Patch16: libseccomp-sandbox.patch
URL: http://www.openssh.com/portable.html
BuildRequires: %{__perl}
-%{?with_tests:BuildRequires: %{name}-server}
%{?with_audit:BuildRequires: audit-libs-devel}
BuildRequires: autoconf >= 2.50
BuildRequires: automake
# libseccomp based sandbox requires NO_NEW_PRIVS prctl flag
%{?with_tests:BuildRequires: uname(release) >= 3.5}
BuildRequires: zlib-devel >= 1.2.3
+%if %{with tests} && 0%(id -u sshd 2>/dev/null; echo $?)
+BuildRequires: %{name}-server
+%endif
Requires: zlib >= 1.2.3
%if "%{pld_release}" == "ac"
Requires: filesystem >= 2.0-1
--with-pam \
--with-pid-dir=%{_localstatedir}/run \
--with-privsep-path=%{_privsepdir} \
+ --with-privsep-user=sshd \
%if "%{pld_release}" != "ac"
--with-sandbox=libseccomp_filter \
%endif
bzip2 -dc %{SOURCE1} | tar xf - -C $RPM_BUILD_ROOT%{_mandir}
-cp -p %{SOURCE3} sshd.pam
-install -p %{SOURCE2} sshd.init
-
-%if "%{pld_release}" == "ac"
-# not present in ac, no point searching it
-%{__sed} -i -e '/pam_keyinit.so/d' sshd.pam
-# openssl on ac does not have OPENSSL_HAS_ECC
-%{__sed} -i -e '/ecdsa/d' sshd.init
-%endif
-
-%if %{without audit}
-# remove recording user's login uid to the process attribute
-%{__sed} -i -e '/pam_loginuid.so/d' sshd.pam
-%endif
-
-install -p sshd.init $RPM_BUILD_ROOT/etc/rc.d/init.d/sshd
-cp -p sshd.pam $RPM_BUILD_ROOT/etc/pam.d/sshd
+install -p %{SOURCE2} $RPM_BUILD_ROOT/etc/rc.d/init.d/sshd
+cp -p %{SOURCE3} $RPM_BUILD_ROOT/etc/pam.d/sshd
cp -p %{SOURCE4} $RPM_BUILD_ROOT/etc/sysconfig/sshd
cp -p %{SOURCE5} $RPM_BUILD_ROOT/etc/profile.d
ln -sf /etc/profile.d/ssh-agent.sh $RPM_BUILD_ROOT/etc/X11/xinit/xinitrc.d/ssh-agent.sh
install -p %{SOURCE10} $RPM_BUILD_ROOT%{_libexecdir}/sshd-keygen
%{__sed} -e 's|@@LIBEXECDIR@@|%{_libexecdir}|g' \
- $RPM_BUILD_ROOT%{systemdunitdir}/sshd.service
+ $RPM_BUILD_ROOT%{systemdunitdir}/sshd.service \
$RPM_BUILD_ROOT%{_libexecdir}/sshd-keygen
%if %{with gnome}
#SSH_ASKPASS="%{_libexecdir}/ssh-askpass"
EOF
+%if "%{pld_release}" == "ac"
+# not present in ac, no point searching it
+%{__sed} -i -e '/pam_keyinit.so/d' $RPM_BUILD_ROOT/etc/pam.d/sshd
+# openssl on ac does not have OPENSSL_HAS_ECC
+%{__sed} -i -e '/ecdsa/d' $RPM_BUILD_ROOT%{_libexecdir}/sshd-keygen
+%endif
+
+%if %{without audit}
+# remove recording user's login uid to the process attribute
+%{__sed} -i -e '/pam_loginuid.so/d' $RPM_BUILD_ROOT/etc/pam.d/sshd
+%endif
+
%{__rm} $RPM_BUILD_ROOT%{_mandir}/README.openssh-non-english-man-pages
%{?with_ldap:%{__rm} $RPM_BUILD_ROOT%{_sysconfdir}/ldap.conf}