From owner-freebsd-ports@FreeBSD.ORG  Fri Sep 19 05:11:19 2003
Return-Path: <owner-freebsd-ports@FreeBSD.ORG>
Delivered-To: freebsd-ports@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 2630416A4B3
	for <ports@freebsd.org>; Fri, 19 Sep 2003 05:11:19 -0700 (PDT)
Received: from mx2.fillmore-labs.com (lima.fillmore-labs.com [62.138.193.83])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 480C943FE3
	for <ports@freebsd.org>; Fri, 19 Sep 2003 05:11:18 -0700 (PDT)
	(envelope-from eikemeier@fillmore-labs.com)
Received: from atlantis.wireless.fillmore-labs.com ([192.168.161.245]
	helo=fillmore-labs.com)
	by mx2.fillmore-labs.com with asmtp (TLSv1:AES256-SHA:256)
	(Exim 4.22)	id 1A0K6W-000Hkf-NA; Fri, 19 Sep 2003 14:11:16 +0200
Message-ID: <3F6AF264.3070203@fillmore-labs.com>
Date: Fri, 19 Sep 2003 14:11:16 +0200
From: Oliver Eikemeier <eikemeier@fillmore-labs.com>
MIME-Version: 1.0
To: Dirk Meyer <dirk.meyer@dinoex.sub.org>
References: <a05200f22bb8f3d276060@[192.168.0.3]>
	<UuwNaN5Dws@dmeyer.dinoex.sub.org>
In-Reply-To: <UuwNaN5Dws@dmeyer.dinoex.sub.org>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
X-Authenticated-Sender: eikemeier@fillmore-labs.com
User-Agent: KMail/1.5.9
Organization: Fillmore Labs GmbH  <http://www.fillmore-labs.com/>
X-Complaints-To: abuse@fillmore-labs.com
cc: ports@freebsd.org
Subject: Re: FreeBSD Port: openssh-3.6.1
X-BeenThere: freebsd-ports@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Porting software to FreeBSD <freebsd-ports.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports>,
	<mailto:freebsd-ports-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ports>
List-Post: <mailto:freebsd-ports@freebsd.org>
List-Help: <mailto:freebsd-ports-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports>,
	<mailto:freebsd-ports-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 19 Sep 2003 12:11:19 -0000

Dirk Meyer wrote:

> you can preview OpenSSH 3.7.1 the port at:
> http://people.freebsd.org/~dinoex/ports/openssh-portable-371/
> 
> but there are a lot of changes. E.g. No Kerberos 4 any more.

Hi Dirk,

thanks for the great work. How about a rcNG script for sshd?

* Makefile:

USE_RC_SUBR=	yes

...

post-configure:
	${SED} -e 's:__PREFIX__:${PREFIX}:g' \
		-e 's:__ETCSSH__:${ETCSSH}:g' \
		-e 's:__RC_SUBR__:${RC_SUBR}:g' \
		${FILESDIR}/sshd.sh > ${WRKSRC}/sshd.sh

...

post-install:
.if !defined(OPENSSH_OVERWRITE_BASE)
	${INSTALL_SCRIPT} ${WRKSRC}/sshd.sh ${PREFIX}/etc/rc.d/sshd.sh
.endif

and tell users to do
  echo 'enable_sshd_portable="YES"' >> /etc/rc.conf
if they want to enable sshd.

* replace files/sshd.sh by:

--- sshd.sh begins here ---
#!/bin/sh
#
# $FreeBSD$
#

# PROVIDE: sshd
# REQUIRE: LOGIN
# KEYWORD: FreeBSD

. __RC_SUBR__

name="sshd_portable"
rcvar=`set_rcvar`

command="__PREFIX__/sbin/sshd"
pidfile="/var/run/sshd.pid"
required_files="__ETCSSH__/sshd_config"

start_precmd="sshd_precmd"
keygen_cmd="sshd_keygen"
extra_commands="keygen reload"

sshd_keygen()
{
	(
	umask 022

	# Can't do anything if ssh is not installed
	[ -x __PREFIX__/bin/ssh-keygen ] || {
		warn "__PREFIX__/bin/ssh-keygen does not exist."
		return 1
	}

	if [ -f __ETCSSH__/ssh_host_key ]; then
		echo "You already have an RSA host key" \
		    "in __ETCSSH__/ssh_host_key"
		echo "Skipping protocol version 1 RSA Key Generation"
	else
		__PREFIX__/bin/ssh-keygen -t rsa1 -b 1024 \
		    -f __ETCSSH__/ssh_host_key -N ''
	fi

	if [ -f __ETCSSH__/ssh_host_dsa_key ]; then
		echo "You already have a DSA host key" \
		    "in __ETCSSH__/ssh_host_dsa_key"
		echo "Skipping protocol version 2 DSA Key Generation"
	else
		__PREFIX__/bin/ssh-keygen -t dsa -f __ETCSSH__/ssh_host_dsa_key -N ''
	fi

	if [ -f __ETCSSH__/ssh_host_rsa_key ]; then
		echo "You already have a RSA host key" \
		    "in __ETCSSH__/ssh_host_rsa_key"
		echo "Skipping protocol version 2 RSA Key Generation"
	else
		__PREFIX__/bin/ssh-keygen -t rsa -f __ETCSSH__/ssh_host_rsa_key -N ''
	fi
	)
}

sshd_precmd()
{
	if [ ! -f __ETCSSH__/ssh_host_key -o \
	    ! -f __ETCSSH__/ssh_host_dsa_key -o \
	    ! -f __ETCSSH__/ssh_host_rsa_key ]; then
		run_rc_command keygen
	fi
}

sshd_portable_enable=${sshd_portable_enable:-"NO"}

load_rc_config $name
run_rc_command "$1"
--- sshd.sh ends here ---

(stolen from /etc/rc.d/sshd)

* and maybe remove

%%NOTBASE%%@exec if [ ! -f %D/etc/ssh/ssh_host_key ]; then echo ">> Generating a secret RSA1 host key."; %D/bin/ssh-keygen -t rsa1 -N "" -f %D/etc/ssh/ssh_host_key; fi
%%NOTBASE%%@exec if [ ! -f %D/etc/ssh/ssh_host_rsa_key ]; then echo ">> Generating a secret RSA host key."; %D/bin/ssh-keygen -t rsa -N "" -f %D/etc/ssh/ssh_host_rsa_key; fi
%%NOTBASE%%@exec if [ ! -f %D/etc/ssh/ssh_host_dsa_key ]; then echo ">> Generating a secret DSA host key."; %D/bin/ssh-keygen -t dsa -N "" -f %D/etc/ssh/ssh_host_dsa_key; fi

from pkg-plist.

%%NOTBASE%%@exec %D/etc/rc.d/sshd.sh keygen

probably won't work, because you are missing the enable_sshd_portable="YES".

I changed sshd to sshd_portable in order to not collide with sshd from the base system.

Sorry that I didn't had the time to test.

Regards
    Oliver