2 # - add trigger to enable this:
3 # * sshd(8): This release turns on pre-auth sandboxing sshd by default for
4 # new installs, by setting UsePrivilegeSeparation=sandbox in sshd_config.
7 %bcond_without audit # sshd audit support
8 %bcond_with gnome # with gnome-askpass (GNOME 1.x) utility
9 %bcond_without gtk # without GTK+ (2.x)
10 %bcond_without ldap # with ldap support
11 %bcond_without libedit # without libedit (editline/history support in sftp client)
12 %bcond_without kerberos5 # without kerberos5 support
13 %bcond_without selinux # build without SELinux support
14 %bcond_with hpn # High Performance SSH/SCP - HPN-SSH including Cipher NONE (broken too often)
17 # gtk2-based gnome-askpass means no gnome1-based
18 %{?with_gtk:%undefine with_gnome}
20 %if "%{pld_release}" == "ac"
21 %define pam_ver 0.79.0
23 %define pam_ver 1:1.1.5-5
26 Summary: OpenSSH free Secure Shell (SSH) implementation
27 Summary(de.UTF-8): OpenSSH - freie Implementation der Secure Shell (SSH)
28 Summary(es.UTF-8): Implementación libre de SSH
29 Summary(fr.UTF-8): Implémentation libre du shell sécurisé OpenSSH (SSH)
30 Summary(it.UTF-8): Implementazione gratuita OpenSSH della Secure Shell
31 Summary(pl.UTF-8): Publicznie dostępna implementacja bezpiecznego shella (SSH)
32 Summary(pt.UTF-8): Implementação livre OpenSSH do protocolo 'Secure Shell' (SSH)
33 Summary(pt_BR.UTF-8): Implementação livre do SSH
34 Summary(ru.UTF-8): OpenSSH - свободная реализация протокола Secure Shell (SSH)
35 Summary(uk.UTF-8): OpenSSH - вільна реалізація протоколу Secure Shell (SSH)
41 Group: Applications/Networking
42 Source0: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/%{name}-%{version}.tar.gz
43 # Source0-md5: 3345cbf4efe90ffb06a78670ab2d05d5
44 Source1: http://www.mif.pg.gda.pl/homepages/ankry/man-PLD/%{name}-non-english-man-pages.tar.bz2
45 # Source1-md5: 66943d481cc422512b537bcc2c7400d1
46 Source2: %{name}d.init
47 Source3: %{name}d.pamd
48 Source4: %{name}.sysconfig
50 Source6: ssh-agent.conf
51 Source7: %{name}-lpk.schema
52 Source8: %{name}d.upstart
56 Source12: sshd@.service
57 Patch100: %{name}-heimdal.patch
58 Patch0: %{name}-no_libnsl.patch
59 Patch2: %{name}-pam_misc.patch
60 Patch3: %{name}-sigpipe.patch
61 # http://pkgs.fedoraproject.org/gitweb/?p=openssh.git;a=tree
62 Patch4: %{name}-5.9p1-ldap.patch
63 Patch5: %{name}-5.9p1-ldap-fixes.patch
64 Patch8: ldap.conf.patch
65 Patch6: %{name}-config.patch
66 # https://bugzilla.mindrot.org/show_bug.cgi?id=1663
67 Patch7: authorized-keys-command.patch
68 # High Performance SSH/SCP - HPN-SSH - http://www.psc.edu/networking/projects/hpn-ssh/
69 # http://www.psc.edu/networking/projects/hpn-ssh/openssh-5.2p1-hpn13v6.diff.gz
70 Patch9: %{name}-5.2p1-hpn13v6.diff
71 Patch10: %{name}-include.patch
72 Patch11: %{name}-chroot.patch
73 # http://people.debian.org/~cjwatson/%{name}-blacklist.diff
74 Patch12: %{name}-blacklist.diff
75 Patch13: %{name}-kuserok.patch
76 Patch14: %{name}-bind.patch
77 URL: http://www.openssh.com/portable.html
78 BuildRequires: %{__perl}
79 %{?with_tests:BuildRequires: %{name}-server}
80 %{?with_audit:BuildRequires: audit-libs-devel}
81 BuildRequires: autoconf >= 2.50
82 BuildRequires: automake
83 %{?with_gnome:BuildRequires: gnome-libs-devel}
84 %{?with_gtk:BuildRequires: gtk+2-devel}
85 %{?with_kerberos5:BuildRequires: heimdal-devel >= 0.7}
86 %{?with_libedit:BuildRequires: libedit-devel}
87 %{?with_selinux:BuildRequires: libselinux-devel}
88 BuildRequires: libwrap-devel
89 %{?with_ldap:BuildRequires: openldap-devel}
90 BuildRequires: openssl-devel >= 0.9.7d
91 BuildRequires: pam-devel
92 %{?with_gtk:BuildRequires: pkgconfig}
93 BuildRequires: rpm >= 4.4.9-56
94 BuildRequires: rpmbuild(macros) >= 1.627
95 BuildRequires: sed >= 4.0
96 BuildRequires: zlib-devel
97 %if "%{pld_release}" == "ac"
98 Requires: filesystem >= 2.0-1
99 Requires: pam >= 0.79.0
101 Requires: filesystem >= 3.0-11
102 Requires: pam >= %{pam_ver}
103 Suggests: openssh-blacklist
104 Suggests: xorg-app-xauth
107 BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
109 %define _sysconfdir /etc/ssh
110 %define _libexecdir %{_libdir}/%{name}
111 %define _privsepdir /usr/share/empty
112 %define schemadir /usr/share/openldap/schema
115 Ssh (Secure Shell) a program for logging into a remote machine and for
116 executing commands in a remote machine. It is intended to replace
117 rlogin and rsh, and provide secure encrypted communications between
118 two untrusted hosts over an insecure network. X11 connections and
119 arbitrary TCP/IP ports can also be forwarded over the secure channel.
121 OpenSSH is OpenBSD's rework of the last free version of SSH, bringing
122 it up to date in terms of security and features, as well as removing
123 all patented algorithms to seperate libraries (OpenSSL).
125 This package includes the core files necessary for both the OpenSSH
126 client and server. To make this package useful, you should also
127 install openssh-clients, openssh-server, or both.
130 This release includes High Performance SSH/SCP patches from
131 http://www.psc.edu/networking/projects/hpn-ssh/ which are supposed to
132 increase throughput on fast connections with high RTT (20-150 msec).
133 See the website for '-w' values for your connection and /proc/sys TCP
134 values. BTW. in a LAN you have got generally RTT < 1 msec.
137 %description -l de.UTF-8
138 OpenSSH (Secure Shell) stellt den Zugang zu anderen Rechnern her. Es
139 ersetzt telnet, rlogin, rexec und rsh und stellt eine sichere,
140 verschlüsselte Verbindung zwischen zwei nicht vertrauenswürdigen Hosts
141 über eine unsicheres Netzwerk her. X11 Verbindungen und beliebige
142 andere TCP/IP Ports können ebenso über den sicheren Channel
143 weitergeleitet werden.
145 %description -l es.UTF-8
146 SSH es un programa para accesar y ejecutar órdenes en computadores
147 remotos. Sustituye rlogin y rsh, y suministra un canal de comunicación
148 seguro entre dos servidores en una red insegura. Conexiones X11 y
149 puertas TCP/IP arbitrárias también pueden ser usadas por el canal
152 OpenSSH es el resultado del trabajo del equipo de OpenBSD para
153 continuar la última versión gratuita de SSH, actualizándolo en
154 términos de seguridad y recursos,así también eliminando todos los
155 algoritmos patentados y colocándolos en bibliotecas separadas
158 Este paquete contiene "port" para Linux de OpenSSH. Se debe instalar
159 también el paquete openssh-clients u openssh-server o ambos.
161 %description -l fr.UTF-8
162 OpenSSH (Secure Shell) fournit un accès à un système distant. Il
163 remplace telnet, rlogin, rexec et rsh, tout en assurant des
164 communications cryptées securisées entre deux hôtes non fiabilisés sur
165 un réseau non sécurisé. Des connexions X11 et des ports TCP/IP
166 arbitraires peuvent également être transmis sur le canal sécurisé.
168 %description -l it.UTF-8
169 OpenSSH (Secure Shell) fornisce l'accesso ad un sistema remoto.
170 Sostituisce telnet, rlogin, rexec, e rsh, e fornisce comunicazioni
171 sicure e crittate tra due host non fidati su una rete non sicura. Le
172 connessioni X11 ad una porta TCP/IP arbitraria possono essere
173 inoltrate attraverso un canale sicuro.
175 %description -l pl.UTF-8
176 Ssh (Secure Shell) to program służący do logowania się na zdalną
177 maszynę i uruchamiania na niej aplikacji. W zamierzeniu openssh ma
178 zastąpić rlogin, rsh i dostarczyć bezpieczne, szyfrowane połączenie
179 pomiędzy dwoma hostami.
181 Ten pakiet zawiera podstawowe pliki potrzebne zarówno po stronie
182 klienta jak i serwera OpenSSH. Aby był użyteczny, trzeba zainstalować
183 co najmniej jeden z pakietów: openssh-clients lub openssh-server.
186 Ta wersja zawiera łaty z projektu High Performance SSH/SCP
187 http://www.psc.edu/networking/projects/hpn-ssh/, które mają na celu
188 zwiększenie przepustowości transmisji dla szybkich połączeń z dużym
189 RTT (20-150 msec). Na stronie projektu znaleźć można odpowednie dla
190 danego połączenia wartości parametru '-w' oraz opcje /proc/sys dla
191 TCP. Nawiasem mówiąc w sieciach LAN RTT < 1 msec.
194 %description -l pt.UTF-8
195 OpenSSH (Secure Shell) fornece acesso a um sistema remoto. Substitui o
196 telnet, rlogin, rexec, e o rsh e fornece comunicações seguras e
197 cifradas entre duas máquinas sem confiança mútua sobre uma rede
198 insegura. Ligações X11 e portos TCP/IP arbitrários também poder ser
199 reenviados pelo canal seguro.
201 %description -l pt_BR.UTF-8
202 SSH é um programa para acessar e executar comandos em máquinas
203 remotas. Ele substitui rlogin e rsh, e provem um canal de comunicação
204 seguro entre dois hosts em uma rede insegura. Conexões X11 e portas
205 TCP/IP arbitrárias também podem ser usadas pelo canal seguro.
207 OpenSSH é o resultado do trabalho da equipe do OpenBSD em continuar a
208 última versão gratuita do SSH, atualizando-o em termos de segurança e
209 recursos, assim como removendo todos os algoritmos patenteados e
210 colocando-os em bibliotecas separadas (OpenSSL).
212 Esse pacote contém o "port" pra Linux do OpenSSH. Você deve instalar
213 também ou o pacote openssh-clients, ou o openssh-server, ou ambos.
215 %description -l ru.UTF-8
216 Ssh (Secure Shell) - это программа для "захода" (login) на удаленную
217 машину и для выполнения команд на удаленной машине. Она предназначена
218 для замены rlogin и rsh и обеспечивает безопасную шифрованную
219 коммуникацию между двумя хостами в сети, являющейся небезопасной.
220 Соединения X11 и любые порты TCP/IP могут также быть проведены через
223 OpenSSH - это переделка командой разработчиков OpenBSD последней
224 свободной версии SSH, доведенная до современного состояния в терминах
225 уровня безопасности и поддерживаемых возможностей. Все патентованные
226 алгоритмы вынесены в отдельные библиотеки (OpenSSL).
228 Этот пакет содержит файлы, необходимые как для клиента, так и для
229 сервера OpenSSH. Вам нужно будет установить еще openssh-clients,
230 openssh-server, или оба пакета.
232 %description -l uk.UTF-8
233 Ssh (Secure Shell) - це програма для "заходу" (login) до віддаленої
234 машини та для виконання команд на віддаленій машині. Вона призначена
235 для заміни rlogin та rsh і забезпечує безпечну шифровану комунікацію
236 між двома хостами в мережі, яка не є безпечною. З'єднання X11 та
237 довільні порти TCP/IP можуть також бути проведені через безпечний
240 OpenSSH - це переробка командою розробників OpenBSD останньої вільної
241 версії SSH, доведена до сучасного стану в термінах рівня безпеки та
242 підтримуваних можливостей. Всі патентовані алгоритми винесені до
243 окремих бібліотек (OpenSSL).
245 Цей пакет містить файли, необхідні як для клієнта, так і для сервера
246 OpenSSH. Вам потрібно буде ще встановити openssh-clients,
247 openssh-server, чи обидва пакети.
250 Summary: OpenSSH Secure Shell protocol clients
251 Summary(es.UTF-8): Clientes de OpenSSH
252 Summary(pl.UTF-8): Klienci protokołu Secure Shell
253 Summary(pt_BR.UTF-8): Clientes do OpenSSH
254 Summary(ru.UTF-8): OpenSSH - клиенты протокола Secure Shell
255 Summary(uk.UTF-8): OpenSSH - клієнти протоколу Secure Shell
256 Group: Applications/Networking
258 Provides: ssh-clients
259 Obsoletes: ssh-clients
262 Ssh (Secure Shell) a program for logging into a remote machine and for
263 executing commands in a remote machine. It is intended to replace
264 rlogin and rsh, and provide secure encrypted communications between
265 two untrusted hosts over an insecure network. X11 connections and
266 arbitrary TCP/IP ports can also be forwarded over the secure channel.
268 OpenSSH is OpenBSD's rework of the last free version of SSH, bringing
269 it up to date in terms of security and features, as well as removing
270 all patented algorithms to seperate libraries (OpenSSL).
272 This package includes the clients necessary to make encrypted
273 connections to SSH servers.
275 %description clients -l es.UTF-8
276 Este paquete incluye los clientes que se necesitan para hacer
277 conexiones codificadas con servidores SSH.
279 %description clients -l pl.UTF-8
280 Ssh (Secure Shell) to program służący do logowania się na zdalną
281 maszynę i uruchamiania na niej aplikacji. W zamierzeniu openssh ma
282 zastąpić rlogin, rsh i dostarczyć bezpieczne, szyfrowane połączenie
283 pomiędzy dwoma hostami.
285 Ten pakiet zawiera klientów służących do łączenia się z serwerami SSH.
287 %description clients -l pt_BR.UTF-8
288 Esse pacote inclui os clientes necessários para fazer conexões
289 encriptadas com servidores SSH.
291 %description clients -l ru.UTF-8
292 Ssh (Secure Shell) - это программа для "захода" (login) на удаленную
293 машину и для выполнения команд на удаленной машине.
295 Этот пакет содержит программы-клиенты, необходимые для установления
296 зашифрованных соединений с серверами SSH.
298 %description clients -l uk.UTF-8
299 Ssh (Secure Shell) - це програма для "заходу" (login) до віддаленої
300 машини та для виконання команд на віддаленій машині.
302 Цей пакет містить програми-клієнти, необхідні для встановлення
303 зашифрованих з'єднань з серверами SSH.
305 %package clients-agent-profile_d
306 Summary: OpenSSH Secure Shell agent init script
307 Summary(pl.UTF-8): Skrypt startowy agenta OpenSSH
308 Group: Applications/Networking
309 Requires: %{name}-clients = %{epoch}:%{version}-%{release}
311 %description clients-agent-profile_d
312 profile.d scripts for starting SSH agent.
314 %description clients-agent-profile_d -l pl.UTF-8
315 Skrypty profile.d do uruchamiania agenta SSH.
317 %package clients-agent-xinitrc
318 Summary: OpenSSH Secure Shell agent init script
319 Summary(pl.UTF-8): Skrypt inicjujący agenta ssh przez xinitrc
320 Group: Applications/Networking
321 Requires: %{name}-clients-agent-profile_d = %{epoch}:%{version}-%{release}
324 %description clients-agent-xinitrc
325 xinitrc scripts for starting SSH agent.
327 %description clients-agent-xinitrc -l pl.UTF-8
328 Skrypty xinitrc do uruchamiania agenta SSH.
331 Summary: OpenSSH Secure Shell protocol server (sshd)
332 Summary(de.UTF-8): OpenSSH Secure Shell Protocol-Server (sshd)
333 Summary(es.UTF-8): Servidor OpenSSH para comunicaciones codificadas
334 Summary(fr.UTF-8): Serveur de protocole du shell sécurisé OpenSSH (sshd)
335 Summary(it.UTF-8): Server OpenSSH per il protocollo Secure Shell (sshd)
336 Summary(pl.UTF-8): Serwer protokołu Secure Shell (sshd)
337 Summary(pt.UTF-8): Servidor do protocolo 'Secure Shell' OpenSSH (sshd)
338 Summary(pt_BR.UTF-8): Servidor OpenSSH para comunicações encriptadas
339 Summary(ru.UTF-8): OpenSSH - сервер протокола Secure Shell (sshd)
340 Summary(uk.UTF-8): OpenSSH - сервер протоколу Secure Shell (sshd)
341 Group: Networking/Daemons
342 Requires(post): /sbin/chkconfig
344 Requires(post,preun): /sbin/chkconfig
345 Requires(postun): /usr/sbin/userdel
346 Requires(pre): /bin/id
347 Requires(pre): /usr/sbin/useradd
348 Requires(post,preun,postun): systemd-units >= 38
349 Requires: %{name} = %{epoch}:%{version}-%{release}
350 # remove in 6.0, kept for flawless upgrade
351 Requires: %{name}-server-ldap = %{epoch}:%{version}-%{release}
352 Requires: pam >= %{pam_ver}
353 Requires: rc-scripts >= 0.4.3.0
354 Requires: systemd-units >= 38
361 Ssh (Secure Shell) a program for logging into a remote machine and for
362 executing commands in a remote machine. It is intended to replace
363 rlogin and rsh, and provide secure encrypted communications between
364 two untrusted hosts over an insecure network. X11 connections and
365 arbitrary TCP/IP ports can also be forwarded over the secure channel.
367 OpenSSH is OpenBSD's rework of the last free version of SSH, bringing
368 it up to date in terms of security and features, as well as removing
369 all patented algorithms to seperate libraries (OpenSSL).
371 This package contains the secure shell daemon. The sshd is the server
372 part of the secure shell protocol and allows ssh clients to connect to
375 %description server -l de.UTF-8
376 Dieses Paket installiert den sshd, den Server-Teil der OpenSSH.
378 %description server -l es.UTF-8
379 Este paquete contiene el servidor SSH. sshd es la parte servidor del
380 protocolo secure shell y permite que clientes ssh se conecten a su
383 %description server -l fr.UTF-8
384 Ce paquetage installe le 'sshd', partie serveur de OpenSSH.
386 %description server -l it.UTF-8
387 Questo pacchetto installa sshd, il server di OpenSSH.
389 %description server -l pl.UTF-8
390 Ssh (Secure Shell) to program służący do logowania się na zdalną
391 maszynę i uruchamiania na niej aplikacji. W zamierzeniu openssh ma
392 zastąpić rlogin, rsh i dostarczyć bezpieczne, szyfrowane połączenie
393 pomiędzy dwoma hostami.
395 Ten pakiet zawiera serwer sshd (do którego mogą łączyć się klienci
398 %description server -l pt.UTF-8
399 Este pacote intala o sshd, o servidor do OpenSSH.
401 %description server -l pt_BR.UTF-8
402 Esse pacote contém o servidor SSH. O sshd é a parte servidor do
403 protocolo secure shell e permite que clientes ssh se conectem ao seu
406 %description server -l ru.UTF-8
407 Ssh (Secure Shell) - это программа для "захода" (login) на удаленную
408 машину и для выполнения команд на удаленной машине.
410 Этот пакет содержит sshd - "демон" Secure Shell. sshd - это серверная
411 часть протокола Secure Shell, позволяющая клиентам ssh соединяться с
414 %description server -l uk.UTF-8
415 Ssh (Secure Shell) - це програма для "заходу" (login) до віддаленої
416 машини та для виконання команд на віддаленій машині.
418 Цей пакет містить sshd - "демон" Secure Shell. sshd - це серверна
419 частина протоколу Secure Shell, яка дозволяє клієнтам ssh зв'язуватись
423 Summary: A LDAP support for open source SSH server daemon
424 Summary(pl.UTF-8): Wsparcie LDAP dla serwera OpenSSH
426 Requires: %{name} = %{epoch}:%{version}-%{release}
428 %description server-ldap
429 OpenSSH LDAP backend is a way how to distribute the authorized tokens
430 among the servers in the network.
432 %description server-ldap -l pl.UTF-8
433 Backend LDAP dla OpenSSH to metoda rozprowadzania autoryzowanych
434 tokenów między serwerami w sieci.
436 %package server-upstart
437 Summary: Upstart job description for OpenSSH server
438 Summary(pl.UTF-8): Opis zadania Upstart dla serwera OpenSSH
440 Requires: %{name}-server = %{epoch}:%{version}-%{release}
441 Requires: upstart >= 0.6
442 Conflicts: syslog-ng < 3.2.4-1
444 %description server-upstart
445 Upstart job description for OpenSSH.
447 %description server-upstart -l pl.UTF-8
448 Opis zadania Upstart dla OpenSSH.
450 %package gnome-askpass
451 Summary: OpenSSH GNOME passphrase dialog
452 Summary(de.UTF-8): OpenSSH GNOME Passwort-Dialog
453 Summary(es.UTF-8): Diálogo para introducción de passphrase para GNOME
454 Summary(fr.UTF-8): Dialogue pass-phrase GNOME d'OpenSSH
455 Summary(it.UTF-8): Finestra di dialogo GNOME per la frase segreta di OpenSSH
456 Summary(pl.UTF-8): Odpytywacz hasła OpenSSH dla GNOME
457 Summary(pt.UTF-8): Diálogo de pedido de senha para GNOME do OpenSSH
458 Summary(pt_BR.UTF-8): Diálogo para entrada de passphrase para GNOME
459 Summary(ru.UTF-8): OpenSSH - диалог ввода ключевой фразы (passphrase) для GNOME
460 Summary(uk.UTF-8): OpenSSH - діалог вводу ключової фрази (passphrase) для GNOME
461 Group: Applications/Networking
462 Requires: %{name} = %{epoch}:%{version}-%{release}
463 Obsoletes: openssh-askpass
464 Obsoletes: ssh-askpass
465 Obsoletes: ssh-extras
467 %description gnome-askpass
468 Ssh (Secure Shell) a program for logging into a remote machine and for
469 executing commands in a remote machine. It is intended to replace
470 rlogin and rsh, and provide secure encrypted communications between
471 two untrusted hosts over an insecure network. X11 connections and
472 arbitrary TCP/IP ports can also be forwarded over the secure channel.
474 OpenSSH is OpenBSD's rework of the last free version of SSH, bringing
475 it up to date in terms of security and features, as well as removing
476 all patented algorithms to seperate libraries (OpenSSL).
478 This package contains the GNOME passphrase dialog.
480 %description gnome-askpass -l es.UTF-8
481 Este paquete contiene un programa que abre una caja de diálogo para
482 entrada de passphrase en GNOME.
484 %description gnome-askpass -l pl.UTF-8
485 Ssh (Secure Shell) to program służący do logowania się na zdalną
486 maszynę i uruchamiania na niej aplikacji. W zamierzeniu openssh ma
487 zastąpić rlogin, rsh i dostarczyć bezpieczne, szyfrowane połączenie
488 pomiędzy dwoma hostami.
490 Ten pakiet zawiera ,,odpytywacz hasła'' dla GNOME.
492 %description gnome-askpass -l pt_BR.UTF-8
493 Esse pacote contém um programa que abre uma caixa de diálogo para
494 entrada de passphrase no GNOME.
496 %description gnome-askpass -l ru.UTF-8
497 Ssh (Secure Shell) - это программа для "захода" (login) на удаленную
498 машину и для выполнения команд на удаленной машине.
500 Этот пакет содержит диалог ввода ключевой фразы для использования под
503 %description gnome-askpass -l uk.UTF-8
504 Ssh (Secure Shell) - це програма для "заходу" (login) до віддаленої
505 машини та для виконання команд на віддаленій машині.
507 Цей пакет містить діалог вводу ключової фрази для використання під
510 %package -n openldap-schema-openssh-lpk
511 Summary: OpenSSH LDAP Public Key schema
512 Summary(pl.UTF-8): Schemat klucza publicznego LDAP dla OpenSSH
513 Group: Networking/Daemons
514 Requires(post,postun): sed >= 4.0
515 Requires: openldap-servers
517 %description -n openldap-schema-openssh-lpk
518 This package contains OpenSSH LDAP Public Key schema for openldap.
520 %description -n openldap-schema-openssh-lpk -l pl.UTF-8
521 Ten pakiet zawiera schemat klucza publicznego LDAP dla OpenSSH dla
526 %{?with_kerberos5:%patch100 -p1}
535 %{?with_hpn:%patch9 -p1}
542 %if "%{pld_release}" == "ac"
543 # fix for missing x11.pc
544 %{__sed} -i -e '/pkg-config/s/ x11//' contrib/Makefile
547 # hack since arc4random from openbsd-compat needs symbols from libssh and vice versa
548 sed -i -e 's#-lssh -lopenbsd-compat#-lssh -lopenbsd-compat -lssh#g' Makefile*
550 grep -rl /usr/libexec/openssh/ssh-ldap-helper . | xargs \
551 %{__sed} -i -e 's,/usr/libexec/openssh/ssh-ldap-helper,%{_libexecdir}/ssh-ldap-helper,'
554 cp /usr/share/automake/config.sub .
565 %{?with_audit:--with-audit=linux} \
566 --with-ipaddr-display \
567 %{?with_kerberos5:--with-kerberos5=/usr} \
568 --with-ldap%{!?with_ldap:=no} \
569 %{?with_libedit:--with-libedit} \
571 --with-md5-passwords \
573 --with-authorized-keys-command \
574 --with-pid-dir=%{_localstatedir}/run \
575 --with-privsep-path=%{_privsepdir} \
576 %{?with_selinux:--with-selinux} \
577 --with-tcp-wrappers \
578 %if "%{pld_release}" == "ac"
579 --with-xauth=/usr/X11R6/bin/xauth
581 --with-xauth=%{_bindir}/xauth
584 echo '#define LOGIN_PROGRAM "/bin/login"' >>config.h
588 %{?with_tests:%{__make} tests}
592 %{__make} gnome-ssh-askpass1 \
593 CC="%{__cc} %{rpmldflags} %{rpmcflags}"
596 %{__make} gnome-ssh-askpass2 \
597 CC="%{__cc} %{rpmldflags} %{rpmcflags}"
601 rm -rf $RPM_BUILD_ROOT
602 install -d $RPM_BUILD_ROOT{%{_sysconfdir},/etc/{init,pam.d,rc.d/init.d,sysconfig,security,env.d}} \
603 $RPM_BUILD_ROOT{%{_libexecdir}/ssh,%{schemadir},%{systemdunitdir}}
604 install -d $RPM_BUILD_ROOT/etc/{profile.d,X11/xinit/xinitrc.d}
607 DESTDIR=$RPM_BUILD_ROOT
609 bzip2 -dc %{SOURCE1} | tar xf - -C $RPM_BUILD_ROOT%{_mandir}
611 cp -p %{SOURCE3} sshd.pam
612 install -p %{SOURCE2} sshd.init
614 %if "%{pld_release}" == "ac"
615 # not present in ac, no point searching it
616 %{__sed} -i -e '/pam_keyinit.so/d' sshd.pam
617 # openssl on ac does not have OPENSSL_HAS_ECC
618 %{__sed} -i -e '/ecdsa/d' sshd.init
621 install -p sshd.init $RPM_BUILD_ROOT/etc/rc.d/init.d/sshd
622 cp -p sshd.pam $RPM_BUILD_ROOT/etc/pam.d/sshd
623 cp -p %{SOURCE4} $RPM_BUILD_ROOT/etc/sysconfig/sshd
624 cp -p %{SOURCE5} $RPM_BUILD_ROOT/etc/profile.d
625 ln -sf /etc/profile.d/ssh-agent.sh $RPM_BUILD_ROOT/etc/X11/xinit/xinitrc.d/ssh-agent.sh
626 cp -p %{SOURCE6} $RPM_BUILD_ROOT%{_sysconfdir}
627 cp -p %{SOURCE7} $RPM_BUILD_ROOT%{schemadir}
628 cp -p %{SOURCE8} $RPM_BUILD_ROOT/etc/init/sshd.conf
630 %{__sed} -e 's|@@LIBEXECDIR@@|%{_libexecdir}|g' %{SOURCE9} >$RPM_BUILD_ROOT%{systemdunitdir}/sshd.service
631 cp -p %{SOURCE10} $RPM_BUILD_ROOT%{_libexecdir}/sshd-keygen
633 cp -p %{SOURCE11} $RPM_BUILD_ROOT%{systemdunitdir}
634 cp -p %{SOURCE12} $RPM_BUILD_ROOT%{systemdunitdir}
637 install -p contrib/gnome-ssh-askpass1 $RPM_BUILD_ROOT%{_libexecdir}/ssh/ssh-askpass
640 install -p contrib/gnome-ssh-askpass2 $RPM_BUILD_ROOT%{_libexecdir}/ssh/ssh-askpass
642 %if %{with gnome} || %{with gtk}
643 cat << 'EOF' >$RPM_BUILD_ROOT/etc/env.d/GNOME_SSH_ASKPASS_GRAB_SERVER
644 #GNOME_SSH_ASKPASS_GRAB_SERVER="true"
646 cat << 'EOF' >$RPM_BUILD_ROOT/etc/env.d/GNOME_SSH_ASKPASS_GRAB_POINTER
647 #GNOME_SSH_ASKPASS_GRAB_POINTER="true"
649 ln -s %{_libexecdir}/ssh/ssh-askpass $RPM_BUILD_ROOT%{_libexecdir}/ssh-askpass
652 install -p contrib/ssh-copy-id $RPM_BUILD_ROOT%{_bindir}
653 cp -p contrib/ssh-copy-id.1 $RPM_BUILD_ROOT%{_mandir}/man1
655 %{__rm} $RPM_BUILD_ROOT%{_mandir}/man1/slogin.1
656 echo ".so ssh.1" > $RPM_BUILD_ROOT%{_mandir}/man1/slogin.1
658 touch $RPM_BUILD_ROOT/etc/security/blacklist.sshd
660 cat << 'EOF' > $RPM_BUILD_ROOT/etc/env.d/SSH_ASKPASS
661 #SSH_ASKPASS="%{_libexecdir}/ssh-askpass"
664 %{__rm} $RPM_BUILD_ROOT%{_mandir}/README.openssh-non-english-man-pages
665 %{__rm} $RPM_BUILD_ROOT%{_sysconfdir}/ldap.conf
668 rm -rf $RPM_BUILD_ROOT
679 %postun gnome-askpass
683 %useradd -P %{name}-server -u 40 -d %{_privsepdir} -s /bin/false -c "OpenSSH PrivSep User" -g nobody sshd
686 /sbin/chkconfig --add sshd
687 %service sshd reload "OpenSSH Daemon"
688 if ! grep -qs ssh /etc/security/passwd.conf ; then
690 echo "ssh" >> /etc/security/passwd.conf
693 %systemd_post sshd.service
696 if [ "$1" = "0" ]; then
698 /sbin/chkconfig --del sshd
700 %systemd_preun sshd.service
703 if [ "$1" = "0" ]; then
708 %triggerpostun server -- %{name}-server < 2:5.9p1-8
709 # lpk.patch to ldap.patch
710 if grep -qE '^(UseLPK|Lpk)' %{_sysconfdir}/sshd_config; then
711 echo >&2 "Migrating LPK patch to LDAP patch"
712 cp -f %{_sysconfdir}/sshd_config{,.rpmorig}
714 # disable old configs
715 # just UseLPK/LkpLdapConf supported for now
716 s/^\s*UseLPK/## Obsolete &/
717 s/^\s*Lpk/## Obsolete &/
718 # Enable new ones, assumes /etc/ldap.conf defaults, see HOWTO.ldap-keys
719 /UseLPK/iAuthorizedKeysCommand %{_libexecdir}/ssh-ldap-wrapper
720 ' %{_sysconfdir}/sshd_config
721 if [ ! -x /bin/systemd_booted ] || ! /bin/systemd_booted; then
722 /bin/systemctl try-restart sshd.service || :
724 %service -q sshd reload
727 %systemd_trigger sshd.service
728 if [ -x /bin/systemd_booted ] && /bin/systemd_booted; then
729 %banner %{name}-server -e << EOF
730 !!!!!!!!!!!!!!!!!!!!!!! WARNING !!!!!!!!!!!!!!!!!!!!!!!!!
731 ! Native systemd support for sshd has been installed. !
732 ! Restarting sshd.service with systemctl WILL kill all !
733 ! active ssh sessions (daemon as such will be started). !
734 !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
741 %postun server-upstart
744 %post -n openldap-schema-openssh-lpk
745 %openldap_schema_register %{schemadir}/openssh-lpk.schema
746 %service -q ldap restart
748 %postun -n openldap-schema-openssh-lpk
749 if [ "$1" = "0" ]; then
750 %openldap_schema_unregister %{schemadir}/openssh-lpk.schema
751 %service -q ldap restart
755 %defattr(644,root,root,755)
756 %doc TODO README OVERVIEW CREDITS Change*
757 %attr(755,root,root) %{_bindir}/ssh-key*
758 %attr(755,root,root) %{_bindir}/ssh-vulnkey*
759 %{_mandir}/man1/ssh-key*.1*
760 %{_mandir}/man1/ssh-vulnkey*.1*
765 %defattr(644,root,root,755)
766 %attr(755,root,root) %{_bindir}/ssh
767 %attr(755,root,root) %{_bindir}/slogin
768 %attr(755,root,root) %{_bindir}/sftp
769 %attr(755,root,root) %{_bindir}/ssh-agent
770 %attr(755,root,root) %{_bindir}/ssh-add
771 %attr(755,root,root) %{_bindir}/ssh-copy-id
772 %attr(755,root,root) %{_bindir}/scp
773 %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/ssh_config
774 %config(noreplace,missingok) %verify(not md5 mtime size) /etc/env.d/SSH_ASKPASS
775 %{_mandir}/man1/scp.1*
776 %{_mandir}/man1/ssh.1*
777 %{_mandir}/man1/slogin.1*
778 %{_mandir}/man1/sftp.1*
779 %{_mandir}/man1/ssh-agent.1*
780 %{_mandir}/man1/ssh-add.1*
781 %{_mandir}/man1/ssh-copy-id.1*
782 %{_mandir}/man5/ssh_config.5*
783 %lang(it) %{_mandir}/it/man1/ssh.1*
784 %lang(it) %{_mandir}/it/man5/ssh_config.5*
785 %lang(pl) %{_mandir}/pl/man1/scp.1*
786 %lang(zh_CN) %{_mandir}/zh_CN/man1/scp.1*
788 # for host-based auth (suid required for accessing private host key)
789 #%attr(4755,root,root) %{_libexecdir}/ssh-keysign
790 #%{_mandir}/man8/ssh-keysign.8*
792 %files clients-agent-profile_d
793 %defattr(644,root,root,755)
794 %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/ssh-agent.conf
795 %attr(755,root,root) /etc/profile.d/ssh-agent.sh
797 %files clients-agent-xinitrc
798 %defattr(644,root,root,755)
799 %attr(755,root,root) /etc/X11/xinit/xinitrc.d/ssh-agent.sh
802 %defattr(644,root,root,755)
803 %attr(755,root,root) %{_sbindir}/sshd
804 %attr(755,root,root) %{_libexecdir}/sftp-server
805 %attr(755,root,root) %{_libexecdir}/ssh-keysign
806 %attr(755,root,root) %{_libexecdir}/ssh-pkcs11-helper
807 %attr(755,root,root) %{_libexecdir}/sshd-keygen
808 %{_mandir}/man8/sshd.8*
809 %{_mandir}/man8/sftp-server.8*
810 %{_mandir}/man8/ssh-keysign.8*
811 %{_mandir}/man8/ssh-pkcs11-helper.8*
812 %{_mandir}/man5/sshd_config.5*
813 %{_mandir}/man5/moduli.5*
814 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/sshd_config
815 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/pam.d/sshd
816 %attr(640,root,root) %{_sysconfdir}/moduli
817 %attr(754,root,root) /etc/rc.d/init.d/sshd
818 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/sysconfig/sshd
819 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/security/blacklist.sshd
820 %{systemdunitdir}/sshd.service
821 %{systemdunitdir}/sshd.socket
822 %{systemdunitdir}/sshd@.service
826 %defattr(644,root,root,755)
827 %doc HOWTO.ldap-keys ldap.conf
828 %attr(755,root,root) %{_libexecdir}/ssh-ldap-helper
829 %attr(755,root,root) %{_libexecdir}/ssh-ldap-wrapper
830 %{_mandir}/man5/ssh-ldap.conf.5*
831 %{_mandir}/man8/ssh-ldap-helper.8*
834 %if %{with gnome} || %{with gtk}
836 %defattr(644,root,root,755)
837 %config(noreplace,missingok) %verify(not md5 mtime size) /etc/env.d/GNOME_SSH_ASKPASS*
838 %dir %{_libexecdir}/ssh
839 %attr(755,root,root) %{_libexecdir}/ssh/ssh-askpass
840 %attr(755,root,root) %{_libexecdir}/ssh-askpass
844 %files -n openldap-schema-openssh-lpk
845 %defattr(644,root,root,755)
846 %{schemadir}/openssh-lpk.schema
849 %if "%{pld_release}" != "ti"
850 %files server-upstart
851 %defattr(644,root,root,755)
852 %config(noreplace) %verify(not md5 mtime size) /etc/init/sshd.conf