pkgname=openssh
pkgver=7.5p1
pkgrel=1
pkgdesc='Free version of the SSH connectivity tools'
url='http://www.openssh.org/portable.html'
license=('custom:BSD')
arch=('x86_64')
makedepends=('linux-headers')
depends=('krb5' 'openssl' 'libedit' 'ldns')
optdepends=('xorg-xauth: X11 forwarding')
source=("http://ftp.spline.de/pub/OpenBSD/OpenSSH/portable/${pkgname}-${pkgver}.tar.gz"{,.asc}
        'sshdgenkeys.service'
        'sshd@.service'
        'sshd.service'
        'sshd.socket'
        'sshd.pam')
sha1sums=('5e8f185d00afb4f4f89801e9b0f8b9cee9d87ebd'
          'SKIP'
          'cc1ceec606c98c7407e7ac21ade23aed81e31405'
          'bd6eae36c7ef9efb7147778baad7858b81f2d660'
          '97b09fe4ebb8919832d9582c660d2a45d9f9f7c5'
          'e12fa910b26a5634e5a6ac39ce1399a132cf6796'
          'd93dca5ebda4610ff7647187f8928a3de28703f3')
validpgpkeys=('59C2118ED206D927E667EBE3D3E5F56B6D920D30')

backup=('etc/ssh/ssh_config' 'etc/ssh/sshd_config' 'etc/pam.d/sshd'
        'usr/lib/systemd/system/sshd.socket'
        'usr/lib/systemd/system/sshd.service') # listening port may differ, we need to assure user config doesn't break

build() {
	cd "${srcdir}/${pkgname}-${pkgver}"

	./configure \
		--prefix=/usr \
		--libexecdir=/usr/lib/ssh \
		--sysconfdir=/etc/ssh \
		--with-ldns \
		--with-libedit \
		--with-ssl-engine \
		--with-pam \
		--with-privsep-user=nobody \
		--with-kerberos5=/usr \
		--with-xauth=/usr/bin/xauth \
		--with-mantype=man \
		--with-md5-passwords \
		--with-pid-dir=/run \

	make
}

check() {
	cd "${srcdir}/${pkgname}-${pkgver}"

	make tests ||
	grep $USER /etc/passwd | grep -q /bin/false
}

package() {
	cd "${srcdir}/${pkgname}-${pkgver}"

	make DESTDIR="${pkgdir}" install

	ln -sf ssh.1.gz "${pkgdir}"/usr/share/man/man1/slogin.1.gz
	install -Dm644 LICENCE "${pkgdir}/usr/share/licenses/${pkgname}/LICENCE"

	# install systemd units
	install -dm755 "$pkgdir/usr/lib/systemd/system/"
	install -m644 "$srcdir"/sshd{{,@,genkeys}.service,.socket} "$pkgdir/usr/lib/systemd/system/"
	install -Dm644 ../sshd.pam "${pkgdir}"/etc/pam.d/sshd

	# additional contrib scripts that we like
	install -Dm755 contrib/findssl.sh "${pkgdir}"/usr/bin/findssl.sh
	install -Dm755 contrib/ssh-copy-id "${pkgdir}"/usr/bin/ssh-copy-id
	install -Dm644 contrib/ssh-copy-id.1 "${pkgdir}"/usr/share/man/man1/ssh-copy-id.1

	# PAM is a common, standard feature to have
	sed -i	-e '/^#ChallengeResponseAuthentication yes$/c ChallengeResponseAuthentication no' \
		-e '/^#PrintMotd yes$/c PrintMotd no # pam does that' \
		-e '/^#UsePAM no$/c UsePAM yes' \
		"${pkgdir}"/etc/ssh/sshd_config

}