2 # - add trigger to enable this:
3 # * sshd(8): This release turns on pre-auth sandboxing sshd by default for
4 # new installs, by setting UsePrivilegeSeparation=sandbox in sshd_config.
7 %bcond_without audit # sshd audit support
8 %bcond_with gnome # with gnome-askpass (GNOME 1.x) utility
9 %bcond_without gtk # without GTK+ (2.x)
10 %bcond_without ldap # with ldap support
11 %bcond_without libedit # without libedit (editline/history support in sftp client)
12 %bcond_without kerberos5 # without kerberos5 support
13 %bcond_without selinux # build without SELinux support
14 %bcond_with hpn # High Performance SSH/SCP - HPN-SSH including Cipher NONE (broken too often)
17 # gtk2-based gnome-askpass means no gnome1-based
18 %{?with_gtk:%undefine with_gnome}
20 %if "%{pld_release}" == "ac"
21 %define pam_ver 0.79.0
23 %define pam_ver 1:1.1.5-5
25 Summary: OpenSSH free Secure Shell (SSH) implementation
26 Summary(de.UTF-8): OpenSSH - freie Implementation der Secure Shell (SSH)
27 Summary(es.UTF-8): Implementación libre de SSH
28 Summary(fr.UTF-8): Implémentation libre du shell sécurisé OpenSSH (SSH)
29 Summary(it.UTF-8): Implementazione gratuita OpenSSH della Secure Shell
30 Summary(pl.UTF-8): Publicznie dostępna implementacja bezpiecznego shella (SSH)
31 Summary(pt.UTF-8): Implementação livre OpenSSH do protocolo 'Secure Shell' (SSH)
32 Summary(pt_BR.UTF-8): Implementação livre do SSH
33 Summary(ru.UTF-8): OpenSSH - свободная реализация протокола Secure Shell (SSH)
34 Summary(uk.UTF-8): OpenSSH - вільна реалізація протоколу Secure Shell (SSH)
40 Group: Applications/Networking
41 Source0: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/%{name}-%{version}.tar.gz
42 # Source0-md5: a084e7272b8cbd25afe0f5dce4802fef
43 Source1: http://www.mif.pg.gda.pl/homepages/ankry/man-PLD/%{name}-non-english-man-pages.tar.bz2
44 # Source1-md5: 66943d481cc422512b537bcc2c7400d1
45 Source2: %{name}d.init
46 Source3: %{name}d.pamd
47 Source4: %{name}.sysconfig
49 Source6: ssh-agent.conf
50 Source7: %{name}-lpk.schema
51 Source8: %{name}d.upstart
55 Source12: sshd@.service
56 Patch0: %{name}-no_libnsl.patch
57 Patch2: %{name}-pam_misc.patch
58 Patch3: %{name}-sigpipe.patch
59 # http://pkgs.fedoraproject.org/gitweb/?p=openssh.git;a=tree
60 Patch4: %{name}-ldap.patch
61 Patch5: %{name}-ldap-fixes.patch
62 Patch8: ldap.conf.patch
63 Patch6: %{name}-config.patch
64 Patch7: ldap-helper-sigpipe.patch
66 # High Performance SSH/SCP - HPN-SSH - http://www.psc.edu/networking/projects/hpn-ssh/
67 # http://www.psc.edu/networking/projects/hpn-ssh/openssh-5.2p1-hpn13v6.diff.gz
68 Patch9: %{name}-5.2p1-hpn13v6.diff
69 Patch10: %{name}-include.patch
70 Patch11: %{name}-chroot.patch
71 # http://people.debian.org/~cjwatson/%{name}-blacklist.diff
72 Patch12: %{name}-blacklist.diff
73 Patch13: %{name}-kuserok.patch
74 Patch14: %{name}-bind.patch
75 Patch15: %{name}-disable_ldap.patch
76 URL: http://www.openssh.com/portable.html
77 BuildRequires: %{__perl}
78 %{?with_tests:BuildRequires: %{name}-server}
79 %{?with_audit:BuildRequires: audit-libs-devel}
80 BuildRequires: autoconf >= 2.50
81 BuildRequires: automake
82 %{?with_gnome:BuildRequires: gnome-libs-devel}
83 %{?with_gtk:BuildRequires: gtk+2-devel}
84 %{?with_kerberos5:BuildRequires: heimdal-devel >= 0.7}
85 %{?with_libedit:BuildRequires: libedit-devel}
86 %{?with_selinux:BuildRequires: libselinux-devel}
87 BuildRequires: libwrap-devel
88 %{?with_ldap:BuildRequires: openldap-devel}
89 BuildRequires: openssl-devel >= 0.9.7d
90 BuildRequires: pam-devel
91 %{?with_gtk:BuildRequires: pkgconfig}
92 BuildRequires: rpm >= 4.4.9-56
93 BuildRequires: rpmbuild(macros) >= 1.627
94 BuildRequires: sed >= 4.0
95 BuildRequires: zlib-devel >= 1.2.3
96 Requires: zlib >= 1.2.3
97 %if "%{pld_release}" == "ac"
98 Requires: filesystem >= 2.0-1
99 Requires: pam >= 0.79.0
101 Requires: filesystem >= 3.0-11
102 Requires: pam >= %{pam_ver}
103 Suggests: openssh-blacklist
104 Suggests: xorg-app-xauth
107 BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
109 %define _sysconfdir /etc/ssh
110 %define _libexecdir %{_libdir}/%{name}
111 %define _privsepdir /usr/share/empty
112 %define schemadir /usr/share/openldap/schema
115 Ssh (Secure Shell) a program for logging into a remote machine and for
116 executing commands in a remote machine. It is intended to replace
117 rlogin and rsh, and provide secure encrypted communications between
118 two untrusted hosts over an insecure network. X11 connections and
119 arbitrary TCP/IP ports can also be forwarded over the secure channel.
121 OpenSSH is OpenBSD's rework of the last free version of SSH, bringing
122 it up to date in terms of security and features, as well as removing
123 all patented algorithms to seperate libraries (OpenSSL).
125 This package includes the core files necessary for both the OpenSSH
126 client and server. To make this package useful, you should also
127 install openssh-clients, openssh-server, or both.
130 This release includes High Performance SSH/SCP patches from
131 http://www.psc.edu/networking/projects/hpn-ssh/ which are supposed to
132 increase throughput on fast connections with high RTT (20-150 msec).
133 See the website for '-w' values for your connection and /proc/sys TCP
134 values. BTW. in a LAN you have got generally RTT < 1 msec.
137 %description -l de.UTF-8
138 OpenSSH (Secure Shell) stellt den Zugang zu anderen Rechnern her. Es
139 ersetzt telnet, rlogin, rexec und rsh und stellt eine sichere,
140 verschlüsselte Verbindung zwischen zwei nicht vertrauenswürdigen Hosts
141 über eine unsicheres Netzwerk her. X11 Verbindungen und beliebige
142 andere TCP/IP Ports können ebenso über den sicheren Channel
143 weitergeleitet werden.
145 %description -l es.UTF-8
146 SSH es un programa para accesar y ejecutar órdenes en computadores
147 remotos. Sustituye rlogin y rsh, y suministra un canal de comunicación
148 seguro entre dos servidores en una red insegura. Conexiones X11 y
149 puertas TCP/IP arbitrárias también pueden ser usadas por el canal
152 OpenSSH es el resultado del trabajo del equipo de OpenBSD para
153 continuar la última versión gratuita de SSH, actualizándolo en
154 términos de seguridad y recursos,así también eliminando todos los
155 algoritmos patentados y colocándolos en bibliotecas separadas
158 Este paquete contiene "port" para Linux de OpenSSH. Se debe instalar
159 también el paquete openssh-clients u openssh-server o ambos.
161 %description -l fr.UTF-8
162 OpenSSH (Secure Shell) fournit un accès à un système distant. Il
163 remplace telnet, rlogin, rexec et rsh, tout en assurant des
164 communications cryptées securisées entre deux hôtes non fiabilisés sur
165 un réseau non sécurisé. Des connexions X11 et des ports TCP/IP
166 arbitraires peuvent également être transmis sur le canal sécurisé.
168 %description -l it.UTF-8
169 OpenSSH (Secure Shell) fornisce l'accesso ad un sistema remoto.
170 Sostituisce telnet, rlogin, rexec, e rsh, e fornisce comunicazioni
171 sicure e crittate tra due host non fidati su una rete non sicura. Le
172 connessioni X11 ad una porta TCP/IP arbitraria possono essere
173 inoltrate attraverso un canale sicuro.
175 %description -l pl.UTF-8
176 Ssh (Secure Shell) to program służący do logowania się na zdalną
177 maszynę i uruchamiania na niej aplikacji. W zamierzeniu openssh ma
178 zastąpić rlogin, rsh i dostarczyć bezpieczne, szyfrowane połączenie
179 pomiędzy dwoma hostami.
181 Ten pakiet zawiera podstawowe pliki potrzebne zarówno po stronie
182 klienta jak i serwera OpenSSH. Aby był użyteczny, trzeba zainstalować
183 co najmniej jeden z pakietów: openssh-clients lub openssh-server.
186 Ta wersja zawiera łaty z projektu High Performance SSH/SCP
187 http://www.psc.edu/networking/projects/hpn-ssh/, które mają na celu
188 zwiększenie przepustowości transmisji dla szybkich połączeń z dużym
189 RTT (20-150 msec). Na stronie projektu znaleźć można odpowednie dla
190 danego połączenia wartości parametru '-w' oraz opcje /proc/sys dla
191 TCP. Nawiasem mówiąc w sieciach LAN RTT < 1 msec.
194 %description -l pt.UTF-8
195 OpenSSH (Secure Shell) fornece acesso a um sistema remoto. Substitui o
196 telnet, rlogin, rexec, e o rsh e fornece comunicações seguras e
197 cifradas entre duas máquinas sem confiança mútua sobre uma rede
198 insegura. Ligações X11 e portos TCP/IP arbitrários também poder ser
199 reenviados pelo canal seguro.
201 %description -l pt_BR.UTF-8
202 SSH é um programa para acessar e executar comandos em máquinas
203 remotas. Ele substitui rlogin e rsh, e provem um canal de comunicação
204 seguro entre dois hosts em uma rede insegura. Conexões X11 e portas
205 TCP/IP arbitrárias também podem ser usadas pelo canal seguro.
207 OpenSSH é o resultado do trabalho da equipe do OpenBSD em continuar a
208 última versão gratuita do SSH, atualizando-o em termos de segurança e
209 recursos, assim como removendo todos os algoritmos patenteados e
210 colocando-os em bibliotecas separadas (OpenSSL).
212 Esse pacote contém o "port" pra Linux do OpenSSH. Você deve instalar
213 também ou o pacote openssh-clients, ou o openssh-server, ou ambos.
215 %description -l ru.UTF-8
216 Ssh (Secure Shell) - это программа для "захода" (login) на удаленную
217 машину и для выполнения команд на удаленной машине. Она предназначена
218 для замены rlogin и rsh и обеспечивает безопасную шифрованную
219 коммуникацию между двумя хостами в сети, являющейся небезопасной.
220 Соединения X11 и любые порты TCP/IP могут также быть проведены через
223 OpenSSH - это переделка командой разработчиков OpenBSD последней
224 свободной версии SSH, доведенная до современного состояния в терминах
225 уровня безопасности и поддерживаемых возможностей. Все патентованные
226 алгоритмы вынесены в отдельные библиотеки (OpenSSL).
228 Этот пакет содержит файлы, необходимые как для клиента, так и для
229 сервера OpenSSH. Вам нужно будет установить еще openssh-clients,
230 openssh-server, или оба пакета.
232 %description -l uk.UTF-8
233 Ssh (Secure Shell) - це програма для "заходу" (login) до віддаленої
234 машини та для виконання команд на віддаленій машині. Вона призначена
235 для заміни rlogin та rsh і забезпечує безпечну шифровану комунікацію
236 між двома хостами в мережі, яка не є безпечною. З'єднання X11 та
237 довільні порти TCP/IP можуть також бути проведені через безпечний
240 OpenSSH - це переробка командою розробників OpenBSD останньої вільної
241 версії SSH, доведена до сучасного стану в термінах рівня безпеки та
242 підтримуваних можливостей. Всі патентовані алгоритми винесені до
243 окремих бібліотек (OpenSSL).
245 Цей пакет містить файли, необхідні як для клієнта, так і для сервера
246 OpenSSH. Вам потрібно буде ще встановити openssh-clients,
247 openssh-server, чи обидва пакети.
250 Summary: OpenSSH Secure Shell protocol clients
251 Summary(es.UTF-8): Clientes de OpenSSH
252 Summary(pl.UTF-8): Klienci protokołu Secure Shell
253 Summary(pt_BR.UTF-8): Clientes do OpenSSH
254 Summary(ru.UTF-8): OpenSSH - клиенты протокола Secure Shell
255 Summary(uk.UTF-8): OpenSSH - клієнти протоколу Secure Shell
256 Group: Applications/Networking
258 Provides: ssh-clients
259 Obsoletes: ssh-clients
260 %requires_eq_to openssl openssl-devel
263 Ssh (Secure Shell) a program for logging into a remote machine and for
264 executing commands in a remote machine. It is intended to replace
265 rlogin and rsh, and provide secure encrypted communications between
266 two untrusted hosts over an insecure network. X11 connections and
267 arbitrary TCP/IP ports can also be forwarded over the secure channel.
269 OpenSSH is OpenBSD's rework of the last free version of SSH, bringing
270 it up to date in terms of security and features, as well as removing
271 all patented algorithms to seperate libraries (OpenSSL).
273 This package includes the clients necessary to make encrypted
274 connections to SSH servers.
276 %description clients -l es.UTF-8
277 Este paquete incluye los clientes que se necesitan para hacer
278 conexiones codificadas con servidores SSH.
280 %description clients -l pl.UTF-8
281 Ssh (Secure Shell) to program służący do logowania się na zdalną
282 maszynę i uruchamiania na niej aplikacji. W zamierzeniu openssh ma
283 zastąpić rlogin, rsh i dostarczyć bezpieczne, szyfrowane połączenie
284 pomiędzy dwoma hostami.
286 Ten pakiet zawiera klientów służących do łączenia się z serwerami SSH.
288 %description clients -l pt_BR.UTF-8
289 Esse pacote inclui os clientes necessários para fazer conexões
290 encriptadas com servidores SSH.
292 %description clients -l ru.UTF-8
293 Ssh (Secure Shell) - это программа для "захода" (login) на удаленную
294 машину и для выполнения команд на удаленной машине.
296 Этот пакет содержит программы-клиенты, необходимые для установления
297 зашифрованных соединений с серверами SSH.
299 %description clients -l uk.UTF-8
300 Ssh (Secure Shell) - це програма для "заходу" (login) до віддаленої
301 машини та для виконання команд на віддаленій машині.
303 Цей пакет містить програми-клієнти, необхідні для встановлення
304 зашифрованих з'єднань з серверами SSH.
306 %package clients-agent-profile_d
307 Summary: OpenSSH Secure Shell agent init script
308 Summary(pl.UTF-8): Skrypt startowy agenta OpenSSH
309 Group: Applications/Networking
310 Requires: %{name}-clients = %{epoch}:%{version}-%{release}
312 %description clients-agent-profile_d
313 profile.d scripts for starting SSH agent.
315 %description clients-agent-profile_d -l pl.UTF-8
316 Skrypty profile.d do uruchamiania agenta SSH.
318 %package clients-agent-xinitrc
319 Summary: OpenSSH Secure Shell agent init script
320 Summary(pl.UTF-8): Skrypt inicjujący agenta ssh przez xinitrc
321 Group: Applications/Networking
322 Requires: %{name}-clients-agent-profile_d = %{epoch}:%{version}-%{release}
325 %description clients-agent-xinitrc
326 xinitrc scripts for starting SSH agent.
328 %description clients-agent-xinitrc -l pl.UTF-8
329 Skrypty xinitrc do uruchamiania agenta SSH.
332 Summary: OpenSSH Secure Shell protocol server (sshd)
333 Summary(de.UTF-8): OpenSSH Secure Shell Protocol-Server (sshd)
334 Summary(es.UTF-8): Servidor OpenSSH para comunicaciones codificadas
335 Summary(fr.UTF-8): Serveur de protocole du shell sécurisé OpenSSH (sshd)
336 Summary(it.UTF-8): Server OpenSSH per il protocollo Secure Shell (sshd)
337 Summary(pl.UTF-8): Serwer protokołu Secure Shell (sshd)
338 Summary(pt.UTF-8): Servidor do protocolo 'Secure Shell' OpenSSH (sshd)
339 Summary(pt_BR.UTF-8): Servidor OpenSSH para comunicações encriptadas
340 Summary(ru.UTF-8): OpenSSH - сервер протокола Secure Shell (sshd)
341 Summary(uk.UTF-8): OpenSSH - сервер протоколу Secure Shell (sshd)
342 Group: Networking/Daemons
343 Requires(post): /sbin/chkconfig
345 Requires(post,preun): /sbin/chkconfig
346 Requires(postun): /usr/sbin/userdel
347 Requires(pre): /bin/id
348 Requires(pre): /usr/sbin/useradd
349 Requires(post,preun,postun): systemd-units >= 38
350 Requires: %{name} = %{epoch}:%{version}-%{release}
351 Requires: pam >= %{pam_ver}
352 Requires: rc-scripts >= 0.4.3.0
353 Requires: systemd-units >= 38
355 %{?with_ldap:Suggests: %{name}-server-ldap}
357 Suggests: xorg-app-xauth
360 %requires_eq_to openssl openssl-devel
363 Ssh (Secure Shell) a program for logging into a remote machine and for
364 executing commands in a remote machine. It is intended to replace
365 rlogin and rsh, and provide secure encrypted communications between
366 two untrusted hosts over an insecure network. X11 connections and
367 arbitrary TCP/IP ports can also be forwarded over the secure channel.
369 OpenSSH is OpenBSD's rework of the last free version of SSH, bringing
370 it up to date in terms of security and features, as well as removing
371 all patented algorithms to seperate libraries (OpenSSL).
373 This package contains the secure shell daemon. The sshd is the server
374 part of the secure shell protocol and allows ssh clients to connect to
377 %description server -l de.UTF-8
378 Dieses Paket installiert den sshd, den Server-Teil der OpenSSH.
380 %description server -l es.UTF-8
381 Este paquete contiene el servidor SSH. sshd es la parte servidor del
382 protocolo secure shell y permite que clientes ssh se conecten a su
385 %description server -l fr.UTF-8
386 Ce paquetage installe le 'sshd', partie serveur de OpenSSH.
388 %description server -l it.UTF-8
389 Questo pacchetto installa sshd, il server di OpenSSH.
391 %description server -l pl.UTF-8
392 Ssh (Secure Shell) to program służący do logowania się na zdalną
393 maszynę i uruchamiania na niej aplikacji. W zamierzeniu openssh ma
394 zastąpić rlogin, rsh i dostarczyć bezpieczne, szyfrowane połączenie
395 pomiędzy dwoma hostami.
397 Ten pakiet zawiera serwer sshd (do którego mogą łączyć się klienci
400 %description server -l pt.UTF-8
401 Este pacote intala o sshd, o servidor do OpenSSH.
403 %description server -l pt_BR.UTF-8
404 Esse pacote contém o servidor SSH. O sshd é a parte servidor do
405 protocolo secure shell e permite que clientes ssh se conectem ao seu
408 %description server -l ru.UTF-8
409 Ssh (Secure Shell) - это программа для "захода" (login) на удаленную
410 машину и для выполнения команд на удаленной машине.
412 Этот пакет содержит sshd - "демон" Secure Shell. sshd - это серверная
413 часть протокола Secure Shell, позволяющая клиентам ssh соединяться с
416 %description server -l uk.UTF-8
417 Ssh (Secure Shell) - це програма для "заходу" (login) до віддаленої
418 машини та для виконання команд на віддаленій машині.
420 Цей пакет містить sshd - "демон" Secure Shell. sshd - це серверна
421 частина протоколу Secure Shell, яка дозволяє клієнтам ssh зв'язуватись
425 Summary: A LDAP support for open source SSH server daemon
426 Summary(pl.UTF-8): Wsparcie LDAP dla serwera OpenSSH
428 Requires: %{name} = %{epoch}:%{version}-%{release}
429 Requires: openldap-nss-config
431 %description server-ldap
432 OpenSSH LDAP backend is a way how to distribute the authorized tokens
433 among the servers in the network.
435 %description server-ldap -l pl.UTF-8
436 Backend LDAP dla OpenSSH to metoda rozprowadzania autoryzowanych
437 tokenów między serwerami w sieci.
439 %package server-upstart
440 Summary: Upstart job description for OpenSSH server
441 Summary(pl.UTF-8): Opis zadania Upstart dla serwera OpenSSH
443 Requires: %{name}-server = %{epoch}:%{version}-%{release}
444 Requires: upstart >= 0.6
445 Conflicts: syslog-ng < 3.2.4-1
447 %description server-upstart
448 Upstart job description for OpenSSH.
450 %description server-upstart -l pl.UTF-8
451 Opis zadania Upstart dla OpenSSH.
453 %package gnome-askpass
454 Summary: OpenSSH GNOME passphrase dialog
455 Summary(de.UTF-8): OpenSSH GNOME Passwort-Dialog
456 Summary(es.UTF-8): Diálogo para introducción de passphrase para GNOME
457 Summary(fr.UTF-8): Dialogue pass-phrase GNOME d'OpenSSH
458 Summary(it.UTF-8): Finestra di dialogo GNOME per la frase segreta di OpenSSH
459 Summary(pl.UTF-8): Odpytywacz hasła OpenSSH dla GNOME
460 Summary(pt.UTF-8): Diálogo de pedido de senha para GNOME do OpenSSH
461 Summary(pt_BR.UTF-8): Diálogo para entrada de passphrase para GNOME
462 Summary(ru.UTF-8): OpenSSH - диалог ввода ключевой фразы (passphrase) для GNOME
463 Summary(uk.UTF-8): OpenSSH - діалог вводу ключової фрази (passphrase) для GNOME
464 Group: Applications/Networking
465 Requires: %{name} = %{epoch}:%{version}-%{release}
466 Obsoletes: openssh-askpass
467 Obsoletes: ssh-askpass
468 Obsoletes: ssh-extras
470 %description gnome-askpass
471 Ssh (Secure Shell) a program for logging into a remote machine and for
472 executing commands in a remote machine. It is intended to replace
473 rlogin and rsh, and provide secure encrypted communications between
474 two untrusted hosts over an insecure network. X11 connections and
475 arbitrary TCP/IP ports can also be forwarded over the secure channel.
477 OpenSSH is OpenBSD's rework of the last free version of SSH, bringing
478 it up to date in terms of security and features, as well as removing
479 all patented algorithms to seperate libraries (OpenSSL).
481 This package contains the GNOME passphrase dialog.
483 %description gnome-askpass -l es.UTF-8
484 Este paquete contiene un programa que abre una caja de diálogo para
485 entrada de passphrase en GNOME.
487 %description gnome-askpass -l pl.UTF-8
488 Ssh (Secure Shell) to program służący do logowania się na zdalną
489 maszynę i uruchamiania na niej aplikacji. W zamierzeniu openssh ma
490 zastąpić rlogin, rsh i dostarczyć bezpieczne, szyfrowane połączenie
491 pomiędzy dwoma hostami.
493 Ten pakiet zawiera ,,odpytywacz hasła'' dla GNOME.
495 %description gnome-askpass -l pt_BR.UTF-8
496 Esse pacote contém um programa que abre uma caixa de diálogo para
497 entrada de passphrase no GNOME.
499 %description gnome-askpass -l ru.UTF-8
500 Ssh (Secure Shell) - это программа для "захода" (login) на удаленную
501 машину и для выполнения команд на удаленной машине.
503 Этот пакет содержит диалог ввода ключевой фразы для использования под
506 %description gnome-askpass -l uk.UTF-8
507 Ssh (Secure Shell) - це програма для "заходу" (login) до віддаленої
508 машини та для виконання команд на віддаленій машині.
510 Цей пакет містить діалог вводу ключової фрази для використання під
513 %package -n openldap-schema-openssh-lpk
514 Summary: OpenSSH LDAP Public Key schema
515 Summary(pl.UTF-8): Schemat klucza publicznego LDAP dla OpenSSH
516 Group: Networking/Daemons
517 Requires(post,postun): sed >= 4.0
518 Requires: openldap-servers
519 %if "%{_rpmversion}" >= "5"
523 %description -n openldap-schema-openssh-lpk
524 This package contains OpenSSH LDAP Public Key schema for openldap.
526 %description -n openldap-schema-openssh-lpk -l pl.UTF-8
527 Ten pakiet zawiera schemat klucza publicznego LDAP dla OpenSSH dla
541 %{?with_hpn:%patch9 -p1}
544 # do we really need to drag this old/obsolete patch?
546 # code changed in upstream, needs baggins verification
549 %{!?with_ldap:%patch15 -p1}
551 %if "%{pld_release}" == "ac"
552 # fix for missing x11.pc
553 %{__sed} -i -e '/pkg-config/s/ x11//' contrib/Makefile
556 # hack since arc4random from openbsd-compat needs symbols from libssh and vice versa
557 sed -i -e 's#-lssh -lopenbsd-compat#-lssh -lopenbsd-compat -lssh#g' Makefile*
559 grep -rl /usr/libexec/openssh/ssh-ldap-helper . | xargs \
560 %{__sed} -i -e 's,/usr/libexec/openssh/ssh-ldap-helper,%{_libexecdir}/ssh-ldap-helper,'
563 cp /usr/share/automake/config.sub .
574 %{?with_audit:--with-audit=linux} \
575 --with-ipaddr-display \
576 %{?with_kerberos5:--with-kerberos5=/usr} \
577 --with-ldap%{!?with_ldap:=no} \
578 %{?with_libedit:--with-libedit} \
580 --with-md5-passwords \
582 --with-pid-dir=%{_localstatedir}/run \
583 --with-privsep-path=%{_privsepdir} \
584 --with-sandbox=seccomp_filter \
585 %{?with_selinux:--with-selinux} \
586 --with-tcp-wrappers \
587 %if "%{pld_release}" == "ac"
588 --with-xauth=/usr/X11R6/bin/xauth
590 --with-xauth=%{_bindir}/xauth
593 echo '#define LOGIN_PROGRAM "/bin/login"' >>config.h
597 %{?with_tests:%{__make} tests}
601 %{__make} gnome-ssh-askpass1 \
602 CC="%{__cc} %{rpmldflags} %{rpmcflags}"
605 %{__make} gnome-ssh-askpass2 \
606 CC="%{__cc} %{rpmldflags} %{rpmcflags}"
610 rm -rf $RPM_BUILD_ROOT
611 install -d $RPM_BUILD_ROOT{%{_sysconfdir},/etc/{init,pam.d,rc.d/init.d,sysconfig,security,env.d}} \
612 $RPM_BUILD_ROOT{%{_libexecdir}/ssh,%{schemadir},%{systemdunitdir}}
613 install -d $RPM_BUILD_ROOT/etc/{profile.d,X11/xinit/xinitrc.d}
616 DESTDIR=$RPM_BUILD_ROOT
618 bzip2 -dc %{SOURCE1} | tar xf - -C $RPM_BUILD_ROOT%{_mandir}
620 cp -p %{SOURCE3} sshd.pam
621 install -p %{SOURCE2} sshd.init
623 %if "%{pld_release}" == "ac"
624 # not present in ac, no point searching it
625 %{__sed} -i -e '/pam_keyinit.so/d' sshd.pam
626 # openssl on ac does not have OPENSSL_HAS_ECC
627 %{__sed} -i -e '/ecdsa/d' sshd.init
631 # remove recording user's login uid to the process attribute
632 %{__sed} -i -e '/pam_loginuid.so/d' sshd.pam
635 install -p sshd.init $RPM_BUILD_ROOT/etc/rc.d/init.d/sshd
636 cp -p sshd.pam $RPM_BUILD_ROOT/etc/pam.d/sshd
637 cp -p %{SOURCE4} $RPM_BUILD_ROOT/etc/sysconfig/sshd
638 cp -p %{SOURCE5} $RPM_BUILD_ROOT/etc/profile.d
639 ln -sf /etc/profile.d/ssh-agent.sh $RPM_BUILD_ROOT/etc/X11/xinit/xinitrc.d/ssh-agent.sh
640 cp -p %{SOURCE6} $RPM_BUILD_ROOT%{_sysconfdir}
641 cp -p %{SOURCE7} $RPM_BUILD_ROOT%{schemadir}
642 cp -p %{SOURCE8} $RPM_BUILD_ROOT/etc/init/sshd.conf
644 %{__sed} -e 's|@@LIBEXECDIR@@|%{_libexecdir}|g' %{SOURCE9} >$RPM_BUILD_ROOT%{systemdunitdir}/sshd.service
645 cp -p %{SOURCE10} $RPM_BUILD_ROOT%{_libexecdir}/sshd-keygen
647 cp -p %{SOURCE11} $RPM_BUILD_ROOT%{systemdunitdir}
648 cp -p %{SOURCE12} $RPM_BUILD_ROOT%{systemdunitdir}
651 install -p contrib/gnome-ssh-askpass1 $RPM_BUILD_ROOT%{_libexecdir}/ssh/ssh-askpass
654 install -p contrib/gnome-ssh-askpass2 $RPM_BUILD_ROOT%{_libexecdir}/ssh/ssh-askpass
656 %if %{with gnome} || %{with gtk}
657 cat << 'EOF' >$RPM_BUILD_ROOT/etc/env.d/GNOME_SSH_ASKPASS_GRAB_SERVER
658 #GNOME_SSH_ASKPASS_GRAB_SERVER="true"
660 cat << 'EOF' >$RPM_BUILD_ROOT/etc/env.d/GNOME_SSH_ASKPASS_GRAB_POINTER
661 #GNOME_SSH_ASKPASS_GRAB_POINTER="true"
663 ln -s %{_libexecdir}/ssh/ssh-askpass $RPM_BUILD_ROOT%{_libexecdir}/ssh-askpass
666 install -p contrib/ssh-copy-id $RPM_BUILD_ROOT%{_bindir}
667 cp -p contrib/ssh-copy-id.1 $RPM_BUILD_ROOT%{_mandir}/man1
669 %{__rm} $RPM_BUILD_ROOT%{_mandir}/man1/slogin.1
670 echo ".so ssh.1" > $RPM_BUILD_ROOT%{_mandir}/man1/slogin.1
672 touch $RPM_BUILD_ROOT/etc/security/blacklist.sshd
674 cat << 'EOF' > $RPM_BUILD_ROOT/etc/env.d/SSH_ASKPASS
675 #SSH_ASKPASS="%{_libexecdir}/ssh-askpass"
678 %{__rm} $RPM_BUILD_ROOT%{_mandir}/README.openssh-non-english-man-pages
679 %{?with_ldap:%{__rm} $RPM_BUILD_ROOT%{_sysconfdir}/ldap.conf}
682 rm -rf $RPM_BUILD_ROOT
693 %postun gnome-askpass
697 %useradd -P %{name}-server -u 40 -d %{_privsepdir} -s /bin/false -c "OpenSSH PrivSep User" -g nobody sshd
700 /sbin/chkconfig --add sshd
701 %service sshd reload "OpenSSH Daemon"
703 %systemd_post sshd.service
706 if [ "$1" = "0" ]; then
708 /sbin/chkconfig --del sshd
710 %systemd_preun sshd.service
713 if [ "$1" = "0" ]; then
718 %triggerpostun server -- %{name}-server < 6.2p1-1
719 cp -f %{_sysconfdir}/sshd_config{,.rpmorig}
720 sed -i -e 's#AuthorizedKeysCommandRunAs#AuthorizedKeysCommandUser##g' %{_sysconfdir}/sshd_config
722 %triggerpostun server -- %{name}-server < 2:5.9p1-8
723 # lpk.patch to ldap.patch
724 if grep -qE '^(UseLPK|Lpk)' %{_sysconfdir}/sshd_config; then
725 echo >&2 "Migrating LPK patch to LDAP patch"
726 cp -f %{_sysconfdir}/sshd_config{,.rpmorig}
728 # disable old configs
729 # just UseLPK/LkpLdapConf supported for now
730 s/^\s*UseLPK/## Obsolete &/
731 s/^\s*Lpk/## Obsolete &/
732 # Enable new ones, assumes /etc/ldap.conf defaults, see HOWTO.ldap-keys
733 /UseLPK/iAuthorizedKeysCommand %{_libexecdir}/ssh-ldap-wrapper
734 ' %{_sysconfdir}/sshd_config
735 if [ ! -x /bin/systemd_booted ] || ! /bin/systemd_booted; then
736 /bin/systemctl try-restart sshd.service || :
738 %service -q sshd reload
741 %systemd_trigger sshd.service
742 if [ -x /bin/systemd_booted ] && /bin/systemd_booted; then
743 %banner %{name}-server -e << EOF
744 !!!!!!!!!!!!!!!!!!!!!!! WARNING !!!!!!!!!!!!!!!!!!!!!!!!!
745 ! Native systemd support for sshd has been installed. !
746 ! Restarting sshd.service with systemctl WILL kill all !
747 ! active ssh sessions (daemon as such will be started). !
748 !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
755 %postun server-upstart
758 %post -n openldap-schema-openssh-lpk
759 %openldap_schema_register %{schemadir}/openssh-lpk.schema
760 %service -q ldap restart
762 %postun -n openldap-schema-openssh-lpk
763 if [ "$1" = "0" ]; then
764 %openldap_schema_unregister %{schemadir}/openssh-lpk.schema
765 %service -q ldap restart
769 %defattr(644,root,root,755)
770 %doc TODO README OVERVIEW CREDITS Change*
771 %attr(755,root,root) %{_bindir}/ssh-key*
772 #%attr(755,root,root) %{_bindir}/ssh-vulnkey*
773 %{_mandir}/man1/ssh-key*.1*
774 #%{_mandir}/man1/ssh-vulnkey*.1*
779 %defattr(644,root,root,755)
780 %attr(755,root,root) %{_bindir}/ssh
781 %attr(755,root,root) %{_bindir}/slogin
782 %attr(755,root,root) %{_bindir}/sftp
783 %attr(755,root,root) %{_bindir}/ssh-agent
784 %attr(755,root,root) %{_bindir}/ssh-add
785 %attr(755,root,root) %{_bindir}/ssh-copy-id
786 %attr(755,root,root) %{_bindir}/scp
787 %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/ssh_config
788 %config(noreplace,missingok) %verify(not md5 mtime size) /etc/env.d/SSH_ASKPASS
789 %{_mandir}/man1/scp.1*
790 %{_mandir}/man1/ssh.1*
791 %{_mandir}/man1/slogin.1*
792 %{_mandir}/man1/sftp.1*
793 %{_mandir}/man1/ssh-agent.1*
794 %{_mandir}/man1/ssh-add.1*
795 %{_mandir}/man1/ssh-copy-id.1*
796 %{_mandir}/man5/ssh_config.5*
797 %lang(it) %{_mandir}/it/man1/ssh.1*
798 %lang(it) %{_mandir}/it/man5/ssh_config.5*
799 %lang(pl) %{_mandir}/pl/man1/scp.1*
800 %lang(zh_CN) %{_mandir}/zh_CN/man1/scp.1*
802 # for host-based auth (suid required for accessing private host key)
803 #%attr(4755,root,root) %{_libexecdir}/ssh-keysign
804 #%{_mandir}/man8/ssh-keysign.8*
806 %files clients-agent-profile_d
807 %defattr(644,root,root,755)
808 %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/ssh-agent.conf
809 %attr(755,root,root) /etc/profile.d/ssh-agent.sh
811 %files clients-agent-xinitrc
812 %defattr(644,root,root,755)
813 %attr(755,root,root) /etc/X11/xinit/xinitrc.d/ssh-agent.sh
816 %defattr(644,root,root,755)
817 %attr(755,root,root) %{_sbindir}/sshd
818 %attr(755,root,root) %{_libexecdir}/sftp-server
819 %attr(755,root,root) %{_libexecdir}/ssh-keysign
820 %attr(755,root,root) %{_libexecdir}/ssh-pkcs11-helper
821 %attr(755,root,root) %{_libexecdir}/sshd-keygen
822 %{_mandir}/man8/sshd.8*
823 %{_mandir}/man8/sftp-server.8*
824 %{_mandir}/man8/ssh-keysign.8*
825 %{_mandir}/man8/ssh-pkcs11-helper.8*
826 %{_mandir}/man5/sshd_config.5*
827 %{_mandir}/man5/moduli.5*
828 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/sshd_config
829 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/pam.d/sshd
830 %attr(640,root,root) %{_sysconfdir}/moduli
831 %attr(754,root,root) /etc/rc.d/init.d/sshd
832 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/sysconfig/sshd
833 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/security/blacklist.sshd
834 %{systemdunitdir}/sshd.service
835 %{systemdunitdir}/sshd.socket
836 %{systemdunitdir}/sshd@.service
840 %defattr(644,root,root,755)
841 %doc HOWTO.ldap-keys ldap.conf
842 %attr(755,root,root) %{_libexecdir}/ssh-ldap-helper
843 %attr(755,root,root) %{_libexecdir}/ssh-ldap-wrapper
844 %{_mandir}/man5/ssh-ldap.conf.5*
845 %{_mandir}/man8/ssh-ldap-helper.8*
848 %if %{with gnome} || %{with gtk}
850 %defattr(644,root,root,755)
851 %config(noreplace,missingok) %verify(not md5 mtime size) /etc/env.d/GNOME_SSH_ASKPASS*
852 %dir %{_libexecdir}/ssh
853 %attr(755,root,root) %{_libexecdir}/ssh/ssh-askpass
854 %attr(755,root,root) %{_libexecdir}/ssh-askpass
858 %files -n openldap-schema-openssh-lpk
859 %defattr(644,root,root,755)
860 %{schemadir}/openssh-lpk.schema
863 %if "%{pld_release}" != "ti"
864 %files server-upstart
865 %defattr(644,root,root,755)
866 %config(noreplace) %verify(not md5 mtime size) /etc/init/sshd.conf