Clean up the OpenSSH build. It is now possible to build most components

as static binaries, if desired.  The one exception is sshd, which runs
into trouble due to libpam.a's includion of pam_ssh.

Make OpenSSH use LDNS if available.  This allows it to verify signed
SSHFP records.

Approved by:	re (blanket)
This commit is contained in:
Dag-Erling Smørgrav 2013-09-10 22:26:11 +00:00
parent 27789e56b2
commit 9cfa8b3fee
13 changed files with 199 additions and 48 deletions

View File

@ -1470,8 +1470,8 @@ _prebuild_libs= ${_kerberos5_lib_libasn1} \
${_cddl_lib_libumem} ${_cddl_lib_libnvpair} \
${_cddl_lib_libzfs_core} \
lib/libutil ${_lib_libypclnt} lib/libz lib/msun \
${_secure_lib_libcrypto} ${_secure_lib_libssh} \
${_secure_lib_libssl}
${_secure_lib_libcrypto} ${_lib_libldns} \
${_secure_lib_libssh} ${_secure_lib_libssl}
.if ${MK_ATF} != "no"
_lib_atf_libatf_c= lib/atf/libatf-c
@ -1507,9 +1507,16 @@ cddl/lib/libzfs_core__L: cddl/lib/libnvpair__L
_secure_lib_libcrypto= secure/lib/libcrypto
_secure_lib_libssl= secure/lib/libssl
lib/libradius__L secure/lib/libssl__L: secure/lib/libcrypto__L
.if ${MK_LDNS} != "no"
_lib_libldns= lib/libldns
lib/libldns__L: secure/lib/libcrypto__L
.endif
.if ${MK_OPENSSH} != "no"
_secure_lib_libssh= secure/lib/libssh
secure/lib/libssh__L: lib/libz__L secure/lib/libcrypto__L lib/libcrypt__L
.if ${MK_LDNS} != "no"
secure/lib/libssh__L: lib/libldns__L
.endif
.if ${MK_KERBEROS_SUPPORT} != "no"
secure/lib/libssh__L: lib/libgssapi__L kerberos5/lib/libkrb5__L \
kerberos5/lib/libhx509__L kerberos5/lib/libasn1__L lib/libcom_err__L \

View File

@ -21,17 +21,22 @@ SRCS= authfd.c authfile.c bufaux.c bufbn.c buffer.c \
# compiled directly into sshd instead.
# Portability layer
SRCS+= bsd-misc.c fmt_scaled.c getrrsetbyname.c glob.c \
SRCS+= bsd-misc.c fmt_scaled.c glob.c \
openssl-compat.c port-tun.c strtonum.c timingsafe_bcmp.c \
vis.c xcrypt.c xmmap.c
.if defined(COMPAT_GETADDRINFO)
SRCS+= getaddrinfo.c getnameinfo.c name6.c rcmd.c bindresvport.c
.if ${MK_LDNS} == "no"
SRCS+= getrrsetbyname.c
.else
LDNSDIR= ${.CURDIR}/../../../contrib/ldns
CFLAGS+= -DHAVE_LDNS=1 -I${LDNSDIR}
SRCS+= getrrsetbyname-ldns.c
DPADD+= ${LIBLDNS}
LDADD+= -lldns
USEPRIVATELIB+= ldns
.endif
CFLAGS+= -I${SSHDIR} -include ssh_namespace.h
DPADD= ${LIBZ}
LDADD= -lz
.if ${MK_KERBEROS_SUPPORT} != "no"
CFLAGS+= -DGSSAPI -DHAVE_GSSAPI_GSSAPI_H=1 -DKRB5 -DHEIMDAL
@ -45,8 +50,8 @@ CFLAGS+= -DNONE_CIPHER_ENABLED
NO_LINT=
DPADD+= ${LIBCRYPTO} ${LIBCRYPT}
LDADD+= -lcrypto -lcrypt
DPADD+= ${LIBCRYPTO} ${LIBCRYPT} ${LIBZ}
LDADD+= -lcrypto -lcrypt -lz
.include <bsd.lib.mk>

View File

@ -1,17 +1,31 @@
# $FreeBSD$
.include <bsd.own.mk>
PROG= sftp-server
SRCS= sftp-server.c sftp-common.c sftp-server-main.c
MAN= sftp-server.8
CFLAGS+=-I${SSHDIR} -include ssh_namespace.h
.if !defined(NO_SHARED)
# required when linking with a dynamic libssh
SRCS+= roaming_dummy.c
.endif
DPADD= ${LIBSSH} ${LIBCRYPT} ${LIBCRYPTO} ${LIBZ}
LDADD= -lssh -lcrypt -lcrypto -lz
DPADD= ${LIBSSH}
LDADD= -lssh
USEPRIVATELIB= ssh
.if ${MK_LDNS} != "no"
CFLAGS+= -DHAVE_LDNS=1
#DPADD+= ${LIBLDNS}
#LDADD+= -lldns
#USEPRIVATELIB+= ldns
.endif
DPADD+= ${LIBCRYPT} ${LIBCRYPTO} ${LIBZ}
LDADD+= -lcrypt -lcrypto -lz
.include <bsd.prog.mk>
.PATH: ${SSHDIR}

View File

@ -1,15 +1,27 @@
# $FreeBSD$
.include <bsd.own.mk>
PROG= ssh-keysign
SRCS= ssh-keysign.c readconf.c roaming_dummy.c
SRCS= ssh-keysign.c roaming_dummy.c readconf.c
MAN= ssh-keysign.8
CFLAGS+=-I${SSHDIR} -include ssh_namespace.h
BINMODE=4555
DPADD= ${LIBSSH} ${LIBCRYPT} ${LIBCRYPTO} ${LIBZ}
LDADD= -lssh -lcrypt -lcrypto -lz
DPADD= ${LIBSSH}
LDADD= -lssh
USEPRIVATELIB= ssh
.if ${MK_LDNS} != "no"
CFLAGS+= -DHAVE_LDNS=1
#DPADD+= ${LIBLDNS}
#LDADD+= -lldns
#USEPRIVATELIB+= ldns
.endif
DPADD+= ${LIBCRYPT} ${LIBCRYPTO} ${LIBZ}
LDADD+= -lcrypt -lcrypto -lz
.include <bsd.prog.mk>
.PATH: ${SSHDIR}

View File

@ -1,15 +1,31 @@
# $FreeBSD$
.include <bsd.own.mk>
PROG= ssh-pkcs11-helper
SRCS= ssh-pkcs11.c ssh-pkcs11-helper.c
SRCS+= roaming_dummy.c
MAN= ssh-pkcs11-helper.8
CFLAGS+=-I${SSHDIR} -include ssh_namespace.h
DPADD= ${LIBSSH} ${LIBCRYPT} ${LIBCRYPTO} ${LIBZ}
LDADD= -lssh -lcrypt -lcrypto -lz
.if !defined(NO_SHARED)
# required when linking with a dynamic libssh
SRCS+= roaming_dummy.c
.endif
DPADD= ${LIBSSH}
LDADD= -lssh
USEPRIVATELIB= ssh
.if ${MK_LDNS} != "no"
CFLAGS+= -DHAVE_LDNS=1
#DPADD+= ${LIBLDNS}
#LDADD+= -lldns
#USEPRIVATELIB+= ldns
.endif
DPADD+= ${LIBCRYPT} ${LIBCRYPTO} ${LIBZ}
LDADD+= -lcrypt -lcrypto -lz
.include <bsd.prog.mk>
.PATH: ${SSHDIR}

View File

@ -1,16 +1,30 @@
# $FreeBSD$
.include <bsd.own.mk>
PROG= scp
SRCS= scp.c
CFLAGS+=-I${SSHDIR} -include ssh_namespace.h
.if !defined(NO_SHARED)
# required when linking with a dynamic libssh
SRCS+= roaming_dummy.c
.endif
DPADD= ${LIBSSH} ${LIBCRYPT} ${LIBCRYPTO} ${LIBZ}
LDADD= -lssh -lcrypt -lcrypto -lz
DPADD= ${LIBSSH}
LDADD= -lssh
USEPRIVATELIB= ssh
.if ${MK_LDNS} != "no"
CFLAGS+= -DHAVE_LDNS=1
#DPADD+= ${LIBLDNS}
#LDADD+= -lldns
#USEPRIVATELIB+= ldns
.endif
DPADD+= ${LIBCRYPT} ${LIBCRYPTO} ${LIBZ}
LDADD+= -lcrypt -lcrypto -lz
.include <bsd.prog.mk>
.PATH: ${SSHDIR}

View File

@ -1,16 +1,30 @@
# $FreeBSD$
.include <bsd.own.mk>
PROG= sftp
SRCS= sftp.c sftp-client.c sftp-common.c sftp-glob.c progressmeter.c
CFLAGS+=-I${SSHDIR} -include ssh_namespace.h
.if !defined(NO_SHARED)
# required when linking with a dynamic libssh
SRCS+= roaming_dummy.c
.endif
DPADD= ${LIBSSH} ${LIBCRYPT} ${LIBCRYPTO} ${LIBZ} ${LIBEDIT} ${LIBNCURSES}
LDADD= -lssh -lcrypt -lcrypto -lz -ledit -lncurses
DPADD= ${LIBSSH} ${LIBEDIT} ${LIBNCURSES}
LDADD= -lssh -ledit -lncurses
USEPRIVATELIB= ssh
.if ${MK_LDNS} != "no"
CFLAGS+= -DHAVE_LDNS=1
#DPADD+= ${LIBLDNS}
#LDADD+= -lldns
#USEPRIVATELIB+= ldns
.endif
DPADD+= ${LIBCRYPT} ${LIBCRYPTO} ${LIBZ}
LDADD+= -lcrypt -lcrypto -lz
.include <bsd.prog.mk>
.PATH: ${SSHDIR}

View File

@ -1,16 +1,30 @@
# $FreeBSD$
.include <bsd.own.mk>
PROG= ssh-add
SRCS+= ssh-add.c
CFLAGS+=-I${SSHDIR} -include ssh_namespace.h
.if !defined(NO_SHARED)
# required when linking with a dynamic libssh
SRCS+= roaming_dummy.c
.endif
DPADD= ${LIBSSH} ${LIBCRYPT} ${LIBCRYPTO} ${LIBZ}
LDADD= -lssh -lcrypt -lcrypto -lz
DPADD= ${LIBSSH}
LDADD= -lssh
USEPRIVATELIB= ssh
.if ${MK_LDNS} != "no"
CFLAGS+= -DHAVE_LDNS=1
#DPADD+= ${LIBLDNS}
#LDADD+= -lldns
#USEPRIVATELIB+= ldns
.endif
DPADD+= ${LIBCRYPT} ${LIBCRYPTO} ${LIBZ}
LDADD+= -lcrypt -lcrypto -lz
.include <bsd.prog.mk>
.PATH: ${SSHDIR}

View File

@ -1,16 +1,30 @@
# $FreeBSD$
.include <bsd.own.mk>
PROG= ssh-agent
SRCS= ssh-agent.c
CFLAGS+=-I${SSHDIR} -include ssh_namespace.h
.if !defined(NO_SHARED)
# required when linking with a dynamic libssh
SRCS+= roaming_dummy.c
.endif
DPADD= ${LIBSSH} ${LIBCRYPT} ${LIBCRYPTO} ${LIBZ}
LDADD= -lssh -lcrypt -lcrypto -lz
DPADD= ${LIBSSH}
LDADD= -lssh
USEPRIVATELIB= ssh
.if ${MK_LDNS} != "no"
CFLAGS+= -DHAVE_LDNS=1
#DPADD+= ${LIBLDNS}
#LDADD+= -lldns
#USEPRIVATELIB+= ldns
.endif
DPADD+= ${LIBCRYPT} ${LIBCRYPTO} ${LIBZ}
LDADD+= -lcrypt -lcrypto -lz
.include <bsd.prog.mk>
.PATH: ${SSHDIR}

View File

@ -1,16 +1,30 @@
# $FreeBSD$
.include <bsd.own.mk>
PROG= ssh-keygen
SRCS= ssh-keygen.c
CFLAGS+=-I${SSHDIR} -include ssh_namespace.h
.if !defined(NO_SHARED)
# required when linking with a dynamic libssh
SRCS+= roaming_dummy.c
SRCS+= roaming_dummy.c
.endif
DPADD= ${LIBSSH} ${LIBCRYPT} ${LIBCRYPTO} ${LIBZ}
LDADD= -lssh -lcrypt -lcrypto -lz
DPADD= ${LIBSSH}
LDADD= -lssh
USEPRIVATELIB= ssh
.if ${MK_LDNS} != "no"
CFLAGS+= -DHAVE_LDNS=1
DPADD+= ${LIBLDNS}
LDADD+= -lldns
USEPRIVATELIB+= ldns
.endif
DPADD+= ${LIBCRYPT} ${LIBCRYPTO} ${LIBZ}
LDADD+= -lcrypt -lcrypto -lz
.include <bsd.prog.mk>
.PATH: ${SSHDIR}

View File

@ -1,13 +1,25 @@
# $FreeBSD$
.include <bsd.own.mk>
PROG= ssh-keyscan
SRCS= ssh-keyscan.c roaming_dummy.c
CFLAGS+=-I${SSHDIR} -include ssh_namespace.h
DPADD= ${LIBSSH} ${LIBCRYPT} ${LIBCRYPTO} ${LIBZ}
LDADD= -lssh -lcrypt -lcrypto -lz
DPADD= ${LIBSSH}
LDADD= -lssh
USEPRIVATELIB= ssh
.if ${MK_LDNS} != "no"
CFLAGS+= -DHAVE_LDNS=1
#DPADD+= ${LIBLDNS}
#LDADD+= -lldns
#USEPRIVATELIB+= ldns
.endif
DPADD+= ${LIBCRYPT} ${LIBCRYPTO} ${LIBZ}
LDADD+= -lcrypt -lcrypto -lz
.include <bsd.prog.mk>
.PATH: ${SSHDIR}

View File

@ -1,5 +1,4 @@
# $FreeBSD$
#
.include <bsd.own.mk>
@ -16,10 +15,17 @@ SRCS= ssh.c readconf.c clientloop.c sshtty.c \
# gss-genr.c really belongs in libssh; see src/secure/lib/libssh/Makefile
SRCS+= gss-genr.c
DPADD= ${LIBSSH} ${LIBUTIL} ${LIBZ}
LDADD= -lssh -lutil -lz
DPADD= ${LIBSSH} ${LIBUTIL}
LDADD= -lssh -lutil
USEPRIVATELIB= ssh
.if ${MK_LDNS} != "no"
CFLAGS+= -DHAVE_LDNS=1
DPADD+= ${LIBLDNS}
LDADD+= -lldns
USEPRIVATELIB+= ldns
.endif
.if ${MK_KERBEROS_SUPPORT} != "no"
CFLAGS+= -DGSSAPI -DHAVE_GSSAPI_GSSAPI_H=1 -DKRB5 -DHEIMDAL
DPADD+= ${LIBGSSAPI}
@ -30,8 +36,8 @@ LDADD+= -lgssapi
CFLAGS+= -DNONE_CIPHER_ENABLED
.endif
DPADD+= ${LIBCRYPT} ${LIBCRYPTO}
LDADD+= -lcrypt -lcrypto
DPADD+= ${LIBCRYPT} ${LIBCRYPTO} ${LIBZ}
LDADD+= -lcrypt -lcrypto -lz
.if defined(LOCALBASE)
CFLAGS+= -DXAUTH_PATH=\"${LOCALBASE}/bin/xauth\"

View File

@ -1,5 +1,4 @@
# $FreeBSD$
#
.include <bsd.own.mk>
@ -25,10 +24,17 @@ SRCS+= gss-genr.c
MAN= sshd.8 sshd_config.5
CFLAGS+=-I${SSHDIR} -include ssh_namespace.h
DPADD= ${LIBSSH} ${LIBUTIL} ${LIBZ} ${LIBWRAP} ${LIBPAM}
LDADD= -lssh -lutil -lz -lwrap ${MINUSLPAM}
DPADD= ${LIBSSH} ${LIBUTIL} ${LIBWRAP} ${LIBPAM}
LDADD= -lssh -lutil -lwrap ${MINUSLPAM}
USEPRIVATELIB= ssh
.if ${MK_LDNS} != "no"
CFLAGS+= -DHAVE_LDNS=1
#DPADD+= ${LIBLDNS}
#LDADD+= -lldns
#USEPRIVATELIB+= ldns
.endif
.if ${MK_AUDIT} != "no"
CFLAGS+= -DUSE_BSM_AUDIT -DHAVE_GETAUDIT_ADDR
DPADD+= ${LIBBSM}
@ -36,17 +42,20 @@ LDADD+= -lbsm
.endif
.if ${MK_KERBEROS_SUPPORT} != "no"
CFLAGS+= -DGSSAPI -DHAVE_GSSAPI_GSSAPI_H=1 -DHAVE_GSSAPI_GSSAPI_KRB5_H=1 -DKRB5 -DHEIMDAL
DPADD+= ${LIBGSSAPI_KRB5} ${LIBGSSAPI} ${LIBKRB5} ${LIBASN1}
LDADD+= -lgssapi_krb5 -lgssapi -lkrb5 -lasn1
CFLAGS+= -DGSSAPI -DKRB5 -DHEIMDAL \
-DHAVE_GSSAPI_GSSAPI_H=1 -DHAVE_GSSAPI_GSSAPI_KRB5_H=1
DPADD+= ${LIBGSSAPI_KRB5} ${LIBGSSAPI} ${LIBKRB5} ${LIBHX509} ${LIBASN1} \
${LIBCOM_ERR} ${LIBROKEN} ${LIBWIND} ${LIBHEIMBASE} ${LIBHEIMIPCC}
LDADD+= -lgssapi_krb5 -lgssapi -lkrb5 -lhx509 -lasn1 \
-lcom_err -lroken -lwind -lheimbase -lheimipcc
.endif
.if ${MK_OPENSSH_NONE_CIPHER} != "no"
CFLAGS+= -DNONE_CIPHER_ENABLED
.endif
DPADD+= ${LIBCRYPTO} ${LIBCRYPT}
LDADD+= -lcrypto -lcrypt
DPADD+= ${LIBCRYPT} ${LIBCRYPTO} ${LIBZ}
LDADD+= -lcrypt -lcrypto -lz
.if defined(LOCALBASE)
CFLAGS+= -DXAUTH_PATH=\"${LOCALBASE}/bin/xauth\"