#
# Conditional build:
-# _without_gnome - without gnome-askpass utility
-# _without_gtk - without gtk (2.x)
+%bcond_with gnome # without gnome-askpass utility
+%bcond_without gtk # without gtk (2.x)
+%bcond_with ldap # with ldap support
+%bcond_without kerberos5 # without kerberos5 support
+%bcond_without chroot # without chrooted user environment support
+%bcond_with sshagentsh # with system-wide script for starting ssh-agent
#
-# default to gtk2-based gnome-askpass
-%{!?_without_gtk:%define _without_gnome 1}
+# gtk2-based gnome-askpass means no gnome1-based
+%{?with_gtk:%undefine with_gnome}
Summary: OpenSSH free Secure Shell (SSH) implementation
Summary(de): OpenSSH - freie Implementation der Secure Shell (SSH)
Summary(es): Implementación libre de SSH
Summary(ru): OpenSSH - Ó×ÏÂÏÄÎÁÑ ÒÅÁÌÉÚÁÃÉÑ ÐÒÏÔÏËÏÌÁ Secure Shell (SSH)
Summary(uk): OpenSSH - צÌØÎÁ ÒÅÁ̦ÚÁÃ¦Ñ ÐÒÏÔÏËÏÌÕ Secure Shell (SSH)
Name: openssh
-Version: 3.5p1
-Release: 4
+Version: 3.8.1p1
+Release: 2
Epoch: 2
License: BSD
Group: Applications/Networking
Source0: ftp://ftp.ca.openbsd.org/pub/OpenBSD/OpenSSH/portable/%{name}-%{version}.tar.gz
+# Source0-md5: 1dbfd40ae683f822ae917eebf171ca42
Source1: %{name}d.conf
Source2: %{name}.conf
Source3: %{name}d.init
Source4: %{name}d.pamd
Source5: %{name}.sysconfig
Source6: passwd.pamd
-Source7: %{name}-askpass.sh
-Source8: %{name}-askpass.csh
+Source7: http://www.mif.pg.gda.pl/homepages/ankry/man-PLD/openssh-non-english-man-pages.tar.bz2
+# Source7-md5: 66943d481cc422512b537bcc2c7400d1
+Source9: http://www.imasy.or.jp/~gotoh/ssh/connect.c
+# NoSource9-md5: c78de727e1208799072be78c05d64398
+Source10: http://www.imasy.or.jp/~gotoh/ssh/connect.html
+# NoSource10-md5: f14cb61fafd067a3f5ce4eaa9643bf05
+Source11: ssh-agent.sh
+Source12: ssh-agent.conf
Patch0: %{name}-no_libnsl.patch
-Patch1: %{name}-set_12.patch
Patch2: %{name}-linux-ipv6.patch
Patch3: %{name}-pam_misc.patch
Patch4: %{name}-sigpipe.patch
+# http://ldappubkey.gcu-squad.org/
+Patch5: ldappubkey-ossh3.6-v2.patch
+Patch6: %{name}-heimdal.patch
+Patch7: %{name}-pam-conv.patch
+# http://chrootssh.sourceforge.net/download/osshChroot-3.7.1p2.diff
+Patch8: %{name}-chroot.patch
+Patch9: %{name}-selinux.patch
+Patch10: %{name}-selinux-pld.patch
URL: http://www.openssh.com/
BuildRequires: autoconf
BuildRequires: automake
-%{!?_without_gnome:BuildRequires: gnome-libs-devel}
-%{!?_without_gtk:BuildRequires: gtk+2-devel}
+%{?with_gnome:BuildRequires: gnome-libs-devel}
+%{?with_gtk:BuildRequires: gtk+2-devel}
+%{?with_kerberos5:BuildRequires: heimdal-devel}
+BuildRequires: libselinux-devel
BuildRequires: libwrap-devel
-BuildRequires: openssl-devel >= 0.9.7
+%{?with_ldap:BuildRequires: openldap-devel}
+BuildRequires: openssl-devel >= 0.9.7d
BuildRequires: pam-devel
-BuildRequires: perl
+BuildRequires: %{__perl}
+%{?with_gtk:BuildRequires: pkgconfig}
BuildRequires: zlib-devel
-PreReq: openssl >= 0.9.7
PreReq: FHS >= 2.1-24
+PreReq: openssl >= 0.9.7d
+%{?with_sshagentsh:Requires: xinitrc}
Obsoletes: ssh
BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
Summary(ru): OpenSSH - ËÌÉÅÎÔÙ ÐÒÏÔÏËÏÌÁ Secure Shell
Summary(uk): OpenSSH - Ë̦¤ÎÔÉ ÐÒÏÔÏËÏÌÕ Secure Shell
Group: Applications/Networking
-Requires: %{name} = %{version}
+Provides: ssh-clients
+Requires: %{name} = %{epoch}:%{version}
Obsoletes: ssh-clients
%description clients
Summary(ru): OpenSSH - ÓÅÒ×ÅÒ ÐÒÏÔÏËÏÌÁ Secure Shell (sshd)
Summary(uk): OpenSSH - ÓÅÒ×ÅÒ ÐÒÏÔÏËÏÌÕ Secure Shell (sshd)
Group: Networking/Daemons
-PreReq: %{name} = %{version}
-PreReq: rc-scripts >= 0.3.1-3
+PreReq: %{name} = %{epoch}:%{version}
+PreReq: rc-scripts >= 0.3.1-15
Requires(pre): /bin/id
Requires(pre): /usr/sbin/useradd
-Requires(post): /sbin/chkconfig
+Requires(post,preun): /sbin/chkconfig
Requires(post): chkconfig >= 0.9
Requires(post): grep
Requires(postun): /usr/sbin/userdel
Requires: /bin/login
Requires: util-linux
-Obsoletes: ssh-server
+Requires: pam >= 0.77.3
+Provides: ssh-server
%description server
Ssh (Secure Shell) a program for logging into a remote machine and for
Summary(ru): OpenSSH - ÄÉÁÌÏÇ ××ÏÄÁ ËÌÀÞÅ×ÏÊ ÆÒÁÚÙ (passphrase) ÄÌÑ GNOME
Summary(uk): OpenSSH - ĦÁÌÏÇ ××ÏÄÕ ËÌÀÞÏ×ϧ ÆÒÁÚÉ (passphrase) ÄÌÑ GNOME
Group: Applications/Networking
-Requires: %{name} = %{version}
+Requires: %{name} = %{epoch}:%{version}
Obsoletes: ssh-extras
Obsoletes: ssh-askpass
Obsoletes: openssh-askpass
GNOME.
%prep
-%setup -q
+%setup -q
%patch0 -p1
-%patch1 -p1
%patch2 -p1
%patch3 -p1
%patch4 -p1
+%{?with_ldap:%patch5 -p1}
+%{?with_kerberos5:%patch6 -p1}
+#%patch7 -p1
+%patch8 -p1
+%patch9 -p1
+%patch10 -p1
%build
+cp %{_datadir}/automake/config.sub .
%{__aclocal}
%{__autoconf}
-
+%{?with_chroot:CPPFLAGS="-DCHROOT"}
%configure \
+ PERL=%{__perl} \
+ --with-dns \
--with-pam \
--with-mantype=man \
--with-md5-passwords \
--with-4in6 \
--disable-suid-ssh \
--with-tcp-wrappers \
+ %{?with_ldap:--with-libs="-lldap -llber"} \
+ %{?with_ldap:--with-cppflags="-DWITH_LDAP_PUBKEY"} \
+ %{?with_kerberos5:--with-kerberos5} \
--with-privsep-path=%{_privsepdir} \
--with-pid-dir=%{_localstatedir}/run \
--with-xauth=/usr/X11R6/bin/xauth
%{__make}
+cp -f %{SOURCE9} .
+cp -f %{SOURCE10} .
+%{__cc} %{rpmcflags} %{rpmldflags} connect.c -o connect
+
cd contrib
-%if 0%{!?_without_gnome:1}
+%if %{with gnome}
%{__make} gnome-ssh-askpass1 \
CC="%{__cc} %{rpmldflags} %{rpmcflags}"
%endif
-%if 0%{!?_without_gtk:1}
+%if %{with gtk}
%{__make} gnome-ssh-askpass2 \
CC="%{__cc} %{rpmldflags} %{rpmcflags}"
%endif
%install
rm -rf $RPM_BUILD_ROOT
-install -d $RPM_BUILD_ROOT{%{_sysconfdir},/etc/{pam.d,rc.d/init.d,sysconfig,security,profile.d}}
+install -d $RPM_BUILD_ROOT{%{_sysconfdir},/etc/{pam.d,rc.d/init.d,sysconfig,security}} \
+ $RPM_BUILD_ROOT%{_libexecdir}/ssh
+%{?with_sshagentsh:install -d $RPM_BUILD_ROOT/etc/{profile.d,X11/xinit/xinitrc.d}}
-%{__make} install DESTDIR="$RPM_BUILD_ROOT"
+%{__make} install \
+ DESTDIR=$RPM_BUILD_ROOT
+install connect $RPM_BUILD_ROOT%{_bindir}
install %{SOURCE4} $RPM_BUILD_ROOT/etc/pam.d/sshd
install %{SOURCE6} $RPM_BUILD_ROOT/etc/pam.d/passwdssh
install %{SOURCE5} $RPM_BUILD_ROOT/etc/sysconfig/sshd
install %{SOURCE3} $RPM_BUILD_ROOT/etc/rc.d/init.d/sshd
install %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/ssh_config
install %{SOURCE1} $RPM_BUILD_ROOT%{_sysconfdir}/sshd_config
+%if %{with sshagentsh}
+install %{SOURCE11} $RPM_BUILD_ROOT/etc/profile.d/
+ln -sf /etc/profile.d/ssh-agent.sh $RPM_BUILD_ROOT/etc/X11/xinit/xinitrc.d/ssh-agent.sh
+install %{SOURCE12} $RPM_BUILD_ROOT/etc/ssh/
+%endif
+
+bzip2 -dc %{SOURCE7} | tar xf - -C $RPM_BUILD_ROOT%{_mandir}
-install -d $RPM_BUILD_ROOT%{_libexecdir}/ssh
-%if 0%{!?_without_gnome:1}
+%if %{with gnome}
install contrib/gnome-ssh-askpass1 $RPM_BUILD_ROOT%{_libexecdir}/ssh/ssh-askpass
+ln -s %{_libexecdir}/ssh/ssh-askpass $RPM_BUILD_ROOT%{_libexecdir}/ssh-askpass
%endif
-%if 0%{!?_without_gtk:1}
+%if %{with gtk}
install contrib/gnome-ssh-askpass2 $RPM_BUILD_ROOT%{_libexecdir}/ssh/ssh-askpass
-%endif
-%if 0%{!?_without_gnome:1}%{!?_without_gtk:1}
-install %{SOURCE7} %{SOURCE8} $RPM_BUILD_ROOT/etc/profile.d
+ln -s %{_libexecdir}/ssh/ssh-askpass $RPM_BUILD_ROOT%{_libexecdir}/ssh-askpass
%endif
rm -f $RPM_BUILD_ROOT%{_mandir}/man1/slogin.1
else
/usr/sbin/useradd -u 40 -d %{_privsepdir} -s /bin/false -M -r -c "OpenSSH PrivSep User" -g nobody sshd 1>&2
fi
-
+
%post server
/sbin/chkconfig --add sshd
if [ -f /var/lock/subsys/sshd ]; then
%files clients
%defattr(644,root,root,755)
+%doc connect.html
+%attr(0755,root,root) %{_bindir}/connect
%attr(0755,root,root) %{_bindir}/ssh
%attr(0755,root,root) %{_bindir}/slogin
%attr(0755,root,root) %{_bindir}/sftp
%attr(0755,root,root) %{_bindir}/ssh-add
%attr(0755,root,root) %{_bindir}/scp
%config(noreplace) %verify(not md5 size mtime) %{_sysconfdir}/ssh_config
+%if %{with sshagentsh}
+%config(noreplace) %verify(not md5 size mtime) %{_sysconfdir}/ssh-agent.conf
+%attr(0755,root,root) /etc/profile.d/ssh-agent.sh
+%attr(0755,root,root) /etc/X11/xinit/xinitrc.d/ssh-agent.sh
+%endif
%{_mandir}/man1/scp.1*
%{_mandir}/man1/ssh.1*
%{_mandir}/man1/slogin.1*
%{_mandir}/man1/ssh-agent.1*
%{_mandir}/man1/ssh-add.1*
%{_mandir}/man5/ssh_config.5*
+%lang(it) %{_mandir}/it/man1/ssh.1*
+%lang(it) %{_mandir}/it/man5/ssh_config.5*
+%lang(pl) %{_mandir}/pl/man1/scp.1*
+%lang(zh_CN) %{_mandir}/zh_CN/man1/scp.1*
+
+# for host-based auth (suid required for accessing private host key)
+#%attr(4755,root,root) %{_libexecdir}/ssh-keysign
+#%{_mandir}/man8/ssh-keysign.8*
%files server
%defattr(644,root,root,755)
%attr(755,root,root) %{_sbindir}/sshd
%attr(755,root,root) %{_libexecdir}/sftp-server
+%attr(755,root,root) %{_libexecdir}/ssh-keysign
%dir %{_libexecdir}
%{_mandir}/man8/sshd.8*
%{_mandir}/man8/sftp-server.8*
+%{_mandir}/man8/ssh-keysign.8*
%{_mandir}/man5/sshd_config.5*
%attr(640,root,root) %config(noreplace) %verify(not md5 size mtime) %{_sysconfdir}/sshd_config
%attr(640,root,root) %config(noreplace) %verify(not md5 size mtime) /etc/pam.d/sshd
%attr(640,root,root) %config(noreplace) %verify(not md5 size mtime) /etc/sysconfig/sshd
%attr(640,root,root) %config(noreplace) %verify(not md5 size mtime) /etc/security/blacklist.sshd
-%if 0%{!?_without_gnome:1}%{!?_without_gtk:1}
+%if %{with gnome} || %{with gtk}
%files gnome-askpass
%defattr(644,root,root,755)
%dir %{_libexecdir}/ssh
%attr(755,root,root) %{_libexecdir}/ssh/ssh-askpass
-%attr(755,root,root) /etc/profile.d/*
+%attr(755,root,root) %{_libexecdir}/ssh-askpass
%endif