From owner-svn-src-all@FreeBSD.ORG Tue Sep 10 22:26:14 2013 Return-Path: Delivered-To: svn-src-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id 613C3C9; Tue, 10 Sep 2013 22:26:14 +0000 (UTC) (envelope-from des@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 31C202254; Tue, 10 Sep 2013 22:26:14 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.7/8.14.7) with ESMTP id r8AMQElY055766; Tue, 10 Sep 2013 22:26:14 GMT (envelope-from des@svn.freebsd.org) Received: (from des@localhost) by svn.freebsd.org (8.14.7/8.14.5/Submit) id r8AMQBRr055749; Tue, 10 Sep 2013 22:26:11 GMT (envelope-from des@svn.freebsd.org) Message-Id: <201309102226.r8AMQBRr055749@svn.freebsd.org> From: Dag-Erling Smørgrav Date: Tue, 10 Sep 2013 22:26:11 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r255460 - in head: . secure/lib/libssh secure/libexec/sftp-server secure/libexec/ssh-keysign secure/libexec/ssh-pkcs11-helper secure/usr.bin/scp secure/usr.bin/sftp secure/usr.bin/ssh s... X-SVN-Group: head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 10 Sep 2013 22:26:14 -0000 Author: des Date: Tue Sep 10 22:26:11 2013 New Revision: 255460 URL: http://svnweb.freebsd.org/changeset/base/255460 Log: Clean up the OpenSSH build. It is now possible to build most components as static binaries, if desired. The one exception is sshd, which runs into trouble due to libpam.a's includion of pam_ssh. Make OpenSSH use LDNS if available. This allows it to verify signed SSHFP records. Approved by: re (blanket) Modified: head/Makefile.inc1 head/secure/lib/libssh/Makefile head/secure/libexec/sftp-server/Makefile head/secure/libexec/ssh-keysign/Makefile head/secure/libexec/ssh-pkcs11-helper/Makefile head/secure/usr.bin/scp/Makefile head/secure/usr.bin/sftp/Makefile head/secure/usr.bin/ssh-add/Makefile head/secure/usr.bin/ssh-agent/Makefile head/secure/usr.bin/ssh-keygen/Makefile head/secure/usr.bin/ssh-keyscan/Makefile head/secure/usr.bin/ssh/Makefile head/secure/usr.sbin/sshd/Makefile Modified: head/Makefile.inc1 ============================================================================== --- head/Makefile.inc1 Tue Sep 10 21:16:18 2013 (r255459) +++ head/Makefile.inc1 Tue Sep 10 22:26:11 2013 (r255460) @@ -1470,8 +1470,8 @@ _prebuild_libs= ${_kerberos5_lib_libasn1 ${_cddl_lib_libumem} ${_cddl_lib_libnvpair} \ ${_cddl_lib_libzfs_core} \ lib/libutil ${_lib_libypclnt} lib/libz lib/msun \ - ${_secure_lib_libcrypto} ${_secure_lib_libssh} \ - ${_secure_lib_libssl} + ${_secure_lib_libcrypto} ${_lib_libldns} \ + ${_secure_lib_libssh} ${_secure_lib_libssl} .if ${MK_ATF} != "no" _lib_atf_libatf_c= lib/atf/libatf-c @@ -1507,9 +1507,16 @@ cddl/lib/libzfs_core__L: cddl/lib/libnvp _secure_lib_libcrypto= secure/lib/libcrypto _secure_lib_libssl= secure/lib/libssl lib/libradius__L secure/lib/libssl__L: secure/lib/libcrypto__L +.if ${MK_LDNS} != "no" +_lib_libldns= lib/libldns +lib/libldns__L: secure/lib/libcrypto__L +.endif .if ${MK_OPENSSH} != "no" _secure_lib_libssh= secure/lib/libssh secure/lib/libssh__L: lib/libz__L secure/lib/libcrypto__L lib/libcrypt__L +.if ${MK_LDNS} != "no" +secure/lib/libssh__L: lib/libldns__L +.endif .if ${MK_KERBEROS_SUPPORT} != "no" secure/lib/libssh__L: lib/libgssapi__L kerberos5/lib/libkrb5__L \ kerberos5/lib/libhx509__L kerberos5/lib/libasn1__L lib/libcom_err__L \ Modified: head/secure/lib/libssh/Makefile ============================================================================== --- head/secure/lib/libssh/Makefile Tue Sep 10 21:16:18 2013 (r255459) +++ head/secure/lib/libssh/Makefile Tue Sep 10 22:26:11 2013 (r255460) @@ -21,17 +21,22 @@ SRCS= authfd.c authfile.c bufaux.c bufbn # compiled directly into sshd instead. # Portability layer -SRCS+= bsd-misc.c fmt_scaled.c getrrsetbyname.c glob.c \ +SRCS+= bsd-misc.c fmt_scaled.c glob.c \ openssl-compat.c port-tun.c strtonum.c timingsafe_bcmp.c \ vis.c xcrypt.c xmmap.c -.if defined(COMPAT_GETADDRINFO) -SRCS+= getaddrinfo.c getnameinfo.c name6.c rcmd.c bindresvport.c +.if ${MK_LDNS} == "no" +SRCS+= getrrsetbyname.c +.else +LDNSDIR= ${.CURDIR}/../../../contrib/ldns +CFLAGS+= -DHAVE_LDNS=1 -I${LDNSDIR} +SRCS+= getrrsetbyname-ldns.c +DPADD+= ${LIBLDNS} +LDADD+= -lldns +USEPRIVATELIB+= ldns .endif CFLAGS+= -I${SSHDIR} -include ssh_namespace.h -DPADD= ${LIBZ} -LDADD= -lz .if ${MK_KERBEROS_SUPPORT} != "no" CFLAGS+= -DGSSAPI -DHAVE_GSSAPI_GSSAPI_H=1 -DKRB5 -DHEIMDAL @@ -45,8 +50,8 @@ CFLAGS+= -DNONE_CIPHER_ENABLED NO_LINT= -DPADD+= ${LIBCRYPTO} ${LIBCRYPT} -LDADD+= -lcrypto -lcrypt +DPADD+= ${LIBCRYPTO} ${LIBCRYPT} ${LIBZ} +LDADD+= -lcrypto -lcrypt -lz .include Modified: head/secure/libexec/sftp-server/Makefile ============================================================================== --- head/secure/libexec/sftp-server/Makefile Tue Sep 10 21:16:18 2013 (r255459) +++ head/secure/libexec/sftp-server/Makefile Tue Sep 10 22:26:11 2013 (r255460) @@ -1,17 +1,31 @@ # $FreeBSD$ +.include + PROG= sftp-server SRCS= sftp-server.c sftp-common.c sftp-server-main.c MAN= sftp-server.8 CFLAGS+=-I${SSHDIR} -include ssh_namespace.h -# required when linking with a dynamic libssh +.if !defined(NO_SHARED) +# required when linking with a dynamic libssh SRCS+= roaming_dummy.c +.endif -DPADD= ${LIBSSH} ${LIBCRYPT} ${LIBCRYPTO} ${LIBZ} -LDADD= -lssh -lcrypt -lcrypto -lz +DPADD= ${LIBSSH} +LDADD= -lssh USEPRIVATELIB= ssh +.if ${MK_LDNS} != "no" +CFLAGS+= -DHAVE_LDNS=1 +#DPADD+= ${LIBLDNS} +#LDADD+= -lldns +#USEPRIVATELIB+= ldns +.endif + +DPADD+= ${LIBCRYPT} ${LIBCRYPTO} ${LIBZ} +LDADD+= -lcrypt -lcrypto -lz + .include .PATH: ${SSHDIR} Modified: head/secure/libexec/ssh-keysign/Makefile ============================================================================== --- head/secure/libexec/ssh-keysign/Makefile Tue Sep 10 21:16:18 2013 (r255459) +++ head/secure/libexec/ssh-keysign/Makefile Tue Sep 10 22:26:11 2013 (r255460) @@ -1,15 +1,27 @@ # $FreeBSD$ +.include + PROG= ssh-keysign -SRCS= ssh-keysign.c readconf.c roaming_dummy.c +SRCS= ssh-keysign.c roaming_dummy.c readconf.c MAN= ssh-keysign.8 CFLAGS+=-I${SSHDIR} -include ssh_namespace.h BINMODE=4555 -DPADD= ${LIBSSH} ${LIBCRYPT} ${LIBCRYPTO} ${LIBZ} -LDADD= -lssh -lcrypt -lcrypto -lz +DPADD= ${LIBSSH} +LDADD= -lssh USEPRIVATELIB= ssh +.if ${MK_LDNS} != "no" +CFLAGS+= -DHAVE_LDNS=1 +#DPADD+= ${LIBLDNS} +#LDADD+= -lldns +#USEPRIVATELIB+= ldns +.endif + +DPADD+= ${LIBCRYPT} ${LIBCRYPTO} ${LIBZ} +LDADD+= -lcrypt -lcrypto -lz + .include .PATH: ${SSHDIR} Modified: head/secure/libexec/ssh-pkcs11-helper/Makefile ============================================================================== --- head/secure/libexec/ssh-pkcs11-helper/Makefile Tue Sep 10 21:16:18 2013 (r255459) +++ head/secure/libexec/ssh-pkcs11-helper/Makefile Tue Sep 10 22:26:11 2013 (r255460) @@ -1,15 +1,31 @@ # $FreeBSD$ +.include + PROG= ssh-pkcs11-helper SRCS= ssh-pkcs11.c ssh-pkcs11-helper.c -SRCS+= roaming_dummy.c MAN= ssh-pkcs11-helper.8 CFLAGS+=-I${SSHDIR} -include ssh_namespace.h -DPADD= ${LIBSSH} ${LIBCRYPT} ${LIBCRYPTO} ${LIBZ} -LDADD= -lssh -lcrypt -lcrypto -lz +.if !defined(NO_SHARED) +# required when linking with a dynamic libssh +SRCS+= roaming_dummy.c +.endif + +DPADD= ${LIBSSH} +LDADD= -lssh USEPRIVATELIB= ssh +.if ${MK_LDNS} != "no" +CFLAGS+= -DHAVE_LDNS=1 +#DPADD+= ${LIBLDNS} +#LDADD+= -lldns +#USEPRIVATELIB+= ldns +.endif + +DPADD+= ${LIBCRYPT} ${LIBCRYPTO} ${LIBZ} +LDADD+= -lcrypt -lcrypto -lz + .include .PATH: ${SSHDIR} Modified: head/secure/usr.bin/scp/Makefile ============================================================================== --- head/secure/usr.bin/scp/Makefile Tue Sep 10 21:16:18 2013 (r255459) +++ head/secure/usr.bin/scp/Makefile Tue Sep 10 22:26:11 2013 (r255460) @@ -1,16 +1,30 @@ # $FreeBSD$ +.include + PROG= scp SRCS= scp.c CFLAGS+=-I${SSHDIR} -include ssh_namespace.h +.if !defined(NO_SHARED) # required when linking with a dynamic libssh SRCS+= roaming_dummy.c +.endif -DPADD= ${LIBSSH} ${LIBCRYPT} ${LIBCRYPTO} ${LIBZ} -LDADD= -lssh -lcrypt -lcrypto -lz +DPADD= ${LIBSSH} +LDADD= -lssh USEPRIVATELIB= ssh +.if ${MK_LDNS} != "no" +CFLAGS+= -DHAVE_LDNS=1 +#DPADD+= ${LIBLDNS} +#LDADD+= -lldns +#USEPRIVATELIB+= ldns +.endif + +DPADD+= ${LIBCRYPT} ${LIBCRYPTO} ${LIBZ} +LDADD+= -lcrypt -lcrypto -lz + .include .PATH: ${SSHDIR} Modified: head/secure/usr.bin/sftp/Makefile ============================================================================== --- head/secure/usr.bin/sftp/Makefile Tue Sep 10 21:16:18 2013 (r255459) +++ head/secure/usr.bin/sftp/Makefile Tue Sep 10 22:26:11 2013 (r255460) @@ -1,16 +1,30 @@ # $FreeBSD$ +.include + PROG= sftp SRCS= sftp.c sftp-client.c sftp-common.c sftp-glob.c progressmeter.c CFLAGS+=-I${SSHDIR} -include ssh_namespace.h -# required when linking with a dynamic libssh +.if !defined(NO_SHARED) +# required when linking with a dynamic libssh SRCS+= roaming_dummy.c +.endif -DPADD= ${LIBSSH} ${LIBCRYPT} ${LIBCRYPTO} ${LIBZ} ${LIBEDIT} ${LIBNCURSES} -LDADD= -lssh -lcrypt -lcrypto -lz -ledit -lncurses +DPADD= ${LIBSSH} ${LIBEDIT} ${LIBNCURSES} +LDADD= -lssh -ledit -lncurses USEPRIVATELIB= ssh +.if ${MK_LDNS} != "no" +CFLAGS+= -DHAVE_LDNS=1 +#DPADD+= ${LIBLDNS} +#LDADD+= -lldns +#USEPRIVATELIB+= ldns +.endif + +DPADD+= ${LIBCRYPT} ${LIBCRYPTO} ${LIBZ} +LDADD+= -lcrypt -lcrypto -lz + .include .PATH: ${SSHDIR} Modified: head/secure/usr.bin/ssh-add/Makefile ============================================================================== --- head/secure/usr.bin/ssh-add/Makefile Tue Sep 10 21:16:18 2013 (r255459) +++ head/secure/usr.bin/ssh-add/Makefile Tue Sep 10 22:26:11 2013 (r255460) @@ -1,16 +1,30 @@ # $FreeBSD$ +.include + PROG= ssh-add SRCS+= ssh-add.c CFLAGS+=-I${SSHDIR} -include ssh_namespace.h -# required when linking with a dynamic libssh +.if !defined(NO_SHARED) +# required when linking with a dynamic libssh SRCS+= roaming_dummy.c +.endif -DPADD= ${LIBSSH} ${LIBCRYPT} ${LIBCRYPTO} ${LIBZ} -LDADD= -lssh -lcrypt -lcrypto -lz +DPADD= ${LIBSSH} +LDADD= -lssh USEPRIVATELIB= ssh +.if ${MK_LDNS} != "no" +CFLAGS+= -DHAVE_LDNS=1 +#DPADD+= ${LIBLDNS} +#LDADD+= -lldns +#USEPRIVATELIB+= ldns +.endif + +DPADD+= ${LIBCRYPT} ${LIBCRYPTO} ${LIBZ} +LDADD+= -lcrypt -lcrypto -lz + .include .PATH: ${SSHDIR} Modified: head/secure/usr.bin/ssh-agent/Makefile ============================================================================== --- head/secure/usr.bin/ssh-agent/Makefile Tue Sep 10 21:16:18 2013 (r255459) +++ head/secure/usr.bin/ssh-agent/Makefile Tue Sep 10 22:26:11 2013 (r255460) @@ -1,16 +1,30 @@ # $FreeBSD$ +.include + PROG= ssh-agent SRCS= ssh-agent.c CFLAGS+=-I${SSHDIR} -include ssh_namespace.h -# required when linking with a dynamic libssh +.if !defined(NO_SHARED) +# required when linking with a dynamic libssh SRCS+= roaming_dummy.c +.endif -DPADD= ${LIBSSH} ${LIBCRYPT} ${LIBCRYPTO} ${LIBZ} -LDADD= -lssh -lcrypt -lcrypto -lz +DPADD= ${LIBSSH} +LDADD= -lssh USEPRIVATELIB= ssh +.if ${MK_LDNS} != "no" +CFLAGS+= -DHAVE_LDNS=1 +#DPADD+= ${LIBLDNS} +#LDADD+= -lldns +#USEPRIVATELIB+= ldns +.endif + +DPADD+= ${LIBCRYPT} ${LIBCRYPTO} ${LIBZ} +LDADD+= -lcrypt -lcrypto -lz + .include .PATH: ${SSHDIR} Modified: head/secure/usr.bin/ssh-keygen/Makefile ============================================================================== --- head/secure/usr.bin/ssh-keygen/Makefile Tue Sep 10 21:16:18 2013 (r255459) +++ head/secure/usr.bin/ssh-keygen/Makefile Tue Sep 10 22:26:11 2013 (r255460) @@ -1,16 +1,30 @@ # $FreeBSD$ +.include + PROG= ssh-keygen SRCS= ssh-keygen.c CFLAGS+=-I${SSHDIR} -include ssh_namespace.h -# required when linking with a dynamic libssh -SRCS+= roaming_dummy.c +.if !defined(NO_SHARED) +# required when linking with a dynamic libssh +SRCS+= roaming_dummy.c +.endif -DPADD= ${LIBSSH} ${LIBCRYPT} ${LIBCRYPTO} ${LIBZ} -LDADD= -lssh -lcrypt -lcrypto -lz +DPADD= ${LIBSSH} +LDADD= -lssh USEPRIVATELIB= ssh +.if ${MK_LDNS} != "no" +CFLAGS+= -DHAVE_LDNS=1 +DPADD+= ${LIBLDNS} +LDADD+= -lldns +USEPRIVATELIB+= ldns +.endif + +DPADD+= ${LIBCRYPT} ${LIBCRYPTO} ${LIBZ} +LDADD+= -lcrypt -lcrypto -lz + .include .PATH: ${SSHDIR} Modified: head/secure/usr.bin/ssh-keyscan/Makefile ============================================================================== --- head/secure/usr.bin/ssh-keyscan/Makefile Tue Sep 10 21:16:18 2013 (r255459) +++ head/secure/usr.bin/ssh-keyscan/Makefile Tue Sep 10 22:26:11 2013 (r255460) @@ -1,13 +1,25 @@ # $FreeBSD$ +.include + PROG= ssh-keyscan SRCS= ssh-keyscan.c roaming_dummy.c CFLAGS+=-I${SSHDIR} -include ssh_namespace.h -DPADD= ${LIBSSH} ${LIBCRYPT} ${LIBCRYPTO} ${LIBZ} -LDADD= -lssh -lcrypt -lcrypto -lz +DPADD= ${LIBSSH} +LDADD= -lssh USEPRIVATELIB= ssh +.if ${MK_LDNS} != "no" +CFLAGS+= -DHAVE_LDNS=1 +#DPADD+= ${LIBLDNS} +#LDADD+= -lldns +#USEPRIVATELIB+= ldns +.endif + +DPADD+= ${LIBCRYPT} ${LIBCRYPTO} ${LIBZ} +LDADD+= -lcrypt -lcrypto -lz + .include .PATH: ${SSHDIR} Modified: head/secure/usr.bin/ssh/Makefile ============================================================================== --- head/secure/usr.bin/ssh/Makefile Tue Sep 10 21:16:18 2013 (r255459) +++ head/secure/usr.bin/ssh/Makefile Tue Sep 10 22:26:11 2013 (r255460) @@ -1,5 +1,4 @@ # $FreeBSD$ -# .include @@ -16,10 +15,17 @@ SRCS= ssh.c readconf.c clientloop.c ssht # gss-genr.c really belongs in libssh; see src/secure/lib/libssh/Makefile SRCS+= gss-genr.c -DPADD= ${LIBSSH} ${LIBUTIL} ${LIBZ} -LDADD= -lssh -lutil -lz +DPADD= ${LIBSSH} ${LIBUTIL} +LDADD= -lssh -lutil USEPRIVATELIB= ssh +.if ${MK_LDNS} != "no" +CFLAGS+= -DHAVE_LDNS=1 +DPADD+= ${LIBLDNS} +LDADD+= -lldns +USEPRIVATELIB+= ldns +.endif + .if ${MK_KERBEROS_SUPPORT} != "no" CFLAGS+= -DGSSAPI -DHAVE_GSSAPI_GSSAPI_H=1 -DKRB5 -DHEIMDAL DPADD+= ${LIBGSSAPI} @@ -30,8 +36,8 @@ LDADD+= -lgssapi CFLAGS+= -DNONE_CIPHER_ENABLED .endif -DPADD+= ${LIBCRYPT} ${LIBCRYPTO} -LDADD+= -lcrypt -lcrypto +DPADD+= ${LIBCRYPT} ${LIBCRYPTO} ${LIBZ} +LDADD+= -lcrypt -lcrypto -lz .if defined(LOCALBASE) CFLAGS+= -DXAUTH_PATH=\"${LOCALBASE}/bin/xauth\" Modified: head/secure/usr.sbin/sshd/Makefile ============================================================================== --- head/secure/usr.sbin/sshd/Makefile Tue Sep 10 21:16:18 2013 (r255459) +++ head/secure/usr.sbin/sshd/Makefile Tue Sep 10 22:26:11 2013 (r255460) @@ -1,5 +1,4 @@ # $FreeBSD$ -# .include @@ -25,10 +24,17 @@ SRCS+= gss-genr.c MAN= sshd.8 sshd_config.5 CFLAGS+=-I${SSHDIR} -include ssh_namespace.h -DPADD= ${LIBSSH} ${LIBUTIL} ${LIBZ} ${LIBWRAP} ${LIBPAM} -LDADD= -lssh -lutil -lz -lwrap ${MINUSLPAM} +DPADD= ${LIBSSH} ${LIBUTIL} ${LIBWRAP} ${LIBPAM} +LDADD= -lssh -lutil -lwrap ${MINUSLPAM} USEPRIVATELIB= ssh +.if ${MK_LDNS} != "no" +CFLAGS+= -DHAVE_LDNS=1 +#DPADD+= ${LIBLDNS} +#LDADD+= -lldns +#USEPRIVATELIB+= ldns +.endif + .if ${MK_AUDIT} != "no" CFLAGS+= -DUSE_BSM_AUDIT -DHAVE_GETAUDIT_ADDR DPADD+= ${LIBBSM} @@ -36,17 +42,20 @@ LDADD+= -lbsm .endif .if ${MK_KERBEROS_SUPPORT} != "no" -CFLAGS+= -DGSSAPI -DHAVE_GSSAPI_GSSAPI_H=1 -DHAVE_GSSAPI_GSSAPI_KRB5_H=1 -DKRB5 -DHEIMDAL -DPADD+= ${LIBGSSAPI_KRB5} ${LIBGSSAPI} ${LIBKRB5} ${LIBASN1} -LDADD+= -lgssapi_krb5 -lgssapi -lkrb5 -lasn1 +CFLAGS+= -DGSSAPI -DKRB5 -DHEIMDAL \ + -DHAVE_GSSAPI_GSSAPI_H=1 -DHAVE_GSSAPI_GSSAPI_KRB5_H=1 +DPADD+= ${LIBGSSAPI_KRB5} ${LIBGSSAPI} ${LIBKRB5} ${LIBHX509} ${LIBASN1} \ + ${LIBCOM_ERR} ${LIBROKEN} ${LIBWIND} ${LIBHEIMBASE} ${LIBHEIMIPCC} +LDADD+= -lgssapi_krb5 -lgssapi -lkrb5 -lhx509 -lasn1 \ + -lcom_err -lroken -lwind -lheimbase -lheimipcc .endif .if ${MK_OPENSSH_NONE_CIPHER} != "no" CFLAGS+= -DNONE_CIPHER_ENABLED .endif -DPADD+= ${LIBCRYPTO} ${LIBCRYPT} -LDADD+= -lcrypto -lcrypt +DPADD+= ${LIBCRYPT} ${LIBCRYPTO} ${LIBZ} +LDADD+= -lcrypt -lcrypto -lz .if defined(LOCALBASE) CFLAGS+= -DXAUTH_PATH=\"${LOCALBASE}/bin/xauth\"