/[packages]/updates/5/openssh/current/SPECS/openssh.spec
ViewVC logotype

Contents of /updates/5/openssh/current/SPECS/openssh.spec

Parent Directory Parent Directory | Revision Log Revision Log

Revision 1186023 - (show annotations) (download)
Thu Dec 28 00:28:15 2017 UTC (6 years, 3 months ago) by luigiwalser
File size: 23588 byte(s) 
CVE-2016-8858 does not affect this version, remove patch
1 # Version of ssh-askpass
2 %define aversion 1.2.4.1
3 # Version of watchdog patch
4 %define wversion 4.4p1
5
6 # Version of the hpn patch
7 %define hpnver 13v6
8
9 # overrides
10 %define build_skey 0
11 %define build_krb5 1
12 %define build_watchdog 0
13 %define build_x11askpass 1
14 %define build_gnomeaskpass 1
15 %define build_ldap 1
16 %define build_sftpcontrol 0
17 %define build_hpn 0
18 %define build_audit 0
19 %define build_libedit 1
20
21 %{?_with_skey: %{expand: %%global build_skey 1}}
22 %{?_without_skey: %{expand: %%global build_skey 0}}
23 %{?_with_krb5: %{expand: %%global build_krb5 1}}
24 %{?_without_krb5: %{expand: %%global build_krb5 0}}
25 %{?_with_watchdog: %{expand: %%global build_watchdog 1}}
26 %{?_without_watchdog: %{expand: %%global build_watchdog 0}}
27 %{?_with_x11askpass: %{expand: %%global build_x11askpass 1}}
28 %{?_without_x11askpass: %{expand: %%global build_x11askpass 0}}
29 %{?_with_gnomeaskpass: %{expand: %%global build_gnomeaskpass 1}}
30 %{?_without_gnomeaskpass: %{expand: %%global build_gnomeaskpass 0}}
31 %{?_with_ldap: %{expand: %%global build_ldap 1}}
32 %{?_without_ldap: %{expand: %%global build_ldap 0}}
33 %{?_with_sftpcontrol: %{expand: %%global build_sftpcontrol 1}}
34 %{?_without_sftpcontrol: %{expand: %%global build_sftpcontrol 0}}
35 %{?_with_hpn: %{expand: %%global build_hpn 1}}
36 %{?_without_hpn: %{expand: %%global build_hpn 0}}
37 %{?_with_audit: %{expand: %%global build_audit 1}}
38 %{?_without_audit: %{expand: %%global build_audit 0}}
39 %{?_with_libedit: %{expand: %%global build_libedit 1}}
40 %{?_without_libedit: %{expand: %%global build_libedit 0}}
41
42 %define OPENSSH_PATH "/usr/local/bin:%{_bindir}"
43 %define XAUTH %{_bindir}/xauth
44
45 Summary: OpenSSH free Secure Shell (SSH) implementation
46 Name: openssh
47 Version: 6.6p1
48 %define subrel 10
49 Release: %mkrel 5
50 License: BSD
51 Group: Networking/Remote access
52 URL: http://www.openssh.com/
53 Source0: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz
54 Source1: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz.asc
55 Source2: http://www.ntrnet.net/~jmknoble/software/x11-ssh-askpass/x11-ssh-askpass-%{aversion}.tar.bz2
56 # ssh-copy-id taken from debian, with "usage" added
57 Source3: ssh-copy-id
58 Source7: openssh-xinetd
59 Source9: README.sftpfilecontrol
60 # this is never to be applied by default
61 # http://www.sc.isc.tohoku.ac.jp/~hgot/sources/openssh-watchdog.html
62 Source10: openssh-%{wversion}-watchdog.patch.tgz
63 Source12: ssh_ldap_key.pl
64 Source15: ssh-avahi-integration
65 Source17: sshd.pam
66 Source21: README.hpn
67 Source22: sshd.service
68 Source23: sshd@.service
69 Source24: sshd-keygen.service
70 Source25: sshd.socket
71 Source26: sshd-keygen
72 # patch to set some default configuration
73 Patch1: openssh-6.5p1-config.patch
74 # rediffed from openssh-4.4p1-watchdog.patch.tgz
75 Patch4: openssh-4.4p1-watchdog.diff
76 # ldap support, from Fedora
77 Patch501: openssh-6.5p1-ldap.patch
78 # http://sftpfilecontrol.sourceforge.net
79 # Not applied by default
80 # P7 is rediffed and slightly adjusted from http://sftplogging.sourceforge.net/download/v1.5/openssh-4.4p1.sftplogging-v1.5.patch
81 Patch7: openssh-4.9p1.sftplogging-v1.5.diff
82 # (tpg) http://www.psc.edu/networking/projects/hpn-ssh/
83 Patch11: http://www.psc.edu/networking/projects/hpn-ssh/openssh-5.2p1-hpn%{hpnver}.diff
84 Patch12: http://www.psc.edu/networking/projects/hpn-ssh/openssh5.1-peaktput.diff
85 #gw: from Fedora:
86 #fix round-robin DNS with GSSAPI authentification
87 Patch13: openssh-4.3p2-gssapi-canohost.patch
88 Patch14: openssh-4.7p1-audit.patch
89 Patch17: openssh-5.1p1-askpass-progress.patch
90 Patch18: openssh-4.3p2-askpass-grab-info.patch
91 Patch19: openssh-5.6p1-exit-deadlock.patch
92 Patch20: openssh-6.6p1-CVE-2014-2653.patch
93 Patch21: openssh_tcp_wrappers.patch
94 Patch22: openssh-6.6p1-CVE-2015-5352.patch
95 Patch23: openssh-6.9p1-CVE-2015-5600.patch
96 # Handle terminal control characters in scp progressmeter (rhbz#1247204)
97 Patch24: openssh-6.6p1-scp-progressmeter.patch
98 # Vulnerabilities published with openssh-7.0:
99 # Privilege separation weakness related to PAM support (rhbz#1252844)
100 # Use-after-free bug related to PAM support (rhbz#1252852)
101 Patch25: openssh-6.6p1-security-7.0.patch
102 Patch26: openssh-7.1p1-CVE-2016-0777.patch
103 Patch27: openssh-7.2p2-CVE-2015-8325.patch
104 Patch28: openssh-7.2p2-user-enumeration.patch
105 Patch29: openssh-6.6p1-CVE-2017-15906.patch
106 Patch30: openssh-6.6p1-CVE-2016-10012.patch
107 # CVE-2016-3115
108 # https://github.com/openssh/openssh-portable/commit/9d47b8d3f50c3a6282896df8274147e3b9a38c56.patch
109 Patch100: 9d47b8d3f50c3a6282896df8274147e3b9a38c56.patch
110 Provides: ssh
111 Requires(post): openssl >= 0.9.7
112 Requires(post): makedev
113 Requires(preun): openssl >= 0.9.7
114 Requires: tcp_wrappers
115 BuildRequires: groff-for-man
116 BuildRequires: openssl-devel >= 0.9.7
117 BuildRequires: pam-devel
118 BuildRequires: tcp_wrappers-devel
119 BuildRequires: zlib-devel
120 %if %{build_skey}
121 BuildRequires: skey-devel
122 %endif
123 %if %{build_krb5}
124 BuildRequires: krb5-devel
125 %endif
126 %if %{build_x11askpass}
127 BuildRequires: imake
128 BuildRequires: rman
129 # http://qa.mandriva.com/show_bug.cgi?id=22736
130 BuildRequires: x11-util-cf-files >= 1.0.2
131 BuildRequires: gccmakedep
132 BuildRequires: libx11-devel
133 BuildRequires: libxt-devel
134 %endif
135 %if %{build_gnomeaskpass}
136 BuildRequires: gtk+2-devel
137 %endif
138 %if %{build_ldap}
139 BuildRequires: openldap-devel >= 2.0
140 %endif
141 %if %{build_audit}
142 BuildRequires: audit-devel
143 %endif
144 %if %{build_libedit}
145 BuildRequires: edit-devel
146 BuildRequires: ncurses-devel
147 %endif
148 BuildConflicts: libgssapi-devel
149
150 %description
151 Ssh (Secure Shell) is a program for logging into a remote machine and for
152 executing commands in a remote machine. It is intended to replace
153 rlogin and rsh, and provide secure encrypted communications between
154 two untrusted hosts over an insecure network. X11 connections and
155 arbitrary TCP/IP ports can also be forwarded over the secure channel.
156
157 OpenSSH is OpenBSD's rework of the last free version of SSH, bringing it
158 up to date in terms of security and features, as well as removing all
159 patented algorithms to separate libraries (OpenSSL).
160
161 This package includes the core files necessary for both the OpenSSH
162 client and server. To make this package useful, you should also
163 install openssh-clients, openssh-server, or both.
164
165 You can build %{name} with some conditional build swithes;
166
167 (ie. use with rpm --rebuild):
168
169 --with[out] skey smartcard support (disabled)
170 --with[out] krb5 kerberos support (enabled)
171 --with[out] watchdog watchdog support (disabled)
172 --with[out] x11askpass X11 ask pass support (enabled)
173 --with[out] gnomeaskpass Gnome ask pass support (enabled)
174 --with[out] ldap OpenLDAP support (enabled)
175 --with[out] sftpcontrol sftp file control support (disabled)
176 --with[out] hpn HPN ssh/scp support (disabled)
177 --with[out] audit audit support (disabled)
178 --with[out] libedit libedit support in sftp (enabled)
179
180 %package clients
181 Summary: OpenSSH Secure Shell protocol clients
182 Group: Networking/Remote access
183 Requires: %{name} = %{version}-%{release}
184 Provides: ssh-clients, sftp, ssh
185
186 %description clients
187 Ssh (Secure Shell) is a program for logging into a remote machine and for
188 executing commands in a remote machine. It is intended to replace
189 rlogin and rsh, and provide secure encrypted communications between
190 two untrusted hosts over an insecure network. X11 connections and
191 arbitrary TCP/IP ports can also be forwarded over the secure channel.
192
193 OpenSSH is OpenBSD's rework of the last free version of SSH, bringing it
194 up to date in terms of security and features, as well as removing all
195 patented algorithms to separate libraries (OpenSSL).
196
197 This package includes the clients necessary to make encrypted connections
198 to SSH servers.
199
200 %package server
201 Summary: OpenSSH Secure Shell protocol server (sshd)
202 Group: System/Servers
203 Requires(pre): %{name} = %{version}-%{release} chkconfig >= 0.9
204 Requires(pre): pam >= 0.74
205 Requires(post): rpm-helper >= 0.24.8-1
206 Requires(preun): rpm-helper >= 0.24.8-1
207 Requires(post): openssl >= 0.9.7
208 Requires(post): makedev
209 Requires: %{name}-clients = %{version}-%{release}
210 %if %{build_skey}
211 Requires: skey
212 %endif
213 %if %{build_audit}
214 BuildRequires: audit
215 %endif
216 Provides: ssh-server, sshd
217
218 %description server
219 Ssh (Secure Shell) is a program for logging into a remote machine and for
220 executing commands in a remote machine. It is intended to replace
221 rlogin and rsh, and provide secure encrypted communications between
222 two untrusted hosts over an insecure network. X11 connections and
223 arbitrary TCP/IP ports can also be forwarded over the secure channel.
224
225 OpenSSH is OpenBSD's rework of the last free version of SSH, bringing it
226 up to date in terms of security and features, as well as removing all
227 patented algorithms to separate libraries (OpenSSL).
228
229 This package contains the secure shell daemon. The sshd is the server
230 part of the secure shell protocol and allows ssh clients to connect to
231 your host.
232
233 %package askpass-common
234 Summary: OpenSSH X11 passphrase common scripts
235 Group: Networking/Remote access
236
237 %description askpass-common
238 OpenSSH X11 passphrase common scripts
239
240 %if %{build_x11askpass}
241 %package askpass
242 Summary: OpenSSH X11 passphrase dialog
243 Group: Networking/Remote access
244 Requires: %{name} = %{version}-%{release}
245 Requires: %{name}-askpass-common
246 Provides: ssh-extras, ssh-askpass
247 Requires(pre): update-alternatives
248
249 %description askpass
250 Ssh (Secure Shell) is a program for logging into a remote machine and for
251 executing commands in a remote machine. It is intended to replace
252 rlogin and rsh, and provide secure encrypted communications between
253 two untrusted hosts over an insecure network. X11 connections and
254 arbitrary TCP/IP ports can also be forwarded over the secure channel.
255
256 OpenSSH is OpenBSD's rework of the last free version of SSH, bringing it
257 up to date in terms of security and features, as well as removing all
258 patented algorithms to separate libraries (OpenSSL).
259
260 This package contains Jim Knoble's <jmknoble@pobox.com> X11 passphrase
261 dialog.
262 %endif
263
264 %if %{build_gnomeaskpass}
265 %package askpass-gnome
266 Summary: OpenSSH GNOME passphrase dialog
267 Group: Networking/Remote access
268 Requires: %{name} = %{version}-%{release}
269 Requires: %{name}-askpass-common
270 Requires(pre): update-alternatives
271 Provides: %{name}-askpass, ssh-askpass, ssh-extras
272
273 %description askpass-gnome
274 Ssh (Secure Shell) is a program for logging into a remote machine and for
275 executing commands in a remote machine. It is intended to replace
276 rlogin and rsh, and provide secure encrypted communications between
277 two untrusted hosts over an insecure network. X11 connections and
278 arbitrary TCP/IP ports can also be forwarded over the secure channel.
279
280 OpenSSH is OpenBSD's rework of the last free version of SSH, bringing it
281 up to date in terms of security and features, as well as removing all
282 patented algorithms to separate libraries (OpenSSL).
283
284 This package contains the GNOME passphrase dialog.
285 %endif
286
287 %if %{build_ldap}
288 %package ldap
289 Summary: A LDAP support for open source SSH server daemon
290 Group: Networking/Remote access
291 Requires: %{name} = %{version}-%{release}
292
293 %description ldap
294 OpenSSH LDAP backend is a way how to distribute the authorized tokens
295 among the servers in the network.
296 %endif
297
298 %prep
299 %if %{build_x11askpass}
300 echo "Building with x11 askpass..."
301 %endif
302 %if %{build_gnomeaskpass}
303 echo "Building with GNOME askpass..."
304 %endif
305 %if %{build_krb5}
306 echo "Building with Kerberos5 support..."
307 %endif
308 %if %{build_skey}
309 echo "Building with S/KEY support..."
310 %endif
311 %if %{build_watchdog}
312 echo "Building with watchdog support..."
313 %endif
314 %if %{build_ldap}
315 echo "Buiding with support for authenticating to public keys in ldap"
316 %endif
317 %if %{build_sftpcontrol}
318 echo "Buiding with support for sftp file control"
319 %endif
320 %if %{build_hpn}
321 echo "Buiding with support for High Performance Network SSH/SCP"
322 %endif
323 %if %{build_audit}
324 echo "Buiding with audit support"
325 %endif
326
327 %setup -q -a2 -a10
328
329 %patch1 -p1 -b .config
330 %if %{build_watchdog}
331 #patch -p0 -s -z .wdog < %{name}-%{wversion}-watchdog.patch
332 %patch4 -p1 -b .watchdog
333 %endif
334 %if %{build_ldap}
335 %patch501 -p1 -b .ldap
336 %endif
337 %if %{build_sftpcontrol}
338 #cat %{SOURCE8} | patch -p1 -s -z .sftpcontrol
339 echo "This patch is broken or needs to be updated/rediffed"; exit 1
340 %patch7 -p1 -b .sftplogging-v1.5
341 # README with license terms for this patch
342 install -m 0644 %{SOURCE9} .
343 %endif
344 %if %{build_hpn}
345 echo "This patch is broken or needs to be updated/rediffed"; exit 1
346 %patch11 -p1 -b .hpn
347 %patch12 -p1 -b .peak
348 install %{SOURCE21} .
349 %endif
350 %patch13 -p1 -b .canohost
351 %if %{build_audit}
352 %patch14 -p1 -b .audit
353 %endif
354 %patch17 -p1 -b .progress
355 %patch18 -p1 -b .grab-info
356 %patch19 -p1 -b .exit-deadlock
357 %patch20 -p1 -b .CVE-2014-2653
358 %patch21 -p1 -b .tcp_wrappers_mips
359 %patch22 -p1 -b .CVE-2015-5352
360 %patch23 -p1 -b .CVE-2015-5600
361 #patch24 -p1 -b .progressmeter
362 %patch25 -p1 -b .security7
363 %patch26 -p0 -b .CVE-2016-0777
364 %patch27 -p1 -b .CVE-2015-8325
365 %patch28 -p1 -b .CVE-2016-6515
366 %patch29 -p1 -b .CVE-2017-15906
367 %patch30 -p1 -b .CVE-2016-10012
368 %patch100 -p1 -b .CVE-2016-3115
369
370 install %{SOURCE12} .
371
372 install -m 0644 %{SOURCE17} sshd.pam
373
374 # fix attribs
375 chmod 644 ChangeLog OVERVIEW README* INSTALL CREDITS LICENCE TODO ssh_ldap_key.pl
376
377 # http://qa.mandriva.com/show_bug.cgi?id=22957
378 perl -pi -e "s|_OPENSSH_PATH_|%{OPENSSH_PATH}|g" sshd_config
379
380 %build
381 autoreconf
382
383 %serverbuild
384
385 %if %{build_x11askpass}
386 pushd x11-ssh-askpass-%{aversion}
387 %configure2_5x \
388 --prefix=%{_prefix} --libdir=%{_libdir} \
389 --mandir=%{_mandir} --libexecdir=%{_libdir}/ssh \
390 --with-app-defaults-dir=%{_sysconfdir}/X11/app-defaults \
391 %if %{build_libedit}
392 --with-libedit \
393 %else
394 --without-libedit \
395 %endif
396
397 xmkmf -a
398
399 %ifarch x86_64
400 perl -pi -e "s|/usr/lib\b|%{_libdir}|g" Makefile
401 perl -pi -e "s|i586-%{_vendor}-linux-gnu|x86_64-%{_vendor}-linux-gnu|g" Makefile
402 perl -pi -e "s|%{_libdir}/gcc/|/usr/lib/gcc/|g" Makefile
403 perl -pi -e "s|-m32|-m64|g" Makefile
404 perl -pi -e "s|__i386__|__x86_64__|g" Makefile
405 %endif
406
407 make \
408 BINDIR=%{_libdir}/ssh \
409 CDEBUGFLAGS="$RPM_OPT_FLAGS" \
410 CXXDEBUGFLAGS="$RPM_OPT_FLAGS"
411
412 # For some reason the x11-ssh-askpass.1.html file is not created on 10.0/10.1
413 # x86_64, so we just do it manually here... (oden)
414 rm -f x11-ssh-askpass.1x.html x11-ssh-askpass.1x-html
415 rman -f HTML < x11-ssh-askpass._man > x11-ssh-askpass.1x-html && \
416 mv -f x11-ssh-askpass.1x-html x11-ssh-askpass.1.html
417 popd
418 %endif
419
420 %if %{build_gnomeaskpass}
421 pushd contrib
422 make gnome-ssh-askpass2 CC="%__cc %optflags %ldflags"
423 mv gnome-ssh-askpass2 gnome-ssh-askpass
424 popd
425 %endif
426
427 %configure2_5x \
428 --prefix=%{_prefix} \
429 --sysconfdir=%{_sysconfdir}/ssh \
430 --mandir=%{_mandir} \
431 --libdir=%{_libdir} \
432 --libexecdir=%{_libdir}/ssh \
433 --datadir=%{_datadir}/ssh \
434 --disable-strip \
435 --with-tcp-wrappers \
436 --with-pam \
437 --with-default-path=%{OPENSSH_PATH} \
438 --with-xauth=%{XAUTH} \
439 --with-privsep-path=/var/empty \
440 --without-zlib-version-check \
441 %if %{build_krb5}
442 --with-kerberos5=%{_prefix} \
443 %endif
444 %if %{build_skey}
445 --with-skey \
446 %endif
447 %if %{build_ldap}
448 -with-ldap \
449 %endif
450 --with-superuser-path=/usr/local/sbin:/usr/local/bin:%{_sbindir}:%{_bindir} \
451 %if %{build_libedit}
452 --with-libedit \
453 %else
454 --without-libedit \
455 %endif
456 %if %{build_audit}
457 --with-linux-audit \
458 %endif
459
460 %make
461
462 %install
463 %makeinstall_std
464
465 install -d %{buildroot}%{_sysconfdir}/ssh
466 install -d %{buildroot}%{_sysconfdir}/pam.d/
467 install -d %{buildroot}%{_sysconfdir}/sysconfig
468 install -m 644 sshd.pam %{buildroot}%{_sysconfdir}/pam.d/sshd
469
470 if [ -f sshd_config.out ]; then
471 install -m 600 sshd_config.out %{buildroot}%{_sysconfdir}/ssh/sshd_config
472 else
473 install -m 600 sshd_config %{buildroot}%{_sysconfdir}/ssh/sshd_config
474 fi
475 echo "" > %{buildroot}%{_sysconfdir}/ssh/denyusers
476
477 if [ -f ssh_config.out ]; then
478 install -m 644 ssh_config.out %{buildroot}%{_sysconfdir}/ssh/ssh_config
479 else
480 install -m 644 ssh_config %{buildroot}%{_sysconfdir}/ssh/ssh_config
481 fi
482 echo " StrictHostKeyChecking no" >> %{buildroot}%{_sysconfdir}/ssh/ssh_config
483
484 mkdir -p %{buildroot}%{_libdir}/ssh
485 %if %{build_x11askpass}
486 pushd x11-ssh-askpass-%{aversion}
487 #make DESTDIR=%{buildroot} install
488 #make DESTDIR=%{buildroot} install.man
489 #install -d %{buildroot}%{_prefix}/X11R6/lib/X11/doc/html
490 #install -m0644 x11-ssh-askpass.1.html %{buildroot}%{_prefix}/X11R6/lib/X11/doc/html/
491 install -d %{buildroot}%{_libdir}/ssh
492 install -d %{buildroot}%{_sysconfdir}/X11/app-defaults
493 install -m 644 SshAskpass.ad %{buildroot}%{_sysconfdir}/X11/app-defaults/SshAskpass
494 install -m 755 x11-ssh-askpass %{buildroot}%{_libdir}/ssh/
495 install -m 644 x11-ssh-askpass.man %{buildroot}%{_mandir}/man1/x11-ssh-askpass.1
496 popd
497 %endif
498
499 install -d %{buildroot}%{_sysconfdir}/profile.d/
500 %if %{build_gnomeaskpass}
501 install -m 755 contrib/gnome-ssh-askpass %{buildroot}%{_libdir}/ssh/gnome-ssh-askpass
502 %endif
503
504 cat > %{buildroot}%{_sysconfdir}/profile.d/90ssh-askpass.csh <<EOF
505 setenv SSH_ASKPASS %{_libdir}/ssh/ssh-askpass
506 EOF
507
508 cat > %{buildroot}%{_sysconfdir}/profile.d/90ssh-askpass.sh <<EOF
509 export SSH_ASKPASS=%{_libdir}/ssh/ssh-askpass
510 EOF
511
512 cat > %{buildroot}%{_sysconfdir}/profile.d/90ssh-client.sh <<'EOF'
513 # fix hanging ssh clients on exit
514 if [ -n "$BASH_VERSION" ]; then
515 shopt -s huponexit
516 elif [ -n "$ZSH_VERSION" ]; then
517 setopt hup
518 fi
519 EOF
520
521 install -m 755 %{SOURCE3} %{buildroot}/%{_bindir}/ssh-copy-id
522 chmod a+x %{buildroot}/%{_bindir}/ssh-copy-id
523 install -m 644 contrib/ssh-copy-id.1 %{buildroot}/%{_mandir}/man1/
524
525 # create pre-authentication directory
526 install -d -m 755 %{buildroot}/var/empty
527
528 # remove unwanted files
529 rm -f %{buildroot}%{_libdir}/ssh/ssh-askpass
530
531 # xinetd support (tv)
532 install -d -m 755 %{buildroot}%{_sysconfdir}/xinetd.d/
533 install -m 644 %{SOURCE7} %{buildroot}%{_sysconfdir}/xinetd.d/sshd-xinetd
534
535 cat > %{buildroot}%{_sysconfdir}/sysconfig/sshd << EOF
536 #OPTIONS=""
537 EOF
538
539 # avahi integration support (misc)
540 mkdir -p %{buildroot}%{_sysconfdir}/avahi/services/
541 install -m 0644 %{SOURCE15} %{buildroot}%{_sysconfdir}/avahi/services/%{name}.service
542
543 install -d -m 755 %{buildroot}%{_unitdir}
544 install -m 644 %{SOURCE22} %{buildroot}%{_unitdir}/sshd.service
545 #install -m 644 %{SOURCE23} %{buildroot}%{_unitdir}/sshd@.service
546 #install -m 644 %{SOURCE24} %{buildroot}%{_unitdir}/sshd-keygen.service
547 #install -m 644 %{SOURCE25} %{buildroot}%{_unitdir}/sshd.socket
548 install -m 755 %{SOURCE26} %{buildroot}%{_sbindir}/sshd-keygen
549
550 # make sure strip can touch it
551 chmod 755 %{buildroot}%{_libdir}/ssh/ssh-keysign
552
553 sed -e 's,\$LIB,%{_libdir},g' -i %buildroot%_libdir/ssh/ssh-ldap-wrapper
554
555 %pre server
556 %_pre_useradd sshd /var/empty /sbin/nologin
557
558 %post server
559 # do some key management; taken from the initscript
560
561 KEYGEN=/usr/bin/ssh-keygen
562 RSA1_KEY=/etc/ssh/ssh_host_key
563 RSA_KEY=/etc/ssh/ssh_host_rsa_key
564 DSA_KEY=/etc/ssh/ssh_host_dsa_key
565 ECDSA_KEY=/etc/ssh/ssh_host_ecdsa_key
566
567 do_rsa1_keygen() {
568 if [ ! -s $RSA1_KEY ]; then
569 echo -n "Generating SSH1 RSA host key... "
570 if $KEYGEN -q -t rsa1 -f $RSA1_KEY -C '' -N '' >&/dev/null; then
571 chmod 600 $RSA1_KEY
572 chmod 644 $RSA1_KEY.pub
573 echo "done"
574 echo
575 else
576 echo "failed"
577 echo
578 exit 1
579 fi
580 fi
581 }
582
583 do_rsa_keygen() {
584 if [ ! -s $RSA_KEY ]; then
585 echo "Generating SSH2 RSA host key... "
586 if $KEYGEN -q -t rsa -f $RSA_KEY -C '' -N '' >&/dev/null; then
587 chmod 600 $RSA_KEY
588 chmod 644 $RSA_KEY.pub
589 echo "done"
590 echo
591 else
592 echo "failed"
593 echo
594 exit 1
595 fi
596 fi
597 }
598
599 do_dsa_keygen() {
600 if [ ! -s $DSA_KEY ]; then
601 echo "Generating SSH2 DSA host key... "
602 if $KEYGEN -q -t dsa -f $DSA_KEY -C '' -N '' >&/dev/null; then
603 chmod 600 $DSA_KEY
604 chmod 644 $DSA_KEY.pub
605 echo "done"
606 echo
607 else
608 echo "failed"
609 echo
610 exit 1
611 fi
612 fi
613 }
614
615 do_ecdsa_keygen() {
616 if [ ! -s $ECDSA_KEY ]; then
617 echo "Generating SSH2 EC DSA host key... "
618 if $KEYGEN -q -t dsa -f $ECDSA_KEY -C '' -N '' >&/dev/null; then
619 chmod 600 $ECDSA_KEY
620 chmod 644 $ECDSA_KEY.pub
621 echo "done"
622 echo
623 else
624 echo "failed"
625 echo
626 exit 1
627 fi
628 fi
629 }
630
631 do_rsa1_keygen
632 do_rsa_keygen
633 do_dsa_keygen
634 do_ecdsa_keygen
635 %_post_service sshd
636
637 %preun server
638 %_preun_service sshd
639
640 %postun server
641 %_postun_userdel sshd
642
643 %if %{build_x11askpass}
644 %post askpass
645 update-alternatives --install %{_libdir}/ssh/ssh-askpass ssh-askpass %{_libdir}/ssh/x11-ssh-askpass 10
646 update-alternatives --install %{_bindir}/ssh-askpass bssh-askpass %{_libdir}/ssh/x11-ssh-askpass 10
647
648 %postun askpass
649 [ $1 = 0 ] || exit 0
650 update-alternatives --remove ssh-askpass %{_libdir}/ssh/x11-ssh-askpass
651 update-alternatives --remove bssh-askpass %{_libdir}/ssh/x11-ssh-askpass
652 %endif
653
654 %if %{build_gnomeaskpass}
655 %post askpass-gnome
656 update-alternatives --install %{_libdir}/ssh/ssh-askpass ssh-askpass %{_libdir}/ssh/gnome-ssh-askpass 20
657 update-alternatives --install %{_bindir}/ssh-askpass bssh-askpass %{_libdir}/ssh/gnome-ssh-askpass 20
658
659 %postun askpass-gnome
660 [ $1 = 0 ] || exit 0
661 update-alternatives --remove ssh-askpass %{_libdir}/ssh/gnome-ssh-askpass
662 update-alternatives --remove bssh-askpass %{_libdir}/ssh/gnome-ssh-askpass
663 %endif
664
665 %triggerpostun server -- openssh-server < 3.8p1
666 if grep -qE "^\W*auth\W+\w+\W+.*pam_(ldap|winbind|mysql)" /etc/pam.d/system-auth /etc/pam.d/sshd; then
667 perl -pi -e 's|^#UsePAM no|UsePAM yes|' /etc/ssh/sshd_config
668 fi
669
670 %files
671 %doc ChangeLog OVERVIEW README* INSTALL CREDITS LICENCE TODO ssh_ldap_key.pl
672 %if %{build_ldap}
673 %doc *.schema
674 %endif
675 %if %{build_watchdog}
676 %doc CHANGES-openssh-watchdog openssh-watchdog.html
677 %endif
678 %if %{build_sftpcontrol}
679 %doc README.sftpfilecontrol
680 %endif
681 %{_bindir}/ssh-keygen
682 %dir %{_sysconfdir}/ssh
683 %{_bindir}/ssh-keyscan
684 %attr(4711,root,root) %{_libdir}/ssh/ssh-keysign
685 %{_libdir}/ssh/ssh-pkcs11-helper
686 %{_mandir}/man1/ssh-keygen.1*
687 %{_mandir}/man1/ssh-keyscan.1*
688 %{_mandir}/man8/ssh-keysign.8*
689 %{_mandir}/man8/ssh-pkcs11-helper.8*
690
691 %files clients
692 %{_bindir}/scp
693 %{_bindir}/ssh
694 %{_bindir}/ssh-agent
695 %{_bindir}/ssh-add
696 %{_bindir}/ssh-copy-id
697 %{_bindir}/slogin
698 %{_bindir}/sftp
699 %{_mandir}/man1/scp.1*
700 %{_mandir}/man1/ssh-copy-id.1*
701 %{_mandir}/man1/slogin.1*
702 %{_mandir}/man1/ssh.1*
703 %{_mandir}/man1/ssh-agent.1*
704 %{_mandir}/man1/ssh-add.1*
705 %{_mandir}/man1/sftp.1*
706 %{_mandir}/man5/ssh_config.5*
707 %config(noreplace) %{_sysconfdir}/ssh/ssh_config
708 %{_sysconfdir}/profile.d/90ssh-client.sh
709
710 %files server
711 %config(noreplace) %{_sysconfdir}/sysconfig/sshd
712 %{_sbindir}/sshd
713 %{_sbindir}/sshd-keygen
714 %dir %{_libdir}/ssh
715 %{_libdir}/ssh/sftp-server
716 %{_mandir}/man5/sshd_config.5*
717 %{_mandir}/man5/moduli.5*
718 %{_mandir}/man8/sshd.8*
719 %{_mandir}/man8/sftp-server.8*
720 %attr(0600,root,root) %config(noreplace) %{_sysconfdir}/ssh/sshd_config
721 %attr(0600,root,root) %config(noreplace) %{_sysconfdir}/ssh/denyusers
722 %attr(0600,root,root) %config(noreplace) %{_sysconfdir}/pam.d/sshd
723 %config(noreplace) %_sysconfdir/xinetd.d/sshd-xinetd
724 %config(noreplace) %{_sysconfdir}/avahi/services/%{name}.service
725 %config(noreplace) %{_sysconfdir}/ssh/moduli
726 %{_unitdir}/sshd.service
727 %dir /var/empty
728
729 %files askpass-common
730 %{_sysconfdir}/profile.d/90ssh-askpass.*
731
732 %if %{build_x11askpass}
733 %files askpass
734 %doc x11-ssh-askpass-%{aversion}/README
735 %doc x11-ssh-askpass-%{aversion}/ChangeLog
736 %doc x11-ssh-askpass-%{aversion}/SshAskpass*.ad
737 %doc x11-ssh-askpass-%{aversion}/x11-ssh-askpass.1.html
738 %{_libdir}/ssh/x11-ssh-askpass
739 %{_sysconfdir}/X11/app-defaults/SshAskpass
740 %{_mandir}/man1/x11-ssh-askpass.1*
741 %endif
742
743 %if %{build_gnomeaskpass}
744 %files askpass-gnome
745 %{_libdir}/ssh/gnome-ssh-askpass
746 %endif
747
748 %if %{build_ldap}
749 %files ldap
750 %doc HOWTO.ldap-keys openssh-lpk-openldap.schema openssh-lpk-sun.schema
751 %config %{_sysconfdir}/ssh/ldap.conf
752 %{_libdir}/ssh/ssh-ldap-helper
753 %{_libdir}/ssh/ssh-ldap-wrapper
754 %{_mandir}/man8/ssh-ldap-helper.8*
755 %{_mandir}/man5/ssh-ldap.conf.5*
756 %endif
  ViewVC Help
Powered by ViewVC 1.1.30