# $Id: Portfile 66627 2010-04-18 14:35:13Z jwa@macports.org $

PortSystem 1.0

name            openssh
version         5.5p1

categories      net
maintainers     jwa openmaintainer
description     OpenSSH secure login server
long_description  OpenSSH is a FREE version of the SSH protocol suite of \
          network connectivity tools that increasing numbers of people on the \
          Internet are coming to rely on. Many users of telnet, rlogin, ftp, \
          and other such programs might not realize that their password is \
          transmitted across the Internet unencrypted, but it is. OpenSSH \
          encrypts all traffic (including passwords) to effectively eliminate \
          eavesdropping, connection hijacking, and other network-level \
          attacks. Additionally, OpenSSH provides a myriad of secure \
          tunneling capabilities, as well as a variety of authentication \
          methods.
homepage        http://www.openbsd.org/openssh/
platforms       darwin
#checksums       ${distfiles}
checksums           md5     88633408f4cb1eb11ec7e2ec58b519eb \
                    sha1    361c6335e74809b26ea096b34062ba8ff6c97cd6 \
                    rmd160  7cee614112b691da5daac9f2579becba2409b727

master_sites    openbsd:OpenSSH/portable \
	http://mirror.mcs.anl.gov/openssh/portable/ \
	ftp://ftp.cise.ufl.edu/pub/mirrors/openssh/portable/ \
	ftp://reflection.ncsa.uiuc.edu/pub/OpenBSD/OpenSSH/portable/ \
	ftp://mirror.mcs.anl.gov/pub/openssh/portable/ \
	ftp://ftp.cse.buffalo.edu/pub/OpenBSD/OpenSSH/portable/ \
	ftp://openbsd.mirrors.pair.com/ftp/OpenSSH/portable \
	ftp://openbsd.secsup.org/pub/openbsd/OpenSSH/portable/
depends_lib     port:openssl port:zlib
depends_run	port:xauth

# Specified -fno-builtin because GCC 3.3 has log() as a builtin
# (from math.h) while OpenSSH has its own log() function
# -- from fink.
configure.cppflags-append "-fno-builtin"
configure.args --with-ssl-dir=${prefix} --sysconfdir=${prefix}/etc/ssh \
  --with-privsep-path=${prefix}/var/empty --with-md5-passwords \
  --with-pid-dir=${prefix}/var/run --with-tcp-wrappers \
  --with-pam --disable-suid-ssh --with-random=/dev/urandom \
  --mandir=${prefix}/share/man --with-zlib=${prefix} \
  --with-kerberos5=/usr --with-xauth=${prefix}/bin/xauth

use_parallel_build      yes

destroot.target install-nokeys

post-destroot {
  destroot.keepdirs ${destroot}${prefix}/var/run ${destroot}${prefix}/var/empty
  reinplace "s|#Port 22|Port 2222|g" ${destroot}${prefix}/etc/ssh/sshd_config
}

variant no_x11 {
  configure.args-delete --with-xauth=${prefix}/bin/xauth
  depends_run-delete    port:xauth
}

# For high-performance patch
# re-enable when patch for current version is available
#variant hpn description "apply high performance patch" {
#  patch_sites-append    http://www.psc.edu/networking/projects/hpn-ssh/:hpn
#  patchfiles-append     ${distname}-hpn13v6.diff.gz:hpn
#  checksums-append      ${distname}-hpn13v6.diff.gz \
#			md5 910fd1b82ea27ea9913127efae69b90b	\
#			sha1 9683d5feb3f7e302ef836901af5366df6c425815	\
#			rmd160 d647d3b0547e4d698c616f5ed6643b3ddbcced95
#
#  patch.pre_args
#  post-patch {
#    reinplace "s|TMP_SSH_VERSION SSH_PORTABLE|TMP_SSH_VERSION SSH_PORTABLE SSH_HPN|" ${worksrcpath}/version.h
#  }
#}

platform darwin {
  # create link to /usr/include/pam because 'security' was renamed to 'pam'
  # in OS X.
  pre-configure {
    xinstall -d ${workpath}/include
    file delete ${workpath}/include/security
    ln -s /usr/include/pam ${workpath}/include/security
  }
}

platform darwin 9 {
#  patch_sites-append   http://www.opensource.apple.com/darwinsource/10.5/OpenSSH-87/patches/:apple
#  patchfiles-append    DVG-5142987_launchd_DISPLAY_for_X11.patch:apple
#  checksums-append     DVG-5142987_launchd_DISPLAY_for_X11.patch \
#                       md5 e188ebbba95c4cde61e0e1b2edc9f992 \
#                       sha1 62735c5bfbbe1fa41433993435ded7767cc5f1f9 \
#                       rmd160 eb5262f554583f4925f6f91f6a6d0034c70098ad
}

startupitem.create  yes
startupitem.name    OpenSSH
startupitem.start \
    "if \[ -x ${prefix}/sbin/sshd ]; then
        if \[ ! -f ${prefix}/etc/ssh/ssh_host_key \]; then
            ${prefix}/bin/ssh-keygen -t rsa1 -f \\
            ${prefix}/etc/ssh/ssh_host_key -N \"\" -C `hostname`
        fi
        if \[ ! -f ${prefix}/etc/ssh/ssh_host_dsa_key \]; then
            ${prefix}/bin/ssh-keygen -t dsa -f \\
            ${prefix}/etc/ssh/ssh_host_dsa_key -N \"\" -C `hostname`
        fi
        if \[ ! -f ${prefix}/etc/ssh/ssh_host_rsa_key \]; then
            ${prefix}/bin/ssh-keygen -t rsa -f \\
            ${prefix}/etc/ssh/ssh_host_rsa_key -N \"\" -C `hostname`
        fi
        ${prefix}/sbin/sshd
        fi"
startupitem.stop \
    "if \[ -r ${prefix}/var/run/sshd.pid \]; then
        kill `cat ${prefix}/var/run/sshd.pid`
        fi"


livecheck.type	regex
livecheck.url	${homepage}
livecheck.regex	(5.\[0-9\]p\[0-9\])
