svn commit: r255829 - in head: crypto/openssh secure/lib/libssh secure/usr.bin/ssh secure/usr.sbin/sshd

Dag-Erling Smørgrav des at FreeBSD.org
Mon Sep 23 20:35:57 UTC 2013 

Author: des
Date: Mon Sep 23 20:35:54 2013
New Revision: 255829
URL: http://svnweb.freebsd.org/changeset/base/255829

Log:
  Unbreak the WITHOUT_KERBEROS build and try to reduce the odds of a
  repeat performance by introducing a script that runs configure with and
  without Kerberos, diffs the result and generates krb5_config.h, which
  contains the preprocessor macros that need to be defined in the Kerberos
  case and undefined otherwise.
  
  Approved by:	re (marius)

Added:
  head/crypto/openssh/freebsd-configure.sh   (contents, props changed)
  head/crypto/openssh/krb5_config.h   (contents, props changed)
Modified:
  head/crypto/openssh/FREEBSD-upgrade
  head/crypto/openssh/config.h
  head/crypto/openssh/ssh-gss.h
  head/crypto/openssh/sshd.c
  head/secure/lib/libssh/Makefile
  head/secure/usr.bin/ssh/Makefile
  head/secure/usr.sbin/sshd/Makefile

Modified: head/crypto/openssh/FREEBSD-upgrade
==============================================================================
--- head/crypto/openssh/FREEBSD-upgrade	Mon Sep 23 20:30:25 2013	(r255828)
+++ head/crypto/openssh/FREEBSD-upgrade	Mon Sep 23 20:35:54 2013	(r255829)
@@ -3,7 +3,13 @@
 	    FreeBSD maintainer's guide to OpenSSH-portable
 	    ==============================================
 
-[needs rewriting for svn]
+XXX
+XXX this needs a complete rewrite
+XXX svn merge from vendor branch, resolve conflicts manually
+XXX   (see FREEBSD-tricks for tips on how to reduce conflicts)
+XXX run freebsd-configure.sh to generate config.h and krb5_config.h
+XXX svn diff Makefile.in to see if the Makefiles need adjusting
+XXX
 
 0) Make sure your mail spool has plenty of free space.  It'll fill up
    pretty fast once you're done with this checklist.
@@ -116,7 +122,7 @@ B) Re-commit everything on repoman (you 
 
 
 This port was brought to you by (in no particular order) DARPA, NAI
-Labs, ThinkSec, Nescafé, the Aberlour Glenlivet Distillery Co.,
+Labs, ThinkSec, Nescafé, the Aberlour Glenlivet Distillery Co.,
 Suzanne Vega, and a Sanford's #69 Deluxe Marker.
 
 					-- des at FreeBSD.org

Modified: head/crypto/openssh/config.h
==============================================================================
--- head/crypto/openssh/config.h	Mon Sep 23 20:30:25 2013	(r255828)
+++ head/crypto/openssh/config.h	Mon Sep 23 20:35:54 2013	(r255829)
@@ -157,7 +157,7 @@
 /* #undef GLOB_HAS_GL_STATV */
 
 /* Define this if you want GSSAPI support in the version 2 protocol */
-#define GSSAPI 1
+/* #undef GSSAPI */
 
 /* Define if you want to use shadow password expire field */
 /* #undef HAS_SHADOW_EXPIRE */
@@ -271,7 +271,7 @@
 
 /* Define to 1 if you have the declaration of `GSS_C_NT_HOSTBASED_SERVICE',
    and to 0 if you don't. */
-#define HAVE_DECL_GSS_C_NT_HOSTBASED_SERVICE 1
+/* #undef HAVE_DECL_GSS_C_NT_HOSTBASED_SERVICE */
 
 /* Define to 1 if you have the declaration of `howmany', and to 0 if you
    don't. */
@@ -535,10 +535,10 @@
 /* #undef HAVE_GSSAPI_GSSAPI_GENERIC_H */
 
 /* Define to 1 if you have the <gssapi/gssapi.h> header file. */
-#define HAVE_GSSAPI_GSSAPI_H 1
+/* #undef HAVE_GSSAPI_GSSAPI_H */
 
 /* Define to 1 if you have the <gssapi/gssapi_krb5.h> header file. */
-#define HAVE_GSSAPI_GSSAPI_KRB5_H 1
+/* #undef HAVE_GSSAPI_GSSAPI_KRB5_H */
 
 /* Define to 1 if you have the <gssapi.h> header file. */
 /* #undef HAVE_GSSAPI_H */
@@ -601,13 +601,13 @@
 #define HAVE_ISBLANK 1
 
 /* Define to 1 if you have the `krb5_cc_new_unique' function. */
-#define HAVE_KRB5_CC_NEW_UNIQUE 1
+/* #undef HAVE_KRB5_CC_NEW_UNIQUE */
 
 /* Define to 1 if you have the `krb5_free_error_message' function. */
-#define HAVE_KRB5_FREE_ERROR_MESSAGE 1
+/* #undef HAVE_KRB5_FREE_ERROR_MESSAGE */
 
 /* Define to 1 if you have the `krb5_get_error_message' function. */
-#define HAVE_KRB5_GET_ERROR_MESSAGE 1
+/* #undef HAVE_KRB5_GET_ERROR_MESSAGE */
 
 /* Define to 1 if you have the <lastlog.h> header file. */
 /* #undef HAVE_LASTLOG_H */
@@ -1310,7 +1310,7 @@
 #define HAVE___func__ 1
 
 /* Define this if you are using the Heimdal version of Kerberos V5 */
-#define HEIMDAL 1
+/* #undef HEIMDAL */
 
 /* Define if you need to use IP address instead of hostname in $DISPLAY */
 /* #undef IPADDR_IN_DISPLAY */
@@ -1322,7 +1322,7 @@
 /* #undef IP_TOS_IS_BROKEN */
 
 /* Define if you want Kerberos 5 support */
-#define KRB5 1
+/* #undef KRB5 */
 
 /* Define if pututxline updates lastlog too */
 /* #undef LASTLOG_WRITE_PUTUTXLINE */

Added: head/crypto/openssh/freebsd-configure.sh
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/crypto/openssh/freebsd-configure.sh	Mon Sep 23 20:35:54 2013	(r255829)
@@ -0,0 +1,30 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+configure_args="
+    --prefix=/usr
+    --sysconfdir=/etc/ssh
+    --with-pam
+    --with-tcp-wrappers
+    --with-libedit
+    --with-ssl-engine
+    --without-xauth
+" 
+
+set -e
+
+# generate config.h with krb5 and stash it
+sh configure $configure_args --with-kerberos5
+mv config.log config.log.orig
+mv config.h config.h.orig
+
+# generate config.h without krb5
+sh configure $configure_args --without-kerberos5
+
+# extract the difference
+echo '/* $Free''BSD$ */' > krb5_config.h
+diff -u config.h.orig config.h |
+	sed -n '/^-#define/s/^-//p' |
+	grep -Ff /dev/stdin config.h.orig >> krb5_config.h

Added: head/crypto/openssh/krb5_config.h
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/crypto/openssh/krb5_config.h	Mon Sep 23 20:35:54 2013	(r255829)
@@ -0,0 +1,11 @@
+/* $FreeBSD$ */
+#define GSSAPI 1
+#define HAVE_DECL_GSS_C_NT_HOSTBASED_SERVICE 1
+#define HAVE_GSSAPI_GSSAPI_H 1
+#define HAVE_GSSAPI_GSSAPI_KRB5_H 1
+#define HAVE_GSSAPI_H 1
+#define HAVE_KRB5_CC_NEW_UNIQUE 1
+#define HAVE_KRB5_FREE_ERROR_MESSAGE 1
+#define HAVE_KRB5_GET_ERROR_MESSAGE 1
+#define HEIMDAL 1
+#define KRB5 1

Modified: head/crypto/openssh/ssh-gss.h
==============================================================================
--- head/crypto/openssh/ssh-gss.h	Mon Sep 23 20:30:25 2013	(r255828)
+++ head/crypto/openssh/ssh-gss.h	Mon Sep 23 20:35:54 2013	(r255829)
@@ -28,10 +28,10 @@
 
 #ifdef GSSAPI
 
-#ifdef HAVE_GSSAPI_H
-#include <gssapi.h>
-#elif defined(HAVE_GSSAPI_GSSAPI_H)
+#if defined(HAVE_GSSAPI_GSSAPI_H)
 #include <gssapi/gssapi.h>
+#elif defined(HAVE_GSSAPI_H)
+#include <gssapi.h>
 #endif
 
 #ifdef KRB5

Modified: head/crypto/openssh/sshd.c
==============================================================================
--- head/crypto/openssh/sshd.c	Mon Sep 23 20:30:25 2013	(r255828)
+++ head/crypto/openssh/sshd.c	Mon Sep 23 20:35:54 2013	(r255829)
@@ -88,10 +88,10 @@ __RCSID("$FreeBSD$");
 
 #ifdef __FreeBSD__
 #include <resolv.h>
-#if defined(GSSAPI) && defined(HAVE_GSSAPI_H)
-#include <gssapi.h>
-#elif defined(GSSAPI) && defined(HAVE_GSSAPI_GSSAPI_H)
+#if defined(GSSAPI) && defined(HAVE_GSSAPI_GSSAPI_H)
 #include <gssapi/gssapi.h>
+#elif defined(GSSAPI) && defined(HAVE_GSSAPI_H)
+#include <gssapi.h>
 #endif
 #endif
 

Modified: head/secure/lib/libssh/Makefile
==============================================================================
--- head/secure/lib/libssh/Makefile	Mon Sep 23 20:30:25 2013	(r255828)
+++ head/secure/lib/libssh/Makefile	Mon Sep 23 20:35:54 2013	(r255829)
@@ -39,7 +39,7 @@ USEPRIVATELIB+= ldns
 CFLAGS+= -I${SSHDIR} -include ssh_namespace.h
 
 .if ${MK_KERBEROS_SUPPORT} != "no"
-CFLAGS+= -DGSSAPI -DHAVE_GSSAPI_GSSAPI_H=1 -DKRB5 -DHEIMDAL
+CFLAGS+= -include krb5_config.h
 DPADD+=	${LIBGSSAPI} ${LIBKRB5} ${LIBHX509} ${LIBASN1} ${LIBCOM_ERR} ${LIBMD} ${LIBROKEN}
 LDADD+=	-lgssapi -lkrb5 -lhx509 -lasn1 -lcom_err -lmd -lroken
 .endif
@@ -58,3 +58,6 @@ LDADD+=	-lcrypto -lcrypt -lz
 .PATH: ${SSHDIR} ${SSHDIR}/openbsd-compat
 
 ${OBJS} ${POBJS} ${SOBJS}: ssh_namespace.h
+.if ${MK_KERBEROS_SUPPORT} != "no"
+${OBJS} ${POBJS} ${SOBJS}: krb5_config.h
+.endif

Modified: head/secure/usr.bin/ssh/Makefile
==============================================================================
--- head/secure/usr.bin/ssh/Makefile	Mon Sep 23 20:30:25 2013	(r255828)
+++ head/secure/usr.bin/ssh/Makefile	Mon Sep 23 20:35:54 2013	(r255829)
@@ -27,7 +27,7 @@ USEPRIVATELIB+= ldns
 .endif
 
 .if ${MK_KERBEROS_SUPPORT} != "no"
-CFLAGS+= -DGSSAPI -DHAVE_GSSAPI_GSSAPI_H=1 -DKRB5 -DHEIMDAL
+CFLAGS+= -include krb5_config.h
 DPADD+=	 ${LIBGSSAPI}
 LDADD+=	 -lgssapi
 .endif
@@ -48,3 +48,6 @@ CFLAGS+= -DXAUTH_PATH=\"${LOCALBASE}/bin
 .PATH:	${SSHDIR}
 
 ${OBJS} ${POBJS} ${SOBJS}: ssh_namespace.h
+.if ${MK_KERBEROS_SUPPORT} != "no"
+${OBJS} ${POBJS} ${SOBJS}: krb5_config.h
+.endif

Modified: head/secure/usr.sbin/sshd/Makefile
==============================================================================
--- head/secure/usr.sbin/sshd/Makefile	Mon Sep 23 20:30:25 2013	(r255828)
+++ head/secure/usr.sbin/sshd/Makefile	Mon Sep 23 20:35:54 2013	(r255829)
@@ -42,8 +42,7 @@ LDADD+=  -lbsm
 .endif
 
 .if ${MK_KERBEROS_SUPPORT} != "no"
-CFLAGS+= -DGSSAPI -DKRB5 -DHEIMDAL \
-	-DHAVE_GSSAPI_GSSAPI_H=1 -DHAVE_GSSAPI_GSSAPI_KRB5_H=1
+CFLAGS+= -include krb5_config.h
 DPADD+=	 ${LIBGSSAPI_KRB5} ${LIBGSSAPI} ${LIBKRB5} ${LIBHX509} ${LIBASN1} \
 	${LIBCOM_ERR} ${LIBROKEN} ${LIBWIND} ${LIBHEIMBASE} ${LIBHEIMIPCC}
 LDADD+=	 -lgssapi_krb5 -lgssapi -lkrb5 -lhx509 -lasn1 \
@@ -66,3 +65,6 @@ CFLAGS+= -DXAUTH_PATH=\"${LOCALBASE}/bin
 .PATH:	${SSHDIR}
 
 ${OBJS} ${POBJS} ${SOBJS}: ssh_namespace.h
+.if ${MK_KERBEROS_SUPPORT} != "no"
+${OBJS} ${POBJS} ${SOBJS}: krb5_config.h
+.endif

More information about the svn-src-all mailing list