Summary(uk.UTF-8): OpenSSH - вільна реалізація протоколу Secure Shell (SSH)
Name: openssh
Version: 5.9p1
-Release: 2
+Release: 5
Epoch: 2
License: BSD
Group: Applications/Networking
# http://pkgs.fedoraproject.org/gitweb/?p=openssh.git;a=tree
Patch4: %{name}-5.9p1-ldap.patch
Patch5: %{name}-5.9p1-ldap-fixes.patch
+Patch8: ldap.conf.patch
Patch6: %{name}-config.patch
+# https://bugzilla.mindrot.org/show_bug.cgi?id=1663
+Patch7: authorized-keys-command.patch
# High Performance SSH/SCP - HPN-SSH - http://www.psc.edu/networking/projects/hpn-ssh/
# http://www.psc.edu/networking/projects/hpn-ssh/openssh-5.2p1-hpn13v6.diff.gz
Patch9: %{name}-5.2p1-hpn13v6.diff
Requires(pre): /bin/id
Requires(pre): /usr/sbin/useradd
Requires: %{name} = %{epoch}:%{version}-%{release}
+# remove in 6.0, kept for flawless upgrade
+Requires: %{name}-server-ldap = %{epoch}:%{version}-%{release}
Requires: pam >= %{pam_ver}
Requires: rc-scripts >= 0.4.3.0
Requires: util-linux
частина протоколу Secure Shell, яка дозволяє клієнтам ssh зв'язуватись
з вашим хостом.
+%package server-ldap
+Summary: A LDAP support for open source SSH server daemon
+Group: Daemons
+Requires: %{name} = %{epoch}:%{version}-%{release}
+
+%description server-ldap
+OpenSSH LDAP backend is a way how to distribute the authorized tokens
+among the servers in the network.
+
%package server-upstart
Summary: Upstart job description for OpenSSH server
Summary(pl.UTF-8): Opis zadania Upstart dla serwera OpenSSH
%patch0 -p1
%patch2 -p1
%patch3 -p1
-%{?with_ldap:%patch4 -p1}
+%patch4 -p1
%patch5 -p1
+%patch8 -p1
%patch6 -p1
+%patch7 -p1
%{?with_hpn:%patch9 -p1}
%patch10 -p1
%patch11 -p1
# hack since arc4random from openbsd-compat needs symbols from libssh and vice versa
sed -i -e 's#-lssh -lopenbsd-compat#-lssh -lopenbsd-compat -lssh#g' Makefile*
+grep -rl /usr/libexec/openssh/ssh-ldap-helper . | xargs \
+%{__sed} -i -e 's,/usr/libexec/openssh/ssh-ldap-helper,%{_libexecdir}/ssh-ldap-helper,'
+
%build
cp /usr/share/automake/config.sub .
%{__aclocal}
%{?with_audit:--with-audit=linux} \
--with-ipaddr-display \
%{?with_kerberos5:--with-kerberos5=/usr} \
- %{?with_ldap:--with-ldap} \
+ --with-ldap%{!?with_ldap:=no} \
%{?with_libedit:--with-libedit} \
--with-mantype=man \
--with-md5-passwords \
--with-pam \
+ --with-authorized-keys-command \
--with-pid-dir=%{_localstatedir}/run \
--with-privsep-path=%{_privsepdir} \
%{?with_selinux:--with-selinux} \
EOF
%{__rm} $RPM_BUILD_ROOT%{_mandir}/README.openssh-non-english-man-pages
+%{__rm} $RPM_BUILD_ROOT%{_sysconfdir}/ldap.conf
%clean
rm -rf $RPM_BUILD_ROOT
%post server
/sbin/chkconfig --add sshd
-%service sshd reload "openssh daemon"
+%service sshd reload "OpenSSH Daemon"
if ! grep -qs ssh /etc/security/passwd.conf ; then
umask 022
echo "ssh" >> /etc/security/passwd.conf
%userremove sshd
fi
+%triggerpostun server -- %{name}-server < 2:5.9p1-1
+# lpk.patch to ldap.patch
+if grep -qE '^(UseLPK|Lpk)' %{_sysconfdir}/sshd_config; then
+ echo >&2 "Migrating LPK patch to LDAP patch"
+ cp -f %{_sysconfdir}/sshd_config{,.rpmorig}
+ %{__sed} -i -e '
+ # disable old configs
+ # just UseLPK/LkpLdapConf supported for now
+ s/^UseLPK/## Obsolete &/
+ s/^Lpk/## Obsolete &/
+ # Enable new ones, assumes /etc/ldap.conf defaults, see HOWTO.ldap-keys
+ /UseLPK/iAuthorizedKeysCommand %{_libexecdir}/ssh-ldap-wrapper
+ ' %{_sysconfdir}/sshd_config
+ %service -q sshd reload
+fi
+
%post server-upstart
%upstart_post sshd
%attr(755,root,root) %{_sbindir}/sshd
%attr(755,root,root) %{_libexecdir}/sftp-server
%attr(755,root,root) %{_libexecdir}/ssh-keysign
-%attr(755,root,root) %{_libexecdir}/ssh-ldap-helper
-%attr(755,root,root) %{_libexecdir}/ssh-ldap-wrapper
%attr(755,root,root) %{_libexecdir}/ssh-pkcs11-helper
%{_mandir}/man8/sshd.8*
%{_mandir}/man8/sftp-server.8*
%{_mandir}/man8/ssh-keysign.8*
-%{_mandir}/man8/ssh-ldap-helper.8*
%{_mandir}/man8/ssh-pkcs11-helper.8*
%{_mandir}/man5/sshd_config.5*
-%{_mandir}/man5/ssh-ldap.conf.5*
%{_mandir}/man5/moduli.5*
%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/sshd_config
-%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/ldap.conf
%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/pam.d/sshd
%attr(640,root,root) %{_sysconfdir}/moduli
%attr(754,root,root) /etc/rc.d/init.d/sshd
%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/sysconfig/sshd
%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/security/blacklist.sshd
+%if %{with ldap}
+%files server-ldap
+%defattr(644,root,root,755)
+%doc HOWTO.ldap-keys ldap.conf
+%attr(755,root,root) %{_libexecdir}/ssh-ldap-helper
+%attr(755,root,root) %{_libexecdir}/ssh-ldap-wrapper
+%{_mandir}/man5/ssh-ldap.conf.5*
+%{_mandir}/man8/ssh-ldap-helper.8*
+%endif
+
%if %{with gnome} || %{with gtk}
%files gnome-askpass
%defattr(644,root,root,755)
projects / packages / openssh.git / blobdiff