Receipt for: openssh

source stuff/openssh
# SliTaz package receipt.

PACKAGE="openssh"
VERSION="9.3p1"
CATEGORY="security"
TAGS="ssh security"
SHORT_DESC="Openbsd Secure Shell."
MAINTAINER="pascal.bellard@slitaz.org"
LICENSE="BSD"
WEB_SITE="https://www.openssh.com/"

TARBALL="$PACKAGE-$VERSION.tar.gz"
WGET_URL="https://ftp.fr.openbsd.org/pub/OpenBSD/OpenSSH/portable/$TARBALL"

PROVIDE="ssh"
SUGGESTED="gtk+"
DEPENDS="libcrypto10 sftp-server zlib"
BUILD_DEPENDS="libcrypto10-dev openssl10-dev zlib-dev gtk+-dev \
pango-dev cairo-dev atk-dev gdk-pixbuf-dev xorg-libX11-dev xorg-xproto \
pixman-dev fontconfig-dev"
# x86_64 console target has no X display: skip the GUI askpass to avoid
# dragging the full gtk+ stack (cairo, pango, xorg-libX*…) into base.
BUILD_DEPENDS_x86_64="libcrypto10-dev openssl10-dev zlib-dev"
SPLIT="sftp-server"
TAZPANEL_DAEMON="man::sshd|edit::/etc/ssh/sshd_config|options|web::$WEB_SITE"

CONFIG_FILES="/etc/ssh/*config /etc/ssh/moduli"
SECRET_FILES="/etc/ssh/*key*"

HOST_ARCH="i486 arm x86_64"

# @maintainer:	Please update also sftp-server

# What is the latest version available today?
current_version()
{
	wget -O - ${WGET_URL%/*}/ 2>/dev/null | \
	sed '/tar..z"/!d;s|.*ssh-\(.*\).tar..z".*|\1|' | tail -n1
}

# Rules to configure and make the package.
compile_rules()
{
	unset LD # for cross compiling with --disable-strip

	# openssl10: build against the isolated OpenSSL 1.0 tree -- system openssl
	# is 3.x which dropped the 1.0 APIs/struct layout openssh 9.3p1 needs.
	# --with-ssl-dir derives the lib path from a single dir, but the 1.0
	# headers (/usr/include/openssl-1.0) and libs (/usr/lib/openssl-1.0) live
	# apart, so it linked the system 3.x lib instead. Feed both via flags and
	# -L the 1.0 dir so -lcrypto resolves to the versioned 1.0 lib.
	export CFLAGS="$CFLAGS -I/usr/include/openssl-1.0"
	export CPPFLAGS="$CPPFLAGS -I/usr/include/openssl-1.0"
	export LDFLAGS="$LDFLAGS -L/usr/lib/openssl-1.0"
	export PKG_CONFIG_PATH=/usr/lib/openssl-1.0/pkgconfig:$PKG_CONFIG_PATH

	./configure					\
		--prefix=/usr				\
		--sysconfdir=/etc/ssh			\
		--libexecdir=/usr/sbin			\
		--with-privsep-user=nobody		\
		--with-xauth=/usr/bin/xauth		\
		--with-privsep-path=/var/run/sshd	\
		--without-pam				\
		--disable-strip				\
		$CONFIGURE_ARGS &&
	make STRIP_OPT="" &&
	make install -j 1 DESTDIR=$DESTDIR
	install -d -m 755		$DESTDIR/usr/share/doc &&
	install -m 644 $src/[A-Z][A-Z]*	$DESTDIR/usr/share/doc
	case "$ARCH" in
		x86_64) ;;	# no gtk+ askpass on console-only x86_64
		*)
			cd contrib &&
			cc -Wall $(pkg-config --cflags gtk+-2.0) \
				gnome-ssh-askpass2.c -o gnome-ssh-askpass \
				$(pkg-config --libs gtk+-2.0) -lX11 &&
			cp gnome-ssh-askpass	$DESTDIR/usr/bin/ssh-askpass
			;;
	esac
}

# Rules to gen a SliTaz package suitable for Tazpkg.
genpkg_rules()
{
	mkdir -p $fs/usr
	mkdir -p $fs/etc/init.d
	mkdir -p $fs/etc/ssh

	cp -a $install/usr/sbin		$fs/usr
	cp -a $install/usr/bin		$fs/usr
	rm -f				$fs/usr/sbin/sftp-server
	install -m 755 -oroot -groot $src/contrib/ssh-copy-id \
					$fs/usr/bin
	cp $src/contrib/ssh-copy-id.1	$install/usr/share/man/cat1
	cp -a $install/etc		$fs
	cp $stuff/openssh		$fs/etc/init.d
	sed -i 's|/usr/libexec/sftp-server|/usr/sbin/sftp-server|' \
					$fs/etc/ssh/sshd_config

	cat >> $fs/etc/ssh/ssh_config <<EOT

# client bug CVE-2016-0777 and CVE-2016-0778
Host *
  UseRoaming no

# From https://wiki.gentoo.org/wiki/SSH_jump_host  
Host *+*
  ProxyCommand ssh \$(echo %h | sed 's/+[^+]*$//;s/\\([^+%%]*\\)%%\\([^+]*\\)\$/\\2 -l \\1/;s/:/ -p /') exec nc -w1 \$(echo %h | sed 's/^.*+//;/:/!s/\$/ %p/;s/:/ /')

EOT
}

post_install()
{
	grep -q ssh "$1/etc/inetd.conf" ||
	cat >> "$1/etc/inetd.conf" <<EOT
#ssh	stream	tcp	nowait	root	sshd	sshd	-i
EOT
	while read dropbear openssh
	  do
		[ -s "$1$dropbear" ] || continue
		[ -s "$1$openssh" ] && continue
		chroot "$1/" dropbearconvert dropbear openssh $dropbear $openssh
		chroot "$1/" dropbearkey -y -f $dropbear | grep ssh > "$1$openssh.pub"
		chroot "$1/" dropbearkey -y -f $dropbear | grep Fingerprint
	  done <<EOT
/etc/dropbear/dropbear_rsa_host_key	/etc/ssh/ssh_host_rsa_key
/etc/dropbear/dropbear_dss_host_key	/etc/ssh/ssh_host_dsa_key
/etc/dropbear/dropbear_ecdsa_host_key	/etc/ssh/ssh_host_ecdsa_key
/etc/dropbear/dropbear_ed25519_host_key	/etc/ssh/ssh_host_ed25519_key
EOT

	chroot "$1/" ssh-keygen -A
}

post_remove()
{
	grep -q sshd "$1/etc/inetd.conf" &&
	sed -i '/sshd/d' "$1/etc/inetd.conf"
}