1180740Sdes# Default values for additional components
2180740Sdes%define build_x11_askpass	1
3180740Sdes
4180740Sdes# Define the UID/GID to use for privilege separation
5180740Sdes%define sshd_gid	65
6180740Sdes%define sshd_uid	71
7180740Sdes
8180740Sdes# The version of x11-ssh-askpass to use
9180740Sdes%define xversion	1.2.4.1
10180740Sdes
11180740Sdes# Allow the ability to override defaults with -D skip_xxx=1
12180740Sdes%{?skip_x11_askpass:%define build_x11_askpass 0}
13180740Sdes
14180740SdesSummary:	OpenSSH, a free Secure Shell (SSH) protocol implementation
15180740SdesName:		openssh
16263970SdesVersion:	6.6p1
17180740SdesURL:		http://www.openssh.com/
18180740SdesRelease:	1
19180740SdesSource0:	openssh-%{version}.tar.gz
20180740SdesSource1:	x11-ssh-askpass-%{xversion}.tar.gz
21180740SdesLicense:	BSD
22180740SdesGroup:		Productivity/Networking/SSH
23180740SdesBuildRoot:	%{_tmppath}/openssh-%{version}-buildroot
24180740SdesPreReq:		openssl
25180740SdesObsoletes:	ssh
26180740SdesProvides:	ssh
27180740Sdes#
28180740Sdes# (Build[ing] Prereq[uisites] only work for RPM 2.95 and newer.)
29180740Sdes# building prerequisites -- stuff for
30180740Sdes#   OpenSSL (openssl-devel),
31225825Sdes#   TCP Wrappers (tcpd-devel),
32180740Sdes#   and Gnome (glibdev, gtkdev, and gnlibsd)
33180740Sdes#
34180740SdesBuildPrereq:	openssl
35225825SdesBuildPrereq:	tcpd-devel
36225825SdesBuildPrereq:	zlib-devel
37180740Sdes#BuildPrereq:	glibdev
38180740Sdes#BuildPrereq:	gtkdev
39180740Sdes#BuildPrereq:	gnlibsd
40180740Sdes
41180740Sdes%package	askpass
42180740SdesSummary:	A passphrase dialog for OpenSSH and the X window System.
43180740SdesGroup:		Productivity/Networking/SSH
44180740SdesRequires:	openssh = %{version}
45180740SdesObsoletes:	ssh-extras
46180740SdesProvides:	openssh:${_libdir}/ssh/ssh-askpass
47180740Sdes
48180740Sdes%if %{build_x11_askpass}
49180740SdesBuildPrereq:	XFree86-devel
50180740Sdes%endif
51180740Sdes
52180740Sdes%description
53180740SdesSsh (Secure Shell) is a program for logging into a remote machine and for
54180740Sdesexecuting commands in a remote machine.  It is intended to replace
55180740Sdesrlogin and rsh, and provide secure encrypted communications between
56180740Sdestwo untrusted hosts over an insecure network.  X11 connections and
57180740Sdesarbitrary TCP/IP ports can also be forwarded over the secure channel.
58180740Sdes
59180740SdesOpenSSH is OpenBSD's rework of the last free version of SSH, bringing it
60180740Sdesup to date in terms of security and features, as well as removing all
61180740Sdespatented algorithms to seperate libraries (OpenSSL).
62180740Sdes
63180740SdesThis package includes all files necessary for both the OpenSSH
64180740Sdesclient and server.
65180740Sdes
66180740Sdes%description askpass
67180740SdesSsh (Secure Shell) is a program for logging into a remote machine and for
68180740Sdesexecuting commands in a remote machine.  It is intended to replace
69180740Sdesrlogin and rsh, and provide secure encrypted communications between
70180740Sdestwo untrusted hosts over an insecure network.  X11 connections and
71180740Sdesarbitrary TCP/IP ports can also be forwarded over the secure channel.
72180740Sdes
73180740SdesOpenSSH is OpenBSD's rework of the last free version of SSH, bringing it
74180740Sdesup to date in terms of security and features, as well as removing all
75180740Sdespatented algorithms to seperate libraries (OpenSSL).
76180740Sdes
77180740SdesThis package contains an X Window System passphrase dialog for OpenSSH.
78180740Sdes
79180740Sdes%changelog
80180740Sdes* Wed Oct 26 2005 Iain Morgan <imorgan@nas.nasa.gov>
81180740Sdes- Removed accidental inclusion of --without-zlib-version-check
82180740Sdes* Tue Oct 25 2005 Iain Morgan <imorgan@nas.nasa.gov>
83180740Sdes- Overhaul to deal with newer versions of SuSE and OpenSSH
84180740Sdes* Mon Jun 12 2000 Damien Miller <djm@mindrot.org>
85180740Sdes- Glob manpages to catch compressed files
86180740Sdes* Wed Mar 15 2000 Damien Miller <djm@ibs.com.au>
87180740Sdes- Updated for new location
88180740Sdes- Updated for new gnome-ssh-askpass build
89180740Sdes* Sun Dec 26 1999 Chris Saia <csaia@wtower.com>
90180740Sdes- Made symlink to gnome-ssh-askpass called ssh-askpass
91180740Sdes* Wed Nov 24 1999 Chris Saia <csaia@wtower.com>
92180740Sdes- Removed patches that included /etc/pam.d/sshd, /sbin/init.d/rc.sshd, and
93180740Sdes  /var/adm/fillup-templates/rc.config.sshd, since Damien merged these into
94180740Sdes  his released tarfile
95180740Sdes- Changed permissions on ssh_config in the install procedure to 644 from 600
96180740Sdes  even though it was correct in the %files section and thus right in the RPMs
97180740Sdes- Postinstall script for the server now only prints "Generating SSH host
98180740Sdes  key..." if we need to actually do this, in order to eliminate a confusing
99180740Sdes  message if an SSH host key is already in place
100180740Sdes- Marked all manual pages as %doc(umentation)
101180740Sdes* Mon Nov 22 1999 Chris Saia <csaia@wtower.com>
102180740Sdes- Added flag to configure daemon with TCP Wrappers support
103180740Sdes- Added building prerequisites (works in RPM 3.0 and newer)
104180740Sdes* Thu Nov 18 1999 Chris Saia <csaia@wtower.com>
105180740Sdes- Made this package correct for SuSE.
106180740Sdes- Changed instances of pam_pwdb.so to pam_unix.so, since it works more properly
107180740Sdes  with SuSE, and lib_pwdb.so isn't installed by default.
108180740Sdes* Mon Nov 15 1999 Damien Miller <djm@mindrot.org>
109180740Sdes- Split subpackages further based on patch from jim knoble <jmknoble@pobox.com>
110180740Sdes* Sat Nov 13 1999 Damien Miller <djm@mindrot.org>
111180740Sdes- Added 'Obsoletes' directives
112180740Sdes* Tue Nov 09 1999 Damien Miller <djm@ibs.com.au>
113180740Sdes- Use make install
114180740Sdes- Subpackages
115180740Sdes* Mon Nov 08 1999 Damien Miller <djm@ibs.com.au>
116180740Sdes- Added links for slogin
117180740Sdes- Fixed perms on manpages
118180740Sdes* Sat Oct 30 1999 Damien Miller <djm@ibs.com.au>
119180740Sdes- Renamed init script
120180740Sdes* Fri Oct 29 1999 Damien Miller <djm@ibs.com.au>
121180740Sdes- Back to old binary names
122180740Sdes* Thu Oct 28 1999 Damien Miller <djm@ibs.com.au>
123180740Sdes- Use autoconf
124180740Sdes- New binary names
125180740Sdes* Wed Oct 27 1999 Damien Miller <djm@ibs.com.au>
126180740Sdes- Initial RPMification, based on Jan "Yenya" Kasprzak's <kas@fi.muni.cz> spec.
127180740Sdes
128180740Sdes%prep
129180740Sdes
130180740Sdes%if %{build_x11_askpass}
131180740Sdes%setup -q -a 1
132180740Sdes%else
133180740Sdes%setup -q
134180740Sdes%endif
135180740Sdes
136180740Sdes%build
137180740SdesCFLAGS="$RPM_OPT_FLAGS" \
138180740Sdes%configure	--prefix=/usr \
139180740Sdes		--sysconfdir=%{_sysconfdir}/ssh \
140180740Sdes		--mandir=%{_mandir} \
141180740Sdes		--with-privsep-path=/var/lib/empty \
142180740Sdes		--with-pam \
143180740Sdes		--with-tcp-wrappers \
144180740Sdes		--libexecdir=%{_libdir}/ssh
145180740Sdesmake
146180740Sdes
147180740Sdes%if %{build_x11_askpass}
148180740Sdescd x11-ssh-askpass-%{xversion}
149180740Sdes%configure	--mandir=/usr/X11R6/man \
150180740Sdes		--libexecdir=%{_libdir}/ssh
151180740Sdesxmkmf -a
152180740Sdesmake
153180740Sdescd ..
154180740Sdes%endif
155180740Sdes
156180740Sdes%install
157180740Sdesrm -rf $RPM_BUILD_ROOT
158180740Sdesmake install DESTDIR=$RPM_BUILD_ROOT/
159180740Sdesinstall -d $RPM_BUILD_ROOT/etc/pam.d/
160180740Sdesinstall -d $RPM_BUILD_ROOT/etc/init.d/
161180740Sdesinstall -d $RPM_BUILD_ROOT/var/adm/fillup-templates
162180740Sdesinstall -m644 contrib/sshd.pam.generic $RPM_BUILD_ROOT/etc/pam.d/sshd
163180740Sdesinstall -m744 contrib/suse/rc.sshd $RPM_BUILD_ROOT/etc/init.d/sshd
164180740Sdesinstall -m744 contrib/suse/sysconfig.ssh \
165180740Sdes   $RPM_BUILD_ROOT/var/adm/fillup-templates
166180740Sdes
167180740Sdes%if %{build_x11_askpass}
168180740Sdescd x11-ssh-askpass-%{xversion}
169180740Sdesmake install install.man BINDIR=%{_libdir}/ssh DESTDIR=$RPM_BUILD_ROOT/
170180740Sdesrm -f $RPM_BUILD_ROOT/usr/share/Ssh.bin
171180740Sdes%endif
172180740Sdes
173180740Sdes%clean
174180740Sdesrm -rf $RPM_BUILD_ROOT
175180740Sdes
176180740Sdes%pre
177180740Sdes/usr/sbin/groupadd -g %{sshd_gid} -o -r sshd 2> /dev/null || :
178180740Sdes/usr/sbin/useradd -r -o -g sshd -u %{sshd_uid} -s /bin/false -c "SSH Privilege Separation User" -d /var/lib/sshd sshd 2> /dev/null || :
179180740Sdes
180180740Sdes%post
181225825Sdes/usr/bin/ssh-keygen -A
182225825Sdes%{fillup_and_insserv -n -y ssh sshd}
183180740Sdes%run_permissions
184180740Sdes
185180740Sdes%verifyscript
186180740Sdes%verify_permissions -e /etc/ssh/sshd_config -e /etc/ssh/ssh_config -e /usr/bin/ssh
187180740Sdes
188180740Sdes%preun
189180740Sdes%stop_on_removal sshd
190180740Sdes
191180740Sdes%postun
192180740Sdes%restart_on_update sshd
193180740Sdes%{insserv_cleanup}
194180740Sdes
195180740Sdes%files
196180740Sdes%defattr(-,root,root)
197189006Sdes%doc ChangeLog OVERVIEW README* PROTOCOL*
198180750Sdes%doc TODO CREDITS LICENCE
199180740Sdes%attr(0755,root,root) %dir %{_sysconfdir}/ssh
200180740Sdes%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/ssh/ssh_config
201180740Sdes%attr(0600,root,root) %config(noreplace) %{_sysconfdir}/ssh/sshd_config
202180740Sdes%attr(0600,root,root) %config(noreplace) %{_sysconfdir}/ssh/moduli
203180740Sdes%attr(0644,root,root) %config(noreplace) /etc/pam.d/sshd
204180740Sdes%attr(0755,root,root) %config /etc/init.d/sshd
205180740Sdes%attr(0755,root,root) %{_bindir}/ssh-keygen
206180740Sdes%attr(0755,root,root) %{_bindir}/scp
207180740Sdes%attr(0755,root,root) %{_bindir}/ssh
208180740Sdes%attr(-,root,root) %{_bindir}/slogin
209180740Sdes%attr(0755,root,root) %{_bindir}/ssh-agent
210180740Sdes%attr(0755,root,root) %{_bindir}/ssh-add
211180740Sdes%attr(0755,root,root) %{_bindir}/ssh-keyscan
212180740Sdes%attr(0755,root,root) %{_bindir}/sftp
213180740Sdes%attr(0755,root,root) %{_sbindir}/sshd
214180740Sdes%attr(0755,root,root) %dir %{_libdir}/ssh
215180740Sdes%attr(0755,root,root) %{_libdir}/ssh/sftp-server
216180740Sdes%attr(4711,root,root) %{_libdir}/ssh/ssh-keysign
217204861Sdes%attr(0755,root,root) %{_libdir}/ssh/ssh-pkcs11-helper
218180740Sdes%attr(0644,root,root) %doc %{_mandir}/man1/scp.1*
219180740Sdes%attr(0644,root,root) %doc %{_mandir}/man1/sftp.1*
220180740Sdes%attr(-,root,root) %doc %{_mandir}/man1/slogin.1*
221180740Sdes%attr(0644,root,root) %doc %{_mandir}/man1/ssh.1*
222180740Sdes%attr(0644,root,root) %doc %{_mandir}/man1/ssh-add.1*
223180740Sdes%attr(0644,root,root) %doc %{_mandir}/man1/ssh-agent.1*
224180740Sdes%attr(0644,root,root) %doc %{_mandir}/man1/ssh-keygen.1*
225180740Sdes%attr(0644,root,root) %doc %{_mandir}/man1/ssh-keyscan.1*
226180750Sdes%attr(0644,root,root) %doc %{_mandir}/man5/moduli.5*
227180740Sdes%attr(0644,root,root) %doc %{_mandir}/man5/ssh_config.5*
228180740Sdes%attr(0644,root,root) %doc %{_mandir}/man5/sshd_config.5*
229180740Sdes%attr(0644,root,root) %doc %{_mandir}/man8/sftp-server.8*
230180740Sdes%attr(0644,root,root) %doc %{_mandir}/man8/ssh-keysign.8*
231204861Sdes%attr(0644,root,root) %doc %{_mandir}/man8/ssh-pkcs11-helper.8*
232180740Sdes%attr(0644,root,root) %doc %{_mandir}/man8/sshd.8*
233180740Sdes%attr(0644,root,root) /var/adm/fillup-templates/sysconfig.ssh
234180740Sdes
235180740Sdes%if %{build_x11_askpass}
236180740Sdes%files askpass
237180740Sdes%defattr(-,root,root)
238180740Sdes%doc x11-ssh-askpass-%{xversion}/README
239180740Sdes%doc x11-ssh-askpass-%{xversion}/ChangeLog
240180740Sdes%doc x11-ssh-askpass-%{xversion}/SshAskpass*.ad
241180740Sdes%attr(0755,root,root) %{_libdir}/ssh/ssh-askpass
242180740Sdes%attr(0755,root,root) %{_libdir}/ssh/x11-ssh-askpass
243180740Sdes%attr(0644,root,root) %doc /usr/X11R6/man/man1/ssh-askpass.1x*
244180740Sdes%attr(0644,root,root) %doc /usr/X11R6/man/man1/x11-ssh-askpass.1x*
245180740Sdes%attr(0644,root,root) %config /usr/X11R6/lib/X11/app-defaults/SshAskpass
246180740Sdes%endif
247