#
# Conditional build:
-%bcond_without chroot # without chrooted user environment support
%bcond_with gnome # with gnome-askpass (GNOME 1.x) utility
%bcond_without gtk # without GTK+ (2.x)
-%bcond_with ldap # with ldap support
+%bcond_without ldap # with ldap support
%bcond_without libedit # without libedit (editline/history support in sftp client)
%bcond_without kerberos5 # without kerberos5 support
%bcond_without selinux # build without SELinux support
-%bcond_with hpn # with High Performance SSH/SCP - HPN-SSH (see patch comment)
-%bcond_with hpn_none # with hpn (above) and '-z' none cipher option
-#
-%if %{with hpn_none}
-%undefine with_hpn
-%endif
+%bcond_with hpn # High Performance SSH/SCP - HPN-SSH including Cipher NONE (broken too often)
+
# gtk2-based gnome-askpass means no gnome1-based
%{?with_gtk:%undefine with_gnome}
+
+%if "%{pld_release}" == "ac"
+%define pam_ver 0.79.0
+%else
+%define pam_ver 0.99.7.1
+%endif
+
Summary: OpenSSH free Secure Shell (SSH) implementation
Summary(de.UTF-8): OpenSSH - freie Implementation der Secure Shell (SSH)
Summary(es.UTF-8): Implementación libre de SSH
Summary(ru.UTF-8): OpenSSH - свободная реализация протокола Secure Shell (SSH)
Summary(uk.UTF-8): OpenSSH - вільна реалізація протоколу Secure Shell (SSH)
Name: openssh
-Version: 4.6p1
-Release: 5%{?with_hpn:hpn}%{?with_hpn_none:hpn_none}
+Version: 5.8p1
+Release: 4.1
Epoch: 2
License: BSD
Group: Applications/Networking
Source0: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/%{name}-%{version}.tar.gz
-# Source0-md5: 6a7fa99f44d9e1b5b04d15256e1405bb
+# Source0-md5: 86f5e1c23b4c4845f23b9b7b493fb53d
Source1: http://www.mif.pg.gda.pl/homepages/ankry/man-PLD/%{name}-non-english-man-pages.tar.bz2
# Source1-md5: 66943d481cc422512b537bcc2c7400d1
Source2: %{name}d.init
Source4: %{name}.sysconfig
Source5: ssh-agent.sh
Source6: ssh-agent.conf
+Source7: %{name}-lpk.schema
+Source8: %{name}d.upstart
+Patch100: %{name}-heimdal.patch
Patch0: %{name}-no_libnsl.patch
-Patch1: %{name}-sshv1-openssl.patch
-Patch2: %{name}-linux-ipv6.patch
-Patch3: %{name}-pam_misc.patch
-Patch4: %{name}-sigpipe.patch
-# http://www.opendarwin.org/projects/openssh-lpk/
-Patch5: %{name}-lpk-4.3p1-0.3.7.patch
-Patch6: %{name}-config.patch
-Patch7: %{name}-pam-conv.patch
-# http://chrootssh.sourceforge.net/download/osshChroot-3.7.1p2.diff
-Patch8: %{name}-chroot.patch
-Patch9: %{name}-selinux.patch
-# HPN patches rediffed due sigpipe patch.
+Patch2: %{name}-pam_misc.patch
+Patch3: %{name}-sigpipe.patch
+# http://code.google.com/p/openssh-lpk/
+Patch4: %{name}-lpk.patch
+Patch5: %{name}-config.patch
# High Performance SSH/SCP - HPN-SSH - http://www.psc.edu/networking/projects/hpn-ssh/
-# http://www.psc.edu/networking/projects/hpn-ssh/openssh-4.2p1-hpn11.diff
-Patch10: %{name}-4.3p1-hpn11.patch
-# Adds HPN (see p11) and an undocumented -z none cipher flag
-# http://www.psc.edu/networking/projects/hpn-ssh/openssh-4.2p1-hpn11-none.diff
-Patch11: %{name}-4.3p1-hpn11-none.patch
-Patch12: %{name}-include.patch
-URL: http://www.openssh.com/
+# http://www.psc.edu/networking/projects/hpn-ssh/openssh-5.2p1-hpn13v6.diff.gz
+Patch9: %{name}-5.2p1-hpn13v6.diff
+Patch10: %{name}-include.patch
+Patch11: %{name}-chroot.patch
+# http://people.debian.org/~cjwatson/%{name}-blacklist.diff
+Patch12: %{name}-blacklist.diff
+Patch13: %{name}-kuserok.patch
+URL: http://www.openssh.com/portable.html
BuildRequires: %{__perl}
BuildRequires: autoconf
BuildRequires: automake
%{?with_gnome:BuildRequires: gnome-libs-devel}
%{?with_gtk:BuildRequires: gtk+2-devel}
-%{?with_kerberos5:BuildRequires: krb5-devel}
+%{?with_kerberos5:BuildRequires: heimdal-devel >= 0.7}
%{?with_libedit:BuildRequires: libedit-devel}
%{?with_selinux:BuildRequires: libselinux-devel}
BuildRequires: libwrap-devel
BuildRequires: openssl-devel >= 0.9.7d
BuildRequires: pam-devel
%{?with_gtk:BuildRequires: pkgconfig}
+BuildRequires: rpm >= 4.4.9-56
BuildRequires: rpmbuild(macros) >= 1.318
+BuildRequires: sed >= 4.0
BuildRequires: zlib-devel
+%if "%{pld_release}" == "ac"
+Requires: filesystem >= 2.0-1
+Requires: pam >= 0.79.0
+%else
Requires: filesystem >= 3.0-11
-Requires: pam >= 0.99.7.1
+Requires: pam >= %{pam_ver}
+Suggests: openssh-blacklist
+Suggests: xorg-app-xauth
+%endif
Obsoletes: ssh
BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
%define _sysconfdir /etc/ssh
%define _libexecdir %{_libdir}/%{name}
%define _privsepdir /usr/share/empty
+%define schemadir /usr/share/openldap/schema
+
+## to be moved to rpm-build-macros
+## TODO: handle RPM_SKIP_AUTO_RESTART
+
+# migrate from init script to upstart job
+%define upstart_post() \
+ if [ -f /var/lock/subsys/"%1" ] ; then \
+ /sbin/service --no-upstart "%1" stop \
+ /sbin/service "%1" start \
+ else \
+ /sbin/service "%1" try-restart \
+ fi
+
+# restart the job after upgrade or migrate to init script on removal
+%define upstart_postun() \
+ if [ -x /sbin/initctl ] && /sbin/initctl status "%1" 2>/dev/null | grep -q 'running' ; then \
+ /sbin/initctl stop "%1" 2>/dev/null \
+ [ -f "/etc/rc.d/init.d/%1" -o -f "/etc/init/%1.conf" ] && /sbin/service "%1" start \
+ fi
+
%description
Ssh (Secure Shell) a program for logging into a remote machine and for
This package includes the core files necessary for both the OpenSSH
client and server. To make this package useful, you should also
install openssh-clients, openssh-server, or both.
-%if %{with hpn} || %{with hpn_none}
+
+%if %{with hpn}
This release includes High Performance SSH/SCP patches from
-http://www.psc.edu/networking/projects/hpn-ssh/ which are supposed
-to increase throughput on fast connections with high RTT (20-150 msec).
+http://www.psc.edu/networking/projects/hpn-ssh/ which are supposed to
+increase throughput on fast connections with high RTT (20-150 msec).
See the website for '-w' values for your connection and /proc/sys TCP
values. BTW. in a LAN you have got generally RTT < 1 msec.
%endif
-%if %{with hpn_none}
-It also includes an undocumented '-z' option which switches
-the cipher to none after authentication is completed. Data is
-still secured from tampering and corruption in transit through
-the use of the Message Authentication Code (MAC).
-This option will significantly reduce the number of cpu cycles used
-by the SSH/SCP process. This may allow some users to see significant
-improvement in (sniffable) data tranfer rates.
-%endif
%description -l de.UTF-8
OpenSSH (Secure Shell) stellt den Zugang zu anderen Rechnern her. Es
Ten pakiet zawiera podstawowe pliki potrzebne zarówno po stronie
klienta jak i serwera OpenSSH. Aby był użyteczny, trzeba zainstalować
co najmniej jeden z pakietów: openssh-clients lub openssh-server.
-%if %{with hpn} || %{with hpn_none}
+
+%if %{with hpn}
Ta wersja zawiera łaty z projektu High Performance SSH/SCP
http://www.psc.edu/networking/projects/hpn-ssh/, które mają na celu
-zwiększenie przepustowości transmisji dla szybkich połączeń
-z dużym RTT (20-150 msec). Na stronie projektu znaleźć można
-odpowednie dla danego połączenia wartości parametru '-w' oraz
-opcje /proc/sys dla TCP. Nawiasem mówiąc w sieciach LAN RTT < 1 msec.
-%endif
-%if %{with hpn_none}
-Obsługiwana jest również nieudokumentowana opcja '-z' odpowiedzialna
-za wyłączenie szyfrowania danych po zakończeniu procesu uwierzytelniania.
-Dane są zabezpieczone przed modyfikacją lub uszkodzeniem przez
-stosowanie Message Authentication Code (MAC).
-Opcja ta znacznie redukuje liczbę cykli procesora zużywanych przez
-procesy SSH/SCP. W wybranych zastosowaniach może ona wpłynąć
-na wyraźne przyspieszenie (podsłuchiwalnej) transmisji danych.
+zwiększenie przepustowości transmisji dla szybkich połączeń z dużym
+RTT (20-150 msec). Na stronie projektu znaleźć można odpowednie dla
+danego połączenia wartości parametru '-w' oraz opcje /proc/sys dla
+TCP. Nawiasem mówiąc w sieciach LAN RTT < 1 msec.
%endif
%description -l pt.UTF-8
Summary(ru.UTF-8): OpenSSH - клиенты протокола Secure Shell
Summary(uk.UTF-8): OpenSSH - клієнти протоколу Secure Shell
Group: Applications/Networking
-Requires: %{name} = %{epoch}:%{version}-%{release}
+Requires: %{name}
Provides: ssh-clients
Obsoletes: ssh-clients
Summary(ru.UTF-8): OpenSSH - сервер протокола Secure Shell (sshd)
Summary(uk.UTF-8): OpenSSH - сервер протоколу Secure Shell (sshd)
Group: Networking/Daemons
-Requires(post): chkconfig >= 0.9
+Requires(post): /sbin/chkconfig
Requires(post): grep
Requires(post,preun): /sbin/chkconfig
Requires(postun): /usr/sbin/userdel
Requires(pre): /bin/id
Requires(pre): /usr/sbin/useradd
Requires: %{name} = %{epoch}:%{version}-%{release}
-Requires: /bin/login
-Requires: pam >= 0.99.7.1
-Requires: rc-scripts >= 0.4.0.18
+Requires: pam >= %{pam_ver}
+Requires: rc-scripts >= 0.4.3.0
Requires: util-linux
+Suggests: /bin/login
Provides: ssh-server
Provides: user(sshd)
частина протоколу Secure Shell, яка дозволяє клієнтам ssh зв'язуватись
з вашим хостом.
+%package server-upstart
+Summary: Upstart job description for OpenSSH server
+Summary(pl.UTF-8): Opis zadania Upstart dla serwera OpenSSH
+Group: Daemons
+Requires: %{name}-server = %{epoch}:%{version}-%{release}
+Requires: upstart >= 0.6
+
+%description server-upstart
+Upstart job description for OpenSSH.
+
+%description server-upstart -l pl.UTF-8
+Opis zadania Upstart dla OpenSSH.
+
%package gnome-askpass
Summary: OpenSSH GNOME passphrase dialog
Summary(de.UTF-8): OpenSSH GNOME Passwort-Dialog
Цей пакет містить діалог вводу ключової фрази для використання під
GNOME.
+%package -n openldap-schema-openssh-lpk
+Summary: OpenSSH LDAP Public Key schema
+Summary(pl.UTF-8): Schemat klucza publicznego LDAP dla OpenSSH
+Group: Networking/Daemons
+Requires(post,postun): sed >= 4.0
+Requires: openldap-servers
+
+%description -n openldap-schema-openssh-lpk
+This package contains OpenSSH LDAP Public Key schema for openldap.
+
+%description -n openldap-schema-openssh-lpk -l pl.UTF-8
+Ten pakiet zawiera schemat klucza publicznego LDAP dla OpenSSH dla
+openldap-a.
+
%prep
%setup -q
+%{?with_kerberos5:%patch100 -p1}
%patch0 -p1
-%patch1 -p1
%patch2 -p1
%patch3 -p1
-%patch4 -p1
-%{?with_ldap:%patch5 -p1}
-%patch6 -p1
-#%patch7 -p1
-%patch8 -p1
-%patch9 -p1
-%{?with_hpn:%patch10 -p1}
-%{?with_hpn_none:%patch11 -p1}
+%{?with_ldap:%patch4 -p1}
+%patch5 -p1
+%{?with_hpn:%patch9 -p1}
+%patch10 -p1
+%patch11 -p1
%patch12 -p1
+%patch13 -p1
+
+%if "%{pld_release}" == "ac"
+# fix for missing x11.pc
+%{__sed} -i -e '/pkg-config/s/ x11//' contrib/Makefile
+%endif
%build
cp /usr/share/automake/config.sub .
%{__aclocal}
%{__autoconf}
-%{?with_chroot:CPPFLAGS="-DCHROOT"}
+CPPFLAGS="-DCHROOT"
%configure \
PERL=%{__perl} \
- --with-dns \
--with-pam \
--with-mantype=man \
--with-md5-passwords \
--with-ipaddr-display \
%{?with_libedit:--with-libedit} \
--with-4in6 \
- --disable-suid-ssh \
--with-tcp-wrappers \
%{?with_ldap:--with-libs="-lldap -llber"} \
%{?with_ldap:--with-cppflags="-DWITH_LDAP_PUBKEY"} \
%{?with_kerberos5:--with-kerberos5=/usr} \
--with-privsep-path=%{_privsepdir} \
--with-pid-dir=%{_localstatedir}/run \
- --with-xauth=/usr/bin/xauth \
+%if "%{pld_release}" == "ac"
+ --with-xauth=/usr/X11R6/bin/xauth \
+%else
+ --with-xauth=%{_bindir}/xauth \
+%endif
--enable-utmpx \
--enable-wtmpx
%install
rm -rf $RPM_BUILD_ROOT
-install -d $RPM_BUILD_ROOT{%{_sysconfdir},/etc/{pam.d,rc.d/init.d,sysconfig,security,env.d}} \
- $RPM_BUILD_ROOT%{_libexecdir}/ssh
+install -d $RPM_BUILD_ROOT{%{_sysconfdir},/etc/{init,pam.d,rc.d/init.d,sysconfig,security,env.d}} \
+ $RPM_BUILD_ROOT{%{_libexecdir}/ssh,%{schemadir}}
install -d $RPM_BUILD_ROOT/etc/{profile.d,X11/xinit/xinitrc.d}
%{__make} install \
install %{SOURCE5} $RPM_BUILD_ROOT/etc/profile.d
ln -sf /etc/profile.d/ssh-agent.sh $RPM_BUILD_ROOT/etc/X11/xinit/xinitrc.d/ssh-agent.sh
install %{SOURCE6} $RPM_BUILD_ROOT%{_sysconfdir}
+install %{SOURCE7} $RPM_BUILD_ROOT%{schemadir}
+
+install %{SOURCE8} $RPM_BUILD_ROOT/etc/init/sshd.conf
%if %{with gnome}
install contrib/gnome-ssh-askpass1 $RPM_BUILD_ROOT%{_libexecdir}/ssh/ssh-askpass
install contrib/gnome-ssh-askpass2 $RPM_BUILD_ROOT%{_libexecdir}/ssh/ssh-askpass
%endif
%if %{with gnome} || %{with gtk}
-cat << EOF >$RPM_BUILD_ROOT/etc/env.d/GNOME_SSH_ASKPASS_GRAB_SERVER
+cat << 'EOF' >$RPM_BUILD_ROOT/etc/env.d/GNOME_SSH_ASKPASS_GRAB_SERVER
#GNOME_SSH_ASKPASS_GRAB_SERVER="true"
EOF
-cat << EOF >$RPM_BUILD_ROOT/etc/env.d/GNOME_SSH_ASKPASS_GRAB_POINTER
+cat << 'EOF' >$RPM_BUILD_ROOT/etc/env.d/GNOME_SSH_ASKPASS_GRAB_POINTER
#GNOME_SSH_ASKPASS_GRAB_POINTER="true"
EOF
ln -s %{_libexecdir}/ssh/ssh-askpass $RPM_BUILD_ROOT%{_libexecdir}/ssh-askpass
%endif
+install contrib/ssh-copy-id $RPM_BUILD_ROOT%{_bindir}
+install contrib/ssh-copy-id.1 $RPM_BUILD_ROOT%{_mandir}/man1
+
rm -f $RPM_BUILD_ROOT%{_mandir}/man1/slogin.1
echo ".so ssh.1" > $RPM_BUILD_ROOT%{_mandir}/man1/slogin.1
touch $RPM_BUILD_ROOT/etc/security/blacklist.sshd
-%if "%{_lib}" != "lib"
-find $RPM_BUILD_ROOT%{_sysconfdir} -type f -print0 | xargs -0 sed -i -e 's#%{_prefix}/lib#%{_libdir}#'
-%endif
-
cat << 'EOF' > $RPM_BUILD_ROOT/etc/env.d/SSH_ASKPASS
#SSH_ASKPASS="%{_libexecdir}/ssh-askpass"
EOF
+rm -f $RPM_BUILD_ROOT%{_datadir}/Ssh.bin # ???
+rm -f $RPM_BUILD_ROOT%{_mandir}/README.openssh-non-english-man-pages
+
%clean
rm -rf $RPM_BUILD_ROOT
%userremove sshd
fi
+%post server-upstart
+%upstart_post sshd
+
+%postun server-upstart
+%upstart_postun sshd
+
+%post -n openldap-schema-openssh-lpk
+%openldap_schema_register %{schemadir}/openssh-lpk.schema
+%service -q ldap restart
+
+%postun -n openldap-schema-openssh-lpk
+if [ "$1" = "0" ]; then
+ %openldap_schema_unregister %{schemadir}/openssh-lpk.schema
+ %service -q ldap restart
+fi
+
%files
%defattr(644,root,root,755)
%doc *.RNG TODO README OVERVIEW CREDITS Change*
%attr(755,root,root) %{_bindir}/ssh-key*
+%attr(755,root,root) %{_bindir}/ssh-vulnkey*
%{_mandir}/man1/ssh-key*.1*
+%{_mandir}/man1/ssh-vulnkey*.1*
%dir %{_sysconfdir}
%dir %{_libexecdir}
%attr(755,root,root) %{_bindir}/sftp
%attr(755,root,root) %{_bindir}/ssh-agent
%attr(755,root,root) %{_bindir}/ssh-add
+%attr(755,root,root) %{_bindir}/ssh-copy-id
%attr(755,root,root) %{_bindir}/scp
%config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/ssh_config
%config(noreplace,missingok) %verify(not md5 mtime size) /etc/env.d/SSH_ASKPASS
%{_mandir}/man1/sftp.1*
%{_mandir}/man1/ssh-agent.1*
%{_mandir}/man1/ssh-add.1*
+%{_mandir}/man1/ssh-copy-id.1*
%{_mandir}/man5/ssh_config.5*
%lang(it) %{_mandir}/it/man1/ssh.1*
%lang(it) %{_mandir}/it/man5/ssh_config.5*
%attr(755,root,root) %{_sbindir}/sshd
%attr(755,root,root) %{_libexecdir}/sftp-server
%attr(755,root,root) %{_libexecdir}/ssh-keysign
+%attr(755,root,root) %{_libexecdir}/ssh-pkcs11-helper
%{_mandir}/man8/sshd.8*
%{_mandir}/man8/sftp-server.8*
%{_mandir}/man8/ssh-keysign.8*
+%{_mandir}/man8/ssh-pkcs11-helper.8*
%{_mandir}/man5/sshd_config.5*
+%{_mandir}/man5/moduli.5*
%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/sshd_config
%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/pam.d/sshd
%attr(640,root,root) %{_sysconfdir}/moduli
%attr(755,root,root) %{_libexecdir}/ssh/ssh-askpass
%attr(755,root,root) %{_libexecdir}/ssh-askpass
%endif
+
+%if %{with ldap}
+%files -n openldap-schema-openssh-lpk
+%defattr(644,root,root,755)
+%{schemadir}/openssh-lpk.schema
+%endif
+
+%if "%{pld_release}" != "ti"
+%files server-upstart
+%defattr(644,root,root,755)
+%config(noreplace) %verify(not md5 mtime size) /etc/init/sshd.conf
+%endif
projects / packages / openssh.git / blobdiff