xmake
/
xmake-repo
mirrorاز https://github.com/xmake-io/xmake-repo


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173
							package("openssh")
    set_kind("binary")
    set_description("OpenSSH is a complete implementation of the SSH protocol (version 2) for secure remote login, command execution and file transfer.")
    set_license("BSD-2-Clause")

    add_urls("https://cloudflare.cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-$(version).tar.gz",
             "https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-$(version).tar.gz",
             "https://mirror.leaseweb.com/pub/OpenBSD/OpenSSH/portable/openssh-$(version).tar.gz",
             "https://mirrors.aliyun.com/pub/OpenBSD/OpenSSH/portable/openssh-$(version).tar.gz",
             "https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-$(version).tar.gz")
    add_versions("10.0p2", "021a2e709a0edf4250b1256bd5a9e500411a90dddabea830ed59cef90eb9d85c")

    add_configs("libcrypto", {description = "Select a crypto backend.", type = "string", default = "openssl3", values = {"builtin", "libressl", "openssl", "openssl3"}})
    add_configs("zlib",      {description = "Enable compression support.", type = "boolean", default = true})
    add_configs("kerberos5", {description = "Enable Kerberos 5 support.", type = "boolean", default = false})

    add_configs("largefile",         {description = "Enable support for large files.", type = "boolean", default = true})
    add_configs("pkcs11",            {description = "Enable PKCS#11 support.", type = "boolean", default = true})
    add_configs("security_key",      {description = "Enable U2F/FIDO support.", type = "boolean", default = true})
    add_configs("strip",             {description = "Enable calling strip(1) on install.", type = "boolean", default = true})
    add_configs("etc_default_login", {description = "Enable using PATH from /etc/default/login.", type = "boolean", default = true})
    add_configs("fd_passing",        {description = "Enable file descriptor passsing.", type = "boolean", default = true})
    add_configs("lastlog",           {description = "If detected, enable use of lastlog.", type = "boolean", default = true})
    add_configs("utmp",              {description = "If detected, enable use of utmp.", type = "boolean", default = true})
    add_configs("utmpx",             {description = "If detected, enable use of utmpx.", type = "boolean", default = true})
    add_configs("wtmp",              {description = "If detected, enable use of utmpx.", type = "boolean", default = true})
    add_configs("wtmpx",             {description = "If detected, enable use of utmpx.", type = "boolean", default = true})
    add_configs("libutil",           {description = "Enable use of libutil. (login() etc.)", type = "boolean", default = true})
    add_configs("pututline",         {description = "Enable use of pututline() etc. (uwtmp)", type = "boolean", default = true})
    add_configs("pututxline",        {description = "Enable use of pututxline() etc. (uwtmpx)", type = "boolean", default = true})

    add_configs("stackprotect",            {description = "Use compiler's stack protection.", type = "boolean", default = nil})
    add_configs("hardening",               {description = "Use toolchain hardening flags.", type = "boolean", default = nil})
    add_configs("retpoline",               {description = "Enable retpoline spectre mitigation.", type = "boolean", default = nil})
    add_configs("linux_memlock_onfault",   {description = "Enables memory locking on Linux.", type = "boolean", default = nil})
    add_configs("security_key_builtin",    {description = "Include builtin U2F/FIDO support.", type = "boolean", default = nil})
    add_configs("security_key_standalone", {description = "Build standalone sk-libfido2 SecurityKeyProvider.", type = "boolean", default = nil})
    add_configs("ssl_engine",              {description = "Enable OpenSSL (hardware) ENGINE support.", type = "boolean", default = nil})
    add_configs("prngd_port",              {description = "Read entropy from PRNGD/EGD TCP localhost:PORT", type = "number", default = nil})
    add_configs("prngd_socket",            {description = "Read entropy from PRNGD/EGD socket FILE.", type = "string", default = nil})
    add_configs("pam",                     {description = "Enable PAM support.", type = "boolean", default = nil})
    add_configs("pam_service",             {description = "Specify PAM service name.", type = "string", default = nil})
    add_configs("privsep_user",            {description = "Specify non-privileged user for privilege separation.", type = "string", default = nil})
    add_configs("sandbox",                 {description = "Specify privilege separation sandbox.", type = "string", default = nil, values = {"no", "capsicum", "darwin", "rlimit", "seccomp_filter"}})
    add_configs("selinux",                 {description = "Enable SELinux support.", type = "boolean", default = nil})
    add_configs("privsep_path",            {description = "Path for privilege separation chroot.", type = "string", default = nil})
    add_configs("xauth",                   {description = "Specify path to xauth program.", type = "string", default = nil})
    add_configs("maildir",                 {description = "Specify your system mail directory.", type = "string", default = nil})
    add_configs("shadow",                  {description = "Enable shadow password support.", type = "boolean", default = nil})
    add_configs("ipaddr_display",          {description = "Use ip address instead of hostname in $DISPLAY.", type = "boolean", default = nil})
    add_configs("default_path",            {description = "Specify default $PATH environment for server.", type = "string", default = nil})
    add_configs("superuser_path",          {description = "Specify different path for super-user.", type = "string", default = nil})
    add_configs("ip4in6",                  {description = "Check for and convert IPv4 in IPv6 mapped addresses.", type = "boolean", default = nil})
    add_configs("bsd_auth",                {description = "Enable BSD auth support.", type = "boolean", default = nil})
    add_configs("pid_dir",                 {description = "Specify location of sshd.pid file.", type = "string", default = nil})
    add_configs("lastlog_dir",             {description = "Specify lastlog location common locations.", type = "string", default = nil})

    on_load(function (package)
        if package:is_plat("msys") then
            package:add("deps", "autotools")

            -- patches from: https://github.com/msys2/MSYS2-packages/tree/master/openssh
            package:add("patches", "*", "patches/8.9p1/msys2-drive-name-in-path.patch", "903b3eee51e492a125cab9c724ad967450307d53e457f025e4432b81cb145af5")
            package:add("patches", "*", "patches/8.9p1/msys2-setkey.patch", "24dacf56b359f9fef584fbf50e7d7993e73bac52dbe8a0ff5e5f13071a22bb42")
            package:add("patches", "*", "patches/8.9p1/msys2.patch", "3fb221882d0cb8554c641a4c7a6684badc98329a8a17dbc42e64594037e5d128")
        end

        local libcrypto = package:config("libcrypto")
        if libcrypto ~= "builtin" then
            package:add("deps", libcrypto)
        end

        if package:config("zlib") then
            package:add("deps", "zlib")
        end

        if package:config("kerberos5") then
            package:add("deps", "krb5")
        end

        if package:config("privsep_path") == nil then
            package:config_set("privsep_path", package:installdir("var/empty"):gsub("\\", "/"))
        end
    end)

    -- about msys2 support:
    -- @see https://github.com/xmake-io/xmake-repo/pull/8092#discussion_r2342822821
    on_install("@linux", "@bsd", "@macosx", "@cygwin", function (package)
        import("package.tools.autoconf")

        local configs = {}
        local ldflags = {}

        local features_enabled_by_default = {
            "largefile", "pkcs11", "security-key", "strip", "etc-default-login", "fd-passing",
            "lastlog", "utmp", "utmpx", "wtmp", "wtmpx", "libutil", "pututline", "pututxline",
        }
        for _, feature in ipairs(features_enabled_by_default) do
            if not package:config(feature:gsub("-", "_")) then
                table.insert(configs, "--disable-" .. feature)
            end
        end
        
        local packages_boolean = {
            "stackprotect", "hardening", "retpoline", "linux-memlock-onfault",
            "pie", "security-key-builtin","security-key-standalone", "ssl-engine",
            "pam", "selinux", "shadow", "ipaddr-display", "bsd-auth"
        }
        local packages_string = {
            "prngd-socket", "pam-service", "privsep-user",
            "sandbox", "privsep-path", "xauth", "default-path", 
            "superuser-path", "pid-dir"
        }
        for _, package_boolean in ipairs(packages_boolean) do
            local value = package:config(package_boolean:gsub("-", "_"))
            if value ~= nil then
                table.insert(configs, ("--with-%s=%s"):format(package_boolean, value and "yes" or "no"))
            end
        end
        for _, package_string in ipairs(packages_string) do
            local value = package:config(package_string:gsub("-", "_"))
            if value ~= nil then
                table.insert(configs, ("--with-%s=%s"):format(package_string, value))
            end
        end

        local libcrypto = package:config("libcrypto")
        if libcrypto == "builtin" then
            table.insert(configs, "--without-openssl")
        else
            table.insert(configs, ("--with-ssl-dir=%s"):format(package:dep(libcrypto):installdir():gsub("\\", "/")))
        end

        if package:config("zlib") then
            table.insert(configs, ("--with-zlib=%s"):format(package:dep("zlib"):installdir():gsub("\\", "/")))
        end

        if package:config("kerberos5") then
            table.insert(configs, ("--with-kerberos5=%s"):format(package:dep("krb5"):installdir():gsub("\\", "/")))
        end

        if package:config("ip4in6") then
            table.insert(configs, "--with-4in6")
        end
        if package:config("prngd_port") then
            table.insert(configs, "--with-prngd-port=" .. tostring(package:config("prngd_port")))
        end
        if package:config("lastlog_dir") then
            table.insert(configs, "--with-lastlog=" .. package:config("lastlog"))
        end
        
        -- fix 'working libcrypto not found' problem.
        if package:config("libcrypto"):startswith("openssl") and package:is_plat("bsd") then
            table.insert(ldflags, "-pthread")
        end

        local envs = autoconf.buildenvs(package, {ldflags = ldflags})

        -- @see https://github.com/msys2/MSYS2-packages/blob/master/openssh/PKGBUILD
        if package:is_plat("msys") then
            os.rm("configure")
            envs.MSYSTEM = "CYGWIN"
            envs.ac_cv_func_setproctitle = "no"
            table.insert(configs, "--build=" .. os.getenv("MINGW_CHOST"))
        end

        autoconf.install(package, configs, {envs = envs})
    end)

    on_test(function (package)
        local suffix = is_host("windows") and ".exe" or ""
        assert(os.isexec(package:installdir("sbin/sshd" .. suffix)), "sshd not found!")
    end)