/[packages]/updates/3/openssh/current/SPECS/openssh.spec
ViewVC logotype

Contents of /updates/3/openssh/current/SPECS/openssh.spec

Parent Directory Parent Directory | Revision Log Revision Log


Revision 612792 - (show annotations) (download)
Mon Apr 7 21:23:07 2014 UTC (9 years, 11 months ago) by luigiwalser
File size: 22261 byte(s)
add patch from debian to fix CVE-2014-2653
1 # Version of ssh-askpass
2 %define aversion 1.2.4.1
3 # Version of watchdog patch
4 %define wversion 4.4p1
5
6 # Version of the hpn patch
7 %define hpnver 13v6
8
9 # overrides
10 %define build_skey 0
11 %define build_krb5 1
12 %define build_watchdog 0
13 %define build_x11askpass 1
14 %define build_gnomeaskpass 1
15 %define build_ldap 1
16 %define build_sftpcontrol 0
17 %define build_hpn 0
18 %define build_audit 0
19 %define build_libedit 1
20
21 %{?_with_skey: %{expand: %%global build_skey 1}}
22 %{?_without_skey: %{expand: %%global build_skey 0}}
23 %{?_with_krb5: %{expand: %%global build_krb5 1}}
24 %{?_without_krb5: %{expand: %%global build_krb5 0}}
25 %{?_with_watchdog: %{expand: %%global build_watchdog 1}}
26 %{?_without_watchdog: %{expand: %%global build_watchdog 0}}
27 %{?_with_x11askpass: %{expand: %%global build_x11askpass 1}}
28 %{?_without_x11askpass: %{expand: %%global build_x11askpass 0}}
29 %{?_with_gnomeaskpass: %{expand: %%global build_gnomeaskpass 1}}
30 %{?_without_gnomeaskpass: %{expand: %%global build_gnomeaskpass 0}}
31 %{?_with_ldap: %{expand: %%global build_ldap 1}}
32 %{?_without_ldap: %{expand: %%global build_ldap 0}}
33 %{?_with_sftpcontrol: %{expand: %%global build_sftpcontrol 1}}
34 %{?_without_sftpcontrol: %{expand: %%global build_sftpcontrol 0}}
35 %{?_with_hpn: %{expand: %%global build_hpn 1}}
36 %{?_without_hpn: %{expand: %%global build_hpn 0}}
37 %{?_with_audit: %{expand: %%global build_audit 1}}
38 %{?_without_audit: %{expand: %%global build_audit 0}}
39 %{?_with_libedit: %{expand: %%global build_libedit 1}}
40 %{?_without_libedit: %{expand: %%global build_libedit 0}}
41
42 %define OPENSSH_PATH "/usr/local/bin:%{_bindir}"
43 %define XAUTH %{_bindir}/xauth
44
45 Summary: OpenSSH free Secure Shell (SSH) implementation
46 Name: openssh
47 Version: 6.1p1
48 %define subrel 3
49 Release: %mkrel 4
50 License: BSD
51 Group: Networking/Remote access
52 URL: http://www.openssh.com/
53 Source0: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz
54 Source1: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz.asc
55 Source2: http://www.ntrnet.net/~jmknoble/software/x11-ssh-askpass/x11-ssh-askpass-%{aversion}.tar.bz2
56 # ssh-copy-id taken from debian, with "usage" added
57 Source3: ssh-copy-id
58 Source7: openssh-xinetd
59 Source9: README.sftpfilecontrol
60 # this is never to be applied by default
61 # http://www.sc.isc.tohoku.ac.jp/~hgot/sources/openssh-watchdog.html
62 Source10: openssh-%{wversion}-watchdog.patch.tgz
63 Source12: ssh_ldap_key.pl
64 Source15: ssh-avahi-integration
65 Source17: sshd.pam
66 Source21: README.hpn
67 Source22: sshd.service
68 Source23: sshd@.service
69 Source24: sshd-keygen.service
70 Source25: sshd.socket
71 Source26: sshd-keygen
72 # patch to set some default configuration
73 Patch1: openssh-6.1p1-config.patch
74 # rediffed from openssh-4.4p1-watchdog.patch.tgz
75 Patch4: openssh-4.4p1-watchdog.diff
76 # ldap support, from Fedora
77 Patch6: openssh-6.1p1-ldap.patch
78 # http://sftpfilecontrol.sourceforge.net
79 # Not applied by default
80 # P7 is rediffed and slightly adjusted from http://sftplogging.sourceforge.net/download/v1.5/openssh-4.4p1.sftplogging-v1.5.patch
81 Patch7: openssh-4.9p1.sftplogging-v1.5.diff
82 # (tpg) http://www.psc.edu/networking/projects/hpn-ssh/
83 Patch11: http://www.psc.edu/networking/projects/hpn-ssh/openssh-5.2p1-hpn%{hpnver}.diff
84 Patch12: http://www.psc.edu/networking/projects/hpn-ssh/openssh5.1-peaktput.diff
85 #gw: from Fedora:
86 #fix round-robin DNS with GSSAPI authentification
87 Patch13: openssh-4.3p2-gssapi-canohost.patch
88 Patch14: openssh-4.7p1-audit.patch
89 Patch17: openssh-5.1p1-askpass-progress.patch
90 Patch18: openssh-4.3p2-askpass-grab-info.patch
91 Patch19: openssh-5.6p1-exit-deadlock.patch
92 Patch21: openssh_tcp_wrappers.patch
93 Patch22: openssh-6.1p1-change-max-startups.patch
94 Patch23: openssh-6.2p2-gcmrekey.adv.diff
95 Patch24: openssh-6.2p2-CVE-2014-2532.patch
96 Patch25: openssh-6.2p2-CVE-2014-2653.patch
97 Provides: ssh
98 Requires(post): openssl >= 0.9.7
99 Requires(post): makedev
100 Requires(preun): openssl >= 0.9.7
101 Requires: tcp_wrappers
102 BuildRequires: groff-for-man
103 BuildRequires: openssl-devel >= 0.9.7
104 BuildRequires: pam-devel
105 BuildRequires: tcp_wrappers-devel
106 BuildRequires: zlib-devel
107 %if %{build_skey}
108 BuildRequires: skey-devel
109 %endif
110 %if %{build_krb5}
111 BuildRequires: krb5-devel
112 %endif
113 %if %{build_x11askpass}
114 BuildRequires: imake
115 BuildRequires: rman
116 # http://qa.mandriva.com/show_bug.cgi?id=22736
117 BuildRequires: x11-util-cf-files >= 1.0.2
118 BuildRequires: gccmakedep
119 BuildRequires: libx11-devel
120 BuildRequires: libxt-devel
121 %endif
122 %if %{build_gnomeaskpass}
123 BuildRequires: gtk+2-devel
124 %endif
125 %if %{build_ldap}
126 BuildRequires: openldap-devel >= 2.0
127 %endif
128 %if %{build_audit}
129 BuildRequires: audit-devel
130 %endif
131 %if %{build_libedit}
132 BuildRequires: edit-devel ncurses-devel
133 %endif
134 BuildConflicts: libgssapi-devel
135
136 %description
137 Ssh (Secure Shell) is a program for logging into a remote machine and for
138 executing commands in a remote machine. It is intended to replace
139 rlogin and rsh, and provide secure encrypted communications between
140 two untrusted hosts over an insecure network. X11 connections and
141 arbitrary TCP/IP ports can also be forwarded over the secure channel.
142
143 OpenSSH is OpenBSD's rework of the last free version of SSH, bringing it
144 up to date in terms of security and features, as well as removing all
145 patented algorithms to separate libraries (OpenSSL).
146
147 This package includes the core files necessary for both the OpenSSH
148 client and server. To make this package useful, you should also
149 install openssh-clients, openssh-server, or both.
150
151 You can build %{name} with some conditional build swithes;
152
153 (ie. use with rpm --rebuild):
154
155 --with[out] skey smartcard support (disabled)
156 --with[out] krb5 kerberos support (enabled)
157 --with[out] watchdog watchdog support (disabled)
158 --with[out] x11askpass X11 ask pass support (enabled)
159 --with[out] gnomeaskpass Gnome ask pass support (enabled)
160 --with[out] ldap OpenLDAP support (disabled)
161 --with[out] sftpcontrol sftp file control support (disabled)
162 --with[out] hpn HPN ssh/scp support (disabled)
163 --with[out] audit audit support (disabled)
164 --with[out] libedit libedit support in sftp (enabled)
165
166 %package clients
167 Summary: OpenSSH Secure Shell protocol clients
168 Group: Networking/Remote access
169 Requires: %{name} = %{version}-%{release}
170 Provides: ssh-clients, sftp, ssh
171
172 %description clients
173 Ssh (Secure Shell) is a program for logging into a remote machine and for
174 executing commands in a remote machine. It is intended to replace
175 rlogin and rsh, and provide secure encrypted communications between
176 two untrusted hosts over an insecure network. X11 connections and
177 arbitrary TCP/IP ports can also be forwarded over the secure channel.
178
179 OpenSSH is OpenBSD's rework of the last free version of SSH, bringing it
180 up to date in terms of security and features, as well as removing all
181 patented algorithms to separate libraries (OpenSSL).
182
183 This package includes the clients necessary to make encrypted connections
184 to SSH servers.
185
186 %package server
187 Summary: OpenSSH Secure Shell protocol server (sshd)
188 Group: System/Servers
189 Requires(pre): %{name} = %{version}-%{release} chkconfig >= 0.9
190 Requires(pre): pam >= 0.74
191 Requires(post): rpm-helper >= 0.24.8-1
192 Requires(preun): rpm-helper >= 0.24.8-1
193 Requires(post): openssl >= 0.9.7
194 Requires(post): makedev
195 Requires: %{name}-clients = %{version}-%{release}
196 %if %{build_skey}
197 Requires: skey
198 %endif
199 %if %{build_audit}
200 BuildRequires: audit
201 %endif
202 Provides: ssh-server, sshd
203
204 %description server
205 Ssh (Secure Shell) is a program for logging into a remote machine and for
206 executing commands in a remote machine. It is intended to replace
207 rlogin and rsh, and provide secure encrypted communications between
208 two untrusted hosts over an insecure network. X11 connections and
209 arbitrary TCP/IP ports can also be forwarded over the secure channel.
210
211 OpenSSH is OpenBSD's rework of the last free version of SSH, bringing it
212 up to date in terms of security and features, as well as removing all
213 patented algorithms to separate libraries (OpenSSL).
214
215 This package contains the secure shell daemon. The sshd is the server
216 part of the secure shell protocol and allows ssh clients to connect to
217 your host.
218
219 %package askpass-common
220 Summary: OpenSSH X11 passphrase common scripts
221 Group: Networking/Remote access
222
223 %description askpass-common
224 OpenSSH X11 passphrase common scripts
225
226 %if %{build_x11askpass}
227 %package askpass
228 Summary: OpenSSH X11 passphrase dialog
229 Group: Networking/Remote access
230 Requires: %{name} = %{version}-%{release}
231 Requires: %{name}-askpass-common
232 Provides: ssh-extras, ssh-askpass
233 Requires(pre): update-alternatives
234
235 %description askpass
236 Ssh (Secure Shell) is a program for logging into a remote machine and for
237 executing commands in a remote machine. It is intended to replace
238 rlogin and rsh, and provide secure encrypted communications between
239 two untrusted hosts over an insecure network. X11 connections and
240 arbitrary TCP/IP ports can also be forwarded over the secure channel.
241
242 OpenSSH is OpenBSD's rework of the last free version of SSH, bringing it
243 up to date in terms of security and features, as well as removing all
244 patented algorithms to separate libraries (OpenSSL).
245
246 This package contains Jim Knoble's <jmknoble@pobox.com> X11 passphrase
247 dialog.
248 %endif
249
250 %if %{build_gnomeaskpass}
251 %package askpass-gnome
252 Summary: OpenSSH GNOME passphrase dialog
253 Group: Networking/Remote access
254 Requires: %{name} = %{version}-%{release}
255 Requires: %{name}-askpass-common
256 Requires(pre): update-alternatives
257 Provides: %{name}-askpass, ssh-askpass, ssh-extras
258
259 %description askpass-gnome
260 Ssh (Secure Shell) is a program for logging into a remote machine and for
261 executing commands in a remote machine. It is intended to replace
262 rlogin and rsh, and provide secure encrypted communications between
263 two untrusted hosts over an insecure network. X11 connections and
264 arbitrary TCP/IP ports can also be forwarded over the secure channel.
265
266 OpenSSH is OpenBSD's rework of the last free version of SSH, bringing it
267 up to date in terms of security and features, as well as removing all
268 patented algorithms to separate libraries (OpenSSL).
269
270 This package contains the GNOME passphrase dialog.
271 %endif
272
273 %if %{build_ldap}
274 %package ldap
275 Summary: A LDAP support for open source SSH server daemon
276 Group: Networking/Remote access
277 Requires: %{name} = %{version}-%{release}
278
279 %description ldap
280 OpenSSH LDAP backend is a way how to distribute the authorized tokens
281 among the servers in the network.
282 %endif
283
284 %prep
285 %if %{build_x11askpass}
286 echo "Building with x11 askpass..."
287 %endif
288 %if %{build_gnomeaskpass}
289 echo "Building with GNOME askpass..."
290 %endif
291 %if %{build_krb5}
292 echo "Building with Kerberos5 support..."
293 %endif
294 %if %{build_skey}
295 echo "Building with S/KEY support..."
296 %endif
297 %if %{build_watchdog}
298 echo "Building with watchdog support..."
299 %endif
300 %if %{build_ldap}
301 echo "Buiding with support for authenticating to public keys in ldap"
302 %endif
303 %if %{build_sftpcontrol}
304 echo "Buiding with support for sftp file control"
305 %endif
306 %if %{build_hpn}
307 echo "Buiding with support for High Performance Network SSH/SCP"
308 %endif
309 %if %{build_audit}
310 echo "Buiding with audit support"
311 %endif
312
313 %setup -q -a2 -a10
314
315 %patch1 -p1 -b .config
316 %if %{build_watchdog}
317 #patch -p0 -s -z .wdog < %{name}-%{wversion}-watchdog.patch
318 %patch4 -p1 -b .watchdog
319 %endif
320 %if %{build_ldap}
321 %patch6 -p1 -b .ldap
322 %endif
323 %if %{build_sftpcontrol}
324 #cat %{SOURCE8} | patch -p1 -s -z .sftpcontrol
325 echo "This patch is broken or needs to be updated/rediffed"; exit 1
326 %patch7 -p1 -b .sftplogging-v1.5
327 # README with license terms for this patch
328 install -m 0644 %{SOURCE9} .
329 %endif
330 %if %{build_hpn}
331 echo "This patch is broken or needs to be updated/rediffed"; exit 1
332 %patch11 -p1 -b .hpn
333 %patch12 -p1 -b .peak
334 install %{SOURCE21} .
335 %endif
336 %patch13 -p1 -b .canohost
337 %if %{build_audit}
338 %patch14 -p1 -b .audit
339 %endif
340 %patch17 -p1 -b .progress
341 %patch18 -p1 -b .grab-info
342 %patch19 -p1 -b .exit-deadlock
343 %patch21 -p1 -b .tcp_wrappers_mips
344 %patch22 -p1 -b .max-startups
345 %patch23 -p0 -b .gcmrekey.adv
346 %patch24 -p3 -b .CVE-2014-2532
347 %patch25 -p1 -b .CVE-2014-2653
348
349 install %{SOURCE12} .
350
351 install -m 0644 %{SOURCE17} sshd.pam
352
353 # fix attribs
354 chmod 644 ChangeLog OVERVIEW README* INSTALL CREDITS LICENCE TODO ssh_ldap_key.pl
355
356 # http://qa.mandriva.com/show_bug.cgi?id=22957
357 perl -pi -e "s|_OPENSSH_PATH_|%{OPENSSH_PATH}|g" sshd_config
358
359 %build
360 autoreconf
361
362 %serverbuild
363
364 %if %{build_x11askpass}
365 pushd x11-ssh-askpass-%{aversion}
366 %configure2_5x \
367 --prefix=%{_prefix} --libdir=%{_libdir} \
368 --mandir=%{_mandir} --libexecdir=%{_libdir}/ssh \
369 --with-app-defaults-dir=%{_sysconfdir}/X11/app-defaults \
370 %if %{build_libedit}
371 --with-libedit \
372 %else
373 --without-libedit \
374 %endif
375
376 xmkmf -a
377
378 %ifarch x86_64
379 perl -pi -e "s|/usr/lib\b|%{_libdir}|g" Makefile
380 perl -pi -e "s|i586-%{_vendor}-linux-gnu|x86_64-%{_vendor}-linux-gnu|g" Makefile
381 perl -pi -e "s|%{_libdir}/gcc/|/usr/lib/gcc/|g" Makefile
382 perl -pi -e "s|-m32|-m64|g" Makefile
383 perl -pi -e "s|__i386__|__x86_64__|g" Makefile
384 %endif
385
386 make \
387 BINDIR=%{_libdir}/ssh \
388 CDEBUGFLAGS="$RPM_OPT_FLAGS" \
389 CXXDEBUGFLAGS="$RPM_OPT_FLAGS"
390
391 # For some reason the x11-ssh-askpass.1.html file is not created on 10.0/10.1
392 # x86_64, so we just do it manually here... (oden)
393 rm -f x11-ssh-askpass.1x.html x11-ssh-askpass.1x-html
394 rman -f HTML < x11-ssh-askpass._man > x11-ssh-askpass.1x-html && \
395 mv -f x11-ssh-askpass.1x-html x11-ssh-askpass.1.html
396 popd
397 %endif
398
399 %if %{build_gnomeaskpass}
400 pushd contrib
401 make gnome-ssh-askpass2 CC="%__cc %optflags %ldflags"
402 mv gnome-ssh-askpass2 gnome-ssh-askpass
403 popd
404 %endif
405
406 %configure2_5x \
407 --prefix=%{_prefix} \
408 --sysconfdir=%{_sysconfdir}/ssh \
409 --mandir=%{_mandir} \
410 --libdir=%{_libdir} \
411 --libexecdir=%{_libdir}/ssh \
412 --datadir=%{_datadir}/ssh \
413 --disable-strip \
414 --with-tcp-wrappers \
415 --with-pam \
416 --with-default-path=%{OPENSSH_PATH} \
417 --with-xauth=%{XAUTH} \
418 --with-privsep-path=/var/empty \
419 --without-zlib-version-check \
420 %if %{build_krb5}
421 --with-kerberos5=%{_prefix} \
422 %endif
423 %if %{build_skey}
424 --with-skey \
425 %endif
426 %if %{build_ldap}
427 -with-ldap \
428 %endif
429 --with-superuser-path=/usr/local/sbin:/usr/local/bin:%{_sbindir}:%{_bindir} \
430 %if %{build_libedit}
431 --with-libedit \
432 %else
433 --without-libedit \
434 %endif
435 %if %{build_audit}
436 --with-linux-audit \
437 %endif
438
439 %make
440
441 %install
442 rm -rf %{buildroot}
443
444 %makeinstall_std
445
446 install -d %{buildroot}%{_sysconfdir}/ssh
447 install -d %{buildroot}%{_sysconfdir}/pam.d/
448 install -d %{buildroot}%{_sysconfdir}/sysconfig
449 install -m 644 sshd.pam %{buildroot}%{_sysconfdir}/pam.d/sshd
450
451 if [ -f sshd_config.out ]; then
452 install -m 600 sshd_config.out %{buildroot}%{_sysconfdir}/ssh/sshd_config
453 else
454 install -m 600 sshd_config %{buildroot}%{_sysconfdir}/ssh/sshd_config
455 fi
456 echo "" > %{buildroot}%{_sysconfdir}/ssh/denyusers
457
458 if [ -f ssh_config.out ]; then
459 install -m 644 ssh_config.out %{buildroot}%{_sysconfdir}/ssh/ssh_config
460 else
461 install -m 644 ssh_config %{buildroot}%{_sysconfdir}/ssh/ssh_config
462 fi
463 echo " StrictHostKeyChecking no" >> %{buildroot}%{_sysconfdir}/ssh/ssh_config
464
465 mkdir -p %{buildroot}%{_libdir}/ssh
466 %if %{build_x11askpass}
467 pushd x11-ssh-askpass-%{aversion}
468 #make DESTDIR=%{buildroot} install
469 #make DESTDIR=%{buildroot} install.man
470 #install -d %{buildroot}%{_prefix}/X11R6/lib/X11/doc/html
471 #install -m0644 x11-ssh-askpass.1.html %{buildroot}%{_prefix}/X11R6/lib/X11/doc/html/
472 install -d %{buildroot}%{_libdir}/ssh
473 install -d %{buildroot}%{_sysconfdir}/X11/app-defaults
474 install -m 644 SshAskpass.ad %{buildroot}%{_sysconfdir}/X11/app-defaults/SshAskpass
475 install -m 755 x11-ssh-askpass %{buildroot}%{_libdir}/ssh/
476 install -m 644 x11-ssh-askpass.man %{buildroot}%{_mandir}/man1/x11-ssh-askpass.1
477 popd
478 %endif
479
480 install -d %{buildroot}%{_sysconfdir}/profile.d/
481 %if %{build_gnomeaskpass}
482 install -m 755 contrib/gnome-ssh-askpass %{buildroot}%{_libdir}/ssh/gnome-ssh-askpass
483 %endif
484
485 cat > %{buildroot}%{_sysconfdir}/profile.d/90ssh-askpass.csh <<EOF
486 setenv SSH_ASKPASS %{_libdir}/ssh/ssh-askpass
487 EOF
488
489 cat > %{buildroot}%{_sysconfdir}/profile.d/90ssh-askpass.sh <<EOF
490 export SSH_ASKPASS=%{_libdir}/ssh/ssh-askpass
491 EOF
492
493 cat > %{buildroot}%{_sysconfdir}/profile.d/90ssh-client.sh <<'EOF'
494 # fix hanging ssh clients on exit
495 if [ -n "$BASH_VERSION" ]; then
496 shopt -s huponexit
497 elif [ -n "$ZSH_VERSION" ]; then
498 setopt hup
499 fi
500 EOF
501
502 install -m 755 %{SOURCE3} %{buildroot}/%{_bindir}/ssh-copy-id
503 chmod a+x %{buildroot}/%{_bindir}/ssh-copy-id
504 install -m 644 contrib/ssh-copy-id.1 %{buildroot}/%{_mandir}/man1/
505
506 # create pre-authentication directory
507 install -d -m 755 %{buildroot}/var/empty
508
509 # remove unwanted files
510 rm -f %{buildroot}%{_libdir}/ssh/ssh-askpass
511
512 # xinetd support (tv)
513 install -d -m 755 %{buildroot}%{_sysconfdir}/xinetd.d/
514 install -m 644 %{SOURCE7} %{buildroot}%{_sysconfdir}/xinetd.d/sshd-xinetd
515
516 cat > %{buildroot}%{_sysconfdir}/sysconfig/sshd << EOF
517 #OPTIONS=""
518 EOF
519
520 # avahi integration support (misc)
521 mkdir -p %{buildroot}%{_sysconfdir}/avahi/services/
522 install -m 0644 %{SOURCE15} %{buildroot}%{_sysconfdir}/avahi/services/%{name}.service
523
524 install -d -m 755 %{buildroot}%{_unitdir}
525 install -m 644 %{SOURCE22} %{buildroot}%{_unitdir}/sshd.service
526 #install -m 644 %{SOURCE23} %{buildroot}%{_unitdir}/sshd@.service
527 #install -m 644 %{SOURCE24} %{buildroot}%{_unitdir}/sshd-keygen.service
528 #install -m 644 %{SOURCE25} %{buildroot}%{_unitdir}/sshd.socket
529 install -m 755 %{SOURCE26} %{buildroot}%{_sbindir}/sshd-keygen
530
531 # make sure strip can touch it
532 chmod 755 %{buildroot}%{_libdir}/ssh/ssh-keysign
533
534 %pre server
535 %_pre_useradd sshd /var/empty /bin/true
536
537 %post server
538 # do some key management; taken from the initscript
539
540 KEYGEN=/usr/bin/ssh-keygen
541 RSA1_KEY=/etc/ssh/ssh_host_key
542 RSA_KEY=/etc/ssh/ssh_host_rsa_key
543 DSA_KEY=/etc/ssh/ssh_host_dsa_key
544
545 do_rsa1_keygen() {
546 if [ ! -s $RSA1_KEY ]; then
547 echo -n "Generating SSH1 RSA host key... "
548 if $KEYGEN -q -t rsa1 -f $RSA1_KEY -C '' -N '' >&/dev/null; then
549 chmod 600 $RSA1_KEY
550 chmod 644 $RSA1_KEY.pub
551 echo "done"
552 echo
553 else
554 echo "failed"
555 echo
556 exit 1
557 fi
558 fi
559 }
560
561 do_rsa_keygen() {
562 if [ ! -s $RSA_KEY ]; then
563 echo "Generating SSH2 RSA host key... "
564 if $KEYGEN -q -t rsa -f $RSA_KEY -C '' -N '' >&/dev/null; then
565 chmod 600 $RSA_KEY
566 chmod 644 $RSA_KEY.pub
567 echo "done"
568 echo
569 else
570 echo "failed"
571 echo
572 exit 1
573 fi
574 fi
575 }
576
577 do_dsa_keygen() {
578 if [ ! -s $DSA_KEY ]; then
579 echo "Generating SSH2 DSA host key... "
580 if $KEYGEN -q -t dsa -f $DSA_KEY -C '' -N '' >&/dev/null; then
581 chmod 600 $DSA_KEY
582 chmod 644 $DSA_KEY.pub
583 echo "done"
584 echo
585 else
586 echo "failed"
587 echo
588 exit 1
589 fi
590 fi
591 }
592
593 do_rsa1_keygen
594 do_rsa_keygen
595 do_dsa_keygen
596 %_post_service sshd
597
598 %preun server
599 %_preun_service sshd
600
601 %postun server
602 %_postun_userdel sshd
603
604 %if %{build_x11askpass}
605 %post askpass
606 update-alternatives --install %{_libdir}/ssh/ssh-askpass ssh-askpass %{_libdir}/ssh/x11-ssh-askpass 10
607 update-alternatives --install %{_bindir}/ssh-askpass bssh-askpass %{_libdir}/ssh/x11-ssh-askpass 10
608
609 %postun askpass
610 [ $1 = 0 ] || exit 0
611 update-alternatives --remove ssh-askpass %{_libdir}/ssh/x11-ssh-askpass
612 update-alternatives --remove bssh-askpass %{_libdir}/ssh/x11-ssh-askpass
613 %endif
614
615 %if %{build_gnomeaskpass}
616 %post askpass-gnome
617 update-alternatives --install %{_libdir}/ssh/ssh-askpass ssh-askpass %{_libdir}/ssh/gnome-ssh-askpass 20
618 update-alternatives --install %{_bindir}/ssh-askpass bssh-askpass %{_libdir}/ssh/gnome-ssh-askpass 20
619
620 %postun askpass-gnome
621 [ $1 = 0 ] || exit 0
622 update-alternatives --remove ssh-askpass %{_libdir}/ssh/gnome-ssh-askpass
623 update-alternatives --remove bssh-askpass %{_libdir}/ssh/gnome-ssh-askpass
624 %endif
625
626 %triggerpostun server -- openssh-server < 3.8p1
627 if grep -qE "^\W*auth\W+\w+\W+.*pam_(ldap|winbind|mysql)" /etc/pam.d/system-auth /etc/pam.d/sshd; then
628 perl -pi -e 's|^#UsePAM no|UsePAM yes|' /etc/ssh/sshd_config
629 fi
630
631 %files
632 %doc ChangeLog OVERVIEW README* INSTALL CREDITS LICENCE TODO ssh_ldap_key.pl
633 %if %{build_ldap}
634 %doc *.schema
635 %endif
636 %if %{build_watchdog}
637 %doc CHANGES-openssh-watchdog openssh-watchdog.html
638 %endif
639 %if %{build_sftpcontrol}
640 %doc README.sftpfilecontrol
641 %endif
642 %{_bindir}/ssh-keygen
643 %dir %{_sysconfdir}/ssh
644 %{_bindir}/ssh-keyscan
645 %attr(4711,root,root) %{_libdir}/ssh/ssh-keysign
646 %{_libdir}/ssh/ssh-pkcs11-helper
647 %{_mandir}/man1/ssh-keygen.1*
648 %{_mandir}/man1/ssh-keyscan.1*
649 %{_mandir}/man8/ssh-keysign.8*
650 %{_mandir}/man8/ssh-pkcs11-helper.8*
651
652 %files clients
653 %{_bindir}/scp
654 %{_bindir}/ssh
655 %{_bindir}/ssh-agent
656 %{_bindir}/ssh-add
657 %{_bindir}/ssh-copy-id
658 %{_bindir}/slogin
659 %{_bindir}/sftp
660 %{_mandir}/man1/scp.1*
661 %{_mandir}/man1/ssh-copy-id.1*
662 %{_mandir}/man1/slogin.1*
663 %{_mandir}/man1/ssh.1*
664 %{_mandir}/man1/ssh-agent.1*
665 %{_mandir}/man1/ssh-add.1*
666 %{_mandir}/man1/sftp.1*
667 %{_mandir}/man5/ssh_config.5*
668 %config(noreplace) %{_sysconfdir}/ssh/ssh_config
669 %{_sysconfdir}/profile.d/90ssh-client.sh
670
671 %files server
672 %config(noreplace) %{_sysconfdir}/sysconfig/sshd
673 %{_sbindir}/sshd
674 %{_sbindir}/sshd-keygen
675 %dir %{_libdir}/ssh
676 %{_libdir}/ssh/sftp-server
677 %{_mandir}/man5/sshd_config.5*
678 %{_mandir}/man5/moduli.5*
679 %{_mandir}/man8/sshd.8*
680 %{_mandir}/man8/sftp-server.8*
681 %attr(0600,root,root) %config(noreplace) %{_sysconfdir}/ssh/sshd_config
682 %attr(0600,root,root) %config(noreplace) %{_sysconfdir}/ssh/denyusers
683 %attr(0600,root,root) %config(noreplace) %{_sysconfdir}/pam.d/sshd
684 %config(noreplace) %_sysconfdir/xinetd.d/sshd-xinetd
685 %config(noreplace) %{_sysconfdir}/avahi/services/%{name}.service
686 %config(noreplace) %{_sysconfdir}/ssh/moduli
687 %{_unitdir}/sshd.service
688 %dir /var/empty
689
690 %files askpass-common
691 %{_sysconfdir}/profile.d/90ssh-askpass.*
692
693 %if %{build_x11askpass}
694 %files askpass
695 %doc x11-ssh-askpass-%{aversion}/README
696 %doc x11-ssh-askpass-%{aversion}/ChangeLog
697 %doc x11-ssh-askpass-%{aversion}/SshAskpass*.ad
698 %doc x11-ssh-askpass-%{aversion}/x11-ssh-askpass.1.html
699 %{_libdir}/ssh/x11-ssh-askpass
700 %{_sysconfdir}/X11/app-defaults/SshAskpass
701 %{_mandir}/man1/x11-ssh-askpass.1*
702 %endif
703
704 %if %{build_gnomeaskpass}
705 %files askpass-gnome
706 %{_libdir}/ssh/gnome-ssh-askpass
707 %endif
708
709 %if %{build_ldap}
710 %files ldap
711 %doc HOWTO.ldap-keys openssh-lpk-openldap.schema openssh-lpk-sun.schema
712 %config %{_sysconfdir}/ssh/ldap.conf
713 %{_libdir}/ssh/ssh-ldap-helper
714 %{_libdir}/ssh/ssh-ldap-wrapper
715 %{_mandir}/man8/ssh-ldap-helper.8*
716 %{_mandir}/man5/ssh-ldap.conf.5*
717 %endif

  ViewVC Help
Powered by ViewVC 1.1.30