diff options
author | des <des@FreeBSD.org> | 2013-09-10 22:26:11 +0000 |
---|---|---|
committer | des <des@FreeBSD.org> | 2013-09-10 22:26:11 +0000 |
commit | 2a9ec0fc3edd2edc5766e11fa312e8ab8a128d5f (patch) | |
tree | ab68ba5a5b6f4e8ee717558d70c0221f0b1ef6dc /secure | |
parent | 7b25e61875a286fe4f9be2f6da79b6fed5cf609b (diff) | |
download | FreeBSD-src-2a9ec0fc3edd2edc5766e11fa312e8ab8a128d5f.zip FreeBSD-src-2a9ec0fc3edd2edc5766e11fa312e8ab8a128d5f.tar.gz |
Clean up the OpenSSH build. It is now possible to build most components
as static binaries, if desired. The one exception is sshd, which runs
into trouble due to libpam.a's includion of pam_ssh.
Make OpenSSH use LDNS if available. This allows it to verify signed
SSHFP records.
Approved by: re (blanket)
Diffstat (limited to 'secure')
-rw-r--r-- | secure/lib/libssh/Makefile | 19 | ||||
-rw-r--r-- | secure/libexec/sftp-server/Makefile | 20 | ||||
-rw-r--r-- | secure/libexec/ssh-keysign/Makefile | 18 | ||||
-rw-r--r-- | secure/libexec/ssh-pkcs11-helper/Makefile | 22 | ||||
-rw-r--r-- | secure/usr.bin/scp/Makefile | 18 | ||||
-rw-r--r-- | secure/usr.bin/sftp/Makefile | 20 | ||||
-rw-r--r-- | secure/usr.bin/ssh-add/Makefile | 20 | ||||
-rw-r--r-- | secure/usr.bin/ssh-agent/Makefile | 20 | ||||
-rw-r--r-- | secure/usr.bin/ssh-keygen/Makefile | 22 | ||||
-rw-r--r-- | secure/usr.bin/ssh-keyscan/Makefile | 16 | ||||
-rw-r--r-- | secure/usr.bin/ssh/Makefile | 16 | ||||
-rw-r--r-- | secure/usr.sbin/sshd/Makefile | 25 |
12 files changed, 190 insertions, 46 deletions
diff --git a/secure/lib/libssh/Makefile b/secure/lib/libssh/Makefile index 3d30a18..387272b 100644 --- a/secure/lib/libssh/Makefile +++ b/secure/lib/libssh/Makefile @@ -21,17 +21,22 @@ SRCS= authfd.c authfile.c bufaux.c bufbn.c buffer.c \ # compiled directly into sshd instead. # Portability layer -SRCS+= bsd-misc.c fmt_scaled.c getrrsetbyname.c glob.c \ +SRCS+= bsd-misc.c fmt_scaled.c glob.c \ openssl-compat.c port-tun.c strtonum.c timingsafe_bcmp.c \ vis.c xcrypt.c xmmap.c -.if defined(COMPAT_GETADDRINFO) -SRCS+= getaddrinfo.c getnameinfo.c name6.c rcmd.c bindresvport.c +.if ${MK_LDNS} == "no" +SRCS+= getrrsetbyname.c +.else +LDNSDIR= ${.CURDIR}/../../../contrib/ldns +CFLAGS+= -DHAVE_LDNS=1 -I${LDNSDIR} +SRCS+= getrrsetbyname-ldns.c +DPADD+= ${LIBLDNS} +LDADD+= -lldns +USEPRIVATELIB+= ldns .endif CFLAGS+= -I${SSHDIR} -include ssh_namespace.h -DPADD= ${LIBZ} -LDADD= -lz .if ${MK_KERBEROS_SUPPORT} != "no" CFLAGS+= -DGSSAPI -DHAVE_GSSAPI_GSSAPI_H=1 -DKRB5 -DHEIMDAL @@ -45,8 +50,8 @@ CFLAGS+= -DNONE_CIPHER_ENABLED NO_LINT= -DPADD+= ${LIBCRYPTO} ${LIBCRYPT} -LDADD+= -lcrypto -lcrypt +DPADD+= ${LIBCRYPTO} ${LIBCRYPT} ${LIBZ} +LDADD+= -lcrypto -lcrypt -lz .include <bsd.lib.mk> diff --git a/secure/libexec/sftp-server/Makefile b/secure/libexec/sftp-server/Makefile index 3755c98..ef56013 100644 --- a/secure/libexec/sftp-server/Makefile +++ b/secure/libexec/sftp-server/Makefile @@ -1,17 +1,31 @@ # $FreeBSD$ +.include <bsd.own.mk> + PROG= sftp-server SRCS= sftp-server.c sftp-common.c sftp-server-main.c MAN= sftp-server.8 CFLAGS+=-I${SSHDIR} -include ssh_namespace.h -# required when linking with a dynamic libssh +.if !defined(NO_SHARED) +# required when linking with a dynamic libssh SRCS+= roaming_dummy.c +.endif -DPADD= ${LIBSSH} ${LIBCRYPT} ${LIBCRYPTO} ${LIBZ} -LDADD= -lssh -lcrypt -lcrypto -lz +DPADD= ${LIBSSH} +LDADD= -lssh USEPRIVATELIB= ssh +.if ${MK_LDNS} != "no" +CFLAGS+= -DHAVE_LDNS=1 +#DPADD+= ${LIBLDNS} +#LDADD+= -lldns +#USEPRIVATELIB+= ldns +.endif + +DPADD+= ${LIBCRYPT} ${LIBCRYPTO} ${LIBZ} +LDADD+= -lcrypt -lcrypto -lz + .include <bsd.prog.mk> .PATH: ${SSHDIR} diff --git a/secure/libexec/ssh-keysign/Makefile b/secure/libexec/ssh-keysign/Makefile index 66528e3..7deda19 100644 --- a/secure/libexec/ssh-keysign/Makefile +++ b/secure/libexec/ssh-keysign/Makefile @@ -1,15 +1,27 @@ # $FreeBSD$ +.include <bsd.own.mk> + PROG= ssh-keysign -SRCS= ssh-keysign.c readconf.c roaming_dummy.c +SRCS= ssh-keysign.c roaming_dummy.c readconf.c MAN= ssh-keysign.8 CFLAGS+=-I${SSHDIR} -include ssh_namespace.h BINMODE=4555 -DPADD= ${LIBSSH} ${LIBCRYPT} ${LIBCRYPTO} ${LIBZ} -LDADD= -lssh -lcrypt -lcrypto -lz +DPADD= ${LIBSSH} +LDADD= -lssh USEPRIVATELIB= ssh +.if ${MK_LDNS} != "no" +CFLAGS+= -DHAVE_LDNS=1 +#DPADD+= ${LIBLDNS} +#LDADD+= -lldns +#USEPRIVATELIB+= ldns +.endif + +DPADD+= ${LIBCRYPT} ${LIBCRYPTO} ${LIBZ} +LDADD+= -lcrypt -lcrypto -lz + .include <bsd.prog.mk> .PATH: ${SSHDIR} diff --git a/secure/libexec/ssh-pkcs11-helper/Makefile b/secure/libexec/ssh-pkcs11-helper/Makefile index ec57a61..4682929 100644 --- a/secure/libexec/ssh-pkcs11-helper/Makefile +++ b/secure/libexec/ssh-pkcs11-helper/Makefile @@ -1,15 +1,31 @@ # $FreeBSD$ +.include <bsd.own.mk> + PROG= ssh-pkcs11-helper SRCS= ssh-pkcs11.c ssh-pkcs11-helper.c -SRCS+= roaming_dummy.c MAN= ssh-pkcs11-helper.8 CFLAGS+=-I${SSHDIR} -include ssh_namespace.h -DPADD= ${LIBSSH} ${LIBCRYPT} ${LIBCRYPTO} ${LIBZ} -LDADD= -lssh -lcrypt -lcrypto -lz +.if !defined(NO_SHARED) +# required when linking with a dynamic libssh +SRCS+= roaming_dummy.c +.endif + +DPADD= ${LIBSSH} +LDADD= -lssh USEPRIVATELIB= ssh +.if ${MK_LDNS} != "no" +CFLAGS+= -DHAVE_LDNS=1 +#DPADD+= ${LIBLDNS} +#LDADD+= -lldns +#USEPRIVATELIB+= ldns +.endif + +DPADD+= ${LIBCRYPT} ${LIBCRYPTO} ${LIBZ} +LDADD+= -lcrypt -lcrypto -lz + .include <bsd.prog.mk> .PATH: ${SSHDIR} diff --git a/secure/usr.bin/scp/Makefile b/secure/usr.bin/scp/Makefile index fe248ab..c33470c 100644 --- a/secure/usr.bin/scp/Makefile +++ b/secure/usr.bin/scp/Makefile @@ -1,16 +1,30 @@ # $FreeBSD$ +.include <bsd.own.mk> + PROG= scp SRCS= scp.c CFLAGS+=-I${SSHDIR} -include ssh_namespace.h +.if !defined(NO_SHARED) # required when linking with a dynamic libssh SRCS+= roaming_dummy.c +.endif -DPADD= ${LIBSSH} ${LIBCRYPT} ${LIBCRYPTO} ${LIBZ} -LDADD= -lssh -lcrypt -lcrypto -lz +DPADD= ${LIBSSH} +LDADD= -lssh USEPRIVATELIB= ssh +.if ${MK_LDNS} != "no" +CFLAGS+= -DHAVE_LDNS=1 +#DPADD+= ${LIBLDNS} +#LDADD+= -lldns +#USEPRIVATELIB+= ldns +.endif + +DPADD+= ${LIBCRYPT} ${LIBCRYPTO} ${LIBZ} +LDADD+= -lcrypt -lcrypto -lz + .include <bsd.prog.mk> .PATH: ${SSHDIR} diff --git a/secure/usr.bin/sftp/Makefile b/secure/usr.bin/sftp/Makefile index 8164dac..924e1a7 100644 --- a/secure/usr.bin/sftp/Makefile +++ b/secure/usr.bin/sftp/Makefile @@ -1,16 +1,30 @@ # $FreeBSD$ +.include <bsd.own.mk> + PROG= sftp SRCS= sftp.c sftp-client.c sftp-common.c sftp-glob.c progressmeter.c CFLAGS+=-I${SSHDIR} -include ssh_namespace.h -# required when linking with a dynamic libssh +.if !defined(NO_SHARED) +# required when linking with a dynamic libssh SRCS+= roaming_dummy.c +.endif -DPADD= ${LIBSSH} ${LIBCRYPT} ${LIBCRYPTO} ${LIBZ} ${LIBEDIT} ${LIBNCURSES} -LDADD= -lssh -lcrypt -lcrypto -lz -ledit -lncurses +DPADD= ${LIBSSH} ${LIBEDIT} ${LIBNCURSES} +LDADD= -lssh -ledit -lncurses USEPRIVATELIB= ssh +.if ${MK_LDNS} != "no" +CFLAGS+= -DHAVE_LDNS=1 +#DPADD+= ${LIBLDNS} +#LDADD+= -lldns +#USEPRIVATELIB+= ldns +.endif + +DPADD+= ${LIBCRYPT} ${LIBCRYPTO} ${LIBZ} +LDADD+= -lcrypt -lcrypto -lz + .include <bsd.prog.mk> .PATH: ${SSHDIR} diff --git a/secure/usr.bin/ssh-add/Makefile b/secure/usr.bin/ssh-add/Makefile index cb14ce6..316a607 100644 --- a/secure/usr.bin/ssh-add/Makefile +++ b/secure/usr.bin/ssh-add/Makefile @@ -1,16 +1,30 @@ # $FreeBSD$ +.include <bsd.own.mk> + PROG= ssh-add SRCS+= ssh-add.c CFLAGS+=-I${SSHDIR} -include ssh_namespace.h -# required when linking with a dynamic libssh +.if !defined(NO_SHARED) +# required when linking with a dynamic libssh SRCS+= roaming_dummy.c +.endif -DPADD= ${LIBSSH} ${LIBCRYPT} ${LIBCRYPTO} ${LIBZ} -LDADD= -lssh -lcrypt -lcrypto -lz +DPADD= ${LIBSSH} +LDADD= -lssh USEPRIVATELIB= ssh +.if ${MK_LDNS} != "no" +CFLAGS+= -DHAVE_LDNS=1 +#DPADD+= ${LIBLDNS} +#LDADD+= -lldns +#USEPRIVATELIB+= ldns +.endif + +DPADD+= ${LIBCRYPT} ${LIBCRYPTO} ${LIBZ} +LDADD+= -lcrypt -lcrypto -lz + .include <bsd.prog.mk> .PATH: ${SSHDIR} diff --git a/secure/usr.bin/ssh-agent/Makefile b/secure/usr.bin/ssh-agent/Makefile index 29620d1..353abac 100644 --- a/secure/usr.bin/ssh-agent/Makefile +++ b/secure/usr.bin/ssh-agent/Makefile @@ -1,16 +1,30 @@ # $FreeBSD$ +.include <bsd.own.mk> + PROG= ssh-agent SRCS= ssh-agent.c CFLAGS+=-I${SSHDIR} -include ssh_namespace.h -# required when linking with a dynamic libssh +.if !defined(NO_SHARED) +# required when linking with a dynamic libssh SRCS+= roaming_dummy.c +.endif -DPADD= ${LIBSSH} ${LIBCRYPT} ${LIBCRYPTO} ${LIBZ} -LDADD= -lssh -lcrypt -lcrypto -lz +DPADD= ${LIBSSH} +LDADD= -lssh USEPRIVATELIB= ssh +.if ${MK_LDNS} != "no" +CFLAGS+= -DHAVE_LDNS=1 +#DPADD+= ${LIBLDNS} +#LDADD+= -lldns +#USEPRIVATELIB+= ldns +.endif + +DPADD+= ${LIBCRYPT} ${LIBCRYPTO} ${LIBZ} +LDADD+= -lcrypt -lcrypto -lz + .include <bsd.prog.mk> .PATH: ${SSHDIR} diff --git a/secure/usr.bin/ssh-keygen/Makefile b/secure/usr.bin/ssh-keygen/Makefile index 48e486e..75934d9 100644 --- a/secure/usr.bin/ssh-keygen/Makefile +++ b/secure/usr.bin/ssh-keygen/Makefile @@ -1,16 +1,30 @@ # $FreeBSD$ +.include <bsd.own.mk> + PROG= ssh-keygen SRCS= ssh-keygen.c CFLAGS+=-I${SSHDIR} -include ssh_namespace.h -# required when linking with a dynamic libssh -SRCS+= roaming_dummy.c +.if !defined(NO_SHARED) +# required when linking with a dynamic libssh +SRCS+= roaming_dummy.c +.endif -DPADD= ${LIBSSH} ${LIBCRYPT} ${LIBCRYPTO} ${LIBZ} -LDADD= -lssh -lcrypt -lcrypto -lz +DPADD= ${LIBSSH} +LDADD= -lssh USEPRIVATELIB= ssh +.if ${MK_LDNS} != "no" +CFLAGS+= -DHAVE_LDNS=1 +DPADD+= ${LIBLDNS} +LDADD+= -lldns +USEPRIVATELIB+= ldns +.endif + +DPADD+= ${LIBCRYPT} ${LIBCRYPTO} ${LIBZ} +LDADD+= -lcrypt -lcrypto -lz + .include <bsd.prog.mk> .PATH: ${SSHDIR} diff --git a/secure/usr.bin/ssh-keyscan/Makefile b/secure/usr.bin/ssh-keyscan/Makefile index cc82d07..7dcb4d1 100644 --- a/secure/usr.bin/ssh-keyscan/Makefile +++ b/secure/usr.bin/ssh-keyscan/Makefile @@ -1,13 +1,25 @@ # $FreeBSD$ +.include <bsd.own.mk> + PROG= ssh-keyscan SRCS= ssh-keyscan.c roaming_dummy.c CFLAGS+=-I${SSHDIR} -include ssh_namespace.h -DPADD= ${LIBSSH} ${LIBCRYPT} ${LIBCRYPTO} ${LIBZ} -LDADD= -lssh -lcrypt -lcrypto -lz +DPADD= ${LIBSSH} +LDADD= -lssh USEPRIVATELIB= ssh +.if ${MK_LDNS} != "no" +CFLAGS+= -DHAVE_LDNS=1 +#DPADD+= ${LIBLDNS} +#LDADD+= -lldns +#USEPRIVATELIB+= ldns +.endif + +DPADD+= ${LIBCRYPT} ${LIBCRYPTO} ${LIBZ} +LDADD+= -lcrypt -lcrypto -lz + .include <bsd.prog.mk> .PATH: ${SSHDIR} diff --git a/secure/usr.bin/ssh/Makefile b/secure/usr.bin/ssh/Makefile index a5e5808..459d21f 100644 --- a/secure/usr.bin/ssh/Makefile +++ b/secure/usr.bin/ssh/Makefile @@ -1,5 +1,4 @@ # $FreeBSD$ -# .include <bsd.own.mk> @@ -16,10 +15,17 @@ SRCS= ssh.c readconf.c clientloop.c sshtty.c \ # gss-genr.c really belongs in libssh; see src/secure/lib/libssh/Makefile SRCS+= gss-genr.c -DPADD= ${LIBSSH} ${LIBUTIL} ${LIBZ} -LDADD= -lssh -lutil -lz +DPADD= ${LIBSSH} ${LIBUTIL} +LDADD= -lssh -lutil USEPRIVATELIB= ssh +.if ${MK_LDNS} != "no" +CFLAGS+= -DHAVE_LDNS=1 +DPADD+= ${LIBLDNS} +LDADD+= -lldns +USEPRIVATELIB+= ldns +.endif + .if ${MK_KERBEROS_SUPPORT} != "no" CFLAGS+= -DGSSAPI -DHAVE_GSSAPI_GSSAPI_H=1 -DKRB5 -DHEIMDAL DPADD+= ${LIBGSSAPI} @@ -30,8 +36,8 @@ LDADD+= -lgssapi CFLAGS+= -DNONE_CIPHER_ENABLED .endif -DPADD+= ${LIBCRYPT} ${LIBCRYPTO} -LDADD+= -lcrypt -lcrypto +DPADD+= ${LIBCRYPT} ${LIBCRYPTO} ${LIBZ} +LDADD+= -lcrypt -lcrypto -lz .if defined(LOCALBASE) CFLAGS+= -DXAUTH_PATH=\"${LOCALBASE}/bin/xauth\" diff --git a/secure/usr.sbin/sshd/Makefile b/secure/usr.sbin/sshd/Makefile index bb37ae4..daba994 100644 --- a/secure/usr.sbin/sshd/Makefile +++ b/secure/usr.sbin/sshd/Makefile @@ -1,5 +1,4 @@ # $FreeBSD$ -# .include <bsd.own.mk> @@ -25,10 +24,17 @@ SRCS+= gss-genr.c MAN= sshd.8 sshd_config.5 CFLAGS+=-I${SSHDIR} -include ssh_namespace.h -DPADD= ${LIBSSH} ${LIBUTIL} ${LIBZ} ${LIBWRAP} ${LIBPAM} -LDADD= -lssh -lutil -lz -lwrap ${MINUSLPAM} +DPADD= ${LIBSSH} ${LIBUTIL} ${LIBWRAP} ${LIBPAM} +LDADD= -lssh -lutil -lwrap ${MINUSLPAM} USEPRIVATELIB= ssh +.if ${MK_LDNS} != "no" +CFLAGS+= -DHAVE_LDNS=1 +#DPADD+= ${LIBLDNS} +#LDADD+= -lldns +#USEPRIVATELIB+= ldns +.endif + .if ${MK_AUDIT} != "no" CFLAGS+= -DUSE_BSM_AUDIT -DHAVE_GETAUDIT_ADDR DPADD+= ${LIBBSM} @@ -36,17 +42,20 @@ LDADD+= -lbsm .endif .if ${MK_KERBEROS_SUPPORT} != "no" -CFLAGS+= -DGSSAPI -DHAVE_GSSAPI_GSSAPI_H=1 -DHAVE_GSSAPI_GSSAPI_KRB5_H=1 -DKRB5 -DHEIMDAL -DPADD+= ${LIBGSSAPI_KRB5} ${LIBGSSAPI} ${LIBKRB5} ${LIBASN1} -LDADD+= -lgssapi_krb5 -lgssapi -lkrb5 -lasn1 +CFLAGS+= -DGSSAPI -DKRB5 -DHEIMDAL \ + -DHAVE_GSSAPI_GSSAPI_H=1 -DHAVE_GSSAPI_GSSAPI_KRB5_H=1 +DPADD+= ${LIBGSSAPI_KRB5} ${LIBGSSAPI} ${LIBKRB5} ${LIBHX509} ${LIBASN1} \ + ${LIBCOM_ERR} ${LIBROKEN} ${LIBWIND} ${LIBHEIMBASE} ${LIBHEIMIPCC} +LDADD+= -lgssapi_krb5 -lgssapi -lkrb5 -lhx509 -lasn1 \ + -lcom_err -lroken -lwind -lheimbase -lheimipcc .endif .if ${MK_OPENSSH_NONE_CIPHER} != "no" CFLAGS+= -DNONE_CIPHER_ENABLED .endif -DPADD+= ${LIBCRYPTO} ${LIBCRYPT} -LDADD+= -lcrypto -lcrypt +DPADD+= ${LIBCRYPT} ${LIBCRYPTO} ${LIBZ} +LDADD+= -lcrypt -lcrypto -lz .if defined(LOCALBASE) CFLAGS+= -DXAUTH_PATH=\"${LOCALBASE}/bin/xauth\" |