2 # - add trigger to enable this:
3 # * sshd(8): This release turns on pre-auth sandboxing sshd by default for
4 # new installs, by setting UsePrivilegeSeparation=sandbox in sshd_config.
7 %bcond_without audit # sshd audit support
8 %bcond_with gnome # with gnome-askpass (GNOME 1.x) utility
9 %bcond_without gtk # without GTK+ (2.x)
10 %bcond_without ldap # with ldap support
11 %bcond_without libedit # without libedit (editline/history support in sftp client)
12 %bcond_without kerberos5 # without kerberos5 support
13 %bcond_without selinux # build without SELinux support
14 %bcond_without libseccomp # use libseccomp for seccomp privsep (requires 3.5 kernel)
15 %bcond_with hpn # High Performance SSH/SCP - HPN-SSH including Cipher NONE (broken too often)
18 # gtk2-based gnome-askpass means no gnome1-based
19 %{?with_gtk:%undefine with_gnome}
22 # libseccomp requires 3.5 kernel, avoid such requirement where possible (non-x32 arches)
23 %undefine with_libseccomp
26 %define sandbox %{?with_libseccomp:lib}seccomp_filter
29 %{!?with_libseccomp:%error openssh seccomp implementation is broken! do not disable libseccomp on x32}
32 %if "%{pld_release}" == "ac"
33 %define pam_ver 0.79.0
35 %define pam_ver 1:1.1.8-5
37 Summary: OpenSSH free Secure Shell (SSH) implementation
38 Summary(de.UTF-8): OpenSSH - freie Implementation der Secure Shell (SSH)
39 Summary(es.UTF-8): Implementación libre de SSH
40 Summary(fr.UTF-8): Implémentation libre du shell sécurisé OpenSSH (SSH)
41 Summary(it.UTF-8): Implementazione gratuita OpenSSH della Secure Shell
42 Summary(pl.UTF-8): Publicznie dostępna implementacja bezpiecznego shella (SSH)
43 Summary(pt.UTF-8): Implementação livre OpenSSH do protocolo 'Secure Shell' (SSH)
44 Summary(pt_BR.UTF-8): Implementação livre do SSH
45 Summary(ru.UTF-8): OpenSSH - свободная реализация протокола Secure Shell (SSH)
46 Summary(uk.UTF-8): OpenSSH - вільна реалізація протоколу Secure Shell (SSH)
52 Group: Applications/Networking
53 Source0: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/%{name}-%{version}.tar.gz
54 # Source0-md5: 8709736bc8a8c253bc4eeb4829888ca5
55 Source1: http://www.mif.pg.gda.pl/homepages/ankry/man-PLD/%{name}-non-english-man-pages.tar.bz2
56 # Source1-md5: 66943d481cc422512b537bcc2c7400d1
57 Source2: %{name}d.init
58 Source3: %{name}d.pamd
59 Source4: %{name}.sysconfig
61 Source6: ssh-agent.conf
62 Source7: %{name}-lpk.schema
66 Source12: sshd@.service
67 Patch0: %{name}-no_libnsl.patch
68 Patch1: %{name}-tests-reuseport.patch
69 Patch2: %{name}-pam_misc.patch
70 Patch3: %{name}-sigpipe.patch
71 # http://pkgs.fedoraproject.org/gitweb/?p=openssh.git;a=tree
72 Patch4: %{name}-ldap.patch
73 Patch5: %{name}-ldap-fixes.patch
74 Patch6: ldap.conf.patch
75 Patch7: %{name}-config.patch
76 Patch8: ldap-helper-sigpipe.patch
77 # High Performance SSH/SCP - HPN-SSH - http://www.psc.edu/networking/projects/hpn-ssh/
78 # http://www.psc.edu/networking/projects/hpn-ssh/openssh-5.2p1-hpn13v6.diff.gz
79 Patch9: %{name}-5.2p1-hpn13v6.diff
80 Patch10: %{name}-include.patch
81 Patch11: %{name}-chroot.patch
82 Patch14: %{name}-bind.patch
83 Patch15: %{name}-disable_ldap.patch
84 Patch16: libseccomp-sandbox.patch
85 URL: http://www.openssh.com/portable.html
86 BuildRequires: %{__perl}
87 %{?with_audit:BuildRequires: audit-libs-devel}
88 BuildRequires: autoconf >= 2.50
89 BuildRequires: automake
90 %{?with_gnome:BuildRequires: gnome-libs-devel}
91 %{?with_gtk:BuildRequires: gtk+2-devel}
92 %{?with_kerberos5:BuildRequires: heimdal-devel >= 0.7}
93 %{?with_libedit:BuildRequires: libedit-devel}
94 BuildRequires: libseccomp-devel
95 %{?with_selinux:BuildRequires: libselinux-devel}
96 %{?with_ldap:BuildRequires: openldap-devel}
97 BuildRequires: openssl-devel >= 0.9.8f
98 BuildRequires: pam-devel
99 %{?with_gtk:BuildRequires: pkgconfig}
100 BuildRequires: rpm >= 4.4.9-56
101 BuildRequires: rpmbuild(macros) >= 1.627
102 BuildRequires: sed >= 4.0
103 BuildRequires: zlib-devel >= 1.2.3
104 %if %{with tests} && 0%(id -u sshd >/dev/null 2>&1; echo $?)
105 BuildRequires: %{name}-server
107 %if %{with tests} && %{with libseccomp}
108 # libseccomp based sandbox requires NO_NEW_PRIVS prctl flag
109 BuildRequires: uname(release) >= 3.5
111 Requires: zlib >= 1.2.3
112 %if "%{pld_release}" == "ac"
113 Requires: filesystem >= 2.0-1
114 Requires: pam >= 0.79.0
116 Requires: filesystem >= 3.0-11
117 Requires: pam >= %{pam_ver}
118 Suggests: xorg-app-xauth
121 BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
123 %define _sysconfdir /etc/ssh
124 %define _libexecdir %{_libdir}/%{name}
125 %define _privsepdir /usr/share/empty
126 %define schemadir /usr/share/openldap/schema
129 Ssh (Secure Shell) a program for logging into a remote machine and for
130 executing commands in a remote machine. It is intended to replace
131 rlogin and rsh, and provide secure encrypted communications between
132 two untrusted hosts over an insecure network. X11 connections and
133 arbitrary TCP/IP ports can also be forwarded over the secure channel.
135 OpenSSH is OpenBSD's rework of the last free version of SSH, bringing
136 it up to date in terms of security and features, as well as removing
137 all patented algorithms to seperate libraries (OpenSSL).
139 This package includes the core files necessary for both the OpenSSH
140 client and server. To make this package useful, you should also
141 install openssh-clients, openssh-server, or both.
144 This release includes High Performance SSH/SCP patches from
145 http://www.psc.edu/networking/projects/hpn-ssh/ which are supposed to
146 increase throughput on fast connections with high RTT (20-150 msec).
147 See the website for '-w' values for your connection and /proc/sys TCP
148 values. BTW. in a LAN you have got generally RTT < 1 msec.
151 %description -l de.UTF-8
152 OpenSSH (Secure Shell) stellt den Zugang zu anderen Rechnern her. Es
153 ersetzt telnet, rlogin, rexec und rsh und stellt eine sichere,
154 verschlüsselte Verbindung zwischen zwei nicht vertrauenswürdigen Hosts
155 über eine unsicheres Netzwerk her. X11 Verbindungen und beliebige
156 andere TCP/IP Ports können ebenso über den sicheren Channel
157 weitergeleitet werden.
159 %description -l es.UTF-8
160 SSH es un programa para accesar y ejecutar órdenes en computadores
161 remotos. Sustituye rlogin y rsh, y suministra un canal de comunicación
162 seguro entre dos servidores en una red insegura. Conexiones X11 y
163 puertas TCP/IP arbitrárias también pueden ser usadas por el canal
166 OpenSSH es el resultado del trabajo del equipo de OpenBSD para
167 continuar la última versión gratuita de SSH, actualizándolo en
168 términos de seguridad y recursos,así también eliminando todos los
169 algoritmos patentados y colocándolos en bibliotecas separadas
172 Este paquete contiene "port" para Linux de OpenSSH. Se debe instalar
173 también el paquete openssh-clients u openssh-server o ambos.
175 %description -l fr.UTF-8
176 OpenSSH (Secure Shell) fournit un accès à un système distant. Il
177 remplace telnet, rlogin, rexec et rsh, tout en assurant des
178 communications cryptées securisées entre deux hôtes non fiabilisés sur
179 un réseau non sécurisé. Des connexions X11 et des ports TCP/IP
180 arbitraires peuvent également être transmis sur le canal sécurisé.
182 %description -l it.UTF-8
183 OpenSSH (Secure Shell) fornisce l'accesso ad un sistema remoto.
184 Sostituisce telnet, rlogin, rexec, e rsh, e fornisce comunicazioni
185 sicure e crittate tra due host non fidati su una rete non sicura. Le
186 connessioni X11 ad una porta TCP/IP arbitraria possono essere
187 inoltrate attraverso un canale sicuro.
189 %description -l pl.UTF-8
190 Ssh (Secure Shell) to program służący do logowania się na zdalną
191 maszynę i uruchamiania na niej aplikacji. W zamierzeniu openssh ma
192 zastąpić rlogin, rsh i dostarczyć bezpieczne, szyfrowane połączenie
193 pomiędzy dwoma hostami.
195 Ten pakiet zawiera podstawowe pliki potrzebne zarówno po stronie
196 klienta jak i serwera OpenSSH. Aby był użyteczny, trzeba zainstalować
197 co najmniej jeden z pakietów: openssh-clients lub openssh-server.
200 Ta wersja zawiera łaty z projektu High Performance SSH/SCP
201 http://www.psc.edu/networking/projects/hpn-ssh/, które mają na celu
202 zwiększenie przepustowości transmisji dla szybkich połączeń z dużym
203 RTT (20-150 msec). Na stronie projektu znaleźć można odpowednie dla
204 danego połączenia wartości parametru '-w' oraz opcje /proc/sys dla
205 TCP. Nawiasem mówiąc w sieciach LAN RTT < 1 msec.
208 %description -l pt.UTF-8
209 OpenSSH (Secure Shell) fornece acesso a um sistema remoto. Substitui o
210 telnet, rlogin, rexec, e o rsh e fornece comunicações seguras e
211 cifradas entre duas máquinas sem confiança mútua sobre uma rede
212 insegura. Ligações X11 e portos TCP/IP arbitrários também poder ser
213 reenviados pelo canal seguro.
215 %description -l pt_BR.UTF-8
216 SSH é um programa para acessar e executar comandos em máquinas
217 remotas. Ele substitui rlogin e rsh, e provem um canal de comunicação
218 seguro entre dois hosts em uma rede insegura. Conexões X11 e portas
219 TCP/IP arbitrárias também podem ser usadas pelo canal seguro.
221 OpenSSH é o resultado do trabalho da equipe do OpenBSD em continuar a
222 última versão gratuita do SSH, atualizando-o em termos de segurança e
223 recursos, assim como removendo todos os algoritmos patenteados e
224 colocando-os em bibliotecas separadas (OpenSSL).
226 Esse pacote contém o "port" pra Linux do OpenSSH. Você deve instalar
227 também ou o pacote openssh-clients, ou o openssh-server, ou ambos.
229 %description -l ru.UTF-8
230 Ssh (Secure Shell) - это программа для "захода" (login) на удаленную
231 машину и для выполнения команд на удаленной машине. Она предназначена
232 для замены rlogin и rsh и обеспечивает безопасную шифрованную
233 коммуникацию между двумя хостами в сети, являющейся небезопасной.
234 Соединения X11 и любые порты TCP/IP могут также быть проведены через
237 OpenSSH - это переделка командой разработчиков OpenBSD последней
238 свободной версии SSH, доведенная до современного состояния в терминах
239 уровня безопасности и поддерживаемых возможностей. Все патентованные
240 алгоритмы вынесены в отдельные библиотеки (OpenSSL).
242 Этот пакет содержит файлы, необходимые как для клиента, так и для
243 сервера OpenSSH. Вам нужно будет установить еще openssh-clients,
244 openssh-server, или оба пакета.
246 %description -l uk.UTF-8
247 Ssh (Secure Shell) - це програма для "заходу" (login) до віддаленої
248 машини та для виконання команд на віддаленій машині. Вона призначена
249 для заміни rlogin та rsh і забезпечує безпечну шифровану комунікацію
250 між двома хостами в мережі, яка не є безпечною. З'єднання X11 та
251 довільні порти TCP/IP можуть також бути проведені через безпечний
254 OpenSSH - це переробка командою розробників OpenBSD останньої вільної
255 версії SSH, доведена до сучасного стану в термінах рівня безпеки та
256 підтримуваних можливостей. Всі патентовані алгоритми винесені до
257 окремих бібліотек (OpenSSL).
259 Цей пакет містить файли, необхідні як для клієнта, так і для сервера
260 OpenSSH. Вам потрібно буде ще встановити openssh-clients,
261 openssh-server, чи обидва пакети.
264 Summary: OpenSSH Secure Shell protocol clients
265 Summary(es.UTF-8): Clientes de OpenSSH
266 Summary(pl.UTF-8): Klienci protokołu Secure Shell
267 Summary(pt_BR.UTF-8): Clientes do OpenSSH
268 Summary(ru.UTF-8): OpenSSH - клиенты протокола Secure Shell
269 Summary(uk.UTF-8): OpenSSH - клієнти протоколу Secure Shell
270 Group: Applications/Networking
272 Provides: ssh-clients
273 Obsoletes: ssh-clients
274 %requires_eq_to openssl openssl-devel
277 Ssh (Secure Shell) a program for logging into a remote machine and for
278 executing commands in a remote machine. It is intended to replace
279 rlogin and rsh, and provide secure encrypted communications between
280 two untrusted hosts over an insecure network. X11 connections and
281 arbitrary TCP/IP ports can also be forwarded over the secure channel.
283 OpenSSH is OpenBSD's rework of the last free version of SSH, bringing
284 it up to date in terms of security and features, as well as removing
285 all patented algorithms to seperate libraries (OpenSSL).
287 This package includes the clients necessary to make encrypted
288 connections to SSH servers.
290 %description clients -l es.UTF-8
291 Este paquete incluye los clientes que se necesitan para hacer
292 conexiones codificadas con servidores SSH.
294 %description clients -l pl.UTF-8
295 Ssh (Secure Shell) to program służący do logowania się na zdalną
296 maszynę i uruchamiania na niej aplikacji. W zamierzeniu openssh ma
297 zastąpić rlogin, rsh i dostarczyć bezpieczne, szyfrowane połączenie
298 pomiędzy dwoma hostami.
300 Ten pakiet zawiera klientów służących do łączenia się z serwerami SSH.
302 %description clients -l pt_BR.UTF-8
303 Esse pacote inclui os clientes necessários para fazer conexões
304 encriptadas com servidores SSH.
306 %description clients -l ru.UTF-8
307 Ssh (Secure Shell) - это программа для "захода" (login) на удаленную
308 машину и для выполнения команд на удаленной машине.
310 Этот пакет содержит программы-клиенты, необходимые для установления
311 зашифрованных соединений с серверами SSH.
313 %description clients -l uk.UTF-8
314 Ssh (Secure Shell) - це програма для "заходу" (login) до віддаленої
315 машини та для виконання команд на віддаленій машині.
317 Цей пакет містить програми-клієнти, необхідні для встановлення
318 зашифрованих з'єднань з серверами SSH.
320 %package clients-agent-profile_d
321 Summary: OpenSSH Secure Shell agent init script
322 Summary(pl.UTF-8): Skrypt startowy agenta OpenSSH
323 Group: Applications/Networking
324 Requires: %{name}-clients = %{epoch}:%{version}-%{release}
326 %description clients-agent-profile_d
327 profile.d scripts for starting SSH agent.
329 %description clients-agent-profile_d -l pl.UTF-8
330 Skrypty profile.d do uruchamiania agenta SSH.
332 %package clients-agent-xinitrc
333 Summary: OpenSSH Secure Shell agent init script
334 Summary(pl.UTF-8): Skrypt inicjujący agenta ssh przez xinitrc
335 Group: Applications/Networking
336 Requires: %{name}-clients-agent-profile_d = %{epoch}:%{version}-%{release}
339 %description clients-agent-xinitrc
340 xinitrc scripts for starting SSH agent.
342 %description clients-agent-xinitrc -l pl.UTF-8
343 Skrypty xinitrc do uruchamiania agenta SSH.
346 Summary: OpenSSH Secure Shell protocol server (sshd)
347 Summary(de.UTF-8): OpenSSH Secure Shell Protocol-Server (sshd)
348 Summary(es.UTF-8): Servidor OpenSSH para comunicaciones codificadas
349 Summary(fr.UTF-8): Serveur de protocole du shell sécurisé OpenSSH (sshd)
350 Summary(it.UTF-8): Server OpenSSH per il protocollo Secure Shell (sshd)
351 Summary(pl.UTF-8): Serwer protokołu Secure Shell (sshd)
352 Summary(pt.UTF-8): Servidor do protocolo 'Secure Shell' OpenSSH (sshd)
353 Summary(pt_BR.UTF-8): Servidor OpenSSH para comunicações encriptadas
354 Summary(ru.UTF-8): OpenSSH - сервер протокола Secure Shell (sshd)
355 Summary(uk.UTF-8): OpenSSH - сервер протоколу Secure Shell (sshd)
356 Group: Networking/Daemons
357 Requires(post): /sbin/chkconfig
359 Requires(post,preun): /sbin/chkconfig
360 Requires(postun): /usr/sbin/userdel
361 Requires(pre): /bin/id
362 Requires(pre): /usr/sbin/useradd
363 Requires(post,preun,postun): systemd-units >= 38
364 Requires: %{name} = %{epoch}:%{version}-%{release}
365 Requires: pam >= %{pam_ver}
366 Requires: rc-scripts >= 0.4.3.0
367 Requires: systemd-units >= 38
368 %{?with_libseccomp:Requires: uname(release) >= 3.5}
370 %{?with_ldap:Suggests: %{name}-server-ldap}
372 Suggests: xorg-app-xauth
375 %requires_eq_to openssl openssl-devel
378 Ssh (Secure Shell) a program for logging into a remote machine and for
379 executing commands in a remote machine. It is intended to replace
380 rlogin and rsh, and provide secure encrypted communications between
381 two untrusted hosts over an insecure network. X11 connections and
382 arbitrary TCP/IP ports can also be forwarded over the secure channel.
384 OpenSSH is OpenBSD's rework of the last free version of SSH, bringing
385 it up to date in terms of security and features, as well as removing
386 all patented algorithms to seperate libraries (OpenSSL).
388 This package contains the secure shell daemon. The sshd is the server
389 part of the secure shell protocol and allows ssh clients to connect to
392 %description server -l de.UTF-8
393 Dieses Paket installiert den sshd, den Server-Teil der OpenSSH.
395 %description server -l es.UTF-8
396 Este paquete contiene el servidor SSH. sshd es la parte servidor del
397 protocolo secure shell y permite que clientes ssh se conecten a su
400 %description server -l fr.UTF-8
401 Ce paquetage installe le 'sshd', partie serveur de OpenSSH.
403 %description server -l it.UTF-8
404 Questo pacchetto installa sshd, il server di OpenSSH.
406 %description server -l pl.UTF-8
407 Ssh (Secure Shell) to program służący do logowania się na zdalną
408 maszynę i uruchamiania na niej aplikacji. W zamierzeniu openssh ma
409 zastąpić rlogin, rsh i dostarczyć bezpieczne, szyfrowane połączenie
410 pomiędzy dwoma hostami.
412 Ten pakiet zawiera serwer sshd (do którego mogą łączyć się klienci
415 %description server -l pt.UTF-8
416 Este pacote intala o sshd, o servidor do OpenSSH.
418 %description server -l pt_BR.UTF-8
419 Esse pacote contém o servidor SSH. O sshd é a parte servidor do
420 protocolo secure shell e permite que clientes ssh se conectem ao seu
423 %description server -l ru.UTF-8
424 Ssh (Secure Shell) - это программа для "захода" (login) на удаленную
425 машину и для выполнения команд на удаленной машине.
427 Этот пакет содержит sshd - "демон" Secure Shell. sshd - это серверная
428 часть протокола Secure Shell, позволяющая клиентам ssh соединяться с
431 %description server -l uk.UTF-8
432 Ssh (Secure Shell) - це програма для "заходу" (login) до віддаленої
433 машини та для виконання команд на віддаленій машині.
435 Цей пакет містить sshd - "демон" Secure Shell. sshd - це серверна
436 частина протоколу Secure Shell, яка дозволяє клієнтам ssh зв'язуватись
440 Summary: A LDAP support for open source SSH server daemon
441 Summary(pl.UTF-8): Wsparcie LDAP dla serwera OpenSSH
443 Requires: %{name} = %{epoch}:%{version}-%{release}
444 Requires: openldap-nss-config
446 %description server-ldap
447 OpenSSH LDAP backend is a way how to distribute the authorized tokens
448 among the servers in the network.
450 %description server-ldap -l pl.UTF-8
451 Backend LDAP dla OpenSSH to metoda rozprowadzania autoryzowanych
452 tokenów między serwerami w sieci.
454 %package gnome-askpass
455 Summary: OpenSSH GNOME passphrase dialog
456 Summary(de.UTF-8): OpenSSH GNOME Passwort-Dialog
457 Summary(es.UTF-8): Diálogo para introducción de passphrase para GNOME
458 Summary(fr.UTF-8): Dialogue pass-phrase GNOME d'OpenSSH
459 Summary(it.UTF-8): Finestra di dialogo GNOME per la frase segreta di OpenSSH
460 Summary(pl.UTF-8): Odpytywacz hasła OpenSSH dla GNOME
461 Summary(pt.UTF-8): Diálogo de pedido de senha para GNOME do OpenSSH
462 Summary(pt_BR.UTF-8): Diálogo para entrada de passphrase para GNOME
463 Summary(ru.UTF-8): OpenSSH - диалог ввода ключевой фразы (passphrase) для GNOME
464 Summary(uk.UTF-8): OpenSSH - діалог вводу ключової фрази (passphrase) для GNOME
465 Group: Applications/Networking
466 Requires: %{name} = %{epoch}:%{version}-%{release}
467 Obsoletes: openssh-askpass
468 Obsoletes: ssh-askpass
469 Obsoletes: ssh-extras
471 %description gnome-askpass
472 Ssh (Secure Shell) a program for logging into a remote machine and for
473 executing commands in a remote machine. It is intended to replace
474 rlogin and rsh, and provide secure encrypted communications between
475 two untrusted hosts over an insecure network. X11 connections and
476 arbitrary TCP/IP ports can also be forwarded over the secure channel.
478 OpenSSH is OpenBSD's rework of the last free version of SSH, bringing
479 it up to date in terms of security and features, as well as removing
480 all patented algorithms to seperate libraries (OpenSSL).
482 This package contains the GNOME passphrase dialog.
484 %description gnome-askpass -l es.UTF-8
485 Este paquete contiene un programa que abre una caja de diálogo para
486 entrada de passphrase en GNOME.
488 %description gnome-askpass -l pl.UTF-8
489 Ssh (Secure Shell) to program służący do logowania się na zdalną
490 maszynę i uruchamiania na niej aplikacji. W zamierzeniu openssh ma
491 zastąpić rlogin, rsh i dostarczyć bezpieczne, szyfrowane połączenie
492 pomiędzy dwoma hostami.
494 Ten pakiet zawiera ,,odpytywacz hasła'' dla GNOME.
496 %description gnome-askpass -l pt_BR.UTF-8
497 Esse pacote contém um programa que abre uma caixa de diálogo para
498 entrada de passphrase no GNOME.
500 %description gnome-askpass -l ru.UTF-8
501 Ssh (Secure Shell) - это программа для "захода" (login) на удаленную
502 машину и для выполнения команд на удаленной машине.
504 Этот пакет содержит диалог ввода ключевой фразы для использования под
507 %description gnome-askpass -l uk.UTF-8
508 Ssh (Secure Shell) - це програма для "заходу" (login) до віддаленої
509 машини та для виконання команд на віддаленій машині.
511 Цей пакет містить діалог вводу ключової фрази для використання під
514 %package -n openldap-schema-openssh-lpk
515 Summary: OpenSSH LDAP Public Key schema
516 Summary(pl.UTF-8): Schemat klucza publicznego LDAP dla OpenSSH
517 Group: Networking/Daemons
518 Requires(post,postun): sed >= 4.0
519 Requires: openldap-servers
520 %if "%{_rpmversion}" >= "5"
524 %description -n openldap-schema-openssh-lpk
525 This package contains OpenSSH LDAP Public Key schema for openldap.
527 %description -n openldap-schema-openssh-lpk -l pl.UTF-8
528 Ten pakiet zawiera schemat klucza publicznego LDAP dla OpenSSH dla
543 %{?with_hpn:%patch9 -p1}
548 %{!?with_ldap:%patch15 -p1}
549 %{?with_libseccomp:%patch16 -p1}
551 %if "%{pld_release}" == "ac"
552 # fix for missing x11.pc
553 %{__sed} -i -e 's/\(`$(PKG_CONFIG) --libs gtk+-2.0\) x11`/\1` -lX11/' contrib/Makefile
556 # hack since arc4random from openbsd-compat needs symbols from libssh and vice versa
557 sed -i -e 's#-lssh -lopenbsd-compat#-lssh -lopenbsd-compat -lssh#g' Makefile*
559 grep -rl /usr/libexec/openssh/ssh-ldap-helper . | xargs \
560 %{__sed} -i -e 's,/usr/libexec/openssh/ssh-ldap-helper,%{_libexecdir}/ssh-ldap-helper,'
562 # prevent being ovewritten by aclocal calls
563 mv aclocal.m4 acinclude.m4
566 cp /usr/share/automake/config.sub .
570 CPPFLAGS="%{rpmcppflags} -DCHROOT -std=gnu99"
577 %{?with_audit:--with-audit=linux} \
578 --with-ipaddr-display \
579 %{?with_kerberos5:--with-kerberos5=/usr} \
580 --with-ldap%{!?with_ldap:=no} \
581 %{?with_libedit:--with-libedit} \
583 --with-md5-passwords \
585 --with-pid-dir=%{_localstatedir}/run \
586 --with-privsep-path=%{_privsepdir} \
587 --with-privsep-user=sshd \
588 %{?with_selinux:--with-selinux} \
589 %if "%{pld_release}" == "ac"
590 --with-xauth=/usr/X11R6/bin/xauth
592 --with-sandbox=%{sandbox} \
593 --with-xauth=%{_bindir}/xauth
596 echo '#define LOGIN_PROGRAM "/bin/login"' >>config.h
600 %{?with_tests:%{__make} -j1 tests}
604 %{__make} gnome-ssh-askpass1 \
605 CC="%{__cc} %{rpmldflags} %{rpmcflags}"
608 %{__make} gnome-ssh-askpass2 \
609 CC="%{__cc} %{rpmldflags} %{rpmcflags}"
613 rm -rf $RPM_BUILD_ROOT
614 install -d $RPM_BUILD_ROOT{%{_sysconfdir},/etc/{pam.d,rc.d/init.d,sysconfig,security,env.d}} \
615 $RPM_BUILD_ROOT{%{_libexecdir}/ssh,%{schemadir},%{systemdunitdir}}
616 install -d $RPM_BUILD_ROOT/etc/{profile.d,X11/xinit/xinitrc.d}
619 DESTDIR=$RPM_BUILD_ROOT
621 bzip2 -dc %{SOURCE1} | tar xf - -C $RPM_BUILD_ROOT%{_mandir}
623 install -p %{SOURCE2} $RPM_BUILD_ROOT/etc/rc.d/init.d/sshd
624 cp -p %{SOURCE3} $RPM_BUILD_ROOT/etc/pam.d/sshd
625 cp -p %{SOURCE4} $RPM_BUILD_ROOT/etc/sysconfig/sshd
626 cp -p %{SOURCE5} $RPM_BUILD_ROOT/etc/profile.d
627 ln -sf /etc/profile.d/ssh-agent.sh $RPM_BUILD_ROOT/etc/X11/xinit/xinitrc.d/ssh-agent.sh
628 cp -p %{SOURCE6} $RPM_BUILD_ROOT%{_sysconfdir}
629 cp -p %{SOURCE7} $RPM_BUILD_ROOT%{schemadir}
631 cp -p %{SOURCE9} %{SOURCE11} %{SOURCE12} $RPM_BUILD_ROOT%{systemdunitdir}
632 install -p %{SOURCE10} $RPM_BUILD_ROOT%{_libexecdir}/sshd-keygen
634 %{__sed} -i -e 's|@@LIBEXECDIR@@|%{_libexecdir}|g' \
635 $RPM_BUILD_ROOT/etc/rc.d/init.d/sshd \
636 $RPM_BUILD_ROOT%{systemdunitdir}/sshd.service \
637 $RPM_BUILD_ROOT%{_libexecdir}/sshd-keygen
640 install -p contrib/gnome-ssh-askpass1 $RPM_BUILD_ROOT%{_libexecdir}/ssh/ssh-askpass
643 install -p contrib/gnome-ssh-askpass2 $RPM_BUILD_ROOT%{_libexecdir}/ssh/ssh-askpass
645 %if %{with gnome} || %{with gtk}
646 cat << 'EOF' >$RPM_BUILD_ROOT/etc/env.d/GNOME_SSH_ASKPASS_GRAB_SERVER
647 #GNOME_SSH_ASKPASS_GRAB_SERVER="true"
649 cat << 'EOF' >$RPM_BUILD_ROOT/etc/env.d/GNOME_SSH_ASKPASS_GRAB_POINTER
650 #GNOME_SSH_ASKPASS_GRAB_POINTER="true"
652 ln -s %{_libexecdir}/ssh/ssh-askpass $RPM_BUILD_ROOT%{_libexecdir}/ssh-askpass
655 install -p contrib/ssh-copy-id $RPM_BUILD_ROOT%{_bindir}
656 cp -p contrib/ssh-copy-id.1 $RPM_BUILD_ROOT%{_mandir}/man1
658 %{__rm} $RPM_BUILD_ROOT%{_mandir}/man1/slogin.1
659 echo ".so ssh.1" > $RPM_BUILD_ROOT%{_mandir}/man1/slogin.1
661 touch $RPM_BUILD_ROOT/etc/security/blacklist.sshd
663 cat << 'EOF' > $RPM_BUILD_ROOT/etc/env.d/SSH_ASKPASS
664 #SSH_ASKPASS="%{_libexecdir}/ssh-askpass"
667 %if "%{pld_release}" == "ac"
668 # not present in ac, no point searching it
669 %{__sed} -i -e '/pam_keyinit.so/d' $RPM_BUILD_ROOT/etc/pam.d/sshd
670 # openssl on ac does not have OPENSSL_HAS_ECC
671 %{__sed} -i -e '/ecdsa/d' $RPM_BUILD_ROOT%{_libexecdir}/sshd-keygen
675 # remove recording user's login uid to the process attribute
676 %{__sed} -i -e '/pam_loginuid.so/d' $RPM_BUILD_ROOT/etc/pam.d/sshd
679 %{__rm} $RPM_BUILD_ROOT%{_mandir}/README.openssh-non-english-man-pages
680 %{?with_ldap:%{__rm} $RPM_BUILD_ROOT%{_sysconfdir}/ldap.conf}
683 rm -rf $RPM_BUILD_ROOT
694 %postun gnome-askpass
698 %useradd -P %{name}-server -u 40 -d %{_privsepdir} -s /bin/false -c "OpenSSH PrivSep User" -g nobody sshd
701 /sbin/chkconfig --add sshd
702 %service sshd reload "OpenSSH Daemon"
704 %systemd_post sshd.service
707 if [ "$1" = "0" ]; then
709 /sbin/chkconfig --del sshd
711 %systemd_preun sshd.service
714 if [ "$1" = "0" ]; then
719 %triggerpostun server -- %{name}-server < 2:7.0p1-2
720 %banner %{name}-server -e << EOF
721 !!!!!!!!!!!!!!!!!!!!!!! WARNING !!!!!!!!!!!!!!!!!!!
722 ! Starting from openssh 7.0 DSA keys are disabled !
723 ! on server and client side. You will NOT be able !
724 ! to use DSA keys for authentication. Please read !
725 ! about PubkeyAcceptedKeyTypes in man ssh_config. !
726 !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
729 %triggerpostun server -- %{name}-server < 6.2p1-1
730 cp -f %{_sysconfdir}/sshd_config{,.rpmorig}
731 sed -i -e 's#AuthorizedKeysCommandRunAs#AuthorizedKeysCommandUser##g' %{_sysconfdir}/sshd_config
733 %triggerpostun server -- %{name}-server < 2:5.9p1-8
734 # lpk.patch to ldap.patch
735 if grep -qE '^(UseLPK|Lpk)' %{_sysconfdir}/sshd_config; then
736 echo >&2 "Migrating LPK patch to LDAP patch"
737 cp -f %{_sysconfdir}/sshd_config{,.rpmorig}
739 # disable old configs
740 # just UseLPK/LkpLdapConf supported for now
741 s/^\s*UseLPK/## Obsolete &/
742 s/^\s*Lpk/## Obsolete &/
743 # Enable new ones, assumes /etc/ldap.conf defaults, see HOWTO.ldap-keys
744 /UseLPK/iAuthorizedKeysCommand %{_libexecdir}/ssh-ldap-wrapper
745 ' %{_sysconfdir}/sshd_config
746 if [ ! -x /bin/systemd_booted ] || ! /bin/systemd_booted; then
747 /bin/systemctl try-restart sshd.service || :
749 %service -q sshd reload
752 %systemd_trigger sshd.service
753 if [ -x /bin/systemd_booted ] && /bin/systemd_booted; then
754 %banner %{name}-server -e << EOF
755 !!!!!!!!!!!!!!!!!!!!!!! WARNING !!!!!!!!!!!!!!!!!!!!!!!!!
756 ! Native systemd support for sshd has been installed. !
757 ! Restarting sshd.service with systemctl WILL kill all !
758 ! active ssh sessions (daemon as such will be started). !
759 !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
763 %post -n openldap-schema-openssh-lpk
764 %openldap_schema_register %{schemadir}/openssh-lpk.schema
765 %service -q ldap restart
767 %postun -n openldap-schema-openssh-lpk
768 if [ "$1" = "0" ]; then
769 %openldap_schema_unregister %{schemadir}/openssh-lpk.schema
770 %service -q ldap restart
774 %defattr(644,root,root,755)
775 %doc TODO README OVERVIEW CREDITS Change*
776 %attr(755,root,root) %{_bindir}/ssh-key*
777 #%attr(755,root,root) %{_bindir}/ssh-vulnkey*
778 %{_mandir}/man1/ssh-key*.1*
779 #%{_mandir}/man1/ssh-vulnkey*.1*
784 %defattr(644,root,root,755)
785 %attr(755,root,root) %{_bindir}/ssh
786 %attr(755,root,root) %{_bindir}/slogin
787 %attr(755,root,root) %{_bindir}/sftp
788 %attr(755,root,root) %{_bindir}/ssh-agent
789 %attr(755,root,root) %{_bindir}/ssh-add
790 %attr(755,root,root) %{_bindir}/ssh-copy-id
791 %attr(755,root,root) %{_bindir}/scp
792 %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/ssh_config
793 %config(noreplace,missingok) %verify(not md5 mtime size) /etc/env.d/SSH_ASKPASS
794 %{_mandir}/man1/scp.1*
795 %{_mandir}/man1/ssh.1*
796 %{_mandir}/man1/slogin.1*
797 %{_mandir}/man1/sftp.1*
798 %{_mandir}/man1/ssh-agent.1*
799 %{_mandir}/man1/ssh-add.1*
800 %{_mandir}/man1/ssh-copy-id.1*
801 %{_mandir}/man5/ssh_config.5*
802 %lang(it) %{_mandir}/it/man1/ssh.1*
803 %lang(it) %{_mandir}/it/man5/ssh_config.5*
804 %lang(pl) %{_mandir}/pl/man1/scp.1*
805 %lang(zh_CN) %{_mandir}/zh_CN/man1/scp.1*
807 # for host-based auth (suid required for accessing private host key)
808 #%attr(4755,root,root) %{_libexecdir}/ssh-keysign
809 #%{_mandir}/man8/ssh-keysign.8*
811 %files clients-agent-profile_d
812 %defattr(644,root,root,755)
813 %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/ssh-agent.conf
814 %attr(755,root,root) /etc/profile.d/ssh-agent.sh
816 %files clients-agent-xinitrc
817 %defattr(644,root,root,755)
818 %attr(755,root,root) /etc/X11/xinit/xinitrc.d/ssh-agent.sh
821 %defattr(644,root,root,755)
822 %attr(755,root,root) %{_sbindir}/sshd
823 %attr(755,root,root) %{_libexecdir}/sftp-server
824 %attr(755,root,root) %{_libexecdir}/ssh-keysign
825 %attr(755,root,root) %{_libexecdir}/ssh-pkcs11-helper
826 %attr(755,root,root) %{_libexecdir}/sshd-keygen
827 %{_mandir}/man8/sshd.8*
828 %{_mandir}/man8/sftp-server.8*
829 %{_mandir}/man8/ssh-keysign.8*
830 %{_mandir}/man8/ssh-pkcs11-helper.8*
831 %{_mandir}/man5/sshd_config.5*
832 %{_mandir}/man5/moduli.5*
833 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/sshd_config
834 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/pam.d/sshd
835 %attr(640,root,root) %{_sysconfdir}/moduli
836 %attr(754,root,root) /etc/rc.d/init.d/sshd
837 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/sysconfig/sshd
838 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/security/blacklist.sshd
839 %{systemdunitdir}/sshd.service
840 %{systemdunitdir}/sshd.socket
841 %{systemdunitdir}/sshd@.service
845 %defattr(644,root,root,755)
846 %doc HOWTO.ldap-keys ldap.conf
847 %attr(755,root,root) %{_libexecdir}/ssh-ldap-helper
848 %attr(755,root,root) %{_libexecdir}/ssh-ldap-wrapper
849 %{_mandir}/man5/ssh-ldap.conf.5*
850 %{_mandir}/man8/ssh-ldap-helper.8*
853 %if %{with gnome} || %{with gtk}
855 %defattr(644,root,root,755)
856 %config(noreplace,missingok) %verify(not md5 mtime size) /etc/env.d/GNOME_SSH_ASKPASS*
857 %dir %{_libexecdir}/ssh
858 %attr(755,root,root) %{_libexecdir}/ssh/ssh-askpass
859 %attr(755,root,root) %{_libexecdir}/ssh-askpass
863 %files -n openldap-schema-openssh-lpk
864 %defattr(644,root,root,755)
865 %{schemadir}/openssh-lpk.schema