#!/bin/sh
# Copyright 2000 BSDi, Inc. Concord, CA, USA
# Copyright 2001, 2002, 2003, 2004  Slackware Linux, Inc. Concord, CA, USA
# All rights reserved.
#
# Adopted for Tukaani by Larhzu.
#
# Redistribution and use of this script, with or without modification, is
# permitted provided that the following conditions are met:
#
# 1. Redistributions of this script must retain the above copyright
#    notice, this list of conditions and the following disclaimer.
#
#  THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
#  WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
#  MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO
#  EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
#  SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
#  PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
#  OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
#  WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
#  OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
#  ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

NAME=openssh
VERSION=4.4p1
SOURCE=(ftp://ftp.fi.debian.org/pub/OpenBSD/OpenSSH/portable/openssh-$VERSION.tar.gz
	doinst.sh.gz
	rc.sshd )
SOURCE_SHA1=6a52b1dee1c2c9862923c0008d201d98a7fd9d6c
PATCH=(	sshd_config.securebydefault.diff
	ssh_config.securebydefault.diff )
BUILD=${BUILD:-1}
OPTIMIZE=${OPTIMIZE:-"-O2 -pipe"}

build() {
	_explode 0
	cd openssh-$VERSION

	# Compile package:
	./configure \
		--prefix=$PREFIX \
		--libexecdir=$LIBEXECDIR \
		--sysconfdir=$SYSCONFDIR/ssh \
		--without-pam \
		--with-md5-passwords \
		--with-tcp-wrappers \
		--with-default-path=/usr/local/sbin:/usr/sbin:/sbin:/usr/local/bin:/usr/bin:/bin \
		--with-ipv4-default \
		--with-privsep-path=$LOCALSTATEDIR/empty \
		--with-privsep-user=sshd \
		$CONFIGURE_TRIPLET
	make

	# Install the package:
	make install DESTDIR=$PKG

	# Install directory used with PrivilegeSeparation option:
	mkdir -p $PKG$LOCALSTATEDIR/empty
	chmod 755 $PKG$LOCALSTATEDIR/empty

	# Install docs:
	_doc 0 openssh-$VERSION  CREDITS ChangeLog INSTALL LICENCE \
			OVERVIEW README README.privsep README.smartcard \
			RFC.nroff TODO WARNING.RNG
	chmod 644 $PKG$DOCDIR/openssh-$VERSION/*

	# Install also 'ssh-copy-id' and its manpage from contrib:
	(
		cd contrib
		cp -a ssh-copy-id $PKG/usr/bin/ssh-copy-id
		chmod 755 $PKG/usr/bin/ssh-copy-id
		cat ssh-copy-id.1 > $PKG/usr/man/man1/ssh-copy-id.1
	)

	# Fix some ownerships per FSSTND:
	_chgrp_bin

	# Ditch the new host keys, since these have to be uniquely
	# prepared on each machine:
	(
		cd $PKG$SYSCONFDIR/ssh
		rm -f \
			ssh_host_dsa_key \
			ssh_host_dsa_key.pub \
			ssh_host_rsa_key \
			ssh_host_rsa_key.pub \
			ssh_host_key \
			ssh_host_key.pub
	)

	# Copy runtime installation files:
	zcat ${SOURCE[1]} > $PKG/install/doinst.sh

	# Set up the config script installation:
	_new 0 etc/ssh/ssh_config etc/ssh/sshd_config

	# Add the init script (*disabled* by default):
	mkdir -p $PKG/etc/rc.d
	cat ${SOURCE[2]} > $PKG/etc/rc.d/rc.sshd
	_new_delete 0 etc/rc.d/rc.sshd

	# More secure defaults:
	cd $PKG$SYSCONFDIR/ssh
	_patch 0 -p0
	_patch 1 -p0
	# Setuid root needed only for hostbased authentication:
	chmod 0711 $PKG$LIBEXECDIR/ssh-keysign
}