Compiling from Source - OpenSSH/OpenSSL

ecpeachy

ecpeachy

Hello,

First of all I consider myself a FreeBSD newbie, Following guides and reading documentation helps a lot, but nothing beats hands on experience.

Building from source is inevitable, some packages are harder than others, but I find OpenSSH/OpenSSL to be simple enough although crucial to security so I started by them :D

However I need some input on how I did it, like am I missing something, or are there any implications....... etc.

So here are the steps I followed on a fresh 8.1 RELEASE:
Code: 
#freebsd-update fetch install
# portsnap fetch extract
# pkg_add -r makedepend perl pkg-config xproto
# echo "OPENSSL_OVERWRITE_BASE=yes" >> /etc/make.conf
# echo "NO_OPENSSH=yes" >> /etc/make.conf
# echo "NO_OPENSSL=yes" >> /etc/make.conf
# cd /usr/ports/security/openssl
# make PREFIX=/usr install clean
# cp /usr/openssl/openssl.cnf.sample /usr/openssl/openssl.cnf
After Downloading and extracting OpennSSH portable
Code: 
#./configure --prefix=/usr --sysconfdir=/etc/ssh --with-zlib=/usr --with-ssl-dir=/usr --with-tcp-wrappers --with-ssl-engine --
with-pam --with-md5-passwords && make && make install clean

So I overwrote the base OpenSSL with the one in ports, and OpenSSH with the portable version from the Openssh website.

Your Input is very much appreciated :)
 
You should install OpenSSH portable through the ports instead of compiling directly from source.

Code: 
cd /usr/ports/security/openssh-portable
make install clean
 
MissileSilo said:
You should install OpenSSH portable through the ports instead of compiling directly from source.

Code: 
cd /usr/ports/security/openssh-portable
make install clean
Click to expand...

Why is this better :)

Thanks
 
ecpeachy said:
Why is this better :)
Click to expand...

Why is a port better than bare source? Look at /usr/ports/security/openssh-portable/files/. Those are mostly patch files you won't get with the bare source. They may be to make the port act correctly on FreeBSD, like keeping config files in /usr/local/etc. Or they may be needed to prevent security problems or make the program work at all.

Each of those files was created by someone who knew specifics about that software and about FreeBSD.

So a port is like a bare source install, but with patches written by experts to make it work correctly on FreeBSD. It's easier to install, easier to cleanly deinstall, and easier to upgrade. Sometimes there are reasons to prefer a bare source install, but it's rare.
 
Thank you for clarifying this for me

So I'm better off sticking to the ports collection unless there is a compelling need for a vanilla source :)

Thanks
 
MissileSilo said:
You should install OpenSSH portable through the ports instead of compiling directly from source.

Code: 
cd /usr/ports/security/openssh-portable
make install clean
Click to expand...

I noticed that the port version of openssh is only at 5.2p1 and the currennt version is 5.8p1. Is it not being updated anymore? Curious if this will force me to update from source.
 
You must log in or register to reply here.
Back
Top