ports/172429: [PATCH] security/openssh-portable: Converting port to new options framework
Michael Gmelin
freebsd at grem.de
Sun Oct 7 04:20:20 UTC 2012
>Number: 172429
>Category: ports
>Synopsis: [PATCH] security/openssh-portable: Converting port to new options framework
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: change-request
>Submitter-Id: current-users
>Arrival-Date: Sun Oct 07 04:20:18 UTC 2012
>Closed-Date:
>Last-Modified:
>Originator: Michael Gmelin
>Release: FreeBSD 9.0-RELEASE amd64
>Organization:
Grem Equity GmbH
>Environment:
System: FreeBSD bsd64.grem.de 9.0-RELEASE FreeBSD 9.0-RELEASE #0: Tue Jan 3 07:46:30 UTC
>Description:
The patch below converts the port to use the new options framework[1]
and converts the Makefile header to the new format[2].
The patch is to be applied using:
patch -p0 -E </path/to/patchfile
No attempts have been made to fix any potential issues the port might
have beyond this scope. I also didn't fix any indentation issues to
keep the patch small and easy to audit, a future port maintainer might
want to take care of this. Double checking this can't hurt.
See also:
1. http://lists.freebsd.org/pipermail/freebsd-ports/2012-October/078676.html
2. http://lists.freebsd.org/pipermail/freebsd-ports/2012-August/077801.html
Generated with FreeBSD Port Tools 0.99_6 (mode: change, diff: suffix)
>How-To-Repeat:
>Fix:
--- openssh-portable-5.8.p2_3,1.patch begins here ---
diff -ruN --exclude=CVS ../openssh-portable.orig/Makefile ./Makefile
--- ../openssh-portable.orig/Makefile 2012-10-07 05:16:38.926607568 +0200
+++ ./Makefile 2012-10-07 05:30:05.095397176 +0200
@@ -1,28 +1,27 @@
-# New ports collection makefile for: openssh
-# Date created: 18 Mar 1999
-# Whom: dwcjr at inethouston.net
-#
-# $FreeBSD: ports/security/openssh-portable/Makefile,v 1.162 2012/08/05 23:05:24 dougb Exp $
-#
-
-PORTNAME= openssh
-DISTVERSION= 5.8p2
-PORTREVISION= 3
-PORTEPOCH= 1
-CATEGORIES= security ipv6
-MASTER_SITES= ${MASTER_SITE_OPENBSD}
+# Created by: dwcjr at inethouston.net
+# $FreeBSD: $
+
+PORTNAME= openssh
+DISTVERSION= 5.8p2
+PORTREVISION= 3
+PORTEPOCH= 1
+CATEGORIES= security ipv6
+MASTER_SITES= ${MASTER_SITE_OPENBSD}
MASTER_SITE_SUBDIR= OpenSSH/portable
-PKGNAMESUFFIX= -portable
+PKGNAMESUFFIX= -portable
+
+MAINTAINER= ports at FreeBSD.org
+COMMENT= The portable version of OpenBSD's OpenSSH
-MAINTAINER= ports at FreeBSD.org
-COMMENT= The portable version of OpenBSD's OpenSSH
+#REMOVEME!!!!! '
-WRKSRC= ${WRKDIR}/${PORTNAME}-${DISTVERSION}
+WRKSRC= ${WRKDIR}/${PORTNAME}-${DISTVERSION}
-MAN1= sftp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 scp.1 ssh.1
-MLINKS= ssh.1 slogin.1
-MAN5= moduli.5 ssh_config.5 sshd_config.5
-MAN8= sftp-server.8 sshd.8 ssh-keysign.8 ssh-pkcs11-helper.8
+MAN1= sftp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 \
+ ssh-keyscan.1 scp.1 ssh.1
+MLINKS= ssh.1 slogin.1
+MAN5= moduli.5 ssh_config.5 sshd_config.5
+MAN8= sftp-server.8 sshd.8 ssh-keysign.8 ssh-pkcs11-helper.8
CONFLICTS?= openssh-3.* ssh-1.* ssh2-3.*
@@ -36,24 +35,25 @@
ssh_host_dsa_key.pub
ETCOLD= ${PREFIX}/etc
-SUDO?= # empty
-MAKE_ENV+= SUDO="${SUDO}"
+SUDO?= # empty
+MAKE_ENV+= SUDO="${SUDO}"
-OPTIONS= PAM "Enable pam(3) support" on \
- TCP_WRAPPERS "Enable tcp_wrappers support" on \
- LIBEDIT "Enable readline support to sftp(1)" on \
- SUID_SSH "Enable suid SSH (Recommended off)" off \
- BSM "Enable OpenBSM Auditing" off \
- KERBEROS "Enable kerberos (autodetection)" off \
- KERB_GSSAPI "Enable Kerberos/GSSAPI patch (req: GSSAPI)" off \
- OPENSSH_CHROOT "Enable CHROOT support" off \
- HPN "Enable HPN-SSH patch" off \
- LPK "Enable LDAP Public Key (LPK) patch" off \
- X509 "Enable x509 certificate patch" off \
- FILECONTROL "Enable file control patch (broken)" off \
- OVERWRITE_BASE "OpenSSH overwrite base" off
+OPTIONS_DEFINE= PAM TCP_WRAPPERS LIBEDIT SUID_SSH BSM KERBEROS \
+ KERB_GSSAPI OPENSSH_CHROOT HPN LPK X509 FILECONTROL \
+ OVERWRITE_BASE
+OPTIONS_DEFAULT= LIBEDIT PAM TCP_WRAPPERS
+TCP_WRAPPERS_DESC= Enable tcp_wrappers support
+SUID_SSH_DESC= Enable suid SSH (Recommended off)
+BSM_DESC= Enable OpenBSM Auditing
+KERB_GSSAPI_DESC= Enable Kerberos/GSSAPI patch (req: GSSAPI)
+OPENSSH_CHROOT_DESC= Enable CHROOT support
+HPN_DESC= Enable HPN-SSH patch
+LPK_DESC= Enable LDAP Public Key (LPK) patch
+X509_DESC= Enable x509 certificate patch
+FILECONTROL_DESC= Enable file control patch (broken)
+OVERWRITE_BASE_DESC= OpenSSH overwrite base
-.include <bsd.port.pre.mk>
+.include <bsd.port.pre.mk> # can't be replaces since some variables break below (e.g. OPENSSLBASE)
.if ${OSVERSION} >= 900000
EXTRA_PATCHES= ${FILESDIR}/extra-patch-configure
@@ -63,42 +63,42 @@
CONFIGURE_ARGS+= --disable-utmp --disable-wtmp --disable-wtmpx --without-lastlog
.endif
-.if defined(WITH_X509) && defined(WITH_HPN)
+.if ${PORT_OPTIONS:MX509} && ${PORT_OPTIONS:MHPN}
BROKEN= X509 patches and HPN patches do not apply cleanly together
.endif
-.if defined(WITH_X509) && defined(WITH_KERB_GSSAPI)
+.if ${PORT_OPTIONS:MX509} && ${PORT_OPTIONS:MKERB_GSSAPI}
BROKEN= X509 patch incompatible with KERB_GSSAPI patch
.endif
.if defined(OPENSSH_OVERWRITE_BASE)
-WITH_OVERWRITE_BASE= yes
+PORT_OPTIONS+= OVERWRITE_BASE
.endif
-.if !defined(WITHOUT_PAM) && exists(/usr/include/security/pam_modules.h)
+.if ${PORT_OPTIONS:MPAM} && exists(/usr/include/security/pam_modules.h)
CONFIGURE_ARGS+= --with-pam
.endif
-.if !defined(WITHOUT_TCP_WRAPPERS) && exists(/usr/include/tcpd.h)
+.if ${PORT_OPTIONS:MTCP_WRAPPERS} && exists(/usr/include/tcpd.h)
CONFIGURE_ARGS+= --with-tcp-wrappers
.endif
-.if !defined(WITHOUT_LIBEDIT)
+.if ${PORT_OPTIONS:MLIBEDIT}
CONFIGURE_ARGS+= --with-libedit
.endif
-.if !defined(WITH_SUID_SSH)
+.if !${PORT_OPTIONS:MSUID_SSH}
CONFIGURE_ARGS+= --disable-suid-ssh
.endif
-.if defined(WITH_BSM)
+.if ${PORT_OPTIONS:MBSM}
CONFIGURE_ARGS+= --with-audit=bsm
.endif
-.if defined(WITH_KERBEROS)
+.if ${PORT_OPTIONS:MKERBEROS}
CONFIGURE_ARGS+= --with-kerberos5
LIB_DEPENDS+= krb5.3:${PORTSDIR}/security/krb5
-.if defined(WITH_KERB_GSSAPI)
+.if ${PORT_OPTIONS:MKERB_GSSAPI}
PATCH_SITES+= http://www.sxw.org.uk/computing/patches/
PATCHFILES+= openssh-5.7p1-gsskex-all-20110125.patch
PATCH_DIST_STRIP=
@@ -113,11 +113,11 @@
CONFIGURE_ARGS+= --with-ssl-dir=${OPENSSLBASE}
.endif
-.if defined(WITH_OPENSSH_CHROOT)
+.if ${PORT_OPTIONS:MOPENSSH_CHROOT}
CFLAGS+= -DCHROOT
.endif
-.if defined(WITH_HPN)
+.if ${PORT_OPTIONS:MHPN}
PATCH_SITES+= http://www.shatow.net/freebsd/
PATCHFILES+= ${PORTNAME}-5.8p1-hpn13v11.diff.gz
PATCH_DIST_STRIP=
@@ -126,7 +126,7 @@
# See http://code.google.com/p/openssh-lpk/wiki/Main
# and svn repo described here:
# http://code.google.com/p/openssh-lpk/source/checkout
-.if defined(WITH_LPK)
+.if ${PORT_OPTIONS:MLPK}
EXTRA_PATCHES+= ${FILESDIR}/openssh-lpk-5.8p2.patch
USE_OPENLDAP= yes
CPPFLAGS+= -I${LOCALBASE}/include
@@ -137,7 +137,7 @@
.endif
# See http://www.roumenpetrov.info/openssh/
-.if defined(WITH_X509)
+.if ${PORT_OPTIONS:MX509}
PATCH_SITES+= http://www.roumenpetrov.info/openssh/x509-7.0/
PATCHFILES+= ${PORTNAME}-5.8p1+x509-7.0.diff.gz
PATCH_DIST_STRIP= -p1
@@ -148,14 +148,14 @@
.endif
# See http://sftpfilecontrol.sourceforge.net/
-.if defined(WITH_FILECONTROL)
+.if ${PORT_OPTIONS:MFILECONTROL}
# Latest sftpfilecontrol patch is against 5.4p1 which does not apply
# cleanly against 5.8p2, but it's close.
BROKEN= latest upstream sftp file control public key patch is not up to date for OpenSSH 5.8p2
EXTRA_PATCHES+= ${FILESDIR}/openssh-${DISTVERSION}.sftpfilecontrol-v1.3.patch
.endif
-.if defined(WITH_OVERWRITE_BASE)
+.if ${PORT_OPTIONS:MOVERWRITE_BASE}
WITH_OPENSSL_BASE= yes
CONFIGURE_ARGS+= --localstatedir=/var
EMPTYDIR= /var/empty
@@ -199,7 +199,7 @@
${WRKSRC}/version.h
@${ECHO_CMD} '#define SSH_RELEASE TMP_SSH_VERSION SSH_PORTABLE FREEBSD_PORT_VERSION' >> \
${WRKSRC}/version.h
-.if defined(WITH_HPN)
+.if ${PORT_OPTIONS:MHPN}
@${REINPLACE_CMD} -e 's|TMP_SSH_VERSION SSH_PORTABLE|TMP_SSH_VERSION SSH_PORTABLE SSH_HPN|' \
${WRKSRC}/version.h
.endif
--- openssh-portable-5.8.p2_3,1.patch ends here ---
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list