class Openssh < Formula desc "OpenBSD freely-licensed SSH connectivity tools" homepage "https://www.openssh.com/" url "https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-9.0p1.tar.gz" mirror "https://cloudflare.cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-9.0p1.tar.gz" version "9.0p1" sha256 "03974302161e9ecce32153cfa10012f1e65c8f3750f573a73ab1befd5972a28a" license "SSH-OpenSSH" revision 1 livecheck do url "https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/" regex(/href=.*?openssh[._-]v?(\d+(?:\.\d+)+(?:p\d+)?)\.t/i) end bottle do sha256 arm64_monterey: "dc8a68702befc83e394381378cc20c9c5c9440b9f31a8e491ba4605f14c31f44" sha256 arm64_big_sur: "6c77da617ec1fdc44037faef2e0242cbef97a9acc26025f2386c884d467865a2" sha256 monterey: "e0ba7d39ae68ecd653bc5bbe73ceb252f148a51bd5e7257ed6316973023bb73c" sha256 big_sur: "2aeab07efa1366184ce592a5c172440a74f4c8ed2b68d6b8c0a70740f274e519" sha256 catalina: "fccb117717bad0d24f7cd48eb3b075299ead1d1153e8dde2a95e0de31a7990d0" sha256 x86_64_linux: "8e7f4971bbad2e288324a409b473215e582915ef297c34f645b346413c018664" end # Please don't resubmit the keychain patch option. It will never be accepted. # https://archive.is/hSB6d#10%25 depends_on "pkg-config" => :build depends_on "ldns" depends_on "libfido2" depends_on "openssl@1.1" uses_from_macos "lsof" => :test uses_from_macos "krb5" uses_from_macos "libedit" uses_from_macos "libxcrypt" uses_from_macos "zlib" on_macos do # Both these patches are applied by Apple. # https://github.com/apple-oss-distributions/OpenSSH/blob/main/openssh/sandbox-darwin.c#L66 patch do url "https://raw.githubusercontent.com/Homebrew/patches/1860b0a745f1fe726900974845d1b0dd3c3398d6/openssh/patch-sandbox-darwin.c-apple-sandbox-named-external.diff" sha256 "d886b98f99fd27e3157b02b5b57f3fb49f43fd33806195970d4567f12be66e71" end # https://github.com/apple-oss-distributions/OpenSSH/blob/main/openssh/sshd.c#L532 patch do url "https://raw.githubusercontent.com/Homebrew/patches/d8b2d8c2612fd251ac6de17bf0cc5174c3aab94c/openssh/patch-sshd.c-apple-sandbox-named-external.diff" sha256 "3505c58bf1e584c8af92d916fe5f3f1899a6b15cc64a00ddece1dc0874b2f78f" end end on_linux do depends_on "linux-pam" end resource "com.openssh.sshd.sb" do url "https://raw.githubusercontent.com/apple-oss-distributions/OpenSSH/OpenSSH-268.100.4/com.openssh.sshd.sb" sha256 "a273f86360ea5da3910cfa4c118be931d10904267605cdd4b2055ced3a829774" end def install if OS.mac? ENV.append "CPPFLAGS", "-D__APPLE_SANDBOX_NAMED_EXTERNAL__" # Ensure sandbox profile prefix is correct. # We introduce this issue with patching, it's not an upstream bug. inreplace "sandbox-darwin.c", "@PREFIX@/share/openssh", etc/"ssh" end args = *std_configure_args + %W[ --sysconfdir=#{etc}/ssh --with-ldns --with-libedit --with-kerberos5 --with-pam --with-ssl-dir=#{Formula["openssl@1.1"].opt_prefix} --with-security-key-builtin ] args << "--with-privsep-path=#{var}/lib/sshd" if OS.linux? system "./configure", *args system "make" ENV.deparallelize system "make", "install" # This was removed by upstream with very little announcement and has # potential to break scripts, so recreate it for now. # Debian have done the same thing. bin.install_symlink bin/"ssh" => "slogin" buildpath.install resource("com.openssh.sshd.sb") (etc/"ssh").install "com.openssh.sshd.sb" => "org.openssh.sshd.sb" end test do assert_match "OpenSSH_", shell_output("#{bin}/ssh -V 2>&1") port = free_port fork { exec sbin/"sshd", "-D", "-p", port.to_s } sleep 2 assert_match "sshd", shell_output("lsof -i :#{port}") end end