diff --git a/secure/Makefile.inc b/secure/Makefile.inc index 6c298be0223f..5de6eed37faf 100644 --- a/secure/Makefile.inc +++ b/secure/Makefile.inc @@ -1,15 +1,9 @@ # $FreeBSD$ -.include - .if exists(${.CURDIR:H:H}/lib/libcrypt/obj) CRYPTOBJDIR= ${.CURDIR:H:H}/lib/libcrypt/obj .else CRYPTOBJDIR= ${.CURDIR:H:H}/lib/libcrypt .endif -.if ${MK_OPENSSH} != "no" -SSHDIR= ${SRCTOP}/crypto/openssh -.endif - WARNS?= 0 diff --git a/secure/lib/libssh/Makefile b/secure/lib/libssh/Makefile index 49b5319d2b54..f6ea5c211a03 100644 --- a/secure/lib/libssh/Makefile +++ b/secure/lib/libssh/Makefile @@ -1,71 +1,69 @@ # $FreeBSD$ .include +.include "${SRCTOP}/secure/ssh.mk" LIB= ssh PRIVATELIB= true SHLIB_MAJOR= 5 SRCS= ssh_api.c ssherr.c \ sshbuf.c sshkey.c sshbuf-getput-basic.c \ sshbuf-misc.c sshbuf-getput-crypto.c krl.c bitmap.c SRCS+= authfd.c authfile.c \ canohost.c channels.c cipher.c cipher-aes.c cipher-aesctr.c \ cipher-ctr.c cleanup.c \ compat.c fatal.c hostfile.c \ log.c match.c moduli.c nchan.c packet.c \ readpass.c ttymodes.c xmalloc.c addr.c addrmatch.c \ atomicio.c dispatch.c mac.c misc.c utf8.c \ monitor_fdpass.c rijndael.c ssh-dss.c ssh-ecdsa.c ssh-ecdsa-sk.c \ ssh-ed25519-sk.c ssh-rsa.c dh.c \ msg.c progressmeter.c dns.c entropy.c umac.c umac128.c \ ssh-pkcs11.c smult_curve25519_ref.c \ poly1305.c chacha.c cipher-chachapoly.c cipher-chachapoly-libcrypto.c \ ssh-ed25519.c digest-openssl.c digest-libc.c \ hmac.c sc25519.c ge25519.c fe25519.c ed25519.c verify.c hash.c \ kex.c kexdh.c kexgex.c kexecdh.c kexc25519.c \ kexgexc.c kexgexs.c \ kexsntrup761x25519.c sntrup761.c kexgen.c \ sftp-realpath.c platform-pledge.c platform-tracing.c platform-misc.c \ sshbuf-io.c SRCS+= ssh-sk-client.c PACKAGE= ssh # gss-genr.c should be in $SRCS but causes linking problems, so it is # compiled directly into sshd instead. # Portability layer SRCS+= bcrypt_pbkdf.c blowfish.c bsd-misc.c bsd-signal.c explicit_bzero.c \ fmt_scaled.c freezero.c glob.c \ libressl-api-compat.c \ openssl-compat.c port-net.c \ recallocarray.c strtonum.c timingsafe_bcmp.c vis.c xcrypt.c .if ${MK_LDNS} == "no" SRCS+= getrrsetbyname.c .else LDNSDIR= ${SRCTOP}/contrib/ldns CFLAGS+= -DHAVE_LDNS=1 -I${LDNSDIR} SRCS+= getrrsetbyname-ldns.c LIBADD+= ldns .endif -CFLAGS+= -I${SSHDIR} -include ssh_namespace.h -SRCS+= ssh_namespace.h - .if ${MK_GSSAPI} != "no" && ${MK_KERBEROS_SUPPORT} != "no" CFLAGS+= -include krb5_config.h SRCS+= krb5_config.h .endif .if defined(LOCALBASE) CFLAGS+= -D_PATH_SSH_ASKPASS_DEFAULT='"${LOCALBASE}/bin/ssh-askpass"' .endif NO_LINT= LIBADD+= crypto crypt z .include .PATH: ${SSHDIR} ${SSHDIR}/openbsd-compat diff --git a/secure/libexec/sftp-server/Makefile b/secure/libexec/sftp-server/Makefile index 24d675e0cf16..97408d332d34 100644 --- a/secure/libexec/sftp-server/Makefile +++ b/secure/libexec/sftp-server/Makefile @@ -1,21 +1,20 @@ # $FreeBSD$ .include +.include "${SRCTOP}/secure/ssh.mk" PROG= sftp-server SRCS= sftp-server.c sftp-common.c sftp-server-main.c MAN= sftp-server.8 -CFLAGS+=-I${SSHDIR} -include ssh_namespace.h -SRCS+= ssh_namespace.h LIBADD= ssh .if ${MK_LDNS} != "no" CFLAGS+= -DHAVE_LDNS=1 #DPADD+= ${LIBLDNS} #LDADD+= -lldns .endif .include .PATH: ${SSHDIR} diff --git a/secure/libexec/ssh-keysign/Makefile b/secure/libexec/ssh-keysign/Makefile index e3fc51c66432..72acf1c2d75e 100644 --- a/secure/libexec/ssh-keysign/Makefile +++ b/secure/libexec/ssh-keysign/Makefile @@ -1,24 +1,23 @@ # $FreeBSD$ .include +.include "${SRCTOP}/secure/ssh.mk" PROG= ssh-keysign SRCS= ssh-keysign.c readconf.c uidswap.c MAN= ssh-keysign.8 -CFLAGS+=-I${SSHDIR} -include ssh_namespace.h -SRCS+= ssh_namespace.h BINMODE=4555 LIBADD= ssh .if ${MK_LDNS} != "no" CFLAGS+= -DHAVE_LDNS=1 #DPADD+= ${LIBLDNS} #LDADD+= -lldns .endif LIBADD+= crypto .include .PATH: ${SSHDIR} diff --git a/secure/libexec/ssh-pkcs11-helper/Makefile b/secure/libexec/ssh-pkcs11-helper/Makefile index 19e114be935d..c4ae4f503197 100644 --- a/secure/libexec/ssh-pkcs11-helper/Makefile +++ b/secure/libexec/ssh-pkcs11-helper/Makefile @@ -1,23 +1,22 @@ # $FreeBSD$ .include +.include "${SRCTOP}/secure/ssh.mk" PROG= ssh-pkcs11-helper SRCS= ssh-pkcs11.c ssh-pkcs11-helper.c MAN= ssh-pkcs11-helper.8 -CFLAGS+=-I${SSHDIR} -include ssh_namespace.h -SRCS+= ssh_namespace.h LIBADD= ssh .if ${MK_LDNS} != "no" CFLAGS+= -DHAVE_LDNS=1 #DPADD+= ${LIBLDNS} #LDADD+= -lldns .endif LIBADD+= crypto .include .PATH: ${SSHDIR} diff --git a/secure/ssh.mk b/secure/ssh.mk new file mode 100644 index 000000000000..4ab8cd399ae8 --- /dev/null +++ b/secure/ssh.mk @@ -0,0 +1,6 @@ +# Common Make variables for OpenSSH + +SSHDIR= ${SRCTOP}/crypto/openssh + +CFLAGS+= -I${SSHDIR} -include ssh_namespace.h +SRCS+= ssh_namespace.h diff --git a/secure/usr.bin/scp/Makefile b/secure/usr.bin/scp/Makefile index a4e55c1bf86b..c071f5198902 100644 --- a/secure/usr.bin/scp/Makefile +++ b/secure/usr.bin/scp/Makefile @@ -1,21 +1,20 @@ # $FreeBSD$ .include +.include "${SRCTOP}/secure/ssh.mk" PROG= scp SRCS= scp.c sftp-common.c sftp-client.c sftp-glob.c progressmeter.c PACKAGE= ssh -CFLAGS+=-I${SSHDIR} -include ssh_namespace.h -SRCS+= ssh_namespace.h LIBADD= ssh .if ${MK_LDNS} != "no" CFLAGS+= -DHAVE_LDNS=1 #DPADD+= ${LIBLDNS} #LDADD+= -lldns .endif .include .PATH: ${SSHDIR} diff --git a/secure/usr.bin/sftp/Makefile b/secure/usr.bin/sftp/Makefile index 249fef233d37..868f7a23bfde 100644 --- a/secure/usr.bin/sftp/Makefile +++ b/secure/usr.bin/sftp/Makefile @@ -1,21 +1,20 @@ # $FreeBSD$ .include +.include "${SRCTOP}/secure/ssh.mk" PROG= sftp SRCS= sftp.c sftp-client.c sftp-common.c sftp-glob.c progressmeter.c PACKAGE= ssh -CFLAGS+=-I${SSHDIR} -include ssh_namespace.h -SRCS+= ssh_namespace.h LIBADD= ssh edit .if ${MK_LDNS} != "no" CFLAGS+= -DHAVE_LDNS=1 #DPADD+= ${LIBLDNS} #LDADD+= -lldns .endif .include .PATH: ${SSHDIR} diff --git a/secure/usr.bin/ssh-add/Makefile b/secure/usr.bin/ssh-add/Makefile index c76e50a4a91a..162ea60a29d0 100644 --- a/secure/usr.bin/ssh-add/Makefile +++ b/secure/usr.bin/ssh-add/Makefile @@ -1,21 +1,20 @@ # $FreeBSD$ .include +.include "${SRCTOP}/secure/ssh.mk" PROG= ssh-add SRCS+= ssh-add.c ssh-sk-client.c PACKAGE= ssh -CFLAGS+=-I${SSHDIR} -include ssh_namespace.h -SRCS+= ssh_namespace.h LIBADD= ssh .if ${MK_LDNS} != "no" CFLAGS+= -DHAVE_LDNS=1 #DPADD+= ${LIBLDNS} #LDADD+= -lldns .endif .include .PATH: ${SSHDIR} diff --git a/secure/usr.bin/ssh-agent/Makefile b/secure/usr.bin/ssh-agent/Makefile index 95ccd05811fe..c8139ec376c3 100644 --- a/secure/usr.bin/ssh-agent/Makefile +++ b/secure/usr.bin/ssh-agent/Makefile @@ -1,27 +1,26 @@ # $FreeBSD$ .include +.include "${SRCTOP}/secure/ssh.mk" PROG= ssh-agent SRCS= ssh-agent.c PACKAGE= ssh -CFLAGS+=-I${SSHDIR} -include ssh_namespace.h -SRCS+= ssh_namespace.h LIBADD= ssh .if ${MK_LDNS} != "no" CFLAGS+= -DHAVE_LDNS=1 #DPADD+= ${LIBLDNS} #LDADD+= -lldns .endif .if defined(LOCALBASE) CFLAGS+= -DDEFAULT_PKCS11_WHITELIST='"/usr/lib*/*,${LOCALBASE}/lib*/*"' .endif LIBADD+= crypto .include .PATH: ${SSHDIR} diff --git a/secure/usr.bin/ssh-keygen/Makefile b/secure/usr.bin/ssh-keygen/Makefile index eec0b23e1b3f..b53b645e8576 100644 --- a/secure/usr.bin/ssh-keygen/Makefile +++ b/secure/usr.bin/ssh-keygen/Makefile @@ -1,22 +1,21 @@ # $FreeBSD$ .include +.include "${SRCTOP}/secure/ssh.mk" PROG= ssh-keygen # XXX ssh-sk-client.c in libssh maybe? SRCS= ssh-keygen.c sshsig.c ssh-sk-client.c PACKAGE= ssh -CFLAGS+=-I${SSHDIR} -include ssh_namespace.h -SRCS+= ssh_namespace.h LIBADD= ssh .if ${MK_LDNS} != "no" CFLAGS+= -DHAVE_LDNS=1 .endif LIBADD+= crypto .include .PATH: ${SSHDIR} diff --git a/secure/usr.bin/ssh-keyscan/Makefile b/secure/usr.bin/ssh-keyscan/Makefile index ade1e4237ff5..130e5f61ec64 100644 --- a/secure/usr.bin/ssh-keyscan/Makefile +++ b/secure/usr.bin/ssh-keyscan/Makefile @@ -1,21 +1,20 @@ # $FreeBSD$ .include +.include "${SRCTOP}/secure/ssh.mk" PROG= ssh-keyscan SRCS= ssh-keyscan.c PACKAGE= ssh -CFLAGS+=-I${SSHDIR} -include ssh_namespace.h -SRCS+= ssh_namespace.h LIBADD= ssh .if ${MK_LDNS} != "no" CFLAGS+= -DHAVE_LDNS=1 #DPADD+= ${LIBLDNS} #LDADD+= -lldns .endif .include .PATH: ${SSHDIR} diff --git a/secure/usr.bin/ssh/Makefile b/secure/usr.bin/ssh/Makefile index 614cc7627fc5..5528aceed5ee 100644 --- a/secure/usr.bin/ssh/Makefile +++ b/secure/usr.bin/ssh/Makefile @@ -1,42 +1,40 @@ # $FreeBSD$ .include +.include "${SRCTOP}/secure/ssh.mk" CONFS= ssh_config CONFSDIR= /etc/ssh PROG= ssh LINKS= ${BINDIR}/ssh ${BINDIR}/slogin MAN= ssh.1 ssh_config.5 MLINKS= ssh.1 slogin.1 PACKAGE= ssh SRCS= ssh.c readconf.c clientloop.c sshtty.c \ sshconnect.c sshconnect2.c mux.c # gss-genr.c really belongs in libssh; see src/secure/lib/libssh/Makefile SRCS+= gss-genr.c -CFLAGS+=-I${SSHDIR} -include ssh_namespace.h -SRCS+= ssh_namespace.h - LIBADD= ssh .if ${MK_LDNS} != "no" CFLAGS+= -DHAVE_LDNS=1 .endif .if ${MK_GSSAPI} != "no" && ${MK_KERBEROS_SUPPORT} != "no" CFLAGS+= -include krb5_config.h SRCS+= krb5_config.h LIBADD+= gssapi .endif LIBADD+= crypto .if defined(LOCALBASE) CFLAGS+= -DXAUTH_PATH=\"${LOCALBASE}/bin/xauth\" .endif .include .PATH: ${SSHDIR} diff --git a/secure/usr.sbin/sshd/Makefile b/secure/usr.sbin/sshd/Makefile index b374e737a139..a34732f868c7 100644 --- a/secure/usr.sbin/sshd/Makefile +++ b/secure/usr.sbin/sshd/Makefile @@ -1,74 +1,73 @@ # $FreeBSD$ .include +.include "${SRCTOP}/secure/ssh.mk" CONFS= moduli sshd_config CONFSDIR= /etc/ssh PROG= sshd SRCS= sshd.c auth-rhosts.c auth-passwd.c \ audit.c audit-bsm.c audit-linux.c platform.c \ sshpty.c sshlogin.c servconf.c serverloop.c \ auth.c auth2.c auth-options.c session.c \ auth2-chall.c groupaccess.c \ auth-bsdauth.c auth2-hostbased.c auth2-kbdint.c \ auth2-none.c auth2-passwd.c auth2-pubkey.c \ monitor.c monitor_wrap.c auth-krb5.c \ auth2-gss.c gss-serv.c gss-serv-krb5.c \ loginrec.c auth-pam.c auth-shadow.c auth-sia.c md5crypt.c \ srclimit.c sftp-server.c sftp-common.c \ sandbox-null.c sandbox-rlimit.c sandbox-systrace.c sandbox-darwin.c \ sandbox-seccomp-filter.c sandbox-capsicum.c sandbox-pledge.c \ sandbox-solaris.c uidswap.c PACKAGE= ssh # gss-genr.c really belongs in libssh; see src/secure/lib/libssh/Makefile SRCS+= gss-genr.c MAN= sshd.8 sshd_config.5 -CFLAGS+=-I${SSHDIR} -include ssh_namespace.h -SRCS+= ssh_namespace.h # Don't rebuild based on moduli.c moduli: .MADE # pam should always happen before ssh here for static linking LIBADD= pam ssh util .if ${MK_LDNS} != "no" CFLAGS+= -DHAVE_LDNS=1 #DPADD+= ${LIBLDNS} #LDADD+= -lldns .endif .if ${MK_AUDIT} != "no" CFLAGS+= -DUSE_BSM_AUDIT=1 -DHAVE_GETAUDIT_ADDR=1 LIBADD+= bsm .endif .if ${MK_BLACKLIST_SUPPORT} != "no" CFLAGS+= -DUSE_BLACKLIST=1 -I${SRCTOP}/contrib/blacklist/include SRCS+= blacklist.c LIBADD+= blacklist LDFLAGS+=-L${LIBBLACKLISTDIR} .endif .if ${MK_GSSAPI} != "no" && ${MK_KERBEROS_SUPPORT} != "no" CFLAGS+= -include krb5_config.h SRCS+= krb5_config.h LIBADD+= gssapi_krb5 gssapi krb5 .endif .if ${MK_TCP_WRAPPERS} != "no" CFLAGS+= -DLIBWRAP=1 LIBADD+= wrap .endif LIBADD+= crypto .if defined(LOCALBASE) CFLAGS+= -DXAUTH_PATH=\"${LOCALBASE}/bin/xauth\" .endif .include .PATH: ${SSHDIR}