Date: Tue, 10 Sep 2013 22:26:11 +0000 (UTC) From: Dag-Erling Smørgrav <des@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r255460 - in head: . secure/lib/libssh secure/libexec/sftp-server secure/libexec/ssh-keysign secure/libexec/ssh-pkcs11-helper secure/usr.bin/scp secure/usr.bin/sftp secure/usr.bin/ssh s... Message-ID: <201309102226.r8AMQBRr055749@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: des Date: Tue Sep 10 22:26:11 2013 New Revision: 255460 URL: http://svnweb.freebsd.org/changeset/base/255460 Log: Clean up the OpenSSH build. It is now possible to build most components as static binaries, if desired. The one exception is sshd, which runs into trouble due to libpam.a's includion of pam_ssh. Make OpenSSH use LDNS if available. This allows it to verify signed SSHFP records. Approved by: re (blanket) Modified: head/Makefile.inc1 head/secure/lib/libssh/Makefile head/secure/libexec/sftp-server/Makefile head/secure/libexec/ssh-keysign/Makefile head/secure/libexec/ssh-pkcs11-helper/Makefile head/secure/usr.bin/scp/Makefile head/secure/usr.bin/sftp/Makefile head/secure/usr.bin/ssh-add/Makefile head/secure/usr.bin/ssh-agent/Makefile head/secure/usr.bin/ssh-keygen/Makefile head/secure/usr.bin/ssh-keyscan/Makefile head/secure/usr.bin/ssh/Makefile head/secure/usr.sbin/sshd/Makefile Modified: head/Makefile.inc1 ============================================================================== --- head/Makefile.inc1 Tue Sep 10 21:16:18 2013 (r255459) +++ head/Makefile.inc1 Tue Sep 10 22:26:11 2013 (r255460) @@ -1470,8 +1470,8 @@ _prebuild_libs= ${_kerberos5_lib_libasn1 ${_cddl_lib_libumem} ${_cddl_lib_libnvpair} \ ${_cddl_lib_libzfs_core} \ lib/libutil ${_lib_libypclnt} lib/libz lib/msun \ - ${_secure_lib_libcrypto} ${_secure_lib_libssh} \ - ${_secure_lib_libssl} + ${_secure_lib_libcrypto} ${_lib_libldns} \ + ${_secure_lib_libssh} ${_secure_lib_libssl} .if ${MK_ATF} != "no" _lib_atf_libatf_c= lib/atf/libatf-c @@ -1507,9 +1507,16 @@ cddl/lib/libzfs_core__L: cddl/lib/libnvp _secure_lib_libcrypto= secure/lib/libcrypto _secure_lib_libssl= secure/lib/libssl lib/libradius__L secure/lib/libssl__L: secure/lib/libcrypto__L +.if ${MK_LDNS} != "no" +_lib_libldns= lib/libldns +lib/libldns__L: secure/lib/libcrypto__L +.endif .if ${MK_OPENSSH} != "no" _secure_lib_libssh= secure/lib/libssh secure/lib/libssh__L: lib/libz__L secure/lib/libcrypto__L lib/libcrypt__L +.if ${MK_LDNS} != "no" +secure/lib/libssh__L: lib/libldns__L +.endif .if ${MK_KERBEROS_SUPPORT} != "no" secure/lib/libssh__L: lib/libgssapi__L kerberos5/lib/libkrb5__L \ kerberos5/lib/libhx509__L kerberos5/lib/libasn1__L lib/libcom_err__L \ Modified: head/secure/lib/libssh/Makefile ============================================================================== --- head/secure/lib/libssh/Makefile Tue Sep 10 21:16:18 2013 (r255459) +++ head/secure/lib/libssh/Makefile Tue Sep 10 22:26:11 2013 (r255460) @@ -21,17 +21,22 @@ SRCS= authfd.c authfile.c bufaux.c bufbn # compiled directly into sshd instead. # Portability layer -SRCS+= bsd-misc.c fmt_scaled.c getrrsetbyname.c glob.c \ +SRCS+= bsd-misc.c fmt_scaled.c glob.c \ openssl-compat.c port-tun.c strtonum.c timingsafe_bcmp.c \ vis.c xcrypt.c xmmap.c -.if defined(COMPAT_GETADDRINFO) -SRCS+= getaddrinfo.c getnameinfo.c name6.c rcmd.c bindresvport.c +.if ${MK_LDNS} == "no" +SRCS+= getrrsetbyname.c +.else +LDNSDIR= ${.CURDIR}/../../../contrib/ldns +CFLAGS+= -DHAVE_LDNS=1 -I${LDNSDIR} +SRCS+= getrrsetbyname-ldns.c +DPADD+= ${LIBLDNS} +LDADD+= -lldns +USEPRIVATELIB+= ldns .endif CFLAGS+= -I${SSHDIR} -include ssh_namespace.h -DPADD= ${LIBZ} -LDADD= -lz .if ${MK_KERBEROS_SUPPORT} != "no" CFLAGS+= -DGSSAPI -DHAVE_GSSAPI_GSSAPI_H=1 -DKRB5 -DHEIMDAL @@ -45,8 +50,8 @@ CFLAGS+= -DNONE_CIPHER_ENABLED NO_LINT= -DPADD+= ${LIBCRYPTO} ${LIBCRYPT} -LDADD+= -lcrypto -lcrypt +DPADD+= ${LIBCRYPTO} ${LIBCRYPT} ${LIBZ} +LDADD+= -lcrypto -lcrypt -lz .include <bsd.lib.mk> Modified: head/secure/libexec/sftp-server/Makefile ============================================================================== --- head/secure/libexec/sftp-server/Makefile Tue Sep 10 21:16:18 2013 (r255459) +++ head/secure/libexec/sftp-server/Makefile Tue Sep 10 22:26:11 2013 (r255460) @@ -1,17 +1,31 @@ # $FreeBSD$ +.include <bsd.own.mk> + PROG= sftp-server SRCS= sftp-server.c sftp-common.c sftp-server-main.c MAN= sftp-server.8 CFLAGS+=-I${SSHDIR} -include ssh_namespace.h -# required when linking with a dynamic libssh +.if !defined(NO_SHARED) +# required when linking with a dynamic libssh SRCS+= roaming_dummy.c +.endif -DPADD= ${LIBSSH} ${LIBCRYPT} ${LIBCRYPTO} ${LIBZ} -LDADD= -lssh -lcrypt -lcrypto -lz +DPADD= ${LIBSSH} +LDADD= -lssh USEPRIVATELIB= ssh +.if ${MK_LDNS} != "no" +CFLAGS+= -DHAVE_LDNS=1 +#DPADD+= ${LIBLDNS} +#LDADD+= -lldns +#USEPRIVATELIB+= ldns +.endif + +DPADD+= ${LIBCRYPT} ${LIBCRYPTO} ${LIBZ} +LDADD+= -lcrypt -lcrypto -lz + .include <bsd.prog.mk> .PATH: ${SSHDIR} Modified: head/secure/libexec/ssh-keysign/Makefile ============================================================================== --- head/secure/libexec/ssh-keysign/Makefile Tue Sep 10 21:16:18 2013 (r255459) +++ head/secure/libexec/ssh-keysign/Makefile Tue Sep 10 22:26:11 2013 (r255460) @@ -1,15 +1,27 @@ # $FreeBSD$ +.include <bsd.own.mk> + PROG= ssh-keysign -SRCS= ssh-keysign.c readconf.c roaming_dummy.c +SRCS= ssh-keysign.c roaming_dummy.c readconf.c MAN= ssh-keysign.8 CFLAGS+=-I${SSHDIR} -include ssh_namespace.h BINMODE=4555 -DPADD= ${LIBSSH} ${LIBCRYPT} ${LIBCRYPTO} ${LIBZ} -LDADD= -lssh -lcrypt -lcrypto -lz +DPADD= ${LIBSSH} +LDADD= -lssh USEPRIVATELIB= ssh +.if ${MK_LDNS} != "no" +CFLAGS+= -DHAVE_LDNS=1 +#DPADD+= ${LIBLDNS} +#LDADD+= -lldns +#USEPRIVATELIB+= ldns +.endif + +DPADD+= ${LIBCRYPT} ${LIBCRYPTO} ${LIBZ} +LDADD+= -lcrypt -lcrypto -lz + .include <bsd.prog.mk> .PATH: ${SSHDIR} Modified: head/secure/libexec/ssh-pkcs11-helper/Makefile ============================================================================== --- head/secure/libexec/ssh-pkcs11-helper/Makefile Tue Sep 10 21:16:18 2013 (r255459) +++ head/secure/libexec/ssh-pkcs11-helper/Makefile Tue Sep 10 22:26:11 2013 (r255460) @@ -1,15 +1,31 @@ # $FreeBSD$ +.include <bsd.own.mk> + PROG= ssh-pkcs11-helper SRCS= ssh-pkcs11.c ssh-pkcs11-helper.c -SRCS+= roaming_dummy.c MAN= ssh-pkcs11-helper.8 CFLAGS+=-I${SSHDIR} -include ssh_namespace.h -DPADD= ${LIBSSH} ${LIBCRYPT} ${LIBCRYPTO} ${LIBZ} -LDADD= -lssh -lcrypt -lcrypto -lz +.if !defined(NO_SHARED) +# required when linking with a dynamic libssh +SRCS+= roaming_dummy.c +.endif + +DPADD= ${LIBSSH} +LDADD= -lssh USEPRIVATELIB= ssh +.if ${MK_LDNS} != "no" +CFLAGS+= -DHAVE_LDNS=1 +#DPADD+= ${LIBLDNS} +#LDADD+= -lldns +#USEPRIVATELIB+= ldns +.endif + +DPADD+= ${LIBCRYPT} ${LIBCRYPTO} ${LIBZ} +LDADD+= -lcrypt -lcrypto -lz + .include <bsd.prog.mk> .PATH: ${SSHDIR} Modified: head/secure/usr.bin/scp/Makefile ============================================================================== --- head/secure/usr.bin/scp/Makefile Tue Sep 10 21:16:18 2013 (r255459) +++ head/secure/usr.bin/scp/Makefile Tue Sep 10 22:26:11 2013 (r255460) @@ -1,16 +1,30 @@ # $FreeBSD$ +.include <bsd.own.mk> + PROG= scp SRCS= scp.c CFLAGS+=-I${SSHDIR} -include ssh_namespace.h +.if !defined(NO_SHARED) # required when linking with a dynamic libssh SRCS+= roaming_dummy.c +.endif -DPADD= ${LIBSSH} ${LIBCRYPT} ${LIBCRYPTO} ${LIBZ} -LDADD= -lssh -lcrypt -lcrypto -lz +DPADD= ${LIBSSH} +LDADD= -lssh USEPRIVATELIB= ssh +.if ${MK_LDNS} != "no" +CFLAGS+= -DHAVE_LDNS=1 +#DPADD+= ${LIBLDNS} +#LDADD+= -lldns +#USEPRIVATELIB+= ldns +.endif + +DPADD+= ${LIBCRYPT} ${LIBCRYPTO} ${LIBZ} +LDADD+= -lcrypt -lcrypto -lz + .include <bsd.prog.mk> .PATH: ${SSHDIR} Modified: head/secure/usr.bin/sftp/Makefile ============================================================================== --- head/secure/usr.bin/sftp/Makefile Tue Sep 10 21:16:18 2013 (r255459) +++ head/secure/usr.bin/sftp/Makefile Tue Sep 10 22:26:11 2013 (r255460) @@ -1,16 +1,30 @@ # $FreeBSD$ +.include <bsd.own.mk> + PROG= sftp SRCS= sftp.c sftp-client.c sftp-common.c sftp-glob.c progressmeter.c CFLAGS+=-I${SSHDIR} -include ssh_namespace.h -# required when linking with a dynamic libssh +.if !defined(NO_SHARED) +# required when linking with a dynamic libssh SRCS+= roaming_dummy.c +.endif -DPADD= ${LIBSSH} ${LIBCRYPT} ${LIBCRYPTO} ${LIBZ} ${LIBEDIT} ${LIBNCURSES} -LDADD= -lssh -lcrypt -lcrypto -lz -ledit -lncurses +DPADD= ${LIBSSH} ${LIBEDIT} ${LIBNCURSES} +LDADD= -lssh -ledit -lncurses USEPRIVATELIB= ssh +.if ${MK_LDNS} != "no" +CFLAGS+= -DHAVE_LDNS=1 +#DPADD+= ${LIBLDNS} +#LDADD+= -lldns +#USEPRIVATELIB+= ldns +.endif + +DPADD+= ${LIBCRYPT} ${LIBCRYPTO} ${LIBZ} +LDADD+= -lcrypt -lcrypto -lz + .include <bsd.prog.mk> .PATH: ${SSHDIR} Modified: head/secure/usr.bin/ssh-add/Makefile ============================================================================== --- head/secure/usr.bin/ssh-add/Makefile Tue Sep 10 21:16:18 2013 (r255459) +++ head/secure/usr.bin/ssh-add/Makefile Tue Sep 10 22:26:11 2013 (r255460) @@ -1,16 +1,30 @@ # $FreeBSD$ +.include <bsd.own.mk> + PROG= ssh-add SRCS+= ssh-add.c CFLAGS+=-I${SSHDIR} -include ssh_namespace.h -# required when linking with a dynamic libssh +.if !defined(NO_SHARED) +# required when linking with a dynamic libssh SRCS+= roaming_dummy.c +.endif -DPADD= ${LIBSSH} ${LIBCRYPT} ${LIBCRYPTO} ${LIBZ} -LDADD= -lssh -lcrypt -lcrypto -lz +DPADD= ${LIBSSH} +LDADD= -lssh USEPRIVATELIB= ssh +.if ${MK_LDNS} != "no" +CFLAGS+= -DHAVE_LDNS=1 +#DPADD+= ${LIBLDNS} +#LDADD+= -lldns +#USEPRIVATELIB+= ldns +.endif + +DPADD+= ${LIBCRYPT} ${LIBCRYPTO} ${LIBZ} +LDADD+= -lcrypt -lcrypto -lz + .include <bsd.prog.mk> .PATH: ${SSHDIR} Modified: head/secure/usr.bin/ssh-agent/Makefile ============================================================================== --- head/secure/usr.bin/ssh-agent/Makefile Tue Sep 10 21:16:18 2013 (r255459) +++ head/secure/usr.bin/ssh-agent/Makefile Tue Sep 10 22:26:11 2013 (r255460) @@ -1,16 +1,30 @@ # $FreeBSD$ +.include <bsd.own.mk> + PROG= ssh-agent SRCS= ssh-agent.c CFLAGS+=-I${SSHDIR} -include ssh_namespace.h -# required when linking with a dynamic libssh +.if !defined(NO_SHARED) +# required when linking with a dynamic libssh SRCS+= roaming_dummy.c +.endif -DPADD= ${LIBSSH} ${LIBCRYPT} ${LIBCRYPTO} ${LIBZ} -LDADD= -lssh -lcrypt -lcrypto -lz +DPADD= ${LIBSSH} +LDADD= -lssh USEPRIVATELIB= ssh +.if ${MK_LDNS} != "no" +CFLAGS+= -DHAVE_LDNS=1 +#DPADD+= ${LIBLDNS} +#LDADD+= -lldns +#USEPRIVATELIB+= ldns +.endif + +DPADD+= ${LIBCRYPT} ${LIBCRYPTO} ${LIBZ} +LDADD+= -lcrypt -lcrypto -lz + .include <bsd.prog.mk> .PATH: ${SSHDIR} Modified: head/secure/usr.bin/ssh-keygen/Makefile ============================================================================== --- head/secure/usr.bin/ssh-keygen/Makefile Tue Sep 10 21:16:18 2013 (r255459) +++ head/secure/usr.bin/ssh-keygen/Makefile Tue Sep 10 22:26:11 2013 (r255460) @@ -1,16 +1,30 @@ # $FreeBSD$ +.include <bsd.own.mk> + PROG= ssh-keygen SRCS= ssh-keygen.c CFLAGS+=-I${SSHDIR} -include ssh_namespace.h -# required when linking with a dynamic libssh -SRCS+= roaming_dummy.c +.if !defined(NO_SHARED) +# required when linking with a dynamic libssh +SRCS+= roaming_dummy.c +.endif -DPADD= ${LIBSSH} ${LIBCRYPT} ${LIBCRYPTO} ${LIBZ} -LDADD= -lssh -lcrypt -lcrypto -lz +DPADD= ${LIBSSH} +LDADD= -lssh USEPRIVATELIB= ssh +.if ${MK_LDNS} != "no" +CFLAGS+= -DHAVE_LDNS=1 +DPADD+= ${LIBLDNS} +LDADD+= -lldns +USEPRIVATELIB+= ldns +.endif + +DPADD+= ${LIBCRYPT} ${LIBCRYPTO} ${LIBZ} +LDADD+= -lcrypt -lcrypto -lz + .include <bsd.prog.mk> .PATH: ${SSHDIR} Modified: head/secure/usr.bin/ssh-keyscan/Makefile ============================================================================== --- head/secure/usr.bin/ssh-keyscan/Makefile Tue Sep 10 21:16:18 2013 (r255459) +++ head/secure/usr.bin/ssh-keyscan/Makefile Tue Sep 10 22:26:11 2013 (r255460) @@ -1,13 +1,25 @@ # $FreeBSD$ +.include <bsd.own.mk> + PROG= ssh-keyscan SRCS= ssh-keyscan.c roaming_dummy.c CFLAGS+=-I${SSHDIR} -include ssh_namespace.h -DPADD= ${LIBSSH} ${LIBCRYPT} ${LIBCRYPTO} ${LIBZ} -LDADD= -lssh -lcrypt -lcrypto -lz +DPADD= ${LIBSSH} +LDADD= -lssh USEPRIVATELIB= ssh +.if ${MK_LDNS} != "no" +CFLAGS+= -DHAVE_LDNS=1 +#DPADD+= ${LIBLDNS} +#LDADD+= -lldns +#USEPRIVATELIB+= ldns +.endif + +DPADD+= ${LIBCRYPT} ${LIBCRYPTO} ${LIBZ} +LDADD+= -lcrypt -lcrypto -lz + .include <bsd.prog.mk> .PATH: ${SSHDIR} Modified: head/secure/usr.bin/ssh/Makefile ============================================================================== --- head/secure/usr.bin/ssh/Makefile Tue Sep 10 21:16:18 2013 (r255459) +++ head/secure/usr.bin/ssh/Makefile Tue Sep 10 22:26:11 2013 (r255460) @@ -1,5 +1,4 @@ # $FreeBSD$ -# .include <bsd.own.mk> @@ -16,10 +15,17 @@ SRCS= ssh.c readconf.c clientloop.c ssht # gss-genr.c really belongs in libssh; see src/secure/lib/libssh/Makefile SRCS+= gss-genr.c -DPADD= ${LIBSSH} ${LIBUTIL} ${LIBZ} -LDADD= -lssh -lutil -lz +DPADD= ${LIBSSH} ${LIBUTIL} +LDADD= -lssh -lutil USEPRIVATELIB= ssh +.if ${MK_LDNS} != "no" +CFLAGS+= -DHAVE_LDNS=1 +DPADD+= ${LIBLDNS} +LDADD+= -lldns +USEPRIVATELIB+= ldns +.endif + .if ${MK_KERBEROS_SUPPORT} != "no" CFLAGS+= -DGSSAPI -DHAVE_GSSAPI_GSSAPI_H=1 -DKRB5 -DHEIMDAL DPADD+= ${LIBGSSAPI} @@ -30,8 +36,8 @@ LDADD+= -lgssapi CFLAGS+= -DNONE_CIPHER_ENABLED .endif -DPADD+= ${LIBCRYPT} ${LIBCRYPTO} -LDADD+= -lcrypt -lcrypto +DPADD+= ${LIBCRYPT} ${LIBCRYPTO} ${LIBZ} +LDADD+= -lcrypt -lcrypto -lz .if defined(LOCALBASE) CFLAGS+= -DXAUTH_PATH=\"${LOCALBASE}/bin/xauth\" Modified: head/secure/usr.sbin/sshd/Makefile ============================================================================== --- head/secure/usr.sbin/sshd/Makefile Tue Sep 10 21:16:18 2013 (r255459) +++ head/secure/usr.sbin/sshd/Makefile Tue Sep 10 22:26:11 2013 (r255460) @@ -1,5 +1,4 @@ # $FreeBSD$ -# .include <bsd.own.mk> @@ -25,10 +24,17 @@ SRCS+= gss-genr.c MAN= sshd.8 sshd_config.5 CFLAGS+=-I${SSHDIR} -include ssh_namespace.h -DPADD= ${LIBSSH} ${LIBUTIL} ${LIBZ} ${LIBWRAP} ${LIBPAM} -LDADD= -lssh -lutil -lz -lwrap ${MINUSLPAM} +DPADD= ${LIBSSH} ${LIBUTIL} ${LIBWRAP} ${LIBPAM} +LDADD= -lssh -lutil -lwrap ${MINUSLPAM} USEPRIVATELIB= ssh +.if ${MK_LDNS} != "no" +CFLAGS+= -DHAVE_LDNS=1 +#DPADD+= ${LIBLDNS} +#LDADD+= -lldns +#USEPRIVATELIB+= ldns +.endif + .if ${MK_AUDIT} != "no" CFLAGS+= -DUSE_BSM_AUDIT -DHAVE_GETAUDIT_ADDR DPADD+= ${LIBBSM} @@ -36,17 +42,20 @@ LDADD+= -lbsm .endif .if ${MK_KERBEROS_SUPPORT} != "no" -CFLAGS+= -DGSSAPI -DHAVE_GSSAPI_GSSAPI_H=1 -DHAVE_GSSAPI_GSSAPI_KRB5_H=1 -DKRB5 -DHEIMDAL -DPADD+= ${LIBGSSAPI_KRB5} ${LIBGSSAPI} ${LIBKRB5} ${LIBASN1} -LDADD+= -lgssapi_krb5 -lgssapi -lkrb5 -lasn1 +CFLAGS+= -DGSSAPI -DKRB5 -DHEIMDAL \ + -DHAVE_GSSAPI_GSSAPI_H=1 -DHAVE_GSSAPI_GSSAPI_KRB5_H=1 +DPADD+= ${LIBGSSAPI_KRB5} ${LIBGSSAPI} ${LIBKRB5} ${LIBHX509} ${LIBASN1} \ + ${LIBCOM_ERR} ${LIBROKEN} ${LIBWIND} ${LIBHEIMBASE} ${LIBHEIMIPCC} +LDADD+= -lgssapi_krb5 -lgssapi -lkrb5 -lhx509 -lasn1 \ + -lcom_err -lroken -lwind -lheimbase -lheimipcc .endif .if ${MK_OPENSSH_NONE_CIPHER} != "no" CFLAGS+= -DNONE_CIPHER_ENABLED .endif -DPADD+= ${LIBCRYPTO} ${LIBCRYPT} -LDADD+= -lcrypto -lcrypt +DPADD+= ${LIBCRYPT} ${LIBCRYPTO} ${LIBZ} +LDADD+= -lcrypt -lcrypto -lz .if defined(LOCALBASE) CFLAGS+= -DXAUTH_PATH=\"${LOCALBASE}/bin/xauth\"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201309102226.r8AMQBRr055749>