#
# Conditional build:
-# _without_gnome - without gnome-askpass utility
-# _without_gtk - without gtk (2.x)
-# _with_ldap - with ldap support
-# _with_kerberos5 - with kerberos5 support
+%bcond_without chroot # without chrooted user environment support
+%bcond_with gnome # with gnome-askpass (GNOME 1.x) utility
+%bcond_without gtk # without GTK+ (2.x)
+%bcond_with ldap # with ldap support
+%bcond_without libedit # without libedit (editline/history support in sftp client)
+%bcond_without kerberos5 # without kerberos5 support
+%bcond_without selinux # build without SELinux support
+%bcond_with sshagentsh # with system-wide script for starting ssh-agent
#
-# default to gtk2-based gnome-askpass
-
-%define orig_ver 3.7.1p2
-
-%{!?_without_gtk:%define _without_gnome 1}
+# gtk2-based gnome-askpass means no gnome1-based
+%{?with_gtk:%undefine with_gnome}
Summary: OpenSSH free Secure Shell (SSH) implementation
Summary(de): OpenSSH - freie Implementation der Secure Shell (SSH)
Summary(es): Implementación libre de SSH
Summary(ru): OpenSSH - Ó×ÏÂÏÄÎÁÑ ÒÅÁÌÉÚÁÃÉÑ ÐÒÏÔÏËÏÌÁ Secure Shell (SSH)
Summary(uk): OpenSSH - צÌØÎÁ ÒÅÁ̦ÚÁÃ¦Ñ ÐÒÏÔÏËÏÌÕ Secure Shell (SSH)
Name: openssh
-Version: 3.7.1p2
-Release: 3
+Version: 4.0p1
+Release: 2
Epoch: 2
License: BSD
Group: Applications/Networking
-Source0: ftp://ftp.ca.openbsd.org/pub/OpenBSD/OpenSSH/portable/%{name}-%{orig_ver}.tar.gz
-# Source0-md5: 61cf5b059938718308836d00f6764a94
+Source0: ftp://ftp.ca.openbsd.org/pub/OpenBSD/OpenSSH/portable/%{name}-%{version}.tar.gz
+# Source0-md5: 7b36f28fc16e1b7f4ba3c1dca191ac92
Source1: %{name}d.conf
Source2: %{name}.conf
Source3: %{name}d.init
Source4: %{name}d.pamd
Source5: %{name}.sysconfig
Source6: passwd.pamd
-Source7: %{name}-askpass.sh
-Source8: %{name}-askpass.csh
-Source9: http://www.imasy.or.jp/~gotoh/ssh/connect.c
-# NoSource9-md5: c78de727e1208799072be78c05d64398
-Source10: http://www.imasy.or.jp/~gotoh/ssh/connect.html
-# NoSource10-md5: f14cb61fafd067a3f5ce4eaa9643bf05
+Source7: http://www.mif.pg.gda.pl/homepages/ankry/man-PLD/openssh-non-english-man-pages.tar.bz2
+# Source7-md5: 66943d481cc422512b537bcc2c7400d1
+Source9: http://www.taiyo.co.jp/~gotoh/ssh/connect.c
+# NoSource9-md5: e1c3cbed88f08ea778d90813d48cd428
+Source10: http://www.taiyo.co.jp/~gotoh/ssh/connect.html
+# NoSource10-md5: ec74f3e3b2ea3a7dc84c7988235b6fcf
+Source11: ssh-agent.sh
+Source12: ssh-agent.conf
Patch0: %{name}-no_libnsl.patch
Patch2: %{name}-linux-ipv6.patch
Patch3: %{name}-pam_misc.patch
Patch4: %{name}-sigpipe.patch
-# http://ldappubkey.gcu-squad.org/
-Patch5: ldappubkey-ossh3.6-v2.patch
+# http://www.opendarwin.org/projects/openssh-lpk/
+Patch5: %{name}-lpk-4.0p1-0.3.patch
Patch6: %{name}-heimdal.patch
Patch7: %{name}-pam-conv.patch
+# http://chrootssh.sourceforge.net/download/osshChroot-3.7.1p2.diff
+Patch8: %{name}-chroot.patch
+Patch9: %{name}-selinux.patch
+Patch10: %{name}-selinux-pld.patch
URL: http://www.openssh.com/
BuildRequires: autoconf
BuildRequires: automake
-%{!?_without_gnome:BuildRequires: gnome-libs-devel}
-%{!?_without_gtk:BuildRequires: gtk+2-devel}
+%{?with_gnome:BuildRequires: gnome-libs-devel}
+%{?with_gtk:BuildRequires: gtk+2-devel}
+%{?with_kerberos5:BuildRequires: heimdal-devel}
+%{?with_libedit:BuildRequires: libedit-devel}
+%{?with_selinux:BuildRequires: libselinux-devel}
BuildRequires: libwrap-devel
-BuildRequires: openssl-devel >= 0.9.7c
-%{?_with_ldap:BuildRequires: openldap-devel}
-%{?_with_kerberos5:BuildRequires: heimdal-devel}
+%{?with_ldap:BuildRequires: openldap-devel}
+BuildRequires: openssl-devel >= 0.9.7d
BuildRequires: pam-devel
BuildRequires: %{__perl}
-%{!?_without_gtk:BuildRequires: pkgconfig}
+%{?with_gtk:BuildRequires: pkgconfig}
+BuildRequires: rpmbuild(macros) >= 1.159
BuildRequires: zlib-devel
PreReq: FHS >= 2.1-24
-PreReq: openssl >= 0.9.7
+PreReq: openssl >= 0.9.7d
Obsoletes: ssh
BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
Ssh (Secure Shell) to program s³u¿±cy do logowania siê na zdaln±
maszynê i uruchamiania na niej aplikacji. W zamierzeniu openssh ma
zast±piæ rlogin, rsh i dostarczyæ bezpieczne, szyfrowane po³±czenie
-pomiedzy dwoma hostami.
+pomiêdzy dwoma hostami.
Ten pakiet zawiera podstawowe pliki potrzebne zarówno po stronie
klienta jak i serwera OpenSSH. Aby by³ u¿yteczny, trzeba zainstalowaæ
Summary(ru): OpenSSH - ËÌÉÅÎÔÙ ÐÒÏÔÏËÏÌÁ Secure Shell
Summary(uk): OpenSSH - Ë̦¤ÎÔÉ ÐÒÏÔÏËÏÌÕ Secure Shell
Group: Applications/Networking
+Requires: %{name} = %{epoch}:%{version}-%{release}
+%{?with_sshagentsh:Requires: xinitrc}
Provides: ssh-clients
-Requires: %{name} = %{epoch}:%{version}
Obsoletes: ssh-clients
%description clients
Ssh (Secure Shell) to program s³u¿±cy do logowania siê na zdaln±
maszynê i uruchamiania na niej aplikacji. W zamierzeniu openssh ma
zast±piæ rlogin, rsh i dostarczyæ bezpieczne, szyfrowane po³±czenie
-pomiedzy dwoma hostami.
+pomiêdzy dwoma hostami.
Ten pakiet zawiera klientów s³u¿±cych do ³±czenia siê z serwerami SSH.
Summary(ru): OpenSSH - ÓÅÒ×ÅÒ ÐÒÏÔÏËÏÌÁ Secure Shell (sshd)
Summary(uk): OpenSSH - ÓÅÒ×ÅÒ ÐÒÏÔÏËÏÌÕ Secure Shell (sshd)
Group: Networking/Daemons
-PreReq: %{name} = %{epoch}:%{version}
+PreReq: %{name} = %{epoch}:%{version}-%{release}
PreReq: rc-scripts >= 0.3.1-15
Requires(pre): /bin/id
Requires(pre): /usr/sbin/useradd
Requires: /bin/login
Requires: util-linux
Requires: pam >= 0.77.3
+Provides: user(sshd)
Provides: ssh-server
%description server
Ssh (Secure Shell) to program s³u¿±cy do logowania siê na zdaln±
maszynê i uruchamiania na niej aplikacji. W zamierzeniu openssh ma
zast±piæ rlogin, rsh i dostarczyæ bezpieczne, szyfrowane po³±czenie
-pomiedzy dwoma hostami.
+pomiêdzy dwoma hostami.
Ten pakiet zawiera serwer sshd (do którego mog± ³±czyæ siê klienci
ssh).
Summary(ru): OpenSSH - ÄÉÁÌÏÇ ××ÏÄÁ ËÌÀÞÅ×ÏÊ ÆÒÁÚÙ (passphrase) ÄÌÑ GNOME
Summary(uk): OpenSSH - ĦÁÌÏÇ ××ÏÄÕ ËÌÀÞÏ×ϧ ÆÒÁÚÉ (passphrase) ÄÌÑ GNOME
Group: Applications/Networking
-Requires: %{name} = %{epoch}:%{version}
+Requires: %{name} = %{epoch}:%{version}-%{release}
Obsoletes: ssh-extras
Obsoletes: ssh-askpass
Obsoletes: openssh-askpass
Ssh (Secure Shell) to program s³u¿±cy do logowania siê na zdaln±
maszynê i uruchamiania na niej aplikacji. W zamierzeniu openssh ma
zast±piæ rlogin, rsh i dostarczyæ bezpieczne, szyfrowane po³±czenie
-pomiedzy dwoma hostami.
+pomiêdzy dwoma hostami.
Ten pakiet zawiera ,,odpytywacz has³a'' dla GNOME.
GNOME.
%prep
-%setup -q -n %{name}-%{orig_ver}
+%setup -q
%patch0 -p1
%patch2 -p1
%patch3 -p1
-#%patch4 -p1
-%{?_with_ldap:%patch5 -p1}
-%{?_with_kerberos5:%patch6 -p1}
-%patch7 -p1
+%patch4 -p1
+%{?with_ldap:%patch5 -p1}
+%{?with_kerberos5:%patch6 -p1}
+#%patch7 -p1
+%patch8 -p1
+%{?with_selinux:%patch9 -p1}
+%{?with_selinux:%patch10 -p1}
%build
+cp %{_datadir}/automake/config.sub .
%{__aclocal}
%{__autoconf}
-
+%{?with_chroot:CPPFLAGS="-DCHROOT"}
%configure \
PERL=%{__perl} \
+ --with-dns \
--with-pam \
--with-mantype=man \
--with-md5-passwords \
--with-ipaddr-display \
+ %{?with_libedit:--with-libedit} \
--with-4in6 \
--disable-suid-ssh \
--with-tcp-wrappers \
- %{?_with_ldap:--with-libs="-lldap -llber"} \
- %{?_with_ldap:--with-cppflags="-DWITH_LDAP_PUBKEY"} \
- %{?_with_kerberos5:--with-kerberos5} \
+ %{?with_ldap:--with-libs="-lldap -llber"} \
+ %{?with_ldap:--with-cppflags="-DWITH_LDAP_PUBKEY"} \
+ %{?with_kerberos5:--with-kerberos5} \
--with-privsep-path=%{_privsepdir} \
--with-pid-dir=%{_localstatedir}/run \
--with-xauth=/usr/X11R6/bin/xauth
%{__cc} %{rpmcflags} %{rpmldflags} connect.c -o connect
cd contrib
-%if 0%{!?_without_gnome:1}
+%if %{with gnome}
%{__make} gnome-ssh-askpass1 \
CC="%{__cc} %{rpmldflags} %{rpmcflags}"
%endif
-%if 0%{!?_without_gtk:1}
+%if %{with gtk}
%{__make} gnome-ssh-askpass2 \
CC="%{__cc} %{rpmldflags} %{rpmcflags}"
%endif
%install
rm -rf $RPM_BUILD_ROOT
-install -d $RPM_BUILD_ROOT{%{_sysconfdir},/etc/{pam.d,rc.d/init.d,sysconfig,security,profile.d}} \
+install -d $RPM_BUILD_ROOT{%{_sysconfdir},/etc/{pam.d,rc.d/init.d,sysconfig,security,env.d}} \
$RPM_BUILD_ROOT%{_libexecdir}/ssh
+%{?with_sshagentsh:install -d $RPM_BUILD_ROOT/etc/{profile.d,X11/xinit/xinitrc.d}}
%{__make} install \
DESTDIR=$RPM_BUILD_ROOT
-
+
install connect $RPM_BUILD_ROOT%{_bindir}
install %{SOURCE4} $RPM_BUILD_ROOT/etc/pam.d/sshd
install %{SOURCE6} $RPM_BUILD_ROOT/etc/pam.d/passwdssh
install %{SOURCE3} $RPM_BUILD_ROOT/etc/rc.d/init.d/sshd
install %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/ssh_config
install %{SOURCE1} $RPM_BUILD_ROOT%{_sysconfdir}/sshd_config
+%if %{with sshagentsh}
+install %{SOURCE11} $RPM_BUILD_ROOT/etc/profile.d/
+ln -sf /etc/profile.d/ssh-agent.sh $RPM_BUILD_ROOT/etc/X11/xinit/xinitrc.d/ssh-agent.sh
+install %{SOURCE12} $RPM_BUILD_ROOT/etc/ssh/
+%endif
-%if 0%{!?_without_gnome:1}
+bzip2 -dc %{SOURCE7} | tar xf - -C $RPM_BUILD_ROOT%{_mandir}
+
+%if %{with gnome}
install contrib/gnome-ssh-askpass1 $RPM_BUILD_ROOT%{_libexecdir}/ssh/ssh-askpass
%endif
-%if 0%{!?_without_gtk:1}
+%if %{with gtk}
install contrib/gnome-ssh-askpass2 $RPM_BUILD_ROOT%{_libexecdir}/ssh/ssh-askpass
%endif
-%if 0%{!?_without_gnome:1}%{!?_without_gtk:1}
-install %{SOURCE7} %{SOURCE8} $RPM_BUILD_ROOT/etc/profile.d
+%if %{with gnome} || %{with gtk}
+cat << EOF >$RPM_BUILD_ROOT/etc/env.d/GNOME_SSH_ASKPASS_GRAB_SERVER
+#GNOME_SSH_ASKPASS_GRAB_SERVER="true"
+EOF
+cat << EOF >$RPM_BUILD_ROOT/etc/env.d/GNOME_SSH_ASKPASS_GRAB_POINTER
+#GNOME_SSH_ASKPASS_GRAB_POINTER="true"
+EOF
+ln -s %{_libexecdir}/ssh/ssh-askpass $RPM_BUILD_ROOT%{_libexecdir}/ssh-askpass
%endif
rm -f $RPM_BUILD_ROOT%{_mandir}/man1/slogin.1
touch $RPM_BUILD_ROOT/etc/security/blacklist.sshd
+cat << EOF >$RPM_BUILD_ROOT/etc/env.d/SSH_ASKPASS
+#SSH_ASKPASS="%{_libexecdir}/ssh-askpass"
+EOF
+
%clean
rm -rf $RPM_BUILD_ROOT
%pre server
-if [ -n "`id -u sshd 2>/dev/null`" ]; then
- if [ "`id -u sshd`" != "40" ]; then
+if [ -n "`/bin/id -u sshd 2>/dev/null`" ]; then
+ if [ "`/bin/id -u sshd`" != "40" ]; then
echo "Error: user sshd doesn't have uid=40. Correct this before installing ssh server." 1>&2
exit 1
fi
else
- /usr/sbin/useradd -u 40 -d %{_privsepdir} -s /bin/false -M -r -c "OpenSSH PrivSep User" -g nobody sshd 1>&2
+ /usr/sbin/useradd -u 40 -d %{_privsepdir} -s /bin/false -c "OpenSSH PrivSep User" -g nobody sshd 1>&2
fi
%post server
%postun server
if [ "$1" = "0" ]; then
- /usr/sbin/userdel sshd
+ %userremove sshd
fi
%files
%attr(755,root,root) %{_bindir}/ssh-key*
%{_mandir}/man1/ssh-key*.1*
%dir %{_sysconfdir}
+%dir %{_libexecdir}
%files clients
%defattr(644,root,root,755)
%doc connect.html
-%attr(0755,root,root) %{_bindir}/connect
-%attr(0755,root,root) %{_bindir}/ssh
-%attr(0755,root,root) %{_bindir}/slogin
-%attr(0755,root,root) %{_bindir}/sftp
-%attr(0755,root,root) %{_bindir}/ssh-agent
-%attr(0755,root,root) %{_bindir}/ssh-add
-%attr(0755,root,root) %{_bindir}/scp
+%attr(755,root,root) %{_bindir}/connect
+%attr(755,root,root) %{_bindir}/ssh
+%attr(755,root,root) %{_bindir}/slogin
+%attr(755,root,root) %{_bindir}/sftp
+%attr(755,root,root) %{_bindir}/ssh-agent
+%attr(755,root,root) %{_bindir}/ssh-add
+%attr(755,root,root) %{_bindir}/scp
%config(noreplace) %verify(not md5 size mtime) %{_sysconfdir}/ssh_config
+%attr(644,root,root) %config(noreplace,missingok) %verify(not md5 size mtime) /etc/env.d/SSH_ASKPASS
+%if %{with sshagentsh}
+%config(noreplace) %verify(not md5 size mtime) %{_sysconfdir}/ssh-agent.conf
+%attr(755,root,root) /etc/profile.d/ssh-agent.sh
+%attr(755,root,root) /etc/X11/xinit/xinitrc.d/ssh-agent.sh
+%endif
%{_mandir}/man1/scp.1*
%{_mandir}/man1/ssh.1*
%{_mandir}/man1/slogin.1*
%{_mandir}/man1/ssh-agent.1*
%{_mandir}/man1/ssh-add.1*
%{_mandir}/man5/ssh_config.5*
+%lang(it) %{_mandir}/it/man1/ssh.1*
+%lang(it) %{_mandir}/it/man5/ssh_config.5*
+%lang(pl) %{_mandir}/pl/man1/scp.1*
+%lang(zh_CN) %{_mandir}/zh_CN/man1/scp.1*
# for host-based auth (suid required for accessing private host key)
#%attr(4755,root,root) %{_libexecdir}/ssh-keysign
%defattr(644,root,root,755)
%attr(755,root,root) %{_sbindir}/sshd
%attr(755,root,root) %{_libexecdir}/sftp-server
-%dir %{_libexecdir}
+%attr(755,root,root) %{_libexecdir}/ssh-keysign
%{_mandir}/man8/sshd.8*
%{_mandir}/man8/sftp-server.8*
+%{_mandir}/man8/ssh-keysign.8*
%{_mandir}/man5/sshd_config.5*
%attr(640,root,root) %config(noreplace) %verify(not md5 size mtime) %{_sysconfdir}/sshd_config
%attr(640,root,root) %config(noreplace) %verify(not md5 size mtime) /etc/pam.d/sshd
%attr(640,root,root) %config(noreplace) %verify(not md5 size mtime) /etc/sysconfig/sshd
%attr(640,root,root) %config(noreplace) %verify(not md5 size mtime) /etc/security/blacklist.sshd
-%if 0%{!?_without_gnome:1}%{!?_without_gtk:1}
+%if %{with gnome} || %{with gtk}
%files gnome-askpass
%defattr(644,root,root,755)
+%attr(644,root,root) %config(noreplace,missingok) %verify(not md5 size mtime) /etc/env.d/GNOME_SSH_ASKPASS*
%dir %{_libexecdir}/ssh
%attr(755,root,root) %{_libexecdir}/ssh/ssh-askpass
-%attr(755,root,root) /etc/profile.d/*
+%attr(755,root,root) %{_libexecdir}/ssh-askpass
%endif
projects / packages / openssh.git / blobdiff