# $Id$

PNAME="openssh"
PVER="7.9p1"
PBUILD="r1"

PCAT="net-misc"

DESCRIPTION="Port of OpenBSD's free SSH release."
HOMEPAGE="http://www.openssh.com/"

DEPEND=">= dev-libs/openssl-1.1.1
	>= sys-libs/zlib-1.2.8
	>= sys-libs/pam-1.1
	>= virtual/sed"

PROVIDE="virtual/ssh-server
	virtual/ssh-client"

SRCFILE="${PNAME}-${PVER}.tar.gz"
SRCDIR="${BUILDDIR}/${PNAME}-${PVER}"

sminclude mbuild mtools systemd
msetfeature "!check"

SVC_REV=1.6

SRC_URI=(
	ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/${SRCFILE}
	ftp://ftp-stud.fht-esslingen.de/pub/OpenBSD/OpenSSH/portable/${SRCFILE}
	mirror://${PNAME}/${SRCFILE}
	mirror://${PNAME}/sshd.service-${SVC_REV}
#	mirror://${PNAME}/sshd.socket
	mirror://${PNAME}/ssh-keygen.service
	mirror://${PNAME}/sshd.conf.tempfile
	mirror://${PNAME}/sshd.pam
)

UP2DATE="updatecmd http://ftp2.eu.openbsd.org/pub/OpenBSD/OpenSSH/portable/ | highesttarball gz"

pkg_setup()
{
	preinstall
}

src_compile()
{
	cd ${SRCDIR}

	mconfigure \
		--sysconfdir=/etc/ssh \
		--libexecdir=/usr/$(mlibdir)/misc \
		--datadir=/usr/share/openssh \
		--disable-suid-ssh \
		--with-privsep-path=/var/empty \
		--with-privsep-user=sshd \
		--with-md5-passwords \
		--with-ipv4-default \
		--without-zlib-version-check \
		--with-pam \
		|| die

	mmake || die
}

src_install()
{
	cd ${SRCDIR}
	mmake DESTDIR=${BINDIR} install-nokeys || die

	# install systemd units
	minstallunit sshd.service-${SVC_REV} sshd.service || die
#	minstallunit sshd.socket || die
	minstallunit ssh-keygen.service || die
	minstalltmp sshd.conf.tempfile sshd.conf || die
	minstallpam sshd.pam sshd || die

	# fix sshd_config to enable pam support
	sed -i -e '/^#PrintMotd yes$/c PrintMotd no # pam does that' \
		-e '/^#UsePAM no$/c UsePAM yes' \
		${BINDIR}/etc/ssh/sshd_config || die

	# needed to run sshd
	mkeepdir /var/empty || die
	mchown root:sys /var/empty || die

	minstalldocs CREDITS ChangeLog LICENCE OVERVIEW \
		README* RFC.nroff TODO WARNING.RNG || die
}

preinstall()
{
	# adding ssh user
	mgroupadd -o "-g 22" sshd
	museradd -o "-u 22 -g sshd -d /var/empty -s /bin/false" sshd
}

postinstall()
{
	# cleanup old symlinks
	local i
	for i in dsa ecdsa rsa1 rsa ed25519
	do
		if [ -L ${MROOT}/etc/systemd/system/multi-user.target.wants/ssh-keygen-${i}.service ]
		then
			rm ${MROOT}/etc/systemd/system/multi-user.target.wants/ssh-keygen-${i}.service
		fi
	done

	mstartunit sshd.service
	# per socket connection not supported atm
	#mstartunit sshd.socket
}

postremove()
{
	mstopunit sshd.service
	# per socket connection not supported atm
	#mstopunit sshd.socket
}