2 # - add trigger to enable this:
3 # * sshd(8): This release turns on pre-auth sandboxing sshd by default for
4 # new installs, by setting UsePrivilegeSeparation=sandbox in sshd_config.
7 %bcond_without audit # sshd audit support
8 %bcond_with gnome # gnome-askpass (GNOME 1.x) utility
9 %bcond_without gtk # gnome-askpass (GTK+ 2.x) utility
10 %bcond_without ldap # LDAP support
11 %bcond_with ldns # DNSSEC support via libldns
12 %bcond_without libedit # libedit (editline/history support in sftp client)
13 %bcond_without kerberos5 # Kerberos5 support
14 %bcond_without selinux # SELinux support
15 %bcond_without libseccomp # use libseccomp for seccomp privsep (requires 3.5 kernel)
16 %bcond_with hpn # High Performance SSH/SCP - HPN-SSH including Cipher NONE (broken too often)
17 %bcond_without tests # test suite
19 # gtk2-based gnome-askpass means no gnome1-based
20 %{?with_gtk:%undefine with_gnome}
23 # libseccomp requires 3.5 kernel, avoid such requirement where possible (non-x32 arches)
24 %undefine with_libseccomp
27 %define sandbox %{?with_libseccomp:lib}seccomp_filter
30 %{!?with_libseccomp:%error openssh seccomp implementation is broken! do not disable libseccomp on x32}
33 %if "%{pld_release}" == "ac"
34 %define pam_ver 0.79.0
36 %define pam_ver 1:1.1.8-5
38 Summary: OpenSSH free Secure Shell (SSH) implementation
39 Summary(de.UTF-8): OpenSSH - freie Implementation der Secure Shell (SSH)
40 Summary(es.UTF-8): Implementación libre de SSH
41 Summary(fr.UTF-8): Implémentation libre du shell sécurisé OpenSSH (SSH)
42 Summary(it.UTF-8): Implementazione gratuita OpenSSH della Secure Shell
43 Summary(pl.UTF-8): Publicznie dostępna implementacja bezpiecznego shella (SSH)
44 Summary(pt.UTF-8): Implementação livre OpenSSH do protocolo 'Secure Shell' (SSH)
45 Summary(pt_BR.UTF-8): Implementação livre do SSH
46 Summary(ru.UTF-8): OpenSSH - свободная реализация протокола Secure Shell (SSH)
47 Summary(uk.UTF-8): OpenSSH - вільна реалізація протоколу Secure Shell (SSH)
53 Group: Applications/Networking
54 Source0: http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/%{name}-%{version}.tar.gz
55 # Source0-md5: 68ba883aff6958297432e5877e9a0fe2
56 Source1: http://www.mif.pg.gda.pl/homepages/ankry/man-PLD/%{name}-non-english-man-pages.tar.bz2
57 # Source1-md5: 66943d481cc422512b537bcc2c7400d1
58 Source2: %{name}d.init
59 Source3: %{name}d.pamd
60 Source4: %{name}.sysconfig
62 Source6: ssh-agent.conf
63 Source7: %{name}-lpk.schema
67 Source12: sshd@.service
69 Patch1: %{name}-tests-reuseport.patch
70 Patch2: %{name}-pam_misc.patch
71 Patch3: %{name}-sigpipe.patch
72 # http://pkgs.fedoraproject.org/gitweb/?p=openssh.git;a=tree
73 Patch4: %{name}-ldap.patch
74 Patch5: %{name}-ldap-fixes.patch
75 Patch6: ldap.conf.patch
76 Patch7: %{name}-config.patch
77 Patch8: ldap-helper-sigpipe.patch
78 # High Performance SSH/SCP - HPN-SSH - http://www.psc.edu/networking/projects/hpn-ssh/
79 # http://www.psc.edu/networking/projects/hpn-ssh/openssh-5.2p1-hpn13v6.diff.gz
80 Patch9: %{name}-5.2p1-hpn13v6.diff
81 Patch10: %{name}-include.patch
82 Patch11: %{name}-chroot.patch
83 Patch14: %{name}-bind.patch
84 Patch15: %{name}-disable_ldap.patch
85 Patch16: libseccomp-sandbox.patch
86 URL: http://www.openssh.com/portable.html
87 BuildRequires: %{__perl}
88 %{?with_audit:BuildRequires: audit-libs-devel}
89 BuildRequires: autoconf >= 2.50
90 BuildRequires: automake
91 %{?with_gnome:BuildRequires: gnome-libs-devel}
92 %{?with_gtk:BuildRequires: gtk+2-devel}
93 %{?with_kerberos5:BuildRequires: heimdal-devel >= 0.7}
94 %{?with_ldns:BuildRequires: ldns-devel}
95 %{?with_libedit:BuildRequires: libedit-devel}
96 BuildRequires: libseccomp-devel
97 %{?with_selinux:BuildRequires: libselinux-devel}
98 %{?with_ldap:BuildRequires: openldap-devel}
99 BuildRequires: openssl-devel >= 1.0.1
100 BuildRequires: pam-devel
101 %{?with_gtk:BuildRequires: pkgconfig}
102 BuildRequires: rpm >= 4.4.9-56
103 BuildRequires: rpmbuild(macros) >= 1.627
104 BuildRequires: sed >= 4.0
105 BuildRequires: zlib-devel >= 1.2.3
106 %if %{with tests} && 0%(id -u sshd >/dev/null 2>&1; echo $?)
107 BuildRequires: %{name}-server
109 %if %{with tests} && %{with libseccomp}
110 # libseccomp based sandbox requires NO_NEW_PRIVS prctl flag
111 BuildRequires: uname(release) >= 3.5
113 Requires: zlib >= 1.2.3
114 %if "%{pld_release}" == "ac"
115 Requires: filesystem >= 2.0-1
116 Requires: pam >= 0.79.0
118 Requires: filesystem >= 3.0-11
119 Requires: pam >= %{pam_ver}
120 Suggests: xorg-app-xauth
123 BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
125 %define _sysconfdir /etc/ssh
126 %define _libexecdir %{_libdir}/%{name}
127 %define _privsepdir /usr/share/empty
128 %define schemadir /usr/share/openldap/schema
131 Ssh (Secure Shell) a program for logging into a remote machine and for
132 executing commands in a remote machine. It is intended to replace
133 rlogin and rsh, and provide secure encrypted communications between
134 two untrusted hosts over an insecure network. X11 connections and
135 arbitrary TCP/IP ports can also be forwarded over the secure channel.
137 OpenSSH is OpenBSD's rework of the last free version of SSH, bringing
138 it up to date in terms of security and features, as well as removing
139 all patented algorithms to seperate libraries (OpenSSL).
141 This package includes the core files necessary for both the OpenSSH
142 client and server. To make this package useful, you should also
143 install openssh-clients, openssh-server, or both.
146 This release includes High Performance SSH/SCP patches from
147 http://www.psc.edu/networking/projects/hpn-ssh/ which are supposed to
148 increase throughput on fast connections with high RTT (20-150 msec).
149 See the website for '-w' values for your connection and /proc/sys TCP
150 values. BTW. in a LAN you have got generally RTT < 1 msec.
153 %description -l de.UTF-8
154 OpenSSH (Secure Shell) stellt den Zugang zu anderen Rechnern her. Es
155 ersetzt telnet, rlogin, rexec und rsh und stellt eine sichere,
156 verschlüsselte Verbindung zwischen zwei nicht vertrauenswürdigen Hosts
157 über eine unsicheres Netzwerk her. X11 Verbindungen und beliebige
158 andere TCP/IP Ports können ebenso über den sicheren Channel
159 weitergeleitet werden.
161 %description -l es.UTF-8
162 SSH es un programa para accesar y ejecutar órdenes en computadores
163 remotos. Sustituye rlogin y rsh, y suministra un canal de comunicación
164 seguro entre dos servidores en una red insegura. Conexiones X11 y
165 puertas TCP/IP arbitrárias también pueden ser usadas por el canal
168 OpenSSH es el resultado del trabajo del equipo de OpenBSD para
169 continuar la última versión gratuita de SSH, actualizándolo en
170 términos de seguridad y recursos,así también eliminando todos los
171 algoritmos patentados y colocándolos en bibliotecas separadas
174 Este paquete contiene "port" para Linux de OpenSSH. Se debe instalar
175 también el paquete openssh-clients u openssh-server o ambos.
177 %description -l fr.UTF-8
178 OpenSSH (Secure Shell) fournit un accès à un système distant. Il
179 remplace telnet, rlogin, rexec et rsh, tout en assurant des
180 communications cryptées securisées entre deux hôtes non fiabilisés sur
181 un réseau non sécurisé. Des connexions X11 et des ports TCP/IP
182 arbitraires peuvent également être transmis sur le canal sécurisé.
184 %description -l it.UTF-8
185 OpenSSH (Secure Shell) fornisce l'accesso ad un sistema remoto.
186 Sostituisce telnet, rlogin, rexec, e rsh, e fornisce comunicazioni
187 sicure e crittate tra due host non fidati su una rete non sicura. Le
188 connessioni X11 ad una porta TCP/IP arbitraria possono essere
189 inoltrate attraverso un canale sicuro.
191 %description -l pl.UTF-8
192 Ssh (Secure Shell) to program służący do logowania się na zdalną
193 maszynę i uruchamiania na niej aplikacji. W zamierzeniu openssh ma
194 zastąpić rlogin, rsh i dostarczyć bezpieczne, szyfrowane połączenie
195 pomiędzy dwoma hostami.
197 Ten pakiet zawiera podstawowe pliki potrzebne zarówno po stronie
198 klienta jak i serwera OpenSSH. Aby był użyteczny, trzeba zainstalować
199 co najmniej jeden z pakietów: openssh-clients lub openssh-server.
202 Ta wersja zawiera łaty z projektu High Performance SSH/SCP
203 http://www.psc.edu/networking/projects/hpn-ssh/, które mają na celu
204 zwiększenie przepustowości transmisji dla szybkich połączeń z dużym
205 RTT (20-150 msec). Na stronie projektu znaleźć można odpowednie dla
206 danego połączenia wartości parametru '-w' oraz opcje /proc/sys dla
207 TCP. Nawiasem mówiąc w sieciach LAN RTT < 1 msec.
210 %description -l pt.UTF-8
211 OpenSSH (Secure Shell) fornece acesso a um sistema remoto. Substitui o
212 telnet, rlogin, rexec, e o rsh e fornece comunicações seguras e
213 cifradas entre duas máquinas sem confiança mútua sobre uma rede
214 insegura. Ligações X11 e portos TCP/IP arbitrários também poder ser
215 reenviados pelo canal seguro.
217 %description -l pt_BR.UTF-8
218 SSH é um programa para acessar e executar comandos em máquinas
219 remotas. Ele substitui rlogin e rsh, e provem um canal de comunicação
220 seguro entre dois hosts em uma rede insegura. Conexões X11 e portas
221 TCP/IP arbitrárias também podem ser usadas pelo canal seguro.
223 OpenSSH é o resultado do trabalho da equipe do OpenBSD em continuar a
224 última versão gratuita do SSH, atualizando-o em termos de segurança e
225 recursos, assim como removendo todos os algoritmos patenteados e
226 colocando-os em bibliotecas separadas (OpenSSL).
228 Esse pacote contém o "port" pra Linux do OpenSSH. Você deve instalar
229 também ou o pacote openssh-clients, ou o openssh-server, ou ambos.
231 %description -l ru.UTF-8
232 Ssh (Secure Shell) - это программа для "захода" (login) на удаленную
233 машину и для выполнения команд на удаленной машине. Она предназначена
234 для замены rlogin и rsh и обеспечивает безопасную шифрованную
235 коммуникацию между двумя хостами в сети, являющейся небезопасной.
236 Соединения X11 и любые порты TCP/IP могут также быть проведены через
239 OpenSSH - это переделка командой разработчиков OpenBSD последней
240 свободной версии SSH, доведенная до современного состояния в терминах
241 уровня безопасности и поддерживаемых возможностей. Все патентованные
242 алгоритмы вынесены в отдельные библиотеки (OpenSSL).
244 Этот пакет содержит файлы, необходимые как для клиента, так и для
245 сервера OpenSSH. Вам нужно будет установить еще openssh-clients,
246 openssh-server, или оба пакета.
248 %description -l uk.UTF-8
249 Ssh (Secure Shell) - це програма для "заходу" (login) до віддаленої
250 машини та для виконання команд на віддаленій машині. Вона призначена
251 для заміни rlogin та rsh і забезпечує безпечну шифровану комунікацію
252 між двома хостами в мережі, яка не є безпечною. З'єднання X11 та
253 довільні порти TCP/IP можуть також бути проведені через безпечний
256 OpenSSH - це переробка командою розробників OpenBSD останньої вільної
257 версії SSH, доведена до сучасного стану в термінах рівня безпеки та
258 підтримуваних можливостей. Всі патентовані алгоритми винесені до
259 окремих бібліотек (OpenSSL).
261 Цей пакет містить файли, необхідні як для клієнта, так і для сервера
262 OpenSSH. Вам потрібно буде ще встановити openssh-clients,
263 openssh-server, чи обидва пакети.
266 Summary: OpenSSH Secure Shell protocol clients
267 Summary(es.UTF-8): Clientes de OpenSSH
268 Summary(pl.UTF-8): Klienci protokołu Secure Shell
269 Summary(pt_BR.UTF-8): Clientes do OpenSSH
270 Summary(ru.UTF-8): OpenSSH - клиенты протокола Secure Shell
271 Summary(uk.UTF-8): OpenSSH - клієнти протоколу Secure Shell
272 Group: Applications/Networking
274 Provides: ssh-clients
275 Obsoletes: ssh-clients
276 %requires_eq_to openssl openssl-devel
279 Ssh (Secure Shell) a program for logging into a remote machine and for
280 executing commands in a remote machine. It is intended to replace
281 rlogin and rsh, and provide secure encrypted communications between
282 two untrusted hosts over an insecure network. X11 connections and
283 arbitrary TCP/IP ports can also be forwarded over the secure channel.
285 OpenSSH is OpenBSD's rework of the last free version of SSH, bringing
286 it up to date in terms of security and features, as well as removing
287 all patented algorithms to seperate libraries (OpenSSL).
289 This package includes the clients necessary to make encrypted
290 connections to SSH servers.
292 %description clients -l es.UTF-8
293 Este paquete incluye los clientes que se necesitan para hacer
294 conexiones codificadas con servidores SSH.
296 %description clients -l pl.UTF-8
297 Ssh (Secure Shell) to program służący do logowania się na zdalną
298 maszynę i uruchamiania na niej aplikacji. W zamierzeniu openssh ma
299 zastąpić rlogin, rsh i dostarczyć bezpieczne, szyfrowane połączenie
300 pomiędzy dwoma hostami.
302 Ten pakiet zawiera klientów służących do łączenia się z serwerami SSH.
304 %description clients -l pt_BR.UTF-8
305 Esse pacote inclui os clientes necessários para fazer conexões
306 encriptadas com servidores SSH.
308 %description clients -l ru.UTF-8
309 Ssh (Secure Shell) - это программа для "захода" (login) на удаленную
310 машину и для выполнения команд на удаленной машине.
312 Этот пакет содержит программы-клиенты, необходимые для установления
313 зашифрованных соединений с серверами SSH.
315 %description clients -l uk.UTF-8
316 Ssh (Secure Shell) - це програма для "заходу" (login) до віддаленої
317 машини та для виконання команд на віддаленій машині.
319 Цей пакет містить програми-клієнти, необхідні для встановлення
320 зашифрованих з'єднань з серверами SSH.
322 %package clients-agent-profile_d
323 Summary: OpenSSH Secure Shell agent init script
324 Summary(pl.UTF-8): Skrypt startowy agenta OpenSSH
325 Group: Applications/Networking
326 Requires: %{name}-clients = %{epoch}:%{version}-%{release}
328 %description clients-agent-profile_d
329 profile.d scripts for starting SSH agent.
331 %description clients-agent-profile_d -l pl.UTF-8
332 Skrypty profile.d do uruchamiania agenta SSH.
334 %package clients-agent-xinitrc
335 Summary: OpenSSH Secure Shell agent init script
336 Summary(pl.UTF-8): Skrypt inicjujący agenta ssh przez xinitrc
337 Group: Applications/Networking
338 Requires: %{name}-clients-agent-profile_d = %{epoch}:%{version}-%{release}
341 %description clients-agent-xinitrc
342 xinitrc scripts for starting SSH agent.
344 %description clients-agent-xinitrc -l pl.UTF-8
345 Skrypty xinitrc do uruchamiania agenta SSH.
348 Summary: OpenSSH Secure Shell protocol server (sshd)
349 Summary(de.UTF-8): OpenSSH Secure Shell Protocol-Server (sshd)
350 Summary(es.UTF-8): Servidor OpenSSH para comunicaciones codificadas
351 Summary(fr.UTF-8): Serveur de protocole du shell sécurisé OpenSSH (sshd)
352 Summary(it.UTF-8): Server OpenSSH per il protocollo Secure Shell (sshd)
353 Summary(pl.UTF-8): Serwer protokołu Secure Shell (sshd)
354 Summary(pt.UTF-8): Servidor do protocolo 'Secure Shell' OpenSSH (sshd)
355 Summary(pt_BR.UTF-8): Servidor OpenSSH para comunicações encriptadas
356 Summary(ru.UTF-8): OpenSSH - сервер протокола Secure Shell (sshd)
357 Summary(uk.UTF-8): OpenSSH - сервер протоколу Secure Shell (sshd)
358 Group: Networking/Daemons
359 Requires(post): /sbin/chkconfig
361 Requires(post,preun): /sbin/chkconfig
362 Requires(postun): /usr/sbin/userdel
363 Requires(pre): /bin/id
364 Requires(pre): /usr/sbin/useradd
365 Requires(post,preun,postun): systemd-units >= 38
366 Requires: %{name} = %{epoch}:%{version}-%{release}
367 Requires: pam >= %{pam_ver}
368 Requires: rc-scripts >= 0.4.3.0
369 Requires: systemd-units >= 38
370 %{?with_libseccomp:Requires: uname(release) >= 3.5}
372 %{?with_ldap:Suggests: %{name}-server-ldap}
374 Suggests: xorg-app-xauth
377 %requires_eq_to openssl openssl-devel
380 Ssh (Secure Shell) a program for logging into a remote machine and for
381 executing commands in a remote machine. It is intended to replace
382 rlogin and rsh, and provide secure encrypted communications between
383 two untrusted hosts over an insecure network. X11 connections and
384 arbitrary TCP/IP ports can also be forwarded over the secure channel.
386 OpenSSH is OpenBSD's rework of the last free version of SSH, bringing
387 it up to date in terms of security and features, as well as removing
388 all patented algorithms to seperate libraries (OpenSSL).
390 This package contains the secure shell daemon. The sshd is the server
391 part of the secure shell protocol and allows ssh clients to connect to
394 %description server -l de.UTF-8
395 Dieses Paket installiert den sshd, den Server-Teil der OpenSSH.
397 %description server -l es.UTF-8
398 Este paquete contiene el servidor SSH. sshd es la parte servidor del
399 protocolo secure shell y permite que clientes ssh se conecten a su
402 %description server -l fr.UTF-8
403 Ce paquetage installe le 'sshd', partie serveur de OpenSSH.
405 %description server -l it.UTF-8
406 Questo pacchetto installa sshd, il server di OpenSSH.
408 %description server -l pl.UTF-8
409 Ssh (Secure Shell) to program służący do logowania się na zdalną
410 maszynę i uruchamiania na niej aplikacji. W zamierzeniu openssh ma
411 zastąpić rlogin, rsh i dostarczyć bezpieczne, szyfrowane połączenie
412 pomiędzy dwoma hostami.
414 Ten pakiet zawiera serwer sshd (do którego mogą łączyć się klienci
417 %description server -l pt.UTF-8
418 Este pacote intala o sshd, o servidor do OpenSSH.
420 %description server -l pt_BR.UTF-8
421 Esse pacote contém o servidor SSH. O sshd é a parte servidor do
422 protocolo secure shell e permite que clientes ssh se conectem ao seu
425 %description server -l ru.UTF-8
426 Ssh (Secure Shell) - это программа для "захода" (login) на удаленную
427 машину и для выполнения команд на удаленной машине.
429 Этот пакет содержит sshd - "демон" Secure Shell. sshd - это серверная
430 часть протокола Secure Shell, позволяющая клиентам ssh соединяться с
433 %description server -l uk.UTF-8
434 Ssh (Secure Shell) - це програма для "заходу" (login) до віддаленої
435 машини та для виконання команд на віддаленій машині.
437 Цей пакет містить sshd - "демон" Secure Shell. sshd - це серверна
438 частина протоколу Secure Shell, яка дозволяє клієнтам ssh зв'язуватись
442 Summary: A LDAP support for open source SSH server daemon
443 Summary(pl.UTF-8): Wsparcie LDAP dla serwera OpenSSH
445 Requires: %{name} = %{epoch}:%{version}-%{release}
446 Requires: openldap-nss-config
448 %description server-ldap
449 OpenSSH LDAP backend is a way how to distribute the authorized tokens
450 among the servers in the network.
452 %description server-ldap -l pl.UTF-8
453 Backend LDAP dla OpenSSH to metoda rozprowadzania autoryzowanych
454 tokenów między serwerami w sieci.
456 %package gnome-askpass
457 Summary: OpenSSH GNOME passphrase dialog
458 Summary(de.UTF-8): OpenSSH GNOME Passwort-Dialog
459 Summary(es.UTF-8): Diálogo para introducción de passphrase para GNOME
460 Summary(fr.UTF-8): Dialogue pass-phrase GNOME d'OpenSSH
461 Summary(it.UTF-8): Finestra di dialogo GNOME per la frase segreta di OpenSSH
462 Summary(pl.UTF-8): Odpytywacz hasła OpenSSH dla GNOME
463 Summary(pt.UTF-8): Diálogo de pedido de senha para GNOME do OpenSSH
464 Summary(pt_BR.UTF-8): Diálogo para entrada de passphrase para GNOME
465 Summary(ru.UTF-8): OpenSSH - диалог ввода ключевой фразы (passphrase) для GNOME
466 Summary(uk.UTF-8): OpenSSH - діалог вводу ключової фрази (passphrase) для GNOME
467 Group: Applications/Networking
468 Requires: %{name} = %{epoch}:%{version}-%{release}
469 Obsoletes: openssh-askpass
470 Obsoletes: ssh-askpass
471 Obsoletes: ssh-extras
473 %description gnome-askpass
474 Ssh (Secure Shell) a program for logging into a remote machine and for
475 executing commands in a remote machine. It is intended to replace
476 rlogin and rsh, and provide secure encrypted communications between
477 two untrusted hosts over an insecure network. X11 connections and
478 arbitrary TCP/IP ports can also be forwarded over the secure channel.
480 OpenSSH is OpenBSD's rework of the last free version of SSH, bringing
481 it up to date in terms of security and features, as well as removing
482 all patented algorithms to seperate libraries (OpenSSL).
484 This package contains the GNOME passphrase dialog.
486 %description gnome-askpass -l es.UTF-8
487 Este paquete contiene un programa que abre una caja de diálogo para
488 entrada de passphrase en GNOME.
490 %description gnome-askpass -l pl.UTF-8
491 Ssh (Secure Shell) to program służący do logowania się na zdalną
492 maszynę i uruchamiania na niej aplikacji. W zamierzeniu openssh ma
493 zastąpić rlogin, rsh i dostarczyć bezpieczne, szyfrowane połączenie
494 pomiędzy dwoma hostami.
496 Ten pakiet zawiera ,,odpytywacz hasła'' dla GNOME.
498 %description gnome-askpass -l pt_BR.UTF-8
499 Esse pacote contém um programa que abre uma caixa de diálogo para
500 entrada de passphrase no GNOME.
502 %description gnome-askpass -l ru.UTF-8
503 Ssh (Secure Shell) - это программа для "захода" (login) на удаленную
504 машину и для выполнения команд на удаленной машине.
506 Этот пакет содержит диалог ввода ключевой фразы для использования под
509 %description gnome-askpass -l uk.UTF-8
510 Ssh (Secure Shell) - це програма для "заходу" (login) до віддаленої
511 машини та для виконання команд на віддаленій машині.
513 Цей пакет містить діалог вводу ключової фрази для використання під
516 %package -n openldap-schema-openssh-lpk
517 Summary: OpenSSH LDAP Public Key schema
518 Summary(pl.UTF-8): Schemat klucza publicznego LDAP dla OpenSSH
519 Group: Networking/Daemons
520 Requires(post,postun): sed >= 4.0
521 Requires: openldap-servers
522 %if "%{_rpmversion}" >= "5"
526 %description -n openldap-schema-openssh-lpk
527 This package contains OpenSSH LDAP Public Key schema for openldap.
529 %description -n openldap-schema-openssh-lpk -l pl.UTF-8
530 Ten pakiet zawiera schemat klucza publicznego LDAP dla OpenSSH dla
545 %{?with_hpn:%patch9 -p1}
550 %{!?with_ldap:%patch15 -p1}
551 %{?with_libseccomp:%patch16 -p1}
553 %if "%{pld_release}" == "ac"
554 # fix for missing x11.pc
555 %{__sed} -i -e 's/\(`$(PKG_CONFIG) --libs gtk+-2.0\) x11`/\1` -lX11/' contrib/Makefile
558 # hack since arc4random from openbsd-compat needs symbols from libssh and vice versa
559 sed -i -e 's#-lssh -lopenbsd-compat#-lssh -lopenbsd-compat -lssh -lopenbsd-compat#g' Makefile*
561 grep -rl /usr/libexec/openssh/ssh-ldap-helper . | xargs \
562 %{__sed} -i -e 's,/usr/libexec/openssh/ssh-ldap-helper,%{_libexecdir}/ssh-ldap-helper,'
564 # prevent being ovewritten by aclocal calls
565 %{__mv} aclocal.m4 acinclude.m4
568 cp /usr/share/automake/config.sub .
572 CPPFLAGS="%{rpmcppflags} -DCHROOT -std=gnu99"
579 %{?with_audit:--with-audit=linux} \
580 --with-ipaddr-display \
581 %{?with_kerberos5:--with-kerberos5=/usr} \
582 --with-ldap%{!?with_ldap:=no} \
583 %{?with_ldns:--with-ldns} \
584 %{?with_libedit:--with-libedit} \
586 --with-md5-passwords \
588 --with-pid-dir=%{_localstatedir}/run \
589 --with-privsep-path=%{_privsepdir} \
590 --with-privsep-user=sshd \
591 %{?with_selinux:--with-selinux} \
592 %if "%{pld_release}" == "ac"
593 --with-xauth=/usr/X11R6/bin/xauth
595 --with-sandbox=%{sandbox} \
596 --with-xauth=%{_bindir}/xauth
599 echo '#define LOGIN_PROGRAM "/bin/login"' >>config.h
603 %{?with_tests:%{__make} -j1 tests}
607 %{__make} gnome-ssh-askpass1 \
608 CC="%{__cc} %{rpmldflags} %{rpmcflags}"
611 %{__make} gnome-ssh-askpass2 \
612 CC="%{__cc} %{rpmldflags} %{rpmcflags}"
616 rm -rf $RPM_BUILD_ROOT
617 install -d $RPM_BUILD_ROOT{%{_sysconfdir},/etc/{pam.d,rc.d/init.d,sysconfig,security,env.d}} \
618 $RPM_BUILD_ROOT{%{_libexecdir}/ssh,%{schemadir},%{systemdunitdir}}
619 install -d $RPM_BUILD_ROOT/etc/{profile.d,X11/xinit/xinitrc.d}
622 DESTDIR=$RPM_BUILD_ROOT
624 bzip2 -dc %{SOURCE1} | tar xf - -C $RPM_BUILD_ROOT%{_mandir}
626 install -p %{SOURCE2} $RPM_BUILD_ROOT/etc/rc.d/init.d/sshd
627 cp -p %{SOURCE3} $RPM_BUILD_ROOT/etc/pam.d/sshd
628 cp -p %{SOURCE4} $RPM_BUILD_ROOT/etc/sysconfig/sshd
629 cp -p %{SOURCE5} $RPM_BUILD_ROOT/etc/profile.d
630 ln -sf /etc/profile.d/ssh-agent.sh $RPM_BUILD_ROOT/etc/X11/xinit/xinitrc.d/ssh-agent.sh
631 cp -p %{SOURCE6} $RPM_BUILD_ROOT%{_sysconfdir}
632 cp -p %{SOURCE7} $RPM_BUILD_ROOT%{schemadir}
634 cp -p %{SOURCE9} %{SOURCE11} %{SOURCE12} $RPM_BUILD_ROOT%{systemdunitdir}
635 install -p %{SOURCE10} $RPM_BUILD_ROOT%{_libexecdir}/sshd-keygen
637 %{__sed} -i -e 's|@@LIBEXECDIR@@|%{_libexecdir}|g' \
638 $RPM_BUILD_ROOT/etc/rc.d/init.d/sshd \
639 $RPM_BUILD_ROOT%{systemdunitdir}/sshd.service \
640 $RPM_BUILD_ROOT%{_libexecdir}/sshd-keygen
643 install -p contrib/gnome-ssh-askpass1 $RPM_BUILD_ROOT%{_libexecdir}/ssh/ssh-askpass
646 install -p contrib/gnome-ssh-askpass2 $RPM_BUILD_ROOT%{_libexecdir}/ssh/ssh-askpass
648 %if %{with gnome} || %{with gtk}
649 cat << 'EOF' >$RPM_BUILD_ROOT/etc/env.d/GNOME_SSH_ASKPASS_GRAB_SERVER
650 #GNOME_SSH_ASKPASS_GRAB_SERVER="true"
652 cat << 'EOF' >$RPM_BUILD_ROOT/etc/env.d/GNOME_SSH_ASKPASS_GRAB_POINTER
653 #GNOME_SSH_ASKPASS_GRAB_POINTER="true"
655 ln -s %{_libexecdir}/ssh/ssh-askpass $RPM_BUILD_ROOT%{_libexecdir}/ssh-askpass
658 install -p contrib/ssh-copy-id $RPM_BUILD_ROOT%{_bindir}
659 cp -p contrib/ssh-copy-id.1 $RPM_BUILD_ROOT%{_mandir}/man1
661 touch $RPM_BUILD_ROOT/etc/security/blacklist.sshd
663 cat << 'EOF' > $RPM_BUILD_ROOT/etc/env.d/SSH_ASKPASS
664 #SSH_ASKPASS="%{_libexecdir}/ssh-askpass"
667 %if "%{pld_release}" == "ac"
668 # not present in ac, no point searching it
669 %{__sed} -i -e '/pam_keyinit.so/d' $RPM_BUILD_ROOT/etc/pam.d/sshd
670 # openssl on ac does not have OPENSSL_HAS_ECC
671 %{__sed} -i -e '/ecdsa/d' $RPM_BUILD_ROOT%{_libexecdir}/sshd-keygen
675 # remove recording user's login uid to the process attribute
676 %{__sed} -i -e '/pam_loginuid.so/d' $RPM_BUILD_ROOT/etc/pam.d/sshd
679 %{__rm} $RPM_BUILD_ROOT%{_mandir}/README.openssh-non-english-man-pages
680 %{?with_ldap:%{__rm} $RPM_BUILD_ROOT%{_sysconfdir}/ldap.conf}
683 rm -rf $RPM_BUILD_ROOT
694 %postun gnome-askpass
698 %useradd -P %{name}-server -u 40 -d %{_privsepdir} -s /bin/false -c "OpenSSH PrivSep User" -g nobody sshd
701 /sbin/chkconfig --add sshd
702 %service sshd reload "OpenSSH Daemon"
704 %systemd_post sshd.service
707 if [ "$1" = "0" ]; then
709 /sbin/chkconfig --del sshd
711 %systemd_preun sshd.service
714 if [ "$1" = "0" ]; then
719 %triggerpostun server -- %{name}-server < 2:7.0p1-2
720 %banner %{name}-server -e << EOF
721 !!!!!!!!!!!!!!!!!!!!!!! WARNING !!!!!!!!!!!!!!!!!!!
722 ! Starting from openssh 7.0 DSA keys are disabled !
723 ! on server and client side. You will NOT be able !
724 ! to use DSA keys for authentication. Please read !
725 ! about PubkeyAcceptedKeyTypes in man ssh_config. !
726 !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
729 %triggerpostun server -- %{name}-server < 6.2p1-1
730 cp -f %{_sysconfdir}/sshd_config{,.rpmorig}
731 sed -i -e 's#AuthorizedKeysCommandRunAs#AuthorizedKeysCommandUser##g' %{_sysconfdir}/sshd_config
733 %triggerpostun server -- %{name}-server < 2:5.9p1-8
734 # lpk.patch to ldap.patch
735 if grep -qE '^(UseLPK|Lpk)' %{_sysconfdir}/sshd_config; then
736 echo >&2 "Migrating LPK patch to LDAP patch"
737 cp -f %{_sysconfdir}/sshd_config{,.rpmorig}
739 # disable old configs
740 # just UseLPK/LkpLdapConf supported for now
741 s/^\s*UseLPK/## Obsolete &/
742 s/^\s*Lpk/## Obsolete &/
743 # Enable new ones, assumes /etc/ldap.conf defaults, see HOWTO.ldap-keys
744 /UseLPK/iAuthorizedKeysCommand %{_libexecdir}/ssh-ldap-wrapper
745 ' %{_sysconfdir}/sshd_config
746 if [ ! -x /bin/systemd_booted ] || ! /bin/systemd_booted; then
747 /bin/systemctl try-restart sshd.service || :
749 %service -q sshd reload
752 %systemd_trigger sshd.service
753 if [ -x /bin/systemd_booted ] && /bin/systemd_booted; then
754 %banner %{name}-server -e << EOF
755 !!!!!!!!!!!!!!!!!!!!!!! WARNING !!!!!!!!!!!!!!!!!!!!!!!!!
756 ! Native systemd support for sshd has been installed. !
757 ! Restarting sshd.service with systemctl WILL kill all !
758 ! active ssh sessions (daemon as such will be started). !
759 !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
763 %post -n openldap-schema-openssh-lpk
764 %openldap_schema_register %{schemadir}/openssh-lpk.schema
765 %service -q ldap restart
767 %postun -n openldap-schema-openssh-lpk
768 if [ "$1" = "0" ]; then
769 %openldap_schema_unregister %{schemadir}/openssh-lpk.schema
770 %service -q ldap restart
774 %defattr(644,root,root,755)
775 %doc TODO README OVERVIEW CREDITS Change*
776 %attr(755,root,root) %{_bindir}/ssh-key*
777 #%attr(755,root,root) %{_bindir}/ssh-vulnkey*
778 %{_mandir}/man1/ssh-key*.1*
779 #%{_mandir}/man1/ssh-vulnkey*.1*
784 %defattr(644,root,root,755)
785 %attr(755,root,root) %{_bindir}/ssh
786 %attr(755,root,root) %{_bindir}/sftp
787 %attr(755,root,root) %{_bindir}/ssh-agent
788 %attr(755,root,root) %{_bindir}/ssh-add
789 %attr(755,root,root) %{_bindir}/ssh-copy-id
790 %attr(755,root,root) %{_bindir}/scp
791 %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/ssh_config
792 %config(noreplace,missingok) %verify(not md5 mtime size) /etc/env.d/SSH_ASKPASS
793 %{_mandir}/man1/scp.1*
794 %{_mandir}/man1/ssh.1*
795 %{_mandir}/man1/sftp.1*
796 %{_mandir}/man1/ssh-agent.1*
797 %{_mandir}/man1/ssh-add.1*
798 %{_mandir}/man1/ssh-copy-id.1*
799 %{_mandir}/man5/ssh_config.5*
800 %lang(it) %{_mandir}/it/man1/ssh.1*
801 %lang(it) %{_mandir}/it/man5/ssh_config.5*
802 %lang(pl) %{_mandir}/pl/man1/scp.1*
803 %lang(zh_CN) %{_mandir}/zh_CN/man1/scp.1*
805 # for host-based auth (suid required for accessing private host key)
806 #%attr(4755,root,root) %{_libexecdir}/ssh-keysign
807 #%{_mandir}/man8/ssh-keysign.8*
809 %files clients-agent-profile_d
810 %defattr(644,root,root,755)
811 %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/ssh-agent.conf
812 %attr(755,root,root) /etc/profile.d/ssh-agent.sh
814 %files clients-agent-xinitrc
815 %defattr(644,root,root,755)
816 %attr(755,root,root) /etc/X11/xinit/xinitrc.d/ssh-agent.sh
819 %defattr(644,root,root,755)
820 %attr(755,root,root) %{_sbindir}/sshd
821 %attr(755,root,root) %{_libexecdir}/sftp-server
822 %attr(755,root,root) %{_libexecdir}/ssh-keysign
823 %attr(755,root,root) %{_libexecdir}/ssh-pkcs11-helper
824 %attr(755,root,root) %{_libexecdir}/sshd-keygen
825 %{_mandir}/man8/sshd.8*
826 %{_mandir}/man8/sftp-server.8*
827 %{_mandir}/man8/ssh-keysign.8*
828 %{_mandir}/man8/ssh-pkcs11-helper.8*
829 %{_mandir}/man5/sshd_config.5*
830 %{_mandir}/man5/moduli.5*
831 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/sshd_config
832 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/pam.d/sshd
833 %attr(640,root,root) %{_sysconfdir}/moduli
834 %attr(754,root,root) /etc/rc.d/init.d/sshd
835 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/sysconfig/sshd
836 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/security/blacklist.sshd
837 %{systemdunitdir}/sshd.service
838 %{systemdunitdir}/sshd.socket
839 %{systemdunitdir}/sshd@.service
843 %defattr(644,root,root,755)
844 %doc HOWTO.ldap-keys ldap.conf
845 %attr(755,root,root) %{_libexecdir}/ssh-ldap-helper
846 %attr(755,root,root) %{_libexecdir}/ssh-ldap-wrapper
847 %{_mandir}/man5/ssh-ldap.conf.5*
848 %{_mandir}/man8/ssh-ldap-helper.8*
851 %if %{with gnome} || %{with gtk}
853 %defattr(644,root,root,755)
854 %config(noreplace,missingok) %verify(not md5 mtime size) /etc/env.d/GNOME_SSH_ASKPASS*
855 %dir %{_libexecdir}/ssh
856 %attr(755,root,root) %{_libexecdir}/ssh/ssh-askpass
857 %attr(755,root,root) %{_libexecdir}/ssh-askpass
861 %files -n openldap-schema-openssh-lpk
862 %defattr(644,root,root,755)
863 %{schemadir}/openssh-lpk.schema