2 # - add trigger to enable this:
3 # * sshd(8): This release turns on pre-auth sandboxing sshd by default for
4 # new installs, by setting UsePrivilegeSeparation=sandbox in sshd_config.
7 %bcond_without audit # sshd audit support
8 %bcond_with gnome # with gnome-askpass (GNOME 1.x) utility
9 %bcond_without gtk # without GTK+ (2.x)
10 %bcond_without ldap # with ldap support
11 %bcond_without libedit # without libedit (editline/history support in sftp client)
12 %bcond_without kerberos5 # without kerberos5 support
13 %bcond_without selinux # build without SELinux support
14 %bcond_with hpn # High Performance SSH/SCP - HPN-SSH including Cipher NONE (broken too often)
17 # gtk2-based gnome-askpass means no gnome1-based
18 %{?with_gtk:%undefine with_gnome}
20 %if "%{pld_release}" == "ac"
21 %define pam_ver 0.79.0
23 %define pam_ver 1:1.1.5-5
25 Summary: OpenSSH free Secure Shell (SSH) implementation
26 Summary(de.UTF-8): OpenSSH - freie Implementation der Secure Shell (SSH)
27 Summary(es.UTF-8): Implementación libre de SSH
28 Summary(fr.UTF-8): Implémentation libre du shell sécurisé OpenSSH (SSH)
29 Summary(it.UTF-8): Implementazione gratuita OpenSSH della Secure Shell
30 Summary(pl.UTF-8): Publicznie dostępna implementacja bezpiecznego shella (SSH)
31 Summary(pt.UTF-8): Implementação livre OpenSSH do protocolo 'Secure Shell' (SSH)
32 Summary(pt_BR.UTF-8): Implementação livre do SSH
33 Summary(ru.UTF-8): OpenSSH - свободная реализация протокола Secure Shell (SSH)
34 Summary(uk.UTF-8): OpenSSH - вільна реалізація протоколу Secure Shell (SSH)
40 Group: Applications/Networking
41 Source0: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/%{name}-%{version}.tar.gz
42 # Source0-md5: a084e7272b8cbd25afe0f5dce4802fef
43 Source1: http://www.mif.pg.gda.pl/homepages/ankry/man-PLD/%{name}-non-english-man-pages.tar.bz2
44 # Source1-md5: 66943d481cc422512b537bcc2c7400d1
45 Source2: %{name}d.init
46 Source3: %{name}d.pamd
47 Source4: %{name}.sysconfig
49 Source6: ssh-agent.conf
50 Source7: %{name}-lpk.schema
51 Source8: %{name}d.upstart
55 Source12: sshd@.service
56 Patch0: %{name}-no_libnsl.patch
57 Patch2: %{name}-pam_misc.patch
58 Patch3: %{name}-sigpipe.patch
59 # http://pkgs.fedoraproject.org/gitweb/?p=openssh.git;a=tree
60 Patch4: %{name}-ldap.patch
61 Patch5: %{name}-ldap-fixes.patch
62 Patch8: ldap.conf.patch
63 Patch6: %{name}-config.patch
64 Patch7: ldap-helper-sigpipe.patch
66 # High Performance SSH/SCP - HPN-SSH - http://www.psc.edu/networking/projects/hpn-ssh/
67 # http://www.psc.edu/networking/projects/hpn-ssh/openssh-5.2p1-hpn13v6.diff.gz
68 Patch9: %{name}-5.2p1-hpn13v6.diff
69 Patch10: %{name}-include.patch
70 Patch11: %{name}-chroot.patch
72 Patch14: %{name}-bind.patch
73 Patch15: %{name}-disable_ldap.patch
74 URL: http://www.openssh.com/portable.html
75 BuildRequires: %{__perl}
76 %{?with_tests:BuildRequires: %{name}-server}
77 %{?with_audit:BuildRequires: audit-libs-devel}
78 BuildRequires: autoconf >= 2.50
79 BuildRequires: automake
80 %{?with_gnome:BuildRequires: gnome-libs-devel}
81 %{?with_gtk:BuildRequires: gtk+2-devel}
82 %{?with_kerberos5:BuildRequires: heimdal-devel >= 0.7}
83 %{?with_libedit:BuildRequires: libedit-devel}
84 %{?with_selinux:BuildRequires: libselinux-devel}
85 BuildRequires: libwrap-devel
86 %{?with_ldap:BuildRequires: openldap-devel}
87 BuildRequires: openssl-devel >= 0.9.7d
88 BuildRequires: pam-devel
89 %{?with_gtk:BuildRequires: pkgconfig}
90 BuildRequires: rpm >= 4.4.9-56
91 BuildRequires: rpmbuild(macros) >= 1.627
92 BuildRequires: sed >= 4.0
93 BuildRequires: zlib-devel >= 1.2.3
94 Requires: zlib >= 1.2.3
95 %if "%{pld_release}" == "ac"
96 Requires: filesystem >= 2.0-1
97 Requires: pam >= 0.79.0
99 Requires: filesystem >= 3.0-11
100 Requires: pam >= %{pam_ver}
101 Suggests: xorg-app-xauth
104 BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
106 %define _sysconfdir /etc/ssh
107 %define _libexecdir %{_libdir}/%{name}
108 %define _privsepdir /usr/share/empty
109 %define schemadir /usr/share/openldap/schema
112 Ssh (Secure Shell) a program for logging into a remote machine and for
113 executing commands in a remote machine. It is intended to replace
114 rlogin and rsh, and provide secure encrypted communications between
115 two untrusted hosts over an insecure network. X11 connections and
116 arbitrary TCP/IP ports can also be forwarded over the secure channel.
118 OpenSSH is OpenBSD's rework of the last free version of SSH, bringing
119 it up to date in terms of security and features, as well as removing
120 all patented algorithms to seperate libraries (OpenSSL).
122 This package includes the core files necessary for both the OpenSSH
123 client and server. To make this package useful, you should also
124 install openssh-clients, openssh-server, or both.
127 This release includes High Performance SSH/SCP patches from
128 http://www.psc.edu/networking/projects/hpn-ssh/ which are supposed to
129 increase throughput on fast connections with high RTT (20-150 msec).
130 See the website for '-w' values for your connection and /proc/sys TCP
131 values. BTW. in a LAN you have got generally RTT < 1 msec.
134 %description -l de.UTF-8
135 OpenSSH (Secure Shell) stellt den Zugang zu anderen Rechnern her. Es
136 ersetzt telnet, rlogin, rexec und rsh und stellt eine sichere,
137 verschlüsselte Verbindung zwischen zwei nicht vertrauenswürdigen Hosts
138 über eine unsicheres Netzwerk her. X11 Verbindungen und beliebige
139 andere TCP/IP Ports können ebenso über den sicheren Channel
140 weitergeleitet werden.
142 %description -l es.UTF-8
143 SSH es un programa para accesar y ejecutar órdenes en computadores
144 remotos. Sustituye rlogin y rsh, y suministra un canal de comunicación
145 seguro entre dos servidores en una red insegura. Conexiones X11 y
146 puertas TCP/IP arbitrárias también pueden ser usadas por el canal
149 OpenSSH es el resultado del trabajo del equipo de OpenBSD para
150 continuar la última versión gratuita de SSH, actualizándolo en
151 términos de seguridad y recursos,así también eliminando todos los
152 algoritmos patentados y colocándolos en bibliotecas separadas
155 Este paquete contiene "port" para Linux de OpenSSH. Se debe instalar
156 también el paquete openssh-clients u openssh-server o ambos.
158 %description -l fr.UTF-8
159 OpenSSH (Secure Shell) fournit un accès à un système distant. Il
160 remplace telnet, rlogin, rexec et rsh, tout en assurant des
161 communications cryptées securisées entre deux hôtes non fiabilisés sur
162 un réseau non sécurisé. Des connexions X11 et des ports TCP/IP
163 arbitraires peuvent également être transmis sur le canal sécurisé.
165 %description -l it.UTF-8
166 OpenSSH (Secure Shell) fornisce l'accesso ad un sistema remoto.
167 Sostituisce telnet, rlogin, rexec, e rsh, e fornisce comunicazioni
168 sicure e crittate tra due host non fidati su una rete non sicura. Le
169 connessioni X11 ad una porta TCP/IP arbitraria possono essere
170 inoltrate attraverso un canale sicuro.
172 %description -l pl.UTF-8
173 Ssh (Secure Shell) to program służący do logowania się na zdalną
174 maszynę i uruchamiania na niej aplikacji. W zamierzeniu openssh ma
175 zastąpić rlogin, rsh i dostarczyć bezpieczne, szyfrowane połączenie
176 pomiędzy dwoma hostami.
178 Ten pakiet zawiera podstawowe pliki potrzebne zarówno po stronie
179 klienta jak i serwera OpenSSH. Aby był użyteczny, trzeba zainstalować
180 co najmniej jeden z pakietów: openssh-clients lub openssh-server.
183 Ta wersja zawiera łaty z projektu High Performance SSH/SCP
184 http://www.psc.edu/networking/projects/hpn-ssh/, które mają na celu
185 zwiększenie przepustowości transmisji dla szybkich połączeń z dużym
186 RTT (20-150 msec). Na stronie projektu znaleźć można odpowednie dla
187 danego połączenia wartości parametru '-w' oraz opcje /proc/sys dla
188 TCP. Nawiasem mówiąc w sieciach LAN RTT < 1 msec.
191 %description -l pt.UTF-8
192 OpenSSH (Secure Shell) fornece acesso a um sistema remoto. Substitui o
193 telnet, rlogin, rexec, e o rsh e fornece comunicações seguras e
194 cifradas entre duas máquinas sem confiança mútua sobre uma rede
195 insegura. Ligações X11 e portos TCP/IP arbitrários também poder ser
196 reenviados pelo canal seguro.
198 %description -l pt_BR.UTF-8
199 SSH é um programa para acessar e executar comandos em máquinas
200 remotas. Ele substitui rlogin e rsh, e provem um canal de comunicação
201 seguro entre dois hosts em uma rede insegura. Conexões X11 e portas
202 TCP/IP arbitrárias também podem ser usadas pelo canal seguro.
204 OpenSSH é o resultado do trabalho da equipe do OpenBSD em continuar a
205 última versão gratuita do SSH, atualizando-o em termos de segurança e
206 recursos, assim como removendo todos os algoritmos patenteados e
207 colocando-os em bibliotecas separadas (OpenSSL).
209 Esse pacote contém o "port" pra Linux do OpenSSH. Você deve instalar
210 também ou o pacote openssh-clients, ou o openssh-server, ou ambos.
212 %description -l ru.UTF-8
213 Ssh (Secure Shell) - это программа для "захода" (login) на удаленную
214 машину и для выполнения команд на удаленной машине. Она предназначена
215 для замены rlogin и rsh и обеспечивает безопасную шифрованную
216 коммуникацию между двумя хостами в сети, являющейся небезопасной.
217 Соединения X11 и любые порты TCP/IP могут также быть проведены через
220 OpenSSH - это переделка командой разработчиков OpenBSD последней
221 свободной версии SSH, доведенная до современного состояния в терминах
222 уровня безопасности и поддерживаемых возможностей. Все патентованные
223 алгоритмы вынесены в отдельные библиотеки (OpenSSL).
225 Этот пакет содержит файлы, необходимые как для клиента, так и для
226 сервера OpenSSH. Вам нужно будет установить еще openssh-clients,
227 openssh-server, или оба пакета.
229 %description -l uk.UTF-8
230 Ssh (Secure Shell) - це програма для "заходу" (login) до віддаленої
231 машини та для виконання команд на віддаленій машині. Вона призначена
232 для заміни rlogin та rsh і забезпечує безпечну шифровану комунікацію
233 між двома хостами в мережі, яка не є безпечною. З'єднання X11 та
234 довільні порти TCP/IP можуть також бути проведені через безпечний
237 OpenSSH - це переробка командою розробників OpenBSD останньої вільної
238 версії SSH, доведена до сучасного стану в термінах рівня безпеки та
239 підтримуваних можливостей. Всі патентовані алгоритми винесені до
240 окремих бібліотек (OpenSSL).
242 Цей пакет містить файли, необхідні як для клієнта, так і для сервера
243 OpenSSH. Вам потрібно буде ще встановити openssh-clients,
244 openssh-server, чи обидва пакети.
247 Summary: OpenSSH Secure Shell protocol clients
248 Summary(es.UTF-8): Clientes de OpenSSH
249 Summary(pl.UTF-8): Klienci protokołu Secure Shell
250 Summary(pt_BR.UTF-8): Clientes do OpenSSH
251 Summary(ru.UTF-8): OpenSSH - клиенты протокола Secure Shell
252 Summary(uk.UTF-8): OpenSSH - клієнти протоколу Secure Shell
253 Group: Applications/Networking
255 Provides: ssh-clients
256 Obsoletes: ssh-clients
257 %requires_eq_to openssl openssl-devel
260 Ssh (Secure Shell) a program for logging into a remote machine and for
261 executing commands in a remote machine. It is intended to replace
262 rlogin and rsh, and provide secure encrypted communications between
263 two untrusted hosts over an insecure network. X11 connections and
264 arbitrary TCP/IP ports can also be forwarded over the secure channel.
266 OpenSSH is OpenBSD's rework of the last free version of SSH, bringing
267 it up to date in terms of security and features, as well as removing
268 all patented algorithms to seperate libraries (OpenSSL).
270 This package includes the clients necessary to make encrypted
271 connections to SSH servers.
273 %description clients -l es.UTF-8
274 Este paquete incluye los clientes que se necesitan para hacer
275 conexiones codificadas con servidores SSH.
277 %description clients -l pl.UTF-8
278 Ssh (Secure Shell) to program służący do logowania się na zdalną
279 maszynę i uruchamiania na niej aplikacji. W zamierzeniu openssh ma
280 zastąpić rlogin, rsh i dostarczyć bezpieczne, szyfrowane połączenie
281 pomiędzy dwoma hostami.
283 Ten pakiet zawiera klientów służących do łączenia się z serwerami SSH.
285 %description clients -l pt_BR.UTF-8
286 Esse pacote inclui os clientes necessários para fazer conexões
287 encriptadas com servidores SSH.
289 %description clients -l ru.UTF-8
290 Ssh (Secure Shell) - это программа для "захода" (login) на удаленную
291 машину и для выполнения команд на удаленной машине.
293 Этот пакет содержит программы-клиенты, необходимые для установления
294 зашифрованных соединений с серверами SSH.
296 %description clients -l uk.UTF-8
297 Ssh (Secure Shell) - це програма для "заходу" (login) до віддаленої
298 машини та для виконання команд на віддаленій машині.
300 Цей пакет містить програми-клієнти, необхідні для встановлення
301 зашифрованих з'єднань з серверами SSH.
303 %package clients-agent-profile_d
304 Summary: OpenSSH Secure Shell agent init script
305 Summary(pl.UTF-8): Skrypt startowy agenta OpenSSH
306 Group: Applications/Networking
307 Requires: %{name}-clients = %{epoch}:%{version}-%{release}
309 %description clients-agent-profile_d
310 profile.d scripts for starting SSH agent.
312 %description clients-agent-profile_d -l pl.UTF-8
313 Skrypty profile.d do uruchamiania agenta SSH.
315 %package clients-agent-xinitrc
316 Summary: OpenSSH Secure Shell agent init script
317 Summary(pl.UTF-8): Skrypt inicjujący agenta ssh przez xinitrc
318 Group: Applications/Networking
319 Requires: %{name}-clients-agent-profile_d = %{epoch}:%{version}-%{release}
322 %description clients-agent-xinitrc
323 xinitrc scripts for starting SSH agent.
325 %description clients-agent-xinitrc -l pl.UTF-8
326 Skrypty xinitrc do uruchamiania agenta SSH.
329 Summary: OpenSSH Secure Shell protocol server (sshd)
330 Summary(de.UTF-8): OpenSSH Secure Shell Protocol-Server (sshd)
331 Summary(es.UTF-8): Servidor OpenSSH para comunicaciones codificadas
332 Summary(fr.UTF-8): Serveur de protocole du shell sécurisé OpenSSH (sshd)
333 Summary(it.UTF-8): Server OpenSSH per il protocollo Secure Shell (sshd)
334 Summary(pl.UTF-8): Serwer protokołu Secure Shell (sshd)
335 Summary(pt.UTF-8): Servidor do protocolo 'Secure Shell' OpenSSH (sshd)
336 Summary(pt_BR.UTF-8): Servidor OpenSSH para comunicações encriptadas
337 Summary(ru.UTF-8): OpenSSH - сервер протокола Secure Shell (sshd)
338 Summary(uk.UTF-8): OpenSSH - сервер протоколу Secure Shell (sshd)
339 Group: Networking/Daemons
340 Requires(post): /sbin/chkconfig
342 Requires(post,preun): /sbin/chkconfig
343 Requires(postun): /usr/sbin/userdel
344 Requires(pre): /bin/id
345 Requires(pre): /usr/sbin/useradd
346 Requires(post,preun,postun): systemd-units >= 38
347 Requires: %{name} = %{epoch}:%{version}-%{release}
348 Requires: pam >= %{pam_ver}
349 Requires: rc-scripts >= 0.4.3.0
350 Requires: systemd-units >= 38
352 %{?with_ldap:Suggests: %{name}-server-ldap}
354 Suggests: xorg-app-xauth
357 %requires_eq_to openssl openssl-devel
360 Ssh (Secure Shell) a program for logging into a remote machine and for
361 executing commands in a remote machine. It is intended to replace
362 rlogin and rsh, and provide secure encrypted communications between
363 two untrusted hosts over an insecure network. X11 connections and
364 arbitrary TCP/IP ports can also be forwarded over the secure channel.
366 OpenSSH is OpenBSD's rework of the last free version of SSH, bringing
367 it up to date in terms of security and features, as well as removing
368 all patented algorithms to seperate libraries (OpenSSL).
370 This package contains the secure shell daemon. The sshd is the server
371 part of the secure shell protocol and allows ssh clients to connect to
374 %description server -l de.UTF-8
375 Dieses Paket installiert den sshd, den Server-Teil der OpenSSH.
377 %description server -l es.UTF-8
378 Este paquete contiene el servidor SSH. sshd es la parte servidor del
379 protocolo secure shell y permite que clientes ssh se conecten a su
382 %description server -l fr.UTF-8
383 Ce paquetage installe le 'sshd', partie serveur de OpenSSH.
385 %description server -l it.UTF-8
386 Questo pacchetto installa sshd, il server di OpenSSH.
388 %description server -l pl.UTF-8
389 Ssh (Secure Shell) to program służący do logowania się na zdalną
390 maszynę i uruchamiania na niej aplikacji. W zamierzeniu openssh ma
391 zastąpić rlogin, rsh i dostarczyć bezpieczne, szyfrowane połączenie
392 pomiędzy dwoma hostami.
394 Ten pakiet zawiera serwer sshd (do którego mogą łączyć się klienci
397 %description server -l pt.UTF-8
398 Este pacote intala o sshd, o servidor do OpenSSH.
400 %description server -l pt_BR.UTF-8
401 Esse pacote contém o servidor SSH. O sshd é a parte servidor do
402 protocolo secure shell e permite que clientes ssh se conectem ao seu
405 %description server -l ru.UTF-8
406 Ssh (Secure Shell) - это программа для "захода" (login) на удаленную
407 машину и для выполнения команд на удаленной машине.
409 Этот пакет содержит sshd - "демон" Secure Shell. sshd - это серверная
410 часть протокола Secure Shell, позволяющая клиентам ssh соединяться с
413 %description server -l uk.UTF-8
414 Ssh (Secure Shell) - це програма для "заходу" (login) до віддаленої
415 машини та для виконання команд на віддаленій машині.
417 Цей пакет містить sshd - "демон" Secure Shell. sshd - це серверна
418 частина протоколу Secure Shell, яка дозволяє клієнтам ssh зв'язуватись
422 Summary: A LDAP support for open source SSH server daemon
423 Summary(pl.UTF-8): Wsparcie LDAP dla serwera OpenSSH
425 Requires: %{name} = %{epoch}:%{version}-%{release}
426 Requires: openldap-nss-config
428 %description server-ldap
429 OpenSSH LDAP backend is a way how to distribute the authorized tokens
430 among the servers in the network.
432 %description server-ldap -l pl.UTF-8
433 Backend LDAP dla OpenSSH to metoda rozprowadzania autoryzowanych
434 tokenów między serwerami w sieci.
436 %package server-upstart
437 Summary: Upstart job description for OpenSSH server
438 Summary(pl.UTF-8): Opis zadania Upstart dla serwera OpenSSH
440 Requires: %{name}-server = %{epoch}:%{version}-%{release}
441 Requires: upstart >= 0.6
442 Conflicts: syslog-ng < 3.2.4-1
444 %description server-upstart
445 Upstart job description for OpenSSH.
447 %description server-upstart -l pl.UTF-8
448 Opis zadania Upstart dla OpenSSH.
450 %package gnome-askpass
451 Summary: OpenSSH GNOME passphrase dialog
452 Summary(de.UTF-8): OpenSSH GNOME Passwort-Dialog
453 Summary(es.UTF-8): Diálogo para introducción de passphrase para GNOME
454 Summary(fr.UTF-8): Dialogue pass-phrase GNOME d'OpenSSH
455 Summary(it.UTF-8): Finestra di dialogo GNOME per la frase segreta di OpenSSH
456 Summary(pl.UTF-8): Odpytywacz hasła OpenSSH dla GNOME
457 Summary(pt.UTF-8): Diálogo de pedido de senha para GNOME do OpenSSH
458 Summary(pt_BR.UTF-8): Diálogo para entrada de passphrase para GNOME
459 Summary(ru.UTF-8): OpenSSH - диалог ввода ключевой фразы (passphrase) для GNOME
460 Summary(uk.UTF-8): OpenSSH - діалог вводу ключової фрази (passphrase) для GNOME
461 Group: Applications/Networking
462 Requires: %{name} = %{epoch}:%{version}-%{release}
463 Obsoletes: openssh-askpass
464 Obsoletes: ssh-askpass
465 Obsoletes: ssh-extras
467 %description gnome-askpass
468 Ssh (Secure Shell) a program for logging into a remote machine and for
469 executing commands in a remote machine. It is intended to replace
470 rlogin and rsh, and provide secure encrypted communications between
471 two untrusted hosts over an insecure network. X11 connections and
472 arbitrary TCP/IP ports can also be forwarded over the secure channel.
474 OpenSSH is OpenBSD's rework of the last free version of SSH, bringing
475 it up to date in terms of security and features, as well as removing
476 all patented algorithms to seperate libraries (OpenSSL).
478 This package contains the GNOME passphrase dialog.
480 %description gnome-askpass -l es.UTF-8
481 Este paquete contiene un programa que abre una caja de diálogo para
482 entrada de passphrase en GNOME.
484 %description gnome-askpass -l pl.UTF-8
485 Ssh (Secure Shell) to program służący do logowania się na zdalną
486 maszynę i uruchamiania na niej aplikacji. W zamierzeniu openssh ma
487 zastąpić rlogin, rsh i dostarczyć bezpieczne, szyfrowane połączenie
488 pomiędzy dwoma hostami.
490 Ten pakiet zawiera ,,odpytywacz hasła'' dla GNOME.
492 %description gnome-askpass -l pt_BR.UTF-8
493 Esse pacote contém um programa que abre uma caixa de diálogo para
494 entrada de passphrase no GNOME.
496 %description gnome-askpass -l ru.UTF-8
497 Ssh (Secure Shell) - это программа для "захода" (login) на удаленную
498 машину и для выполнения команд на удаленной машине.
500 Этот пакет содержит диалог ввода ключевой фразы для использования под
503 %description gnome-askpass -l uk.UTF-8
504 Ssh (Secure Shell) - це програма для "заходу" (login) до віддаленої
505 машини та для виконання команд на віддаленій машині.
507 Цей пакет містить діалог вводу ключової фрази для використання під
510 %package -n openldap-schema-openssh-lpk
511 Summary: OpenSSH LDAP Public Key schema
512 Summary(pl.UTF-8): Schemat klucza publicznego LDAP dla OpenSSH
513 Group: Networking/Daemons
514 Requires(post,postun): sed >= 4.0
515 Requires: openldap-servers
516 %if "%{_rpmversion}" >= "5"
520 %description -n openldap-schema-openssh-lpk
521 This package contains OpenSSH LDAP Public Key schema for openldap.
523 %description -n openldap-schema-openssh-lpk -l pl.UTF-8
524 Ten pakiet zawiera schemat klucza publicznego LDAP dla OpenSSH dla
538 %{?with_hpn:%patch9 -p1}
543 %{!?with_ldap:%patch15 -p1}
545 %if "%{pld_release}" == "ac"
546 # fix for missing x11.pc
547 %{__sed} -i -e '/pkg-config/s/ x11//' contrib/Makefile
550 # hack since arc4random from openbsd-compat needs symbols from libssh and vice versa
551 sed -i -e 's#-lssh -lopenbsd-compat#-lssh -lopenbsd-compat -lssh#g' Makefile*
553 grep -rl /usr/libexec/openssh/ssh-ldap-helper . | xargs \
554 %{__sed} -i -e 's,/usr/libexec/openssh/ssh-ldap-helper,%{_libexecdir}/ssh-ldap-helper,'
557 cp /usr/share/automake/config.sub .
568 %{?with_audit:--with-audit=linux} \
569 --with-ipaddr-display \
570 %{?with_kerberos5:--with-kerberos5=/usr} \
571 --with-ldap%{!?with_ldap:=no} \
572 %{?with_libedit:--with-libedit} \
574 --with-md5-passwords \
576 --with-pid-dir=%{_localstatedir}/run \
577 --with-privsep-path=%{_privsepdir} \
578 --with-sandbox=seccomp_filter \
579 %{?with_selinux:--with-selinux} \
580 --with-tcp-wrappers \
581 %if "%{pld_release}" == "ac"
582 --with-xauth=/usr/X11R6/bin/xauth
584 --with-xauth=%{_bindir}/xauth
587 echo '#define LOGIN_PROGRAM "/bin/login"' >>config.h
591 %{?with_tests:%{__make} tests}
595 %{__make} gnome-ssh-askpass1 \
596 CC="%{__cc} %{rpmldflags} %{rpmcflags}"
599 %{__make} gnome-ssh-askpass2 \
600 CC="%{__cc} %{rpmldflags} %{rpmcflags}"
604 rm -rf $RPM_BUILD_ROOT
605 install -d $RPM_BUILD_ROOT{%{_sysconfdir},/etc/{init,pam.d,rc.d/init.d,sysconfig,security,env.d}} \
606 $RPM_BUILD_ROOT{%{_libexecdir}/ssh,%{schemadir},%{systemdunitdir}}
607 install -d $RPM_BUILD_ROOT/etc/{profile.d,X11/xinit/xinitrc.d}
610 DESTDIR=$RPM_BUILD_ROOT
612 bzip2 -dc %{SOURCE1} | tar xf - -C $RPM_BUILD_ROOT%{_mandir}
614 cp -p %{SOURCE3} sshd.pam
615 install -p %{SOURCE2} sshd.init
617 %if "%{pld_release}" == "ac"
618 # not present in ac, no point searching it
619 %{__sed} -i -e '/pam_keyinit.so/d' sshd.pam
620 # openssl on ac does not have OPENSSL_HAS_ECC
621 %{__sed} -i -e '/ecdsa/d' sshd.init
625 # remove recording user's login uid to the process attribute
626 %{__sed} -i -e '/pam_loginuid.so/d' sshd.pam
629 install -p sshd.init $RPM_BUILD_ROOT/etc/rc.d/init.d/sshd
630 cp -p sshd.pam $RPM_BUILD_ROOT/etc/pam.d/sshd
631 cp -p %{SOURCE4} $RPM_BUILD_ROOT/etc/sysconfig/sshd
632 cp -p %{SOURCE5} $RPM_BUILD_ROOT/etc/profile.d
633 ln -sf /etc/profile.d/ssh-agent.sh $RPM_BUILD_ROOT/etc/X11/xinit/xinitrc.d/ssh-agent.sh
634 cp -p %{SOURCE6} $RPM_BUILD_ROOT%{_sysconfdir}
635 cp -p %{SOURCE7} $RPM_BUILD_ROOT%{schemadir}
636 cp -p %{SOURCE8} $RPM_BUILD_ROOT/etc/init/sshd.conf
638 %{__sed} -e 's|@@LIBEXECDIR@@|%{_libexecdir}|g' %{SOURCE9} >$RPM_BUILD_ROOT%{systemdunitdir}/sshd.service
639 cp -p %{SOURCE10} $RPM_BUILD_ROOT%{_libexecdir}/sshd-keygen
641 cp -p %{SOURCE11} $RPM_BUILD_ROOT%{systemdunitdir}
642 cp -p %{SOURCE12} $RPM_BUILD_ROOT%{systemdunitdir}
645 install -p contrib/gnome-ssh-askpass1 $RPM_BUILD_ROOT%{_libexecdir}/ssh/ssh-askpass
648 install -p contrib/gnome-ssh-askpass2 $RPM_BUILD_ROOT%{_libexecdir}/ssh/ssh-askpass
650 %if %{with gnome} || %{with gtk}
651 cat << 'EOF' >$RPM_BUILD_ROOT/etc/env.d/GNOME_SSH_ASKPASS_GRAB_SERVER
652 #GNOME_SSH_ASKPASS_GRAB_SERVER="true"
654 cat << 'EOF' >$RPM_BUILD_ROOT/etc/env.d/GNOME_SSH_ASKPASS_GRAB_POINTER
655 #GNOME_SSH_ASKPASS_GRAB_POINTER="true"
657 ln -s %{_libexecdir}/ssh/ssh-askpass $RPM_BUILD_ROOT%{_libexecdir}/ssh-askpass
660 install -p contrib/ssh-copy-id $RPM_BUILD_ROOT%{_bindir}
661 cp -p contrib/ssh-copy-id.1 $RPM_BUILD_ROOT%{_mandir}/man1
663 %{__rm} $RPM_BUILD_ROOT%{_mandir}/man1/slogin.1
664 echo ".so ssh.1" > $RPM_BUILD_ROOT%{_mandir}/man1/slogin.1
666 touch $RPM_BUILD_ROOT/etc/security/blacklist.sshd
668 cat << 'EOF' > $RPM_BUILD_ROOT/etc/env.d/SSH_ASKPASS
669 #SSH_ASKPASS="%{_libexecdir}/ssh-askpass"
672 %{__rm} $RPM_BUILD_ROOT%{_mandir}/README.openssh-non-english-man-pages
673 %{?with_ldap:%{__rm} $RPM_BUILD_ROOT%{_sysconfdir}/ldap.conf}
676 rm -rf $RPM_BUILD_ROOT
687 %postun gnome-askpass
691 %useradd -P %{name}-server -u 40 -d %{_privsepdir} -s /bin/false -c "OpenSSH PrivSep User" -g nobody sshd
694 /sbin/chkconfig --add sshd
695 %service sshd reload "OpenSSH Daemon"
697 %systemd_post sshd.service
700 if [ "$1" = "0" ]; then
702 /sbin/chkconfig --del sshd
704 %systemd_preun sshd.service
707 if [ "$1" = "0" ]; then
712 %triggerpostun server -- %{name}-server < 6.2p1-1
713 cp -f %{_sysconfdir}/sshd_config{,.rpmorig}
714 sed -i -e 's#AuthorizedKeysCommandRunAs#AuthorizedKeysCommandUser##g' %{_sysconfdir}/sshd_config
716 %triggerpostun server -- %{name}-server < 2:5.9p1-8
717 # lpk.patch to ldap.patch
718 if grep -qE '^(UseLPK|Lpk)' %{_sysconfdir}/sshd_config; then
719 echo >&2 "Migrating LPK patch to LDAP patch"
720 cp -f %{_sysconfdir}/sshd_config{,.rpmorig}
722 # disable old configs
723 # just UseLPK/LkpLdapConf supported for now
724 s/^\s*UseLPK/## Obsolete &/
725 s/^\s*Lpk/## Obsolete &/
726 # Enable new ones, assumes /etc/ldap.conf defaults, see HOWTO.ldap-keys
727 /UseLPK/iAuthorizedKeysCommand %{_libexecdir}/ssh-ldap-wrapper
728 ' %{_sysconfdir}/sshd_config
729 if [ ! -x /bin/systemd_booted ] || ! /bin/systemd_booted; then
730 /bin/systemctl try-restart sshd.service || :
732 %service -q sshd reload
735 %systemd_trigger sshd.service
736 if [ -x /bin/systemd_booted ] && /bin/systemd_booted; then
737 %banner %{name}-server -e << EOF
738 !!!!!!!!!!!!!!!!!!!!!!! WARNING !!!!!!!!!!!!!!!!!!!!!!!!!
739 ! Native systemd support for sshd has been installed. !
740 ! Restarting sshd.service with systemctl WILL kill all !
741 ! active ssh sessions (daemon as such will be started). !
742 !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
749 %postun server-upstart
752 %post -n openldap-schema-openssh-lpk
753 %openldap_schema_register %{schemadir}/openssh-lpk.schema
754 %service -q ldap restart
756 %postun -n openldap-schema-openssh-lpk
757 if [ "$1" = "0" ]; then
758 %openldap_schema_unregister %{schemadir}/openssh-lpk.schema
759 %service -q ldap restart
763 %defattr(644,root,root,755)
764 %doc TODO README OVERVIEW CREDITS Change*
765 %attr(755,root,root) %{_bindir}/ssh-key*
766 #%attr(755,root,root) %{_bindir}/ssh-vulnkey*
767 %{_mandir}/man1/ssh-key*.1*
768 #%{_mandir}/man1/ssh-vulnkey*.1*
773 %defattr(644,root,root,755)
774 %attr(755,root,root) %{_bindir}/ssh
775 %attr(755,root,root) %{_bindir}/slogin
776 %attr(755,root,root) %{_bindir}/sftp
777 %attr(755,root,root) %{_bindir}/ssh-agent
778 %attr(755,root,root) %{_bindir}/ssh-add
779 %attr(755,root,root) %{_bindir}/ssh-copy-id
780 %attr(755,root,root) %{_bindir}/scp
781 %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/ssh_config
782 %config(noreplace,missingok) %verify(not md5 mtime size) /etc/env.d/SSH_ASKPASS
783 %{_mandir}/man1/scp.1*
784 %{_mandir}/man1/ssh.1*
785 %{_mandir}/man1/slogin.1*
786 %{_mandir}/man1/sftp.1*
787 %{_mandir}/man1/ssh-agent.1*
788 %{_mandir}/man1/ssh-add.1*
789 %{_mandir}/man1/ssh-copy-id.1*
790 %{_mandir}/man5/ssh_config.5*
791 %lang(it) %{_mandir}/it/man1/ssh.1*
792 %lang(it) %{_mandir}/it/man5/ssh_config.5*
793 %lang(pl) %{_mandir}/pl/man1/scp.1*
794 %lang(zh_CN) %{_mandir}/zh_CN/man1/scp.1*
796 # for host-based auth (suid required for accessing private host key)
797 #%attr(4755,root,root) %{_libexecdir}/ssh-keysign
798 #%{_mandir}/man8/ssh-keysign.8*
800 %files clients-agent-profile_d
801 %defattr(644,root,root,755)
802 %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/ssh-agent.conf
803 %attr(755,root,root) /etc/profile.d/ssh-agent.sh
805 %files clients-agent-xinitrc
806 %defattr(644,root,root,755)
807 %attr(755,root,root) /etc/X11/xinit/xinitrc.d/ssh-agent.sh
810 %defattr(644,root,root,755)
811 %attr(755,root,root) %{_sbindir}/sshd
812 %attr(755,root,root) %{_libexecdir}/sftp-server
813 %attr(755,root,root) %{_libexecdir}/ssh-keysign
814 %attr(755,root,root) %{_libexecdir}/ssh-pkcs11-helper
815 %attr(755,root,root) %{_libexecdir}/sshd-keygen
816 %{_mandir}/man8/sshd.8*
817 %{_mandir}/man8/sftp-server.8*
818 %{_mandir}/man8/ssh-keysign.8*
819 %{_mandir}/man8/ssh-pkcs11-helper.8*
820 %{_mandir}/man5/sshd_config.5*
821 %{_mandir}/man5/moduli.5*
822 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/sshd_config
823 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/pam.d/sshd
824 %attr(640,root,root) %{_sysconfdir}/moduli
825 %attr(754,root,root) /etc/rc.d/init.d/sshd
826 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/sysconfig/sshd
827 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/security/blacklist.sshd
828 %{systemdunitdir}/sshd.service
829 %{systemdunitdir}/sshd.socket
830 %{systemdunitdir}/sshd@.service
834 %defattr(644,root,root,755)
835 %doc HOWTO.ldap-keys ldap.conf
836 %attr(755,root,root) %{_libexecdir}/ssh-ldap-helper
837 %attr(755,root,root) %{_libexecdir}/ssh-ldap-wrapper
838 %{_mandir}/man5/ssh-ldap.conf.5*
839 %{_mandir}/man8/ssh-ldap-helper.8*
842 %if %{with gnome} || %{with gtk}
844 %defattr(644,root,root,755)
845 %config(noreplace,missingok) %verify(not md5 mtime size) /etc/env.d/GNOME_SSH_ASKPASS*
846 %dir %{_libexecdir}/ssh
847 %attr(755,root,root) %{_libexecdir}/ssh/ssh-askpass
848 %attr(755,root,root) %{_libexecdir}/ssh-askpass
852 %files -n openldap-schema-openssh-lpk
853 %defattr(644,root,root,755)
854 %{schemadir}/openssh-lpk.schema
857 %if "%{pld_release}" != "ti"
858 %files server-upstart
859 %defattr(644,root,root,755)
860 %config(noreplace) %verify(not md5 mtime size) /etc/init/sshd.conf