X-Git-Url: http://git.pld-linux.org/?a=blobdiff_plain;f=openssh.spec;h=b04af47874bda5695fc49a632736f3afff52d862;hb=57d4dbd364a71387e4644b61aece0714813f5544;hp=df3055b10607a05e3a2e1d3f3b7de9644b3e852b;hpb=902cef1308d99d848991098c13520e6727524c9a;p=packages%2Fopenssh.git diff --git a/openssh.spec b/openssh.spec index df3055b..b04af47 100644 --- a/openssh.spec +++ b/openssh.spec @@ -1,44 +1,74 @@ # # Conditional build: -# _without_gnome - without gnome-askpass utility +# _without_gnome - without gnome-askpass utility +# _without_gtk - without gtk (2.x) +# _with_ldap - with ldap support +# _with_kerberos5 - with kerberos5 support +# +# default to gtk2-based gnome-askpass + +%define orig_ver 3.7.1p2 +%{!?_without_gtk:%define _without_gnome 1} Summary: OpenSSH free Secure Shell (SSH) implementation +Summary(de): OpenSSH - freie Implementation der Secure Shell (SSH) Summary(es): Implementación libre de SSH +Summary(fr): Implémentation libre du shell sécurisé OpenSSH (SSH) +Summary(it): Implementazione gratuita OpenSSH della Secure Shell Summary(pl): Publicznie dostêpna implementacja bezpiecznego shella (SSH) +Summary(pt): Implementação livre OpenSSH do protocolo 'Secure Shell' (SSH) Summary(pt_BR): Implementação livre do SSH Summary(ru): OpenSSH - Ó×ÏÂÏÄÎÁÑ ÒÅÁÌÉÚÁÃÉÑ ÐÒÏÔÏËÏÌÁ Secure Shell (SSH) Summary(uk): OpenSSH - צÌØÎÁ ÒÅÁ̦ÚÁÃ¦Ñ ÐÒÏÔÏËÏÌÕ Secure Shell (SSH) Name: openssh -Version: 3.3p1 -Release: 1 +Version: 3.7.1p2 +Release: 3 +Epoch: 2 License: BSD Group: Applications/Networking -Source0: ftp://ftp.ca.openbsd.org/pub/OpenBSD/OpenSSH/portable/%{name}-%{version}.tar.gz +Source0: ftp://ftp.ca.openbsd.org/pub/OpenBSD/OpenSSH/portable/%{name}-%{orig_ver}.tar.gz +# Source0-md5: 61cf5b059938718308836d00f6764a94 Source1: %{name}d.conf Source2: %{name}.conf Source3: %{name}d.init Source4: %{name}d.pamd Source5: %{name}.sysconfig Source6: passwd.pamd +Source7: %{name}-askpass.sh +Source8: %{name}-askpass.csh +Source9: http://www.imasy.or.jp/~gotoh/ssh/connect.c +# NoSource9-md5: c78de727e1208799072be78c05d64398 +Source10: http://www.imasy.or.jp/~gotoh/ssh/connect.html +# NoSource10-md5: f14cb61fafd067a3f5ce4eaa9643bf05 Patch0: %{name}-no_libnsl.patch -Patch1: %{name}-set_12.patch Patch2: %{name}-linux-ipv6.patch +Patch3: %{name}-pam_misc.patch +Patch4: %{name}-sigpipe.patch +# http://ldappubkey.gcu-squad.org/ +Patch5: ldappubkey-ossh3.6-v2.patch +Patch6: %{name}-heimdal.patch +Patch7: %{name}-pam-conv.patch URL: http://www.openssh.com/ -BuildRequires: XFree86-devel BuildRequires: autoconf BuildRequires: automake %{!?_without_gnome:BuildRequires: gnome-libs-devel} -BuildRequires: openssl-devel >= 0.9.6a +%{!?_without_gtk:BuildRequires: gtk+2-devel} +BuildRequires: libwrap-devel +BuildRequires: openssl-devel >= 0.9.7c +%{?_with_ldap:BuildRequires: openldap-devel} +%{?_with_kerberos5:BuildRequires: heimdal-devel} BuildRequires: pam-devel +BuildRequires: %{__perl} +%{!?_without_gtk:BuildRequires: pkgconfig} BuildRequires: zlib-devel -BuildRequires: libwrap-devel -BuildRequires: perl -BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n) -Prereq: openssl +PreReq: FHS >= 2.1-24 +PreReq: openssl >= 0.9.7c Obsoletes: ssh +BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n) %define _sysconfdir /etc/ssh %define _libexecdir %{_libdir}/%{name} +%define _privsepdir /usr/share/empty %description Ssh (Secure Shell) a program for logging into a remote machine and for @@ -55,6 +85,14 @@ This package includes the core files necessary for both the OpenSSH client and server. To make this package useful, you should also install openssh-clients, openssh-server, or both. +%description -l de +OpenSSH (Secure Shell) stellt den Zugang zu anderen Rechnern her. Es +ersetzt telnet, rlogin, rexec und rsh und stellt eine sichere, +verschlüsselte Verbindung zwischen zwei nicht vertrauenswürdigen Hosts +über eine unsicheres Netzwerk her. X11 Verbindungen und beliebige +andere TCP/IP Ports können ebenso über den sicheren Channel +weitergeleitet werden. + %description -l es SSH es un programa para accesar y ejecutar órdenes en computadores remotos. Sustituye rlogin y rsh, y suministra un canal de comunicación @@ -71,12 +109,37 @@ algoritmos patentados y coloc Este paquete contiene "port" para Linux de OpenSSH. Se debe instalar también el paquete openssh-clients u openssh-server o ambos. +%description -l fr +OpenSSH (Secure Shell) fournit un accès à un système distant. Il +remplace telnet, rlogin, rexec et rsh, tout en assurant des +communications cryptées securisées entre deux hôtes non fiabilisés sur +un réseau non sécurisé. Des connexions X11 et des ports TCP/IP +arbitraires peuvent également être transmis sur le canal sécurisé. + +%description -l it +OpenSSH (Secure Shell) fornisce l'accesso ad un sistema remoto. +Sostituisce telnet, rlogin, rexec, e rsh, e fornisce comunicazioni +sicure e crittate tra due host non fidati su una rete non sicura. Le +connessioni X11 ad una porta TCP/IP arbitraria possono essere +inoltrate attraverso un canale sicuro. + %description -l pl Ssh (Secure Shell) to program s³u¿±cy do logowania siê na zdaln± maszynê i uruchamiania na niej aplikacji. W zamierzeniu openssh ma zast±piæ rlogin, rsh i dostarczyæ bezpieczne, szyfrowane po³±czenie pomiedzy dwoma hostami. +Ten pakiet zawiera podstawowe pliki potrzebne zarówno po stronie +klienta jak i serwera OpenSSH. Aby by³ u¿yteczny, trzeba zainstalowaæ +co najmniej jeden z pakietów: openssh-clients lub openssh-server. + +%description -l pt +OpenSSH (Secure Shell) fornece acesso a um sistema remoto. Substitui o +telnet, rlogin, rexec, e o rsh e fornece comunicações seguras e +cifradas entre duas máquinas sem confiança mútua sobre uma rede +insegura. Ligações X11 e portos TCP/IP arbitrários também poder ser +reenviados pelo canal seguro. + %description -l pt_BR SSH é um programa para acessar e executar comandos em máquinas remotas. Ele substitui rlogin e rsh, e provem um canal de comunicação @@ -132,10 +195,10 @@ Summary(pl): Klienci protoko Summary(pt_BR): Clientes do OpenSSH Summary(ru): OpenSSH - ËÌÉÅÎÔÙ ÐÒÏÔÏËÏÌÁ Secure Shell Summary(uk): OpenSSH - Ë̦¤ÎÔÉ ÐÒÏÔÏËÏÌÕ Secure Shell -Requires: openssh Group: Applications/Networking +Provides: ssh-clients +Requires: %{name} = %{epoch}:%{version} Obsoletes: ssh-clients -Requires: %{name} = %{version} %description clients Ssh (Secure Shell) a program for logging into a remote machine and for @@ -183,20 +246,28 @@ Ssh (Secure Shell) - %package server Summary: OpenSSH Secure Shell protocol server (sshd) +Summary(de): OpenSSH Secure Shell Protocol-Server (sshd) Summary(es): Servidor OpenSSH para comunicaciones codificadas +Summary(fr): Serveur de protocole du shell sécurisé OpenSSH (sshd) +Summary(it): Server OpenSSH per il protocollo Secure Shell (sshd) Summary(pl): Serwer protoko³u Secure Shell (sshd) +Summary(pt): Servidor do protocolo 'Secure Shell' OpenSSH (sshd) Summary(pt_BR): Servidor OpenSSH para comunicações encriptadas Summary(ru): OpenSSH - ÓÅÒ×ÅÒ ÐÒÏÔÏËÏÌÁ Secure Shell (sshd) Summary(uk): OpenSSH - ÓÅÒ×ÅÒ ÐÒÏÔÏËÏÌÕ Secure Shell (sshd) -Requires: openssh -Requires: chkconfig >= 0.9 Group: Networking/Daemons -Obsoletes: ssh-server +PreReq: %{name} = %{epoch}:%{version} +PreReq: rc-scripts >= 0.3.1-15 +Requires(pre): /bin/id +Requires(pre): /usr/sbin/useradd +Requires(post,preun): /sbin/chkconfig +Requires(post): chkconfig >= 0.9 +Requires(post): grep +Requires(postun): /usr/sbin/userdel Requires: /bin/login Requires: util-linux -Prereq: rc-scripts -Prereq: /sbin/chkconfig -Prereq: %{name} = %{version} +Requires: pam >= 0.77.3 +Provides: ssh-server %description server Ssh (Secure Shell) a program for logging into a remote machine and for @@ -213,11 +284,20 @@ This package contains the secure shell daemon. The sshd is the server part of the secure shell protocol and allows ssh clients to connect to your host. +%description server -l de +Dieses Paket installiert den sshd, den Server-Teil der OpenSSH. + %description server -l es Este paquete contiene el servidor SSH. sshd es la parte servidor del protocolo secure shell y permite que clientes ssh se conecten a su servidor. +%description server -l fr +Ce paquetage installe le 'sshd', partie serveur de OpenSSH. + +%description server -l it +Questo pacchetto installa sshd, il server di OpenSSH. + %description server -l pl Ssh (Secure Shell) to program s³u¿±cy do logowania siê na zdaln± maszynê i uruchamiania na niej aplikacji. W zamierzeniu openssh ma @@ -227,6 +307,9 @@ pomiedzy dwoma hostami. Ten pakiet zawiera serwer sshd (do którego mog± ³±czyæ siê klienci ssh). +%description server -l pt +Este pacote intala o sshd, o servidor do OpenSSH. + %description server -l pt_BR Esse pacote contém o servidor SSH. O sshd é a parte servidor do protocolo secure shell e permite que clientes ssh se conectem ao seu @@ -250,13 +333,17 @@ Ssh (Secure Shell) - %package gnome-askpass Summary: OpenSSH GNOME passphrase dialog +Summary(de): OpenSSH GNOME Passwort-Dialog Summary(es): Diálogo para introducción de passphrase para GNOME +Summary(fr): Dialogue pass-phrase GNOME d'OpenSSH +Summary(it): Finestra di dialogo GNOME per la frase segreta di OpenSSH Summary(pl): Odpytywacz has³a OpenSSH dla GNOME +Summary(pt): Diálogo de pedido de senha para GNOME do OpenSSH Summary(pt_BR): Diálogo para entrada de passphrase para GNOME Summary(ru): OpenSSH - ÄÉÁÌÏÇ ××ÏÄÁ ËÌÀÞÅ×ÏÊ ÆÒÁÚÙ (passphrase) ÄÌÑ GNOME Summary(uk): OpenSSH - ĦÁÌÏÇ ××ÏÄÕ ËÌÀÞÏ×ϧ ÆÒÁÚÉ (passphrase) ÄÌÑ GNOME Group: Applications/Networking -Requires: %{name} = %{version} +Requires: %{name} = %{epoch}:%{version} Obsoletes: ssh-extras Obsoletes: ssh-askpass Obsoletes: openssh-askpass @@ -305,17 +392,21 @@ Ssh (Secure Shell) - GNOME. %prep -%setup -q +%setup -q -n %{name}-%{orig_ver} %patch0 -p1 -%patch1 -p1 %patch2 -p1 +%patch3 -p1 +#%patch4 -p1 +%{?_with_ldap:%patch5 -p1} +%{?_with_kerberos5:%patch6 -p1} +%patch7 -p1 %build -aclocal +%{__aclocal} %{__autoconf} %configure \ - %{!?_without_gnome:--with-gnome-askpass} \ + PERL=%{__perl} \ --with-pam \ --with-mantype=man \ --with-md5-passwords \ @@ -323,30 +414,56 @@ aclocal --with-4in6 \ --disable-suid-ssh \ --with-tcp-wrappers \ - --with-pid-dir=%{_localstatedir}/run + %{?_with_ldap:--with-libs="-lldap -llber"} \ + %{?_with_ldap:--with-cppflags="-DWITH_LDAP_PUBKEY"} \ + %{?_with_kerberos5:--with-kerberos5} \ + --with-privsep-path=%{_privsepdir} \ + --with-pid-dir=%{_localstatedir}/run \ + --with-xauth=/usr/X11R6/bin/xauth echo '#define LOGIN_PROGRAM "/bin/login"' >>config.h %{__make} -%{!?_without_gnome:cd contrib && %{__cc} %{rpmcflags} `gnome-config --cflags gnome gnomeui gtk` } \ -%{!?_without_gnome:gnome-ssh-askpass.c -o gnome-ssh-askpass } \ -%{!?_without_gnome:`gnome-config --libs gnome gnomeui gtk` } +cp -f %{SOURCE9} . +cp -f %{SOURCE10} . +%{__cc} %{rpmcflags} %{rpmldflags} connect.c -o connect + +cd contrib +%if 0%{!?_without_gnome:1} +%{__make} gnome-ssh-askpass1 \ + CC="%{__cc} %{rpmldflags} %{rpmcflags}" +%endif +%if 0%{!?_without_gtk:1} +%{__make} gnome-ssh-askpass2 \ + CC="%{__cc} %{rpmldflags} %{rpmcflags}" +%endif %install rm -rf $RPM_BUILD_ROOT -install -d $RPM_BUILD_ROOT{%{_sysconfdir},/etc/{pam.d,rc.d/init.d,sysconfig,security}} - -%{__make} install DESTDIR="$RPM_BUILD_ROOT" +install -d $RPM_BUILD_ROOT{%{_sysconfdir},/etc/{pam.d,rc.d/init.d,sysconfig,security,profile.d}} \ + $RPM_BUILD_ROOT%{_libexecdir}/ssh +%{__make} install \ + DESTDIR=$RPM_BUILD_ROOT + +install connect $RPM_BUILD_ROOT%{_bindir} install %{SOURCE4} $RPM_BUILD_ROOT/etc/pam.d/sshd install %{SOURCE6} $RPM_BUILD_ROOT/etc/pam.d/passwdssh install %{SOURCE5} $RPM_BUILD_ROOT/etc/sysconfig/sshd install %{SOURCE3} $RPM_BUILD_ROOT/etc/rc.d/init.d/sshd install %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/ssh_config install %{SOURCE1} $RPM_BUILD_ROOT%{_sysconfdir}/sshd_config -install -d $RPM_BUILD_ROOT%{_libexecdir}/ssh -%{!?_without_gnome:install contrib/gnome-ssh-askpass $RPM_BUILD_ROOT%{_libexecdir}/ssh/ssh-askpass} + +%if 0%{!?_without_gnome:1} +install contrib/gnome-ssh-askpass1 $RPM_BUILD_ROOT%{_libexecdir}/ssh/ssh-askpass +%endif +%if 0%{!?_without_gtk:1} +install contrib/gnome-ssh-askpass2 $RPM_BUILD_ROOT%{_libexecdir}/ssh/ssh-askpass +%endif +%if 0%{!?_without_gnome:1}%{!?_without_gtk:1} +install %{SOURCE7} %{SOURCE8} $RPM_BUILD_ROOT/etc/profile.d +%endif rm -f $RPM_BUILD_ROOT%{_mandir}/man1/slogin.1 echo ".so ssh.1" > $RPM_BUILD_ROOT%{_mandir}/man1/slogin.1 @@ -356,6 +473,16 @@ touch $RPM_BUILD_ROOT/etc/security/blacklist.sshd %clean rm -rf $RPM_BUILD_ROOT +%pre server +if [ -n "`id -u sshd 2>/dev/null`" ]; then + if [ "`id -u sshd`" != "40" ]; then + echo "Error: user sshd doesn't have uid=40. Correct this before installing ssh server." 1>&2 + exit 1 + fi +else + /usr/sbin/useradd -u 40 -d %{_privsepdir} -s /bin/false -M -r -c "OpenSSH PrivSep User" -g nobody sshd 1>&2 +fi + %post server /sbin/chkconfig --add sshd if [ -f /var/lock/subsys/sshd ]; then @@ -363,7 +490,8 @@ if [ -f /var/lock/subsys/sshd ]; then else echo "Run \"/etc/rc.d/init.d/sshd start\" to start openssh daemon." fi -if ! grep ssh /etc/security/passwd.conf >/dev/null 2>&1 ; then +if ! grep -qs ssh /etc/security/passwd.conf ; then + umask 022 echo "ssh" >> /etc/security/passwd.conf fi @@ -375,6 +503,11 @@ if [ "$1" = "0" ]; then /sbin/chkconfig --del sshd fi +%postun server +if [ "$1" = "0" ]; then + /usr/sbin/userdel sshd +fi + %files %defattr(644,root,root,755) %doc *.RNG TODO README OVERVIEW CREDITS Change* @@ -384,6 +517,8 @@ fi %files clients %defattr(644,root,root,755) +%doc connect.html +%attr(0755,root,root) %{_bindir}/connect %attr(0755,root,root) %{_bindir}/ssh %attr(0755,root,root) %{_bindir}/slogin %attr(0755,root,root) %{_bindir}/sftp @@ -399,6 +534,10 @@ fi %{_mandir}/man1/ssh-add.1* %{_mandir}/man5/ssh_config.5* +# for host-based auth (suid required for accessing private host key) +#%attr(4755,root,root) %{_libexecdir}/ssh-keysign +#%{_mandir}/man8/ssh-keysign.8* + %files server %defattr(644,root,root,755) %attr(755,root,root) %{_sbindir}/sshd @@ -414,7 +553,10 @@ fi %attr(640,root,root) %config(noreplace) %verify(not md5 size mtime) /etc/sysconfig/sshd %attr(640,root,root) %config(noreplace) %verify(not md5 size mtime) /etc/security/blacklist.sshd -%{!?_without_gnome:%files gnome-askpass} -%{!?_without_gnome:%defattr(644,root,root,755)} -%{!?_without_gnome:%dir %{_libexecdir}/ssh} -%{!?_without_gnome:%attr(755,root,root) %{_libexecdir}/ssh/ssh-askpass} +%if 0%{!?_without_gnome:1}%{!?_without_gtk:1} +%files gnome-askpass +%defattr(644,root,root,755) +%dir %{_libexecdir}/ssh +%attr(755,root,root) %{_libexecdir}/ssh/ssh-askpass +%attr(755,root,root) /etc/profile.d/* +%endif