Date: 7 Oct 2012 04:15:35 -0000 From: Michael Gmelin <freebsd@grem.de> To: FreeBSD-gnats-submit@FreeBSD.org Subject: ports/172429: [PATCH] security/openssh-portable: Converting port to new options framework Message-ID: <20121007041535.60505.qmail@mail.grem.de> Resent-Message-ID: <201210070420.q974KIoq064229@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 172429 >Category: ports >Synopsis: [PATCH] security/openssh-portable: Converting port to new options framework >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Sun Oct 07 04:20:18 UTC 2012 >Closed-Date: >Last-Modified: >Originator: Michael Gmelin >Release: FreeBSD 9.0-RELEASE amd64 >Organization: Grem Equity GmbH >Environment: System: FreeBSD bsd64.grem.de 9.0-RELEASE FreeBSD 9.0-RELEASE #0: Tue Jan 3 07:46:30 UTC >Description: The patch below converts the port to use the new options framework[1] and converts the Makefile header to the new format[2]. The patch is to be applied using: patch -p0 -E </path/to/patchfile No attempts have been made to fix any potential issues the port might have beyond this scope. I also didn't fix any indentation issues to keep the patch small and easy to audit, a future port maintainer might want to take care of this. Double checking this can't hurt. See also: 1. http://lists.freebsd.org/pipermail/freebsd-ports/2012-October/078676.html 2. http://lists.freebsd.org/pipermail/freebsd-ports/2012-August/077801.html Generated with FreeBSD Port Tools 0.99_6 (mode: change, diff: suffix) >How-To-Repeat: >Fix: --- openssh-portable-5.8.p2_3,1.patch begins here --- diff -ruN --exclude=CVS ../openssh-portable.orig/Makefile ./Makefile --- ../openssh-portable.orig/Makefile 2012-10-07 05:16:38.926607568 +0200 +++ ./Makefile 2012-10-07 05:30:05.095397176 +0200 @@ -1,28 +1,27 @@ -# New ports collection makefile for: openssh -# Date created: 18 Mar 1999 -# Whom: dwcjr@inethouston.net -# -# $FreeBSD: ports/security/openssh-portable/Makefile,v 1.162 2012/08/05 23:05:24 dougb Exp $ -# - -PORTNAME= openssh -DISTVERSION= 5.8p2 -PORTREVISION= 3 -PORTEPOCH= 1 -CATEGORIES= security ipv6 -MASTER_SITES= ${MASTER_SITE_OPENBSD} +# Created by: dwcjr@inethouston.net +# $FreeBSD: $ + +PORTNAME= openssh +DISTVERSION= 5.8p2 +PORTREVISION= 3 +PORTEPOCH= 1 +CATEGORIES= security ipv6 +MASTER_SITES= ${MASTER_SITE_OPENBSD} MASTER_SITE_SUBDIR= OpenSSH/portable -PKGNAMESUFFIX= -portable +PKGNAMESUFFIX= -portable + +MAINTAINER= ports@FreeBSD.org +COMMENT= The portable version of OpenBSD's OpenSSH -MAINTAINER= ports@FreeBSD.org -COMMENT= The portable version of OpenBSD's OpenSSH +#REMOVEME!!!!! ' -WRKSRC= ${WRKDIR}/${PORTNAME}-${DISTVERSION} +WRKSRC= ${WRKDIR}/${PORTNAME}-${DISTVERSION} -MAN1= sftp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 scp.1 ssh.1 -MLINKS= ssh.1 slogin.1 -MAN5= moduli.5 ssh_config.5 sshd_config.5 -MAN8= sftp-server.8 sshd.8 ssh-keysign.8 ssh-pkcs11-helper.8 +MAN1= sftp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 \ + ssh-keyscan.1 scp.1 ssh.1 +MLINKS= ssh.1 slogin.1 +MAN5= moduli.5 ssh_config.5 sshd_config.5 +MAN8= sftp-server.8 sshd.8 ssh-keysign.8 ssh-pkcs11-helper.8 CONFLICTS?= openssh-3.* ssh-1.* ssh2-3.* @@ -36,24 +35,25 @@ ssh_host_dsa_key.pub ETCOLD= ${PREFIX}/etc -SUDO?= # empty -MAKE_ENV+= SUDO="${SUDO}" +SUDO?= # empty +MAKE_ENV+= SUDO="${SUDO}" -OPTIONS= PAM "Enable pam(3) support" on \ - TCP_WRAPPERS "Enable tcp_wrappers support" on \ - LIBEDIT "Enable readline support to sftp(1)" on \ - SUID_SSH "Enable suid SSH (Recommended off)" off \ - BSM "Enable OpenBSM Auditing" off \ - KERBEROS "Enable kerberos (autodetection)" off \ - KERB_GSSAPI "Enable Kerberos/GSSAPI patch (req: GSSAPI)" off \ - OPENSSH_CHROOT "Enable CHROOT support" off \ - HPN "Enable HPN-SSH patch" off \ - LPK "Enable LDAP Public Key (LPK) patch" off \ - X509 "Enable x509 certificate patch" off \ - FILECONTROL "Enable file control patch (broken)" off \ - OVERWRITE_BASE "OpenSSH overwrite base" off +OPTIONS_DEFINE= PAM TCP_WRAPPERS LIBEDIT SUID_SSH BSM KERBEROS \ + KERB_GSSAPI OPENSSH_CHROOT HPN LPK X509 FILECONTROL \ + OVERWRITE_BASE +OPTIONS_DEFAULT= LIBEDIT PAM TCP_WRAPPERS +TCP_WRAPPERS_DESC= Enable tcp_wrappers support +SUID_SSH_DESC= Enable suid SSH (Recommended off) +BSM_DESC= Enable OpenBSM Auditing +KERB_GSSAPI_DESC= Enable Kerberos/GSSAPI patch (req: GSSAPI) +OPENSSH_CHROOT_DESC= Enable CHROOT support +HPN_DESC= Enable HPN-SSH patch +LPK_DESC= Enable LDAP Public Key (LPK) patch +X509_DESC= Enable x509 certificate patch +FILECONTROL_DESC= Enable file control patch (broken) +OVERWRITE_BASE_DESC= OpenSSH overwrite base -.include <bsd.port.pre.mk> +.include <bsd.port.pre.mk> # can't be replaces since some variables break below (e.g. OPENSSLBASE) .if ${OSVERSION} >= 900000 EXTRA_PATCHES= ${FILESDIR}/extra-patch-configure @@ -63,42 +63,42 @@ CONFIGURE_ARGS+= --disable-utmp --disable-wtmp --disable-wtmpx --without-lastlog .endif -.if defined(WITH_X509) && defined(WITH_HPN) +.if ${PORT_OPTIONS:MX509} && ${PORT_OPTIONS:MHPN} BROKEN= X509 patches and HPN patches do not apply cleanly together .endif -.if defined(WITH_X509) && defined(WITH_KERB_GSSAPI) +.if ${PORT_OPTIONS:MX509} && ${PORT_OPTIONS:MKERB_GSSAPI} BROKEN= X509 patch incompatible with KERB_GSSAPI patch .endif .if defined(OPENSSH_OVERWRITE_BASE) -WITH_OVERWRITE_BASE= yes +PORT_OPTIONS+= OVERWRITE_BASE .endif -.if !defined(WITHOUT_PAM) && exists(/usr/include/security/pam_modules.h) +.if ${PORT_OPTIONS:MPAM} && exists(/usr/include/security/pam_modules.h) CONFIGURE_ARGS+= --with-pam .endif -.if !defined(WITHOUT_TCP_WRAPPERS) && exists(/usr/include/tcpd.h) +.if ${PORT_OPTIONS:MTCP_WRAPPERS} && exists(/usr/include/tcpd.h) CONFIGURE_ARGS+= --with-tcp-wrappers .endif -.if !defined(WITHOUT_LIBEDIT) +.if ${PORT_OPTIONS:MLIBEDIT} CONFIGURE_ARGS+= --with-libedit .endif -.if !defined(WITH_SUID_SSH) +.if !${PORT_OPTIONS:MSUID_SSH} CONFIGURE_ARGS+= --disable-suid-ssh .endif -.if defined(WITH_BSM) +.if ${PORT_OPTIONS:MBSM} CONFIGURE_ARGS+= --with-audit=bsm .endif -.if defined(WITH_KERBEROS) +.if ${PORT_OPTIONS:MKERBEROS} CONFIGURE_ARGS+= --with-kerberos5 LIB_DEPENDS+= krb5.3:${PORTSDIR}/security/krb5 -.if defined(WITH_KERB_GSSAPI) +.if ${PORT_OPTIONS:MKERB_GSSAPI} PATCH_SITES+= http://www.sxw.org.uk/computing/patches/ PATCHFILES+= openssh-5.7p1-gsskex-all-20110125.patch PATCH_DIST_STRIP= @@ -113,11 +113,11 @@ CONFIGURE_ARGS+= --with-ssl-dir=${OPENSSLBASE} .endif -.if defined(WITH_OPENSSH_CHROOT) +.if ${PORT_OPTIONS:MOPENSSH_CHROOT} CFLAGS+= -DCHROOT .endif -.if defined(WITH_HPN) +.if ${PORT_OPTIONS:MHPN} PATCH_SITES+= http://www.shatow.net/freebsd/ PATCHFILES+= ${PORTNAME}-5.8p1-hpn13v11.diff.gz PATCH_DIST_STRIP= @@ -126,7 +126,7 @@ # See http://code.google.com/p/openssh-lpk/wiki/Main # and svn repo described here: # http://code.google.com/p/openssh-lpk/source/checkout -.if defined(WITH_LPK) +.if ${PORT_OPTIONS:MLPK} EXTRA_PATCHES+= ${FILESDIR}/openssh-lpk-5.8p2.patch USE_OPENLDAP= yes CPPFLAGS+= -I${LOCALBASE}/include @@ -137,7 +137,7 @@ .endif # See http://www.roumenpetrov.info/openssh/ -.if defined(WITH_X509) +.if ${PORT_OPTIONS:MX509} PATCH_SITES+= http://www.roumenpetrov.info/openssh/x509-7.0/ PATCHFILES+= ${PORTNAME}-5.8p1+x509-7.0.diff.gz PATCH_DIST_STRIP= -p1 @@ -148,14 +148,14 @@ .endif # See http://sftpfilecontrol.sourceforge.net/ -.if defined(WITH_FILECONTROL) +.if ${PORT_OPTIONS:MFILECONTROL} # Latest sftpfilecontrol patch is against 5.4p1 which does not apply # cleanly against 5.8p2, but it's close. BROKEN= latest upstream sftp file control public key patch is not up to date for OpenSSH 5.8p2 EXTRA_PATCHES+= ${FILESDIR}/openssh-${DISTVERSION}.sftpfilecontrol-v1.3.patch .endif -.if defined(WITH_OVERWRITE_BASE) +.if ${PORT_OPTIONS:MOVERWRITE_BASE} WITH_OPENSSL_BASE= yes CONFIGURE_ARGS+= --localstatedir=/var EMPTYDIR= /var/empty @@ -199,7 +199,7 @@ ${WRKSRC}/version.h @${ECHO_CMD} '#define SSH_RELEASE TMP_SSH_VERSION SSH_PORTABLE FREEBSD_PORT_VERSION' >> \ ${WRKSRC}/version.h -.if defined(WITH_HPN) +.if ${PORT_OPTIONS:MHPN} @${REINPLACE_CMD} -e 's|TMP_SSH_VERSION SSH_PORTABLE|TMP_SSH_VERSION SSH_PORTABLE SSH_HPN|' \ ${WRKSRC}/version.h .endif --- openssh-portable-5.8.p2_3,1.patch ends here --- >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20121007041535.60505.qmail>