+#
# Conditional build:
%bcond_with gnome # with gnome-askpass (GNOME 1.x) utility
%bcond_without gtk # without GTK+ (2.x)
# gtk2-based gnome-askpass means no gnome1-based
%{?with_gtk:%undefine with_gnome}
-#
+
+%if "%{pld_release}" == "ac"
+%define pam_ver 0.79.0
+%else
+%define pam_ver 0.99.7.1
+%endif
+
Summary: OpenSSH free Secure Shell (SSH) implementation
Summary(de.UTF-8): OpenSSH - freie Implementation der Secure Shell (SSH)
Summary(es.UTF-8): Implementación libre de SSH
Summary(ru.UTF-8): OpenSSH - свободная реализация протокола Secure Shell (SSH)
Summary(uk.UTF-8): OpenSSH - вільна реалізація протоколу Secure Shell (SSH)
Name: openssh
-Version: 5.3p1
-Release: 2
+Version: 5.8p1
+Release: 5
Epoch: 2
License: BSD
Group: Applications/Networking
Source0: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/%{name}-%{version}.tar.gz
-# Source0-md5: 13563dbf61f36ca9a1e4254260131041
+# Source0-md5: 86f5e1c23b4c4845f23b9b7b493fb53d
Source1: http://www.mif.pg.gda.pl/homepages/ankry/man-PLD/%{name}-non-english-man-pages.tar.bz2
# Source1-md5: 66943d481cc422512b537bcc2c7400d1
Source2: %{name}d.init
Source5: ssh-agent.sh
Source6: ssh-agent.conf
Source7: %{name}-lpk.schema
+Source8: %{name}d.upstart
+Patch100: %{name}-heimdal.patch
Patch0: %{name}-no_libnsl.patch
Patch2: %{name}-pam_misc.patch
Patch3: %{name}-sigpipe.patch
# http://code.google.com/p/openssh-lpk/
Patch4: %{name}-lpk.patch
Patch5: %{name}-config.patch
-Patch7: %{name}-selinux.patch
# High Performance SSH/SCP - HPN-SSH - http://www.psc.edu/networking/projects/hpn-ssh/
# http://www.psc.edu/networking/projects/hpn-ssh/openssh-5.2p1-hpn13v6.diff.gz
Patch9: %{name}-5.2p1-hpn13v6.diff
Patch10: %{name}-include.patch
Patch11: %{name}-chroot.patch
-Patch12: http://people.debian.org/~cjwatson/%{name}-blacklist.diff
-URL: http://www.openssh.com/
+# http://people.debian.org/~cjwatson/%{name}-blacklist.diff
+Patch12: %{name}-blacklist.diff
+Patch13: %{name}-kuserok.patch
+URL: http://www.openssh.com/portable.html
BuildRequires: %{__perl}
BuildRequires: autoconf
BuildRequires: automake
BuildRequires: openssl-devel >= 0.9.7d
BuildRequires: pam-devel
%{?with_gtk:BuildRequires: pkgconfig}
+BuildRequires: rpm >= 4.4.9-56
BuildRequires: rpmbuild(macros) >= 1.318
+BuildRequires: sed >= 4.0
BuildRequires: zlib-devel
+%if "%{pld_release}" == "ac"
+Requires: filesystem >= 2.0-1
+Requires: pam >= 0.79.0
+%else
Requires: filesystem >= 3.0-11
-Requires: pam >= 0.99.7.1
+Requires: pam >= %{pam_ver}
Suggests: openssh-blacklist
Suggests: xorg-app-xauth
+%endif
Obsoletes: ssh
BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
%define _privsepdir /usr/share/empty
%define schemadir /usr/share/openldap/schema
+## to be moved to rpm-build-macros
+## TODO: handle RPM_SKIP_AUTO_RESTART
+
+# migrate from init script to upstart job
+%define upstart_post() \
+ if [ -f /var/lock/subsys/"%1" ] ; then \
+ /sbin/service --no-upstart "%1" stop \
+ /sbin/service "%1" start \
+ else \
+ /sbin/service "%1" try-restart \
+ fi
+
+# restart the job after upgrade or migrate to init script on removal
+%define upstart_postun() \
+ if [ -x /sbin/initctl ] && /sbin/initctl status "%1" 2>/dev/null | grep -q 'running' ; then \
+ /sbin/initctl stop "%1" 2>/dev/null \
+ [ -f "/etc/rc.d/init.d/%1" -o -f "/etc/init/%1.conf" ] && /sbin/service "%1" start \
+ fi
+
+
%description
Ssh (Secure Shell) a program for logging into a remote machine and for
executing commands in a remote machine. It is intended to replace
This package includes the core files necessary for both the OpenSSH
client and server. To make this package useful, you should also
install openssh-clients, openssh-server, or both.
+
%if %{with hpn}
This release includes High Performance SSH/SCP patches from
-http://www.psc.edu/networking/projects/hpn-ssh/ which are supposed
-to increase throughput on fast connections with high RTT (20-150 msec).
+http://www.psc.edu/networking/projects/hpn-ssh/ which are supposed to
+increase throughput on fast connections with high RTT (20-150 msec).
See the website for '-w' values for your connection and /proc/sys TCP
values. BTW. in a LAN you have got generally RTT < 1 msec.
%endif
Ten pakiet zawiera podstawowe pliki potrzebne zarówno po stronie
klienta jak i serwera OpenSSH. Aby był użyteczny, trzeba zainstalować
co najmniej jeden z pakietów: openssh-clients lub openssh-server.
+
%if %{with hpn}
Ta wersja zawiera łaty z projektu High Performance SSH/SCP
http://www.psc.edu/networking/projects/hpn-ssh/, które mają na celu
-zwiększenie przepustowości transmisji dla szybkich połączeń
-z dużym RTT (20-150 msec). Na stronie projektu znaleźć można
-odpowednie dla danego połączenia wartości parametru '-w' oraz
-opcje /proc/sys dla TCP. Nawiasem mówiąc w sieciach LAN RTT < 1 msec.
+zwiększenie przepustowości transmisji dla szybkich połączeń z dużym
+RTT (20-150 msec). Na stronie projektu znaleźć można odpowednie dla
+danego połączenia wartości parametru '-w' oraz opcje /proc/sys dla
+TCP. Nawiasem mówiąc w sieciach LAN RTT < 1 msec.
%endif
%description -l pt.UTF-8
Summary(ru.UTF-8): OpenSSH - сервер протокола Secure Shell (sshd)
Summary(uk.UTF-8): OpenSSH - сервер протоколу Secure Shell (sshd)
Group: Networking/Daemons
-Requires(post): chkconfig >= 0.9
+Requires(post): /sbin/chkconfig
Requires(post): grep
Requires(post,preun): /sbin/chkconfig
Requires(postun): /usr/sbin/userdel
Requires(pre): /bin/id
Requires(pre): /usr/sbin/useradd
Requires: %{name} = %{epoch}:%{version}-%{release}
-Requires: pam >= 0.99.7.1
-Requires: rc-scripts >= 0.4.1.23
+Requires: pam >= %{pam_ver}
+Requires: rc-scripts >= 0.4.3.0
Requires: util-linux
Suggests: /bin/login
Provides: ssh-server
частина протоколу Secure Shell, яка дозволяє клієнтам ssh зв'язуватись
з вашим хостом.
+%package server-upstart
+Summary: Upstart job description for OpenSSH server
+Summary(pl.UTF-8): Opis zadania Upstart dla serwera OpenSSH
+Group: Daemons
+Requires: %{name}-server = %{epoch}:%{version}-%{release}
+Requires: upstart >= 0.6
+
+%description server-upstart
+Upstart job description for OpenSSH.
+
+%description server-upstart -l pl.UTF-8
+Opis zadania Upstart dla OpenSSH.
+
%package gnome-askpass
Summary: OpenSSH GNOME passphrase dialog
Summary(de.UTF-8): OpenSSH GNOME Passwort-Dialog
%prep
%setup -q
+%{?with_kerberos5:%patch100 -p1}
%patch0 -p1
%patch2 -p1
%patch3 -p1
%{?with_ldap:%patch4 -p1}
%patch5 -p1
-%patch7 -p1
%{?with_hpn:%patch9 -p1}
%patch10 -p1
%patch11 -p1
%patch12 -p1
+%patch13 -p1
+
+cp -p %{SOURCE3} sshd.pamd
+
+%if "%{pld_release}" == "ac"
+# fix for missing x11.pc
+%{__sed} -i -e '/pkg-config/s/ x11//' contrib/Makefile
+# not present in ac, no point searching it
+%{__sed} -i -e '/pam_keyinit.so/d' sshd.pamd
+%endif
%build
cp /usr/share/automake/config.sub .
CPPFLAGS="-DCHROOT"
%configure \
PERL=%{__perl} \
- --with-dns \
--with-pam \
--with-mantype=man \
--with-md5-passwords \
--with-ipaddr-display \
%{?with_libedit:--with-libedit} \
--with-4in6 \
- --disable-suid-ssh \
--with-tcp-wrappers \
%{?with_ldap:--with-libs="-lldap -llber"} \
%{?with_ldap:--with-cppflags="-DWITH_LDAP_PUBKEY"} \
%{?with_kerberos5:--with-kerberos5=/usr} \
--with-privsep-path=%{_privsepdir} \
--with-pid-dir=%{_localstatedir}/run \
- --with-xauth=/usr/bin/xauth \
+%if "%{pld_release}" == "ac"
+ --with-xauth=/usr/X11R6/bin/xauth \
+%else
+ --with-xauth=%{_bindir}/xauth \
+%endif
--enable-utmpx \
--enable-wtmpx
%install
rm -rf $RPM_BUILD_ROOT
-install -d $RPM_BUILD_ROOT{%{_sysconfdir},/etc/{pam.d,rc.d/init.d,sysconfig,security,env.d}} \
+install -d $RPM_BUILD_ROOT{%{_sysconfdir},/etc/{init,pam.d,rc.d/init.d,sysconfig,security,env.d}} \
$RPM_BUILD_ROOT{%{_libexecdir}/ssh,%{schemadir}}
install -d $RPM_BUILD_ROOT/etc/{profile.d,X11/xinit/xinitrc.d}
bzip2 -dc %{SOURCE1} | tar xf - -C $RPM_BUILD_ROOT%{_mandir}
-install %{SOURCE2} $RPM_BUILD_ROOT/etc/rc.d/init.d/sshd
-install %{SOURCE3} $RPM_BUILD_ROOT/etc/pam.d/sshd
-install %{SOURCE4} $RPM_BUILD_ROOT/etc/sysconfig/sshd
-install %{SOURCE5} $RPM_BUILD_ROOT/etc/profile.d
+install -p %{SOURCE2} $RPM_BUILD_ROOT/etc/rc.d/init.d/sshd
+cp -p sshd.pam $RPM_BUILD_ROOT/etc/pam.d/sshd
+cp -p %{SOURCE4} $RPM_BUILD_ROOT/etc/sysconfig/sshd
+cp -p %{SOURCE5} $RPM_BUILD_ROOT/etc/profile.d
ln -sf /etc/profile.d/ssh-agent.sh $RPM_BUILD_ROOT/etc/X11/xinit/xinitrc.d/ssh-agent.sh
-install %{SOURCE6} $RPM_BUILD_ROOT%{_sysconfdir}
-install %{SOURCE7} $RPM_BUILD_ROOT%{schemadir}
+cp -p %{SOURCE6} $RPM_BUILD_ROOT%{_sysconfdir}
+cp -p %{SOURCE7} $RPM_BUILD_ROOT%{schemadir}
+cp -p %{SOURCE8} $RPM_BUILD_ROOT/etc/init/sshd.conf
%if %{with gnome}
-install contrib/gnome-ssh-askpass1 $RPM_BUILD_ROOT%{_libexecdir}/ssh/ssh-askpass
+install -p contrib/gnome-ssh-askpass1 $RPM_BUILD_ROOT%{_libexecdir}/ssh/ssh-askpass
%endif
%if %{with gtk}
-install contrib/gnome-ssh-askpass2 $RPM_BUILD_ROOT%{_libexecdir}/ssh/ssh-askpass
+install -p contrib/gnome-ssh-askpass2 $RPM_BUILD_ROOT%{_libexecdir}/ssh/ssh-askpass
%endif
%if %{with gnome} || %{with gtk}
cat << 'EOF' >$RPM_BUILD_ROOT/etc/env.d/GNOME_SSH_ASKPASS_GRAB_SERVER
ln -s %{_libexecdir}/ssh/ssh-askpass $RPM_BUILD_ROOT%{_libexecdir}/ssh-askpass
%endif
-install contrib/ssh-copy-id $RPM_BUILD_ROOT%{_bindir}
-install contrib/ssh-copy-id.1 $RPM_BUILD_ROOT%{_mandir}/man1
+install -p contrib/ssh-copy-id $RPM_BUILD_ROOT%{_bindir}
+cp -p contrib/ssh-copy-id.1 $RPM_BUILD_ROOT%{_mandir}/man1
rm -f $RPM_BUILD_ROOT%{_mandir}/man1/slogin.1
echo ".so ssh.1" > $RPM_BUILD_ROOT%{_mandir}/man1/slogin.1
%userremove sshd
fi
+%post server-upstart
+%upstart_post sshd
+
+%postun server-upstart
+%upstart_postun sshd
+
%post -n openldap-schema-openssh-lpk
%openldap_schema_register %{schemadir}/openssh-lpk.schema
%service -q ldap restart
%attr(755,root,root) %{_sbindir}/sshd
%attr(755,root,root) %{_libexecdir}/sftp-server
%attr(755,root,root) %{_libexecdir}/ssh-keysign
+%attr(755,root,root) %{_libexecdir}/ssh-pkcs11-helper
%{_mandir}/man8/sshd.8*
%{_mandir}/man8/sftp-server.8*
%{_mandir}/man8/ssh-keysign.8*
+%{_mandir}/man8/ssh-pkcs11-helper.8*
%{_mandir}/man5/sshd_config.5*
%{_mandir}/man5/moduli.5*
%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/sshd_config
%defattr(644,root,root,755)
%{schemadir}/openssh-lpk.schema
%endif
+
+%if "%{pld_release}" != "ti"
+%files server-upstart
+%defattr(644,root,root,755)
+%config(noreplace) %verify(not md5 mtime size) /etc/init/sshd.conf
+%endif