2 # - add trigger to enable this:
3 # * sshd(8): This release turns on pre-auth sandboxing sshd by default for
4 # new installs, by setting UsePrivilegeSeparation=sandbox in sshd_config.
7 %bcond_without audit # sshd audit support
8 %bcond_with gnome # gnome-askpass (GNOME 1.x) utility
9 %bcond_without gtk # gnome-askpass (GTK+ 2.x) utility
10 %bcond_without ldap # LDAP support
11 %bcond_with ldns # DNSSEC support via libldns
12 %bcond_without libedit # libedit (editline/history support in sftp client)
13 %bcond_without kerberos5 # Kerberos5 support
14 %bcond_without selinux # SELinux support
15 %bcond_without libseccomp # use libseccomp for seccomp privsep (requires 3.5 kernel)
16 %bcond_with hpn # High Performance SSH/SCP - HPN-SSH including Cipher NONE (broken too often)
17 %bcond_without tests # test suite
18 %bcond_with tests_conch # run conch interoperability tests
20 # gtk2-based gnome-askpass means no gnome1-based
21 %{?with_gtk:%undefine with_gnome}
23 %if "%{pld_release}" == "ac"
24 %define pam_ver 0.79.0
26 %define pam_ver 1:1.1.8-5
28 Summary: OpenSSH free Secure Shell (SSH) implementation
29 Summary(de.UTF-8): OpenSSH - freie Implementation der Secure Shell (SSH)
30 Summary(es.UTF-8): Implementación libre de SSH
31 Summary(fr.UTF-8): Implémentation libre du shell sécurisé OpenSSH (SSH)
32 Summary(it.UTF-8): Implementazione gratuita OpenSSH della Secure Shell
33 Summary(pl.UTF-8): Publicznie dostępna implementacja bezpiecznego shella (SSH)
34 Summary(pt.UTF-8): Implementação livre OpenSSH do protocolo 'Secure Shell' (SSH)
35 Summary(pt_BR.UTF-8): Implementação livre do SSH
36 Summary(ru.UTF-8): OpenSSH - свободная реализация протокола Secure Shell (SSH)
37 Summary(uk.UTF-8): OpenSSH - вільна реалізація протоколу Secure Shell (SSH)
43 Group: Applications/Networking
44 Source0: https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/%{name}-%{version}.tar.gz
45 # Source0-md5: 5ed8252a0ee379c0f7c9e0d25d32424d
46 Source1: http://www.mif.pg.gda.pl/homepages/ankry/man-PLD/%{name}-non-english-man-pages.tar.bz2
47 # Source1-md5: 66943d481cc422512b537bcc2c7400d1
48 Source2: %{name}d.init
49 Source3: %{name}d.pamd
50 Source4: %{name}.sysconfig
52 Source6: ssh-agent.conf
53 Source7: %{name}-lpk.schema
57 Source12: sshd@.service
58 Patch100: %{name}-git.patch
59 # Patch100-md5: eb723cc4f21efc32752161d539c9c5e9
60 Patch0: %{name}-no-pty-tests.patch
61 Patch1: %{name}-tests-reuseport.patch
62 Patch2: %{name}-pam_misc.patch
63 Patch3: %{name}-sigpipe.patch
64 # http://pkgs.fedoraproject.org/gitweb/?p=openssh.git;a=tree
65 Patch4: %{name}-ldap.patch
66 Patch5: %{name}-ldap-fixes.patch
67 Patch6: ldap.conf.patch
68 Patch7: %{name}-config.patch
69 Patch8: ldap-helper-sigpipe.patch
70 # High Performance SSH/SCP - HPN-SSH - http://www.psc.edu/networking/projects/hpn-ssh/
71 # http://www.psc.edu/networking/projects/hpn-ssh/openssh-5.2p1-hpn13v6.diff.gz
72 Patch9: %{name}-5.2p1-hpn13v6.diff
74 Patch11: %{name}-chroot.patch
76 Patch13: %{name}-skip-interop-tests.patch
77 Patch14: %{name}-bind.patch
78 Patch15: %{name}-disable_ldap.patch
79 Patch16: openssl3.0.patch
80 URL: http://www.openssh.com/portable.html
81 BuildRequires: %{__perl}
82 %{?with_audit:BuildRequires: audit-libs-devel}
83 BuildRequires: autoconf >= 2.50
84 BuildRequires: automake
85 %{?with_gnome:BuildRequires: gnome-libs-devel}
86 %{?with_gtk:BuildRequires: gtk+2-devel}
87 %{?with_kerberos5:BuildRequires: heimdal-devel >= 0.7}
88 %{?with_ldns:BuildRequires: ldns-devel}
89 %{?with_libedit:BuildRequires: libedit-devel}
90 BuildRequires: libfido2-devel >= 1.5.0
91 %{?with_libseccomp:BuildRequires: libseccomp-devel}
92 %{?with_selinux:BuildRequires: libselinux-devel}
93 %{?with_ldap:BuildRequires: openldap-devel}
94 BuildRequires: openssl-devel >= 1.1.0g
95 BuildRequires: pam-devel
96 %{?with_gtk:BuildRequires: pkgconfig}
97 %if %{with tests} && %{with tests_conch}
98 BuildRequires: python-TwistedConch
100 BuildRequires: rpm >= 4.4.9-56
101 BuildRequires: rpmbuild(macros) >= 1.752
102 BuildRequires: sed >= 4.0
103 BuildRequires: zlib-devel >= 1.2.3
104 %if %{with tests} && 0%(id -u sshd >/dev/null 2>&1; echo $?)
105 BuildRequires: %{name}-server
107 %if %{with tests} && %{with libseccomp}
108 # libseccomp based sandbox requires NO_NEW_PRIVS prctl flag
109 BuildRequires: uname(release) >= 3.5
111 Requires: zlib >= 1.2.3
112 %if "%{pld_release}" == "ac"
113 Requires: filesystem >= 2.0-1
114 Requires: pam >= 0.79.0
116 Requires: filesystem >= 3.0-11
117 Requires: pam >= %{pam_ver}
118 Suggests: xorg-app-xauth
121 BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
123 %define _sysconfdir /etc/ssh
124 %define _libexecdir %{_libdir}/%{name}
125 %define _privsepdir /usr/share/empty
126 %define schemadir /usr/share/openldap/schema
129 Ssh (Secure Shell) a program for logging into a remote machine and for
130 executing commands in a remote machine. It is intended to replace
131 rlogin and rsh, and provide secure encrypted communications between
132 two untrusted hosts over an insecure network. X11 connections and
133 arbitrary TCP/IP ports can also be forwarded over the secure channel.
135 OpenSSH is OpenBSD's rework of the last free version of SSH, bringing
136 it up to date in terms of security and features, as well as removing
137 all patented algorithms to seperate libraries (OpenSSL).
139 This package includes the core files necessary for both the OpenSSH
140 client and server. To make this package useful, you should also
141 install openssh-clients, openssh-server, or both.
144 This release includes High Performance SSH/SCP patches from
145 http://www.psc.edu/networking/projects/hpn-ssh/ which are supposed to
146 increase throughput on fast connections with high RTT (20-150 msec).
147 See the website for '-w' values for your connection and /proc/sys TCP
148 values. BTW. in a LAN you have got generally RTT < 1 msec.
151 %description -l de.UTF-8
152 OpenSSH (Secure Shell) stellt den Zugang zu anderen Rechnern her. Es
153 ersetzt telnet, rlogin, rexec und rsh und stellt eine sichere,
154 verschlüsselte Verbindung zwischen zwei nicht vertrauenswürdigen Hosts
155 über eine unsicheres Netzwerk her. X11 Verbindungen und beliebige
156 andere TCP/IP Ports können ebenso über den sicheren Channel
157 weitergeleitet werden.
159 %description -l es.UTF-8
160 SSH es un programa para accesar y ejecutar órdenes en computadores
161 remotos. Sustituye rlogin y rsh, y suministra un canal de comunicación
162 seguro entre dos servidores en una red insegura. Conexiones X11 y
163 puertas TCP/IP arbitrárias también pueden ser usadas por el canal
166 OpenSSH es el resultado del trabajo del equipo de OpenBSD para
167 continuar la última versión gratuita de SSH, actualizándolo en
168 términos de seguridad y recursos,así también eliminando todos los
169 algoritmos patentados y colocándolos en bibliotecas separadas
172 Este paquete contiene "port" para Linux de OpenSSH. Se debe instalar
173 también el paquete openssh-clients u openssh-server o ambos.
175 %description -l fr.UTF-8
176 OpenSSH (Secure Shell) fournit un accès à un système distant. Il
177 remplace telnet, rlogin, rexec et rsh, tout en assurant des
178 communications cryptées securisées entre deux hôtes non fiabilisés sur
179 un réseau non sécurisé. Des connexions X11 et des ports TCP/IP
180 arbitraires peuvent également être transmis sur le canal sécurisé.
182 %description -l it.UTF-8
183 OpenSSH (Secure Shell) fornisce l'accesso ad un sistema remoto.
184 Sostituisce telnet, rlogin, rexec, e rsh, e fornisce comunicazioni
185 sicure e crittate tra due host non fidati su una rete non sicura. Le
186 connessioni X11 ad una porta TCP/IP arbitraria possono essere
187 inoltrate attraverso un canale sicuro.
189 %description -l pl.UTF-8
190 Ssh (Secure Shell) to program służący do logowania się na zdalną
191 maszynę i uruchamiania na niej aplikacji. W zamierzeniu openssh ma
192 zastąpić rlogin, rsh i dostarczyć bezpieczne, szyfrowane połączenie
193 pomiędzy dwoma hostami.
195 Ten pakiet zawiera podstawowe pliki potrzebne zarówno po stronie
196 klienta jak i serwera OpenSSH. Aby był użyteczny, trzeba zainstalować
197 co najmniej jeden z pakietów: openssh-clients lub openssh-server.
200 Ta wersja zawiera łaty z projektu High Performance SSH/SCP
201 http://www.psc.edu/networking/projects/hpn-ssh/, które mają na celu
202 zwiększenie przepustowości transmisji dla szybkich połączeń z dużym
203 RTT (20-150 msec). Na stronie projektu znaleźć można odpowednie dla
204 danego połączenia wartości parametru '-w' oraz opcje /proc/sys dla
205 TCP. Nawiasem mówiąc w sieciach LAN RTT < 1 msec.
208 %description -l pt.UTF-8
209 OpenSSH (Secure Shell) fornece acesso a um sistema remoto. Substitui o
210 telnet, rlogin, rexec, e o rsh e fornece comunicações seguras e
211 cifradas entre duas máquinas sem confiança mútua sobre uma rede
212 insegura. Ligações X11 e portos TCP/IP arbitrários também poder ser
213 reenviados pelo canal seguro.
215 %description -l pt_BR.UTF-8
216 SSH é um programa para acessar e executar comandos em máquinas
217 remotas. Ele substitui rlogin e rsh, e provem um canal de comunicação
218 seguro entre dois hosts em uma rede insegura. Conexões X11 e portas
219 TCP/IP arbitrárias também podem ser usadas pelo canal seguro.
221 OpenSSH é o resultado do trabalho da equipe do OpenBSD em continuar a
222 última versão gratuita do SSH, atualizando-o em termos de segurança e
223 recursos, assim como removendo todos os algoritmos patenteados e
224 colocando-os em bibliotecas separadas (OpenSSL).
226 Esse pacote contém o "port" pra Linux do OpenSSH. Você deve instalar
227 também ou o pacote openssh-clients, ou o openssh-server, ou ambos.
229 %description -l ru.UTF-8
230 Ssh (Secure Shell) - это программа для "захода" (login) на удаленную
231 машину и для выполнения команд на удаленной машине. Она предназначена
232 для замены rlogin и rsh и обеспечивает безопасную шифрованную
233 коммуникацию между двумя хостами в сети, являющейся небезопасной.
234 Соединения X11 и любые порты TCP/IP могут также быть проведены через
237 OpenSSH - это переделка командой разработчиков OpenBSD последней
238 свободной версии SSH, доведенная до современного состояния в терминах
239 уровня безопасности и поддерживаемых возможностей. Все патентованные
240 алгоритмы вынесены в отдельные библиотеки (OpenSSL).
242 Этот пакет содержит файлы, необходимые как для клиента, так и для
243 сервера OpenSSH. Вам нужно будет установить еще openssh-clients,
244 openssh-server, или оба пакета.
246 %description -l uk.UTF-8
247 Ssh (Secure Shell) - це програма для "заходу" (login) до віддаленої
248 машини та для виконання команд на віддаленій машині. Вона призначена
249 для заміни rlogin та rsh і забезпечує безпечну шифровану комунікацію
250 між двома хостами в мережі, яка не є безпечною. З'єднання X11 та
251 довільні порти TCP/IP можуть також бути проведені через безпечний
254 OpenSSH - це переробка командою розробників OpenBSD останньої вільної
255 версії SSH, доведена до сучасного стану в термінах рівня безпеки та
256 підтримуваних можливостей. Всі патентовані алгоритми винесені до
257 окремих бібліотек (OpenSSL).
259 Цей пакет містить файли, необхідні як для клієнта, так і для сервера
260 OpenSSH. Вам потрібно буде ще встановити openssh-clients,
261 openssh-server, чи обидва пакети.
264 Summary: OpenSSH Secure Shell protocol clients
265 Summary(es.UTF-8): Clientes de OpenSSH
266 Summary(pl.UTF-8): Klienci protokołu Secure Shell
267 Summary(pt_BR.UTF-8): Clientes do OpenSSH
268 Summary(ru.UTF-8): OpenSSH - клиенты протокола Secure Shell
269 Summary(uk.UTF-8): OpenSSH - клієнти протоколу Secure Shell
270 Group: Applications/Networking
272 Suggests: %{name}-clients-helper-fido = %{epoch}:%{version}-%{release}
273 Provides: ssh-clients
274 Obsoletes: ssh-clients
275 %requires_eq_to openssl openssl-devel
278 Ssh (Secure Shell) a program for logging into a remote machine and for
279 executing commands in a remote machine. It is intended to replace
280 rlogin and rsh, and provide secure encrypted communications between
281 two untrusted hosts over an insecure network. X11 connections and
282 arbitrary TCP/IP ports can also be forwarded over the secure channel.
284 OpenSSH is OpenBSD's rework of the last free version of SSH, bringing
285 it up to date in terms of security and features, as well as removing
286 all patented algorithms to seperate libraries (OpenSSL).
288 This package includes the clients necessary to make encrypted
289 connections to SSH servers.
291 %description clients -l es.UTF-8
292 Este paquete incluye los clientes que se necesitan para hacer
293 conexiones codificadas con servidores SSH.
295 %description clients -l pl.UTF-8
296 Ssh (Secure Shell) to program służący do logowania się na zdalną
297 maszynę i uruchamiania na niej aplikacji. W zamierzeniu openssh ma
298 zastąpić rlogin, rsh i dostarczyć bezpieczne, szyfrowane połączenie
299 pomiędzy dwoma hostami.
301 Ten pakiet zawiera klientów służących do łączenia się z serwerami SSH.
303 %description clients -l pt_BR.UTF-8
304 Esse pacote inclui os clientes necessários para fazer conexões
305 encriptadas com servidores SSH.
307 %description clients -l ru.UTF-8
308 Ssh (Secure Shell) - это программа для "захода" (login) на удаленную
309 машину и для выполнения команд на удаленной машине.
311 Этот пакет содержит программы-клиенты, необходимые для установления
312 зашифрованных соединений с серверами SSH.
314 %description clients -l uk.UTF-8
315 Ssh (Secure Shell) - це програма для "заходу" (login) до віддаленої
316 машини та для виконання команд на віддаленій машині.
318 Цей пакет містить програми-клієнти, необхідні для встановлення
319 зашифрованих з'єднань з серверами SSH.
321 %package clients-agent-profile_d
322 Summary: OpenSSH Secure Shell agent init script
323 Summary(pl.UTF-8): Skrypt startowy agenta OpenSSH
324 Group: Applications/Networking
325 Requires: %{name}-clients = %{epoch}:%{version}-%{release}
327 %description clients-agent-profile_d
328 profile.d scripts for starting SSH agent.
330 %description clients-agent-profile_d -l pl.UTF-8
331 Skrypty profile.d do uruchamiania agenta SSH.
333 %package clients-agent-xinitrc
334 Summary: OpenSSH Secure Shell agent init script
335 Summary(pl.UTF-8): Skrypt inicjujący agenta ssh przez xinitrc
336 Group: Applications/Networking
337 Requires: %{name}-clients-agent-profile_d = %{epoch}:%{version}-%{release}
340 %description clients-agent-xinitrc
341 xinitrc scripts for starting SSH agent.
343 %description clients-agent-xinitrc -l pl.UTF-8
344 Skrypty xinitrc do uruchamiania agenta SSH.
346 %package clients-helper-fido
347 Summary: OpenSSH helper for FIDO authenticator
348 Summary(pl.UTF-8): OpenSSH helper obsługujący klucz autoryzujący FIDO
349 Group: Applications/Networking
350 Requires: %{name}-clients = %{epoch}:%{version}-%{release}
351 Requires: libfido2 >= 1.5.0
353 %description clients-helper-fido
354 OpenSSH helper for FIDO authenticator.
356 %description clients-helper-fido -l pl.UTF-8
357 OpenSSH helper obsługujący klucz autoryzujący FIDO.
360 Summary: OpenSSH Secure Shell protocol server (sshd)
361 Summary(de.UTF-8): OpenSSH Secure Shell Protocol-Server (sshd)
362 Summary(es.UTF-8): Servidor OpenSSH para comunicaciones codificadas
363 Summary(fr.UTF-8): Serveur de protocole du shell sécurisé OpenSSH (sshd)
364 Summary(it.UTF-8): Server OpenSSH per il protocollo Secure Shell (sshd)
365 Summary(pl.UTF-8): Serwer protokołu Secure Shell (sshd)
366 Summary(pt.UTF-8): Servidor do protocolo 'Secure Shell' OpenSSH (sshd)
367 Summary(pt_BR.UTF-8): Servidor OpenSSH para comunicações encriptadas
368 Summary(ru.UTF-8): OpenSSH - сервер протокола Secure Shell (sshd)
369 Summary(uk.UTF-8): OpenSSH - сервер протоколу Secure Shell (sshd)
370 Group: Networking/Daemons
371 Requires(post): /sbin/chkconfig
373 Requires(post,preun): /sbin/chkconfig
374 Requires(postun): /usr/sbin/userdel
375 Requires(pre): /bin/id
376 Requires(pre): /usr/sbin/useradd
377 Requires(post,preun,postun): systemd-units >= 38
378 Requires: %{name} = %{epoch}:%{version}-%{release}
379 Requires: pam >= %{pam_ver}
380 Requires: rc-scripts >= 0.4.3.0
381 Requires: systemd-units >= 38
382 %{?with_libseccomp:Requires: uname(release) >= 3.5}
384 %{?with_ldap:Suggests: %{name}-server-ldap}
386 Suggests: xorg-app-xauth
389 %requires_eq_to openssl openssl-devel
392 Ssh (Secure Shell) a program for logging into a remote machine and for
393 executing commands in a remote machine. It is intended to replace
394 rlogin and rsh, and provide secure encrypted communications between
395 two untrusted hosts over an insecure network. X11 connections and
396 arbitrary TCP/IP ports can also be forwarded over the secure channel.
398 OpenSSH is OpenBSD's rework of the last free version of SSH, bringing
399 it up to date in terms of security and features, as well as removing
400 all patented algorithms to seperate libraries (OpenSSL).
402 This package contains the secure shell daemon. The sshd is the server
403 part of the secure shell protocol and allows ssh clients to connect to
406 %description server -l de.UTF-8
407 Dieses Paket installiert den sshd, den Server-Teil der OpenSSH.
409 %description server -l es.UTF-8
410 Este paquete contiene el servidor SSH. sshd es la parte servidor del
411 protocolo secure shell y permite que clientes ssh se conecten a su
414 %description server -l fr.UTF-8
415 Ce paquetage installe le 'sshd', partie serveur de OpenSSH.
417 %description server -l it.UTF-8
418 Questo pacchetto installa sshd, il server di OpenSSH.
420 %description server -l pl.UTF-8
421 Ssh (Secure Shell) to program służący do logowania się na zdalną
422 maszynę i uruchamiania na niej aplikacji. W zamierzeniu openssh ma
423 zastąpić rlogin, rsh i dostarczyć bezpieczne, szyfrowane połączenie
424 pomiędzy dwoma hostami.
426 Ten pakiet zawiera serwer sshd (do którego mogą łączyć się klienci
429 %description server -l pt.UTF-8
430 Este pacote intala o sshd, o servidor do OpenSSH.
432 %description server -l pt_BR.UTF-8
433 Esse pacote contém o servidor SSH. O sshd é a parte servidor do
434 protocolo secure shell e permite que clientes ssh se conectem ao seu
437 %description server -l ru.UTF-8
438 Ssh (Secure Shell) - это программа для "захода" (login) на удаленную
439 машину и для выполнения команд на удаленной машине.
441 Этот пакет содержит sshd - "демон" Secure Shell. sshd - это серверная
442 часть протокола Secure Shell, позволяющая клиентам ssh соединяться с
445 %description server -l uk.UTF-8
446 Ssh (Secure Shell) - це програма для "заходу" (login) до віддаленої
447 машини та для виконання команд на віддаленій машині.
449 Цей пакет містить sshd - "демон" Secure Shell. sshd - це серверна
450 частина протоколу Secure Shell, яка дозволяє клієнтам ssh зв'язуватись
454 Summary: A LDAP support for open source SSH server daemon
455 Summary(pl.UTF-8): Wsparcie LDAP dla serwera OpenSSH
457 Requires: %{name} = %{epoch}:%{version}-%{release}
458 Requires: openldap-nss-config
460 %description server-ldap
461 OpenSSH LDAP backend is a way how to distribute the authorized tokens
462 among the servers in the network.
464 %description server-ldap -l pl.UTF-8
465 Backend LDAP dla OpenSSH to metoda rozprowadzania autoryzowanych
466 tokenów między serwerami w sieci.
468 %package gnome-askpass
469 Summary: OpenSSH GNOME passphrase dialog
470 Summary(de.UTF-8): OpenSSH GNOME Passwort-Dialog
471 Summary(es.UTF-8): Diálogo para introducción de passphrase para GNOME
472 Summary(fr.UTF-8): Dialogue pass-phrase GNOME d'OpenSSH
473 Summary(it.UTF-8): Finestra di dialogo GNOME per la frase segreta di OpenSSH
474 Summary(pl.UTF-8): Odpytywacz hasła OpenSSH dla GNOME
475 Summary(pt.UTF-8): Diálogo de pedido de senha para GNOME do OpenSSH
476 Summary(pt_BR.UTF-8): Diálogo para entrada de passphrase para GNOME
477 Summary(ru.UTF-8): OpenSSH - диалог ввода ключевой фразы (passphrase) для GNOME
478 Summary(uk.UTF-8): OpenSSH - діалог вводу ключової фрази (passphrase) для GNOME
479 Group: Applications/Networking
480 Requires: %{name} = %{epoch}:%{version}-%{release}
481 Obsoletes: openssh-askpass
482 Obsoletes: ssh-askpass
483 Obsoletes: ssh-extras
485 %description gnome-askpass
486 Ssh (Secure Shell) a program for logging into a remote machine and for
487 executing commands in a remote machine. It is intended to replace
488 rlogin and rsh, and provide secure encrypted communications between
489 two untrusted hosts over an insecure network. X11 connections and
490 arbitrary TCP/IP ports can also be forwarded over the secure channel.
492 OpenSSH is OpenBSD's rework of the last free version of SSH, bringing
493 it up to date in terms of security and features, as well as removing
494 all patented algorithms to seperate libraries (OpenSSL).
496 This package contains the GNOME passphrase dialog.
498 %description gnome-askpass -l es.UTF-8
499 Este paquete contiene un programa que abre una caja de diálogo para
500 entrada de passphrase en GNOME.
502 %description gnome-askpass -l pl.UTF-8
503 Ssh (Secure Shell) to program służący do logowania się na zdalną
504 maszynę i uruchamiania na niej aplikacji. W zamierzeniu openssh ma
505 zastąpić rlogin, rsh i dostarczyć bezpieczne, szyfrowane połączenie
506 pomiędzy dwoma hostami.
508 Ten pakiet zawiera ,,odpytywacz hasła'' dla GNOME.
510 %description gnome-askpass -l pt_BR.UTF-8
511 Esse pacote contém um programa que abre uma caixa de diálogo para
512 entrada de passphrase no GNOME.
514 %description gnome-askpass -l ru.UTF-8
515 Ssh (Secure Shell) - это программа для "захода" (login) на удаленную
516 машину и для выполнения команд на удаленной машине.
518 Этот пакет содержит диалог ввода ключевой фразы для использования под
521 %description gnome-askpass -l uk.UTF-8
522 Ssh (Secure Shell) - це програма для "заходу" (login) до віддаленої
523 машини та для виконання команд на віддаленій машині.
525 Цей пакет містить діалог вводу ключової фрази для використання під
528 %package -n openldap-schema-openssh-lpk
529 Summary: OpenSSH LDAP Public Key schema
530 Summary(pl.UTF-8): Schemat klucza publicznego LDAP dla OpenSSH
531 Group: Networking/Daemons
532 Requires(post,postun): sed >= 4.0
533 Requires: openldap-servers
536 %description -n openldap-schema-openssh-lpk
537 This package contains OpenSSH LDAP Public Key schema for openldap.
539 %description -n openldap-schema-openssh-lpk -l pl.UTF-8
540 Ten pakiet zawiera schemat klucza publicznego LDAP dla OpenSSH dla
557 %{?with_hpn:%patch9 -p1}
564 %{!?with_ldap:%patch15 -p1}
567 %if "%{pld_release}" == "ac"
568 # fix for missing x11.pc
569 %{__sed} -i -e 's/\(`$(PKG_CONFIG) --libs gtk+-2.0\) x11`/\1` -lX11/' contrib/Makefile
572 # hack since arc4random from openbsd-compat needs symbols from libssh and vice versa
573 sed -i -e 's#-lssh -lopenbsd-compat#-lssh -lopenbsd-compat -lssh -lopenbsd-compat#g' Makefile*
575 grep -rl /usr/libexec/openssh/ssh-ldap-helper . | xargs \
576 %{__sed} -i -e 's,/usr/libexec/openssh/ssh-ldap-helper,%{_libexecdir}/ssh-ldap-helper,'
578 # prevent being ovewritten by aclocal calls
579 %{__mv} aclocal.m4 acinclude.m4
585 CPPFLAGS="%{rpmcppflags} -DCHROOT -std=gnu99"
592 %{?with_audit:--with-audit=linux} \
593 --with-ipaddr-display \
594 %{?with_kerberos5:--with-kerberos5=/usr} \
595 --with-ldap%{!?with_ldap:=no} \
596 %{?with_ldns:--with-ldns} \
597 %{?with_libedit:--with-libedit} \
599 --with-md5-passwords \
601 --with-pid-dir=%{_localstatedir}/run \
602 --with-privsep-path=%{_privsepdir} \
603 --with-privsep-user=sshd \
604 --with-security-key-builtin \
605 %{?with_selinux:--with-selinux} \
606 %if "%{pld_release}" == "ac"
607 --with-xauth=/usr/X11R6/bin/xauth
609 %if %{with libseccomp}
610 --with-sandbox=seccomp_filter \
612 --with-sandbox=rlimit \
614 --with-xauth=%{_bindir}/xauth
617 echo '#define LOGIN_PROGRAM "/bin/login"' >>config.h
622 %{__make} -j1 tests \
623 TEST_SSH_PORT=$((4242 + ${RANDOM:-$$} % 1000)) \
624 TEST_SSH_TRACE="yes" \
625 %if %{without tests_conch}
626 SKIP_LTESTS="conch-ciphers"
632 %{__make} gnome-ssh-askpass1 \
633 CC="%{__cc} %{rpmldflags} %{rpmcflags}"
636 %{__make} gnome-ssh-askpass2 \
637 CC="%{__cc} %{rpmldflags} %{rpmcflags}"
641 rm -rf $RPM_BUILD_ROOT
642 install -d $RPM_BUILD_ROOT{%{_sysconfdir},/etc/{pam.d,rc.d/init.d,sysconfig,security,env.d}} \
643 $RPM_BUILD_ROOT{%{_libexecdir}/ssh,%{schemadir},%{systemdunitdir}}
644 install -d $RPM_BUILD_ROOT/etc/{profile.d,X11/xinit/xinitrc.d}
647 DESTDIR=$RPM_BUILD_ROOT
649 bzip2 -dc %{SOURCE1} | tar xf - -C $RPM_BUILD_ROOT%{_mandir}
651 install -p %{SOURCE2} $RPM_BUILD_ROOT/etc/rc.d/init.d/sshd
652 cp -p %{SOURCE3} $RPM_BUILD_ROOT/etc/pam.d/sshd
653 cp -p %{SOURCE4} $RPM_BUILD_ROOT/etc/sysconfig/sshd
654 cp -p %{SOURCE5} $RPM_BUILD_ROOT/etc/profile.d
655 ln -sf /etc/profile.d/ssh-agent.sh $RPM_BUILD_ROOT/etc/X11/xinit/xinitrc.d/ssh-agent.sh
656 cp -p %{SOURCE6} $RPM_BUILD_ROOT%{_sysconfdir}
657 cp -p %{SOURCE7} $RPM_BUILD_ROOT%{schemadir}
659 cp -p %{SOURCE9} %{SOURCE11} %{SOURCE12} $RPM_BUILD_ROOT%{systemdunitdir}
660 install -p %{SOURCE10} $RPM_BUILD_ROOT%{_libexecdir}/sshd-keygen
662 %{__sed} -i -e 's|@@LIBEXECDIR@@|%{_libexecdir}|g' \
663 $RPM_BUILD_ROOT/etc/rc.d/init.d/sshd \
664 $RPM_BUILD_ROOT%{systemdunitdir}/sshd.service \
665 $RPM_BUILD_ROOT%{systemdunitdir}/sshd@.service \
666 $RPM_BUILD_ROOT%{_libexecdir}/sshd-keygen
669 install -p contrib/gnome-ssh-askpass1 $RPM_BUILD_ROOT%{_libexecdir}/ssh/ssh-askpass
672 install -p contrib/gnome-ssh-askpass2 $RPM_BUILD_ROOT%{_libexecdir}/ssh/ssh-askpass
674 %if %{with gnome} || %{with gtk}
675 cat << 'EOF' >$RPM_BUILD_ROOT/etc/env.d/GNOME_SSH_ASKPASS_GRAB_SERVER
676 #GNOME_SSH_ASKPASS_GRAB_SERVER="true"
678 cat << 'EOF' >$RPM_BUILD_ROOT/etc/env.d/GNOME_SSH_ASKPASS_GRAB_POINTER
679 #GNOME_SSH_ASKPASS_GRAB_POINTER="true"
681 ln -s %{_libexecdir}/ssh/ssh-askpass $RPM_BUILD_ROOT%{_libexecdir}/ssh-askpass
684 install -p contrib/ssh-copy-id $RPM_BUILD_ROOT%{_bindir}
685 cp -p contrib/ssh-copy-id.1 $RPM_BUILD_ROOT%{_mandir}/man1
687 touch $RPM_BUILD_ROOT/etc/security/blacklist.sshd
689 cat << 'EOF' > $RPM_BUILD_ROOT/etc/env.d/SSH_ASKPASS
690 #SSH_ASKPASS="%{_libexecdir}/ssh-askpass"
693 %if "%{pld_release}" == "ac"
694 # not present in ac, no point searching it
695 %{__sed} -i -e '/pam_keyinit.so/d' $RPM_BUILD_ROOT/etc/pam.d/sshd
696 # openssl on ac does not have OPENSSL_HAS_ECC
697 %{__sed} -i -e '/ecdsa/d' $RPM_BUILD_ROOT%{_libexecdir}/sshd-keygen
701 # remove recording user's login uid to the process attribute
702 %{__sed} -i -e '/pam_loginuid.so/d' $RPM_BUILD_ROOT/etc/pam.d/sshd
705 %{__rm} $RPM_BUILD_ROOT%{_mandir}/README.openssh-non-english-man-pages
706 %{?with_ldap:%{__rm} $RPM_BUILD_ROOT%{_sysconfdir}/ldap.conf}
709 rm -rf $RPM_BUILD_ROOT
720 %postun gnome-askpass
724 %useradd -P %{name}-server -u 40 -d %{_privsepdir} -s /bin/false -c "OpenSSH PrivSep User" -g nobody sshd
727 /sbin/chkconfig --add sshd
728 %service sshd reload "OpenSSH Daemon"
730 %systemd_post sshd.service
733 if [ "$1" = "0" ]; then
735 /sbin/chkconfig --del sshd
737 %systemd_preun sshd.service
740 if [ "$1" = "0" ]; then
745 %triggerpostun server -- %{name}-server < 2:7.0p1-2
746 %banner %{name}-server -e << EOF
747 !!!!!!!!!!!!!!!!!!!!!!! WARNING !!!!!!!!!!!!!!!!!!!
748 ! Starting from openssh 7.0 DSA keys are disabled !
749 ! on server and client side. You will NOT be able !
750 ! to use DSA keys for authentication. Please read !
751 ! about PubkeyAcceptedKeyTypes in man ssh_config. !
752 !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
755 %triggerpostun server -- %{name}-server < 6.2p1-1
756 cp -f %{_sysconfdir}/sshd_config{,.rpmorig}
757 sed -i -e 's#AuthorizedKeysCommandRunAs#AuthorizedKeysCommandUser##g' %{_sysconfdir}/sshd_config
759 %triggerpostun server -- %{name}-server < 2:5.9p1-8
760 # lpk.patch to ldap.patch
761 if grep -qE '^(UseLPK|Lpk)' %{_sysconfdir}/sshd_config; then
762 echo >&2 "Migrating LPK patch to LDAP patch"
763 cp -f %{_sysconfdir}/sshd_config{,.rpmorig}
765 # disable old configs
766 # just UseLPK/LkpLdapConf supported for now
767 s/^\s*UseLPK/## Obsolete &/
768 s/^\s*Lpk/## Obsolete &/
769 # Enable new ones, assumes /etc/ldap.conf defaults, see HOWTO.ldap-keys
770 /UseLPK/iAuthorizedKeysCommand %{_libexecdir}/ssh-ldap-wrapper
771 ' %{_sysconfdir}/sshd_config
772 if [ ! -x /bin/systemd_booted ] || ! /bin/systemd_booted; then
773 /bin/systemctl try-restart sshd.service || :
775 %service -q sshd reload
778 %systemd_trigger sshd.service
779 if [ -x /bin/systemd_booted ] && /bin/systemd_booted; then
780 %banner %{name}-server -e << EOF
781 !!!!!!!!!!!!!!!!!!!!!!! WARNING !!!!!!!!!!!!!!!!!!!!!!!!!
782 ! Native systemd support for sshd has been installed. !
783 ! Restarting sshd.service with systemctl WILL kill all !
784 ! active ssh sessions (daemon as such will be started). !
785 !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
789 %post -n openldap-schema-openssh-lpk
790 %openldap_schema_register %{schemadir}/openssh-lpk.schema
791 %service -q ldap restart
793 %postun -n openldap-schema-openssh-lpk
794 if [ "$1" = "0" ]; then
795 %openldap_schema_unregister %{schemadir}/openssh-lpk.schema
796 %service -q ldap restart
800 %defattr(644,root,root,755)
801 %doc TODO README OVERVIEW CREDITS Change*
802 %attr(755,root,root) %{_bindir}/ssh-key*
803 #%attr(755,root,root) %{_bindir}/ssh-vulnkey*
804 %{_mandir}/man1/ssh-key*.1*
805 #%{_mandir}/man1/ssh-vulnkey*.1*
810 %defattr(644,root,root,755)
811 %attr(755,root,root) %{_bindir}/ssh
812 %attr(755,root,root) %{_bindir}/sftp
813 %attr(755,root,root) %{_bindir}/ssh-agent
814 %attr(755,root,root) %{_bindir}/ssh-add
815 %attr(755,root,root) %{_bindir}/ssh-copy-id
816 %attr(755,root,root) %{_bindir}/scp
817 %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/ssh_config
818 %config(noreplace,missingok) %verify(not md5 mtime size) /etc/env.d/SSH_ASKPASS
819 %{_mandir}/man1/scp.1*
820 %{_mandir}/man1/ssh.1*
821 %{_mandir}/man1/sftp.1*
822 %{_mandir}/man1/ssh-agent.1*
823 %{_mandir}/man1/ssh-add.1*
824 %{_mandir}/man1/ssh-copy-id.1*
825 %{_mandir}/man5/ssh_config.5*
826 %lang(it) %{_mandir}/it/man1/ssh.1*
827 %lang(it) %{_mandir}/it/man5/ssh_config.5*
828 %lang(pl) %{_mandir}/pl/man1/scp.1*
829 %lang(zh_CN) %{_mandir}/zh_CN/man1/scp.1*
831 # for host-based auth (suid required for accessing private host key)
832 #%attr(4755,root,root) %{_libexecdir}/ssh-keysign
833 #%{_mandir}/man8/ssh-keysign.8*
835 %files clients-agent-profile_d
836 %defattr(644,root,root,755)
837 %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/ssh-agent.conf
838 %attr(755,root,root) /etc/profile.d/ssh-agent.sh
840 %files clients-agent-xinitrc
841 %defattr(644,root,root,755)
842 %attr(755,root,root) /etc/X11/xinit/xinitrc.d/ssh-agent.sh
844 %files clients-helper-fido
845 %defattr(644,root,root,755)
846 %attr(755,root,root) %{_libexecdir}/ssh-sk-helper
847 %{_mandir}/man8/ssh-sk-helper.8*
850 %defattr(644,root,root,755)
851 %attr(755,root,root) %{_sbindir}/sshd
852 %attr(755,root,root) %{_libexecdir}/sftp-server
853 %attr(755,root,root) %{_libexecdir}/ssh-keysign
854 %attr(755,root,root) %{_libexecdir}/ssh-pkcs11-helper
855 %attr(755,root,root) %{_libexecdir}/sshd-keygen
856 %{_mandir}/man8/sshd.8*
857 %{_mandir}/man8/sftp-server.8*
858 %{_mandir}/man8/ssh-keysign.8*
859 %{_mandir}/man8/ssh-pkcs11-helper.8*
860 %{_mandir}/man5/sshd_config.5*
861 %{_mandir}/man5/moduli.5*
862 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/sshd_config
863 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/pam.d/sshd
864 %{_sysconfdir}/moduli
865 %attr(754,root,root) /etc/rc.d/init.d/sshd
866 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/sysconfig/sshd
867 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/security/blacklist.sshd
868 %{systemdunitdir}/sshd.service
869 %{systemdunitdir}/sshd.socket
870 %{systemdunitdir}/sshd@.service
874 %defattr(644,root,root,755)
875 %doc HOWTO.ldap-keys ldap.conf
876 %attr(755,root,root) %{_libexecdir}/ssh-ldap-helper
877 %attr(755,root,root) %{_libexecdir}/ssh-ldap-wrapper
878 %{_mandir}/man5/ssh-ldap.conf.5*
879 %{_mandir}/man8/ssh-ldap-helper.8*
882 %if %{with gnome} || %{with gtk}
884 %defattr(644,root,root,755)
885 %config(noreplace,missingok) %verify(not md5 mtime size) /etc/env.d/GNOME_SSH_ASKPASS*
886 %dir %{_libexecdir}/ssh
887 %attr(755,root,root) %{_libexecdir}/ssh/ssh-askpass
888 %attr(755,root,root) %{_libexecdir}/ssh-askpass
892 %files -n openldap-schema-openssh-lpk
893 %defattr(644,root,root,755)
894 %{schemadir}/openssh-lpk.schema