kiwi/klara-ports
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Cleanup

Browse Source
This commit is contained in:
Xavier Beaudouin
2025-06-04 15:15:02 +02:00
parent a2e43778b8
commit a181190b3f
49 changed files with 38 additions and 3825 deletions
Download Patch File Download Diff File Expand all files Collapse all files

143
devel/etcd35/Makefile
View File

@ -1,143 +0,0 @@
PORTNAME= etcd
PORTVERSION= 3.5.18
DISTVERSIONPREFIX= v
#PORTREVISION= 25
CATEGORIES= devel
PKGNAMEPREFIX= coreos-
#PKGNAMESUFFIX= 34
MAINTAINER= kiwi@oav.net
COMMENT= Highly-available key value store and service discovery
WWW= https://github.com/coreos/etcd
LICENSE= APACHE20
LICENSE_FILE= ${WRKSRC}/LICENSE
USES= cpe go:1.21,modules
USE_GITHUB= yes
GH_ACCOUNT= coreos
GH_TUPLE= \
beorn7:perks:v1.0.1:beorn7_perks/vendor/github.com/beorn7/perks \
bgentry:speakeasy:v0.1.0:bgentry_speakeasy/vendor/github.com/bgentry/speakeasy \
cenkalti:backoff:v4.2.1:cenkalti_backoff_v4/vendor/github.com/cenkalti/backoff/v4 \
cespare:xxhash:v2.2.0:cespare_xxhash_v2/vendor/github.com/cespare/xxhash/v2 \
cheggaaa:pb:v1.0.28:cheggaaa_pb/vendor/gopkg.in/cheggaaa/pb.v1 \
coreos:go-semver:v0.3.0:coreos_go_semver/vendor/github.com/coreos/go-semver \
coreos:go-systemd:v22.3.2:coreos_go_systemd_v22/vendor/github.com/coreos/go-systemd/v22 \
dustin:go-humanize:v1.0.0:dustin_go_humanize/vendor/github.com/dustin/go-humanize \
etcd-io:bbolt:v1.3.10:etcd_io_bbolt/vendor/go.etcd.io/bbolt \
etcd-io:etcd:v3.6.0-alpha.0:etcd_io_etcd/go.etcd.io/etcd/api/v3 \
etcd-io:etcd:v3.6.0-alpha.0:etcd_io_etcd_11/go.etcd.io/etcd/etcdutl/v3 \
etcd-io:etcd:v3.6.0-alpha.0:etcd_io_etcd_12/go.etcd.io/etcd/pkg/v3 \
etcd-io:etcd:v3.6.0-alpha.0:etcd_io_etcd_14/go.etcd.io/etcd/raft/v3 \
etcd-io:etcd:v3.6.0-alpha.0:etcd_io_etcd_17/go.etcd.io/etcd/server/v3 \
etcd-io:etcd:v3.6.0-alpha.0:etcd_io_etcd_2/go.etcd.io/etcd/client/pkg/v3 \
etcd-io:etcd:v3.6.0-alpha.0:etcd_io_etcd_6/go.etcd.io/etcd/client/v3 \
etcd-io:etcd:v3.6.0-alpha.0:etcd_io_etcd_8/go.etcd.io/etcd/etcdctl/v3 \
etcd-io:etcd:v3.5.15:etcd_io_etcd_10 \
etcd-io:etcd:v3.5.15:etcd_io_etcd_13 \
etcd-io:etcd:v3.5.15:etcd_io_etcd_15 \
etcd-io:etcd:v3.5.15:etcd_io_etcd_16 \
etcd-io:etcd:v3.5.15:etcd_io_etcd_19 \
etcd-io:etcd:v3.5.15:etcd_io_etcd_1 \
etcd-io:etcd:v3.5.15:etcd_io_etcd_3 \
etcd-io:etcd:v3.5.15:etcd_io_etcd_7 \
etcd-io:etcd:v3.5.15:etcd_io_etcd_9 \
etcd-io:etcd:v3.6.0-alpha.0:etcd_io_etcd_4/go.etcd.io/etcd/client/v2 \
go-logr:logr:v1.3.0:go_logr_logr/vendor/github.com/go-logr/logr \
go-logr:stdr:v1.2.2:go_logr_stdr/vendor/github.com/go-logr/stdr \
go-yaml:yaml:v2.4.0:go_yaml_yaml/vendor/gopkg.in/yaml.v2 \
gogo:protobuf:v1.3.2:gogo_protobuf/vendor/github.com/gogo/protobuf \
golang-jwt:jwt:v4.4.2:golang_jwt_jwt_v4/vendor/github.com/golang-jwt/jwt/v4 \
golang:crypto:v0.21.0:golang_crypto/vendor/golang.org/x/crypto \
golang:groupcache:41bb18bfe9da:golang_groupcache/vendor/github.com/golang/groupcache \
golang:net:v0.23.0:golang_net/vendor/golang.org/x/net \
golang:protobuf:v1.5.4:golang_protobuf/vendor/github.com/golang/protobuf \
golang:sys:v0.18.0:golang_sys/vendor/golang.org/x/sys \
golang:text:v0.14.0:golang_text/vendor/golang.org/x/text \
golang:time:f8bda1e9f3ba:golang_time/vendor/golang.org/x/time \
google:btree:v1.0.1:google_btree/vendor/github.com/google/btree \
google:go-genproto:b8732ec3820d:google_go_genproto/vendor/google.golang.org/genproto \
gorilla:websocket:v1.4.2:gorilla_websocket/vendor/github.com/gorilla/websocket \
grpc-ecosystem:go-grpc-middleware:v1.3.0:grpc_ecosystem_go_grpc_middleware/vendor/github.com/grpc-ecosystem/go-grpc-middleware \
grpc-ecosystem:go-grpc-prometheus:v1.2.0:grpc_ecosystem_go_grpc_prometheus/vendor/github.com/grpc-ecosystem/go-grpc-prometheus \
grpc-ecosystem:grpc-gateway:v1.16.0:grpc_ecosystem_grpc_gateway/vendor/github.com/grpc-ecosystem/grpc-gateway \
grpc-ecosystem:grpc-gateway:v2.16.0:grpc_ecosystem_grpc_gateway_v2/vendor/github.com/grpc-ecosystem/grpc-gateway/v2 \
grpc:grpc-go:v1.59.0:grpc_grpc_go/vendor/google.golang.org/grpc \
inconshreveable:mousetrap:v1.0.0:inconshreveable_mousetrap/vendor/github.com/inconshreveable/mousetrap \
jonboulle:clockwork:v0.2.2:jonboulle_clockwork/vendor/github.com/jonboulle/clockwork \
json-iterator:go:v1.1.11:json_iterator_go/vendor/github.com/json-iterator/go \
kubernetes-sigs:yaml:v1.2.0:kubernetes_sigs_yaml/vendor/sigs.k8s.io/yaml \
mattn:go-colorable:v0.1.11:mattn_go_colorable/vendor/github.com/mattn/go-colorable \
mattn:go-runewidth:v0.0.9:mattn_go_runewidth/vendor/github.com/mattn/go-runewidth \
matttproud:golang_protobuf_extensions:v1.0.1:matttproud_golang_protobuf_extensions/vendor/github.com/matttproud/golang_protobuf_extensions \
modern-go:concurrent:bacd9c7ef1dd:modern_go_concurrent/vendor/github.com/modern-go/concurrent \
modern-go:reflect2:v1.0.1:modern_go_reflect2/vendor/github.com/modern-go/reflect2 \
natefinch:lumberjack:v2.0.0:natefinch_lumberjack/vendor/gopkg.in/natefinch/lumberjack.v2 \
olekukonko:tablewriter:v0.0.5:olekukonko_tablewriter/vendor/github.com/olekukonko/tablewriter \
open-telemetry:opentelemetry-go-contrib:instrumentation/google.golang.org/grpc/otelgrpc/v0.46.0:open_telemetry_opentelemetry_go_contrib/vendor/go.opentelemetry.io/contrib \
open-telemetry:opentelemetry-go:v1.20.0:open_telemetry_opentelemetry_go/vendor/go.opentelemetry.io/otel \
open-telemetry:opentelemetry-proto-go:v1.0.0:open_telemetry_opentelemetry_proto_go/vendor/go.opentelemetry.io/proto/otlp \
prometheus:client_golang:v1.11.1:prometheus_client_golang/vendor/github.com/prometheus/client_golang \
prometheus:client_model:v0.2.0:prometheus_client_model/vendor/github.com/prometheus/client_model \
prometheus:common:v0.26.0:prometheus_common/vendor/github.com/prometheus/common \
prometheus:procfs:v0.6.0:prometheus_procfs/vendor/github.com/prometheus/procfs \
protocolbuffers:protobuf-go:v1.33.0:protocolbuffers_protobuf_go/vendor/google.golang.org/protobuf \
sirupsen:logrus:v1.9.3:sirupsen_logrus/vendor/github.com/sirupsen/logrus \
soheilhy:cmux:v0.1.5:soheilhy_cmux/vendor/github.com/soheilhy/cmux \
spf13:cobra:v1.1.3:spf13_cobra/vendor/github.com/spf13/cobra \
spf13:pflag:v1.0.5:spf13_pflag/vendor/github.com/spf13/pflag \
tmc:grpc-websocket-proxy:e5319fda7802:tmc_grpc_websocket_proxy/vendor/github.com/tmc/grpc-websocket-proxy \
uber-go:atomic:v1.7.0:uber_go_atomic/vendor/go.uber.org/atomic \
uber-go:multierr:v1.6.0:uber_go_multierr/vendor/go.uber.org/multierr \
uber-go:zap:v1.17.0:uber_go_zap/vendor/go.uber.org/zap \
xiang90:probing:43a291ad63a2:xiang90_probing/vendor/github.com/xiang90/probing
#etcd-io:etcd:v3.0.0-00010101000000-000000000000:etcd_io_etcd_18/go.etcd.io/etcd/tests/v3 \
#etcd-io:etcd:v2.306.0-alpha.0:etcd_io_etcd_4/go.etcd.io/etcd/client/v2 \
#etcd-io:etcd:v2.305.15:etcd_io_etcd_5 \
GO_PKGNAME= github.com/coreos/etcd
GO_TARGET= ./server ./etcdctl ./etcdutl
CONFLICTS_INSTALL= coreos-etcd[0-9][0-9]
PLIST_FILES= bin/etcd \
bin/etcdctl
PORTDOCS= README.md
OPTIONS_DEFINE= DOCS
DOCS_DESC= Install etcd README file
#pre-patch:
# ${RM} ${WRKSRC}/vendor/modules.txt
# ${RM} -r ${WRKSRC}/vendor/golang.org/x/sys
# ${LN} -s ${WRKDIR}/sys-* ${WRKSRC}/vendor/golang.org/x/sys
post-extract:
${RLN} ${WRKSRC_etcd_io_etcd_1} ${WRKSRC}/api
#${RLN} ${WRKSRC_etcd_io_etcd} ${WRKSRC}/api
${RLN} ${WRKSRC_etcd_io_etcd_3} ${WRKSRC}/client/pkg
#${RLN} ${WRKSRC_etcd_io_etcd_2} ${WRKSRC}/client/pkg
#${RLN} ${WRKSRC_etcd_io_etcd_4} ${WRKSRC}/client/v2
#${RLN} ${WRKSRC_etcd_io_etcd_5} ${WRKSRC}/client/v2
${RLN} ${WRKSRC_etcd_io_etcd_7} ${WRKSRC}/client/v3
#${RLN} ${WRKSRC_etcd_io_etcd_6} ${WRKSRC}/client/v3
${RLN} ${WRKSRC_etcd_io_etcd_9} ${WRKSRC}/etcdctl
#${RLN} ${WRKSRC_etcd_io_etcd_8} ${WRKSRC}/etcdctl
#${RLN} ${WRKSRC_etcd_io_etcd_11} ${WRKSRC}/etcdutl
${RLN} ${WRKSRC_etcd_io_etcd_10} ${WRKSRC}/etcdutl
${RLN} ${WRKSRC_etcd_io_etcd_13} ${WRKSRC}/pkg
#${RLN} ${WRKSRC_etcd_io_etcd_12} ${WRKSRC}/pkg
${RLN} ${WRKSRC_etcd_io_etcd_15} ${WRKSRC}/raft
#${RLN} ${WRKSRC_etcd_io_etcd_14} ${WRKSRC}/raft
${RLN} ${WRKSRC_etcd_io_etcd_16} ${WRKSRC}/server
#${RLN} ${WRKSRC_etcd_io_etcd_17} ${WRKSRC}/server
#${RLN} ${WRKSRC_etcd_io_etcd_18} ${WRKSRC}/tests
${RLN} ${WRKSRC_etcd_io_etcd_19} ${WRKSRC}/tests
do-install-DOCS-on:
${MKDIR} ${STAGEDIR}${DOCSDIR}
${INSTALL_DATA} ${WRKSRC}/README.md ${STAGEDIR}${DOCSDIR}
.include <bsd.port.mk>

153
devel/etcd35/distinfo
View File

@ -1,153 +0,0 @@
TIMESTAMP = 1738341575
SHA256 (coreos-etcd-v3.5.18_GH0.tar.gz) = 8c8890b15c1a19263ab4ee2b374698c1d76c2b31e9b55bdeea47193aa48d8025
SIZE (coreos-etcd-v3.5.18_GH0.tar.gz) = 4128059
SHA256 (beorn7-perks-v1.0.1_GH0.tar.gz) = 98db84bb0224a26094e6adba91b7ee7a1a7ace28cb648d818f8e779e6a19f825
SIZE (beorn7-perks-v1.0.1_GH0.tar.gz) = 10867
SHA256 (bgentry-speakeasy-v0.1.0_GH0.tar.gz) = 863f57f96f77c2b4e5488e34e8df47478e9ffa9920779ca4df2cc3adc0d03252
SIZE (bgentry-speakeasy-v0.1.0_GH0.tar.gz) = 7481
SHA256 (cenkalti-backoff-v4.2.1_GH0.tar.gz) = adb92e0d2ecc3de14f45bea713afb367367bdc89c1af8391b91089ce91ce18f4
SIZE (cenkalti-backoff-v4.2.1_GH0.tar.gz) = 10394
SHA256 (cespare-xxhash-v2.2.0_GH0.tar.gz) = b8c684b9e5e136510913727e6a845b28f8176e55db827b11f17769fba970fe13
SIZE (cespare-xxhash-v2.2.0_GH0.tar.gz) = 12334
SHA256 (cheggaaa-pb-v1.0.28_GH0.tar.gz) = f745c5636d3fb59bffab5f9d2a745a94a9608166c20c90936fc66848a5e816e6
SIZE (cheggaaa-pb-v1.0.28_GH0.tar.gz) = 11788
SHA256 (coreos-go-semver-v0.3.0_GH0.tar.gz) = 1b72134483db366fb43f216727d6bc110086d4450ce0d226960cf4ce823d6eb9
SIZE (coreos-go-semver-v0.3.0_GH0.tar.gz) = 10663
SHA256 (coreos-go-systemd-v22.3.2_GH0.tar.gz) = dbb1a3930d43f49e11c53f2010ab9609e18236f776a99921850cd05f54779438
SIZE (coreos-go-systemd-v22.3.2_GH0.tar.gz) = 72134
SHA256 (dustin-go-humanize-v1.0.0_GH0.tar.gz) = e4540bd50ac855143b4f2e509313079c50cf5d8774f09cc10dbca5ae9803d8ba
SIZE (dustin-go-humanize-v1.0.0_GH0.tar.gz) = 17260
SHA256 (etcd-io-bbolt-v1.3.10_GH0.tar.gz) = 4991a0f2cfb4fd4530c450e3b913cf38fc8566d115c514ecbcef5946a7391400
SIZE (etcd-io-bbolt-v1.3.10_GH0.tar.gz) = 125701
SHA256 (etcd-io-etcd-v3.6.0-alpha.0_GH0.tar.gz) = c101da7821e89ab59f47606b083407462e3ff67fa5d37e161574a1c42b688254
SIZE (etcd-io-etcd-v3.6.0-alpha.0_GH0.tar.gz) = 4161362
SHA256 (etcd-io-etcd-v3.6.0-alpha.0_GH0.tar.gz) = c101da7821e89ab59f47606b083407462e3ff67fa5d37e161574a1c42b688254
SIZE (etcd-io-etcd-v3.6.0-alpha.0_GH0.tar.gz) = 4161362
SHA256 (etcd-io-etcd-v3.6.0-alpha.0_GH0.tar.gz) = c101da7821e89ab59f47606b083407462e3ff67fa5d37e161574a1c42b688254
SIZE (etcd-io-etcd-v3.6.0-alpha.0_GH0.tar.gz) = 4161362
SHA256 (etcd-io-etcd-v3.6.0-alpha.0_GH0.tar.gz) = c101da7821e89ab59f47606b083407462e3ff67fa5d37e161574a1c42b688254
SIZE (etcd-io-etcd-v3.6.0-alpha.0_GH0.tar.gz) = 4161362
SHA256 (etcd-io-etcd-v3.6.0-alpha.0_GH0.tar.gz) = c101da7821e89ab59f47606b083407462e3ff67fa5d37e161574a1c42b688254
SIZE (etcd-io-etcd-v3.6.0-alpha.0_GH0.tar.gz) = 4161362
SHA256 (etcd-io-etcd-v3.6.0-alpha.0_GH0.tar.gz) = c101da7821e89ab59f47606b083407462e3ff67fa5d37e161574a1c42b688254
SIZE (etcd-io-etcd-v3.6.0-alpha.0_GH0.tar.gz) = 4161362
SHA256 (etcd-io-etcd-v3.6.0-alpha.0_GH0.tar.gz) = c101da7821e89ab59f47606b083407462e3ff67fa5d37e161574a1c42b688254
SIZE (etcd-io-etcd-v3.6.0-alpha.0_GH0.tar.gz) = 4161362
SHA256 (etcd-io-etcd-v3.6.0-alpha.0_GH0.tar.gz) = c101da7821e89ab59f47606b083407462e3ff67fa5d37e161574a1c42b688254
SIZE (etcd-io-etcd-v3.6.0-alpha.0_GH0.tar.gz) = 4161362
SHA256 (etcd-io-etcd-v3.5.15_GH0.tar.gz) = bfc9c90f103acd47b0dca2840d4b69af68cb39f22893bef0f4fb5c5351314b84
SIZE (etcd-io-etcd-v3.5.15_GH0.tar.gz) = 4113649
SHA256 (etcd-io-etcd-v3.5.15_GH0.tar.gz) = bfc9c90f103acd47b0dca2840d4b69af68cb39f22893bef0f4fb5c5351314b84
SIZE (etcd-io-etcd-v3.5.15_GH0.tar.gz) = 4113649
SHA256 (etcd-io-etcd-v3.5.15_GH0.tar.gz) = bfc9c90f103acd47b0dca2840d4b69af68cb39f22893bef0f4fb5c5351314b84
SIZE (etcd-io-etcd-v3.5.15_GH0.tar.gz) = 4113649
SHA256 (etcd-io-etcd-v3.5.15_GH0.tar.gz) = bfc9c90f103acd47b0dca2840d4b69af68cb39f22893bef0f4fb5c5351314b84
SIZE (etcd-io-etcd-v3.5.15_GH0.tar.gz) = 4113649
SHA256 (etcd-io-etcd-v3.5.15_GH0.tar.gz) = bfc9c90f103acd47b0dca2840d4b69af68cb39f22893bef0f4fb5c5351314b84
SIZE (etcd-io-etcd-v3.5.15_GH0.tar.gz) = 4113649
SHA256 (etcd-io-etcd-v3.5.15_GH0.tar.gz) = bfc9c90f103acd47b0dca2840d4b69af68cb39f22893bef0f4fb5c5351314b84
SIZE (etcd-io-etcd-v3.5.15_GH0.tar.gz) = 4113649
SHA256 (etcd-io-etcd-v3.5.15_GH0.tar.gz) = bfc9c90f103acd47b0dca2840d4b69af68cb39f22893bef0f4fb5c5351314b84
SIZE (etcd-io-etcd-v3.5.15_GH0.tar.gz) = 4113649
SHA256 (etcd-io-etcd-v3.5.15_GH0.tar.gz) = bfc9c90f103acd47b0dca2840d4b69af68cb39f22893bef0f4fb5c5351314b84
SIZE (etcd-io-etcd-v3.5.15_GH0.tar.gz) = 4113649
SHA256 (etcd-io-etcd-v3.5.15_GH0.tar.gz) = bfc9c90f103acd47b0dca2840d4b69af68cb39f22893bef0f4fb5c5351314b84
SIZE (etcd-io-etcd-v3.5.15_GH0.tar.gz) = 4113649
SHA256 (etcd-io-etcd-v3.6.0-alpha.0_GH0.tar.gz) = c101da7821e89ab59f47606b083407462e3ff67fa5d37e161574a1c42b688254
SIZE (etcd-io-etcd-v3.6.0-alpha.0_GH0.tar.gz) = 4161362
SHA256 (go-logr-logr-v1.3.0_GH0.tar.gz) = a0ceb13b9611e19ebe3cba015e2e6dbbf3125be9cd7f1d975d4d334da688839a
SIZE (go-logr-logr-v1.3.0_GH0.tar.gz) = 51225
SHA256 (go-logr-stdr-v1.2.2_GH0.tar.gz) = 37d975b280d884ca0d55a800bc6e47314b6e86268e56254f9d15d19ca9404eb8
SIZE (go-logr-stdr-v1.2.2_GH0.tar.gz) = 9098
SHA256 (go-yaml-yaml-v2.4.0_GH0.tar.gz) = d8e94679e5fff6bd1a35e10241543929a5f3da44f701755babf99b3daf0faac0
SIZE (go-yaml-yaml-v2.4.0_GH0.tar.gz) = 73209
SHA256 (gogo-protobuf-v1.3.2_GH0.tar.gz) = 2bb4b13d6e56b3911f09b8e9ddd15708477fbff8823c057cc79dd99c9a452b34
SIZE (gogo-protobuf-v1.3.2_GH0.tar.gz) = 2038725
SHA256 (golang-jwt-jwt-v4.4.2_GH0.tar.gz) = 5c48e918854c3fc1c9bbb9ebf747addb960250f977aa8523344f60f4c423c7c1
SIZE (golang-jwt-jwt-v4.4.2_GH0.tar.gz) = 51392
SHA256 (golang-crypto-v0.21.0_GH0.tar.gz) = 4c65ea22c4b0bc7380b4213a294698c517fe3378e0edd30c4d2b6cf7f12fc8bd
SIZE (golang-crypto-v0.21.0_GH0.tar.gz) = 1810887
SHA256 (golang-groupcache-41bb18bfe9da_GH0.tar.gz) = 1e89795970d6593affdafe1d09dcf947681ca1ea82528e8e4fb9974a77f2e394
SIZE (golang-groupcache-41bb18bfe9da_GH0.tar.gz) = 26101
SHA256 (golang-net-v0.23.0_GH0.tar.gz) = 5d1aeb0051277e79fa692947079dc50ddc284dc0403b22c85692b97060ab4953
SIZE (golang-net-v0.23.0_GH0.tar.gz) = 1508997
SHA256 (golang-protobuf-v1.5.4_GH0.tar.gz) = d75e6960ecfabaaa83a7261b1b630d24e9c63aca79615fb15bf33e11b62fd019
SIZE (golang-protobuf-v1.5.4_GH0.tar.gz) = 172992
SHA256 (golang-sys-v0.18.0_GH0.tar.gz) = cee1944ab655ddf7eab6301e15cb6d01fdd6cd0a0f0b5896050ee60b124e084c
SIZE (golang-sys-v0.18.0_GH0.tar.gz) = 1448211
SHA256 (golang-text-v0.14.0_GH0.tar.gz) = c80295e75bda599d17ccf74038139b0957b9915fae4e60d8b46f89454ef171a0
SIZE (golang-text-v0.14.0_GH0.tar.gz) = 8974094
SHA256 (golang-time-f8bda1e9f3ba_GH0.tar.gz) = e068a34e54894c9c189ba2c2e5b7ea9116ed661f6a7c0d0e744d8e0066017ebb
SIZE (golang-time-f8bda1e9f3ba_GH0.tar.gz) = 9656
SHA256 (google-btree-v1.0.1_GH0.tar.gz) = 240723cff7c3c28e8444d45e500e65b2c25df519273260f248786e1a7367a654
SIZE (google-btree-v1.0.1_GH0.tar.gz) = 15381
SHA256 (google-go-genproto-b8732ec3820d_GH0.tar.gz) = b3d7e0e6a90e43230013b4ac375c7d5b5eaa037ef20fbab28567f96da4f765b2
SIZE (google-go-genproto-b8732ec3820d_GH0.tar.gz) = 5916673
SHA256 (gorilla-websocket-v1.4.2_GH0.tar.gz) = 91937a36bc9e0da3c895c73d4cb74b2cdb1aff54ab21b0d0724000e7b5b85b84
SIZE (gorilla-websocket-v1.4.2_GH0.tar.gz) = 54101
SHA256 (grpc-ecosystem-go-grpc-middleware-v1.3.0_GH0.tar.gz) = c9b908202c05a7f821b03ee49cd678e7e71469519054629770e0565d78275cbc
SIZE (grpc-ecosystem-go-grpc-middleware-v1.3.0_GH0.tar.gz) = 103780
SHA256 (grpc-ecosystem-go-grpc-prometheus-v1.2.0_GH0.tar.gz) = eba66530952a126ab869205bdb909af607bfd9eb09f00207b62eb29140258aa9
SIZE (grpc-ecosystem-go-grpc-prometheus-v1.2.0_GH0.tar.gz) = 24760
SHA256 (grpc-ecosystem-grpc-gateway-v1.16.0_GH0.tar.gz) = 20ba8f2aeb4a580109357fffaa42f8400aba1155b95c8845e412287907e64379
SIZE (grpc-ecosystem-grpc-gateway-v1.16.0_GH0.tar.gz) = 521578
SHA256 (grpc-ecosystem-grpc-gateway-v2.16.0_GH0.tar.gz) = f49af0b9a5b260c5a783c30010ba3cca4730abba9246618cbee19070f7a843e7
SIZE (grpc-ecosystem-grpc-gateway-v2.16.0_GH0.tar.gz) = 821213
SHA256 (grpc-grpc-go-v1.59.0_GH0.tar.gz) = 0f951688030fdc9a82accb440222ff068440e59bdc44a82d86150cc4cddf1aed
SIZE (grpc-grpc-go-v1.59.0_GH0.tar.gz) = 2010414
SHA256 (inconshreveable-mousetrap-v1.0.0_GH0.tar.gz) = 5edc7731c819c305623568e317aa253d342be3447def97f1fa9e10eb5ad819f6
SIZE (inconshreveable-mousetrap-v1.0.0_GH0.tar.gz) = 2290
SHA256 (jonboulle-clockwork-v0.2.2_GH0.tar.gz) = 79ac7c0e53dfa48aac0622745f133b2438542f1c11d2c09ec1c98affbd62e1f0
SIZE (jonboulle-clockwork-v0.2.2_GH0.tar.gz) = 9588
SHA256 (json-iterator-go-v1.1.11_GH0.tar.gz) = 19d0d56ac18a052867360b10201bad614c7b31a3edf2041a331c28860920b932
SIZE (json-iterator-go-v1.1.11_GH0.tar.gz) = 84401
SHA256 (kubernetes-sigs-yaml-v1.2.0_GH0.tar.gz) = 80612b8cc63863556906f04df7eca89179bf81e5b3d1133c082bd7e5e35d5514
SIZE (kubernetes-sigs-yaml-v1.2.0_GH0.tar.gz) = 92574
SHA256 (mattn-go-colorable-v0.1.11_GH0.tar.gz) = b88eae3c846d3c9bee375bfb72b535b726755a06d8e972c937820aba45d2f5e0
SIZE (mattn-go-colorable-v0.1.11_GH0.tar.gz) = 9800
SHA256 (mattn-go-runewidth-v0.0.9_GH0.tar.gz) = 4f20a337ad06e071f29535afe9c5207d3e8840c8c86672bbc5f9837c6229c835
SIZE (mattn-go-runewidth-v0.0.9_GH0.tar.gz) = 16714
SHA256 (matttproud-golang_protobuf_extensions-v1.0.1_GH0.tar.gz) = 2def0ee6f6b12b1efc0e3007d89f598608a072610e805c3655ea9d13c3ead49b
SIZE (matttproud-golang_protobuf_extensions-v1.0.1_GH0.tar.gz) = 37184
SHA256 (modern-go-concurrent-bacd9c7ef1dd_GH0.tar.gz) = d673e902118a6ece63198dc7e0961e904d0410f142726df0936ec1a52035a60f
SIZE (modern-go-concurrent-bacd9c7ef1dd_GH0.tar.gz) = 7526
SHA256 (modern-go-reflect2-v1.0.1_GH0.tar.gz) = d24e856d9aa8fd51b9e6c2cdd712a44c8d18cb8b72802f1bd16e0470322363fd
SIZE (modern-go-reflect2-v1.0.1_GH0.tar.gz) = 14394
SHA256 (natefinch-lumberjack-v2.0.0_GH0.tar.gz) = 5817941b45096eb70b8114d7a4bf392ea47c4fe8030ff383ca54c67dfa0617bd
SIZE (natefinch-lumberjack-v2.0.0_GH0.tar.gz) = 12631
SHA256 (olekukonko-tablewriter-v0.0.5_GH0.tar.gz) = 14a1294a8267facc9bc99a230b8871517e6db284ccc7e39030313befa124677f
SIZE (olekukonko-tablewriter-v0.0.5_GH0.tar.gz) = 19568
SHA256 (open-telemetry-opentelemetry-go-contrib-instrumentation-google.golang.org-grpc-otelgrpc-v0.46.0_GH0.tar.gz) = 931da4874869b2790eb317270a5077a2810cf06298b38c3a6be0baec2b12fe2b
SIZE (open-telemetry-opentelemetry-go-contrib-instrumentation-google.golang.org-grpc-otelgrpc-v0.46.0_GH0.tar.gz) = 598954
SHA256 (open-telemetry-opentelemetry-go-v1.20.0_GH0.tar.gz) = c739ba9a4eb74db325acdec5eca5d2c18f789f63e10f1658d8c5e0061700d18a
SIZE (open-telemetry-opentelemetry-go-v1.20.0_GH0.tar.gz) = 1273769
SHA256 (open-telemetry-opentelemetry-proto-go-v1.0.0_GH0.tar.gz) = 543b133a09579ad227b2db21460f71baeeb46e4209c2ac5e5621f4ffe7fb192b
SIZE (open-telemetry-opentelemetry-proto-go-v1.0.0_GH0.tar.gz) = 177183
SHA256 (prometheus-client_golang-v1.11.1_GH0.tar.gz) = edf216320f3e12f5d60e3df52948e73a95b6b3759b45f1970d750016583d052a
SIZE (prometheus-client_golang-v1.11.1_GH0.tar.gz) = 170256
SHA256 (prometheus-client_model-v0.2.0_GH0.tar.gz) = 4ab1be9cdfa702d7f49beeb09a256bcc6a2aad55e8a0a37e7732a46934264e12
SIZE (prometheus-client_model-v0.2.0_GH0.tar.gz) = 10986
SHA256 (prometheus-common-v0.26.0_GH0.tar.gz) = 35cfd6f896655c848042802652394cc9da57ef01437f0d78bffb85a467f62a1b
SIZE (prometheus-common-v0.26.0_GH0.tar.gz) = 116907
SHA256 (prometheus-procfs-v0.6.0_GH0.tar.gz) = 6ad7a23cf4db9fa5dbf2c5d8fbd0fbf5ffe48e3ddb7bf15f9359813d764ce73c
SIZE (prometheus-procfs-v0.6.0_GH0.tar.gz) = 169898
SHA256 (protocolbuffers-protobuf-go-v1.33.0_GH0.tar.gz) = 21661d7634e3f783b015b93ceafc0261f2f02a270799bac871602c3a2172cfbe
SIZE (protocolbuffers-protobuf-go-v1.33.0_GH0.tar.gz) = 1482410
SHA256 (sirupsen-logrus-v1.9.3_GH0.tar.gz) = cfa48a647a28c1f12fb6a9b672bc4d88b6407ff05aedcf23ce939d342646acce
SIZE (sirupsen-logrus-v1.9.3_GH0.tar.gz) = 50320
SHA256 (soheilhy-cmux-v0.1.5_GH0.tar.gz) = 199232ece74332f408a38e4d38e7ca942b3e66ae58074ca95d3f069693e0dca1
SIZE (soheilhy-cmux-v0.1.5_GH0.tar.gz) = 22250
SHA256 (spf13-cobra-v1.1.3_GH0.tar.gz) = e5f93c61e1236e61c7fc45882d2a03b81f46ebebdf70628ebb64b0b5fe34f6fa
SIZE (spf13-cobra-v1.1.3_GH0.tar.gz) = 146580
SHA256 (spf13-pflag-v1.0.5_GH0.tar.gz) = 9a2cae1f8e8ab0d2cc8ebe468e871af28d9ac0962cf0520999e3ba85f0c7b808
SIZE (spf13-pflag-v1.0.5_GH0.tar.gz) = 50796
SHA256 (tmc-grpc-websocket-proxy-e5319fda7802_GH0.tar.gz) = ab27ebe35674bcc777d63bb1d64874310832d857a3eb573192b082f73afde494
SIZE (tmc-grpc-websocket-proxy-e5319fda7802_GH0.tar.gz) = 10031
SHA256 (uber-go-atomic-v1.7.0_GH0.tar.gz) = 4d655e90a23d023b36607e2ce94c3b7bf650d41c81c0faff32432581d9099ad1
SIZE (uber-go-atomic-v1.7.0_GH0.tar.gz) = 18566
SHA256 (uber-go-multierr-v1.6.0_GH0.tar.gz) = f8a139a06fd70bbda0f089274bd723a00c33c5b269a696de4d6a8ab455a22717
SIZE (uber-go-multierr-v1.6.0_GH0.tar.gz) = 12369
SHA256 (uber-go-zap-v1.17.0_GH0.tar.gz) = 9608554d14e846718c5ebe44ab172ce6b748356679c17e144226af94ff232d9a
SIZE (uber-go-zap-v1.17.0_GH0.tar.gz) = 142719
SHA256 (xiang90-probing-43a291ad63a2_GH0.tar.gz) = 576dd87a3b8729fd6f2422664897e285d43254138831aaedfac797813964d255
SIZE (xiang90-probing-43a291ad63a2_GH0.tar.gz) = 3468

11
devel/etcd35/pkg-descr
View File

@ -1,11 +0,0 @@
A highly-available key value store for shared
configuration and service discovery. etcd is
inspired by zookeeper and doozer, with a focus on:
* Simple: curl'able user facing API (HTTP+JSON)
* Secure: optional SSL client cert authentication
* Fast: benchmarked 1000s of writes/s per instance
* Reliable: Properly distributed using Raft
Etcd is written in Go and uses the raft consensus
algorithm to manage a highly-available replicated log.

29
devel/gmake3/Makefile Normal file
View File

@ -0,0 +1,29 @@
PORTNAME= make
DISTVERSION= 3.81
CATEGORIES= devel
MASTER_SITES= GNU
PKGNAMEPREFIX= g
PKGNAMESUFFIX= 3
# note: before committing to this port, contact portmgr to arrange for an
# experimental ports run. Untested commits may be backed out at portmgr's
# discretion.
MAINTAINER= allanjude@FreeBSD.org
COMMENT= Last GPLv2 version of GNU 'make' utility
WWW= https://www.gnu.org/software/make/
LICENSE= GPLv2
LICENSE_FILE= ${WRKSRC}/COPYING
USES= cpe tar:bz2
CPE_VENDOR= gnu
GNU_CONFIGURE= yes
GNU_CONFIGURE_MANPREFIX=${PREFIX}/share
CONFIGURE_ARGS= --program-prefix=g \
--program-suffix=3 \
--disable-nls \
--disable-info \
--without-guile
.include <bsd.port.mk>

3
devel/gmake3/distinfo Normal file
View File

@ -0,0 +1,3 @@
TIMESTAMP = 1747413857
SHA256 (make-3.81.tar.bz2) = f3e69023771e23908f5d5592954d8271d3d6af09693cecfd29cee6fde8550dc8
SIZE (make-3.81.tar.bz2) = 1151445

4
devel/gmake3/pkg-descr Normal file
View File

@ -0,0 +1,4 @@
This is the last GPLv2 licensed version of GNU make.
GNU make is a tool that controls the generation of executables and other
non-source files from source files. Its purpose is the same as that
of the utility make(1).

2
devel/gmake3/pkg-plist Normal file
View File

@ -0,0 +1,2 @@
bin/gmake3
share/man/man1/gmake3.1.gz

245
security/openssh-portable/Makefile
View File

@ -1,245 +0,0 @@
PORTNAME= openssh
DISTVERSION= 10.0p1
PORTREVISION= 0
PORTEPOCH= 1
CATEGORIES= security
MASTER_SITES= OPENBSD/OpenSSH/portable
PKGNAMESUFFIX?= -portable
MAINTAINER= bdrewery@FreeBSD.org
COMMENT= The portable version of OpenBSD's OpenSSH
WWW= https://www.openssh.com/portable.html
LICENSE= OPENSSH
LICENSE_NAME= OpenSSH Licenses
LICENSE_FILE= ${WRKSRC}/LICENCE
LICENSE_PERMS= dist-mirror dist-sell pkg-mirror pkg-sell auto-accept
CONFLICTS?= openssh-3.* ssh-1.* ssh2-3.* openssh-portable-devel
USES= alias autoreconf compiler:c11 cpe localbase ncurses \
pkgconfig ssl
GNU_CONFIGURE= yes
GNU_CONFIGURE_MANPREFIX= ${PREFIX}/share
CONFIGURE_ARGS= --prefix=${PREFIX} \
--without-zlib-version-check \
--with-ssl-engine \
--with-mantype=man
ETCOLD= ${PREFIX}/etc
CPE_VENDOR= openbsd
FLAVORS= default hpn gssapi
default_CONFLICTS_INSTALL= openssh-portable-hpn openssh-portable-gssapi \
openssh-portable-x509
hpn_CONFLICTS_INSTALL= openssh-portable openssh-portable-gssapi \
openssh-portable-x509
hpn_PKGNAMESUFFIX= -portable-hpn
gssapi_CONFLICTS_INSTALL= openssh-portable openssh-portable-hpn \
openssh-portable-x509
gssapi_PKGNAMESUFFIX= -portable-gssapi
OPTIONS_DEFINE= DOCS PAM TCP_WRAPPERS LIBEDIT BSM \
HPN KERB_GSSAPI \
LDNS NONECIPHER XMSS FIDO_U2F BLACKLISTD
OPTIONS_DEFAULT= LIBEDIT PAM TCP_WRAPPERS LDNS FIDO_U2F
.if ${FLAVOR:U} == hpn
OPTIONS_DEFAULT+= HPN NONECIPHER
.endif
.if ${FLAVOR:U} == gssapi
OPTIONS_DEFAULT+= KERB_GSSAPI MIT
.endif
OPTIONS_RADIO= KERBEROS
OPTIONS_RADIO_KERBEROS= MIT HEIMDAL HEIMDAL_BASE
TCP_WRAPPERS_DESC= tcp_wrappers support
BSM_DESC= OpenBSM Auditing
KERB_GSSAPI_DESC= Kerberos/GSSAPI patch (req: GSSAPI)
HPN_DESC= HPN-SSH patch
LDNS_DESC= SSHFP/LDNS support
HEIMDAL_DESC= Heimdal Kerberos (security/heimdal)
HEIMDAL_BASE_DESC= Heimdal Kerberos (base)
MIT_DESC= MIT Kerberos (security/krb5)
NONECIPHER_DESC= NONE Cipher support
XMSS_DESC= XMSS key support (experimental)
FIDO_U2F_DESC= FIDO/U2F support (security/libfido2)
BLACKLISTD_DESC= FreeBSD blacklistd(8) support
OPTIONS_SUB= yes
PAM_EXTRA_PATCHES= ${FILESDIR}/extra-patch-pam-sshd_config
TCP_WRAPPERS_EXTRA_PATCHES=${FILESDIR}/extra-patch-tcpwrappers
LDNS_CONFIGURE_WITH= ldns=${LOCALBASE}
LDNS_LIB_DEPENDS= libldns.so:dns/ldns
HPN_CONFIGURE_WITH= hpn
NONECIPHER_CONFIGURE_WITH= nonecipher
MIT_LIB_DEPENDS= libkrb5.so.3:security/krb5
HEIMDAL_LIB_DEPENDS= libkrb5.so.26:security/heimdal
PAM_CONFIGURE_WITH= pam
TCP_WRAPPERS_CONFIGURE_WITH= tcp-wrappers
LIBEDIT_CONFIGURE_WITH= libedit
LIBEDIT_USES= libedit
BSM_CONFIGURE_ON= --with-audit=bsm
FIDO_U2F_LIB_DEPENDS= libfido2.so:security/libfido2
FIDO_U2F_CONFIGURE_ON= --with-security-key-builtin
FIDO_U2F_CONFIGURE_OFF= --disable-security-key
BLACKLISTD_EXTRA_PATCHES= ${FILESDIR}/extra-patch-blacklistd
ETCDIR?= ${PREFIX}/etc/ssh
.include <bsd.port.pre.mk>
PATCH_SITES+= http://mirror.shatow.net/freebsd/${PORTNAME}/:DEFAULT,hpn,gsskex
# Must add this patch before HPN due to conflicts
.if ${PORT_OPTIONS:MKERB_GSSAPI} || ${FLAVOR:U} == gssapi
#BROKEN= KERB_GSSAPI No patch for ${DISTVERSION} yet.
. if ${PORT_OPTIONS:MHPN} || ${PORT_OPTIONS:MNONECIPHER}
# Needed glue for applying HPN patch without conflict
EXTRA_PATCHES+= ${FILESDIR}/extra-patch-hpn-gss-glue
. endif
# - See https://sources.debian.org/data/main/o/openssh/ for which subdir to
# pull from.
#GSSAPI_DEBIAN_VERSION= 9.9p2
GSSAPI_DEBIAN_VERSION= 10.0p1
GSSAPI_DEBIAN_SUBDIR= ${GSSAPI_DEBIAN_VERSION:U${DISTVERSION}}-5
# - Debian does not use a versioned filename so we trick fetch to make one for
# us with the ?<anything>=/ trick.
PATCH_SITES+= https://sources.debian.org/data/main/o/openssh/1:${GSSAPI_DEBIAN_SUBDIR}/debian/patches/gssapi.patch?dummy=/:gsskex
# Bump this when updating the patch location
#GSSAPI_DISTVERSION= 9.9p1
GSSAPI_DISTVERSION= 10.0p1
PATCHFILES+= openssh-${GSSAPI_DISTVERSION:U${DISTVERSION}}-gsskex-all-debian-rh-${GSSAPI_DISTVERSION}.patch:-p1:gsskex
EXTRA_PATCHES+= ${FILESDIR}/extra-patch-gssapi-kexgssc.c
EXTRA_PATCHES+= ${FILESDIR}/extra-patch-gssapi-kexgsss.c
.endif
.if ${PORT_OPTIONS:MBLACKLISTD}
CONFIGURE_LIBS+= -lblacklist
.endif
# https://www.psc.edu/hpn-ssh https://github.com/rapier1/openssh-portable/tree/hpn-openssl1.1-7_7_P1
.if ${PORT_OPTIONS:MHPN} || ${PORT_OPTIONS:MNONECIPHER}
#BROKEN= HPN: Not yet updated for ${DISTVERSION} yet.
PORTDOCS+= HPN-README
HPN_VERSION= 14v15
HPN_DISTVERSION= 7.7p1
#PATCH_SITES+= SOURCEFORGE/hpnssh/HPN-SSH%20${HPN_VERSION}%20${HPN_DISTVERSION}/:hpn
#PATCHFILES+= ${PORTNAME}-${HPN_DISTVERSION}-hpnssh${HPN_VERSION}.diff.gz:-p1:hpn
EXTRA_PATCHES+= ${FILESDIR}/extra-patch-hpn:-p2
.elif !${PORT_OPTIONS:MHPN} && !${PORT_OPTIONS:MNONECIPHER}
# Apply compatibility patch
EXTRA_PATCHES+= ${FILESDIR}/extra-patch-hpn-compat
.endif
CONFIGURE_ARGS+= --disable-utmp --disable-wtmp --disable-wtmpx --without-lastlog
# Keep this last
EXTRA_PATCHES+= ${FILESDIR}/extra-patch-version-addendum
.if ${PORT_OPTIONS:MHEIMDAL_BASE} && ${PORT_OPTIONS:MKERB_GSSAPI}
BROKEN= KERB_GSSAPI Requires either MIT or HEMIDAL, does not build with base Heimdal currently
.endif
.if ${PORT_OPTIONS:MHEIMDAL_BASE} && !exists(/usr/lib/libkrb5.so)
IGNORE= you have selected HEIMDAL_BASE but do not have heimdal installed in base
.endif
.if ${PORT_OPTIONS:MMIT} || ${PORT_OPTIONS:MHEIMDAL} || ${PORT_OPTIONS:MHEIMDAL_BASE}
. if ${PORT_OPTIONS:MHEIMDAL_BASE}
CONFIGURE_LIBS+= -lgssapi_krb5
CONFIGURE_ARGS+= --with-kerberos5=/usr
. else
CONFIGURE_LIBS+= -lgssapi_krb5
CONFIGURE_ARGS+= --with-kerberos5=${LOCALBASE}
. endif
. if ${OPENSSLBASE} == "/usr"
CONFIGURE_ARGS+= --without-rpath
LDFLAGS= # empty
. endif
.else
. if ${PORT_OPTIONS:MKERB_GSSAPI}
IGNORE= KERB_GSSAPI requires one of MIT HEIMDAL or HEIMDAL_BASE
. endif
.endif
.if ${OPENSSLBASE} != "/usr"
CONFIGURE_ARGS+= --with-ssl-dir=${OPENSSLBASE}
.endif
EMPTYDIR= /var/empty
USE_RC_SUBR= openssh
# After all
CONFIGURE_ARGS+= --sysconfdir=${ETCDIR} --with-privsep-path=${EMPTYDIR}
.if !empty(CONFIGURE_LIBS)
CONFIGURE_ARGS+= --with-libs='${CONFIGURE_LIBS}'
.endif
CONFIGURE_ARGS+= --with-xauth=${LOCALBASE}/bin/xauth
RC_SCRIPT_NAME= openssh
VERSION_ADDENDUM_DEFAULT?= ${OPSYS}-${PKGNAME}
CFLAGS+= ${CFLAGS_${CHOSEN_COMPILER_TYPE}}
CFLAGS_gcc= -Wno-stringop-truncation -Wno-stringop-overflow
SSH_ASKPASS_PATH?= ${LOCALBASE}/bin/ssh-askpass
post-patch:
@${REINPLACE_CMD} \
-e 's|install: \(.*\) host-key check-config|install: \1|g' \
${WRKSRC}/Makefile.in
@${REINPLACE_CMD} \
-e 's|$$[{(]libexecdir[})]/ssh-askpass|${SSH_ASKPASS_PATH}|' \
${WRKSRC}/Makefile.in ${WRKSRC}/configure.ac
@${REINPLACE_CMD} \
-e 's|\(VersionAddendum\) none|\1 ${VERSION_ADDENDUM_DEFAULT}|' \
${WRKSRC}/sshd_config
@${REINPLACE_CMD} \
-e 's|%%SSH_VERSION_FREEBSD_PORT%%|${VERSION_ADDENDUM_DEFAULT}|' \
${WRKSRC}/sshd_config.5
@${ECHO_CMD} '#define SSH_VERSION_FREEBSD_PORT "${VERSION_ADDENDUM_DEFAULT}"' >> \
${WRKSRC}/version.h
post-configure-XMSS-on:
@${ECHO_CMD} "#define WITH_XMSS 1" >> ${WRKSRC}/config.h
post-configure-BLACKLISTD-on:
@${ECHO_CMD} "#define USE_BLACKLIST 1" >> ${WRKSRC}/config.h
post-install:
${MV} ${STAGEDIR}${ETCDIR}/moduli \
${STAGEDIR}${ETCDIR}/moduli.sample
${MV} ${STAGEDIR}${ETCDIR}/ssh_config \
${STAGEDIR}${ETCDIR}/ssh_config.sample
${MV} ${STAGEDIR}${ETCDIR}/sshd_config \
${STAGEDIR}${ETCDIR}/sshd_config.sample
${MKDIR} ${STAGEDIR}${ETCDIR}/ssh_config.d \
${STAGEDIR}${ETCDIR}/sshd_config.d
.if ${PORT_OPTIONS:MHPN} || ${PORT_OPTIONS:MNONECIPHER}
${MKDIR} ${STAGEDIR}${DOCSDIR}
${INSTALL_DATA} ${WRKSRC}/HPN-README ${STAGEDIR}${DOCSDIR}
.endif
test: build
cd ${WRKSRC} && ${SETENV} -i \
OBJ=${WRKDIR} ${MAKE_ENV:NHOME=*} \
TEST_SHELL=${SH} \
SUDO="${SUDO}" \
LOGNAME="${LOGNAME}" \
HOME="${HOME}" \
TEST_SSH_TRACE=yes \
PATH=${WRKSRC}:${PREFIX}/bin:${PREFIX}/sbin:${PATH} \
${MAKE_CMD} ${MAKE_FLAGS} ${MAKEFILE} ${MAKE_ARGS} tests
.include <bsd.port.post.mk>

5
security/openssh-portable/distinfo
View File

@ -1,5 +0,0 @@
TIMESTAMP = 1747920014
SHA256 (openssh-10.0p1.tar.gz) = 021a2e709a0edf4250b1256bd5a9e500411a90dddabea830ed59cef90eb9d85c
SIZE (openssh-10.0p1.tar.gz) = 1972675
SHA256 (openssh-10.0p1-gsskex-all-debian-rh-10.0p1.patch) = 6749430c148dacf41b396c0f7a107526e6030379ccd4f57f407993748d4a5912
SIZE (openssh-10.0p1-gsskex-all-debian-rh-10.0p1.patch) = 126360

419
security/openssh-portable/files/extra-patch-blacklistd
View File

@ -1,419 +0,0 @@
--- blacklist.c.orig 2021-04-28 13:37:52.679784000 -0700
+++ blacklist.c 2021-04-28 13:56:45.677805000 -0700
@@ -0,0 +1,92 @@
+/*-
+ * Copyright (c) 2015 The NetBSD Foundation, Inc.
+ * Copyright (c) 2016 The FreeBSD Foundation, Inc.
+ * All rights reserved.
+ *
+ * Portions of this software were developed by Kurt Lidl
+ * under sponsorship from the FreeBSD Foundation.
+ *
+ * This code is derived from software contributed to The NetBSD Foundation
+ * by Christos Zoulas.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "includes.h"
+
+#include <ctype.h>
+#include <stdarg.h>
+#include <stdbool.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <syslog.h>
+#include <unistd.h>
+
+#include "ssh.h"
+#include "packet.h"
+#include "log.h"
+#include "misc.h"
+#include <blacklist.h>
+#include "blacklist_client.h"
+
+static struct blacklist *blstate = NULL;
+
+/* internal definition from bl.h */
+struct blacklist *bl_create(bool, char *, void (*)(int, const char *, va_list));
+
+/* impedence match vsyslog() to sshd's internal logging levels */
+void
+im_log(int priority, const char *message, va_list args)
+{
+ LogLevel imlevel;
+
+ switch (priority) {
+ case LOG_ERR:
+ imlevel = SYSLOG_LEVEL_ERROR;
+ break;
+ case LOG_DEBUG:
+ imlevel = SYSLOG_LEVEL_DEBUG1;
+ break;
+ case LOG_INFO:
+ imlevel = SYSLOG_LEVEL_INFO;
+ break;
+ default:
+ imlevel = SYSLOG_LEVEL_DEBUG2;
+ }
+ do_log2(imlevel, message, args);
+}
+
+void
+blacklist_init(void)
+{
+
+ blstate = bl_create(false, NULL, im_log);
+}
+
+void
+blacklist_notify(int action, struct ssh *ssh, const char *msg)
+{
+
+ if (blstate != NULL && ssh_packet_connection_is_on_socket(ssh))
+ (void)blacklist_r(blstate, action,
+ ssh_packet_get_connection_in(ssh), msg);
+}
--- blacklist_client.h.orig 2020-11-16 16:45:22.823087000 -0800
+++ blacklist_client.h 2020-11-16 16:45:09.761962000 -0800
@@ -0,0 +1,61 @@
+/*-
+ * Copyright (c) 2015 The NetBSD Foundation, Inc.
+ * Copyright (c) 2016 The FreeBSD Foundation, Inc.
+ * All rights reserved.
+ *
+ * Portions of this software were developed by Kurt Lidl
+ * under sponsorship from the FreeBSD Foundation.
+ *
+ * This code is derived from software contributed to The NetBSD Foundation
+ * by Christos Zoulas.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef BLACKLIST_CLIENT_H
+#define BLACKLIST_CLIENT_H
+
+#ifndef BLACKLIST_API_ENUM
+enum {
+ BLACKLIST_AUTH_OK = 0,
+ BLACKLIST_AUTH_FAIL,
+ BLACKLIST_ABUSIVE_BEHAVIOR,
+ BLACKLIST_BAD_USER
+};
+#endif
+
+#ifdef USE_BLACKLIST
+void blacklist_init(void);
+void blacklist_notify(int, struct ssh *, const char *);
+
+#define BLACKLIST_INIT() blacklist_init()
+#define BLACKLIST_NOTIFY(x, ssh, msg) blacklist_notify(x, ssh, msg)
+
+#else
+
+#define BLACKLIST_INIT()
+#define BLACKLIST_NOTIFY(x, ssh, msg)
+
+#endif
+
+
+#endif /* BLACKLIST_CLIENT_H */
--- servconf.c.orig 2021-04-15 20:55:25.000000000 -0700
+++ servconf.c 2021-04-28 13:36:19.591999000 -0700
@@ -172,6 +172,7 @@ initialize_server_options(ServerOptions *options)
options->max_sessions = -1;
options->banner = NULL;
options->use_dns = -1;
+ options->use_blacklist = -1;
options->client_alive_interval = -1;
options->client_alive_count_max = -1;
options->num_authkeys_files = 0;
@@ -410,6 +411,8 @@ fill_default_server_options(ServerOptions *options)
options->max_sessions = DEFAULT_SESSIONS_MAX;
if (options->use_dns == -1)
options->use_dns = 0;
+ if (options->use_blacklist == -1)
+ options->use_blacklist = 0;
if (options->client_alive_interval == -1)
options->client_alive_interval = 0;
if (options->client_alive_count_max == -1)
@@ -506,6 +509,7 @@ typedef enum {
sGatewayPorts, sPubkeyAuthentication, sPubkeyAcceptedAlgorithms,
sXAuthLocation, sSubsystem, sMaxStartups, sMaxAuthTries, sMaxSessions,
sBanner, sUseDNS, sHostbasedAuthentication,
+ sUseBlacklist,
sHostbasedUsesNameFromPacketOnly, sHostbasedAcceptedAlgorithms,
sHostKeyAlgorithms, sPerSourceMaxStartups, sPerSourceNetBlockSize,
sClientAliveInterval, sClientAliveCountMax, sAuthorizedKeysFile,
@@ -642,6 +646,8 @@ static struct {
{ "maxsessions", sMaxSessions, SSHCFG_ALL },
{ "banner", sBanner, SSHCFG_ALL },
{ "usedns", sUseDNS, SSHCFG_GLOBAL },
+ { "useblacklist", sUseBlacklist, SSHCFG_GLOBAL },
+ { "useblocklist", sUseBlacklist, SSHCFG_GLOBAL } /* alias */,
{ "verifyreversemapping", sDeprecated, SSHCFG_GLOBAL },
{ "reversemappingcheck", sDeprecated, SSHCFG_GLOBAL },
{ "clientaliveinterval", sClientAliveInterval, SSHCFG_ALL },
@@ -1692,6 +1698,10 @@ process_server_config_line_depth(ServerOptions *option
intptr = &options->use_dns;
goto parse_flag;
+ case sUseBlacklist:
+ intptr = &options->use_blacklist;
+ goto parse_flag;
+
case sLogFacility:
log_facility_ptr = &options->log_facility;
arg = strdelim(&cp);
@@ -2872,6 +2882,7 @@ dump_config(ServerOptions *o)
dump_cfg_fmtint(sCompression, o->compression);
dump_cfg_fmtint(sGatewayPorts, o->fwd_opts.gateway_ports);
dump_cfg_fmtint(sUseDNS, o->use_dns);
+ dump_cfg_fmtint(sUseBlacklist, o->use_blacklist);
dump_cfg_fmtint(sAllowTcpForwarding, o->allow_tcp_forwarding);
dump_cfg_fmtint(sAllowAgentForwarding, o->allow_agent_forwarding);
dump_cfg_fmtint(sDisableForwarding, o->disable_forwarding);
--- servconf.h.orig 2020-11-16 15:51:00.752090000 -0800
+++ servconf.h 2020-11-16 15:51:02.962173000 -0800
@@ -179,6 +179,7 @@ typedef struct {
int max_sessions;
char *banner; /* SSH-2 banner message */
int use_dns;
+ int use_blacklist;
int client_alive_interval; /*
* poke the client this often to
* see if it's still there
--- auth-pam.c.orig 2020-11-16 15:52:45.816578000 -0800
+++ auth-pam.c 2020-11-16 15:54:19.796583000 -0800
@@ -105,6 +105,7 @@ extern char *__progname;
#include "ssh-gss.h"
#endif
#include "monitor_wrap.h"
+#include "blacklist_client.h"
extern ServerOptions options;
extern struct sshbuf *loginmsg;
@@ -916,6 +917,10 @@ sshpam_query(void *ctx, char **name, char **info,
sshbuf_free(buffer);
return (0);
}
+ /* XXX: ssh context unavailable here, unclear if this is even needed.
+ BLACKLIST_NOTIFY(BLACKLIST_BAD_USER,
+ the_active_state, sshpam_authctxt->user);
+ */
error("PAM: %s for %s%.100s from %.100s", msg,
sshpam_authctxt->valid ? "" : "illegal user ",
sshpam_authctxt->user, sshpam_rhost);
--- auth.c.orig 2020-11-16 15:52:45.824171000 -0800
+++ auth.c 2020-11-16 15:57:51.091969000 -0800
@@ -76,6 +76,7 @@
#include "ssherr.h"
#include "compat.h"
#include "channels.h"
+#include "blacklist_client.h"
/* import */
extern ServerOptions options;
@@ -331,8 +332,11 @@ auth_log(struct ssh *ssh, int authenticated, int parti
authmsg = "Postponed";
else if (partial)
authmsg = "Partial";
- else
+ else {
authmsg = authenticated ? "Accepted" : "Failed";
+ if (authenticated)
+ BLACKLIST_NOTIFY(BLACKLIST_AUTH_OK, ssh, "ssh");
+ }
if ((extra = format_method_key(authctxt)) == NULL) {
if (authctxt->auth_method_info != NULL)
@@ -586,6 +590,7 @@ getpwnamallow(struct ssh *ssh, const char *user)
aix_restoreauthdb();
#endif
if (pw == NULL) {
+ BLACKLIST_NOTIFY(BLACKLIST_BAD_USER, ssh, user);
logit("Invalid user %.100s from %.100s port %d",
user, ssh_remote_ipaddr(ssh), ssh_remote_port(ssh));
#ifdef CUSTOM_FAILED_LOGIN
--- auth2.c.orig 2020-11-16 17:10:36.772062000 -0800
+++ auth2.c 2020-11-16 17:12:04.852943000 -0800
@@ -58,6 +58,7 @@
#include "monitor_wrap.h"
#include "digest.h"
#include "kex.h"
+#include "blacklist_client.h"
/* import */
extern ServerOptions options;
@@ -295,6 +296,7 @@ input_userauth_request(int type, u_int32_t seq, struct
} else {
/* Invalid user, fake password information */
authctxt->pw = fakepw();
+ BLACKLIST_NOTIFY(BLACKLIST_BAD_USER, ssh, "ssh");
#ifdef SSH_AUDIT_EVENTS
PRIVSEP(audit_event(ssh, SSH_INVALID_USER));
#endif
@@ -448,8 +450,10 @@ userauth_finish(struct ssh *ssh, int authenticated, co
} else {
/* Allow initial try of "none" auth without failure penalty */
if (!partial && !authctxt->server_caused_failure &&
- (authctxt->attempt > 1 || strcmp(method, "none") != 0))
+ (authctxt->attempt > 1 || strcmp(method, "none") != 0)) {
authctxt->failures++;
+ BLACKLIST_NOTIFY(BLACKLIST_AUTH_FAIL, ssh, "ssh");
+ }
if (authctxt->failures >= options.max_authtries) {
#ifdef SSH_AUDIT_EVENTS
PRIVSEP(audit_event(ssh, SSH_LOGIN_EXCEED_MAXTRIES));
--- packet.c.orig 2020-11-16 15:52:45.839070000 -0800
+++ packet.c 2020-11-16 15:56:09.285418000 -0800
@@ -96,6 +96,7 @@
#include "packet.h"
#include "ssherr.h"
#include "sshbuf.h"
+#include "blacklist_client.h"
#ifdef PACKET_DEBUG
#define DBG(x) x
@@ -1882,6 +1883,7 @@ sshpkt_vfatal(struct ssh *ssh, int r, const char *fmt,
case SSH_ERR_NO_KEX_ALG_MATCH:
case SSH_ERR_NO_HOSTKEY_ALG_MATCH:
if (ssh->kex && ssh->kex->failed_choice) {
+ BLACKLIST_NOTIFY(BLACKLIST_AUTH_FAIL, ssh, "ssh");
ssh_packet_clear_keys(ssh);
errno = oerrno;
logdie("Unable to negotiate with %s: %s. "
--- sshd.c.orig 2021-08-19 21:03:49.000000000 -0700
+++ sshd.c 2021-09-10 10:37:17.926747000 -0700
@@ -123,6 +123,7 @@
#include "version.h"
#include "ssherr.h"
#include "sk-api.h"
+#include "blacklist_client.h"
#include "srclimit.h"
#include "dh.h"
@@ -2225,6 +2228,9 @@ main(int ac, char **av)
if ((loginmsg = sshbuf_new()) == NULL)
fatal_f("sshbuf_new failed");
auth_debug_reset();
+
+ if (options.use_blacklist)
+ BLACKLIST_INIT();
if (use_privsep) {
if (privsep_preauth(ssh) == 1)
--- Makefile.in.orig 2022-10-03 07:51:42.000000000 -0700
+++ Makefile.in 2022-10-09 10:50:06.401377000 -0700
@@ -185,6 +185,8 @@ FIXALGORITHMSCMD= $(SHELL) $(srcdir)/fixalgorithms $(S
FIXALGORITHMSCMD= $(SHELL) $(srcdir)/fixalgorithms $(SED) \
@UNSUPPORTED_ALGORITHMS@
+LIBSSH_OBJS+= blacklist.o
+
all: $(CONFIGFILES) $(MANPAGES) $(TARGETS)
$(LIBSSH_OBJS): Makefile.in config.h
--- sshd_config.orig 2020-11-16 16:57:14.276036000 -0800
+++ sshd_config 2020-11-16 16:57:42.183846000 -0800
@@ -94,6 +94,7 @@
#PrintLastLog yes
#TCPKeepAlive yes
#PermitUserEnvironment no
+#UseBlacklist no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
--- sshd_config.5.orig 2023-12-18 15:59:50.000000000 +0100
+++ sshd_config.5 2024-01-06 16:36:17.025742000 +0100
@@ -1855,6 +1855,20 @@ This option may be useful in conjunction with
is to never expire connections for having no open channels.
This option may be useful in conjunction with
.Cm ChannelTimeout .
+.It Cm UseBlacklist
+Specifies whether
+.Xr sshd 8
+attempts to send authentication success and failure messages
+to the
+.Xr blacklistd 8
+daemon.
+The default is
+.Cm no .
+For forward compatibility with an upcoming
+.Xr blacklistd
+rename, the
+.Cm UseBlocklist
+alias can be used instead.
.It Cm UseDNS
Specifies whether
.Xr sshd 8
--- monitor.c.orig 2020-11-16 17:24:03.457283000 -0800
+++ monitor.c 2020-11-16 17:25:57.642510000 -0800
@@ -96,6 +96,7 @@
#include "match.h"
#include "ssherr.h"
#include "sk-api.h"
+#include "blacklist_client.h"
#ifdef GSSAPI
static Gssctxt *gsscontext = NULL;
@@ -342,8 +343,11 @@ monitor_child_preauth(struct ssh *ssh, struct monitor
if (ent->flags & (MON_AUTHDECIDE|MON_ALOG)) {
auth_log(ssh, authenticated, partial,
auth_method, auth_submethod);
- if (!partial && !authenticated)
+ if (!partial && !authenticated) {
authctxt->failures++;
+ BLACKLIST_NOTIFY(BLACKLIST_AUTH_FAIL,
+ ssh, "ssh");
+ }
if (authenticated || partial) {
auth2_update_session_info(authctxt,
auth_method, auth_submethod);
@@ -1228,6 +1232,7 @@ mm_answer_keyallowed(struct ssh *ssh, int sock, struct
} else {
/* Log failed attempt */
auth_log(ssh, 0, 0, auth_method, NULL);
+ BLACKLIST_NOTIFY(BLACKLIST_AUTH_FAIL, ssh, "ssh");
free(cuser);
free(chost);
}

14
security/openssh-portable/files/extra-patch-gssapi-kexgssc.c
View File

@ -1,14 +0,0 @@
Fix prototype for DH_get0_key() in kexgssgex_client().
--- kexgssc.c.orig 2020-11-24 12:26:37.222092000 -0800
+++ kexgssc.c 2020-11-24 12:26:54.801490000 -0800
@@ -31,6 +31,9 @@
#include <openssl/crypto.h>
#include <openssl/bn.h>
+#include <openssl/dh.h>
+#include "openbsd-compat/openssl-compat.h"
+
#include <string.h>
#include "xmalloc.h"

14
security/openssh-portable/files/extra-patch-gssapi-kexgsss.c
View File

@ -1,14 +0,0 @@
Fix prototype for DH_get0_key() in kexgssgex_server().
--- kexgsss.c.orig 2020-11-24 12:39:25.548427000 -0800
+++ kexgsss.c 2020-11-24 12:39:47.591119000 -0800
@@ -31,6 +31,9 @@
#include <openssl/crypto.h>
#include <openssl/bn.h>
+#include <openssl/dh.h>
+#include "openbsd-compat/openssl-compat.h"
+
#include "xmalloc.h"
#include "sshbuf.h"
#include "ssh2.h"

1300
security/openssh-portable/files/extra-patch-hpn
View File

File diff suppressed because it is too large Load Diff

46
security/openssh-portable/files/extra-patch-hpn-compat
View File

@ -1,46 +0,0 @@
------------------------------------------------------------------------
r294563 | des | 2016-01-22 05:13:46 -0800 (Fri, 22 Jan 2016) | 3 lines
Changed paths:
M /head/crypto/openssh/servconf.c
Instead of removing the NoneEnabled option, mark it as unsupported.
(should have done this in r291198, but didn't think of it until now)
------------------------------------------------------------------------
------------------------------------------------------------------------
r294564 | des | 2016-01-22 06:22:11 -0800 (Fri, 22 Jan 2016) | 2 lines
Changed paths:
M /head/crypto/openssh/readconf.c
r294563 was incomplete; re-add the client-side options as well.
------------------------------------------------------------------------
--- readconf.c.orig 2025-04-09 00:02:43.000000000 -0700
+++ readconf.c 2025-04-10 21:55:30.974643000 -0700
@@ -332,6 +332,12 @@ static struct {
{ "obscurekeystroketiming", oObscureKeystrokeTiming },
{ "channeltimeout", oChannelTimeout },
{ "versionaddendum", oVersionAddendum },
+ { "hpndisabled", oDeprecated },
+ { "hpnbuffersize", oDeprecated },
+ { "tcprcvbufpoll", oDeprecated },
+ { "tcprcvbuf", oDeprecated },
+ { "noneenabled", oUnsupported },
+ { "noneswitch", oUnsupported },
{ NULL, oBadOption }
};
--- servconf.c.orig 2024-09-19 15:20:48.000000000 -0700
+++ servconf.c 2024-10-07 20:18:18.259726000 -0700
@@ -746,6 +746,10 @@ static struct {
{ "unusedconnectiontimeout", sUnusedConnectionTimeout, SSHCFG_ALL },
{ "sshdsessionpath", sSshdSessionPath, SSHCFG_GLOBAL },
{ "refuseconnection", sRefuseConnection, SSHCFG_ALL },
+ { "noneenabled", sUnsupported, SSHCFG_ALL },
+ { "hpndisabled", sDeprecated, SSHCFG_ALL },
+ { "hpnbuffersize", sDeprecated, SSHCFG_ALL },
+ { "tcprcvbufpoll", sDeprecated, SSHCFG_ALL },
{ NULL, sBadOption, 0 }
};

57
security/openssh-portable/files/extra-patch-hpn-gss-glue
View File

@ -1,57 +0,0 @@
--- sshconnect2.c.orig 2019-07-19 11:53:14.918867000 -0700
+++ sshconnect2.c 2019-07-19 11:53:16.911086000 -0700
@@ -159,11 +159,6 @@ ssh_kex2(struct ssh *ssh, char *host, struct sockaddr
char *s, *all_key;
int r;
-#if defined(GSSAPI) && defined(WITH_OPENSSL)
- char *orig = NULL, *gss = NULL;
- char *gss_host = NULL;
-#endif
-
xxx_host = host;
xxx_hostaddr = hostaddr;
@@ -197,6 +192,9 @@ ssh_kex2(struct ssh *ssh, char *host, struct sockaddr
}
#if defined(GSSAPI) && defined(WITH_OPENSSL)
+ char *orig = NULL, *gss = NULL;
+ char *gss_host = NULL;
+
if (options.gss_keyex) {
/* Add the GSSAPI mechanisms currently supported on this
* client to the key exchange algorithm proposal */
--- readconf.c.orig 2019-07-19 12:13:18.000312000 -0700
+++ readconf.c 2019-07-19 12:13:29.614552000 -0700
@@ -63,11 +63,11 @@
#include "readconf.h"
#include "match.h"
#include "kex.h"
+#include "ssh-gss.h"
#include "mac.h"
#include "uidswap.h"
#include "myproposal.h"
#include "digest.h"
-#include "ssh-gss.h"
/* Format of the configuration file:
--- servconf.c.orig 2019-07-19 12:14:42.078398000 -0700
+++ servconf.c 2019-07-19 12:14:43.543687000 -0700
@@ -54,6 +54,7 @@
#include "sshkey.h"
#include "kex.h"
#include "mac.h"
+#include "ssh-gss.h"
#include "match.h"
#include "channels.h"
#include "groupaccess.h"
@@ -64,7 +65,6 @@
#include "auth.h"
#include "myproposal.h"
#include "digest.h"
-#include "ssh-gss.h"
static void add_listen_addr(ServerOptions *, const char *,
const char *, int);

31
security/openssh-portable/files/extra-patch-pam-sshd_config
View File

@ -1,31 +0,0 @@
--- sshd_config.orig 2025-04-09 00:02:43.000000000 -0700
+++ sshd_config 2025-04-10 21:52:39.463528000 -0700
@@ -53,8 +53,8 @@ AuthorizedKeysFile .ssh/authorized_keys
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes
-# To disable tunneled clear text passwords, change to "no" here!
-#PasswordAuthentication yes
+# To enable tunneled clear text passwords, change to yes here!
+#PasswordAuthentication no
#PermitEmptyPasswords no
# Change to "no" to disable keyboard-interactive authentication. Depending on
@@ -72,7 +72,7 @@ AuthorizedKeysFile .ssh/authorized_keys
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes
-# Set this to 'yes' to enable PAM authentication, account processing,
+# Set this to 'no' to disable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the KbdInteractiveAuthentication and
# PasswordAuthentication. Depending on your PAM configuration,
@@ -81,7 +81,7 @@ AuthorizedKeysFile .ssh/authorized_keys
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and KbdInteractiveAuthentication to 'no'.
-#UsePAM no
+#UsePAM yes
#AllowAgentForwarding yes
#AllowTcpForwarding yes

151
security/openssh-portable/files/extra-patch-tcpwrappers
View File

@ -1,151 +0,0 @@
Revert TCPWRAPPER removal -bdrewery
commit f2719b7c2b8a3b14d778d8a6d8dc729b5174b054
Author: Damien Miller <djm@mindrot.org>
Date: Sun Apr 20 13:22:18 2014 +1000
- tedu@cvs.openbsd.org 2014/03/26 19:58:37
[sshd.8 sshd.c]
remove libwrap support. ok deraadt djm mfriedl
diff --git sshd.8 sshd.8
index 289e13d..e6a900b 100644
--- sshd.8
+++ sshd.8
@@ -851,6 +851,12 @@ the user's home directory becomes accessible.
This file should be writable only by the user, and need not be
readable by anyone else.
.Pp
+.It Pa /etc/hosts.allow
+.It Pa /etc/hosts.deny
+Access controls that should be enforced by tcp-wrappers are defined here.
+Further details are described in
+.Xr hosts_access 5 .
+.Pp
.It Pa /etc/hosts.equiv
This file is for host-based authentication (see
.Xr ssh 1 ) .
@@ -954,6 +960,7 @@ The content of this file is not sensitive; it can be world-readable.
.Xr ssh-keygen 1 ,
.Xr ssh-keyscan 1 ,
.Xr chroot 2 ,
+.Xr hosts_access 5 ,
.Xr login.conf 5 ,
.Xr moduli 5 ,
.Xr sshd_config 5 ,
--- sshd-session.c.orig 2024-07-01 13:26:10.677919000 -0700
+++ sshd-session.c 2024-07-01 13:26:58.873906000 -0700
@@ -110,6 +110,13 @@
#include "srclimit.h"
#include "dh.h"
+#ifdef LIBWRAP
+#include <tcpd.h>
+#include <syslog.h>
+int allow_severity;
+int deny_severity;
+#endif /* LIBWRAP */
+
/* Re-exec fds */
#define REEXEC_DEVCRYPTO_RESERVED_FD (STDERR_FILENO + 1)
#define REEXEC_STARTUP_PIPE_FD (STDERR_FILENO + 2)
@@ -1256,7 +1263,26 @@ main(int ac, char **av)
#endif
rdomain = ssh_packet_rdomain_in(ssh);
+
+#ifdef LIBWRAP
+ allow_severity = options.log_facility|LOG_INFO;
+ deny_severity = options.log_facility|LOG_WARNING;
+ /* Check whether logins are denied from this host. */
+ if (ssh_packet_connection_is_on_socket(ssh)) {
+ struct request_info req;
+ request_init(&req, RQ_DAEMON, __progname, RQ_FILE, sock_in, 0);
+ fromhost(&req);
+
+ if (!hosts_access(&req)) {
+ debug("Connection refused by tcp wrapper");
+ refuse(&req);
+ /* NOTREACHED */
+ fatal("libwrap refuse returns");
+ }
+ }
+#endif /* LIBWRAP */
+
/* Log the connection. */
laddr = get_local_ipaddr(sock_in);
verbose("Connection from %s port %d on %s port %d%s%s%s",
--- configure.ac.orig 2022-02-23 03:31:11.000000000 -0800
+++ configure.ac 2022-03-02 12:47:49.958341000 -0800
@@ -1599,6 +1599,62 @@ else
AC_MSG_RESULT([no])
fi
+# Check whether user wants TCP wrappers support
+TCPW_MSG="no"
+AC_ARG_WITH([tcp-wrappers],
+ [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)],
+ [
+ if test "x$withval" != "xno" ; then
+ saved_LIBS="$LIBS"
+ saved_LDFLAGS="$LDFLAGS"
+ saved_CPPFLAGS="$CPPFLAGS"
+ if test -n "${withval}" && \
+ test "x${withval}" != "xyes"; then
+ if test -d "${withval}/lib"; then
+ if test -n "${need_dash_r}"; then
+ LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
+ else
+ LDFLAGS="-L${withval}/lib ${LDFLAGS}"
+ fi
+ else
+ if test -n "${need_dash_r}"; then
+ LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
+ else
+ LDFLAGS="-L${withval} ${LDFLAGS}"
+ fi
+ fi
+ if test -d "${withval}/include"; then
+ CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
+ else
+ CPPFLAGS="-I${withval} ${CPPFLAGS}"
+ fi
+ fi
+ LIBS="-lwrap $LIBS"
+ AC_MSG_CHECKING([for libwrap])
+ AC_LINK_IFELSE([AC_LANG_PROGRAM([[
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <tcpd.h>
+int deny_severity = 0, allow_severity = 0;
+ ]], [[
+ hosts_access(0);
+ ]])], [
+ AC_MSG_RESULT([yes])
+ AC_DEFINE([LIBWRAP], [1],
+ [Define if you want
+ TCP Wrappers support])
+ SSHDLIBS="$SSHDLIBS -lwrap"
+ TCPW_MSG="yes"
+ ], [
+ AC_MSG_ERROR([*** libwrap missing])
+
+ ])
+ LIBS="$saved_LIBS"
+ fi
+ ]
+)
+
# Check whether user wants to use ldns
LDNS_MSG="no"
AC_ARG_WITH(ldns,
@@ -5593,6 +5649,7 @@ echo " PAM support: $PAM_MSG"
echo " OSF SIA support: $SIA_MSG"
echo " KerberosV support: $KRB5_MSG"
echo " SELinux support: $SELINUX_MSG"
+echo " TCP Wrappers support: $TCPW_MSG"
echo " libedit support: $LIBEDIT_MSG"
echo " libldns support: $LDNS_MSG"
echo " Solaris process contract support: $SPC_MSG"

5
security/openssh-portable/files/extra-patch-version-addendum
View File

@ -1,5 +0,0 @@
--- servconf.c.orig 2015-03-28 23:08:41.296700000 -0500
+++ servconf.c 2015-03-28 23:08:54.016291000 -0500
@@ -318 +318 @@
- options->version_addendum = xstrdup("");
+ options->version_addendum = xstrdup(SSH_VERSION_FREEBSD_PORT);

179
security/openssh-portable/files/openssh.in
View File

@ -1,179 +0,0 @@
#!/bin/sh
# PROVIDE: openssh
# REQUIRE: DAEMON
# KEYWORD: shutdown
#
# Add the following lines to /etc/rc.conf to enable openssh:
#
# openssh_enable (bool): Set it to "YES" to enable openssh.
# Default is "NO".
# openssh_flags (flags): Set extra flags to openssh.
# Default is "". see sshd(1).
# openssh_pidfile (file): Set full path to pid file.
. /etc/rc.subr
name="openssh"
rcvar=openssh_enable
load_rc_config ${name}
: ${openssh_enable:="NO"}
: ${openssh_skipportscheck="NO"}
# These only control ssh-keygen automatically generating host keys.
: ${openssh_dsa_enable="YES"}
: ${openssh_dsa_flags=""}
: ${openssh_rsa_enable="YES"}
: ${openssh_rsa_flags=""}
: ${openssh_ecdsa_enable="YES"}
: ${openssh_ecdsa_flags=""}
: ${openssh_ed25519_enable="YES"}
: ${openssh_ed25519_flags=""}
command=%%PREFIX%%/sbin/sshd
extra_commands="configtest reload keygen"
start_precmd="${name}_checks"
reload_precmd="${name}_checks"
restart_precmd="${name}_checks"
configtest_cmd="${name}_configtest"
keygen_cmd="${name}_keygen"
pidfile=${openssh_pidfile:="/var/run/sshd.pid"}
openssh_keygen()
{
local skip_dsa= skip_rsa= skip_ecdsa= skip_ed25519=
checkyesno openssh_dsa_enable || skip_dsa=y
checkyesno openssh_rsa_enable || skip_rsa=y
checkyesno openssh_ecdsa_enable || skip_ecdsa=y
checkyesno openssh_ed25519_enable || skip_ed25519=y
if [ \( -n "$skip_dsa" -o -f %%ETCDIR%%/ssh_host_dsa_key \) -a \
\( -n "$skip_rsa" -o -f %%ETCDIR%%/ssh_host_rsa_key \) -a \
\( -n "$skip_ecdsa" -o -f %%ETCDIR%%/ssh_host_ecdsa_key \) -a \
\( -n "$skip_ed25519" -o -f %%ETCDIR%%/ssh_host_ed25519_key \) ]; then
return 0
fi
umask 022
# Can't do anything if ssh is not installed
[ -x %%PREFIX%%/bin/ssh-keygen ] ||
err 1 "%%PREFIX%%/bin/ssh-keygen does not exist."
if [ -f %%ETCDIR%%/ssh_host_dsa_key ]; then
echo "You already have a DSA host key" \
"in %%ETCDIR%%/ssh_host_dsa_key"
echo "Skipping protocol version 2 DSA Key Generation"
elif checkyesno openssh_dsa_enable; then
%%PREFIX%%/bin/ssh-keygen -t dsa $openssh_dsa_flags \
-f %%ETCDIR%%/ssh_host_dsa_key -N ''
fi
if [ -f %%ETCDIR%%/ssh_host_rsa_key ]; then
echo "You already have a RSA host key" \
"in %%ETCDIR%%/ssh_host_rsa_key"
echo "Skipping protocol version 2 RSA Key Generation"
elif checkyesno openssh_rsa_enable; then
%%PREFIX%%/bin/ssh-keygen -t rsa $openssh_rsa_flags \
-f %%ETCDIR%%/ssh_host_rsa_key -N ''
fi
if [ -f %%ETCDIR%%/ssh_host_ecdsa_key ]; then
echo "You already have a Elliptic Curve DSA host key" \
"in %%ETCDIR%%/ssh_host_ecdsa_key"
echo "Skipping protocol version 2 Elliptic Curve DSA Key Generation"
elif checkyesno openssh_ecdsa_enable; then
%%PREFIX%%/bin/ssh-keygen -t ecdsa $openssh_ecdsa_flags \
-f %%ETCDIR%%/ssh_host_ecdsa_key -N ''
fi
if [ -f %%ETCDIR%%/ssh_host_ed25519_key ]; then
echo "You already have a Elliptic Curve ED25519 host key" \
"in %%ETCDIR%%/ssh_host_ed25519_key"
echo "Skipping protocol version 2 Elliptic Curve ED25519 Key Generation"
elif checkyesno openssh_ed25519_enable; then
%%PREFIX%%/bin/ssh-keygen -t ed25519 $openssh_ed22519_flags \
-f %%ETCDIR%%/ssh_host_ed25519_key -N ''
fi
}
openssh_check_same_ports(){
# check if opensshd don't use base system sshd's port
#
# openssh binds ports in priority (lowest first):
# Port from sshd_config
# -p option from command line
# ListenAddress addr:port from sshd_config
#check if opensshd-portable installed in replacement of base sshd
if [ "%%ETCDIR%%" = "/etc/ssh" ]; then
return 1
fi
self_port=$(awk '$1~/^ListenAddress/ \
{mlen=match($0,":[0-9]*$"); print \
substr($0,mlen+1,length($0)-mlen)}' %%ETCDIR%%/sshd_config)
if [ -z "$self_port" ]; then
self_port=$(echo $openssh_flags | awk \
'{for (i = 1; i <= NF; i++) if ($i == "-p") \
{i++; printf "%s", $i; break; }; }')
if [ -z "$self_port" ]; then
self_port=$(awk '$1~/^Port/ {print $2}' \
%%ETCDIR%%/sshd_config)
fi
fi
# assume default 22 port
if [ -z "$self_port" ]; then
self_port=22
fi
load_rc_config "sshd"
base_sshd_port=$(awk '$1~/^ListenAddress/ \
{mlen=match($0,":[0-9]*$"); print \
substr($0,mlen+1,length($0)-mlen)}' /etc/ssh/sshd_config)
if [ -z "$base_sshd_port" ]; then
base_sshd_port=$(echo $sshd_flags | awk \
'{for (i = 1; i <= NF; i++) if ($i == "-p") \
{i++; printf "%s", $i; break; }; }')
if [ -z "$base_sshd_port" ]; then
base_sshd_port=$(awk '$1~/^Port/ {print $2}' \
/etc/ssh/sshd_config)
fi
fi
if [ -z "$base_sshd_port" ]; then
base_sshd_port=22
fi
# self_port and base_sshd_port may have multiple values. Compare them all
for sport in ${self_port}; do
for bport in ${base_sshd_port}; do
[ ${sport} -eq ${bport} ] && return 0
done
done
return 1
}
openssh_configtest()
{
echo "Performing sanity check on ${name} configuration."
eval ${command} ${openssh_flags} -t
}
openssh_checks()
{
if checkyesno sshd_enable ; then
if openssh_check_same_ports && ! checkyesno openssh_skipportscheck; then
err 1 "sshd_enable is set, but $name and /usr/sbin/sshd use the same port"
fi
fi
openssh_keygen
openssh_configtest
}
run_rc_command "$1"

10
security/openssh-portable/files/patch-regress__test-exec.sh
View File

@ -1,10 +0,0 @@
--- regress/test-exec.sh.orig 2015-04-03 18:20:32.256126000 UTC
+++ regress/test-exec.sh 2015-04-03 18:20:41.599903000 -0500
@@ -408,6 +408,7 @@ cat << EOF > $OBJ/sshd_config
LogLevel DEBUG3
AcceptEnv _XXX_TEST_*
AcceptEnv _XXX_TEST
+ PermitRootLogin yes
Subsystem sftp $SFTPSERVER
EOF

52
security/openssh-portable/files/patch-servconf.c
View File

@ -1,52 +0,0 @@
r99048 | des | 2002-06-29 05:51:56 -0500 (Sat, 29 Jun 2002) | 4 lines
Changed paths:
M /head/crypto/openssh/myproposal.h
M /head/crypto/openssh/readconf.c
M /head/crypto/openssh/servconf.c
Apply FreeBSD's configuration defaults.
--- servconf.c.orig 2024-07-01 13:30:30.284417000 -0700
+++ servconf.c 2024-07-01 13:31:20.040132000 -0700
@@ -46,6 +46,7 @@
# include "openbsd-compat/glob.h"
#endif
+#include "version.h"
#include "openbsd-compat/sys-queue.h"
#include "xmalloc.h"
#include "ssh.h"
@@ -295,7 +296,11 @@ fill_default_server_options(ServerOptions *options)
/* Portable-specific options */
if (options->use_pam == -1)
- options->use_pam = 0;
+#ifdef USE_PAM
+ options->use_pam = 1;
+#else
+ options->use_pam = 0;
+#endif
if (options->pam_service_name == NULL)
options->pam_service_name = xstrdup(SSHD_PAM_SERVICE);
@@ -339,7 +344,7 @@ fill_default_server_options(ServerOptions *options)
if (options->print_lastlog == -1)
options->print_lastlog = 1;
if (options->x11_forwarding == -1)
- options->x11_forwarding = 0;
+ options->x11_forwarding = 1;
if (options->x11_display_offset == -1)
options->x11_display_offset = 10;
if (options->x11_use_localhost == -1)
@@ -381,7 +386,11 @@ fill_default_server_options(ServerOptions *options)
if (options->gss_strict_acceptor == -1)
options->gss_strict_acceptor = 1;
if (options->password_authentication == -1)
+#ifdef USE_PAM
+ options->password_authentication = 0;
+#else
options->password_authentication = 1;
+#endif
if (options->kbd_interactive_authentication == -1)
options->kbd_interactive_authentication = 1;
if (options->permit_empty_passwd == -1)

78
security/openssh-portable/files/patch-session.c
View File

@ -1,78 +0,0 @@
bdrewery:
- Refactor and simplify original commit.
- Stop setting TERM=su without a term.
------------------------------------------------------------------------
r99055 | des | 2002-06-29 04:21:58 -0700 (Sat, 29 Jun 2002) | 6 lines
Changed paths:
M /head/crypto/openssh/session.c
Make sure the environment variables set by setusercontext() are passed on
to the child process.
Reviewed by: ache
Sponsored by: DARPA, NAI Labs
--- session.c.orig 2021-04-15 20:55:25.000000000 -0700
+++ session.c 2021-04-27 13:11:13.515917000 -0700
@@ -942,7 +942,7 @@ read_etc_default_login(char ***env, u_int *envsize, ui
}
#endif /* HAVE_ETC_DEFAULT_LOGIN */
-#if defined(USE_PAM) || defined(HAVE_CYGWIN)
+#if defined(USE_PAM) || defined(HAVE_CYGWIN) || defined(HAVE_LOGIN_CAP)
static void
copy_environment_denylist(char **source, char ***env, u_int *envsize,
const char *denylist)
@@ -1052,7 +1052,8 @@ do_setup_env(struct ssh *ssh, Session *s, const char *
# endif /* HAVE_CYGWIN */
#endif /* HAVE_LOGIN_CAP */
- if (!options.use_pam) {
+ /* FreeBSD PAM doesn't set default "MAIL" */
+ if (1 || !options.use_pam) {
snprintf(buf, sizeof buf, "%.200s/%.50s",
_PATH_MAILDIR, pw->pw_name);
child_set_env(&env, &envsize, "MAIL", buf);
@@ -1063,6 +1064,23 @@ do_setup_env(struct ssh *ssh, Session *s, const char *
if (getenv("TZ"))
child_set_env(&env, &envsize, "TZ", getenv("TZ"));
+#ifdef HAVE_LOGIN_CAP
+ /* Load environment from /etc/login.conf setenv directives. */
+ {
+ extern char **environ;
+ char **senv, **var;
+
+ senv = environ;
+ environ = xmalloc(sizeof(char *));
+ *environ = NULL;
+ (void) setusercontext(lc, pw, pw->pw_uid, LOGIN_SETENV);
+ copy_environment_denylist(environ, &env, &envsize, NULL);
+ for (var = environ; *var != NULL; ++var)
+ free(*var);
+ free(environ);
+ environ = senv;
+ }
+#endif
if (s->term)
child_set_env(&env, &envsize, "TERM", s->term);
if (s->display)
@@ -1281,7 +1299,7 @@ do_nologin(struct passwd *pw)
#ifdef HAVE_LOGIN_CAP
if (login_getcapbool(lc, "ignorenologin", 0) || pw->pw_uid == 0)
return;
- nl = login_getcapstr(lc, "nologin", def_nl, def_nl);
+ nl = (char*)login_getcapstr(lc, "nologin", def_nl, def_nl);
#else
if (pw->pw_uid == 0)
return;
@@ -1365,7 +1383,7 @@ do_setusercontext(struct passwd *pw)
if (platform_privileged_uidswap()) {
#ifdef HAVE_LOGIN_CAP
if (setusercontext(lc, pw, pw->pw_uid,
- (LOGIN_SETALL & ~(LOGIN_SETPATH|LOGIN_SETUSER))) < 0) {
+ (LOGIN_SETALL & ~(LOGIN_SETENV|LOGIN_SETPATH|LOGIN_SETUSER))) < 0) {
perror("unable to set user context");
exit(1);
}

26
security/openssh-portable/files/patch-ssh-agent.1
View File

@ -1,26 +0,0 @@
--- UTC
r226103 | des | 2011-10-07 08:10:16 -0500 (Fri, 07 Oct 2011) | 5 lines
Add a -x option that causes ssh-agent(1) to exit when all clients have
disconnected.
--- ssh-agent.1.orig 2020-02-13 16:40:54.000000000 -0800
+++ ssh-agent.1 2020-03-21 17:03:22.952068000 -0700
@@ -43,7 +43,7 @@
.Sh SYNOPSIS
.Nm ssh-agent
.Op Fl c | s
-.Op Fl \&Dd
+.Op Fl \&Ddx
.Op Fl a Ar bind_address
.Op Fl E Ar fingerprint_hash
.Op Fl P Ar provider_whitelist
@@ -125,6 +125,8 @@ A lifetime specified for an identity with
.Xr ssh-add 1
overrides this value.
Without this option the default maximum lifetime is forever.
+.It Fl x
+Exit after the last client has disconnected.
.It Ar command Op Ar arg ...
If a command (and optional arguments) is given,
this is executed as a subprocess of the agent.

97
security/openssh-portable/files/patch-ssh-agent.c
View File

@ -1,97 +0,0 @@
--- UTC
r110506 | des | 2003-02-07 09:48:27 -0600 (Fri, 07 Feb 2003) | 4 lines
Set the ruid to the euid at startup as a workaround for a bug in pam_ssh.
r226103 | des | 2011-10-07 08:10:16 -0500 (Fri, 07 Oct 2011) | 5 lines
Add a -x option that causes ssh-agent(1) to exit when all clients have
disconnected.
--- ssh-agent.c.orig 2023-12-18 06:59:50.000000000 -0800
+++ ssh-agent.c 2023-12-19 17:16:22.128981000 -0800
@@ -196,11 +196,28 @@
/* Refuse signing of non-SSH messages for web-origin FIDO keys */
static int restrict_websafe = 1;
+/*
+ * Client connection count; incremented in new_socket() and decremented in
+ * close_socket(). When it reaches 0, ssh-agent will exit. Since it is
+ * normally initialized to 1, it will never reach 0. However, if the -x
+ * option is specified, it is initialized to 0 in main(); in that case,
+ * ssh-agent will exit as soon as it has had at least one client but no
+ * longer has any.
+ */
+static int xcount = 1;
+
static void
close_socket(SocketEntry *e)
{
size_t i;
+ int last = 0;
+ if (e->type == AUTH_CONNECTION) {
+ debug("xcount %d -> %d", xcount, xcount - 1);
+ if (--xcount == 0)
+ last = 1;
+ }
+
close(e->fd);
sshbuf_free(e->input);
sshbuf_free(e->output);
@@ -213,6 +230,8 @@
memset(e, '\0', sizeof(*e));
e->fd = -1;
e->type = AUTH_UNUSED;
+ if (last)
+ cleanup_exit(0);
}
static void
@@ -1893,6 +1912,10 @@
debug_f("type = %s", type == AUTH_CONNECTION ? "CONNECTION" :
(type == AUTH_SOCKET ? "SOCKET" : "UNKNOWN"));
+ if (type == AUTH_CONNECTION) {
+ debug("xcount %d -> %d", xcount, xcount + 1);
+ ++xcount;
+ }
set_nonblock(fd);
if (fd > max_fd)
@@ -2184,7 +2207,7 @@
usage(void)
{
fprintf(stderr,
- "usage: ssh-agent [-c | -s] [-Dd] [-a bind_address] [-E fingerprint_hash]\n"
+ "usage: ssh-agent [-c | -s] [-Ddx] [-a bind_address] [-E fingerprint_hash]\n"
" [-O option] [-P allowed_providers] [-t life]\n"
" ssh-agent [-a bind_address] [-E fingerprint_hash] [-O option]\n"
" [-P allowed_providers] [-t life] command [arg ...]\n"
@@ -2218,6 +2241,7 @@
/* drop */
(void)setegid(getgid());
(void)setgid(getgid());
+ (void)setuid(geteuid());
platform_disable_tracing(0); /* strict=no */
@@ -2229,7 +2253,7 @@
__progname = ssh_get_progname(av[0]);
seed_rng();
- while ((ch = getopt(ac, av, "cDdksE:a:O:P:t:")) != -1) {
+ while ((ch = getopt(ac, av, "cDdksE:a:O:P:t:x")) != -1) {
switch (ch) {
case 'E':
fingerprint_hash = ssh_digest_alg_by_name(optarg);
@@ -2280,6 +2304,9 @@
fprintf(stderr, "Invalid lifetime\n");
usage();
}
+ break;
+ case 'x':
+ xcount = 0;
break;
default:
usage();

33
security/openssh-portable/files/patch-ssh.c
View File

@ -1,33 +0,0 @@
--- UTC
r99054 | des | 2002-06-29 05:57:53 -0500 (Sat, 29 Jun 2002) | 4 lines
Changed paths:
M /head/crypto/openssh/ssh.c
Canonicize the host name before looking it up in the host file.
--- ssh.c.orig 2018-04-02 05:38:28 UTC
+++ ssh.c
@@ -1281,6 +1281,23 @@ main(int ac, char **av)
ssh_digest_free(md);
conn_hash_hex = tohex(conn_hash, ssh_digest_bytes(SSH_DIGEST_SHA1));
+ /* Find canonic host name. */
+ if (strchr(host, '.') == 0) {
+ struct addrinfo hints;
+ struct addrinfo *ai = NULL;
+ int errgai;
+ memset(&hints, 0, sizeof(hints));
+ hints.ai_family = options.address_family;
+ hints.ai_flags = AI_CANONNAME;
+ hints.ai_socktype = SOCK_STREAM;
+ errgai = getaddrinfo(host, NULL, &hints, &ai);
+ if (errgai == 0) {
+ if (ai->ai_canonname != NULL)
+ host = xstrdup(ai->ai_canonname);
+ freeaddrinfo(ai);
+ }
+ }
+
/*
* Expand tokens in arguments. NB. LocalCommand is expanded later,
* after port-forwarding is set up, so it may pick up any local

11
security/openssh-portable/files/patch-ssh_config
View File

@ -1,11 +0,0 @@
--- ssh_config.orig 2024-09-19 15:20:48.000000000 -0700
+++ ssh_config 2024-11-09 12:23:47.263548000 -0800
@@ -17,6 +17,8 @@
# list of available options, their meanings and defaults, please see the
# ssh_config(5) man page.
+Include ssh_config.d/*.conf
+
# Host *
# ForwardAgent no
# ForwardX11 no

13
security/openssh-portable/files/patch-ssh_config.5
View File

@ -1,13 +0,0 @@
--- UTC
--- ssh_config.5.orig 2020-11-16 11:53:55.871161000 -0800
+++ ssh_config.5 2020-11-16 12:43:41.763006000 -0800
@@ -434,6 +433,8 @@ in the process, regardless of the setting of
If the option is set to
.Cm no ,
the check will not be executed.
+The default is
+.Cm no .
.It Cm Ciphers
Specifies the ciphers allowed and their order of preference.
Multiple ciphers must be comma-separated.

26
security/openssh-portable/files/patch-sshd.8
View File

@ -1,26 +0,0 @@
--- UTC
Document FreeBSD/port-specific paths
--- sshd.8.orig 2010-08-04 21:03:13.000000000 -0600
+++ sshd.8 2010-09-14 16:14:14.000000000 -0600
@@ -70,7 +70,7 @@
.Nm
listens for connections from clients.
It is normally started at boot from
-.Pa /etc/rc .
+.Pa /usr/local/etc/rc.d/openssh .
It forks a new
daemon for each incoming connection.
The forked daemons handle
@@ -384,8 +384,9 @@
If the login is on a tty, records login time.
.It
Checks
-.Pa /etc/nologin ;
-if it exists, prints contents and quits
+.Pa /etc/nologin and
+.Pa /var/run/nologin ;
+if one exists, it prints the contents and quits
(unless root).
.It
Changes to run with normal user privileges.

101
security/openssh-portable/files/patch-sshd.c
View File

@ -1,101 +0,0 @@
--- UTC
r109683 | des | 2003-01-22 08:12:59 -0600 (Wed, 22 Jan 2003) | 7 lines
Changed paths:
M /head/crypto/openssh/sshd.c
Force early initialization of the resolver library, since the resolver
configuration files will no longer be available once sshd is chrooted.
PR: 39953, 40894
Submitted by: dinoex
r199804 | attilio | 2009-11-25 09:12:24 -0600 (Wed, 25 Nov 2009) | 13 lines
Changed paths:
M /head/crypto/openssh/sshd.c
M /head/usr.sbin/cron/cron/cron.c
M /head/usr.sbin/inetd/inetd.c
M /head/usr.sbin/syslogd/syslogd.c
Avoid sshd, cron, syslogd and inetd to be killed under high-pressure swap
environments.
Please note that this can't be done while such processes run in jails.
Note: in future it would be interesting to find a way to do that
selectively for any desired proccess (choosen by user himself), probabilly
via a ptrace interface or whatever.
r206397 | kib | 2010-04-08 07:07:40 -0500 (Thu, 08 Apr 2010) | 8 lines
Changed paths:
M /head/crypto/openssh/sshd.c
Enhance r199804 by marking the daemonised child as immune to OOM instead
of short-living parent. Only mark the master process that accepts
connections, do not protect connection handlers spawned from inetd.
--- sshd.c.orig 2024-06-30 21:36:28.000000000 -0700
+++ sshd.c 2024-07-01 13:44:05.739756000 -0700
@@ -28,6 +28,7 @@
#include <sys/types.h>
#include <sys/ioctl.h>
+#include <sys/mman.h>
#include <sys/socket.h>
#ifdef HAVE_SYS_STAT_H
# include <sys/stat.h>
@@ -69,6 +70,13 @@
#include <prot.h>
#endif
+#ifdef __FreeBSD__
+#include <resolv.h>
+#ifdef GSSAPI
+#include "ssh-gss.h"
+#endif
+#endif
+
#include "xmalloc.h"
#include "ssh.h"
#include "sshpty.h"
@@ -1671,7 +1679,30 @@ main(int ac, char **av)
for (i = 0; i < options.num_log_verbose; i++)
log_verbose_add(options.log_verbose[i]);
+#ifdef __FreeBSD__
/*
+ * Initialize the resolver. This may not happen automatically
+ * before privsep chroot().
+ */
+ if ((_res.options & RES_INIT) == 0) {
+ debug("res_init()");
+ res_init();
+ }
+#ifdef GSSAPI
+ /*
+ * Force GSS-API to parse its configuration and load any
+ * mechanism plugins.
+ */
+ {
+ gss_OID_set mechs;
+ OM_uint32 minor_status;
+ gss_indicate_mechs(&minor_status, &mechs);
+ gss_release_oid_set(&minor_status, &mechs);
+ }
+#endif
+#endif
+
+ /*
* If not in debugging mode, not started from inetd and not already
* daemonized (eg re-exec via SIGHUP), disconnect from the controlling
* terminal, and fork. The original process exits.
@@ -1687,6 +1718,10 @@ main(int ac, char **av)
/* Reinitialize the log (because of the fork above). */
log_init(__progname, options.log_level, options.log_facility, log_stderr);
+ /* Avoid killing the process in high-pressure swapping environments. */
+ if (!inetd_flag && madvise(NULL, 0, MADV_PROTECT) != 0)
+ debug("madvise(): %.200s", strerror(errno));
+
/*
* Chdir to the root directory so that the current disk can be
* unmounted if desired.

33
security/openssh-portable/files/patch-sshd_config
View File

@ -1,33 +0,0 @@
--- sshd_config.orig 2024-11-09 12:22:03.414050000 -0800
+++ sshd_config 2024-11-09 12:25:59.964286000 -0800
@@ -10,6 +10,11 @@
# possible, but leave them commented. Uncommented options override the
# default value.
+# Note that some of FreeBSD's defaults differ from OpenBSD's, and
+# FreeBSD has a few additional options.
+
+Include sshd_config.d/*.conf
+
#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
@@ -37,8 +42,7 @@
#PubkeyAuthentication yes
# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
-# but this is overridden so installations will only check .ssh/authorized_keys
-AuthorizedKeysFile .ssh/authorized_keys
+#AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2
#AuthorizedPrincipalsFile none
@@ -84,7 +88,7 @@ AuthorizedKeysFile .ssh/authorized_keys
#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
-#X11Forwarding no
+#X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PermitTTY yes

59
security/openssh-portable/files/patch-sshd_config.5
View File

@ -1,59 +0,0 @@
--- sshd_config.5.orig 2022-02-11 18:50:00.822679000 +0000
+++ sshd_config.5 2022-02-11 19:09:05.162504000 +0000
@@ -701,7 +701,9 @@
.Qq ssh -Q HostbasedAcceptedAlgorithms .
This was formerly named HostbasedAcceptedKeyTypes.
.It Cm HostbasedAuthentication
-Specifies whether rhosts or /etc/hosts.equiv authentication together
+Specifies whether rhosts or
+.Pa /etc/hosts.equiv
+authentication together
with successful public key client host authentication is allowed
(host-based authentication).
The default is
@@ -1416,6 +1434,15 @@
.Cm ethernet .
The default is
.Cm no .
+Note that if
+.Cm ChallengeResponseAuthentication
+is
+.Cm yes ,
+the root user may be allowed in with its password even if
+.Cm PermitRootLogin is set to
+.Cm prohibit-password
+or
+.Cm without-password .
.Pp
Independent of this setting, the permissions of the selected
.Xr tun 4
@@ -1774,12 +1801,19 @@
.Xr sshd 8
as a non-root user.
The default is
+.Cm yes ,
+unless
+.Nm sshd
+was built without PAM support, in which case the default is
.Cm no .
.It Cm VersionAddendum
Optionally specifies additional text to append to the SSH protocol banner
sent by the server upon connection.
The default is
-.Cm none .
+.Cm %%SSH_VERSION_FREEBSD_PORT%% .
+The value
+.Cm none
+may be used to disable this.
.It Cm X11DisplayOffset
Specifies the first display number available for
.Xr sshd 8 Ns 's
@@ -1793,7 +1827,7 @@
or
.Cm no .
The default is
-.Cm no .
+.Cm yes .
.Pp
When X11 forwarding is enabled, there may be additional exposure to
the server and to client displays if the

13
security/openssh-portable/pkg-descr
View File

@ -1,13 +0,0 @@
OpenBSD's OpenSSH portable version
Normal OpenSSH development produces a very small, secure, and easy to maintain
version for the OpenBSD project. The OpenSSH Portability Team takes that pure
version and adds portability code so that OpenSSH can run on many other
operating systems (Unfortunately, in particular since OpenSSH does
authentication, it runs into a *lot* of differences between Unix operating
systems).
The portable OpenSSH follows development of the official version, but releases
are not synchronized. Portable releases are marked with a 'p' (e.g. 3.1p1).
The official OpenBSD source will never use the 'p' suffix, but will instead
increment the version number when they hit 'stable spots' in their development.

22
security/openssh-portable/pkg-message
View File

@ -1,22 +0,0 @@
[
{ type: install
message: <<EOM
To enable this port, add openssh_enable="YES" in your rc.conf. To
prevent conflict with openssh in the base system add sshd_enable="NO"
in your rc.conf. Also you can configure openssh at another TCP port (via
sshd_config 'Port' and 'Listen' options or via 'openssh_flags'
variable in rc.conf) and run it in same time with base sshd.
'PermitRootLogin no' is the default for the OpenSSH port.
This now matches the PermitRootLogin configuration of OpenSSH in
the base system. Please be aware of this when upgrading your
OpenSSH port, and if truly necessary, re-enable remote root login
by readjusting this option in your sshd_config.
Users are encouraged to create single-purpose users with ssh keys, disable
Password authentication by setting 'PasswordAuthentication no' and
'ChallengeResponseAuthentication no', and to define very narrow sudo
privileges instead of using root for automated tasks.
EOM
}
]

35
security/openssh-portable/pkg-plist
View File

@ -1,35 +0,0 @@
bin/scp
bin/sftp
bin/ssh
bin/ssh-add
bin/ssh-agent
bin/ssh-keygen
bin/ssh-keyscan
@sample %%ETCDIR%%/moduli.sample
@sample %%ETCDIR%%/ssh_config.sample
@sample %%ETCDIR%%/sshd_config.sample
@dir %%ETCDIR%%/ssh_config.d
@dir %%ETCDIR%%/sshd_config.d
@postexec if [ -f %D/%%ETCDIR%%/ssh_host_ecdsa_key ] && grep -q DSA %D/%%ETCDIR%%/ssh_host_ecdsa_key; then echo; echo "\!/ Warning \!/"; echo; echo "Your %D/%%ETCDIR%%/ssh_host_ecdsa_key is not a valid ECDSA key. It is incorrectly"; echo "a DSA key due to a bug fixed in 2012 in the security/openssh-portable port."; echo; echo "Regenerate a proper one with: rm -f %D/%%ETCDIR%%/ssh_host_ecdsa_key*; service openssh restart"; echo; echo "Clients should not see any key change warning since the ECDSA was not valid and was not actually"; echo "used by the server."; echo; echo "\!/ Warning \!/"; fi
sbin/sshd
libexec/sftp-server
libexec/ssh-keysign
libexec/ssh-pkcs11-helper
libexec/ssh-sk-helper
libexec/sshd-auth
libexec/sshd-session
share/man/man1/sftp.1.gz
share/man/man1/ssh-add.1.gz
share/man/man1/ssh-agent.1.gz
share/man/man1/ssh-keygen.1.gz
share/man/man1/ssh-keyscan.1.gz
share/man/man1/scp.1.gz
share/man/man1/ssh.1.gz
share/man/man5/moduli.5.gz
share/man/man5/ssh_config.5.gz
share/man/man5/sshd_config.5.gz
share/man/man8/sftp-server.8.gz
share/man/man8/ssh-keysign.8.gz
share/man/man8/ssh-pkcs11-helper.8.gz
share/man/man8/ssh-sk-helper.8.gz
share/man/man8/sshd.8.gz

131
sysutils/py-salt/Makefile
View File

@ -1,131 +0,0 @@
PORTNAME= salt
PORTVERSION= 3006.9
PORTREVISION= 6
PORTEPOCH= 1
CATEGORIES= sysutils python
MASTER_SITES= PYPI
PKGNAMEPREFIX= ${PYTHON_PKGNAMEPREFIX}
MAINTAINER= krion@FreeBSD.org
COMMENT= Distributed remote execution and configuration management system
WWW= https://pypi.org/project/salt/
LICENSE= APACHE20
LICENSE_FILE= ${WRKSRC}/LICENSE
RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}Jinja2>0:devel/py-Jinja2@${PY_FLAVOR} \
${PYTHON_PKGNAMEPREFIX}markupsafe>0:textproc/py-markupsafe@${PY_FLAVOR} \
${PYTHON_PKGNAMEPREFIX}distro>=1.5.0:sysutils/py-distro@${PY_FLAVOR} \
${PYTHON_PKGNAMEPREFIX}libcloud>=0.14.0:net/py-libcloud@${PY_FLAVOR} \
${PYTHON_PKGNAMEPREFIX}msgpack>=0.3:devel/py-msgpack@${PY_FLAVOR} \
${PYTHON_PKGNAMEPREFIX}progressbar>0:misc/py-progressbar@${PY_FLAVOR} \
${PYTHON_PKGNAMEPREFIX}psutil>=0.3.0:sysutils/py-psutil@${PY_FLAVOR} \
${PYTHON_PKGNAMEPREFIX}requests>=1.0.0:www/py-requests@${PY_FLAVOR} \
${PYTHON_PKGNAMEPREFIX}pyyaml>=0:devel/py-pyyaml@${PY_FLAVOR} \
${PYTHON_PKGNAMEPREFIX}jmespath>0:devel/py-jmespath@${PY_FLAVOR} \
${PYTHON_PKGNAMEPREFIX}pyinotify>0:devel/py-pyinotify@${PY_FLAVOR} \
${PYTHON_PKGNAMEPREFIX}looseversion>0:devel/py-looseversion@${PY_FLAVOR} \
${PYTHON_PKGNAMEPREFIX}packaging>0:devel/py-packaging@${PY_FLAVOR} \
${PYTHON_PKGNAMEPREFIX}croniter>0:sysutils/py-croniter@${PY_FLAVOR} \
${PYTHON_PKGNAMEPREFIX}setproctitle>0:devel/py-setproctitle@${PY_FLAVOR}
USES= cpe python
CPE_VENDOR= saltstack
CPE_PRODUCT= salt
USE_PYTHON= autoplist cryptography distutils
NO_ARCH= yes
CONFLICTS= py[0-9]*-salt-2019*
# we must pass these options before the target name, and python.mk has no
# early-arguments variable, so we have to manipulate the target
PYDISTUTILS_INSTALL_TARGET=\
--salt-root-dir=/ \
--salt-config-dir=${ETCDIR} \
--salt-cache-dir=/var/cache/salt \
--salt-sock-dir=/var/run/salt \
--salt-srv-root-dir=${ETCDIR} \
--salt-base-file-roots-dir=${ETCDIR}/states \
--salt-base-pillar-roots-dir=${ETCDIR}/pillar \
--salt-base-master-roots-dir=${ETCDIR}/salt-master \
--salt-logs-dir=/var/log/salt \
--salt-pidfile-dir=/var/run \
install
USE_RC_SUBR= salt_api \
salt_master \
salt_minion \
salt_proxy \
salt_syndic
SUB_LIST+= PYTHON_CMD=${PYTHON_CMD}
SUB_FILES= pkg-message
# Upstream archive contains files with UTF-8 names
EXTRACT_CMD= ${SETENV} LC_ALL=en_US.UTF-8 /usr/bin/bsdtar
OPTIONS_DEFINE= AWS BASH FISH TCP ZEROMQ ZSH
OPTIONS_DEFAULT= BASH FISH ZEROMQ ZSH
AWS_DESC= Install dependencies required for Amazon Web Services
TCP_DESC= Install dependencies required for TCP transport
ZEROMQ_DESC= Install dependencies required for ZeroMQ transport
# AWS dependencies (Note: the devel/py-botocore port is updated very frequently)
AWS_RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}boto3>0:www/py-boto3@${PY_FLAVOR} \
${PYTHON_PKGNAMEPREFIX}boto>=2.32.1:devel/py-boto@${PY_FLAVOR} \
${PYTHON_PKGNAMEPREFIX}botocore>0:devel/py-botocore@${PY_FLAVOR}
TCP_RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}pycryptodomex>=3.9.7:security/py-pycryptodomex@${PY_FLAVOR}
ZEROMQ_BUILD_DEPENDS= ${PYTHON_PKGNAMEPREFIX}pyzmq>=2.2.0:net/py-pyzmq@${PY_FLAVOR}
ZEROMQ_RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}pyzmq>=2.2.0:net/py-pyzmq@${PY_FLAVOR} \
${PYTHON_PKGNAMEPREFIX}pycryptodomex>=3.9.7:security/py-pycryptodomex@${PY_FLAVOR}
BASH_PLIST_FILES= share/bash-completion/completions/salt
FISH_PLIST_FILES= share/fish/completions/salt-call.fish \
share/fish/completions/salt-cp.fish \
share/fish/completions/salt-key.fish \
share/fish/completions/salt-master.fish \
share/fish/completions/salt-minion.fish \
share/fish/completions/salt-run.fish \
share/fish/completions/salt-syndic.fish \
share/fish/completions/salt.fish \
share/fish/completions/salt_common.fish
ZSH_PLIST_FILES= share/zsh/site-functions/_salt
post-patch:
.for file in conf/minion conf/master doc/man/salt-key.1 \
doc/man/salt-cp.1 doc/man/salt-minion.1 doc/man/salt-syndic.1 \
doc/man/salt-master.1 doc/man/salt-run.1 doc/man/salt.7 doc/man/salt.1 \
doc/man/salt-call.1 salt/modules/mysql.py salt/modules/tls.py salt/modules/postgres.py
@${REINPLACE_CMD} -e 's|/etc/salt|${ETCDIR}|' \
-e 's|/srv/salt|${ETCDIR}/states|' \
-e 's|/srv/pillar|${ETCDIR}/pillar|' ${WRKSRC}/${file}
.endfor
@${REINPLACE_CMD} -e 's|yumpkg5|pkgng|' ${WRKSRC}/conf/minion
@${REINPLACE_CMD} -e 's|"/usr/bin/python3"|"${PYTHON_CMD}"|' ${WRKSRC}/salt/auth/pam.py
do-install-BASH-on:
@${MKDIR} ${STAGEDIR}${PREFIX}/share/bash-completion/completions/
${INSTALL_DATA} ${WRKSRC}/pkg/common/salt.bash \
${STAGEDIR}${PREFIX}/share/bash-completion/completions/salt
do-install-FISH-on:
@${MKDIR} ${STAGEDIR}${PREFIX}/share/fish/completions/
${INSTALL_DATA} ${WRKSRC}/pkg/common/fish-completions/*.fish \
${STAGEDIR}${PREFIX}/share/fish/completions
do-install-ZSH-on:
@${MKDIR} ${STAGEDIR}${PREFIX}/share/zsh/site-functions
${INSTALL_DATA} ${WRKSRC}/pkg/common/salt.zsh \
${STAGEDIR}${PREFIX}/share/zsh/site-functions/_salt
post-install:
@${MKDIR} ${STAGEDIR}${ETCDIR}
${INSTALL_DATA} ${WRKSRC}/conf/master ${STAGEDIR}${ETCDIR}/master.sample
${INSTALL_DATA} ${WRKSRC}/conf/minion ${STAGEDIR}${ETCDIR}/minion.sample
.include <bsd.port.mk>

3
sysutils/py-salt/distinfo
View File

@ -1,3 +0,0 @@
TIMESTAMP = 1737023351
SHA256 (salt-3006.9.tar.gz) = 7703c73a71c67327d48b2893ce9cf031ee52e2816df0daf78d6fe18a99b353e3
SIZE (salt-3006.9.tar.gz) = 19691113

8
sysutils/py-salt/files/patch-requirements_base.txt
View File

@ -1,8 +0,0 @@
--- requirements/base.txt.orig 2025-01-16 10:30:29 UTC
+++ requirements/base.txt
@@ -14,5 +14,3 @@ croniter>=0.3.0,!=0.3.22; sys_platform != 'win32'
packaging>=21.3
looseversion
croniter>=0.3.0,!=0.3.22; sys_platform != 'win32'
-# We need contextvars for salt-ssh
-contextvars

10
sysutils/py-salt/files/patch-salt_ext_tornado_iostream.py
View File

@ -1,10 +0,0 @@
--- salt/ext/tornado/iostream.py.orig 2023-05-16 11:50:28 UTC
+++ salt/ext/tornado/iostream.py
@@ -1116,6 +1116,7 @@ class IOStream(BaseIOStream):
future = self._connect_future = TracebackFuture()
try:
self.socket.connect(address)
+ self.socket.setsockopt(socket.SOL_SOCKET, socket.SO_SNDBUF, 524288)
except socket.error as e:
# In non-blocking mode we expect connect() to raise an
# exception with EINPROGRESS or EWOULDBLOCK.

11
sysutils/py-salt/files/patch-salt_loader_lazy.py
View File

@ -1,11 +0,0 @@
--- salt/loader/lazy.py.orig 2021-09-27 17:31:38 UTC
+++ salt/loader/lazy.py
@@ -447,7 +447,7 @@ class LazyLoader(salt.utils.lazy.LazyDict):
try:
pycache_files = [
os.path.join("__pycache__", x)
- for x in sorted(os.listdir(os.path.join(mod_dir, "__pycache__")))
+ for x in sorted(os.listdir(os.path.join(mod_dir, '__pycache__'))) if not x.endswith('opt-1.pyc') and not x.endswith('opt-2.pyc')
]
except OSError:
pass

17
sysutils/py-salt/files/patch-salt_modules_config.py
View File

@ -1,17 +0,0 @@
--- salt/modules/config.py.orig 2025-01-17 15:15:13 UTC
+++ salt/modules/config.py
@@ -17,13 +17,7 @@ from salt.loader.context import LoaderContext
import salt.utils.sdb as sdb
from salt.loader.context import LoaderContext
-try:
- # Gated for salt-ssh (salt.utils.cloud imports msgpack)
- import salt.utils.cloud
-
- HAS_CLOUD = True
-except ImportError:
- HAS_CLOUD = False
+HAS_CLOUD = False
if salt.utils.platform.is_windows():

14
sysutils/py-salt/files/patch-salt_utils_process.py
View File

@ -1,14 +0,0 @@
--- salt/utils/process.py.orig 2024-07-29 07:51:58 UTC
+++ salt/utils/process.py
@@ -59,7 +59,10 @@ def appendproctitle(name):
current = setproctitle.getproctitle()
if current.strip().endswith("MainProcess"):
current, _ = current.rsplit("MainProcess", 1)
- setproctitle.setproctitle(f"{current.rstrip()} {name}")
+ if len(current) > 0:
+ setproctitle.setproctitle(f"{current.rstrip()} {name}")
+ else:
+ setproctitle.setproctitle(name)
def daemonize(redirect_out=True):

36
sysutils/py-salt/files/pkg-message.in
View File

@ -1,36 +0,0 @@
[
{ type: install
message: <<EOM
To configure a Salt Master, do the following:
o Copy %%PREFIX%%/etc/salt/master.sample to %%PREFIX%%/etc/salt/master
o Update to meet your needs
o sysrc salt_master_enable="YES"
To configure a Salt Minion, do the following:
o Copy %%PREFIX%%/etc/salt/minion.sample to %%PREFIX%%/etc/salt/minion
o Update 'master: salt' to point to your Salt Master's hostname or IP
o sysrc salt_minion_enable="YES"
To configure a Salt Proxy Minion, do the following:
o sysrc salt_proxy_enable="YES"
o sysrc salt_proxy_list=""
o Update the salt_proxy_list with the proxy minion name(s)
To change the Transport method from the default option of Zeromq to either TCP or RAET:
o Re-build the port with the desired options enabled to install the correct runtime dependencies
o Ensure the master and minions all have salt installed with these same options and dependencies
o Add the line 'transport: [tcp|raet]' to both the master and minion configuration files
o Restart salt on the master and minions
EOM
}
]

29
sysutils/py-salt/files/salt_api.in
View File

@ -1,29 +0,0 @@
#!/bin/sh
# Salt API startup script
#
# PROVIDE: salt_api
# REQUIRE: LOGIN
# KEYWORD: shutdown
# Add the following to /etc/rc.conf[.local] to enable this service
#
# salt_api_enable (bool): Set to NO by default.
# Set it to YES to enable salt_api
#
. /etc/rc.subr
name=salt_api
rcvar=salt_api_enable
load_rc_config ${name}
: ${salt_api_enable:=NO}
command="%%PREFIX%%/bin/salt-api"
command_interpreter="%%PYTHON_CMD%%"
required_files="%%PREFIX%%/etc/salt"
command_args="-c ${required_files} -d"
run_rc_command "$1"

42
sysutils/py-salt/files/salt_master.in
View File

@ -1,42 +0,0 @@
#!/bin/sh
# Salt Master startup script
#
# PROVIDE: salt_master
# REQUIRE: LOGIN
# KEYWORD: shutdown
# Add the following to /etc/rc.conf[.local] to enable this service
#
# salt_master_enable (bool): Set to NO by default.
# Set it to YES to enable salt_master.
# salt_master_paths (string): Set to "/sbin:/bin:/usr/sbin:/usr/bin:%%PREFIX%%/bin:%%PREFIX%%/sbin" by default.
# Default $PATH for salt_master.
# salt_master_eggcache (string): Set to "/tmp" by default.
# Allows defining egg cache directory to fix runtime on diskless systems.
#
. /etc/rc.subr
name=salt_master
rcvar=salt_master_enable
load_rc_config ${name}
: ${salt_master_enable:=NO}
: ${salt_master_paths=/sbin:/bin:/usr/sbin:/usr/bin:%%PREFIX%%/bin:%%PREFIX%%/sbin}
: ${salt_master_configdir:=%%PREFIX%%/etc/salt}
: ${salt_master_pidfile:=/var/run/salt-master.pid}
: ${salt_master_eggcache=/tmp}
command="%%PREFIX%%/bin/salt-master"
command_interpreter="%%PYTHON_CMD%%"
required_files=${salt_master_configdir}
pidfile=${salt_master_pidfile}
command_args="-c ${required_files} --pid-file=${pidfile} -d"
procname="MainProcess"
export PATH="${salt_master_paths}"
export PYTHON_EGG_CACHE="${salt_master_eggcache}"
run_rc_command "$1"

42
sysutils/py-salt/files/salt_minion.in
View File

@ -1,42 +0,0 @@
#!/bin/sh
# Salt Minion startup script
#
# PROVIDE: salt_minion
# REQUIRE: LOGIN
# KEYWORD: shutdown
# Add the following to /etc/rc.conf[.local] to enable this service
#
# salt_minion_enable (bool): Set to NO by default.
# Set it to YES to enable salt_minion
# salt_minion_paths (string): Set to "/sbin:/bin:/usr/sbin:/usr/bin:%%PREFIX%%/bin:%%PREFIX%%/sbin" by default.
# Default $PATH for salt_minion
# salt_minion_eggcache (string): Set to "/tmp" by default.
# Allows defining egg cache directory to fix runtime on diskless systems.
#
. /etc/rc.subr
name=salt_minion
rcvar=salt_minion_enable
load_rc_config ${name}
: ${salt_minion_enable:=NO}
: ${salt_minion_paths=/sbin:/bin:/usr/sbin:/usr/bin:%%PREFIX%%/bin:%%PREFIX%%/sbin}
: ${salt_minion_configdir:=%%PREFIX%%/etc/salt}
: ${salt_minion_pidfile:=/var/run/salt-minion.pid}
: ${salt_minion_eggcache=/tmp}
command="%%PREFIX%%/bin/salt-minion"
command_interpreter="%%PYTHON_CMD%%"
required_files=${salt_minion_configdir}
pidfile=${salt_minion_pidfile}
command_args="-c ${required_files} --pid-file=${pidfile} -d"
procname="MultiMinionProcessManager"
export PATH="${salt_minion_paths}"
export PYTHON_EGG_CACHE="${salt_minion_eggcache}"
run_rc_command "$1"

57
sysutils/py-salt/files/salt_proxy.in
View File

@ -1,57 +0,0 @@
#!/bin/sh
# Salt Proxy startup script
#
# PROVIDE: salt_proxy
# REQUIRE: LOGIN
# KEYWORD: shutdown
# Add the following to /etc/rc.conf[.local] to enable this service
#
# salt_proxy_enable (bool): Set to NO by default.
# Set it to YES to enable salt_proxy.
# salt_proxy_paths (string): Set to "/sbin:/bin:/usr/sbin:/usr/bin:%%PREFIX%%/bin:%%PREFIX%%/sbin" by default.
# Default $PATH for Salt
# salt_proxy_eggcache (string): Set to "/tmp" by default.
# Allows defining egg cache directory to fix runtime on diskless systems.
# salt_proxy_list (string): Set to "" by default.
# Space separated list of proxies.
#
. /etc/rc.subr
name=salt_proxy
rcvar=salt_proxy_enable
load_rc_config ${name}
: ${salt_proxy_enable:=NO}
: ${salt_proxy_paths=/sbin:/bin:/usr/sbin:/usr/bin:%%PREFIX%%/bin:%%PREFIX%%/sbin}
: ${salt_proxy_eggcache=/tmp}
start_cmd=salt_proxy_start
command="%%PREFIX%%/bin/salt-proxy"
command_interpreter="%%PYTHON_CMD%%"
required_files="%%PREFIX%%/etc/salt"
command_args="-c ${required_files} -d"
export PATH="${salt_proxy_paths}"
export PYTHON_EGG_CACHE="${salt_proxy_eggcache}"
salt_proxy_start()
{
if [ ! -n "${salt_proxy_list}" ]; then
echo "${salt_proxy_list} is undefined"
return 1
fi
local _proxy
for _proxy in ${salt_proxy_list}; do
echo "Starting salt-proxy: ${_proxy}"
${command_interpreter} ${command} --proxyid ${_proxy} ${command_args}
done
}
run_rc_command "$1"

29
sysutils/py-salt/files/salt_syndic.in
View File

@ -1,29 +0,0 @@
#!/bin/sh
# Salt Synic startup script
#
# PROVIDE: salt_syndic
# REQUIRE: LOGIN
# KEYWORD: shutdown
# Add the following to /etc/rc.conf[.local] to enable this service
#
# salt_syndic_enable (bool): Set to NO by default.
# Set it to YES to enable salt_syndic
#
. /etc/rc.subr
name=salt_syndic
rcvar=salt_syndic_enable
load_rc_config ${name}
: ${salt_syndic_enable:=NO}
command="%%PREFIX%%/bin/salt-syndic"
command_interpreter="%%PYTHON_CMD%%"
required_files="%%PREFIX%%/etc/salt"
command_args="-c ${required_files} -d"
run_rc_command "$1"

7
sysutils/py-salt/pkg-descr
View File

@ -1,7 +0,0 @@
Salt : Remote Execution and State Manager
======================================
Salt is a powerful remote execution and state manager that can be
used to administer servers in a fast and efficient way.
See also: https://saltproject.io/

7
sysutils/py-salt/pkg-plist
View File

@ -1,7 +0,0 @@
@sample %%ETCDIR%%/master.sample
@sample %%ETCDIR%%/minion.sample
%%PYTHON_SITELIBDIR%%/salt/_syspaths.py
%%PYTHON2%%%%PYTHON_SITELIBDIR%%/salt/_syspaths.pyc
%%PYTHON2%%%%PYTHON_SITELIBDIR%%/salt/_syspaths.pyo
%%PYTHON3%%%%PYTHON_SITELIBDIR%%/salt/__pycache__/_syspaths.cpython-%%PYTHON_SUFFIX%%.pyc
%%PYTHON3%%%%PYTHON_SITELIBDIR%%/salt/__pycache__/_syspaths.cpython-%%PYTHON_SUFFIX%%.opt-1.pyc