# fss-0002
 
main:
  tkis_local_require turtle_version
  if [[ $(grep -m 1 -o '^t_ssh:[^:]*:' /etc/passwd) == "" ]] ; then adduser -l /bin/false -t target -g t_ssh -n ssh ; fi

  ./configure $CONF $DOCDIR --sysconfdir=/home/targets/ssh/settings --localstatedir=/home/targets/ssh --without-pam --with-privsep-path=/home/targets/ssh/privsep --with-privsep-user=t_ssh --with-pid-dir=/var/run/ssh/ --with-zlib --disable-strip --with-xauth=/bin/xauth --disable-lastlog --with-ipaddr-display --with-cflags="$CFLAGS -fstack-protector"
  sed -i -e 's|SSHDIR "/ssh_config"|"/etc/ssh_config"|' pathnames.h
  sed -i -e 's|SSHDIR "/shosts.equiv"|"/etc/shosts.equiv"|' pathnames.h
  sed -i -e 's|"/usr/X11R6/bin/ssh-askpass"|"/sbin/ssh-askpass"|' pathnames.h
  sed -i -e 's|"/usr/libexec/ssh-keysign"|"/sbin/ssh-keysign"|' pathnames.h
  sed -i -e 's|/usr/X11R6/bin/xauth|/bin/xauth|' pathnames.h
  sed -i -e 's|/usr/libexec/sftp-server|/sbin/sftp-server|g' pathnames.h
  sed -i -e 's|/usr/bin/passwd|/bin/passwd|' pathnames.h
  sed -i -e 's|/usr/bin/login|/bin/login|' pathnames.h
  sed -i -e 's|/usr/lib/ssh/ssh-askpass|/sbin/ssh-askpass|' pathnames.h
  sed -i -e 's|/usr/bin/ssh|/bin/ssh|' pathnames.h
  sed -i -e 's|"/etc"|"/home/targets/ssh/settings"|' pathnames.h
  sed -i -e 's|ETCDIR "/ssh"|ETCDIR|' pathnames.h
  sed -i -e 's|SSHDIR "/sshrc"|"/etc/sshrc"|' pathnames.h
  sed -i -e "s|/usr/bin:/bin:/usr/sbin:/sbin|/bin:/sbin:${TC}bin|" config.h
  sed -i -e '/#define __res_state state/d' config.h
  make
  make install
  mv -v /home/targets/ssh/settings/ssh_config /etc/
  cp -v ${PR}sshd_config /home/targets/ssh/settings/sshd_config
  cp -v ${PR}ssh_config /etc/ssh_config
  cp -v ${PR}banner /home/targets/ssh/settings/
  cp -v ${PR}ssh_prng_cmds /home/targets/ssh/settings/
  chgrp e_ssh /etc/ssh_config /bin/{ssh{,-add,-agent,-keygen,-keyscan},sftp,scp} /sbin/ssh-keysign
  chgrp e_ssh_sftp /sbin/sftp-server
  chgrp t_ssh /sbin/sshd /sbin/ssh-pkcs11-helper
  chmod o-rx /etc/ssh_config /bin/{ssh{,-add,-agent,-keygen,-keyscan},sftp,scp} /sbin/ssh-keysign
  chmod o-rx /sbin/sftp-server
  chmod o-rx /sbin/sshd /sbin/ssh-pkcs11-helper
  #chmod u+s /sbin/ssh-keysign # FIXME: why was this setuid? what posix capabilities can be used to replace this?
  rm -Rf /share/Ssh.bin
  rm -Rf /home/targets/ssh/settings/{ssh_host_dsa_key,ssh_host_key,ssh_host_rsa_key,ssh_host_ecdsa_key}{,.pub}
