| 17 |
17 |
HPN_VER="15.2"
|
| 18 |
18 |
HPN_PATCHES=(
|
| 19 |
19 |
openssh-${HPN_PV/./_}-hpn-DynWinNoneSwitch-${HPN_VER}.diff
|
| 20 |
|
openssh-${HPN_PV/./_}-hpn-AES-CTR-${HPN_VER}.diff
|
| 21 |
20 |
openssh-${HPN_PV/./_}-hpn-PeakTput-${HPN_VER}.diff
|
| 22 |
21 |
)
|
| 23 |
|
HPN_GLUE_PATCH="openssh-9.3_p1-hpn-${HPN_VER}-glue.patch"
|
|
22 |
HPN_GLUE_PATCH="openssh-9.3_p2-hpn-${HPN_VER}-glue.patch"
|
| 24 |
23 |
HPN_PATCH_DIR="HPN-SSH%%20${HPN_VER/./v}%%20${HPN_PV/_P/p}"
|
| 25 |
24 |
|
| 26 |
|
SCTP_VER="1.2"
|
| 27 |
|
SCTP_PATCH="${PARCH}-sctp-${SCTP_VER}.patch.xz"
|
| 28 |
|
|
| 29 |
25 |
X509_VER="14.1.1"
|
| 30 |
26 |
X509_PATCH="${PARCH}+x509-${X509_VER}.diff.gz"
|
|
27 |
X509_PATCH="${X509_PATCH/p2/p1}"
|
| 31 |
28 |
X509_GLUE_PATCH="openssh-${PV}-X509-glue-${X509_VER}.patch"
|
| 32 |
|
X509_HPN_GLUE_PATCH="openssh-9.3_p1-hpn-${HPN_VER}-X509-${X509_VER}-glue.patch"
|
|
29 |
X509_HPN_GLUE_PATCH="${MY_P}-hpn-${HPN_VER}-X509-${X509_VER}-glue.patch"
|
| 33 |
30 |
|
| 34 |
|
DESCRIPTION="Port of OpenBSD's free SSH release with HPN/SCTP/X509 patches"
|
|
31 |
DESCRIPTION="Port of OpenBSD's free SSH release with HPN/X509 patches"
|
| 35 |
32 |
HOMEPAGE="https://www.openssh.com/"
|
| 36 |
33 |
SRC_URI="mirror://openbsd/OpenSSH/portable/${PARCH}.tar.gz
|
| 37 |
|
${SCTP_PATCH:+sctp? ( https://dev.gentoo.org/~chutzpah/dist/openssh/${SCTP_PATCH} )}
|
| 38 |
34 |
${HPN_VER:+hpn? (
|
| 39 |
35 |
$(printf "mirror://sourceforge/project/hpnssh/Patches/${HPN_PATCH_DIR}/%s\n" "${HPN_PATCHES[@]}")
|
| 40 |
36 |
https://dev.gentoo.org/~chutzpah/dist/openssh/${HPN_GLUE_PATCH}.xz
|
| ... | ... | |
| 51 |
47 |
|
| 52 |
48 |
LICENSE="BSD GPL-2"
|
| 53 |
49 |
SLOT="0"
|
| 54 |
|
#KEYWORDS="~amd64"
|
|
50 |
KEYWORDS="~amd64"
|
| 55 |
51 |
# Probably want to drop ssl defaulting to on in a future version.
|
| 56 |
|
IUSE="abi_mips_n32 audit debug hpn kerberos ldns libedit livecd pam +pie sctp security-key selinux +ssl static test X X509 xmss"
|
|
52 |
IUSE="abi_mips_n32 audit debug hpn kerberos ldns libedit livecd pam +pie security-key selinux +ssl static test X X509 xmss"
|
| 57 |
53 |
|
| 58 |
54 |
RESTRICT="!test? ( test )"
|
| 59 |
55 |
|
| ... | ... | |
| 62 |
58 |
ldns? ( ssl )
|
| 63 |
59 |
pie? ( !static )
|
| 64 |
60 |
static? ( !kerberos !pam )
|
| 65 |
|
X509? ( !sctp ssl !xmss )
|
|
61 |
X509? ( ssl !xmss )
|
| 66 |
62 |
xmss? ( ssl )
|
| 67 |
63 |
test? ( ssl )
|
| 68 |
64 |
"
|
| ... | ... | |
| 77 |
73 |
net-libs/ldns[ecdsa(+),ssl(+)]
|
| 78 |
74 |
)
|
| 79 |
75 |
libedit? ( dev-libs/libedit:=[static-libs(+)] )
|
| 80 |
|
sctp? ( net-misc/lksctp-tools[static-libs(+)] )
|
| 81 |
76 |
security-key? ( >=dev-libs/libfido2-1.5.0:=[static-libs(+)] )
|
| 82 |
77 |
selinux? ( >=sys-libs/libselinux-1.28[static-libs(+)] )
|
| 83 |
78 |
ssl? ( >=dev-libs/openssl-1.1.1l-r1:0=[static-libs(+)] )
|
| ... | ... | |
| 134 |
129 |
local missing=()
|
| 135 |
130 |
check_feature() { use "${1}" && [[ -z ${!2} ]] && missing+=( "${1}" ); }
|
| 136 |
131 |
check_feature hpn HPN_VER
|
| 137 |
|
check_feature sctp SCTP_PATCH
|
| 138 |
132 |
check_feature X509 X509_PATCH
|
| 139 |
133 |
if [[ ${#missing[@]} -ne 0 ]] ; then
|
| 140 |
134 |
eerror "Sorry, but this version does not yet support features"
|
| ... | ... | |
| 195 |
189 |
PATCHSET_VERSION_MACROS+=( 'SSH_X509' )
|
| 196 |
190 |
fi
|
| 197 |
191 |
|
| 198 |
|
if use sctp ; then
|
| 199 |
|
eapply "${WORKDIR}"/${SCTP_PATCH%.*}
|
| 200 |
|
|
| 201 |
|
einfo "Patching version.h to expose SCTP patch set ..."
|
| 202 |
|
sed -i \
|
| 203 |
|
-e "/^#define SSH_PORTABLE/a #define SSH_SCTP \"-sctp-${SCTP_VER}\"" \
|
| 204 |
|
"${S}"/version.h || die "Failed to sed-in SCTP patch version"
|
| 205 |
|
PATCHSET_VERSION_MACROS+=( 'SSH_SCTP' )
|
| 206 |
|
|
| 207 |
|
einfo "Disabling known failing test (cfgparse) caused by SCTP patch ..."
|
| 208 |
|
sed -i \
|
| 209 |
|
-e "/\t\tcfgparse \\\/d" \
|
| 210 |
|
"${S}"/regress/Makefile || die "Failed to disable known failing test (cfgparse) caused by SCTP patch"
|
| 211 |
|
fi
|
| 212 |
|
|
| 213 |
192 |
if use hpn ; then
|
| 214 |
193 |
local hpn_patchdir="${T}/openssh-${PV}-hpn${HPN_VER}"
|
| 215 |
194 |
mkdir "${hpn_patchdir}" || die
|
| ... | ... | |
| 217 |
196 |
pushd "${hpn_patchdir}" &>/dev/null || die
|
| 218 |
197 |
eapply "${WORKDIR}/${HPN_GLUE_PATCH}"
|
| 219 |
198 |
use X509 && eapply "${WORKDIR}/${X509_HPN_GLUE_PATCH}"
|
| 220 |
|
use sctp && eapply "${FILESDIR}"/openssh-8.5_p1-hpn-${HPN_VER}-sctp-glue.patch
|
| 221 |
199 |
popd &>/dev/null || die
|
| 222 |
200 |
|
| 223 |
201 |
eapply "${hpn_patchdir}"
|
| ... | ... | |
| 256 |
234 |
fi
|
| 257 |
235 |
fi
|
| 258 |
236 |
|
| 259 |
|
if use X509 || use sctp || use hpn ; then
|
|
237 |
if use X509 || use hpn ; then
|
| 260 |
238 |
einfo "Patching sshconnect.c to use SSH_RELEASE in send_client_banner() ..."
|
| 261 |
239 |
sed -i \
|
| 262 |
240 |
-e "s/PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION/PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_RELEASE/" \
|
| ... | ... | |
| 324 |
302 |
--with-hardening
|
| 325 |
303 |
$(use_with audit audit linux)
|
| 326 |
304 |
$(use_with kerberos kerberos5 "${EPREFIX}"/usr)
|
| 327 |
|
# We apply the sctp patch conditionally, so can't pass --without-sctp
|
| 328 |
|
# unconditionally else we get unknown flag warnings.
|
| 329 |
|
$(use sctp && use_with sctp)
|
| 330 |
305 |
$(use_with ldns)
|
| 331 |
306 |
$(use_with libedit)
|
| 332 |
307 |
$(use_with pam)
|
