16 # fields enclosed by brackets "[]" replaced with your own identifying |
16 # fields enclosed by brackets "[]" replaced with your own identifying |
17 # information: Portions Copyright [yyyy] [name of copyright owner] |
17 # information: Portions Copyright [yyyy] [name of copyright owner] |
18 # |
18 # |
19 # CDDL HEADER END |
19 # CDDL HEADER END |
20 # |
20 # |
|
21 |
|
22 # |
21 # Copyright (c) 2013, 2016, Oracle and/or its affiliates. All rights reserved. |
23 # Copyright (c) 2013, 2016, Oracle and/or its affiliates. All rights reserved. |
22 # |
24 # |
|
25 BUILD_BITS= 64 |
|
26 COMPILER= gcc |
23 include ../../make-rules/shared-macros.mk |
27 include ../../make-rules/shared-macros.mk |
24 |
28 |
25 COMPONENT_NAME= openssh |
29 COMPONENT_NAME= openssh |
26 COMPONENT_VERSION= 7.1p2 |
30 COMPONENT_VERSION= 7.1p2 |
27 HUMAN_VERSION= $(COMPONENT_VERSION) |
31 HUMAN_VERSION= $(COMPONENT_VERSION) |
28 COMPONENT_SRC= $(COMPONENT_NAME)-$(COMPONENT_VERSION) |
|
29 |
32 |
30 # Version for IPS. The encoding rules are: |
33 # Version for IPS. The encoding rules are: |
31 # OpenSSH <x>.<y>p<n> => IPS <x>.<y>.0.<n> |
34 # OpenSSH <x>.<y>p<n> => IPS <x>.<y>.0.<n> |
32 # OpenSSH <x>.<y>.<z>p<n> => IPS <x>.<y>.<z>.<n> |
35 # OpenSSH <x>.<y>.<z>p<n> => IPS <x>.<y>.<z>.<n> |
33 IPS_COMPONENT_VERSION= 7.1.0.2 |
36 IPS_COMPONENT_VERSION= 7.1.0.2 |
34 |
37 |
35 COMPONENT_PROJECT_URL= http://www.openssh.org/ |
38 COMPONENT_PROJECT_URL= http://www.openssh.org/ |
36 COMPONENT_ARCHIVE= $(COMPONENT_SRC).tar.gz |
|
37 COMPONENT_ARCHIVE_HASH= sha256:dd75f024dcf21e06a0d6421d582690bf987a1f6323e32ad6619392f3bfde6bbd |
39 COMPONENT_ARCHIVE_HASH= sha256:dd75f024dcf21e06a0d6421d582690bf987a1f6323e32ad6619392f3bfde6bbd |
38 COMPONENT_ARCHIVE_URL= http://mirror.team-cymru.org/pub/OpenBSD/OpenSSH/portable/$(COMPONENT_ARCHIVE) |
40 COMPONENT_ARCHIVE_URL= http://mirror.team-cymru.org/pub/OpenBSD/OpenSSH/portable/$(COMPONENT_ARCHIVE) |
39 COMPONENT_BUGDB=utility/openssh |
|
40 |
41 |
41 TPNO_OPENSSH= 26419 |
42 TPNO_OPENSSH= 26419 |
42 TPNO_GSSKEX= 20377 |
43 TPNO_GSSKEX= 20377 |
43 |
44 |
44 include $(WS_MAKE_RULES)/prep.mk |
45 # Because of set up requirements, test suite is in stc gate. |
45 include $(WS_MAKE_RULES)/configure.mk |
46 TEST_TARGET= $(SKIP_TEST) |
46 |
47 |
47 # 11.3 has conflicts with ON's SunSSH package, which had not yet added |
48 # 11.3 has conflicts with ON's SunSSH package, which had not yet added |
48 # mediated links, thus cannot be updated to. |
49 # mediated links, thus cannot be updated to. |
49 ifeq ($(BUILD_TYPE), evaluation) |
50 ifeq ($(BUILD_TYPE), evaluation) |
50 BUILD_64= |
51 BUILD_64= |
51 INSTALL_64= |
52 INSTALL_64= |
52 PUBLISH_STAMP= |
53 PUBLISH_STAMP= |
53 endif |
54 endif |
54 |
55 |
55 include $(WS_MAKE_RULES)/ips.mk |
56 include $(WS_MAKE_RULES)/common.mk |
56 |
|
57 # Enable ASLR for this component |
|
58 ASLR_MODE = $(ASLR_ENABLE) |
|
59 |
|
60 COMPILER= gcc |
|
61 |
57 |
62 CFLAGS += -DSET_USE_PAM |
58 CFLAGS += -DSET_USE_PAM |
63 CFLAGS += -DDEPRECATE_SUNSSH_OPT |
59 CFLAGS += -DDEPRECATE_SUNSSH_OPT |
64 CFLAGS += -DKRB5_BUILD_FIX |
60 CFLAGS += -DKRB5_BUILD_FIX |
65 CFLAGS += -DDTRACE_SFTP |
61 CFLAGS += -DDTRACE_SFTP |
70 CFLAGS += -DWITHOUT_ED25519 |
66 CFLAGS += -DWITHOUT_ED25519 |
71 CFLAGS += -DPER_SESSION_XAUTHFILE |
67 CFLAGS += -DPER_SESSION_XAUTHFILE |
72 CFLAGS += -DWITHOUT_CAST128 |
68 CFLAGS += -DWITHOUT_CAST128 |
73 CFLAGS += -DENABLE_OPENSSL_FIPS |
69 CFLAGS += -DENABLE_OPENSSL_FIPS |
74 |
70 |
75 CONFIGURE_OPTIONS += CFLAGS="$(CFLAGS)" |
|
76 |
|
77 # We need to disable lazyloading of dynamic dependent libraries. During the |
71 # We need to disable lazyloading of dynamic dependent libraries. During the |
78 # pre-authentication phase, sshd will chroot to /var/empty which doesn't |
72 # pre-authentication phase, sshd will chroot to /var/empty which doesn't |
79 # contain any files. If we use lazyloading, sshd will fail to find any |
73 # contain any files. If we use lazyloading, sshd will fail to find any |
80 # libraries that it needs. |
74 # libraries that it needs. |
81 LDFLAGS += -B direct -z nolazyload |
75 LDFLAGS += $(LD_B_DIRECT) -z nolazyload |
82 |
76 |
83 # Enable nxheap and nxstack security extensions |
77 # Enable nxheap and nxstack security extensions |
84 LDFLAGS += -z nxheap=enable -z nxstack=enable |
78 LDFLAGS += -z nxheap=enable -z nxstack=enable |
85 |
79 |
86 # Just $(BUILD_64) option was not propogating the 64 bit flags to all the |
80 # Fix 64-bit linking via compiler. |
87 # necessary places. Hence the -m64 option is added to LDFLAGS for |
81 LDFLAGS += $(CC_BITS) |
88 # CONFIGURE_OPTIONS.64. |
|
89 CONFIGURE_OPTIONS.64 += LDFLAGS="$(LDFLAGS) -m64" |
|
90 |
82 |
91 CONFIGURE_OPTIONS += --with-audit=solaris |
83 CONFIGURE_OPTIONS += --with-audit=solaris |
92 CONFIGURE_OPTIONS += --with-libedit |
84 CONFIGURE_OPTIONS += --with-libedit |
93 CONFIGURE_OPTIONS += --with-kerberos5 |
85 CONFIGURE_OPTIONS += --with-kerberos5 |
94 CONFIGURE_OPTIONS += --with-pam |
86 CONFIGURE_OPTIONS += --with-pam |
95 CONFIGURE_OPTIONS += --with-sandbox=no |
87 CONFIGURE_OPTIONS += --with-sandbox=no |
96 CONFIGURE_OPTIONS += --with-solaris-contracts |
88 CONFIGURE_OPTIONS += --with-solaris-contracts |
97 CONFIGURE_OPTIONS += --with-tcp-wrappers |
89 CONFIGURE_OPTIONS += --with-tcp-wrappers |
98 CONFIGURE_OPTIONS += --with-4in6 |
90 CONFIGURE_OPTIONS += --with-4in6 |
99 CONFIGURE_OPTIONS += --with-xauth=/usr/bin/xauth |
91 CONFIGURE_OPTIONS += --with-xauth=$(USRBINDIR)/xauth |
100 CONFIGURE_OPTIONS += --enable-strip=no |
92 CONFIGURE_OPTIONS += --disable-strip |
101 CONFIGURE_OPTIONS += --without-rpath |
93 CONFIGURE_OPTIONS += --without-rpath |
102 CONFIGURE_OPTIONS += --libexecdir=/usr/lib/ssh |
94 CONFIGURE_OPTIONS += --libexecdir=$(USRLIBDIR)/ssh |
103 CONFIGURE_OPTIONS += --sbindir=/usr/lib/ssh |
95 CONFIGURE_OPTIONS += --sbindir=$(USRLIBDIR)/ssh |
104 CONFIGURE_OPTIONS += --sysconfdir=/etc/ssh |
96 CONFIGURE_OPTIONS += --sysconfdir=$(ETCDIR)/ssh |
105 CONFIGURE_OPTIONS += --bindir=/usr/bin |
|
106 CONFIGURE_OPTIONS += --disable-lastlog |
97 CONFIGURE_OPTIONS += --disable-lastlog |
107 |
98 |
108 # Copy the sftp dtrace provider file and the header file to source directory |
99 # Copy the sftp dtrace provider file and the header file to source directory |
109 COMPONENT_PRE_BUILD_ACTION = \ |
100 COMPONENT_PRE_BUILD_ACTION = \ |
110 ( echo "Copying dtrace sftp files..."; \ |
101 ( echo "Copying dtrace sftp files..."; \ |
112 ) |
103 ) |
113 |
104 |
114 # Copy source files that are not yet part of a patch |
105 # Copy source files that are not yet part of a patch |
115 COMPONENT_PREP_ACTION += ($(CP) sources/*.c $(@D)/) |
106 COMPONENT_PREP_ACTION += ($(CP) sources/*.c $(@D)/) |
116 |
107 |
117 # common targets |
|
118 configure: $(CONFIGURE_64) |
|
119 |
|
120 build: $(BUILD_64) |
|
121 |
|
122 install: $(INSTALL_64) |
|
123 |
|
124 # Because of certain set up requirement, the regress test suite is ported to |
|
125 # the STC gate. |
|
126 test: $(NO_TESTS) |
|
127 |
|
128 system-test: $(NO_TESTS) |
|
129 |
|
130 |
|
131 REQUIRED_PACKAGES += library/libedit |
108 REQUIRED_PACKAGES += library/libedit |
132 REQUIRED_PACKAGES += library/security/openssl |
109 REQUIRED_PACKAGES += library/security/openssl |
133 REQUIRED_PACKAGES += library/zlib |
110 REQUIRED_PACKAGES += library/zlib |
134 REQUIRED_PACKAGES += service/security/kerberos-5 |
111 REQUIRED_PACKAGES += service/security/kerberos-5 |
135 REQUIRED_PACKAGES += system/core-os |
112 REQUIRED_PACKAGES += system/core-os |
136 REQUIRED_PACKAGES += system/library |
|
137 REQUIRED_PACKAGES += system/library/gcc/gcc-c-runtime |
113 REQUIRED_PACKAGES += system/library/gcc/gcc-c-runtime |
138 REQUIRED_PACKAGES += system/library/security/gss |
114 REQUIRED_PACKAGES += system/library/security/gss |
139 REQUIRED_PACKAGES += system/network |
115 REQUIRED_PACKAGES += system/network |
140 REQUIRED_PACKAGES += text/groff/groff-core |
116 REQUIRED_PACKAGES += text/groff/groff-core |