X-Git-Url: http://git.pld-linux.org/?a=blobdiff_plain;f=openssh.spec;h=33801db6c25b9f5b5f765aedaf88a0e3a75cc0eb;hb=a0e66996eccb444b6a3c377a0112399218d48fed;hp=739ffe3b098d2494a526aada027fbdb7973d5af2;hpb=4c8ae2f869016e5da8024f2fd2c6e25ae2597e3d;p=packages%2Fopenssh.git diff --git a/openssh.spec b/openssh.spec index 739ffe3..33801db 100644 --- a/openssh.spec +++ b/openssh.spec @@ -1,15 +1,16 @@ # # Conditional build: -# _without_gnome - without gnome-askpass utility -# _without_gtk - without gtk (2.x) -# _with_ldap - with ldap support -# _with_kerberos5 - with kerberos5 support +%bcond_without chroot # without chrooted user environment support +%bcond_with gnome # with gnome-askpass (GNOME 1.x) utility +%bcond_without gtk # without GTK+ (2.x) +%bcond_with ldap # with ldap support +%bcond_without libedit # without libedit (editline/history support in sftp client) +%bcond_without kerberos5 # without kerberos5 support +%bcond_without selinux # build without SELinux support +%bcond_with sshagentsh # with system-wide script for starting ssh-agent # -# default to gtk2-based gnome-askpass - -%define orig_ver 3.6.1p2 - -%{!?_without_gtk:%define _without_gnome 1} +# gtk2-based gnome-askpass means no gnome1-based +%{?with_gtk:%undefine with_gnome} Summary: OpenSSH free Secure Shell (SSH) implementation Summary(de): OpenSSH - freie Implementation der Secure Shell (SSH) Summary(es): Implementación libre de SSH @@ -21,43 +22,57 @@ Summary(pt_BR): Implementa Summary(ru): OpenSSH - Ó×ÏÂÏÄÎÁÑ ÒÅÁÌÉÚÁÃÉÑ ÐÒÏÔÏËÏÌÁ Secure Shell (SSH) Summary(uk): OpenSSH - צÌØÎÁ ÒÅÁ̦ÚÁÃ¦Ñ ÐÒÏÔÏËÏÌÕ Secure Shell (SSH) Name: openssh -Version: 3.6.1p2 -Release: 4%{?_with_ldap:ldap} +Version: 4.0p1 +Release: 2 Epoch: 2 License: BSD Group: Applications/Networking -Source0: ftp://ftp.ca.openbsd.org/pub/OpenBSD/OpenSSH/portable/%{name}-%{orig_ver}.tar.gz -# Source0-md5: f3879270bffe479e1bd057aa36258696 +Source0: ftp://ftp.ca.openbsd.org/pub/OpenBSD/OpenSSH/portable/%{name}-%{version}.tar.gz +# Source0-md5: 7b36f28fc16e1b7f4ba3c1dca191ac92 Source1: %{name}d.conf Source2: %{name}.conf Source3: %{name}d.init Source4: %{name}d.pamd Source5: %{name}.sysconfig Source6: passwd.pamd -Source7: %{name}-askpass.sh -Source8: %{name}-askpass.csh +Source7: http://www.mif.pg.gda.pl/homepages/ankry/man-PLD/openssh-non-english-man-pages.tar.bz2 +# Source7-md5: 66943d481cc422512b537bcc2c7400d1 +Source9: http://www.taiyo.co.jp/~gotoh/ssh/connect.c +# NoSource9-md5: e1c3cbed88f08ea778d90813d48cd428 +Source10: http://www.taiyo.co.jp/~gotoh/ssh/connect.html +# NoSource10-md5: ec74f3e3b2ea3a7dc84c7988235b6fcf +Source11: ssh-agent.sh +Source12: ssh-agent.conf Patch0: %{name}-no_libnsl.patch Patch2: %{name}-linux-ipv6.patch Patch3: %{name}-pam_misc.patch Patch4: %{name}-sigpipe.patch -# http://ldappubkey.gcu-squad.org/ -Patch5: ldappubkey-ossh3.6-v2.patch +# http://www.opendarwin.org/projects/openssh-lpk/ +Patch5: %{name}-lpk-4.0p1-0.3.patch Patch6: %{name}-heimdal.patch +Patch7: %{name}-pam-conv.patch +# http://chrootssh.sourceforge.net/download/osshChroot-3.7.1p2.diff +Patch8: %{name}-chroot.patch +Patch9: %{name}-selinux.patch +Patch10: %{name}-selinux-pld.patch URL: http://www.openssh.com/ BuildRequires: autoconf BuildRequires: automake -%{!?_without_gnome:BuildRequires: gnome-libs-devel} -%{!?_without_gtk:BuildRequires: gtk+2-devel} +%{?with_gnome:BuildRequires: gnome-libs-devel} +%{?with_gtk:BuildRequires: gtk+2-devel} +%{?with_kerberos5:BuildRequires: heimdal-devel} +%{?with_libedit:BuildRequires: libedit-devel} +%{?with_selinux:BuildRequires: libselinux-devel} BuildRequires: libwrap-devel -BuildRequires: openssl-devel >= 0.9.7b -%{?_with_ldap:BuildRequires: openldap-devel} -%{?_with_kerberos5:BuildRequires: heimdal-devel} +%{?with_ldap:BuildRequires: openldap-devel} +BuildRequires: openssl-devel >= 0.9.7d BuildRequires: pam-devel BuildRequires: %{__perl} -%{!?_without_gtk:BuildRequires: pkgconfig} +%{?with_gtk:BuildRequires: pkgconfig} +BuildRequires: rpmbuild(macros) >= 1.159 BuildRequires: zlib-devel PreReq: FHS >= 2.1-24 -PreReq: openssl >= 0.9.7 +PreReq: openssl >= 0.9.7d Obsoletes: ssh BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n) @@ -122,7 +137,7 @@ inoltrate attraverso un canale sicuro. Ssh (Secure Shell) to program s³u¿±cy do logowania siê na zdaln± maszynê i uruchamiania na niej aplikacji. W zamierzeniu openssh ma zast±piæ rlogin, rsh i dostarczyæ bezpieczne, szyfrowane po³±czenie -pomiedzy dwoma hostami. +pomiêdzy dwoma hostami. Ten pakiet zawiera podstawowe pliki potrzebne zarówno po stronie klienta jak i serwera OpenSSH. Aby by³ u¿yteczny, trzeba zainstalowaæ @@ -191,7 +206,9 @@ Summary(pt_BR): Clientes do OpenSSH Summary(ru): OpenSSH - ËÌÉÅÎÔÙ ÐÒÏÔÏËÏÌÁ Secure Shell Summary(uk): OpenSSH - Ë̦¤ÎÔÉ ÐÒÏÔÏËÏÌÕ Secure Shell Group: Applications/Networking -Requires: %{name} = %{epoch}:%{version} +Requires: %{name} = %{epoch}:%{version}-%{release} +%{?with_sshagentsh:Requires: xinitrc} +Provides: ssh-clients Obsoletes: ssh-clients %description clients @@ -216,7 +233,7 @@ conexiones codificadas con servidores SSH. Ssh (Secure Shell) to program s³u¿±cy do logowania siê na zdaln± maszynê i uruchamiania na niej aplikacji. W zamierzeniu openssh ma zast±piæ rlogin, rsh i dostarczyæ bezpieczne, szyfrowane po³±czenie -pomiedzy dwoma hostami. +pomiêdzy dwoma hostami. Ten pakiet zawiera klientów s³u¿±cych do ³±czenia siê z serwerami SSH. @@ -250,8 +267,8 @@ Summary(pt_BR): Servidor OpenSSH para comunica Summary(ru): OpenSSH - ÓÅÒ×ÅÒ ÐÒÏÔÏËÏÌÁ Secure Shell (sshd) Summary(uk): OpenSSH - ÓÅÒ×ÅÒ ÐÒÏÔÏËÏÌÕ Secure Shell (sshd) Group: Networking/Daemons -PreReq: %{name} = %{epoch}:%{version} -PreReq: rc-scripts >= 0.3.1-14 +PreReq: %{name} = %{epoch}:%{version}-%{release} +PreReq: rc-scripts >= 0.3.1-15 Requires(pre): /bin/id Requires(pre): /usr/sbin/useradd Requires(post,preun): /sbin/chkconfig @@ -260,7 +277,9 @@ Requires(post): grep Requires(postun): /usr/sbin/userdel Requires: /bin/login Requires: util-linux -Obsoletes: ssh-server +Requires: pam >= 0.77.3 +Provides: user(sshd) +Provides: ssh-server %description server Ssh (Secure Shell) a program for logging into a remote machine and for @@ -295,7 +314,7 @@ Questo pacchetto installa sshd, il server di OpenSSH. Ssh (Secure Shell) to program s³u¿±cy do logowania siê na zdaln± maszynê i uruchamiania na niej aplikacji. W zamierzeniu openssh ma zast±piæ rlogin, rsh i dostarczyæ bezpieczne, szyfrowane po³±czenie -pomiedzy dwoma hostami. +pomiêdzy dwoma hostami. Ten pakiet zawiera serwer sshd (do którego mog± ³±czyæ siê klienci ssh). @@ -336,7 +355,7 @@ Summary(pt_BR): Di Summary(ru): OpenSSH - ÄÉÁÌÏÇ ××ÏÄÁ ËÌÀÞÅ×ÏÊ ÆÒÁÚÙ (passphrase) ÄÌÑ GNOME Summary(uk): OpenSSH - ĦÁÌÏÇ ××ÏÄÕ ËÌÀÞÏ×ϧ ÆÒÁÚÉ (passphrase) ÄÌÑ GNOME Group: Applications/Networking -Requires: %{name} = %{epoch}:%{version} +Requires: %{name} = %{epoch}:%{version}-%{release} Obsoletes: ssh-extras Obsoletes: ssh-askpass Obsoletes: openssh-askpass @@ -362,7 +381,7 @@ entrada de passphrase en GNOME. Ssh (Secure Shell) to program s³u¿±cy do logowania siê na zdaln± maszynê i uruchamiania na niej aplikacji. W zamierzeniu openssh ma zast±piæ rlogin, rsh i dostarczyæ bezpieczne, szyfrowane po³±czenie -pomiedzy dwoma hostami. +pomiêdzy dwoma hostami. Ten pakiet zawiera ,,odpytywacz has³a'' dla GNOME. @@ -385,30 +404,37 @@ Ssh (Secure Shell) - GNOME. %prep -%setup -q -n %{name}-%{orig_ver} +%setup -q %patch0 -p1 %patch2 -p1 %patch3 -p1 -#%patch4 -p1 -%{?_with_ldap:%patch5 -p1} -%{?_with_kerberos5:%patch6 -p1} +%patch4 -p1 +%{?with_ldap:%patch5 -p1} +%{?with_kerberos5:%patch6 -p1} +#%patch7 -p1 +%patch8 -p1 +%{?with_selinux:%patch9 -p1} +%{?with_selinux:%patch10 -p1} %build +cp %{_datadir}/automake/config.sub . %{__aclocal} %{__autoconf} - +%{?with_chroot:CPPFLAGS="-DCHROOT"} %configure \ PERL=%{__perl} \ + --with-dns \ --with-pam \ --with-mantype=man \ --with-md5-passwords \ --with-ipaddr-display \ + %{?with_libedit:--with-libedit} \ --with-4in6 \ --disable-suid-ssh \ --with-tcp-wrappers \ - %{?_with_ldap:--with-libs="-lldap -llber"} \ - %{?_with_ldap:--with-cppflags="-DWITH_LDAP_PUBKEY"} \ - %{?_with_kerberos5:--with-kerberos5} \ + %{?with_ldap:--with-libs="-lldap -llber"} \ + %{?with_ldap:--with-cppflags="-DWITH_LDAP_PUBKEY"} \ + %{?with_kerberos5:--with-kerberos5} \ --with-privsep-path=%{_privsepdir} \ --with-pid-dir=%{_localstatedir}/run \ --with-xauth=/usr/X11R6/bin/xauth @@ -417,38 +443,58 @@ echo '#define LOGIN_PROGRAM "/bin/login"' >>config.h %{__make} +cp -f %{SOURCE9} . +cp -f %{SOURCE10} . +%{__cc} %{rpmcflags} %{rpmldflags} connect.c -o connect + cd contrib -%if 0%{!?_without_gnome:1} +%if %{with gnome} %{__make} gnome-ssh-askpass1 \ CC="%{__cc} %{rpmldflags} %{rpmcflags}" %endif -%if 0%{!?_without_gtk:1} +%if %{with gtk} %{__make} gnome-ssh-askpass2 \ CC="%{__cc} %{rpmldflags} %{rpmcflags}" %endif %install rm -rf $RPM_BUILD_ROOT -install -d $RPM_BUILD_ROOT{%{_sysconfdir},/etc/{pam.d,rc.d/init.d,sysconfig,security,profile.d}} +install -d $RPM_BUILD_ROOT{%{_sysconfdir},/etc/{pam.d,rc.d/init.d,sysconfig,security,env.d}} \ + $RPM_BUILD_ROOT%{_libexecdir}/ssh +%{?with_sshagentsh:install -d $RPM_BUILD_ROOT/etc/{profile.d,X11/xinit/xinitrc.d}} -%{__make} install DESTDIR="$RPM_BUILD_ROOT" +%{__make} install \ + DESTDIR=$RPM_BUILD_ROOT +install connect $RPM_BUILD_ROOT%{_bindir} install %{SOURCE4} $RPM_BUILD_ROOT/etc/pam.d/sshd install %{SOURCE6} $RPM_BUILD_ROOT/etc/pam.d/passwdssh install %{SOURCE5} $RPM_BUILD_ROOT/etc/sysconfig/sshd install %{SOURCE3} $RPM_BUILD_ROOT/etc/rc.d/init.d/sshd install %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/ssh_config install %{SOURCE1} $RPM_BUILD_ROOT%{_sysconfdir}/sshd_config +%if %{with sshagentsh} +install %{SOURCE11} $RPM_BUILD_ROOT/etc/profile.d/ +ln -sf /etc/profile.d/ssh-agent.sh $RPM_BUILD_ROOT/etc/X11/xinit/xinitrc.d/ssh-agent.sh +install %{SOURCE12} $RPM_BUILD_ROOT/etc/ssh/ +%endif -install -d $RPM_BUILD_ROOT%{_libexecdir}/ssh -%if 0%{!?_without_gnome:1} +bzip2 -dc %{SOURCE7} | tar xf - -C $RPM_BUILD_ROOT%{_mandir} + +%if %{with gnome} install contrib/gnome-ssh-askpass1 $RPM_BUILD_ROOT%{_libexecdir}/ssh/ssh-askpass %endif -%if 0%{!?_without_gtk:1} +%if %{with gtk} install contrib/gnome-ssh-askpass2 $RPM_BUILD_ROOT%{_libexecdir}/ssh/ssh-askpass %endif -%if 0%{!?_without_gnome:1}%{!?_without_gtk:1} -install %{SOURCE7} %{SOURCE8} $RPM_BUILD_ROOT/etc/profile.d +%if %{with gnome} || %{with gtk} +cat << EOF >$RPM_BUILD_ROOT/etc/env.d/GNOME_SSH_ASKPASS_GRAB_SERVER +#GNOME_SSH_ASKPASS_GRAB_SERVER="true" +EOF +cat << EOF >$RPM_BUILD_ROOT/etc/env.d/GNOME_SSH_ASKPASS_GRAB_POINTER +#GNOME_SSH_ASKPASS_GRAB_POINTER="true" +EOF +ln -s %{_libexecdir}/ssh/ssh-askpass $RPM_BUILD_ROOT%{_libexecdir}/ssh-askpass %endif rm -f $RPM_BUILD_ROOT%{_mandir}/man1/slogin.1 @@ -456,17 +502,21 @@ echo ".so ssh.1" > $RPM_BUILD_ROOT%{_mandir}/man1/slogin.1 touch $RPM_BUILD_ROOT/etc/security/blacklist.sshd +cat << EOF >$RPM_BUILD_ROOT/etc/env.d/SSH_ASKPASS +#SSH_ASKPASS="%{_libexecdir}/ssh-askpass" +EOF + %clean rm -rf $RPM_BUILD_ROOT %pre server -if [ -n "`id -u sshd 2>/dev/null`" ]; then - if [ "`id -u sshd`" != "40" ]; then +if [ -n "`/bin/id -u sshd 2>/dev/null`" ]; then + if [ "`/bin/id -u sshd`" != "40" ]; then echo "Error: user sshd doesn't have uid=40. Correct this before installing ssh server." 1>&2 exit 1 fi else - /usr/sbin/useradd -u 40 -d %{_privsepdir} -s /bin/false -M -r -c "OpenSSH PrivSep User" -g nobody sshd 1>&2 + /usr/sbin/useradd -u 40 -d %{_privsepdir} -s /bin/false -c "OpenSSH PrivSep User" -g nobody sshd 1>&2 fi %post server @@ -491,7 +541,7 @@ fi %postun server if [ "$1" = "0" ]; then - /usr/sbin/userdel sshd + %userremove sshd fi %files @@ -500,16 +550,25 @@ fi %attr(755,root,root) %{_bindir}/ssh-key* %{_mandir}/man1/ssh-key*.1* %dir %{_sysconfdir} +%dir %{_libexecdir} %files clients %defattr(644,root,root,755) -%attr(0755,root,root) %{_bindir}/ssh -%attr(0755,root,root) %{_bindir}/slogin -%attr(0755,root,root) %{_bindir}/sftp -%attr(0755,root,root) %{_bindir}/ssh-agent -%attr(0755,root,root) %{_bindir}/ssh-add -%attr(0755,root,root) %{_bindir}/scp +%doc connect.html +%attr(755,root,root) %{_bindir}/connect +%attr(755,root,root) %{_bindir}/ssh +%attr(755,root,root) %{_bindir}/slogin +%attr(755,root,root) %{_bindir}/sftp +%attr(755,root,root) %{_bindir}/ssh-agent +%attr(755,root,root) %{_bindir}/ssh-add +%attr(755,root,root) %{_bindir}/scp %config(noreplace) %verify(not md5 size mtime) %{_sysconfdir}/ssh_config +%attr(644,root,root) %config(noreplace,missingok) %verify(not md5 size mtime) /etc/env.d/SSH_ASKPASS +%if %{with sshagentsh} +%config(noreplace) %verify(not md5 size mtime) %{_sysconfdir}/ssh-agent.conf +%attr(755,root,root) /etc/profile.d/ssh-agent.sh +%attr(755,root,root) /etc/X11/xinit/xinitrc.d/ssh-agent.sh +%endif %{_mandir}/man1/scp.1* %{_mandir}/man1/ssh.1* %{_mandir}/man1/slogin.1* @@ -517,6 +576,10 @@ fi %{_mandir}/man1/ssh-agent.1* %{_mandir}/man1/ssh-add.1* %{_mandir}/man5/ssh_config.5* +%lang(it) %{_mandir}/it/man1/ssh.1* +%lang(it) %{_mandir}/it/man5/ssh_config.5* +%lang(pl) %{_mandir}/pl/man1/scp.1* +%lang(zh_CN) %{_mandir}/zh_CN/man1/scp.1* # for host-based auth (suid required for accessing private host key) #%attr(4755,root,root) %{_libexecdir}/ssh-keysign @@ -526,9 +589,10 @@ fi %defattr(644,root,root,755) %attr(755,root,root) %{_sbindir}/sshd %attr(755,root,root) %{_libexecdir}/sftp-server -%dir %{_libexecdir} +%attr(755,root,root) %{_libexecdir}/ssh-keysign %{_mandir}/man8/sshd.8* %{_mandir}/man8/sftp-server.8* +%{_mandir}/man8/ssh-keysign.8* %{_mandir}/man5/sshd_config.5* %attr(640,root,root) %config(noreplace) %verify(not md5 size mtime) %{_sysconfdir}/sshd_config %attr(640,root,root) %config(noreplace) %verify(not md5 size mtime) /etc/pam.d/sshd @@ -537,10 +601,11 @@ fi %attr(640,root,root) %config(noreplace) %verify(not md5 size mtime) /etc/sysconfig/sshd %attr(640,root,root) %config(noreplace) %verify(not md5 size mtime) /etc/security/blacklist.sshd -%if 0%{!?_without_gnome:1}%{!?_without_gtk:1} +%if %{with gnome} || %{with gtk} %files gnome-askpass %defattr(644,root,root,755) +%attr(644,root,root) %config(noreplace,missingok) %verify(not md5 size mtime) /etc/env.d/GNOME_SSH_ASKPASS* %dir %{_libexecdir}/ssh %attr(755,root,root) %{_libexecdir}/ssh/ssh-askpass -%attr(755,root,root) /etc/profile.d/* +%attr(755,root,root) %{_libexecdir}/ssh-askpass %endif