Commit Graph

436 Commits

Author SHA1 Message Date
Ruslan Ermilov
e1fe3dba5c Reimplementation of world/kernel build options. For details, see:
http://lists.freebsd.org/pipermail/freebsd-current/2006-March/061725.html

The src.conf(5) manpage is to follow in a few days.

Brought to you by:	imp, jhb, kris, phk, ru (all bugs are mine)
2006-03-17 18:54:44 +00:00
Christian S.J. Peron
d57d58dac4 Hook audit into OpenSSH. Now that the necessary bits for OpenSSH support
have been added with the latest OpenBSM import, hook USE_BSM_AUDIT into
build conditionally.

For users which do not care for audit support and do not want to compile
it into their SSH servers, add the following to the /etc/make.conf:

	NO_AUDIT=true

Discussed with:	rwatson
Obtained from:	TrustedBSD Project
2006-02-12 07:19:45 +00:00
Doug Rabson
c0b9f4fe65 Add a new extensible GSS-API layer which can support GSS-API plugins,
similar the the Solaris implementation. Repackage the krb5 GSS mechanism
as a plugin library for the new implementation. This also includes a
comprehensive set of manpages for the GSS-API functions with text mostly
taken from the RFC.

Reviewed by: Love Hörnquist Åstrand <lha@it.su.se>, ru (build system), des (openssh parts)
2005-12-29 14:40:22 +00:00
Ruslan Ermilov
c1c28da069 Revert last revision by phk@, it's redundant since bsd.incs.mk
already handles this, FWIW.
2005-11-19 07:04:17 +00:00
Dag-Erling Smørgrav
725f8b7693 Update for OpenSSH 4.2p1. 2005-09-03 07:10:33 +00:00
Poul-Henning Kamp
f06e2f8233 Don't install includes if NO_TOOLCHAIN 2005-08-03 09:18:59 +00:00
Ken Smith
a84020c2b9 Bump the shared library version number of all libraries that have not
been bumped since RELENG_5.

Reviewed by:	ru
Approved by:	re (not needed for commit check but in principle...)
2005-07-22 17:19:05 +00:00
Dag-Erling Smørgrav
40e0db94af Revert the commits that made libssh an INTERNALLIB; they caused too much
trouble, especially on amd64.

Requested by:	ru
2005-06-07 09:31:28 +00:00
Dag-Erling Smørgrav
32f80c77d0 Make libssh an INTERNALLIB like it is in {Net,Open}BSD. 2005-06-06 16:13:07 +00:00
Dag-Erling Smørgrav
015bad3598 Update for OpenSSH 4.1p1. 2005-06-05 15:47:07 +00:00
Jacques Vidrine
d6608aaa6e Update OpenSSL 0.9.7d -> 0.9.7e. 2005-02-25 06:04:12 +00:00
Ruslan Ermilov
e7b3b699a2 Define PLATFORM correctly when cross-building. 2005-02-16 20:55:47 +00:00
Ruslan Ermilov
ca78f10352 Sync program's usage() with manpage's SYNOPSIS. 2005-02-10 14:47:06 +00:00
Diomidis Spinellis
a13476cc13 Correctly hide the command arguments.
PR:		bin/76374
MFC after:	2 weeks
2005-01-17 21:46:13 +00:00
Ruslan Ermilov
a216173556 NOCRYPT -> NO_CRYPT 2004-12-21 10:16:04 +00:00
Ruslan Ermilov
ab7a294721 NODOCCOMPRESS -> NO_DOCCOMPRESS
NOINFO -> NO_INFO
NOINFOCOMPRESS -> NO_INFOCOMPRESS
NOLINT -> NO_LINT
NOPIC -> NO_PIC
NOPROFILE -> NO_PROFILE
2004-12-21 09:33:47 +00:00
Ruslan Ermilov
f1f6253f4f NOLIBC_R -> NO_LIBC_R
NOLIBPTHREAD -> NO_LIBPTHREAD
NOLIBTHR -> NO_LIBTHR
2004-12-21 09:00:26 +00:00
Dag-Erling Smørgrav
5ba618aa27 Update for OpenSSH 3.9p1. 2004-10-28 16:04:23 +00:00
Ruslan Ermilov
a35d88931c For variables that are only checked with defined(), don't provide
any fake value.
2004-10-24 15:33:08 +00:00
Mark Murray
1f9bb6cd25 Add support for C3 Nehemiah ACE ("Padlock") AES crypto. This comes
from OpenSSL 0.9.5 (yet to be released), and is pretty complete.
2004-08-14 13:38:35 +00:00
Colin Percival
d37df47d31 Join the 21st century: Cryptography is no longer an optional component
of releases.  The -DNOCRYPT build option still exists for anyone who
really wants to build non-cryptographic binaries, but the "crypto"
release distribution is now part of "base", and anyone installing from a
release will get cryptographic binaries.

Approved by:	re (scottl), markm
Discussed on:	freebsd-current, in late April 2004
2004-08-06 07:27:08 +00:00
Olivier Houchard
59315819d5 Import the openssl conf for arm. 2004-05-14 12:26:51 +00:00
Ruslan Ermilov
1116791977 Record the libssl.so dependency on libcrypto.so. This should
help some ports that depend on libradius that recently gained
the dependency on libssl.  This is also how the stock OpenSSL
build would link libssl.so on FreeBSD.

Prompted by:	kris
OK'ed by:	markm, nectar
2004-05-13 07:51:47 +00:00
Marcel Moolenaar
a1cd6de6a6 Fix release builds (release.3 target). We also need to rebuild libradius,
because otherwise it will remain having a dependency upon libssl. This
breaks the non-crypto build that happens for release.3

While here, order the list of programs and libraries.

Speculating review feedback from: ru
2004-05-02 17:38:27 +00:00
Ruslan Ermilov
1f2cef4790 Turn MAKE_IDEA into a true "bool" type variable, as documented in
the make.conf(5) manpage.

PR:		conf/65738
OK'ed by:	markm
2004-04-19 11:35:15 +00:00
Peter Wemm
d901a5218e Turn on the amd64-specific bignum code in openssl. This is actually
a variant of the C code but with some scattered asm and things laid out
more optimally for the platform.  This means that we need to the asm
directory to the search path for the amd64 case so that make can find
the source.
2004-04-14 23:26:26 +00:00
David Malone
8a56b12482 Remove the -pthread from the last commit, as OpenSSL doesn't actually
call any pthread functions as we use compile it. We keep the
-DOPENSSL_THREADS, which stops OpenSSL doing thread-unsafe stuff.

Requested by:	ru
2004-03-30 21:04:04 +00:00
David Malone
1251855f52 Build OpenSSL so that it extects that is may be used in a threaded
environment. This stops some ports keeling over on an OpenSSL assert.
(The patch is not exactly the one from the PR, but has been refined
based on advice from freebsd-threads.)

PR:		51205
Submitted by:	Jim Westfall <jwestfall@surrealistic.net>
MFC after:	1 month
2004-03-30 11:30:02 +00:00
Mark Murray
f3d90904b0 Re-add the hand-optimised assembler versions of some of the ciphers
to the build.

Should have done this ages ago:	markm
Reminded above to do this:	peter
2004-03-23 08:32:29 +00:00
Jacques Vidrine
03886b3681 Update manual pages for OpenSSL 0.9.7d. 2004-03-17 16:15:46 +00:00
Dag-Erling Smørgrav
40dd33e888 Update for 3.8p1, including workaround for a bug in gss-genr.c. 2004-02-26 11:26:46 +00:00
Johan Karlsson
604d24db95 style.Makefile(5):
Use WARNS?= instead of WARNS=.
2004-02-23 20:25:27 +00:00
Ruslan Ermilov
9ee9ecea00 Use the default threading library if requested.
Reviewed by:	des, deischen
2004-02-07 08:23:48 +00:00
Ruslan Ermilov
47d7e8a96f Fixed style of DPADD and LDADD assignments as per style.Makefile(5). 2004-02-05 22:44:25 +00:00
Ruslan Ermilov
526f81a883 - Removed libmd from the Kerberos library set.
- Removed libopie and libmd; libopie used to serve auth-skey.c
  which is compiled now only to ease maintenance, as well as
  a few other auth-*.c sources.

Reviewed by:	des
2004-02-02 22:00:35 +00:00
Ruslan Ermilov
640e686c42 Added two utility targets "secure" and "insecure", analogous to
"kerberize" and "dekerberize" in kerberos5/Makefile.  These can
be used to recompile bits with optional crypto support with and
without crypto, respectively.

Reviewed by:	markm
2004-01-18 07:44:53 +00:00
Ruslan Ermilov
90165ba56f Once upon a time we had both "crypto" and "krb5" distributions,
and rebuilt some bits with crypto but without Kerberos support
(most notably SSH) during "make release", to put them into the
"crypto" distribution.

Now that we don't ship the separate "krb5" distribution anymore
(it's now part of the "crypto" distribuion), don't waste time
recompiling SSH bits without crypto and without Kerberos support
in an attempt to put them in the "base" distribution -- it just
doesn't work as SSH always uses crypto code.

We avoid this by not rebuilding KPROGS from kerberos5/Makefile in
release/Makefile and adding "libpam" to SPROGS in secure/Makefile
to ensure it's still rebuilt without crypto support for the "base"
distribution.  (Disabling crypto (NOCRYPT) also disables building
of Kerberos-related PAM modules, and it's OK to depend on this.)

This should be a no-op change saving some "make release" time.
2004-01-17 19:22:36 +00:00
Ruslan Ermilov
d82881651b - Properly build both crypto and non-crypto versions of the
package management tools.

- Drop redundant dependency of pkg_create(1) and pkg_delete(1)
  on crypto libraries now that they do not link with libfetch.
2004-01-17 13:41:16 +00:00
Ruslan Ermilov
0ad21c4f14 Removed well outdated comment. 2004-01-17 03:12:46 +00:00
Ruslan Ermilov
9387ab35e7 Cosmetics: rearrange the dependency list to match that of ssh and sshd.
Reviewed by:	des
2004-01-08 11:41:02 +00:00
Ruslan Ermilov
e1542a4058 Fixed static linkage.
Reviewed by:	des
2004-01-08 11:40:19 +00:00
Dag-Erling Smørgrav
e7ffa415e8 Use += instead of = with DPADD / LDADD. 2004-01-08 09:50:56 +00:00
Dag-Erling Smørgrav
9f80be8e3d Enable GSSAPI support. [1]
Also remove some duplicates from ssh's SRCS.

Submitted by:	[1] Björn Grönvall <bg@sics.se>
2004-01-08 09:05:24 +00:00
Dag-Erling Smørgrav
3b7f13a03b Previous commit erroneously listed some sources with .o suffixes. 2004-01-07 11:59:52 +00:00
Dag-Erling Smørgrav
a04e3d6c30 Update Makefiles for OpenSSH 3.7.1p2. 2004-01-07 11:17:23 +00:00
Gordon Tetlow
c45db69312 Explicitly add libz and libcrypto to LDADD for any ssh utilities missing
it. While not strictly required, it unbreaks the cross-build world that
is resulting from moving the libraries around.

I have a more permanent solution to this problem in the works, but I
asked des for permission to commit this to get the ball rolling. This
also makes the ssh build more along the lines of what the openssh-portable
and OpenBSD openssh Makefile glue does.

Reviewed by:	des
2003-08-19 07:45:03 +00:00
Gordon Tetlow
41d8423f71 Stage 3 of dynamic root support. Make all the libraries needed to run
binaries in /bin and /sbin installed in /lib. Only the versioned files
reside in /lib, the .so symlink continues to live /usr/lib so the
toolchain doesn't need to be modified.
2003-08-17 08:28:46 +00:00
Mark Murray
4afa371832 Very big makeover in the way telnet, telnetd and libtelnet are built.
Previously, there were two copies of telnet; a non-crypto version
that lived in the usual places, and a crypto version that lived in
crypto/telnet/. The latter was built in a broken manner somewhat akin
to other "contribified" sources. This meant that there were 4 telnets
competing with each other at build time - KerberosIV, Kerberos5,
plain-old-secure and base. KerberosIV is no longer in the running, but
the other three took it in turns to jump all over each other during a
"make buildworld".

As the crypto issue has been clarified, and crypto _calls_ are not
a problem, crypto/telnet has been repo-copied to contrib/telnet,
and with this commit, all telnets are now "contribified". The contrib
path was chosen to not destroy history in the repository, and differs
from other contrib/ entries in that it may be worked on as "normal"
BSD code. There is no dangerous crypto in these sources, only a
very weak system less strong than enigma(1).

Kerberos5 telnet and Secure telnet are now selected by using the usual
macros in /etc/make.conf, and the build process is unsurprising and
less treacherous.
2003-07-16 20:59:15 +00:00
Ruslan Ermilov
55c90a95a4 Fixed "make checkdpadd".
OK'ed by:	markm
2003-07-02 23:38:42 +00:00
Mark Murray
8027fe397a Fix for the NO_OPENSSL case.
Reported by:	Marius Strobl <marius@alchemy.franken.de>
2003-06-08 08:24:07 +00:00