author: Marcus Alves Grando <mnag@FreeBSD.org> 2006-02-07 20:07:54 +0000
committer: Marcus Alves Grando <mnag@FreeBSD.org> 2006-02-07 20:07:54 +0000
commit: b62a23c6c726c2d172d7f0a909dcdc8521ee6a19 (patch)
tree: 0512ca2dfbc32f74a431ab060f1a7c9af977a093 /security/openssh-portable
parent: 6fae4e91b2b364cf4b21d2ef0581578b3def0ca8 (diff)
8 files changed, 194 insertions, 88 deletions
diff --git a/security/openssh-portable/Makefile b/security/openssh-portable/Makefile
index 8027865201e1..940566e6ba11 100644
--- a/security/openssh-portable/Makefile
+++ b/security/openssh-portable/Makefile
@@ -6,7 +6,7 @@
 #
 
 PORTNAME=	openssh
-PORTVERSION=	4.2.0.0
+DISTVERSION=	4.3p1
 PORTEPOCH=	1
 CATEGORIES=	security ipv6
 MASTER_SITES=	ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/%SUBDIR%/ \
@@ -19,19 +19,17 @@ DISTNAME=	# empty
 MAINTAINER=	mnag@FreeBSD.org
 COMMENT=	The portable version of OpenBSD's OpenSSH
 
-OPENSSHVERSION=	4.2p1
-
 .if defined(OPENSSH_SNAPSHOT)
 PORTREVISION!=		date -v-1d +%Y%m%d
 NO_CHECKSUM=		yes
 MASTER_SITE_SUBDIR+=	snapshot
 DISTNAME+=		${PORTNAME}-SNAP-${PORTREVISION}
-WRKSRC=			${WRKDIR}/${PORTNAME}
 .else
-DISTNAME+=		${PORTNAME}-${OPENSSHVERSION}
-WRKSRC=			${WRKDIR}/${PORTNAME}-${OPENSSHVERSION}
+DISTNAME+=		${PORTNAME}-${DISTVERSION}
 .endif
 
+WRKSRC=			${WRKDIR}/${PORTNAME}-${DISTVERSION}
+
 MAN1=	sftp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 scp.1 ssh.1
 MLINKS=	ssh.1 slogin.1
 MAN5=	ssh_config.5 sshd_config.5
@@ -54,24 +52,48 @@ PORTABLE_SUFFIX=	-portable
 SUDO?=		# empty
 MAKE_ENV+=	SUDO="${SUDO}"
 
-OPTIONS=	SUID_SSH	"Enable suid SSH (Recommended off)"	off \
+OPTIONS=	PAM		"Enable pam(3) support"			on \
+		TCP_WRAPPERS	"Enable tcp_wrappers support"		on \
+		LIBEDIT		"Enable readline support to sftp(1)"	on \
+		KERBEROS	"Enable kerberos (autodetection)"	on \
+		SUID_SSH	"Enable suid SSH (Recommended off)"	off \
 		GSSAPI		"Enable GSSAPI support"			off \
-		OPENSSH_CHROOT	"Enable CHROOT support"			off
+		OPENSSH_CHROOT	"Enable CHROOT support"			off \
+		HPN		"Enable HPN-11 SSH/SCP patch"		off \
+		HPN_NONECIPHER	"Enable HPN-11 with None Cipher patch"	off \
+		OVERWRITE_BASE	"OpenSSH overwrite base"		off
 
 .include <bsd.port.pre.mk>
 
-.if exists(/usr/include/security/pam_modules.h)
+# Preserve deprecated OPENSSH_OVERWRITE_BASE settings
+.if defined(OPENSSH_OVERWRITE_BASE)
+WITH_OVERWRITE_BASE=	yes
+.endif
+
+.if !defined(WITHOUT_PAM) && exists(/usr/include/security/pam_modules.h)
 CONFIGURE_ARGS+=	--with-pam
 .endif
 
-.if exists(/usr/include/tcpd.h)
+.if !defined(WITHOUT_TCP_WRAPPERS) && exists(/usr/include/tcpd.h)
 CONFIGURE_ARGS+=	--with-tcp-wrappers
 .endif
 
+.if !defined(WITHOUT_LIBEDIT)
+.if ${OSVERSION} > 500000
+CONFIGURE_ARGS+=	--with-libedit
+.else
+.if !defined(WITH_OVERWRITE_BASE)
+LIB_DEPENDS+=		edit.6:${PORTSDIR}/devel/libedit
+CONFIGURE_ARGS+=	--with-libedit=${LOCALBASE}
+.endif
+.endif
+.endif
+
 .if !defined(WITH_SUID_SSH)
 CONFIGURE_ARGS+=	--disable-suid-ssh
 .endif
 
+.if !defined(WITHOUT_KERBEROS)
 .if defined(KRB5_HOME) && exists(${KRB5_HOME}) || defined(WITH_GSSAPI)
 PORTABLE_SUFFIX=	# empty
 GSSAPI_SUFFIX=		-gssapi
@@ -84,34 +106,51 @@ LDFLAGS=		# empty
 .else
 CONFLICTS+=		openssh-gssapi-*-[0-9]*
 CONFIGURE_ARGS+=	--with-rpath=${OPENSSLRPATH}
-.if !defined(WITHOUT_KERBEROS) && exists(/usr/include/krb5.h)
+.if exists(/usr/include/krb5.h)
 CONFIGURE_ARGS+=	--with-kerberos5
 EXTRA_PATCHES+=		${FILESDIR}/gss-serv.c.patch
 .endif
 .endif
+.endif
 
 .if ${OPENSSLBASE} != "/usr"
 CONFIGURE_ARGS+=	--with-ssl-dir=${OPENSSLBASE}
 .endif
 
-.if defined(BATCH)
-EXTRA_PATCHES+=		${FILESDIR}/batch.patch
-.endif
-
 .if defined(WITH_OPENSSH_CHROOT)
 CFLAGS+=		-DCHROOT
 .endif
 
-.if defined(OPENSSH_OVERWRITE_BASE)
+.if defined(WITH_HPN)
+.if defined(WITH_HPN_NONECIPHER)
+IGNORE=			please, select only one HPN patch. Rerun 'make config'
+.endif
+PATCH_DIST_STRIP=	-p1
+PATCH_SITES+=		http://www.psc.edu/networking/projects/hpn-ssh/
+PATCHFILES+=		openssh-${DISTVERSION}-hpn11.diff
+.endif
+
+.if defined(WITH_HPN_NONECIPHER)
+.if defined(WITH_HPN)
+IGNORE=			please, select only one HPN patch. Rerun 'make config'
+.endif
+PATCH_DIST_STRIP=	-p1
+PATCH_SITES+=		http://www.psc.edu/networking/projects/hpn-ssh/
+PATCHFILES+=		openssh-${DISTVERSION}-hpn11-none.diff
+.endif
+
+.if defined(WITH_OVERWRITE_BASE)
 WITH_OPENSSL_BASE=	yes
 BASE_SUFFIX=		-overwrite-base
 CONFIGURE_ARGS+=	--mandir=${PREFIX}/share/man --localstatedir=/var
 EMPTYDIR=		/var/empty
 PREFIX=			/usr
 ETCSSH=			/etc/ssh
+USE_RC_SUBR=		yes
+SUB_FILES+=		openssh
+SUB_LIST+=		ETCSSH="${ETCSSH}"
 PLIST_SUB+=		NOTBASE="@comment "
 PLIST_SUB+=		BASE=""
-PKGMESSAGE=		pkg-message.empty
 .else
 .if exists(/var/empty)
 EMPTYDIR=		/var/empty
@@ -119,6 +158,8 @@ EMPTYDIR=		/var/empty
 EMPTYDIR=		${PREFIX}/empty
 .endif
 ETCSSH=			${PREFIX}/etc/ssh
+USE_RC_SUBR=		openssh
+SUB_LIST+=		ETCSSH="${ETCSSH}"
 PLIST_SUB+=		NOTBASE=""
 PLIST_SUB+=		BASE="@comment "
 .endif
@@ -127,15 +168,17 @@ PLIST_SUB+=		BASE="@comment "
 PLIST_SUB+=		EMPTYDIR="${EMPTYDIR}"
 CONFIGURE_ARGS+=	--sysconfdir=${ETCSSH} --with-privsep-path=${EMPTYDIR}
 
+post-extract:
+.if defined(OPENSSH_SNAPSHOT)
+	@# rc.d script have same name of openssh snapshot dir
+	@${MV} ${WRKDIR}/${PORTNAME} ${WRKDIR}/${PORTNAME}-${DISTVERSION}
+.endif
+
 post-patch:
 	@${REINPLACE_CMD} -e 's|-ldes|-lcrypto|g' ${WRKSRC}/configure
 
-post-configure:
-	${SED} -e 's:__PREFIX__:${PREFIX}:g' \
-		${FILESDIR}/sshd.sh > ${WRKSRC}/sshd.sh
-
 pre-install:
-.if defined(OPENSSH_OVERWRITE_BASE)
+.if defined(WITH_OVERWRITE_BASE)
 	@${MKDIR} ${EMPTYDIR}
 .else
 	@${MKDIR} ${PREFIX}/empty
@@ -154,14 +197,23 @@ pre-install:
 .endfor
 
 post-install:
-.if !defined(OPENSSH_OVERWRITE_BASE)
-	${INSTALL_SCRIPT} ${WRKSRC}/sshd.sh ${PREFIX}/etc/rc.d/sshd.sh.sample
-.endif
+.if !defined(WITH_OVERWRITE_BASE)
 	${INSTALL_DATA} -c ${WRKSRC}/ssh_config.out ${ETCSSH}/ssh_config-dist
 	${INSTALL_DATA} -c ${WRKSRC}/sshd_config.out ${ETCSSH}/sshd_config-dist
-.if !defined(OPENSSH_OVERWRITE_BASE)
-	@${CAT} ${PKGMESSAGE}
 .endif
+.if defined(WITH_OVERWRITE_BASE)
+	@${ECHO_CMD} "===> Installing rc.d startup script(s)"
+	@${ECHO_CMD} "@cwd ${LOCALBASE}" >> ${TMPPLIST}
+.if ${OSVERSION} >= 700007
+	@${INSTALL_SCRIPT} ${WRKDIR}/openssh ${LOCALBASE}/etc/rc.d/openssh
+	@${ECHO_CMD} "etc/rc.d/openssh" >> ${TMPPLIST}
+.else
+	@${INSTALL_SCRIPT} ${WRKDIR}/openssh ${LOCALBASE}/etc/rc.d/openssh.sh
+	@${ECHO_CMD} "etc/rc.d/openssh.sh" >> ${TMPPLIST}
+.endif
+	@${ECHO_CMD} "@cwd ${PREFIX}" >> ${TMPPLIST}
+.endif
+	@${CAT} ${PKGMESSAGE}
 
 test:	build
 	(cd ${WRKSRC}/regress && ${SETENV} ${MAKE_ENV} TEST_SHELL=/bin/sh \
diff --git a/security/openssh-portable/distinfo b/security/openssh-portable/distinfo
index e356743dbd80..4ac3dc77711d 100644
--- a/security/openssh-portable/distinfo
+++ b/security/openssh-portable/distinfo
@@ -1,3 +1,9 @@
-MD5 (openssh-4.2p1.tar.gz) = df899194a340c933944b193477c628fa
-SHA256 (openssh-4.2p1.tar.gz) = 2a61e84b36958c0af19e4f6f9f3e27f8ed432a5188d654e26602402fd4047f6d
-SIZE (openssh-4.2p1.tar.gz) = 914165
+MD5 (openssh-4.3p1.tar.gz) = eaeb880b1b6c63b9a4d7c5b1e74727c4
+SHA256 (openssh-4.3p1.tar.gz) = 7a4e356742190901e458b7526f91dfa24c66babbcd24d55cf7eac282266f5254
+SIZE (openssh-4.3p1.tar.gz) = 940777
+MD5 (openssh-4.3p1-hpn11.diff) = 7dd2a6716b81da33af4ca960185fdd1b
+SHA256 (openssh-4.3p1-hpn11.diff) = 0a0b0e07bd845fdbf2112769c426a3b47b795076c8459f6dbc3e7c9060abb740
+SIZE (openssh-4.3p1-hpn11.diff) = 11024
+MD5 (openssh-4.3p1-hpn11-none.diff) = bf4f192a36bbee39ea23423ab06b0fb6
+SHA256 (openssh-4.3p1-hpn11-none.diff) = ed9abd22a463e4aedaaac4fc04747741bbf8cddf32fa07e9d91433221cdf9dc3
+SIZE (openssh-4.3p1-hpn11-none.diff) = 16617
diff --git a/security/openssh-portable/files/gss-serv.c.patch b/security/openssh-portable/files/gss-serv.c.patch
index 434f71e6d057..1beb4a3008a7 100644
--- a/security/openssh-portable/files/gss-serv.c.patch
+++ b/security/openssh-portable/files/gss-serv.c.patch
@@ -1,18 +1,19 @@
---- gss-serv.c.DIST	Tue Sep  2 14:56:42 2003
-+++ gss-serv.c	Mon Oct  6 17:56:23 2003
-@@ -138,6 +138,15 @@
+--- gss-serv.c.orig	Sat Nov  5 02:07:05 2005
++++ gss-serv.c	Thu Feb  2 22:45:37 2006
+@@ -134,6 +134,16 @@
  	OM_uint32 offset;
  	OM_uint32 oidl;
  
 +#if defined(HEIMDAL)
 +	if (strcmp(heimdal_version, "Heimdal 0.6") < 0) {
-+	    name->length = ename->length;
-+	    name->value = xmalloc(name->length+1);
-+	    memcpy(name->value,ename->value,name->length);
-+	    ((char *)name->value)[name->length] = 0;
-+	    return GSS_S_COMPLETE;
++		name->length = ename->length;
++		name->value = xmalloc(name->length+1);
++		memcpy(name->value,ename->value,name->length);
++		((char *)name->value)[name->length] = 0;
++		return GSS_S_COMPLETE;
 +	}
 +#endif
- 	tok=ename->value;
++
+ 	tok = ename->value;
  
  	/*
diff --git a/security/openssh-portable/files/openssh.in b/security/openssh-portable/files/openssh.in
new file mode 100644
index 000000000000..88eb3282e456
--- /dev/null
+++ b/security/openssh-portable/files/openssh.in
@@ -0,0 +1,85 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+# PROVIDE: openssh
+# REQUIRE: DAEMON
+#
+# Add the following lines to /etc/rc.conf to enable openssh:
+#
+# openssh_enable (bool):	Set it to "YES" to enable openssh.
+#				Default is "NO".
+# openssh_flags (flags):	Set extra flags to openssh.
+#				Default is "". see sshd(1).
+# openssh_pidfile (path):	Set full path to pid file.
+#				Default is "/var/run/sshd.pid".
+#
+
+. %%RC_SUBR%%
+
+name="openssh"
+rcvar=${name}_enable
+
+command=%%PREFIX%%/sbin/sshd
+extra_commands="reload"
+
+pidfile=${openssh_pidfile}
+
+start_precmd="${name}_checks"
+restart_precmd="${name}_checks"
+
+openssh_checks()
+{
+	if checkyesno sshd_enable ; then
+		err 1 "sshd_enable is set. Please set sshd_enable to NO in your rc.conf"
+	fi
+
+	if [ ! -f %%ETCSSH%%/ssh_host_key -o \
+		! -f %%ETCSSH%%/ssh_host_dsa_key -o \
+		! -f %%ETCSSH%%/ssh_host_rsa_key ]; then
+
+		umask 022
+
+		# Can't do anything if ssh is not installed
+		[ -x %%PREFIX%%/bin/ssh-keygen ] || {
+			err 1 "%%PREFIX%%/bin/ssh-keygen does not exist."
+		}
+
+		if [ -f %%ETCSSH%%/ssh_host_key ]; then
+			echo "You already have an RSA host key" \
+				"in %%ETCSSH%%/ssh_host_key"
+			echo "Skipping protocol version 1 RSA Key Generation"
+		else
+			%%PREFIX%%/bin/ssh-keygen -t rsa1 -b 1024 \
+				-f %%ETCSSH%%/ssh_host_key -N ''
+		fi
+
+		if [ -f %%ETCSSH%%/ssh_host_dsa_key ]; then
+			echo "You already have a DSA host key" \
+				"in %%ETCSSH%%/ssh_host_dsa_key"
+			echo "Skipping protocol version 2 DSA Key Generation"
+		else
+			%%PREFIX%%/bin/ssh-keygen -t dsa \
+				-f %%ETCSSH%%/ssh_host_dsa_key -N ''
+		fi
+
+		if [ -f %%ETCSSH%%/ssh_host_rsa_key ]; then
+			echo "You already have a RSA host key" \
+				"in %%ETCSSH%%/ssh_host_rsa_key"
+			echo "Skipping protocol version 2 RSA Key Generation"
+		else
+			%%PREFIX%%/bin/ssh-keygen -t rsa \
+				-f %%ETCSSH%%/ssh_host_rsa_key -N ''
+		fi
+
+	fi
+
+	eval "${command} -t"
+}
+
+load_rc_config $name
+
+: ${openssh_enable="NO"}
+: ${openssh_pidfile="/var/run/sshd.pid"}
+
+run_rc_command "$1"
diff --git a/security/openssh-portable/files/batch.patch b/security/openssh-portable/files/patch-Makefile.in
index a2fa6dcc9da6..f3b3c1caad26 100644
--- a/security/openssh-portable/files/batch.patch
+++ b/security/openssh-portable/files/patch-Makefile.in
@@ -5,7 +5,7 @@
  	(cd scard && $(MAKE) -f Makefile.in distprep)
  
 -install: $(CONFIGFILES) ssh_prng_cmds.out $(MANPAGES) $(TARGETS) install-files install-sysconf host-key check-config
-+install: $(CONFIGFILES) ssh_prng_cmds.out $(MANPAGES) $(TARGETS) install-files install-sysconf check-config
++install: $(CONFIGFILES) ssh_prng_cmds.out $(MANPAGES) $(TARGETS) install-files install-sysconf
  install-nokeys: $(CONFIGFILES) ssh_prng_cmds.out $(MANPAGES) $(TARGETS) install-files install-sysconf
  install-nosysconf: $(CONFIGFILES) ssh_prng_cmds.out $(MANPAGES) $(TARGETS) install-files
  
diff --git a/security/openssh-portable/files/sshd.sh b/security/openssh-portable/files/sshd.sh
deleted file mode 100644
index a08d61e67a6d..000000000000
--- a/security/openssh-portable/files/sshd.sh
+++ /dev/null
@@ -1,24 +0,0 @@
-#!/bin/sh
-case "$1" in
-start)
-	__PREFIX__/sbin/sshd
-	echo -n ' sshd'
-	;;
-stop)
-	if [ -f /var/run/sshd.pid ]; then
-		kill -TERM `cat /var/run/sshd.pid`
-		rm -f /var/run/sshd.pid
-		echo -n ' sshd'
-	fi
-	;;
-restart)
-	if [ -f /var/run/sshd.pid ]; then
-		kill -HUP `cat /var/run/sshd.pid`
-		echo 'sshd restarted'
-	fi
-	;;
-*)
-	echo "Usage: ${0##*/}: { start | stop | restart }" >&2
-	exit 64
-	;;
-esac
diff --git a/security/openssh-portable/pkg-message b/security/openssh-portable/pkg-message
index b0908ddd4486..07a8d4e82873 100644
--- a/security/openssh-portable/pkg-message
+++ b/security/openssh-portable/pkg-message
@@ -1,12 +1,8 @@
-To enable this port, please add sshd_program=/usr/local/sbin/sshd and make
-sure sshd_enable is set to YES in your /etc/rc.conf
+To enable this port, add openssh_enable="YES" in your rc.conf. To
+prevent conflict with openssh in the base system add sshd_enable="NO"
+in your rc.conf.
 
-You may also want to put NO_OPENSSH=    true in your /etc/make.conf
-and make sure your path is setup to /usr/local/bin before /usr/bin so that
-you are running the port version of openssh and not the version that comes
-with FreeBSD
-
-'PermitRootLogin no' is the new default for the OpenSSH port.
+'PermitRootLogin no' is the default for the OpenSSH port.
 This now matches the PermitRootLogin configuration of OpenSSH in
 the base system.  Please be aware of this when upgrading your
 OpenSSH port, and if truly necessary, re-enable remote root login
diff --git a/security/openssh-portable/pkg-plist b/security/openssh-portable/pkg-plist
index a20e02c1426b..a3b89974bf1e 100644
--- a/security/openssh-portable/pkg-plist
+++ b/security/openssh-portable/pkg-plist
@@ -7,32 +7,22 @@ bin/ssh-add
 bin/ssh-agent
 bin/ssh-keygen
 bin/ssh-keyscan
-%%NOTBASE%%etc/rc.d/sshd.sh.sample
 %%NOTBASE%%etc/ssh/moduli
-%%NOTBASE%%@exec [ -f %D/etc/ssh_config ] && [ ! -f %D/etc/ssh/ssh_config ] && ln %D/etc/ssh_config %D/etc/ssh/ssh_config
-%%NOTBASE%%@exec [ -f %D/etc/sshd_config ] && [ ! -f %D/etc/ssh/sshd_config ] && ln %D/etc/sshd_config %D/etc/ssh/sshd_config
-%%NOTBASE%%@exec [ -f %D/etc/ssh_host_key ] && [ ! -f %D/etc/ssh/ssh_host_key ] && ln %D/etc/ssh_host_key %D/etc/ssh/ssh_host_key
-%%NOTBASE%%@exec [ -f %D/etc/ssh_host_key.pub ] && [ ! -f %D/etc/ssh/ssh_host_key.pub ] && ln %D/etc/ssh_host_key.pub %D/etc/ssh/ssh_host_key.pub
-%%NOTBASE%%@exec [ -f %D/etc/ssh_host_rsa_key ] && [ ! -f %D/etc/ssh/ssh_host_rsa_key ] && ln %D/etc/ssh_host_rsa_key %D/etc/ssh/ssh_host_rsa_key
-%%NOTBASE%%@exec [ -f %D/etc/ssh_host_rsa_key.pub ] && [ ! -f %D/etc/ssh/ssh_host_rsa_key.pub ] && ln %D/etc/ssh_host_rsa_key.pub %D/etc/ssh/ssh_host_rsa_key.pub
-%%NOTBASE%%@exec [ -f %D/etc/ssh_host_dsa_key ] && [ ! -f %D/etc/ssh/ssh_host_dsa_key ] && ln %D/etc/ssh_host_dsa_key %D/etc/ssh/ssh_host_dsa_key
-%%NOTBASE%%@exec [ -f %D/etc/ssh_host_dsa_key.pub ] && [ ! -f %D/etc/ssh/ssh_host_dsa_key.pub ] && ln %D/etc/ssh_host_dsa_key.pub %D/etc/ssh/ssh_host_dsa_key.pub
+%%NOTBASE%%@exec if [ -f %D/etc/ssh_config -a ! -f %D/etc/ssh/ssh_config ]; then ln %D/etc/ssh_config %D/etc/ssh/ssh_config ; fi
+%%NOTBASE%%@exec if [ -f %D/etc/sshd_config -a ! -f %D/etc/ssh/sshd_config ]; then ln %D/etc/sshd_config %D/etc/ssh/sshd_config ; fi
 %%NOTBASE%%@unexec if cmp -s %D/etc/ssh/ssh_config %D/etc/ssh/ssh_config-dist; then rm -f %D/etc/ssh/ssh_config; fi
 %%NOTBASE%%@unexec if cmp -s %D/etc/ssh/sshd_config %D/etc/ssh/sshd_config-dist; then rm -f %D/etc/ssh/sshd_config; fi
 %%NOTBASE%%etc/ssh/ssh_config-dist
 %%NOTBASE%%etc/ssh/sshd_config-dist
-%%NOTBASE%%@exec [ ! -f %D/etc/ssh/ssh_config ] && cp %D/etc/ssh/ssh_config-dist %D/etc/ssh/ssh_config
-%%NOTBASE%%@exec [ ! -f %D/etc/ssh/sshd_config ] && cp %D/etc/ssh/sshd_config-dist %D/etc/ssh/sshd_config
-%%NOTBASE%%@dirrm etc/ssh
+%%NOTBASE%%@exec if [ ! -f %D/etc/ssh/ssh_config ]; then cp -p %D/etc/ssh/ssh_config-dist %D/etc/ssh/ssh_config ; fi
+%%NOTBASE%%@exec if [ ! -f %D/etc/ssh/sshd_config ]; then cp -p %D/etc/ssh/sshd_config-dist %D/etc/ssh/sshd_config ; fi
+%%NOTBASE%%@dirrmtry etc/ssh
 sbin/sshd
 share/Ssh.bin
 libexec/sftp-server
 libexec/ssh-keysign
-%%NOTBASE%%@exec if [ ! -f %D/etc/ssh/ssh_host_key ]; then echo ">> Generating a secret RSA1 host key."; %D/bin/ssh-keygen -t rsa1 -N "" -f %D/etc/ssh/ssh_host_key; fi
-%%NOTBASE%%@exec if [ ! -f %D/etc/ssh/ssh_host_rsa_key ]; then echo ">> Generating a secret RSA host key."; %D/bin/ssh-keygen -t rsa -N "" -f %D/etc/ssh/ssh_host_rsa_key; fi
-%%NOTBASE%%@exec if [ ! -f %D/etc/ssh/ssh_host_dsa_key ]; then echo ">> Generating a secret DSA host key."; %D/bin/ssh-keygen -t dsa -N "" -f %D/etc/ssh/ssh_host_dsa_key; fi
 %%NOTBASE%%@exec mkdir -p %D/empty
 %%NOTBASE%%@dirrm empty
-%%BASE%%@exec mkdir -p %%EMPTYDIR%%
+%%BASE%%@exec if [ ! -d %%EMPTYDIR%% ]; then mkdir -p %%EMPTYDIR%% ; fi
 @exec if ! pw groupshow sshd 2>/dev/null; then pw groupadd sshd -g 22; fi
 @exec if ! pw usershow sshd 2>/dev/null; then pw useradd sshd -g sshd -u 22 -h - -d %%EMPTYDIR%% -s /nonexistent -c "sshd privilege separation"; fi
author	Marcus Alves Grando <mnag@FreeBSD.org>	2006-02-07 20:07:54 +0000
committer	Marcus Alves Grando <mnag@FreeBSD.org>	2006-02-07 20:07:54 +0000
commit	b62a23c6c726c2d172d7f0a909dcdc8521ee6a19 (patch)
tree	0512ca2dfbc32f74a431ab060f1a7c9af977a093 /security/openssh-portable
parent	6fae4e91b2b364cf4b21d2ef0581578b3def0ca8 (diff)