usr) \ + $(use_with tcpd tcp-wrappers) \ + $(use_with selinux) \ + $(use_with skey) \ + $(use_with smartcard opensc) \ + ${myconf} \ + || die "bad configure" + emake || die "compile problem" +} + +src_install() { + emake install-nokeys DESTDIR="${D}" || die + fperms 600 /etc/ssh/sshd_config + dobin contrib/ssh-copy-id + newinitd "${FILESDIR}"/sshd.rc6 sshd + newconfd "${FILESDIR}"/sshd.confd sshd + keepdir /var/empty + + newpamd "${FILESDIR}"/sshd.pam_include.1 sshd + use pam \ + && dosed "/^#UsePAM /s:.*:UsePAM yes:" /etc/ssh/sshd_config \ + && dosed "/^#PasswordAuthentication /s:.*:PasswordAuthentication no:" /etc/ssh/sshd_config + + doman contrib/ssh-copy-id.1 + dodoc ChangeLog CREDITS OVERVIEW README* TODO sshd_config + + diropts -m 0700 + dodir /etc/skel/.ssh +} + +pkg_postinst() { + enewgroup sshd 22 + enewuser sshd 22 -1 /var/empty sshd + + # help fix broken perms caused by older ebuilds. + # can probably cut this after the next stage release. + chmod u+x "${ROOT}"/etc/skel/.ssh >& /dev/null + + ewarn "Remember to merge your config files in /etc/ssh/ and then" + ewarn "restart sshd: '/etc/init.d/sshd restart'." + if use pam ; then + echo + ewarn "Please be aware users need a valid shell in /etc/passwd" + ewarn "in order to be allowed to login." + fi +} diff --git a/net-misc/openssh/openssh-4.7_p1-r2.ebuild b/net-misc/openssh/openssh-4.7_p1-r2.ebuild new file mode 100644 index 00000000..f48331f8 --- /dev/null +++ b/net-misc/openssh/openssh-4.7_p1-r2.ebuild @@ -0,0 +1,165 @@ +# Copyright 1999-2007 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/openssh-4.7_p1-r2.ebuild,v 1.2 2007/10/08 22:29:37 vapier Exp $ + +inherit eutils flag-o-matic ccc multilib autotools pam + +# Make it more portable between straight releases +# and _p? releases. +PARCH=${P/_/} + +X509_PATCH="${PARCH}+x509-6.0.1.diff.gz" +LDAP_PATCH="${PARCH/openssh-4.7/openssh-lpk-4.6}-0.3.9.patch" +HPN_PATCH="${PARCH}-hpn12v18.diff.gz" + +DESCRIPTION="Port of OpenBSD's free SSH release" +HOMEPAGE="http://www.openssh.com/" +SRC_URI="mirror://openbsd/OpenSSH/portable/${PARCH}.tar.gz + ldap? ( http://dev.inversepath.com/openssh-lpk/${LDAP_PATCH} ) + X509? ( http://roumenpetrov.info/openssh/x509-6.0.1/${X509_PATCH} ) + hpn? ( http://www.psc.edu/networking/projects/hpn-ssh/${HPN_PATCH} )" + +LICENSE="as-is" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~sparc-fbsd ~x86 ~x86-fbsd" +IUSE="static pam tcpd kerberos skey selinux chroot X509 ldap smartcard hpn libedit X padlock" + +RDEPEND="pam? ( virtual/pam ) + kerberos? ( virtual/krb5 ) + selinux? ( >=sys-libs/libselinux-1.28 ) + skey? ( >=app-admin/skey-1.1.5-r1 ) + ldap? ( net-nds/openldap ) + libedit? ( dev-libs/libedit ) + >=dev-libs/openssl-0.9.6d + >=sys-libs/zlib-1.2.3 + smartcard? ( dev-libs/opensc ) + tcpd? ( >=sys-apps/tcp-wrappers-7.6 ) + X? ( x11-apps/xauth ) + userland_GNU? ( sys-apps/shadow )" +DEPEND="${RDEPEND} + dev-util/pkgconfig + virtual/os-headers + sys-devel/autoconf" +PROVIDE="virtual/ssh" + +S=${WORKDIR}/${PARCH} + +pkg_setup() { + # this sucks, but i'd rather have people unable to `emerge -u openssh` + # than not be able to log in to their server any more + maybe_fail() { [[ -z ${!2} ]] && use ${1} && echo ${1} ; } + local fail=" + $(maybe_fail X509 X509_PATCH) + $(maybe_fail ldap LDAP_PATCH) + " + fail=$(echo ${fail}) + if [[ -n ${fail} ]] ; then + eerror "Sorry, but this version does not yet support features" + eerror "that you requested: ${fail}" + eerror "Please mask ${PF} for now and check back later:" + eerror " # echo '=${CATEGORY}/${PF}' >> /etc/portage/package.mask" + die "booooo" + fi +} + +src_unpack() { + unpack ${PARCH}.tar.gz + cd "${S}" + + sed -i \ + -e '/_PATH_XAUTH/s:/usr/X11R6/bin/xauth:/usr/bin/xauth:' \ + pathnames.h || die + + use X509 && epatch "${DISTDIR}"/${X509_PATCH} "${FILESDIR}"/${PN}-4.4_p1-x509-hpn-glue.patch + use chroot && epatch "${FILESDIR}"/openssh-4.3_p1-chroot.patch + use smartcard && epatch "${FILESDIR}"/openssh-3.9_p1-opensc.patch + if ! use X509 ; then + if [[ -n ${LDAP_PATCH} ]] && use ldap ; then + epatch "${DISTDIR}"/${LDAP_PATCH} "${FILESDIR}"/${PN}-4.4_p1-ldap-hpn-glue.patch + fi + elif use ldap ; then + ewarn "Sorry, X509 and ldap don't get along, disabling ldap" + fi + [[ -n ${HPN_PATCH} ]] && use hpn && epatch "${DISTDIR}"/${HPN_PATCH} + epatch "${FILESDIR}"/${P}-GSSAPI-dns.patch #165444 + + # Use OpenSSL engines - padlock by default if available + use padlock && epatch "${FILESDIR}"/${P}-engines.patch + + sed -i "s:-lcrypto:$(pkg-config --libs openssl):" configure{,.ac} || die + + eautoreconf +} + +src_compile() { + addwrite /dev/ptmx + addpredict /etc/skey/skeykeys #skey configure code triggers this + + local myconf="" + if use static ; then + append-ldflags -static + use pam && ewarn "Disabling pam support becuse of static flag" + myconf="${myconf} --without-pam" + else + myconf="${myconf} $(use_with pam)" + fi + + econf \ + --with-ldflags="${LDFLAGS}" \ + --disable-strip \ + --sysconfdir=/etc/ssh \ + --libexecdir=/usr/$(get_libdir)/misc \ + --datadir=/usr/share/openssh \ + --disable-suid-ssh \ + --with-privsep-path=/var/empty \ + --with-privsep-user=sshd \ + --with-md5-passwords \ + --with-ssl-engine \ + $(use_with ldap) \ + $(use_with libedit) \ + $(use_with kerberos kerberos5 /usr) \ + $(use_with tcpd tcp-wrappers) \ + $(use_with selinux) \ + $(use_with skey) \ + $(use_with smartcard opensc) \ + ${myconf} \ + || die "bad configure" + emake || die "compile problem" +} + +src_install() { + emake install-nokeys DESTDIR="${D}" || die + fperms 600 /etc/ssh/sshd_config + dobin contrib/ssh-copy-id + newinitd "${FILESDIR}"/sshd.rc6 sshd + newconfd "${FILESDIR}"/sshd.confd sshd + keepdir /var/empty + + newpamd "${FILESDIR}"/sshd.pam_include.1 sshd + use pam \ + && dosed "/^#UsePAM /s:.*:UsePAM yes:" /etc/ssh/sshd_config \ + && dosed "/^#PasswordAuthentication /s:.*:PasswordAuthentication no:" /etc/ssh/sshd_config + + doman contrib/ssh-copy-id.1 + dodoc ChangeLog CREDITS OVERVIEW README* TODO sshd_config + + diropts -m 0700 + dodir /etc/skel/.ssh +} + +pkg_postinst() { + enewgroup sshd 22 + enewuser sshd 22 -1 /var/empty sshd + + # help fix broken perms caused by older ebuilds. + # can probably cut this after the next stage release. + chmod u+x "${ROOT}"/etc/skel/.ssh >& /dev/null + + ewarn "Remember to merge your config files in /etc/ssh/ and then" + ewarn "restart sshd: '/etc/init.d/sshd restart'." + if use pam ; then + echo + ewarn "Please be aware users need a valid shell in /etc/passwd" + ewarn "in order to be allowed to login." + fi +} -- cgit v1.2.3