255829 |
23-Sep-2013 |
des |
Unbreak the WITHOUT_KERBEROS build and try to reduce the odds of a repeat performance by introducing a script that runs configure with and without Kerberos, diffs the result and generates krb5_config.h, which contains the preprocessor macros that need to be defined in the Kerberos case and undefined otherwise.
Approved by: re (marius)
|
255460 |
10-Sep-2013 |
des |
Clean up the OpenSSH build. It is now possible to build most components as static binaries, if desired. The one exception is sshd, which runs into trouble due to libpam.a's includion of pam_ssh.
Make OpenSSH use LDNS if available. This allows it to verify signed SSHFP records.
Approved by: re (blanket)
|
245527 |
17-Jan-2013 |
bz |
Add a src.conf(5) option to allow users to compile in the "NONE cipher", which, only after authentication, disables crypto, and only for sessions without a terminal.
Submitted by: Jeremy Chadwick (freebsd jdc.parodius.com) PR: bin/163095 MFC after: 10 days
|
176844 |
05-Mar-2008 |
kris |
For users of FreeBSD <= 6.2 we recommend during the x.org 7.x upgrade that they add X11BASE=${LOCALBASE} to /etc/make.conf since X11BASE was hard-wired to the now-wrong location in old releases.
However, both X11BASE and LOCALBASE have moved out of scope of src/ into ports/ now, which causes problems for upgraded users who have old make.conf files still containing the above setting. X11BASE becomes null and we instruct ssh and sshd to look for xauth in /bin/xauth where it is unlikely to be found.
Instead, provide a copy of the default LOCALBASE?=/usr/local setting here.
We also have to deal with the case where the user only overrides LOCALBASE and doesn't set an explicit X11BASE (in ports it will be set implicitly but not here), which will also move the location of xauth.
MFC after: 3 days Reported by: rwatson
|
156813 |
17-Mar-2006 |
ru |
Reimplementation of world/kernel build options. For details, see:
http://lists.freebsd.org/pipermail/freebsd-current/2006-March/061725.html
The src.conf(5) manpage is to follow in a few days.
Brought to you by: imp, jhb, kris, phk, ru (all bugs are mine)
|
153838 |
29-Dec-2005 |
dfr |
Add a new extensible GSS-API layer which can support GSS-API plugins, similar the the Solaris implementation. Repackage the krb5 GSS mechanism as a plugin library for the new implementation. This also includes a comprehensive set of manpages for the GSS-API functions with text mostly taken from the RFC.
Reviewed by: Love Hörnquist Åstrand <lha@it.su.se>, ru (build system), des (openssh parts)
|
119116 |
19-Aug-2003 |
gordon |
Explicitly add libz and libcrypto to LDADD for any ssh utilities missing it. While not strictly required, it unbreaks the cross-build world that is resulting from moving the libraries around.
I have a more permanent solution to this problem in the works, but I asked des for permission to commit this to get the ball rolling. This also makes the ssh build more along the lines of what the openssh-portable and OpenBSD openssh Makefile glue does.
Reviewed by: des
|
117675 |
16-Jul-2003 |
markm |
Very big makeover in the way telnet, telnetd and libtelnet are built.
Previously, there were two copies of telnet; a non-crypto version that lived in the usual places, and a crypto version that lived in crypto/telnet/. The latter was built in a broken manner somewhat akin to other "contribified" sources. This meant that there were 4 telnets competing with each other at build time - KerberosIV, Kerberos5, plain-old-secure and base. KerberosIV is no longer in the running, but the other three took it in turns to jump all over each other during a "make buildworld".
As the crypto issue has been clarified, and crypto _calls_ are not a problem, crypto/telnet has been repo-copied to contrib/telnet, and with this commit, all telnets are now "contribified". The contrib path was chosen to not destroy history in the repository, and differs from other contrib/ entries in that it may be worked on as "normal" BSD code. There is no dangerous crypto in these sources, only a very weak system less strong than enigma(1).
Kerberos5 telnet and Secure telnet are now selected by using the usual macros in /etc/make.conf, and the build process is unsurprising and less treacherous.
|
95509 |
26-Apr-2002 |
ru |
Milestone #1 in cross-arch make releases.
Do not install games and profiled libraries to the ${CHROOTDIR} with the initial installworld.
Eliminate the need in the second installworld. For that, make sure _everything_ is built in the "world" environment, using the right tool chain.
Added SUBDIR_OVERRIDE helper stuff to Makefile.inc1. Split the buildworld process into stages, and skip some stages when SUBDIR_OVERRIDE is set (used to build crypto, krb4, and krb5 dists).
Added NO_MAKEDB_RUN knob to Makefile.inc1 to avoid running makewhatis(1) at the end of installworld (used when making crypto, krb4, and krb5 dists).
In release/scripts/doFS.sh, ensure that the correct boot blocks are used.
Moved the creation of the "crypto" dist from release.5 to release.2.
In release.3 and doMFSKERN, build kernels in the "world" environment. KERNELS now means "additional" kernels, GENERIC is always built.
Ensure we build crunched binaries in the "world" environment. Obfuscate release/Makefile some more (WMAKEENV) to achieve this.
Inline createBOOTMFS target.
Use already built GENERIC kernel modules to augment mfsfd's /stand/modules. GC doMODULES as such.
Assorted fixes:
Get rid of the "afterdistribute" target by moving the single use of it from sys/Makefile to etc/Makefile's "distribute".
Makefile.inc1: apparently "etc" no longer needs to be last for "distribute" to succeed.
gnu/usr.bin/perl/library/Makefile.inc: do not override the "install" and "distribute" targets, do it the "canonical" way.
release/scripts/{man,cat}pages-make.sh: make sure Perl manpages and catpages appear in the right dists. Note that because Perl does not respect the MANBUILDCAT (and NOMAN), this results in a loss of /usr/share/perl/man/cat* empty directories. This will be fixed soon.
Turn MAKE_KERBEROS4 into a plain boolean variable (if it is set it means "make KerberosIV"), as documented in the make.conf(5) manpage. Most of the userland makefiles did not test it for "YES" anyway.
XXX Should specialized kerberized libpam versions be included into the krb4 and krb5 dists? (libpam.a would be incorrect anyway if both krb4 and krb5 dists were choosen.)
Make sure "games" dist is made before "catpages", otherwise games catpages settle in the wrong dist.
Fast build machine provided by: Igor Kucherenko <kivvy@sunbay.com>
|
89705 |
23-Jan-2002 |
ru |
Add pam_ssh support to the static PAM library, libpam.a:
- Spam /usr/lib some more by making libssh a standard library. - Tweak ${LIBPAM} and ${MINUSLPAM}. - Garbage collect unused libssh_pic.a. - Add fake -lz dependency to secure/ makefiles needed for dynamic linkage with -lssh.
Reviewed by: des, markm Approved by: markm
|
74818 |
26-Mar-2001 |
ru |
secure/ build fixes:
- TELNETOBJDIR is gone. `buildworld' already installs libtelnet.a in ${WORLDTMP}/usr/lib, and we have LIBRARY_PATH pointing there.
- SSHDIR (formerly SSHSRC) is now shared between all SSH modules. New LIBSSH is introduced for libssh.a (an internal static lib). Previously, build without prior `obj' was broken; SSH modules always looked for libssh.a in ${.OBJDIR}. Also, the dependancies on the libssh.a were missing.
- libtelnet/ did not install the crypto version of telnet.h into /usr/include/arpa.
- Removed BINOWN, BINMODE, BINDIR and SRCS with default values.
Reviewed by: markm
- MAN[1-9] -> MAN.
|
68705 |
14-Nov-2000 |
green |
Disable /usr/bin/ssh being setuid root by default. Let the variable ENABLE_SUID_SSH being defined reenable it for those that want it.
This follows discussion favoring the change from September. It is not usually necessary to be setuid root, possibly less safe, and less convenient (cannot use $HOSTALIASES, for example).
Submitted by: jedgar
|
56668 |
27-Jan-2000 |
shin |
another tcp apps IPv6 updates.(should be make world safe) ftp, telnet, ftpd, faithd also telnet related sync with crypto, secure, kerberosIV
Obtained from: KAME project
|
21673 |
14-Jan-1997 |
jkh |
Make the long-awaited change from $Id$ to $FreeBSD$
This will make a number of things easier in the future, as well as (finally!) avoiding the Id-smashing problem which has plagued developers for so long.
Boy, I'm glad we're not using sup anymore. This update would have been insane otherwise.
|