Commit Graph

95 Commits

Author SHA1 Message Date
des
a651b056f9 ssh-keysign(8) belongs in /usr/libexec, not in /usr/bin, and needs to be
setuid so ssh(1) doesn't have to be.

Pointy hat to:	des
Submitted by:	Katsuyuki TATEISHI <katsu@iec.hiroshima-u.ac.jp>
2002-07-05 08:39:09 +00:00
des
513df53f59 No guts, no glory. Switch to OpenSSH-portable.
Sponsored by:	DARPA, NAI Labs
2002-06-25 19:10:09 +00:00
des
9720b176d2 My previous style commits weren't entirely right. Fix some bugs I
introduced, and a few more I hadn't yet fixed.

Submitted by:	bde
2002-06-24 12:32:30 +00:00
des
a2f0c70ddc Previous commit made no sense. 2002-06-24 10:17:26 +00:00
des
c053249a36 Fix style and unbreal static build. 2002-06-24 10:16:38 +00:00
des
107ff84363 Install the new man pages. 2002-06-23 21:43:43 +00:00
des
8577d3fa57 Update Makefiles for OpenSSH 3.3. 2002-06-23 16:09:29 +00:00
markm
8082500a64 Build using pregenerated manpages; don't use perl to translate .pod's.
The translated .pod's have already been committed.
2002-05-14 19:39:00 +00:00
ru
8ad1c2807b Milestone #1 in cross-arch make releases.
Do not install games and profiled libraries to the ${CHROOTDIR}
with the initial installworld.

Eliminate the need in the second installworld.  For that, make sure
_everything_ is built in the "world" environment, using the right
tool chain.

Added SUBDIR_OVERRIDE helper stuff to Makefile.inc1.  Split the
buildworld process into stages, and skip some stages when
SUBDIR_OVERRIDE is set (used to build crypto, krb4, and krb5
dists).

Added NO_MAKEDB_RUN knob to Makefile.inc1 to avoid running
makewhatis(1) at the end of installworld (used when making crypto,
krb4, and krb5 dists).

In release/scripts/doFS.sh, ensure that the correct boot blocks are
used.

Moved the creation of the "crypto" dist from release.5 to
release.2.

In release.3 and doMFSKERN, build kernels in the "world"
environment.  KERNELS now means "additional" kernels, GENERIC is
always built.

Ensure we build crunched binaries in the "world" environment.
Obfuscate release/Makefile some more (WMAKEENV) to achieve this.

Inline createBOOTMFS target.

Use already built GENERIC kernel modules to augment mfsfd's
/stand/modules.  GC doMODULES as such.

Assorted fixes:

Get rid of the "afterdistribute" target by moving the single use
of it from sys/Makefile to etc/Makefile's "distribute".

Makefile.inc1: apparently "etc" no longer needs to be last for
"distribute" to succeed.

gnu/usr.bin/perl/library/Makefile.inc: do not override the
"install" and "distribute" targets, do it the "canonical" way.

release/scripts/{man,cat}pages-make.sh: make sure Perl manpages and
catpages appear in the right dists.  Note that because Perl does
not respect the MANBUILDCAT (and NOMAN), this results in a loss of
/usr/share/perl/man/cat* empty directories.  This will be fixed
soon.

Turn MAKE_KERBEROS4 into a plain boolean variable (if it is set it
means "make KerberosIV"), as documented in the make.conf(5)
manpage.  Most of the userland makefiles did not test it for "YES"
anyway.

XXX Should specialized kerberized libpam versions be included into
the krb4 and krb5 dists?  (libpam.a would be incorrect anyway if
both krb4 and krb5 dists were choosen.)

Make sure "games" dist is made before "catpages", otherwise games
catpages settle in the wrong dist.

Fast build machine provided by: Igor Kucherenko <kivvy@sunbay.com>
2002-04-26 17:55:27 +00:00
des
8b705f089a Adjust for OpenSSH 3.1.
Sponsored by:	DARPA, NAI Labs
2002-03-18 10:20:33 +00:00
ru
b2c3dc0715 Now that cross-tools ld(1) has been fixed to look for dynamic
dependencies in the correct place, record the fact that -lssh
depends on -lcrypto and -lz.

Removed false dependencies on -lz (except ssh(1) and sshd(8)).
Removed false dependencies on -lcrypto and -lutil for scp(1).

Reviewed by:	markm
2002-02-08 13:42:58 +00:00
ru
c9d8bf8608 Add pam_ssh support to the static PAM library, libpam.a:
- Spam /usr/lib some more by making libssh a standard library.
- Tweak ${LIBPAM} and ${MINUSLPAM}.
- Garbage collect unused libssh_pic.a.
- Add fake -lz dependency to secure/ makefiles needed for
  dynamic linkage with -lssh.

Reviewed by:	des, markm
Approved by:	markm
2002-01-23 15:54:17 +00:00
markm
7f33af3e59 Clean up makefiles, and turn on WARNS=2. Take into account the telnet
#if cleanup.
2001-11-30 21:10:58 +00:00
markm
e909686930 Diff reduce all the crypto telnet Makefiles. 2001-08-20 12:32:45 +00:00
bde
7f2b2ff935 Link to libcipher in the usual way. `bdes' depended on a nonexistent
library.  This only worked because of the undocmented feature of make(1)
that targets named foo.a are always up to date.

Fixed some style bugs.
2001-08-03 22:28:25 +00:00
markm
18d8718070 Revamp and diff-reduce the various secure telnets. Make sure that
Kerberos5 has _a_ telnet (which is not currently K5 enabled).
Incorporate BDE's static linking fixes.
2001-08-03 16:03:26 +00:00
bde
150ca138e2 Fixed world breakage when NOSHARED=yes. libmp now depends on libcrypto,
so it must be linked before libcrypto to work right.
2001-07-30 14:36:19 +00:00
ru
e3b0021e39 Added missing DPADD and CLEANFILES. 2001-07-12 09:17:51 +00:00
bde
a968ca96b6 Fixed world breakage in previous commit. -lpam must never be used
directly (except in the definition of MINUSLPAM in bsd.libnames.mk)
since it doesn't give all the libraries necessary for static linkage.

Fixed missing ${LIBPAM} in DPADD.

Fixed some style bugs in DPADD and LDADD.
2001-05-09 14:30:49 +00:00
nsayer
ce2648b0d2 Add PAM support to SRA authentication. Cribbed mostly from ftpd. This
doesn't solve the problem of root being allowed to log in, but that sort
of thing is something PAM should be doing anyway.
2001-05-07 20:38:39 +00:00
green
a0c1c483e2 Follow the OpenSSH 2.9 upgrade with the infrastructure. Two new
programs are now included: sftp(1) and ssh-keyscan(1).
2001-05-04 04:21:25 +00:00
ru
98c6ecb383 Bye-bye /usr/lib/libtelnet.a. This should fix ``make release'' brokeness.
Approved by:	markm
2001-03-28 12:08:22 +00:00
ru
ffbd5f978d secure/ build fixes:
- TELNETOBJDIR is gone.  `buildworld' already installs libtelnet.a
  in ${WORLDTMP}/usr/lib, and we have LIBRARY_PATH pointing there.

- SSHDIR (formerly SSHSRC) is now shared between all SSH modules.
  New LIBSSH is introduced for libssh.a (an internal static lib).
  Previously, build without prior `obj' was broken; SSH modules
  always looked for libssh.a in ${.OBJDIR}.  Also, the dependancies
  on the libssh.a were missing.

- libtelnet/ did not install the crypto version of telnet.h into
  /usr/include/arpa.

- Removed BINOWN, BINMODE, BINDIR and SRCS with default values.

Reviewed by:	markm

- MAN[1-9] -> MAN.
2001-03-26 14:53:33 +00:00
ru
a2560551a0 man(7) -> mdoc(7). 2001-01-16 15:28:12 +00:00
green
dd707cf4f4 Disable /usr/bin/ssh being setuid root by default. Let the variable
ENABLE_SUID_SSH being defined reenable it for those that want it.

This follows discussion favoring the change from September.  It
is not usually necessary to be setuid root, possibly less safe,
and less convenient (cannot use $HOSTALIASES, for example).

Submitted by:	jedgar
2000-11-14 04:42:25 +00:00
kris
1925c689bb Update for OpenSSL 0.9.6 2000-11-13 02:21:38 +00:00
kris
f9e92409b4 Update for OpenSSH 2.2.0 2000-09-10 09:43:29 +00:00
ache
c0ebc50c76 Add missing quotes around xauth path 2000-08-23 19:14:48 +00:00
kris
aba57a02e8 Respect X11BASE to derive the location of xauth(1)
PR:		17818
Submitted by:	Bjoern Fischer <bfischer@Techfak.Uni-Bielefeld.DE>
2000-08-23 09:39:20 +00:00
kris
509680f8f3 Install the openssl(1) manpage with an MLINK from ssl(8) to at least put
something in the location where OpenSSH likes to point.
2000-08-03 05:29:04 +00:00
peter
e2062d0bd5 Add missing $FreeBSD$ to files that are NOT still on vendor a branch. 2000-07-16 05:48:49 +00:00
markm
2fe0472e39 MFI. This is a documentation-only, diffreducing patch, that if
invoked will cause breakage. US Users - DO NOT try to turn on
IDEA - the sources are not included.
2000-06-24 06:50:58 +00:00
kris
45c7889547 Update for OpenSSH 2.1 2000-05-15 05:26:50 +00:00
kris
ec2fce6561 Update for OpenSSL 0.9.5a and clean up a bit. 2000-04-13 07:37:35 +00:00
kris
2325c37f86 Missed a fix for the new openssh; this fixes make world. 2000-03-26 21:17:11 +00:00
kris
f2ad2382fd Update for latest OpenSSH 2000-03-26 07:54:12 +00:00
kris
0d1f47825b Buildworld fixes for NO_OPENSSH and NO_OPENSSL
Approved by:	jkh
2000-03-09 06:29:05 +00:00
jhay
9e73fea413 MFI: Make ssh and sshd link in the krb5 part of make release.
Reviewed by:	markm
2000-03-03 20:34:05 +00:00
markm
b401a071dd New distribution names. 2000-02-28 19:25:34 +00:00
peter
58c2a78aa2 Merge from internat.freebsd.org repo, minus change to rsa_eay.c (missing)
Reorganize and unify libcrypto's interface so that the RSA implementation
is chosen at runtime via dlopen().

This is a checkpoint and may require more tweaks still.
2000-02-26 13:13:03 +00:00
peter
3e7de8aad5 Merge from internat.freebsd.org; deal with -DRSAref the same way as
libcrypto - not that it means much on the US code tree.
2000-02-25 14:15:31 +00:00
peter
47e3d89f30 Don't pull in libRSAglue for the rsaref case. Since this is linked
dynamically by default, we use the dlopen() calls to load librsaref.so
on US code trees.
2000-02-25 08:21:35 +00:00
markm
ef025b40ab Build everything properly. This means:
o Don't b uild libdes.

o Crypto is now housed in libcrypto (with a compatability symlink to
  libdes)

o RSA may depend on RSAREF at your locale.

o OpenSSH is now a part of the base system.
2000-02-24 18:59:34 +00:00
markm
e2eb488588 Add the OpenSSH userland-building Makefiles. 2000-02-24 17:00:55 +00:00
markm
95d086535d Diff reducer. Comes from Internat. 2000-02-24 09:52:37 +00:00
markm
785e71a1db Remove useless whitespace.
Part of big commit OK'ed by: JKH
2000-02-24 09:48:58 +00:00
kris
85bfffb077 Back out the previous commit - it broke world and was not approved.
I don't know what I was thinking committing without approval - sorry.
2000-02-14 08:09:52 +00:00
kris
f7d8edf2df Link dynamically, not statically. 2000-02-13 00:53:12 +00:00
kris
e47db973e2 Add NO_OPENSSL knob to turn off building of openssl
Requested by:   wollman
2000-01-30 04:12:49 +00:00
shin
ce15efb7c0 another tcp apps IPv6 updates.(should be make world safe)
ftp, telnet, ftpd, faithd
  also telnet related sync with crypto, secure, kerberosIV

Obtained from: KAME project
2000-01-27 09:28:38 +00:00