git: 8a5ad92ecc59 - main - security/openssh-portable: Stop trying to generate DSA key.

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Bryan Drewery <bdrewery_at_FreeBSD.org>
Date: Tue, 07 Oct 2025 19:17:08 UTC
The branch main has been updated by bdrewery:

URL: https://cgit.FreeBSD.org/ports/commit/?id=8a5ad92ecc597e3ec730f60f5f28df43e91604ba

commit 8a5ad92ecc597e3ec730f60f5f28df43e91604ba
Author:     Bryan Drewery <bdrewery@FreeBSD.org>
AuthorDate: 2025-10-07 19:16:27 +0000
Commit:     Bryan Drewery <bdrewery@FreeBSD.org>
CommitDate: 2025-10-07 19:16:52 +0000

    security/openssh-portable: Stop trying to generate DSA key.
    
    DSA key support was removed in 10.0.
---
 security/openssh-portable/Makefile         |  2 +-
 security/openssh-portable/files/openssh.in | 15 +--------------
 2 files changed, 2 insertions(+), 15 deletions(-)

diff --git a/security/openssh-portable/Makefile b/security/openssh-portable/Makefile
index 6cf668fc4280..12f7e4ef9da9 100644
--- a/security/openssh-portable/Makefile
+++ b/security/openssh-portable/Makefile
@@ -1,6 +1,6 @@
 PORTNAME=	openssh
 DISTVERSION=	10.1p1
-PORTREVISION=	0
+PORTREVISION=	1
 PORTEPOCH=	1
 CATEGORIES=	security
 MASTER_SITES=	OPENBSD/OpenSSH/portable
diff --git a/security/openssh-portable/files/openssh.in b/security/openssh-portable/files/openssh.in
index 9526a70b0d07..251cca91fc62 100644
--- a/security/openssh-portable/files/openssh.in
+++ b/security/openssh-portable/files/openssh.in
@@ -23,8 +23,6 @@ load_rc_config ${name}
 : ${openssh_skipportscheck="NO"}
 
 # These only control ssh-keygen automatically generating host keys.
-: ${openssh_dsa_enable="YES"}
-: ${openssh_dsa_flags=""}
 : ${openssh_rsa_enable="YES"}
 : ${openssh_rsa_flags=""}
 : ${openssh_ecdsa_enable="YES"}
@@ -44,13 +42,11 @@ pidfile=${openssh_pidfile:="/var/run/sshd.pid"}
 openssh_keygen()
 {
 	local skip_dsa= skip_rsa= skip_ecdsa= skip_ed25519=
-	checkyesno openssh_dsa_enable || skip_dsa=y
 	checkyesno openssh_rsa_enable || skip_rsa=y
 	checkyesno openssh_ecdsa_enable || skip_ecdsa=y
 	checkyesno openssh_ed25519_enable || skip_ed25519=y
 
-	if [ \( -n "$skip_dsa" -o -f %%ETCDIR%%/ssh_host_dsa_key \) -a \
-	    \( -n "$skip_rsa" -o -f %%ETCDIR%%/ssh_host_rsa_key \) -a \
+	if [ \( -n "$skip_rsa" -o -f %%ETCDIR%%/ssh_host_rsa_key \) -a \
 	    \( -n "$skip_ecdsa" -o -f %%ETCDIR%%/ssh_host_ecdsa_key \) -a \
 	    \( -n "$skip_ed25519" -o -f %%ETCDIR%%/ssh_host_ed25519_key \) ]; then
 		return 0
@@ -62,15 +58,6 @@ openssh_keygen()
 	[ -x %%PREFIX%%/bin/ssh-keygen ] ||
 		err 1 "%%PREFIX%%/bin/ssh-keygen does not exist."
 
-	if [ -f %%ETCDIR%%/ssh_host_dsa_key ]; then
-		echo "You already have a DSA host key" \
-			"in %%ETCDIR%%/ssh_host_dsa_key"
-		echo "Skipping protocol version 2 DSA Key Generation"
-	elif checkyesno openssh_dsa_enable; then
-		%%PREFIX%%/bin/ssh-keygen -t dsa $openssh_dsa_flags \
-			-f %%ETCDIR%%/ssh_host_dsa_key -N ''
-	fi
-
 	if [ -f %%ETCDIR%%/ssh_host_rsa_key ]; then
 		echo "You already have a RSA host key" \
 			"in %%ETCDIR%%/ssh_host_rsa_key"