X-Git-Url: http://git.pld-linux.org/?a=blobdiff_plain;f=openssh.spec;h=33801db6c25b9f5b5f765aedaf88a0e3a75cc0eb;hb=a0e66996eccb444b6a3c377a0112399218d48fed;hp=94e64d9877416efef6b6108cc13722e4f10e53d5;hpb=956d800200f875208e2228d21c0d64f77cdd92c5;p=packages%2Fopenssh.git diff --git a/openssh.spec b/openssh.spec index 94e64d9..33801db 100644 --- a/openssh.spec +++ b/openssh.spec @@ -1,7 +1,16 @@ # # Conditional build: -# _without_gnome - without gnome-askpass utility - +%bcond_without chroot # without chrooted user environment support +%bcond_with gnome # with gnome-askpass (GNOME 1.x) utility +%bcond_without gtk # without GTK+ (2.x) +%bcond_with ldap # with ldap support +%bcond_without libedit # without libedit (editline/history support in sftp client) +%bcond_without kerberos5 # without kerberos5 support +%bcond_without selinux # build without SELinux support +%bcond_with sshagentsh # with system-wide script for starting ssh-agent +# +# gtk2-based gnome-askpass means no gnome1-based +%{?with_gtk:%undefine with_gnome} Summary: OpenSSH free Secure Shell (SSH) implementation Summary(de): OpenSSH - freie Implementation der Secure Shell (SSH) Summary(es): Implementación libre de SSH @@ -13,36 +22,59 @@ Summary(pt_BR): Implementa Summary(ru): OpenSSH - Ó×ÏÂÏÄÎÁÑ ÒÅÁÌÉÚÁÃÉÑ ÐÒÏÔÏËÏÌÁ Secure Shell (SSH) Summary(uk): OpenSSH - צÌØÎÁ ÒÅÁ̦ÚÁÃ¦Ñ ÐÒÏÔÏËÏÌÕ Secure Shell (SSH) Name: openssh -Version: 3.5p1 -Release: 1 -Epoch: 1 +Version: 4.0p1 +Release: 2 +Epoch: 2 License: BSD Group: Applications/Networking Source0: ftp://ftp.ca.openbsd.org/pub/OpenBSD/OpenSSH/portable/%{name}-%{version}.tar.gz +# Source0-md5: 7b36f28fc16e1b7f4ba3c1dca191ac92 Source1: %{name}d.conf Source2: %{name}.conf Source3: %{name}d.init Source4: %{name}d.pamd Source5: %{name}.sysconfig Source6: passwd.pamd +Source7: http://www.mif.pg.gda.pl/homepages/ankry/man-PLD/openssh-non-english-man-pages.tar.bz2 +# Source7-md5: 66943d481cc422512b537bcc2c7400d1 +Source9: http://www.taiyo.co.jp/~gotoh/ssh/connect.c +# NoSource9-md5: e1c3cbed88f08ea778d90813d48cd428 +Source10: http://www.taiyo.co.jp/~gotoh/ssh/connect.html +# NoSource10-md5: ec74f3e3b2ea3a7dc84c7988235b6fcf +Source11: ssh-agent.sh +Source12: ssh-agent.conf Patch0: %{name}-no_libnsl.patch -Patch1: %{name}-set_12.patch Patch2: %{name}-linux-ipv6.patch Patch3: %{name}-pam_misc.patch +Patch4: %{name}-sigpipe.patch +# http://www.opendarwin.org/projects/openssh-lpk/ +Patch5: %{name}-lpk-4.0p1-0.3.patch +Patch6: %{name}-heimdal.patch +Patch7: %{name}-pam-conv.patch +# http://chrootssh.sourceforge.net/download/osshChroot-3.7.1p2.diff +Patch8: %{name}-chroot.patch +Patch9: %{name}-selinux.patch +Patch10: %{name}-selinux-pld.patch URL: http://www.openssh.com/ -BuildRequires: XFree86-devel BuildRequires: autoconf BuildRequires: automake -%{!?_without_gnome:BuildRequires: gnome-libs-devel} +%{?with_gnome:BuildRequires: gnome-libs-devel} +%{?with_gtk:BuildRequires: gtk+2-devel} +%{?with_kerberos5:BuildRequires: heimdal-devel} +%{?with_libedit:BuildRequires: libedit-devel} +%{?with_selinux:BuildRequires: libselinux-devel} BuildRequires: libwrap-devel -BuildRequires: openssl-devel >= 0.9.6a +%{?with_ldap:BuildRequires: openldap-devel} +BuildRequires: openssl-devel >= 0.9.7d BuildRequires: pam-devel -BuildRequires: perl +BuildRequires: %{__perl} +%{?with_gtk:BuildRequires: pkgconfig} +BuildRequires: rpmbuild(macros) >= 1.159 BuildRequires: zlib-devel -BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n) -Prereq: openssl -Prereq: FHS >= 2.1-24 +PreReq: FHS >= 2.1-24 +PreReq: openssl >= 0.9.7d Obsoletes: ssh +BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n) %define _sysconfdir /etc/ssh %define _libexecdir %{_libdir}/%{name} @@ -105,7 +137,7 @@ inoltrate attraverso un canale sicuro. Ssh (Secure Shell) to program s³u¿±cy do logowania siê na zdaln± maszynê i uruchamiania na niej aplikacji. W zamierzeniu openssh ma zast±piæ rlogin, rsh i dostarczyæ bezpieczne, szyfrowane po³±czenie -pomiedzy dwoma hostami. +pomiêdzy dwoma hostami. Ten pakiet zawiera podstawowe pliki potrzebne zarówno po stronie klienta jak i serwera OpenSSH. Aby by³ u¿yteczny, trzeba zainstalowaæ @@ -174,7 +206,9 @@ Summary(pt_BR): Clientes do OpenSSH Summary(ru): OpenSSH - ËÌÉÅÎÔÙ ÐÒÏÔÏËÏÌÁ Secure Shell Summary(uk): OpenSSH - Ë̦¤ÎÔÉ ÐÒÏÔÏËÏÌÕ Secure Shell Group: Applications/Networking -Requires: %{name} = %{version} +Requires: %{name} = %{epoch}:%{version}-%{release} +%{?with_sshagentsh:Requires: xinitrc} +Provides: ssh-clients Obsoletes: ssh-clients %description clients @@ -199,7 +233,7 @@ conexiones codificadas con servidores SSH. Ssh (Secure Shell) to program s³u¿±cy do logowania siê na zdaln± maszynê i uruchamiania na niej aplikacji. W zamierzeniu openssh ma zast±piæ rlogin, rsh i dostarczyæ bezpieczne, szyfrowane po³±czenie -pomiedzy dwoma hostami. +pomiêdzy dwoma hostami. Ten pakiet zawiera klientów s³u¿±cych do ³±czenia siê z serwerami SSH. @@ -233,16 +267,19 @@ Summary(pt_BR): Servidor OpenSSH para comunica Summary(ru): OpenSSH - ÓÅÒ×ÅÒ ÐÒÏÔÏËÏÌÁ Secure Shell (sshd) Summary(uk): OpenSSH - ÓÅÒ×ÅÒ ÐÒÏÔÏËÏÌÕ Secure Shell (sshd) Group: Networking/Daemons -PreReq: %{name} = %{version} -PreReq: rc-scripts >= 0.3.1-3 +PreReq: %{name} = %{epoch}:%{version}-%{release} +PreReq: rc-scripts >= 0.3.1-15 Requires(pre): /bin/id Requires(pre): /usr/sbin/useradd -Requires(post): /sbin/chkconfig +Requires(post,preun): /sbin/chkconfig Requires(post): chkconfig >= 0.9 +Requires(post): grep Requires(postun): /usr/sbin/userdel Requires: /bin/login Requires: util-linux -Obsoletes: ssh-server +Requires: pam >= 0.77.3 +Provides: user(sshd) +Provides: ssh-server %description server Ssh (Secure Shell) a program for logging into a remote machine and for @@ -277,7 +314,7 @@ Questo pacchetto installa sshd, il server di OpenSSH. Ssh (Secure Shell) to program s³u¿±cy do logowania siê na zdaln± maszynê i uruchamiania na niej aplikacji. W zamierzeniu openssh ma zast±piæ rlogin, rsh i dostarczyæ bezpieczne, szyfrowane po³±czenie -pomiedzy dwoma hostami. +pomiêdzy dwoma hostami. Ten pakiet zawiera serwer sshd (do którego mog± ³±czyæ siê klienci ssh). @@ -318,7 +355,7 @@ Summary(pt_BR): Di Summary(ru): OpenSSH - ÄÉÁÌÏÇ ××ÏÄÁ ËÌÀÞÅ×ÏÊ ÆÒÁÚÙ (passphrase) ÄÌÑ GNOME Summary(uk): OpenSSH - ĦÁÌÏÇ ××ÏÄÕ ËÌÀÞÏ×ϧ ÆÒÁÚÉ (passphrase) ÄÌÑ GNOME Group: Applications/Networking -Requires: %{name} = %{version} +Requires: %{name} = %{epoch}:%{version}-%{release} Obsoletes: ssh-extras Obsoletes: ssh-askpass Obsoletes: openssh-askpass @@ -344,7 +381,7 @@ entrada de passphrase en GNOME. Ssh (Secure Shell) to program s³u¿±cy do logowania siê na zdaln± maszynê i uruchamiania na niej aplikacji. W zamierzeniu openssh ma zast±piæ rlogin, rsh i dostarczyæ bezpieczne, szyfrowane po³±czenie -pomiedzy dwoma hostami. +pomiêdzy dwoma hostami. Ten pakiet zawiera ,,odpytywacz has³a'' dla GNOME. @@ -367,69 +404,121 @@ Ssh (Secure Shell) - GNOME. %prep -%setup -q +%setup -q %patch0 -p1 -%patch1 -p1 %patch2 -p1 %patch3 -p1 +%patch4 -p1 +%{?with_ldap:%patch5 -p1} +%{?with_kerberos5:%patch6 -p1} +#%patch7 -p1 +%patch8 -p1 +%{?with_selinux:%patch9 -p1} +%{?with_selinux:%patch10 -p1} %build +cp %{_datadir}/automake/config.sub . %{__aclocal} %{__autoconf} - +%{?with_chroot:CPPFLAGS="-DCHROOT"} %configure \ - %{!?_without_gnome:--with-gnome-askpass} \ + PERL=%{__perl} \ + --with-dns \ --with-pam \ --with-mantype=man \ --with-md5-passwords \ --with-ipaddr-display \ + %{?with_libedit:--with-libedit} \ --with-4in6 \ --disable-suid-ssh \ --with-tcp-wrappers \ + %{?with_ldap:--with-libs="-lldap -llber"} \ + %{?with_ldap:--with-cppflags="-DWITH_LDAP_PUBKEY"} \ + %{?with_kerberos5:--with-kerberos5} \ --with-privsep-path=%{_privsepdir} \ - --with-pid-dir=%{_localstatedir}/run + --with-pid-dir=%{_localstatedir}/run \ + --with-xauth=/usr/X11R6/bin/xauth echo '#define LOGIN_PROGRAM "/bin/login"' >>config.h %{__make} -%{!?_without_gnome:cd contrib && %{__cc} %{rpmcflags} `gnome-config --cflags gnome gnomeui gtk` } \ -%{!?_without_gnome:gnome-ssh-askpass.c -o gnome-ssh-askpass } \ -%{!?_without_gnome:`gnome-config --libs gnome gnomeui gtk` } +cp -f %{SOURCE9} . +cp -f %{SOURCE10} . +%{__cc} %{rpmcflags} %{rpmldflags} connect.c -o connect + +cd contrib +%if %{with gnome} +%{__make} gnome-ssh-askpass1 \ + CC="%{__cc} %{rpmldflags} %{rpmcflags}" +%endif +%if %{with gtk} +%{__make} gnome-ssh-askpass2 \ + CC="%{__cc} %{rpmldflags} %{rpmcflags}" +%endif %install rm -rf $RPM_BUILD_ROOT -install -d $RPM_BUILD_ROOT{%{_sysconfdir},/etc/{pam.d,rc.d/init.d,sysconfig,security}} +install -d $RPM_BUILD_ROOT{%{_sysconfdir},/etc/{pam.d,rc.d/init.d,sysconfig,security,env.d}} \ + $RPM_BUILD_ROOT%{_libexecdir}/ssh +%{?with_sshagentsh:install -d $RPM_BUILD_ROOT/etc/{profile.d,X11/xinit/xinitrc.d}} -%{__make} install DESTDIR="$RPM_BUILD_ROOT" +%{__make} install \ + DESTDIR=$RPM_BUILD_ROOT +install connect $RPM_BUILD_ROOT%{_bindir} install %{SOURCE4} $RPM_BUILD_ROOT/etc/pam.d/sshd install %{SOURCE6} $RPM_BUILD_ROOT/etc/pam.d/passwdssh install %{SOURCE5} $RPM_BUILD_ROOT/etc/sysconfig/sshd install %{SOURCE3} $RPM_BUILD_ROOT/etc/rc.d/init.d/sshd install %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/ssh_config install %{SOURCE1} $RPM_BUILD_ROOT%{_sysconfdir}/sshd_config -install -d $RPM_BUILD_ROOT%{_libexecdir}/ssh -%{!?_without_gnome:install contrib/gnome-ssh-askpass $RPM_BUILD_ROOT%{_libexecdir}/ssh/ssh-askpass} +%if %{with sshagentsh} +install %{SOURCE11} $RPM_BUILD_ROOT/etc/profile.d/ +ln -sf /etc/profile.d/ssh-agent.sh $RPM_BUILD_ROOT/etc/X11/xinit/xinitrc.d/ssh-agent.sh +install %{SOURCE12} $RPM_BUILD_ROOT/etc/ssh/ +%endif + +bzip2 -dc %{SOURCE7} | tar xf - -C $RPM_BUILD_ROOT%{_mandir} + +%if %{with gnome} +install contrib/gnome-ssh-askpass1 $RPM_BUILD_ROOT%{_libexecdir}/ssh/ssh-askpass +%endif +%if %{with gtk} +install contrib/gnome-ssh-askpass2 $RPM_BUILD_ROOT%{_libexecdir}/ssh/ssh-askpass +%endif +%if %{with gnome} || %{with gtk} +cat << EOF >$RPM_BUILD_ROOT/etc/env.d/GNOME_SSH_ASKPASS_GRAB_SERVER +#GNOME_SSH_ASKPASS_GRAB_SERVER="true" +EOF +cat << EOF >$RPM_BUILD_ROOT/etc/env.d/GNOME_SSH_ASKPASS_GRAB_POINTER +#GNOME_SSH_ASKPASS_GRAB_POINTER="true" +EOF +ln -s %{_libexecdir}/ssh/ssh-askpass $RPM_BUILD_ROOT%{_libexecdir}/ssh-askpass +%endif rm -f $RPM_BUILD_ROOT%{_mandir}/man1/slogin.1 echo ".so ssh.1" > $RPM_BUILD_ROOT%{_mandir}/man1/slogin.1 touch $RPM_BUILD_ROOT/etc/security/blacklist.sshd +cat << EOF >$RPM_BUILD_ROOT/etc/env.d/SSH_ASKPASS +#SSH_ASKPASS="%{_libexecdir}/ssh-askpass" +EOF + %clean rm -rf $RPM_BUILD_ROOT %pre server -if [ -n "`id -u sshd 2>/dev/null`" ]; then - if [ "`id -u sshd`" != "40" ]; then +if [ -n "`/bin/id -u sshd 2>/dev/null`" ]; then + if [ "`/bin/id -u sshd`" != "40" ]; then echo "Error: user sshd doesn't have uid=40. Correct this before installing ssh server." 1>&2 exit 1 fi else - /usr/sbin/useradd -u 40 -d %{_privsepdir} -s /bin/false -M -r -c "OpenSSH PrivSep User" -g nobody sshd 1>&2 + /usr/sbin/useradd -u 40 -d %{_privsepdir} -s /bin/false -c "OpenSSH PrivSep User" -g nobody sshd 1>&2 fi - + %post server /sbin/chkconfig --add sshd if [ -f /var/lock/subsys/sshd ]; then @@ -437,7 +526,8 @@ if [ -f /var/lock/subsys/sshd ]; then else echo "Run \"/etc/rc.d/init.d/sshd start\" to start openssh daemon." fi -if ! grep ssh /etc/security/passwd.conf >/dev/null 2>&1 ; then +if ! grep -qs ssh /etc/security/passwd.conf ; then + umask 022 echo "ssh" >> /etc/security/passwd.conf fi @@ -451,7 +541,7 @@ fi %postun server if [ "$1" = "0" ]; then - /usr/sbin/userdel sshd + %userremove sshd fi %files @@ -460,16 +550,25 @@ fi %attr(755,root,root) %{_bindir}/ssh-key* %{_mandir}/man1/ssh-key*.1* %dir %{_sysconfdir} +%dir %{_libexecdir} %files clients %defattr(644,root,root,755) -%attr(0755,root,root) %{_bindir}/ssh -%attr(0755,root,root) %{_bindir}/slogin -%attr(0755,root,root) %{_bindir}/sftp -%attr(0755,root,root) %{_bindir}/ssh-agent -%attr(0755,root,root) %{_bindir}/ssh-add -%attr(0755,root,root) %{_bindir}/scp +%doc connect.html +%attr(755,root,root) %{_bindir}/connect +%attr(755,root,root) %{_bindir}/ssh +%attr(755,root,root) %{_bindir}/slogin +%attr(755,root,root) %{_bindir}/sftp +%attr(755,root,root) %{_bindir}/ssh-agent +%attr(755,root,root) %{_bindir}/ssh-add +%attr(755,root,root) %{_bindir}/scp %config(noreplace) %verify(not md5 size mtime) %{_sysconfdir}/ssh_config +%attr(644,root,root) %config(noreplace,missingok) %verify(not md5 size mtime) /etc/env.d/SSH_ASKPASS +%if %{with sshagentsh} +%config(noreplace) %verify(not md5 size mtime) %{_sysconfdir}/ssh-agent.conf +%attr(755,root,root) /etc/profile.d/ssh-agent.sh +%attr(755,root,root) /etc/X11/xinit/xinitrc.d/ssh-agent.sh +%endif %{_mandir}/man1/scp.1* %{_mandir}/man1/ssh.1* %{_mandir}/man1/slogin.1* @@ -477,14 +576,23 @@ fi %{_mandir}/man1/ssh-agent.1* %{_mandir}/man1/ssh-add.1* %{_mandir}/man5/ssh_config.5* +%lang(it) %{_mandir}/it/man1/ssh.1* +%lang(it) %{_mandir}/it/man5/ssh_config.5* +%lang(pl) %{_mandir}/pl/man1/scp.1* +%lang(zh_CN) %{_mandir}/zh_CN/man1/scp.1* + +# for host-based auth (suid required for accessing private host key) +#%attr(4755,root,root) %{_libexecdir}/ssh-keysign +#%{_mandir}/man8/ssh-keysign.8* %files server %defattr(644,root,root,755) %attr(755,root,root) %{_sbindir}/sshd %attr(755,root,root) %{_libexecdir}/sftp-server -%dir %{_libexecdir} +%attr(755,root,root) %{_libexecdir}/ssh-keysign %{_mandir}/man8/sshd.8* %{_mandir}/man8/sftp-server.8* +%{_mandir}/man8/ssh-keysign.8* %{_mandir}/man5/sshd_config.5* %attr(640,root,root) %config(noreplace) %verify(not md5 size mtime) %{_sysconfdir}/sshd_config %attr(640,root,root) %config(noreplace) %verify(not md5 size mtime) /etc/pam.d/sshd @@ -493,7 +601,11 @@ fi %attr(640,root,root) %config(noreplace) %verify(not md5 size mtime) /etc/sysconfig/sshd %attr(640,root,root) %config(noreplace) %verify(not md5 size mtime) /etc/security/blacklist.sshd -%{!?_without_gnome:%files gnome-askpass} -%{!?_without_gnome:%defattr(644,root,root,755)} -%{!?_without_gnome:%dir %{_libexecdir}/ssh} -%{!?_without_gnome:%attr(755,root,root) %{_libexecdir}/ssh/ssh-askpass} +%if %{with gnome} || %{with gtk} +%files gnome-askpass +%defattr(644,root,root,755) +%attr(644,root,root) %config(noreplace,missingok) %verify(not md5 size mtime) /etc/env.d/GNOME_SSH_ASKPASS* +%dir %{_libexecdir}/ssh +%attr(755,root,root) %{_libexecdir}/ssh/ssh-askpass +%attr(755,root,root) %{_libexecdir}/ssh-askpass +%endif