2 # - add trigger to enable this:
3 # * sshd(8): This release turns on pre-auth sandboxing sshd by default for
4 # new installs, by setting UsePrivilegeSeparation=sandbox in sshd_config.
7 %bcond_without audit # sshd audit support
8 %bcond_with gnome # gnome-askpass (GNOME 1.x) utility
9 %bcond_without gtk # gnome-askpass (GTK+ 2.x) utility
10 %bcond_without ldap # LDAP support
11 %bcond_with ldns # DNSSEC support via libldns
12 %bcond_without libedit # libedit (editline/history support in sftp client)
13 %bcond_without kerberos5 # Kerberos5 support
14 %bcond_without selinux # SELinux support
15 %bcond_without libseccomp # use libseccomp for seccomp privsep (requires 3.5 kernel)
16 %bcond_with hpn # High Performance SSH/SCP - HPN-SSH including Cipher NONE (broken too often)
17 %bcond_without tests # test suite
18 %bcond_with tests_conch # run conch interoperability tests
20 # gtk2-based gnome-askpass means no gnome1-based
21 %{?with_gtk:%undefine with_gnome}
23 %if "%{pld_release}" == "ac"
24 %define pam_ver 0.79.0
26 %define pam_ver 1:1.1.8-5
28 Summary: OpenSSH free Secure Shell (SSH) implementation
29 Summary(de.UTF-8): OpenSSH - freie Implementation der Secure Shell (SSH)
30 Summary(es.UTF-8): Implementación libre de SSH
31 Summary(fr.UTF-8): Implémentation libre du shell sécurisé OpenSSH (SSH)
32 Summary(it.UTF-8): Implementazione gratuita OpenSSH della Secure Shell
33 Summary(pl.UTF-8): Publicznie dostępna implementacja bezpiecznego shella (SSH)
34 Summary(pt.UTF-8): Implementação livre OpenSSH do protocolo 'Secure Shell' (SSH)
35 Summary(pt_BR.UTF-8): Implementação livre do SSH
36 Summary(ru.UTF-8): OpenSSH - свободная реализация протокола Secure Shell (SSH)
37 Summary(uk.UTF-8): OpenSSH - вільна реалізація протоколу Secure Shell (SSH)
43 Group: Applications/Networking
44 Source0: http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/%{name}-%{version}.tar.gz
45 # Source0-md5: 8f897870404c088e4aa7d1c1c58b526b
46 Source1: http://www.mif.pg.gda.pl/homepages/ankry/man-PLD/%{name}-non-english-man-pages.tar.bz2
47 # Source1-md5: 66943d481cc422512b537bcc2c7400d1
48 Source2: %{name}d.init
49 Source3: %{name}d.pamd
50 Source4: %{name}.sysconfig
52 Source6: ssh-agent.conf
53 Source7: %{name}-lpk.schema
57 Source12: sshd@.service
58 Patch0: %{name}-no-pty-tests.patch
59 Patch1: %{name}-tests-reuseport.patch
60 Patch2: %{name}-pam_misc.patch
61 Patch3: %{name}-sigpipe.patch
62 # http://pkgs.fedoraproject.org/gitweb/?p=openssh.git;a=tree
63 Patch4: %{name}-ldap.patch
64 Patch5: %{name}-ldap-fixes.patch
65 Patch6: ldap.conf.patch
66 Patch7: %{name}-config.patch
67 Patch8: ldap-helper-sigpipe.patch
68 # High Performance SSH/SCP - HPN-SSH - http://www.psc.edu/networking/projects/hpn-ssh/
69 # http://www.psc.edu/networking/projects/hpn-ssh/openssh-5.2p1-hpn13v6.diff.gz
70 Patch9: %{name}-5.2p1-hpn13v6.diff
72 Patch11: %{name}-chroot.patch
73 Patch12: openssh-bug-2905.patch
74 Patch13: %{name}-skip-interop-tests.patch
75 Patch14: %{name}-bind.patch
76 Patch15: %{name}-disable_ldap.patch
77 Patch16: allow_pselect6_time64.patch
78 URL: http://www.openssh.com/portable.html
79 BuildRequires: %{__perl}
80 %{?with_audit:BuildRequires: audit-libs-devel}
81 BuildRequires: autoconf >= 2.50
82 BuildRequires: automake
83 %{?with_gnome:BuildRequires: gnome-libs-devel}
84 %{?with_gtk:BuildRequires: gtk+2-devel}
85 %{?with_kerberos5:BuildRequires: heimdal-devel >= 0.7}
86 %{?with_ldns:BuildRequires: ldns-devel}
87 %{?with_libedit:BuildRequires: libedit-devel}
88 BuildRequires: libfido2-devel >= 1.5.0
89 %{?with_libseccomp:BuildRequires: libseccomp-devel}
90 %{?with_selinux:BuildRequires: libselinux-devel}
91 %{?with_ldap:BuildRequires: openldap-devel}
92 BuildRequires: openssl-devel >= 1.1.0g
93 BuildRequires: pam-devel
94 %{?with_gtk:BuildRequires: pkgconfig}
95 %if %{with tests} && %{with tests_conch}
96 BuildRequires: python-TwistedConch
98 BuildRequires: rpm >= 4.4.9-56
99 BuildRequires: rpmbuild(macros) >= 1.752
100 BuildRequires: sed >= 4.0
101 BuildRequires: zlib-devel >= 1.2.3
102 %if %{with tests} && 0%(id -u sshd >/dev/null 2>&1; echo $?)
103 BuildRequires: %{name}-server
105 %if %{with tests} && %{with libseccomp}
106 # libseccomp based sandbox requires NO_NEW_PRIVS prctl flag
107 BuildRequires: uname(release) >= 3.5
109 Requires: zlib >= 1.2.3
110 %if "%{pld_release}" == "ac"
111 Requires: filesystem >= 2.0-1
112 Requires: pam >= 0.79.0
114 Requires: filesystem >= 3.0-11
115 Requires: pam >= %{pam_ver}
116 Suggests: xorg-app-xauth
119 BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
121 %define _sysconfdir /etc/ssh
122 %define _libexecdir %{_libdir}/%{name}
123 %define _privsepdir /usr/share/empty
124 %define schemadir /usr/share/openldap/schema
127 Ssh (Secure Shell) a program for logging into a remote machine and for
128 executing commands in a remote machine. It is intended to replace
129 rlogin and rsh, and provide secure encrypted communications between
130 two untrusted hosts over an insecure network. X11 connections and
131 arbitrary TCP/IP ports can also be forwarded over the secure channel.
133 OpenSSH is OpenBSD's rework of the last free version of SSH, bringing
134 it up to date in terms of security and features, as well as removing
135 all patented algorithms to seperate libraries (OpenSSL).
137 This package includes the core files necessary for both the OpenSSH
138 client and server. To make this package useful, you should also
139 install openssh-clients, openssh-server, or both.
142 This release includes High Performance SSH/SCP patches from
143 http://www.psc.edu/networking/projects/hpn-ssh/ which are supposed to
144 increase throughput on fast connections with high RTT (20-150 msec).
145 See the website for '-w' values for your connection and /proc/sys TCP
146 values. BTW. in a LAN you have got generally RTT < 1 msec.
149 %description -l de.UTF-8
150 OpenSSH (Secure Shell) stellt den Zugang zu anderen Rechnern her. Es
151 ersetzt telnet, rlogin, rexec und rsh und stellt eine sichere,
152 verschlüsselte Verbindung zwischen zwei nicht vertrauenswürdigen Hosts
153 über eine unsicheres Netzwerk her. X11 Verbindungen und beliebige
154 andere TCP/IP Ports können ebenso über den sicheren Channel
155 weitergeleitet werden.
157 %description -l es.UTF-8
158 SSH es un programa para accesar y ejecutar órdenes en computadores
159 remotos. Sustituye rlogin y rsh, y suministra un canal de comunicación
160 seguro entre dos servidores en una red insegura. Conexiones X11 y
161 puertas TCP/IP arbitrárias también pueden ser usadas por el canal
164 OpenSSH es el resultado del trabajo del equipo de OpenBSD para
165 continuar la última versión gratuita de SSH, actualizándolo en
166 términos de seguridad y recursos,así también eliminando todos los
167 algoritmos patentados y colocándolos en bibliotecas separadas
170 Este paquete contiene "port" para Linux de OpenSSH. Se debe instalar
171 también el paquete openssh-clients u openssh-server o ambos.
173 %description -l fr.UTF-8
174 OpenSSH (Secure Shell) fournit un accès à un système distant. Il
175 remplace telnet, rlogin, rexec et rsh, tout en assurant des
176 communications cryptées securisées entre deux hôtes non fiabilisés sur
177 un réseau non sécurisé. Des connexions X11 et des ports TCP/IP
178 arbitraires peuvent également être transmis sur le canal sécurisé.
180 %description -l it.UTF-8
181 OpenSSH (Secure Shell) fornisce l'accesso ad un sistema remoto.
182 Sostituisce telnet, rlogin, rexec, e rsh, e fornisce comunicazioni
183 sicure e crittate tra due host non fidati su una rete non sicura. Le
184 connessioni X11 ad una porta TCP/IP arbitraria possono essere
185 inoltrate attraverso un canale sicuro.
187 %description -l pl.UTF-8
188 Ssh (Secure Shell) to program służący do logowania się na zdalną
189 maszynę i uruchamiania na niej aplikacji. W zamierzeniu openssh ma
190 zastąpić rlogin, rsh i dostarczyć bezpieczne, szyfrowane połączenie
191 pomiędzy dwoma hostami.
193 Ten pakiet zawiera podstawowe pliki potrzebne zarówno po stronie
194 klienta jak i serwera OpenSSH. Aby był użyteczny, trzeba zainstalować
195 co najmniej jeden z pakietów: openssh-clients lub openssh-server.
198 Ta wersja zawiera łaty z projektu High Performance SSH/SCP
199 http://www.psc.edu/networking/projects/hpn-ssh/, które mają na celu
200 zwiększenie przepustowości transmisji dla szybkich połączeń z dużym
201 RTT (20-150 msec). Na stronie projektu znaleźć można odpowednie dla
202 danego połączenia wartości parametru '-w' oraz opcje /proc/sys dla
203 TCP. Nawiasem mówiąc w sieciach LAN RTT < 1 msec.
206 %description -l pt.UTF-8
207 OpenSSH (Secure Shell) fornece acesso a um sistema remoto. Substitui o
208 telnet, rlogin, rexec, e o rsh e fornece comunicações seguras e
209 cifradas entre duas máquinas sem confiança mútua sobre uma rede
210 insegura. Ligações X11 e portos TCP/IP arbitrários também poder ser
211 reenviados pelo canal seguro.
213 %description -l pt_BR.UTF-8
214 SSH é um programa para acessar e executar comandos em máquinas
215 remotas. Ele substitui rlogin e rsh, e provem um canal de comunicação
216 seguro entre dois hosts em uma rede insegura. Conexões X11 e portas
217 TCP/IP arbitrárias também podem ser usadas pelo canal seguro.
219 OpenSSH é o resultado do trabalho da equipe do OpenBSD em continuar a
220 última versão gratuita do SSH, atualizando-o em termos de segurança e
221 recursos, assim como removendo todos os algoritmos patenteados e
222 colocando-os em bibliotecas separadas (OpenSSL).
224 Esse pacote contém o "port" pra Linux do OpenSSH. Você deve instalar
225 também ou o pacote openssh-clients, ou o openssh-server, ou ambos.
227 %description -l ru.UTF-8
228 Ssh (Secure Shell) - это программа для "захода" (login) на удаленную
229 машину и для выполнения команд на удаленной машине. Она предназначена
230 для замены rlogin и rsh и обеспечивает безопасную шифрованную
231 коммуникацию между двумя хостами в сети, являющейся небезопасной.
232 Соединения X11 и любые порты TCP/IP могут также быть проведены через
235 OpenSSH - это переделка командой разработчиков OpenBSD последней
236 свободной версии SSH, доведенная до современного состояния в терминах
237 уровня безопасности и поддерживаемых возможностей. Все патентованные
238 алгоритмы вынесены в отдельные библиотеки (OpenSSL).
240 Этот пакет содержит файлы, необходимые как для клиента, так и для
241 сервера OpenSSH. Вам нужно будет установить еще openssh-clients,
242 openssh-server, или оба пакета.
244 %description -l uk.UTF-8
245 Ssh (Secure Shell) - це програма для "заходу" (login) до віддаленої
246 машини та для виконання команд на віддаленій машині. Вона призначена
247 для заміни rlogin та rsh і забезпечує безпечну шифровану комунікацію
248 між двома хостами в мережі, яка не є безпечною. З'єднання X11 та
249 довільні порти TCP/IP можуть також бути проведені через безпечний
252 OpenSSH - це переробка командою розробників OpenBSD останньої вільної
253 версії SSH, доведена до сучасного стану в термінах рівня безпеки та
254 підтримуваних можливостей. Всі патентовані алгоритми винесені до
255 окремих бібліотек (OpenSSL).
257 Цей пакет містить файли, необхідні як для клієнта, так і для сервера
258 OpenSSH. Вам потрібно буде ще встановити openssh-clients,
259 openssh-server, чи обидва пакети.
262 Summary: OpenSSH Secure Shell protocol clients
263 Summary(es.UTF-8): Clientes de OpenSSH
264 Summary(pl.UTF-8): Klienci protokołu Secure Shell
265 Summary(pt_BR.UTF-8): Clientes do OpenSSH
266 Summary(ru.UTF-8): OpenSSH - клиенты протокола Secure Shell
267 Summary(uk.UTF-8): OpenSSH - клієнти протоколу Secure Shell
268 Group: Applications/Networking
270 Suggests: %{name}-clients-helper-fido = %{epoch}:%{version}-%{release}
271 Provides: ssh-clients
272 Obsoletes: ssh-clients
273 %requires_eq_to openssl openssl-devel
276 Ssh (Secure Shell) a program for logging into a remote machine and for
277 executing commands in a remote machine. It is intended to replace
278 rlogin and rsh, and provide secure encrypted communications between
279 two untrusted hosts over an insecure network. X11 connections and
280 arbitrary TCP/IP ports can also be forwarded over the secure channel.
282 OpenSSH is OpenBSD's rework of the last free version of SSH, bringing
283 it up to date in terms of security and features, as well as removing
284 all patented algorithms to seperate libraries (OpenSSL).
286 This package includes the clients necessary to make encrypted
287 connections to SSH servers.
289 %description clients -l es.UTF-8
290 Este paquete incluye los clientes que se necesitan para hacer
291 conexiones codificadas con servidores SSH.
293 %description clients -l pl.UTF-8
294 Ssh (Secure Shell) to program służący do logowania się na zdalną
295 maszynę i uruchamiania na niej aplikacji. W zamierzeniu openssh ma
296 zastąpić rlogin, rsh i dostarczyć bezpieczne, szyfrowane połączenie
297 pomiędzy dwoma hostami.
299 Ten pakiet zawiera klientów służących do łączenia się z serwerami SSH.
301 %description clients -l pt_BR.UTF-8
302 Esse pacote inclui os clientes necessários para fazer conexões
303 encriptadas com servidores SSH.
305 %description clients -l ru.UTF-8
306 Ssh (Secure Shell) - это программа для "захода" (login) на удаленную
307 машину и для выполнения команд на удаленной машине.
309 Этот пакет содержит программы-клиенты, необходимые для установления
310 зашифрованных соединений с серверами SSH.
312 %description clients -l uk.UTF-8
313 Ssh (Secure Shell) - це програма для "заходу" (login) до віддаленої
314 машини та для виконання команд на віддаленій машині.
316 Цей пакет містить програми-клієнти, необхідні для встановлення
317 зашифрованих з'єднань з серверами SSH.
319 %package clients-agent-profile_d
320 Summary: OpenSSH Secure Shell agent init script
321 Summary(pl.UTF-8): Skrypt startowy agenta OpenSSH
322 Group: Applications/Networking
323 Requires: %{name}-clients = %{epoch}:%{version}-%{release}
325 %description clients-agent-profile_d
326 profile.d scripts for starting SSH agent.
328 %description clients-agent-profile_d -l pl.UTF-8
329 Skrypty profile.d do uruchamiania agenta SSH.
331 %package clients-agent-xinitrc
332 Summary: OpenSSH Secure Shell agent init script
333 Summary(pl.UTF-8): Skrypt inicjujący agenta ssh przez xinitrc
334 Group: Applications/Networking
335 Requires: %{name}-clients-agent-profile_d = %{epoch}:%{version}-%{release}
338 %description clients-agent-xinitrc
339 xinitrc scripts for starting SSH agent.
341 %description clients-agent-xinitrc -l pl.UTF-8
342 Skrypty xinitrc do uruchamiania agenta SSH.
344 %package clients-helper-fido
345 Summary: OpenSSH helper for FIDO authenticator
346 Summary(pl.UTF-8): OpenSSH helper obsługujący klucz autoryzujący FIDO
347 Group: Applications/Networking
348 Requires: %{name}-clients = %{epoch}:%{version}-%{release}
349 Requires: libfido2 >= 1.5.0
351 %description clients-helper-fido
352 OpenSSH helper for FIDO authenticator.
354 %description clients-helper-fido -l pl.UTF-8
355 OpenSSH helper obsługujący klucz autoryzujący FIDO.
358 Summary: OpenSSH Secure Shell protocol server (sshd)
359 Summary(de.UTF-8): OpenSSH Secure Shell Protocol-Server (sshd)
360 Summary(es.UTF-8): Servidor OpenSSH para comunicaciones codificadas
361 Summary(fr.UTF-8): Serveur de protocole du shell sécurisé OpenSSH (sshd)
362 Summary(it.UTF-8): Server OpenSSH per il protocollo Secure Shell (sshd)
363 Summary(pl.UTF-8): Serwer protokołu Secure Shell (sshd)
364 Summary(pt.UTF-8): Servidor do protocolo 'Secure Shell' OpenSSH (sshd)
365 Summary(pt_BR.UTF-8): Servidor OpenSSH para comunicações encriptadas
366 Summary(ru.UTF-8): OpenSSH - сервер протокола Secure Shell (sshd)
367 Summary(uk.UTF-8): OpenSSH - сервер протоколу Secure Shell (sshd)
368 Group: Networking/Daemons
369 Requires(post): /sbin/chkconfig
371 Requires(post,preun): /sbin/chkconfig
372 Requires(postun): /usr/sbin/userdel
373 Requires(pre): /bin/id
374 Requires(pre): /usr/sbin/useradd
375 Requires(post,preun,postun): systemd-units >= 38
376 Requires: %{name} = %{epoch}:%{version}-%{release}
377 Requires: pam >= %{pam_ver}
378 Requires: rc-scripts >= 0.4.3.0
379 Requires: systemd-units >= 38
380 %{?with_libseccomp:Requires: uname(release) >= 3.5}
382 %{?with_ldap:Suggests: %{name}-server-ldap}
384 Suggests: xorg-app-xauth
387 %requires_eq_to openssl openssl-devel
390 Ssh (Secure Shell) a program for logging into a remote machine and for
391 executing commands in a remote machine. It is intended to replace
392 rlogin and rsh, and provide secure encrypted communications between
393 two untrusted hosts over an insecure network. X11 connections and
394 arbitrary TCP/IP ports can also be forwarded over the secure channel.
396 OpenSSH is OpenBSD's rework of the last free version of SSH, bringing
397 it up to date in terms of security and features, as well as removing
398 all patented algorithms to seperate libraries (OpenSSL).
400 This package contains the secure shell daemon. The sshd is the server
401 part of the secure shell protocol and allows ssh clients to connect to
404 %description server -l de.UTF-8
405 Dieses Paket installiert den sshd, den Server-Teil der OpenSSH.
407 %description server -l es.UTF-8
408 Este paquete contiene el servidor SSH. sshd es la parte servidor del
409 protocolo secure shell y permite que clientes ssh se conecten a su
412 %description server -l fr.UTF-8
413 Ce paquetage installe le 'sshd', partie serveur de OpenSSH.
415 %description server -l it.UTF-8
416 Questo pacchetto installa sshd, il server di OpenSSH.
418 %description server -l pl.UTF-8
419 Ssh (Secure Shell) to program służący do logowania się na zdalną
420 maszynę i uruchamiania na niej aplikacji. W zamierzeniu openssh ma
421 zastąpić rlogin, rsh i dostarczyć bezpieczne, szyfrowane połączenie
422 pomiędzy dwoma hostami.
424 Ten pakiet zawiera serwer sshd (do którego mogą łączyć się klienci
427 %description server -l pt.UTF-8
428 Este pacote intala o sshd, o servidor do OpenSSH.
430 %description server -l pt_BR.UTF-8
431 Esse pacote contém o servidor SSH. O sshd é a parte servidor do
432 protocolo secure shell e permite que clientes ssh se conectem ao seu
435 %description server -l ru.UTF-8
436 Ssh (Secure Shell) - это программа для "захода" (login) на удаленную
437 машину и для выполнения команд на удаленной машине.
439 Этот пакет содержит sshd - "демон" Secure Shell. sshd - это серверная
440 часть протокола Secure Shell, позволяющая клиентам ssh соединяться с
443 %description server -l uk.UTF-8
444 Ssh (Secure Shell) - це програма для "заходу" (login) до віддаленої
445 машини та для виконання команд на віддаленій машині.
447 Цей пакет містить sshd - "демон" Secure Shell. sshd - це серверна
448 частина протоколу Secure Shell, яка дозволяє клієнтам ssh зв'язуватись
452 Summary: A LDAP support for open source SSH server daemon
453 Summary(pl.UTF-8): Wsparcie LDAP dla serwera OpenSSH
455 Requires: %{name} = %{epoch}:%{version}-%{release}
456 Requires: openldap-nss-config
458 %description server-ldap
459 OpenSSH LDAP backend is a way how to distribute the authorized tokens
460 among the servers in the network.
462 %description server-ldap -l pl.UTF-8
463 Backend LDAP dla OpenSSH to metoda rozprowadzania autoryzowanych
464 tokenów między serwerami w sieci.
466 %package gnome-askpass
467 Summary: OpenSSH GNOME passphrase dialog
468 Summary(de.UTF-8): OpenSSH GNOME Passwort-Dialog
469 Summary(es.UTF-8): Diálogo para introducción de passphrase para GNOME
470 Summary(fr.UTF-8): Dialogue pass-phrase GNOME d'OpenSSH
471 Summary(it.UTF-8): Finestra di dialogo GNOME per la frase segreta di OpenSSH
472 Summary(pl.UTF-8): Odpytywacz hasła OpenSSH dla GNOME
473 Summary(pt.UTF-8): Diálogo de pedido de senha para GNOME do OpenSSH
474 Summary(pt_BR.UTF-8): Diálogo para entrada de passphrase para GNOME
475 Summary(ru.UTF-8): OpenSSH - диалог ввода ключевой фразы (passphrase) для GNOME
476 Summary(uk.UTF-8): OpenSSH - діалог вводу ключової фрази (passphrase) для GNOME
477 Group: Applications/Networking
478 Requires: %{name} = %{epoch}:%{version}-%{release}
479 Obsoletes: openssh-askpass
480 Obsoletes: ssh-askpass
481 Obsoletes: ssh-extras
483 %description gnome-askpass
484 Ssh (Secure Shell) a program for logging into a remote machine and for
485 executing commands in a remote machine. It is intended to replace
486 rlogin and rsh, and provide secure encrypted communications between
487 two untrusted hosts over an insecure network. X11 connections and
488 arbitrary TCP/IP ports can also be forwarded over the secure channel.
490 OpenSSH is OpenBSD's rework of the last free version of SSH, bringing
491 it up to date in terms of security and features, as well as removing
492 all patented algorithms to seperate libraries (OpenSSL).
494 This package contains the GNOME passphrase dialog.
496 %description gnome-askpass -l es.UTF-8
497 Este paquete contiene un programa que abre una caja de diálogo para
498 entrada de passphrase en GNOME.
500 %description gnome-askpass -l pl.UTF-8
501 Ssh (Secure Shell) to program służący do logowania się na zdalną
502 maszynę i uruchamiania na niej aplikacji. W zamierzeniu openssh ma
503 zastąpić rlogin, rsh i dostarczyć bezpieczne, szyfrowane połączenie
504 pomiędzy dwoma hostami.
506 Ten pakiet zawiera ,,odpytywacz hasła'' dla GNOME.
508 %description gnome-askpass -l pt_BR.UTF-8
509 Esse pacote contém um programa que abre uma caixa de diálogo para
510 entrada de passphrase no GNOME.
512 %description gnome-askpass -l ru.UTF-8
513 Ssh (Secure Shell) - это программа для "захода" (login) на удаленную
514 машину и для выполнения команд на удаленной машине.
516 Этот пакет содержит диалог ввода ключевой фразы для использования под
519 %description gnome-askpass -l uk.UTF-8
520 Ssh (Secure Shell) - це програма для "заходу" (login) до віддаленої
521 машини та для виконання команд на віддаленій машині.
523 Цей пакет містить діалог вводу ключової фрази для використання під
526 %package -n openldap-schema-openssh-lpk
527 Summary: OpenSSH LDAP Public Key schema
528 Summary(pl.UTF-8): Schemat klucza publicznego LDAP dla OpenSSH
529 Group: Networking/Daemons
530 Requires(post,postun): sed >= 4.0
531 Requires: openldap-servers
534 %description -n openldap-schema-openssh-lpk
535 This package contains OpenSSH LDAP Public Key schema for openldap.
537 %description -n openldap-schema-openssh-lpk -l pl.UTF-8
538 Ten pakiet zawiera schemat klucza publicznego LDAP dla OpenSSH dla
553 %{?with_hpn:%patch9 -p1}
560 %{!?with_ldap:%patch15 -p1}
563 %if "%{pld_release}" == "ac"
564 # fix for missing x11.pc
565 %{__sed} -i -e 's/\(`$(PKG_CONFIG) --libs gtk+-2.0\) x11`/\1` -lX11/' contrib/Makefile
568 # hack since arc4random from openbsd-compat needs symbols from libssh and vice versa
569 sed -i -e 's#-lssh -lopenbsd-compat#-lssh -lopenbsd-compat -lssh -lopenbsd-compat#g' Makefile*
571 grep -rl /usr/libexec/openssh/ssh-ldap-helper . | xargs \
572 %{__sed} -i -e 's,/usr/libexec/openssh/ssh-ldap-helper,%{_libexecdir}/ssh-ldap-helper,'
574 # prevent being ovewritten by aclocal calls
575 %{__mv} aclocal.m4 acinclude.m4
581 CPPFLAGS="%{rpmcppflags} -DCHROOT -std=gnu99"
588 %{?with_audit:--with-audit=linux} \
589 --with-ipaddr-display \
590 %{?with_kerberos5:--with-kerberos5=/usr} \
591 --with-ldap%{!?with_ldap:=no} \
592 %{?with_ldns:--with-ldns} \
593 %{?with_libedit:--with-libedit} \
595 --with-md5-passwords \
597 --with-pid-dir=%{_localstatedir}/run \
598 --with-privsep-path=%{_privsepdir} \
599 --with-privsep-user=sshd \
600 --with-security-key-builtin \
601 %{?with_selinux:--with-selinux} \
602 %if "%{pld_release}" == "ac"
603 --with-xauth=/usr/X11R6/bin/xauth
605 %if %{with libseccomp}
606 --with-sandbox=seccomp_filter \
608 --with-sandbox=rlimit \
610 --with-xauth=%{_bindir}/xauth
613 echo '#define LOGIN_PROGRAM "/bin/login"' >>config.h
618 %{__make} -j1 tests \
619 TEST_SSH_PORT=$((4242 + ${RANDOM:-$$} % 1000)) \
620 TEST_SSH_TRACE="yes" \
621 %if %{without tests_conch}
622 SKIP_LTESTS="conch-ciphers"
628 %{__make} gnome-ssh-askpass1 \
629 CC="%{__cc} %{rpmldflags} %{rpmcflags}"
632 %{__make} gnome-ssh-askpass2 \
633 CC="%{__cc} %{rpmldflags} %{rpmcflags}"
637 rm -rf $RPM_BUILD_ROOT
638 install -d $RPM_BUILD_ROOT{%{_sysconfdir},/etc/{pam.d,rc.d/init.d,sysconfig,security,env.d}} \
639 $RPM_BUILD_ROOT{%{_libexecdir}/ssh,%{schemadir},%{systemdunitdir}}
640 install -d $RPM_BUILD_ROOT/etc/{profile.d,X11/xinit/xinitrc.d}
643 DESTDIR=$RPM_BUILD_ROOT
645 bzip2 -dc %{SOURCE1} | tar xf - -C $RPM_BUILD_ROOT%{_mandir}
647 install -p %{SOURCE2} $RPM_BUILD_ROOT/etc/rc.d/init.d/sshd
648 cp -p %{SOURCE3} $RPM_BUILD_ROOT/etc/pam.d/sshd
649 cp -p %{SOURCE4} $RPM_BUILD_ROOT/etc/sysconfig/sshd
650 cp -p %{SOURCE5} $RPM_BUILD_ROOT/etc/profile.d
651 ln -sf /etc/profile.d/ssh-agent.sh $RPM_BUILD_ROOT/etc/X11/xinit/xinitrc.d/ssh-agent.sh
652 cp -p %{SOURCE6} $RPM_BUILD_ROOT%{_sysconfdir}
653 cp -p %{SOURCE7} $RPM_BUILD_ROOT%{schemadir}
655 cp -p %{SOURCE9} %{SOURCE11} %{SOURCE12} $RPM_BUILD_ROOT%{systemdunitdir}
656 install -p %{SOURCE10} $RPM_BUILD_ROOT%{_libexecdir}/sshd-keygen
658 %{__sed} -i -e 's|@@LIBEXECDIR@@|%{_libexecdir}|g' \
659 $RPM_BUILD_ROOT/etc/rc.d/init.d/sshd \
660 $RPM_BUILD_ROOT%{systemdunitdir}/sshd.service \
661 $RPM_BUILD_ROOT%{systemdunitdir}/sshd@.service \
662 $RPM_BUILD_ROOT%{_libexecdir}/sshd-keygen
665 install -p contrib/gnome-ssh-askpass1 $RPM_BUILD_ROOT%{_libexecdir}/ssh/ssh-askpass
668 install -p contrib/gnome-ssh-askpass2 $RPM_BUILD_ROOT%{_libexecdir}/ssh/ssh-askpass
670 %if %{with gnome} || %{with gtk}
671 cat << 'EOF' >$RPM_BUILD_ROOT/etc/env.d/GNOME_SSH_ASKPASS_GRAB_SERVER
672 #GNOME_SSH_ASKPASS_GRAB_SERVER="true"
674 cat << 'EOF' >$RPM_BUILD_ROOT/etc/env.d/GNOME_SSH_ASKPASS_GRAB_POINTER
675 #GNOME_SSH_ASKPASS_GRAB_POINTER="true"
677 ln -s %{_libexecdir}/ssh/ssh-askpass $RPM_BUILD_ROOT%{_libexecdir}/ssh-askpass
680 install -p contrib/ssh-copy-id $RPM_BUILD_ROOT%{_bindir}
681 cp -p contrib/ssh-copy-id.1 $RPM_BUILD_ROOT%{_mandir}/man1
683 touch $RPM_BUILD_ROOT/etc/security/blacklist.sshd
685 cat << 'EOF' > $RPM_BUILD_ROOT/etc/env.d/SSH_ASKPASS
686 #SSH_ASKPASS="%{_libexecdir}/ssh-askpass"
689 %if "%{pld_release}" == "ac"
690 # not present in ac, no point searching it
691 %{__sed} -i -e '/pam_keyinit.so/d' $RPM_BUILD_ROOT/etc/pam.d/sshd
692 # openssl on ac does not have OPENSSL_HAS_ECC
693 %{__sed} -i -e '/ecdsa/d' $RPM_BUILD_ROOT%{_libexecdir}/sshd-keygen
697 # remove recording user's login uid to the process attribute
698 %{__sed} -i -e '/pam_loginuid.so/d' $RPM_BUILD_ROOT/etc/pam.d/sshd
701 %{__rm} $RPM_BUILD_ROOT%{_mandir}/README.openssh-non-english-man-pages
702 %{?with_ldap:%{__rm} $RPM_BUILD_ROOT%{_sysconfdir}/ldap.conf}
705 rm -rf $RPM_BUILD_ROOT
716 %postun gnome-askpass
720 %useradd -P %{name}-server -u 40 -d %{_privsepdir} -s /bin/false -c "OpenSSH PrivSep User" -g nobody sshd
723 /sbin/chkconfig --add sshd
724 %service sshd reload "OpenSSH Daemon"
726 %systemd_post sshd.service
729 if [ "$1" = "0" ]; then
731 /sbin/chkconfig --del sshd
733 %systemd_preun sshd.service
736 if [ "$1" = "0" ]; then
741 %triggerpostun server -- %{name}-server < 2:7.0p1-2
742 %banner %{name}-server -e << EOF
743 !!!!!!!!!!!!!!!!!!!!!!! WARNING !!!!!!!!!!!!!!!!!!!
744 ! Starting from openssh 7.0 DSA keys are disabled !
745 ! on server and client side. You will NOT be able !
746 ! to use DSA keys for authentication. Please read !
747 ! about PubkeyAcceptedKeyTypes in man ssh_config. !
748 !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
751 %triggerpostun server -- %{name}-server < 6.2p1-1
752 cp -f %{_sysconfdir}/sshd_config{,.rpmorig}
753 sed -i -e 's#AuthorizedKeysCommandRunAs#AuthorizedKeysCommandUser##g' %{_sysconfdir}/sshd_config
755 %triggerpostun server -- %{name}-server < 2:5.9p1-8
756 # lpk.patch to ldap.patch
757 if grep -qE '^(UseLPK|Lpk)' %{_sysconfdir}/sshd_config; then
758 echo >&2 "Migrating LPK patch to LDAP patch"
759 cp -f %{_sysconfdir}/sshd_config{,.rpmorig}
761 # disable old configs
762 # just UseLPK/LkpLdapConf supported for now
763 s/^\s*UseLPK/## Obsolete &/
764 s/^\s*Lpk/## Obsolete &/
765 # Enable new ones, assumes /etc/ldap.conf defaults, see HOWTO.ldap-keys
766 /UseLPK/iAuthorizedKeysCommand %{_libexecdir}/ssh-ldap-wrapper
767 ' %{_sysconfdir}/sshd_config
768 if [ ! -x /bin/systemd_booted ] || ! /bin/systemd_booted; then
769 /bin/systemctl try-restart sshd.service || :
771 %service -q sshd reload
774 %systemd_trigger sshd.service
775 if [ -x /bin/systemd_booted ] && /bin/systemd_booted; then
776 %banner %{name}-server -e << EOF
777 !!!!!!!!!!!!!!!!!!!!!!! WARNING !!!!!!!!!!!!!!!!!!!!!!!!!
778 ! Native systemd support for sshd has been installed. !
779 ! Restarting sshd.service with systemctl WILL kill all !
780 ! active ssh sessions (daemon as such will be started). !
781 !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
785 %post -n openldap-schema-openssh-lpk
786 %openldap_schema_register %{schemadir}/openssh-lpk.schema
787 %service -q ldap restart
789 %postun -n openldap-schema-openssh-lpk
790 if [ "$1" = "0" ]; then
791 %openldap_schema_unregister %{schemadir}/openssh-lpk.schema
792 %service -q ldap restart
796 %defattr(644,root,root,755)
797 %doc TODO README OVERVIEW CREDITS Change*
798 %attr(755,root,root) %{_bindir}/ssh-key*
799 #%attr(755,root,root) %{_bindir}/ssh-vulnkey*
800 %{_mandir}/man1/ssh-key*.1*
801 #%{_mandir}/man1/ssh-vulnkey*.1*
806 %defattr(644,root,root,755)
807 %attr(755,root,root) %{_bindir}/ssh
808 %attr(755,root,root) %{_bindir}/sftp
809 %attr(755,root,root) %{_bindir}/ssh-agent
810 %attr(755,root,root) %{_bindir}/ssh-add
811 %attr(755,root,root) %{_bindir}/ssh-copy-id
812 %attr(755,root,root) %{_bindir}/scp
813 %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/ssh_config
814 %config(noreplace,missingok) %verify(not md5 mtime size) /etc/env.d/SSH_ASKPASS
815 %{_mandir}/man1/scp.1*
816 %{_mandir}/man1/ssh.1*
817 %{_mandir}/man1/sftp.1*
818 %{_mandir}/man1/ssh-agent.1*
819 %{_mandir}/man1/ssh-add.1*
820 %{_mandir}/man1/ssh-copy-id.1*
821 %{_mandir}/man5/ssh_config.5*
822 %lang(it) %{_mandir}/it/man1/ssh.1*
823 %lang(it) %{_mandir}/it/man5/ssh_config.5*
824 %lang(pl) %{_mandir}/pl/man1/scp.1*
825 %lang(zh_CN) %{_mandir}/zh_CN/man1/scp.1*
827 # for host-based auth (suid required for accessing private host key)
828 #%attr(4755,root,root) %{_libexecdir}/ssh-keysign
829 #%{_mandir}/man8/ssh-keysign.8*
831 %files clients-agent-profile_d
832 %defattr(644,root,root,755)
833 %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/ssh-agent.conf
834 %attr(755,root,root) /etc/profile.d/ssh-agent.sh
836 %files clients-agent-xinitrc
837 %defattr(644,root,root,755)
838 %attr(755,root,root) /etc/X11/xinit/xinitrc.d/ssh-agent.sh
840 %files clients-helper-fido
841 %defattr(644,root,root,755)
842 %attr(755,root,root) %{_libexecdir}/ssh-sk-helper
843 %{_mandir}/man8/ssh-sk-helper.8*
846 %defattr(644,root,root,755)
847 %attr(755,root,root) %{_sbindir}/sshd
848 %attr(755,root,root) %{_libexecdir}/sftp-server
849 %attr(755,root,root) %{_libexecdir}/ssh-keysign
850 %attr(755,root,root) %{_libexecdir}/ssh-pkcs11-helper
851 %attr(755,root,root) %{_libexecdir}/sshd-keygen
852 %{_mandir}/man8/sshd.8*
853 %{_mandir}/man8/sftp-server.8*
854 %{_mandir}/man8/ssh-keysign.8*
855 %{_mandir}/man8/ssh-pkcs11-helper.8*
856 %{_mandir}/man5/sshd_config.5*
857 %{_mandir}/man5/moduli.5*
858 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/sshd_config
859 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/pam.d/sshd
860 %{_sysconfdir}/moduli
861 %attr(754,root,root) /etc/rc.d/init.d/sshd
862 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/sysconfig/sshd
863 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/security/blacklist.sshd
864 %{systemdunitdir}/sshd.service
865 %{systemdunitdir}/sshd.socket
866 %{systemdunitdir}/sshd@.service
870 %defattr(644,root,root,755)
871 %doc HOWTO.ldap-keys ldap.conf
872 %attr(755,root,root) %{_libexecdir}/ssh-ldap-helper
873 %attr(755,root,root) %{_libexecdir}/ssh-ldap-wrapper
874 %{_mandir}/man5/ssh-ldap.conf.5*
875 %{_mandir}/man8/ssh-ldap-helper.8*
878 %if %{with gnome} || %{with gtk}
880 %defattr(644,root,root,755)
881 %config(noreplace,missingok) %verify(not md5 mtime size) /etc/env.d/GNOME_SSH_ASKPASS*
882 %dir %{_libexecdir}/ssh
883 %attr(755,root,root) %{_libexecdir}/ssh/ssh-askpass
884 %attr(755,root,root) %{_libexecdir}/ssh-askpass
888 %files -n openldap-schema-openssh-lpk
889 %defattr(644,root,root,755)
890 %{schemadir}/openssh-lpk.schema