2 # - add trigger to enable this:
3 # * sshd(8): This release turns on pre-auth sandboxing sshd by default for
4 # new installs, by setting UsePrivilegeSeparation=sandbox in sshd_config.
7 %bcond_without audit # sshd audit support
8 %bcond_with gnome # with gnome-askpass (GNOME 1.x) utility
9 %bcond_without gtk # without GTK+ (2.x)
10 %bcond_without ldap # with ldap support
11 %bcond_without libedit # without libedit (editline/history support in sftp client)
12 %bcond_without kerberos5 # without kerberos5 support
13 %bcond_without selinux # build without SELinux support
14 %bcond_with hpn # High Performance SSH/SCP - HPN-SSH including Cipher NONE (broken too often)
17 # gtk2-based gnome-askpass means no gnome1-based
18 %{?with_gtk:%undefine with_gnome}
20 %if "%{pld_release}" == "ac"
21 %define pam_ver 0.79.0
23 %define pam_ver 1:1.1.8-5
25 Summary: OpenSSH free Secure Shell (SSH) implementation
26 Summary(de.UTF-8): OpenSSH - freie Implementation der Secure Shell (SSH)
27 Summary(es.UTF-8): Implementación libre de SSH
28 Summary(fr.UTF-8): Implémentation libre du shell sécurisé OpenSSH (SSH)
29 Summary(it.UTF-8): Implementazione gratuita OpenSSH della Secure Shell
30 Summary(pl.UTF-8): Publicznie dostępna implementacja bezpiecznego shella (SSH)
31 Summary(pt.UTF-8): Implementação livre OpenSSH do protocolo 'Secure Shell' (SSH)
32 Summary(pt_BR.UTF-8): Implementação livre do SSH
33 Summary(ru.UTF-8): OpenSSH - свободная реализация протокола Secure Shell (SSH)
34 Summary(uk.UTF-8): OpenSSH - вільна реалізація протоколу Secure Shell (SSH)
40 Group: Applications/Networking
41 Source0: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/%{name}-%{version}.tar.gz
42 # Source0-md5: 08f72de6751acfbd0892b5f003922701
43 Source1: http://www.mif.pg.gda.pl/homepages/ankry/man-PLD/%{name}-non-english-man-pages.tar.bz2
44 # Source1-md5: 66943d481cc422512b537bcc2c7400d1
45 Source2: %{name}d.init
46 Source3: %{name}d.pamd
47 Source4: %{name}.sysconfig
49 Source6: ssh-agent.conf
50 Source7: %{name}-lpk.schema
51 Source8: %{name}d.upstart
55 Source12: sshd@.service
56 Patch0: %{name}-no_libnsl.patch
57 Patch2: %{name}-pam_misc.patch
58 Patch3: %{name}-sigpipe.patch
59 # http://pkgs.fedoraproject.org/gitweb/?p=openssh.git;a=tree
60 Patch4: %{name}-ldap.patch
61 Patch5: %{name}-ldap-fixes.patch
62 Patch6: ldap.conf.patch
63 Patch7: %{name}-config.patch
64 Patch8: ldap-helper-sigpipe.patch
65 # High Performance SSH/SCP - HPN-SSH - http://www.psc.edu/networking/projects/hpn-ssh/
66 # http://www.psc.edu/networking/projects/hpn-ssh/openssh-5.2p1-hpn13v6.diff.gz
67 Patch9: %{name}-5.2p1-hpn13v6.diff
68 Patch10: %{name}-include.patch
69 Patch11: %{name}-chroot.patch
71 Patch14: %{name}-bind.patch
72 Patch15: %{name}-disable_ldap.patch
73 Patch16: libseccomp-sandbox.patch
74 URL: http://www.openssh.com/portable.html
75 BuildRequires: %{__perl}
76 %{?with_audit:BuildRequires: audit-libs-devel}
77 BuildRequires: autoconf >= 2.50
78 BuildRequires: automake
79 %{?with_gnome:BuildRequires: gnome-libs-devel}
80 %{?with_gtk:BuildRequires: gtk+2-devel}
81 %{?with_kerberos5:BuildRequires: heimdal-devel >= 0.7}
82 %{?with_libedit:BuildRequires: libedit-devel}
83 BuildRequires: libseccomp-devel
84 %{?with_selinux:BuildRequires: libselinux-devel}
85 %{?with_ldap:BuildRequires: openldap-devel}
86 BuildRequires: openssl-devel >= 0.9.8f
87 BuildRequires: pam-devel
88 %{?with_gtk:BuildRequires: pkgconfig}
89 BuildRequires: rpm >= 4.4.9-56
90 BuildRequires: rpmbuild(macros) >= 1.627
91 BuildRequires: sed >= 4.0
92 # libseccomp based sandbox requires NO_NEW_PRIVS prctl flag
93 %{?with_tests:BuildRequires: uname(release) >= 3.5}
94 BuildRequires: zlib-devel >= 1.2.3
95 %if %{with tests} && 0%(id -u sshd 2>/dev/null; echo $?)
96 BuildRequires: %{name}-server
98 Requires: zlib >= 1.2.3
99 %if "%{pld_release}" == "ac"
100 Requires: filesystem >= 2.0-1
101 Requires: pam >= 0.79.0
103 Requires: filesystem >= 3.0-11
104 Requires: pam >= %{pam_ver}
105 Suggests: xorg-app-xauth
108 BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
110 %define _sysconfdir /etc/ssh
111 %define _libexecdir %{_libdir}/%{name}
112 %define _privsepdir /usr/share/empty
113 %define schemadir /usr/share/openldap/schema
116 Ssh (Secure Shell) a program for logging into a remote machine and for
117 executing commands in a remote machine. It is intended to replace
118 rlogin and rsh, and provide secure encrypted communications between
119 two untrusted hosts over an insecure network. X11 connections and
120 arbitrary TCP/IP ports can also be forwarded over the secure channel.
122 OpenSSH is OpenBSD's rework of the last free version of SSH, bringing
123 it up to date in terms of security and features, as well as removing
124 all patented algorithms to seperate libraries (OpenSSL).
126 This package includes the core files necessary for both the OpenSSH
127 client and server. To make this package useful, you should also
128 install openssh-clients, openssh-server, or both.
131 This release includes High Performance SSH/SCP patches from
132 http://www.psc.edu/networking/projects/hpn-ssh/ which are supposed to
133 increase throughput on fast connections with high RTT (20-150 msec).
134 See the website for '-w' values for your connection and /proc/sys TCP
135 values. BTW. in a LAN you have got generally RTT < 1 msec.
138 %description -l de.UTF-8
139 OpenSSH (Secure Shell) stellt den Zugang zu anderen Rechnern her. Es
140 ersetzt telnet, rlogin, rexec und rsh und stellt eine sichere,
141 verschlüsselte Verbindung zwischen zwei nicht vertrauenswürdigen Hosts
142 über eine unsicheres Netzwerk her. X11 Verbindungen und beliebige
143 andere TCP/IP Ports können ebenso über den sicheren Channel
144 weitergeleitet werden.
146 %description -l es.UTF-8
147 SSH es un programa para accesar y ejecutar órdenes en computadores
148 remotos. Sustituye rlogin y rsh, y suministra un canal de comunicación
149 seguro entre dos servidores en una red insegura. Conexiones X11 y
150 puertas TCP/IP arbitrárias también pueden ser usadas por el canal
153 OpenSSH es el resultado del trabajo del equipo de OpenBSD para
154 continuar la última versión gratuita de SSH, actualizándolo en
155 términos de seguridad y recursos,así también eliminando todos los
156 algoritmos patentados y colocándolos en bibliotecas separadas
159 Este paquete contiene "port" para Linux de OpenSSH. Se debe instalar
160 también el paquete openssh-clients u openssh-server o ambos.
162 %description -l fr.UTF-8
163 OpenSSH (Secure Shell) fournit un accès à un système distant. Il
164 remplace telnet, rlogin, rexec et rsh, tout en assurant des
165 communications cryptées securisées entre deux hôtes non fiabilisés sur
166 un réseau non sécurisé. Des connexions X11 et des ports TCP/IP
167 arbitraires peuvent également être transmis sur le canal sécurisé.
169 %description -l it.UTF-8
170 OpenSSH (Secure Shell) fornisce l'accesso ad un sistema remoto.
171 Sostituisce telnet, rlogin, rexec, e rsh, e fornisce comunicazioni
172 sicure e crittate tra due host non fidati su una rete non sicura. Le
173 connessioni X11 ad una porta TCP/IP arbitraria possono essere
174 inoltrate attraverso un canale sicuro.
176 %description -l pl.UTF-8
177 Ssh (Secure Shell) to program służący do logowania się na zdalną
178 maszynę i uruchamiania na niej aplikacji. W zamierzeniu openssh ma
179 zastąpić rlogin, rsh i dostarczyć bezpieczne, szyfrowane połączenie
180 pomiędzy dwoma hostami.
182 Ten pakiet zawiera podstawowe pliki potrzebne zarówno po stronie
183 klienta jak i serwera OpenSSH. Aby był użyteczny, trzeba zainstalować
184 co najmniej jeden z pakietów: openssh-clients lub openssh-server.
187 Ta wersja zawiera łaty z projektu High Performance SSH/SCP
188 http://www.psc.edu/networking/projects/hpn-ssh/, które mają na celu
189 zwiększenie przepustowości transmisji dla szybkich połączeń z dużym
190 RTT (20-150 msec). Na stronie projektu znaleźć można odpowednie dla
191 danego połączenia wartości parametru '-w' oraz opcje /proc/sys dla
192 TCP. Nawiasem mówiąc w sieciach LAN RTT < 1 msec.
195 %description -l pt.UTF-8
196 OpenSSH (Secure Shell) fornece acesso a um sistema remoto. Substitui o
197 telnet, rlogin, rexec, e o rsh e fornece comunicações seguras e
198 cifradas entre duas máquinas sem confiança mútua sobre uma rede
199 insegura. Ligações X11 e portos TCP/IP arbitrários também poder ser
200 reenviados pelo canal seguro.
202 %description -l pt_BR.UTF-8
203 SSH é um programa para acessar e executar comandos em máquinas
204 remotas. Ele substitui rlogin e rsh, e provem um canal de comunicação
205 seguro entre dois hosts em uma rede insegura. Conexões X11 e portas
206 TCP/IP arbitrárias também podem ser usadas pelo canal seguro.
208 OpenSSH é o resultado do trabalho da equipe do OpenBSD em continuar a
209 última versão gratuita do SSH, atualizando-o em termos de segurança e
210 recursos, assim como removendo todos os algoritmos patenteados e
211 colocando-os em bibliotecas separadas (OpenSSL).
213 Esse pacote contém o "port" pra Linux do OpenSSH. Você deve instalar
214 também ou o pacote openssh-clients, ou o openssh-server, ou ambos.
216 %description -l ru.UTF-8
217 Ssh (Secure Shell) - это программа для "захода" (login) на удаленную
218 машину и для выполнения команд на удаленной машине. Она предназначена
219 для замены rlogin и rsh и обеспечивает безопасную шифрованную
220 коммуникацию между двумя хостами в сети, являющейся небезопасной.
221 Соединения X11 и любые порты TCP/IP могут также быть проведены через
224 OpenSSH - это переделка командой разработчиков OpenBSD последней
225 свободной версии SSH, доведенная до современного состояния в терминах
226 уровня безопасности и поддерживаемых возможностей. Все патентованные
227 алгоритмы вынесены в отдельные библиотеки (OpenSSL).
229 Этот пакет содержит файлы, необходимые как для клиента, так и для
230 сервера OpenSSH. Вам нужно будет установить еще openssh-clients,
231 openssh-server, или оба пакета.
233 %description -l uk.UTF-8
234 Ssh (Secure Shell) - це програма для "заходу" (login) до віддаленої
235 машини та для виконання команд на віддаленій машині. Вона призначена
236 для заміни rlogin та rsh і забезпечує безпечну шифровану комунікацію
237 між двома хостами в мережі, яка не є безпечною. З'єднання X11 та
238 довільні порти TCP/IP можуть також бути проведені через безпечний
241 OpenSSH - це переробка командою розробників OpenBSD останньої вільної
242 версії SSH, доведена до сучасного стану в термінах рівня безпеки та
243 підтримуваних можливостей. Всі патентовані алгоритми винесені до
244 окремих бібліотек (OpenSSL).
246 Цей пакет містить файли, необхідні як для клієнта, так і для сервера
247 OpenSSH. Вам потрібно буде ще встановити openssh-clients,
248 openssh-server, чи обидва пакети.
251 Summary: OpenSSH Secure Shell protocol clients
252 Summary(es.UTF-8): Clientes de OpenSSH
253 Summary(pl.UTF-8): Klienci protokołu Secure Shell
254 Summary(pt_BR.UTF-8): Clientes do OpenSSH
255 Summary(ru.UTF-8): OpenSSH - клиенты протокола Secure Shell
256 Summary(uk.UTF-8): OpenSSH - клієнти протоколу Secure Shell
257 Group: Applications/Networking
259 Provides: ssh-clients
260 Obsoletes: ssh-clients
261 %requires_eq_to openssl openssl-devel
264 Ssh (Secure Shell) a program for logging into a remote machine and for
265 executing commands in a remote machine. It is intended to replace
266 rlogin and rsh, and provide secure encrypted communications between
267 two untrusted hosts over an insecure network. X11 connections and
268 arbitrary TCP/IP ports can also be forwarded over the secure channel.
270 OpenSSH is OpenBSD's rework of the last free version of SSH, bringing
271 it up to date in terms of security and features, as well as removing
272 all patented algorithms to seperate libraries (OpenSSL).
274 This package includes the clients necessary to make encrypted
275 connections to SSH servers.
277 %description clients -l es.UTF-8
278 Este paquete incluye los clientes que se necesitan para hacer
279 conexiones codificadas con servidores SSH.
281 %description clients -l pl.UTF-8
282 Ssh (Secure Shell) to program służący do logowania się na zdalną
283 maszynę i uruchamiania na niej aplikacji. W zamierzeniu openssh ma
284 zastąpić rlogin, rsh i dostarczyć bezpieczne, szyfrowane połączenie
285 pomiędzy dwoma hostami.
287 Ten pakiet zawiera klientów służących do łączenia się z serwerami SSH.
289 %description clients -l pt_BR.UTF-8
290 Esse pacote inclui os clientes necessários para fazer conexões
291 encriptadas com servidores SSH.
293 %description clients -l ru.UTF-8
294 Ssh (Secure Shell) - это программа для "захода" (login) на удаленную
295 машину и для выполнения команд на удаленной машине.
297 Этот пакет содержит программы-клиенты, необходимые для установления
298 зашифрованных соединений с серверами SSH.
300 %description clients -l uk.UTF-8
301 Ssh (Secure Shell) - це програма для "заходу" (login) до віддаленої
302 машини та для виконання команд на віддаленій машині.
304 Цей пакет містить програми-клієнти, необхідні для встановлення
305 зашифрованих з'єднань з серверами SSH.
307 %package clients-agent-profile_d
308 Summary: OpenSSH Secure Shell agent init script
309 Summary(pl.UTF-8): Skrypt startowy agenta OpenSSH
310 Group: Applications/Networking
311 Requires: %{name}-clients = %{epoch}:%{version}-%{release}
313 %description clients-agent-profile_d
314 profile.d scripts for starting SSH agent.
316 %description clients-agent-profile_d -l pl.UTF-8
317 Skrypty profile.d do uruchamiania agenta SSH.
319 %package clients-agent-xinitrc
320 Summary: OpenSSH Secure Shell agent init script
321 Summary(pl.UTF-8): Skrypt inicjujący agenta ssh przez xinitrc
322 Group: Applications/Networking
323 Requires: %{name}-clients-agent-profile_d = %{epoch}:%{version}-%{release}
326 %description clients-agent-xinitrc
327 xinitrc scripts for starting SSH agent.
329 %description clients-agent-xinitrc -l pl.UTF-8
330 Skrypty xinitrc do uruchamiania agenta SSH.
333 Summary: OpenSSH Secure Shell protocol server (sshd)
334 Summary(de.UTF-8): OpenSSH Secure Shell Protocol-Server (sshd)
335 Summary(es.UTF-8): Servidor OpenSSH para comunicaciones codificadas
336 Summary(fr.UTF-8): Serveur de protocole du shell sécurisé OpenSSH (sshd)
337 Summary(it.UTF-8): Server OpenSSH per il protocollo Secure Shell (sshd)
338 Summary(pl.UTF-8): Serwer protokołu Secure Shell (sshd)
339 Summary(pt.UTF-8): Servidor do protocolo 'Secure Shell' OpenSSH (sshd)
340 Summary(pt_BR.UTF-8): Servidor OpenSSH para comunicações encriptadas
341 Summary(ru.UTF-8): OpenSSH - сервер протокола Secure Shell (sshd)
342 Summary(uk.UTF-8): OpenSSH - сервер протоколу Secure Shell (sshd)
343 Group: Networking/Daemons
344 Requires(post): /sbin/chkconfig
346 Requires(post,preun): /sbin/chkconfig
347 Requires(postun): /usr/sbin/userdel
348 Requires(pre): /bin/id
349 Requires(pre): /usr/sbin/useradd
350 Requires(post,preun,postun): systemd-units >= 38
351 Requires: %{name} = %{epoch}:%{version}-%{release}
352 Requires: pam >= %{pam_ver}
353 Requires: rc-scripts >= 0.4.3.0
354 Requires: systemd-units >= 38
356 %{?with_ldap:Suggests: %{name}-server-ldap}
358 Suggests: xorg-app-xauth
361 %requires_eq_to openssl openssl-devel
364 Ssh (Secure Shell) a program for logging into a remote machine and for
365 executing commands in a remote machine. It is intended to replace
366 rlogin and rsh, and provide secure encrypted communications between
367 two untrusted hosts over an insecure network. X11 connections and
368 arbitrary TCP/IP ports can also be forwarded over the secure channel.
370 OpenSSH is OpenBSD's rework of the last free version of SSH, bringing
371 it up to date in terms of security and features, as well as removing
372 all patented algorithms to seperate libraries (OpenSSL).
374 This package contains the secure shell daemon. The sshd is the server
375 part of the secure shell protocol and allows ssh clients to connect to
378 %description server -l de.UTF-8
379 Dieses Paket installiert den sshd, den Server-Teil der OpenSSH.
381 %description server -l es.UTF-8
382 Este paquete contiene el servidor SSH. sshd es la parte servidor del
383 protocolo secure shell y permite que clientes ssh se conecten a su
386 %description server -l fr.UTF-8
387 Ce paquetage installe le 'sshd', partie serveur de OpenSSH.
389 %description server -l it.UTF-8
390 Questo pacchetto installa sshd, il server di OpenSSH.
392 %description server -l pl.UTF-8
393 Ssh (Secure Shell) to program służący do logowania się na zdalną
394 maszynę i uruchamiania na niej aplikacji. W zamierzeniu openssh ma
395 zastąpić rlogin, rsh i dostarczyć bezpieczne, szyfrowane połączenie
396 pomiędzy dwoma hostami.
398 Ten pakiet zawiera serwer sshd (do którego mogą łączyć się klienci
401 %description server -l pt.UTF-8
402 Este pacote intala o sshd, o servidor do OpenSSH.
404 %description server -l pt_BR.UTF-8
405 Esse pacote contém o servidor SSH. O sshd é a parte servidor do
406 protocolo secure shell e permite que clientes ssh se conectem ao seu
409 %description server -l ru.UTF-8
410 Ssh (Secure Shell) - это программа для "захода" (login) на удаленную
411 машину и для выполнения команд на удаленной машине.
413 Этот пакет содержит sshd - "демон" Secure Shell. sshd - это серверная
414 часть протокола Secure Shell, позволяющая клиентам ssh соединяться с
417 %description server -l uk.UTF-8
418 Ssh (Secure Shell) - це програма для "заходу" (login) до віддаленої
419 машини та для виконання команд на віддаленій машині.
421 Цей пакет містить sshd - "демон" Secure Shell. sshd - це серверна
422 частина протоколу Secure Shell, яка дозволяє клієнтам ssh зв'язуватись
426 Summary: A LDAP support for open source SSH server daemon
427 Summary(pl.UTF-8): Wsparcie LDAP dla serwera OpenSSH
429 Requires: %{name} = %{epoch}:%{version}-%{release}
430 Requires: openldap-nss-config
432 %description server-ldap
433 OpenSSH LDAP backend is a way how to distribute the authorized tokens
434 among the servers in the network.
436 %description server-ldap -l pl.UTF-8
437 Backend LDAP dla OpenSSH to metoda rozprowadzania autoryzowanych
438 tokenów między serwerami w sieci.
440 %package server-upstart
441 Summary: Upstart job description for OpenSSH server
442 Summary(pl.UTF-8): Opis zadania Upstart dla serwera OpenSSH
444 Requires: %{name}-server = %{epoch}:%{version}-%{release}
445 Requires: upstart >= 0.6
446 Conflicts: syslog-ng < 3.2.4-1
448 %description server-upstart
449 Upstart job description for OpenSSH.
451 %description server-upstart -l pl.UTF-8
452 Opis zadania Upstart dla OpenSSH.
454 %package gnome-askpass
455 Summary: OpenSSH GNOME passphrase dialog
456 Summary(de.UTF-8): OpenSSH GNOME Passwort-Dialog
457 Summary(es.UTF-8): Diálogo para introducción de passphrase para GNOME
458 Summary(fr.UTF-8): Dialogue pass-phrase GNOME d'OpenSSH
459 Summary(it.UTF-8): Finestra di dialogo GNOME per la frase segreta di OpenSSH
460 Summary(pl.UTF-8): Odpytywacz hasła OpenSSH dla GNOME
461 Summary(pt.UTF-8): Diálogo de pedido de senha para GNOME do OpenSSH
462 Summary(pt_BR.UTF-8): Diálogo para entrada de passphrase para GNOME
463 Summary(ru.UTF-8): OpenSSH - диалог ввода ключевой фразы (passphrase) для GNOME
464 Summary(uk.UTF-8): OpenSSH - діалог вводу ключової фрази (passphrase) для GNOME
465 Group: Applications/Networking
466 Requires: %{name} = %{epoch}:%{version}-%{release}
467 Obsoletes: openssh-askpass
468 Obsoletes: ssh-askpass
469 Obsoletes: ssh-extras
471 %description gnome-askpass
472 Ssh (Secure Shell) a program for logging into a remote machine and for
473 executing commands in a remote machine. It is intended to replace
474 rlogin and rsh, and provide secure encrypted communications between
475 two untrusted hosts over an insecure network. X11 connections and
476 arbitrary TCP/IP ports can also be forwarded over the secure channel.
478 OpenSSH is OpenBSD's rework of the last free version of SSH, bringing
479 it up to date in terms of security and features, as well as removing
480 all patented algorithms to seperate libraries (OpenSSL).
482 This package contains the GNOME passphrase dialog.
484 %description gnome-askpass -l es.UTF-8
485 Este paquete contiene un programa que abre una caja de diálogo para
486 entrada de passphrase en GNOME.
488 %description gnome-askpass -l pl.UTF-8
489 Ssh (Secure Shell) to program służący do logowania się na zdalną
490 maszynę i uruchamiania na niej aplikacji. W zamierzeniu openssh ma
491 zastąpić rlogin, rsh i dostarczyć bezpieczne, szyfrowane połączenie
492 pomiędzy dwoma hostami.
494 Ten pakiet zawiera ,,odpytywacz hasła'' dla GNOME.
496 %description gnome-askpass -l pt_BR.UTF-8
497 Esse pacote contém um programa que abre uma caixa de diálogo para
498 entrada de passphrase no GNOME.
500 %description gnome-askpass -l ru.UTF-8
501 Ssh (Secure Shell) - это программа для "захода" (login) на удаленную
502 машину и для выполнения команд на удаленной машине.
504 Этот пакет содержит диалог ввода ключевой фразы для использования под
507 %description gnome-askpass -l uk.UTF-8
508 Ssh (Secure Shell) - це програма для "заходу" (login) до віддаленої
509 машини та для виконання команд на віддаленій машині.
511 Цей пакет містить діалог вводу ключової фрази для використання під
514 %package -n openldap-schema-openssh-lpk
515 Summary: OpenSSH LDAP Public Key schema
516 Summary(pl.UTF-8): Schemat klucza publicznego LDAP dla OpenSSH
517 Group: Networking/Daemons
518 Requires(post,postun): sed >= 4.0
519 Requires: openldap-servers
520 %if "%{_rpmversion}" >= "5"
524 %description -n openldap-schema-openssh-lpk
525 This package contains OpenSSH LDAP Public Key schema for openldap.
527 %description -n openldap-schema-openssh-lpk -l pl.UTF-8
528 Ten pakiet zawiera schemat klucza publicznego LDAP dla OpenSSH dla
542 %{?with_hpn:%patch9 -p1}
547 %{!?with_ldap:%patch15 -p1}
550 %if "%{pld_release}" == "ac"
551 # fix for missing x11.pc
552 %{__sed} -i -e 's/\(`$(PKG_CONFIG) --libs gtk+-2.0\) x11`/\1` -lX11/' contrib/Makefile
555 # hack since arc4random from openbsd-compat needs symbols from libssh and vice versa
556 sed -i -e 's#-lssh -lopenbsd-compat#-lssh -lopenbsd-compat -lssh#g' Makefile*
558 grep -rl /usr/libexec/openssh/ssh-ldap-helper . | xargs \
559 %{__sed} -i -e 's,/usr/libexec/openssh/ssh-ldap-helper,%{_libexecdir}/ssh-ldap-helper,'
562 cp /usr/share/automake/config.sub .
566 CPPFLAGS="%{rpmcppflags} -DCHROOT -std=gnu99"
573 %{?with_audit:--with-audit=linux} \
574 --with-ipaddr-display \
575 %{?with_kerberos5:--with-kerberos5=/usr} \
576 --with-ldap%{!?with_ldap:=no} \
577 %{?with_libedit:--with-libedit} \
579 --with-md5-passwords \
581 --with-pid-dir=%{_localstatedir}/run \
582 --with-privsep-path=%{_privsepdir} \
583 --with-privsep-user=sshd \
584 %if "%{pld_release}" != "ac"
585 --with-sandbox=libseccomp_filter \
587 %{?with_selinux:--with-selinux} \
588 %if "%{pld_release}" == "ac"
589 --with-xauth=/usr/X11R6/bin/xauth
591 --with-xauth=%{_bindir}/xauth
594 echo '#define LOGIN_PROGRAM "/bin/login"' >>config.h
598 %{?with_tests:%{__make} tests}
602 %{__make} gnome-ssh-askpass1 \
603 CC="%{__cc} %{rpmldflags} %{rpmcflags}"
606 %{__make} gnome-ssh-askpass2 \
607 CC="%{__cc} %{rpmldflags} %{rpmcflags}"
611 rm -rf $RPM_BUILD_ROOT
612 install -d $RPM_BUILD_ROOT{%{_sysconfdir},/etc/{init,pam.d,rc.d/init.d,sysconfig,security,env.d}} \
613 $RPM_BUILD_ROOT{%{_libexecdir}/ssh,%{schemadir},%{systemdunitdir}}
614 install -d $RPM_BUILD_ROOT/etc/{profile.d,X11/xinit/xinitrc.d}
617 DESTDIR=$RPM_BUILD_ROOT
619 bzip2 -dc %{SOURCE1} | tar xf - -C $RPM_BUILD_ROOT%{_mandir}
621 install -p %{SOURCE2} $RPM_BUILD_ROOT/etc/rc.d/init.d/sshd
622 cp -p %{SOURCE3} $RPM_BUILD_ROOT/etc/pam.d/sshd
623 cp -p %{SOURCE4} $RPM_BUILD_ROOT/etc/sysconfig/sshd
624 cp -p %{SOURCE5} $RPM_BUILD_ROOT/etc/profile.d
625 ln -sf /etc/profile.d/ssh-agent.sh $RPM_BUILD_ROOT/etc/X11/xinit/xinitrc.d/ssh-agent.sh
626 cp -p %{SOURCE6} $RPM_BUILD_ROOT%{_sysconfdir}
627 cp -p %{SOURCE7} $RPM_BUILD_ROOT%{schemadir}
628 cp -p %{SOURCE8} $RPM_BUILD_ROOT/etc/init/sshd.conf
630 cp -p %{SOURCE9} %{SOURCE11} %{SOURCE12} $RPM_BUILD_ROOT%{systemdunitdir}
631 install -p %{SOURCE10} $RPM_BUILD_ROOT%{_libexecdir}/sshd-keygen
633 %{__sed} -e 's|@@LIBEXECDIR@@|%{_libexecdir}|g' \
634 $RPM_BUILD_ROOT%{systemdunitdir}/sshd.service \
635 $RPM_BUILD_ROOT%{_libexecdir}/sshd-keygen
638 install -p contrib/gnome-ssh-askpass1 $RPM_BUILD_ROOT%{_libexecdir}/ssh/ssh-askpass
641 install -p contrib/gnome-ssh-askpass2 $RPM_BUILD_ROOT%{_libexecdir}/ssh/ssh-askpass
643 %if %{with gnome} || %{with gtk}
644 cat << 'EOF' >$RPM_BUILD_ROOT/etc/env.d/GNOME_SSH_ASKPASS_GRAB_SERVER
645 #GNOME_SSH_ASKPASS_GRAB_SERVER="true"
647 cat << 'EOF' >$RPM_BUILD_ROOT/etc/env.d/GNOME_SSH_ASKPASS_GRAB_POINTER
648 #GNOME_SSH_ASKPASS_GRAB_POINTER="true"
650 ln -s %{_libexecdir}/ssh/ssh-askpass $RPM_BUILD_ROOT%{_libexecdir}/ssh-askpass
653 install -p contrib/ssh-copy-id $RPM_BUILD_ROOT%{_bindir}
654 cp -p contrib/ssh-copy-id.1 $RPM_BUILD_ROOT%{_mandir}/man1
656 %{__rm} $RPM_BUILD_ROOT%{_mandir}/man1/slogin.1
657 echo ".so ssh.1" > $RPM_BUILD_ROOT%{_mandir}/man1/slogin.1
659 touch $RPM_BUILD_ROOT/etc/security/blacklist.sshd
661 cat << 'EOF' > $RPM_BUILD_ROOT/etc/env.d/SSH_ASKPASS
662 #SSH_ASKPASS="%{_libexecdir}/ssh-askpass"
665 %if "%{pld_release}" == "ac"
666 # not present in ac, no point searching it
667 %{__sed} -i -e '/pam_keyinit.so/d' $RPM_BUILD_ROOT/etc/pam.d/sshd
668 # openssl on ac does not have OPENSSL_HAS_ECC
669 %{__sed} -i -e '/ecdsa/d' $RPM_BUILD_ROOT%{_libexecdir}/sshd-keygen
673 # remove recording user's login uid to the process attribute
674 %{__sed} -i -e '/pam_loginuid.so/d' $RPM_BUILD_ROOT/etc/pam.d/sshd
677 %{__rm} $RPM_BUILD_ROOT%{_mandir}/README.openssh-non-english-man-pages
678 %{?with_ldap:%{__rm} $RPM_BUILD_ROOT%{_sysconfdir}/ldap.conf}
681 rm -rf $RPM_BUILD_ROOT
692 %postun gnome-askpass
696 %useradd -P %{name}-server -u 40 -d %{_privsepdir} -s /bin/false -c "OpenSSH PrivSep User" -g nobody sshd
699 /sbin/chkconfig --add sshd
700 %service sshd reload "OpenSSH Daemon"
702 %systemd_post sshd.service
705 if [ "$1" = "0" ]; then
707 /sbin/chkconfig --del sshd
709 %systemd_preun sshd.service
712 if [ "$1" = "0" ]; then
717 %triggerpostun server -- %{name}-server < 6.2p1-1
718 cp -f %{_sysconfdir}/sshd_config{,.rpmorig}
719 sed -i -e 's#AuthorizedKeysCommandRunAs#AuthorizedKeysCommandUser##g' %{_sysconfdir}/sshd_config
721 %triggerpostun server -- %{name}-server < 2:5.9p1-8
722 # lpk.patch to ldap.patch
723 if grep -qE '^(UseLPK|Lpk)' %{_sysconfdir}/sshd_config; then
724 echo >&2 "Migrating LPK patch to LDAP patch"
725 cp -f %{_sysconfdir}/sshd_config{,.rpmorig}
727 # disable old configs
728 # just UseLPK/LkpLdapConf supported for now
729 s/^\s*UseLPK/## Obsolete &/
730 s/^\s*Lpk/## Obsolete &/
731 # Enable new ones, assumes /etc/ldap.conf defaults, see HOWTO.ldap-keys
732 /UseLPK/iAuthorizedKeysCommand %{_libexecdir}/ssh-ldap-wrapper
733 ' %{_sysconfdir}/sshd_config
734 if [ ! -x /bin/systemd_booted ] || ! /bin/systemd_booted; then
735 /bin/systemctl try-restart sshd.service || :
737 %service -q sshd reload
740 %systemd_trigger sshd.service
741 if [ -x /bin/systemd_booted ] && /bin/systemd_booted; then
742 %banner %{name}-server -e << EOF
743 !!!!!!!!!!!!!!!!!!!!!!! WARNING !!!!!!!!!!!!!!!!!!!!!!!!!
744 ! Native systemd support for sshd has been installed. !
745 ! Restarting sshd.service with systemctl WILL kill all !
746 ! active ssh sessions (daemon as such will be started). !
747 !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
754 %postun server-upstart
757 %post -n openldap-schema-openssh-lpk
758 %openldap_schema_register %{schemadir}/openssh-lpk.schema
759 %service -q ldap restart
761 %postun -n openldap-schema-openssh-lpk
762 if [ "$1" = "0" ]; then
763 %openldap_schema_unregister %{schemadir}/openssh-lpk.schema
764 %service -q ldap restart
768 %defattr(644,root,root,755)
769 %doc TODO README OVERVIEW CREDITS Change*
770 %attr(755,root,root) %{_bindir}/ssh-key*
771 #%attr(755,root,root) %{_bindir}/ssh-vulnkey*
772 %{_mandir}/man1/ssh-key*.1*
773 #%{_mandir}/man1/ssh-vulnkey*.1*
778 %defattr(644,root,root,755)
779 %attr(755,root,root) %{_bindir}/ssh
780 %attr(755,root,root) %{_bindir}/slogin
781 %attr(755,root,root) %{_bindir}/sftp
782 %attr(755,root,root) %{_bindir}/ssh-agent
783 %attr(755,root,root) %{_bindir}/ssh-add
784 %attr(755,root,root) %{_bindir}/ssh-copy-id
785 %attr(755,root,root) %{_bindir}/scp
786 %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/ssh_config
787 %config(noreplace,missingok) %verify(not md5 mtime size) /etc/env.d/SSH_ASKPASS
788 %{_mandir}/man1/scp.1*
789 %{_mandir}/man1/ssh.1*
790 %{_mandir}/man1/slogin.1*
791 %{_mandir}/man1/sftp.1*
792 %{_mandir}/man1/ssh-agent.1*
793 %{_mandir}/man1/ssh-add.1*
794 %{_mandir}/man1/ssh-copy-id.1*
795 %{_mandir}/man5/ssh_config.5*
796 %lang(it) %{_mandir}/it/man1/ssh.1*
797 %lang(it) %{_mandir}/it/man5/ssh_config.5*
798 %lang(pl) %{_mandir}/pl/man1/scp.1*
799 %lang(zh_CN) %{_mandir}/zh_CN/man1/scp.1*
801 # for host-based auth (suid required for accessing private host key)
802 #%attr(4755,root,root) %{_libexecdir}/ssh-keysign
803 #%{_mandir}/man8/ssh-keysign.8*
805 %files clients-agent-profile_d
806 %defattr(644,root,root,755)
807 %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/ssh-agent.conf
808 %attr(755,root,root) /etc/profile.d/ssh-agent.sh
810 %files clients-agent-xinitrc
811 %defattr(644,root,root,755)
812 %attr(755,root,root) /etc/X11/xinit/xinitrc.d/ssh-agent.sh
815 %defattr(644,root,root,755)
816 %attr(755,root,root) %{_sbindir}/sshd
817 %attr(755,root,root) %{_libexecdir}/sftp-server
818 %attr(755,root,root) %{_libexecdir}/ssh-keysign
819 %attr(755,root,root) %{_libexecdir}/ssh-pkcs11-helper
820 %attr(755,root,root) %{_libexecdir}/sshd-keygen
821 %{_mandir}/man8/sshd.8*
822 %{_mandir}/man8/sftp-server.8*
823 %{_mandir}/man8/ssh-keysign.8*
824 %{_mandir}/man8/ssh-pkcs11-helper.8*
825 %{_mandir}/man5/sshd_config.5*
826 %{_mandir}/man5/moduli.5*
827 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/sshd_config
828 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/pam.d/sshd
829 %attr(640,root,root) %{_sysconfdir}/moduli
830 %attr(754,root,root) /etc/rc.d/init.d/sshd
831 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/sysconfig/sshd
832 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/security/blacklist.sshd
833 %{systemdunitdir}/sshd.service
834 %{systemdunitdir}/sshd.socket
835 %{systemdunitdir}/sshd@.service
839 %defattr(644,root,root,755)
840 %doc HOWTO.ldap-keys ldap.conf
841 %attr(755,root,root) %{_libexecdir}/ssh-ldap-helper
842 %attr(755,root,root) %{_libexecdir}/ssh-ldap-wrapper
843 %{_mandir}/man5/ssh-ldap.conf.5*
844 %{_mandir}/man8/ssh-ldap-helper.8*
847 %if %{with gnome} || %{with gtk}
849 %defattr(644,root,root,755)
850 %config(noreplace,missingok) %verify(not md5 mtime size) /etc/env.d/GNOME_SSH_ASKPASS*
851 %dir %{_libexecdir}/ssh
852 %attr(755,root,root) %{_libexecdir}/ssh/ssh-askpass
853 %attr(755,root,root) %{_libexecdir}/ssh-askpass
857 %files -n openldap-schema-openssh-lpk
858 %defattr(644,root,root,755)
859 %{schemadir}/openssh-lpk.schema
862 %if "%{pld_release}" != "ti"
863 %files server-upstart
864 %defattr(644,root,root,755)
865 %config(noreplace) %verify(not md5 mtime size) /etc/init/sshd.conf