diff options
author | Tim Harder <radhermit@gentoo.org> | 2013-07-18 20:15:32 +0000 |
---|---|---|
committer | Tim Harder <radhermit@gentoo.org> | 2013-07-18 20:15:32 +0000 |
commit | a4b5011dc4dc7f0d8d97a2a6c9eee2a9fb2d3679 (patch) | |
tree | 6ceefe8fc49f72b6350c67d359be9127d722967c /net-misc/openssh | |
parent | Fix xauth path (bug #477304 by Tobias Klausmann) and move into ~arch. (diff) | |
download | gentoo-2-a4b5011dc4dc7f0d8d97a2a6c9eee2a9fb2d3679.tar.gz gentoo-2-a4b5011dc4dc7f0d8d97a2a6c9eee2a9fb2d3679.tar.bz2 gentoo-2-a4b5011dc4dc7f0d8d97a2a6c9eee2a9fb2d3679.zip |
Remove old.
(Portage version: 2.2.0_alpha188/cvs/Linux x86_64, signed Manifest commit with key 4AB3E85B4F064CA3)
Diffstat (limited to 'net-misc/openssh')
-rw-r--r-- | net-misc/openssh/ChangeLog | 11 | ||||
-rw-r--r-- | net-misc/openssh/files/openssh-5.2_p1-autoconf.patch | 15 | ||||
-rw-r--r-- | net-misc/openssh/files/openssh-5.2_p1-gsskex-fix.patch | 16 | ||||
-rw-r--r-- | net-misc/openssh/files/openssh-5.2_p1-x509-hpn-glue.patch | 91 | ||||
-rw-r--r-- | net-misc/openssh/files/openssh-5.6_p1-x509-hpn-glue.patch | 60 | ||||
-rw-r--r-- | net-misc/openssh/files/openssh-5.7_p1-x509-hpn-glue.patch | 60 | ||||
-rw-r--r-- | net-misc/openssh/files/openssh-5.8_p1-selinux.patch | 18 | ||||
-rw-r--r-- | net-misc/openssh/openssh-6.0_p1.ebuild | 294 | ||||
-rw-r--r-- | net-misc/openssh/openssh-6.1_p1.ebuild | 294 | ||||
-rw-r--r-- | net-misc/openssh/openssh-6.2_p2-r1.ebuild | 321 | ||||
-rw-r--r-- | net-misc/openssh/openssh-6.2_p2.ebuild | 321 |
11 files changed, 10 insertions, 1491 deletions
diff --git a/net-misc/openssh/ChangeLog b/net-misc/openssh/ChangeLog index 4afb176dcf6e..230f1ece1b17 100644 --- a/net-misc/openssh/ChangeLog +++ b/net-misc/openssh/ChangeLog @@ -1,6 +1,15 @@ # ChangeLog for net-misc/openssh # Copyright 1999-2013 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/ChangeLog,v 1.477 2013/07/18 20:04:58 radhermit Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/ChangeLog,v 1.478 2013/07/18 20:15:31 radhermit Exp $ + + 18 Jul 2013; Tim Harder <radhermit@gentoo.org> -openssh-6.0_p1.ebuild, + -openssh-6.1_p1.ebuild, -openssh-6.2_p2.ebuild, -openssh-6.2_p2-r1.ebuild, + -files/openssh-5.2_p1-autoconf.patch, -files/openssh-5.2_p1-gsskex-fix.patch, + -files/openssh-5.2_p1-x509-hpn-glue.patch, + -files/openssh-5.6_p1-x509-hpn-glue.patch, + -files/openssh-5.7_p1-x509-hpn-glue.patch, + -files/openssh-5.8_p1-selinux.patch: + Remove old. *openssh-6.2_p2-r2 (18 Jul 2013) diff --git a/net-misc/openssh/files/openssh-5.2_p1-autoconf.patch b/net-misc/openssh/files/openssh-5.2_p1-autoconf.patch deleted file mode 100644 index 24ad7a9cf426..000000000000 --- a/net-misc/openssh/files/openssh-5.2_p1-autoconf.patch +++ /dev/null @@ -1,15 +0,0 @@ -workaround problems with autoconf-2.63 - -http://lists.gnu.org/archive/html/autoconf/2009-04/msg00007.html - ---- a/configure.ac -+++ b/configure.ac -@@ -3603,7 +3603,7 @@ - #include <shadow.h> - struct spwd sp; - ],[ sp.sp_expire = sp.sp_lstchg = sp.sp_inact = 0; ], -- [ sp_expire_available=yes ], [] -+ [ sp_expire_available=yes ], [:] - ) - - if test "x$sp_expire_available" = "xyes" ; then diff --git a/net-misc/openssh/files/openssh-5.2_p1-gsskex-fix.patch b/net-misc/openssh/files/openssh-5.2_p1-gsskex-fix.patch deleted file mode 100644 index 8112d6252f25..000000000000 --- a/net-misc/openssh/files/openssh-5.2_p1-gsskex-fix.patch +++ /dev/null @@ -1,16 +0,0 @@ ---- clientloop.c -+++ clientloop.c -@@ -1434,11 +1434,13 @@ - if (!rekeying) { - channel_after_select(readset, writeset); - -+#ifdef GSSAPI - if (options.gss_renewal_rekey && - ssh_gssapi_credentials_updated(GSS_C_NO_CONTEXT)) { - debug("credentials updated - forcing rekey"); - need_rekeying = 1; - } -+#endif - - if (need_rekeying || packet_need_rekeying()) { - debug("need rekeying"); diff --git a/net-misc/openssh/files/openssh-5.2_p1-x509-hpn-glue.patch b/net-misc/openssh/files/openssh-5.2_p1-x509-hpn-glue.patch deleted file mode 100644 index 9428b74f3ca0..000000000000 --- a/net-misc/openssh/files/openssh-5.2_p1-x509-hpn-glue.patch +++ /dev/null @@ -1,91 +0,0 @@ -Move things around so hpn applies cleanly when using X509. - ---- openssh-5.2p1+x509/Makefile.in -+++ openssh-5.2p1+x509/Makefile.in -@@ -44,11 +44,12 @@ - CC=@CC@ - LD=@LD@ - CFLAGS=@CFLAGS@ --CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ @LDAP_CPPFLAGS@ $(PATHS) @DEFS@ -+CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@ - LIBS=@LIBS@ - SSHDLIBS=@SSHDLIBS@ - LIBEDIT=@LIBEDIT@ - LIBLDAP=@LDAP_LDFLAGS@ @LDAP_LIBS@ -+CPPFLAGS += @LDAP_CPPFLAGS@ - AR=@AR@ - AWK=@AWK@ - RANLIB=@RANLIB@ ---- openssh-5.2p1+x509/servconf.c -+++ openssh-5.2p1+x509/servconf.c -@@ -108,6 +108,17 @@ - options->log_level = SYSLOG_LEVEL_NOT_SET; - options->rhosts_rsa_authentication = -1; - options->hostbased_authentication = -1; -+ options->hostbased_algorithms = NULL; -+ options->pubkey_algorithms = NULL; -+ ssh_x509flags_initialize(&options->x509flags, 1); -+#ifndef SSH_X509STORE_DISABLED -+ ssh_x509store_initialize(&options->ca); -+#endif /*ndef SSH_X509STORE_DISABLED*/ -+#ifdef SSH_OCSP_ENABLED -+ options->va.type = -1; -+ options->va.certificate_file = NULL; -+ options->va.responder_url = NULL; -+#endif /*def SSH_OCSP_ENABLED*/ - options->hostbased_uses_name_from_packet_only = -1; - options->rsa_authentication = -1; - options->pubkey_authentication = -1; -@@ -152,18 +163,6 @@ - options->adm_forced_command = NULL; - options->chroot_directory = NULL; - options->zero_knowledge_password_authentication = -1; -- -- options->hostbased_algorithms = NULL; -- options->pubkey_algorithms = NULL; -- ssh_x509flags_initialize(&options->x509flags, 1); --#ifndef SSH_X509STORE_DISABLED -- ssh_x509store_initialize(&options->ca); --#endif /*ndef SSH_X509STORE_DISABLED*/ --#ifdef SSH_OCSP_ENABLED -- options->va.type = -1; -- options->va.certificate_file = NULL; -- options->va.responder_url = NULL; --#endif /*def SSH_OCSP_ENABLED*/ - } - - void -@@ -341,6 +340,16 @@ - /* Portable-specific options */ - sUsePAM, - /* Standard Options */ -+ sHostbasedAlgorithms, -+ sPubkeyAlgorithms, -+ sX509KeyAlgorithm, -+ sAllowedClientCertPurpose, -+ sKeyAllowSelfIssued, sMandatoryCRL, -+ sCACertificateFile, sCACertificatePath, -+ sCARevocationFile, sCARevocationPath, -+ sCAldapVersion, sCAldapURL, -+ sVAType, sVACertificateFile, -+ sVAOCSPResponderURL, - sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime, - sPermitRootLogin, sLogFacility, sLogLevel, - sRhostsRSAAuthentication, sRSAAuthentication, -@@ -364,16 +373,6 @@ - sMatch, sPermitOpen, sForceCommand, sChrootDirectory, - sUsePrivilegeSeparation, sAllowAgentForwarding, - sZeroKnowledgePasswordAuthentication, -- sHostbasedAlgorithms, -- sPubkeyAlgorithms, -- sX509KeyAlgorithm, -- sAllowedClientCertPurpose, -- sKeyAllowSelfIssued, sMandatoryCRL, -- sCACertificateFile, sCACertificatePath, -- sCARevocationFile, sCARevocationPath, -- sCAldapVersion, sCAldapURL, -- sVAType, sVACertificateFile, -- sVAOCSPResponderURL, - sDeprecated, sUnsupported - } ServerOpCodes; - diff --git a/net-misc/openssh/files/openssh-5.6_p1-x509-hpn-glue.patch b/net-misc/openssh/files/openssh-5.6_p1-x509-hpn-glue.patch deleted file mode 100644 index e793311f5f6b..000000000000 --- a/net-misc/openssh/files/openssh-5.6_p1-x509-hpn-glue.patch +++ /dev/null @@ -1,60 +0,0 @@ -Move things around so hpn applies cleanly when using X509. - ---- a/Makefile.in -+++ b/Makefile.in -@@ -46,11 +46,12 @@ - CC=@CC@ - LD=@LD@ - CFLAGS=@CFLAGS@ --CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ @LDAP_CPPFLAGS@ $(PATHS) @DEFS@ -+CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@ - LIBS=@LIBS@ - SSHDLIBS=@SSHDLIBS@ - LIBEDIT=@LIBEDIT@ - LIBLDAP=@LDAP_LDFLAGS@ @LDAP_LIBS@ -+CPPFLAGS+=@LDAP_CPPFLAGS@ - AR=@AR@ - AWK=@AWK@ - RANLIB=@RANLIB@ ---- a/servconf.c -+++ b/servconf.c -@@ -153,9 +153,6 @@ initialize_server_options(ServerOptions *options) - options->adm_forced_command = NULL; - options->chroot_directory = NULL; - options->zero_knowledge_password_authentication = -1; -- options->revoked_keys_file = NULL; -- options->trusted_user_ca_keys = NULL; -- options->authorized_principals_file = NULL; - - options->hostbased_algorithms = NULL; - options->pubkey_algorithms = NULL; -@@ -168,6 +165,9 @@ initialize_server_options(ServerOptions *options) - options->va.certificate_file = NULL; - options->va.responder_url = NULL; - #endif /*def SSH_OCSP_ENABLED*/ -+ options->revoked_keys_file = NULL; -+ options->trusted_user_ca_keys = NULL; -+ options->authorized_principals_file = NULL; - } - - void -@@ -367,9 +367,6 @@ typedef enum { - sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2, - sGssAuthentication, sGssCleanupCreds, sAcceptEnv, sPermitTunnel, - sMatch, sPermitOpen, sForceCommand, sChrootDirectory, -- sUsePrivilegeSeparation, sAllowAgentForwarding, -- sZeroKnowledgePasswordAuthentication, sHostCertificate, -- sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile, - sHostbasedAlgorithms, - sPubkeyAlgorithms, - sX509KeyAlgorithm, -@@ -380,6 +377,9 @@ typedef enum { - sCAldapVersion, sCAldapURL, - sVAType, sVACertificateFile, - sVAOCSPResponderURL, -+ sUsePrivilegeSeparation, sAllowAgentForwarding, -+ sZeroKnowledgePasswordAuthentication, sHostCertificate, -+ sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile, - sDeprecated, sUnsupported - } ServerOpCodes; - diff --git a/net-misc/openssh/files/openssh-5.7_p1-x509-hpn-glue.patch b/net-misc/openssh/files/openssh-5.7_p1-x509-hpn-glue.patch deleted file mode 100644 index ee3e7574764e..000000000000 --- a/net-misc/openssh/files/openssh-5.7_p1-x509-hpn-glue.patch +++ /dev/null @@ -1,60 +0,0 @@ -Move things around so hpn applies cleanly when using X509. - ---- a/Makefile.in -+++ b/Makefile.in -@@ -46,11 +46,12 @@ - CC=@CC@ - LD=@LD@ - CFLAGS=@CFLAGS@ --CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ @LDAP_CPPFLAGS@ $(PATHS) @DEFS@ -+CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@ - LIBS=@LIBS@ - SSHDLIBS=@SSHDLIBS@ - LIBEDIT=@LIBEDIT@ - LIBLDAP=@LDAP_LDFLAGS@ @LDAP_LIBS@ -+CPPFLAGS+=@LDAP_CPPFLAGS@ - AR=@AR@ - AWK=@AWK@ - RANLIB=@RANLIB@ ---- a/servconf.c -+++ b/servconf.c -@@ -153,9 +153,6 @@ initialize_server_options(ServerOptions *options) - options->zero_knowledge_password_authentication = -1; - options->revoked_keys_file = NULL; - options->trusted_user_ca_keys = NULL; -- options->authorized_principals_file = NULL; -- options->ip_qos_interactive = -1; -- options->ip_qos_bulk = -1; - - options->hostbased_algorithms = NULL; - options->pubkey_algorithms = NULL; -@@ -168,6 +165,9 @@ initialize_server_options(ServerOptions *options) - options->va.certificate_file = NULL; - options->va.responder_url = NULL; - #endif /*def SSH_OCSP_ENABLED*/ -+ options->authorized_principals_file = NULL; -+ options->ip_qos_interactive = -1; -+ options->ip_qos_bulk = -1; - } - - void -@@ -367,9 +367,6 @@ typedef enum { - sGssAuthentication, sGssCleanupCreds, sAcceptEnv, sPermitTunnel, - sMatch, sPermitOpen, sForceCommand, sChrootDirectory, - sUsePrivilegeSeparation, sAllowAgentForwarding, -- sZeroKnowledgePasswordAuthentication, sHostCertificate, -- sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile, -- sKexAlgorithms, sIPQoS, - sHostbasedAlgorithms, - sPubkeyAlgorithms, - sX509KeyAlgorithm, -@@ -380,6 +377,9 @@ typedef enum { - sCAldapVersion, sCAldapURL, - sVAType, sVACertificateFile, - sVAOCSPResponderURL, -+ sZeroKnowledgePasswordAuthentication, sHostCertificate, -+ sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile, -+ sKexAlgorithms, sIPQoS, - sDeprecated, sUnsupported - } ServerOpCodes; - diff --git a/net-misc/openssh/files/openssh-5.8_p1-selinux.patch b/net-misc/openssh/files/openssh-5.8_p1-selinux.patch deleted file mode 100644 index 7be2879f9a65..000000000000 --- a/net-misc/openssh/files/openssh-5.8_p1-selinux.patch +++ /dev/null @@ -1,18 +0,0 @@ -http://bugs.gentoo.org/354247 - -[openbsd-compat/port-linux.c] Bug #1851: fix syntax error in - selinux code. Patch from Leonardo Chiquitto. - -/* $Id: openssh-5.8_p1-selinux.patch,v 1.1 2011/02/10 02:44:53 vapier Exp $ */ - ---- a/openbsd-compat/port-linux.c -+++ b/openbsd-compat/port-linux.c -@@ -213,7 +213,7 @@ - - if (!ssh_selinux_enabled()) - return; -- if (path == NULL) -+ if (path == NULL) { - setfscreatecon(NULL); - return; - } diff --git a/net-misc/openssh/openssh-6.0_p1.ebuild b/net-misc/openssh/openssh-6.0_p1.ebuild deleted file mode 100644 index cd28fb2b3ae5..000000000000 --- a/net-misc/openssh/openssh-6.0_p1.ebuild +++ /dev/null @@ -1,294 +0,0 @@ -# Copyright 1999-2013 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/openssh-6.0_p1.ebuild,v 1.11 2013/01/18 01:14:14 robbat2 Exp $ - -EAPI="2" -inherit eutils user flag-o-matic multilib autotools pam systemd - -# Make it more portable between straight releases -# and _p? releases. -PARCH=${P/_} - -HPN_PATCH="${PARCH}-hpn13v12.diff.gz" -LDAP_PATCH="${PARCH/-/-lpk-}-0.3.14.patch.gz" -X509_VER="7.1" X509_PATCH="${PARCH}+x509-${X509_VER}.diff.gz" - -DESCRIPTION="Port of OpenBSD's free SSH release" -HOMEPAGE="http://www.openssh.org/" -SRC_URI="mirror://openbsd/OpenSSH/portable/${PARCH}.tar.gz - ${HPN_PATCH:+hpn? ( http://www.psc.edu/networking/projects/hpn-ssh/${HPN_PATCH} mirror://gentoo/${HPN_PATCH} )} - ${LDAP_PATCH:+ldap? ( mirror://gentoo/${LDAP_PATCH} )} - ${X509_PATCH:+X509? ( http://roumenpetrov.info/openssh/x509-${X509_VER}/${X509_PATCH} )} - " - -LICENSE="BSD GPL-2" -SLOT="0" -KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd" -IUSE="bindist ${HPN_PATCH:++}hpn kerberos ldap libedit pam selinux skey static tcpd X X509" - -RDEPEND="pam? ( virtual/pam ) - kerberos? ( virtual/krb5 ) - selinux? ( >=sys-libs/libselinux-1.28 ) - skey? ( >=sys-auth/skey-1.1.5-r1 ) - ldap? ( net-nds/openldap ) - libedit? ( dev-libs/libedit ) - >=dev-libs/openssl-0.9.6d:0[bindist=] - >=sys-libs/zlib-1.2.3 - tcpd? ( >=sys-apps/tcp-wrappers-7.6 ) - X? ( x11-apps/xauth ) - userland_GNU? ( virtual/shadow )" -DEPEND="${RDEPEND} - virtual/pkgconfig - virtual/os-headers - sys-devel/autoconf" -RDEPEND="${RDEPEND} - pam? ( >=sys-auth/pambase-20081028 )" - -S=${WORKDIR}/${PARCH} - -pkg_setup() { - # this sucks, but i'd rather have people unable to `emerge -u openssh` - # than not be able to log in to their server any more - maybe_fail() { [[ -z ${!2} ]] && echo ${1} ; } - local fail=" - $(use X509 && maybe_fail X509 X509_PATCH) - $(use ldap && maybe_fail ldap LDAP_PATCH) - $(use hpn && maybe_fail hpn HPN_PATCH) - " - fail=$(echo ${fail}) - if [[ -n ${fail} ]] ; then - eerror "Sorry, but this version does not yet support features" - eerror "that you requested: ${fail}" - eerror "Please mask ${PF} for now and check back later:" - eerror " # echo '=${CATEGORY}/${PF}' >> /etc/portage/package.mask" - die "booooo" - fi -} - -save_version() { - # version.h patch conflict avoidence - mv version.h version.h.$1 - cp -f version.h.pristine version.h -} - -src_prepare() { - sed -i \ - -e '/_PATH_XAUTH/s:/usr/X11R6/bin/xauth:/usr/bin/xauth:' \ - pathnames.h || die - # keep this as we need it to avoid the conflict between LPK and HPN changing - # this file. - cp version.h version.h.pristine - - # don't break .ssh/authorized_keys2 for fun - sed -i '/^AuthorizedKeysFile/s:^:#:' sshd_config || die - - epatch "${FILESDIR}"/${PN}-5.9_p1-sshd-gssapi-multihomed.patch #378361 - if use X509 ; then - pushd .. >/dev/null - epatch "${FILESDIR}"/${PN}-6.0_p1-x509-glue.patch - popd >/dev/null - epatch "${WORKDIR}"/${X509_PATCH%.*} - epatch "${FILESDIR}"/${PN}-6.0_p1-x509-hpn-glue.patch - save_version X509 - fi - if ! use X509 ; then - if [[ -n ${LDAP_PATCH} ]] && use ldap ; then - epatch "${WORKDIR}"/${LDAP_PATCH%.*} - save_version LPK - fi - else - use ldap && ewarn "Sorry, X509 and LDAP conflict internally, disabling LDAP" - fi - epatch "${FILESDIR}"/${PN}-6.0_p1-test.patch #391011 - epatch "${FILESDIR}"/${PN}-6.0_p1-fix-freebsd-compilation.patch #391011 - epatch "${FILESDIR}"/${PN}-4.7_p1-GSSAPI-dns.patch #165444 integrated into gsskex - if [[ -n ${HPN_PATCH} ]] && use hpn; then - epatch "${WORKDIR}"/${HPN_PATCH%.*} - epatch "${FILESDIR}"/${PN}-6.0_p1-hpn-progressmeter.patch - save_version HPN - # The AES-CTR multithreaded variant is broken, and causes random hangs - # when combined background threading and control sockets. To avoid - # this, we change the internal table to use the non-multithread version - # for the meantime. Do NOT remove this in new versions. See bug #354113 - # comment #6 for testcase. - # Upstream reference: http://www.psc.edu/networking/projects/hpn-ssh/ - ## Additionally, the MT-AES-CTR mode cipher replaces the default ST-AES-CTR mode - ## cipher. Be aware that if the client process is forked using the -f command line - ## option the process will hang as the parent thread gets 'divorced' from the key - ## generation threads. This issue will be resolved as soon as possible - sed -i \ - -e '/aes...-ctr.*SSH_CIPHER_SSH2/s,evp_aes_ctr_mt,evp_aes_128_ctr,' \ - cipher.c || die - fi - - sed -i "s:-lcrypto:$(pkg-config --libs openssl):" configure{,.ac} || die - - # Disable PATH reset, trust what portage gives us. bug 254615 - sed -i -e 's:^PATH=/:#PATH=/:' configure || die - - # Now we can build a sane merged version.h - ( - sed '/^#define SSH_RELEASE/d' version.h.* | sort -u - macros=() - for p in HPN LPK X509 ; do [ -e version.h.${p} ] && macros+=( SSH_${p} ) ; done - printf '#define SSH_RELEASE SSH_VERSION SSH_PORTABLE %s\n' "${macros}" - ) > version.h - - eautoreconf -} - -static_use_with() { - local flag=$1 - if use static && use ${flag} ; then - ewarn "Disabling '${flag}' support because of USE='static'" - # rebuild args so that we invert the first one (USE flag) - # but otherwise leave everything else working so we can - # just leverage use_with - shift - [[ -z $1 ]] && flag="${flag} ${flag}" - set -- !${flag} "$@" - fi - use_with "$@" -} - -src_configure() { - addwrite /dev/ptmx - addpredict /etc/skey/skeykeys #skey configure code triggers this - - use static && append-ldflags -static - - econf \ - --with-ldflags="${LDFLAGS}" \ - --disable-strip \ - --sysconfdir=/etc/ssh \ - --libexecdir=/usr/$(get_libdir)/misc \ - --datadir=/usr/share/openssh \ - --with-privsep-path=/var/empty \ - --with-privsep-user=sshd \ - --with-md5-passwords \ - --with-ssl-engine \ - $(static_use_with pam) \ - $(static_use_with kerberos kerberos5 /usr) \ - ${LDAP_PATCH:+$(use X509 || ( use ldap && use_with ldap ))} \ - $(use_with libedit) \ - $(use_with selinux) \ - $(use_with skey) \ - $(use_with tcpd tcp-wrappers) -} - -src_install() { - emake install-nokeys DESTDIR="${D}" || die - fperms 600 /etc/ssh/sshd_config - dobin contrib/ssh-copy-id || die - newinitd "${FILESDIR}"/sshd.rc6.3 sshd - newconfd "${FILESDIR}"/sshd.confd sshd - keepdir /var/empty - - # not all openssl installs support ecc, or are functional #352645 - if ! grep -q '#define OPENSSL_HAS_ECC 1' config.h ; then - elog "dev-libs/openssl was built with 'bindist' - disabling ecdsa support" - dosed 's:&& gen_key ecdsa::' /etc/init.d/sshd || die - fi - - newpamd "${FILESDIR}"/sshd.pam_include.2 sshd - if use pam ; then - sed -i \ - -e "/^#UsePAM /s:.*:UsePAM yes:" \ - -e "/^#PasswordAuthentication /s:.*:PasswordAuthentication no:" \ - -e "/^#PrintMotd /s:.*:PrintMotd no:" \ - -e "/^#PrintLastLog /s:.*:PrintLastLog no:" \ - "${D}"/etc/ssh/sshd_config || die "sed of configuration file failed" - fi - - # Gentoo tweaks to default config files - cat <<-EOF >> "${D}"/etc/ssh/sshd_config - - # Allow client to pass locale environment variables #367017 - AcceptEnv LANG LC_* - EOF - cat <<-EOF >> "${D}"/etc/ssh/ssh_config - - # Send locale environment variables #367017 - SendEnv LANG LC_* - EOF - - # This instruction is from the HPN webpage, - # Used for the server logging functionality - if [[ -n ${HPN_PATCH} ]] && use hpn ; then - keepdir /var/empty/dev - fi - - if use ldap ; then - insinto /etc/openldap/schema/ - newins openssh-lpk_openldap.schema openssh-lpk.schema - fi - - doman contrib/ssh-copy-id.1 - dodoc ChangeLog CREDITS OVERVIEW README* TODO sshd_config - - diropts -m 0700 - dodir /etc/skel/.ssh - - systemd_dounit "${FILESDIR}"/sshd.{service,socket} || die - systemd_newunit "${FILESDIR}"/sshd_at.service 'sshd@.service' || die -} - -src_test() { - local t tests skipped failed passed shell - tests="interop-tests compat-tests" - skipped="" - shell=$(egetshell ${UID}) - if [[ ${shell} == */nologin ]] || [[ ${shell} == */false ]] ; then - elog "Running the full OpenSSH testsuite" - elog "requires a usable shell for the 'portage'" - elog "user, so we will run a subset only." - skipped="${skipped} tests" - else - tests="${tests} tests" - fi - # It will also attempt to write to the homedir .ssh - local sshhome=${T}/homedir - mkdir -p "${sshhome}"/.ssh - for t in ${tests} ; do - # Some tests read from stdin ... - HOMEDIR="${sshhome}" \ - emake -k -j1 ${t} </dev/null \ - && passed="${passed}${t} " \ - || failed="${failed}${t} " - done - einfo "Passed tests: ${passed}" - ewarn "Skipped tests: ${skipped}" - if [[ -n ${failed} ]] ; then - ewarn "Failed tests: ${failed}" - die "Some tests failed: ${failed}" - else - einfo "Failed tests: ${failed}" - return 0 - fi -} - -pkg_preinst() { - enewgroup sshd 22 - enewuser sshd 22 -1 /var/empty sshd -} - -pkg_postinst() { - elog "Starting with openssh-5.8p1, the server will default to a newer key" - elog "algorithm (ECDSA). You are encouraged to manually update your stored" - elog "keys list as servers update theirs. See ssh-keyscan(1) for more info." - echo - ewarn "Remember to merge your config files in /etc/ssh/ and then" - ewarn "reload sshd: '/etc/init.d/sshd reload'." - if use pam ; then - echo - ewarn "Please be aware users need a valid shell in /etc/passwd" - ewarn "in order to be allowed to login." - fi - # This instruction is from the HPN webpage, - # Used for the server logging functionality - if [[ -n ${HPN_PATCH} ]] && use hpn ; then - echo - einfo "For the HPN server logging patch, you must ensure that" - einfo "your syslog application also listens at /var/empty/dev/log." - fi -} diff --git a/net-misc/openssh/openssh-6.1_p1.ebuild b/net-misc/openssh/openssh-6.1_p1.ebuild deleted file mode 100644 index 057482cbbdfc..000000000000 --- a/net-misc/openssh/openssh-6.1_p1.ebuild +++ /dev/null @@ -1,294 +0,0 @@ -# Copyright 1999-2013 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/openssh-6.1_p1.ebuild,v 1.9 2013/01/18 01:14:14 robbat2 Exp $ - -EAPI="4" -inherit eutils user flag-o-matic multilib autotools pam systemd - -# Make it more portable between straight releases -# and _p? releases. -PARCH=${P/_} - -HPN_PATCH="${PARCH}-hpn13v11.diff.bz2" -LDAP_PATCH="${PARCH/-/-lpk-}-0.3.14.patch.gz" -X509_VER="7.2.1" X509_PATCH="${PARCH}+x509-${X509_VER}.diff.gz" - -DESCRIPTION="Port of OpenBSD's free SSH release" -HOMEPAGE="http://www.openssh.org/" -SRC_URI="mirror://openbsd/OpenSSH/portable/${PARCH}.tar.gz - ${HPN_PATCH:+hpn? ( http://www.psc.edu/networking/projects/hpn-ssh/${HPN_PATCH} mirror://gentoo/${HPN_PATCH} )} - ${LDAP_PATCH:+ldap? ( mirror://gentoo/${LDAP_PATCH} )} - ${X509_PATCH:+X509? ( http://roumenpetrov.info/openssh/x509-${X509_VER}/${X509_PATCH} )} - " - -LICENSE="BSD GPL-2" -SLOT="0" -KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd" -IUSE="bindist ${HPN_PATCH:++}hpn kerberos ldap libedit pam selinux skey static tcpd X X509" - -LIB_DEPEND="selinux? ( >=sys-libs/libselinux-1.28[static-libs(+)] ) - skey? ( >=sys-auth/skey-1.1.5-r1[static-libs(+)] ) - libedit? ( dev-libs/libedit[static-libs(+)] ) - >=dev-libs/openssl-0.9.6d:0[bindist=] - dev-libs/openssl[static-libs(+)] - >=sys-libs/zlib-1.2.3[static-libs(+)] - tcpd? ( >=sys-apps/tcp-wrappers-7.6[static-libs(+)] )" -RDEPEND="!static? ( ${LIB_DEPEND//\[static-libs(+)]} ) - pam? ( virtual/pam ) - kerberos? ( virtual/krb5 ) - ldap? ( net-nds/openldap )" -DEPEND="${RDEPEND} - static? ( ${LIB_DEPEND} ) - virtual/pkgconfig - virtual/os-headers - sys-devel/autoconf" -RDEPEND="${RDEPEND} - pam? ( >=sys-auth/pambase-20081028 ) - userland_GNU? ( virtual/shadow ) - X? ( x11-apps/xauth )" - -S=${WORKDIR}/${PARCH} - -pkg_setup() { - # this sucks, but i'd rather have people unable to `emerge -u openssh` - # than not be able to log in to their server any more - maybe_fail() { [[ -z ${!2} ]] && echo ${1} ; } - local fail=" - $(use X509 && maybe_fail X509 X509_PATCH) - $(use ldap && maybe_fail ldap LDAP_PATCH) - $(use hpn && maybe_fail hpn HPN_PATCH) - " - fail=$(echo ${fail}) - if [[ -n ${fail} ]] ; then - eerror "Sorry, but this version does not yet support features" - eerror "that you requested: ${fail}" - eerror "Please mask ${PF} for now and check back later:" - eerror " # echo '=${CATEGORY}/${PF}' >> /etc/portage/package.mask" - die "booooo" - fi -} - -save_version() { - # version.h patch conflict avoidence - mv version.h version.h.$1 - cp -f version.h.pristine version.h -} - -src_prepare() { - sed -i \ - -e '/_PATH_XAUTH/s:/usr/X11R6/bin/xauth:/usr/bin/xauth:' \ - pathnames.h || die - # keep this as we need it to avoid the conflict between LPK and HPN changing - # this file. - cp version.h version.h.pristine - - # don't break .ssh/authorized_keys2 for fun - sed -i '/^AuthorizedKeysFile/s:^:#:' sshd_config || die - - epatch "${FILESDIR}"/${PN}-5.9_p1-sshd-gssapi-multihomed.patch #378361 - if use X509 ; then - pushd .. >/dev/null - epatch "${FILESDIR}"/${PN}-6.1_p1-x509-glue.patch - popd >/dev/null - epatch "${WORKDIR}"/${X509_PATCH%.*} - epatch "${FILESDIR}"/${PN}-6.1_p1-x509-hpn-glue.patch - save_version X509 - fi - if ! use X509 ; then - if [[ -n ${LDAP_PATCH} ]] && use ldap ; then - epatch "${WORKDIR}"/${LDAP_PATCH%.*} - save_version LPK - fi - else - use ldap && ewarn "Sorry, X509 and LDAP conflict internally, disabling LDAP" - fi - epatch "${FILESDIR}"/${PN}-6.0_p1-fix-freebsd-compilation.patch #391011 - epatch "${FILESDIR}"/${PN}-4.7_p1-GSSAPI-dns.patch #165444 integrated into gsskex - if [[ -n ${HPN_PATCH} ]] && use hpn; then - epatch "${WORKDIR}"/${HPN_PATCH%.*} - epatch "${FILESDIR}"/${PN}-5.6_p1-hpn-progressmeter.patch - save_version HPN - # The AES-CTR multithreaded variant is broken, and causes random hangs - # when combined background threading and control sockets. To avoid - # this, we change the internal table to use the non-multithread version - # for the meantime. Do NOT remove this in new versions. See bug #354113 - # comment #6 for testcase. - # Upstream reference: http://www.psc.edu/networking/projects/hpn-ssh/ - ## Additionally, the MT-AES-CTR mode cipher replaces the default ST-AES-CTR mode - ## cipher. Be aware that if the client process is forked using the -f command line - ## option the process will hang as the parent thread gets 'divorced' from the key - ## generation threads. This issue will be resolved as soon as possible - sed -i \ - -e '/aes...-ctr.*SSH_CIPHER_SSH2/s,evp_aes_ctr_mt,evp_aes_128_ctr,' \ - cipher.c || die - fi - - tc-export PKG_CONFIG - sed -i "s:-lcrypto:$(${PKG_CONFIG} --libs openssl):" configure{,.ac} || die - - # Disable PATH reset, trust what portage gives us. bug 254615 - sed -i -e 's:^PATH=/:#PATH=/:' configure || die - - # Now we can build a sane merged version.h - ( - sed '/^#define SSH_RELEASE/d' version.h.* | sort -u - macros=() - for p in HPN LPK X509 ; do [ -e version.h.${p} ] && macros+=( SSH_${p} ) ; done - printf '#define SSH_RELEASE SSH_VERSION SSH_PORTABLE %s\n' "${macros}" - ) > version.h - - eautoreconf -} - -static_use_with() { - local flag=$1 - if use static && use ${flag} ; then - ewarn "Disabling '${flag}' support because of USE='static'" - # rebuild args so that we invert the first one (USE flag) - # but otherwise leave everything else working so we can - # just leverage use_with - shift - [[ -z $1 ]] && flag="${flag} ${flag}" - set -- !${flag} "$@" - fi - use_with "$@" -} - -src_configure() { - addwrite /dev/ptmx - addpredict /etc/skey/skeykeys #skey configure code triggers this - - use static && append-ldflags -static - - econf \ - --with-ldflags="${LDFLAGS}" \ - --disable-strip \ - --with-pid-dir=/var/run \ - --sysconfdir=/etc/ssh \ - --libexecdir=/usr/$(get_libdir)/misc \ - --datadir=/usr/share/openssh \ - --with-privsep-path=/var/empty \ - --with-privsep-user=sshd \ - --with-md5-passwords \ - --with-ssl-engine \ - $(static_use_with pam) \ - $(static_use_with kerberos kerberos5 /usr) \ - ${LDAP_PATCH:+$(use X509 || ( use ldap && use_with ldap ))} \ - $(use_with libedit) \ - $(use_with selinux) \ - $(use_with skey) \ - $(use_with tcpd tcp-wrappers) -} - -src_install() { - emake install-nokeys DESTDIR="${D}" - fperms 600 /etc/ssh/sshd_config - dobin contrib/ssh-copy-id - newinitd "${FILESDIR}"/sshd.rc6.3 sshd - newconfd "${FILESDIR}"/sshd.confd sshd - keepdir /var/empty - - # not all openssl installs support ecc, or are functional #352645 - if ! grep -q '#define OPENSSL_HAS_ECC 1' config.h ; then - elog "dev-libs/openssl was built with 'bindist' - disabling ecdsa support" - sed -i 's:&& gen_key ecdsa::' "${ED}"/etc/init.d/sshd || die - fi - - newpamd "${FILESDIR}"/sshd.pam_include.2 sshd - if use pam ; then - sed -i \ - -e "/^#UsePAM /s:.*:UsePAM yes:" \ - -e "/^#PasswordAuthentication /s:.*:PasswordAuthentication no:" \ - -e "/^#PrintMotd /s:.*:PrintMotd no:" \ - -e "/^#PrintLastLog /s:.*:PrintLastLog no:" \ - "${ED}"/etc/ssh/sshd_config || die "sed of configuration file failed" - fi - - # Gentoo tweaks to default config files - cat <<-EOF >> "${ED}"/etc/ssh/sshd_config - - # Allow client to pass locale environment variables #367017 - AcceptEnv LANG LC_* - EOF - cat <<-EOF >> "${ED}"/etc/ssh/ssh_config - - # Send locale environment variables #367017 - SendEnv LANG LC_* - EOF - - # This instruction is from the HPN webpage, - # Used for the server logging functionality - if [[ -n ${HPN_PATCH} ]] && use hpn ; then - keepdir /var/empty/dev - fi - - if use ldap ; then - insinto /etc/openldap/schema/ - newins openssh-lpk_openldap.schema openssh-lpk.schema - fi - - doman contrib/ssh-copy-id.1 - dodoc ChangeLog CREDITS OVERVIEW README* TODO sshd_config - - diropts -m 0700 - dodir /etc/skel/.ssh - - systemd_dounit "${FILESDIR}"/sshd.{service,socket} - systemd_newunit "${FILESDIR}"/sshd_at.service 'sshd@.service' -} - -src_test() { - local t tests skipped failed passed shell - tests="interop-tests compat-tests" - skipped="" - shell=$(egetshell ${UID}) - if [[ ${shell} == */nologin ]] || [[ ${shell} == */false ]] ; then - elog "Running the full OpenSSH testsuite" - elog "requires a usable shell for the 'portage'" - elog "user, so we will run a subset only." - skipped="${skipped} tests" - else - tests="${tests} tests" - fi - # It will also attempt to write to the homedir .ssh - local sshhome=${T}/homedir - mkdir -p "${sshhome}"/.ssh - for t in ${tests} ; do - # Some tests read from stdin ... - HOMEDIR="${sshhome}" \ - emake -k -j1 ${t} </dev/null \ - && passed="${passed}${t} " \ - || failed="${failed}${t} " - done - einfo "Passed tests: ${passed}" - ewarn "Skipped tests: ${skipped}" - if [[ -n ${failed} ]] ; then - ewarn "Failed tests: ${failed}" - die "Some tests failed: ${failed}" - else - einfo "Failed tests: ${failed}" - return 0 - fi -} - -pkg_preinst() { - enewgroup sshd 22 - enewuser sshd 22 -1 /var/empty sshd -} - -pkg_postinst() { - if has_version "<${CATEGORY}/${PN}-5.8_p1" ; then - elog "Starting with openssh-5.8p1, the server will default to a newer key" - elog "algorithm (ECDSA). You are encouraged to manually update your stored" - elog "keys list as servers update theirs. See ssh-keyscan(1) for more info." - fi - ewarn "Remember to merge your config files in /etc/ssh/ and then" - ewarn "reload sshd: '/etc/init.d/sshd reload'." - # This instruction is from the HPN webpage, - # Used for the server logging functionality - if [[ -n ${HPN_PATCH} ]] && use hpn ; then - echo - einfo "For the HPN server logging patch, you must ensure that" - einfo "your syslog application also listens at /var/empty/dev/log." - fi -} diff --git a/net-misc/openssh/openssh-6.2_p2-r1.ebuild b/net-misc/openssh/openssh-6.2_p2-r1.ebuild deleted file mode 100644 index 074a3b79e3a0..000000000000 --- a/net-misc/openssh/openssh-6.2_p2-r1.ebuild +++ /dev/null @@ -1,321 +0,0 @@ -# Copyright 1999-2013 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/openssh-6.2_p2-r1.ebuild,v 1.1 2013/06/27 08:54:02 radhermit Exp $ - -EAPI="4" -inherit eutils user flag-o-matic multilib autotools pam systemd versionator - -# Make it more portable between straight releases -# and _p? releases. -PARCH=${P/_} - -HPN_PATCH="${PARCH}-hpn13v14.diff.bz2" -LDAP_PATCH="${PARCH/-/-lpk-}-0.3.14.patch.gz" -X509_VER="7.5" X509_PATCH="${PARCH}+x509-${X509_VER}.diff.gz" - -DESCRIPTION="Port of OpenBSD's free SSH release" -HOMEPAGE="http://www.openssh.org/" -SRC_URI="mirror://openbsd/OpenSSH/portable/${PARCH}.tar.gz - ${HPN_PATCH:+hpn? ( mirror://gentoo/${HPN_PATCH} )} - ${LDAP_PATCH:+ldap? ( mirror://gentoo/${LDAP_PATCH} )} - ${X509_PATCH:+X509? ( http://roumenpetrov.info/openssh/x509-${X509_VER}/${X509_PATCH} )} - " - -LICENSE="BSD GPL-2" -SLOT="0" -#KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux" -IUSE="bindist ${HPN_PATCH:++}hpn kerberos ldap ldns libedit pam selinux skey static tcpd X X509" - -LIB_DEPEND="selinux? ( >=sys-libs/libselinux-1.28[static-libs(+)] ) - skey? ( >=sys-auth/skey-1.1.5-r1[static-libs(+)] ) - libedit? ( dev-libs/libedit[static-libs(+)] ) - >=dev-libs/openssl-0.9.6d:0[bindist=] - dev-libs/openssl[static-libs(+)] - >=sys-libs/zlib-1.2.3[static-libs(+)] - tcpd? ( >=sys-apps/tcp-wrappers-7.6[static-libs(+)] )" -RDEPEND=" - !static? ( - ${LIB_DEPEND//\[static-libs(+)]} - ldns? ( - !bindist? ( net-libs/ldns[ecdsa,ssl] ) - bindist? ( net-libs/ldns[-ecdsa,ssl] ) - ) - ) - pam? ( virtual/pam ) - kerberos? ( virtual/krb5 ) - ldap? ( net-nds/openldap )" -DEPEND="${RDEPEND} - static? ( - ${LIB_DEPEND} - ldns? ( - !bindist? ( net-libs/ldns[ecdsa,ssl,static-libs(+)] ) - bindist? ( net-libs/ldns[-ecdsa,ssl,static-libs(+)] ) - ) - ) - virtual/pkgconfig - virtual/os-headers - sys-devel/autoconf" -RDEPEND="${RDEPEND} - pam? ( >=sys-auth/pambase-20081028 ) - userland_GNU? ( virtual/shadow ) - X? ( x11-apps/xauth )" - -S=${WORKDIR}/${PARCH} - -pkg_setup() { - # this sucks, but i'd rather have people unable to `emerge -u openssh` - # than not be able to log in to their server any more - maybe_fail() { [[ -z ${!2} ]] && echo "$1" ; } - local fail=" - $(use X509 && maybe_fail X509 X509_PATCH) - $(use ldap && maybe_fail ldap LDAP_PATCH) - $(use hpn && maybe_fail hpn HPN_PATCH) - " - fail=$(echo ${fail}) - if [[ -n ${fail} ]] ; then - eerror "Sorry, but this version does not yet support features" - eerror "that you requested: ${fail}" - eerror "Please mask ${PF} for now and check back later:" - eerror " # echo '=${CATEGORY}/${PF}' >> /etc/portage/package.mask" - die "booooo" - fi -} - -save_version() { - # version.h patch conflict avoidence - mv version.h version.h.$1 - cp -f version.h.pristine version.h -} - -src_prepare() { - sed -i \ - -e '/_PATH_XAUTH/s:/usr/X11R6/bin/xauth:${EPREFIX}/usr/bin/xauth:' \ - pathnames.h || die - # keep this as we need it to avoid the conflict between LPK and HPN changing - # this file. - cp version.h version.h.pristine - - # don't break .ssh/authorized_keys2 for fun - sed -i '/^AuthorizedKeysFile/s:^:#:' sshd_config || die - - epatch "${FILESDIR}"/${PN}-5.9_p1-sshd-gssapi-multihomed.patch #378361 - if use X509 ; then - pushd .. >/dev/null - epatch "${FILESDIR}"/${PN}-6.2_p2-x509-glue.patch - popd >/dev/null - epatch "${WORKDIR}"/${X509_PATCH%.*} - epatch "${FILESDIR}"/${PN}-6.2_p2-x509-hpn-glue.patch - save_version X509 - fi - if ! use X509 ; then - if [[ -n ${LDAP_PATCH} ]] && use ldap ; then - epatch "${WORKDIR}"/${LDAP_PATCH%.*} - save_version LPK - fi - else - use ldap && ewarn "Sorry, X509 and LDAP conflict internally, disabling LDAP" - fi - epatch "${FILESDIR}"/${PN}-4.7_p1-GSSAPI-dns.patch #165444 integrated into gsskex - if [[ -n ${HPN_PATCH} ]] && use hpn; then - epatch "${WORKDIR}"/${HPN_PATCH%.*} - epatch "${FILESDIR}"/${PN}-6.0_p1-hpn-progressmeter.patch - save_version HPN - # The AES-CTR multithreaded variant is broken, and causes random hangs - # when combined background threading and control sockets. To avoid - # this, we change the internal table to use the non-multithread version - # for the meantime. Do NOT remove this in new versions. See bug #354113 - # comment #6 for testcase. - # Upstream reference: http://www.psc.edu/networking/projects/hpn-ssh/ - ## Additionally, the MT-AES-CTR mode cipher replaces the default ST-AES-CTR mode - ## cipher. Be aware that if the client process is forked using the -f command line - ## option the process will hang as the parent thread gets 'divorced' from the key - ## generation threads. This issue will be resolved as soon as possible - sed -i -r \ - -e 's:(aes(...)-ctr.*SSH_CIPHER_SSH2.*)evp_aes_ctr_mt:\1EVP_aes_\2_ctr:' \ - cipher.c || die - fi - - tc-export PKG_CONFIG - local sed_args=( - -e "s:-lcrypto:$(${PKG_CONFIG} --libs openssl):" - # Disable PATH reset, trust what portage gives us #254615 - -e 's:^PATH=/:#PATH=/:' - # Disable fortify flags ... our gcc does this for us - -e 's:-D_FORTIFY_SOURCE=2::' - ) - sed -i "${sed_args[@]}" configure{,.ac} || die - - epatch_user #473004 - - # Now we can build a sane merged version.h - ( - sed '/^#define SSH_RELEASE/d' version.h.* | sort -u - macros=() - for p in HPN LPK X509 ; do [ -e version.h.${p} ] && macros+=( SSH_${p} ) ; done - printf '#define SSH_RELEASE SSH_VERSION SSH_PORTABLE %s\n' "${macros}" - ) > version.h - - eautoreconf -} - -static_use_with() { - local flag=$1 - if use static && use ${flag} ; then - ewarn "Disabling '${flag}' support because of USE='static'" - # rebuild args so that we invert the first one (USE flag) - # but otherwise leave everything else working so we can - # just leverage use_with - shift - [[ -z $1 ]] && flag="${flag} ${flag}" - set -- !${flag} "$@" - fi - use_with "$@" -} - -src_configure() { - local myconf - addwrite /dev/ptmx - addpredict /etc/skey/skeykeys #skey configure code triggers this - - use static && append-ldflags -static - - # Special settings for Gentoo/FreeBSD 9.0 or later (see bug #391011) - if use elibc_FreeBSD && version_is_at_least 9.0 "$(uname -r|sed 's/\(.\..\).*/\1/')" ; then - myconf="${myconf} --disable-utmp --disable-wtmp --disable-wtmpx" - append-ldflags -lutil - fi - - econf \ - --with-ldflags="${LDFLAGS}" \ - --disable-strip \ - --with-pid-dir="${EPREFIX}"/var/run \ - --sysconfdir="${EPREFIX}"/etc/ssh \ - --libexecdir="${EPREFIX}"/usr/$(get_libdir)/misc \ - --datadir="${EPREFIX}"/usr/share/openssh \ - --with-privsep-path="${EPREFIX}"/var/empty \ - --with-privsep-user=sshd \ - --with-md5-passwords \ - --with-ssl-engine \ - $(static_use_with pam) \ - $(static_use_with kerberos kerberos5 /usr) \ - ${LDAP_PATCH:+$(use X509 || ( use ldap && use_with ldap ))} \ - $(use_with ldns) \ - $(use_with libedit) \ - $(use_with selinux) \ - $(use_with skey) \ - $(use_with tcpd tcp-wrappers) \ - ${myconf} -} - -src_install() { - emake install-nokeys DESTDIR="${D}" - fperms 600 /etc/ssh/sshd_config - dobin contrib/ssh-copy-id - newinitd "${FILESDIR}"/sshd.rc6.4 sshd - newconfd "${FILESDIR}"/sshd.confd sshd - keepdir /var/empty - - # not all openssl installs support ecc, or are functional #352645 - if ! grep -q '#define OPENSSL_HAS_ECC 1' config.h ; then - elog "dev-libs/openssl was built with 'bindist' - disabling ecdsa support" - sed -i 's:&& gen_key ecdsa::' "${ED}"/etc/init.d/sshd || die - fi - - newpamd "${FILESDIR}"/sshd.pam_include.2 sshd - if use pam ; then - sed -i \ - -e "/^#UsePAM /s:.*:UsePAM yes:" \ - -e "/^#PasswordAuthentication /s:.*:PasswordAuthentication no:" \ - -e "/^#PrintMotd /s:.*:PrintMotd no:" \ - -e "/^#PrintLastLog /s:.*:PrintLastLog no:" \ - "${ED}"/etc/ssh/sshd_config || die "sed of configuration file failed" - fi - - # Gentoo tweaks to default config files - cat <<-EOF >> "${ED}"/etc/ssh/sshd_config - - # Allow client to pass locale environment variables #367017 - AcceptEnv LANG LC_* - EOF - cat <<-EOF >> "${ED}"/etc/ssh/ssh_config - - # Send locale environment variables #367017 - SendEnv LANG LC_* - EOF - - # This instruction is from the HPN webpage, - # Used for the server logging functionality - if [[ -n ${HPN_PATCH} ]] && use hpn ; then - keepdir /var/empty/dev - fi - - if use ldap ; then - insinto /etc/openldap/schema/ - newins openssh-lpk_openldap.schema openssh-lpk.schema - fi - - doman contrib/ssh-copy-id.1 - dodoc ChangeLog CREDITS OVERVIEW README* TODO sshd_config - - diropts -m 0700 - dodir /etc/skel/.ssh - - systemd_dounit "${FILESDIR}"/sshd.{service,socket} - systemd_newunit "${FILESDIR}"/sshd_at.service 'sshd@.service' -} - -src_test() { - local t tests skipped failed passed shell - tests="interop-tests compat-tests" - skipped="" - shell=$(egetshell ${UID}) - if [[ ${shell} == */nologin ]] || [[ ${shell} == */false ]] ; then - elog "Running the full OpenSSH testsuite" - elog "requires a usable shell for the 'portage'" - elog "user, so we will run a subset only." - skipped="${skipped} tests" - else - tests="${tests} tests" - fi - # It will also attempt to write to the homedir .ssh - local sshhome=${T}/homedir - mkdir -p "${sshhome}"/.ssh - for t in ${tests} ; do - # Some tests read from stdin ... - HOMEDIR="${sshhome}" \ - emake -k -j1 ${t} </dev/null \ - && passed="${passed}${t} " \ - || failed="${failed}${t} " - done - einfo "Passed tests: ${passed}" - ewarn "Skipped tests: ${skipped}" - if [[ -n ${failed} ]] ; then - ewarn "Failed tests: ${failed}" - die "Some tests failed: ${failed}" - else - einfo "Failed tests: ${failed}" - return 0 - fi -} - -pkg_preinst() { - enewgroup sshd 22 - enewuser sshd 22 -1 /var/empty sshd -} - -pkg_postinst() { - if has_version "<${CATEGORY}/${PN}-5.8_p1" ; then - elog "Starting with openssh-5.8p1, the server will default to a newer key" - elog "algorithm (ECDSA). You are encouraged to manually update your stored" - elog "keys list as servers update theirs. See ssh-keyscan(1) for more info." - fi - ewarn "Remember to merge your config files in /etc/ssh/ and then" - ewarn "reload sshd: '/etc/init.d/sshd reload'." - # This instruction is from the HPN webpage, - # Used for the server logging functionality - if [[ -n ${HPN_PATCH} ]] && use hpn ; then - echo - einfo "For the HPN server logging patch, you must ensure that" - einfo "your syslog application also listens at /var/empty/dev/log." - fi -} diff --git a/net-misc/openssh/openssh-6.2_p2.ebuild b/net-misc/openssh/openssh-6.2_p2.ebuild deleted file mode 100644 index 70186f6847b1..000000000000 --- a/net-misc/openssh/openssh-6.2_p2.ebuild +++ /dev/null @@ -1,321 +0,0 @@ -# Copyright 1999-2013 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/openssh-6.2_p2.ebuild,v 1.1 2013/06/24 16:48:35 vapier Exp $ - -EAPI="4" -inherit eutils user flag-o-matic multilib autotools pam systemd versionator - -# Make it more portable between straight releases -# and _p? releases. -PARCH=${P/_} - -#HPN_PATCH="${PARCH/6.2/6.1}-hpn13v14.diff.bz2" -#LDAP_PATCH="${PARCH/-/-lpk-}-0.3.14.patch.gz" -X509_VER="7.5" X509_PATCH="${PARCH}+x509-${X509_VER}.diff.gz" - -DESCRIPTION="Port of OpenBSD's free SSH release" -HOMEPAGE="http://www.openssh.org/" -SRC_URI="mirror://openbsd/OpenSSH/portable/${PARCH}.tar.gz - ${HPN_PATCH:+hpn? ( mirror://gentoo/${HPN_PATCH} )} - ${LDAP_PATCH:+ldap? ( mirror://gentoo/${LDAP_PATCH} )} - ${X509_PATCH:+X509? ( http://roumenpetrov.info/openssh/x509-${X509_VER}/${X509_PATCH} )} - " - -LICENSE="BSD GPL-2" -SLOT="0" -KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux" -IUSE="bindist ${HPN_PATCH:++}hpn kerberos ldap ldns libedit pam selinux skey static tcpd X X509" - -LIB_DEPEND="selinux? ( >=sys-libs/libselinux-1.28[static-libs(+)] ) - skey? ( >=sys-auth/skey-1.1.5-r1[static-libs(+)] ) - libedit? ( dev-libs/libedit[static-libs(+)] ) - >=dev-libs/openssl-0.9.6d:0[bindist=] - dev-libs/openssl[static-libs(+)] - >=sys-libs/zlib-1.2.3[static-libs(+)] - tcpd? ( >=sys-apps/tcp-wrappers-7.6[static-libs(+)] )" -RDEPEND=" - !static? ( - ${LIB_DEPEND//\[static-libs(+)]} - ldns? ( - !bindist? ( net-libs/ldns[ecdsa,ssl] ) - bindist? ( net-libs/ldns[-ecdsa,ssl] ) - ) - ) - pam? ( virtual/pam ) - kerberos? ( virtual/krb5 ) - ldap? ( net-nds/openldap )" -DEPEND="${RDEPEND} - static? ( - ${LIB_DEPEND} - ldns? ( - !bindist? ( net-libs/ldns[ecdsa,ssl,static-libs(+)] ) - bindist? ( net-libs/ldns[-ecdsa,ssl,static-libs(+)] ) - ) - ) - virtual/pkgconfig - virtual/os-headers - sys-devel/autoconf" -RDEPEND="${RDEPEND} - pam? ( >=sys-auth/pambase-20081028 ) - userland_GNU? ( virtual/shadow ) - X? ( x11-apps/xauth )" - -S=${WORKDIR}/${PARCH} - -pkg_setup() { - # this sucks, but i'd rather have people unable to `emerge -u openssh` - # than not be able to log in to their server any more - maybe_fail() { [[ -z ${!2} ]] && echo "$1" ; } - local fail=" - $(use X509 && maybe_fail X509 X509_PATCH) - $(use ldap && maybe_fail ldap LDAP_PATCH) - $(use hpn && maybe_fail hpn HPN_PATCH) - " - fail=$(echo ${fail}) - if [[ -n ${fail} ]] ; then - eerror "Sorry, but this version does not yet support features" - eerror "that you requested: ${fail}" - eerror "Please mask ${PF} for now and check back later:" - eerror " # echo '=${CATEGORY}/${PF}' >> /etc/portage/package.mask" - die "booooo" - fi -} - -save_version() { - # version.h patch conflict avoidence - mv version.h version.h.$1 - cp -f version.h.pristine version.h -} - -src_prepare() { - sed -i \ - -e '/_PATH_XAUTH/s:/usr/X11R6/bin/xauth:${EPREFIX}/usr/bin/xauth:' \ - pathnames.h || die - # keep this as we need it to avoid the conflict between LPK and HPN changing - # this file. - cp version.h version.h.pristine - - # don't break .ssh/authorized_keys2 for fun - sed -i '/^AuthorizedKeysFile/s:^:#:' sshd_config || die - - epatch "${FILESDIR}"/${PN}-5.9_p1-sshd-gssapi-multihomed.patch #378361 - if use X509 ; then - pushd .. >/dev/null - epatch "${FILESDIR}"/${PN}-6.2_p2-x509-glue.patch - popd >/dev/null - epatch "${WORKDIR}"/${X509_PATCH%.*} - epatch "${FILESDIR}"/${PN}-6.2_p2-x509-hpn-glue.patch - save_version X509 - fi - if ! use X509 ; then - if [[ -n ${LDAP_PATCH} ]] && use ldap ; then - epatch "${WORKDIR}"/${LDAP_PATCH%.*} - save_version LPK - fi - else - use ldap && ewarn "Sorry, X509 and LDAP conflict internally, disabling LDAP" - fi - epatch "${FILESDIR}"/${PN}-4.7_p1-GSSAPI-dns.patch #165444 integrated into gsskex - if [[ -n ${HPN_PATCH} ]] && use hpn; then - epatch "${WORKDIR}"/${HPN_PATCH%.*} - epatch "${FILESDIR}"/${PN}-6.0_p1-hpn-progressmeter.patch - save_version HPN - # The AES-CTR multithreaded variant is broken, and causes random hangs - # when combined background threading and control sockets. To avoid - # this, we change the internal table to use the non-multithread version - # for the meantime. Do NOT remove this in new versions. See bug #354113 - # comment #6 for testcase. - # Upstream reference: http://www.psc.edu/networking/projects/hpn-ssh/ - ## Additionally, the MT-AES-CTR mode cipher replaces the default ST-AES-CTR mode - ## cipher. Be aware that if the client process is forked using the -f command line - ## option the process will hang as the parent thread gets 'divorced' from the key - ## generation threads. This issue will be resolved as soon as possible - sed -i -r \ - -e 's:(aes(...)-ctr.*SSH_CIPHER_SSH2.*)evp_aes_ctr_mt:\1EVP_aes_\2_ctr:' \ - cipher.c || die - fi - - tc-export PKG_CONFIG - local sed_args=( - -e "s:-lcrypto:$(${PKG_CONFIG} --libs openssl):" - # Disable PATH reset, trust what portage gives us #254615 - -e 's:^PATH=/:#PATH=/:' - # Disable fortify flags ... our gcc does this for us - -e 's:-D_FORTIFY_SOURCE=2::' - ) - sed -i "${sed_args[@]}" configure{,.ac} || die - - epatch_user #473004 - - # Now we can build a sane merged version.h - ( - sed '/^#define SSH_RELEASE/d' version.h.* | sort -u - macros=() - for p in HPN LPK X509 ; do [ -e version.h.${p} ] && macros+=( SSH_${p} ) ; done - printf '#define SSH_RELEASE SSH_VERSION SSH_PORTABLE %s\n' "${macros}" - ) > version.h - - eautoreconf -} - -static_use_with() { - local flag=$1 - if use static && use ${flag} ; then - ewarn "Disabling '${flag}' support because of USE='static'" - # rebuild args so that we invert the first one (USE flag) - # but otherwise leave everything else working so we can - # just leverage use_with - shift - [[ -z $1 ]] && flag="${flag} ${flag}" - set -- !${flag} "$@" - fi - use_with "$@" -} - -src_configure() { - local myconf - addwrite /dev/ptmx - addpredict /etc/skey/skeykeys #skey configure code triggers this - - use static && append-ldflags -static - - # Special settings for Gentoo/FreeBSD 9.0 or later (see bug #391011) - if use elibc_FreeBSD && version_is_at_least 9.0 "$(uname -r|sed 's/\(.\..\).*/\1/')" ; then - myconf="${myconf} --disable-utmp --disable-wtmp --disable-wtmpx" - append-ldflags -lutil - fi - - econf \ - --with-ldflags="${LDFLAGS}" \ - --disable-strip \ - --with-pid-dir="${EPREFIX}"/var/run \ - --sysconfdir="${EPREFIX}"/etc/ssh \ - --libexecdir="${EPREFIX}"/usr/$(get_libdir)/misc \ - --datadir="${EPREFIX}"/usr/share/openssh \ - --with-privsep-path="${EPREFIX}"/var/empty \ - --with-privsep-user=sshd \ - --with-md5-passwords \ - --with-ssl-engine \ - $(static_use_with pam) \ - $(static_use_with kerberos kerberos5 /usr) \ - ${LDAP_PATCH:+$(use X509 || ( use ldap && use_with ldap ))} \ - $(use_with ldns) \ - $(use_with libedit) \ - $(use_with selinux) \ - $(use_with skey) \ - $(use_with tcpd tcp-wrappers) \ - ${myconf} -} - -src_install() { - emake install-nokeys DESTDIR="${D}" - fperms 600 /etc/ssh/sshd_config - dobin contrib/ssh-copy-id - newinitd "${FILESDIR}"/sshd.rc6.4 sshd - newconfd "${FILESDIR}"/sshd.confd sshd - keepdir /var/empty - - # not all openssl installs support ecc, or are functional #352645 - if ! grep -q '#define OPENSSL_HAS_ECC 1' config.h ; then - elog "dev-libs/openssl was built with 'bindist' - disabling ecdsa support" - sed -i 's:&& gen_key ecdsa::' "${ED}"/etc/init.d/sshd || die - fi - - newpamd "${FILESDIR}"/sshd.pam_include.2 sshd - if use pam ; then - sed -i \ - -e "/^#UsePAM /s:.*:UsePAM yes:" \ - -e "/^#PasswordAuthentication /s:.*:PasswordAuthentication no:" \ - -e "/^#PrintMotd /s:.*:PrintMotd no:" \ - -e "/^#PrintLastLog /s:.*:PrintLastLog no:" \ - "${ED}"/etc/ssh/sshd_config || die "sed of configuration file failed" - fi - - # Gentoo tweaks to default config files - cat <<-EOF >> "${ED}"/etc/ssh/sshd_config - - # Allow client to pass locale environment variables #367017 - AcceptEnv LANG LC_* - EOF - cat <<-EOF >> "${ED}"/etc/ssh/ssh_config - - # Send locale environment variables #367017 - SendEnv LANG LC_* - EOF - - # This instruction is from the HPN webpage, - # Used for the server logging functionality - if [[ -n ${HPN_PATCH} ]] && use hpn ; then - keepdir /var/empty/dev - fi - - if use ldap ; then - insinto /etc/openldap/schema/ - newins openssh-lpk_openldap.schema openssh-lpk.schema - fi - - doman contrib/ssh-copy-id.1 - dodoc ChangeLog CREDITS OVERVIEW README* TODO sshd_config - - diropts -m 0700 - dodir /etc/skel/.ssh - - systemd_dounit "${FILESDIR}"/sshd.{service,socket} - systemd_newunit "${FILESDIR}"/sshd_at.service 'sshd@.service' -} - -src_test() { - local t tests skipped failed passed shell - tests="interop-tests compat-tests" - skipped="" - shell=$(egetshell ${UID}) - if [[ ${shell} == */nologin ]] || [[ ${shell} == */false ]] ; then - elog "Running the full OpenSSH testsuite" - elog "requires a usable shell for the 'portage'" - elog "user, so we will run a subset only." - skipped="${skipped} tests" - else - tests="${tests} tests" - fi - # It will also attempt to write to the homedir .ssh - local sshhome=${T}/homedir - mkdir -p "${sshhome}"/.ssh - for t in ${tests} ; do - # Some tests read from stdin ... - HOMEDIR="${sshhome}" \ - emake -k -j1 ${t} </dev/null \ - && passed="${passed}${t} " \ - || failed="${failed}${t} " - done - einfo "Passed tests: ${passed}" - ewarn "Skipped tests: ${skipped}" - if [[ -n ${failed} ]] ; then - ewarn "Failed tests: ${failed}" - die "Some tests failed: ${failed}" - else - einfo "Failed tests: ${failed}" - return 0 - fi -} - -pkg_preinst() { - enewgroup sshd 22 - enewuser sshd 22 -1 /var/empty sshd -} - -pkg_postinst() { - if has_version "<${CATEGORY}/${PN}-5.8_p1" ; then - elog "Starting with openssh-5.8p1, the server will default to a newer key" - elog "algorithm (ECDSA). You are encouraged to manually update your stored" - elog "keys list as servers update theirs. See ssh-keyscan(1) for more info." - fi - ewarn "Remember to merge your config files in /etc/ssh/ and then" - ewarn "reload sshd: '/etc/init.d/sshd reload'." - # This instruction is from the HPN webpage, - # Used for the server logging functionality - if [[ -n ${HPN_PATCH} ]] && use hpn ; then - echo - einfo "For the HPN server logging patch, you must ensure that" - einfo "your syslog application also listens at /var/empty/dev/log." - fi -} |