# Contributor: Leonardo Arena <rnalrd@alpinelinux.org>
# Contributor: Valery Kartel <valery.kartel@gmail.com>
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
setvar pkgname = 'openssh'
setvar pkgver = '7.5_p1'
setvar _myver = "${pkgver%_*}${pkgver#*_}"
setvar pkgrel = '5'
setvar pkgdesc = ""Port of OpenBSD's free SSH release""
setvar url = ""http://www.openssh.org/portable.html""
setvar arch = ""all""
setvar license = ""as-is""
setvar options = ""suid""
setvar depends = ""openssh-client openssh-sftp-server openssh-server""
setvar makedepends_build = ""linux-pam-dev""
setvar makedepends_host = ""libressl-dev zlib-dev linux-headers""
setvar makedepends = ""$makedepends_build $makedepends_host""
# Add more packages support here e.g. kerberos
setvar _pkgsupport = """"
test -z $BOOTSTRAP && setvar _pkgsupport = ""pam""
setvar subpackages = ""$pkgname-doc
	$pkgname-keygen
	$pkgname-client
	$pkgname-keysign
	$pkgname-sftp-server:sftp
	$pkgname-server-common:server_common:noarch
	$pkgname-server
	""
for _flavour in $_pkgsupport {
	setvar subpackages = ""$subpackages ${pkgname}-server-$_flavour:_pkg_flavour""
}

setvar source = ""http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/$pkgname-$_myver.tar.gz
	openssh7.4-peaktput.patch
	openssh7.4-dynwindows.patch
	fix-utmp.patch
	bsd-compatible-realpath.patch
	sshd.initd
	sshd.confd
	sftp-interactive.patch
	openssh-7.5p1-sandbox.patch
	""
# secfixes:
#   7.4_p1:
#     - CVE-2016-10009
#     - CVE-2016-10010
#     - CVE-2016-10011
#     - CVE-2016-10012

# HPN patches are from: http://hpnssh.sourceforge.net/

setvar builddir = ""$srcdir"/$pkgname-$_myver"

proc prepare {
	cd $builddir
	default_prepare
	for _flavour in $_pkgsupport {
		cp -R "$srcdir"/$pkgname-$_myver "$srcdir"/$pkgname-${_myver}-$_flavour
	}
}

proc build {
	cd $builddir
	export LD="$CC"
	setvar _configure_vanilla = ""./configure \
		--build=$CBUILD \
		--host=$CHOST \
		--prefix=/usr \
		--sysconfdir=/etc/ssh \
		--libexecdir=/usr/lib/ssh \
		--mandir=/usr/share/man \
		--with-pid-dir=/run \
		--with-mantype=man \
		--with-ldflags='${LDFLAGS}' \
		--disable-lastlog \
		--disable-strip \
		--disable-wtmp \
		--with-privsep-path=/var/empty \
		--with-xauth=/usr/bin/xauth \
		--with-privsep-user=sshd \
		--with-md5-passwords \
		--with-ssl-engine \
		""
	# now we build "vanilla" openssh
	setvar _configure = "$_configure_vanilla"
	for _flavour in $_pkgsupport {
		setvar _configure = ""$_configure --without-$_flavour""
	}
	msg "Building openssh..."
	eval $_configure
	make

	# now we build other openssh-$_flavour
	setvar _configure = "$_configure_vanilla"
	for _flavour in $_pkgsupport {
		cd "$builddir-$_flavour"
		msg "Building openssh with $_flavour support..."
		eval "$_configure --with-$_flavour"
		make
	}
}

proc package {
	cd $builddir
	make DESTDIR="$pkgdir" install
	mkdir -p "$pkgdir"/var/empty
	install -D -m755 "$srcdir"/sshd.initd \
		"$pkgdir"/etc/init.d/sshd
	install -D -m644 "$srcdir"/sshd.confd \
		"$pkgdir"/etc/conf.d/sshd
	install -Dm644 "$builddir"/contrib/ssh-copy-id.1 \
		"$pkgdir"/usr/share/man/man1/ssh-copy-id.1
	sed -i 's/#UseDNS yes/UseDNS no/' "$pkgdir"/etc/ssh/sshd_config
}

proc keygen {
	setvar pkgdesc = ""ssh helper program for generating keys""
	setvar depends = ''
	install -d "$subpkgdir"/usr/bin
	mv "$pkgdir"/usr/bin/ssh-keygen \
		"$subpkgdir"/usr/bin/
}

proc client {
	setvar pkgdesc = ""OpenBSD's SSH client""
	setvar depends = ""openssh-keygen""
	install -d "$subpkgdir"/usr/bin \
		"$subpkgdir"/usr/lib/ssh \
		"$subpkgdir"/etc/ssh \
		"$subpkgdir"/var/empty

	mv "$pkgdir"/usr/bin/* \
		"$subpkgdir"/usr/bin/
	mv "$pkgdir"/etc/ssh/ssh_config \
		"$pkgdir"/etc/ssh/moduli \
		"$subpkgdir"/etc/ssh/
	install -Dm755 "$builddir"/contrib/findssl.sh \
		"$subpkgdir"/usr/bin/findssl.sh
	install -Dm755 "$builddir"/contrib/ssh-copy-id \
		"$subpkgdir"/usr/bin/ssh-copy-id
	install -Dm755	"$builddir"/ssh-pkcs11-helper \
		"$subpkgdir"/usr/bin/ssh-pkcs11-helper
}

proc keysign {
	setvar pkgdesc = ""ssh helper program for host-based authentication""
	setvar depends = ""openssh-client""
	install -d "$subpkgdir"/usr/lib/ssh
	mv "$pkgdir"/usr/lib/ssh/ssh-keysign \
		"$subpkgdir"/usr/lib/ssh/
}

proc sftp {
	setvar pkgdesc = ""ssh sftp server module""
	setvar depends = """"
	install -d "$subpkgdir"/usr/lib/ssh
	mv "$pkgdir"/usr/lib/ssh/sftp-server \
		"$subpkgdir"/usr/lib/ssh/
}

proc server_common {
	setvar pkgdesc = ""OpenSSH server configuration files""
	setvar depends = """"
	for i in etc/ssh/sshd_config \
		etc/init.d/sshd \
		etc/conf.d/sshd {

		install -d "$subpkgdir"/${i%/*}
		mv "$pkgdir"/$i \
			"$subpkgdir"/${i%/*}/

	}
}

proc server {
	setvar pkgdesc = ""OpenSSH server""
	setvar depends = ""openssh-keygen openssh-server-common""
	cd $builddir
	install -d "$subpkgdir"/usr/sbin
	mv "$pkgdir"/usr/sbin/sshd "$subpkgdir"/usr/sbin/
}

proc _server {
	cd $builddir
	install -d "$subpkgdir"/usr/sbin
	mv "$1"/sshd "$subpkgdir"/usr/sbin/
}

proc _pkg_flavour {
	setvar pkgdesc = ""OpenSSH server with $_flavour support""
	setvar depends = ""openssh-keygen openssh-server-common""
	for _flavour in $_pkgsupport {
		cd "${builddir}"-$_flavour
		_server "${builddir}"-$_flavour
	}
}

setvar sha512sums = ""58c542e8a110fb4316a68db94abb663fa1c810becd0638d45281df8aeca62c1f705090437a80e788e6c29121769b72a505feced537d3118c933fde01b5285c81  openssh-7.5p1.tar.gz
398096a89aa104abeff31aa043ac406a6348e0fdd4d313b7888ee0b931d38fd71fc21bceee46145e88f03bc27e00890e068442faee2d33f86cfbc04d58ffa4b6  openssh7.4-peaktput.patch
b9d736eae9b43de91fa3eb277ba8abc6290a8436b0fb00ae3b0f1b2eabba9983e4d2a1e3c68f5514247d0a3f120037f0795fd88fbf302aabd2d1b54a325a04ee  openssh7.4-dynwindows.patch
f35fffcd26635249ce5d820e7b3e406e586f2d2d7f6a045f221e2f9fb53aebc1ab1dd1e603b3389462296ed77921a1d08456e7aaa3825cbed08f405b381a58e1  fix-utmp.patch
f2b8daa537ea3f32754a4485492cc6eb3f40133ed46c0a5a29a89e4bcf8583d82d891d94bf2e5eb1c916fa68ec094abf4e6cd641e9737a6c05053808012b3a73  bsd-compatible-realpath.patch
394a420a36880bb0dd37dfd8727cea91fd9de6534050169e21212a46513ef3aaafe2752c338699b3d4ccd14871b26cf01a152df8060cd37f86ce0665fd53c63f  sshd.initd
ce0abddbd2004891f88efd8522c4b37a4989290269fab339c0fa9aacc051f7fd3b20813e192e92e0e64315750041cb74012d4321260f4865ff69d7a935b259d4  sshd.confd
c1d09c65dbc347f0904edc30f91aa9a24b0baee50309536182455b544f1e3f85a8cecfa959e32be8b101d8282ef06dde3febbbc3f315489339dcf04155c859a9  sftp-interactive.patch
15c5478bcae56c019a2fbd82ec04808537fd4ba1f1ba4a0a88c0343c16c698c45dbfac59eebc3fcfd3c15b302ebec43e60ffa02442a6c77673b14818ad3f7b60  openssh-7.5p1-sandbox.patch""