+#
+# Conditional build:
+# bcond_off_gnome - without gnome-askpass utility
Summary: OpenSSH free Secure Shell (SSH) implementation
Summary(pl): Publicznie dostêpna implementacja bezpiecznego shella (SSH)
Name: openssh
Version: 2.3.0p1
-Release: 1
+Release: 8
License: BSD
Group: Applications/Networking
Group(de): Applikationen/Netzwerkwesen
Patch0: %{name}-libwrap.patch
Patch1: %{name}-LIBS.patch
Patch2: %{name}-no_libnsl.patch
-Patch3: %{name}-canonname.patch
+Patch3: %{name}-securityfix.patch
+Patch4: %{name}-pam-session.patch
URL: http://www.openssh.com/
+BuildRequires: XFree86-devel
BuildRequires: autoconf
+%{!?bcond_off_gnome:BuildRequires: gnome-libs-devel}
+BuildRequires: gtk+-devel
BuildRequires: openssl-devel >= 0.9.5a
-BuildRequires: rpm >= 3.0.4
-BuildRequires: zlib-devel
BuildRequires: pam-devel
-BuildRequires: XFree86-devel
-BuildRequires: gnome-libs-devel
-BuildRequires: gtk+-devel
+BuildRequires: zlib-devel
+BuildRequires: libwrap-devel
BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
Prereq: openssl >= 0.9.5a
Obsoletes: ssh < %{version}, ssh > %{version}
Group(de): Netzwerkwesen/Server
Group(pl): Sieciowe/Serwery
Obsoletes: ssh-server < %{version}, ssh-server > %{version}
-Requires: rc-scripts
Requires: /bin/login
Requires: util-linux
-Prereq: pam
+Prereq: rc-scripts
+Prereq: chkconfig
Prereq: %{name} = %{version}
%description server
%patch1 -p1
%patch2 -p1
%patch3 -p1
+%patch4 -p1
%build
autoconf
%configure \
- --with-gnome-askpass \
+ %{!?bcond_off_gnome:--with-gnome-askpass} \
--with-tcp-wrappers \
--with-md5-passwords \
--with-ipaddr-display \
echo '#define LOGIN_PROGRAM "/bin/login"' >>config.h
%{__make}
-cd contrib && gcc $RPM_OPT_FLAGS `gnome-config --cflags gnome gnomeui` \
- gnome-ssh-askpass.c -o gnome-ssh-askpass \
- `gnome-config --libs gnome gnomeui`
+
+%{!?bcond_off_gnome: cd contrib && gcc $RPM_OPT_FLAGS `gnome-config --cflags gnome gnomeui` } \
+%{!?bcond_off_gnome: gnome-ssh-askpass.c -o gnome-ssh-askpass } \
+%{!?bcond_off_gnome: `gnome-config --libs gnome gnomeui` }
%install
rm -rf $RPM_BUILD_ROOT
install %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/ssh_config
install %{SOURCE1} $RPM_BUILD_ROOT%{_sysconfdir}/sshd_config
install -d $RPM_BUILD_ROOT%{_libexecdir}/ssh
-install contrib/gnome-ssh-askpass \
- $RPM_BUILD_ROOT%{_libexecdir}/ssh/ssh-askpass
+%{!?bcond_off_gnome:install contrib/gnome-ssh-askpass $RPM_BUILD_ROOT%{_libexecdir}/ssh/ssh-askpass}
-gzip -9nf ChangeLog OVERVIEW COPYING.Ylonen README README.Ylonen UPGRADING
+gzip -9nf ChangeLog OVERVIEW COPYING.Ylonen README README.Ylonen
touch $RPM_BUILD_ROOT/etc/security/blacklist.sshd
/sbin/chkconfig --add sshd
if [ ! -f %{_sysconfdir}/ssh_host_key -o ! -s %{_sysconfdir}/ssh_host_key ]; then
%{_bindir}/ssh-keygen -b 1024 -f %{_sysconfdir}/ssh_host_key -N '' 1>&2
+ chmod 600 %{_sysconfdir}/ssh_host_key
fi
if [ ! -f %{_sysconfdir}/ssh_host_dsa_key -o ! -s %{_sysconfdir}/ssh_host_dsa_key ]; then
%{_bindir}/ssh-keygen -d -f %{_sysconfdir}/ssh_host_dsa_key -N '' 1>&2
+ chmod 600 %{_sysconfdir}/ssh_host_dsa_key
fi
if [ -f /var/lock/subsys/sshd ]; then
/etc/rc.d/init.d/sshd restart 1>&2
%files
%defattr(644,root,root,755)
-%doc {ChangeLog,OVERVIEW,COPYING.Ylonen,README,README.Ylonen,UPGRADING}.gz
+%doc {ChangeLog,OVERVIEW,COPYING.Ylonen,README,README.Ylonen}.gz
%attr(755,root,root) %{_bindir}/ssh-keygen
%{_mandir}/man1/ssh-keygen.1*
%dir %{_sysconfdir}
%attr(640,root,root) %config(noreplace) %verify(not md5 size mtime) /etc/sysconfig/sshd
%attr(640,root,root) %config(noreplace) %verify(not md5 size mtime) /etc/security/blacklist.sshd
-%files gnome-askpass
-%defattr(644,root,root,755)
-%dir %{_libexecdir}/ssh
-%attr(755,root,root) %{_libexecdir}/ssh/ssh-askpass
+%{!?bcond_off_gnome:%files gnome-askpass}
+%{!?bcond_off_gnome:%defattr(644,root,root,755)}
+%{!?bcond_off_gnome:%dir %{_libexecdir}/ssh}
+%{!?bcond_off_gnome:%attr(755,root,root) %{_libexecdir}/ssh/ssh-askpass}