/[packages]/updates/3/openssh/current/SPECS/openssh.spec
ViewVC logotype

Contents of /updates/3/openssh/current/SPECS/openssh.spec

Parent Directory Parent Directory | Revision Log Revision Log

Revision 389214 - (show annotations) (download)
Thu Jan 17 21:30:27 2013 UTC (11 years, 3 months ago) by pterjan
Original Path: cauldron/openssh/current/SPECS/openssh.spec
File size: 21946 byte(s) 
oops
1 # Version of ssh-askpass
2 %define aversion 1.2.4.1
3 # Version of watchdog patch
4 %define wversion 4.4p1
5
6 # Version of the hpn patch
7 %define hpnver 13v6
8
9 # overrides
10 %define build_skey 0
11 %define build_krb5 1
12 %define build_watchdog 0
13 %define build_x11askpass 1
14 %define build_gnomeaskpass 1
15 %define build_ldap 1
16 %define build_sftpcontrol 0
17 %define build_hpn 0
18 %define build_audit 0
19 %define build_libedit 1
20
21 %{?_with_skey: %{expand: %%global build_skey 1}}
22 %{?_without_skey: %{expand: %%global build_skey 0}}
23 %{?_with_krb5: %{expand: %%global build_krb5 1}}
24 %{?_without_krb5: %{expand: %%global build_krb5 0}}
25 %{?_with_watchdog: %{expand: %%global build_watchdog 1}}
26 %{?_without_watchdog: %{expand: %%global build_watchdog 0}}
27 %{?_with_x11askpass: %{expand: %%global build_x11askpass 1}}
28 %{?_without_x11askpass: %{expand: %%global build_x11askpass 0}}
29 %{?_with_gnomeaskpass: %{expand: %%global build_gnomeaskpass 1}}
30 %{?_without_gnomeaskpass: %{expand: %%global build_gnomeaskpass 0}}
31 %{?_with_ldap: %{expand: %%global build_ldap 1}}
32 %{?_without_ldap: %{expand: %%global build_ldap 0}}
33 %{?_with_sftpcontrol: %{expand: %%global build_sftpcontrol 1}}
34 %{?_without_sftpcontrol: %{expand: %%global build_sftpcontrol 0}}
35 %{?_with_hpn: %{expand: %%global build_hpn 1}}
36 %{?_without_hpn: %{expand: %%global build_hpn 0}}
37 %{?_with_audit: %{expand: %%global build_audit 1}}
38 %{?_without_audit: %{expand: %%global build_audit 0}}
39 %{?_with_libedit: %{expand: %%global build_libedit 1}}
40 %{?_without_libedit: %{expand: %%global build_libedit 0}}
41
42 %define OPENSSH_PATH "/usr/local/bin:%{_bindir}"
43 %define XAUTH %{_bindir}/xauth
44
45 Summary: OpenSSH free Secure Shell (SSH) implementation
46 Name: openssh
47 Version: 6.1p1
48 Release: %mkrel 3
49 License: BSD
50 Group: Networking/Remote access
51 URL: http://www.openssh.com/
52 Source0: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz
53 Source1: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz.asc
54 Source2: http://www.ntrnet.net/~jmknoble/software/x11-ssh-askpass/x11-ssh-askpass-%{aversion}.tar.bz2
55 # ssh-copy-id taken from debian, with "usage" added
56 Source3: ssh-copy-id
57 Source7: openssh-xinetd
58 Source9: README.sftpfilecontrol
59 # this is never to be applied by default
60 # http://www.sc.isc.tohoku.ac.jp/~hgot/sources/openssh-watchdog.html
61 Source10: openssh-%{wversion}-watchdog.patch.tgz
62 Source12: ssh_ldap_key.pl
63 Source15: ssh-avahi-integration
64 Source17: sshd.pam
65 Source21: README.hpn
66 Source22: sshd.service
67 Source23: sshd@.service
68 Source24: sshd-keygen.service
69 Source25: sshd.socket
70 Source26: sshd-keygen
71 # patch to set some default configuration
72 Patch1: openssh-6.1p1-config.patch
73 # rediffed from openssh-4.4p1-watchdog.patch.tgz
74 Patch4: openssh-4.4p1-watchdog.diff
75 # ldap support, from Fedora
76 Patch6: openssh-6.1p1-ldap.patch
77 # http://sftpfilecontrol.sourceforge.net
78 # Not applied by default
79 # P7 is rediffed and slightly adjusted from http://sftplogging.sourceforge.net/download/v1.5/openssh-4.4p1.sftplogging-v1.5.patch
80 Patch7: openssh-4.9p1.sftplogging-v1.5.diff
81 # (tpg) http://www.psc.edu/networking/projects/hpn-ssh/
82 Patch11: http://www.psc.edu/networking/projects/hpn-ssh/openssh-5.2p1-hpn%{hpnver}.diff
83 Patch12: http://www.psc.edu/networking/projects/hpn-ssh/openssh5.1-peaktput.diff
84 #gw: from Fedora:
85 #fix round-robin DNS with GSSAPI authentification
86 Patch13: openssh-4.3p2-gssapi-canohost.patch
87 Patch14: openssh-4.7p1-audit.patch
88 Patch17: openssh-5.1p1-askpass-progress.patch
89 Patch18: openssh-4.3p2-askpass-grab-info.patch
90 Patch19: openssh-5.6p1-exit-deadlock.patch
91 Patch21: openssh_tcp_wrappers.patch
92 Provides: ssh
93 Requires(post): openssl >= 0.9.7
94 Requires(post): makedev
95 Requires(preun): openssl >= 0.9.7
96 Requires: tcp_wrappers
97 BuildRequires: groff-for-man
98 BuildRequires: openssl-devel >= 0.9.7
99 BuildRequires: pam-devel
100 BuildRequires: tcp_wrappers-devel
101 BuildRequires: zlib-devel
102 %if %{build_skey}
103 BuildRequires: skey-devel
104 %endif
105 %if %{build_krb5}
106 BuildRequires: krb5-devel
107 %endif
108 %if %{build_x11askpass}
109 BuildRequires: imake
110 BuildRequires: rman
111 # http://qa.mandriva.com/show_bug.cgi?id=22736
112 BuildRequires: x11-util-cf-files >= 1.0.2
113 BuildRequires: gccmakedep
114 BuildRequires: libx11-devel
115 BuildRequires: libxt-devel
116 %endif
117 %if %{build_gnomeaskpass}
118 BuildRequires: gtk+2-devel
119 %endif
120 %if %{build_ldap}
121 BuildRequires: openldap-devel >= 2.0
122 %endif
123 %if %{build_audit}
124 BuildRequires: audit-devel
125 %endif
126 %if %{build_libedit}
127 BuildRequires: edit-devel ncurses-devel
128 %endif
129 BuildConflicts: libgssapi-devel
130
131 %description
132 Ssh (Secure Shell) is a program for logging into a remote machine and for
133 executing commands in a remote machine. It is intended to replace
134 rlogin and rsh, and provide secure encrypted communications between
135 two untrusted hosts over an insecure network. X11 connections and
136 arbitrary TCP/IP ports can also be forwarded over the secure channel.
137
138 OpenSSH is OpenBSD's rework of the last free version of SSH, bringing it
139 up to date in terms of security and features, as well as removing all
140 patented algorithms to separate libraries (OpenSSL).
141
142 This package includes the core files necessary for both the OpenSSH
143 client and server. To make this package useful, you should also
144 install openssh-clients, openssh-server, or both.
145
146 You can build %{name} with some conditional build swithes;
147
148 (ie. use with rpm --rebuild):
149
150 --with[out] skey smartcard support (disabled)
151 --with[out] krb5 kerberos support (enabled)
152 --with[out] watchdog watchdog support (disabled)
153 --with[out] x11askpass X11 ask pass support (enabled)
154 --with[out] gnomeaskpass Gnome ask pass support (enabled)
155 --with[out] ldap OpenLDAP support (disabled)
156 --with[out] sftpcontrol sftp file control support (disabled)
157 --with[out] hpn HPN ssh/scp support (disabled)
158 --with[out] audit audit support (disabled)
159 --with[out] libedit libedit support in sftp (enabled)
160
161 %package clients
162 Summary: OpenSSH Secure Shell protocol clients
163 Group: Networking/Remote access
164 Requires: %{name} = %{version}-%{release}
165 Provides: ssh-clients, sftp, ssh
166
167 %description clients
168 Ssh (Secure Shell) is a program for logging into a remote machine and for
169 executing commands in a remote machine. It is intended to replace
170 rlogin and rsh, and provide secure encrypted communications between
171 two untrusted hosts over an insecure network. X11 connections and
172 arbitrary TCP/IP ports can also be forwarded over the secure channel.
173
174 OpenSSH is OpenBSD's rework of the last free version of SSH, bringing it
175 up to date in terms of security and features, as well as removing all
176 patented algorithms to separate libraries (OpenSSL).
177
178 This package includes the clients necessary to make encrypted connections
179 to SSH servers.
180
181 %package server
182 Summary: OpenSSH Secure Shell protocol server (sshd)
183 Group: System/Servers
184 Requires(pre): %{name} = %{version}-%{release} chkconfig >= 0.9
185 Requires(pre): pam >= 0.74
186 Requires(post): rpm-helper >= 0.24.8-1
187 Requires(preun): rpm-helper >= 0.24.8-1
188 Requires(post): openssl >= 0.9.7
189 Requires(post): makedev
190 Requires: %{name}-clients = %{version}-%{release}
191 %if %{build_skey}
192 Requires: skey
193 %endif
194 %if %{build_audit}
195 BuildRequires: audit
196 %endif
197 Provides: ssh-server, sshd
198
199 %description server
200 Ssh (Secure Shell) is a program for logging into a remote machine and for
201 executing commands in a remote machine. It is intended to replace
202 rlogin and rsh, and provide secure encrypted communications between
203 two untrusted hosts over an insecure network. X11 connections and
204 arbitrary TCP/IP ports can also be forwarded over the secure channel.
205
206 OpenSSH is OpenBSD's rework of the last free version of SSH, bringing it
207 up to date in terms of security and features, as well as removing all
208 patented algorithms to separate libraries (OpenSSL).
209
210 This package contains the secure shell daemon. The sshd is the server
211 part of the secure shell protocol and allows ssh clients to connect to
212 your host.
213
214 %package askpass-common
215 Summary: OpenSSH X11 passphrase common scripts
216 Group: Networking/Remote access
217
218 %description askpass-common
219 OpenSSH X11 passphrase common scripts
220
221 %if %{build_x11askpass}
222 %package askpass
223 Summary: OpenSSH X11 passphrase dialog
224 Group: Networking/Remote access
225 Requires: %{name} = %{version}-%{release}
226 Requires: %{name}-askpass-common
227 Provides: ssh-extras, ssh-askpass
228 Requires(pre): update-alternatives
229
230 %description askpass
231 Ssh (Secure Shell) is a program for logging into a remote machine and for
232 executing commands in a remote machine. It is intended to replace
233 rlogin and rsh, and provide secure encrypted communications between
234 two untrusted hosts over an insecure network. X11 connections and
235 arbitrary TCP/IP ports can also be forwarded over the secure channel.
236
237 OpenSSH is OpenBSD's rework of the last free version of SSH, bringing it
238 up to date in terms of security and features, as well as removing all
239 patented algorithms to separate libraries (OpenSSL).
240
241 This package contains Jim Knoble's <jmknoble@pobox.com> X11 passphrase
242 dialog.
243 %endif
244
245 %if %{build_gnomeaskpass}
246 %package askpass-gnome
247 Summary: OpenSSH GNOME passphrase dialog
248 Group: Networking/Remote access
249 Requires: %{name} = %{version}-%{release}
250 Requires: %{name}-askpass-common
251 Requires(pre): update-alternatives
252 Provides: %{name}-askpass, ssh-askpass, ssh-extras
253
254 %description askpass-gnome
255 Ssh (Secure Shell) is a program for logging into a remote machine and for
256 executing commands in a remote machine. It is intended to replace
257 rlogin and rsh, and provide secure encrypted communications between
258 two untrusted hosts over an insecure network. X11 connections and
259 arbitrary TCP/IP ports can also be forwarded over the secure channel.
260
261 OpenSSH is OpenBSD's rework of the last free version of SSH, bringing it
262 up to date in terms of security and features, as well as removing all
263 patented algorithms to separate libraries (OpenSSL).
264
265 This package contains the GNOME passphrase dialog.
266 %endif
267
268 %if %{build_ldap}
269 %package ldap
270 Summary: A LDAP support for open source SSH server daemon
271 Group: Networking/Remote access
272 Requires: %{name} = %{version}-%{release}
273
274 %description ldap
275 OpenSSH LDAP backend is a way how to distribute the authorized tokens
276 among the servers in the network.
277 %endif
278
279 %prep
280 %if %{build_x11askpass}
281 echo "Building with x11 askpass..."
282 %endif
283 %if %{build_gnomeaskpass}
284 echo "Building with GNOME askpass..."
285 %endif
286 %if %{build_krb5}
287 echo "Building with Kerberos5 support..."
288 %endif
289 %if %{build_skey}
290 echo "Building with S/KEY support..."
291 %endif
292 %if %{build_watchdog}
293 echo "Building with watchdog support..."
294 %endif
295 %if %{build_ldap}
296 echo "Buiding with support for authenticating to public keys in ldap"
297 %endif
298 %if %{build_sftpcontrol}
299 echo "Buiding with support for sftp file control"
300 %endif
301 %if %{build_hpn}
302 echo "Buiding with support for High Performance Network SSH/SCP"
303 %endif
304 %if %{build_audit}
305 echo "Buiding with audit support"
306 %endif
307
308 %setup -q -a2 -a10
309
310 %patch1 -p1 -b .config
311 %if %{build_watchdog}
312 #patch -p0 -s -z .wdog < %{name}-%{wversion}-watchdog.patch
313 %patch4 -p1 -b .watchdog
314 %endif
315 %if %{build_ldap}
316 %patch6 -p1 -b .ldap
317 %endif
318 %if %{build_sftpcontrol}
319 #cat %{SOURCE8} | patch -p1 -s -z .sftpcontrol
320 echo "This patch is broken or needs to be updated/rediffed"; exit 1
321 %patch7 -p1 -b .sftplogging-v1.5
322 # README with license terms for this patch
323 install -m 0644 %{SOURCE9} .
324 %endif
325 %if %{build_hpn}
326 echo "This patch is broken or needs to be updated/rediffed"; exit 1
327 %patch11 -p1 -b .hpn
328 %patch12 -p1 -b .peak
329 install %{SOURCE21} .
330 %endif
331 %patch13 -p1 -b .canohost
332 %if %{build_audit}
333 %patch14 -p1 -b .audit
334 %endif
335 %patch17 -p1 -b .progress
336 %patch18 -p1 -b .grab-info
337 %patch19 -p1 -b .exit-deadlock
338 %patch21 -p1 -b .tcp_wrappers_mips
339
340 install %{SOURCE12} .
341
342 install -m 0644 %{SOURCE17} sshd.pam
343
344 # fix attribs
345 chmod 644 ChangeLog OVERVIEW README* INSTALL CREDITS LICENCE TODO ssh_ldap_key.pl
346
347 # http://qa.mandriva.com/show_bug.cgi?id=22957
348 perl -pi -e "s|_OPENSSH_PATH_|%{OPENSSH_PATH}|g" sshd_config
349
350 %build
351 autoreconf
352
353 %serverbuild
354
355 %if %{build_x11askpass}
356 pushd x11-ssh-askpass-%{aversion}
357 %configure2_5x \
358 --prefix=%{_prefix} --libdir=%{_libdir} \
359 --mandir=%{_mandir} --libexecdir=%{_libdir}/ssh \
360 --with-app-defaults-dir=%{_sysconfdir}/X11/app-defaults \
361 %if %{build_libedit}
362 --with-libedit \
363 %else
364 --without-libedit \
365 %endif
366
367 xmkmf -a
368
369 %ifarch x86_64
370 perl -pi -e "s|/usr/lib\b|%{_libdir}|g" Makefile
371 perl -pi -e "s|i586-%{_vendor}-linux-gnu|x86_64-%{_vendor}-linux-gnu|g" Makefile
372 perl -pi -e "s|%{_libdir}/gcc/|/usr/lib/gcc/|g" Makefile
373 perl -pi -e "s|-m32|-m64|g" Makefile
374 perl -pi -e "s|__i386__|__x86_64__|g" Makefile
375 %endif
376
377 make \
378 BINDIR=%{_libdir}/ssh \
379 CDEBUGFLAGS="$RPM_OPT_FLAGS" \
380 CXXDEBUGFLAGS="$RPM_OPT_FLAGS"
381
382 # For some reason the x11-ssh-askpass.1.html file is not created on 10.0/10.1
383 # x86_64, so we just do it manually here... (oden)
384 rm -f x11-ssh-askpass.1x.html x11-ssh-askpass.1x-html
385 rman -f HTML < x11-ssh-askpass._man > x11-ssh-askpass.1x-html && \
386 mv -f x11-ssh-askpass.1x-html x11-ssh-askpass.1.html
387 popd
388 %endif
389
390 %if %{build_gnomeaskpass}
391 pushd contrib
392 make gnome-ssh-askpass2 CC="%__cc %optflags %ldflags"
393 mv gnome-ssh-askpass2 gnome-ssh-askpass
394 popd
395 %endif
396
397 %configure2_5x \
398 --prefix=%{_prefix} \
399 --sysconfdir=%{_sysconfdir}/ssh \
400 --mandir=%{_mandir} \
401 --libdir=%{_libdir} \
402 --libexecdir=%{_libdir}/ssh \
403 --datadir=%{_datadir}/ssh \
404 --disable-strip \
405 --with-tcp-wrappers \
406 --with-pam \
407 --with-default-path=%{OPENSSH_PATH} \
408 --with-xauth=%{XAUTH} \
409 --with-privsep-path=/var/empty \
410 --without-zlib-version-check \
411 %if %{build_krb5}
412 --with-kerberos5=%{_prefix} \
413 %endif
414 %if %{build_skey}
415 --with-skey \
416 %endif
417 %if %{build_ldap}
418 -with-ldap \
419 %endif
420 --with-superuser-path=/usr/local/sbin:/usr/local/bin:%{_sbindir}:%{_bindir} \
421 %if %{build_libedit}
422 --with-libedit \
423 %else
424 --without-libedit \
425 %endif
426 %if %{build_audit}
427 --with-linux-audit \
428 %endif
429
430 %make
431
432 %install
433 rm -rf %{buildroot}
434
435 %makeinstall_std
436
437 install -d %{buildroot}%{_sysconfdir}/ssh
438 install -d %{buildroot}%{_sysconfdir}/pam.d/
439 install -d %{buildroot}%{_sysconfdir}/sysconfig
440 install -m 644 sshd.pam %{buildroot}%{_sysconfdir}/pam.d/sshd
441
442 if [ -f sshd_config.out ]; then
443 install -m 600 sshd_config.out %{buildroot}%{_sysconfdir}/ssh/sshd_config
444 else
445 install -m 600 sshd_config %{buildroot}%{_sysconfdir}/ssh/sshd_config
446 fi
447 echo "" > %{buildroot}%{_sysconfdir}/ssh/denyusers
448
449 if [ -f ssh_config.out ]; then
450 install -m 644 ssh_config.out %{buildroot}%{_sysconfdir}/ssh/ssh_config
451 else
452 install -m 644 ssh_config %{buildroot}%{_sysconfdir}/ssh/ssh_config
453 fi
454 echo " StrictHostKeyChecking no" >> %{buildroot}%{_sysconfdir}/ssh/ssh_config
455
456 mkdir -p %{buildroot}%{_libdir}/ssh
457 %if %{build_x11askpass}
458 pushd x11-ssh-askpass-%{aversion}
459 #make DESTDIR=%{buildroot} install
460 #make DESTDIR=%{buildroot} install.man
461 #install -d %{buildroot}%{_prefix}/X11R6/lib/X11/doc/html
462 #install -m0644 x11-ssh-askpass.1.html %{buildroot}%{_prefix}/X11R6/lib/X11/doc/html/
463 install -d %{buildroot}%{_libdir}/ssh
464 install -d %{buildroot}%{_sysconfdir}/X11/app-defaults
465 install -m 644 SshAskpass.ad %{buildroot}%{_sysconfdir}/X11/app-defaults/SshAskpass
466 install -m 755 x11-ssh-askpass %{buildroot}%{_libdir}/ssh/
467 install -m 644 x11-ssh-askpass.man %{buildroot}%{_mandir}/man1/x11-ssh-askpass.1
468 popd
469 %endif
470
471 install -d %{buildroot}%{_sysconfdir}/profile.d/
472 %if %{build_gnomeaskpass}
473 install -m 755 contrib/gnome-ssh-askpass %{buildroot}%{_libdir}/ssh/gnome-ssh-askpass
474 %endif
475
476 cat > %{buildroot}%{_sysconfdir}/profile.d/90ssh-askpass.csh <<EOF
477 setenv SSH_ASKPASS %{_libdir}/ssh/ssh-askpass
478 EOF
479
480 cat > %{buildroot}%{_sysconfdir}/profile.d/90ssh-askpass.sh <<EOF
481 export SSH_ASKPASS=%{_libdir}/ssh/ssh-askpass
482 EOF
483
484 cat > %{buildroot}%{_sysconfdir}/profile.d/90ssh-client.sh <<'EOF'
485 # fix hanging ssh clients on exit
486 if [ -n "$BASH_VERSION" ]; then
487 shopt -s huponexit
488 elif [ -n "$ZSH_VERSION" ]; then
489 setopt hup
490 fi
491 EOF
492
493 install -m 755 %{SOURCE3} %{buildroot}/%{_bindir}/ssh-copy-id
494 chmod a+x %{buildroot}/%{_bindir}/ssh-copy-id
495 install -m 644 contrib/ssh-copy-id.1 %{buildroot}/%{_mandir}/man1/
496
497 # create pre-authentication directory
498 install -d -m 755 %{buildroot}/var/empty
499
500 # remove unwanted files
501 rm -f %{buildroot}%{_libdir}/ssh/ssh-askpass
502
503 # xinetd support (tv)
504 install -d -m 755 %{buildroot}%{_sysconfdir}/xinetd.d/
505 install -m 644 %{SOURCE7} %{buildroot}%{_sysconfdir}/xinetd.d/sshd-xinetd
506
507 cat > %{buildroot}%{_sysconfdir}/sysconfig/sshd << EOF
508 #OPTIONS=""
509 EOF
510
511 # avahi integration support (misc)
512 mkdir -p %{buildroot}%{_sysconfdir}/avahi/services/
513 install -m 0644 %{SOURCE15} %{buildroot}%{_sysconfdir}/avahi/services/%{name}.service
514
515 install -d -m 755 %{buildroot}%{_unitdir}
516 install -m 644 %{SOURCE22} %{buildroot}%{_unitdir}/sshd.service
517 #install -m 644 %{SOURCE23} %{buildroot}%{_unitdir}/sshd@.service
518 #install -m 644 %{SOURCE24} %{buildroot}%{_unitdir}/sshd-keygen.service
519 #install -m 644 %{SOURCE25} %{buildroot}%{_unitdir}/sshd.socket
520 install -m 755 %{SOURCE26} %{buildroot}%{_sbindir}/sshd-keygen
521
522 # make sure strip can touch it
523 chmod 755 %{buildroot}%{_libdir}/ssh/ssh-keysign
524
525 %pre server
526 %_pre_useradd sshd /var/empty /bin/true
527
528 %post server
529 # do some key management; taken from the initscript
530
531 KEYGEN=/usr/bin/ssh-keygen
532 RSA1_KEY=/etc/ssh/ssh_host_key
533 RSA_KEY=/etc/ssh/ssh_host_rsa_key
534 DSA_KEY=/etc/ssh/ssh_host_dsa_key
535
536 do_rsa1_keygen() {
537 if [ ! -s $RSA1_KEY ]; then
538 echo -n "Generating SSH1 RSA host key... "
539 if $KEYGEN -q -t rsa1 -f $RSA1_KEY -C '' -N '' >&/dev/null; then
540 chmod 600 $RSA1_KEY
541 chmod 644 $RSA1_KEY.pub
542 echo "done"
543 echo
544 else
545 echo "failed"
546 echo
547 exit 1
548 fi
549 fi
550 }
551
552 do_rsa_keygen() {
553 if [ ! -s $RSA_KEY ]; then
554 echo "Generating SSH2 RSA host key... "
555 if $KEYGEN -q -t rsa -f $RSA_KEY -C '' -N '' >&/dev/null; then
556 chmod 600 $RSA_KEY
557 chmod 644 $RSA_KEY.pub
558 echo "done"
559 echo
560 else
561 echo "failed"
562 echo
563 exit 1
564 fi
565 fi
566 }
567
568 do_dsa_keygen() {
569 if [ ! -s $DSA_KEY ]; then
570 echo "Generating SSH2 DSA host key... "
571 if $KEYGEN -q -t dsa -f $DSA_KEY -C '' -N '' >&/dev/null; then
572 chmod 600 $DSA_KEY
573 chmod 644 $DSA_KEY.pub
574 echo "done"
575 echo
576 else
577 echo "failed"
578 echo
579 exit 1
580 fi
581 fi
582 }
583
584 do_rsa1_keygen
585 do_rsa_keygen
586 do_dsa_keygen
587 %_post_service sshd
588
589 %preun server
590 %_preun_service sshd
591
592 %postun server
593 %_postun_userdel sshd
594
595 %if %{build_x11askpass}
596 %post askpass
597 update-alternatives --install %{_libdir}/ssh/ssh-askpass ssh-askpass %{_libdir}/ssh/x11-ssh-askpass 10
598 update-alternatives --install %{_bindir}/ssh-askpass bssh-askpass %{_libdir}/ssh/x11-ssh-askpass 10
599
600 %postun askpass
601 [ $1 = 0 ] || exit 0
602 update-alternatives --remove ssh-askpass %{_libdir}/ssh/x11-ssh-askpass
603 update-alternatives --remove bssh-askpass %{_libdir}/ssh/x11-ssh-askpass
604 %endif
605
606 %if %{build_gnomeaskpass}
607 %post askpass-gnome
608 update-alternatives --install %{_libdir}/ssh/ssh-askpass ssh-askpass %{_libdir}/ssh/gnome-ssh-askpass 20
609 update-alternatives --install %{_bindir}/ssh-askpass bssh-askpass %{_libdir}/ssh/gnome-ssh-askpass 20
610
611 %postun askpass-gnome
612 [ $1 = 0 ] || exit 0
613 update-alternatives --remove ssh-askpass %{_libdir}/ssh/gnome-ssh-askpass
614 update-alternatives --remove bssh-askpass %{_libdir}/ssh/gnome-ssh-askpass
615 %endif
616
617 %triggerpostun server -- openssh-server < 3.8p1
618 if grep -qE "^\W*auth\W+\w+\W+.*pam_(ldap|winbind|mysql)" /etc/pam.d/system-auth /etc/pam.d/sshd; then
619 perl -pi -e 's|^#UsePAM no|UsePAM yes|' /etc/ssh/sshd_config
620 fi
621
622 %files
623 %doc ChangeLog OVERVIEW README* INSTALL CREDITS LICENCE TODO ssh_ldap_key.pl
624 %if %{build_ldap}
625 %doc *.schema
626 %endif
627 %if %{build_watchdog}
628 %doc CHANGES-openssh-watchdog openssh-watchdog.html
629 %endif
630 %if %{build_sftpcontrol}
631 %doc README.sftpfilecontrol
632 %endif
633 %{_bindir}/ssh-keygen
634 %dir %{_sysconfdir}/ssh
635 %{_bindir}/ssh-keyscan
636 %attr(4711,root,root) %{_libdir}/ssh/ssh-keysign
637 %{_libdir}/ssh/ssh-pkcs11-helper
638 %{_mandir}/man1/ssh-keygen.1*
639 %{_mandir}/man1/ssh-keyscan.1*
640 %{_mandir}/man8/ssh-keysign.8*
641 %{_mandir}/man8/ssh-pkcs11-helper.8*
642
643 %files clients
644 %{_bindir}/scp
645 %{_bindir}/ssh
646 %{_bindir}/ssh-agent
647 %{_bindir}/ssh-add
648 %{_bindir}/ssh-copy-id
649 %{_bindir}/slogin
650 %{_bindir}/sftp
651 %{_mandir}/man1/scp.1*
652 %{_mandir}/man1/ssh-copy-id.1*
653 %{_mandir}/man1/slogin.1*
654 %{_mandir}/man1/ssh.1*
655 %{_mandir}/man1/ssh-agent.1*
656 %{_mandir}/man1/ssh-add.1*
657 %{_mandir}/man1/sftp.1*
658 %{_mandir}/man5/ssh_config.5*
659 %config(noreplace) %{_sysconfdir}/ssh/ssh_config
660 %{_sysconfdir}/profile.d/90ssh-client.sh
661
662 %files server
663 %config(noreplace) %{_sysconfdir}/sysconfig/sshd
664 %{_sbindir}/sshd
665 %{_sbindir}/sshd-keygen
666 %dir %{_libdir}/ssh
667 %{_libdir}/ssh/sftp-server
668 %{_mandir}/man5/sshd_config.5*
669 %{_mandir}/man5/moduli.5*
670 %{_mandir}/man8/sshd.8*
671 %{_mandir}/man8/sftp-server.8*
672 %attr(0600,root,root) %config(noreplace) %{_sysconfdir}/ssh/sshd_config
673 %attr(0600,root,root) %config(noreplace) %{_sysconfdir}/ssh/denyusers
674 %attr(0600,root,root) %config(noreplace) %{_sysconfdir}/pam.d/sshd
675 %config(noreplace) %_sysconfdir/xinetd.d/sshd-xinetd
676 %config(noreplace) %{_sysconfdir}/avahi/services/%{name}.service
677 %config(noreplace) %{_sysconfdir}/ssh/moduli
678 %{_unitdir}/sshd.service
679 %dir /var/empty
680
681 %files askpass-common
682 %{_sysconfdir}/profile.d/90ssh-askpass.*
683
684 %if %{build_x11askpass}
685 %files askpass
686 %doc x11-ssh-askpass-%{aversion}/README
687 %doc x11-ssh-askpass-%{aversion}/ChangeLog
688 %doc x11-ssh-askpass-%{aversion}/SshAskpass*.ad
689 %doc x11-ssh-askpass-%{aversion}/x11-ssh-askpass.1.html
690 %{_libdir}/ssh/x11-ssh-askpass
691 %{_sysconfdir}/X11/app-defaults/SshAskpass
692 %{_mandir}/man1/x11-ssh-askpass.1*
693 %endif
694
695 %if %{build_gnomeaskpass}
696 %files askpass-gnome
697 %{_libdir}/ssh/gnome-ssh-askpass
698 %endif
699
700 %if %{build_ldap}
701 %files ldap
702 %doc HOWTO.ldap-keys openssh-lpk-openldap.schema openssh-lpk-sun.schema
703 %config %{_sysconfdir}/ssh/ldap.conf
704 %{_libdir}/ssh/ssh-ldap-helper
705 %{_libdir}/ssh/ssh-ldap-wrapper
706 %{_mandir}/man8/ssh-ldap-helper.8*
707 %{_mandir}/man5/ssh-ldap.conf.5*
708 %endif
  ViewVC Help
Powered by ViewVC 1.1.30