/[packages]/updates/5/openssh/current/SPECS/openssh.spec
ViewVC logotype

Contents of /updates/5/openssh/current/SPECS/openssh.spec

Parent Directory Parent Directory | Revision Log Revision Log

Revision 1186021 - (show annotations) (download)
Thu Dec 28 00:14:42 2017 UTC (6 years, 3 months ago) by luigiwalser
File size: 23662 byte(s) 
rediff patch from redhat to fix CVE-2016-10012
1 # Version of ssh-askpass
2 %define aversion 1.2.4.1
3 # Version of watchdog patch
4 %define wversion 4.4p1
5
6 # Version of the hpn patch
7 %define hpnver 13v6
8
9 # overrides
10 %define build_skey 0
11 %define build_krb5 1
12 %define build_watchdog 0
13 %define build_x11askpass 1
14 %define build_gnomeaskpass 1
15 %define build_ldap 1
16 %define build_sftpcontrol 0
17 %define build_hpn 0
18 %define build_audit 0
19 %define build_libedit 1
20
21 %{?_with_skey: %{expand: %%global build_skey 1}}
22 %{?_without_skey: %{expand: %%global build_skey 0}}
23 %{?_with_krb5: %{expand: %%global build_krb5 1}}
24 %{?_without_krb5: %{expand: %%global build_krb5 0}}
25 %{?_with_watchdog: %{expand: %%global build_watchdog 1}}
26 %{?_without_watchdog: %{expand: %%global build_watchdog 0}}
27 %{?_with_x11askpass: %{expand: %%global build_x11askpass 1}}
28 %{?_without_x11askpass: %{expand: %%global build_x11askpass 0}}
29 %{?_with_gnomeaskpass: %{expand: %%global build_gnomeaskpass 1}}
30 %{?_without_gnomeaskpass: %{expand: %%global build_gnomeaskpass 0}}
31 %{?_with_ldap: %{expand: %%global build_ldap 1}}
32 %{?_without_ldap: %{expand: %%global build_ldap 0}}
33 %{?_with_sftpcontrol: %{expand: %%global build_sftpcontrol 1}}
34 %{?_without_sftpcontrol: %{expand: %%global build_sftpcontrol 0}}
35 %{?_with_hpn: %{expand: %%global build_hpn 1}}
36 %{?_without_hpn: %{expand: %%global build_hpn 0}}
37 %{?_with_audit: %{expand: %%global build_audit 1}}
38 %{?_without_audit: %{expand: %%global build_audit 0}}
39 %{?_with_libedit: %{expand: %%global build_libedit 1}}
40 %{?_without_libedit: %{expand: %%global build_libedit 0}}
41
42 %define OPENSSH_PATH "/usr/local/bin:%{_bindir}"
43 %define XAUTH %{_bindir}/xauth
44
45 Summary: OpenSSH free Secure Shell (SSH) implementation
46 Name: openssh
47 Version: 6.6p1
48 %define subrel 10
49 Release: %mkrel 5
50 License: BSD
51 Group: Networking/Remote access
52 URL: http://www.openssh.com/
53 Source0: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz
54 Source1: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz.asc
55 Source2: http://www.ntrnet.net/~jmknoble/software/x11-ssh-askpass/x11-ssh-askpass-%{aversion}.tar.bz2
56 # ssh-copy-id taken from debian, with "usage" added
57 Source3: ssh-copy-id
58 Source7: openssh-xinetd
59 Source9: README.sftpfilecontrol
60 # this is never to be applied by default
61 # http://www.sc.isc.tohoku.ac.jp/~hgot/sources/openssh-watchdog.html
62 Source10: openssh-%{wversion}-watchdog.patch.tgz
63 Source12: ssh_ldap_key.pl
64 Source15: ssh-avahi-integration
65 Source17: sshd.pam
66 Source21: README.hpn
67 Source22: sshd.service
68 Source23: sshd@.service
69 Source24: sshd-keygen.service
70 Source25: sshd.socket
71 Source26: sshd-keygen
72 # patch to set some default configuration
73 Patch1: openssh-6.5p1-config.patch
74 # rediffed from openssh-4.4p1-watchdog.patch.tgz
75 Patch4: openssh-4.4p1-watchdog.diff
76 # ldap support, from Fedora
77 Patch501: openssh-6.5p1-ldap.patch
78 # http://sftpfilecontrol.sourceforge.net
79 # Not applied by default
80 # P7 is rediffed and slightly adjusted from http://sftplogging.sourceforge.net/download/v1.5/openssh-4.4p1.sftplogging-v1.5.patch
81 Patch7: openssh-4.9p1.sftplogging-v1.5.diff
82 # (tpg) http://www.psc.edu/networking/projects/hpn-ssh/
83 Patch11: http://www.psc.edu/networking/projects/hpn-ssh/openssh-5.2p1-hpn%{hpnver}.diff
84 Patch12: http://www.psc.edu/networking/projects/hpn-ssh/openssh5.1-peaktput.diff
85 #gw: from Fedora:
86 #fix round-robin DNS with GSSAPI authentification
87 Patch13: openssh-4.3p2-gssapi-canohost.patch
88 Patch14: openssh-4.7p1-audit.patch
89 Patch17: openssh-5.1p1-askpass-progress.patch
90 Patch18: openssh-4.3p2-askpass-grab-info.patch
91 Patch19: openssh-5.6p1-exit-deadlock.patch
92 Patch20: openssh-6.6p1-CVE-2014-2653.patch
93 Patch21: openssh_tcp_wrappers.patch
94 Patch22: openssh-6.6p1-CVE-2015-5352.patch
95 Patch23: openssh-6.9p1-CVE-2015-5600.patch
96 # Handle terminal control characters in scp progressmeter (rhbz#1247204)
97 Patch24: openssh-6.6p1-scp-progressmeter.patch
98 # Vulnerabilities published with openssh-7.0:
99 # Privilege separation weakness related to PAM support (rhbz#1252844)
100 # Use-after-free bug related to PAM support (rhbz#1252852)
101 Patch25: openssh-6.6p1-security-7.0.patch
102 Patch26: openssh-7.1p1-CVE-2016-0777.patch
103 Patch27: openssh-7.2p2-CVE-2015-8325.patch
104 Patch28: openssh-7.2p2-user-enumeration.patch
105 Patch29: openssh-6.6p1-CVE-2017-15906.patch
106 Patch30: openssh-6.6p1-CVE-2016-8858.patch
107 Patch31: openssh-6.6p1-CVE-2016-10009.patch
108 # CVE-2016-3115
109 # https://github.com/openssh/openssh-portable/commit/9d47b8d3f50c3a6282896df8274147e3b9a38c56.patch
110 Patch100: 9d47b8d3f50c3a6282896df8274147e3b9a38c56.patch
111 Provides: ssh
112 Requires(post): openssl >= 0.9.7
113 Requires(post): makedev
114 Requires(preun): openssl >= 0.9.7
115 Requires: tcp_wrappers
116 BuildRequires: groff-for-man
117 BuildRequires: openssl-devel >= 0.9.7
118 BuildRequires: pam-devel
119 BuildRequires: tcp_wrappers-devel
120 BuildRequires: zlib-devel
121 %if %{build_skey}
122 BuildRequires: skey-devel
123 %endif
124 %if %{build_krb5}
125 BuildRequires: krb5-devel
126 %endif
127 %if %{build_x11askpass}
128 BuildRequires: imake
129 BuildRequires: rman
130 # http://qa.mandriva.com/show_bug.cgi?id=22736
131 BuildRequires: x11-util-cf-files >= 1.0.2
132 BuildRequires: gccmakedep
133 BuildRequires: libx11-devel
134 BuildRequires: libxt-devel
135 %endif
136 %if %{build_gnomeaskpass}
137 BuildRequires: gtk+2-devel
138 %endif
139 %if %{build_ldap}
140 BuildRequires: openldap-devel >= 2.0
141 %endif
142 %if %{build_audit}
143 BuildRequires: audit-devel
144 %endif
145 %if %{build_libedit}
146 BuildRequires: edit-devel
147 BuildRequires: ncurses-devel
148 %endif
149 BuildConflicts: libgssapi-devel
150
151 %description
152 Ssh (Secure Shell) is a program for logging into a remote machine and for
153 executing commands in a remote machine. It is intended to replace
154 rlogin and rsh, and provide secure encrypted communications between
155 two untrusted hosts over an insecure network. X11 connections and
156 arbitrary TCP/IP ports can also be forwarded over the secure channel.
157
158 OpenSSH is OpenBSD's rework of the last free version of SSH, bringing it
159 up to date in terms of security and features, as well as removing all
160 patented algorithms to separate libraries (OpenSSL).
161
162 This package includes the core files necessary for both the OpenSSH
163 client and server. To make this package useful, you should also
164 install openssh-clients, openssh-server, or both.
165
166 You can build %{name} with some conditional build swithes;
167
168 (ie. use with rpm --rebuild):
169
170 --with[out] skey smartcard support (disabled)
171 --with[out] krb5 kerberos support (enabled)
172 --with[out] watchdog watchdog support (disabled)
173 --with[out] x11askpass X11 ask pass support (enabled)
174 --with[out] gnomeaskpass Gnome ask pass support (enabled)
175 --with[out] ldap OpenLDAP support (enabled)
176 --with[out] sftpcontrol sftp file control support (disabled)
177 --with[out] hpn HPN ssh/scp support (disabled)
178 --with[out] audit audit support (disabled)
179 --with[out] libedit libedit support in sftp (enabled)
180
181 %package clients
182 Summary: OpenSSH Secure Shell protocol clients
183 Group: Networking/Remote access
184 Requires: %{name} = %{version}-%{release}
185 Provides: ssh-clients, sftp, ssh
186
187 %description clients
188 Ssh (Secure Shell) is a program for logging into a remote machine and for
189 executing commands in a remote machine. It is intended to replace
190 rlogin and rsh, and provide secure encrypted communications between
191 two untrusted hosts over an insecure network. X11 connections and
192 arbitrary TCP/IP ports can also be forwarded over the secure channel.
193
194 OpenSSH is OpenBSD's rework of the last free version of SSH, bringing it
195 up to date in terms of security and features, as well as removing all
196 patented algorithms to separate libraries (OpenSSL).
197
198 This package includes the clients necessary to make encrypted connections
199 to SSH servers.
200
201 %package server
202 Summary: OpenSSH Secure Shell protocol server (sshd)
203 Group: System/Servers
204 Requires(pre): %{name} = %{version}-%{release} chkconfig >= 0.9
205 Requires(pre): pam >= 0.74
206 Requires(post): rpm-helper >= 0.24.8-1
207 Requires(preun): rpm-helper >= 0.24.8-1
208 Requires(post): openssl >= 0.9.7
209 Requires(post): makedev
210 Requires: %{name}-clients = %{version}-%{release}
211 %if %{build_skey}
212 Requires: skey
213 %endif
214 %if %{build_audit}
215 BuildRequires: audit
216 %endif
217 Provides: ssh-server, sshd
218
219 %description server
220 Ssh (Secure Shell) is a program for logging into a remote machine and for
221 executing commands in a remote machine. It is intended to replace
222 rlogin and rsh, and provide secure encrypted communications between
223 two untrusted hosts over an insecure network. X11 connections and
224 arbitrary TCP/IP ports can also be forwarded over the secure channel.
225
226 OpenSSH is OpenBSD's rework of the last free version of SSH, bringing it
227 up to date in terms of security and features, as well as removing all
228 patented algorithms to separate libraries (OpenSSL).
229
230 This package contains the secure shell daemon. The sshd is the server
231 part of the secure shell protocol and allows ssh clients to connect to
232 your host.
233
234 %package askpass-common
235 Summary: OpenSSH X11 passphrase common scripts
236 Group: Networking/Remote access
237
238 %description askpass-common
239 OpenSSH X11 passphrase common scripts
240
241 %if %{build_x11askpass}
242 %package askpass
243 Summary: OpenSSH X11 passphrase dialog
244 Group: Networking/Remote access
245 Requires: %{name} = %{version}-%{release}
246 Requires: %{name}-askpass-common
247 Provides: ssh-extras, ssh-askpass
248 Requires(pre): update-alternatives
249
250 %description askpass
251 Ssh (Secure Shell) is a program for logging into a remote machine and for
252 executing commands in a remote machine. It is intended to replace
253 rlogin and rsh, and provide secure encrypted communications between
254 two untrusted hosts over an insecure network. X11 connections and
255 arbitrary TCP/IP ports can also be forwarded over the secure channel.
256
257 OpenSSH is OpenBSD's rework of the last free version of SSH, bringing it
258 up to date in terms of security and features, as well as removing all
259 patented algorithms to separate libraries (OpenSSL).
260
261 This package contains Jim Knoble's <jmknoble@pobox.com> X11 passphrase
262 dialog.
263 %endif
264
265 %if %{build_gnomeaskpass}
266 %package askpass-gnome
267 Summary: OpenSSH GNOME passphrase dialog
268 Group: Networking/Remote access
269 Requires: %{name} = %{version}-%{release}
270 Requires: %{name}-askpass-common
271 Requires(pre): update-alternatives
272 Provides: %{name}-askpass, ssh-askpass, ssh-extras
273
274 %description askpass-gnome
275 Ssh (Secure Shell) is a program for logging into a remote machine and for
276 executing commands in a remote machine. It is intended to replace
277 rlogin and rsh, and provide secure encrypted communications between
278 two untrusted hosts over an insecure network. X11 connections and
279 arbitrary TCP/IP ports can also be forwarded over the secure channel.
280
281 OpenSSH is OpenBSD's rework of the last free version of SSH, bringing it
282 up to date in terms of security and features, as well as removing all
283 patented algorithms to separate libraries (OpenSSL).
284
285 This package contains the GNOME passphrase dialog.
286 %endif
287
288 %if %{build_ldap}
289 %package ldap
290 Summary: A LDAP support for open source SSH server daemon
291 Group: Networking/Remote access
292 Requires: %{name} = %{version}-%{release}
293
294 %description ldap
295 OpenSSH LDAP backend is a way how to distribute the authorized tokens
296 among the servers in the network.
297 %endif
298
299 %prep
300 %if %{build_x11askpass}
301 echo "Building with x11 askpass..."
302 %endif
303 %if %{build_gnomeaskpass}
304 echo "Building with GNOME askpass..."
305 %endif
306 %if %{build_krb5}
307 echo "Building with Kerberos5 support..."
308 %endif
309 %if %{build_skey}
310 echo "Building with S/KEY support..."
311 %endif
312 %if %{build_watchdog}
313 echo "Building with watchdog support..."
314 %endif
315 %if %{build_ldap}
316 echo "Buiding with support for authenticating to public keys in ldap"
317 %endif
318 %if %{build_sftpcontrol}
319 echo "Buiding with support for sftp file control"
320 %endif
321 %if %{build_hpn}
322 echo "Buiding with support for High Performance Network SSH/SCP"
323 %endif
324 %if %{build_audit}
325 echo "Buiding with audit support"
326 %endif
327
328 %setup -q -a2 -a10
329
330 %patch1 -p1 -b .config
331 %if %{build_watchdog}
332 #patch -p0 -s -z .wdog < %{name}-%{wversion}-watchdog.patch
333 %patch4 -p1 -b .watchdog
334 %endif
335 %if %{build_ldap}
336 %patch501 -p1 -b .ldap
337 %endif
338 %if %{build_sftpcontrol}
339 #cat %{SOURCE8} | patch -p1 -s -z .sftpcontrol
340 echo "This patch is broken or needs to be updated/rediffed"; exit 1
341 %patch7 -p1 -b .sftplogging-v1.5
342 # README with license terms for this patch
343 install -m 0644 %{SOURCE9} .
344 %endif
345 %if %{build_hpn}
346 echo "This patch is broken or needs to be updated/rediffed"; exit 1
347 %patch11 -p1 -b .hpn
348 %patch12 -p1 -b .peak
349 install %{SOURCE21} .
350 %endif
351 %patch13 -p1 -b .canohost
352 %if %{build_audit}
353 %patch14 -p1 -b .audit
354 %endif
355 %patch17 -p1 -b .progress
356 %patch18 -p1 -b .grab-info
357 %patch19 -p1 -b .exit-deadlock
358 %patch20 -p1 -b .CVE-2014-2653
359 %patch21 -p1 -b .tcp_wrappers_mips
360 %patch22 -p1 -b .CVE-2015-5352
361 %patch23 -p1 -b .CVE-2015-5600
362 #patch24 -p1 -b .progressmeter
363 %patch25 -p1 -b .security7
364 %patch26 -p0 -b .CVE-2016-0777
365 %patch27 -p1 -b .CVE-2015-8325
366 %patch28 -p1 -b .CVE-2016-6515
367 %patch29 -p1 -b .CVE-2017-15906
368 %patch30 -p1 -b .CVE-2016-8858
369 %patch31 -p1 -b .CVE-2016-10009
370 %patch100 -p1 -b .CVE-2016-3115
371
372 install %{SOURCE12} .
373
374 install -m 0644 %{SOURCE17} sshd.pam
375
376 # fix attribs
377 chmod 644 ChangeLog OVERVIEW README* INSTALL CREDITS LICENCE TODO ssh_ldap_key.pl
378
379 # http://qa.mandriva.com/show_bug.cgi?id=22957
380 perl -pi -e "s|_OPENSSH_PATH_|%{OPENSSH_PATH}|g" sshd_config
381
382 %build
383 autoreconf
384
385 %serverbuild
386
387 %if %{build_x11askpass}
388 pushd x11-ssh-askpass-%{aversion}
389 %configure2_5x \
390 --prefix=%{_prefix} --libdir=%{_libdir} \
391 --mandir=%{_mandir} --libexecdir=%{_libdir}/ssh \
392 --with-app-defaults-dir=%{_sysconfdir}/X11/app-defaults \
393 %if %{build_libedit}
394 --with-libedit \
395 %else
396 --without-libedit \
397 %endif
398
399 xmkmf -a
400
401 %ifarch x86_64
402 perl -pi -e "s|/usr/lib\b|%{_libdir}|g" Makefile
403 perl -pi -e "s|i586-%{_vendor}-linux-gnu|x86_64-%{_vendor}-linux-gnu|g" Makefile
404 perl -pi -e "s|%{_libdir}/gcc/|/usr/lib/gcc/|g" Makefile
405 perl -pi -e "s|-m32|-m64|g" Makefile
406 perl -pi -e "s|__i386__|__x86_64__|g" Makefile
407 %endif
408
409 make \
410 BINDIR=%{_libdir}/ssh \
411 CDEBUGFLAGS="$RPM_OPT_FLAGS" \
412 CXXDEBUGFLAGS="$RPM_OPT_FLAGS"
413
414 # For some reason the x11-ssh-askpass.1.html file is not created on 10.0/10.1
415 # x86_64, so we just do it manually here... (oden)
416 rm -f x11-ssh-askpass.1x.html x11-ssh-askpass.1x-html
417 rman -f HTML < x11-ssh-askpass._man > x11-ssh-askpass.1x-html && \
418 mv -f x11-ssh-askpass.1x-html x11-ssh-askpass.1.html
419 popd
420 %endif
421
422 %if %{build_gnomeaskpass}
423 pushd contrib
424 make gnome-ssh-askpass2 CC="%__cc %optflags %ldflags"
425 mv gnome-ssh-askpass2 gnome-ssh-askpass
426 popd
427 %endif
428
429 %configure2_5x \
430 --prefix=%{_prefix} \
431 --sysconfdir=%{_sysconfdir}/ssh \
432 --mandir=%{_mandir} \
433 --libdir=%{_libdir} \
434 --libexecdir=%{_libdir}/ssh \
435 --datadir=%{_datadir}/ssh \
436 --disable-strip \
437 --with-tcp-wrappers \
438 --with-pam \
439 --with-default-path=%{OPENSSH_PATH} \
440 --with-xauth=%{XAUTH} \
441 --with-privsep-path=/var/empty \
442 --without-zlib-version-check \
443 %if %{build_krb5}
444 --with-kerberos5=%{_prefix} \
445 %endif
446 %if %{build_skey}
447 --with-skey \
448 %endif
449 %if %{build_ldap}
450 -with-ldap \
451 %endif
452 --with-superuser-path=/usr/local/sbin:/usr/local/bin:%{_sbindir}:%{_bindir} \
453 %if %{build_libedit}
454 --with-libedit \
455 %else
456 --without-libedit \
457 %endif
458 %if %{build_audit}
459 --with-linux-audit \
460 %endif
461
462 %make
463
464 %install
465 %makeinstall_std
466
467 install -d %{buildroot}%{_sysconfdir}/ssh
468 install -d %{buildroot}%{_sysconfdir}/pam.d/
469 install -d %{buildroot}%{_sysconfdir}/sysconfig
470 install -m 644 sshd.pam %{buildroot}%{_sysconfdir}/pam.d/sshd
471
472 if [ -f sshd_config.out ]; then
473 install -m 600 sshd_config.out %{buildroot}%{_sysconfdir}/ssh/sshd_config
474 else
475 install -m 600 sshd_config %{buildroot}%{_sysconfdir}/ssh/sshd_config
476 fi
477 echo "" > %{buildroot}%{_sysconfdir}/ssh/denyusers
478
479 if [ -f ssh_config.out ]; then
480 install -m 644 ssh_config.out %{buildroot}%{_sysconfdir}/ssh/ssh_config
481 else
482 install -m 644 ssh_config %{buildroot}%{_sysconfdir}/ssh/ssh_config
483 fi
484 echo " StrictHostKeyChecking no" >> %{buildroot}%{_sysconfdir}/ssh/ssh_config
485
486 mkdir -p %{buildroot}%{_libdir}/ssh
487 %if %{build_x11askpass}
488 pushd x11-ssh-askpass-%{aversion}
489 #make DESTDIR=%{buildroot} install
490 #make DESTDIR=%{buildroot} install.man
491 #install -d %{buildroot}%{_prefix}/X11R6/lib/X11/doc/html
492 #install -m0644 x11-ssh-askpass.1.html %{buildroot}%{_prefix}/X11R6/lib/X11/doc/html/
493 install -d %{buildroot}%{_libdir}/ssh
494 install -d %{buildroot}%{_sysconfdir}/X11/app-defaults
495 install -m 644 SshAskpass.ad %{buildroot}%{_sysconfdir}/X11/app-defaults/SshAskpass
496 install -m 755 x11-ssh-askpass %{buildroot}%{_libdir}/ssh/
497 install -m 644 x11-ssh-askpass.man %{buildroot}%{_mandir}/man1/x11-ssh-askpass.1
498 popd
499 %endif
500
501 install -d %{buildroot}%{_sysconfdir}/profile.d/
502 %if %{build_gnomeaskpass}
503 install -m 755 contrib/gnome-ssh-askpass %{buildroot}%{_libdir}/ssh/gnome-ssh-askpass
504 %endif
505
506 cat > %{buildroot}%{_sysconfdir}/profile.d/90ssh-askpass.csh <<EOF
507 setenv SSH_ASKPASS %{_libdir}/ssh/ssh-askpass
508 EOF
509
510 cat > %{buildroot}%{_sysconfdir}/profile.d/90ssh-askpass.sh <<EOF
511 export SSH_ASKPASS=%{_libdir}/ssh/ssh-askpass
512 EOF
513
514 cat > %{buildroot}%{_sysconfdir}/profile.d/90ssh-client.sh <<'EOF'
515 # fix hanging ssh clients on exit
516 if [ -n "$BASH_VERSION" ]; then
517 shopt -s huponexit
518 elif [ -n "$ZSH_VERSION" ]; then
519 setopt hup
520 fi
521 EOF
522
523 install -m 755 %{SOURCE3} %{buildroot}/%{_bindir}/ssh-copy-id
524 chmod a+x %{buildroot}/%{_bindir}/ssh-copy-id
525 install -m 644 contrib/ssh-copy-id.1 %{buildroot}/%{_mandir}/man1/
526
527 # create pre-authentication directory
528 install -d -m 755 %{buildroot}/var/empty
529
530 # remove unwanted files
531 rm -f %{buildroot}%{_libdir}/ssh/ssh-askpass
532
533 # xinetd support (tv)
534 install -d -m 755 %{buildroot}%{_sysconfdir}/xinetd.d/
535 install -m 644 %{SOURCE7} %{buildroot}%{_sysconfdir}/xinetd.d/sshd-xinetd
536
537 cat > %{buildroot}%{_sysconfdir}/sysconfig/sshd << EOF
538 #OPTIONS=""
539 EOF
540
541 # avahi integration support (misc)
542 mkdir -p %{buildroot}%{_sysconfdir}/avahi/services/
543 install -m 0644 %{SOURCE15} %{buildroot}%{_sysconfdir}/avahi/services/%{name}.service
544
545 install -d -m 755 %{buildroot}%{_unitdir}
546 install -m 644 %{SOURCE22} %{buildroot}%{_unitdir}/sshd.service
547 #install -m 644 %{SOURCE23} %{buildroot}%{_unitdir}/sshd@.service
548 #install -m 644 %{SOURCE24} %{buildroot}%{_unitdir}/sshd-keygen.service
549 #install -m 644 %{SOURCE25} %{buildroot}%{_unitdir}/sshd.socket
550 install -m 755 %{SOURCE26} %{buildroot}%{_sbindir}/sshd-keygen
551
552 # make sure strip can touch it
553 chmod 755 %{buildroot}%{_libdir}/ssh/ssh-keysign
554
555 sed -e 's,\$LIB,%{_libdir},g' -i %buildroot%_libdir/ssh/ssh-ldap-wrapper
556
557 %pre server
558 %_pre_useradd sshd /var/empty /sbin/nologin
559
560 %post server
561 # do some key management; taken from the initscript
562
563 KEYGEN=/usr/bin/ssh-keygen
564 RSA1_KEY=/etc/ssh/ssh_host_key
565 RSA_KEY=/etc/ssh/ssh_host_rsa_key
566 DSA_KEY=/etc/ssh/ssh_host_dsa_key
567 ECDSA_KEY=/etc/ssh/ssh_host_ecdsa_key
568
569 do_rsa1_keygen() {
570 if [ ! -s $RSA1_KEY ]; then
571 echo -n "Generating SSH1 RSA host key... "
572 if $KEYGEN -q -t rsa1 -f $RSA1_KEY -C '' -N '' >&/dev/null; then
573 chmod 600 $RSA1_KEY
574 chmod 644 $RSA1_KEY.pub
575 echo "done"
576 echo
577 else
578 echo "failed"
579 echo
580 exit 1
581 fi
582 fi
583 }
584
585 do_rsa_keygen() {
586 if [ ! -s $RSA_KEY ]; then
587 echo "Generating SSH2 RSA host key... "
588 if $KEYGEN -q -t rsa -f $RSA_KEY -C '' -N '' >&/dev/null; then
589 chmod 600 $RSA_KEY
590 chmod 644 $RSA_KEY.pub
591 echo "done"
592 echo
593 else
594 echo "failed"
595 echo
596 exit 1
597 fi
598 fi
599 }
600
601 do_dsa_keygen() {
602 if [ ! -s $DSA_KEY ]; then
603 echo "Generating SSH2 DSA host key... "
604 if $KEYGEN -q -t dsa -f $DSA_KEY -C '' -N '' >&/dev/null; then
605 chmod 600 $DSA_KEY
606 chmod 644 $DSA_KEY.pub
607 echo "done"
608 echo
609 else
610 echo "failed"
611 echo
612 exit 1
613 fi
614 fi
615 }
616
617 do_ecdsa_keygen() {
618 if [ ! -s $ECDSA_KEY ]; then
619 echo "Generating SSH2 EC DSA host key... "
620 if $KEYGEN -q -t dsa -f $ECDSA_KEY -C '' -N '' >&/dev/null; then
621 chmod 600 $ECDSA_KEY
622 chmod 644 $ECDSA_KEY.pub
623 echo "done"
624 echo
625 else
626 echo "failed"
627 echo
628 exit 1
629 fi
630 fi
631 }
632
633 do_rsa1_keygen
634 do_rsa_keygen
635 do_dsa_keygen
636 do_ecdsa_keygen
637 %_post_service sshd
638
639 %preun server
640 %_preun_service sshd
641
642 %postun server
643 %_postun_userdel sshd
644
645 %if %{build_x11askpass}
646 %post askpass
647 update-alternatives --install %{_libdir}/ssh/ssh-askpass ssh-askpass %{_libdir}/ssh/x11-ssh-askpass 10
648 update-alternatives --install %{_bindir}/ssh-askpass bssh-askpass %{_libdir}/ssh/x11-ssh-askpass 10
649
650 %postun askpass
651 [ $1 = 0 ] || exit 0
652 update-alternatives --remove ssh-askpass %{_libdir}/ssh/x11-ssh-askpass
653 update-alternatives --remove bssh-askpass %{_libdir}/ssh/x11-ssh-askpass
654 %endif
655
656 %if %{build_gnomeaskpass}
657 %post askpass-gnome
658 update-alternatives --install %{_libdir}/ssh/ssh-askpass ssh-askpass %{_libdir}/ssh/gnome-ssh-askpass 20
659 update-alternatives --install %{_bindir}/ssh-askpass bssh-askpass %{_libdir}/ssh/gnome-ssh-askpass 20
660
661 %postun askpass-gnome
662 [ $1 = 0 ] || exit 0
663 update-alternatives --remove ssh-askpass %{_libdir}/ssh/gnome-ssh-askpass
664 update-alternatives --remove bssh-askpass %{_libdir}/ssh/gnome-ssh-askpass
665 %endif
666
667 %triggerpostun server -- openssh-server < 3.8p1
668 if grep -qE "^\W*auth\W+\w+\W+.*pam_(ldap|winbind|mysql)" /etc/pam.d/system-auth /etc/pam.d/sshd; then
669 perl -pi -e 's|^#UsePAM no|UsePAM yes|' /etc/ssh/sshd_config
670 fi
671
672 %files
673 %doc ChangeLog OVERVIEW README* INSTALL CREDITS LICENCE TODO ssh_ldap_key.pl
674 %if %{build_ldap}
675 %doc *.schema
676 %endif
677 %if %{build_watchdog}
678 %doc CHANGES-openssh-watchdog openssh-watchdog.html
679 %endif
680 %if %{build_sftpcontrol}
681 %doc README.sftpfilecontrol
682 %endif
683 %{_bindir}/ssh-keygen
684 %dir %{_sysconfdir}/ssh
685 %{_bindir}/ssh-keyscan
686 %attr(4711,root,root) %{_libdir}/ssh/ssh-keysign
687 %{_libdir}/ssh/ssh-pkcs11-helper
688 %{_mandir}/man1/ssh-keygen.1*
689 %{_mandir}/man1/ssh-keyscan.1*
690 %{_mandir}/man8/ssh-keysign.8*
691 %{_mandir}/man8/ssh-pkcs11-helper.8*
692
693 %files clients
694 %{_bindir}/scp
695 %{_bindir}/ssh
696 %{_bindir}/ssh-agent
697 %{_bindir}/ssh-add
698 %{_bindir}/ssh-copy-id
699 %{_bindir}/slogin
700 %{_bindir}/sftp
701 %{_mandir}/man1/scp.1*
702 %{_mandir}/man1/ssh-copy-id.1*
703 %{_mandir}/man1/slogin.1*
704 %{_mandir}/man1/ssh.1*
705 %{_mandir}/man1/ssh-agent.1*
706 %{_mandir}/man1/ssh-add.1*
707 %{_mandir}/man1/sftp.1*
708 %{_mandir}/man5/ssh_config.5*
709 %config(noreplace) %{_sysconfdir}/ssh/ssh_config
710 %{_sysconfdir}/profile.d/90ssh-client.sh
711
712 %files server
713 %config(noreplace) %{_sysconfdir}/sysconfig/sshd
714 %{_sbindir}/sshd
715 %{_sbindir}/sshd-keygen
716 %dir %{_libdir}/ssh
717 %{_libdir}/ssh/sftp-server
718 %{_mandir}/man5/sshd_config.5*
719 %{_mandir}/man5/moduli.5*
720 %{_mandir}/man8/sshd.8*
721 %{_mandir}/man8/sftp-server.8*
722 %attr(0600,root,root) %config(noreplace) %{_sysconfdir}/ssh/sshd_config
723 %attr(0600,root,root) %config(noreplace) %{_sysconfdir}/ssh/denyusers
724 %attr(0600,root,root) %config(noreplace) %{_sysconfdir}/pam.d/sshd
725 %config(noreplace) %_sysconfdir/xinetd.d/sshd-xinetd
726 %config(noreplace) %{_sysconfdir}/avahi/services/%{name}.service
727 %config(noreplace) %{_sysconfdir}/ssh/moduli
728 %{_unitdir}/sshd.service
729 %dir /var/empty
730
731 %files askpass-common
732 %{_sysconfdir}/profile.d/90ssh-askpass.*
733
734 %if %{build_x11askpass}
735 %files askpass
736 %doc x11-ssh-askpass-%{aversion}/README
737 %doc x11-ssh-askpass-%{aversion}/ChangeLog
738 %doc x11-ssh-askpass-%{aversion}/SshAskpass*.ad
739 %doc x11-ssh-askpass-%{aversion}/x11-ssh-askpass.1.html
740 %{_libdir}/ssh/x11-ssh-askpass
741 %{_sysconfdir}/X11/app-defaults/SshAskpass
742 %{_mandir}/man1/x11-ssh-askpass.1*
743 %endif
744
745 %if %{build_gnomeaskpass}
746 %files askpass-gnome
747 %{_libdir}/ssh/gnome-ssh-askpass
748 %endif
749
750 %if %{build_ldap}
751 %files ldap
752 %doc HOWTO.ldap-keys openssh-lpk-openldap.schema openssh-lpk-sun.schema
753 %config %{_sysconfdir}/ssh/ldap.conf
754 %{_libdir}/ssh/ssh-ldap-helper
755 %{_libdir}/ssh/ssh-ldap-wrapper
756 %{_mandir}/man8/ssh-ldap-helper.8*
757 %{_mandir}/man5/ssh-ldap.conf.5*
758 %endif
  ViewVC Help
Powered by ViewVC 1.1.30