Author: des
Date: Tue Sep 10 22:26:11 2013
New Revision: 255460
URL: http://svnweb.freebsd.org/changeset/base/255460
Log:
Clean up the OpenSSH build. It is now possible to build most components
as static binaries, if desired. The one exception is sshd, which runs
into trouble due to libpam.a's includion of pam_ssh.
Make OpenSSH use LDNS if available. This allows it to verify signed
SSHFP records.
Approved by: re (blanket)
Modified:
head/Makefile.inc1
head/secure/lib/libssh/Makefile
head/secure/libexec/sftp-server/Makefile
head/secure/libexec/ssh-keysign/Makefile
head/secure/libexec/ssh-pkcs11-helper/Makefile
head/secure/usr.bin/scp/Makefile
head/secure/usr.bin/sftp/Makefile
head/secure/usr.bin/ssh-add/Makefile
head/secure/usr.bin/ssh-agent/Makefile
head/secure/usr.bin/ssh-keygen/Makefile
head/secure/usr.bin/ssh-keyscan/Makefile
head/secure/usr.bin/ssh/Makefile
head/secure/usr.sbin/sshd/Makefile
Modified: head/Makefile.inc1
==============================================================================
--- head/Makefile.inc1 Tue Sep 10 21:16:18 2013 (r255459)
+++ head/Makefile.inc1 Tue Sep 10 22:26:11 2013 (r255460)
@@ -1470,8 +1470,8 @@ _prebuild_libs= ${_kerberos5_lib_libasn1
${_cddl_lib_libumem} ${_cddl_lib_libnvpair} \
${_cddl_lib_libzfs_core} \
lib/libutil ${_lib_libypclnt} lib/libz lib/msun \
- ${_secure_lib_libcrypto} ${_secure_lib_libssh} \
- ${_secure_lib_libssl}
+ ${_secure_lib_libcrypto} ${_lib_libldns} \
+ ${_secure_lib_libssh} ${_secure_lib_libssl}
.if ${MK_ATF} != "no"
_lib_atf_libatf_c= lib/atf/libatf-c
@@ -1507,9 +1507,16 @@ cddl/lib/libzfs_core__L: cddl/lib/libnvp
_secure_lib_libcrypto= secure/lib/libcrypto
_secure_lib_libssl= secure/lib/libssl
lib/libradius__L secure/lib/libssl__L: secure/lib/libcrypto__L
+.if ${MK_LDNS} != "no"
+_lib_libldns= lib/libldns
+lib/libldns__L: secure/lib/libcrypto__L
+.endif
.if ${MK_OPENSSH} != "no"
_secure_lib_libssh= secure/lib/libssh
secure/lib/libssh__L: lib/libz__L secure/lib/libcrypto__L lib/libcrypt__L
+.if ${MK_LDNS} != "no"
+secure/lib/libssh__L: lib/libldns__L
+.endif
.if ${MK_KERBEROS_SUPPORT} != "no"
secure/lib/libssh__L: lib/libgssapi__L kerberos5/lib/libkrb5__L \
kerberos5/lib/libhx509__L kerberos5/lib/libasn1__L lib/libcom_err__L \
Modified: head/secure/lib/libssh/Makefile
==============================================================================
--- head/secure/lib/libssh/Makefile Tue Sep 10 21:16:18 2013
(r255459)
+++ head/secure/lib/libssh/Makefile Tue Sep 10 22:26:11 2013
(r255460)
@@ -21,17 +21,22 @@ SRCS= authfd.c authfile.c bufaux.c bufbn
# compiled directly into sshd instead.
# Portability layer
-SRCS+= bsd-misc.c fmt_scaled.c getrrsetbyname.c glob.c \
+SRCS+= bsd-misc.c fmt_scaled.c glob.c \
openssl-compat.c port-tun.c strtonum.c timingsafe_bcmp.c \
vis.c xcrypt.c xmmap.c
-.if defined(COMPAT_GETADDRINFO)
-SRCS+= getaddrinfo.c getnameinfo.c name6.c rcmd.c bindresvport.c
+.if ${MK_LDNS} == "no"
+SRCS+= getrrsetbyname.c
+.else
+LDNSDIR= ${.CURDIR}/../../../contrib/ldns
+CFLAGS+= -DHAVE_LDNS=1 -I${LDNSDIR}
+SRCS+= getrrsetbyname-ldns.c
+DPADD+= ${LIBLDNS}
+LDADD+= -lldns
+USEPRIVATELIB+= ldns
.endif
CFLAGS+= -I${SSHDIR} -include ssh_namespace.h
-DPADD= ${LIBZ}
-LDADD= -lz
.if ${MK_KERBEROS_SUPPORT} != "no"
CFLAGS+= -DGSSAPI -DHAVE_GSSAPI_GSSAPI_H=1 -DKRB5 -DHEIMDAL
@@ -45,8 +50,8 @@ CFLAGS+= -DNONE_CIPHER_ENABLED
NO_LINT=
-DPADD+= ${LIBCRYPTO} ${LIBCRYPT}
-LDADD+= -lcrypto -lcrypt
+DPADD+= ${LIBCRYPTO} ${LIBCRYPT} ${LIBZ}
+LDADD+= -lcrypto -lcrypt -lz
.include <bsd.lib.mk>
Modified: head/secure/libexec/sftp-server/Makefile
==============================================================================
--- head/secure/libexec/sftp-server/Makefile Tue Sep 10 21:16:18 2013
(r255459)
+++ head/secure/libexec/sftp-server/Makefile Tue Sep 10 22:26:11 2013
(r255460)
@@ -1,17 +1,31 @@
# $FreeBSD$
+.include <bsd.own.mk>
+
PROG= sftp-server
SRCS= sftp-server.c sftp-common.c sftp-server-main.c
MAN= sftp-server.8
CFLAGS+=-I${SSHDIR} -include ssh_namespace.h
-# required when linking with a dynamic libssh
+.if !defined(NO_SHARED)
+# required when linking with a dynamic libssh
SRCS+= roaming_dummy.c
+.endif
-DPADD= ${LIBSSH} ${LIBCRYPT} ${LIBCRYPTO} ${LIBZ}
-LDADD= -lssh -lcrypt -lcrypto -lz
+DPADD= ${LIBSSH}
+LDADD= -lssh
USEPRIVATELIB= ssh
+.if ${MK_LDNS} != "no"
+CFLAGS+= -DHAVE_LDNS=1
+#DPADD+= ${LIBLDNS}
+#LDADD+= -lldns
+#USEPRIVATELIB+= ldns
+.endif
+
+DPADD+= ${LIBCRYPT} ${LIBCRYPTO} ${LIBZ}
+LDADD+= -lcrypt -lcrypto -lz
+
.include <bsd.prog.mk>
.PATH: ${SSHDIR}
Modified: head/secure/libexec/ssh-keysign/Makefile
==============================================================================
--- head/secure/libexec/ssh-keysign/Makefile Tue Sep 10 21:16:18 2013
(r255459)
+++ head/secure/libexec/ssh-keysign/Makefile Tue Sep 10 22:26:11 2013
(r255460)
@@ -1,15 +1,27 @@
# $FreeBSD$
+.include <bsd.own.mk>
+
PROG= ssh-keysign
-SRCS= ssh-keysign.c readconf.c roaming_dummy.c
+SRCS= ssh-keysign.c roaming_dummy.c readconf.c
MAN= ssh-keysign.8
CFLAGS+=-I${SSHDIR} -include ssh_namespace.h
BINMODE=4555
-DPADD= ${LIBSSH} ${LIBCRYPT} ${LIBCRYPTO} ${LIBZ}
-LDADD= -lssh -lcrypt -lcrypto -lz
+DPADD= ${LIBSSH}
+LDADD= -lssh
USEPRIVATELIB= ssh
+.if ${MK_LDNS} != "no"
+CFLAGS+= -DHAVE_LDNS=1
+#DPADD+= ${LIBLDNS}
+#LDADD+= -lldns
+#USEPRIVATELIB+= ldns
+.endif
+
+DPADD+= ${LIBCRYPT} ${LIBCRYPTO} ${LIBZ}
+LDADD+= -lcrypt -lcrypto -lz
+
.include <bsd.prog.mk>
.PATH: ${SSHDIR}
Modified: head/secure/libexec/ssh-pkcs11-helper/Makefile
==============================================================================
--- head/secure/libexec/ssh-pkcs11-helper/Makefile Tue Sep 10 21:16:18
2013 (r255459)
+++ head/secure/libexec/ssh-pkcs11-helper/Makefile Tue Sep 10 22:26:11
2013 (r255460)
@@ -1,15 +1,31 @@
# $FreeBSD$
+.include <bsd.own.mk>
+
PROG= ssh-pkcs11-helper
SRCS= ssh-pkcs11.c ssh-pkcs11-helper.c
-SRCS+= roaming_dummy.c
MAN= ssh-pkcs11-helper.8
CFLAGS+=-I${SSHDIR} -include ssh_namespace.h
-DPADD= ${LIBSSH} ${LIBCRYPT} ${LIBCRYPTO} ${LIBZ}
-LDADD= -lssh -lcrypt -lcrypto -lz
+.if !defined(NO_SHARED)
+# required when linking with a dynamic libssh
+SRCS+= roaming_dummy.c
+.endif
+
+DPADD= ${LIBSSH}
+LDADD= -lssh
USEPRIVATELIB= ssh
+.if ${MK_LDNS} != "no"
+CFLAGS+= -DHAVE_LDNS=1
+#DPADD+= ${LIBLDNS}
+#LDADD+= -lldns
+#USEPRIVATELIB+= ldns
+.endif
+
+DPADD+= ${LIBCRYPT} ${LIBCRYPTO} ${LIBZ}
+LDADD+= -lcrypt -lcrypto -lz
+
.include <bsd.prog.mk>
.PATH: ${SSHDIR}
Modified: head/secure/usr.bin/scp/Makefile
==============================================================================
--- head/secure/usr.bin/scp/Makefile Tue Sep 10 21:16:18 2013
(r255459)
+++ head/secure/usr.bin/scp/Makefile Tue Sep 10 22:26:11 2013
(r255460)
@@ -1,16 +1,30 @@
# $FreeBSD$
+.include <bsd.own.mk>
+
PROG= scp
SRCS= scp.c
CFLAGS+=-I${SSHDIR} -include ssh_namespace.h
+.if !defined(NO_SHARED)
# required when linking with a dynamic libssh
SRCS+= roaming_dummy.c
+.endif
-DPADD= ${LIBSSH} ${LIBCRYPT} ${LIBCRYPTO} ${LIBZ}
-LDADD= -lssh -lcrypt -lcrypto -lz
+DPADD= ${LIBSSH}
+LDADD= -lssh
USEPRIVATELIB= ssh
+.if ${MK_LDNS} != "no"
+CFLAGS+= -DHAVE_LDNS=1
+#DPADD+= ${LIBLDNS}
+#LDADD+= -lldns
+#USEPRIVATELIB+= ldns
+.endif
+
+DPADD+= ${LIBCRYPT} ${LIBCRYPTO} ${LIBZ}
+LDADD+= -lcrypt -lcrypto -lz
+
.include <bsd.prog.mk>
.PATH: ${SSHDIR}
Modified: head/secure/usr.bin/sftp/Makefile
==============================================================================
--- head/secure/usr.bin/sftp/Makefile Tue Sep 10 21:16:18 2013
(r255459)
+++ head/secure/usr.bin/sftp/Makefile Tue Sep 10 22:26:11 2013
(r255460)
@@ -1,16 +1,30 @@
# $FreeBSD$
+.include <bsd.own.mk>
+
PROG= sftp
SRCS= sftp.c sftp-client.c sftp-common.c sftp-glob.c progressmeter.c
CFLAGS+=-I${SSHDIR} -include ssh_namespace.h
-# required when linking with a dynamic libssh
+.if !defined(NO_SHARED)
+# required when linking with a dynamic libssh
SRCS+= roaming_dummy.c
+.endif
-DPADD= ${LIBSSH} ${LIBCRYPT} ${LIBCRYPTO} ${LIBZ} ${LIBEDIT} ${LIBNCURSES}
-LDADD= -lssh -lcrypt -lcrypto -lz -ledit -lncurses
+DPADD= ${LIBSSH} ${LIBEDIT} ${LIBNCURSES}
+LDADD= -lssh -ledit -lncurses
USEPRIVATELIB= ssh
+.if ${MK_LDNS} != "no"
+CFLAGS+= -DHAVE_LDNS=1
+#DPADD+= ${LIBLDNS}
+#LDADD+= -lldns
+#USEPRIVATELIB+= ldns
+.endif
+
+DPADD+= ${LIBCRYPT} ${LIBCRYPTO} ${LIBZ}
+LDADD+= -lcrypt -lcrypto -lz
+
.include <bsd.prog.mk>
.PATH: ${SSHDIR}
Modified: head/secure/usr.bin/ssh-add/Makefile
==============================================================================
--- head/secure/usr.bin/ssh-add/Makefile Tue Sep 10 21:16:18 2013
(r255459)
+++ head/secure/usr.bin/ssh-add/Makefile Tue Sep 10 22:26:11 2013
(r255460)
@@ -1,16 +1,30 @@
# $FreeBSD$
+.include <bsd.own.mk>
+
PROG= ssh-add
SRCS+= ssh-add.c
CFLAGS+=-I${SSHDIR} -include ssh_namespace.h
-# required when linking with a dynamic libssh
+.if !defined(NO_SHARED)
+# required when linking with a dynamic libssh
SRCS+= roaming_dummy.c
+.endif
-DPADD= ${LIBSSH} ${LIBCRYPT} ${LIBCRYPTO} ${LIBZ}
-LDADD= -lssh -lcrypt -lcrypto -lz
+DPADD= ${LIBSSH}
+LDADD= -lssh
USEPRIVATELIB= ssh
+.if ${MK_LDNS} != "no"
+CFLAGS+= -DHAVE_LDNS=1
+#DPADD+= ${LIBLDNS}
+#LDADD+= -lldns
+#USEPRIVATELIB+= ldns
+.endif
+
+DPADD+= ${LIBCRYPT} ${LIBCRYPTO} ${LIBZ}
+LDADD+= -lcrypt -lcrypto -lz
+
.include <bsd.prog.mk>
.PATH: ${SSHDIR}
Modified: head/secure/usr.bin/ssh-agent/Makefile
==============================================================================
--- head/secure/usr.bin/ssh-agent/Makefile Tue Sep 10 21:16:18 2013
(r255459)
+++ head/secure/usr.bin/ssh-agent/Makefile Tue Sep 10 22:26:11 2013
(r255460)
@@ -1,16 +1,30 @@
# $FreeBSD$
+.include <bsd.own.mk>
+
PROG= ssh-agent
SRCS= ssh-agent.c
CFLAGS+=-I${SSHDIR} -include ssh_namespace.h
-# required when linking with a dynamic libssh
+.if !defined(NO_SHARED)
+# required when linking with a dynamic libssh
SRCS+= roaming_dummy.c
+.endif
-DPADD= ${LIBSSH} ${LIBCRYPT} ${LIBCRYPTO} ${LIBZ}
-LDADD= -lssh -lcrypt -lcrypto -lz
+DPADD= ${LIBSSH}
+LDADD= -lssh
USEPRIVATELIB= ssh
+.if ${MK_LDNS} != "no"
+CFLAGS+= -DHAVE_LDNS=1
+#DPADD+= ${LIBLDNS}
+#LDADD+= -lldns
+#USEPRIVATELIB+= ldns
+.endif
+
+DPADD+= ${LIBCRYPT} ${LIBCRYPTO} ${LIBZ}
+LDADD+= -lcrypt -lcrypto -lz
+
.include <bsd.prog.mk>
.PATH: ${SSHDIR}
Modified: head/secure/usr.bin/ssh-keygen/Makefile
==============================================================================
--- head/secure/usr.bin/ssh-keygen/Makefile Tue Sep 10 21:16:18 2013
(r255459)
+++ head/secure/usr.bin/ssh-keygen/Makefile Tue Sep 10 22:26:11 2013
(r255460)
@@ -1,16 +1,30 @@
# $FreeBSD$
+.include <bsd.own.mk>
+
PROG= ssh-keygen
SRCS= ssh-keygen.c
CFLAGS+=-I${SSHDIR} -include ssh_namespace.h
-# required when linking with a dynamic libssh
-SRCS+= roaming_dummy.c
+.if !defined(NO_SHARED)
+# required when linking with a dynamic libssh
+SRCS+= roaming_dummy.c
+.endif
-DPADD= ${LIBSSH} ${LIBCRYPT} ${LIBCRYPTO} ${LIBZ}
-LDADD= -lssh -lcrypt -lcrypto -lz
+DPADD= ${LIBSSH}
+LDADD= -lssh
USEPRIVATELIB= ssh
+.if ${MK_LDNS} != "no"
+CFLAGS+= -DHAVE_LDNS=1
+DPADD+= ${LIBLDNS}
+LDADD+= -lldns
+USEPRIVATELIB+= ldns
+.endif
+
+DPADD+= ${LIBCRYPT} ${LIBCRYPTO} ${LIBZ}
+LDADD+= -lcrypt -lcrypto -lz
+
.include <bsd.prog.mk>
.PATH: ${SSHDIR}
Modified: head/secure/usr.bin/ssh-keyscan/Makefile
==============================================================================
--- head/secure/usr.bin/ssh-keyscan/Makefile Tue Sep 10 21:16:18 2013
(r255459)
+++ head/secure/usr.bin/ssh-keyscan/Makefile Tue Sep 10 22:26:11 2013
(r255460)
@@ -1,13 +1,25 @@
# $FreeBSD$
+.include <bsd.own.mk>
+
PROG= ssh-keyscan
SRCS= ssh-keyscan.c roaming_dummy.c
CFLAGS+=-I${SSHDIR} -include ssh_namespace.h
-DPADD= ${LIBSSH} ${LIBCRYPT} ${LIBCRYPTO} ${LIBZ}
-LDADD= -lssh -lcrypt -lcrypto -lz
+DPADD= ${LIBSSH}
+LDADD= -lssh
USEPRIVATELIB= ssh
+.if ${MK_LDNS} != "no"
+CFLAGS+= -DHAVE_LDNS=1
+#DPADD+= ${LIBLDNS}
+#LDADD+= -lldns
+#USEPRIVATELIB+= ldns
+.endif
+
+DPADD+= ${LIBCRYPT} ${LIBCRYPTO} ${LIBZ}
+LDADD+= -lcrypt -lcrypto -lz
+
.include <bsd.prog.mk>
.PATH: ${SSHDIR}
Modified: head/secure/usr.bin/ssh/Makefile
==============================================================================
--- head/secure/usr.bin/ssh/Makefile Tue Sep 10 21:16:18 2013
(r255459)
+++ head/secure/usr.bin/ssh/Makefile Tue Sep 10 22:26:11 2013
(r255460)
@@ -1,5 +1,4 @@
# $FreeBSD$
-#
.include <bsd.own.mk>
@@ -16,10 +15,17 @@ SRCS= ssh.c readconf.c clientloop.c ssht
# gss-genr.c really belongs in libssh; see src/secure/lib/libssh/Makefile
SRCS+= gss-genr.c
-DPADD= ${LIBSSH} ${LIBUTIL} ${LIBZ}
-LDADD= -lssh -lutil -lz
+DPADD= ${LIBSSH} ${LIBUTIL}
+LDADD= -lssh -lutil
USEPRIVATELIB= ssh
+.if ${MK_LDNS} != "no"
+CFLAGS+= -DHAVE_LDNS=1
+DPADD+= ${LIBLDNS}
+LDADD+= -lldns
+USEPRIVATELIB+= ldns
+.endif
+
.if ${MK_KERBEROS_SUPPORT} != "no"
CFLAGS+= -DGSSAPI -DHAVE_GSSAPI_GSSAPI_H=1 -DKRB5 -DHEIMDAL
DPADD+= ${LIBGSSAPI}
@@ -30,8 +36,8 @@ LDADD+= -lgssapi
CFLAGS+= -DNONE_CIPHER_ENABLED
.endif
-DPADD+= ${LIBCRYPT} ${LIBCRYPTO}
-LDADD+= -lcrypt -lcrypto
+DPADD+= ${LIBCRYPT} ${LIBCRYPTO} ${LIBZ}
+LDADD+= -lcrypt -lcrypto -lz
.if defined(LOCALBASE)
CFLAGS+= -DXAUTH_PATH=\"${LOCALBASE}/bin/xauth\"
Modified: head/secure/usr.sbin/sshd/Makefile
==============================================================================
--- head/secure/usr.sbin/sshd/Makefile Tue Sep 10 21:16:18 2013
(r255459)
+++ head/secure/usr.sbin/sshd/Makefile Tue Sep 10 22:26:11 2013
(r255460)
@@ -1,5 +1,4 @@
# $FreeBSD$
-#
.include <bsd.own.mk>
@@ -25,10 +24,17 @@ SRCS+= gss-genr.c
MAN= sshd.8 sshd_config.5
CFLAGS+=-I${SSHDIR} -include ssh_namespace.h
-DPADD= ${LIBSSH} ${LIBUTIL} ${LIBZ} ${LIBWRAP} ${LIBPAM}
-LDADD= -lssh -lutil -lz -lwrap ${MINUSLPAM}
+DPADD= ${LIBSSH} ${LIBUTIL} ${LIBWRAP} ${LIBPAM}
+LDADD= -lssh -lutil -lwrap ${MINUSLPAM}
USEPRIVATELIB= ssh
+.if ${MK_LDNS} != "no"
+CFLAGS+= -DHAVE_LDNS=1
+#DPADD+= ${LIBLDNS}
+#LDADD+= -lldns
+#USEPRIVATELIB+= ldns
+.endif
+
.if ${MK_AUDIT} != "no"
CFLAGS+= -DUSE_BSM_AUDIT -DHAVE_GETAUDIT_ADDR
DPADD+= ${LIBBSM}
@@ -36,17 +42,20 @@ LDADD+= -lbsm
.endif
.if ${MK_KERBEROS_SUPPORT} != "no"
-CFLAGS+= -DGSSAPI -DHAVE_GSSAPI_GSSAPI_H=1 -DHAVE_GSSAPI_GSSAPI_KRB5_H=1
-DKRB5 -DHEIMDAL
-DPADD+= ${LIBGSSAPI_KRB5} ${LIBGSSAPI} ${LIBKRB5} ${LIBASN1}
-LDADD+= -lgssapi_krb5 -lgssapi -lkrb5 -lasn1
+CFLAGS+= -DGSSAPI -DKRB5 -DHEIMDAL \
+ -DHAVE_GSSAPI_GSSAPI_H=1 -DHAVE_GSSAPI_GSSAPI_KRB5_H=1
+DPADD+= ${LIBGSSAPI_KRB5} ${LIBGSSAPI} ${LIBKRB5} ${LIBHX509}
${LIBASN1} \
+ ${LIBCOM_ERR} ${LIBROKEN} ${LIBWIND} ${LIBHEIMBASE} ${LIBHEIMIPCC}
+LDADD+= -lgssapi_krb5 -lgssapi -lkrb5 -lhx509 -lasn1 \
+ -lcom_err -lroken -lwind -lheimbase -lheimipcc
.endif
.if ${MK_OPENSSH_NONE_CIPHER} != "no"
CFLAGS+= -DNONE_CIPHER_ENABLED
.endif
-DPADD+= ${LIBCRYPTO} ${LIBCRYPT}
-LDADD+= -lcrypto -lcrypt
+DPADD+= ${LIBCRYPT} ${LIBCRYPTO} ${LIBZ}
+LDADD+= -lcrypt -lcrypto -lz
.if defined(LOCALBASE)
CFLAGS+= -DXAUTH_PATH=\"${LOCALBASE}/bin/xauth\"
_______________________________________________
svn-src-head@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
