path: root/system/openssh/APKBUILD


                                                      
# Contributor: Leonardo Arena <rnalrd@alpinelinux.org>
# Contributor: Valery Kartel <valery.kartel@gmail.com>
# Maintainer: Horst Burkhardt <horst@adelielinux.org>
pkgname=openssh
pkgver=9.9_p2
_myver=${pkgver%_*}${pkgver#*_}
pkgrel=1
pkgdesc="Remote login tool using encrypted SSH protocol"
url="https://www.openssh.com/portable.html"
arch="all"
options="suid !check"
license="BSD-1-Clause AND BSD-2-Clause AND BSD-3-Clause"
depends="openssh-client openssh-sftp-server openssh-server"
makedepends_build="autoconf automake linux-pam-dev gettext-tiny"
makedepends_host="openssl-dev zlib-dev linux-headers linux-pam-dev
	gettext-tiny-dev utmps-dev"
makedepends="$makedepends_build $makedepends_host"
subpackages="$pkgname-doc
	$pkgname-keygen
	$pkgname-client
	$pkgname-keysign
	$pkgname-sftp-server:sftp
	$pkgname-server
	$pkgname-openrc
	"

source="https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/$pkgname-$_myver.tar.gz
	disable-forwarding-by-default.patch
	utmpx.patch

	sshd.initd
	sshd.confd
	"

# secfixes:
#   9.0_p1-r0:
#     - CVE-2021-41617
#     - CVE-2021-28041
#     - CVE-2020-14145
#   7.9_p1-r2:
#     - CVE-2018-20685
#   7.9_p1:
#     - CVE-2018-15473
#   7.7_p1:
#     - CVE-2017-15906
#   7.4_p1:
#     - CVE-2016-10009
#     - CVE-2016-10010
#     - CVE-2016-10011
#     - CVE-2016-10012

builddir="$srcdir"/$pkgname-$_myver

build() {
	autoreconf -vif
	export LD="$CC"
	LIBS="-lutmps -lskarnet" ./configure --build=$CBUILD \
		--host=$CHOST \
		--prefix=/usr \
		--sysconfdir=/etc/ssh \
		--libexecdir=/usr/lib/ssh \
		--mandir=/usr/share/man \
		--with-pid-dir=/run \
		--with-mantype=man \
		--with-ldflags="${LDFLAGS}" \
		--enable-lastlog \
		--disable-strip \
		--enable-wtmpx \
		--with-privsep-path=/var/empty \
		--with-xauth=/usr/bin/xauth \
		--with-privsep-user=sshd \
		--with-ssl-engine \
		--with-pam \
		--without-zlib-version-check
	make
}

package() {
	make DESTDIR="$pkgdir" install
	mkdir -p "$pkgdir"/var/empty
	install -D -m755 "$srcdir"/sshd.initd \
		"$pkgdir"/etc/init.d/sshd
	install -D -m644 "$srcdir"/sshd.confd \
		"$pkgdir"/etc/conf.d/sshd
	install -Dm644 "$builddir"/contrib/ssh-copy-id.1 \
		"$pkgdir"/usr/share/man/man1/ssh-copy-id.1
}

keygen() {
	pkgdesc="Helper program for generating SSH keys"
	depends=""
	install -d "$subpkgdir"/usr/bin
	mv "$pkgdir"/usr/bin/ssh-keygen \
		"$subpkgdir"/usr/bin/
}

client() {
	pkgdesc="OpenBSD's SSH client"
	depends="openssh-keygen"
	install -d "$subpkgdir"/usr/bin \
		"$subpkgdir"/usr/lib/ssh \
		"$subpkgdir"/etc/ssh \
		"$subpkgdir"/var/empty

	mv "$pkgdir"/usr/bin/* \
		"$subpkgdir"/usr/bin/
	mv "$pkgdir"/etc/ssh/ssh_config \
		"$pkgdir"/etc/ssh/moduli \
		"$subpkgdir"/etc/ssh/
	install -Dm755 "$builddir"/contrib/findssl.sh \
		"$subpkgdir"/usr/bin/findssl.sh
	install -Dm755 "$builddir"/contrib/ssh-copy-id \
		"$subpkgdir"/usr/bin/ssh-copy-id
	install -Dm755	"$builddir"/ssh-pkcs11-helper \
		"$subpkgdir"/usr/bin/ssh-pkcs11-helper
}

keysign() {
	pkgdesc="Helper program for SSH host-based authentication"
	depends="openssh-client"
	install -d "$subpkgdir"/usr/lib/ssh
	mv "$pkgdir"/usr/lib/ssh/ssh-keysign \
		"$subpkgdir"/usr/lib/ssh/
}

sftp() {
	pkgdesc="SFTP server module for OpenSSH"
	depends=""
	install -d "$subpkgdir"/usr/lib/ssh
	mv "$pkgdir"/usr/lib/ssh/sftp-server \
		"$subpkgdir"/usr/lib/ssh/
}

server() {
	pkgdesc="OpenSSH server"
	depends="openssh-client openssh-keygen"
	replaces="openssh-server-common"

	install -d "$subpkgdir"/usr/sbin
	mv "$pkgdir"/usr/sbin/sshd "$subpkgdir"/usr/sbin/

	install -d "$subpkgdir"/usr/lib/ssh
	mv "$pkgdir"/usr/lib/ssh/sshd-session "$subpkgdir"/usr/lib/ssh/

	install -d "$subpkgdir"/etc/ssh
	mv "$pkgdir"/etc/ssh/sshd_config "$subpkgdir"/etc/ssh/
}

openrc() {
	default_openrc
	depends="openssh-server"
	install_if="openssh-server=$pkgver-r$pkgrel openrc"
}

sha512sums="4c6d839aa3189cd5254c745f2bd51cd3f468b02f8e427b8d7a16b9ad017888a41178d2746dc51fb2d3fec5be00e54b9ab7c32c472ca7dec57a1dea4fc9840278  openssh-9.9p2.tar.gz
f3d5960572ddf49635d4edbdff45835df1b538a81840db169c36b39862e6fa8b0393ca90626000b758f59567ff6810b2537304098652483b3b31fb438a061de6  disable-forwarding-by-default.patch
56543469db242699d8a04d0ba133b9ab0d980224035de57f70f773ca1593828cf4e41d3306f72b5ac95423f1e512bd6b92f69f86b847e05abfbd48737431104b  utmpx.patch
964c0f8538ba25bdc9cdbd1467bbdfb2090e38492ff0ef7c64473785713fe26d752ea6a7b0ee7a0b34e08f4d3b4bccf6a69e6c456f0c57d0d0c581aa8a046936  sshd.initd
ce0abddbd2004891f88efd8522c4b37a4989290269fab339c0fa9aacc051f7fd3b20813e192e92e0e64315750041cb74012d4321260f4865ff69d7a935b259d4  sshd.confd"
# Contributor: Leonardo Arena <rnalrd@alpinelinux.org>
# Contributor: Valery Kartel <valery.kartel@gmail.com>
# Maintainer: Horst Burkhardt <horst@adelielinux.org>
pkgname=openssh
pkgver=9.9_p2
_myver=${pkgver%_*}${pkgver#*_}
pkgrel=1
pkgdesc="Remote login tool using encrypted SSH protocol"
url="https://www.openssh.com/portable.html"
arch="all"
options="suid !check"
license="BSD-1-Clause AND BSD-2-Clause AND BSD-3-Clause"
depends="openssh-client openssh-sftp-server openssh-server"
makedepends_build="autoconf automake linux-pam-dev gettext-tiny"
makedepends_host="openssl-dev zlib-dev linux-headers linux-pam-dev
	gettext-tiny-dev utmps-dev"
makedepends="$makedepends_build $makedepends_host"
subpackages="$pkgname-doc
	$pkgname-keygen
	$pkgname-client
	$pkgname-keysign
	$pkgname-sftp-server:sftp
	$pkgname-server
	$pkgname-openrc
	"

source="https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/$pkgname-$_myver.tar.gz
	disable-forwarding-by-default.patch
	utmpx.patch

	sshd.initd
	sshd.confd
	"

# secfixes:
#   9.0_p1-r0:
#     - CVE-2021-41617
#     - CVE-2021-28041
#     - CVE-2020-14145
#   7.9_p1-r2:
#     - CVE-2018-20685
#   7.9_p1:
#     - CVE-2018-15473
#   7.7_p1:
#     - CVE-2017-15906
#   7.4_p1:
#     - CVE-2016-10009
#     - CVE-2016-10010
#     - CVE-2016-10011
#     - CVE-2016-10012

builddir="$srcdir"/$pkgname-$_myver

build() {
	autoreconf -vif
	export LD="$CC"
	LIBS="-lutmps -lskarnet" ./configure --build=$CBUILD \
		--host=$CHOST \
		--prefix=/usr \
		--sysconfdir=/etc/ssh \
		--libexecdir=/usr/lib/ssh \
		--mandir=/usr/share/man \
		--with-pid-dir=/run \
		--with-mantype=man \
		--with-ldflags="${LDFLAGS}" \
		--enable-lastlog \
		--disable-strip \
		--enable-wtmpx \
		--with-privsep-path=/var/empty \
		--with-xauth=/usr/bin/xauth \
		--with-privsep-user=sshd \
		--with-ssl-engine \
		--with-pam \
		--without-zlib-version-check
	make
}

package() {
	make DESTDIR="$pkgdir" install
	mkdir -p "$pkgdir"/var/empty
	install -D -m755 "$srcdir"/sshd.initd \
		"$pkgdir"/etc/init.d/sshd
	install -D -m644 "$srcdir"/sshd.confd \
		"$pkgdir"/etc/conf.d/sshd
	install -Dm644 "$builddir"/contrib/ssh-copy-id.1 \
		"$pkgdir"/usr/share/man/man1/ssh-copy-id.1
}

keygen() {
	pkgdesc="Helper program for generating SSH keys"
	depends=""
	install -d "$subpkgdir"/usr/bin
	mv "$pkgdir"/usr/bin/ssh-keygen \
		"$subpkgdir"/usr/bin/
}

client() {
	pkgdesc="OpenBSD's SSH client"
	depends="openssh-keygen"
	install -d "$subpkgdir"/usr/bin \
		"$subpkgdir"/usr/lib/ssh \
		"$subpkgdir"/etc/ssh \
		"$subpkgdir"/var/empty

	mv "$pkgdir"/usr/bin/* \
		"$subpkgdir"/usr/bin/
	mv "$pkgdir"/etc/ssh/ssh_config \
		"$pkgdir"/etc/ssh/moduli \
		"$subpkgdir"/etc/ssh/
	install -Dm755 "$builddir"/contrib/findssl.sh \
		"$subpkgdir"/usr/bin/findssl.sh
	install -Dm755 "$builddir"/contrib/ssh-copy-id \
		"$subpkgdir"/usr/bin/ssh-copy-id
	install -Dm755	"$builddir"/ssh-pkcs11-helper \
		"$subpkgdir"/usr/bin/ssh-pkcs11-helper
}

keysign() {
	pkgdesc="Helper program for SSH host-based authentication"
	depends="openssh-client"
	install -d "$subpkgdir"/usr/lib/ssh
	mv "$pkgdir"/usr/lib/ssh/ssh-keysign \
		"$subpkgdir"/usr/lib/ssh/
}

sftp() {
	pkgdesc="SFTP server module for OpenSSH"
	depends=""
	install -d "$subpkgdir"/usr/lib/ssh
	mv "$pkgdir"/usr/lib/ssh/sftp-server \
		"$subpkgdir"/usr/lib/ssh/
}

server() {
	pkgdesc="OpenSSH server"
	depends="openssh-client openssh-keygen"
	replaces="openssh-server-common"

	install -d "$subpkgdir"/usr/sbin
	mv "$pkgdir"/usr/sbin/sshd "$subpkgdir"/usr/sbin/

	install -d "$subpkgdir"/usr/lib/ssh
	mv "$pkgdir"/usr/lib/ssh/sshd-session "$subpkgdir"/usr/lib/ssh/

	install -d "$subpkgdir"/etc/ssh
	mv "$pkgdir"/etc/ssh/sshd_config "$subpkgdir"/etc/ssh/
}

openrc() {
	default_openrc
	depends="openssh-server"
	install_if="openssh-server=$pkgver-r$pkgrel openrc"
}

sha512sums="4c6d839aa3189cd5254c745f2bd51cd3f468b02f8e427b8d7a16b9ad017888a41178d2746dc51fb2d3fec5be00e54b9ab7c32c472ca7dec57a1dea4fc9840278  openssh-9.9p2.tar.gz
f3d5960572ddf49635d4edbdff45835df1b538a81840db169c36b39862e6fa8b0393ca90626000b758f59567ff6810b2537304098652483b3b31fb438a061de6  disable-forwarding-by-default.patch
56543469db242699d8a04d0ba133b9ab0d980224035de57f70f773ca1593828cf4e41d3306f72b5ac95423f1e512bd6b92f69f86b847e05abfbd48737431104b  utmpx.patch
964c0f8538ba25bdc9cdbd1467bbdfb2090e38492ff0ef7c64473785713fe26d752ea6a7b0ee7a0b34e08f4d3b4bccf6a69e6c456f0c57d0d0c581aa8a046936  sshd.initd
ce0abddbd2004891f88efd8522c4b37a4989290269fab339c0fa9aacc051f7fd3b20813e192e92e0e64315750041cb74012d4321260f4865ff69d7a935b259d4  sshd.confd"