openssh: add package. (#8092)

* openssh: add package.

* update.

* Update xmake.lua

* Update xmake.lua

---------

Co-authored-by: star9029 <[email protected]>

packages/o/openssh/patches/8.9p1/msys2-drive-name-in-path.patch

@@ -0,0 +1,56 @@
+From 0e80940f9ea248f519e23893d0e66079d9ee5f31 Mon Sep 17 00:00:00 2001
+From: Sam Hocevar <[email protected]>
+Date: Tue, 20 Sep 2016 10:34:18 +0200
+Subject: [PATCH] Allow scp to copy files that start with a Windows drive name.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+On Windows, “scp C:/foo/bar remotehost:” will attempt to connect to
+a remote host “C” and access file “/foo/bar”. There is currently no
+syntax or flag to allow copying files that start with a drive name.
+
+This patch changes the behaviour (only on Cygwin) by considering
+that a single letter followed by a colon is a Windows drive name
+and thus an absolute path. This is also more consistent with the
+manual page that recommends to use absolute pathnames “to avoid
+scp treating file names containing ‘:’ as host specifiers.
+
+It is still possible to access files on a machine “C” by using
+square brackets, e.g. “scp [C]:/foo/bar remotehost:”.
+
+There are countless user reports indicating that this behaviour
+is desirable:
+ - http://stackoverflow.com/q/8975798/111461
+ - http://serverfault.com/q/582048/73723
+ - http://superuser.com/q/291840/71253
+ - https://www.reddit.com/r/commandline/comments/371q5i
+ - http://stackoverflow.com/q/21587036/111461
+ - http://askubuntu.com/q/354330/12301
+ - http://superuser.com/q/338075/71253
+ - https://ubuntuforums.org/archive/index.php/t-1131655.html
+ - http://www.linuxquestions.org/questions/linux-newbie-8/transfer-files-from-linux-to-windows-pscp-4175530524/
+
+Signed-off-by: Sam Hocevar <[email protected]>
+---
+ misc.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/misc.c b/misc.c
+index 9421b4d..cd10287 100644
+--- a/misc.c
++++ b/misc.c
+@@ -435,6 +435,10 @@ colon(char *cp)
+ 
+ 	if (*cp == ':')		/* Leading colon is part of file name. */
+ 		return NULL;
++#ifdef HAVE_CYGWIN
++	if (isalpha(*cp) && *(cp+1) == ':')	/* Do not split at drive name. */
++		return NULL;
++#endif
+ 	if (*cp == '[')
+ 		flag = 1;
+ 
+-- 
+2.9.3
+

packages/o/openssh/patches/8.9p1/msys2-setkey.patch

@@ -0,0 +1,33 @@
+From 0490e734e4023964d4662c07a5ac109747b8e0af Mon Sep 17 00:00:00 2001
+From: Johannes Schindelin <[email protected]>
+Date: Mon, 22 Aug 2016 17:09:20 +0200
+Subject: [PATCH] openssh: work around Cygwin declaring setkey
+
+When _XOPEN_SOURCE is defined, setkey() is declared in
+/usr/include/stdlib.h in a manner that is incompatible with
+/usr/include/crypt.h.
+
+Let's work around that.
+
+Signed-off-by: Johannes Schindelin <[email protected]>
+---
+ includes.h | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/includes.h b/includes.h
+index 497a038..4f9e233 100644
+--- a/includes.h
++++ b/includes.h
+@@ -21,5 +21,9 @@
+ #define _GNU_SOURCE /* activate extra prototypes for glibc */
+ #endif
+ 
++#define setkey CYGWIN_setkey
++#include <stdlib.h>
++#undef setkey
++
+ #include <sys/types.h>
+ #include <sys/socket.h> /* For CMSG_* */
+-- 
+2.9.1
+

packages/o/openssh/patches/8.9p1/msys2.patch

@@ -0,0 +1,43 @@
+From 3018c32948c66b246b1020dea40f4e8688fae61a Mon Sep 17 00:00:00 2001
+From: Johannes Schindelin <[email protected]>
+Date: Mon, 22 Aug 2016 09:17:42 +0200
+Subject: [PATCH] Forward-port MSys2 patches
+
+Signed-off-by: Johannes Schindelin <[email protected]>
+---
+ config.guess                     |     3 +
+ configure.ac                     |     2 +-
+ contrib/cygwin/Makefile          |     2 +-
+ openbsd-compat/bsd-cygwin_util.c |     2 +-
+ regress/agent-ptrace.sh          |     2 +-
+ regress/reexec.sh                |     2 +-
+ regress/sftp-cmds.sh             |     4 +-
+ regress/test-exec.sh             |     7 +
+ 10 files changed, 13385 insertions(+), 30689 deletions(-)
+
+diff --git a/contrib/cygwin/Makefile b/contrib/cygwin/Makefile
+index a0261f4..2fdb676 100644
+--- a/contrib/cygwin/Makefile
++++ b/contrib/cygwin/Makefile
+@@ -7,7 +7,7 @@ datadir=$(prefix)/share
+ mandir=$(datadir)/man
+ docdir=$(datadir)/doc
+ sshdocdir=$(docdir)/openssh
+-cygdocdir=$(docdir)/Cygwin
++cygdocdir=$(docdir)/MSYS
+ sysconfdir=/etc
+ defaultsdir=$(sysconfdir)/defaults/etc
+ inetdefdir=$(defaultsdir)/inetd.d
+diff --git a/openbsd-compat/bsd-cygwin_util.c b/openbsd-compat/bsd-cygwin_util.c
+index 8672ccf..f36a207 100644
+--- a/openbsd-compat/bsd-cygwin_util.c
++++ b/openbsd-compat/bsd-cygwin_util.c
+@@ -83,7 +83,7 @@ static struct wenv {
+ 	{ NL("ALLUSERSPROFILE=") },
+ 	{ NL("COMPUTERNAME=") },
+ 	{ NL("COMSPEC=") },
+-	{ NL("CYGWIN=") },
++	{ NL("MSYS=") },
+ 	{ NL("OS=") },
+ 	{ NL("PATH=") },
+ 	{ NL("PATHEXT=") },

packages/o/openssh/xmake.lua

@@ -0,0 +1,173 @@
+package("openssh")
+    set_kind("binary")
+    set_description("OpenSSH is a complete implementation of the SSH protocol (version 2) for secure remote login, command execution and file transfer.")
+    set_license("BSD-2-Clause")
+
+    add_urls("https://cloudflare.cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-$(version).tar.gz",
+             "https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-$(version).tar.gz",
+             "https://mirror.leaseweb.com/pub/OpenBSD/OpenSSH/portable/openssh-$(version).tar.gz",
+             "https://mirrors.aliyun.com/pub/OpenBSD/OpenSSH/portable/openssh-$(version).tar.gz",
+             "https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-$(version).tar.gz")
+    add_versions("10.0p2", "021a2e709a0edf4250b1256bd5a9e500411a90dddabea830ed59cef90eb9d85c")
+
+    add_configs("libcrypto", {description = "Select a crypto backend.", type = "string", default = "openssl3", values = {"builtin", "libressl", "openssl", "openssl3"}})
+    add_configs("zlib",      {description = "Enable compression support.", type = "boolean", default = true})
+    add_configs("kerberos5", {description = "Enable Kerberos 5 support.", type = "boolean", default = false})
+
+    add_configs("largefile",         {description = "Enable support for large files.", type = "boolean", default = true})
+    add_configs("pkcs11",            {description = "Enable PKCS#11 support.", type = "boolean", default = true})
+    add_configs("security_key",      {description = "Enable U2F/FIDO support.", type = "boolean", default = true})
+    add_configs("strip",             {description = "Enable calling strip(1) on install.", type = "boolean", default = true})
+    add_configs("etc_default_login", {description = "Enable using PATH from /etc/default/login.", type = "boolean", default = true})
+    add_configs("fd_passing",        {description = "Enable file descriptor passsing.", type = "boolean", default = true})
+    add_configs("lastlog",           {description = "If detected, enable use of lastlog.", type = "boolean", default = true})
+    add_configs("utmp",              {description = "If detected, enable use of utmp.", type = "boolean", default = true})
+    add_configs("utmpx",             {description = "If detected, enable use of utmpx.", type = "boolean", default = true})
+    add_configs("wtmp",              {description = "If detected, enable use of utmpx.", type = "boolean", default = true})
+    add_configs("wtmpx",             {description = "If detected, enable use of utmpx.", type = "boolean", default = true})
+    add_configs("libutil",           {description = "Enable use of libutil. (login() etc.)", type = "boolean", default = true})
+    add_configs("pututline",         {description = "Enable use of pututline() etc. (uwtmp)", type = "boolean", default = true})
+    add_configs("pututxline",        {description = "Enable use of pututxline() etc. (uwtmpx)", type = "boolean", default = true})
+
+    add_configs("stackprotect",            {description = "Use compiler's stack protection.", type = "boolean", default = nil})
+    add_configs("hardening",               {description = "Use toolchain hardening flags.", type = "boolean", default = nil})
+    add_configs("retpoline",               {description = "Enable retpoline spectre mitigation.", type = "boolean", default = nil})
+    add_configs("linux_memlock_onfault",   {description = "Enables memory locking on Linux.", type = "boolean", default = nil})
+    add_configs("security_key_builtin",    {description = "Include builtin U2F/FIDO support.", type = "boolean", default = nil})
+    add_configs("security_key_standalone", {description = "Build standalone sk-libfido2 SecurityKeyProvider.", type = "boolean", default = nil})
+    add_configs("ssl_engine",              {description = "Enable OpenSSL (hardware) ENGINE support.", type = "boolean", default = nil})
+    add_configs("prngd_port",              {description = "Read entropy from PRNGD/EGD TCP localhost:PORT", type = "number", default = nil})
+    add_configs("prngd_socket",            {description = "Read entropy from PRNGD/EGD socket FILE.", type = "string", default = nil})
+    add_configs("pam",                     {description = "Enable PAM support.", type = "boolean", default = nil})
+    add_configs("pam_service",             {description = "Specify PAM service name.", type = "string", default = nil})
+    add_configs("privsep_user",            {description = "Specify non-privileged user for privilege separation.", type = "string", default = nil})
+    add_configs("sandbox",                 {description = "Specify privilege separation sandbox.", type = "string", default = nil, values = {"no", "capsicum", "darwin", "rlimit", "seccomp_filter"}})
+    add_configs("selinux",                 {description = "Enable SELinux support.", type = "boolean", default = nil})
+    add_configs("privsep_path",            {description = "Path for privilege separation chroot.", type = "string", default = nil})
+    add_configs("xauth",                   {description = "Specify path to xauth program.", type = "string", default = nil})
+    add_configs("maildir",                 {description = "Specify your system mail directory.", type = "string", default = nil})
+    add_configs("shadow",                  {description = "Enable shadow password support.", type = "boolean", default = nil})
+    add_configs("ipaddr_display",          {description = "Use ip address instead of hostname in $DISPLAY.", type = "boolean", default = nil})
+    add_configs("default_path",            {description = "Specify default $PATH environment for server.", type = "string", default = nil})
+    add_configs("superuser_path",          {description = "Specify different path for super-user.", type = "string", default = nil})
+    add_configs("ip4in6",                  {description = "Check for and convert IPv4 in IPv6 mapped addresses.", type = "boolean", default = nil})
+    add_configs("bsd_auth",                {description = "Enable BSD auth support.", type = "boolean", default = nil})
+    add_configs("pid_dir",                 {description = "Specify location of sshd.pid file.", type = "string", default = nil})
+    add_configs("lastlog_dir",             {description = "Specify lastlog location common locations.", type = "string", default = nil})
+
+    on_load(function (package)
+        if package:is_plat("msys") then
+            package:add("deps", "autotools")
+
+            -- patches from: https://github.com/msys2/MSYS2-packages/tree/master/openssh
+            package:add("patches", "*", "patches/8.9p1/msys2-drive-name-in-path.patch", "903b3eee51e492a125cab9c724ad967450307d53e457f025e4432b81cb145af5")
+            package:add("patches", "*", "patches/8.9p1/msys2-setkey.patch", "24dacf56b359f9fef584fbf50e7d7993e73bac52dbe8a0ff5e5f13071a22bb42")
+            package:add("patches", "*", "patches/8.9p1/msys2.patch", "3fb221882d0cb8554c641a4c7a6684badc98329a8a17dbc42e64594037e5d128")
+        end
+
+        local libcrypto = package:config("libcrypto")
+        if libcrypto ~= "builtin" then
+            package:add("deps", libcrypto)
+        end
+
+        if package:config("zlib") then
+            package:add("deps", "zlib")
+        end
+
+        if package:config("kerberos5") then
+            package:add("deps", "krb5")
+        end
+
+        if package:config("privsep_path") == nil then
+            package:config_set("privsep_path", package:installdir("var/empty"):gsub("\\", "/"))
+        end
+    end)
+
+    -- about msys2 support:
+    -- @see https://github.com/xmake-io/xmake-repo/pull/8092#discussion_r2342822821
+    on_install("@linux", "@bsd", "@macosx", "@cygwin", function (package)
+        import("package.tools.autoconf")
+
+        local configs = {}
+        local ldflags = {}
+
+        local features_enabled_by_default = {
+            "largefile", "pkcs11", "security-key", "strip", "etc-default-login", "fd-passing",
+            "lastlog", "utmp", "utmpx", "wtmp", "wtmpx", "libutil", "pututline", "pututxline",
+        }
+        for _, feature in ipairs(features_enabled_by_default) do
+            if not package:config(feature:gsub("-", "_")) then
+                table.insert(configs, "--disable-" .. feature)
+            end
+        end
+        
+        local packages_boolean = {
+            "stackprotect", "hardening", "retpoline", "linux-memlock-onfault",
+            "pie", "security-key-builtin","security-key-standalone", "ssl-engine",
+            "pam", "selinux", "shadow", "ipaddr-display", "bsd-auth"
+        }
+        local packages_string = {
+            "prngd-socket", "pam-service", "privsep-user",
+            "sandbox", "privsep-path", "xauth", "default-path", 
+            "superuser-path", "pid-dir"
+        }
+        for _, package_boolean in ipairs(packages_boolean) do
+            local value = package:config(package_boolean:gsub("-", "_"))
+            if value ~= nil then
+                table.insert(configs, ("--with-%s=%s"):format(package_boolean, value and "yes" or "no"))
+            end
+        end
+        for _, package_string in ipairs(packages_string) do
+            local value = package:config(package_string:gsub("-", "_"))
+            if value ~= nil then
+                table.insert(configs, ("--with-%s=%s"):format(package_string, value))
+            end
+        end
+
+        local libcrypto = package:config("libcrypto")
+        if libcrypto == "builtin" then
+            table.insert(configs, "--without-openssl")
+        else
+            table.insert(configs, ("--with-ssl-dir=%s"):format(package:dep(libcrypto):installdir():gsub("\\", "/")))
+        end
+
+        if package:config("zlib") then
+            table.insert(configs, ("--with-zlib=%s"):format(package:dep("zlib"):installdir():gsub("\\", "/")))
+        end
+
+        if package:config("kerberos5") then
+            table.insert(configs, ("--with-kerberos5=%s"):format(package:dep("krb5"):installdir():gsub("\\", "/")))
+        end
+
+        if package:config("ip4in6") then
+            table.insert(configs, "--with-4in6")
+        end
+        if package:config("prngd_port") then
+            table.insert(configs, "--with-prngd-port=" .. tostring(package:config("prngd_port")))
+        end
+        if package:config("lastlog_dir") then
+            table.insert(configs, "--with-lastlog=" .. package:config("lastlog"))
+        end
+        
+        -- fix 'working libcrypto not found' problem.
+        if package:config("libcrypto"):startswith("openssl") and package:is_plat("bsd") then
+            table.insert(ldflags, "-pthread")
+        end
+
+        local envs = autoconf.buildenvs(package, {ldflags = ldflags})
+
+        -- @see https://github.com/msys2/MSYS2-packages/blob/master/openssh/PKGBUILD
+        if package:is_plat("msys") then
+            os.rm("configure")
+            envs.MSYSTEM = "CYGWIN"
+            envs.ac_cv_func_setproctitle = "no"
+            table.insert(configs, "--build=" .. os.getenv("MINGW_CHOST"))
+        end
+
+        autoconf.install(package, configs, {envs = envs})
+    end)
+
+    on_test(function (package)
+        local suffix = is_host("windows") and ".exe" or ""
+        assert(os.isexec(package:installdir("sbin/sshd" .. suffix)), "sshd not found!")
+    end)

scripts/test.lua

@@ -294,7 +294,8 @@ function _lock_packages(packages)
         "systemd",
         "libxcrypt",
         "libselinux",
-        "openssh",
+        "libxls",
+        "hashcat"
     }
     for _, package in ipairs(packages) do
         if table.contains(locked_packages, package) then