#TODO resolver runtime on Redox still needs stronger validation; relibc now exports resolv.h/nameser surfaces
#TODO lack of utmpx.h, expect no way to track login in sshd
[source]
tar = "https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-9.8p1.tar.gz"
patches = [
    "redox.patch",
]
[build]
template = "custom"
dependencies = [
    "openssl3",
    "zlib",
    "zstd",
]
script = """
DYNAMIC_INIT
RELIBC_STAGE_INCLUDE="${COOKBOOK_ROOT}/recipes/core/relibc/target/${TARGET}/stage/usr/include"
RELIBC_STAGE_LIB="${COOKBOOK_ROOT}/recipes/core/relibc/target/${TARGET}/stage/usr/lib"
if [ -d "${RELIBC_STAGE_INCLUDE}" ]; then
    export CPPFLAGS="${CPPFLAGS} -I${RELIBC_STAGE_INCLUDE}"
    export CFLAGS="${CFLAGS} -I${RELIBC_STAGE_INCLUDE}"
fi
if [ -d "${RELIBC_STAGE_LIB}" ]; then
    export LDFLAGS="-L${RELIBC_STAGE_LIB} -Wl,-rpath-link,${RELIBC_STAGE_LIB} ${LDFLAGS}"
fi
COOKBOOK_CONFIGURE_FLAGS+=(
    --disable-strip
    --sysconfdir=/etc/ssh
)
export CFLAGS+=" -DSYSTEMD_NOTIFY=1"
cookbook_configure
mv "${COOKBOOK_STAGE}"/usr/sbin/sshd "${COOKBOOK_STAGE}"/usr/bin/sshd
rmdir "${COOKBOOK_STAGE}"/usr/sbin

# Extracted from `make host-key-force`
# TODO: Postscript to generate this
# ssh-keygen -t dsa -f "${COOKBOOK_STAGE}"/etc/ssh/ssh_host_dsa_key -N ""
# ssh-keygen -t rsa -f "${COOKBOOK_STAGE}"/etc/ssh/ssh_host_rsa_key -N ""
# ssh-keygen -t ed25519 -f "${COOKBOOK_STAGE}"/etc/ssh/ssh_host_ed25519_key -N ""
# ssh-keygen -t ecdsa -f "${COOKBOOK_STAGE}"/etc/ssh/ssh_host_ecdsa_key -N ""

CONFIG_FILE="${COOKBOOK_STAGE}"/etc/ssh/sshd_config

# ipv6 is not working yet
sed -i "s/#AddressFamily any/AddressFamily inet/g" "${CONFIG_FILE}"
"""