- release 2 (by relup.sh)
[packages/openssh.git] / openssh.spec
CommitLineData
3a075991
AM
1# TODO:
2# - add trigger to enable this:
3# * sshd(8): This release turns on pre-auth sandboxing sshd by default for
4# new installs, by setting UsePrivilegeSeparation=sandbox in sshd_config.
2ebfbf87 5#
2ca913e8 6# Conditional build:
bb7a58b9 7%bcond_without audit # sshd audit support
be127028
JB
8%bcond_with gnome # gnome-askpass (GNOME 1.x) utility
9%bcond_without gtk # gnome-askpass (GTK+ 2.x) utility
10%bcond_without ldap # LDAP support
11%bcond_with ldns # DNSSEC support via libldns
12%bcond_without libedit # libedit (editline/history support in sftp client)
13%bcond_without kerberos5 # Kerberos5 support
14%bcond_without selinux # SELinux support
cebd27df 15%bcond_without libseccomp # use libseccomp for seccomp privsep (requires 3.5 kernel)
5c609334 16%bcond_with hpn # High Performance SSH/SCP - HPN-SSH including Cipher NONE (broken too often)
be127028 17%bcond_without tests # test suite
516496e1 18
cef904f1
JB
19# gtk2-based gnome-askpass means no gnome1-based
20%{?with_gtk:%undefine with_gnome}
cc788d8e 21
2ebfbf87
ER
22%if "%{pld_release}" == "ac"
23%define pam_ver 0.79.0
24%else
afced56b 25%define pam_ver 1:1.1.8-5
2ebfbf87 26%endif
52000378 27Summary: OpenSSH free Secure Shell (SSH) implementation
25e16946
ER
28Summary(de.UTF-8): OpenSSH - freie Implementation der Secure Shell (SSH)
29Summary(es.UTF-8): Implementación libre de SSH
30Summary(fr.UTF-8): Implémentation libre du shell sécurisé OpenSSH (SSH)
31Summary(it.UTF-8): Implementazione gratuita OpenSSH della Secure Shell
32Summary(pl.UTF-8): Publicznie dostępna implementacja bezpiecznego shella (SSH)
33Summary(pt.UTF-8): Implementação livre OpenSSH do protocolo 'Secure Shell' (SSH)
34Summary(pt_BR.UTF-8): Implementação livre do SSH
35Summary(ru.UTF-8): OpenSSH - свободная реализация протокола Secure Shell (SSH)
36Summary(uk.UTF-8): OpenSSH - вільна реалізація протоколу Secure Shell (SSH)
52000378 37Name: openssh
196ab02a 38Version: 8.0p1
f149ec4d 39Release: 2
f5fc6a92 40Epoch: 2
5d1c7089 41License: BSD
42Group: Applications/Networking
0c0ae598 43Source0: http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/%{name}-%{version}.tar.gz
196ab02a 44# Source0-md5: bf050f002fe510e1daecd39044e1122d
486d736c
JR
45Source1: http://www.mif.pg.gda.pl/homepages/ankry/man-PLD/%{name}-non-english-man-pages.tar.bz2
46# Source1-md5: 66943d481cc422512b537bcc2c7400d1
47Source2: %{name}d.init
48Source3: %{name}d.pamd
49Source4: %{name}.sysconfig
50Source5: ssh-agent.sh
51Source6: ssh-agent.conf
b32891d6 52Source7: %{name}-lpk.schema
c75fc765
JR
53Source9: sshd.service
54Source10: sshd-keygen
84b4a299
ER
55Source11: sshd.socket
56Source12: sshd@.service
f5fe75c7 57Patch1: %{name}-tests-reuseport.patch
8d59ede4
JB
58Patch2: %{name}-pam_misc.patch
59Patch3: %{name}-sigpipe.patch
501aed94 60# http://pkgs.fedoraproject.org/gitweb/?p=openssh.git;a=tree
2faa36da
ER
61Patch4: %{name}-ldap.patch
62Patch5: %{name}-ldap-fixes.patch
a46537e7
ER
63Patch6: ldap.conf.patch
64Patch7: %{name}-config.patch
65Patch8: ldap-helper-sigpipe.patch
0a069c2e 66# High Performance SSH/SCP - HPN-SSH - http://www.psc.edu/networking/projects/hpn-ssh/
0d5b2bd4
ER
67# http://www.psc.edu/networking/projects/hpn-ssh/openssh-5.2p1-hpn13v6.diff.gz
68Patch9: %{name}-5.2p1-hpn13v6.diff
8d59ede4 69Patch10: %{name}-include.patch
100234b3 70Patch11: %{name}-chroot.patch
d2583ea7
AM
71Patch12: openssh-bug-2905.patch
72
eefe27ae 73Patch14: %{name}-bind.patch
f4e7272b 74Patch15: %{name}-disable_ldap.patch
c5eb8e82 75URL: http://www.openssh.com/portable.html
0a069c2e 76BuildRequires: %{__perl}
26d23d17
JB
77%{?with_audit:BuildRequires: audit-libs-devel}
78BuildRequires: autoconf >= 2.50
8f12ae30 79BuildRequires: automake
9cfed0b2 80%{?with_gnome:BuildRequires: gnome-libs-devel}
81%{?with_gtk:BuildRequires: gtk+2-devel}
044fff96 82%{?with_kerberos5:BuildRequires: heimdal-devel >= 0.7}
be127028 83%{?with_ldns:BuildRequires: ldns-devel}
f6c7fa07 84%{?with_libedit:BuildRequires: libedit-devel}
5a5e6771 85BuildRequires: libseccomp-devel
70329622 86%{?with_selinux:BuildRequires: libselinux-devel}
044fff96 87%{?with_ldap:BuildRequires: openldap-devel}
3d24266b 88BuildRequires: openssl-devel >= 1.1.0g
92d612e6 89BuildRequires: pam-devel
9cfed0b2 90%{?with_gtk:BuildRequires: pkgconfig}
2ebfbf87 91BuildRequires: rpm >= 4.4.9-56
c75fc765 92BuildRequires: rpmbuild(macros) >= 1.627
a42c5034 93BuildRequires: sed >= 4.0
3512e61a 94BuildRequires: zlib-devel >= 1.2.3
744d77c8 95%if %{with tests} && 0%(id -u sshd >/dev/null 2>&1; echo $?)
9880a59f
ER
96BuildRequires: %{name}-server
97%endif
ea57cfec
ER
98%if %{with tests} && %{with libseccomp}
99# libseccomp based sandbox requires NO_NEW_PRIVS prctl flag
100BuildRequires: uname(release) >= 3.5
101%endif
3512e61a 102Requires: zlib >= 1.2.3
2ebfbf87
ER
103%if "%{pld_release}" == "ac"
104Requires: filesystem >= 2.0-1
105Requires: pam >= 0.79.0
106%else
680fc8d4 107Requires: filesystem >= 3.0-11
2ebfbf87 108Requires: pam >= %{pam_ver}
a9abed26 109Suggests: xorg-app-xauth
2ebfbf87 110%endif
f937b661 111Obsoletes: ssh
05fbd2e9 112BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
52000378 113
b7b47957 114%define _sysconfdir /etc/ssh
1dd7cf18 115%define _libexecdir %{_libdir}/%{name}
a14c109c 116%define _privsepdir /usr/share/empty
b32891d6 117%define schemadir /usr/share/openldap/schema
6fe24471
AF
118
119%description
120Ssh (Secure Shell) a program for logging into a remote machine and for
11530f15 121executing commands in a remote machine. It is intended to replace
122rlogin and rsh, and provide secure encrypted communications between
123two untrusted hosts over an insecure network. X11 connections and
124arbitrary TCP/IP ports can also be forwarded over the secure channel.
6fe24471 125
11530f15 126OpenSSH is OpenBSD's rework of the last free version of SSH, bringing
127it up to date in terms of security and features, as well as removing
128all patented algorithms to seperate libraries (OpenSSL).
6fe24471 129
11530f15 130This package includes the core files necessary for both the OpenSSH
131client and server. To make this package useful, you should also
132install openssh-clients, openssh-server, or both.
a42c5034 133
0d5b2bd4 134%if %{with hpn}
0a069c2e 135This release includes High Performance SSH/SCP patches from
a42c5034
ER
136http://www.psc.edu/networking/projects/hpn-ssh/ which are supposed to
137increase throughput on fast connections with high RTT (20-150 msec).
088aab43 138See the website for '-w' values for your connection and /proc/sys TCP
139values. BTW. in a LAN you have got generally RTT < 1 msec.
140%endif
6fe24471 141
84ae85a3 142%description -l de.UTF-8
aebfac88
JB
143OpenSSH (Secure Shell) stellt den Zugang zu anderen Rechnern her. Es
144ersetzt telnet, rlogin, rexec und rsh und stellt eine sichere,
84ae85a3
JR
145verschlüsselte Verbindung zwischen zwei nicht vertrauenswürdigen Hosts
146über eine unsicheres Netzwerk her. X11 Verbindungen und beliebige
147andere TCP/IP Ports können ebenso über den sicheren Channel
aebfac88
JB
148weitergeleitet werden.
149
84ae85a3
JR
150%description -l es.UTF-8
151SSH es un programa para accesar y ejecutar órdenes en computadores
152remotos. Sustituye rlogin y rsh, y suministra un canal de comunicación
6c34819e 153seguro entre dos servidores en una red insegura. Conexiones X11 y
84ae85a3 154puertas TCP/IP arbitrárias también pueden ser usadas por el canal
6c34819e 155seguro.
156
157OpenSSH es el resultado del trabajo del equipo de OpenBSD para
84ae85a3
JR
158continuar la última versión gratuita de SSH, actualizándolo en
159términos de seguridad y recursos,así también eliminando todos los
160algoritmos patentados y colocándolos en bibliotecas separadas
6c34819e 161(OpenSSL).
162
163Este paquete contiene "port" para Linux de OpenSSH. Se debe instalar
84ae85a3 164también el paquete openssh-clients u openssh-server o ambos.
6c34819e 165
84ae85a3
JR
166%description -l fr.UTF-8
167OpenSSH (Secure Shell) fournit un accès à un système distant. Il
aebfac88 168remplace telnet, rlogin, rexec et rsh, tout en assurant des
84ae85a3
JR
169communications cryptées securisées entre deux hôtes non fiabilisés sur
170un réseau non sécurisé. Des connexions X11 et des ports TCP/IP
171arbitraires peuvent également être transmis sur le canal sécurisé.
aebfac88 172
84ae85a3 173%description -l it.UTF-8
aebfac88
JB
174OpenSSH (Secure Shell) fornisce l'accesso ad un sistema remoto.
175Sostituisce telnet, rlogin, rexec, e rsh, e fornisce comunicazioni
176sicure e crittate tra due host non fidati su una rete non sicura. Le
177connessioni X11 ad una porta TCP/IP arbitraria possono essere
178inoltrate attraverso un canale sicuro.
179
84ae85a3
JR
180%description -l pl.UTF-8
181Ssh (Secure Shell) to program służący do logowania się na zdalną
182maszynę i uruchamiania na niej aplikacji. W zamierzeniu openssh ma
183zastąpić rlogin, rsh i dostarczyć bezpieczne, szyfrowane połączenie
184pomiędzy dwoma hostami.
93e2d77c 185
84ae85a3
JR
186Ten pakiet zawiera podstawowe pliki potrzebne zarówno po stronie
187klienta jak i serwera OpenSSH. Aby był użyteczny, trzeba zainstalować
188co najmniej jeden z pakietów: openssh-clients lub openssh-server.
a42c5034 189
0d5b2bd4 190%if %{with hpn}
84ae85a3
JR
191Ta wersja zawiera łaty z projektu High Performance SSH/SCP
192http://www.psc.edu/networking/projects/hpn-ssh/, które mają na celu
a42c5034
ER
193zwiększenie przepustowości transmisji dla szybkich połączeń z dużym
194RTT (20-150 msec). Na stronie projektu znaleźć można odpowednie dla
195danego połączenia wartości parametru '-w' oraz opcje /proc/sys dla
196TCP. Nawiasem mówiąc w sieciach LAN RTT < 1 msec.
088aab43 197%endif
aebfac88 198
84ae85a3 199%description -l pt.UTF-8
aebfac88 200OpenSSH (Secure Shell) fornece acesso a um sistema remoto. Substitui o
84ae85a3
JR
201telnet, rlogin, rexec, e o rsh e fornece comunicações seguras e
202cifradas entre duas máquinas sem confiança mútua sobre uma rede
203insegura. Ligações X11 e portos TCP/IP arbitrários também poder ser
aebfac88
JB
204reenviados pelo canal seguro.
205
84ae85a3
JR
206%description -l pt_BR.UTF-8
207SSH é um programa para acessar e executar comandos em máquinas
208remotas. Ele substitui rlogin e rsh, e provem um canal de comunicação
209seguro entre dois hosts em uma rede insegura. Conexões X11 e portas
210TCP/IP arbitrárias também podem ser usadas pelo canal seguro.
6c34819e 211
84ae85a3
JR
212OpenSSH é o resultado do trabalho da equipe do OpenBSD em continuar a
213última versão gratuita do SSH, atualizando-o em termos de segurança e
6c34819e 214recursos, assim como removendo todos os algoritmos patenteados e
215colocando-os em bibliotecas separadas (OpenSSL).
216
84ae85a3
JR
217Esse pacote contém o "port" pra Linux do OpenSSH. Você deve instalar
218também ou o pacote openssh-clients, ou o openssh-server, ou ambos.
219
220%description -l ru.UTF-8
221Ssh (Secure Shell) - это программа для "захода" (login) на удаленную
222машину и для выполнения команд на удаленной машине. Она предназначена
223для замены rlogin и rsh и обеспечивает безопасную шифрованную
224коммуникацию между двумя хостами в сети, являющейся небезопасной.
225Соединения X11 и любые порты TCP/IP могут также быть проведены через
226безопасный канал.
227
228OpenSSH - это переделка командой разработчиков OpenBSD последней
229свободной версии SSH, доведенная до современного состояния в терминах
230уровня безопасности и поддерживаемых возможностей. Все патентованные
231алгоритмы вынесены в отдельные библиотеки (OpenSSL).
232
233Этот пакет содержит файлы, необходимые как для клиента, так и для
234сервера OpenSSH. Вам нужно будет установить еще openssh-clients,
235openssh-server, или оба пакета.
236
237%description -l uk.UTF-8
238Ssh (Secure Shell) - це програма для "заходу" (login) до віддаленої
239машини та для виконання команд на віддаленій машині. Вона призначена
240для заміни rlogin та rsh і забезпечує безпечну шифровану комунікацію
241між двома хостами в мережі, яка не є безпечною. З'єднання X11 та
242довільні порти TCP/IP можуть також бути проведені через безпечний
243канал.
244
245OpenSSH - це переробка командою розробників OpenBSD останньої вільної
246версії SSH, доведена до сучасного стану в термінах рівня безпеки та
247підтримуваних можливостей. Всі патентовані алгоритми винесені до
248окремих бібліотек (OpenSSL).
249
250Цей пакет містить файли, необхідні як для клієнта, так і для сервера
251OpenSSH. Вам потрібно буде ще встановити openssh-clients,
252openssh-server, чи обидва пакети.
cb086001 253
52000378
AF
254%package clients
255Summary: OpenSSH Secure Shell protocol clients
25e16946
ER
256Summary(es.UTF-8): Clientes de OpenSSH
257Summary(pl.UTF-8): Klienci protokołu Secure Shell
258Summary(pt_BR.UTF-8): Clientes do OpenSSH
259Summary(ru.UTF-8): OpenSSH - клиенты протокола Secure Shell
260Summary(uk.UTF-8): OpenSSH - клієнти протоколу Secure Shell
52000378 261Group: Applications/Networking
f1608a0c 262Requires: %{name}
516496e1 263Provides: ssh-clients
a14c109c 264Obsoletes: ssh-clients
16efbe5b 265%requires_eq_to openssl openssl-devel
6fe24471 266
52000378
AF
267%description clients
268Ssh (Secure Shell) a program for logging into a remote machine and for
11530f15 269executing commands in a remote machine. It is intended to replace
270rlogin and rsh, and provide secure encrypted communications between
271two untrusted hosts over an insecure network. X11 connections and
272arbitrary TCP/IP ports can also be forwarded over the secure channel.
6fe24471 273
11530f15 274OpenSSH is OpenBSD's rework of the last free version of SSH, bringing
275it up to date in terms of security and features, as well as removing
276all patented algorithms to seperate libraries (OpenSSL).
52000378 277
11530f15 278This package includes the clients necessary to make encrypted
279connections to SSH servers.
52000378 280
84ae85a3 281%description clients -l es.UTF-8
6c34819e 282Este paquete incluye los clientes que se necesitan para hacer
283conexiones codificadas con servidores SSH.
284
84ae85a3
JR
285%description clients -l pl.UTF-8
286Ssh (Secure Shell) to program służący do logowania się na zdalną
287maszynę i uruchamiania na niej aplikacji. W zamierzeniu openssh ma
288zastąpić rlogin, rsh i dostarczyć bezpieczne, szyfrowane połączenie
289pomiędzy dwoma hostami.
93e2d77c 290
84ae85a3 291Ten pakiet zawiera klientów służących do łączenia się z serwerami SSH.
93e2d77c 292
84ae85a3
JR
293%description clients -l pt_BR.UTF-8
294Esse pacote inclui os clientes necessários para fazer conexões
6c34819e 295encriptadas com servidores SSH.
296
84ae85a3
JR
297%description clients -l ru.UTF-8
298Ssh (Secure Shell) - это программа для "захода" (login) на удаленную
299машину и для выполнения команд на удаленной машине.
cb086001 300
84ae85a3
JR
301Этот пакет содержит программы-клиенты, необходимые для установления
302зашифрованных соединений с серверами SSH.
cb086001 303
84ae85a3
JR
304%description clients -l uk.UTF-8
305Ssh (Secure Shell) - це програма для "заходу" (login) до віддаленої
306машини та для виконання команд на віддаленій машині.
cb086001 307
84ae85a3
JR
308Цей пакет містить програми-клієнти, необхідні для встановлення
309зашифрованих з'єднань з серверами SSH.
cb086001 310
8a7ba6eb
AM
311%package clients-agent-profile_d
312Summary: OpenSSH Secure Shell agent init script
4944be5f 313Summary(pl.UTF-8): Skrypt startowy agenta OpenSSH
8a7ba6eb
AM
314Group: Applications/Networking
315Requires: %{name}-clients = %{epoch}:%{version}-%{release}
316
317%description clients-agent-profile_d
318profile.d scripts for starting SSH agent.
319
4944be5f
JB
320%description clients-agent-profile_d -l pl.UTF-8
321Skrypty profile.d do uruchamiania agenta SSH.
322
8a7ba6eb
AM
323%package clients-agent-xinitrc
324Summary: OpenSSH Secure Shell agent init script
325Summary(pl.UTF-8): Skrypt inicjujący agenta ssh przez xinitrc
326Group: Applications/Networking
327Requires: %{name}-clients-agent-profile_d = %{epoch}:%{version}-%{release}
328Requires: xinitrc
329
330%description clients-agent-xinitrc
331xinitrc scripts for starting SSH agent.
332
4944be5f
JB
333%description clients-agent-xinitrc -l pl.UTF-8
334Skrypty xinitrc do uruchamiania agenta SSH.
8a7ba6eb 335
52000378
AF
336%package server
337Summary: OpenSSH Secure Shell protocol server (sshd)
25e16946
ER
338Summary(de.UTF-8): OpenSSH Secure Shell Protocol-Server (sshd)
339Summary(es.UTF-8): Servidor OpenSSH para comunicaciones codificadas
340Summary(fr.UTF-8): Serveur de protocole du shell sécurisé OpenSSH (sshd)
341Summary(it.UTF-8): Server OpenSSH per il protocollo Secure Shell (sshd)
342Summary(pl.UTF-8): Serwer protokołu Secure Shell (sshd)
343Summary(pt.UTF-8): Servidor do protocolo 'Secure Shell' OpenSSH (sshd)
344Summary(pt_BR.UTF-8): Servidor OpenSSH para comunicações encriptadas
345Summary(ru.UTF-8): OpenSSH - сервер протокола Secure Shell (sshd)
346Summary(uk.UTF-8): OpenSSH - сервер протоколу Secure Shell (sshd)
52000378 347Group: Networking/Daemons
2ebfbf87 348Requires(post): /sbin/chkconfig
40cb2e83 349Requires(post): grep
0a069c2e 350Requires(post,preun): /sbin/chkconfig
9b604401 351Requires(postun): /usr/sbin/userdel
0a069c2e
ER
352Requires(pre): /bin/id
353Requires(pre): /usr/sbin/useradd
40e0df39 354Requires(post,preun,postun): systemd-units >= 38
0a069c2e 355Requires: %{name} = %{epoch}:%{version}-%{release}
2ebfbf87 356Requires: pam >= %{pam_ver}
c0f446a0 357Requires: rc-scripts >= 0.4.3.0
40e0df39 358Requires: systemd-units >= 38
a5562ea2 359%{?with_libseccomp:Requires: uname(release) >= 3.5}
0a069c2e 360Requires: util-linux
80fcc8c8 361%{?with_ldap:Suggests: %{name}-server-ldap}
0d5b2bd4 362Suggests: /bin/login
141a04d1 363Suggests: xorg-app-xauth
516496e1
ER
364Provides: ssh-server
365Provides: user(sshd)
8615ba71 366%requires_eq_to openssl openssl-devel
52000378
AF
367
368%description server
369Ssh (Secure Shell) a program for logging into a remote machine and for
11530f15 370executing commands in a remote machine. It is intended to replace
371rlogin and rsh, and provide secure encrypted communications between
372two untrusted hosts over an insecure network. X11 connections and
373arbitrary TCP/IP ports can also be forwarded over the secure channel.
52000378 374
11530f15 375OpenSSH is OpenBSD's rework of the last free version of SSH, bringing
376it up to date in terms of security and features, as well as removing
377all patented algorithms to seperate libraries (OpenSSL).
52000378 378
11530f15 379This package contains the secure shell daemon. The sshd is the server
380part of the secure shell protocol and allows ssh clients to connect to
381your host.
6fe24471 382
84ae85a3 383%description server -l de.UTF-8
aebfac88
JB
384Dieses Paket installiert den sshd, den Server-Teil der OpenSSH.
385
84ae85a3 386%description server -l es.UTF-8
6c34819e 387Este paquete contiene el servidor SSH. sshd es la parte servidor del
388protocolo secure shell y permite que clientes ssh se conecten a su
389servidor.
390
84ae85a3 391%description server -l fr.UTF-8
aebfac88
JB
392Ce paquetage installe le 'sshd', partie serveur de OpenSSH.
393
84ae85a3 394%description server -l it.UTF-8
aebfac88
JB
395Questo pacchetto installa sshd, il server di OpenSSH.
396
84ae85a3
JR
397%description server -l pl.UTF-8
398Ssh (Secure Shell) to program służący do logowania się na zdalną
399maszynę i uruchamiania na niej aplikacji. W zamierzeniu openssh ma
400zastąpić rlogin, rsh i dostarczyć bezpieczne, szyfrowane połączenie
401pomiędzy dwoma hostami.
93e2d77c 402
84ae85a3 403Ten pakiet zawiera serwer sshd (do którego mogą łączyć się klienci
11530f15 404ssh).
93e2d77c 405
84ae85a3 406%description server -l pt.UTF-8
aebfac88
JB
407Este pacote intala o sshd, o servidor do OpenSSH.
408
84ae85a3
JR
409%description server -l pt_BR.UTF-8
410Esse pacote contém o servidor SSH. O sshd é a parte servidor do
6c34819e 411protocolo secure shell e permite que clientes ssh se conectem ao seu
412host.
413
84ae85a3
JR
414%description server -l ru.UTF-8
415Ssh (Secure Shell) - это программа для "захода" (login) на удаленную
416машину и для выполнения команд на удаленной машине.
cb086001 417
84ae85a3
JR
418Этот пакет содержит sshd - "демон" Secure Shell. sshd - это серверная
419часть протокола Secure Shell, позволяющая клиентам ssh соединяться с
420вашим хостом.
cb086001 421
84ae85a3
JR
422%description server -l uk.UTF-8
423Ssh (Secure Shell) - це програма для "заходу" (login) до віддаленої
424машини та для виконання команд на віддаленій машині.
cb086001 425
84ae85a3
JR
426Цей пакет містить sshd - "демон" Secure Shell. sshd - це серверна
427частина протоколу Secure Shell, яка дозволяє клієнтам ssh зв'язуватись
428з вашим хостом.
cb086001 429
44144fb7
ER
430%package server-ldap
431Summary: A LDAP support for open source SSH server daemon
bb7a58b9 432Summary(pl.UTF-8): Wsparcie LDAP dla serwera OpenSSH
44144fb7 433Group: Daemons
1a0628c8 434Requires: %{name} = %{epoch}:%{version}-%{release}
69658eff 435Requires: openldap-nss-config
44144fb7
ER
436
437%description server-ldap
438OpenSSH LDAP backend is a way how to distribute the authorized tokens
439among the servers in the network.
440
bb7a58b9
JB
441%description server-ldap -l pl.UTF-8
442Backend LDAP dla OpenSSH to metoda rozprowadzania autoryzowanych
443tokenów między serwerami w sieci.
444
6e70f4f7 445%package gnome-askpass
52000378 446Summary: OpenSSH GNOME passphrase dialog
25e16946
ER
447Summary(de.UTF-8): OpenSSH GNOME Passwort-Dialog
448Summary(es.UTF-8): Diálogo para introducción de passphrase para GNOME
449Summary(fr.UTF-8): Dialogue pass-phrase GNOME d'OpenSSH
450Summary(it.UTF-8): Finestra di dialogo GNOME per la frase segreta di OpenSSH
451Summary(pl.UTF-8): Odpytywacz hasła OpenSSH dla GNOME
452Summary(pt.UTF-8): Diálogo de pedido de senha para GNOME do OpenSSH
453Summary(pt_BR.UTF-8): Diálogo para entrada de passphrase para GNOME
454Summary(ru.UTF-8): OpenSSH - диалог ввода ключевой фразы (passphrase) для GNOME
455Summary(uk.UTF-8): OpenSSH - діалог вводу ключової фрази (passphrase) для GNOME
52000378 456Group: Applications/Networking
96f686c2 457Requires: %{name} = %{epoch}:%{version}-%{release}
f937b661 458Obsoletes: openssh-askpass
0a069c2e
ER
459Obsoletes: ssh-askpass
460Obsoletes: ssh-extras
52000378 461
6e70f4f7 462%description gnome-askpass
52000378 463Ssh (Secure Shell) a program for logging into a remote machine and for
11530f15 464executing commands in a remote machine. It is intended to replace
465rlogin and rsh, and provide secure encrypted communications between
466two untrusted hosts over an insecure network. X11 connections and
467arbitrary TCP/IP ports can also be forwarded over the secure channel.
52000378 468
11530f15 469OpenSSH is OpenBSD's rework of the last free version of SSH, bringing
470it up to date in terms of security and features, as well as removing
471all patented algorithms to seperate libraries (OpenSSL).
52000378
AF
472
473This package contains the GNOME passphrase dialog.
474
84ae85a3
JR
475%description gnome-askpass -l es.UTF-8
476Este paquete contiene un programa que abre una caja de diálogo para
6c34819e 477entrada de passphrase en GNOME.
478
84ae85a3
JR
479%description gnome-askpass -l pl.UTF-8
480Ssh (Secure Shell) to program służący do logowania się na zdalną
481maszynę i uruchamiania na niej aplikacji. W zamierzeniu openssh ma
482zastąpić rlogin, rsh i dostarczyć bezpieczne, szyfrowane połączenie
483pomiędzy dwoma hostami.
93e2d77c 484
84ae85a3 485Ten pakiet zawiera ,,odpytywacz hasła'' dla GNOME.
93e2d77c 486
84ae85a3
JR
487%description gnome-askpass -l pt_BR.UTF-8
488Esse pacote contém um programa que abre uma caixa de diálogo para
6c34819e 489entrada de passphrase no GNOME.
490
84ae85a3
JR
491%description gnome-askpass -l ru.UTF-8
492Ssh (Secure Shell) - это программа для "захода" (login) на удаленную
493машину и для выполнения команд на удаленной машине.
cb086001 494
84ae85a3 495Этот пакет содержит диалог ввода ключевой фразы для использования под
cb086001 496GNOME.
497
84ae85a3
JR
498%description gnome-askpass -l uk.UTF-8
499Ssh (Secure Shell) - це програма для "заходу" (login) до віддаленої
500машини та для виконання команд на віддаленій машині.
cb086001 501
84ae85a3 502Цей пакет містить діалог вводу ключової фрази для використання під
cb086001 503GNOME.
504
b32891d6
JR
505%package -n openldap-schema-openssh-lpk
506Summary: OpenSSH LDAP Public Key schema
507Summary(pl.UTF-8): Schemat klucza publicznego LDAP dla OpenSSH
508Group: Networking/Daemons
509Requires(post,postun): sed >= 4.0
510Requires: openldap-servers
b8d3dcfa
ER
511%if "%{_rpmversion}" >= "5"
512BuildArch: noarch
513%endif
b32891d6
JR
514
515%description -n openldap-schema-openssh-lpk
516This package contains OpenSSH LDAP Public Key schema for openldap.
517
518%description -n openldap-schema-openssh-lpk -l pl.UTF-8
0d5b2bd4
ER
519Ten pakiet zawiera schemat klucza publicznego LDAP dla OpenSSH dla
520openldap-a.
b32891d6 521
52000378 522%prep
ecf377a3 523%setup -q
f5fe75c7 524%patch1 -p1
1aca01a4 525%patch2 -p1
200ba837 526%patch3 -p1
8e00389d
ER
527%patch4 -p1
528%patch5 -p1
501aed94 529%patch6 -p1
c53de5e9 530%patch7 -p1
a46537e7 531%patch8 -p1
ec3e8a5a 532
516496e1 533%{?with_hpn:%patch9 -p1}
8d59ede4 534%patch10 -p1
100234b3 535%patch11 -p1
d2583ea7 536%patch12 -p1
c70906af 537
eefe27ae 538%patch14 -p1
7effd328 539%{!?with_ldap:%patch15 -p1}
52000378 540
a42c5034
ER
541%if "%{pld_release}" == "ac"
542# fix for missing x11.pc
8f8ef1eb 543%{__sed} -i -e 's/\(`$(PKG_CONFIG) --libs gtk+-2.0\) x11`/\1` -lX11/' contrib/Makefile
a42c5034
ER
544%endif
545
afde20c1 546# hack since arc4random from openbsd-compat needs symbols from libssh and vice versa
e257fca1 547sed -i -e 's#-lssh -lopenbsd-compat#-lssh -lopenbsd-compat -lssh -lopenbsd-compat#g' Makefile*
afde20c1 548
8e00389d
ER
549grep -rl /usr/libexec/openssh/ssh-ldap-helper . | xargs \
550%{__sed} -i -e 's,/usr/libexec/openssh/ssh-ldap-helper,%{_libexecdir}/ssh-ldap-helper,'
551
60e5e1f7 552# prevent being ovewritten by aclocal calls
be127028 553%{__mv} aclocal.m4 acinclude.m4
60e5e1f7 554
52000378 555%build
64f1c35c 556cp /usr/share/automake/config.sub .
0b24ec17 557%{__aclocal}
5c76eb87 558%{__autoconf}
501aed94 559%{__autoheader}
95c415ad 560CPPFLAGS="%{rpmcppflags} -DCHROOT -std=gnu99"
52000378 561%configure \
c59fae24 562 PERL=%{__perl} \
26d23d17
JB
563 --disable-strip \
564 --enable-utmpx \
565 --enable-wtmpx \
93e2d77c 566 --with-4in6 \
26d23d17
JB
567 %{?with_audit:--with-audit=linux} \
568 --with-ipaddr-display \
4a5c0c7d 569 %{?with_kerberos5:--with-kerberos5=/usr} \
8e00389d 570 --with-ldap%{!?with_ldap:=no} \
be127028 571 %{?with_ldns:--with-ldns} \
26d23d17
JB
572 %{?with_libedit:--with-libedit} \
573 --with-mantype=man \
574 --with-md5-passwords \
575 --with-pam \
05fbd2e9 576 --with-pid-dir=%{_localstatedir}/run \
26d23d17 577 --with-privsep-path=%{_privsepdir} \
d9c4ed5d 578 --with-privsep-user=sshd \
26d23d17 579 %{?with_selinux:--with-selinux} \
2ebfbf87 580%if "%{pld_release}" == "ac"
26d23d17 581 --with-xauth=/usr/X11R6/bin/xauth
2ebfbf87 582%else
c6dafd57 583 --with-sandbox=seccomp_filter \
26d23d17 584 --with-xauth=%{_bindir}/xauth
2ebfbf87 585%endif
82f989ae 586
b8002dec 587echo '#define LOGIN_PROGRAM "/bin/login"' >>config.h
f9bf943b 588
100832a0 589%{__make}
475ef6df 590
f5009688
AG
591%if %{with tests}
592%{__make} -j1 tests \
e5444da8
AG
593 TEST_SSH_PORT=$((4242 + ${RANDOM:-$$} % 1000)) \
594 TEST_SSH_TRACE="yes"
f5009688 595%endif
6ab60e34 596
40cb2e83 597cd contrib
9cfed0b2 598%if %{with gnome}
40cb2e83
JB
599%{__make} gnome-ssh-askpass1 \
600 CC="%{__cc} %{rpmldflags} %{rpmcflags}"
601%endif
9cfed0b2 602%if %{with gtk}
40cb2e83
JB
603%{__make} gnome-ssh-askpass2 \
604 CC="%{__cc} %{rpmldflags} %{rpmcflags}"
605%endif
6fe24471
AF
606
607%install
608rm -rf $RPM_BUILD_ROOT
982e1069 609install -d $RPM_BUILD_ROOT{%{_sysconfdir},/etc/{pam.d,rc.d/init.d,sysconfig,security,env.d}} \
c75fc765 610 $RPM_BUILD_ROOT{%{_libexecdir}/ssh,%{schemadir},%{systemdunitdir}}
8a7ba6eb 611install -d $RPM_BUILD_ROOT/etc/{profile.d,X11/xinit/xinitrc.d}
52000378 612
9a2a459a
PG
613%{__make} install \
614 DESTDIR=$RPM_BUILD_ROOT
0d32b20f 615
486d736c 616bzip2 -dc %{SOURCE1} | tar xf - -C $RPM_BUILD_ROOT%{_mandir}
40cb2e83 617
3b7de962
ER
618install -p %{SOURCE2} $RPM_BUILD_ROOT/etc/rc.d/init.d/sshd
619cp -p %{SOURCE3} $RPM_BUILD_ROOT/etc/pam.d/sshd
55c2af60
ER
620cp -p %{SOURCE4} $RPM_BUILD_ROOT/etc/sysconfig/sshd
621cp -p %{SOURCE5} $RPM_BUILD_ROOT/etc/profile.d
35cb43f7 622ln -sf /etc/profile.d/ssh-agent.sh $RPM_BUILD_ROOT/etc/X11/xinit/xinitrc.d/ssh-agent.sh
55c2af60
ER
623cp -p %{SOURCE6} $RPM_BUILD_ROOT%{_sysconfdir}
624cp -p %{SOURCE7} $RPM_BUILD_ROOT%{schemadir}
c0f446a0 625
35cb43f7
ER
626cp -p %{SOURCE9} %{SOURCE11} %{SOURCE12} $RPM_BUILD_ROOT%{systemdunitdir}
627install -p %{SOURCE10} $RPM_BUILD_ROOT%{_libexecdir}/sshd-keygen
c75fc765 628
8d556bba 629%{__sed} -i -e 's|@@LIBEXECDIR@@|%{_libexecdir}|g' \
87aca12d 630 $RPM_BUILD_ROOT/etc/rc.d/init.d/sshd \
d3fc9aae 631 $RPM_BUILD_ROOT%{systemdunitdir}/sshd.service \
35cb43f7 632 $RPM_BUILD_ROOT%{_libexecdir}/sshd-keygen
84b4a299 633
9cfed0b2 634%if %{with gnome}
55c2af60 635install -p contrib/gnome-ssh-askpass1 $RPM_BUILD_ROOT%{_libexecdir}/ssh/ssh-askpass
40cb2e83 636%endif
9cfed0b2 637%if %{with gtk}
55c2af60 638install -p contrib/gnome-ssh-askpass2 $RPM_BUILD_ROOT%{_libexecdir}/ssh/ssh-askpass
1d1e6997
PG
639%endif
640%if %{with gnome} || %{with gtk}
6157007b 641cat << 'EOF' >$RPM_BUILD_ROOT/etc/env.d/GNOME_SSH_ASKPASS_GRAB_SERVER
1d1e6997
PG
642#GNOME_SSH_ASKPASS_GRAB_SERVER="true"
643EOF
6157007b 644cat << 'EOF' >$RPM_BUILD_ROOT/etc/env.d/GNOME_SSH_ASKPASS_GRAB_POINTER
1d1e6997
PG
645#GNOME_SSH_ASKPASS_GRAB_POINTER="true"
646EOF
4ae0bc0d 647ln -s %{_libexecdir}/ssh/ssh-askpass $RPM_BUILD_ROOT%{_libexecdir}/ssh-askpass
40cb2e83 648%endif
6e70f4f7 649
55c2af60
ER
650install -p contrib/ssh-copy-id $RPM_BUILD_ROOT%{_bindir}
651cp -p contrib/ssh-copy-id.1 $RPM_BUILD_ROOT%{_mandir}/man1
0906c8d0 652
ffbc041f 653touch $RPM_BUILD_ROOT/etc/security/blacklist.sshd
643dc12f 654
b8002dec 655cat << 'EOF' > $RPM_BUILD_ROOT/etc/env.d/SSH_ASKPASS
1d1e6997
PG
656#SSH_ASKPASS="%{_libexecdir}/ssh-askpass"
657EOF
658
3b7de962
ER
659%if "%{pld_release}" == "ac"
660# not present in ac, no point searching it
661%{__sed} -i -e '/pam_keyinit.so/d' $RPM_BUILD_ROOT/etc/pam.d/sshd
662# openssl on ac does not have OPENSSL_HAS_ECC
663%{__sed} -i -e '/ecdsa/d' $RPM_BUILD_ROOT%{_libexecdir}/sshd-keygen
664%endif
665
666%if %{without audit}
667# remove recording user's login uid to the process attribute
668%{__sed} -i -e '/pam_loginuid.so/d' $RPM_BUILD_ROOT/etc/pam.d/sshd
669%endif
670
26d23d17 671%{__rm} $RPM_BUILD_ROOT%{_mandir}/README.openssh-non-english-man-pages
f4e7272b 672%{?with_ldap:%{__rm} $RPM_BUILD_ROOT%{_sysconfdir}/ldap.conf}
92815192 673
6fe24471
AF
674%clean
675rm -rf $RPM_BUILD_ROOT
676
b259ae2c
ER
677%post clients
678%env_update
679
680%postun clients
681%env_update
682
683%post gnome-askpass
684%env_update
685
686%postun gnome-askpass
687%env_update
688
8a304ceb 689%pre server
0225d3b8 690%useradd -P %{name}-server -u 40 -d %{_privsepdir} -s /bin/false -c "OpenSSH PrivSep User" -g nobody sshd
4c8ae2f8 691
52000378 692%post server
d7fde396 693/sbin/chkconfig --add sshd
fb0e16d1 694%service sshd reload "OpenSSH Daemon"
c75fc765
JR
695NORESTART=1
696%systemd_post sshd.service
6fe24471 697
52000378 698%preun server
d7fde396 699if [ "$1" = "0" ]; then
b054de44 700 %service sshd stop
d7fde396 701 /sbin/chkconfig --del sshd
702fi
c75fc765 703%systemd_preun sshd.service
6fe24471 704
9b604401
JB
705%postun server
706if [ "$1" = "0" ]; then
5f4ffc90 707 %userremove sshd
9b604401 708fi
c75fc765 709%systemd_reload
9b604401 710
5fdee2c7 711%triggerpostun server -- %{name}-server < 2:7.0p1-2
a80b2943
AM
712%banner %{name}-server -e << EOF
713!!!!!!!!!!!!!!!!!!!!!!! WARNING !!!!!!!!!!!!!!!!!!!
714! Starting from openssh 7.0 DSA keys are disabled !
715! on server and client side. You will NOT be able !
716! to use DSA keys for authentication. Please read !
717! about PubkeyAcceptedKeyTypes in man ssh_config. !
718!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
719EOF
720
ec3e8a5a
AM
721%triggerpostun server -- %{name}-server < 6.2p1-1
722cp -f %{_sysconfdir}/sshd_config{,.rpmorig}
723sed -i -e 's#AuthorizedKeysCommandRunAs#AuthorizedKeysCommandUser##g' %{_sysconfdir}/sshd_config
724
c75fc765 725%triggerpostun server -- %{name}-server < 2:5.9p1-8
3906e3c0
ER
726# lpk.patch to ldap.patch
727if grep -qE '^(UseLPK|Lpk)' %{_sysconfdir}/sshd_config; then
728 echo >&2 "Migrating LPK patch to LDAP patch"
729 cp -f %{_sysconfdir}/sshd_config{,.rpmorig}
730 %{__sed} -i -e '
731 # disable old configs
732 # just UseLPK/LkpLdapConf supported for now
a3c4f69a
ER
733 s/^\s*UseLPK/## Obsolete &/
734 s/^\s*Lpk/## Obsolete &/
3906e3c0 735 # Enable new ones, assumes /etc/ldap.conf defaults, see HOWTO.ldap-keys
fb0e16d1 736 /UseLPK/iAuthorizedKeysCommand %{_libexecdir}/ssh-ldap-wrapper
3906e3c0 737 ' %{_sysconfdir}/sshd_config
c75fc765
JR
738 if [ ! -x /bin/systemd_booted ] || ! /bin/systemd_booted; then
739 /bin/systemctl try-restart sshd.service || :
740 else
741 %service -q sshd reload
742 fi
3906e3c0 743fi
c75fc765 744%systemd_trigger sshd.service
76ae1815
JR
745if [ -x /bin/systemd_booted ] && /bin/systemd_booted; then
746%banner %{name}-server -e << EOF
747!!!!!!!!!!!!!!!!!!!!!!! WARNING !!!!!!!!!!!!!!!!!!!!!!!!!
748! Native systemd support for sshd has been installed. !
749! Restarting sshd.service with systemctl WILL kill all !
750! active ssh sessions (daemon as such will be started). !
751!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
752EOF
753fi
3906e3c0 754
7073aeeb
JR
755%post -n openldap-schema-openssh-lpk
756%openldap_schema_register %{schemadir}/openssh-lpk.schema
757%service -q ldap restart
758
759%postun -n openldap-schema-openssh-lpk
760if [ "$1" = "0" ]; then
761 %openldap_schema_unregister %{schemadir}/openssh-lpk.schema
762 %service -q ldap restart
763fi
764
6fe24471 765%files
52000378 766%defattr(644,root,root,755)
afde20c1 767%doc TODO README OVERVIEW CREDITS Change*
a6eef44c 768%attr(755,root,root) %{_bindir}/ssh-key*
942a5500 769#%attr(755,root,root) %{_bindir}/ssh-vulnkey*
a6eef44c 770%{_mandir}/man1/ssh-key*.1*
942a5500 771#%{_mandir}/man1/ssh-vulnkey*.1*
52000378 772%dir %{_sysconfdir}
9df62d0f 773%dir %{_libexecdir}
52000378
AF
774
775%files clients
776%defattr(644,root,root,755)
96f686c2 777%attr(755,root,root) %{_bindir}/ssh
96f686c2
JB
778%attr(755,root,root) %{_bindir}/sftp
779%attr(755,root,root) %{_bindir}/ssh-agent
780%attr(755,root,root) %{_bindir}/ssh-add
0906c8d0 781%attr(755,root,root) %{_bindir}/ssh-copy-id
96f686c2 782%attr(755,root,root) %{_bindir}/scp
794e0987
JB
783%config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/ssh_config
784%config(noreplace,missingok) %verify(not md5 mtime size) /etc/env.d/SSH_ASKPASS
52000378
AF
785%{_mandir}/man1/scp.1*
786%{_mandir}/man1/ssh.1*
a6eef44c 787%{_mandir}/man1/sftp.1*
52000378
AF
788%{_mandir}/man1/ssh-agent.1*
789%{_mandir}/man1/ssh-add.1*
0906c8d0 790%{_mandir}/man1/ssh-copy-id.1*
902cef13 791%{_mandir}/man5/ssh_config.5*
2b7669a6 792%lang(it) %{_mandir}/it/man1/ssh.1*
793%lang(it) %{_mandir}/it/man5/ssh_config.5*
794%lang(pl) %{_mandir}/pl/man1/scp.1*
795%lang(zh_CN) %{_mandir}/zh_CN/man1/scp.1*
ec82f607
JB
796
797# for host-based auth (suid required for accessing private host key)
798#%attr(4755,root,root) %{_libexecdir}/ssh-keysign
799#%{_mandir}/man8/ssh-keysign.8*
52000378 800
8a7ba6eb
AM
801%files clients-agent-profile_d
802%defattr(644,root,root,755)
803%config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/ssh-agent.conf
804%attr(755,root,root) /etc/profile.d/ssh-agent.sh
805
806%files clients-agent-xinitrc
807%defattr(644,root,root,755)
808%attr(755,root,root) /etc/X11/xinit/xinitrc.d/ssh-agent.sh
809
52000378
AF
810%files server
811%defattr(644,root,root,755)
812%attr(755,root,root) %{_sbindir}/sshd
a6eef44c 813%attr(755,root,root) %{_libexecdir}/sftp-server
ad852e00 814%attr(755,root,root) %{_libexecdir}/ssh-keysign
50835229 815%attr(755,root,root) %{_libexecdir}/ssh-pkcs11-helper
c75fc765 816%attr(755,root,root) %{_libexecdir}/sshd-keygen
52000378 817%{_mandir}/man8/sshd.8*
a6eef44c 818%{_mandir}/man8/sftp-server.8*
ad852e00 819%{_mandir}/man8/ssh-keysign.8*
50835229 820%{_mandir}/man8/ssh-pkcs11-helper.8*
902cef13 821%{_mandir}/man5/sshd_config.5*
78aa4c3c 822%{_mandir}/man5/moduli.5*
794e0987
JB
823%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/sshd_config
824%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/pam.d/sshd
f88c7731 825%{_sysconfdir}/moduli
52000378 826%attr(754,root,root) /etc/rc.d/init.d/sshd
794e0987
JB
827%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/sysconfig/sshd
828%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/security/blacklist.sshd
c75fc765 829%{systemdunitdir}/sshd.service
84b4a299
ER
830%{systemdunitdir}/sshd.socket
831%{systemdunitdir}/sshd@.service
52000378 832
44144fb7
ER
833%if %{with ldap}
834%files server-ldap
835%defattr(644,root,root,755)
836%doc HOWTO.ldap-keys ldap.conf
837%attr(755,root,root) %{_libexecdir}/ssh-ldap-helper
838%attr(755,root,root) %{_libexecdir}/ssh-ldap-wrapper
839%{_mandir}/man5/ssh-ldap.conf.5*
840%{_mandir}/man8/ssh-ldap-helper.8*
841%endif
842
0d32b20f 843%if %{with gnome} || %{with gtk}
40cb2e83
JB
844%files gnome-askpass
845%defattr(644,root,root,755)
794e0987 846%config(noreplace,missingok) %verify(not md5 mtime size) /etc/env.d/GNOME_SSH_ASKPASS*
40cb2e83
JB
847%dir %{_libexecdir}/ssh
848%attr(755,root,root) %{_libexecdir}/ssh/ssh-askpass
4ae0bc0d 849%attr(755,root,root) %{_libexecdir}/ssh-askpass
40cb2e83 850%endif
b32891d6
JR
851
852%if %{with ldap}
853%files -n openldap-schema-openssh-lpk
854%defattr(644,root,root,755)
855%{schemadir}/openssh-lpk.schema
856%endif
This page took 1.651934 seconds and 4 git commands to generate.