#
# Conditional build:
-# _without_gnome - without gnome-askpass utility
+# _without_gnome - without gnome-askpass utility
+# _without_gtk - without gtk (2.x)
+# _with_ldap - with ldap support
+# _with_kerberos5 - with kerberos5 support
+#
+# default to gtk2-based gnome-askpass
+
+%define orig_ver 3.6.1p2
+%{!?_without_gtk:%define _without_gnome 1}
Summary: OpenSSH free Secure Shell (SSH) implementation
Summary(de): OpenSSH - freie Implementation der Secure Shell (SSH)
Summary(es): Implementación libre de SSH
Summary(ru): OpenSSH - Ó×ÏÂÏÄÎÁÑ ÒÅÁÌÉÚÁÃÉÑ ÐÒÏÔÏËÏÌÁ Secure Shell (SSH)
Summary(uk): OpenSSH - צÌØÎÁ ÒÅÁ̦ÚÁÃ¦Ñ ÐÒÏÔÏËÏÌÕ Secure Shell (SSH)
Name: openssh
-Version: 3.5p1
-Release: 1
-Epoch: 1
+Version: 3.6.1p2%{?_with_ldap:ldap}
+Release: 3.2
+Epoch: 2
License: BSD
Group: Applications/Networking
-Source0: ftp://ftp.ca.openbsd.org/pub/OpenBSD/OpenSSH/portable/%{name}-%{version}.tar.gz
+Source0: ftp://ftp.ca.openbsd.org/pub/OpenBSD/OpenSSH/portable/%{name}-%{orig_ver}.tar.gz
+# Source0-md5: f3879270bffe479e1bd057aa36258696
Source1: %{name}d.conf
Source2: %{name}.conf
Source3: %{name}d.init
Source4: %{name}d.pamd
Source5: %{name}.sysconfig
Source6: passwd.pamd
+Source7: %{name}-askpass.sh
+Source8: %{name}-askpass.csh
Patch0: %{name}-no_libnsl.patch
-Patch1: %{name}-set_12.patch
Patch2: %{name}-linux-ipv6.patch
Patch3: %{name}-pam_misc.patch
+Patch4: %{name}-sigpipe.patch
+# http://ldappubkey.gcu-squad.org/
+Patch5: ldappubkey-ossh3.6-v2.patch
+Patch6: openssh-heimdal.patch
URL: http://www.openssh.com/
-BuildRequires: XFree86-devel
BuildRequires: autoconf
BuildRequires: automake
%{!?_without_gnome:BuildRequires: gnome-libs-devel}
+%{!?_without_gtk:BuildRequires: gtk+2-devel}
BuildRequires: libwrap-devel
-BuildRequires: openssl-devel >= 0.9.6a
+BuildRequires: openssl-devel >= 0.9.7b
+%{?_with_ldap:BuildRequires: openldap-devel}
+%{?_with_kerberos5:BuildRequires: heimdal-devel}
BuildRequires: pam-devel
-BuildRequires: perl
+BuildRequires: %{__perl}
+%{!?_without_gtk:BuildRequires: pkgconfig}
BuildRequires: zlib-devel
-BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
-Prereq: openssl
-Prereq: FHS >= 2.1-24
+PreReq: openssl >= 0.9.7
+PreReq: FHS >= 2.1-24
Obsoletes: ssh
+BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
%define _sysconfdir /etc/ssh
%define _libexecdir %{_libdir}/%{name}
Summary(ru): OpenSSH - ËÌÉÅÎÔÙ ÐÒÏÔÏËÏÌÁ Secure Shell
Summary(uk): OpenSSH - Ë̦¤ÎÔÉ ÐÒÏÔÏËÏÌÕ Secure Shell
Group: Applications/Networking
-Requires: %{name} = %{version}
+Requires: %{name} = %{epoch}:%{version}
Obsoletes: ssh-clients
%description clients
Summary(ru): OpenSSH - ÓÅÒ×ÅÒ ÐÒÏÔÏËÏÌÁ Secure Shell (sshd)
Summary(uk): OpenSSH - ÓÅÒ×ÅÒ ÐÒÏÔÏËÏÌÕ Secure Shell (sshd)
Group: Networking/Daemons
-PreReq: %{name} = %{version}
+PreReq: %{name} = %{epoch}:%{version}
PreReq: rc-scripts >= 0.3.1-3
Requires(pre): /bin/id
Requires(pre): /usr/sbin/useradd
Requires(post): /sbin/chkconfig
Requires(post): chkconfig >= 0.9
+Requires(post): grep
Requires(postun): /usr/sbin/userdel
Requires: /bin/login
Requires: util-linux
Summary(ru): OpenSSH - ÄÉÁÌÏÇ ××ÏÄÁ ËÌÀÞÅ×ÏÊ ÆÒÁÚÙ (passphrase) ÄÌÑ GNOME
Summary(uk): OpenSSH - ĦÁÌÏÇ ××ÏÄÕ ËÌÀÞÏ×ϧ ÆÒÁÚÉ (passphrase) ÄÌÑ GNOME
Group: Applications/Networking
-Requires: %{name} = %{version}
+Requires: %{name} = %{epoch}:%{version}
Obsoletes: ssh-extras
Obsoletes: ssh-askpass
Obsoletes: openssh-askpass
GNOME.
%prep
-%setup -q
+%setup -q -n %{name}-%{orig_ver}
%patch0 -p1
-%patch1 -p1
%patch2 -p1
%patch3 -p1
+#%patch4 -p1
+%{?_with_ldap:%patch5 -p1}
+%{?_with_kerberos5:%patch6 -p1}
%build
%{__aclocal}
%{__autoconf}
%configure \
- %{!?_without_gnome:--with-gnome-askpass} \
+ PERL=%{__perl} \
--with-pam \
--with-mantype=man \
--with-md5-passwords \
--with-4in6 \
--disable-suid-ssh \
--with-tcp-wrappers \
+ %{?_with_ldap:--with-libs="-lldap -llber"} \
+ %{?_with_ldap:--with-cppflags="-DWITH_LDAP_PUBKEY"} \
+ %{?_with_kerberos5:--with-kerberos5} \
--with-privsep-path=%{_privsepdir} \
- --with-pid-dir=%{_localstatedir}/run
+ --with-pid-dir=%{_localstatedir}/run \
+ --with-xauth=/usr/X11R6/bin/xauth
echo '#define LOGIN_PROGRAM "/bin/login"' >>config.h
%{__make}
-%{!?_without_gnome:cd contrib && %{__cc} %{rpmcflags} `gnome-config --cflags gnome gnomeui gtk` } \
-%{!?_without_gnome:gnome-ssh-askpass.c -o gnome-ssh-askpass } \
-%{!?_without_gnome:`gnome-config --libs gnome gnomeui gtk` }
+cd contrib
+%if 0%{!?_without_gnome:1}
+%{__make} gnome-ssh-askpass1 \
+ CC="%{__cc} %{rpmldflags} %{rpmcflags}"
+%endif
+%if 0%{!?_without_gtk:1}
+%{__make} gnome-ssh-askpass2 \
+ CC="%{__cc} %{rpmldflags} %{rpmcflags}"
+%endif
%install
rm -rf $RPM_BUILD_ROOT
-install -d $RPM_BUILD_ROOT{%{_sysconfdir},/etc/{pam.d,rc.d/init.d,sysconfig,security}}
+install -d $RPM_BUILD_ROOT{%{_sysconfdir},/etc/{pam.d,rc.d/init.d,sysconfig,security,profile.d}}
%{__make} install DESTDIR="$RPM_BUILD_ROOT"
install %{SOURCE3} $RPM_BUILD_ROOT/etc/rc.d/init.d/sshd
install %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/ssh_config
install %{SOURCE1} $RPM_BUILD_ROOT%{_sysconfdir}/sshd_config
+
install -d $RPM_BUILD_ROOT%{_libexecdir}/ssh
-%{!?_without_gnome:install contrib/gnome-ssh-askpass $RPM_BUILD_ROOT%{_libexecdir}/ssh/ssh-askpass}
+%if 0%{!?_without_gnome:1}
+install contrib/gnome-ssh-askpass1 $RPM_BUILD_ROOT%{_libexecdir}/ssh/ssh-askpass
+%endif
+%if 0%{!?_without_gtk:1}
+install contrib/gnome-ssh-askpass2 $RPM_BUILD_ROOT%{_libexecdir}/ssh/ssh-askpass
+%endif
+%if 0%{!?_without_gnome:1}%{!?_without_gtk:1}
+install %{SOURCE7} %{SOURCE8} $RPM_BUILD_ROOT/etc/profile.d
+%endif
rm -f $RPM_BUILD_ROOT%{_mandir}/man1/slogin.1
echo ".so ssh.1" > $RPM_BUILD_ROOT%{_mandir}/man1/slogin.1
else
echo "Run \"/etc/rc.d/init.d/sshd start\" to start openssh daemon."
fi
-if ! grep ssh /etc/security/passwd.conf >/dev/null 2>&1 ; then
+if ! grep -qs ssh /etc/security/passwd.conf ; then
+ umask 022
echo "ssh" >> /etc/security/passwd.conf
fi
%{_mandir}/man1/ssh-add.1*
%{_mandir}/man5/ssh_config.5*
+# for host-based auth (suid required for accessing private host key)
+#%attr(4755,root,root) %{_libexecdir}/ssh-keysign
+#%{_mandir}/man8/ssh-keysign.8*
+
%files server
%defattr(644,root,root,755)
%attr(755,root,root) %{_sbindir}/sshd
%attr(640,root,root) %config(noreplace) %verify(not md5 size mtime) /etc/sysconfig/sshd
%attr(640,root,root) %config(noreplace) %verify(not md5 size mtime) /etc/security/blacklist.sshd
-%{!?_without_gnome:%files gnome-askpass}
-%{!?_without_gnome:%defattr(644,root,root,755)}
-%{!?_without_gnome:%dir %{_libexecdir}/ssh}
-%{!?_without_gnome:%attr(755,root,root) %{_libexecdir}/ssh/ssh-askpass}
+%if 0%{!?_without_gnome:1}%{!?_without_gtk:1}
+%files gnome-askpass
+%defattr(644,root,root,755)
+%dir %{_libexecdir}/ssh
+%attr(755,root,root) %{_libexecdir}/ssh/ssh-askpass
+%attr(755,root,root) /etc/profile.d/*
+%endif