1180740Sdes 2180740Sdes# Some of this will need re-evaluation post-LSB. The SVIdir is there 3180740Sdes# because the link appeared broken. The rest is for easy compilation, 4180740Sdes# the tradeoff open to discussion. (LC957) 5180740Sdes 6180740Sdes%define SVIdir /etc/rc.d/init.d 7180740Sdes%{!?_defaultdocdir:%define _defaultdocdir %{_prefix}/share/doc/packages} 8180740Sdes%{!?SVIcdir:%define SVIcdir /etc/sysconfig/daemons} 9180740Sdes 10180740Sdes%define _mandir %{_prefix}/share/man/en 11180740Sdes%define _sysconfdir /etc/ssh 12180740Sdes%define _libexecdir %{_libdir}/ssh 13180740Sdes 14180740Sdes# Do we want to disable root_login? (1=yes 0=no) 15180740Sdes%define no_root_login 0 16180740Sdes 17180740Sdes#old cvs stuff. please update before use. may be deprecated. 18180740Sdes%define use_stable 1 19264377Sdes%define version 6.6p1 20180740Sdes%if %{use_stable} 21180740Sdes %define cvs %{nil} 22180740Sdes %define release 1 23180740Sdes%else 24180740Sdes %define cvs cvs20050315 25180740Sdes %define release 0r1 26180740Sdes%endif 27180740Sdes%define xsa x11-ssh-askpass 28180740Sdes%define askpass %{xsa}-1.2.4.1 29180740Sdes 30180740Sdes# OpenSSH privilege separation requires a user & group ID 31180740Sdes%define sshd_uid 67 32180740Sdes%define sshd_gid 67 33180740Sdes 34180740SdesName : openssh 35180740SdesVersion : %{version}%{cvs} 36180740SdesRelease : %{release} 37180740SdesGroup : System/Network 38180740Sdes 39180740SdesSummary : OpenSSH free Secure Shell (SSH) implementation. 40180740SdesSummary(de) : OpenSSH - freie Implementation der Secure Shell (SSH). 41180740SdesSummary(es) : OpenSSH implementaci�n libre de Secure Shell (SSH). 42180740SdesSummary(fr) : Impl�mentation libre du shell s�curis� OpenSSH (SSH). 43180740SdesSummary(it) : Implementazione gratuita OpenSSH della Secure Shell. 44180740SdesSummary(pt) : Implementa��o livre OpenSSH do protocolo 'Secure Shell' (SSH). 45180740SdesSummary(pt_BR) : Implementa��o livre OpenSSH do protocolo Secure Shell (SSH). 46180740Sdes 47180740SdesCopyright : BSD 48180740SdesPackager : Raymund Will <ray@caldera.de> 49180740SdesURL : http://www.openssh.com/ 50180740Sdes 51180740SdesObsoletes : ssh, ssh-clients, openssh-clients 52180740Sdes 53180740SdesBuildRoot : /tmp/%{name}-%{version} 54180740SdesBuildRequires : XFree86-imake 55180740Sdes 56180740Sdes# %{use_stable}==1: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable 57180740Sdes# %{use_stable}==0: :pserver:cvs@bass.directhit.com:/cvs/openssh_cvs 58180740SdesSource0: see-above:/.../openssh-%{version}.tar.gz 59180740Sdes%if %{use_stable} 60218767SdesSource1: see-above:/.../openssh-%{version}.tar.gz.asc 61180740Sdes%endif 62180740SdesSource2: http://www.jmknoble.net/software/%{xsa}/%{askpass}.tar.gz 63180740SdesSource3: http://www.openssh.com/faq.html 64180740Sdes 65180740Sdes%Package server 66180740SdesGroup : System/Network 67180740SdesRequires : openssh = %{version} 68180740SdesObsoletes : ssh-server 69180740Sdes 70180740SdesSummary : OpenSSH Secure Shell protocol server (sshd). 71180740SdesSummary(de) : OpenSSH Secure Shell Protocol-Server (sshd). 72180740SdesSummary(es) : Servidor del protocolo OpenSSH Secure Shell (sshd). 73180740SdesSummary(fr) : Serveur de protocole du shell s�curis� OpenSSH (sshd). 74180740SdesSummary(it) : Server OpenSSH per il protocollo Secure Shell (sshd). 75180740SdesSummary(pt) : Servidor do protocolo 'Secure Shell' OpenSSH (sshd). 76180740SdesSummary(pt_BR) : Servidor do protocolo Secure Shell OpenSSH (sshd). 77180740Sdes 78180740Sdes 79180740Sdes%Package askpass 80180740SdesGroup : System/Network 81180740SdesRequires : openssh = %{version} 82180740SdesURL : http://www.jmknoble.net/software/x11-ssh-askpass/ 83180740SdesObsoletes : ssh-extras 84180740Sdes 85180740SdesSummary : OpenSSH X11 pass-phrase dialog. 86180740SdesSummary(de) : OpenSSH X11 Passwort-Dialog. 87180740SdesSummary(es) : Aplicaci�n de petici�n de frase clave OpenSSH X11. 88180740SdesSummary(fr) : Dialogue pass-phrase X11 d'OpenSSH. 89180740SdesSummary(it) : Finestra di dialogo X11 per la frase segreta di OpenSSH. 90180740SdesSummary(pt) : Di�logo de pedido de senha para X11 do OpenSSH. 91180740SdesSummary(pt_BR) : Di�logo de pedido de senha para X11 do OpenSSH. 92180740Sdes 93180740Sdes 94180740Sdes%Description 95180740SdesOpenSSH (Secure Shell) provides access to a remote system. It replaces 96180740Sdestelnet, rlogin, rexec, and rsh, and provides secure encrypted 97180740Sdescommunications between two untrusted hosts over an insecure network. 98180740SdesX11 connections and arbitrary TCP/IP ports can also be forwarded over 99180740Sdesthe secure channel. 100180740Sdes 101180740Sdes%Description -l de 102180740SdesOpenSSH (Secure Shell) stellt den Zugang zu anderen Rechnern her. Es ersetzt 103180740Sdestelnet, rlogin, rexec und rsh und stellt eine sichere, verschl�sselte 104180740SdesVerbindung zwischen zwei nicht vertrauensw�rdigen Hosts �ber eine unsicheres 105180740SdesNetzwerk her. X11 Verbindungen und beliebige andere TCP/IP Ports k�nnen ebenso 106180740Sdes�ber den sicheren Channel weitergeleitet werden. 107180740Sdes 108180740Sdes%Description -l es 109180740SdesOpenSSH (Secure Shell) proporciona acceso a sistemas remotos. Reemplaza a 110180740Sdestelnet, rlogin, rexec, y rsh, y proporciona comunicaciones seguras encriptadas 111180740Sdesentre dos equipos entre los que no se ha establecido confianza a trav�s de una 112180740Sdesred insegura. Las conexiones X11 y puertos TCP/IP arbitrarios tambi�n pueden 113180740Sdesser canalizadas sobre el canal seguro. 114180740Sdes 115180740Sdes%Description -l fr 116180740SdesOpenSSH (Secure Shell) fournit un acc�s � un syst�me distant. Il remplace 117180740Sdestelnet, rlogin, rexec et rsh, tout en assurant des communications crypt�es 118180740Sdessecuris�es entre deux h�tes non fiabilis�s sur un r�seau non s�curis�. Des 119180740Sdesconnexions X11 et des ports TCP/IP arbitraires peuvent �galement �tre 120180740Sdestransmis sur le canal s�curis�. 121180740Sdes 122180740Sdes%Description -l it 123180740SdesOpenSSH (Secure Shell) fornisce l'accesso ad un sistema remoto. 124180740SdesSostituisce telnet, rlogin, rexec, e rsh, e fornisce comunicazioni sicure 125180740Sdese crittate tra due host non fidati su una rete non sicura. Le connessioni 126180740SdesX11 ad una porta TCP/IP arbitraria possono essere inoltrate attraverso 127180740Sdesun canale sicuro. 128180740Sdes 129180740Sdes%Description -l pt 130180740SdesOpenSSH (Secure Shell) fornece acesso a um sistema remoto. Substitui o 131180740Sdestelnet, rlogin, rexec, e o rsh e fornece comunica��es seguras e cifradas 132180740Sdesentre duas m�quinas sem confian�a m�tua sobre uma rede insegura. 133180740SdesLiga��es X11 e portos TCP/IP arbitr�rios tamb�m poder ser reenviados 134180740Sdespelo canal seguro. 135180740Sdes 136180740Sdes%Description -l pt_BR 137180740SdesO OpenSSH (Secure Shell) fornece acesso a um sistema remoto. Substitui o 138180740Sdestelnet, rlogin, rexec, e o rsh e fornece comunica��es seguras e criptografadas 139180740Sdesentre duas m�quinas sem confian�a m�tua sobre uma rede insegura. 140180740SdesLiga��es X11 e portas TCP/IP arbitr�rias tamb�m podem ser reenviadas 141180740Sdespelo canal seguro. 142180740Sdes 143180740Sdes%Description server 144180740SdesThis package installs the sshd, the server portion of OpenSSH. 145180740Sdes 146180740Sdes%Description -l de server 147180740SdesDieses Paket installiert den sshd, den Server-Teil der OpenSSH. 148180740Sdes 149180740Sdes%Description -l es server 150180740SdesEste paquete instala sshd, la parte servidor de OpenSSH. 151180740Sdes 152180740Sdes%Description -l fr server 153180740SdesCe paquetage installe le 'sshd', partie serveur de OpenSSH. 154180740Sdes 155180740Sdes%Description -l it server 156180740SdesQuesto pacchetto installa sshd, il server di OpenSSH. 157180740Sdes 158180740Sdes%Description -l pt server 159180740SdesEste pacote intala o sshd, o servidor do OpenSSH. 160180740Sdes 161180740Sdes%Description -l pt_BR server 162180740SdesEste pacote intala o sshd, o servidor do OpenSSH. 163180740Sdes 164180740Sdes%Description askpass 165180740SdesThis package contains an X11-based pass-phrase dialog used per 166180740Sdesdefault by ssh-add(1). It is based on %{askpass} 167180740Sdesby Jim Knoble <jmknoble@pobox.com>. 168180740Sdes 169180740Sdes 170180740Sdes%Prep 171180740Sdes%setup %([ -z "%{cvs}" ] || echo "-n %{name}_cvs") -a2 172180740Sdes%if ! %{use_stable} 173180740Sdes autoreconf 174180740Sdes%endif 175180740Sdes 176180740Sdes 177180740Sdes%Build 178180740SdesCFLAGS="$RPM_OPT_FLAGS" \ 179180740Sdes%configure \ 180180740Sdes --with-pam \ 181180740Sdes --with-tcp-wrappers \ 182180740Sdes --with-privsep-path=%{_var}/empty/sshd \ 183180740Sdes #leave this line for easy edits. 184180740Sdes 185218767Sdes%__make 186180740Sdes 187180740Sdescd %{askpass} 188180740Sdes%configure \ 189180740Sdes #leave this line for easy edits. 190180740Sdes 191180740Sdesxmkmf 192180740Sdes%__make includes 193180740Sdes%__make 194180740Sdes 195180740Sdes 196180740Sdes%Install 197180740Sdes[ %{buildroot} != "/" ] && rm -rf %{buildroot} 198180740Sdes 199180740Sdesmake install DESTDIR=%{buildroot} 200180740Sdes%makeinstall -C %{askpass} \ 201180740Sdes BINDIR=%{_libexecdir} \ 202180740Sdes MANPATH=%{_mandir} \ 203180740Sdes DESTDIR=%{buildroot} 204180740Sdes 205180740Sdes# OpenLinux specific configuration 206180740Sdesmkdir -p %{buildroot}{/etc/pam.d,%{SVIcdir},%{SVIdir}} 207180740Sdesmkdir -p %{buildroot}%{_var}/empty/sshd 208180740Sdes 209180740Sdes# enabling X11 forwarding on the server is convenient and okay, 210180740Sdes# on the client side it's a potential security risk! 211180740Sdes%__perl -pi -e 's:#X11Forwarding no:X11Forwarding yes:g' \ 212180740Sdes %{buildroot}%{_sysconfdir}/sshd_config 213180740Sdes 214180740Sdes%if %{no_root_login} 215180740Sdes%__perl -pi -e 's:#PermitRootLogin yes:PermitRootLogin no:g' \ 216180740Sdes %{buildroot}%{_sysconfdir}/sshd_config 217180740Sdes%endif 218180740Sdes 219180740Sdesinstall -m644 contrib/caldera/sshd.pam %{buildroot}/etc/pam.d/sshd 220180740Sdes# FIXME: disabled, find out why this doesn't work with nis 221180740Sdes%__perl -pi -e 's:(.*pam_limits.*):#$1:' \ 222180740Sdes %{buildroot}/etc/pam.d/sshd 223180740Sdes 224180740Sdesinstall -m 0755 contrib/caldera/sshd.init %{buildroot}%{SVIdir}/sshd 225180740Sdes 226180740Sdes# the last one is needless, but more future-proof 227180740Sdesfind %{buildroot}%{SVIdir} -type f -exec \ 228180740Sdes %__perl -pi -e 's:\@SVIdir\@:%{SVIdir}:g;\ 229180740Sdes s:\@sysconfdir\@:%{_sysconfdir}:g; \ 230180740Sdes s:/usr/sbin:%{_sbindir}:g'\ 231180740Sdes \{\} \; 232180740Sdes 233180740Sdescat <<-EoD > %{buildroot}%{SVIcdir}/sshd 234180740Sdes IDENT=sshd 235180740Sdes DESCRIPTIVE="OpenSSH secure shell daemon" 236180740Sdes # This service will be marked as 'skipped' on boot if there 237180740Sdes # is no host key. Use ssh-host-keygen to generate one 238180740Sdes ONBOOT="yes" 239180740Sdes OPTIONS="" 240180740SdesEoD 241180740Sdes 242180740SdesSKG=%{buildroot}%{_sbindir}/ssh-host-keygen 243180740Sdesinstall -m 0755 contrib/caldera/ssh-host-keygen $SKG 244180740Sdes# Fix up some path names in the keygen toy^Hol 245180740Sdes %__perl -pi -e 's:\@sysconfdir\@:%{_sysconfdir}:g; \ 246180740Sdes s:\@sshkeygen\@:%{_bindir}/ssh-keygen:g' \ 247180740Sdes %{buildroot}%{_sbindir}/ssh-host-keygen 248180740Sdes 249180740Sdes# This looks terrible. Expect it to change. 250180740Sdes# install remaining docs 251180740SdesDocD="%{buildroot}%{_defaultdocdir}/%{name}-%{version}" 252180740Sdesmkdir -p $DocD/%{askpass} 253189006Sdescp -a CREDITS ChangeLog LICENCE OVERVIEW README* TODO PROTOCOL* $DocD 254180740Sdesinstall -p -m 0444 %{SOURCE3} $DocD/faq.html 255180740Sdescp -a %{askpass}/{README,ChangeLog,TODO,SshAskpass*.ad} $DocD/%{askpass} 256180740Sdes%if %{use_stable} 257180740Sdes cp -p %{askpass}/%{xsa}.man $DocD/%{askpass}/%{xsa}.1 258180740Sdes%else 259180740Sdes cp -p %{askpass}/%{xsa}.man %{buildroot}%{_mandir}man1/%{xsa}.1 260180740Sdes ln -s %{xsa}.1 %{buildroot}%{_mandir}man1/ssh-askpass.1 261180740Sdes%endif 262180740Sdes 263180740Sdesfind %{buildroot}%{_mandir} -type f -not -name '*.gz' -print0 | xargs -0r %__gzip -9nf 264180740Sdesrm %{buildroot}%{_mandir}/man1/slogin.1 && \ 265180740Sdes ln -s %{_mandir}/man1/ssh.1.gz \ 266180740Sdes %{buildroot}%{_mandir}/man1/slogin.1.gz 267180740Sdes 268180740Sdes 269180740Sdes%Clean 270180740Sdes#%{rmDESTDIR} 271180740Sdes[ %{buildroot} != "/" ] && rm -rf %{buildroot} 272180740Sdes 273180740Sdes%Post 274180740Sdes# Generate host key when none is present to get up and running, 275180740Sdes# both client and server require this for host-based auth! 276180740Sdes# ssh-host-keygen checks for existing keys. 277180740Sdes/usr/sbin/ssh-host-keygen 278180740Sdes: # to protect the rpm database 279180740Sdes 280180740Sdes%pre server 281180740Sdes%{_sbindir}/groupadd -g %{sshd_gid} sshd 2>/dev/null || : 282180740Sdes%{_sbindir}/useradd -d /var/empty/sshd -s /bin/false -u %{sshd_uid} \ 283180740Sdes -c "SSH Daemon virtual user" -g sshd sshd 2>/dev/null || : 284180740Sdes: # to protect the rpm database 285180740Sdes 286180740Sdes%Post server 287180740Sdesif [ -x %{LSBinit}-install ]; then 288180740Sdes %{LSBinit}-install sshd 289180740Sdeselse 290180740Sdes lisa --SysV-init install sshd S55 2:3:4:5 K45 0:1:6 291180740Sdesfi 292180740Sdes 293180740Sdes! %{SVIdir}/sshd status || %{SVIdir}/sshd restart 294180740Sdes: # to protect the rpm database 295180740Sdes 296180740Sdes 297180740Sdes%PreUn server 298180740Sdes[ "$1" = 0 ] || exit 0 299180740Sdes! %{SVIdir}/sshd status || %{SVIdir}/sshd stop 300180740Sdesif [ -x %{LSBinit}-remove ]; then 301180740Sdes %{LSBinit}-remove sshd 302180740Sdeselse 303180740Sdes lisa --SysV-init remove sshd $1 304180740Sdesfi 305180740Sdes: # to protect the rpm database 306180740Sdes 307180740Sdes%Files 308180740Sdes%defattr(-,root,root) 309180740Sdes%dir %{_sysconfdir} 310180740Sdes%config %{_sysconfdir}/ssh_config 311180740Sdes%{_bindir}/scp 312180740Sdes%{_bindir}/sftp 313180740Sdes%{_bindir}/ssh 314180740Sdes%{_bindir}/slogin 315180740Sdes%{_bindir}/ssh-add 316180740Sdes%attr(2755,root,nobody) %{_bindir}/ssh-agent 317180740Sdes%{_bindir}/ssh-keygen 318180740Sdes%{_bindir}/ssh-keyscan 319180740Sdes%dir %{_libexecdir} 320180740Sdes%attr(4711,root,root) %{_libexecdir}/ssh-keysign 321204861Sdes%{_libexecdir}/ssh-pkcs11-helper 322180740Sdes%{_sbindir}/ssh-host-keygen 323180740Sdes%dir %{_defaultdocdir}/%{name}-%{version} 324180740Sdes%{_defaultdocdir}/%{name}-%{version}/CREDITS 325180740Sdes%{_defaultdocdir}/%{name}-%{version}/ChangeLog 326180740Sdes%{_defaultdocdir}/%{name}-%{version}/LICENCE 327180740Sdes%{_defaultdocdir}/%{name}-%{version}/OVERVIEW 328180740Sdes%{_defaultdocdir}/%{name}-%{version}/README* 329180740Sdes%{_defaultdocdir}/%{name}-%{version}/TODO 330180740Sdes%{_defaultdocdir}/%{name}-%{version}/faq.html 331180740Sdes%{_mandir}/man1/* 332180740Sdes%{_mandir}/man8/ssh-keysign.8.gz 333204861Sdes%{_mandir}/man8/ssh-pkcs11-helper.8.gz 334180740Sdes%{_mandir}/man5/ssh_config.5.gz 335180740Sdes 336180740Sdes%Files server 337180740Sdes%defattr(-,root,root) 338180740Sdes%dir %{_var}/empty/sshd 339180740Sdes%config %{SVIdir}/sshd 340180740Sdes%config /etc/pam.d/sshd 341180740Sdes%config %{_sysconfdir}/moduli 342180740Sdes%config %{_sysconfdir}/sshd_config 343180740Sdes%config %{SVIcdir}/sshd 344180740Sdes%{_libexecdir}/sftp-server 345180740Sdes%{_sbindir}/sshd 346180750Sdes%{_mandir}/man5/moduli.5.gz 347180740Sdes%{_mandir}/man5/sshd_config.5.gz 348180740Sdes%{_mandir}/man8/sftp-server.8.gz 349180740Sdes%{_mandir}/man8/sshd.8.gz 350180740Sdes 351180740Sdes%Files askpass 352180740Sdes%defattr(-,root,root) 353180740Sdes%{_libexecdir}/ssh-askpass 354180740Sdes%{_libexecdir}/x11-ssh-askpass 355180740Sdes%{_defaultdocdir}/%{name}-%{version}/%{askpass} 356180740Sdes 357180740Sdes 358180740Sdes%ChangeLog 359218767Sdes* Tue Jan 18 2011 Tim Rice <tim@multitalents.net> 360218767Sdes- Use CFLAGS from Makefile instead of RPM so build completes. 361218767Sdes- Signatures were changed to .asc since 4.1p1. 362218767Sdes 363180740Sdes* Mon Jan 01 1998 ... 364180740SdesTemplate Version: 1.31 365180740Sdes 366264377Sdes$Id: openssh.spec,v 1.83 2014/02/27 23:03:55 djm Exp $ 367