2 # - add trigger to enable this:
3 # * sshd(8): This release turns on pre-auth sandboxing sshd by default for
4 # new installs, by setting UsePrivilegeSeparation=sandbox in sshd_config.
7 %bcond_without audit # sshd audit support
8 %bcond_with gnome # gnome-askpass (GNOME 1.x) utility
9 %bcond_without gtk # gnome-askpass (GTK+ 2.x) utility
10 %bcond_without ldap # LDAP support
11 %bcond_with ldns # DNSSEC support via libldns
12 %bcond_without libedit # libedit (editline/history support in sftp client)
13 %bcond_without kerberos5 # Kerberos5 support
14 %bcond_without selinux # SELinux support
15 %bcond_without libseccomp # use libseccomp for seccomp privsep (requires 3.5 kernel)
16 %bcond_with hpn # High Performance SSH/SCP - HPN-SSH including Cipher NONE (broken too often)
17 %bcond_without tests # test suite
18 %bcond_with tests_conch # run conch interoperability tests
20 # gtk2-based gnome-askpass means no gnome1-based
21 %{?with_gtk:%undefine with_gnome}
23 %if "%{pld_release}" == "ac"
24 %define pam_ver 0.79.0
26 %define pam_ver 1:1.1.8-5
28 Summary: OpenSSH free Secure Shell (SSH) implementation
29 Summary(de.UTF-8): OpenSSH - freie Implementation der Secure Shell (SSH)
30 Summary(es.UTF-8): Implementación libre de SSH
31 Summary(fr.UTF-8): Implémentation libre du shell sécurisé OpenSSH (SSH)
32 Summary(it.UTF-8): Implementazione gratuita OpenSSH della Secure Shell
33 Summary(pl.UTF-8): Publicznie dostępna implementacja bezpiecznego shella (SSH)
34 Summary(pt.UTF-8): Implementação livre OpenSSH do protocolo 'Secure Shell' (SSH)
35 Summary(pt_BR.UTF-8): Implementação livre do SSH
36 Summary(ru.UTF-8): OpenSSH - свободная реализация протокола Secure Shell (SSH)
37 Summary(uk.UTF-8): OpenSSH - вільна реалізація протоколу Secure Shell (SSH)
43 Group: Applications/Networking
44 Source0: https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/%{name}-%{version}.tar.gz
45 # Source0-md5: 1100f170ca1bc669038ca3743e074094
46 Source1: http://www.mif.pg.gda.pl/homepages/ankry/man-PLD/%{name}-non-english-man-pages.tar.bz2
47 # Source1-md5: 66943d481cc422512b537bcc2c7400d1
48 Source2: %{name}d.init
49 Source3: %{name}d.pamd
50 Source4: %{name}.sysconfig
52 Source6: ssh-agent.conf
53 Source7: %{name}-lpk.schema
57 Source12: sshd@.service
58 Source13: pld-ssh_config
59 Source14: pld-sshd_config
60 Patch100: %{name}-git.patch
61 # Patch100-md5: eb723cc4f21efc32752161d539c9c5e9
62 Patch0: %{name}-no-pty-tests.patch
63 Patch1: %{name}-tests-reuseport.patch
64 Patch2: %{name}-pam_misc.patch
65 Patch3: %{name}-sigpipe.patch
66 # http://pkgs.fedoraproject.org/gitweb/?p=openssh.git;a=tree
67 Patch4: %{name}-ldap.patch
68 Patch5: %{name}-ldap-fixes.patch
69 Patch6: ldap.conf.patch
70 Patch7: %{name}-config.patch
71 Patch8: ldap-helper-sigpipe.patch
72 # High Performance SSH/SCP - HPN-SSH - http://www.psc.edu/networking/projects/hpn-ssh/
73 # http://www.psc.edu/networking/projects/hpn-ssh/openssh-5.2p1-hpn13v6.diff.gz
74 Patch9: %{name}-5.2p1-hpn13v6.diff
76 Patch11: %{name}-chroot.patch
78 Patch13: %{name}-skip-interop-tests.patch
79 Patch14: %{name}-bind.patch
80 Patch15: %{name}-disable_ldap.patch
81 URL: http://www.openssh.com/portable.html
82 BuildRequires: %{__perl}
83 %{?with_audit:BuildRequires: audit-libs-devel}
84 BuildRequires: autoconf >= 2.50
85 BuildRequires: automake
86 %{?with_gnome:BuildRequires: gnome-libs-devel}
87 %{?with_gtk:BuildRequires: gtk+2-devel}
88 %{?with_kerberos5:BuildRequires: heimdal-devel >= 0.7}
89 %{?with_ldns:BuildRequires: ldns-devel}
90 %{?with_libedit:BuildRequires: libedit-devel}
91 BuildRequires: libfido2-devel >= 1.5.0
92 %{?with_libseccomp:BuildRequires: libseccomp-devel}
93 %{?with_selinux:BuildRequires: libselinux-devel}
94 %{?with_ldap:BuildRequires: openldap-devel}
95 BuildRequires: openssl-devel >= 1.1.1
96 BuildRequires: pam-devel
97 %{?with_gtk:BuildRequires: pkgconfig}
98 %if %{with tests} && %{with tests_conch}
99 BuildRequires: python-TwistedConch
101 BuildRequires: rpm >= 4.4.9-56
102 BuildRequires: rpm-build >= 4.6
103 BuildRequires: rpmbuild(macros) >= 1.752
104 BuildRequires: sed >= 4.0
105 BuildRequires: zlib-devel >= 1.2.3
106 %if %{with tests} && 0%(id -u sshd >/dev/null 2>&1; echo $?)
107 BuildRequires: %{name}-server
109 %if %{with tests} && %{with libseccomp}
110 # libseccomp based sandbox requires NO_NEW_PRIVS prctl flag
111 BuildRequires: uname(release) >= 3.5
113 Requires: zlib >= 1.2.3
115 BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
117 %define _sysconfdir /etc/ssh
118 %define _libexecdir %{_libdir}/%{name}
119 %define _privsepdir /usr/share/empty
120 %define schemadir /usr/share/openldap/schema
123 Ssh (Secure Shell) a program for logging into a remote machine and for
124 executing commands in a remote machine. It is intended to replace
125 rlogin and rsh, and provide secure encrypted communications between
126 two untrusted hosts over an insecure network. X11 connections and
127 arbitrary TCP/IP ports can also be forwarded over the secure channel.
129 OpenSSH is OpenBSD's rework of the last free version of SSH, bringing
130 it up to date in terms of security and features, as well as removing
131 all patented algorithms to seperate libraries (OpenSSL).
133 This package includes the core files necessary for both the OpenSSH
134 client and server. To make this package useful, you should also
135 install openssh-clients, openssh-server, or both.
138 This release includes High Performance SSH/SCP patches from
139 http://www.psc.edu/networking/projects/hpn-ssh/ which are supposed to
140 increase throughput on fast connections with high RTT (20-150 msec).
141 See the website for '-w' values for your connection and /proc/sys TCP
142 values. BTW. in a LAN you have got generally RTT < 1 msec.
145 %description -l de.UTF-8
146 OpenSSH (Secure Shell) stellt den Zugang zu anderen Rechnern her. Es
147 ersetzt telnet, rlogin, rexec und rsh und stellt eine sichere,
148 verschlüsselte Verbindung zwischen zwei nicht vertrauenswürdigen Hosts
149 über eine unsicheres Netzwerk her. X11 Verbindungen und beliebige
150 andere TCP/IP Ports können ebenso über den sicheren Channel
151 weitergeleitet werden.
153 %description -l es.UTF-8
154 SSH es un programa para accesar y ejecutar órdenes en computadores
155 remotos. Sustituye rlogin y rsh, y suministra un canal de comunicación
156 seguro entre dos servidores en una red insegura. Conexiones X11 y
157 puertas TCP/IP arbitrárias también pueden ser usadas por el canal
160 OpenSSH es el resultado del trabajo del equipo de OpenBSD para
161 continuar la última versión gratuita de SSH, actualizándolo en
162 términos de seguridad y recursos,así también eliminando todos los
163 algoritmos patentados y colocándolos en bibliotecas separadas
166 Este paquete contiene "port" para Linux de OpenSSH. Se debe instalar
167 también el paquete openssh-clients u openssh-server o ambos.
169 %description -l fr.UTF-8
170 OpenSSH (Secure Shell) fournit un accès à un système distant. Il
171 remplace telnet, rlogin, rexec et rsh, tout en assurant des
172 communications cryptées securisées entre deux hôtes non fiabilisés sur
173 un réseau non sécurisé. Des connexions X11 et des ports TCP/IP
174 arbitraires peuvent également être transmis sur le canal sécurisé.
176 %description -l it.UTF-8
177 OpenSSH (Secure Shell) fornisce l'accesso ad un sistema remoto.
178 Sostituisce telnet, rlogin, rexec, e rsh, e fornisce comunicazioni
179 sicure e crittate tra due host non fidati su una rete non sicura. Le
180 connessioni X11 ad una porta TCP/IP arbitraria possono essere
181 inoltrate attraverso un canale sicuro.
183 %description -l pl.UTF-8
184 Ssh (Secure Shell) to program służący do logowania się na zdalną
185 maszynę i uruchamiania na niej aplikacji. W zamierzeniu openssh ma
186 zastąpić rlogin, rsh i dostarczyć bezpieczne, szyfrowane połączenie
187 pomiędzy dwoma hostami.
189 Ten pakiet zawiera podstawowe pliki potrzebne zarówno po stronie
190 klienta jak i serwera OpenSSH. Aby był użyteczny, trzeba zainstalować
191 co najmniej jeden z pakietów: openssh-clients lub openssh-server.
194 Ta wersja zawiera łaty z projektu High Performance SSH/SCP
195 http://www.psc.edu/networking/projects/hpn-ssh/, które mają na celu
196 zwiększenie przepustowości transmisji dla szybkich połączeń z dużym
197 RTT (20-150 msec). Na stronie projektu znaleźć można odpowednie dla
198 danego połączenia wartości parametru '-w' oraz opcje /proc/sys dla
199 TCP. Nawiasem mówiąc w sieciach LAN RTT < 1 msec.
202 %description -l pt.UTF-8
203 OpenSSH (Secure Shell) fornece acesso a um sistema remoto. Substitui o
204 telnet, rlogin, rexec, e o rsh e fornece comunicações seguras e
205 cifradas entre duas máquinas sem confiança mútua sobre uma rede
206 insegura. Ligações X11 e portos TCP/IP arbitrários também poder ser
207 reenviados pelo canal seguro.
209 %description -l pt_BR.UTF-8
210 SSH é um programa para acessar e executar comandos em máquinas
211 remotas. Ele substitui rlogin e rsh, e provem um canal de comunicação
212 seguro entre dois hosts em uma rede insegura. Conexões X11 e portas
213 TCP/IP arbitrárias também podem ser usadas pelo canal seguro.
215 OpenSSH é o resultado do trabalho da equipe do OpenBSD em continuar a
216 última versão gratuita do SSH, atualizando-o em termos de segurança e
217 recursos, assim como removendo todos os algoritmos patenteados e
218 colocando-os em bibliotecas separadas (OpenSSL).
220 Esse pacote contém o "port" pra Linux do OpenSSH. Você deve instalar
221 também ou o pacote openssh-clients, ou o openssh-server, ou ambos.
223 %description -l ru.UTF-8
224 Ssh (Secure Shell) - это программа для "захода" (login) на удаленную
225 машину и для выполнения команд на удаленной машине. Она предназначена
226 для замены rlogin и rsh и обеспечивает безопасную шифрованную
227 коммуникацию между двумя хостами в сети, являющейся небезопасной.
228 Соединения X11 и любые порты TCP/IP могут также быть проведены через
231 OpenSSH - это переделка командой разработчиков OpenBSD последней
232 свободной версии SSH, доведенная до современного состояния в терминах
233 уровня безопасности и поддерживаемых возможностей. Все патентованные
234 алгоритмы вынесены в отдельные библиотеки (OpenSSL).
236 Этот пакет содержит файлы, необходимые как для клиента, так и для
237 сервера OpenSSH. Вам нужно будет установить еще openssh-clients,
238 openssh-server, или оба пакета.
240 %description -l uk.UTF-8
241 Ssh (Secure Shell) - це програма для "заходу" (login) до віддаленої
242 машини та для виконання команд на віддаленій машині. Вона призначена
243 для заміни rlogin та rsh і забезпечує безпечну шифровану комунікацію
244 між двома хостами в мережі, яка не є безпечною. З'єднання X11 та
245 довільні порти TCP/IP можуть також бути проведені через безпечний
248 OpenSSH - це переробка командою розробників OpenBSD останньої вільної
249 версії SSH, доведена до сучасного стану в термінах рівня безпеки та
250 підтримуваних можливостей. Всі патентовані алгоритми винесені до
251 окремих бібліотек (OpenSSL).
253 Цей пакет містить файли, необхідні як для клієнта, так і для сервера
254 OpenSSH. Вам потрібно буде ще встановити openssh-clients,
255 openssh-server, чи обидва пакети.
258 Summary: OpenSSH Secure Shell protocol clients
259 Summary(es.UTF-8): Clientes de OpenSSH
260 Summary(pl.UTF-8): Klienci protokołu Secure Shell
261 Summary(pt_BR.UTF-8): Clientes do OpenSSH
262 Summary(ru.UTF-8): OpenSSH - клиенты протокола Secure Shell
263 Summary(uk.UTF-8): OpenSSH - клієнти протоколу Secure Shell
264 Group: Applications/Networking
265 Requires: %{name} = %{epoch}:%{version}-%{release}
266 Suggests: %{name}-clients-helper-fido = %{epoch}:%{version}-%{release}
267 Provides: ssh-clients
268 Obsoletes: ssh-clients
269 %requires_eq_to openssl%{?_isa} openssl-devel
272 Ssh (Secure Shell) a program for logging into a remote machine and for
273 executing commands in a remote machine. It is intended to replace
274 rlogin and rsh, and provide secure encrypted communications between
275 two untrusted hosts over an insecure network. X11 connections and
276 arbitrary TCP/IP ports can also be forwarded over the secure channel.
278 OpenSSH is OpenBSD's rework of the last free version of SSH, bringing
279 it up to date in terms of security and features, as well as removing
280 all patented algorithms to seperate libraries (OpenSSL).
282 This package includes the clients necessary to make encrypted
283 connections to SSH servers.
285 %description clients -l es.UTF-8
286 Este paquete incluye los clientes que se necesitan para hacer
287 conexiones codificadas con servidores SSH.
289 %description clients -l pl.UTF-8
290 Ssh (Secure Shell) to program służący do logowania się na zdalną
291 maszynę i uruchamiania na niej aplikacji. W zamierzeniu openssh ma
292 zastąpić rlogin, rsh i dostarczyć bezpieczne, szyfrowane połączenie
293 pomiędzy dwoma hostami.
295 Ten pakiet zawiera klientów służących do łączenia się z serwerami SSH.
297 %description clients -l pt_BR.UTF-8
298 Esse pacote inclui os clientes necessários para fazer conexões
299 encriptadas com servidores SSH.
301 %description clients -l ru.UTF-8
302 Ssh (Secure Shell) - это программа для "захода" (login) на удаленную
303 машину и для выполнения команд на удаленной машине.
305 Этот пакет содержит программы-клиенты, необходимые для установления
306 зашифрованных соединений с серверами SSH.
308 %description clients -l uk.UTF-8
309 Ssh (Secure Shell) - це програма для "заходу" (login) до віддаленої
310 машини та для виконання команд на віддаленій машині.
312 Цей пакет містить програми-клієнти, необхідні для встановлення
313 зашифрованих з'єднань з серверами SSH.
315 %package clients-agent-profile_d
316 Summary: OpenSSH Secure Shell agent init script
317 Summary(pl.UTF-8): Skrypt startowy agenta OpenSSH
318 Group: Applications/Networking
319 Requires: %{name}-clients = %{epoch}:%{version}-%{release}
321 %description clients-agent-profile_d
322 profile.d scripts for starting SSH agent.
324 %description clients-agent-profile_d -l pl.UTF-8
325 Skrypty profile.d do uruchamiania agenta SSH.
327 %package clients-agent-xinitrc
328 Summary: OpenSSH Secure Shell agent init script
329 Summary(pl.UTF-8): Skrypt inicjujący agenta ssh przez xinitrc
330 Group: Applications/Networking
331 Requires: %{name}-clients-agent-profile_d = %{epoch}:%{version}-%{release}
334 %description clients-agent-xinitrc
335 xinitrc scripts for starting SSH agent.
337 %description clients-agent-xinitrc -l pl.UTF-8
338 Skrypty xinitrc do uruchamiania agenta SSH.
340 %package clients-helper-fido
341 Summary: OpenSSH helper for FIDO authenticator
342 Summary(pl.UTF-8): OpenSSH helper obsługujący klucz autoryzujący FIDO
343 Group: Applications/Networking
344 Requires: %{name}-clients = %{epoch}:%{version}-%{release}
345 Requires: libfido2 >= 1.5.0
347 %description clients-helper-fido
348 OpenSSH helper for FIDO authenticator.
350 %description clients-helper-fido -l pl.UTF-8
351 OpenSSH helper obsługujący klucz autoryzujący FIDO.
354 Summary: OpenSSH Secure Shell protocol server (sshd)
355 Summary(de.UTF-8): OpenSSH Secure Shell Protocol-Server (sshd)
356 Summary(es.UTF-8): Servidor OpenSSH para comunicaciones codificadas
357 Summary(fr.UTF-8): Serveur de protocole du shell sécurisé OpenSSH (sshd)
358 Summary(it.UTF-8): Server OpenSSH per il protocollo Secure Shell (sshd)
359 Summary(pl.UTF-8): Serwer protokołu Secure Shell (sshd)
360 Summary(pt.UTF-8): Servidor do protocolo 'Secure Shell' OpenSSH (sshd)
361 Summary(pt_BR.UTF-8): Servidor OpenSSH para comunicações encriptadas
362 Summary(ru.UTF-8): OpenSSH - сервер протокола Secure Shell (sshd)
363 Summary(uk.UTF-8): OpenSSH - сервер протоколу Secure Shell (sshd)
364 Group: Networking/Daemons
365 Requires(post): /sbin/chkconfig
367 Requires(post,preun): /sbin/chkconfig
368 Requires(postun): /usr/sbin/userdel
369 Requires(pre): /bin/id
370 Requires(pre): /usr/sbin/useradd
371 Requires(post,preun,postun): systemd-units >= 38
372 Requires: %{name} = %{epoch}:%{version}-%{release}
373 %if "%{pld_release}" == "ac"
374 Requires: filesystem >= 2.0-1
375 Requires: pam >= 0.79.0
377 Requires: filesystem >= 3.0-11
378 Requires: pam >= %{pam_ver}
379 Suggests: xorg-app-xauth
381 Requires: rc-scripts >= 0.4.3.0
382 Requires: systemd-units >= 38
383 %{?with_libseccomp:Requires: uname(release) >= 3.5}
385 %{?with_ldap:Suggests: %{name}-server-ldap}
387 Suggests: xorg-app-xauth
390 %requires_eq_to openssl%{?_isa} openssl-devel
393 Ssh (Secure Shell) a program for logging into a remote machine and for
394 executing commands in a remote machine. It is intended to replace
395 rlogin and rsh, and provide secure encrypted communications between
396 two untrusted hosts over an insecure network. X11 connections and
397 arbitrary TCP/IP ports can also be forwarded over the secure channel.
399 OpenSSH is OpenBSD's rework of the last free version of SSH, bringing
400 it up to date in terms of security and features, as well as removing
401 all patented algorithms to seperate libraries (OpenSSL).
403 This package contains the secure shell daemon. The sshd is the server
404 part of the secure shell protocol and allows ssh clients to connect to
407 %description server -l de.UTF-8
408 Dieses Paket installiert den sshd, den Server-Teil der OpenSSH.
410 %description server -l es.UTF-8
411 Este paquete contiene el servidor SSH. sshd es la parte servidor del
412 protocolo secure shell y permite que clientes ssh se conecten a su
415 %description server -l fr.UTF-8
416 Ce paquetage installe le 'sshd', partie serveur de OpenSSH.
418 %description server -l it.UTF-8
419 Questo pacchetto installa sshd, il server di OpenSSH.
421 %description server -l pl.UTF-8
422 Ssh (Secure Shell) to program służący do logowania się na zdalną
423 maszynę i uruchamiania na niej aplikacji. W zamierzeniu openssh ma
424 zastąpić rlogin, rsh i dostarczyć bezpieczne, szyfrowane połączenie
425 pomiędzy dwoma hostami.
427 Ten pakiet zawiera serwer sshd (do którego mogą łączyć się klienci
430 %description server -l pt.UTF-8
431 Este pacote intala o sshd, o servidor do OpenSSH.
433 %description server -l pt_BR.UTF-8
434 Esse pacote contém o servidor SSH. O sshd é a parte servidor do
435 protocolo secure shell e permite que clientes ssh se conectem ao seu
438 %description server -l ru.UTF-8
439 Ssh (Secure Shell) - это программа для "захода" (login) на удаленную
440 машину и для выполнения команд на удаленной машине.
442 Этот пакет содержит sshd - "демон" Secure Shell. sshd - это серверная
443 часть протокола Secure Shell, позволяющая клиентам ssh соединяться с
446 %description server -l uk.UTF-8
447 Ssh (Secure Shell) - це програма для "заходу" (login) до віддаленої
448 машини та для виконання команд на віддаленій машині.
450 Цей пакет містить sshd - "демон" Secure Shell. sshd - це серверна
451 частина протоколу Secure Shell, яка дозволяє клієнтам ssh зв'язуватись
455 Summary: A LDAP support for open source SSH server daemon
456 Summary(pl.UTF-8): Wsparcie LDAP dla serwera OpenSSH
458 Requires: %{name} = %{epoch}:%{version}-%{release}
459 Requires: openldap-nss-config
461 %description server-ldap
462 OpenSSH LDAP backend is a way how to distribute the authorized tokens
463 among the servers in the network.
465 %description server-ldap -l pl.UTF-8
466 Backend LDAP dla OpenSSH to metoda rozprowadzania autoryzowanych
467 tokenów między serwerami w sieci.
469 %package gnome-askpass
470 Summary: OpenSSH GNOME passphrase dialog
471 Summary(de.UTF-8): OpenSSH GNOME Passwort-Dialog
472 Summary(es.UTF-8): Diálogo para introducción de passphrase para GNOME
473 Summary(fr.UTF-8): Dialogue pass-phrase GNOME d'OpenSSH
474 Summary(it.UTF-8): Finestra di dialogo GNOME per la frase segreta di OpenSSH
475 Summary(pl.UTF-8): Odpytywacz hasła OpenSSH dla GNOME
476 Summary(pt.UTF-8): Diálogo de pedido de senha para GNOME do OpenSSH
477 Summary(pt_BR.UTF-8): Diálogo para entrada de passphrase para GNOME
478 Summary(ru.UTF-8): OpenSSH - диалог ввода ключевой фразы (passphrase) для GNOME
479 Summary(uk.UTF-8): OpenSSH - діалог вводу ключової фрази (passphrase) для GNOME
480 Group: Applications/Networking
481 Requires: %{name} = %{epoch}:%{version}-%{release}
482 Obsoletes: openssh-askpass
483 Obsoletes: ssh-askpass
484 Obsoletes: ssh-extras
486 %description gnome-askpass
487 Ssh (Secure Shell) a program for logging into a remote machine and for
488 executing commands in a remote machine. It is intended to replace
489 rlogin and rsh, and provide secure encrypted communications between
490 two untrusted hosts over an insecure network. X11 connections and
491 arbitrary TCP/IP ports can also be forwarded over the secure channel.
493 OpenSSH is OpenBSD's rework of the last free version of SSH, bringing
494 it up to date in terms of security and features, as well as removing
495 all patented algorithms to seperate libraries (OpenSSL).
497 This package contains the GNOME passphrase dialog.
499 %description gnome-askpass -l es.UTF-8
500 Este paquete contiene un programa que abre una caja de diálogo para
501 entrada de passphrase en GNOME.
503 %description gnome-askpass -l pl.UTF-8
504 Ssh (Secure Shell) to program służący do logowania się na zdalną
505 maszynę i uruchamiania na niej aplikacji. W zamierzeniu openssh ma
506 zastąpić rlogin, rsh i dostarczyć bezpieczne, szyfrowane połączenie
507 pomiędzy dwoma hostami.
509 Ten pakiet zawiera ,,odpytywacz hasła'' dla GNOME.
511 %description gnome-askpass -l pt_BR.UTF-8
512 Esse pacote contém um programa que abre uma caixa de diálogo para
513 entrada de passphrase no GNOME.
515 %description gnome-askpass -l ru.UTF-8
516 Ssh (Secure Shell) - это программа для "захода" (login) на удаленную
517 машину и для выполнения команд на удаленной машине.
519 Этот пакет содержит диалог ввода ключевой фразы для использования под
522 %description gnome-askpass -l uk.UTF-8
523 Ssh (Secure Shell) - це програма для "заходу" (login) до віддаленої
524 машини та для виконання команд на віддаленій машині.
526 Цей пакет містить діалог вводу ключової фрази для використання під
529 %package -n openldap-schema-openssh-lpk
530 Summary: OpenSSH LDAP Public Key schema
531 Summary(pl.UTF-8): Schemat klucza publicznego LDAP dla OpenSSH
532 Group: Networking/Daemons
533 Requires(post,postun): sed >= 4.0
534 Requires: openldap-servers
537 %description -n openldap-schema-openssh-lpk
538 This package contains OpenSSH LDAP Public Key schema for openldap.
540 %description -n openldap-schema-openssh-lpk -l pl.UTF-8
541 Ten pakiet zawiera schemat klucza publicznego LDAP dla OpenSSH dla
558 %{?with_hpn:%patch9 -p1}
565 %{!?with_ldap:%patch15 -p1}
567 %if "%{pld_release}" == "ac"
568 # fix for missing x11.pc
569 %{__sed} -i -e 's/\(`$(PKG_CONFIG) --libs gtk+-2.0\) x11`/\1` -lX11/' contrib/Makefile
572 # hack since arc4random from openbsd-compat needs symbols from libssh and vice versa
573 sed -i -e 's#-lssh -lopenbsd-compat#-lssh -lopenbsd-compat -lssh -lopenbsd-compat#g' Makefile*
575 grep -rl /usr/libexec/openssh/ssh-ldap-helper . | xargs \
576 %{__sed} -i -e 's,/usr/libexec/openssh/ssh-ldap-helper,%{_libexecdir}/ssh-ldap-helper,'
578 # prevent being ovewritten by aclocal calls
579 %{__mv} aclocal.m4 acinclude.m4
585 CPPFLAGS="%{rpmcppflags} -DCHROOT -std=gnu99"
592 %{?with_audit:--with-audit=linux} \
593 --with-ipaddr-display \
594 %{?with_kerberos5:--with-kerberos5=/usr} \
595 --with-ldap%{!?with_ldap:=no} \
596 %{?with_ldns:--with-ldns} \
597 %{?with_libedit:--with-libedit} \
599 --with-md5-passwords \
601 --with-pid-dir=%{_localstatedir}/run \
602 --with-privsep-path=%{_privsepdir} \
603 --with-privsep-user=sshd \
604 --with-security-key-builtin \
605 %{?with_selinux:--with-selinux} \
606 %if "%{pld_release}" == "ac"
607 --with-xauth=/usr/X11R6/bin/xauth
609 %if %{with libseccomp}
610 --with-sandbox=seccomp_filter \
612 --with-sandbox=rlimit \
614 --with-xauth=%{_bindir}/xauth
617 echo '#define LOGIN_PROGRAM "/bin/login"' >>config.h
622 %{__make} -j1 tests \
623 TEST_SSH_PORT=$((4242 + ${RANDOM:-$$} % 1000)) \
624 TEST_SSH_TRACE="yes" \
625 %if %{without tests_conch}
626 SKIP_LTESTS="conch-ciphers"
632 %{__make} gnome-ssh-askpass1 \
633 CC="%{__cc} %{rpmldflags} %{rpmcflags}"
636 %{__make} gnome-ssh-askpass2 \
637 CC="%{__cc} %{rpmldflags} %{rpmcflags}"
641 rm -rf $RPM_BUILD_ROOT
642 install -d $RPM_BUILD_ROOT{%{_sysconfdir},/etc/{pam.d,rc.d/init.d,sysconfig,security,env.d}} \
643 $RPM_BUILD_ROOT{%{_libexecdir}/ssh,%{schemadir},%{systemdunitdir}}
644 install -d $RPM_BUILD_ROOT%{_sysconfdir}/ssh{,d}_config.d
645 install -d $RPM_BUILD_ROOT/etc/{profile.d,X11/xinit/xinitrc.d}
648 DESTDIR=$RPM_BUILD_ROOT
650 bzip2 -dc %{SOURCE1} | tar xf - -C $RPM_BUILD_ROOT%{_mandir}
652 install -p %{SOURCE2} $RPM_BUILD_ROOT/etc/rc.d/init.d/sshd
653 cp -p %{SOURCE3} $RPM_BUILD_ROOT/etc/pam.d/sshd
654 cp -p %{SOURCE4} $RPM_BUILD_ROOT/etc/sysconfig/sshd
655 cp -p %{SOURCE5} $RPM_BUILD_ROOT/etc/profile.d
656 ln -sf /etc/profile.d/ssh-agent.sh $RPM_BUILD_ROOT/etc/X11/xinit/xinitrc.d/ssh-agent.sh
657 cp -p %{SOURCE6} $RPM_BUILD_ROOT%{_sysconfdir}
658 cp -p %{SOURCE13} $RPM_BUILD_ROOT%{_sysconfdir}/ssh_config.d/50-pld.conf
659 cp -p %{SOURCE14} $RPM_BUILD_ROOT%{_sysconfdir}/sshd_config.d/50-pld.conf
660 cp -p %{SOURCE7} $RPM_BUILD_ROOT%{schemadir}
662 cp -p %{SOURCE9} %{SOURCE11} %{SOURCE12} $RPM_BUILD_ROOT%{systemdunitdir}
663 install -p %{SOURCE10} $RPM_BUILD_ROOT%{_libexecdir}/sshd-keygen
665 %{__sed} -i -e 's|@@LIBEXECDIR@@|%{_libexecdir}|g' \
666 $RPM_BUILD_ROOT/etc/rc.d/init.d/sshd \
667 $RPM_BUILD_ROOT%{systemdunitdir}/sshd.service \
668 $RPM_BUILD_ROOT%{systemdunitdir}/sshd@.service \
669 $RPM_BUILD_ROOT%{_libexecdir}/sshd-keygen
672 install -p contrib/gnome-ssh-askpass1 $RPM_BUILD_ROOT%{_libexecdir}/ssh/ssh-askpass
675 install -p contrib/gnome-ssh-askpass2 $RPM_BUILD_ROOT%{_libexecdir}/ssh/ssh-askpass
677 %if %{with gnome} || %{with gtk}
678 cat << 'EOF' >$RPM_BUILD_ROOT/etc/env.d/GNOME_SSH_ASKPASS_GRAB_SERVER
679 #GNOME_SSH_ASKPASS_GRAB_SERVER="true"
681 cat << 'EOF' >$RPM_BUILD_ROOT/etc/env.d/GNOME_SSH_ASKPASS_GRAB_POINTER
682 #GNOME_SSH_ASKPASS_GRAB_POINTER="true"
684 ln -s %{_libexecdir}/ssh/ssh-askpass $RPM_BUILD_ROOT%{_libexecdir}/ssh-askpass
687 install -p contrib/ssh-copy-id $RPM_BUILD_ROOT%{_bindir}
688 cp -p contrib/ssh-copy-id.1 $RPM_BUILD_ROOT%{_mandir}/man1
690 touch $RPM_BUILD_ROOT/etc/security/blacklist.sshd
692 cat << 'EOF' > $RPM_BUILD_ROOT/etc/env.d/SSH_ASKPASS
693 #SSH_ASKPASS="%{_libexecdir}/ssh-askpass"
696 %if "%{pld_release}" == "ac"
697 # not present in ac, no point searching it
698 %{__sed} -i -e '/pam_keyinit.so/d' $RPM_BUILD_ROOT/etc/pam.d/sshd
699 # openssl on ac does not have OPENSSL_HAS_ECC
700 %{__sed} -i -e '/ecdsa/d' $RPM_BUILD_ROOT%{_libexecdir}/sshd-keygen
704 # remove recording user's login uid to the process attribute
705 %{__sed} -i -e '/pam_loginuid.so/d' $RPM_BUILD_ROOT/etc/pam.d/sshd
708 %{__rm} $RPM_BUILD_ROOT%{_mandir}/README.openssh-non-english-man-pages
709 %{?with_ldap:%{__rm} $RPM_BUILD_ROOT%{_sysconfdir}/ldap.conf}
712 rm -rf $RPM_BUILD_ROOT
723 %postun gnome-askpass
727 %useradd -P %{name}-server -u 40 -d %{_privsepdir} -s /bin/false -c "OpenSSH PrivSep User" -g nobody sshd
730 /sbin/chkconfig --add sshd
731 %service sshd reload "OpenSSH Daemon"
733 %systemd_post sshd.service
736 if [ "$1" = "0" ]; then
738 /sbin/chkconfig --del sshd
740 %systemd_preun sshd.service
743 if [ "$1" = "0" ]; then
748 %triggerpostun server -- %{name}-server < 2:7.0p1-2
749 %banner %{name}-server -e << EOF
750 !!!!!!!!!!!!!!!!!!!!!!! WARNING !!!!!!!!!!!!!!!!!!!
751 ! Starting from openssh 7.0 DSA keys are disabled !
752 ! on server and client side. You will NOT be able !
753 ! to use DSA keys for authentication. Please read !
754 ! about PubkeyAcceptedKeyTypes in man ssh_config. !
755 !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
758 %triggerpostun server -- %{name}-server < 6.2p1-1
759 cp -f %{_sysconfdir}/sshd_config{,.rpmorig}
760 sed -i -e 's#AuthorizedKeysCommandRunAs#AuthorizedKeysCommandUser##g' %{_sysconfdir}/sshd_config
762 %triggerpostun server -- %{name}-server < 2:5.9p1-8
763 # lpk.patch to ldap.patch
764 if grep -qE '^(UseLPK|Lpk)' %{_sysconfdir}/sshd_config; then
765 echo >&2 "Migrating LPK patch to LDAP patch"
766 cp -f %{_sysconfdir}/sshd_config{,.rpmorig}
768 # disable old configs
769 # just UseLPK/LkpLdapConf supported for now
770 s/^\s*UseLPK/## Obsolete &/
771 s/^\s*Lpk/## Obsolete &/
772 # Enable new ones, assumes /etc/ldap.conf defaults, see HOWTO.ldap-keys
773 /UseLPK/iAuthorizedKeysCommand %{_libexecdir}/ssh-ldap-wrapper
774 ' %{_sysconfdir}/sshd_config
775 if [ ! -x /bin/systemd_booted ] || ! /bin/systemd_booted; then
776 /bin/systemctl try-restart sshd.service || :
778 %service -q sshd reload
781 %systemd_trigger sshd.service
782 if [ -x /bin/systemd_booted ] && /bin/systemd_booted; then
783 %banner %{name}-server -e << EOF
784 !!!!!!!!!!!!!!!!!!!!!!! WARNING !!!!!!!!!!!!!!!!!!!!!!!!!
785 ! Native systemd support for sshd has been installed. !
786 ! Restarting sshd.service with systemctl WILL kill all !
787 ! active ssh sessions (daemon as such will be started). !
788 !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
792 %post -n openldap-schema-openssh-lpk
793 %openldap_schema_register %{schemadir}/openssh-lpk.schema
794 %service -q ldap restart
796 %postun -n openldap-schema-openssh-lpk
797 if [ "$1" = "0" ]; then
798 %openldap_schema_unregister %{schemadir}/openssh-lpk.schema
799 %service -q ldap restart
803 %defattr(644,root,root,755)
804 %doc TODO README OVERVIEW CREDITS Change*
805 %attr(755,root,root) %{_bindir}/ssh-key*
806 #%attr(755,root,root) %{_bindir}/ssh-vulnkey*
807 %{_mandir}/man1/ssh-key*.1*
808 #%{_mandir}/man1/ssh-vulnkey*.1*
813 %defattr(644,root,root,755)
814 %attr(755,root,root) %{_bindir}/ssh
815 %attr(755,root,root) %{_bindir}/sftp
816 %attr(755,root,root) %{_bindir}/ssh-agent
817 %attr(755,root,root) %{_bindir}/ssh-add
818 %attr(755,root,root) %{_bindir}/ssh-copy-id
819 %attr(755,root,root) %{_bindir}/scp
820 %attr(755,root,root) %{_libexecdir}/ssh-pkcs11-helper
821 %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/ssh_config
822 %dir %{_sysconfdir}/ssh_config.d
823 %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/ssh_config.d/50-pld.conf
824 %config(noreplace,missingok) %verify(not md5 mtime size) /etc/env.d/SSH_ASKPASS
825 %{_mandir}/man1/scp.1*
826 %{_mandir}/man1/ssh.1*
827 %{_mandir}/man1/sftp.1*
828 %{_mandir}/man1/ssh-agent.1*
829 %{_mandir}/man1/ssh-add.1*
830 %{_mandir}/man1/ssh-copy-id.1*
831 %{_mandir}/man5/ssh_config.5*
832 %{_mandir}/man8/ssh-pkcs11-helper.8*
833 %lang(it) %{_mandir}/it/man1/ssh.1*
834 %lang(it) %{_mandir}/it/man5/ssh_config.5*
835 %lang(pl) %{_mandir}/pl/man1/scp.1*
836 %lang(zh_CN) %{_mandir}/zh_CN/man1/scp.1*
838 # for host-based auth (suid required for accessing private host key)
839 #%attr(4755,root,root) %{_libexecdir}/ssh-keysign
840 #%{_mandir}/man8/ssh-keysign.8*
842 %files clients-agent-profile_d
843 %defattr(644,root,root,755)
844 %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/ssh-agent.conf
845 %attr(755,root,root) /etc/profile.d/ssh-agent.sh
847 %files clients-agent-xinitrc
848 %defattr(644,root,root,755)
849 %attr(755,root,root) /etc/X11/xinit/xinitrc.d/ssh-agent.sh
851 %files clients-helper-fido
852 %defattr(644,root,root,755)
853 %attr(755,root,root) %{_libexecdir}/ssh-sk-helper
854 %{_mandir}/man8/ssh-sk-helper.8*
857 %defattr(644,root,root,755)
858 %attr(755,root,root) %{_sbindir}/sshd
859 %attr(755,root,root) %{_libexecdir}/sftp-server
860 %attr(755,root,root) %{_libexecdir}/ssh-keysign
861 %attr(755,root,root) %{_libexecdir}/sshd-keygen
862 %{_mandir}/man8/sshd.8*
863 %{_mandir}/man8/sftp-server.8*
864 %{_mandir}/man8/ssh-keysign.8*
865 %{_mandir}/man5/sshd_config.5*
866 %{_mandir}/man5/moduli.5*
867 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/sshd_config
868 %attr(750,root,root) %dir %{_sysconfdir}/sshd_config.d
869 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/sshd_config.d/50-pld.conf
870 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/pam.d/sshd
871 %{_sysconfdir}/moduli
872 %attr(754,root,root) /etc/rc.d/init.d/sshd
873 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/sysconfig/sshd
874 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/security/blacklist.sshd
875 %{systemdunitdir}/sshd.service
876 %{systemdunitdir}/sshd.socket
877 %{systemdunitdir}/sshd@.service
881 %defattr(644,root,root,755)
882 %doc HOWTO.ldap-keys ldap.conf
883 %attr(755,root,root) %{_libexecdir}/ssh-ldap-helper
884 %attr(755,root,root) %{_libexecdir}/ssh-ldap-wrapper
885 %{_mandir}/man5/ssh-ldap.conf.5*
886 %{_mandir}/man8/ssh-ldap-helper.8*
889 %if %{with gnome} || %{with gtk}
891 %defattr(644,root,root,755)
892 %config(noreplace,missingok) %verify(not md5 mtime size) /etc/env.d/GNOME_SSH_ASKPASS*
893 %dir %{_libexecdir}/ssh
894 %attr(755,root,root) %{_libexecdir}/ssh/ssh-askpass
895 %attr(755,root,root) %{_libexecdir}/ssh-askpass
899 %files -n openldap-schema-openssh-lpk
900 %defattr(644,root,root,755)
901 %{schemadir}/openssh-lpk.schema