gentoo resync : 08.08.2018

author: V3n3RiX <venerix@redcorelinux.org> 2018-08-08 20:11:47 +0100
committer: V3n3RiX <venerix@redcorelinux.org> 2018-08-08 20:11:47 +0100
commit: f625b9919a60a30f1bd860f7d1b2eac183ced593 (patch)
tree: 7543f00925ff7277e31881de0a87801681f6f92f /net-misc/openssh
parent: e3872864be25f7421015bef2732fa57c0c9fb726 (diff)
2 files changed, 14 insertions, 43 deletions
diff --git a/net-misc/openssh/Manifest b/net-misc/openssh/Manifest
index 0b313caf1a76..643537eb2d40 100644
--- a/net-misc/openssh/Manifest
+++ b/net-misc/openssh/Manifest
@@ -29,7 +29,6 @@ DIST openssh-7.6p1+x509-11.2.diff.gz 466657 BLAKE2B 3f4f108e2d97eb292c215bc3a6e2
 DIST openssh-7.6p1-hpnssh14v12-r1.tar.xz 15440 BLAKE2B e140852a3ce63e4f744ed4b18b474cf88d09ca55509e5a16d26eef5cf8574466b472073eef56e19467932959d9ba7e941ab561d9ea0704dfee3fd08a6ba7ba8c SHA512 9d0450ec99fe550d790e471cb7815d0863788cf9c41dfef653d102f02be3d38a09e5103e537658279216a5815c1a075ded9f011e05ce216beee2c7daeea8c75a
 DIST openssh-7.6p1.tar.gz 1489788 BLAKE2B 938bfeeff0a0aaa2fc7e4c345f04561c6c071c526e354a7d344a08742cb70ab1f4a41d325b31720f2fba5c4afa4db11f3fc87055c8c9c8bea37b29cc11dc8f39 SHA512 de17fdcb8239401f76740c8d689a8761802f6df94e68d953f3c70b9f4f8bdb403617c48c1d01cc8c368d88e9d50aee540bf03d5a36687dfb39dfd28d73029d72
 DIST openssh-7.7p1-hpnssh14v15-gentoo2.patch.xz 22060 BLAKE2B 9ee654f689d4b90bd0fe4f71d57b4a8d9d957012be3a23ff2baa6c45ae99e2f1e4daf5de24479a6a3eb761ee6847deb3c6c3021d4cbabc9089f605d8d7270efc SHA512 856d28ac89c14d01c40c7d7e93cfaebd74b091188b5b469550eb62aa5445177aec1a5f47c1e2f7173013712e98e5f9f5e46bbb3dbd4ec7c5ee8256ef45cda0f8
-DIST openssh-7.7p1-ldap-20180327.patch.xz 19760 BLAKE2B f316ea65de3415b9ee19a621f36c5ce7e4bda7e1fe06e9edbc1e96e9d7296facf1a59dc79822939035c333a07b04a21d33c116fb74f36f1a93ac6849a4182166 SHA512 6439057839341169f9a198b25fdcbbddd50b0db0834aa762c16fb9b9b2e6b95b4ee9b4c6ad1cf2723750aacded4e6cba7f6036cdd91cf8d5e88eb21ea83790dd
 DIST openssh-7.7p1-patches-1.1.tar.xz 16476 BLAKE2B fca2885a9e29faec40700ece37a995ba83e40bd2a6875129a5327770d8ee43663a7c063de33b4653994ed7332adb03730f613c047550d874190b95c66e2e9efa SHA512 aa5e33ce4bb4be16abf27ac1bade1dc85c51d82002be546402e0b8b0685de3ec7029f0f56bf1295ec346eb3960a6bed7cfc882722e57957a19a732f3174b3039
 DIST openssh-7.7p1-sctp-1.1.patch.xz 7548 BLAKE2B 3b960c2377351955007005de560c2a3e8d0d059a0435e5beda14c63e444dad8b4357edaccd1cfe446c6268514f152b2bcfa7fa3612f1ae1324a31fecb0e85ac5 SHA512 093605865262a2b972db8c92990a49ed6178ed4567fb2626518c826c8472553d9be99a9e6052a6f5e545d81867b4118e9fd8a2c0c26a2739f1720b0f13282cba
 DIST openssh-7.7p1-x509-11.3.1.patch.xz 362672 BLAKE2B 55b8b0ef00dc4d962a0db1115406b7b1e84110870c74198e9e4cb081b2ffde8daca67cb281c69d73b4c5cbffde361429d62634be194b57e888a0b434a0f42a37 SHA512 f84744f6d2e5a15017bce37bfa65ebb47dbafeac07ea9aab46bdc780b4062ff70687512d9d512cab81e3b9c701adb6ce17c5474f35cb4b49f57db2e2d45ac9ac
@@ -38,6 +37,6 @@ DIST openssh-lpk-7.5p1-0.3.14.patch.xz 17040 BLAKE2B 5b2204316dd244bb8dd11db50d5
 DIST openssh-lpk-7.6p1-0.3.14.patch.xz 17044 BLAKE2B a31dcb15848d3a22306108a4e181b1d52b195e6adcd2a78d5c7bf57f33c8ed62c3affa434c8d31c07eae84b59f1a3968a3f2a92e702f9225b121127616cb9d61 SHA512 e9a2b18fd6a58354198b6e48199059d055451a5f09c99bf7293d0d54137a59c581a9cb3bd906f31589e03d8450fb017b9015e18c67b7b6ae840e336039436974
 EBUILD openssh-7.5_p1-r4.ebuild 11184 BLAKE2B c6725a371359485803c89cb73b9efad9a69ed6255ff8f411574e218af71880c507567010a749c22bea5f1a12043acb01cbfe452e9aba50e0b508b737f7fb7576 SHA512 414033d873ea94e0a3f087a8739d4266bdb96b6e02702a0385f09911ee2c279666baa837048e825489478b7774126b1dafa48e1f354f50d0d6cfc73b446da286
 EBUILD openssh-7.6_p1-r5.ebuild 11360 BLAKE2B ca0a8157c9c4fbd9219f8e73f6009c18b467e3a1b234bfa346ddb20c8e21438d16230ce0f1062ed947da67435f7e3a50a57675a7e285c37c8b515a9d17430f29 SHA512 fb6ee3771fb67700e596835267c8f26d0c1afe5c3c3366963951c07266a7ab58224d78062256c176e13a00238d9c21ba0ad66965ce6ffd41eb74e28eab81970c
-EBUILD openssh-7.7_p1-r103.ebuild 16934 BLAKE2B d1108c86af72036ea9e64e7ae173c9cc8ae280b133963c1960244a4eb5d6539b5b164dc470f528db4e69b401b78a9fad72977a2865c7cc8b0facf29204418773 SHA512 28146aaf128a80222a0b821f75143b6f58ae31afcf033c54522188ea849cca5ef796b03f5cae31ffe01067949efb07ee2762746ec5810fe52e643f8bc63506fa
 EBUILD openssh-7.7_p1-r6.ebuild 16437 BLAKE2B c51f18e66e44006d0830ca9e692d31967e6208532e8ef2b946b9831a2066257d4a74cbf8fdf432a353ca4c480b9f10aa200e8700743c525bc74e7281b9e99f06 SHA512 6266a68419c4beb5ec624dd41c38386f70f56e321c09925df39406d783b3bbfc420463f50e5b8b5ccc554ef7e9df4422aaee7ca2b5b2c7ffc52e6dade1334f6a
+EBUILD openssh-7.7_p1-r7.ebuild 15931 BLAKE2B 948b3fa5a2fb834fedbccc262df98805a51dec2d1237e11db1b461e70e6ed43d0d0b2a7377782081988e6f3ef9fb31cc74828c369707808545ca93936e3792aa SHA512 15c80f2ded1de0a22b324285f3ee942b5e932ca8d5d742cec666db13fa3507f6213078819697823cf531ec62455bd9ac4e7f25c599fa9dc0a40a80c2ec179a3e
 MISC metadata.xml 2212 BLAKE2B 889550b17d2ba8072686ca5f398c64946fc04721fd7093c88fd7c1c5c7e4610fb01964f8e3d78e20cd0e9b9343895439772fee43b5635db893f3fc13ae9437cb SHA512 958845fbdfb4f1d267fdbc3a005c6338da54c6a0715180a1982416a841ab4865c536de5f10bb8493d07830e182786d0c3f2ac710c9168434b3d077a59ed2ddd5
diff --git a/net-misc/openssh/openssh-7.7_p1-r103.ebuild b/net-misc/openssh/openssh-7.7_p1-r7.ebuild
index 3a2abed912ea..90c537b121a1 100644
--- a/net-misc/openssh/openssh-7.7_p1-r103.ebuild
+++ b/net-misc/openssh/openssh-7.7_p1-r7.ebuild
@@ -12,7 +12,6 @@ PARCH=${P/_}
 HPN_VER="14v15-gentoo2" HPN_PATCH="${PARCH}-hpnssh${HPN_VER}.patch.xz"
 SCTP_VER="1.1" SCTP_PATCH="${PARCH}-sctp-${SCTP_VER}.patch.xz"
 X509_VER="11.3.1" X509_PATCH="${PARCH}-x509-${X509_VER}.patch.xz"
-LDAP_VER="20180327" LDAP_PATCH="${PARCH}-ldap-${LDAP_VER}.patch.xz"
 
 PATCH_SET="openssh-7.7p1-patches-1.1"
 
@@ -22,19 +21,19 @@ SRC_URI="mirror://openbsd/OpenSSH/portable/${PARCH}.tar.gz
 	https://dev.gentoo.org/~whissi/dist/${PN}/${PATCH_SET}.tar.xz
 	${SCTP_PATCH:+sctp? ( https://dev.gentoo.org/~whissi/dist/openssh/${SCTP_PATCH} )}
 	${HPN_PATCH:+hpn? ( https://dev.gentoo.org/~whissi/dist/openssh/${HPN_PATCH} )}
-	${LDAP_PATCH:+ldap? ( https://dev.gentoo.org/~whissi/dist/openssh/${LDAP_PATCH} )}
 	${X509_PATCH:+X509? ( https://dev.gentoo.org/~whissi/dist/openssh/${X509_PATCH} )}
 	"
 
 LICENSE="BSD GPL-2"
 SLOT="0"
-#KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~x64-cygwin ~amd64-fbsd ~x86-fbsd ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~x64-cygwin ~amd64-fbsd ~x86-fbsd ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
 # Probably want to drop ssl defaulting to on in a future version.
-IUSE="abi_mips_n32 audit bindist debug hpn kerberos kernel_linux ldap ldns libedit libressl livecd pam +pie sctp selinux skey +ssl static test X X509"
+IUSE="abi_mips_n32 audit bindist debug hpn kerberos kernel_linux ldns libedit libressl livecd pam +pie sctp selinux skey +ssl static test X X509"
+RESTRICT="!test? ( test )"
 REQUIRED_USE="ldns? ( ssl )
 	pie? ( !static )
 	static? ( !kerberos !pam )
-	X509? ( !ldap !sctp ssl )
+	X509? ( !sctp ssl )
 	test? ( ssl )"
 
 LIB_DEPEND="
@@ -59,8 +58,7 @@ LIB_DEPEND="
 RDEPEND="
 	!static? ( ${LIB_DEPEND//\[static-libs(+)]} )
 	pam? ( virtual/pam )
-	kerberos? ( virtual/krb5 )
-	ldap? ( net-nds/openldap )"
+	kerberos? ( virtual/krb5 )"
 DEPEND="${RDEPEND}
 	static? ( ${LIB_DEPEND} )
 	virtual/pkgconfig
@@ -79,7 +77,6 @@ pkg_pretend() {
 	maybe_fail() { [[ -z ${!2} ]] && echo "$1" ; }
 	local fail="
 		$(use hpn && maybe_fail hpn HPN_PATCH)
-		$(use ldap && maybe_fail ldap LDAP_PATCH)
 		$(use sctp && maybe_fail sctp SCTP_PATCH)
 		$(use X509 && maybe_fail X509 X509_PATCH)
 	"
@@ -145,19 +142,6 @@ src_prepare() {
 		rm "${WORKDIR}"/patch/2025_all_openssh-7.7p1-X509_prefer-argv0-to-ssh-when-re-executing-ssh-for-proxyjump.patch || die
 	fi
 
-	if use ldap ; then
-		sed -i \
-			-e "s/ -lfipscheck//" \
-			"${WORKDIR}"/${LDAP_PATCH%.*} || die "Failed to remove fipscheck from LDAP patch"
-		eapply "${WORKDIR}"/${LDAP_PATCH%.*}
-
-		einfo "Patching version.h to expose LDAP patch set ..."
-		sed -i \
-			-e "/^#define SSH_PORTABLE.*/a #define SSH_LDAP               \"-ldap-${LDAP_VER}\"" \
-			"${S}"/version.h || die "Failed to sed-in LDAP patch version"
-		PATCHSET_VERSION_MACROS+=( 'SSH_LDAP' )
-	fi
-
 	if use sctp ; then
 		eapply "${WORKDIR}"/${SCTP_PATCH%.*}
 
@@ -213,7 +197,7 @@ src_prepare() {
 			"${S}"/packet.c || die "Failed to patch ssh_packet_set_connection() (packet.c)"
 	fi
 
-	if use X509 || use sctp || use ldap || use hpn ; then
+	if use X509 || use sctp || use hpn ; then
 		einfo "Patching sshconnect.c to use SSH_RELEASE in send_client_banner() ..."
 		sed -i \
 			-e "s/PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION/PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_RELEASE/" \
@@ -278,9 +262,8 @@ src_configure() {
 		--with-privsep-user=sshd
 		$(use_with audit audit linux)
 		$(use_with kerberos kerberos5 "${EPREFIX%/}"/usr)
-		# We apply the ldap and sctp patch conditionally, so can't pass --without-{ldap,sctp}
+		# We apply the sctp patch conditionally, so can't pass --without-sctp
 		# unconditionally else we get unknown flag warnings.
-		$(use ldap && use_with ldap)
 		$(use sctp && use_with sctp)
 		$(use_with ldns)
 		$(use_with libedit)
@@ -390,16 +373,6 @@ src_install() {
 
 	tweak_ssh_configs
 
-	if use ldap && [[ -n ${LDAP_PATCH} ]] ; then
-		insinto /etc/openldap/schema/
-		doins openssh-lpk-{sun,openldap}.schema
-
-		# Set the same libexec directory as in src_configure
-		sed -i \
-			-e "s:libexec/openssh:$(get_libdir)/misc:" \
-			"${ED%/}/usr/$(get_libdir)/misc/ssh-ldap-wrapper" || die
-	fi
-
 	doman contrib/ssh-copy-id.1
 	dodoc CREDITS OVERVIEW README* TODO sshd_config
 	use hpn && dodoc HPN-README
@@ -445,6 +418,12 @@ pkg_postinst() {
 		elog "Starting with openssh-7.6p1, openssh upstream has removed ssh1 support entirely."
 		elog "Furthermore, rsa keys with less than 1024 bits will be refused."
 	fi
+	if has_version "<${CATEGORY}/${PN}-7.7_p1" ; then
+		elog "Starting with openssh-7.7p1, we no longer patch openssh to provide LDAP functionality."
+		elog "Install sys-auth/ssh-ldap-pubkey and use OpenSSH's \"AuthorizedKeysCommand\" option"
+		elog "if you need to authenticate against LDAP."
+		elog "See https://wiki.gentoo.org/wiki/SSH/LDAP_migration for more details."
+	fi
 	if ! use ssl && has_version "${CATEGORY}/${PN}[ssl]" ; then
 		elog "Be aware that by disabling openssl support in openssh, the server and clients"
 		elog "no longer support dss/rsa/ecdsa keys.  You will need to generate ed25519 keys"
@@ -462,11 +441,4 @@ pkg_postinst() {
 		elog "Otherwise you maybe unable to connect to this sshd using any AES CTR cipher."
 		elog ""
 	fi
-
-	if use ldap && [[ -n ${LDAP_PATCH} ]] && has_version "<${CATEGORY}/${PN}-7.7_p1" ; then
-		elog "Starting with openssh-7.7_p1, the LDAP implementation was changed."
-		elog "You must revise your configuration or your previous LDAP setup will stop working."
-		elog ""
-		elog "See https://wiki.gentoo.org/wiki/SSH/LDAP_migration for migration details."
-	fi
 }
author	V3n3RiX <venerix@redcorelinux.org>	2018-08-08 20:11:47 +0100
committer	V3n3RiX <venerix@redcorelinux.org>	2018-08-08 20:11:47 +0100
commit	f625b9919a60a30f1bd860f7d1b2eac183ced593 (patch)
tree	7543f00925ff7277e31881de0a87801681f6f92f /net-misc/openssh
parent	e3872864be25f7421015bef2732fa57c0c9fb726 (diff)