]>
Commit | Line | Data |
---|---|---|
1 | # TODO: | |
2 | # - add trigger to enable this: | |
3 | # * sshd(8): This release turns on pre-auth sandboxing sshd by default for | |
4 | # new installs, by setting UsePrivilegeSeparation=sandbox in sshd_config. | |
5 | # | |
6 | # Conditional build: | |
7 | %bcond_without audit # sshd audit support | |
8 | %bcond_with gnome # gnome-askpass (GNOME 1.x) utility | |
9 | %bcond_without gtk # gnome-askpass (GTK+ 2.x) utility | |
10 | %bcond_without ldap # LDAP support | |
11 | %bcond_with ldns # DNSSEC support via libldns | |
12 | %bcond_without libedit # libedit (editline/history support in sftp client) | |
13 | %bcond_without kerberos5 # Kerberos5 support | |
14 | %bcond_without selinux # SELinux support | |
15 | %bcond_without libseccomp # use libseccomp for seccomp privsep (requires 3.5 kernel) | |
16 | %bcond_with hpn # High Performance SSH/SCP - HPN-SSH including Cipher NONE (broken too often) | |
17 | %bcond_without tests # test suite | |
18 | %bcond_with tests_conch # run conch interoperability tests | |
19 | ||
20 | # gtk2-based gnome-askpass means no gnome1-based | |
21 | %{?with_gtk:%undefine with_gnome} | |
22 | ||
23 | %if "%{pld_release}" == "ac" | |
24 | %define pam_ver 0.79.0 | |
25 | %else | |
26 | %define pam_ver 1:1.1.8-5 | |
27 | %endif | |
28 | Summary: OpenSSH free Secure Shell (SSH) implementation | |
29 | Summary(de.UTF-8): OpenSSH - freie Implementation der Secure Shell (SSH) | |
30 | Summary(es.UTF-8): Implementación libre de SSH | |
31 | Summary(fr.UTF-8): Implémentation libre du shell sécurisé OpenSSH (SSH) | |
32 | Summary(it.UTF-8): Implementazione gratuita OpenSSH della Secure Shell | |
33 | Summary(pl.UTF-8): Publicznie dostępna implementacja bezpiecznego shella (SSH) | |
34 | Summary(pt.UTF-8): Implementação livre OpenSSH do protocolo 'Secure Shell' (SSH) | |
35 | Summary(pt_BR.UTF-8): Implementação livre do SSH | |
36 | Summary(ru.UTF-8): OpenSSH - свободная реализация протокола Secure Shell (SSH) | |
37 | Summary(uk.UTF-8): OpenSSH - вільна реалізація протоколу Secure Shell (SSH) | |
38 | Name: openssh | |
39 | Version: 8.9p1 | |
40 | Release: 5 | |
41 | Epoch: 2 | |
42 | License: BSD | |
43 | Group: Applications/Networking | |
44 | Source0: https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/%{name}-%{version}.tar.gz | |
45 | # Source0-md5: f33910174f0af52491277211e2b105bb | |
46 | Source1: http://www.mif.pg.gda.pl/homepages/ankry/man-PLD/%{name}-non-english-man-pages.tar.bz2 | |
47 | # Source1-md5: 66943d481cc422512b537bcc2c7400d1 | |
48 | Source2: %{name}d.init | |
49 | Source3: %{name}d.pamd | |
50 | Source4: %{name}.sysconfig | |
51 | Source5: ssh-agent.sh | |
52 | Source6: ssh-agent.conf | |
53 | Source7: %{name}-lpk.schema | |
54 | Source9: sshd.service | |
55 | Source10: sshd-keygen | |
56 | Source11: sshd.socket | |
57 | Source12: sshd@.service | |
58 | Patch100: %{name}-git.patch | |
59 | # Patch100-md5: xyz | |
60 | Patch0: %{name}-no-pty-tests.patch | |
61 | Patch1: %{name}-tests-reuseport.patch | |
62 | Patch2: %{name}-pam_misc.patch | |
63 | Patch3: %{name}-sigpipe.patch | |
64 | # http://pkgs.fedoraproject.org/gitweb/?p=openssh.git;a=tree | |
65 | Patch4: %{name}-ldap.patch | |
66 | Patch5: %{name}-ldap-fixes.patch | |
67 | Patch6: ldap.conf.patch | |
68 | Patch7: %{name}-config.patch | |
69 | Patch8: ldap-helper-sigpipe.patch | |
70 | # High Performance SSH/SCP - HPN-SSH - http://www.psc.edu/networking/projects/hpn-ssh/ | |
71 | # http://www.psc.edu/networking/projects/hpn-ssh/openssh-5.2p1-hpn13v6.diff.gz | |
72 | Patch9: %{name}-5.2p1-hpn13v6.diff | |
73 | ||
74 | Patch11: %{name}-chroot.patch | |
75 | ||
76 | Patch13: %{name}-skip-interop-tests.patch | |
77 | Patch14: %{name}-bind.patch | |
78 | Patch15: %{name}-disable_ldap.patch | |
79 | Patch16: openssl3.0.patch | |
80 | URL: http://www.openssh.com/portable.html | |
81 | BuildRequires: %{__perl} | |
82 | %{?with_audit:BuildRequires: audit-libs-devel} | |
83 | BuildRequires: autoconf >= 2.50 | |
84 | BuildRequires: automake | |
85 | %{?with_gnome:BuildRequires: gnome-libs-devel} | |
86 | %{?with_gtk:BuildRequires: gtk+2-devel} | |
87 | %{?with_kerberos5:BuildRequires: heimdal-devel >= 0.7} | |
88 | %{?with_ldns:BuildRequires: ldns-devel} | |
89 | %{?with_libedit:BuildRequires: libedit-devel} | |
90 | BuildRequires: libfido2-devel >= 1.5.0 | |
91 | %{?with_libseccomp:BuildRequires: libseccomp-devel} | |
92 | %{?with_selinux:BuildRequires: libselinux-devel} | |
93 | %{?with_ldap:BuildRequires: openldap-devel} | |
94 | BuildRequires: openssl-devel >= 1.1.0g | |
95 | BuildRequires: pam-devel | |
96 | %{?with_gtk:BuildRequires: pkgconfig} | |
97 | %if %{with tests} && %{with tests_conch} | |
98 | BuildRequires: python-TwistedConch | |
99 | %endif | |
100 | BuildRequires: rpm >= 4.4.9-56 | |
101 | BuildRequires: rpmbuild(macros) >= 1.752 | |
102 | BuildRequires: sed >= 4.0 | |
103 | BuildRequires: zlib-devel >= 1.2.3 | |
104 | %if %{with tests} && 0%(id -u sshd >/dev/null 2>&1; echo $?) | |
105 | BuildRequires: %{name}-server | |
106 | %endif | |
107 | %if %{with tests} && %{with libseccomp} | |
108 | # libseccomp based sandbox requires NO_NEW_PRIVS prctl flag | |
109 | BuildRequires: uname(release) >= 3.5 | |
110 | %endif | |
111 | Requires: zlib >= 1.2.3 | |
112 | %if "%{pld_release}" == "ac" | |
113 | Requires: filesystem >= 2.0-1 | |
114 | Requires: pam >= 0.79.0 | |
115 | %else | |
116 | Requires: filesystem >= 3.0-11 | |
117 | Requires: pam >= %{pam_ver} | |
118 | Suggests: xorg-app-xauth | |
119 | %endif | |
120 | Obsoletes: ssh | |
121 | BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n) | |
122 | ||
123 | %define _sysconfdir /etc/ssh | |
124 | %define _libexecdir %{_libdir}/%{name} | |
125 | %define _privsepdir /usr/share/empty | |
126 | %define schemadir /usr/share/openldap/schema | |
127 | ||
128 | %description | |
129 | Ssh (Secure Shell) a program for logging into a remote machine and for | |
130 | executing commands in a remote machine. It is intended to replace | |
131 | rlogin and rsh, and provide secure encrypted communications between | |
132 | two untrusted hosts over an insecure network. X11 connections and | |
133 | arbitrary TCP/IP ports can also be forwarded over the secure channel. | |
134 | ||
135 | OpenSSH is OpenBSD's rework of the last free version of SSH, bringing | |
136 | it up to date in terms of security and features, as well as removing | |
137 | all patented algorithms to seperate libraries (OpenSSL). | |
138 | ||
139 | This package includes the core files necessary for both the OpenSSH | |
140 | client and server. To make this package useful, you should also | |
141 | install openssh-clients, openssh-server, or both. | |
142 | ||
143 | %if %{with hpn} | |
144 | This release includes High Performance SSH/SCP patches from | |
145 | http://www.psc.edu/networking/projects/hpn-ssh/ which are supposed to | |
146 | increase throughput on fast connections with high RTT (20-150 msec). | |
147 | See the website for '-w' values for your connection and /proc/sys TCP | |
148 | values. BTW. in a LAN you have got generally RTT < 1 msec. | |
149 | %endif | |
150 | ||
151 | %description -l de.UTF-8 | |
152 | OpenSSH (Secure Shell) stellt den Zugang zu anderen Rechnern her. Es | |
153 | ersetzt telnet, rlogin, rexec und rsh und stellt eine sichere, | |
154 | verschlüsselte Verbindung zwischen zwei nicht vertrauenswürdigen Hosts | |
155 | über eine unsicheres Netzwerk her. X11 Verbindungen und beliebige | |
156 | andere TCP/IP Ports können ebenso über den sicheren Channel | |
157 | weitergeleitet werden. | |
158 | ||
159 | %description -l es.UTF-8 | |
160 | SSH es un programa para accesar y ejecutar órdenes en computadores | |
161 | remotos. Sustituye rlogin y rsh, y suministra un canal de comunicación | |
162 | seguro entre dos servidores en una red insegura. Conexiones X11 y | |
163 | puertas TCP/IP arbitrárias también pueden ser usadas por el canal | |
164 | seguro. | |
165 | ||
166 | OpenSSH es el resultado del trabajo del equipo de OpenBSD para | |
167 | continuar la última versión gratuita de SSH, actualizándolo en | |
168 | términos de seguridad y recursos,así también eliminando todos los | |
169 | algoritmos patentados y colocándolos en bibliotecas separadas | |
170 | (OpenSSL). | |
171 | ||
172 | Este paquete contiene "port" para Linux de OpenSSH. Se debe instalar | |
173 | también el paquete openssh-clients u openssh-server o ambos. | |
174 | ||
175 | %description -l fr.UTF-8 | |
176 | OpenSSH (Secure Shell) fournit un accès à un système distant. Il | |
177 | remplace telnet, rlogin, rexec et rsh, tout en assurant des | |
178 | communications cryptées securisées entre deux hôtes non fiabilisés sur | |
179 | un réseau non sécurisé. Des connexions X11 et des ports TCP/IP | |
180 | arbitraires peuvent également être transmis sur le canal sécurisé. | |
181 | ||
182 | %description -l it.UTF-8 | |
183 | OpenSSH (Secure Shell) fornisce l'accesso ad un sistema remoto. | |
184 | Sostituisce telnet, rlogin, rexec, e rsh, e fornisce comunicazioni | |
185 | sicure e crittate tra due host non fidati su una rete non sicura. Le | |
186 | connessioni X11 ad una porta TCP/IP arbitraria possono essere | |
187 | inoltrate attraverso un canale sicuro. | |
188 | ||
189 | %description -l pl.UTF-8 | |
190 | Ssh (Secure Shell) to program służący do logowania się na zdalną | |
191 | maszynę i uruchamiania na niej aplikacji. W zamierzeniu openssh ma | |
192 | zastąpić rlogin, rsh i dostarczyć bezpieczne, szyfrowane połączenie | |
193 | pomiędzy dwoma hostami. | |
194 | ||
195 | Ten pakiet zawiera podstawowe pliki potrzebne zarówno po stronie | |
196 | klienta jak i serwera OpenSSH. Aby był użyteczny, trzeba zainstalować | |
197 | co najmniej jeden z pakietów: openssh-clients lub openssh-server. | |
198 | ||
199 | %if %{with hpn} | |
200 | Ta wersja zawiera łaty z projektu High Performance SSH/SCP | |
201 | http://www.psc.edu/networking/projects/hpn-ssh/, które mają na celu | |
202 | zwiększenie przepustowości transmisji dla szybkich połączeń z dużym | |
203 | RTT (20-150 msec). Na stronie projektu znaleźć można odpowednie dla | |
204 | danego połączenia wartości parametru '-w' oraz opcje /proc/sys dla | |
205 | TCP. Nawiasem mówiąc w sieciach LAN RTT < 1 msec. | |
206 | %endif | |
207 | ||
208 | %description -l pt.UTF-8 | |
209 | OpenSSH (Secure Shell) fornece acesso a um sistema remoto. Substitui o | |
210 | telnet, rlogin, rexec, e o rsh e fornece comunicações seguras e | |
211 | cifradas entre duas máquinas sem confiança mútua sobre uma rede | |
212 | insegura. Ligações X11 e portos TCP/IP arbitrários também poder ser | |
213 | reenviados pelo canal seguro. | |
214 | ||
215 | %description -l pt_BR.UTF-8 | |
216 | SSH é um programa para acessar e executar comandos em máquinas | |
217 | remotas. Ele substitui rlogin e rsh, e provem um canal de comunicação | |
218 | seguro entre dois hosts em uma rede insegura. Conexões X11 e portas | |
219 | TCP/IP arbitrárias também podem ser usadas pelo canal seguro. | |
220 | ||
221 | OpenSSH é o resultado do trabalho da equipe do OpenBSD em continuar a | |
222 | última versão gratuita do SSH, atualizando-o em termos de segurança e | |
223 | recursos, assim como removendo todos os algoritmos patenteados e | |
224 | colocando-os em bibliotecas separadas (OpenSSL). | |
225 | ||
226 | Esse pacote contém o "port" pra Linux do OpenSSH. Você deve instalar | |
227 | também ou o pacote openssh-clients, ou o openssh-server, ou ambos. | |
228 | ||
229 | %description -l ru.UTF-8 | |
230 | Ssh (Secure Shell) - это программа для "захода" (login) на удаленную | |
231 | машину и для выполнения команд на удаленной машине. Она предназначена | |
232 | для замены rlogin и rsh и обеспечивает безопасную шифрованную | |
233 | коммуникацию между двумя хостами в сети, являющейся небезопасной. | |
234 | Соединения X11 и любые порты TCP/IP могут также быть проведены через | |
235 | безопасный канал. | |
236 | ||
237 | OpenSSH - это переделка командой разработчиков OpenBSD последней | |
238 | свободной версии SSH, доведенная до современного состояния в терминах | |
239 | уровня безопасности и поддерживаемых возможностей. Все патентованные | |
240 | алгоритмы вынесены в отдельные библиотеки (OpenSSL). | |
241 | ||
242 | Этот пакет содержит файлы, необходимые как для клиента, так и для | |
243 | сервера OpenSSH. Вам нужно будет установить еще openssh-clients, | |
244 | openssh-server, или оба пакета. | |
245 | ||
246 | %description -l uk.UTF-8 | |
247 | Ssh (Secure Shell) - це програма для "заходу" (login) до віддаленої | |
248 | машини та для виконання команд на віддаленій машині. Вона призначена | |
249 | для заміни rlogin та rsh і забезпечує безпечну шифровану комунікацію | |
250 | між двома хостами в мережі, яка не є безпечною. З'єднання X11 та | |
251 | довільні порти TCP/IP можуть також бути проведені через безпечний | |
252 | канал. | |
253 | ||
254 | OpenSSH - це переробка командою розробників OpenBSD останньої вільної | |
255 | версії SSH, доведена до сучасного стану в термінах рівня безпеки та | |
256 | підтримуваних можливостей. Всі патентовані алгоритми винесені до | |
257 | окремих бібліотек (OpenSSL). | |
258 | ||
259 | Цей пакет містить файли, необхідні як для клієнта, так і для сервера | |
260 | OpenSSH. Вам потрібно буде ще встановити openssh-clients, | |
261 | openssh-server, чи обидва пакети. | |
262 | ||
263 | %package clients | |
264 | Summary: OpenSSH Secure Shell protocol clients | |
265 | Summary(es.UTF-8): Clientes de OpenSSH | |
266 | Summary(pl.UTF-8): Klienci protokołu Secure Shell | |
267 | Summary(pt_BR.UTF-8): Clientes do OpenSSH | |
268 | Summary(ru.UTF-8): OpenSSH - клиенты протокола Secure Shell | |
269 | Summary(uk.UTF-8): OpenSSH - клієнти протоколу Secure Shell | |
270 | Group: Applications/Networking | |
271 | Requires: %{name} | |
272 | Suggests: %{name}-clients-helper-fido = %{epoch}:%{version}-%{release} | |
273 | Provides: ssh-clients | |
274 | Obsoletes: ssh-clients | |
275 | %requires_eq_to openssl openssl-devel | |
276 | ||
277 | %description clients | |
278 | Ssh (Secure Shell) a program for logging into a remote machine and for | |
279 | executing commands in a remote machine. It is intended to replace | |
280 | rlogin and rsh, and provide secure encrypted communications between | |
281 | two untrusted hosts over an insecure network. X11 connections and | |
282 | arbitrary TCP/IP ports can also be forwarded over the secure channel. | |
283 | ||
284 | OpenSSH is OpenBSD's rework of the last free version of SSH, bringing | |
285 | it up to date in terms of security and features, as well as removing | |
286 | all patented algorithms to seperate libraries (OpenSSL). | |
287 | ||
288 | This package includes the clients necessary to make encrypted | |
289 | connections to SSH servers. | |
290 | ||
291 | %description clients -l es.UTF-8 | |
292 | Este paquete incluye los clientes que se necesitan para hacer | |
293 | conexiones codificadas con servidores SSH. | |
294 | ||
295 | %description clients -l pl.UTF-8 | |
296 | Ssh (Secure Shell) to program służący do logowania się na zdalną | |
297 | maszynę i uruchamiania na niej aplikacji. W zamierzeniu openssh ma | |
298 | zastąpić rlogin, rsh i dostarczyć bezpieczne, szyfrowane połączenie | |
299 | pomiędzy dwoma hostami. | |
300 | ||
301 | Ten pakiet zawiera klientów służących do łączenia się z serwerami SSH. | |
302 | ||
303 | %description clients -l pt_BR.UTF-8 | |
304 | Esse pacote inclui os clientes necessários para fazer conexões | |
305 | encriptadas com servidores SSH. | |
306 | ||
307 | %description clients -l ru.UTF-8 | |
308 | Ssh (Secure Shell) - это программа для "захода" (login) на удаленную | |
309 | машину и для выполнения команд на удаленной машине. | |
310 | ||
311 | Этот пакет содержит программы-клиенты, необходимые для установления | |
312 | зашифрованных соединений с серверами SSH. | |
313 | ||
314 | %description clients -l uk.UTF-8 | |
315 | Ssh (Secure Shell) - це програма для "заходу" (login) до віддаленої | |
316 | машини та для виконання команд на віддаленій машині. | |
317 | ||
318 | Цей пакет містить програми-клієнти, необхідні для встановлення | |
319 | зашифрованих з'єднань з серверами SSH. | |
320 | ||
321 | %package clients-agent-profile_d | |
322 | Summary: OpenSSH Secure Shell agent init script | |
323 | Summary(pl.UTF-8): Skrypt startowy agenta OpenSSH | |
324 | Group: Applications/Networking | |
325 | Requires: %{name}-clients = %{epoch}:%{version}-%{release} | |
326 | ||
327 | %description clients-agent-profile_d | |
328 | profile.d scripts for starting SSH agent. | |
329 | ||
330 | %description clients-agent-profile_d -l pl.UTF-8 | |
331 | Skrypty profile.d do uruchamiania agenta SSH. | |
332 | ||
333 | %package clients-agent-xinitrc | |
334 | Summary: OpenSSH Secure Shell agent init script | |
335 | Summary(pl.UTF-8): Skrypt inicjujący agenta ssh przez xinitrc | |
336 | Group: Applications/Networking | |
337 | Requires: %{name}-clients-agent-profile_d = %{epoch}:%{version}-%{release} | |
338 | Requires: xinitrc | |
339 | ||
340 | %description clients-agent-xinitrc | |
341 | xinitrc scripts for starting SSH agent. | |
342 | ||
343 | %description clients-agent-xinitrc -l pl.UTF-8 | |
344 | Skrypty xinitrc do uruchamiania agenta SSH. | |
345 | ||
346 | %package clients-helper-fido | |
347 | Summary: OpenSSH helper for FIDO authenticator | |
348 | Summary(pl.UTF-8): OpenSSH helper obsługujący klucz autoryzujący FIDO | |
349 | Group: Applications/Networking | |
350 | Requires: %{name}-clients = %{epoch}:%{version}-%{release} | |
351 | Requires: libfido2 >= 1.5.0 | |
352 | ||
353 | %description clients-helper-fido | |
354 | OpenSSH helper for FIDO authenticator. | |
355 | ||
356 | %description clients-helper-fido -l pl.UTF-8 | |
357 | OpenSSH helper obsługujący klucz autoryzujący FIDO. | |
358 | ||
359 | %package server | |
360 | Summary: OpenSSH Secure Shell protocol server (sshd) | |
361 | Summary(de.UTF-8): OpenSSH Secure Shell Protocol-Server (sshd) | |
362 | Summary(es.UTF-8): Servidor OpenSSH para comunicaciones codificadas | |
363 | Summary(fr.UTF-8): Serveur de protocole du shell sécurisé OpenSSH (sshd) | |
364 | Summary(it.UTF-8): Server OpenSSH per il protocollo Secure Shell (sshd) | |
365 | Summary(pl.UTF-8): Serwer protokołu Secure Shell (sshd) | |
366 | Summary(pt.UTF-8): Servidor do protocolo 'Secure Shell' OpenSSH (sshd) | |
367 | Summary(pt_BR.UTF-8): Servidor OpenSSH para comunicações encriptadas | |
368 | Summary(ru.UTF-8): OpenSSH - сервер протокола Secure Shell (sshd) | |
369 | Summary(uk.UTF-8): OpenSSH - сервер протоколу Secure Shell (sshd) | |
370 | Group: Networking/Daemons | |
371 | Requires(post): /sbin/chkconfig | |
372 | Requires(post): grep | |
373 | Requires(post,preun): /sbin/chkconfig | |
374 | Requires(postun): /usr/sbin/userdel | |
375 | Requires(pre): /bin/id | |
376 | Requires(pre): /usr/sbin/useradd | |
377 | Requires(post,preun,postun): systemd-units >= 38 | |
378 | Requires: %{name} = %{epoch}:%{version}-%{release} | |
379 | Requires: pam >= %{pam_ver} | |
380 | Requires: rc-scripts >= 0.4.3.0 | |
381 | Requires: systemd-units >= 38 | |
382 | %{?with_libseccomp:Requires: uname(release) >= 3.5} | |
383 | Requires: util-linux | |
384 | %{?with_ldap:Suggests: %{name}-server-ldap} | |
385 | Suggests: /bin/login | |
386 | Suggests: xorg-app-xauth | |
387 | Provides: ssh-server | |
388 | Provides: user(sshd) | |
389 | %requires_eq_to openssl openssl-devel | |
390 | ||
391 | %description server | |
392 | Ssh (Secure Shell) a program for logging into a remote machine and for | |
393 | executing commands in a remote machine. It is intended to replace | |
394 | rlogin and rsh, and provide secure encrypted communications between | |
395 | two untrusted hosts over an insecure network. X11 connections and | |
396 | arbitrary TCP/IP ports can also be forwarded over the secure channel. | |
397 | ||
398 | OpenSSH is OpenBSD's rework of the last free version of SSH, bringing | |
399 | it up to date in terms of security and features, as well as removing | |
400 | all patented algorithms to seperate libraries (OpenSSL). | |
401 | ||
402 | This package contains the secure shell daemon. The sshd is the server | |
403 | part of the secure shell protocol and allows ssh clients to connect to | |
404 | your host. | |
405 | ||
406 | %description server -l de.UTF-8 | |
407 | Dieses Paket installiert den sshd, den Server-Teil der OpenSSH. | |
408 | ||
409 | %description server -l es.UTF-8 | |
410 | Este paquete contiene el servidor SSH. sshd es la parte servidor del | |
411 | protocolo secure shell y permite que clientes ssh se conecten a su | |
412 | servidor. | |
413 | ||
414 | %description server -l fr.UTF-8 | |
415 | Ce paquetage installe le 'sshd', partie serveur de OpenSSH. | |
416 | ||
417 | %description server -l it.UTF-8 | |
418 | Questo pacchetto installa sshd, il server di OpenSSH. | |
419 | ||
420 | %description server -l pl.UTF-8 | |
421 | Ssh (Secure Shell) to program służący do logowania się na zdalną | |
422 | maszynę i uruchamiania na niej aplikacji. W zamierzeniu openssh ma | |
423 | zastąpić rlogin, rsh i dostarczyć bezpieczne, szyfrowane połączenie | |
424 | pomiędzy dwoma hostami. | |
425 | ||
426 | Ten pakiet zawiera serwer sshd (do którego mogą łączyć się klienci | |
427 | ssh). | |
428 | ||
429 | %description server -l pt.UTF-8 | |
430 | Este pacote intala o sshd, o servidor do OpenSSH. | |
431 | ||
432 | %description server -l pt_BR.UTF-8 | |
433 | Esse pacote contém o servidor SSH. O sshd é a parte servidor do | |
434 | protocolo secure shell e permite que clientes ssh se conectem ao seu | |
435 | host. | |
436 | ||
437 | %description server -l ru.UTF-8 | |
438 | Ssh (Secure Shell) - это программа для "захода" (login) на удаленную | |
439 | машину и для выполнения команд на удаленной машине. | |
440 | ||
441 | Этот пакет содержит sshd - "демон" Secure Shell. sshd - это серверная | |
442 | часть протокола Secure Shell, позволяющая клиентам ssh соединяться с | |
443 | вашим хостом. | |
444 | ||
445 | %description server -l uk.UTF-8 | |
446 | Ssh (Secure Shell) - це програма для "заходу" (login) до віддаленої | |
447 | машини та для виконання команд на віддаленій машині. | |
448 | ||
449 | Цей пакет містить sshd - "демон" Secure Shell. sshd - це серверна | |
450 | частина протоколу Secure Shell, яка дозволяє клієнтам ssh зв'язуватись | |
451 | з вашим хостом. | |
452 | ||
453 | %package server-ldap | |
454 | Summary: A LDAP support for open source SSH server daemon | |
455 | Summary(pl.UTF-8): Wsparcie LDAP dla serwera OpenSSH | |
456 | Group: Daemons | |
457 | Requires: %{name} = %{epoch}:%{version}-%{release} | |
458 | Requires: openldap-nss-config | |
459 | ||
460 | %description server-ldap | |
461 | OpenSSH LDAP backend is a way how to distribute the authorized tokens | |
462 | among the servers in the network. | |
463 | ||
464 | %description server-ldap -l pl.UTF-8 | |
465 | Backend LDAP dla OpenSSH to metoda rozprowadzania autoryzowanych | |
466 | tokenów między serwerami w sieci. | |
467 | ||
468 | %package gnome-askpass | |
469 | Summary: OpenSSH GNOME passphrase dialog | |
470 | Summary(de.UTF-8): OpenSSH GNOME Passwort-Dialog | |
471 | Summary(es.UTF-8): Diálogo para introducción de passphrase para GNOME | |
472 | Summary(fr.UTF-8): Dialogue pass-phrase GNOME d'OpenSSH | |
473 | Summary(it.UTF-8): Finestra di dialogo GNOME per la frase segreta di OpenSSH | |
474 | Summary(pl.UTF-8): Odpytywacz hasła OpenSSH dla GNOME | |
475 | Summary(pt.UTF-8): Diálogo de pedido de senha para GNOME do OpenSSH | |
476 | Summary(pt_BR.UTF-8): Diálogo para entrada de passphrase para GNOME | |
477 | Summary(ru.UTF-8): OpenSSH - диалог ввода ключевой фразы (passphrase) для GNOME | |
478 | Summary(uk.UTF-8): OpenSSH - діалог вводу ключової фрази (passphrase) для GNOME | |
479 | Group: Applications/Networking | |
480 | Requires: %{name} = %{epoch}:%{version}-%{release} | |
481 | Obsoletes: openssh-askpass | |
482 | Obsoletes: ssh-askpass | |
483 | Obsoletes: ssh-extras | |
484 | ||
485 | %description gnome-askpass | |
486 | Ssh (Secure Shell) a program for logging into a remote machine and for | |
487 | executing commands in a remote machine. It is intended to replace | |
488 | rlogin and rsh, and provide secure encrypted communications between | |
489 | two untrusted hosts over an insecure network. X11 connections and | |
490 | arbitrary TCP/IP ports can also be forwarded over the secure channel. | |
491 | ||
492 | OpenSSH is OpenBSD's rework of the last free version of SSH, bringing | |
493 | it up to date in terms of security and features, as well as removing | |
494 | all patented algorithms to seperate libraries (OpenSSL). | |
495 | ||
496 | This package contains the GNOME passphrase dialog. | |
497 | ||
498 | %description gnome-askpass -l es.UTF-8 | |
499 | Este paquete contiene un programa que abre una caja de diálogo para | |
500 | entrada de passphrase en GNOME. | |
501 | ||
502 | %description gnome-askpass -l pl.UTF-8 | |
503 | Ssh (Secure Shell) to program służący do logowania się na zdalną | |
504 | maszynę i uruchamiania na niej aplikacji. W zamierzeniu openssh ma | |
505 | zastąpić rlogin, rsh i dostarczyć bezpieczne, szyfrowane połączenie | |
506 | pomiędzy dwoma hostami. | |
507 | ||
508 | Ten pakiet zawiera ,,odpytywacz hasła'' dla GNOME. | |
509 | ||
510 | %description gnome-askpass -l pt_BR.UTF-8 | |
511 | Esse pacote contém um programa que abre uma caixa de diálogo para | |
512 | entrada de passphrase no GNOME. | |
513 | ||
514 | %description gnome-askpass -l ru.UTF-8 | |
515 | Ssh (Secure Shell) - это программа для "захода" (login) на удаленную | |
516 | машину и для выполнения команд на удаленной машине. | |
517 | ||
518 | Этот пакет содержит диалог ввода ключевой фразы для использования под | |
519 | GNOME. | |
520 | ||
521 | %description gnome-askpass -l uk.UTF-8 | |
522 | Ssh (Secure Shell) - це програма для "заходу" (login) до віддаленої | |
523 | машини та для виконання команд на віддаленій машині. | |
524 | ||
525 | Цей пакет містить діалог вводу ключової фрази для використання під | |
526 | GNOME. | |
527 | ||
528 | %package -n openldap-schema-openssh-lpk | |
529 | Summary: OpenSSH LDAP Public Key schema | |
530 | Summary(pl.UTF-8): Schemat klucza publicznego LDAP dla OpenSSH | |
531 | Group: Networking/Daemons | |
532 | Requires(post,postun): sed >= 4.0 | |
533 | Requires: openldap-servers | |
534 | BuildArch: noarch | |
535 | ||
536 | %description -n openldap-schema-openssh-lpk | |
537 | This package contains OpenSSH LDAP Public Key schema for openldap. | |
538 | ||
539 | %description -n openldap-schema-openssh-lpk -l pl.UTF-8 | |
540 | Ten pakiet zawiera schemat klucza publicznego LDAP dla OpenSSH dla | |
541 | openldap-a. | |
542 | ||
543 | %prep | |
544 | %setup -q | |
545 | %patch100 -p1 | |
546 | ||
547 | %patch0 -p1 | |
548 | %patch1 -p1 | |
549 | %patch2 -p1 | |
550 | %patch3 -p1 | |
551 | %patch4 -p1 | |
552 | %patch5 -p1 | |
553 | %patch6 -p1 | |
554 | %patch7 -p1 | |
555 | %patch8 -p1 | |
556 | ||
557 | %{?with_hpn:%patch9 -p1} | |
558 | ||
559 | %patch11 -p1 | |
560 | ||
561 | %patch13 -p1 | |
562 | ||
563 | %patch14 -p1 | |
564 | %{!?with_ldap:%patch15 -p1} | |
565 | %patch16 -p1 | |
566 | ||
567 | %if "%{pld_release}" == "ac" | |
568 | # fix for missing x11.pc | |
569 | %{__sed} -i -e 's/\(`$(PKG_CONFIG) --libs gtk+-2.0\) x11`/\1` -lX11/' contrib/Makefile | |
570 | %endif | |
571 | ||
572 | # hack since arc4random from openbsd-compat needs symbols from libssh and vice versa | |
573 | sed -i -e 's#-lssh -lopenbsd-compat#-lssh -lopenbsd-compat -lssh -lopenbsd-compat#g' Makefile* | |
574 | ||
575 | grep -rl /usr/libexec/openssh/ssh-ldap-helper . | xargs \ | |
576 | %{__sed} -i -e 's,/usr/libexec/openssh/ssh-ldap-helper,%{_libexecdir}/ssh-ldap-helper,' | |
577 | ||
578 | # prevent being ovewritten by aclocal calls | |
579 | %{__mv} aclocal.m4 acinclude.m4 | |
580 | ||
581 | %build | |
582 | %{__aclocal} | |
583 | %{__autoconf} | |
584 | %{__autoheader} | |
585 | CPPFLAGS="%{rpmcppflags} -DCHROOT -std=gnu99" | |
586 | %configure \ | |
587 | PERL=%{__perl} \ | |
588 | --disable-strip \ | |
589 | --enable-utmpx \ | |
590 | --enable-wtmpx \ | |
591 | --with-4in6 \ | |
592 | %{?with_audit:--with-audit=linux} \ | |
593 | --with-ipaddr-display \ | |
594 | %{?with_kerberos5:--with-kerberos5=/usr} \ | |
595 | --with-ldap%{!?with_ldap:=no} \ | |
596 | %{?with_ldns:--with-ldns} \ | |
597 | %{?with_libedit:--with-libedit} \ | |
598 | --with-mantype=man \ | |
599 | --with-md5-passwords \ | |
600 | --with-pam \ | |
601 | --with-pid-dir=%{_localstatedir}/run \ | |
602 | --with-privsep-path=%{_privsepdir} \ | |
603 | --with-privsep-user=sshd \ | |
604 | --with-security-key-builtin \ | |
605 | %{?with_selinux:--with-selinux} \ | |
606 | %if "%{pld_release}" == "ac" | |
607 | --with-xauth=/usr/X11R6/bin/xauth | |
608 | %else | |
609 | %if %{with libseccomp} | |
610 | --with-sandbox=seccomp_filter \ | |
611 | %else | |
612 | --with-sandbox=rlimit \ | |
613 | %endif | |
614 | --with-xauth=%{_bindir}/xauth | |
615 | %endif | |
616 | ||
617 | echo '#define LOGIN_PROGRAM "/bin/login"' >>config.h | |
618 | ||
619 | %{__make} | |
620 | ||
621 | %if %{with tests} | |
622 | %{__make} -j1 tests \ | |
623 | TEST_SSH_PORT=$((4242 + ${RANDOM:-$$} % 1000)) \ | |
624 | TEST_SSH_TRACE="yes" \ | |
625 | %if %{without tests_conch} | |
626 | SKIP_LTESTS="conch-ciphers" | |
627 | %endif | |
628 | %endif | |
629 | ||
630 | cd contrib | |
631 | %if %{with gnome} | |
632 | %{__make} gnome-ssh-askpass1 \ | |
633 | CC="%{__cc} %{rpmldflags} %{rpmcflags}" | |
634 | %endif | |
635 | %if %{with gtk} | |
636 | %{__make} gnome-ssh-askpass2 \ | |
637 | CC="%{__cc} %{rpmldflags} %{rpmcflags}" | |
638 | %endif | |
639 | ||
640 | %install | |
641 | rm -rf $RPM_BUILD_ROOT | |
642 | install -d $RPM_BUILD_ROOT{%{_sysconfdir},/etc/{pam.d,rc.d/init.d,sysconfig,security,env.d}} \ | |
643 | $RPM_BUILD_ROOT{%{_libexecdir}/ssh,%{schemadir},%{systemdunitdir}} | |
644 | install -d $RPM_BUILD_ROOT/etc/{profile.d,X11/xinit/xinitrc.d} | |
645 | ||
646 | %{__make} install \ | |
647 | DESTDIR=$RPM_BUILD_ROOT | |
648 | ||
649 | bzip2 -dc %{SOURCE1} | tar xf - -C $RPM_BUILD_ROOT%{_mandir} | |
650 | ||
651 | install -p %{SOURCE2} $RPM_BUILD_ROOT/etc/rc.d/init.d/sshd | |
652 | cp -p %{SOURCE3} $RPM_BUILD_ROOT/etc/pam.d/sshd | |
653 | cp -p %{SOURCE4} $RPM_BUILD_ROOT/etc/sysconfig/sshd | |
654 | cp -p %{SOURCE5} $RPM_BUILD_ROOT/etc/profile.d | |
655 | ln -sf /etc/profile.d/ssh-agent.sh $RPM_BUILD_ROOT/etc/X11/xinit/xinitrc.d/ssh-agent.sh | |
656 | cp -p %{SOURCE6} $RPM_BUILD_ROOT%{_sysconfdir} | |
657 | cp -p %{SOURCE7} $RPM_BUILD_ROOT%{schemadir} | |
658 | ||
659 | cp -p %{SOURCE9} %{SOURCE11} %{SOURCE12} $RPM_BUILD_ROOT%{systemdunitdir} | |
660 | install -p %{SOURCE10} $RPM_BUILD_ROOT%{_libexecdir}/sshd-keygen | |
661 | ||
662 | %{__sed} -i -e 's|@@LIBEXECDIR@@|%{_libexecdir}|g' \ | |
663 | $RPM_BUILD_ROOT/etc/rc.d/init.d/sshd \ | |
664 | $RPM_BUILD_ROOT%{systemdunitdir}/sshd.service \ | |
665 | $RPM_BUILD_ROOT%{systemdunitdir}/sshd@.service \ | |
666 | $RPM_BUILD_ROOT%{_libexecdir}/sshd-keygen | |
667 | ||
668 | %if %{with gnome} | |
669 | install -p contrib/gnome-ssh-askpass1 $RPM_BUILD_ROOT%{_libexecdir}/ssh/ssh-askpass | |
670 | %endif | |
671 | %if %{with gtk} | |
672 | install -p contrib/gnome-ssh-askpass2 $RPM_BUILD_ROOT%{_libexecdir}/ssh/ssh-askpass | |
673 | %endif | |
674 | %if %{with gnome} || %{with gtk} | |
675 | cat << 'EOF' >$RPM_BUILD_ROOT/etc/env.d/GNOME_SSH_ASKPASS_GRAB_SERVER | |
676 | #GNOME_SSH_ASKPASS_GRAB_SERVER="true" | |
677 | EOF | |
678 | cat << 'EOF' >$RPM_BUILD_ROOT/etc/env.d/GNOME_SSH_ASKPASS_GRAB_POINTER | |
679 | #GNOME_SSH_ASKPASS_GRAB_POINTER="true" | |
680 | EOF | |
681 | ln -s %{_libexecdir}/ssh/ssh-askpass $RPM_BUILD_ROOT%{_libexecdir}/ssh-askpass | |
682 | %endif | |
683 | ||
684 | install -p contrib/ssh-copy-id $RPM_BUILD_ROOT%{_bindir} | |
685 | cp -p contrib/ssh-copy-id.1 $RPM_BUILD_ROOT%{_mandir}/man1 | |
686 | ||
687 | touch $RPM_BUILD_ROOT/etc/security/blacklist.sshd | |
688 | ||
689 | cat << 'EOF' > $RPM_BUILD_ROOT/etc/env.d/SSH_ASKPASS | |
690 | #SSH_ASKPASS="%{_libexecdir}/ssh-askpass" | |
691 | EOF | |
692 | ||
693 | %if "%{pld_release}" == "ac" | |
694 | # not present in ac, no point searching it | |
695 | %{__sed} -i -e '/pam_keyinit.so/d' $RPM_BUILD_ROOT/etc/pam.d/sshd | |
696 | # openssl on ac does not have OPENSSL_HAS_ECC | |
697 | %{__sed} -i -e '/ecdsa/d' $RPM_BUILD_ROOT%{_libexecdir}/sshd-keygen | |
698 | %endif | |
699 | ||
700 | %if %{without audit} | |
701 | # remove recording user's login uid to the process attribute | |
702 | %{__sed} -i -e '/pam_loginuid.so/d' $RPM_BUILD_ROOT/etc/pam.d/sshd | |
703 | %endif | |
704 | ||
705 | %{__rm} $RPM_BUILD_ROOT%{_mandir}/README.openssh-non-english-man-pages | |
706 | %{?with_ldap:%{__rm} $RPM_BUILD_ROOT%{_sysconfdir}/ldap.conf} | |
707 | ||
708 | %clean | |
709 | rm -rf $RPM_BUILD_ROOT | |
710 | ||
711 | %post clients | |
712 | %env_update | |
713 | ||
714 | %postun clients | |
715 | %env_update | |
716 | ||
717 | %post gnome-askpass | |
718 | %env_update | |
719 | ||
720 | %postun gnome-askpass | |
721 | %env_update | |
722 | ||
723 | %pre server | |
724 | %useradd -P %{name}-server -u 40 -d %{_privsepdir} -s /bin/false -c "OpenSSH PrivSep User" -g nobody sshd | |
725 | ||
726 | %post server | |
727 | /sbin/chkconfig --add sshd | |
728 | %service sshd reload "OpenSSH Daemon" | |
729 | NORESTART=1 | |
730 | %systemd_post sshd.service | |
731 | ||
732 | %preun server | |
733 | if [ "$1" = "0" ]; then | |
734 | %service sshd stop | |
735 | /sbin/chkconfig --del sshd | |
736 | fi | |
737 | %systemd_preun sshd.service | |
738 | ||
739 | %postun server | |
740 | if [ "$1" = "0" ]; then | |
741 | %userremove sshd | |
742 | fi | |
743 | %systemd_reload | |
744 | ||
745 | %triggerpostun server -- %{name}-server < 2:7.0p1-2 | |
746 | %banner %{name}-server -e << EOF | |
747 | !!!!!!!!!!!!!!!!!!!!!!! WARNING !!!!!!!!!!!!!!!!!!! | |
748 | ! Starting from openssh 7.0 DSA keys are disabled ! | |
749 | ! on server and client side. You will NOT be able ! | |
750 | ! to use DSA keys for authentication. Please read ! | |
751 | ! about PubkeyAcceptedKeyTypes in man ssh_config. ! | |
752 | !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! | |
753 | EOF | |
754 | ||
755 | %triggerpostun server -- %{name}-server < 6.2p1-1 | |
756 | cp -f %{_sysconfdir}/sshd_config{,.rpmorig} | |
757 | sed -i -e 's#AuthorizedKeysCommandRunAs#AuthorizedKeysCommandUser##g' %{_sysconfdir}/sshd_config | |
758 | ||
759 | %triggerpostun server -- %{name}-server < 2:5.9p1-8 | |
760 | # lpk.patch to ldap.patch | |
761 | if grep -qE '^(UseLPK|Lpk)' %{_sysconfdir}/sshd_config; then | |
762 | echo >&2 "Migrating LPK patch to LDAP patch" | |
763 | cp -f %{_sysconfdir}/sshd_config{,.rpmorig} | |
764 | %{__sed} -i -e ' | |
765 | # disable old configs | |
766 | # just UseLPK/LkpLdapConf supported for now | |
767 | s/^\s*UseLPK/## Obsolete &/ | |
768 | s/^\s*Lpk/## Obsolete &/ | |
769 | # Enable new ones, assumes /etc/ldap.conf defaults, see HOWTO.ldap-keys | |
770 | /UseLPK/iAuthorizedKeysCommand %{_libexecdir}/ssh-ldap-wrapper | |
771 | ' %{_sysconfdir}/sshd_config | |
772 | if [ ! -x /bin/systemd_booted ] || ! /bin/systemd_booted; then | |
773 | /bin/systemctl try-restart sshd.service || : | |
774 | else | |
775 | %service -q sshd reload | |
776 | fi | |
777 | fi | |
778 | %systemd_trigger sshd.service | |
779 | if [ -x /bin/systemd_booted ] && /bin/systemd_booted; then | |
780 | %banner %{name}-server -e << EOF | |
781 | !!!!!!!!!!!!!!!!!!!!!!! WARNING !!!!!!!!!!!!!!!!!!!!!!!!! | |
782 | ! Native systemd support for sshd has been installed. ! | |
783 | ! Restarting sshd.service with systemctl WILL kill all ! | |
784 | ! active ssh sessions (daemon as such will be started). ! | |
785 | !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! | |
786 | EOF | |
787 | fi | |
788 | ||
789 | %post -n openldap-schema-openssh-lpk | |
790 | %openldap_schema_register %{schemadir}/openssh-lpk.schema | |
791 | %service -q ldap restart | |
792 | ||
793 | %postun -n openldap-schema-openssh-lpk | |
794 | if [ "$1" = "0" ]; then | |
795 | %openldap_schema_unregister %{schemadir}/openssh-lpk.schema | |
796 | %service -q ldap restart | |
797 | fi | |
798 | ||
799 | %files | |
800 | %defattr(644,root,root,755) | |
801 | %doc TODO README OVERVIEW CREDITS Change* | |
802 | %attr(755,root,root) %{_bindir}/ssh-key* | |
803 | #%attr(755,root,root) %{_bindir}/ssh-vulnkey* | |
804 | %{_mandir}/man1/ssh-key*.1* | |
805 | #%{_mandir}/man1/ssh-vulnkey*.1* | |
806 | %dir %{_sysconfdir} | |
807 | %dir %{_libexecdir} | |
808 | ||
809 | %files clients | |
810 | %defattr(644,root,root,755) | |
811 | %attr(755,root,root) %{_bindir}/ssh | |
812 | %attr(755,root,root) %{_bindir}/sftp | |
813 | %attr(755,root,root) %{_bindir}/ssh-agent | |
814 | %attr(755,root,root) %{_bindir}/ssh-add | |
815 | %attr(755,root,root) %{_bindir}/ssh-copy-id | |
816 | %attr(755,root,root) %{_bindir}/scp | |
817 | %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/ssh_config | |
818 | %config(noreplace,missingok) %verify(not md5 mtime size) /etc/env.d/SSH_ASKPASS | |
819 | %{_mandir}/man1/scp.1* | |
820 | %{_mandir}/man1/ssh.1* | |
821 | %{_mandir}/man1/sftp.1* | |
822 | %{_mandir}/man1/ssh-agent.1* | |
823 | %{_mandir}/man1/ssh-add.1* | |
824 | %{_mandir}/man1/ssh-copy-id.1* | |
825 | %{_mandir}/man5/ssh_config.5* | |
826 | %lang(it) %{_mandir}/it/man1/ssh.1* | |
827 | %lang(it) %{_mandir}/it/man5/ssh_config.5* | |
828 | %lang(pl) %{_mandir}/pl/man1/scp.1* | |
829 | %lang(zh_CN) %{_mandir}/zh_CN/man1/scp.1* | |
830 | ||
831 | # for host-based auth (suid required for accessing private host key) | |
832 | #%attr(4755,root,root) %{_libexecdir}/ssh-keysign | |
833 | #%{_mandir}/man8/ssh-keysign.8* | |
834 | ||
835 | %files clients-agent-profile_d | |
836 | %defattr(644,root,root,755) | |
837 | %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/ssh-agent.conf | |
838 | %attr(755,root,root) /etc/profile.d/ssh-agent.sh | |
839 | ||
840 | %files clients-agent-xinitrc | |
841 | %defattr(644,root,root,755) | |
842 | %attr(755,root,root) /etc/X11/xinit/xinitrc.d/ssh-agent.sh | |
843 | ||
844 | %files clients-helper-fido | |
845 | %defattr(644,root,root,755) | |
846 | %attr(755,root,root) %{_libexecdir}/ssh-sk-helper | |
847 | %{_mandir}/man8/ssh-sk-helper.8* | |
848 | ||
849 | %files server | |
850 | %defattr(644,root,root,755) | |
851 | %attr(755,root,root) %{_sbindir}/sshd | |
852 | %attr(755,root,root) %{_libexecdir}/sftp-server | |
853 | %attr(755,root,root) %{_libexecdir}/ssh-keysign | |
854 | %attr(755,root,root) %{_libexecdir}/ssh-pkcs11-helper | |
855 | %attr(755,root,root) %{_libexecdir}/sshd-keygen | |
856 | %{_mandir}/man8/sshd.8* | |
857 | %{_mandir}/man8/sftp-server.8* | |
858 | %{_mandir}/man8/ssh-keysign.8* | |
859 | %{_mandir}/man8/ssh-pkcs11-helper.8* | |
860 | %{_mandir}/man5/sshd_config.5* | |
861 | %{_mandir}/man5/moduli.5* | |
862 | %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/sshd_config | |
863 | %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/pam.d/sshd | |
864 | %{_sysconfdir}/moduli | |
865 | %attr(754,root,root) /etc/rc.d/init.d/sshd | |
866 | %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/sysconfig/sshd | |
867 | %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/security/blacklist.sshd | |
868 | %{systemdunitdir}/sshd.service | |
869 | %{systemdunitdir}/sshd.socket | |
870 | %{systemdunitdir}/sshd@.service | |
871 | ||
872 | %if %{with ldap} | |
873 | %files server-ldap | |
874 | %defattr(644,root,root,755) | |
875 | %doc HOWTO.ldap-keys ldap.conf | |
876 | %attr(755,root,root) %{_libexecdir}/ssh-ldap-helper | |
877 | %attr(755,root,root) %{_libexecdir}/ssh-ldap-wrapper | |
878 | %{_mandir}/man5/ssh-ldap.conf.5* | |
879 | %{_mandir}/man8/ssh-ldap-helper.8* | |
880 | %endif | |
881 | ||
882 | %if %{with gnome} || %{with gtk} | |
883 | %files gnome-askpass | |
884 | %defattr(644,root,root,755) | |
885 | %config(noreplace,missingok) %verify(not md5 mtime size) /etc/env.d/GNOME_SSH_ASKPASS* | |
886 | %dir %{_libexecdir}/ssh | |
887 | %attr(755,root,root) %{_libexecdir}/ssh/ssh-askpass | |
888 | %attr(755,root,root) %{_libexecdir}/ssh-askpass | |
889 | %endif | |
890 | ||
891 | %if %{with ldap} | |
892 | %files -n openldap-schema-openssh-lpk | |
893 | %defattr(644,root,root,755) | |
894 | %{schemadir}/openssh-lpk.schema | |
895 | %endif |