/[packages]/updates/3/openssh/current/SPECS/openssh.spec
ViewVC logotype

Contents of /updates/3/openssh/current/SPECS/openssh.spec

Parent Directory Parent Directory | Revision Log Revision Log


Revision 95041 - (show annotations) (download)
Thu May 5 08:30:43 2011 UTC (12 years, 10 months ago) by saispo
Original Path: cauldron/openssh/current/SPECS/openssh.spec
File size: 22473 byte(s)
Bump Release
1 ## Do not apply any unauthorized patches to this package!
2 ## - vdanen 05/18/01
3 ##
4
5 # Version of ssh-askpass
6 %define aversion 1.2.4.1
7 # Version of watchdog patch
8 %define wversion 4.4p1
9
10 # Version of the hpn patch
11 %define hpnver 13v6
12
13 # overrides
14 %define build_skey 0
15 %define build_krb5 1
16 %define build_watchdog 0
17 %define build_x11askpass 1
18 %define build_gnomeaskpass 1
19 %define build_ldap 0
20 %define build_sftpcontrol 0
21 %define build_hpn 0
22 %define build_audit 0
23 %define build_libedit 1
24
25 %{?_with_skey: %{expand: %%global build_skey 1}}
26 %{?_without_skey: %{expand: %%global build_skey 0}}
27 %{?_with_krb5: %{expand: %%global build_krb5 1}}
28 %{?_without_krb5: %{expand: %%global build_krb5 0}}
29 %{?_with_watchdog: %{expand: %%global build_watchdog 1}}
30 %{?_without_watchdog: %{expand: %%global build_watchdog 0}}
31 %{?_with_x11askpass: %{expand: %%global build_x11askpass 1}}
32 %{?_without_x11askpass: %{expand: %%global build_x11askpass 0}}
33 %{?_with_gnomeaskpass: %{expand: %%global build_gnomeaskpass 1}}
34 %{?_without_gnomeaskpass: %{expand: %%global build_gnomeaskpass 0}}
35 %{?_with_ldap: %{expand: %%global build_ldap 1}}
36 %{?_without_ldap: %{expand: %%global build_ldap 0}}
37 %{?_with_sftpcontrol: %{expand: %%global build_sftpcontrol 1}}
38 %{?_without_sftpcontrol: %{expand: %%global build_sftpcontrol 0}}
39 %{?_with_hpn: %{expand: %%global build_hpn 1}}
40 %{?_without_hpn: %{expand: %%global build_hpn 0}}
41 %{?_with_audit: %{expand: %%global build_audit 1}}
42 %{?_without_audit: %{expand: %%global build_audit 0}}
43 %{?_with_libedit: %{expand: %%global build_libedit 1}}
44 %{?_without_libedit: %{expand: %%global build_libedit 0}}
45
46 %define OPENSSH_PATH "/usr/local/bin:/bin:%{_bindir}"
47 %define XAUTH %{_bindir}/xauth
48
49 Summary: OpenSSH free Secure Shell (SSH) implementation
50 Name: openssh
51 Version: 5.8p1
52 Release: %mkrel 2
53 License: BSD
54 Group: Networking/Remote access
55 URL: http://www.openssh.com/
56 Source0: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz
57 Source1: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz.asc
58 Source2: http://www.ntrnet.net/~jmknoble/software/x11-ssh-askpass/x11-ssh-askpass-%{aversion}.tar.bz2
59 # ssh-copy-id taken from debian, with "usage" added
60 Source3: ssh-copy-id
61 Source7: openssh-xinetd
62 Source9: README.sftpfilecontrol
63 # this is never to be applied by default
64 # http://www.sc.isc.tohoku.ac.jp/~hgot/sources/openssh-watchdog.html
65 Source10: openssh-%{wversion}-watchdog.patch.tgz
66 Source12: ssh_ldap_key.pl
67 Source15: ssh-avahi-integration
68 Source17: sshd.pam
69 Source18: sshd.init
70 Source21: README.hpn
71 # patch to set some default configuration
72 Patch1: openssh-distro_conf.diff
73 # authorized by Damien Miller <djm@openbsd.com>
74 # patch to lower the check on openssl version, should likely be removed
75 Patch3: openssh-3.1p1-check-only-ssl-version.patch
76
77 # rediffed from openssh-4.4p1-watchdog.patch.tgz
78 Patch4: openssh-4.4p1-watchdog.diff
79 # optional ldap support
80 # http://dev.inversepath.com/trac/openssh-lpk
81 #Patch6: http://dev.inversepath.com/openssh-lpk/openssh-lpk-4.6p1-0.3.9.patch
82 # new location for the lpk patch.
83 # rediffed from "svn checkout http://openssh-lpk.googlecode.com/svn/trunk/ openssh-lpk-read-only"
84 Patch6: openssh-lpk-5.4p1-0.3.10.diff
85 # http://sftpfilecontrol.sourceforge.net
86 # Not applied by default
87 # P7 is rediffed and slightly adjusted from http://sftplogging.sourceforge.net/download/v1.5/openssh-4.4p1.sftplogging-v1.5.patch
88 Patch7: openssh-4.9p1.sftplogging-v1.5.diff
89 # (tpg) http://www.psc.edu/networking/projects/hpn-ssh/
90 Patch11: http://www.psc.edu/networking/projects/hpn-ssh/openssh-5.2p1-hpn%{hpnver}.diff
91 Patch12: http://www.psc.edu/networking/projects/hpn-ssh/openssh5.1-peaktput.diff
92 #gw: from Fedora:
93 #fix round-robin DNS with GSSAPI authentification
94 Patch13: openssh-4.3p2-gssapi-canohost.patch
95 Patch14: openssh-4.7p1-audit.patch
96 Patch17: openssh-5.1p1-askpass-progress.patch
97 Patch18: openssh-4.3p2-askpass-grab-info.patch
98 Patch19: openssh-4.0p1-exit-deadlock.patch
99 Patch21: openssh_tcp_wrappers.patch
100 Patch22: openssh-5.1p1-fix-ssh-keysign-security-fix.patch
101 Obsoletes: ssh
102 Provides: ssh
103 Requires(post): openssl >= 0.9.7
104 Requires(post): makedev
105 Requires(preun): openssl >= 0.9.7
106 Requires: tcp_wrappers
107 BuildRequires: groff-for-man
108 BuildRequires: openssl-devel >= 0.9.7
109 BuildRequires: pam-devel
110 BuildRequires: tcp_wrappers-devel
111 BuildRequires: zlib-devel
112 %if %{build_skey}
113 BuildRequires: skey-devel
114 %endif
115 %if %{build_krb5}
116 BuildRequires: krb5-devel
117 %endif
118 %if %{build_x11askpass}
119 BuildRequires: imake
120 BuildRequires: rman
121 # http://qa.mandriva.com/show_bug.cgi?id=22736
122 BuildRequires: x11-util-cf-files >= 1.0.2
123 BuildRequires: gccmakedep
124 BuildRequires: libx11-devel
125 BuildRequires: libxt-devel
126 %endif
127 %if %{build_gnomeaskpass}
128 BuildRequires: gtk+2-devel
129 %endif
130 %if %{build_ldap}
131 BuildRequires: openldap-devel >= 2.0
132 %endif
133 %if %{build_audit}
134 BuildRequires: audit-devel
135 %endif
136 %if %{build_libedit}
137 BuildRequires: edit-devel ncurses-devel
138 %endif
139 BuildConflicts: libgssapi-devel
140 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-buildroot
141
142 %description
143 Ssh (Secure Shell) is a program for logging into a remote machine and for
144 executing commands in a remote machine. It is intended to replace
145 rlogin and rsh, and provide secure encrypted communications between
146 two untrusted hosts over an insecure network. X11 connections and
147 arbitrary TCP/IP ports can also be forwarded over the secure channel.
148
149 OpenSSH is OpenBSD's rework of the last free version of SSH, bringing it
150 up to date in terms of security and features, as well as removing all
151 patented algorithms to separate libraries (OpenSSL).
152
153 This package includes the core files necessary for both the OpenSSH
154 client and server. To make this package useful, you should also
155 install openssh-clients, openssh-server, or both.
156
157 You can build %{name} with some conditional build swithes;
158
159 (ie. use with rpm --rebuild):
160
161 --with[out] skey smartcard support (disabled)
162 --with[out] krb5 kerberos support (enabled)
163 --with[out] watchdog watchdog support (disabled)
164 --with[out] x11askpass X11 ask pass support (enabled)
165 --with[out] gnomeaskpass Gnome ask pass support (enabled)
166 --with[out] ldap OpenLDAP support (disabled)
167 --with[out] sftpcontrol sftp file control support (disabled)
168 --with[out] hpn HPN ssh/scp support (disabled)
169 --with[out] audit audit support (disabled)
170 --with[out] libedit libedit support in sftp (enabled)
171
172 %package clients
173 Summary: OpenSSH Secure Shell protocol clients
174 Group: Networking/Remote access
175 Requires: %{name} = %{version}-%{release}
176 Obsoletes: ssh-clients, sftp, ssh
177 Provides: ssh-clients, sftp, ssh
178
179 %description clients
180 Ssh (Secure Shell) is a program for logging into a remote machine and for
181 executing commands in a remote machine. It is intended to replace
182 rlogin and rsh, and provide secure encrypted communications between
183 two untrusted hosts over an insecure network. X11 connections and
184 arbitrary TCP/IP ports can also be forwarded over the secure channel.
185
186 OpenSSH is OpenBSD's rework of the last free version of SSH, bringing it
187 up to date in terms of security and features, as well as removing all
188 patented algorithms to separate libraries (OpenSSL).
189
190 This package includes the clients necessary to make encrypted connections
191 to SSH servers.
192
193 %package server
194 Summary: OpenSSH Secure Shell protocol server (sshd)
195 Group: System/Servers
196 Requires(pre): %{name} = %{version}-%{release} chkconfig >= 0.9
197 Requires(pre): pam >= 0.74
198 Requires(pre): rpm-helper
199 Requires(post): rpm-helper
200 Requires(preun): rpm-helper
201 Requires(postun): rpm-helper
202 Requires(post): openssl >= 0.9.7
203 Requires(post): makedev
204 Requires: %{name}-clients = %{version}-%{release}
205 %if %{build_skey}
206 Requires: skey
207 %endif
208 %if %{build_audit}
209 BuildRequires: audit
210 %endif
211 Obsoletes: ssh-server, sshd
212 Provides: ssh-server, sshd
213
214 %description server
215 Ssh (Secure Shell) is a program for logging into a remote machine and for
216 executing commands in a remote machine. It is intended to replace
217 rlogin and rsh, and provide secure encrypted communications between
218 two untrusted hosts over an insecure network. X11 connections and
219 arbitrary TCP/IP ports can also be forwarded over the secure channel.
220
221 OpenSSH is OpenBSD's rework of the last free version of SSH, bringing it
222 up to date in terms of security and features, as well as removing all
223 patented algorithms to separate libraries (OpenSSL).
224
225 This package contains the secure shell daemon. The sshd is the server
226 part of the secure shell protocol and allows ssh clients to connect to
227 your host.
228
229 %package askpass-common
230 Summary: OpenSSH X11 passphrase common scripts
231 Group: Networking/Remote access
232
233 %description askpass-common
234 OpenSSH X11 passphrase common scripts
235
236 %if %{build_x11askpass}
237 %package askpass
238 Summary: OpenSSH X11 passphrase dialog
239 Group: Networking/Remote access
240 Requires: %{name} = %{version}-%{release}
241 Requires: %{name}-askpass-common
242 Obsoletes: ssh-extras, ssh-askpass
243 Provides: ssh-extras, ssh-askpass
244 Requires(pre): update-alternatives
245
246 %description askpass
247 Ssh (Secure Shell) is a program for logging into a remote machine and for
248 executing commands in a remote machine. It is intended to replace
249 rlogin and rsh, and provide secure encrypted communications between
250 two untrusted hosts over an insecure network. X11 connections and
251 arbitrary TCP/IP ports can also be forwarded over the secure channel.
252
253 OpenSSH is OpenBSD's rework of the last free version of SSH, bringing it
254 up to date in terms of security and features, as well as removing all
255 patented algorithms to separate libraries (OpenSSL).
256
257 This package contains Jim Knoble's <jmknoble@pobox.com> X11 passphrase
258 dialog.
259 %endif
260
261 %if %{build_gnomeaskpass}
262 %package askpass-gnome
263 Summary: OpenSSH GNOME passphrase dialog
264 Group: Networking/Remote access
265 Requires: %{name} = %{version}-%{release}
266 Requires: %{name}-askpass-common
267 Obsoletes: ssh-extras
268 Requires(pre): update-alternatives
269 Provides: %{name}-askpass, ssh-askpass, ssh-extras
270
271 %description askpass-gnome
272 Ssh (Secure Shell) is a program for logging into a remote machine and for
273 executing commands in a remote machine. It is intended to replace
274 rlogin and rsh, and provide secure encrypted communications between
275 two untrusted hosts over an insecure network. X11 connections and
276 arbitrary TCP/IP ports can also be forwarded over the secure channel.
277
278 OpenSSH is OpenBSD's rework of the last free version of SSH, bringing it
279 up to date in terms of security and features, as well as removing all
280 patented algorithms to separate libraries (OpenSSL).
281
282 This package contains the GNOME passphrase dialog.
283 %endif
284
285 %prep
286 %if %{build_x11askpass}
287 echo "Building with x11 askpass..."
288 %endif
289 %if %{build_gnomeaskpass}
290 echo "Building with GNOME askpass..."
291 %endif
292 %if %{build_krb5}
293 echo "Building with Kerberos5 support..."
294 %endif
295 %if %{build_skey}
296 echo "Building with S/KEY support..."
297 %endif
298 %if %{build_watchdog}
299 echo "Building with watchdog support..."
300 %endif
301 %if %{build_ldap}
302 echo "Buiding with support for authenticating to public keys in ldap"
303 %endif
304 %if %{build_sftpcontrol}
305 echo "Buiding with support for sftp file control"
306 %endif
307 %if %{build_hpn}
308 echo "Buiding with support for High Performance Network SSH/SCP"
309 %endif
310 %if %{build_audit}
311 echo "Buiding with audit support"
312 %endif
313
314 %setup -q -a2 -a10
315
316 %patch1 -p1 -b .distro_conf
317 %patch3 -p1 -b .ssl_ver
318 %if %{build_watchdog}
319 #patch -p0 -s -z .wdog < %{name}-%{wversion}-watchdog.patch
320 %patch4 -p1 -b .watchdog
321 %endif
322 %if %{build_ldap}
323 sed -i 's|UsePrivilegeSeparation yes|#UsePrivilegeSeparation yes|' sshd_config
324 %patch6 -p1 -b .lpk
325 rm -f README.lpk.lpk
326 %define _default_patch_fuzz 3
327 %else
328 %define _default_patch_fuzz 2
329 %endif
330 %if %{build_sftpcontrol}
331 #cat %{SOURCE8} | patch -p1 -s -z .sftpcontrol
332 echo "This patch is broken or needs to be updated/rediffed"; exit 1
333 %patch7 -p1 -b .sftplogging-v1.5
334 # README with license terms for this patch
335 install -m 0644 %{SOURCE9} .
336 %endif
337 %if %{build_hpn}
338 echo "This patch is broken or needs to be updated/rediffed"; exit 1
339 %patch11 -p1 -b .hpn
340 %patch12 -p1 -b .peak
341 install %{SOURCE21} .
342 %endif
343 %patch13 -p1 -b .canohost
344 %if %{build_audit}
345 %patch14 -p1 -b .audit
346 %endif
347 %patch17 -p1 -b .progress
348 %patch18 -p1 -b .grab-info
349 %patch19 -p1 -b .exit-deadlock
350 %patch21 -p1 -b .tcp_wrappers_mips
351 %patch22 -p0 -b .openssh-5.1p1-fix-ssh-keysign-security-fix
352
353 install %{SOURCE12} .
354
355 install -m 0644 %{SOURCE17} sshd.pam
356 install -m 0755 %{SOURCE18} sshd.init
357
358 # fix attribs
359 chmod 644 ChangeLog OVERVIEW README* INSTALL CREDITS LICENCE TODO ssh_ldap_key.pl
360
361 # http://qa.mandriva.com/show_bug.cgi?id=22957
362 perl -pi -e "s|_OPENSSH_PATH_|%{OPENSSH_PATH}|g" sshd_config
363
364 %build
365 autoreconf
366
367 %serverbuild
368
369 %if %{build_x11askpass}
370 pushd x11-ssh-askpass-%{aversion}
371 %configure2_5x \
372 --prefix=%{_prefix} --libdir=%{_libdir} \
373 --mandir=%{_mandir} --libexecdir=%{_libdir}/ssh \
374 --with-app-defaults-dir=%{_sysconfdir}/X11/app-defaults \
375 %if %{build_libedit}
376 --with-libedit \
377 %else
378 --without-libedit \
379 %endif
380
381 xmkmf -a
382
383 %ifarch x86_64
384 perl -pi -e "s|/usr/lib\b|%{_libdir}|g" Makefile
385 perl -pi -e "s|i586-%{_vendor}-linux-gnu|x86_64-%{_vendor}-linux-gnu|g" Makefile
386 perl -pi -e "s|%{_libdir}/gcc/|/usr/lib/gcc/|g" Makefile
387 perl -pi -e "s|-m32|-m64|g" Makefile
388 perl -pi -e "s|__i386__|__x86_64__|g" Makefile
389 %endif
390
391 make \
392 BINDIR=%{_libdir}/ssh \
393 CDEBUGFLAGS="$RPM_OPT_FLAGS" \
394 CXXDEBUGFLAGS="$RPM_OPT_FLAGS"
395
396 # For some reason the x11-ssh-askpass.1.html file is not created on 10.0/10.1
397 # x86_64, so we just do it manually here... (oden)
398 rm -f x11-ssh-askpass.1x.html x11-ssh-askpass.1x-html
399 rman -f HTML < x11-ssh-askpass._man > x11-ssh-askpass.1x-html && \
400 mv -f x11-ssh-askpass.1x-html x11-ssh-askpass.1.html
401 popd
402 %endif
403
404 %if %{build_gnomeaskpass}
405 pushd contrib
406 make gnome-ssh-askpass2 CC="%__cc %optflags %ldflags"
407 mv gnome-ssh-askpass2 gnome-ssh-askpass
408 popd
409 %endif
410
411 %configure2_5x \
412 --prefix=%{_prefix} \
413 --sysconfdir=%{_sysconfdir}/ssh \
414 --mandir=%{_mandir} \
415 --libdir=%{_libdir} \
416 --libexecdir=%{_libdir}/ssh \
417 --datadir=%{_datadir}/ssh \
418 --disable-strip \
419 --with-tcp-wrappers \
420 --with-pam \
421 --with-default-path=%{OPENSSH_PATH} \
422 --with-xauth=%{XAUTH} \
423 --with-privsep-path=/var/empty \
424 --without-zlib-version-check \
425 %if %{build_krb5}
426 --with-kerberos5=%{_prefix} \
427 %endif
428 %if %{build_skey}
429 --with-skey \
430 %endif
431 %if %{build_ldap}
432 --with-libs="-lldap -llber" \
433 --with-cppflags="-DWITH_LDAP_PUBKEY -DLDAP_DEPRECATED" \
434 %endif
435 --with-superuser-path=/usr/local/sbin:/usr/local/bin:/sbin:/bin:%{_sbindir}:%{_bindir} \
436 %if %{build_libedit}
437 --with-libedit \
438 %else
439 --without-libedit \
440 %endif
441 %if %{build_audit}
442 --with-linux-audit \
443 %endif
444
445 %make
446
447 %install
448 rm -rf %{buildroot}
449
450 %makeinstall_std
451
452 install -d %{buildroot}%{_sysconfdir}/ssh
453 install -d %{buildroot}%{_sysconfdir}/pam.d/
454 install -d %{buildroot}%{_sysconfdir}/sysconfig
455 install -d %{buildroot}%{_initrddir}
456 install -m644 sshd.pam %{buildroot}%{_sysconfdir}/pam.d/sshd
457 install -m755 sshd.init %{buildroot}%{_initrddir}/sshd
458
459 if [[ -f sshd_config.out ]]; then
460 install -m600 sshd_config.out %{buildroot}%{_sysconfdir}/ssh/sshd_config
461 else
462 install -m600 sshd_config %{buildroot}%{_sysconfdir}/ssh/sshd_config
463 fi
464 echo "root" > %{buildroot}%{_sysconfdir}/ssh/denyusers
465
466 if [[ -f ssh_config.out ]]; then
467 install -m644 ssh_config.out %{buildroot}%{_sysconfdir}/ssh/ssh_config
468 else
469 install -m644 ssh_config %{buildroot}%{_sysconfdir}/ssh/ssh_config
470 fi
471 echo " StrictHostKeyChecking no" >> %{buildroot}%{_sysconfdir}/ssh/ssh_config
472
473 mkdir -p %{buildroot}%{_libdir}/ssh
474 %if %{build_x11askpass}
475 pushd x11-ssh-askpass-%{aversion}
476 #make DESTDIR=%{buildroot} install
477 #make DESTDIR=%{buildroot} install.man
478 #install -d %{buildroot}%{_prefix}/X11R6/lib/X11/doc/html
479 #install -m0644 x11-ssh-askpass.1.html %{buildroot}%{_prefix}/X11R6/lib/X11/doc/html/
480 install -d %{buildroot}%{_libdir}/ssh
481 install -d %{buildroot}%{_sysconfdir}/X11/app-defaults
482 install -m0644 SshAskpass.ad %{buildroot}%{_sysconfdir}/X11/app-defaults/SshAskpass
483 install -m0755 x11-ssh-askpass %{buildroot}%{_libdir}/ssh/
484 install -m0644 x11-ssh-askpass.man %{buildroot}%{_mandir}/man1/x11-ssh-askpass.1
485 popd
486 %endif
487
488 install -d %{buildroot}%{_sysconfdir}/profile.d/
489 %if %{build_gnomeaskpass}
490 install -m 755 contrib/gnome-ssh-askpass %{buildroot}%{_libdir}/ssh/gnome-ssh-askpass
491 %endif
492
493 cat > %{buildroot}%{_sysconfdir}/profile.d/90ssh-askpass.csh <<EOF
494 setenv SSH_ASKPASS %{_libdir}/ssh/ssh-askpass
495 EOF
496
497 cat > %{buildroot}%{_sysconfdir}/profile.d/90ssh-askpass.sh <<EOF
498 export SSH_ASKPASS=%{_libdir}/ssh/ssh-askpass
499 EOF
500
501 cat > %{buildroot}%{_sysconfdir}/profile.d/90ssh-client.sh <<'EOF'
502 # fix hanging ssh clients on exit
503 if [ -n "$BASH_VERSION" ]; then
504 shopt -s huponexit
505 elif [ -n "$ZSH_VERSION" ]; then
506 setopt hup
507 fi
508 EOF
509
510 install -m 0755 %{SOURCE3} %{buildroot}/%{_bindir}/ssh-copy-id
511 chmod a+x %{buildroot}/%{_bindir}/ssh-copy-id
512 install -m 644 contrib/ssh-copy-id.1 %{buildroot}/%{_mandir}/man1/
513
514 # create pre-authentication directory
515 mkdir -p %{buildroot}/var/empty
516
517 # remove unwanted files
518 rm -f %{buildroot}%{_libdir}/ssh/ssh-askpass
519
520 # xinetd support (tv)
521 mkdir -p %{buildroot}%{_sysconfdir}/xinetd.d/
522 install -m 0644 %{SOURCE7} %{buildroot}%{_sysconfdir}/xinetd.d/sshd-xinetd
523
524 cat > %{buildroot}%{_sysconfdir}/sysconfig/sshd << EOF
525 #SSHD="%{_sbindir}/sshd"
526 #PID_FILE="/var/run/sshd.pid"
527 #OPTIONS=""
528 EOF
529
530 # avahi integration support (misc)
531 mkdir -p %{buildroot}%{_sysconfdir}/avahi/services/
532 install -m 0644 %{SOURCE15} %{buildroot}%{_sysconfdir}/avahi/services/%{name}.service
533
534 # make sure strip can touch it
535 chmod 755 %{buildroot}%{_libdir}/ssh/ssh-keysign
536
537 %clean
538 rm -rf %{buildroot}
539
540 %pre server
541 %_pre_useradd sshd /var/empty /bin/true
542
543 %post server
544 # do some key management; taken from the initscript
545
546 KEYGEN=/usr/bin/ssh-keygen
547 RSA1_KEY=/etc/ssh/ssh_host_key
548 RSA_KEY=/etc/ssh/ssh_host_rsa_key
549 DSA_KEY=/etc/ssh/ssh_host_dsa_key
550
551 do_rsa1_keygen() {
552 if [ ! -s $RSA1_KEY ]; then
553 echo -n "Generating SSH1 RSA host key... "
554 if $KEYGEN -q -t rsa1 -f $RSA1_KEY -C '' -N '' >&/dev/null; then
555 chmod 600 $RSA1_KEY
556 chmod 644 $RSA1_KEY.pub
557 echo "done"
558 echo
559 else
560 echo "failed"
561 echo
562 exit 1
563 fi
564 fi
565 }
566
567 do_rsa_keygen() {
568 if [ ! -s $RSA_KEY ]; then
569 echo "Generating SSH2 RSA host key... "
570 if $KEYGEN -q -t rsa -f $RSA_KEY -C '' -N '' >&/dev/null; then
571 chmod 600 $RSA_KEY
572 chmod 644 $RSA_KEY.pub
573 echo "done"
574 echo
575 else
576 echo "failed"
577 echo
578 exit 1
579 fi
580 fi
581 }
582
583 do_dsa_keygen() {
584 if [ ! -s $DSA_KEY ]; then
585 echo "Generating SSH2 DSA host key... "
586 if $KEYGEN -q -t dsa -f $DSA_KEY -C '' -N '' >&/dev/null; then
587 chmod 600 $DSA_KEY
588 chmod 644 $DSA_KEY.pub
589 echo "done"
590 echo
591 else
592 echo "failed"
593 echo
594 exit 1
595 fi
596 fi
597 }
598
599 do_rsa1_keygen
600 do_rsa_keygen
601 do_dsa_keygen
602 %_post_service sshd
603
604 %preun server
605 %_preun_service sshd
606
607 %postun server
608 %_postun_userdel sshd
609
610 %if %{build_x11askpass}
611 %post askpass
612 update-alternatives --install %{_libdir}/ssh/ssh-askpass ssh-askpass %{_libdir}/ssh/x11-ssh-askpass 10
613 update-alternatives --install %{_bindir}/ssh-askpass bssh-askpass %{_libdir}/ssh/x11-ssh-askpass 10
614
615 %postun askpass
616 [ $1 = 0 ] || exit 0
617 update-alternatives --remove ssh-askpass %{_libdir}/ssh/x11-ssh-askpass
618 update-alternatives --remove bssh-askpass %{_libdir}/ssh/x11-ssh-askpass
619 %endif
620
621 %if %{build_gnomeaskpass}
622 %post askpass-gnome
623 update-alternatives --install %{_libdir}/ssh/ssh-askpass ssh-askpass %{_libdir}/ssh/gnome-ssh-askpass 20
624 update-alternatives --install %{_bindir}/ssh-askpass bssh-askpass %{_libdir}/ssh/gnome-ssh-askpass 20
625
626 %postun askpass-gnome
627 [ $1 = 0 ] || exit 0
628 update-alternatives --remove ssh-askpass %{_libdir}/ssh/gnome-ssh-askpass
629 update-alternatives --remove bssh-askpass %{_libdir}/ssh/gnome-ssh-askpass
630 %endif
631
632 %triggerpostun server -- openssh-server < 3.8p1
633 if grep -qE "^\W*auth\W+\w+\W+.*pam_(ldap|winbind|mysql)" /etc/pam.d/system-auth /etc/pam.d/sshd; then
634 perl -pi -e 's|^#UsePAM no|UsePAM yes|' /etc/ssh/sshd_config
635 fi
636
637 %files
638 %defattr(-,root,root)
639 %doc ChangeLog OVERVIEW README* INSTALL CREDITS LICENCE TODO ssh_ldap_key.pl
640 %if %{build_ldap}
641 %doc *.schema
642 %endif
643 %if %{build_watchdog}
644 %doc CHANGES-openssh-watchdog openssh-watchdog.html
645 %endif
646 %if %{build_sftpcontrol}
647 %doc README.sftpfilecontrol
648 %endif
649 %{_bindir}/ssh-keygen
650 %dir %{_sysconfdir}/ssh
651 %{_bindir}/ssh-keyscan
652 %attr(4711,root,root) %{_libdir}/ssh/ssh-keysign
653 %{_libdir}/ssh/ssh-pkcs11-helper
654 %{_mandir}/man1/ssh-keygen.1*
655 %{_mandir}/man1/ssh-keyscan.1*
656 %{_mandir}/man8/ssh-keysign.8*
657 %{_mandir}/man8/ssh-pkcs11-helper.8*
658
659 %files clients
660 %defattr(-,root,root)
661 %{_bindir}/scp
662 %{_bindir}/ssh
663 %{_bindir}/ssh-agent
664 %{_bindir}/ssh-add
665 %{_bindir}/ssh-copy-id
666 %{_bindir}/slogin
667 %{_bindir}/sftp
668 %{_mandir}/man1/scp.1*
669 %{_mandir}/man1/ssh-copy-id.1*
670 %{_mandir}/man1/slogin.1*
671 %{_mandir}/man1/ssh.1*
672 %{_mandir}/man1/ssh-agent.1*
673 %{_mandir}/man1/ssh-add.1*
674 %{_mandir}/man1/sftp.1*
675 %{_mandir}/man5/ssh_config.5*
676 %config(noreplace) %{_sysconfdir}/ssh/ssh_config
677 %{_sysconfdir}/profile.d/90ssh-client.sh
678
679 %files server
680 %defattr(-,root,root)
681 %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/sysconfig/sshd
682 %{_sbindir}/sshd
683 %dir %{_libdir}/ssh
684 %{_libdir}/ssh/sftp-server
685 %{_mandir}/man5/sshd_config.5*
686 %{_mandir}/man5/moduli.5*
687 %{_mandir}/man8/sshd.8*
688 %{_mandir}/man8/sftp-server.8*
689 %attr(0600,root,root) %config(noreplace) %{_sysconfdir}/ssh/sshd_config
690 %attr(0600,root,root) %config(noreplace) %{_sysconfdir}/ssh/denyusers
691 %attr(0600,root,root) %config(noreplace) %{_sysconfdir}/pam.d/sshd
692 %config(noreplace) %_sysconfdir/xinetd.d/sshd-xinetd
693 %config(noreplace) %{_sysconfdir}/avahi/services/%{name}.service
694 %config(noreplace) %{_sysconfdir}/ssh/moduli
695 %attr(0755,root,root) %{_initrddir}/sshd
696 %dir %attr(0755,root,root) /var/empty
697
698 %files askpass-common
699 %defattr(-,root,root)
700 %{_sysconfdir}/profile.d/90ssh-askpass.*
701
702 %if %{build_x11askpass}
703 %files askpass
704 %defattr(-,root,root)
705 %doc x11-ssh-askpass-%{aversion}/README
706 %doc x11-ssh-askpass-%{aversion}/ChangeLog
707 %doc x11-ssh-askpass-%{aversion}/SshAskpass*.ad
708 %doc x11-ssh-askpass-%{aversion}/x11-ssh-askpass.1.html
709 %{_libdir}/ssh/x11-ssh-askpass
710 %{_sysconfdir}/X11/app-defaults/SshAskpass
711 #%{_prefix}/X11R6/lib/X11/doc/html/x11-ssh-askpass.1.html
712 %{_mandir}/man1/x11-ssh-askpass.1*
713 %endif
714
715 %if %{build_gnomeaskpass}
716 %files askpass-gnome
717 %defattr(-,root,root)
718 %{_libdir}/ssh/gnome-ssh-askpass
719 %endif
720
721

  ViewVC Help
Powered by ViewVC 1.1.30