# -*- coding: utf-8; mode: tcl; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- vim:fenc=utf-8:ft=tcl:et:sw=4:ts=4:sts=4
# $Id: Portfile 108368 2013-07-21 14:54:46Z cal@macports.org $

PortSystem          1.0

name                openssh
version             6.2p2
revision            1
conflicts           ssh-copy-id

categories          net
platforms           darwin
maintainers         nomaintainer
license             BSD
installs_libs       no

description         OpenSSH secure login server

long_description    OpenSSH is a FREE version of the SSH protocol suite of \
                    network connectivity tools that increasing numbers of people on the \
                    Internet are coming to rely on. Many users of telnet, rlogin, ftp, \
                    and other such programs might not realize that their password is \
                    transmitted across the Internet unencrypted, but it is. OpenSSH \
                    encrypts all traffic (including passwords) to effectively eliminate \
                    eavesdropping, connection hijacking, and other network-level \
                    attacks. Additionally, OpenSSH provides a myriad of secure \
                    tunneling capabilities, as well as a variety of authentication \
                    methods.

homepage            http://www.openbsd.org/openssh/

checksums           ${distfiles} \
                    rmd160  1fab1ae5f2db71b6f9e8bbbab574334c3985bd2d \
                    sha256  7f29b9d2ad672ae0f9e1dcbff871fc5c2e60a194e90c766432e32161b842313b

master_sites        openbsd:OpenSSH/portable \
                    http://mirror.mcs.anl.gov/openssh/portable/ \
                    ftp://ftp.cise.ufl.edu/pub/mirrors/openssh/portable/ \
                    ftp://reflection.ncsa.uiuc.edu/pub/OpenBSD/OpenSSH/portable/ \
                    ftp://mirror.mcs.anl.gov/pub/openssh/portable/ \
                    ftp://ftp.cse.buffalo.edu/pub/OpenBSD/OpenSSH/portable/ \
                    ftp://openbsd.mirrors.pair.com/ftp/OpenSSH/portable \
                    ftp://openbsd.secsup.org/pub/openbsd/OpenSSH/portable/

depends_lib         port:openssl \
                    port:zlib \
                    port:kerberos5

depends_run         port:xauth

patchfiles          launchd.patch

# Specified -fno-builtin because GCC 3.3 has log() as a builtin
# (from math.h) while OpenSSH has its own log() function
# -- from fink.
configure.cppflags-append -fno-builtin
configure.args      --with-ssl-dir=${prefix} \
                    --sysconfdir=${prefix}/etc/ssh \
                    --with-privsep-path=${prefix}/var/empty \
                    --with-md5-passwords \
                    --with-pid-dir=${prefix}/var/run \
                    --with-tcp-wrappers \
                    --with-pam \
                    --mandir=${prefix}/share/man \
                    --with-zlib=${prefix} \
                    --with-kerberos5=${prefix} \
                    --with-xauth=${prefix}/bin/xauth \
                    --with-libedit

use_parallel_build  yes

destroot.target     install-nokeys

platform darwin 12 {
    depends_lib-append  port:tcp_wrappers
}

post-destroot {
    destroot.keepdirs ${destroot}${prefix}/var/run ${destroot}${prefix}/var/empty
    reinplace "s|#Port 22|Port 2222|g" ${destroot}${prefix}/etc/ssh/sshd_config
    xinstall -m 755 ${worksrcpath}/contrib/ssh-copy-id ${destroot}${prefix}/bin
    xinstall -m 644 ${worksrcpath}/contrib/ssh-copy-id.1 ${destroot}${prefix}/share/man/man1
}

variant no_x11 description "do not include xauth" {
    configure.args-delete   --with-xauth=${prefix}/bin/xauth
    depends_run-delete      port:xauth
}

# Disable HPN variant since it currently doesn't work with 6.2
#variant hpn description "apply high performance patch" {
#    # http://www.psc.edu/index.php/hpn-ssh
#    #patch_sites-append      http://www.psc.edu/index.php/component/remository/func-download/861/chk,20152cee1847ff688dabbe20eab6505c/no_html,1/?dummy=:hpn
#    patch_sites-append      googlecode:latian-linux:hpn
#    set hpn_patchfile       ${distname}-hpn13v14.diff.gz
#    patchfiles-append       ${hpn_patchfile}:hpn
#    checksums-append        ${hpn_patchfile} \
#                            rmd160  e422c76f2aad6efd2b5101fbe0018df3f95bf5cb \
#                            sha256  d8dada89de2f17f89c1ac40e4cf4e87b69eecde15a1f84baeddd991aa9d1aa91
#
#    patch.pre_args
#    post-patch {
#        reinplace "s|TMP_SSH_VERSION SSH_PORTABLE|TMP_SSH_VERSION SSH_PORTABLE SH_HPN|" ${worksrcpath}/version.h
#    }
#}

variant gsskex description "Add OpenSSH GSSAPI key exchange patch" {
    set extra_cppflags [concat \
                            "-F/System/Library/Frameworks/DirectoryService.framework" \
                            "-F/System/Library/Frameworks/CoreFoundation.framework" \
                            "-D_UTMPX_COMPAT -D__APPLE_LAUNCHD__ -D__APPLE_MEMBERSHIP__" \
                            "-D__APPLE_XSAN__"]
    use_autoreconf          yes
    patch.pre_args          -p0
    patchfiles-append       openssh-6.2p2-gsskex-all-20110125.patch \
                            0002-Apple-keychain-integration-other-changes.patch
    configure.args-append   --with-4in6 \
                            --with-audit=bsm \
                            --with-keychain=apple \
                            --disable-utmp \
                            --disable-wtmp \
                            --with-privsep-user=_sshd \
                            CFLAGS="-fPIE -O2" \
                            CPPFLAGS="$extra_cppflags" \
                            LDFLAGS="-Wl,-pie -framework CoreFoundation -framework DirectoryService"
}

variant ldns description "Use ldns for DNSSEC support" {
    configure.args-append	--with-ldns
    depends_lib-append	port:ldns
}

platform darwin {
    # create link to /usr/include/pam because 'security' was renamed to 'pam'
    # in OS X.
    pre-configure {
        xinstall -d ${workpath}/include
        file delete ${workpath}/include/security
        ln -s /usr/include/pam ${workpath}/include/security
    }
}

startupitem.create  yes
startupitem.name    OpenSSH
startupitem.start \
    "if \[ -x ${prefix}/sbin/sshd ]; then
        if \[ ! -f ${prefix}/etc/ssh/ssh_host_key \]; then
            ${prefix}/bin/ssh-keygen -t rsa1 -f \\
            ${prefix}/etc/ssh/ssh_host_key -N \"\" -C `hostname`
        fi
        if \[ ! -f ${prefix}/etc/ssh/ssh_host_dsa_key \]; then
            ${prefix}/bin/ssh-keygen -t dsa -f \\
            ${prefix}/etc/ssh/ssh_host_dsa_key -N \"\" -C `hostname`
        fi
        if \[ ! -f ${prefix}/etc/ssh/ssh_host_rsa_key \]; then
            ${prefix}/bin/ssh-keygen -t rsa -f \\
            ${prefix}/etc/ssh/ssh_host_rsa_key -N \"\" -C `hostname`
        fi
        ${prefix}/sbin/sshd
        fi"
startupitem.stop \
    "if \[ -r ${prefix}/var/run/sshd.pid \]; then
        kill `cat ${prefix}/var/run/sshd.pid`
        fi"


livecheck.type      regex
livecheck.regex     OpenSSH ((\[5-9\].\[0-9\])(p\[0-9\]))
