1180740Sdes# Default values for additional components
2180740Sdes%define build_x11_askpass	1
3180740Sdes
4180740Sdes# Define the UID/GID to use for privilege separation
5180740Sdes%define sshd_gid	65
6180740Sdes%define sshd_uid	71
7180740Sdes
8180740Sdes# The version of x11-ssh-askpass to use
9180740Sdes%define xversion	1.2.4.1
10180740Sdes
11180740Sdes# Allow the ability to override defaults with -D skip_xxx=1
12180740Sdes%{?skip_x11_askpass:%define build_x11_askpass 0}
13180740Sdes
14180740SdesSummary:	OpenSSH, a free Secure Shell (SSH) protocol implementation
15180740SdesName:		openssh
16296633SdesVersion:	7.2p2
17180740SdesURL:		http://www.openssh.com/
18180740SdesRelease:	1
19180740SdesSource0:	openssh-%{version}.tar.gz
20180740SdesSource1:	x11-ssh-askpass-%{xversion}.tar.gz
21180740SdesLicense:	BSD
22180740SdesGroup:		Productivity/Networking/SSH
23180740SdesBuildRoot:	%{_tmppath}/openssh-%{version}-buildroot
24180740SdesPreReq:		openssl
25180740SdesObsoletes:	ssh
26180740SdesProvides:	ssh
27180740Sdes#
28180740Sdes# (Build[ing] Prereq[uisites] only work for RPM 2.95 and newer.)
29180740Sdes# building prerequisites -- stuff for
30180740Sdes#   OpenSSL (openssl-devel),
31180740Sdes#   and Gnome (glibdev, gtkdev, and gnlibsd)
32180740Sdes#
33180740SdesBuildPrereq:	openssl
34225825SdesBuildPrereq:	zlib-devel
35180740Sdes#BuildPrereq:	glibdev
36180740Sdes#BuildPrereq:	gtkdev
37180740Sdes#BuildPrereq:	gnlibsd
38180740Sdes
39180740Sdes%package	askpass
40180740SdesSummary:	A passphrase dialog for OpenSSH and the X window System.
41180740SdesGroup:		Productivity/Networking/SSH
42180740SdesRequires:	openssh = %{version}
43180740SdesObsoletes:	ssh-extras
44180740SdesProvides:	openssh:${_libdir}/ssh/ssh-askpass
45180740Sdes
46180740Sdes%if %{build_x11_askpass}
47180740SdesBuildPrereq:	XFree86-devel
48180740Sdes%endif
49180740Sdes
50180740Sdes%description
51180740SdesSsh (Secure Shell) is a program for logging into a remote machine and for
52180740Sdesexecuting commands in a remote machine.  It is intended to replace
53180740Sdesrlogin and rsh, and provide secure encrypted communications between
54180740Sdestwo untrusted hosts over an insecure network.  X11 connections and
55180740Sdesarbitrary TCP/IP ports can also be forwarded over the secure channel.
56180740Sdes
57180740SdesOpenSSH is OpenBSD's rework of the last free version of SSH, bringing it
58180740Sdesup to date in terms of security and features, as well as removing all
59180740Sdespatented algorithms to seperate libraries (OpenSSL).
60180740Sdes
61180740SdesThis package includes all files necessary for both the OpenSSH
62180740Sdesclient and server.
63180740Sdes
64180740Sdes%description askpass
65180740SdesSsh (Secure Shell) is a program for logging into a remote machine and for
66180740Sdesexecuting commands in a remote machine.  It is intended to replace
67180740Sdesrlogin and rsh, and provide secure encrypted communications between
68180740Sdestwo untrusted hosts over an insecure network.  X11 connections and
69180740Sdesarbitrary TCP/IP ports can also be forwarded over the secure channel.
70180740Sdes
71180740SdesOpenSSH is OpenBSD's rework of the last free version of SSH, bringing it
72180740Sdesup to date in terms of security and features, as well as removing all
73180740Sdespatented algorithms to seperate libraries (OpenSSL).
74180740Sdes
75180740SdesThis package contains an X Window System passphrase dialog for OpenSSH.
76180740Sdes
77180740Sdes%changelog
78180740Sdes* Wed Oct 26 2005 Iain Morgan <imorgan@nas.nasa.gov>
79180740Sdes- Removed accidental inclusion of --without-zlib-version-check
80180740Sdes* Tue Oct 25 2005 Iain Morgan <imorgan@nas.nasa.gov>
81180740Sdes- Overhaul to deal with newer versions of SuSE and OpenSSH
82180740Sdes* Mon Jun 12 2000 Damien Miller <djm@mindrot.org>
83180740Sdes- Glob manpages to catch compressed files
84180740Sdes* Wed Mar 15 2000 Damien Miller <djm@ibs.com.au>
85180740Sdes- Updated for new location
86180740Sdes- Updated for new gnome-ssh-askpass build
87180740Sdes* Sun Dec 26 1999 Chris Saia <csaia@wtower.com>
88180740Sdes- Made symlink to gnome-ssh-askpass called ssh-askpass
89180740Sdes* Wed Nov 24 1999 Chris Saia <csaia@wtower.com>
90180740Sdes- Removed patches that included /etc/pam.d/sshd, /sbin/init.d/rc.sshd, and
91180740Sdes  /var/adm/fillup-templates/rc.config.sshd, since Damien merged these into
92180740Sdes  his released tarfile
93180740Sdes- Changed permissions on ssh_config in the install procedure to 644 from 600
94180740Sdes  even though it was correct in the %files section and thus right in the RPMs
95180740Sdes- Postinstall script for the server now only prints "Generating SSH host
96180740Sdes  key..." if we need to actually do this, in order to eliminate a confusing
97180740Sdes  message if an SSH host key is already in place
98180740Sdes- Marked all manual pages as %doc(umentation)
99180740Sdes* Mon Nov 22 1999 Chris Saia <csaia@wtower.com>
100180740Sdes- Added flag to configure daemon with TCP Wrappers support
101180740Sdes- Added building prerequisites (works in RPM 3.0 and newer)
102180740Sdes* Thu Nov 18 1999 Chris Saia <csaia@wtower.com>
103180740Sdes- Made this package correct for SuSE.
104180740Sdes- Changed instances of pam_pwdb.so to pam_unix.so, since it works more properly
105180740Sdes  with SuSE, and lib_pwdb.so isn't installed by default.
106180740Sdes* Mon Nov 15 1999 Damien Miller <djm@mindrot.org>
107180740Sdes- Split subpackages further based on patch from jim knoble <jmknoble@pobox.com>
108180740Sdes* Sat Nov 13 1999 Damien Miller <djm@mindrot.org>
109180740Sdes- Added 'Obsoletes' directives
110180740Sdes* Tue Nov 09 1999 Damien Miller <djm@ibs.com.au>
111180740Sdes- Use make install
112180740Sdes- Subpackages
113180740Sdes* Mon Nov 08 1999 Damien Miller <djm@ibs.com.au>
114180740Sdes- Added links for slogin
115180740Sdes- Fixed perms on manpages
116180740Sdes* Sat Oct 30 1999 Damien Miller <djm@ibs.com.au>
117180740Sdes- Renamed init script
118180740Sdes* Fri Oct 29 1999 Damien Miller <djm@ibs.com.au>
119180740Sdes- Back to old binary names
120180740Sdes* Thu Oct 28 1999 Damien Miller <djm@ibs.com.au>
121180740Sdes- Use autoconf
122180740Sdes- New binary names
123180740Sdes* Wed Oct 27 1999 Damien Miller <djm@ibs.com.au>
124180740Sdes- Initial RPMification, based on Jan "Yenya" Kasprzak's <kas@fi.muni.cz> spec.
125180740Sdes
126180740Sdes%prep
127180740Sdes
128180740Sdes%if %{build_x11_askpass}
129180740Sdes%setup -q -a 1
130180740Sdes%else
131180740Sdes%setup -q
132180740Sdes%endif
133180740Sdes
134180740Sdes%build
135180740SdesCFLAGS="$RPM_OPT_FLAGS" \
136180740Sdes%configure	--prefix=/usr \
137180740Sdes		--sysconfdir=%{_sysconfdir}/ssh \
138180740Sdes		--mandir=%{_mandir} \
139180740Sdes		--with-privsep-path=/var/lib/empty \
140180740Sdes		--with-pam \
141180740Sdes		--libexecdir=%{_libdir}/ssh
142180740Sdesmake
143180740Sdes
144180740Sdes%if %{build_x11_askpass}
145180740Sdescd x11-ssh-askpass-%{xversion}
146180740Sdes%configure	--mandir=/usr/X11R6/man \
147180740Sdes		--libexecdir=%{_libdir}/ssh
148180740Sdesxmkmf -a
149180740Sdesmake
150180740Sdescd ..
151180740Sdes%endif
152180740Sdes
153180740Sdes%install
154180740Sdesrm -rf $RPM_BUILD_ROOT
155180740Sdesmake install DESTDIR=$RPM_BUILD_ROOT/
156180740Sdesinstall -d $RPM_BUILD_ROOT/etc/pam.d/
157180740Sdesinstall -d $RPM_BUILD_ROOT/etc/init.d/
158180740Sdesinstall -d $RPM_BUILD_ROOT/var/adm/fillup-templates
159180740Sdesinstall -m644 contrib/sshd.pam.generic $RPM_BUILD_ROOT/etc/pam.d/sshd
160180740Sdesinstall -m744 contrib/suse/rc.sshd $RPM_BUILD_ROOT/etc/init.d/sshd
161180740Sdesinstall -m744 contrib/suse/sysconfig.ssh \
162180740Sdes   $RPM_BUILD_ROOT/var/adm/fillup-templates
163180740Sdes
164180740Sdes%if %{build_x11_askpass}
165180740Sdescd x11-ssh-askpass-%{xversion}
166180740Sdesmake install install.man BINDIR=%{_libdir}/ssh DESTDIR=$RPM_BUILD_ROOT/
167180740Sdesrm -f $RPM_BUILD_ROOT/usr/share/Ssh.bin
168180740Sdes%endif
169180740Sdes
170180740Sdes%clean
171180740Sdesrm -rf $RPM_BUILD_ROOT
172180740Sdes
173180740Sdes%pre
174180740Sdes/usr/sbin/groupadd -g %{sshd_gid} -o -r sshd 2> /dev/null || :
175180740Sdes/usr/sbin/useradd -r -o -g sshd -u %{sshd_uid} -s /bin/false -c "SSH Privilege Separation User" -d /var/lib/sshd sshd 2> /dev/null || :
176180740Sdes
177180740Sdes%post
178225825Sdes/usr/bin/ssh-keygen -A
179225825Sdes%{fillup_and_insserv -n -y ssh sshd}
180180740Sdes%run_permissions
181180740Sdes
182180740Sdes%verifyscript
183180740Sdes%verify_permissions -e /etc/ssh/sshd_config -e /etc/ssh/ssh_config -e /usr/bin/ssh
184180740Sdes
185180740Sdes%preun
186180740Sdes%stop_on_removal sshd
187180740Sdes
188180740Sdes%postun
189180740Sdes%restart_on_update sshd
190180740Sdes%{insserv_cleanup}
191180740Sdes
192180740Sdes%files
193180740Sdes%defattr(-,root,root)
194189006Sdes%doc ChangeLog OVERVIEW README* PROTOCOL*
195180750Sdes%doc TODO CREDITS LICENCE
196180740Sdes%attr(0755,root,root) %dir %{_sysconfdir}/ssh
197180740Sdes%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/ssh/ssh_config
198180740Sdes%attr(0600,root,root) %config(noreplace) %{_sysconfdir}/ssh/sshd_config
199180740Sdes%attr(0600,root,root) %config(noreplace) %{_sysconfdir}/ssh/moduli
200180740Sdes%attr(0644,root,root) %config(noreplace) /etc/pam.d/sshd
201180740Sdes%attr(0755,root,root) %config /etc/init.d/sshd
202180740Sdes%attr(0755,root,root) %{_bindir}/ssh-keygen
203180740Sdes%attr(0755,root,root) %{_bindir}/scp
204180740Sdes%attr(0755,root,root) %{_bindir}/ssh
205180740Sdes%attr(-,root,root) %{_bindir}/slogin
206180740Sdes%attr(0755,root,root) %{_bindir}/ssh-agent
207180740Sdes%attr(0755,root,root) %{_bindir}/ssh-add
208180740Sdes%attr(0755,root,root) %{_bindir}/ssh-keyscan
209180740Sdes%attr(0755,root,root) %{_bindir}/sftp
210180740Sdes%attr(0755,root,root) %{_sbindir}/sshd
211180740Sdes%attr(0755,root,root) %dir %{_libdir}/ssh
212180740Sdes%attr(0755,root,root) %{_libdir}/ssh/sftp-server
213180740Sdes%attr(4711,root,root) %{_libdir}/ssh/ssh-keysign
214204861Sdes%attr(0755,root,root) %{_libdir}/ssh/ssh-pkcs11-helper
215180740Sdes%attr(0644,root,root) %doc %{_mandir}/man1/scp.1*
216180740Sdes%attr(0644,root,root) %doc %{_mandir}/man1/sftp.1*
217180740Sdes%attr(-,root,root) %doc %{_mandir}/man1/slogin.1*
218180740Sdes%attr(0644,root,root) %doc %{_mandir}/man1/ssh.1*
219180740Sdes%attr(0644,root,root) %doc %{_mandir}/man1/ssh-add.1*
220180740Sdes%attr(0644,root,root) %doc %{_mandir}/man1/ssh-agent.1*
221180740Sdes%attr(0644,root,root) %doc %{_mandir}/man1/ssh-keygen.1*
222180740Sdes%attr(0644,root,root) %doc %{_mandir}/man1/ssh-keyscan.1*
223180750Sdes%attr(0644,root,root) %doc %{_mandir}/man5/moduli.5*
224180740Sdes%attr(0644,root,root) %doc %{_mandir}/man5/ssh_config.5*
225180740Sdes%attr(0644,root,root) %doc %{_mandir}/man5/sshd_config.5*
226180740Sdes%attr(0644,root,root) %doc %{_mandir}/man8/sftp-server.8*
227180740Sdes%attr(0644,root,root) %doc %{_mandir}/man8/ssh-keysign.8*
228204861Sdes%attr(0644,root,root) %doc %{_mandir}/man8/ssh-pkcs11-helper.8*
229180740Sdes%attr(0644,root,root) %doc %{_mandir}/man8/sshd.8*
230180740Sdes%attr(0644,root,root) /var/adm/fillup-templates/sysconfig.ssh
231180740Sdes
232180740Sdes%if %{build_x11_askpass}
233180740Sdes%files askpass
234180740Sdes%defattr(-,root,root)
235180740Sdes%doc x11-ssh-askpass-%{xversion}/README
236180740Sdes%doc x11-ssh-askpass-%{xversion}/ChangeLog
237180740Sdes%doc x11-ssh-askpass-%{xversion}/SshAskpass*.ad
238180740Sdes%attr(0755,root,root) %{_libdir}/ssh/ssh-askpass
239180740Sdes%attr(0755,root,root) %{_libdir}/ssh/x11-ssh-askpass
240180740Sdes%attr(0644,root,root) %doc /usr/X11R6/man/man1/ssh-askpass.1x*
241180740Sdes%attr(0644,root,root) %doc /usr/X11R6/man/man1/x11-ssh-askpass.1x*
242180740Sdes%attr(0644,root,root) %config /usr/X11R6/lib/X11/app-defaults/SshAskpass
243180740Sdes%endif
244