2 # - add trigger to enable this:
3 # * sshd(8): This release turns on pre-auth sandboxing sshd by default for
4 # new installs, by setting UsePrivilegeSeparation=sandbox in sshd_config.
7 %bcond_without audit # sshd audit support
8 %bcond_with gnome # with gnome-askpass (GNOME 1.x) utility
9 %bcond_without gtk # without GTK+ (2.x)
10 %bcond_without ldap # with ldap support
11 %bcond_without libedit # without libedit (editline/history support in sftp client)
12 %bcond_without kerberos5 # without kerberos5 support
13 %bcond_without selinux # build without SELinux support
14 %bcond_with hpn # High Performance SSH/SCP - HPN-SSH including Cipher NONE (broken too often)
17 # gtk2-based gnome-askpass means no gnome1-based
18 %{?with_gtk:%undefine with_gnome}
20 %if "%{pld_release}" == "ac"
21 %define pam_ver 0.79.0
23 %define pam_ver 1:1.1.8-5
25 Summary: OpenSSH free Secure Shell (SSH) implementation
26 Summary(de.UTF-8): OpenSSH - freie Implementation der Secure Shell (SSH)
27 Summary(es.UTF-8): Implementación libre de SSH
28 Summary(fr.UTF-8): Implémentation libre du shell sécurisé OpenSSH (SSH)
29 Summary(it.UTF-8): Implementazione gratuita OpenSSH della Secure Shell
30 Summary(pl.UTF-8): Publicznie dostępna implementacja bezpiecznego shella (SSH)
31 Summary(pt.UTF-8): Implementação livre OpenSSH do protocolo 'Secure Shell' (SSH)
32 Summary(pt_BR.UTF-8): Implementação livre do SSH
33 Summary(ru.UTF-8): OpenSSH - свободная реализация протокола Secure Shell (SSH)
34 Summary(uk.UTF-8): OpenSSH - вільна реалізація протоколу Secure Shell (SSH)
40 Group: Applications/Networking
41 Source0: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/%{name}-%{version}.tar.gz
42 # Source0-md5: 08f72de6751acfbd0892b5f003922701
43 Source1: http://www.mif.pg.gda.pl/homepages/ankry/man-PLD/%{name}-non-english-man-pages.tar.bz2
44 # Source1-md5: 66943d481cc422512b537bcc2c7400d1
45 Source2: %{name}d.init
46 Source3: %{name}d.pamd
47 Source4: %{name}.sysconfig
49 Source6: ssh-agent.conf
50 Source7: %{name}-lpk.schema
51 Source8: %{name}d.upstart
55 Source12: sshd@.service
56 Patch0: %{name}-no_libnsl.patch
57 Patch2: %{name}-pam_misc.patch
58 Patch3: %{name}-sigpipe.patch
59 # http://pkgs.fedoraproject.org/gitweb/?p=openssh.git;a=tree
60 Patch4: %{name}-ldap.patch
61 Patch5: %{name}-ldap-fixes.patch
62 Patch6: ldap.conf.patch
63 Patch7: %{name}-config.patch
64 Patch8: ldap-helper-sigpipe.patch
65 # High Performance SSH/SCP - HPN-SSH - http://www.psc.edu/networking/projects/hpn-ssh/
66 # http://www.psc.edu/networking/projects/hpn-ssh/openssh-5.2p1-hpn13v6.diff.gz
67 Patch9: %{name}-5.2p1-hpn13v6.diff
68 Patch10: %{name}-include.patch
69 Patch11: %{name}-chroot.patch
71 Patch14: %{name}-bind.patch
72 Patch15: %{name}-disable_ldap.patch
73 Patch16: libseccomp-sandbox.patch
74 URL: http://www.openssh.com/portable.html
75 BuildRequires: %{__perl}
76 %{?with_tests:BuildRequires: %{name}-server}
77 %{?with_audit:BuildRequires: audit-libs-devel}
78 BuildRequires: autoconf >= 2.50
79 BuildRequires: automake
80 %{?with_gnome:BuildRequires: gnome-libs-devel}
81 %{?with_gtk:BuildRequires: gtk+2-devel}
82 %{?with_kerberos5:BuildRequires: heimdal-devel >= 0.7}
83 %{?with_libedit:BuildRequires: libedit-devel}
84 BuildRequires: libseccomp-devel
85 %{?with_selinux:BuildRequires: libselinux-devel}
86 %{?with_ldap:BuildRequires: openldap-devel}
87 BuildRequires: openssl-devel >= 0.9.8f
88 BuildRequires: pam-devel
89 %{?with_gtk:BuildRequires: pkgconfig}
90 BuildRequires: rpm >= 4.4.9-56
91 BuildRequires: rpmbuild(macros) >= 1.627
92 BuildRequires: sed >= 4.0
93 # libseccomp based sandbox requires NO_NEW_PRIVS prctl flag
94 %{?with_tests:BuildRequires: uname(release) >= 3.5}
95 BuildRequires: zlib-devel >= 1.2.3
96 Requires: zlib >= 1.2.3
97 %if "%{pld_release}" == "ac"
98 Requires: filesystem >= 2.0-1
99 Requires: pam >= 0.79.0
101 Requires: filesystem >= 3.0-11
102 Requires: pam >= %{pam_ver}
103 Suggests: xorg-app-xauth
106 BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
108 %define _sysconfdir /etc/ssh
109 %define _libexecdir %{_libdir}/%{name}
110 %define _privsepdir /usr/share/empty
111 %define schemadir /usr/share/openldap/schema
114 Ssh (Secure Shell) a program for logging into a remote machine and for
115 executing commands in a remote machine. It is intended to replace
116 rlogin and rsh, and provide secure encrypted communications between
117 two untrusted hosts over an insecure network. X11 connections and
118 arbitrary TCP/IP ports can also be forwarded over the secure channel.
120 OpenSSH is OpenBSD's rework of the last free version of SSH, bringing
121 it up to date in terms of security and features, as well as removing
122 all patented algorithms to seperate libraries (OpenSSL).
124 This package includes the core files necessary for both the OpenSSH
125 client and server. To make this package useful, you should also
126 install openssh-clients, openssh-server, or both.
129 This release includes High Performance SSH/SCP patches from
130 http://www.psc.edu/networking/projects/hpn-ssh/ which are supposed to
131 increase throughput on fast connections with high RTT (20-150 msec).
132 See the website for '-w' values for your connection and /proc/sys TCP
133 values. BTW. in a LAN you have got generally RTT < 1 msec.
136 %description -l de.UTF-8
137 OpenSSH (Secure Shell) stellt den Zugang zu anderen Rechnern her. Es
138 ersetzt telnet, rlogin, rexec und rsh und stellt eine sichere,
139 verschlüsselte Verbindung zwischen zwei nicht vertrauenswürdigen Hosts
140 über eine unsicheres Netzwerk her. X11 Verbindungen und beliebige
141 andere TCP/IP Ports können ebenso über den sicheren Channel
142 weitergeleitet werden.
144 %description -l es.UTF-8
145 SSH es un programa para accesar y ejecutar órdenes en computadores
146 remotos. Sustituye rlogin y rsh, y suministra un canal de comunicación
147 seguro entre dos servidores en una red insegura. Conexiones X11 y
148 puertas TCP/IP arbitrárias también pueden ser usadas por el canal
151 OpenSSH es el resultado del trabajo del equipo de OpenBSD para
152 continuar la última versión gratuita de SSH, actualizándolo en
153 términos de seguridad y recursos,así también eliminando todos los
154 algoritmos patentados y colocándolos en bibliotecas separadas
157 Este paquete contiene "port" para Linux de OpenSSH. Se debe instalar
158 también el paquete openssh-clients u openssh-server o ambos.
160 %description -l fr.UTF-8
161 OpenSSH (Secure Shell) fournit un accès à un système distant. Il
162 remplace telnet, rlogin, rexec et rsh, tout en assurant des
163 communications cryptées securisées entre deux hôtes non fiabilisés sur
164 un réseau non sécurisé. Des connexions X11 et des ports TCP/IP
165 arbitraires peuvent également être transmis sur le canal sécurisé.
167 %description -l it.UTF-8
168 OpenSSH (Secure Shell) fornisce l'accesso ad un sistema remoto.
169 Sostituisce telnet, rlogin, rexec, e rsh, e fornisce comunicazioni
170 sicure e crittate tra due host non fidati su una rete non sicura. Le
171 connessioni X11 ad una porta TCP/IP arbitraria possono essere
172 inoltrate attraverso un canale sicuro.
174 %description -l pl.UTF-8
175 Ssh (Secure Shell) to program służący do logowania się na zdalną
176 maszynę i uruchamiania na niej aplikacji. W zamierzeniu openssh ma
177 zastąpić rlogin, rsh i dostarczyć bezpieczne, szyfrowane połączenie
178 pomiędzy dwoma hostami.
180 Ten pakiet zawiera podstawowe pliki potrzebne zarówno po stronie
181 klienta jak i serwera OpenSSH. Aby był użyteczny, trzeba zainstalować
182 co najmniej jeden z pakietów: openssh-clients lub openssh-server.
185 Ta wersja zawiera łaty z projektu High Performance SSH/SCP
186 http://www.psc.edu/networking/projects/hpn-ssh/, które mają na celu
187 zwiększenie przepustowości transmisji dla szybkich połączeń z dużym
188 RTT (20-150 msec). Na stronie projektu znaleźć można odpowednie dla
189 danego połączenia wartości parametru '-w' oraz opcje /proc/sys dla
190 TCP. Nawiasem mówiąc w sieciach LAN RTT < 1 msec.
193 %description -l pt.UTF-8
194 OpenSSH (Secure Shell) fornece acesso a um sistema remoto. Substitui o
195 telnet, rlogin, rexec, e o rsh e fornece comunicações seguras e
196 cifradas entre duas máquinas sem confiança mútua sobre uma rede
197 insegura. Ligações X11 e portos TCP/IP arbitrários também poder ser
198 reenviados pelo canal seguro.
200 %description -l pt_BR.UTF-8
201 SSH é um programa para acessar e executar comandos em máquinas
202 remotas. Ele substitui rlogin e rsh, e provem um canal de comunicação
203 seguro entre dois hosts em uma rede insegura. Conexões X11 e portas
204 TCP/IP arbitrárias também podem ser usadas pelo canal seguro.
206 OpenSSH é o resultado do trabalho da equipe do OpenBSD em continuar a
207 última versão gratuita do SSH, atualizando-o em termos de segurança e
208 recursos, assim como removendo todos os algoritmos patenteados e
209 colocando-os em bibliotecas separadas (OpenSSL).
211 Esse pacote contém o "port" pra Linux do OpenSSH. Você deve instalar
212 também ou o pacote openssh-clients, ou o openssh-server, ou ambos.
214 %description -l ru.UTF-8
215 Ssh (Secure Shell) - это программа для "захода" (login) на удаленную
216 машину и для выполнения команд на удаленной машине. Она предназначена
217 для замены rlogin и rsh и обеспечивает безопасную шифрованную
218 коммуникацию между двумя хостами в сети, являющейся небезопасной.
219 Соединения X11 и любые порты TCP/IP могут также быть проведены через
222 OpenSSH - это переделка командой разработчиков OpenBSD последней
223 свободной версии SSH, доведенная до современного состояния в терминах
224 уровня безопасности и поддерживаемых возможностей. Все патентованные
225 алгоритмы вынесены в отдельные библиотеки (OpenSSL).
227 Этот пакет содержит файлы, необходимые как для клиента, так и для
228 сервера OpenSSH. Вам нужно будет установить еще openssh-clients,
229 openssh-server, или оба пакета.
231 %description -l uk.UTF-8
232 Ssh (Secure Shell) - це програма для "заходу" (login) до віддаленої
233 машини та для виконання команд на віддаленій машині. Вона призначена
234 для заміни rlogin та rsh і забезпечує безпечну шифровану комунікацію
235 між двома хостами в мережі, яка не є безпечною. З'єднання X11 та
236 довільні порти TCP/IP можуть також бути проведені через безпечний
239 OpenSSH - це переробка командою розробників OpenBSD останньої вільної
240 версії SSH, доведена до сучасного стану в термінах рівня безпеки та
241 підтримуваних можливостей. Всі патентовані алгоритми винесені до
242 окремих бібліотек (OpenSSL).
244 Цей пакет містить файли, необхідні як для клієнта, так і для сервера
245 OpenSSH. Вам потрібно буде ще встановити openssh-clients,
246 openssh-server, чи обидва пакети.
249 Summary: OpenSSH Secure Shell protocol clients
250 Summary(es.UTF-8): Clientes de OpenSSH
251 Summary(pl.UTF-8): Klienci protokołu Secure Shell
252 Summary(pt_BR.UTF-8): Clientes do OpenSSH
253 Summary(ru.UTF-8): OpenSSH - клиенты протокола Secure Shell
254 Summary(uk.UTF-8): OpenSSH - клієнти протоколу Secure Shell
255 Group: Applications/Networking
257 Provides: ssh-clients
258 Obsoletes: ssh-clients
259 %requires_eq_to openssl openssl-devel
262 Ssh (Secure Shell) a program for logging into a remote machine and for
263 executing commands in a remote machine. It is intended to replace
264 rlogin and rsh, and provide secure encrypted communications between
265 two untrusted hosts over an insecure network. X11 connections and
266 arbitrary TCP/IP ports can also be forwarded over the secure channel.
268 OpenSSH is OpenBSD's rework of the last free version of SSH, bringing
269 it up to date in terms of security and features, as well as removing
270 all patented algorithms to seperate libraries (OpenSSL).
272 This package includes the clients necessary to make encrypted
273 connections to SSH servers.
275 %description clients -l es.UTF-8
276 Este paquete incluye los clientes que se necesitan para hacer
277 conexiones codificadas con servidores SSH.
279 %description clients -l pl.UTF-8
280 Ssh (Secure Shell) to program służący do logowania się na zdalną
281 maszynę i uruchamiania na niej aplikacji. W zamierzeniu openssh ma
282 zastąpić rlogin, rsh i dostarczyć bezpieczne, szyfrowane połączenie
283 pomiędzy dwoma hostami.
285 Ten pakiet zawiera klientów służących do łączenia się z serwerami SSH.
287 %description clients -l pt_BR.UTF-8
288 Esse pacote inclui os clientes necessários para fazer conexões
289 encriptadas com servidores SSH.
291 %description clients -l ru.UTF-8
292 Ssh (Secure Shell) - это программа для "захода" (login) на удаленную
293 машину и для выполнения команд на удаленной машине.
295 Этот пакет содержит программы-клиенты, необходимые для установления
296 зашифрованных соединений с серверами SSH.
298 %description clients -l uk.UTF-8
299 Ssh (Secure Shell) - це програма для "заходу" (login) до віддаленої
300 машини та для виконання команд на віддаленій машині.
302 Цей пакет містить програми-клієнти, необхідні для встановлення
303 зашифрованих з'єднань з серверами SSH.
305 %package clients-agent-profile_d
306 Summary: OpenSSH Secure Shell agent init script
307 Summary(pl.UTF-8): Skrypt startowy agenta OpenSSH
308 Group: Applications/Networking
309 Requires: %{name}-clients = %{epoch}:%{version}-%{release}
311 %description clients-agent-profile_d
312 profile.d scripts for starting SSH agent.
314 %description clients-agent-profile_d -l pl.UTF-8
315 Skrypty profile.d do uruchamiania agenta SSH.
317 %package clients-agent-xinitrc
318 Summary: OpenSSH Secure Shell agent init script
319 Summary(pl.UTF-8): Skrypt inicjujący agenta ssh przez xinitrc
320 Group: Applications/Networking
321 Requires: %{name}-clients-agent-profile_d = %{epoch}:%{version}-%{release}
324 %description clients-agent-xinitrc
325 xinitrc scripts for starting SSH agent.
327 %description clients-agent-xinitrc -l pl.UTF-8
328 Skrypty xinitrc do uruchamiania agenta SSH.
331 Summary: OpenSSH Secure Shell protocol server (sshd)
332 Summary(de.UTF-8): OpenSSH Secure Shell Protocol-Server (sshd)
333 Summary(es.UTF-8): Servidor OpenSSH para comunicaciones codificadas
334 Summary(fr.UTF-8): Serveur de protocole du shell sécurisé OpenSSH (sshd)
335 Summary(it.UTF-8): Server OpenSSH per il protocollo Secure Shell (sshd)
336 Summary(pl.UTF-8): Serwer protokołu Secure Shell (sshd)
337 Summary(pt.UTF-8): Servidor do protocolo 'Secure Shell' OpenSSH (sshd)
338 Summary(pt_BR.UTF-8): Servidor OpenSSH para comunicações encriptadas
339 Summary(ru.UTF-8): OpenSSH - сервер протокола Secure Shell (sshd)
340 Summary(uk.UTF-8): OpenSSH - сервер протоколу Secure Shell (sshd)
341 Group: Networking/Daemons
342 Requires(post): /sbin/chkconfig
344 Requires(post,preun): /sbin/chkconfig
345 Requires(postun): /usr/sbin/userdel
346 Requires(pre): /bin/id
347 Requires(pre): /usr/sbin/useradd
348 Requires(post,preun,postun): systemd-units >= 38
349 Requires: %{name} = %{epoch}:%{version}-%{release}
350 Requires: pam >= %{pam_ver}
351 Requires: rc-scripts >= 0.4.3.0
352 Requires: systemd-units >= 38
354 %{?with_ldap:Suggests: %{name}-server-ldap}
356 Suggests: xorg-app-xauth
359 %requires_eq_to openssl openssl-devel
362 Ssh (Secure Shell) a program for logging into a remote machine and for
363 executing commands in a remote machine. It is intended to replace
364 rlogin and rsh, and provide secure encrypted communications between
365 two untrusted hosts over an insecure network. X11 connections and
366 arbitrary TCP/IP ports can also be forwarded over the secure channel.
368 OpenSSH is OpenBSD's rework of the last free version of SSH, bringing
369 it up to date in terms of security and features, as well as removing
370 all patented algorithms to seperate libraries (OpenSSL).
372 This package contains the secure shell daemon. The sshd is the server
373 part of the secure shell protocol and allows ssh clients to connect to
376 %description server -l de.UTF-8
377 Dieses Paket installiert den sshd, den Server-Teil der OpenSSH.
379 %description server -l es.UTF-8
380 Este paquete contiene el servidor SSH. sshd es la parte servidor del
381 protocolo secure shell y permite que clientes ssh se conecten a su
384 %description server -l fr.UTF-8
385 Ce paquetage installe le 'sshd', partie serveur de OpenSSH.
387 %description server -l it.UTF-8
388 Questo pacchetto installa sshd, il server di OpenSSH.
390 %description server -l pl.UTF-8
391 Ssh (Secure Shell) to program służący do logowania się na zdalną
392 maszynę i uruchamiania na niej aplikacji. W zamierzeniu openssh ma
393 zastąpić rlogin, rsh i dostarczyć bezpieczne, szyfrowane połączenie
394 pomiędzy dwoma hostami.
396 Ten pakiet zawiera serwer sshd (do którego mogą łączyć się klienci
399 %description server -l pt.UTF-8
400 Este pacote intala o sshd, o servidor do OpenSSH.
402 %description server -l pt_BR.UTF-8
403 Esse pacote contém o servidor SSH. O sshd é a parte servidor do
404 protocolo secure shell e permite que clientes ssh se conectem ao seu
407 %description server -l ru.UTF-8
408 Ssh (Secure Shell) - это программа для "захода" (login) на удаленную
409 машину и для выполнения команд на удаленной машине.
411 Этот пакет содержит sshd - "демон" Secure Shell. sshd - это серверная
412 часть протокола Secure Shell, позволяющая клиентам ssh соединяться с
415 %description server -l uk.UTF-8
416 Ssh (Secure Shell) - це програма для "заходу" (login) до віддаленої
417 машини та для виконання команд на віддаленій машині.
419 Цей пакет містить sshd - "демон" Secure Shell. sshd - це серверна
420 частина протоколу Secure Shell, яка дозволяє клієнтам ssh зв'язуватись
424 Summary: A LDAP support for open source SSH server daemon
425 Summary(pl.UTF-8): Wsparcie LDAP dla serwera OpenSSH
427 Requires: %{name} = %{epoch}:%{version}-%{release}
428 Requires: openldap-nss-config
430 %description server-ldap
431 OpenSSH LDAP backend is a way how to distribute the authorized tokens
432 among the servers in the network.
434 %description server-ldap -l pl.UTF-8
435 Backend LDAP dla OpenSSH to metoda rozprowadzania autoryzowanych
436 tokenów między serwerami w sieci.
438 %package server-upstart
439 Summary: Upstart job description for OpenSSH server
440 Summary(pl.UTF-8): Opis zadania Upstart dla serwera OpenSSH
442 Requires: %{name}-server = %{epoch}:%{version}-%{release}
443 Requires: upstart >= 0.6
444 Conflicts: syslog-ng < 3.2.4-1
446 %description server-upstart
447 Upstart job description for OpenSSH.
449 %description server-upstart -l pl.UTF-8
450 Opis zadania Upstart dla OpenSSH.
452 %package gnome-askpass
453 Summary: OpenSSH GNOME passphrase dialog
454 Summary(de.UTF-8): OpenSSH GNOME Passwort-Dialog
455 Summary(es.UTF-8): Diálogo para introducción de passphrase para GNOME
456 Summary(fr.UTF-8): Dialogue pass-phrase GNOME d'OpenSSH
457 Summary(it.UTF-8): Finestra di dialogo GNOME per la frase segreta di OpenSSH
458 Summary(pl.UTF-8): Odpytywacz hasła OpenSSH dla GNOME
459 Summary(pt.UTF-8): Diálogo de pedido de senha para GNOME do OpenSSH
460 Summary(pt_BR.UTF-8): Diálogo para entrada de passphrase para GNOME
461 Summary(ru.UTF-8): OpenSSH - диалог ввода ключевой фразы (passphrase) для GNOME
462 Summary(uk.UTF-8): OpenSSH - діалог вводу ключової фрази (passphrase) для GNOME
463 Group: Applications/Networking
464 Requires: %{name} = %{epoch}:%{version}-%{release}
465 Obsoletes: openssh-askpass
466 Obsoletes: ssh-askpass
467 Obsoletes: ssh-extras
469 %description gnome-askpass
470 Ssh (Secure Shell) a program for logging into a remote machine and for
471 executing commands in a remote machine. It is intended to replace
472 rlogin and rsh, and provide secure encrypted communications between
473 two untrusted hosts over an insecure network. X11 connections and
474 arbitrary TCP/IP ports can also be forwarded over the secure channel.
476 OpenSSH is OpenBSD's rework of the last free version of SSH, bringing
477 it up to date in terms of security and features, as well as removing
478 all patented algorithms to seperate libraries (OpenSSL).
480 This package contains the GNOME passphrase dialog.
482 %description gnome-askpass -l es.UTF-8
483 Este paquete contiene un programa que abre una caja de diálogo para
484 entrada de passphrase en GNOME.
486 %description gnome-askpass -l pl.UTF-8
487 Ssh (Secure Shell) to program służący do logowania się na zdalną
488 maszynę i uruchamiania na niej aplikacji. W zamierzeniu openssh ma
489 zastąpić rlogin, rsh i dostarczyć bezpieczne, szyfrowane połączenie
490 pomiędzy dwoma hostami.
492 Ten pakiet zawiera ,,odpytywacz hasła'' dla GNOME.
494 %description gnome-askpass -l pt_BR.UTF-8
495 Esse pacote contém um programa que abre uma caixa de diálogo para
496 entrada de passphrase no GNOME.
498 %description gnome-askpass -l ru.UTF-8
499 Ssh (Secure Shell) - это программа для "захода" (login) на удаленную
500 машину и для выполнения команд на удаленной машине.
502 Этот пакет содержит диалог ввода ключевой фразы для использования под
505 %description gnome-askpass -l uk.UTF-8
506 Ssh (Secure Shell) - це програма для "заходу" (login) до віддаленої
507 машини та для виконання команд на віддаленій машині.
509 Цей пакет містить діалог вводу ключової фрази для використання під
512 %package -n openldap-schema-openssh-lpk
513 Summary: OpenSSH LDAP Public Key schema
514 Summary(pl.UTF-8): Schemat klucza publicznego LDAP dla OpenSSH
515 Group: Networking/Daemons
516 Requires(post,postun): sed >= 4.0
517 Requires: openldap-servers
518 %if "%{_rpmversion}" >= "5"
522 %description -n openldap-schema-openssh-lpk
523 This package contains OpenSSH LDAP Public Key schema for openldap.
525 %description -n openldap-schema-openssh-lpk -l pl.UTF-8
526 Ten pakiet zawiera schemat klucza publicznego LDAP dla OpenSSH dla
540 %{?with_hpn:%patch9 -p1}
545 %{!?with_ldap:%patch15 -p1}
548 %if "%{pld_release}" == "ac"
549 # fix for missing x11.pc
550 %{__sed} -i -e 's/\(`$(PKG_CONFIG) --libs gtk+-2.0\) x11`/\1` -lX11/' contrib/Makefile
553 # hack since arc4random from openbsd-compat needs symbols from libssh and vice versa
554 sed -i -e 's#-lssh -lopenbsd-compat#-lssh -lopenbsd-compat -lssh#g' Makefile*
556 grep -rl /usr/libexec/openssh/ssh-ldap-helper . | xargs \
557 %{__sed} -i -e 's,/usr/libexec/openssh/ssh-ldap-helper,%{_libexecdir}/ssh-ldap-helper,'
560 cp /usr/share/automake/config.sub .
564 CPPFLAGS="%{rpmcppflags} -DCHROOT -std=gnu99"
571 %{?with_audit:--with-audit=linux} \
572 --with-ipaddr-display \
573 %{?with_kerberos5:--with-kerberos5=/usr} \
574 --with-ldap%{!?with_ldap:=no} \
575 %{?with_libedit:--with-libedit} \
577 --with-md5-passwords \
579 --with-pid-dir=%{_localstatedir}/run \
580 --with-privsep-path=%{_privsepdir} \
581 %if "%{pld_release}" != "ac"
582 --with-sandbox=libseccomp_filter \
584 %{?with_selinux:--with-selinux} \
585 %if "%{pld_release}" == "ac"
586 --with-xauth=/usr/X11R6/bin/xauth
588 --with-xauth=%{_bindir}/xauth
591 echo '#define LOGIN_PROGRAM "/bin/login"' >>config.h
595 %{?with_tests:%{__make} tests}
599 %{__make} gnome-ssh-askpass1 \
600 CC="%{__cc} %{rpmldflags} %{rpmcflags}"
603 %{__make} gnome-ssh-askpass2 \
604 CC="%{__cc} %{rpmldflags} %{rpmcflags}"
608 rm -rf $RPM_BUILD_ROOT
609 install -d $RPM_BUILD_ROOT{%{_sysconfdir},/etc/{init,pam.d,rc.d/init.d,sysconfig,security,env.d}} \
610 $RPM_BUILD_ROOT{%{_libexecdir}/ssh,%{schemadir},%{systemdunitdir}}
611 install -d $RPM_BUILD_ROOT/etc/{profile.d,X11/xinit/xinitrc.d}
614 DESTDIR=$RPM_BUILD_ROOT
616 bzip2 -dc %{SOURCE1} | tar xf - -C $RPM_BUILD_ROOT%{_mandir}
618 cp -p %{SOURCE3} sshd.pam
619 install -p %{SOURCE2} sshd.init
621 %if "%{pld_release}" == "ac"
622 # not present in ac, no point searching it
623 %{__sed} -i -e '/pam_keyinit.so/d' sshd.pam
624 # openssl on ac does not have OPENSSL_HAS_ECC
625 %{__sed} -i -e '/ecdsa/d' sshd.init
629 # remove recording user's login uid to the process attribute
630 %{__sed} -i -e '/pam_loginuid.so/d' sshd.pam
633 install -p sshd.init $RPM_BUILD_ROOT/etc/rc.d/init.d/sshd
634 cp -p sshd.pam $RPM_BUILD_ROOT/etc/pam.d/sshd
635 cp -p %{SOURCE4} $RPM_BUILD_ROOT/etc/sysconfig/sshd
636 cp -p %{SOURCE5} $RPM_BUILD_ROOT/etc/profile.d
637 ln -sf /etc/profile.d/ssh-agent.sh $RPM_BUILD_ROOT/etc/X11/xinit/xinitrc.d/ssh-agent.sh
638 cp -p %{SOURCE6} $RPM_BUILD_ROOT%{_sysconfdir}
639 cp -p %{SOURCE7} $RPM_BUILD_ROOT%{schemadir}
640 cp -p %{SOURCE8} $RPM_BUILD_ROOT/etc/init/sshd.conf
642 %{__sed} -e 's|@@LIBEXECDIR@@|%{_libexecdir}|g' %{SOURCE9} >$RPM_BUILD_ROOT%{systemdunitdir}/sshd.service
643 cp -p %{SOURCE10} $RPM_BUILD_ROOT%{_libexecdir}/sshd-keygen
645 cp -p %{SOURCE11} $RPM_BUILD_ROOT%{systemdunitdir}
646 cp -p %{SOURCE12} $RPM_BUILD_ROOT%{systemdunitdir}
649 install -p contrib/gnome-ssh-askpass1 $RPM_BUILD_ROOT%{_libexecdir}/ssh/ssh-askpass
652 install -p contrib/gnome-ssh-askpass2 $RPM_BUILD_ROOT%{_libexecdir}/ssh/ssh-askpass
654 %if %{with gnome} || %{with gtk}
655 cat << 'EOF' >$RPM_BUILD_ROOT/etc/env.d/GNOME_SSH_ASKPASS_GRAB_SERVER
656 #GNOME_SSH_ASKPASS_GRAB_SERVER="true"
658 cat << 'EOF' >$RPM_BUILD_ROOT/etc/env.d/GNOME_SSH_ASKPASS_GRAB_POINTER
659 #GNOME_SSH_ASKPASS_GRAB_POINTER="true"
661 ln -s %{_libexecdir}/ssh/ssh-askpass $RPM_BUILD_ROOT%{_libexecdir}/ssh-askpass
664 install -p contrib/ssh-copy-id $RPM_BUILD_ROOT%{_bindir}
665 cp -p contrib/ssh-copy-id.1 $RPM_BUILD_ROOT%{_mandir}/man1
667 %{__rm} $RPM_BUILD_ROOT%{_mandir}/man1/slogin.1
668 echo ".so ssh.1" > $RPM_BUILD_ROOT%{_mandir}/man1/slogin.1
670 touch $RPM_BUILD_ROOT/etc/security/blacklist.sshd
672 cat << 'EOF' > $RPM_BUILD_ROOT/etc/env.d/SSH_ASKPASS
673 #SSH_ASKPASS="%{_libexecdir}/ssh-askpass"
676 %{__rm} $RPM_BUILD_ROOT%{_mandir}/README.openssh-non-english-man-pages
677 %{?with_ldap:%{__rm} $RPM_BUILD_ROOT%{_sysconfdir}/ldap.conf}
680 rm -rf $RPM_BUILD_ROOT
691 %postun gnome-askpass
695 %useradd -P %{name}-server -u 40 -d %{_privsepdir} -s /bin/false -c "OpenSSH PrivSep User" -g nobody sshd
698 /sbin/chkconfig --add sshd
699 %service sshd reload "OpenSSH Daemon"
701 %systemd_post sshd.service
704 if [ "$1" = "0" ]; then
706 /sbin/chkconfig --del sshd
708 %systemd_preun sshd.service
711 if [ "$1" = "0" ]; then
716 %triggerpostun server -- %{name}-server < 6.2p1-1
717 cp -f %{_sysconfdir}/sshd_config{,.rpmorig}
718 sed -i -e 's#AuthorizedKeysCommandRunAs#AuthorizedKeysCommandUser##g' %{_sysconfdir}/sshd_config
720 %triggerpostun server -- %{name}-server < 2:5.9p1-8
721 # lpk.patch to ldap.patch
722 if grep -qE '^(UseLPK|Lpk)' %{_sysconfdir}/sshd_config; then
723 echo >&2 "Migrating LPK patch to LDAP patch"
724 cp -f %{_sysconfdir}/sshd_config{,.rpmorig}
726 # disable old configs
727 # just UseLPK/LkpLdapConf supported for now
728 s/^\s*UseLPK/## Obsolete &/
729 s/^\s*Lpk/## Obsolete &/
730 # Enable new ones, assumes /etc/ldap.conf defaults, see HOWTO.ldap-keys
731 /UseLPK/iAuthorizedKeysCommand %{_libexecdir}/ssh-ldap-wrapper
732 ' %{_sysconfdir}/sshd_config
733 if [ ! -x /bin/systemd_booted ] || ! /bin/systemd_booted; then
734 /bin/systemctl try-restart sshd.service || :
736 %service -q sshd reload
739 %systemd_trigger sshd.service
740 if [ -x /bin/systemd_booted ] && /bin/systemd_booted; then
741 %banner %{name}-server -e << EOF
742 !!!!!!!!!!!!!!!!!!!!!!! WARNING !!!!!!!!!!!!!!!!!!!!!!!!!
743 ! Native systemd support for sshd has been installed. !
744 ! Restarting sshd.service with systemctl WILL kill all !
745 ! active ssh sessions (daemon as such will be started). !
746 !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
753 %postun server-upstart
756 %post -n openldap-schema-openssh-lpk
757 %openldap_schema_register %{schemadir}/openssh-lpk.schema
758 %service -q ldap restart
760 %postun -n openldap-schema-openssh-lpk
761 if [ "$1" = "0" ]; then
762 %openldap_schema_unregister %{schemadir}/openssh-lpk.schema
763 %service -q ldap restart
767 %defattr(644,root,root,755)
768 %doc TODO README OVERVIEW CREDITS Change*
769 %attr(755,root,root) %{_bindir}/ssh-key*
770 #%attr(755,root,root) %{_bindir}/ssh-vulnkey*
771 %{_mandir}/man1/ssh-key*.1*
772 #%{_mandir}/man1/ssh-vulnkey*.1*
777 %defattr(644,root,root,755)
778 %attr(755,root,root) %{_bindir}/ssh
779 %attr(755,root,root) %{_bindir}/slogin
780 %attr(755,root,root) %{_bindir}/sftp
781 %attr(755,root,root) %{_bindir}/ssh-agent
782 %attr(755,root,root) %{_bindir}/ssh-add
783 %attr(755,root,root) %{_bindir}/ssh-copy-id
784 %attr(755,root,root) %{_bindir}/scp
785 %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/ssh_config
786 %config(noreplace,missingok) %verify(not md5 mtime size) /etc/env.d/SSH_ASKPASS
787 %{_mandir}/man1/scp.1*
788 %{_mandir}/man1/ssh.1*
789 %{_mandir}/man1/slogin.1*
790 %{_mandir}/man1/sftp.1*
791 %{_mandir}/man1/ssh-agent.1*
792 %{_mandir}/man1/ssh-add.1*
793 %{_mandir}/man1/ssh-copy-id.1*
794 %{_mandir}/man5/ssh_config.5*
795 %lang(it) %{_mandir}/it/man1/ssh.1*
796 %lang(it) %{_mandir}/it/man5/ssh_config.5*
797 %lang(pl) %{_mandir}/pl/man1/scp.1*
798 %lang(zh_CN) %{_mandir}/zh_CN/man1/scp.1*
800 # for host-based auth (suid required for accessing private host key)
801 #%attr(4755,root,root) %{_libexecdir}/ssh-keysign
802 #%{_mandir}/man8/ssh-keysign.8*
804 %files clients-agent-profile_d
805 %defattr(644,root,root,755)
806 %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/ssh-agent.conf
807 %attr(755,root,root) /etc/profile.d/ssh-agent.sh
809 %files clients-agent-xinitrc
810 %defattr(644,root,root,755)
811 %attr(755,root,root) /etc/X11/xinit/xinitrc.d/ssh-agent.sh
814 %defattr(644,root,root,755)
815 %attr(755,root,root) %{_sbindir}/sshd
816 %attr(755,root,root) %{_libexecdir}/sftp-server
817 %attr(755,root,root) %{_libexecdir}/ssh-keysign
818 %attr(755,root,root) %{_libexecdir}/ssh-pkcs11-helper
819 %attr(755,root,root) %{_libexecdir}/sshd-keygen
820 %{_mandir}/man8/sshd.8*
821 %{_mandir}/man8/sftp-server.8*
822 %{_mandir}/man8/ssh-keysign.8*
823 %{_mandir}/man8/ssh-pkcs11-helper.8*
824 %{_mandir}/man5/sshd_config.5*
825 %{_mandir}/man5/moduli.5*
826 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/sshd_config
827 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/pam.d/sshd
828 %attr(640,root,root) %{_sysconfdir}/moduli
829 %attr(754,root,root) /etc/rc.d/init.d/sshd
830 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/sysconfig/sshd
831 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/security/blacklist.sshd
832 %{systemdunitdir}/sshd.service
833 %{systemdunitdir}/sshd.socket
834 %{systemdunitdir}/sshd@.service
838 %defattr(644,root,root,755)
839 %doc HOWTO.ldap-keys ldap.conf
840 %attr(755,root,root) %{_libexecdir}/ssh-ldap-helper
841 %attr(755,root,root) %{_libexecdir}/ssh-ldap-wrapper
842 %{_mandir}/man5/ssh-ldap.conf.5*
843 %{_mandir}/man8/ssh-ldap-helper.8*
846 %if %{with gnome} || %{with gtk}
848 %defattr(644,root,root,755)
849 %config(noreplace,missingok) %verify(not md5 mtime size) /etc/env.d/GNOME_SSH_ASKPASS*
850 %dir %{_libexecdir}/ssh
851 %attr(755,root,root) %{_libexecdir}/ssh/ssh-askpass
852 %attr(755,root,root) %{_libexecdir}/ssh-askpass
856 %files -n openldap-schema-openssh-lpk
857 %defattr(644,root,root,755)
858 %{schemadir}/openssh-lpk.schema
861 %if "%{pld_release}" != "ti"
862 %files server-upstart
863 %defattr(644,root,root,755)
864 %config(noreplace) %verify(not md5 mtime size) /etc/init/sshd.conf