Djam/openssh
1
0
Fork 0
mirror of https://abf.rosa.ru/djam/openssh.git synced 2025-02-25 18:53:02 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
openssh/openssh.spec

529 lines
14 KiB
RPMSpec
Raw Blame History

## Do not apply any unauthorized patches to this package!
## - vdanen 05/18/01
##
# Version of watchdog patch
%define wversion 4.4p1
# Version of the hpn patch
%define hpnver 13v6
%bcond_with skey
%bcond_without krb5
%bcond_with watchdog
%bcond_without gnomeaskpass
%bcond_with ldap
%bcond_with sftpcontrol
%bcond_with hpn
%bcond_with audit
%bcond_without libedit
%define OPENSSH_PATH "/usr/local/bin:/bin:%{_bindir}"
%define XAUTH %{_bindir}/xauth
Summary: OpenSSH free Secure Shell (SSH) implementation
Name: openssh
Version: 6.9p1
Release: 2
License: BSD
Group: Networking/Remote access
Url: http://www.openssh.com/
Source0: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/%{name}-%{version}.tar.gz
Source1: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/%{name}-%{version}.tar.gz.asc
# ssh-copy-id taken from debian, with "usage" added
Source3: ssh-copy-id
Source9: README.sftpfilecontrol
# this is never to be applied by default
# http://www.sc.isc.tohoku.ac.jp/~hgot/sources/openssh-watchdog.html
Source10: openssh-%{wversion}-watchdog.patch.tgz
Source12: ssh_ldap_key.pl
Source15: ssh-avahi-integration
Source17: sshd.pam
Source18: sshd.service
Source19: README.3.8p1.upgrade.urpmi
Source20: README.3.9p1-3.upgrade.urpmi
Source21: README.hpn
Source22: sshd-keygen
Source23: sshd.socket
Source24: sshd@.service
Source25: sshd-keygen.service
Patch1: openssh-mdv_conf.diff
# rediffed from openssh-4.4p1-watchdog.patch.tgz
Patch4: openssh-4.4p1-watchdog.diff
# optional ldap support
# http://dev.inversepath.com/trac/openssh-lpk
#Patch6: http://dev.inversepath.com/openssh-lpk/openssh-lpk-4.6p1-0.3.9.patch
# new location for the lpk patch.
# rediffed from "svn checkout http://openssh-lpk.googlecode.com/svn/trunk/ openssh-lpk-read-only"
Patch6: openssh-lpk-5.4p1-0.3.10.diff
# http://sftpfilecontrol.sourceforge.net
# Not applied by default
# P7 is rediffed and slightly adjusted from http://sftplogging.sourceforge.net/download/v1.5/openssh-4.4p1.sftplogging-v1.5.patch
Patch7: openssh-4.9p1.sftplogging-v1.5.diff
# (tpg) http://www.psc.edu/networking/projects/hpn-ssh/
Patch11: http://www.psc.edu/networking/projects/hpn-ssh/openssh-5.2p1-hpn%{hpnver}.diff
Patch12: http://www.psc.edu/networking/projects/hpn-ssh/openssh5.1-peaktput.diff
#gw: from Fedora:
#fix round-robin DNS with GSSAPI authentification
Patch13: openssh-4.3p2-gssapi-canohost.patch
Patch14: openssh-4.7p1-audit.patch
Patch17: openssh-5.1p1-askpass-progress.patch
Patch18: openssh-4.3p2-askpass-grab-info.patch
Patch19: openssh-4.0p1-exit-deadlock.patch
BuildRequires: groff-base
BuildRequires: pam-devel
BuildRequires: tcp_wrappers-devel
BuildRequires: pkgconfig(openssl)
BuildRequires: pkgconfig(zlib)
%if %{with skey}
BuildRequires: skey-devel
%endif
%if %{with krb5}
BuildRequires: krb5-devel
%endif
%if %{with gnomeaskpass}
BuildRequires: pkgconfig(gtk+-2.0)
%endif
%if %{with ldap}
BuildRequires: openldap-devel >= 2.0
%endif
%if %{with audit}
BuildRequires: audit-devel
%endif
%if %{with libedit}
BuildRequires: pkgconfig(libedit)
BuildRequires: pkgconfig(ncurses)
%endif
BuildConflicts: libgssapi-devel
BuildRequires: systemd-units
Requires(pre,post,preun,postun): rpm-helper > 0.24
Requires: tcp_wrappers
Obsoletes: ssh
Provides: ssh
%description
Ssh (Secure Shell) is a program for logging into a remote machine and for
executing commands in a remote machine. It is intended to replace
rlogin and rsh, and provide secure encrypted communications between
two untrusted hosts over an insecure network. X11 connections and
arbitrary TCP/IP ports can also be forwarded over the secure channel.
OpenSSH is OpenBSD's rework of the last free version of SSH, bringing it
up to date in terms of security and features, as well as removing all
patented algorithms to separate libraries (OpenSSL).
This package includes the core files necessary for both the OpenSSH
client and server. To make this package useful, you should also
install openssh-clients, openssh-server, or both.
You can build %{name} with some conditional build swithes;
(ie. use with rpm --rebuild):
--with[out] skey smartcard support (disabled)
--with[out] krb5 kerberos support (enabled)
--with[out] watchdog watchdog support (disabled)
--with[out] gnomeaskpass Gnome ask pass support (disabled)
--with[out] ldap OpenLDAP support (disabled)
--with[out] sftpcontrol sftp file control support (disabled)
--with[out] hpn HPN ssh/scp support (disabled)
--with[out] audit audit support (disabled)
--with[out] libedit libedit support in sftp (enabled)
%package clients
Summary: OpenSSH Secure Shell protocol clients
Group: Networking/Remote access
Requires: %{name} = %{version}-%{release}
Provides: ssh-clients
Provides: sftp
Provides: ssh
%description clients
This package includes the clients necessary to make encrypted connections
to SSH servers.
%package server
Summary: OpenSSH Secure Shell protocol server (sshd)
Group: System/Servers
Requires(pre): %{name} = %{version}-%{release}
Requires: %{name}-clients = %{version}-%{release}
Requires(pre): pam >= 0.74
Requires(pre,postun,preun,postun): rpm-helper
%if %{with skey}
Requires: skey
%endif
Provides: ssh-server
Provides: sshd
%description server
This package contains the secure shell daemon. The sshd is the server
part of the secure shell protocol and allows ssh clients to connect to
your host.
%package askpass-common
Summary: OpenSSH X11 passphrase common scripts
Group: Networking/Remote access
%description askpass-common
OpenSSH X11 passphrase common scripts
%if %{with gnomeaskpass}
%package askpass-gnome
Summary: OpenSSH GNOME passphrase dialog
Group: Networking/Remote access
Requires: %{name} = %{version}-%{release}
Requires: %{name}-askpass-common
Requires(pre): update-alternatives
Provides: %{name}-askpass
Provides: ssh-askpass
Provides: ssh-extras
%description askpass-gnome
This package contains the GNOME passphrase dialog.
%endif
%prep
%setup -q -a10
%patch1 -p1 -b .mdkconf
%if %{with watchdog}
#patch -p0 -s -z .wdog < %{name}-%{wversion}-watchdog.patch
%patch4 -p1 -b .watchdog
%endif
%if %{with ldap}
sed -i 's|UsePrivilegeSeparation yes|#UsePrivilegeSeparation yes|' sshd_config
%patch6 -p1 -b .lpk
rm -f README.lpk.lpk
%define _default_patch_fuzz 3
%else
%define _default_patch_fuzz 2
%endif
%if %{with sftpcontrol}
#cat %{SOURCE8} | patch -p1 -s -z .sftpcontrol
echo "This patch is broken or needs to be updated/rediffed"; exit 1
%patch7 -p1 -b .sftplogging-v1.5
# README with license terms for this patch
install -m 0644 %{SOURCE9} .
%endif
%if %{with hpn}
echo "This patch is broken or needs to be updated/rediffed"; exit 1
%patch11 -p1 -b .hpn
%patch12 -p1 -b .peak
install %{SOURCE21} .
%endif
%patch13 -p1 -b .canohost
%if %{with audit}
%patch14 -p1 -b .audit
%endif
%patch17 -p1 -b .progress
%patch18 -p1 -b .grab-info
%patch19 -p1 -b .exit-deadlock
install %{SOURCE12} %{SOURCE19} %{SOURCE20} .
install -m 0644 %{SOURCE17} sshd.pam
# fix attribs
chmod 644 ChangeLog OVERVIEW README* INSTALL CREDITS LICENCE TODO ssh_ldap_key.pl
# http://qa.mandriva.com/show_bug.cgi?id=22957
perl -pi -e "s|_OPENSSH_PATH_|%{OPENSSH_PATH}|g" sshd_config
autoreconf -fi
%build
%ifarch %{ix86}
%define _disable_ld_no_undefined 1
%endif
%serverbuild
%configure \
--prefix=%{_prefix} \
--sysconfdir=%{_sysconfdir}/ssh \
--mandir=%{_mandir} \
--libdir=%{_libdir} \
--libexecdir=%{_libdir}/ssh \
--datadir=%{_datadir}/ssh \
--disable-strip \
--with-tcp-wrappers \
--with-pam \
--with-default-path=%{OPENSSH_PATH} \
--with-xauth=%{XAUTH} \
--with-privsep-path=/var/empty \
--without-zlib-version-check \
--with-maildir=/var/spool/mail \
--with-sandbox=rlimit \
%if %{with krb5}
--with-kerberos5=%{_prefix} \
%endif
%if %{with skey}
--with-skey \
%endif
%if %{with ldap}
--with-libs="-lldap -llber" \
--with-cppflags="-DWITH_LDAP_PUBKEY -DLDAP_DEPRECATED" \
%endif
--with-superuser-path=/usr/local/sbin:/usr/local/bin:/sbin:/bin:%{_sbindir}:%{_bindir} \
%if %{with libedit}
--with-libedit \
%else
--without-libedit \
%endif
%if %{with audit}
--with-linux-audit \
%endif
%ifarch %{ix86} %{arm}
# crisb - ftrapv causes link error (missing mulodi4) on 32-bit systems
# seems the configure code does not detect this (despite attempts)
find . -name Makefile -exec sed -i 's|-ftrapv||' {} \;
%endif
%make
%if %{with gnomeaskpass}
pushd contrib
make gnome-ssh-askpass2 CC="%__cc %optflags %ldflags"
mv gnome-ssh-askpass2 gnome-ssh-askpass
popd
%endif
%install
%makeinstall_std
install -d %{buildroot}%{_sysconfdir}/ssh
install -d %{buildroot}%{_sysconfdir}/pam.d/
install -d %{buildroot}%{_sysconfdir}/sysconfig
install -d %{buildroot}%{_unitdir}
install -m644 sshd.pam %{buildroot}%{_sysconfdir}/pam.d/sshd
install -m644 %{SOURCE18} %{buildroot}%{_unitdir}/sshd.service
install -m755 %{SOURCE22} %{buildroot}%{_sbindir}/sshd-keygen
install -m644 %{SOURCE23} %{buildroot}%{_unitdir}/sshd.socket
install -m644 %{SOURCE24} %{buildroot}%{_unitdir}/sshd@.service
install -m644 %{SOURCE25} %{buildroot}%{_unitdir}/sshd-keygen.service
if [[ -f sshd_config.out ]]; then
install -m600 sshd_config.out %{buildroot}%{_sysconfdir}/ssh/sshd_config
else
install -m600 sshd_config %{buildroot}%{_sysconfdir}/ssh/sshd_config
fi
echo "root" > %{buildroot}%{_sysconfdir}/ssh/denyusers
if [[ -f ssh_config.out ]]; then
install -m644 ssh_config.out %{buildroot}%{_sysconfdir}/ssh/ssh_config
else
install -m644 ssh_config %{buildroot}%{_sysconfdir}/ssh/ssh_config
fi
echo " StrictHostKeyChecking no" >> %{buildroot}%{_sysconfdir}/ssh/ssh_config
mkdir -p %{buildroot}%{_libdir}/ssh
install -d %{buildroot}%{_sysconfdir}/profile.d/
%if %{with gnomeaskpass}
install -m 755 contrib/gnome-ssh-askpass %{buildroot}%{_libdir}/ssh/gnome-ssh-askpass
%endif
cat > %{buildroot}%{_sysconfdir}/profile.d/90ssh-askpass.csh <<EOF
setenv SSH_ASKPASS %{_libdir}/ssh/ssh-askpass
EOF
cat > %{buildroot}%{_sysconfdir}/profile.d/90ssh-askpass.sh <<EOF
export SSH_ASKPASS=%{_libdir}/ssh/ssh-askpass
EOF
cat > %{buildroot}%{_sysconfdir}/profile.d/90ssh-client.sh <<'EOF'
# fix hanging ssh clients on exit
if [ -n "$BASH_VERSION" ]; then
shopt -s huponexit
elif [ -n "$ZSH_VERSION" ]; then
setopt hup
fi
EOF
install -m 0755 %{SOURCE3} %{buildroot}/%{_bindir}/ssh-copy-id
chmod a+x %{buildroot}/%{_bindir}/ssh-copy-id
install -m 644 contrib/ssh-copy-id.1 %{buildroot}/%{_mandir}/man1/
# create pre-authentication directory
mkdir -p %{buildroot}/var/empty
# remove unwanted files
rm -f %{buildroot}%{_libdir}/ssh/ssh-askpass
cat > %{buildroot}%{_sysconfdir}/sysconfig/sshd << EOF
#SSHD="%{_sbindir}/sshd"
#PID_FILE="/var/run/sshd.pid"
#OPTIONS=""
EOF
# avahi integration support (misc)
mkdir -p %{buildroot}%{_sysconfdir}/avahi/services/
install -m 0644 %{SOURCE15} %{buildroot}%{_sysconfdir}/avahi/services/%{name}.service
# make sure strip can touch it
chmod 755 %{buildroot}%{_libdir}/ssh/ssh-keysign
%pre server
%_pre_useradd sshd /var/empty /bin/true
%post server
# do some key management
# %{_bindir}/ssh-keygen -A
# do some key management; taken from the initscript
KEYGEN=/usr/bin/ssh-keygen
RSA1_KEY=/etc/ssh/ssh_host_key
RSA_KEY=/etc/ssh/ssh_host_rsa_key
DSA_KEY=/etc/ssh/ssh_host_dsa_key
ECDSA_KEY=/etc/ssh/ssh_host_ecdsa_key
do_rsa1_keygen() {
if [ ! -s $RSA1_KEY ]; then
echo -n "Generating SSH1 RSA host key... "
if $KEYGEN -q -t rsa1 -f $RSA1_KEY -C '' -N '' >&/dev/null; then
chmod 600 $RSA1_KEY
chmod 644 $RSA1_KEY.pub
echo "done"
echo
else
echo "failed"
echo
exit 1
fi
fi
}
do_rsa_keygen() {
if [ ! -s $RSA_KEY ]; then
echo "Generating SSH2 RSA host key... "
if $KEYGEN -q -t rsa -f $RSA_KEY -C '' -N '' >&/dev/null; then
chmod 600 $RSA_KEY
chmod 644 $RSA_KEY.pub
echo "done"
echo
else
echo "failed"
echo
exit 1
fi
fi
}
do_dsa_keygen() {
if [ ! -s $DSA_KEY ]; then
echo "Generating SSH2 DSA host key... "
if $KEYGEN -q -t dsa -f $DSA_KEY -C '' -N '' >&/dev/null; then
chmod 600 $DSA_KEY
chmod 644 $DSA_KEY.pub
echo "done"
echo
else
echo "failed"
echo
exit 1
fi
fi
}
do_ecdsa_keygen() {
if [ ! -s $ECDSA_KEY ]; then
echo "Generating SSH2 EC DSA host key... "
if $KEYGEN -q -t dsa -f $ECDSA_KEY -C '' -N '' >&/dev/null; then
chmod 600 $ECDSA_KEY
chmod 644 $ECDSA_KEY.pub
echo "done"
echo
else
echo "failed"
echo
exit 1
fi
fi
}
do_rsa1_keygen
do_rsa_keygen
do_dsa_keygen
do_ecdsa_keygen
%postun server
%_postun_userdel sshd
%if %{with gnomeaskpass}
%post askpass-gnome
update-alternatives --install %{_libdir}/ssh/ssh-askpass ssh-askpass %{_libdir}/ssh/gnome-ssh-askpass 20
update-alternatives --install %{_bindir}/ssh-askpass bssh-askpass %{_libdir}/ssh/gnome-ssh-askpass 20
%postun askpass-gnome
[ $1 = 0 ] || exit 0
update-alternatives --remove ssh-askpass %{_libdir}/ssh/gnome-ssh-askpass
update-alternatives --remove bssh-askpass %{_libdir}/ssh/gnome-ssh-askpass
%endif
%files
%doc ChangeLog OVERVIEW README* INSTALL CREDITS LICENCE TODO ssh_ldap_key.pl
%if %{with ldap}
%doc *.schema
%endif
%if %{with watchdog}
%doc CHANGES-openssh-watchdog openssh-watchdog.html
%endif
%if %{with sftpcontrol}
%doc README.sftpfilecontrol
%endif
%{_bindir}/ssh-keygen
%dir %{_sysconfdir}/ssh
%{_bindir}/ssh-keyscan
%attr(4711,root,root) %{_libdir}/ssh/ssh-keysign
%{_libdir}/ssh/ssh-pkcs11-helper
%{_mandir}/man1/ssh-keygen.1*
%{_mandir}/man1/ssh-keyscan.1*
%{_mandir}/man8/ssh-keysign.8*
%{_mandir}/man8/ssh-pkcs11-helper.8*
%files clients
%{_bindir}/scp
%{_bindir}/ssh
%{_bindir}/ssh-agent
%{_bindir}/ssh-add
%{_bindir}/ssh-copy-id
%{_bindir}/slogin
%{_bindir}/sftp
%{_mandir}/man1/scp.1*
%{_mandir}/man1/ssh-copy-id.1*
%{_mandir}/man1/slogin.1*
%{_mandir}/man1/ssh.1*
%{_mandir}/man1/ssh-agent.1*
%{_mandir}/man1/ssh-add.1*
%{_mandir}/man1/sftp.1*
%{_mandir}/man5/ssh_config.5*
%config(noreplace) %{_sysconfdir}/ssh/ssh_config
%{_sysconfdir}/profile.d/90ssh-client.sh
%files server
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/sysconfig/sshd
%{_sbindir}/sshd
%{_sbindir}/sshd-keygen
%dir %{_libdir}/ssh
%{_libdir}/ssh/sftp-server
%{_mandir}/man5/sshd_config.5*
%{_mandir}/man5/moduli.5*
%{_mandir}/man8/sshd.8*
%{_mandir}/man8/sftp-server.8*
%attr(0600,root,root) %config(noreplace) %{_sysconfdir}/ssh/sshd_config
%attr(0600,root,root) %config(noreplace) %{_sysconfdir}/ssh/denyusers
%attr(0600,root,root) %config(noreplace) %{_sysconfdir}/pam.d/sshd
%config(noreplace) %{_sysconfdir}/avahi/services/%{name}.service
%config(noreplace) %{_sysconfdir}/ssh/moduli
%{_unitdir}/sshd.service
%{_unitdir}/sshd.socket
%{_unitdir}/sshd-keygen.service
%{_unitdir}/sshd@.service
%dir %attr(0755,root,root) /var/empty
%files askpass-common
%{_sysconfdir}/profile.d/90ssh-askpass.*
%if %{with gnomeaskpass}
%files askpass-gnome
%{_libdir}/ssh/gnome-ssh-askpass
%endif
Reference in a new issue View git blame Copy permalink