-
-
Notifications
You must be signed in to change notification settings - Fork 12.5k
/
openssh.rb
106 lines (88 loc) · 3.87 KB
/
openssh.rb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
class Openssh < Formula
desc "OpenBSD freely-licensed SSH connectivity tools"
homepage "https://www.openssh.com/"
url "https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-9.3p1.tar.gz"
mirror "https://cloudflare.cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-9.3p1.tar.gz"
version "9.3p1"
sha256 "e9baba7701a76a51f3d85a62c383a3c9dcd97fa900b859bc7db114c1868af8a8"
license "SSH-OpenSSH"
livecheck do
url "https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/"
regex(/href=.*?openssh[._-]v?(\d+(?:\.\d+)+(?:p\d+)?)\.t/i)
end
bottle do
sha256 arm64_ventura: "7d04616551aa0bd4fea5cabbb2c552bf4028e8fb46182ffc1cdc41a72095165d"
sha256 arm64_monterey: "5c12ec44957d76ac42fa5208c068b47d3a1e23665a45024abab46baa4001b34f"
sha256 arm64_big_sur: "e5cc1985fbfe5791c89c8466df90e86f12ab790fac38634d2b06b9528d58c7ba"
sha256 ventura: "37624f12f9d84b50743616c94a84af2cb43700db7237cd836fa2f19cd2ee1789"
sha256 monterey: "ca20a41ded82acdd4fdea2b07ad8331c2609a0e2fb19f5d1694060d9a564268c"
sha256 big_sur: "3f05ee8fe3dfd0b9eb6e652776517c8c69ff9ee8b2a640f932b28f2954b70d61"
sha256 x86_64_linux: "e1c6ca49d87078c8c57899dc434601806dd81c0a40aaf2ad8b56a2dbc5a56d19"
end
# Please don't resubmit the keychain patch option. It will never be accepted.
# https://archive.is/hSB6d#10%25
depends_on "pkg-config" => :build
depends_on "ldns"
depends_on "libfido2"
depends_on "openssl@1.1"
uses_from_macos "lsof" => :test
uses_from_macos "krb5"
uses_from_macos "libedit"
uses_from_macos "libxcrypt"
uses_from_macos "zlib"
on_macos do
# Both these patches are applied by Apple.
# https://github.com/apple-oss-distributions/OpenSSH/blob/main/openssh/sandbox-darwin.c#L66
patch do
url "https://raw.githubusercontent.com/Homebrew/patches/1860b0a745f1fe726900974845d1b0dd3c3398d6/openssh/patch-sandbox-darwin.c-apple-sandbox-named-external.diff"
sha256 "d886b98f99fd27e3157b02b5b57f3fb49f43fd33806195970d4567f12be66e71"
end
# https://github.com/apple-oss-distributions/OpenSSH/blob/main/openssh/sshd.c#L532
patch do
url "https://raw.githubusercontent.com/Homebrew/patches/d8b2d8c2612fd251ac6de17bf0cc5174c3aab94c/openssh/patch-sshd.c-apple-sandbox-named-external.diff"
sha256 "3505c58bf1e584c8af92d916fe5f3f1899a6b15cc64a00ddece1dc0874b2f78f"
end
end
on_linux do
depends_on "linux-pam"
end
resource "com.openssh.sshd.sb" do
url "https://raw.githubusercontent.com/apple-oss-distributions/OpenSSH/OpenSSH-268.100.4/com.openssh.sshd.sb"
sha256 "a273f86360ea5da3910cfa4c118be931d10904267605cdd4b2055ced3a829774"
end
def install
if OS.mac?
ENV.append "CPPFLAGS", "-D__APPLE_SANDBOX_NAMED_EXTERNAL__"
# Ensure sandbox profile prefix is correct.
# We introduce this issue with patching, it's not an upstream bug.
inreplace "sandbox-darwin.c", "@PREFIX@/share/openssh", etc/"ssh"
end
args = *std_configure_args + %W[
--sysconfdir=#{etc}/ssh
--with-ldns
--with-libedit
--with-kerberos5
--with-pam
--with-ssl-dir=#{Formula["openssl@1.1"].opt_prefix}
--with-security-key-builtin
]
args << "--with-privsep-path=#{var}/lib/sshd" if OS.linux?
system "./configure", *args
system "make"
ENV.deparallelize
system "make", "install"
# This was removed by upstream with very little announcement and has
# potential to break scripts, so recreate it for now.
# Debian have done the same thing.
bin.install_symlink bin/"ssh" => "slogin"
buildpath.install resource("com.openssh.sshd.sb")
(etc/"ssh").install "com.openssh.sshd.sb" => "org.openssh.sshd.sb"
end
test do
assert_match "OpenSSH_", shell_output("#{bin}/ssh -V 2>&1")
port = free_port
fork { exec sbin/"sshd", "-D", "-p", port.to_s }
sleep 2
assert_match "sshd", shell_output("lsof -i :#{port}")
end
end