path: root/PKGBUILD

# Maintainer: jc_gargma <jc_gargma@iserlohn-fortress.net>
# Maintainer (Arch): Levente Polyak <anthraxx[at]archlinux[dot]org>
# Maintainer (Arch): Giancarlo Razzolini <grazzolini@archlinux.org>
# Contributor (Arch): Gaetan Bisson <bisson@archlinux.org>
# Contributor (Arch): Aaron Griffin <aaron@archlinux.org>
# Contributor (Arch): judd <jvinet@zeroflux.org>

# # I maintain this because:
# Artix version lacks additional optimization and hardening flags
# Arch version lacks openrc support

pkgname=openssh
pkgver=9.3p2
pkgrel=1
pkgdesc="SSH protocol implementation for remote login, command execution and file transfer"
arch=('x86_64')
url='https://www.openssh.com/portable.html'
license=('custom:BSD')
depends=(
  'glibc'
  'krb5' 'libkrb5.so' 'libgssapi_krb5.so'
  'ldns'
  'libedit'
  'libxcrypt' 'libcrypt.so'
  'openssl'
  'pam' 'libpam.so'
  'zlib'
)
makedepends=('libfido2' 'linux-headers')
optdepends=(
  'libfido2: FIDO/U2F support'
  'x11-ssh-askpass: input passphrase in X'
  'xorg-xauth: X11 forwarding'
)
backup=(
  'etc/pam.d/sshd'
  'etc/ssh/ssh_config'
  'etc/ssh/sshd_config'
)
# # For some reason this breaks compiling. "error: C compiler cannot create executables"
# # But old-fashioned raw injection of -flto=auto via export doesn't.
#options=('lto')
#options=('debug')
source=(
  "https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/${pkgname}-${pkgver}.tar.gz"{,.asc}
  "$pkgname-9.0p1-sshd_config.patch"
  'sshd.conf'
  'sshd.pam'
)
sha256sums=('200ebe147f6cb3f101fd0cdf9e02442af7ddca298dffd9f456878e7ccac676e8'
            'SKIP'
            '27e43dfd1506c8a821ec8186bae65f2dc43ca038616d6de59f322bd14aa9d07f'
            '4effac1186cc62617f44385415103021f72f674f8b8e26447fc1139c670090f6'
            '64576021515c0a98b0aaf0a0ae02e0f5ebe8ee525b1e647ab68f369f81ecd846')
b2sums=('38f8d4ada263112b318fafccabf0a33a004d8290a867434004eb3d37127c9bdabe6e0225fca9d6d68fb54338fec81dcc9313ca7c91d3a033311db44174dc9f6f'
        'SKIP'
        '29e1a1c2744e0234830c6f93a46338ea8dc943370e20a24883d207d611025e54643da678f2826050c073a36be48dfdc7329d4cfb144c2ff90607a5f10f73dc59'
        '27571f728c3c10834a81652f3917188436474b588f8b047462e44b6c7a424f60d06ce8cb74839b691870177d7261592207d7f35d4ae6c79af87d6a7ea156d395'
        '557d015bca7008ce824111f235da67b7e0051a693aaab666e97b78e753ed7928b72274af03d7fde12033986b733d5f996faf2a4feb6ecf53f39accae31334930')
validpgpkeys=('7168B983815A5EEF59A4ADFD2A3F414E736060BA')  # Damien Miller <djm@mindrot.org>
# https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/RELEASE_KEY.asc

prepare() {
  patch -Np1 -d "$pkgname-$pkgver" -i ../$pkgname-9.0p1-sshd_config.patch
}

build() {
  local configure_options=(
    --prefix=/usr
    --sbindir=/usr/bin
    --libexecdir=/usr/lib/ssh
    --sysconfdir=/etc/ssh
    --disable-strip
    --with-ldns
    --with-libedit
    --with-security-key-builtin
    --with-ssl-engine
    --with-pam
    --with-privsep-user=nobody
    --with-kerberos5=/usr
    --with-xauth=/usr/bin/xauth
    --with-pid-dir=/run
    --with-default-path='/usr/local/sbin:/usr/local/bin:/usr/bin'
  )

  cd "${pkgname}-${pkgver}"

  # -fPIE causes test errors
  export CFLAGS="$CFLAGS -O3 -fstack-protector-all -flto=auto -fPIC"
  export CXXFLAGS="$CXXFLAGS -O3 -fstack-protector-all -flto=auto -fPIC"
  #export LDFLAGS="$LDFLAGS,-pie"

  ./configure "${configure_options[@]}"
  make
}

check() {
  cd "${pkgname}-${pkgver}"

  # NOTE: make t-exec does not work in our build environment
  make file-tests interop-tests unit
}

package() {
  cd "${pkgname}-${pkgver}"

  make DESTDIR="${pkgdir}" install

  ln -sf ssh.1.gz "${pkgdir}"/usr/share/man/man1/slogin.1.gz
  install -Dm644 LICENCE -t "${pkgdir}/usr/share/licenses/${pkgname}/"

  install -Dm644 ../sshd.conf -t "${pkgdir}"/usr/lib/tmpfiles.d/
  install -Dm644 ../sshd.pam "${pkgdir}"/etc/pam.d/sshd

  install -Dm755 contrib/findssl.sh -t "${pkgdir}"/usr/bin/
  install -Dm755 contrib/ssh-copy-id -t "${pkgdir}"/usr/bin/
  install -Dm644 contrib/ssh-copy-id.1 -t "${pkgdir}"/usr/share/man/man1/
}