1#!/bin/sh 2# 3 4configure_args=" 5 --prefix=/usr 6 --sysconfdir=/etc/ssh 7 --with-pam 8 --with-ssl-dir=/usr 9 --without-tcp-wrappers 10 --with-libedit 11 --with-ssl-engine 12 --without-xauth 13" 14 15set -e 16 17openssh=$(dirname $(realpath $0)) 18cd $openssh 19 20# Run autotools before we drop LOCALBASE out of PATH 21(cd $openssh && libtoolize --copy && autoheader && autoconf) 22 23# Ensure we use the correct toolchain and clean our environment 24export CC=$(echo ".include <bsd.lib.mk>" | make -f /dev/stdin -VCC) 25export CPP=$(echo ".include <bsd.lib.mk>" | make -f /dev/stdin -VCPP) 26unset CFLAGS CPPFLAGS LDFLAGS LD_LIBRARY_PATH LIBS 27export PATH=/bin:/sbin:/usr/bin:/usr/sbin 28 29# Generate config.h with krb5 and stash it 30sh configure $configure_args --with-kerberos5=/usr 31mv config.log config.log.kerberos5 32mv config.h config.h.kerberos5 33 34# Generate config.h with built-in security key support 35# 36# We install libcbor and libfido2 as PRIVATELIB, so the headers are not 37# available for configure - add their paths via CFLAGS as a slight hack. 38# configure.ac is also patched to specify -lprivatecbor and -lprivatefido2 39# rather than -lcbor and -lfido2. 40export CFLAGS="-I$openssh/../../contrib/libcbor/src -I$openssh/../../contrib/libfido2/src" 41sh configure $configure_args --with-security-key-builtin 42unset CFLAGS 43mv config.log config.log.sk-builtin 44mv config.h config.h.sk-builtin 45 46# Generate config.h without krb5 or SK support 47sh configure $configure_args --without-kerberos5 --without-security-key-builtin 48 49# Extract the difference 50diff -u config.h.kerberos5 config.h | 51 sed -n '/^-#define/s/^-//p' | 52 grep -Ff /dev/stdin config.h.kerberos5 > krb5_config.h 53 54# Extract the difference - SK 55diff -u config.h.sk-builtin config.h | 56 sed -n '/^-#define/s/^-//p' | 57 grep -Ff /dev/stdin config.h.sk-builtin > sk_config.h 58