summaryrefslogtreecommitdiffstats
path: root/secure
diff options
context:
space:
mode:
authordes <des@FreeBSD.org>2013-09-10 22:26:11 +0000
committerdes <des@FreeBSD.org>2013-09-10 22:26:11 +0000
commit2a9ec0fc3edd2edc5766e11fa312e8ab8a128d5f (patch)
treeab68ba5a5b6f4e8ee717558d70c0221f0b1ef6dc /secure
parent7b25e61875a286fe4f9be2f6da79b6fed5cf609b (diff)
downloadFreeBSD-src-2a9ec0fc3edd2edc5766e11fa312e8ab8a128d5f.zip
FreeBSD-src-2a9ec0fc3edd2edc5766e11fa312e8ab8a128d5f.tar.gz
Clean up the OpenSSH build. It is now possible to build most components
as static binaries, if desired. The one exception is sshd, which runs into trouble due to libpam.a's includion of pam_ssh. Make OpenSSH use LDNS if available. This allows it to verify signed SSHFP records. Approved by: re (blanket)
Diffstat (limited to 'secure')
-rw-r--r--secure/lib/libssh/Makefile19
-rw-r--r--secure/libexec/sftp-server/Makefile20
-rw-r--r--secure/libexec/ssh-keysign/Makefile18
-rw-r--r--secure/libexec/ssh-pkcs11-helper/Makefile22
-rw-r--r--secure/usr.bin/scp/Makefile18
-rw-r--r--secure/usr.bin/sftp/Makefile20
-rw-r--r--secure/usr.bin/ssh-add/Makefile20
-rw-r--r--secure/usr.bin/ssh-agent/Makefile20
-rw-r--r--secure/usr.bin/ssh-keygen/Makefile22
-rw-r--r--secure/usr.bin/ssh-keyscan/Makefile16
-rw-r--r--secure/usr.bin/ssh/Makefile16
-rw-r--r--secure/usr.sbin/sshd/Makefile25
12 files changed, 190 insertions, 46 deletions
diff --git a/secure/lib/libssh/Makefile b/secure/lib/libssh/Makefile
index 3d30a18..387272b 100644
--- a/secure/lib/libssh/Makefile
+++ b/secure/lib/libssh/Makefile
@@ -21,17 +21,22 @@ SRCS= authfd.c authfile.c bufaux.c bufbn.c buffer.c \
# compiled directly into sshd instead.
# Portability layer
-SRCS+= bsd-misc.c fmt_scaled.c getrrsetbyname.c glob.c \
+SRCS+= bsd-misc.c fmt_scaled.c glob.c \
openssl-compat.c port-tun.c strtonum.c timingsafe_bcmp.c \
vis.c xcrypt.c xmmap.c
-.if defined(COMPAT_GETADDRINFO)
-SRCS+= getaddrinfo.c getnameinfo.c name6.c rcmd.c bindresvport.c
+.if ${MK_LDNS} == "no"
+SRCS+= getrrsetbyname.c
+.else
+LDNSDIR= ${.CURDIR}/../../../contrib/ldns
+CFLAGS+= -DHAVE_LDNS=1 -I${LDNSDIR}
+SRCS+= getrrsetbyname-ldns.c
+DPADD+= ${LIBLDNS}
+LDADD+= -lldns
+USEPRIVATELIB+= ldns
.endif
CFLAGS+= -I${SSHDIR} -include ssh_namespace.h
-DPADD= ${LIBZ}
-LDADD= -lz
.if ${MK_KERBEROS_SUPPORT} != "no"
CFLAGS+= -DGSSAPI -DHAVE_GSSAPI_GSSAPI_H=1 -DKRB5 -DHEIMDAL
@@ -45,8 +50,8 @@ CFLAGS+= -DNONE_CIPHER_ENABLED
NO_LINT=
-DPADD+= ${LIBCRYPTO} ${LIBCRYPT}
-LDADD+= -lcrypto -lcrypt
+DPADD+= ${LIBCRYPTO} ${LIBCRYPT} ${LIBZ}
+LDADD+= -lcrypto -lcrypt -lz
.include <bsd.lib.mk>
diff --git a/secure/libexec/sftp-server/Makefile b/secure/libexec/sftp-server/Makefile
index 3755c98..ef56013 100644
--- a/secure/libexec/sftp-server/Makefile
+++ b/secure/libexec/sftp-server/Makefile
@@ -1,17 +1,31 @@
# $FreeBSD$
+.include <bsd.own.mk>
+
PROG= sftp-server
SRCS= sftp-server.c sftp-common.c sftp-server-main.c
MAN= sftp-server.8
CFLAGS+=-I${SSHDIR} -include ssh_namespace.h
-# required when linking with a dynamic libssh
+.if !defined(NO_SHARED)
+# required when linking with a dynamic libssh
SRCS+= roaming_dummy.c
+.endif
-DPADD= ${LIBSSH} ${LIBCRYPT} ${LIBCRYPTO} ${LIBZ}
-LDADD= -lssh -lcrypt -lcrypto -lz
+DPADD= ${LIBSSH}
+LDADD= -lssh
USEPRIVATELIB= ssh
+.if ${MK_LDNS} != "no"
+CFLAGS+= -DHAVE_LDNS=1
+#DPADD+= ${LIBLDNS}
+#LDADD+= -lldns
+#USEPRIVATELIB+= ldns
+.endif
+
+DPADD+= ${LIBCRYPT} ${LIBCRYPTO} ${LIBZ}
+LDADD+= -lcrypt -lcrypto -lz
+
.include <bsd.prog.mk>
.PATH: ${SSHDIR}
diff --git a/secure/libexec/ssh-keysign/Makefile b/secure/libexec/ssh-keysign/Makefile
index 66528e3..7deda19 100644
--- a/secure/libexec/ssh-keysign/Makefile
+++ b/secure/libexec/ssh-keysign/Makefile
@@ -1,15 +1,27 @@
# $FreeBSD$
+.include <bsd.own.mk>
+
PROG= ssh-keysign
-SRCS= ssh-keysign.c readconf.c roaming_dummy.c
+SRCS= ssh-keysign.c roaming_dummy.c readconf.c
MAN= ssh-keysign.8
CFLAGS+=-I${SSHDIR} -include ssh_namespace.h
BINMODE=4555
-DPADD= ${LIBSSH} ${LIBCRYPT} ${LIBCRYPTO} ${LIBZ}
-LDADD= -lssh -lcrypt -lcrypto -lz
+DPADD= ${LIBSSH}
+LDADD= -lssh
USEPRIVATELIB= ssh
+.if ${MK_LDNS} != "no"
+CFLAGS+= -DHAVE_LDNS=1
+#DPADD+= ${LIBLDNS}
+#LDADD+= -lldns
+#USEPRIVATELIB+= ldns
+.endif
+
+DPADD+= ${LIBCRYPT} ${LIBCRYPTO} ${LIBZ}
+LDADD+= -lcrypt -lcrypto -lz
+
.include <bsd.prog.mk>
.PATH: ${SSHDIR}
diff --git a/secure/libexec/ssh-pkcs11-helper/Makefile b/secure/libexec/ssh-pkcs11-helper/Makefile
index ec57a61..4682929 100644
--- a/secure/libexec/ssh-pkcs11-helper/Makefile
+++ b/secure/libexec/ssh-pkcs11-helper/Makefile
@@ -1,15 +1,31 @@
# $FreeBSD$
+.include <bsd.own.mk>
+
PROG= ssh-pkcs11-helper
SRCS= ssh-pkcs11.c ssh-pkcs11-helper.c
-SRCS+= roaming_dummy.c
MAN= ssh-pkcs11-helper.8
CFLAGS+=-I${SSHDIR} -include ssh_namespace.h
-DPADD= ${LIBSSH} ${LIBCRYPT} ${LIBCRYPTO} ${LIBZ}
-LDADD= -lssh -lcrypt -lcrypto -lz
+.if !defined(NO_SHARED)
+# required when linking with a dynamic libssh
+SRCS+= roaming_dummy.c
+.endif
+
+DPADD= ${LIBSSH}
+LDADD= -lssh
USEPRIVATELIB= ssh
+.if ${MK_LDNS} != "no"
+CFLAGS+= -DHAVE_LDNS=1
+#DPADD+= ${LIBLDNS}
+#LDADD+= -lldns
+#USEPRIVATELIB+= ldns
+.endif
+
+DPADD+= ${LIBCRYPT} ${LIBCRYPTO} ${LIBZ}
+LDADD+= -lcrypt -lcrypto -lz
+
.include <bsd.prog.mk>
.PATH: ${SSHDIR}
diff --git a/secure/usr.bin/scp/Makefile b/secure/usr.bin/scp/Makefile
index fe248ab..c33470c 100644
--- a/secure/usr.bin/scp/Makefile
+++ b/secure/usr.bin/scp/Makefile
@@ -1,16 +1,30 @@
# $FreeBSD$
+.include <bsd.own.mk>
+
PROG= scp
SRCS= scp.c
CFLAGS+=-I${SSHDIR} -include ssh_namespace.h
+.if !defined(NO_SHARED)
# required when linking with a dynamic libssh
SRCS+= roaming_dummy.c
+.endif
-DPADD= ${LIBSSH} ${LIBCRYPT} ${LIBCRYPTO} ${LIBZ}
-LDADD= -lssh -lcrypt -lcrypto -lz
+DPADD= ${LIBSSH}
+LDADD= -lssh
USEPRIVATELIB= ssh
+.if ${MK_LDNS} != "no"
+CFLAGS+= -DHAVE_LDNS=1
+#DPADD+= ${LIBLDNS}
+#LDADD+= -lldns
+#USEPRIVATELIB+= ldns
+.endif
+
+DPADD+= ${LIBCRYPT} ${LIBCRYPTO} ${LIBZ}
+LDADD+= -lcrypt -lcrypto -lz
+
.include <bsd.prog.mk>
.PATH: ${SSHDIR}
diff --git a/secure/usr.bin/sftp/Makefile b/secure/usr.bin/sftp/Makefile
index 8164dac..924e1a7 100644
--- a/secure/usr.bin/sftp/Makefile
+++ b/secure/usr.bin/sftp/Makefile
@@ -1,16 +1,30 @@
# $FreeBSD$
+.include <bsd.own.mk>
+
PROG= sftp
SRCS= sftp.c sftp-client.c sftp-common.c sftp-glob.c progressmeter.c
CFLAGS+=-I${SSHDIR} -include ssh_namespace.h
-# required when linking with a dynamic libssh
+.if !defined(NO_SHARED)
+# required when linking with a dynamic libssh
SRCS+= roaming_dummy.c
+.endif
-DPADD= ${LIBSSH} ${LIBCRYPT} ${LIBCRYPTO} ${LIBZ} ${LIBEDIT} ${LIBNCURSES}
-LDADD= -lssh -lcrypt -lcrypto -lz -ledit -lncurses
+DPADD= ${LIBSSH} ${LIBEDIT} ${LIBNCURSES}
+LDADD= -lssh -ledit -lncurses
USEPRIVATELIB= ssh
+.if ${MK_LDNS} != "no"
+CFLAGS+= -DHAVE_LDNS=1
+#DPADD+= ${LIBLDNS}
+#LDADD+= -lldns
+#USEPRIVATELIB+= ldns
+.endif
+
+DPADD+= ${LIBCRYPT} ${LIBCRYPTO} ${LIBZ}
+LDADD+= -lcrypt -lcrypto -lz
+
.include <bsd.prog.mk>
.PATH: ${SSHDIR}
diff --git a/secure/usr.bin/ssh-add/Makefile b/secure/usr.bin/ssh-add/Makefile
index cb14ce6..316a607 100644
--- a/secure/usr.bin/ssh-add/Makefile
+++ b/secure/usr.bin/ssh-add/Makefile
@@ -1,16 +1,30 @@
# $FreeBSD$
+.include <bsd.own.mk>
+
PROG= ssh-add
SRCS+= ssh-add.c
CFLAGS+=-I${SSHDIR} -include ssh_namespace.h
-# required when linking with a dynamic libssh
+.if !defined(NO_SHARED)
+# required when linking with a dynamic libssh
SRCS+= roaming_dummy.c
+.endif
-DPADD= ${LIBSSH} ${LIBCRYPT} ${LIBCRYPTO} ${LIBZ}
-LDADD= -lssh -lcrypt -lcrypto -lz
+DPADD= ${LIBSSH}
+LDADD= -lssh
USEPRIVATELIB= ssh
+.if ${MK_LDNS} != "no"
+CFLAGS+= -DHAVE_LDNS=1
+#DPADD+= ${LIBLDNS}
+#LDADD+= -lldns
+#USEPRIVATELIB+= ldns
+.endif
+
+DPADD+= ${LIBCRYPT} ${LIBCRYPTO} ${LIBZ}
+LDADD+= -lcrypt -lcrypto -lz
+
.include <bsd.prog.mk>
.PATH: ${SSHDIR}
diff --git a/secure/usr.bin/ssh-agent/Makefile b/secure/usr.bin/ssh-agent/Makefile
index 29620d1..353abac 100644
--- a/secure/usr.bin/ssh-agent/Makefile
+++ b/secure/usr.bin/ssh-agent/Makefile
@@ -1,16 +1,30 @@
# $FreeBSD$
+.include <bsd.own.mk>
+
PROG= ssh-agent
SRCS= ssh-agent.c
CFLAGS+=-I${SSHDIR} -include ssh_namespace.h
-# required when linking with a dynamic libssh
+.if !defined(NO_SHARED)
+# required when linking with a dynamic libssh
SRCS+= roaming_dummy.c
+.endif
-DPADD= ${LIBSSH} ${LIBCRYPT} ${LIBCRYPTO} ${LIBZ}
-LDADD= -lssh -lcrypt -lcrypto -lz
+DPADD= ${LIBSSH}
+LDADD= -lssh
USEPRIVATELIB= ssh
+.if ${MK_LDNS} != "no"
+CFLAGS+= -DHAVE_LDNS=1
+#DPADD+= ${LIBLDNS}
+#LDADD+= -lldns
+#USEPRIVATELIB+= ldns
+.endif
+
+DPADD+= ${LIBCRYPT} ${LIBCRYPTO} ${LIBZ}
+LDADD+= -lcrypt -lcrypto -lz
+
.include <bsd.prog.mk>
.PATH: ${SSHDIR}
diff --git a/secure/usr.bin/ssh-keygen/Makefile b/secure/usr.bin/ssh-keygen/Makefile
index 48e486e..75934d9 100644
--- a/secure/usr.bin/ssh-keygen/Makefile
+++ b/secure/usr.bin/ssh-keygen/Makefile
@@ -1,16 +1,30 @@
# $FreeBSD$
+.include <bsd.own.mk>
+
PROG= ssh-keygen
SRCS= ssh-keygen.c
CFLAGS+=-I${SSHDIR} -include ssh_namespace.h
-# required when linking with a dynamic libssh
-SRCS+= roaming_dummy.c
+.if !defined(NO_SHARED)
+# required when linking with a dynamic libssh
+SRCS+= roaming_dummy.c
+.endif
-DPADD= ${LIBSSH} ${LIBCRYPT} ${LIBCRYPTO} ${LIBZ}
-LDADD= -lssh -lcrypt -lcrypto -lz
+DPADD= ${LIBSSH}
+LDADD= -lssh
USEPRIVATELIB= ssh
+.if ${MK_LDNS} != "no"
+CFLAGS+= -DHAVE_LDNS=1
+DPADD+= ${LIBLDNS}
+LDADD+= -lldns
+USEPRIVATELIB+= ldns
+.endif
+
+DPADD+= ${LIBCRYPT} ${LIBCRYPTO} ${LIBZ}
+LDADD+= -lcrypt -lcrypto -lz
+
.include <bsd.prog.mk>
.PATH: ${SSHDIR}
diff --git a/secure/usr.bin/ssh-keyscan/Makefile b/secure/usr.bin/ssh-keyscan/Makefile
index cc82d07..7dcb4d1 100644
--- a/secure/usr.bin/ssh-keyscan/Makefile
+++ b/secure/usr.bin/ssh-keyscan/Makefile
@@ -1,13 +1,25 @@
# $FreeBSD$
+.include <bsd.own.mk>
+
PROG= ssh-keyscan
SRCS= ssh-keyscan.c roaming_dummy.c
CFLAGS+=-I${SSHDIR} -include ssh_namespace.h
-DPADD= ${LIBSSH} ${LIBCRYPT} ${LIBCRYPTO} ${LIBZ}
-LDADD= -lssh -lcrypt -lcrypto -lz
+DPADD= ${LIBSSH}
+LDADD= -lssh
USEPRIVATELIB= ssh
+.if ${MK_LDNS} != "no"
+CFLAGS+= -DHAVE_LDNS=1
+#DPADD+= ${LIBLDNS}
+#LDADD+= -lldns
+#USEPRIVATELIB+= ldns
+.endif
+
+DPADD+= ${LIBCRYPT} ${LIBCRYPTO} ${LIBZ}
+LDADD+= -lcrypt -lcrypto -lz
+
.include <bsd.prog.mk>
.PATH: ${SSHDIR}
diff --git a/secure/usr.bin/ssh/Makefile b/secure/usr.bin/ssh/Makefile
index a5e5808..459d21f 100644
--- a/secure/usr.bin/ssh/Makefile
+++ b/secure/usr.bin/ssh/Makefile
@@ -1,5 +1,4 @@
# $FreeBSD$
-#
.include <bsd.own.mk>
@@ -16,10 +15,17 @@ SRCS= ssh.c readconf.c clientloop.c sshtty.c \
# gss-genr.c really belongs in libssh; see src/secure/lib/libssh/Makefile
SRCS+= gss-genr.c
-DPADD= ${LIBSSH} ${LIBUTIL} ${LIBZ}
-LDADD= -lssh -lutil -lz
+DPADD= ${LIBSSH} ${LIBUTIL}
+LDADD= -lssh -lutil
USEPRIVATELIB= ssh
+.if ${MK_LDNS} != "no"
+CFLAGS+= -DHAVE_LDNS=1
+DPADD+= ${LIBLDNS}
+LDADD+= -lldns
+USEPRIVATELIB+= ldns
+.endif
+
.if ${MK_KERBEROS_SUPPORT} != "no"
CFLAGS+= -DGSSAPI -DHAVE_GSSAPI_GSSAPI_H=1 -DKRB5 -DHEIMDAL
DPADD+= ${LIBGSSAPI}
@@ -30,8 +36,8 @@ LDADD+= -lgssapi
CFLAGS+= -DNONE_CIPHER_ENABLED
.endif
-DPADD+= ${LIBCRYPT} ${LIBCRYPTO}
-LDADD+= -lcrypt -lcrypto
+DPADD+= ${LIBCRYPT} ${LIBCRYPTO} ${LIBZ}
+LDADD+= -lcrypt -lcrypto -lz
.if defined(LOCALBASE)
CFLAGS+= -DXAUTH_PATH=\"${LOCALBASE}/bin/xauth\"
diff --git a/secure/usr.sbin/sshd/Makefile b/secure/usr.sbin/sshd/Makefile
index bb37ae4..daba994 100644
--- a/secure/usr.sbin/sshd/Makefile
+++ b/secure/usr.sbin/sshd/Makefile
@@ -1,5 +1,4 @@
# $FreeBSD$
-#
.include <bsd.own.mk>
@@ -25,10 +24,17 @@ SRCS+= gss-genr.c
MAN= sshd.8 sshd_config.5
CFLAGS+=-I${SSHDIR} -include ssh_namespace.h
-DPADD= ${LIBSSH} ${LIBUTIL} ${LIBZ} ${LIBWRAP} ${LIBPAM}
-LDADD= -lssh -lutil -lz -lwrap ${MINUSLPAM}
+DPADD= ${LIBSSH} ${LIBUTIL} ${LIBWRAP} ${LIBPAM}
+LDADD= -lssh -lutil -lwrap ${MINUSLPAM}
USEPRIVATELIB= ssh
+.if ${MK_LDNS} != "no"
+CFLAGS+= -DHAVE_LDNS=1
+#DPADD+= ${LIBLDNS}
+#LDADD+= -lldns
+#USEPRIVATELIB+= ldns
+.endif
+
.if ${MK_AUDIT} != "no"
CFLAGS+= -DUSE_BSM_AUDIT -DHAVE_GETAUDIT_ADDR
DPADD+= ${LIBBSM}
@@ -36,17 +42,20 @@ LDADD+= -lbsm
.endif
.if ${MK_KERBEROS_SUPPORT} != "no"
-CFLAGS+= -DGSSAPI -DHAVE_GSSAPI_GSSAPI_H=1 -DHAVE_GSSAPI_GSSAPI_KRB5_H=1 -DKRB5 -DHEIMDAL
-DPADD+= ${LIBGSSAPI_KRB5} ${LIBGSSAPI} ${LIBKRB5} ${LIBASN1}
-LDADD+= -lgssapi_krb5 -lgssapi -lkrb5 -lasn1
+CFLAGS+= -DGSSAPI -DKRB5 -DHEIMDAL \
+ -DHAVE_GSSAPI_GSSAPI_H=1 -DHAVE_GSSAPI_GSSAPI_KRB5_H=1
+DPADD+= ${LIBGSSAPI_KRB5} ${LIBGSSAPI} ${LIBKRB5} ${LIBHX509} ${LIBASN1} \
+ ${LIBCOM_ERR} ${LIBROKEN} ${LIBWIND} ${LIBHEIMBASE} ${LIBHEIMIPCC}
+LDADD+= -lgssapi_krb5 -lgssapi -lkrb5 -lhx509 -lasn1 \
+ -lcom_err -lroken -lwind -lheimbase -lheimipcc
.endif
.if ${MK_OPENSSH_NONE_CIPHER} != "no"
CFLAGS+= -DNONE_CIPHER_ENABLED
.endif
-DPADD+= ${LIBCRYPTO} ${LIBCRYPT}
-LDADD+= -lcrypto -lcrypt
+DPADD+= ${LIBCRYPT} ${LIBCRYPTO} ${LIBZ}
+LDADD+= -lcrypt -lcrypto -lz
.if defined(LOCALBASE)
CFLAGS+= -DXAUTH_PATH=\"${LOCALBASE}/bin/xauth\"
OpenPOWER on IntegriCloud