1 |
kharec |
8803 |
## Do not apply any unauthorized patches to this package! |
2 |
|
|
## - vdanen 05/18/01 |
3 |
|
|
## |
4 |
|
|
|
5 |
|
|
# Version of ssh-askpass |
6 |
|
|
%define aversion 1.2.4.1 |
7 |
|
|
# Version of watchdog patch |
8 |
|
|
%define wversion 4.4p1 |
9 |
|
|
|
10 |
|
|
# Version of the hpn patch |
11 |
|
|
%define hpnver 13v6 |
12 |
|
|
|
13 |
|
|
# overrides |
14 |
|
|
%define build_skey 0 |
15 |
|
|
%define build_krb5 1 |
16 |
|
|
%define build_watchdog 0 |
17 |
|
|
%define build_x11askpass 1 |
18 |
|
|
%define build_gnomeaskpass 1 |
19 |
|
|
%define build_ldap 0 |
20 |
|
|
%define build_sftpcontrol 0 |
21 |
|
|
%define build_hpn 0 |
22 |
|
|
%define build_audit 0 |
23 |
|
|
%define build_libedit 1 |
24 |
|
|
|
25 |
|
|
%{?_with_skey: %{expand: %%global build_skey 1}} |
26 |
|
|
%{?_without_skey: %{expand: %%global build_skey 0}} |
27 |
|
|
%{?_with_krb5: %{expand: %%global build_krb5 1}} |
28 |
|
|
%{?_without_krb5: %{expand: %%global build_krb5 0}} |
29 |
|
|
%{?_with_watchdog: %{expand: %%global build_watchdog 1}} |
30 |
|
|
%{?_without_watchdog: %{expand: %%global build_watchdog 0}} |
31 |
|
|
%{?_with_x11askpass: %{expand: %%global build_x11askpass 1}} |
32 |
|
|
%{?_without_x11askpass: %{expand: %%global build_x11askpass 0}} |
33 |
|
|
%{?_with_gnomeaskpass: %{expand: %%global build_gnomeaskpass 1}} |
34 |
|
|
%{?_without_gnomeaskpass: %{expand: %%global build_gnomeaskpass 0}} |
35 |
|
|
%{?_with_ldap: %{expand: %%global build_ldap 1}} |
36 |
|
|
%{?_without_ldap: %{expand: %%global build_ldap 0}} |
37 |
|
|
%{?_with_sftpcontrol: %{expand: %%global build_sftpcontrol 1}} |
38 |
|
|
%{?_without_sftpcontrol: %{expand: %%global build_sftpcontrol 0}} |
39 |
|
|
%{?_with_hpn: %{expand: %%global build_hpn 1}} |
40 |
|
|
%{?_without_hpn: %{expand: %%global build_hpn 0}} |
41 |
|
|
%{?_with_audit: %{expand: %%global build_audit 1}} |
42 |
|
|
%{?_without_audit: %{expand: %%global build_audit 0}} |
43 |
|
|
%{?_with_libedit: %{expand: %%global build_libedit 1}} |
44 |
|
|
%{?_without_libedit: %{expand: %%global build_libedit 0}} |
45 |
|
|
|
46 |
|
|
%define OPENSSH_PATH "/usr/local/bin:/bin:%{_bindir}" |
47 |
|
|
%define XAUTH %{_bindir}/xauth |
48 |
|
|
|
49 |
|
|
Summary: OpenSSH free Secure Shell (SSH) implementation |
50 |
|
|
Name: openssh |
51 |
pterjan |
89124 |
Version: 5.8p1 |
52 |
|
|
Release: %mkrel 1 |
53 |
kharec |
8803 |
License: BSD |
54 |
|
|
Group: Networking/Remote access |
55 |
|
|
URL: http://www.openssh.com/ |
56 |
|
|
Source0: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz |
57 |
|
|
Source1: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz.asc |
58 |
|
|
Source2: http://www.ntrnet.net/~jmknoble/software/x11-ssh-askpass/x11-ssh-askpass-%{aversion}.tar.bz2 |
59 |
|
|
# ssh-copy-id taken from debian, with "usage" added |
60 |
|
|
Source3: ssh-copy-id |
61 |
|
|
Source7: openssh-xinetd |
62 |
|
|
Source9: README.sftpfilecontrol |
63 |
|
|
# this is never to be applied by default |
64 |
|
|
# http://www.sc.isc.tohoku.ac.jp/~hgot/sources/openssh-watchdog.html |
65 |
|
|
Source10: openssh-%{wversion}-watchdog.patch.tgz |
66 |
|
|
Source12: ssh_ldap_key.pl |
67 |
|
|
Source15: ssh-avahi-integration |
68 |
|
|
Source17: sshd.pam |
69 |
|
|
Source18: sshd.init |
70 |
|
|
Source21: README.hpn |
71 |
misc |
86237 |
# patch to set some default configuration |
72 |
blino |
18288 |
Patch1: openssh-distro_conf.diff |
73 |
kharec |
8803 |
# authorized by Damien Miller <djm@openbsd.com> |
74 |
misc |
86237 |
# patch to lower the check on openssl version, should likely be removed |
75 |
kharec |
8803 |
Patch3: openssh-3.1p1-check-only-ssl-version.patch |
76 |
misc |
86237 |
|
77 |
kharec |
8803 |
# rediffed from openssh-4.4p1-watchdog.patch.tgz |
78 |
|
|
Patch4: openssh-4.4p1-watchdog.diff |
79 |
|
|
# optional ldap support |
80 |
|
|
# http://dev.inversepath.com/trac/openssh-lpk |
81 |
|
|
#Patch6: http://dev.inversepath.com/openssh-lpk/openssh-lpk-4.6p1-0.3.9.patch |
82 |
|
|
# new location for the lpk patch. |
83 |
|
|
# rediffed from "svn checkout http://openssh-lpk.googlecode.com/svn/trunk/ openssh-lpk-read-only" |
84 |
|
|
Patch6: openssh-lpk-5.4p1-0.3.10.diff |
85 |
|
|
# http://sftpfilecontrol.sourceforge.net |
86 |
|
|
# Not applied by default |
87 |
|
|
# P7 is rediffed and slightly adjusted from http://sftplogging.sourceforge.net/download/v1.5/openssh-4.4p1.sftplogging-v1.5.patch |
88 |
|
|
Patch7: openssh-4.9p1.sftplogging-v1.5.diff |
89 |
|
|
# (tpg) http://www.psc.edu/networking/projects/hpn-ssh/ |
90 |
|
|
Patch11: http://www.psc.edu/networking/projects/hpn-ssh/openssh-5.2p1-hpn%{hpnver}.diff |
91 |
|
|
Patch12: http://www.psc.edu/networking/projects/hpn-ssh/openssh5.1-peaktput.diff |
92 |
|
|
#gw: from Fedora: |
93 |
|
|
#fix round-robin DNS with GSSAPI authentification |
94 |
|
|
Patch13: openssh-4.3p2-gssapi-canohost.patch |
95 |
|
|
Patch14: openssh-4.7p1-audit.patch |
96 |
|
|
Patch17: openssh-5.1p1-askpass-progress.patch |
97 |
|
|
Patch18: openssh-4.3p2-askpass-grab-info.patch |
98 |
|
|
Patch19: openssh-4.0p1-exit-deadlock.patch |
99 |
|
|
Patch21: openssh_tcp_wrappers.patch |
100 |
|
|
Obsoletes: ssh |
101 |
|
|
Provides: ssh |
102 |
|
|
Requires(post): openssl >= 0.9.7 |
103 |
|
|
Requires(post): makedev |
104 |
|
|
Requires(preun): openssl >= 0.9.7 |
105 |
|
|
Requires: tcp_wrappers |
106 |
|
|
BuildRequires: groff-for-man |
107 |
|
|
BuildRequires: openssl-devel >= 0.9.7 |
108 |
|
|
BuildRequires: pam-devel |
109 |
|
|
BuildRequires: tcp_wrappers-devel |
110 |
|
|
BuildRequires: zlib-devel |
111 |
|
|
%if %{build_skey} |
112 |
|
|
BuildRequires: skey-devel |
113 |
|
|
%endif |
114 |
|
|
%if %{build_krb5} |
115 |
|
|
BuildRequires: krb5-devel |
116 |
|
|
%endif |
117 |
|
|
%if %{build_x11askpass} |
118 |
|
|
BuildRequires: imake |
119 |
|
|
BuildRequires: rman |
120 |
|
|
# http://qa.mandriva.com/show_bug.cgi?id=22736 |
121 |
|
|
BuildRequires: x11-util-cf-files >= 1.0.2 |
122 |
|
|
BuildRequires: gccmakedep |
123 |
|
|
BuildRequires: libx11-devel |
124 |
|
|
BuildRequires: libxt-devel |
125 |
|
|
%endif |
126 |
|
|
%if %{build_gnomeaskpass} |
127 |
|
|
BuildRequires: gtk+2-devel |
128 |
|
|
%endif |
129 |
|
|
%if %{build_ldap} |
130 |
|
|
BuildRequires: openldap-devel >= 2.0 |
131 |
|
|
%endif |
132 |
|
|
%if %{build_audit} |
133 |
|
|
BuildRequires: audit-devel |
134 |
|
|
%endif |
135 |
|
|
%if %{build_libedit} |
136 |
|
|
BuildRequires: edit-devel ncurses-devel |
137 |
|
|
%endif |
138 |
|
|
BuildConflicts: libgssapi-devel |
139 |
|
|
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-buildroot |
140 |
|
|
|
141 |
|
|
%description |
142 |
|
|
Ssh (Secure Shell) is a program for logging into a remote machine and for |
143 |
|
|
executing commands in a remote machine. It is intended to replace |
144 |
|
|
rlogin and rsh, and provide secure encrypted communications between |
145 |
|
|
two untrusted hosts over an insecure network. X11 connections and |
146 |
|
|
arbitrary TCP/IP ports can also be forwarded over the secure channel. |
147 |
|
|
|
148 |
|
|
OpenSSH is OpenBSD's rework of the last free version of SSH, bringing it |
149 |
|
|
up to date in terms of security and features, as well as removing all |
150 |
|
|
patented algorithms to separate libraries (OpenSSL). |
151 |
|
|
|
152 |
|
|
This package includes the core files necessary for both the OpenSSH |
153 |
|
|
client and server. To make this package useful, you should also |
154 |
|
|
install openssh-clients, openssh-server, or both. |
155 |
|
|
|
156 |
|
|
You can build %{name} with some conditional build swithes; |
157 |
|
|
|
158 |
|
|
(ie. use with rpm --rebuild): |
159 |
|
|
|
160 |
|
|
--with[out] skey smartcard support (disabled) |
161 |
|
|
--with[out] krb5 kerberos support (enabled) |
162 |
|
|
--with[out] watchdog watchdog support (disabled) |
163 |
|
|
--with[out] x11askpass X11 ask pass support (enabled) |
164 |
|
|
--with[out] gnomeaskpass Gnome ask pass support (enabled) |
165 |
|
|
--with[out] ldap OpenLDAP support (disabled) |
166 |
|
|
--with[out] sftpcontrol sftp file control support (disabled) |
167 |
|
|
--with[out] hpn HPN ssh/scp support (disabled) |
168 |
|
|
--with[out] audit audit support (disabled) |
169 |
|
|
--with[out] libedit libedit support in sftp (enabled) |
170 |
|
|
|
171 |
|
|
%package clients |
172 |
|
|
Summary: OpenSSH Secure Shell protocol clients |
173 |
|
|
Group: Networking/Remote access |
174 |
|
|
Requires: %{name} = %{version}-%{release} |
175 |
|
|
Obsoletes: ssh-clients, sftp, ssh |
176 |
|
|
Provides: ssh-clients, sftp, ssh |
177 |
|
|
|
178 |
|
|
%description clients |
179 |
|
|
Ssh (Secure Shell) is a program for logging into a remote machine and for |
180 |
|
|
executing commands in a remote machine. It is intended to replace |
181 |
|
|
rlogin and rsh, and provide secure encrypted communications between |
182 |
|
|
two untrusted hosts over an insecure network. X11 connections and |
183 |
|
|
arbitrary TCP/IP ports can also be forwarded over the secure channel. |
184 |
|
|
|
185 |
|
|
OpenSSH is OpenBSD's rework of the last free version of SSH, bringing it |
186 |
|
|
up to date in terms of security and features, as well as removing all |
187 |
|
|
patented algorithms to separate libraries (OpenSSL). |
188 |
|
|
|
189 |
|
|
This package includes the clients necessary to make encrypted connections |
190 |
|
|
to SSH servers. |
191 |
|
|
|
192 |
|
|
%package server |
193 |
|
|
Summary: OpenSSH Secure Shell protocol server (sshd) |
194 |
|
|
Group: System/Servers |
195 |
|
|
Requires(pre): %{name} = %{version}-%{release} chkconfig >= 0.9 |
196 |
|
|
Requires(pre): pam >= 0.74 |
197 |
|
|
Requires(pre): rpm-helper |
198 |
|
|
Requires(post): rpm-helper |
199 |
|
|
Requires(preun): rpm-helper |
200 |
|
|
Requires(postun): rpm-helper |
201 |
|
|
Requires(post): openssl >= 0.9.7 |
202 |
|
|
Requires(post): makedev |
203 |
|
|
Requires: %{name}-clients = %{version}-%{release} |
204 |
|
|
%if %{build_skey} |
205 |
|
|
Requires: skey |
206 |
|
|
%endif |
207 |
|
|
%if %{build_audit} |
208 |
|
|
BuildRequires: audit |
209 |
|
|
%endif |
210 |
|
|
Obsoletes: ssh-server, sshd |
211 |
|
|
Provides: ssh-server, sshd |
212 |
|
|
|
213 |
|
|
%description server |
214 |
|
|
Ssh (Secure Shell) is a program for logging into a remote machine and for |
215 |
|
|
executing commands in a remote machine. It is intended to replace |
216 |
|
|
rlogin and rsh, and provide secure encrypted communications between |
217 |
|
|
two untrusted hosts over an insecure network. X11 connections and |
218 |
|
|
arbitrary TCP/IP ports can also be forwarded over the secure channel. |
219 |
|
|
|
220 |
|
|
OpenSSH is OpenBSD's rework of the last free version of SSH, bringing it |
221 |
|
|
up to date in terms of security and features, as well as removing all |
222 |
|
|
patented algorithms to separate libraries (OpenSSL). |
223 |
|
|
|
224 |
|
|
This package contains the secure shell daemon. The sshd is the server |
225 |
|
|
part of the secure shell protocol and allows ssh clients to connect to |
226 |
|
|
your host. |
227 |
|
|
|
228 |
|
|
%package askpass-common |
229 |
|
|
Summary: OpenSSH X11 passphrase common scripts |
230 |
|
|
Group: Networking/Remote access |
231 |
|
|
|
232 |
|
|
%description askpass-common |
233 |
|
|
OpenSSH X11 passphrase common scripts |
234 |
|
|
|
235 |
|
|
%if %{build_x11askpass} |
236 |
|
|
%package askpass |
237 |
|
|
Summary: OpenSSH X11 passphrase dialog |
238 |
|
|
Group: Networking/Remote access |
239 |
|
|
Requires: %{name} = %{version}-%{release} |
240 |
|
|
Requires: %{name}-askpass-common |
241 |
|
|
Obsoletes: ssh-extras, ssh-askpass |
242 |
|
|
Provides: ssh-extras, ssh-askpass |
243 |
|
|
Requires(pre): update-alternatives |
244 |
|
|
|
245 |
|
|
%description askpass |
246 |
|
|
Ssh (Secure Shell) is a program for logging into a remote machine and for |
247 |
|
|
executing commands in a remote machine. It is intended to replace |
248 |
|
|
rlogin and rsh, and provide secure encrypted communications between |
249 |
|
|
two untrusted hosts over an insecure network. X11 connections and |
250 |
|
|
arbitrary TCP/IP ports can also be forwarded over the secure channel. |
251 |
|
|
|
252 |
|
|
OpenSSH is OpenBSD's rework of the last free version of SSH, bringing it |
253 |
|
|
up to date in terms of security and features, as well as removing all |
254 |
|
|
patented algorithms to separate libraries (OpenSSL). |
255 |
|
|
|
256 |
|
|
This package contains Jim Knoble's <jmknoble@pobox.com> X11 passphrase |
257 |
|
|
dialog. |
258 |
|
|
%endif |
259 |
|
|
|
260 |
|
|
%if %{build_gnomeaskpass} |
261 |
|
|
%package askpass-gnome |
262 |
|
|
Summary: OpenSSH GNOME passphrase dialog |
263 |
|
|
Group: Networking/Remote access |
264 |
|
|
Requires: %{name} = %{version}-%{release} |
265 |
|
|
Requires: %{name}-askpass-common |
266 |
|
|
Obsoletes: ssh-extras |
267 |
|
|
Requires(pre): update-alternatives |
268 |
|
|
Provides: %{name}-askpass, ssh-askpass, ssh-extras |
269 |
|
|
|
270 |
|
|
%description askpass-gnome |
271 |
|
|
Ssh (Secure Shell) is a program for logging into a remote machine and for |
272 |
|
|
executing commands in a remote machine. It is intended to replace |
273 |
|
|
rlogin and rsh, and provide secure encrypted communications between |
274 |
|
|
two untrusted hosts over an insecure network. X11 connections and |
275 |
|
|
arbitrary TCP/IP ports can also be forwarded over the secure channel. |
276 |
|
|
|
277 |
|
|
OpenSSH is OpenBSD's rework of the last free version of SSH, bringing it |
278 |
|
|
up to date in terms of security and features, as well as removing all |
279 |
|
|
patented algorithms to separate libraries (OpenSSL). |
280 |
|
|
|
281 |
|
|
This package contains the GNOME passphrase dialog. |
282 |
|
|
%endif |
283 |
|
|
|
284 |
|
|
%prep |
285 |
|
|
%if %{build_x11askpass} |
286 |
|
|
echo "Building with x11 askpass..." |
287 |
|
|
%endif |
288 |
|
|
%if %{build_gnomeaskpass} |
289 |
|
|
echo "Building with GNOME askpass..." |
290 |
|
|
%endif |
291 |
|
|
%if %{build_krb5} |
292 |
|
|
echo "Building with Kerberos5 support..." |
293 |
|
|
%endif |
294 |
|
|
%if %{build_skey} |
295 |
|
|
echo "Building with S/KEY support..." |
296 |
|
|
%endif |
297 |
|
|
%if %{build_watchdog} |
298 |
|
|
echo "Building with watchdog support..." |
299 |
|
|
%endif |
300 |
|
|
%if %{build_ldap} |
301 |
|
|
echo "Buiding with support for authenticating to public keys in ldap" |
302 |
|
|
%endif |
303 |
|
|
%if %{build_sftpcontrol} |
304 |
|
|
echo "Buiding with support for sftp file control" |
305 |
|
|
%endif |
306 |
|
|
%if %{build_hpn} |
307 |
|
|
echo "Buiding with support for High Performance Network SSH/SCP" |
308 |
|
|
%endif |
309 |
|
|
%if %{build_audit} |
310 |
|
|
echo "Buiding with audit support" |
311 |
|
|
%endif |
312 |
|
|
|
313 |
|
|
%setup -q -a2 -a10 |
314 |
|
|
|
315 |
blino |
18288 |
%patch1 -p1 -b .distro_conf |
316 |
kharec |
8803 |
%patch3 -p1 -b .ssl_ver |
317 |
|
|
%if %{build_watchdog} |
318 |
|
|
#patch -p0 -s -z .wdog < %{name}-%{wversion}-watchdog.patch |
319 |
|
|
%patch4 -p1 -b .watchdog |
320 |
|
|
%endif |
321 |
|
|
%if %{build_ldap} |
322 |
|
|
sed -i 's|UsePrivilegeSeparation yes|#UsePrivilegeSeparation yes|' sshd_config |
323 |
|
|
%patch6 -p1 -b .lpk |
324 |
|
|
rm -f README.lpk.lpk |
325 |
|
|
%define _default_patch_fuzz 3 |
326 |
|
|
%else |
327 |
|
|
%define _default_patch_fuzz 2 |
328 |
|
|
%endif |
329 |
|
|
%if %{build_sftpcontrol} |
330 |
|
|
#cat %{SOURCE8} | patch -p1 -s -z .sftpcontrol |
331 |
|
|
echo "This patch is broken or needs to be updated/rediffed"; exit 1 |
332 |
|
|
%patch7 -p1 -b .sftplogging-v1.5 |
333 |
|
|
# README with license terms for this patch |
334 |
|
|
install -m 0644 %{SOURCE9} . |
335 |
|
|
%endif |
336 |
|
|
%if %{build_hpn} |
337 |
|
|
echo "This patch is broken or needs to be updated/rediffed"; exit 1 |
338 |
|
|
%patch11 -p1 -b .hpn |
339 |
|
|
%patch12 -p1 -b .peak |
340 |
|
|
install %{SOURCE21} . |
341 |
|
|
%endif |
342 |
|
|
%patch13 -p1 -b .canohost |
343 |
|
|
%if %{build_audit} |
344 |
|
|
%patch14 -p1 -b .audit |
345 |
|
|
%endif |
346 |
|
|
%patch17 -p1 -b .progress |
347 |
|
|
%patch18 -p1 -b .grab-info |
348 |
|
|
%patch19 -p1 -b .exit-deadlock |
349 |
|
|
%patch21 -p1 -b .tcp_wrappers_mips |
350 |
|
|
|
351 |
blino |
18287 |
install %{SOURCE12} . |
352 |
kharec |
8803 |
|
353 |
|
|
install -m 0644 %{SOURCE17} sshd.pam |
354 |
|
|
install -m 0755 %{SOURCE18} sshd.init |
355 |
|
|
|
356 |
|
|
# fix attribs |
357 |
|
|
chmod 644 ChangeLog OVERVIEW README* INSTALL CREDITS LICENCE TODO ssh_ldap_key.pl |
358 |
|
|
|
359 |
|
|
# http://qa.mandriva.com/show_bug.cgi?id=22957 |
360 |
|
|
perl -pi -e "s|_OPENSSH_PATH_|%{OPENSSH_PATH}|g" sshd_config |
361 |
|
|
|
362 |
|
|
%build |
363 |
|
|
autoreconf |
364 |
|
|
|
365 |
|
|
%serverbuild |
366 |
|
|
|
367 |
|
|
%if %{build_x11askpass} |
368 |
|
|
pushd x11-ssh-askpass-%{aversion} |
369 |
|
|
%configure2_5x \ |
370 |
|
|
--prefix=%{_prefix} --libdir=%{_libdir} \ |
371 |
|
|
--mandir=%{_mandir} --libexecdir=%{_libdir}/ssh \ |
372 |
|
|
--with-app-defaults-dir=%{_sysconfdir}/X11/app-defaults \ |
373 |
|
|
%if %{build_libedit} |
374 |
|
|
--with-libedit \ |
375 |
|
|
%else |
376 |
|
|
--without-libedit \ |
377 |
|
|
%endif |
378 |
|
|
|
379 |
|
|
xmkmf -a |
380 |
|
|
|
381 |
|
|
%ifarch x86_64 |
382 |
|
|
perl -pi -e "s|/usr/lib\b|%{_libdir}|g" Makefile |
383 |
blino |
18289 |
perl -pi -e "s|i586-%{_vendor}-linux-gnu|x86_64-%{_vendor}-linux-gnu|g" Makefile |
384 |
kharec |
8803 |
perl -pi -e "s|%{_libdir}/gcc/|/usr/lib/gcc/|g" Makefile |
385 |
|
|
perl -pi -e "s|-m32|-m64|g" Makefile |
386 |
|
|
perl -pi -e "s|__i386__|__x86_64__|g" Makefile |
387 |
|
|
%endif |
388 |
|
|
|
389 |
|
|
make \ |
390 |
|
|
BINDIR=%{_libdir}/ssh \ |
391 |
|
|
CDEBUGFLAGS="$RPM_OPT_FLAGS" \ |
392 |
|
|
CXXDEBUGFLAGS="$RPM_OPT_FLAGS" |
393 |
|
|
|
394 |
|
|
# For some reason the x11-ssh-askpass.1.html file is not created on 10.0/10.1 |
395 |
|
|
# x86_64, so we just do it manually here... (oden) |
396 |
|
|
rm -f x11-ssh-askpass.1x.html x11-ssh-askpass.1x-html |
397 |
|
|
rman -f HTML < x11-ssh-askpass._man > x11-ssh-askpass.1x-html && \ |
398 |
|
|
mv -f x11-ssh-askpass.1x-html x11-ssh-askpass.1.html |
399 |
|
|
popd |
400 |
|
|
%endif |
401 |
|
|
|
402 |
|
|
%if %{build_gnomeaskpass} |
403 |
|
|
pushd contrib |
404 |
|
|
make gnome-ssh-askpass2 CC="%__cc %optflags %ldflags" |
405 |
|
|
mv gnome-ssh-askpass2 gnome-ssh-askpass |
406 |
|
|
popd |
407 |
|
|
%endif |
408 |
|
|
|
409 |
|
|
%configure2_5x \ |
410 |
|
|
--prefix=%{_prefix} \ |
411 |
|
|
--sysconfdir=%{_sysconfdir}/ssh \ |
412 |
|
|
--mandir=%{_mandir} \ |
413 |
|
|
--libdir=%{_libdir} \ |
414 |
|
|
--libexecdir=%{_libdir}/ssh \ |
415 |
|
|
--datadir=%{_datadir}/ssh \ |
416 |
|
|
--disable-strip \ |
417 |
|
|
--with-tcp-wrappers \ |
418 |
|
|
--with-pam \ |
419 |
|
|
--with-default-path=%{OPENSSH_PATH} \ |
420 |
|
|
--with-xauth=%{XAUTH} \ |
421 |
|
|
--with-privsep-path=/var/empty \ |
422 |
|
|
--without-zlib-version-check \ |
423 |
|
|
%if %{build_krb5} |
424 |
|
|
--with-kerberos5=%{_prefix} \ |
425 |
|
|
%endif |
426 |
|
|
%if %{build_skey} |
427 |
|
|
--with-skey \ |
428 |
|
|
%endif |
429 |
|
|
%if %{build_ldap} |
430 |
|
|
--with-libs="-lldap -llber" \ |
431 |
|
|
--with-cppflags="-DWITH_LDAP_PUBKEY -DLDAP_DEPRECATED" \ |
432 |
|
|
%endif |
433 |
|
|
--with-superuser-path=/usr/local/sbin:/usr/local/bin:/sbin:/bin:%{_sbindir}:%{_bindir} \ |
434 |
|
|
%if %{build_libedit} |
435 |
|
|
--with-libedit \ |
436 |
|
|
%else |
437 |
|
|
--without-libedit \ |
438 |
|
|
%endif |
439 |
|
|
%if %{build_audit} |
440 |
|
|
--with-linux-audit \ |
441 |
|
|
%endif |
442 |
|
|
|
443 |
|
|
%make |
444 |
|
|
|
445 |
|
|
%install |
446 |
|
|
rm -rf %{buildroot} |
447 |
|
|
|
448 |
|
|
%makeinstall_std |
449 |
|
|
|
450 |
|
|
install -d %{buildroot}%{_sysconfdir}/ssh |
451 |
|
|
install -d %{buildroot}%{_sysconfdir}/pam.d/ |
452 |
|
|
install -d %{buildroot}%{_sysconfdir}/sysconfig |
453 |
|
|
install -d %{buildroot}%{_initrddir} |
454 |
|
|
install -m644 sshd.pam %{buildroot}%{_sysconfdir}/pam.d/sshd |
455 |
|
|
install -m755 sshd.init %{buildroot}%{_initrddir}/sshd |
456 |
|
|
|
457 |
|
|
if [[ -f sshd_config.out ]]; then |
458 |
|
|
install -m600 sshd_config.out %{buildroot}%{_sysconfdir}/ssh/sshd_config |
459 |
|
|
else |
460 |
|
|
install -m600 sshd_config %{buildroot}%{_sysconfdir}/ssh/sshd_config |
461 |
|
|
fi |
462 |
|
|
echo "root" > %{buildroot}%{_sysconfdir}/ssh/denyusers |
463 |
|
|
|
464 |
|
|
if [[ -f ssh_config.out ]]; then |
465 |
|
|
install -m644 ssh_config.out %{buildroot}%{_sysconfdir}/ssh/ssh_config |
466 |
|
|
else |
467 |
|
|
install -m644 ssh_config %{buildroot}%{_sysconfdir}/ssh/ssh_config |
468 |
|
|
fi |
469 |
|
|
echo " StrictHostKeyChecking no" >> %{buildroot}%{_sysconfdir}/ssh/ssh_config |
470 |
|
|
|
471 |
|
|
mkdir -p %{buildroot}%{_libdir}/ssh |
472 |
|
|
%if %{build_x11askpass} |
473 |
|
|
pushd x11-ssh-askpass-%{aversion} |
474 |
|
|
#make DESTDIR=%{buildroot} install |
475 |
|
|
#make DESTDIR=%{buildroot} install.man |
476 |
|
|
#install -d %{buildroot}%{_prefix}/X11R6/lib/X11/doc/html |
477 |
|
|
#install -m0644 x11-ssh-askpass.1.html %{buildroot}%{_prefix}/X11R6/lib/X11/doc/html/ |
478 |
|
|
install -d %{buildroot}%{_libdir}/ssh |
479 |
|
|
install -d %{buildroot}%{_sysconfdir}/X11/app-defaults |
480 |
|
|
install -m0644 SshAskpass.ad %{buildroot}%{_sysconfdir}/X11/app-defaults/SshAskpass |
481 |
|
|
install -m0755 x11-ssh-askpass %{buildroot}%{_libdir}/ssh/ |
482 |
|
|
install -m0644 x11-ssh-askpass.man %{buildroot}%{_mandir}/man1/x11-ssh-askpass.1 |
483 |
|
|
popd |
484 |
|
|
%endif |
485 |
|
|
|
486 |
|
|
install -d %{buildroot}%{_sysconfdir}/profile.d/ |
487 |
|
|
%if %{build_gnomeaskpass} |
488 |
|
|
install -m 755 contrib/gnome-ssh-askpass %{buildroot}%{_libdir}/ssh/gnome-ssh-askpass |
489 |
|
|
%endif |
490 |
|
|
|
491 |
|
|
cat > %{buildroot}%{_sysconfdir}/profile.d/90ssh-askpass.csh <<EOF |
492 |
|
|
setenv SSH_ASKPASS %{_libdir}/ssh/ssh-askpass |
493 |
|
|
EOF |
494 |
|
|
|
495 |
|
|
cat > %{buildroot}%{_sysconfdir}/profile.d/90ssh-askpass.sh <<EOF |
496 |
|
|
export SSH_ASKPASS=%{_libdir}/ssh/ssh-askpass |
497 |
|
|
EOF |
498 |
|
|
|
499 |
|
|
cat > %{buildroot}%{_sysconfdir}/profile.d/90ssh-client.sh <<'EOF' |
500 |
|
|
# fix hanging ssh clients on exit |
501 |
|
|
if [ -n "$BASH_VERSION" ]; then |
502 |
|
|
shopt -s huponexit |
503 |
|
|
elif [ -n "$ZSH_VERSION" ]; then |
504 |
|
|
setopt hup |
505 |
|
|
fi |
506 |
|
|
EOF |
507 |
|
|
|
508 |
|
|
install -m 0755 %{SOURCE3} %{buildroot}/%{_bindir}/ssh-copy-id |
509 |
|
|
chmod a+x %{buildroot}/%{_bindir}/ssh-copy-id |
510 |
|
|
install -m 644 contrib/ssh-copy-id.1 %{buildroot}/%{_mandir}/man1/ |
511 |
|
|
|
512 |
|
|
# create pre-authentication directory |
513 |
|
|
mkdir -p %{buildroot}/var/empty |
514 |
|
|
|
515 |
|
|
# remove unwanted files |
516 |
|
|
rm -f %{buildroot}%{_libdir}/ssh/ssh-askpass |
517 |
|
|
|
518 |
|
|
# xinetd support (tv) |
519 |
|
|
mkdir -p %{buildroot}%{_sysconfdir}/xinetd.d/ |
520 |
|
|
install -m 0644 %{SOURCE7} %{buildroot}%{_sysconfdir}/xinetd.d/sshd-xinetd |
521 |
|
|
|
522 |
|
|
cat > %{buildroot}%{_sysconfdir}/sysconfig/sshd << EOF |
523 |
|
|
#SSHD="%{_sbindir}/sshd" |
524 |
|
|
#PID_FILE="/var/run/sshd.pid" |
525 |
|
|
#OPTIONS="" |
526 |
|
|
EOF |
527 |
|
|
|
528 |
|
|
# avahi integration support (misc) |
529 |
|
|
mkdir -p %{buildroot}%{_sysconfdir}/avahi/services/ |
530 |
|
|
install -m 0644 %{SOURCE15} %{buildroot}%{_sysconfdir}/avahi/services/%{name}.service |
531 |
|
|
|
532 |
|
|
# make sure strip can touch it |
533 |
|
|
chmod 755 %{buildroot}%{_libdir}/ssh/ssh-keysign |
534 |
|
|
|
535 |
|
|
%clean |
536 |
|
|
rm -rf %{buildroot} |
537 |
|
|
|
538 |
|
|
%pre server |
539 |
|
|
%_pre_useradd sshd /var/empty /bin/true |
540 |
|
|
|
541 |
|
|
%post server |
542 |
|
|
# do some key management; taken from the initscript |
543 |
|
|
|
544 |
|
|
KEYGEN=/usr/bin/ssh-keygen |
545 |
|
|
RSA1_KEY=/etc/ssh/ssh_host_key |
546 |
|
|
RSA_KEY=/etc/ssh/ssh_host_rsa_key |
547 |
|
|
DSA_KEY=/etc/ssh/ssh_host_dsa_key |
548 |
|
|
|
549 |
|
|
do_rsa1_keygen() { |
550 |
|
|
if [ ! -s $RSA1_KEY ]; then |
551 |
|
|
echo -n "Generating SSH1 RSA host key... " |
552 |
|
|
if $KEYGEN -q -t rsa1 -f $RSA1_KEY -C '' -N '' >&/dev/null; then |
553 |
|
|
chmod 600 $RSA1_KEY |
554 |
|
|
chmod 644 $RSA1_KEY.pub |
555 |
|
|
echo "done" |
556 |
|
|
echo |
557 |
|
|
else |
558 |
|
|
echo "failed" |
559 |
|
|
echo |
560 |
|
|
exit 1 |
561 |
|
|
fi |
562 |
|
|
fi |
563 |
|
|
} |
564 |
|
|
|
565 |
|
|
do_rsa_keygen() { |
566 |
|
|
if [ ! -s $RSA_KEY ]; then |
567 |
|
|
echo "Generating SSH2 RSA host key... " |
568 |
|
|
if $KEYGEN -q -t rsa -f $RSA_KEY -C '' -N '' >&/dev/null; then |
569 |
|
|
chmod 600 $RSA_KEY |
570 |
|
|
chmod 644 $RSA_KEY.pub |
571 |
|
|
echo "done" |
572 |
|
|
echo |
573 |
|
|
else |
574 |
|
|
echo "failed" |
575 |
|
|
echo |
576 |
|
|
exit 1 |
577 |
|
|
fi |
578 |
|
|
fi |
579 |
|
|
} |
580 |
|
|
|
581 |
|
|
do_dsa_keygen() { |
582 |
|
|
if [ ! -s $DSA_KEY ]; then |
583 |
|
|
echo "Generating SSH2 DSA host key... " |
584 |
|
|
if $KEYGEN -q -t dsa -f $DSA_KEY -C '' -N '' >&/dev/null; then |
585 |
|
|
chmod 600 $DSA_KEY |
586 |
|
|
chmod 644 $DSA_KEY.pub |
587 |
|
|
echo "done" |
588 |
|
|
echo |
589 |
|
|
else |
590 |
|
|
echo "failed" |
591 |
|
|
echo |
592 |
|
|
exit 1 |
593 |
|
|
fi |
594 |
|
|
fi |
595 |
|
|
} |
596 |
|
|
|
597 |
|
|
do_rsa1_keygen |
598 |
|
|
do_rsa_keygen |
599 |
|
|
do_dsa_keygen |
600 |
|
|
%_post_service sshd |
601 |
|
|
|
602 |
|
|
%preun server |
603 |
|
|
%_preun_service sshd |
604 |
|
|
|
605 |
|
|
%postun server |
606 |
|
|
%_postun_userdel sshd |
607 |
|
|
|
608 |
|
|
%if %{build_x11askpass} |
609 |
|
|
%post askpass |
610 |
|
|
update-alternatives --install %{_libdir}/ssh/ssh-askpass ssh-askpass %{_libdir}/ssh/x11-ssh-askpass 10 |
611 |
|
|
update-alternatives --install %{_bindir}/ssh-askpass bssh-askpass %{_libdir}/ssh/x11-ssh-askpass 10 |
612 |
|
|
|
613 |
|
|
%postun askpass |
614 |
|
|
[ $1 = 0 ] || exit 0 |
615 |
|
|
update-alternatives --remove ssh-askpass %{_libdir}/ssh/x11-ssh-askpass |
616 |
|
|
update-alternatives --remove bssh-askpass %{_libdir}/ssh/x11-ssh-askpass |
617 |
|
|
%endif |
618 |
|
|
|
619 |
|
|
%if %{build_gnomeaskpass} |
620 |
|
|
%post askpass-gnome |
621 |
|
|
update-alternatives --install %{_libdir}/ssh/ssh-askpass ssh-askpass %{_libdir}/ssh/gnome-ssh-askpass 20 |
622 |
|
|
update-alternatives --install %{_bindir}/ssh-askpass bssh-askpass %{_libdir}/ssh/gnome-ssh-askpass 20 |
623 |
|
|
|
624 |
|
|
%postun askpass-gnome |
625 |
|
|
[ $1 = 0 ] || exit 0 |
626 |
|
|
update-alternatives --remove ssh-askpass %{_libdir}/ssh/gnome-ssh-askpass |
627 |
|
|
update-alternatives --remove bssh-askpass %{_libdir}/ssh/gnome-ssh-askpass |
628 |
|
|
%endif |
629 |
|
|
|
630 |
|
|
%triggerpostun server -- openssh-server < 3.8p1 |
631 |
|
|
if grep -qE "^\W*auth\W+\w+\W+.*pam_(ldap|winbind|mysql)" /etc/pam.d/system-auth /etc/pam.d/sshd; then |
632 |
|
|
perl -pi -e 's|^#UsePAM no|UsePAM yes|' /etc/ssh/sshd_config |
633 |
|
|
fi |
634 |
|
|
|
635 |
|
|
%files |
636 |
|
|
%defattr(-,root,root) |
637 |
|
|
%doc ChangeLog OVERVIEW README* INSTALL CREDITS LICENCE TODO ssh_ldap_key.pl |
638 |
|
|
%if %{build_ldap} |
639 |
|
|
%doc *.schema |
640 |
|
|
%endif |
641 |
|
|
%if %{build_watchdog} |
642 |
|
|
%doc CHANGES-openssh-watchdog openssh-watchdog.html |
643 |
|
|
%endif |
644 |
|
|
%if %{build_sftpcontrol} |
645 |
|
|
%doc README.sftpfilecontrol |
646 |
|
|
%endif |
647 |
|
|
%{_bindir}/ssh-keygen |
648 |
|
|
%dir %{_sysconfdir}/ssh |
649 |
|
|
%{_bindir}/ssh-keyscan |
650 |
|
|
%attr(4711,root,root) %{_libdir}/ssh/ssh-keysign |
651 |
|
|
%{_libdir}/ssh/ssh-pkcs11-helper |
652 |
|
|
%{_mandir}/man1/ssh-keygen.1* |
653 |
|
|
%{_mandir}/man1/ssh-keyscan.1* |
654 |
|
|
%{_mandir}/man8/ssh-keysign.8* |
655 |
|
|
%{_mandir}/man8/ssh-pkcs11-helper.8* |
656 |
|
|
|
657 |
|
|
%files clients |
658 |
|
|
%defattr(-,root,root) |
659 |
|
|
%{_bindir}/scp |
660 |
|
|
%{_bindir}/ssh |
661 |
|
|
%{_bindir}/ssh-agent |
662 |
|
|
%{_bindir}/ssh-add |
663 |
|
|
%{_bindir}/ssh-copy-id |
664 |
|
|
%{_bindir}/slogin |
665 |
|
|
%{_bindir}/sftp |
666 |
|
|
%{_mandir}/man1/scp.1* |
667 |
|
|
%{_mandir}/man1/ssh-copy-id.1* |
668 |
|
|
%{_mandir}/man1/slogin.1* |
669 |
|
|
%{_mandir}/man1/ssh.1* |
670 |
|
|
%{_mandir}/man1/ssh-agent.1* |
671 |
|
|
%{_mandir}/man1/ssh-add.1* |
672 |
|
|
%{_mandir}/man1/sftp.1* |
673 |
|
|
%{_mandir}/man5/ssh_config.5* |
674 |
|
|
%config(noreplace) %{_sysconfdir}/ssh/ssh_config |
675 |
|
|
%{_sysconfdir}/profile.d/90ssh-client.sh |
676 |
|
|
|
677 |
|
|
%files server |
678 |
|
|
%defattr(-,root,root) |
679 |
|
|
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/sysconfig/sshd |
680 |
|
|
%{_sbindir}/sshd |
681 |
|
|
%dir %{_libdir}/ssh |
682 |
|
|
%{_libdir}/ssh/sftp-server |
683 |
|
|
%{_mandir}/man5/sshd_config.5* |
684 |
|
|
%{_mandir}/man5/moduli.5* |
685 |
|
|
%{_mandir}/man8/sshd.8* |
686 |
|
|
%{_mandir}/man8/sftp-server.8* |
687 |
|
|
%attr(0600,root,root) %config(noreplace) %{_sysconfdir}/ssh/sshd_config |
688 |
|
|
%attr(0600,root,root) %config(noreplace) %{_sysconfdir}/ssh/denyusers |
689 |
|
|
%attr(0600,root,root) %config(noreplace) %{_sysconfdir}/pam.d/sshd |
690 |
|
|
%config(noreplace) %_sysconfdir/xinetd.d/sshd-xinetd |
691 |
|
|
%config(noreplace) %{_sysconfdir}/avahi/services/%{name}.service |
692 |
|
|
%config(noreplace) %{_sysconfdir}/ssh/moduli |
693 |
|
|
%attr(0755,root,root) %{_initrddir}/sshd |
694 |
|
|
%dir %attr(0755,root,root) /var/empty |
695 |
|
|
|
696 |
|
|
%files askpass-common |
697 |
|
|
%defattr(-,root,root) |
698 |
|
|
%{_sysconfdir}/profile.d/90ssh-askpass.* |
699 |
|
|
|
700 |
|
|
%if %{build_x11askpass} |
701 |
|
|
%files askpass |
702 |
|
|
%defattr(-,root,root) |
703 |
|
|
%doc x11-ssh-askpass-%{aversion}/README |
704 |
|
|
%doc x11-ssh-askpass-%{aversion}/ChangeLog |
705 |
|
|
%doc x11-ssh-askpass-%{aversion}/SshAskpass*.ad |
706 |
|
|
%doc x11-ssh-askpass-%{aversion}/x11-ssh-askpass.1.html |
707 |
|
|
%{_libdir}/ssh/x11-ssh-askpass |
708 |
|
|
%{_sysconfdir}/X11/app-defaults/SshAskpass |
709 |
|
|
#%{_prefix}/X11R6/lib/X11/doc/html/x11-ssh-askpass.1.html |
710 |
|
|
%{_mandir}/man1/x11-ssh-askpass.1* |
711 |
|
|
%endif |
712 |
|
|
|
713 |
|
|
%if %{build_gnomeaskpass} |
714 |
|
|
%files askpass-gnome |
715 |
|
|
%defattr(-,root,root) |
716 |
|
|
%{_libdir}/ssh/gnome-ssh-askpass |
717 |
|
|
%endif |
718 |
|
|
|
719 |
|
|
|