pkgname=openssh
pkgver=5.2p1
pkgrel=2
pkgdesc='A secure shell server/client'
arch=('i686' 'x86_64')
license=('custom')
url="http://www.openssh.org/portable.html"
backup=('etc/ssh/ssh_config' 'etc/ssh/sshd_config' 'etc/pam.d/sshd')
depends=('openssl>=0.9.8k' 'zlib' 'pam' 'tcp_wrappers' 'heimdal>=1.2.1')
source=("ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/$pkgname-$pkgver.tar.gz"
        'rc.sshd'
        'confd.sshd'
        'sshd.pam'
        'issue.ssh')
md5sums=('ada79c7328a8551bdf55c95e631e7dad'
         'd9ee5e0a0d143689b3d6f11454a2a892'
         'e2cea70ac13af7e63d40eb04415eacd5'
         '1c7c2ea8734ec7e3ca58d820634dc73a'
         '46d666d312c944a127d3fbdd0c4a6a6c')

build() {
  cd $srcdir/$pkgname-$pkgver

  #NOTE we disable-strip so that makepkg can decide whether to strip or not
  ./configure --prefix=/usr \
    --libexecdir=/usr/lib/ssh \
    --sysconfdir=/etc/ssh \
    --without-tcp-wrappers \
    --with-privsep-user=nobody \
    --with-md5-passwords \
    --with-pam \
    --with-mantype=man \
    --mandir=/usr/share/man \
    --without-xauth \
    --without-kerberos5 \
    --with-ssl-engine \
    --disable-strip
  make || return 1
}

package() {
  cd $srcdir/$pkgname-$pkgver

  make DESTDIR=$pkgdir install || return 1

  # install pam and conf.d files
  install -Dm644 $srcdir/sshd.pam $pkgdir/etc/pam.d/sshd  || return 1
  install -Dm644 $srcdir/confd.sshd $pkgdir/etc/conf.d/sshd || return 1

  rm $pkgdir/usr/share/man/man1/slogin.1 || return 1
  ln -sf ssh.1.gz $pkgdir/usr/share/man/man1/slogin.1.gz || return 1

  # additional contrib scripts that we like
  install -Dm755 contrib/findssl.sh $pkgdir/usr/bin/findssl.sh || return 1
  install -Dm755 contrib/ssh-copy-id $pkgdir/usr/bin/ssh-copy-id || return 1
  install -Dm644 contrib/ssh-copy-id.1 $pkgdir/usr/share/man/man1/ssh-copy-id.1 || return 1

  # modify the sshd_config file
  sed -i \
    -e 's|^#ListenAddress 0.0.0.0|ListenAddress 127.0.0.1|g' \
    -e 's|^#UsePAM no|UsePAM yes|g' \
    -e 's|^#ServerKeyBits 1024|ServerKeyBits 2048|g' \
    -e 's|^#LoginGraceTime 2m|LoginGraceTime 30s|g' \
    -e 's|^#PermitRootLogin yes|PermitRootLogin no|g' \
    -e 's|^#MaxAuthTries 6|MaxAuthTries 3|g' \
    -e 's|^#MaxSessions 10|MaxSessions 3|g' \
    -e 's|^#AllowTcpForwarding yes|AllowTcpForwarding no|g' \
    -e 's|^#ChallengeResponseAuthentication yes|ChallengeResponseAuthentication no|g' \
    -e 's|^#Banner none|Banner /etc/ssh/issue.ssh|g' \
    -e 's|^#PasswordAuthentication yes||g' \
    -e 's|^#PubkeyAuthentication yes|PubkeyAuthentication yes|g' \
    -e 's|^#AuthorizedKeysFile	.ssh/authorized_keys|AuthorizedKeysFile .ssh/authorized_keys|g' \
    -e '/GSSAPI/d' \
    -e '/Kerberos/d' \
    $pkgdir/etc/ssh/sshd_config || return 1
  echo >> $pkgdir/etc/ssh/sshd_config << EOT
AllowGroups wheel

#########################################
# CHANGE THESE ONCE SYSTEM IS LIVE 
PasswordAuthentication yes (change to no)
#########################################
EOT

  # modify the ssh_config file
  sed -i \
    -e 's|^# Host \*|Host *|g' \
    $pkgdir/etc/ssh/ssh_config || return 1
  cat > $pkgdir/etc/ssh/ssh_config << EOT
HashKnownHosts yes
StrictHostKeyChecking ask
#ControlMaster auto
#ControlPath ~/.ssh/master-%r@%h:%p
VerifyHostKeyDNS yes
EOT
  
  # install the rc init script
  install -Dm755 $srcdir/rc.sshd $pkgdir/etc/rc.d/sshd || return 1

  # install licence file
  install -Dm644 LICENCE $pkgdir/usr/share/licenses/$pkgname/LICENCE || return 1

  # issue.net motd file
  install -Dm644 $srcdir/issue.ssh $pkgdir/etc/ssh/issue.ssh || return 1

  # Remove /var/empty as per: http://bugs.archlinux.org/task/16886
  rmdir $pkgdir/var/empty || return 1
}

# vim:set ts=2 sw=2 et:
