# New ports collection makefile for: ssh # Date created: 30 Jul 1995 # Whom: torstenb@FreeBSD.org # # $FreeBSD$ # # Maximal ssh package requires YES values for # WITH_PERL, WITH_TCPWRAP # PORTNAME= ssh PORTVERSION= 1.2.27 CATEGORIES= security ipv6 MASTER_SITES= ftp://ftp.cs.hut.fi/pub/ssh/ \ ftp://ftp.bitcon.no/.4/console/system/ \ ftp://ftp.kddlabs.co.jp/.0/security/Crypto/SSH/ \ ftp://ftp.vision.net.au/ftp7/linuxberg/files/console/system/ \ ftp://ftp.comp.hkbu.edu.hk/.6/unix/ \ ftp://ftp.du.se/disk1/mirrors/ssh/ MAINTAINER= kris@FreeBSD.org .if defined(USA_RESIDENT) && ${USA_RESIDENT} == YES CONFIGURE_ARGS+= --with-rsaref LIB_DEPENDS+= rsaref.2:${PORTSDIR}/security/rsaref BUILD_DEPENDS+= /nonexistent:${PORTSDIR}/security/rsaref:extract .endif RESTRICTED= "Crypto: export-controlled" USE_AUTOCONF= YES GNU_CONFIGURE= YES USE_PERL5= YES CONFIGURE_ENV+= PERL=${PERL5} CONFIGURE_ARGS+= --with-etcdir=${PREFIX}/etc # Uncomment if all your users are in their own group and their homedir # is writeable by that group. Beware the security implications! # #CONFIGURE_ARGS+= --enable-group-writeability # Uncomment if you want to allow ssh to emulate an unencrypted rsh connection # over a secure medium (i.e. allow SSH connections without encryption). # This is normally dangerous since it can lead to the disclosure of keys # and passwords. # #CONFIGURE_ARGS+= --with-none .if defined(KRB5_HOME) && exists(${KRB5_HOME}) CONFIGURE_ARGS+=--with-kerberos5=${KRB5_HOME} --enable-kerberos-tgt-passing \ --disable-suid-ssh .endif # Include support for the SecureID card # Warning: untested ! # .if defined(WITH_SECUREID) CONFIGURE_ARGS+= --with-secureid .endif # Don't use IDEA. IDEA can be freely used for non-commercial use. However, # commercial use may require a licence in a number of countries. Since SSH # itself may not be used for commercial purposes without a license, we # enable IDEA by default since the user would already be getting himself # into trouble. # .if defined(WITHOUT_IDEA) CONFIGURE_ARGS+= --without-idea .endif MAN1= scp1.1 ssh-add1.1 ssh-agent1.1 ssh-keygen1.1 ssh1.1 \ make-ssh-known-hosts1.1 MAN8= sshd1.8 MLINKS= make-ssh-known-hosts1.1 make-ssh-known-hosts.1 \ scp1.1 scp.1 \ ssh-add1.1 ssh-add.1 \ ssh-agent1.1 ssh-agent.1 \ ssh-keygen1.1 ssh-keygen.1 \ ssh1.1 ssh.1 \ ssh.1 slogin.1 \ ssh1.1 slogin1.1 \ sshd1.8 sshd.8 pre-patch: @${MV} -f ${WRKSRC}/make-ssh-known-hosts.pl \ ${WRKSRC}/make-ssh-known-hosts.pl.in fetch-depends: .if !defined(USA_RESIDENT) || ${USA_RESIDENT} != YES && ${USA_RESIDENT} != NO @ ${ECHO} @ ${ECHO} You must set the variable USA_RESIDENT to YES if you are a @ ${ECHO} United States resident, otherwise NO. @ ${ECHO} If you are a US resident then this port must also fetch @ ${ECHO} the RSAREF2 library from sources abroad \(RSA Inc. holds a @ ${ECHO} patent on RSA and public key crypto in general in the United @ ${ECHO} States so using RSA implementations other than RSAREF there @ ${ECHO} may violate US patent law\). @ ${FALSE} .endif post-install: @if [ ! -f ${PREFIX}/etc/ssh_host_key ]; then \ ${ECHO} "Generating a secret host key..."; \ ${PREFIX}/bin/ssh-keygen -f ${PREFIX}/etc/ssh_host_key -N ""; \ fi; \ if [ "`grep ssh /etc/inetd.conf|grep -v ^#ssh`" = "" ]; then \ if [ ! -f ${PREFIX}/etc/rc.d/sshd.sh ]; then \ ${ECHO} "Installing ${PREFIX}/etc/rc.d/sshd.sh startup file."; \ ${SED} -e 's+!!PREFIX!!+${PREFIX}+g' ${FILESDIR}/sshd.sh \ > ${PREFIX}/etc/rc.d/sshd.sh; \ ${CHMOD} 751 ${PREFIX}/etc/rc.d/sshd.sh; \ fi; \ fi .include # Include tcp-wrapper support (call remote identd) .if exists(/usr/include/tcpd.h) CONFIGURE_ARGS+= --with-libwrap .else .if defined(WITH_TCPWRAP) || (exists(${PREFIX}/lib/libwrap.a) \ && !defined(WITHOUT_TCPWRAP)) CONFIGURE_ENV+= LDFLAGS=-L${PREFIX}/lib CFLAGS="${CFLAGS} -I${PREFIX}/include" CONFIGURE_ARGS+= --with-libwrap LIB_DEPENDS+= wrap.7:${PORTSDIR}/security/tcp_wrapper .endif .endif # Original IPv6 patches were obtained from ftp://ftp.kyoto.wide.ad.jp/IPv6/ssh/ # ssh-1.2.27-IPv6-1.5-patch.gz # We still use WITH_INET6 here and try to support pre 4.0 machines with kame # IPv6 stack .if ${OSVERSION} >= 400014 || ( ${OSVERSION} < 400014 && defined(WITH_INET6) ) CONFIGURE_ARGS+= --enable-ipv6 .else CONFIGURE_ARGS+= --disable-ipv6 .endif # Include SOCKS firewall support .if defined(WITH_SOCKS) CONFIGURE_ARGS+= --with-socks="-L${PREFIX}/lib -lsocks5" --with-socks5 .endif # Include extra files if X11 is installed .if defined(WITH_X11) || (exists(${X11BASE}/lib/libX11.a) \ && !defined(WITHOUT_X11)) USE_XLIB= yes PLIST:= ${WRKDIR}/PLIST pre-install: @${CAT} ${PKGDIR}/PLIST.X11 > ${PLIST} @${CAT} ${PKGDIR}/PLIST >> ${PLIST} .else CONFIGURE_ARGS+= --without-x .endif .include