| ################################################################################ |
| # |
| # openssh |
| # |
| ################################################################################ |
| |
| OPENSSH_VERSION_MAJOR = 9.8 |
| OPENSSH_VERSION_MINOR = p1 |
| OPENSSH_VERSION = $(OPENSSH_VERSION_MAJOR)$(OPENSSH_VERSION_MINOR) |
| OPENSSH_CPE_ID_VERSION = $(OPENSSH_VERSION_MAJOR) |
| OPENSSH_CPE_ID_UPDATE = $(OPENSSH_VERSION_MINOR) |
| OPENSSH_SITE = http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable |
| OPENSSH_LICENSE = BSD-3-Clause, BSD-2-Clause, Public Domain |
| OPENSSH_LICENSE_FILES = LICENCE |
| |
| OPENSSH_CONF_ENV = \ |
| LD="$(TARGET_CC)" \ |
| LDFLAGS="$(TARGET_CFLAGS)" \ |
| LIBS=`$(PKG_CONFIG_HOST_BINARY) --libs openssl` |
| OPENSSH_CPE_ID_VENDOR = openbsd |
| OPENSSH_CONF_OPTS = \ |
| --sysconfdir=/etc/ssh \ |
| --with-default-path=$(BR2_SYSTEM_DEFAULT_PATH) \ |
| $(if $(BR2_PACKAGE_OPENSSH_SANDBOX),--with-sandbox,--without-sandbox) \ |
| --disable-lastlog \ |
| --disable-utmp \ |
| --disable-utmpx \ |
| --disable-wtmp \ |
| --disable-wtmpx \ |
| --disable-strip |
| |
| OPENSSH_SELINUX_MODULES = ssh |
| |
| define OPENSSH_PERMISSIONS |
| /var/empty d 755 root root - - - - - |
| endef |
| |
| ifeq ($(BR2_TOOLCHAIN_HAS_GCC_BUG_110934),y) |
| OPENSSH_CONF_OPTS += --without-hardening |
| endif |
| |
| ifeq ($(BR2_TOOLCHAIN_SUPPORTS_PIE),) |
| OPENSSH_CONF_OPTS += --without-pie |
| endif |
| |
| OPENSSH_DEPENDENCIES = host-pkgconf zlib openssl |
| |
| # crypt() in libcrypt only required for sshd. |
| ifeq ($(BR2_PACKAGE_OPENSSH_SERVER)$(BR2_PACKAGE_LIBXCRYPT),yy) |
| OPENSSH_DEPENDENCIES += libxcrypt |
| endif |
| |
| ifeq ($(BR2_PACKAGE_CRYPTODEV_LINUX),y) |
| OPENSSH_DEPENDENCIES += cryptodev-linux |
| OPENSSH_CONF_OPTS += --with-ssl-engine |
| else |
| OPENSSH_CONF_OPTS += --without-ssl-engine |
| endif |
| |
| ifeq ($(BR2_PACKAGE_AUDIT),y) |
| OPENSSH_DEPENDENCIES += audit |
| OPENSSH_CONF_OPTS += --with-audit=linux |
| else |
| OPENSSH_CONF_OPTS += --without-audit |
| endif |
| |
| ifeq ($(BR2_PACKAGE_LINUX_PAM),y) |
| define OPENSSH_INSTALL_PAM_CONF |
| $(INSTALL) -D -m 644 $(@D)/contrib/sshd.pam.generic $(TARGET_DIR)/etc/pam.d/sshd |
| $(SED) '\%password required /lib/security/pam_cracklib.so%d' $(TARGET_DIR)/etc/pam.d/sshd |
| $(SED) 's/\#UsePAM no/UsePAM yes/' $(TARGET_DIR)/etc/ssh/sshd_config |
| endef |
| |
| OPENSSH_DEPENDENCIES += linux-pam |
| OPENSSH_CONF_OPTS += --with-pam |
| OPENSSH_POST_INSTALL_TARGET_HOOKS += OPENSSH_INSTALL_PAM_CONF |
| else |
| OPENSSH_CONF_OPTS += --without-pam |
| endif |
| |
| ifeq ($(BR2_PACKAGE_LIBSELINUX),y) |
| OPENSSH_DEPENDENCIES += libselinux |
| OPENSSH_CONF_OPTS += --with-selinux |
| else |
| OPENSSH_CONF_OPTS += --without-selinux |
| endif |
| |
| ifeq ($(BR2_PACKAGE_SYSTEMD_SYSUSERS),y) |
| define OPENSSH_INSTALL_SYSTEMD_SYSUSERS |
| $(INSTALL) -m 0644 -D package/openssh/sshd-sysusers.conf \ |
| $(TARGET_DIR)/usr/lib/sysusers.d/sshd.conf |
| endef |
| else |
| define OPENSSH_USERS |
| sshd -1 sshd -1 * /var/empty - - SSH drop priv user |
| endef |
| endif |
| |
| # Let the default install rule only install the configuration file. |
| # The programs will be installed based on the config options selected. |
| OPENSSH_INSTALL_TARGET_OPTS = DESTDIR=$(TARGET_DIR) install-sysconf |
| |
| ifeq ($(BR2_PACKAGE_OPENSSH_CLIENT),y) |
| define OPENSSH_INSTALL_CLIENT_PROGRAMS |
| $(INSTALL) -D -m 0755 $(@D)/ssh $(TARGET_DIR)/usr/bin/ssh |
| $(INSTALL) -D -m 0755 $(@D)/scp $(TARGET_DIR)/usr/bin/scp |
| $(INSTALL) -D -m 0755 $(@D)/sftp $(TARGET_DIR)/usr/bin/sftp |
| $(INSTALL) -D -m 0755 $(@D)/ssh-agent $(TARGET_DIR)/usr/bin/ssh-agent |
| $(INSTALL) -D -m 0755 $(@D)/ssh-add $(TARGET_DIR)/usr/bin/ssh-add |
| $(INSTALL) -D -m 4711 $(@D)/ssh-keysign $(TARGET_DIR)/usr/libexec/ssh-keysign |
| $(INSTALL) -D -m 0755 $(@D)/ssh-pkcs11-helper $(TARGET_DIR)/usr/libexec/ssh-pkcs11-helper |
| $(INSTALL) -D -m 0755 $(@D)/contrib/ssh-copy-id $(TARGET_DIR)/usr/bin/ssh-copy-id |
| endef |
| OPENSSH_POST_INSTALL_TARGET_HOOKS += OPENSSH_INSTALL_CLIENT_PROGRAMS |
| endif |
| |
| ifeq ($(BR2_PACKAGE_OPENSSH_SERVER),y) |
| define OPENSSH_INSTALL_SERVER_PROGRAMS |
| $(INSTALL) -D -m 0755 $(@D)/sshd $(TARGET_DIR)/usr/sbin/sshd |
| $(INSTALL) -D -m 0755 $(@D)/sshd-session $(TARGET_DIR)/usr/libexec/sshd-session |
| $(INSTALL) -D -m 0755 $(@D)/sftp-server $(TARGET_DIR)/usr/libexec/sftp-server |
| endef |
| OPENSSH_POST_INSTALL_TARGET_HOOKS += OPENSSH_INSTALL_SERVER_PROGRAMS |
| |
| define OPENSSH_INSTALL_INIT_SYSTEMD |
| $(INSTALL) -D -m 644 package/openssh/sshd.service \ |
| $(TARGET_DIR)/usr/lib/systemd/system/sshd.service |
| $(OPENSSH_INSTALL_SYSTEMD_SYSUSERS) |
| endef |
| |
| define OPENSSH_INSTALL_INIT_SYSV |
| $(INSTALL) -D -m 755 package/openssh/S50sshd \ |
| $(TARGET_DIR)/etc/init.d/S50sshd |
| endef |
| endif |
| |
| ifeq ($(BR2_PACKAGE_OPENSSH_KEY_UTILS),y) |
| define OPENSSH_INSTALL_KEY_UTILS |
| $(INSTALL) -D -m 0755 $(@D)/ssh-keygen $(TARGET_DIR)/usr/bin/ssh-keygen |
| $(INSTALL) -D -m 0755 $(@D)/ssh-keyscan $(TARGET_DIR)/usr/bin/ssh-keyscan |
| endef |
| OPENSSH_POST_INSTALL_TARGET_HOOKS += OPENSSH_INSTALL_KEY_UTILS |
| endif |
| |
| $(eval $(autotools-package)) |