[gentoo-commits] gentoo-x86 commit in net-misc/openssh: ChangeLog openssh-5.2_p1-r3.ebuild - gentoo-commits

From:	"Mike Frysinger (vapier)" <vapier@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] gentoo-x86 commit in net-misc/openssh: ChangeLog openssh-5.2_p1-r3.ebuild
Date:	Sun, 23 Aug 2009 10:37:50
Message-Id:	`E1MfASK-0007Ug-6y@stork.gentoo.org`

1

vapier      09/08/23 10:37:48

2

3

  Modified:             ChangeLog

4

  Added:                openssh-5.2_p1-r3.ebuild

5

  Log:

6

  Update x509 patch, update gsskex patch #279488 by Harald Barth, and update x509/hpn glue #270508 by BedOS_Gui.

7

  (Portage version: 2.2_rc38/cvs/Linux x86_64)

8

9

Revision  Changes    Path

10

1.358                net-misc/openssh/ChangeLog

11

12

file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-misc/openssh/ChangeLog?rev=1.358&view=markup

13

plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-misc/openssh/ChangeLog?rev=1.358&content-type=text/plain

14

diff : http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-misc/openssh/ChangeLog?r1=1.357&r2=1.358

15

16

Index: ChangeLog

17

===================================================================

18

RCS file: /var/cvsroot/gentoo-x86/net-misc/openssh/ChangeLog,v

19

retrieving revision 1.357

20

retrieving revision 1.358

21

diff -u -r1.357 -r1.358

22

--- ChangeLog	13 Aug 2009 06:30:33 -0000	1.357

23

+++ ChangeLog	23 Aug 2009 10:37:47 -0000	1.358

24

@@ -1,6 +1,14 @@

25

 # ChangeLog for net-misc/openssh

26

 # Copyright 1999-2009 Gentoo Foundation; Distributed under the GPL v2

27

-# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/ChangeLog,v 1.357 2009/08/13 06:30:33 vapier Exp $

28

+# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/ChangeLog,v 1.358 2009/08/23 10:37:47 vapier Exp $

29

+

30

+*openssh-5.2_p1-r3 (23 Aug 2009)

31

+

32

+  23 Aug 2009; Mike Frysinger <vapier@g.o> +openssh-5.2_p1-r3.ebuild,

33

+  +files/openssh-5.2_p1-gsskex-fix.patch,

34

+  +files/openssh-5.2_p1-x509-hpn-glue.patch:

35

+  Update x509 patch, update gsskex patch #279488 by Harald Barth, and update

36

+  x509/hpn glue #270508 by BedOS_Gui.

37

38

   13 Aug 2009; Mike Frysinger <vapier@g.o> openssh-5.0_p1-r2.ebuild,

39

   openssh-5.1_p1-r2.ebuild, openssh-5.1_p1-r3.ebuild,

1.1                  net-misc/openssh/openssh-5.2_p1-r3.ebuild

44

45

file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-misc/openssh/openssh-5.2_p1-r3.ebuild?rev=1.1&view=markup

46

plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-misc/openssh/openssh-5.2_p1-r3.ebuild?rev=1.1&content-type=text/plain

47

48

Index: openssh-5.2_p1-r3.ebuild

49

===================================================================

50

# Copyright 1999-2009 Gentoo Foundation

51

# Distributed under the terms of the GNU General Public License v2

52

# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/openssh-5.2_p1-r3.ebuild,v 1.1 2009/08/23 10:37:47 vapier Exp $

53

54

inherit eutils flag-o-matic multilib autotools pam

55

56

# Make it more portable between straight releases

57

# and _p? releases.

58

PARCH=${P/_/}

59

60

HPN_PATCH="${PARCH}-hpn13v6.diff.gz"

61

LDAP_PATCH="${PARCH/openssh/openssh-lpk}-0.3.11.patch.gz"

62

PKCS11_PATCH="${PARCH/p1}pkcs11-0.26.tar.bz2"

63

X509_VER="6.2.1" X509_PATCH="${PARCH}+x509-${X509_VER}.diff.gz"

64

65

DESCRIPTION="Port of OpenBSD's free SSH release"

66

HOMEPAGE="http://www.openssh.org/"

67

# HPN appears twice as sometimes Gentoo has a custom version of it.

68

SRC_URI="mirror://openbsd/OpenSSH/portable/${PARCH}.tar.gz

69

	http://www.sxw.org.uk/computing/patches/openssh-5.2p1-gsskex-all-20090726.patch

70

	${HPN_PATCH:+hpn? ( http://www.psc.edu/networking/projects/hpn-ssh/${HPN_PATCH} )}

71

	${LDAP_PATCH:+ldap? ( mirror://gentoo/${LDAP_PATCH} )}

72

	${PKCS11_PATCH:+pkcs11? ( http://alon.barlev.googlepages.com/${PKCS11_PATCH} )}

73

	${X509_PATCH:+X509? ( http://roumenpetrov.info/openssh/x509-${X509_VER}/${X509_PATCH} )}"

74

75

LICENSE="as-is"

76

SLOT="0"

77

KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~sparc-fbsd ~x86 ~x86-fbsd"

78

IUSE="hpn kerberos ldap libedit pam pkcs11 selinux skey smartcard static tcpd X X509"

79

80

RDEPEND="pam? ( virtual/pam )

81

	kerberos? ( virtual/krb5 )

82

	selinux? ( >=sys-libs/libselinux-1.28 )

83

	skey? ( >=sys-auth/skey-1.1.5-r1 )

84

	ldap? ( net-nds/openldap )

85

	libedit? ( dev-libs/libedit )

86

	>=dev-libs/openssl-0.9.6d

87

	>=sys-libs/zlib-1.2.3

88

	smartcard? ( dev-libs/opensc )

89

	pkcs11? ( dev-libs/pkcs11-helper )

90

	tcpd? ( >=sys-apps/tcp-wrappers-7.6 )

91

	X? ( x11-apps/xauth )

92

	userland_GNU? ( sys-apps/shadow )"

93

DEPEND="${RDEPEND}

94

	dev-util/pkgconfig

95

	virtual/os-headers

96

	sys-devel/autoconf"

97

RDEPEND="${RDEPEND}

98

	pam? ( >=sys-auth/pambase-20081028 )"

99

PROVIDE="virtual/ssh"

100

101

S=${WORKDIR}/${PARCH}

102

103

pkg_setup() {

104

	# this sucks, but i'd rather have people unable to `emerge -u openssh`

105

	# than not be able to log in to their server any more

106

	maybe_fail() { [[ -z ${!2} ]] && use ${1} && echo ${1} ; }

107

	local fail="

108

		$(maybe_fail ldap LDAP_PATCH)

109

		$(maybe_fail pkcs11 PKCS11_PATCH)

110

		$(maybe_fail X509 X509_PATCH)

111

"

112

	fail=$(echo ${fail})

113

	if [[ -n ${fail} ]] ; then

114

		eerror "Sorry, but this version does not yet support features"

115

		eerror "that you requested:	 ${fail}"

116

		eerror "Please mask ${PF} for now and check back later:"

117

		eerror " # echo '=${CATEGORY}/${PF}' >> /etc/portage/package.mask"

118

		die "booooo"

119

fi

120

}

121

122

src_unpack() {

123

	unpack ${PARCH}.tar.gz

124

	cd "${S}"

125

126

	sed -i \

127

		-e '/_PATH_XAUTH/s:/usr/X11R6/bin/xauth:/usr/bin/xauth:' \

128

		pathnames.h || die

129

130

	if use pkcs11 ; then

131

		cd "${WORKDIR}"

132

		unpack "${PKCS11_PATCH}"

133

		cd "${S}"

134

		EPATCH_OPTS="-p1" epatch "${WORKDIR}"/*pkcs11*/{1,2,4}*

135

		use X509 && EPATCH_OPTS="-R" epatch "${WORKDIR}"/*pkcs11*/1000_all_log.patch

136

fi

137

	use X509 && epatch "${DISTDIR}"/${X509_PATCH} "${FILESDIR}"/${P}-x509-hpn-glue.patch

138

	use smartcard && epatch "${FILESDIR}"/openssh-3.9_p1-opensc.patch

139

	if ! use X509 ; then

140

		if [[ -n ${LDAP_PATCH} ]] && use ldap ; then

141

			# The patch for bug 210110 64-bit stuff is now included.

142

			epatch "${DISTDIR}"/${LDAP_PATCH}

143

			epatch "${FILESDIR}"/${PN}-5.2p1-ldap-stdargs.diff #266654

144

fi

145

		epatch "${DISTDIR}"/openssh-5.2p1-gsskex-all-20090726.patch #115553 #216932 #279488

146

		epatch "${FILESDIR}"/${P}-gsskex-fix.patch

147

	else

148

		use ldap && ewarn "Sorry, X509 and ldap don't get along, disabling ldap"

149

fi

150

	#epatch "${FILESDIR}"/${PN}-4.7_p1-GSSAPI-dns.patch #165444 integrated into gsskex

151

	[[ -n ${HPN_PATCH} ]] && use hpn && epatch "${DISTDIR}"/${HPN_PATCH}

152

	epatch "${FILESDIR}"/${PN}-4.7p1-selinux.diff #191665

153

	epatch "${FILESDIR}"/${P}-autoconf.patch

154

155

	# in 5.2p1, the AES-CTR multithreaded variant is temporarily broken, and

156

	# causes random hangs when combined with the -f switch of ssh.

157

	# To avoid this, we change the internal table to use the non-multithread

158

	# version for the meantime.

159

	sed -i \

160

		-e '/aes...-ctr.*SSH_CIPHER_SSH2/s,evp_aes_ctr_mt,evp_aes_128_ctr,' \

161

		cipher.c || die

162

163

	sed -i "s:-lcrypto:$(pkg-config --libs openssl):" configure{,.ac} || die

164

165

	# Disable PATH reset, trust what portage gives us. bug 254615

166

	sed -i -e 's:^PATH=/:#PATH=/:' configure || die

167

168

	eautoreconf

169

}

170

171

static_use_with() {

172

	local flag=$1

173

	if use static && use ${flag} ; then

174

		ewarn "Disabling '${flag}' support because of USE='static'"

175

		# rebuild args so that we invert the first one (USE flag)

176

		# but otherwise leave everything else working so we can

177

		# just leverage use_with

178

		[[ -z $1 ]] && flag="${flag} ${flag}"

179

		shift

180

		set -- !${flag} "$@"

181

fi

182

	use_with "$@"

183

}

184

185

src_compile() {

186

	addwrite /dev/ptmx

187

	addpredict /etc/skey/skeykeys #skey configure code triggers this

188

189

	local myconf=""

190

	use static && append-ldflags -static

191

192

	econf \

193

		--with-ldflags="${LDFLAGS}" \

194

		--disable-strip \

195

		--sysconfdir=/etc/ssh \

196

		--libexecdir=/usr/$(get_libdir)/misc \

197

		--datadir=/usr/share/openssh \

198

		--with-privsep-path=/var/empty \

199

		--with-privsep-user=sshd \

200

		--with-md5-passwords \

201

		--with-ssl-engine \

202

		$(static_use_with pam) \

203

		$(static_use_with kerberos kerberos5 /usr) \

204

		${LDAP_PATCH:+$(use ldap && use_with ldap)} \

205

		$(use_with libedit) \

206

		${PKCS11_PATCH:+$(use pkcs11 && static_use_with pkcs11)} \

207

		$(use_with selinux) \

208

		$(use_with skey) \

209

		$(use_with smartcard opensc) \

210

		$(use_with tcpd tcp-wrappers) \

211

		${myconf} \

212

		|| die "bad configure"

213

	emake || die "compile problem"

214

}

215

216

src_install() {

217

	emake install-nokeys DESTDIR="${D}" || die

218

	fperms 600 /etc/ssh/sshd_config

219

	dobin contrib/ssh-copy-id

220

	newinitd "${FILESDIR}"/sshd.rc6 sshd

221

	newconfd "${FILESDIR}"/sshd.confd sshd

222

	keepdir /var/empty

223

224

	newpamd "${FILESDIR}"/sshd.pam_include.2 sshd

225

	if use pam ; then

226

		sed -i \

227

			-e "/^#UsePAM /s:.*:UsePAM yes:" \

228

			-e "/^#PasswordAuthentication /s:.*:PasswordAuthentication no:" \

229

			-e "/^#PrintMotd /s:.*:PrintMotd no:" \

230

			-e "/^#PrintLastLog /s:.*:PrintLastLog no:" \

231

			"${D}"/etc/ssh/sshd_config || die "sed of configuration file failed"

232

fi

233

234

	# This instruction is from the HPN webpage,

235

	# Used for the server logging functionality

236

	if [[ -n ${HPN_PATCH} ]] && use hpn; then

237

		keepdir /var/empty/dev

238

fi

239

240

	doman contrib/ssh-copy-id.1

241

	dodoc ChangeLog CREDITS OVERVIEW README* TODO sshd_config

242

243

	diropts -m 0700

244

	dodir /etc/skel/.ssh

245

}

246

247

src_test() {

248

	local t tests skipped failed passed shell

249

	tests="interop-tests compat-tests"

250

	skipped=""

251

	shell=$(getent passwd ${UID} | cut -d: -f7)

252

	if [[ ${shell} == */nologin ]] || [[ ${shell} == */false ]] ; then

253

		elog "Running the full OpenSSH testsuite"

254

		elog "requires a usable shell for the 'portage'"

255

		elog "user, so we will run a subset only."

256

		skipped="${skipped} tests"

257

	else

258

		tests="${tests} tests"

259

fi

260

	for t in ${tests} ; do

261

		# Some tests read from stdin ...

262

		emake -k -j1 ${t} </dev/null \

263

			&& passed="${passed}${t} " \

264

			|| failed="${failed}${t} "

265

	done

266

	einfo "Passed tests: ${passed}"

267

	ewarn "Skipped tests: ${skipped}"

268

	if [[ -n ${failed} ]] ; then

269

		ewarn "Failed tests: ${failed}"

270

		die "Some tests failed: ${failed}"

271

	else

272

		einfo "Failed tests: ${failed}"

273

		return 0

274

fi

275

}

276

277

pkg_postinst() {

278

	enewgroup sshd 22

279

	enewuser sshd 22 -1 /var/empty sshd

280

281

	# help fix broken perms caused by older ebuilds.

282

	# can probably cut this after the next stage release.

283

	chmod u+x "${ROOT}"/etc/skel/.ssh >& /dev/null

284

285

	ewarn "Remember to merge your config files in /etc/ssh/ and then"

286

	ewarn "reload sshd: '/etc/init.d/sshd reload'."

287

	if use pam ; then

288

		echo

289

		ewarn "Please be aware users need a valid shell in /etc/passwd"

290

		ewarn "in order to be allowed to login."

291

fi

292

	if use pkcs11 ; then

293

		echo

294

		einfo "For PKCS#11 you should also emerge one of the askpass softwares"

295

		einfo "Example: net-misc/x11-ssh-askpass"

296

fi

297

	# This instruction is from the HPN webpage,

298

	# Used for the server logging functionality

299

	if [[ -n ${HPN_PATCH} ]] && use hpn; then

300

		echo

301

		einfo "For the HPN server logging patch, you must ensure that"

302

		einfo "your syslog application also listens at /var/empty/dev/log."

303

fi

304

}

1	vapier 09/08/23 10:37:48
2
3	Modified: ChangeLog
4	Added: openssh-5.2_p1-r3.ebuild
5	Log:
6	Update x509 patch, update gsskex patch #279488 by Harald Barth, and update x509/hpn glue #270508 by BedOS_Gui.
7	(Portage version: 2.2_rc38/cvs/Linux x86_64)
8
9	Revision Changes Path
10	1.358 net-misc/openssh/ChangeLog
11
12	file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-misc/openssh/ChangeLog?rev=1.358&view=markup
13	plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-misc/openssh/ChangeLog?rev=1.358&content-type=text/plain
14	diff : http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-misc/openssh/ChangeLog?r1=1.357&r2=1.358
15
16	Index: ChangeLog
17	===================================================================
18	RCS file: /var/cvsroot/gentoo-x86/net-misc/openssh/ChangeLog,v
19	retrieving revision 1.357
20	retrieving revision 1.358
21	diff -u -r1.357 -r1.358
22	--- ChangeLog 13 Aug 2009 06:30:33 -0000 1.357
23	+++ ChangeLog 23 Aug 2009 10:37:47 -0000 1.358
24	@@ -1,6 +1,14 @@
25	# ChangeLog for net-misc/openssh
26	# Copyright 1999-2009 Gentoo Foundation; Distributed under the GPL v2
27	-# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/ChangeLog,v 1.357 2009/08/13 06:30:33 vapier Exp $
28	+# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/ChangeLog,v 1.358 2009/08/23 10:37:47 vapier Exp $
29	+
30	+*openssh-5.2_p1-r3 (23 Aug 2009)
31	+
32	+ 23 Aug 2009; Mike Frysinger <vapier@g.o> +openssh-5.2_p1-r3.ebuild,
33	+ +files/openssh-5.2_p1-gsskex-fix.patch,
34	+ +files/openssh-5.2_p1-x509-hpn-glue.patch:
35	+ Update x509 patch, update gsskex patch #279488 by Harald Barth, and update
36	+ x509/hpn glue #270508 by BedOS_Gui.
37
38	13 Aug 2009; Mike Frysinger <vapier@g.o> openssh-5.0_p1-r2.ebuild,
39	openssh-5.1_p1-r2.ebuild, openssh-5.1_p1-r3.ebuild,
40
41
42
43	1.1 net-misc/openssh/openssh-5.2_p1-r3.ebuild
44
45	file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-misc/openssh/openssh-5.2_p1-r3.ebuild?rev=1.1&view=markup
46	plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-misc/openssh/openssh-5.2_p1-r3.ebuild?rev=1.1&content-type=text/plain
47
48	Index: openssh-5.2_p1-r3.ebuild
49	===================================================================
50	# Copyright 1999-2009 Gentoo Foundation
51	# Distributed under the terms of the GNU General Public License v2
52	# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/openssh-5.2_p1-r3.ebuild,v 1.1 2009/08/23 10:37:47 vapier Exp $
53
54	inherit eutils flag-o-matic multilib autotools pam
55
56	# Make it more portable between straight releases
57	# and _p? releases.
58	PARCH=${P/_/}
59
60	HPN_PATCH="${PARCH}-hpn13v6.diff.gz"
61	LDAP_PATCH="${PARCH/openssh/openssh-lpk}-0.3.11.patch.gz"
62	PKCS11_PATCH="${PARCH/p1}pkcs11-0.26.tar.bz2"
63	X509_VER="6.2.1" X509_PATCH="${PARCH}+x509-${X509_VER}.diff.gz"
64
65	DESCRIPTION="Port of OpenBSD's free SSH release"
66	HOMEPAGE="http://www.openssh.org/"
67	# HPN appears twice as sometimes Gentoo has a custom version of it.
68	SRC_URI="mirror://openbsd/OpenSSH/portable/${PARCH}.tar.gz
69	http://www.sxw.org.uk/computing/patches/openssh-5.2p1-gsskex-all-20090726.patch
70	${HPN_PATCH:+hpn? ( http://www.psc.edu/networking/projects/hpn-ssh/${HPN_PATCH} )}
71	${LDAP_PATCH:+ldap? ( mirror://gentoo/${LDAP_PATCH} )}
72	${PKCS11_PATCH:+pkcs11? ( http://alon.barlev.googlepages.com/${PKCS11_PATCH} )}
73	${X509_PATCH:+X509? ( http://roumenpetrov.info/openssh/x509-${X509_VER}/${X509_PATCH} )}"
74
75	LICENSE="as-is"
76	SLOT="0"
77	KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~sparc-fbsd ~x86 ~x86-fbsd"
78	IUSE="hpn kerberos ldap libedit pam pkcs11 selinux skey smartcard static tcpd X X509"
79
80	RDEPEND="pam? ( virtual/pam )
81	kerberos? ( virtual/krb5 )
82	selinux? ( >=sys-libs/libselinux-1.28 )
83	skey? ( >=sys-auth/skey-1.1.5-r1 )
84	ldap? ( net-nds/openldap )
85	libedit? ( dev-libs/libedit )
86	>=dev-libs/openssl-0.9.6d
87	>=sys-libs/zlib-1.2.3
88	smartcard? ( dev-libs/opensc )
89	pkcs11? ( dev-libs/pkcs11-helper )
90	tcpd? ( >=sys-apps/tcp-wrappers-7.6 )
91	X? ( x11-apps/xauth )
92	userland_GNU? ( sys-apps/shadow )"
93	DEPEND="${RDEPEND}
94	dev-util/pkgconfig
95	virtual/os-headers
96	sys-devel/autoconf"
97	RDEPEND="${RDEPEND}
98	pam? ( >=sys-auth/pambase-20081028 )"
99	PROVIDE="virtual/ssh"
100
101	S=${WORKDIR}/${PARCH}
102
103	pkg_setup() {
104	# this sucks, but i'd rather have people unable to `emerge -u openssh`
105	# than not be able to log in to their server any more
106	maybe_fail() { [[ -z ${!2} ]] && use ${1} && echo ${1} ; }
107	local fail="
108	$(maybe_fail ldap LDAP_PATCH)
109	$(maybe_fail pkcs11 PKCS11_PATCH)
110	$(maybe_fail X509 X509_PATCH)
111	"
112	fail=$(echo ${fail})
113	if [[ -n ${fail} ]] ; then
114	eerror "Sorry, but this version does not yet support features"
115	eerror "that you requested: ${fail}"
116	eerror "Please mask ${PF} for now and check back later:"
117	eerror " # echo '=${CATEGORY}/${PF}' >> /etc/portage/package.mask"
118	die "booooo"
119	fi
120	}
121
122	src_unpack() {
123	unpack ${PARCH}.tar.gz
124	cd "${S}"
125
126	sed -i \
127	-e '/_PATH_XAUTH/s:/usr/X11R6/bin/xauth:/usr/bin/xauth:' \
128	pathnames.h \|\| die
129
130	if use pkcs11 ; then
131	cd "${WORKDIR}"
132	unpack "${PKCS11_PATCH}"
133	cd "${S}"
134	EPATCH_OPTS="-p1" epatch "${WORKDIR}"/pkcs11/{1,2,4}*
135	use X509 && EPATCH_OPTS="-R" epatch "${WORKDIR}"/pkcs11/1000_all_log.patch
136	fi
137	use X509 && epatch "${DISTDIR}"/${X509_PATCH} "${FILESDIR}"/${P}-x509-hpn-glue.patch
138	use smartcard && epatch "${FILESDIR}"/openssh-3.9_p1-opensc.patch
139	if ! use X509 ; then
140	if [[ -n ${LDAP_PATCH} ]] && use ldap ; then
141	# The patch for bug 210110 64-bit stuff is now included.
142	epatch "${DISTDIR}"/${LDAP_PATCH}
143	epatch "${FILESDIR}"/${PN}-5.2p1-ldap-stdargs.diff #266654
144	fi
145	epatch "${DISTDIR}"/openssh-5.2p1-gsskex-all-20090726.patch #115553 #216932 #279488
146	epatch "${FILESDIR}"/${P}-gsskex-fix.patch
147	else
148	use ldap && ewarn "Sorry, X509 and ldap don't get along, disabling ldap"
149	fi
150	#epatch "${FILESDIR}"/${PN}-4.7_p1-GSSAPI-dns.patch #165444 integrated into gsskex
151	[[ -n ${HPN_PATCH} ]] && use hpn && epatch "${DISTDIR}"/${HPN_PATCH}
152	epatch "${FILESDIR}"/${PN}-4.7p1-selinux.diff #191665
153	epatch "${FILESDIR}"/${P}-autoconf.patch
154
155	# in 5.2p1, the AES-CTR multithreaded variant is temporarily broken, and
156	# causes random hangs when combined with the -f switch of ssh.
157	# To avoid this, we change the internal table to use the non-multithread
158	# version for the meantime.
159	sed -i \
160	-e '/aes...-ctr.*SSH_CIPHER_SSH2/s,evp_aes_ctr_mt,evp_aes_128_ctr,' \
161	cipher.c \|\| die
162
163	sed -i "s:-lcrypto:$(pkg-config --libs openssl):" configure{,.ac} \|\| die
164
165	# Disable PATH reset, trust what portage gives us. bug 254615
166	sed -i -e 's:^PATH=/:#PATH=/:' configure \|\| die
167
168	eautoreconf
169	}
170
171	static_use_with() {
172	local flag=$1
173	if use static && use ${flag} ; then
174	ewarn "Disabling '${flag}' support because of USE='static'"
175	# rebuild args so that we invert the first one (USE flag)
176	# but otherwise leave everything else working so we can
177	# just leverage use_with
178	[[ -z $1 ]] && flag="${flag} ${flag}"
179	shift
180	set -- !${flag} "$@"
181	fi
182	use_with "$@"
183	}
184
185	src_compile() {
186	addwrite /dev/ptmx
187	addpredict /etc/skey/skeykeys #skey configure code triggers this
188
189	local myconf=""
190	use static && append-ldflags -static
191
192	econf \
193	--with-ldflags="${LDFLAGS}" \
194	--disable-strip \
195	--sysconfdir=/etc/ssh \
196	--libexecdir=/usr/$(get_libdir)/misc \
197	--datadir=/usr/share/openssh \
198	--with-privsep-path=/var/empty \
199	--with-privsep-user=sshd \
200	--with-md5-passwords \
201	--with-ssl-engine \
202	$(static_use_with pam) \
203	$(static_use_with kerberos kerberos5 /usr) \
204	${LDAP_PATCH:+$(use ldap && use_with ldap)} \
205	$(use_with libedit) \
206	${PKCS11_PATCH:+$(use pkcs11 && static_use_with pkcs11)} \
207	$(use_with selinux) \
208	$(use_with skey) \
209	$(use_with smartcard opensc) \
210	$(use_with tcpd tcp-wrappers) \
211	${myconf} \
212	\|\| die "bad configure"
213	emake \|\| die "compile problem"
214	}
215
216	src_install() {
217	emake install-nokeys DESTDIR="${D}" \|\| die
218	fperms 600 /etc/ssh/sshd_config
219	dobin contrib/ssh-copy-id
220	newinitd "${FILESDIR}"/sshd.rc6 sshd
221	newconfd "${FILESDIR}"/sshd.confd sshd
222	keepdir /var/empty
223
224	newpamd "${FILESDIR}"/sshd.pam_include.2 sshd
225	if use pam ; then
226	sed -i \
227	-e "/^#UsePAM /s:.*:UsePAM yes:" \
228	-e "/^#PasswordAuthentication /s:.*:PasswordAuthentication no:" \
229	-e "/^#PrintMotd /s:.*:PrintMotd no:" \
230	-e "/^#PrintLastLog /s:.*:PrintLastLog no:" \
231	"${D}"/etc/ssh/sshd_config \|\| die "sed of configuration file failed"
232	fi
233
234	# This instruction is from the HPN webpage,
235	# Used for the server logging functionality
236	if [[ -n ${HPN_PATCH} ]] && use hpn; then
237	keepdir /var/empty/dev
238	fi
239
240	doman contrib/ssh-copy-id.1
241	dodoc ChangeLog CREDITS OVERVIEW README* TODO sshd_config
242
243	diropts -m 0700
244	dodir /etc/skel/.ssh
245	}
246
247	src_test() {
248	local t tests skipped failed passed shell
249	tests="interop-tests compat-tests"
250	skipped=""
251	shell=$(getent passwd ${UID} \| cut -d: -f7)
252	if [[ ${shell} == /nologin ]] \|\| [[ ${shell} == /false ]] ; then
253	elog "Running the full OpenSSH testsuite"
254	elog "requires a usable shell for the 'portage'"
255	elog "user, so we will run a subset only."
256	skipped="${skipped} tests"
257	else
258	tests="${tests} tests"
259	fi
260	for t in ${tests} ; do
261	# Some tests read from stdin ...
262	emake -k -j1 ${t} </dev/null \
263	&& passed="${passed}${t} " \
264	\|\| failed="${failed}${t} "
265	done
266	einfo "Passed tests: ${passed}"
267	ewarn "Skipped tests: ${skipped}"
268	if [[ -n ${failed} ]] ; then
269	ewarn "Failed tests: ${failed}"
270	die "Some tests failed: ${failed}"
271	else
272	einfo "Failed tests: ${failed}"
273	return 0
274	fi
275	}
276
277	pkg_postinst() {
278	enewgroup sshd 22
279	enewuser sshd 22 -1 /var/empty sshd
280
281	# help fix broken perms caused by older ebuilds.
282	# can probably cut this after the next stage release.
283	chmod u+x "${ROOT}"/etc/skel/.ssh >& /dev/null
284
285	ewarn "Remember to merge your config files in /etc/ssh/ and then"
286	ewarn "reload sshd: '/etc/init.d/sshd reload'."
287	if use pam ; then
288	echo
289	ewarn "Please be aware users need a valid shell in /etc/passwd"
290	ewarn "in order to be allowed to login."
291	fi
292	if use pkcs11 ; then
293	echo
294	einfo "For PKCS#11 you should also emerge one of the askpass softwares"
295	einfo "Example: net-misc/x11-ssh-askpass"
296	fi
297	# This instruction is from the HPN webpage,
298	# Used for the server logging functionality
299	if [[ -n ${HPN_PATCH} ]] && use hpn; then
300	echo
301	einfo "For the HPN server logging patch, you must ensure that"
302	einfo "your syslog application also listens at /var/empty/dev/log."
303	fi
304	}

Gentoo Archives: gentoo-commits