2 # - add trigger to enable this:
3 # * sshd(8): This release turns on pre-auth sandboxing sshd by default for
4 # new installs, by setting UsePrivilegeSeparation=sandbox in sshd_config.
7 %bcond_without audit # sshd audit support
8 %bcond_with gnome # gnome-askpass (GNOME 1.x) utility
9 %bcond_without gtk # gnome-askpass (GTK+ 2.x) utility
10 %bcond_without ldap # LDAP support
11 %bcond_with ldns # DNSSEC support via libldns
12 %bcond_without libedit # libedit (editline/history support in sftp client)
13 %bcond_without kerberos5 # Kerberos5 support
14 %bcond_without selinux # SELinux support
15 %bcond_without libseccomp # use libseccomp for seccomp privsep (requires 3.5 kernel)
16 %bcond_with hpn # High Performance SSH/SCP - HPN-SSH including Cipher NONE (broken too often)
17 %bcond_without tests # test suite
18 %bcond_with tests_conch # run conch interoperability tests
20 # gtk2-based gnome-askpass means no gnome1-based
21 %{?with_gtk:%undefine with_gnome}
23 %if "%{pld_release}" == "ac"
24 %define pam_ver 0.79.0
26 %define pam_ver 1:1.1.8-5
28 Summary: OpenSSH free Secure Shell (SSH) implementation
29 Summary(de.UTF-8): OpenSSH - freie Implementation der Secure Shell (SSH)
30 Summary(es.UTF-8): Implementación libre de SSH
31 Summary(fr.UTF-8): Implémentation libre du shell sécurisé OpenSSH (SSH)
32 Summary(it.UTF-8): Implementazione gratuita OpenSSH della Secure Shell
33 Summary(pl.UTF-8): Publicznie dostępna implementacja bezpiecznego shella (SSH)
34 Summary(pt.UTF-8): Implementação livre OpenSSH do protocolo 'Secure Shell' (SSH)
35 Summary(pt_BR.UTF-8): Implementação livre do SSH
36 Summary(ru.UTF-8): OpenSSH - свободная реализация протокола Secure Shell (SSH)
37 Summary(uk.UTF-8): OpenSSH - вільна реалізація протоколу Secure Shell (SSH)
43 Group: Applications/Networking
44 Source0: http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/%{name}-%{version}.tar.gz
45 # Source0-md5: 513694343631a99841e815306806edf0
46 Source1: http://www.mif.pg.gda.pl/homepages/ankry/man-PLD/%{name}-non-english-man-pages.tar.bz2
47 # Source1-md5: 66943d481cc422512b537bcc2c7400d1
48 Source2: %{name}d.init
49 Source3: %{name}d.pamd
50 Source4: %{name}.sysconfig
52 Source6: ssh-agent.conf
53 Source7: %{name}-lpk.schema
57 Source12: sshd@.service
58 Patch0: %{name}-no-pty-tests.patch
59 Patch1: %{name}-tests-reuseport.patch
60 Patch2: %{name}-pam_misc.patch
61 Patch3: %{name}-sigpipe.patch
62 # http://pkgs.fedoraproject.org/gitweb/?p=openssh.git;a=tree
63 Patch4: %{name}-ldap.patch
64 Patch5: %{name}-ldap-fixes.patch
65 Patch6: ldap.conf.patch
66 Patch7: %{name}-config.patch
67 Patch8: ldap-helper-sigpipe.patch
68 # High Performance SSH/SCP - HPN-SSH - http://www.psc.edu/networking/projects/hpn-ssh/
69 # http://www.psc.edu/networking/projects/hpn-ssh/openssh-5.2p1-hpn13v6.diff.gz
70 Patch9: %{name}-5.2p1-hpn13v6.diff
71 Patch10: %{name}-include.patch
72 Patch11: %{name}-chroot.patch
73 Patch12: openssh-bug-2905.patch
74 Patch13: %{name}-skip-interop-tests.patch
75 Patch14: %{name}-bind.patch
76 Patch15: %{name}-disable_ldap.patch
77 Patch16: ossh-bug-3093.patch
78 URL: http://www.openssh.com/portable.html
79 BuildRequires: %{__perl}
80 %{?with_audit:BuildRequires: audit-libs-devel}
81 BuildRequires: autoconf >= 2.50
82 BuildRequires: automake
83 %{?with_gnome:BuildRequires: gnome-libs-devel}
84 %{?with_gtk:BuildRequires: gtk+2-devel}
85 %{?with_kerberos5:BuildRequires: heimdal-devel >= 0.7}
86 %{?with_ldns:BuildRequires: ldns-devel}
87 %{?with_libedit:BuildRequires: libedit-devel}
88 BuildRequires: libseccomp-devel
89 %{?with_selinux:BuildRequires: libselinux-devel}
90 %{?with_ldap:BuildRequires: openldap-devel}
91 BuildRequires: openssl-devel >= 1.1.0g
92 BuildRequires: pam-devel
93 %{?with_gtk:BuildRequires: pkgconfig}
94 %if %{with tests} && %{with tests_conch}
95 BuildRequires: python-TwistedConch
97 BuildRequires: rpm >= 4.4.9-56
98 BuildRequires: rpmbuild(macros) >= 1.627
99 BuildRequires: sed >= 4.0
100 BuildRequires: zlib-devel >= 1.2.3
101 %if %{with tests} && 0%(id -u sshd >/dev/null 2>&1; echo $?)
102 BuildRequires: %{name}-server
104 %if %{with tests} && %{with libseccomp}
105 # libseccomp based sandbox requires NO_NEW_PRIVS prctl flag
106 BuildRequires: uname(release) >= 3.5
108 Requires: zlib >= 1.2.3
109 %if "%{pld_release}" == "ac"
110 Requires: filesystem >= 2.0-1
111 Requires: pam >= 0.79.0
113 Requires: filesystem >= 3.0-11
114 Requires: pam >= %{pam_ver}
115 Suggests: xorg-app-xauth
118 BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
120 %define _sysconfdir /etc/ssh
121 %define _libexecdir %{_libdir}/%{name}
122 %define _privsepdir /usr/share/empty
123 %define schemadir /usr/share/openldap/schema
126 Ssh (Secure Shell) a program for logging into a remote machine and for
127 executing commands in a remote machine. It is intended to replace
128 rlogin and rsh, and provide secure encrypted communications between
129 two untrusted hosts over an insecure network. X11 connections and
130 arbitrary TCP/IP ports can also be forwarded over the secure channel.
132 OpenSSH is OpenBSD's rework of the last free version of SSH, bringing
133 it up to date in terms of security and features, as well as removing
134 all patented algorithms to seperate libraries (OpenSSL).
136 This package includes the core files necessary for both the OpenSSH
137 client and server. To make this package useful, you should also
138 install openssh-clients, openssh-server, or both.
141 This release includes High Performance SSH/SCP patches from
142 http://www.psc.edu/networking/projects/hpn-ssh/ which are supposed to
143 increase throughput on fast connections with high RTT (20-150 msec).
144 See the website for '-w' values for your connection and /proc/sys TCP
145 values. BTW. in a LAN you have got generally RTT < 1 msec.
148 %description -l de.UTF-8
149 OpenSSH (Secure Shell) stellt den Zugang zu anderen Rechnern her. Es
150 ersetzt telnet, rlogin, rexec und rsh und stellt eine sichere,
151 verschlüsselte Verbindung zwischen zwei nicht vertrauenswürdigen Hosts
152 über eine unsicheres Netzwerk her. X11 Verbindungen und beliebige
153 andere TCP/IP Ports können ebenso über den sicheren Channel
154 weitergeleitet werden.
156 %description -l es.UTF-8
157 SSH es un programa para accesar y ejecutar órdenes en computadores
158 remotos. Sustituye rlogin y rsh, y suministra un canal de comunicación
159 seguro entre dos servidores en una red insegura. Conexiones X11 y
160 puertas TCP/IP arbitrárias también pueden ser usadas por el canal
163 OpenSSH es el resultado del trabajo del equipo de OpenBSD para
164 continuar la última versión gratuita de SSH, actualizándolo en
165 términos de seguridad y recursos,así también eliminando todos los
166 algoritmos patentados y colocándolos en bibliotecas separadas
169 Este paquete contiene "port" para Linux de OpenSSH. Se debe instalar
170 también el paquete openssh-clients u openssh-server o ambos.
172 %description -l fr.UTF-8
173 OpenSSH (Secure Shell) fournit un accès à un système distant. Il
174 remplace telnet, rlogin, rexec et rsh, tout en assurant des
175 communications cryptées securisées entre deux hôtes non fiabilisés sur
176 un réseau non sécurisé. Des connexions X11 et des ports TCP/IP
177 arbitraires peuvent également être transmis sur le canal sécurisé.
179 %description -l it.UTF-8
180 OpenSSH (Secure Shell) fornisce l'accesso ad un sistema remoto.
181 Sostituisce telnet, rlogin, rexec, e rsh, e fornisce comunicazioni
182 sicure e crittate tra due host non fidati su una rete non sicura. Le
183 connessioni X11 ad una porta TCP/IP arbitraria possono essere
184 inoltrate attraverso un canale sicuro.
186 %description -l pl.UTF-8
187 Ssh (Secure Shell) to program służący do logowania się na zdalną
188 maszynę i uruchamiania na niej aplikacji. W zamierzeniu openssh ma
189 zastąpić rlogin, rsh i dostarczyć bezpieczne, szyfrowane połączenie
190 pomiędzy dwoma hostami.
192 Ten pakiet zawiera podstawowe pliki potrzebne zarówno po stronie
193 klienta jak i serwera OpenSSH. Aby był użyteczny, trzeba zainstalować
194 co najmniej jeden z pakietów: openssh-clients lub openssh-server.
197 Ta wersja zawiera łaty z projektu High Performance SSH/SCP
198 http://www.psc.edu/networking/projects/hpn-ssh/, które mają na celu
199 zwiększenie przepustowości transmisji dla szybkich połączeń z dużym
200 RTT (20-150 msec). Na stronie projektu znaleźć można odpowednie dla
201 danego połączenia wartości parametru '-w' oraz opcje /proc/sys dla
202 TCP. Nawiasem mówiąc w sieciach LAN RTT < 1 msec.
205 %description -l pt.UTF-8
206 OpenSSH (Secure Shell) fornece acesso a um sistema remoto. Substitui o
207 telnet, rlogin, rexec, e o rsh e fornece comunicações seguras e
208 cifradas entre duas máquinas sem confiança mútua sobre uma rede
209 insegura. Ligações X11 e portos TCP/IP arbitrários também poder ser
210 reenviados pelo canal seguro.
212 %description -l pt_BR.UTF-8
213 SSH é um programa para acessar e executar comandos em máquinas
214 remotas. Ele substitui rlogin e rsh, e provem um canal de comunicação
215 seguro entre dois hosts em uma rede insegura. Conexões X11 e portas
216 TCP/IP arbitrárias também podem ser usadas pelo canal seguro.
218 OpenSSH é o resultado do trabalho da equipe do OpenBSD em continuar a
219 última versão gratuita do SSH, atualizando-o em termos de segurança e
220 recursos, assim como removendo todos os algoritmos patenteados e
221 colocando-os em bibliotecas separadas (OpenSSL).
223 Esse pacote contém o "port" pra Linux do OpenSSH. Você deve instalar
224 também ou o pacote openssh-clients, ou o openssh-server, ou ambos.
226 %description -l ru.UTF-8
227 Ssh (Secure Shell) - это программа для "захода" (login) на удаленную
228 машину и для выполнения команд на удаленной машине. Она предназначена
229 для замены rlogin и rsh и обеспечивает безопасную шифрованную
230 коммуникацию между двумя хостами в сети, являющейся небезопасной.
231 Соединения X11 и любые порты TCP/IP могут также быть проведены через
234 OpenSSH - это переделка командой разработчиков OpenBSD последней
235 свободной версии SSH, доведенная до современного состояния в терминах
236 уровня безопасности и поддерживаемых возможностей. Все патентованные
237 алгоритмы вынесены в отдельные библиотеки (OpenSSL).
239 Этот пакет содержит файлы, необходимые как для клиента, так и для
240 сервера OpenSSH. Вам нужно будет установить еще openssh-clients,
241 openssh-server, или оба пакета.
243 %description -l uk.UTF-8
244 Ssh (Secure Shell) - це програма для "заходу" (login) до віддаленої
245 машини та для виконання команд на віддаленій машині. Вона призначена
246 для заміни rlogin та rsh і забезпечує безпечну шифровану комунікацію
247 між двома хостами в мережі, яка не є безпечною. З'єднання X11 та
248 довільні порти TCP/IP можуть також бути проведені через безпечний
251 OpenSSH - це переробка командою розробників OpenBSD останньої вільної
252 версії SSH, доведена до сучасного стану в термінах рівня безпеки та
253 підтримуваних можливостей. Всі патентовані алгоритми винесені до
254 окремих бібліотек (OpenSSL).
256 Цей пакет містить файли, необхідні як для клієнта, так і для сервера
257 OpenSSH. Вам потрібно буде ще встановити openssh-clients,
258 openssh-server, чи обидва пакети.
261 Summary: OpenSSH Secure Shell protocol clients
262 Summary(es.UTF-8): Clientes de OpenSSH
263 Summary(pl.UTF-8): Klienci protokołu Secure Shell
264 Summary(pt_BR.UTF-8): Clientes do OpenSSH
265 Summary(ru.UTF-8): OpenSSH - клиенты протокола Secure Shell
266 Summary(uk.UTF-8): OpenSSH - клієнти протоколу Secure Shell
267 Group: Applications/Networking
269 Provides: ssh-clients
270 Obsoletes: ssh-clients
271 %requires_eq_to openssl openssl-devel
274 Ssh (Secure Shell) a program for logging into a remote machine and for
275 executing commands in a remote machine. It is intended to replace
276 rlogin and rsh, and provide secure encrypted communications between
277 two untrusted hosts over an insecure network. X11 connections and
278 arbitrary TCP/IP ports can also be forwarded over the secure channel.
280 OpenSSH is OpenBSD's rework of the last free version of SSH, bringing
281 it up to date in terms of security and features, as well as removing
282 all patented algorithms to seperate libraries (OpenSSL).
284 This package includes the clients necessary to make encrypted
285 connections to SSH servers.
287 %description clients -l es.UTF-8
288 Este paquete incluye los clientes que se necesitan para hacer
289 conexiones codificadas con servidores SSH.
291 %description clients -l pl.UTF-8
292 Ssh (Secure Shell) to program służący do logowania się na zdalną
293 maszynę i uruchamiania na niej aplikacji. W zamierzeniu openssh ma
294 zastąpić rlogin, rsh i dostarczyć bezpieczne, szyfrowane połączenie
295 pomiędzy dwoma hostami.
297 Ten pakiet zawiera klientów służących do łączenia się z serwerami SSH.
299 %description clients -l pt_BR.UTF-8
300 Esse pacote inclui os clientes necessários para fazer conexões
301 encriptadas com servidores SSH.
303 %description clients -l ru.UTF-8
304 Ssh (Secure Shell) - это программа для "захода" (login) на удаленную
305 машину и для выполнения команд на удаленной машине.
307 Этот пакет содержит программы-клиенты, необходимые для установления
308 зашифрованных соединений с серверами SSH.
310 %description clients -l uk.UTF-8
311 Ssh (Secure Shell) - це програма для "заходу" (login) до віддаленої
312 машини та для виконання команд на віддаленій машині.
314 Цей пакет містить програми-клієнти, необхідні для встановлення
315 зашифрованих з'єднань з серверами SSH.
317 %package clients-agent-profile_d
318 Summary: OpenSSH Secure Shell agent init script
319 Summary(pl.UTF-8): Skrypt startowy agenta OpenSSH
320 Group: Applications/Networking
321 Requires: %{name}-clients = %{epoch}:%{version}-%{release}
323 %description clients-agent-profile_d
324 profile.d scripts for starting SSH agent.
326 %description clients-agent-profile_d -l pl.UTF-8
327 Skrypty profile.d do uruchamiania agenta SSH.
329 %package clients-agent-xinitrc
330 Summary: OpenSSH Secure Shell agent init script
331 Summary(pl.UTF-8): Skrypt inicjujący agenta ssh przez xinitrc
332 Group: Applications/Networking
333 Requires: %{name}-clients-agent-profile_d = %{epoch}:%{version}-%{release}
336 %description clients-agent-xinitrc
337 xinitrc scripts for starting SSH agent.
339 %description clients-agent-xinitrc -l pl.UTF-8
340 Skrypty xinitrc do uruchamiania agenta SSH.
343 Summary: OpenSSH Secure Shell protocol server (sshd)
344 Summary(de.UTF-8): OpenSSH Secure Shell Protocol-Server (sshd)
345 Summary(es.UTF-8): Servidor OpenSSH para comunicaciones codificadas
346 Summary(fr.UTF-8): Serveur de protocole du shell sécurisé OpenSSH (sshd)
347 Summary(it.UTF-8): Server OpenSSH per il protocollo Secure Shell (sshd)
348 Summary(pl.UTF-8): Serwer protokołu Secure Shell (sshd)
349 Summary(pt.UTF-8): Servidor do protocolo 'Secure Shell' OpenSSH (sshd)
350 Summary(pt_BR.UTF-8): Servidor OpenSSH para comunicações encriptadas
351 Summary(ru.UTF-8): OpenSSH - сервер протокола Secure Shell (sshd)
352 Summary(uk.UTF-8): OpenSSH - сервер протоколу Secure Shell (sshd)
353 Group: Networking/Daemons
354 Requires(post): /sbin/chkconfig
356 Requires(post,preun): /sbin/chkconfig
357 Requires(postun): /usr/sbin/userdel
358 Requires(pre): /bin/id
359 Requires(pre): /usr/sbin/useradd
360 Requires(post,preun,postun): systemd-units >= 38
361 Requires: %{name} = %{epoch}:%{version}-%{release}
362 Requires: pam >= %{pam_ver}
363 Requires: rc-scripts >= 0.4.3.0
364 Requires: systemd-units >= 38
365 %{?with_libseccomp:Requires: uname(release) >= 3.5}
367 %{?with_ldap:Suggests: %{name}-server-ldap}
369 Suggests: xorg-app-xauth
372 %requires_eq_to openssl openssl-devel
375 Ssh (Secure Shell) a program for logging into a remote machine and for
376 executing commands in a remote machine. It is intended to replace
377 rlogin and rsh, and provide secure encrypted communications between
378 two untrusted hosts over an insecure network. X11 connections and
379 arbitrary TCP/IP ports can also be forwarded over the secure channel.
381 OpenSSH is OpenBSD's rework of the last free version of SSH, bringing
382 it up to date in terms of security and features, as well as removing
383 all patented algorithms to seperate libraries (OpenSSL).
385 This package contains the secure shell daemon. The sshd is the server
386 part of the secure shell protocol and allows ssh clients to connect to
389 %description server -l de.UTF-8
390 Dieses Paket installiert den sshd, den Server-Teil der OpenSSH.
392 %description server -l es.UTF-8
393 Este paquete contiene el servidor SSH. sshd es la parte servidor del
394 protocolo secure shell y permite que clientes ssh se conecten a su
397 %description server -l fr.UTF-8
398 Ce paquetage installe le 'sshd', partie serveur de OpenSSH.
400 %description server -l it.UTF-8
401 Questo pacchetto installa sshd, il server di OpenSSH.
403 %description server -l pl.UTF-8
404 Ssh (Secure Shell) to program służący do logowania się na zdalną
405 maszynę i uruchamiania na niej aplikacji. W zamierzeniu openssh ma
406 zastąpić rlogin, rsh i dostarczyć bezpieczne, szyfrowane połączenie
407 pomiędzy dwoma hostami.
409 Ten pakiet zawiera serwer sshd (do którego mogą łączyć się klienci
412 %description server -l pt.UTF-8
413 Este pacote intala o sshd, o servidor do OpenSSH.
415 %description server -l pt_BR.UTF-8
416 Esse pacote contém o servidor SSH. O sshd é a parte servidor do
417 protocolo secure shell e permite que clientes ssh se conectem ao seu
420 %description server -l ru.UTF-8
421 Ssh (Secure Shell) - это программа для "захода" (login) на удаленную
422 машину и для выполнения команд на удаленной машине.
424 Этот пакет содержит sshd - "демон" Secure Shell. sshd - это серверная
425 часть протокола Secure Shell, позволяющая клиентам ssh соединяться с
428 %description server -l uk.UTF-8
429 Ssh (Secure Shell) - це програма для "заходу" (login) до віддаленої
430 машини та для виконання команд на віддаленій машині.
432 Цей пакет містить sshd - "демон" Secure Shell. sshd - це серверна
433 частина протоколу Secure Shell, яка дозволяє клієнтам ssh зв'язуватись
437 Summary: A LDAP support for open source SSH server daemon
438 Summary(pl.UTF-8): Wsparcie LDAP dla serwera OpenSSH
440 Requires: %{name} = %{epoch}:%{version}-%{release}
441 Requires: openldap-nss-config
443 %description server-ldap
444 OpenSSH LDAP backend is a way how to distribute the authorized tokens
445 among the servers in the network.
447 %description server-ldap -l pl.UTF-8
448 Backend LDAP dla OpenSSH to metoda rozprowadzania autoryzowanych
449 tokenów między serwerami w sieci.
451 %package gnome-askpass
452 Summary: OpenSSH GNOME passphrase dialog
453 Summary(de.UTF-8): OpenSSH GNOME Passwort-Dialog
454 Summary(es.UTF-8): Diálogo para introducción de passphrase para GNOME
455 Summary(fr.UTF-8): Dialogue pass-phrase GNOME d'OpenSSH
456 Summary(it.UTF-8): Finestra di dialogo GNOME per la frase segreta di OpenSSH
457 Summary(pl.UTF-8): Odpytywacz hasła OpenSSH dla GNOME
458 Summary(pt.UTF-8): Diálogo de pedido de senha para GNOME do OpenSSH
459 Summary(pt_BR.UTF-8): Diálogo para entrada de passphrase para GNOME
460 Summary(ru.UTF-8): OpenSSH - диалог ввода ключевой фразы (passphrase) для GNOME
461 Summary(uk.UTF-8): OpenSSH - діалог вводу ключової фрази (passphrase) для GNOME
462 Group: Applications/Networking
463 Requires: %{name} = %{epoch}:%{version}-%{release}
464 Obsoletes: openssh-askpass
465 Obsoletes: ssh-askpass
466 Obsoletes: ssh-extras
468 %description gnome-askpass
469 Ssh (Secure Shell) a program for logging into a remote machine and for
470 executing commands in a remote machine. It is intended to replace
471 rlogin and rsh, and provide secure encrypted communications between
472 two untrusted hosts over an insecure network. X11 connections and
473 arbitrary TCP/IP ports can also be forwarded over the secure channel.
475 OpenSSH is OpenBSD's rework of the last free version of SSH, bringing
476 it up to date in terms of security and features, as well as removing
477 all patented algorithms to seperate libraries (OpenSSL).
479 This package contains the GNOME passphrase dialog.
481 %description gnome-askpass -l es.UTF-8
482 Este paquete contiene un programa que abre una caja de diálogo para
483 entrada de passphrase en GNOME.
485 %description gnome-askpass -l pl.UTF-8
486 Ssh (Secure Shell) to program służący do logowania się na zdalną
487 maszynę i uruchamiania na niej aplikacji. W zamierzeniu openssh ma
488 zastąpić rlogin, rsh i dostarczyć bezpieczne, szyfrowane połączenie
489 pomiędzy dwoma hostami.
491 Ten pakiet zawiera ,,odpytywacz hasła'' dla GNOME.
493 %description gnome-askpass -l pt_BR.UTF-8
494 Esse pacote contém um programa que abre uma caixa de diálogo para
495 entrada de passphrase no GNOME.
497 %description gnome-askpass -l ru.UTF-8
498 Ssh (Secure Shell) - это программа для "захода" (login) на удаленную
499 машину и для выполнения команд на удаленной машине.
501 Этот пакет содержит диалог ввода ключевой фразы для использования под
504 %description gnome-askpass -l uk.UTF-8
505 Ssh (Secure Shell) - це програма для "заходу" (login) до віддаленої
506 машини та для виконання команд на віддаленій машині.
508 Цей пакет містить діалог вводу ключової фрази для використання під
511 %package -n openldap-schema-openssh-lpk
512 Summary: OpenSSH LDAP Public Key schema
513 Summary(pl.UTF-8): Schemat klucza publicznego LDAP dla OpenSSH
514 Group: Networking/Daemons
515 Requires(post,postun): sed >= 4.0
516 Requires: openldap-servers
517 %if "%{_rpmversion}" >= "5"
521 %description -n openldap-schema-openssh-lpk
522 This package contains OpenSSH LDAP Public Key schema for openldap.
524 %description -n openldap-schema-openssh-lpk -l pl.UTF-8
525 Ten pakiet zawiera schemat klucza publicznego LDAP dla OpenSSH dla
540 %{?with_hpn:%patch9 -p1}
547 %{!?with_ldap:%patch15 -p1}
549 %if "%{pld_release}" == "ac"
550 # fix for missing x11.pc
551 %{__sed} -i -e 's/\(`$(PKG_CONFIG) --libs gtk+-2.0\) x11`/\1` -lX11/' contrib/Makefile
556 # hack since arc4random from openbsd-compat needs symbols from libssh and vice versa
557 sed -i -e 's#-lssh -lopenbsd-compat#-lssh -lopenbsd-compat -lssh -lopenbsd-compat#g' Makefile*
559 grep -rl /usr/libexec/openssh/ssh-ldap-helper . | xargs \
560 %{__sed} -i -e 's,/usr/libexec/openssh/ssh-ldap-helper,%{_libexecdir}/ssh-ldap-helper,'
562 # prevent being ovewritten by aclocal calls
563 %{__mv} aclocal.m4 acinclude.m4
566 cp /usr/share/automake/config.sub .
570 CPPFLAGS="%{rpmcppflags} -DCHROOT -std=gnu99"
577 %{?with_audit:--with-audit=linux} \
578 --with-ipaddr-display \
579 %{?with_kerberos5:--with-kerberos5=/usr} \
580 --with-ldap%{!?with_ldap:=no} \
581 %{?with_ldns:--with-ldns} \
582 %{?with_libedit:--with-libedit} \
584 --with-md5-passwords \
586 --with-pid-dir=%{_localstatedir}/run \
587 --with-privsep-path=%{_privsepdir} \
588 --with-privsep-user=sshd \
589 %{?with_selinux:--with-selinux} \
590 %if "%{pld_release}" == "ac"
591 --with-xauth=/usr/X11R6/bin/xauth
593 --with-sandbox=seccomp_filter \
594 --with-xauth=%{_bindir}/xauth
597 echo '#define LOGIN_PROGRAM "/bin/login"' >>config.h
602 %{__make} -j1 tests \
603 TEST_SSH_PORT=$((4242 + ${RANDOM:-$$} % 1000)) \
604 TEST_SSH_TRACE="yes" \
605 %if %{without tests_conch}
606 SKIP_LTESTS="conch-ciphers"
612 %{__make} gnome-ssh-askpass1 \
613 CC="%{__cc} %{rpmldflags} %{rpmcflags}"
616 %{__make} gnome-ssh-askpass2 \
617 CC="%{__cc} %{rpmldflags} %{rpmcflags}"
621 rm -rf $RPM_BUILD_ROOT
622 install -d $RPM_BUILD_ROOT{%{_sysconfdir},/etc/{pam.d,rc.d/init.d,sysconfig,security,env.d}} \
623 $RPM_BUILD_ROOT{%{_libexecdir}/ssh,%{schemadir},%{systemdunitdir}}
624 install -d $RPM_BUILD_ROOT/etc/{profile.d,X11/xinit/xinitrc.d}
627 DESTDIR=$RPM_BUILD_ROOT
629 bzip2 -dc %{SOURCE1} | tar xf - -C $RPM_BUILD_ROOT%{_mandir}
631 install -p %{SOURCE2} $RPM_BUILD_ROOT/etc/rc.d/init.d/sshd
632 cp -p %{SOURCE3} $RPM_BUILD_ROOT/etc/pam.d/sshd
633 cp -p %{SOURCE4} $RPM_BUILD_ROOT/etc/sysconfig/sshd
634 cp -p %{SOURCE5} $RPM_BUILD_ROOT/etc/profile.d
635 ln -sf /etc/profile.d/ssh-agent.sh $RPM_BUILD_ROOT/etc/X11/xinit/xinitrc.d/ssh-agent.sh
636 cp -p %{SOURCE6} $RPM_BUILD_ROOT%{_sysconfdir}
637 cp -p %{SOURCE7} $RPM_BUILD_ROOT%{schemadir}
639 cp -p %{SOURCE9} %{SOURCE11} %{SOURCE12} $RPM_BUILD_ROOT%{systemdunitdir}
640 install -p %{SOURCE10} $RPM_BUILD_ROOT%{_libexecdir}/sshd-keygen
642 %{__sed} -i -e 's|@@LIBEXECDIR@@|%{_libexecdir}|g' \
643 $RPM_BUILD_ROOT/etc/rc.d/init.d/sshd \
644 $RPM_BUILD_ROOT%{systemdunitdir}/sshd.service \
645 $RPM_BUILD_ROOT%{systemdunitdir}/sshd@.service \
646 $RPM_BUILD_ROOT%{_libexecdir}/sshd-keygen
649 install -p contrib/gnome-ssh-askpass1 $RPM_BUILD_ROOT%{_libexecdir}/ssh/ssh-askpass
652 install -p contrib/gnome-ssh-askpass2 $RPM_BUILD_ROOT%{_libexecdir}/ssh/ssh-askpass
654 %if %{with gnome} || %{with gtk}
655 cat << 'EOF' >$RPM_BUILD_ROOT/etc/env.d/GNOME_SSH_ASKPASS_GRAB_SERVER
656 #GNOME_SSH_ASKPASS_GRAB_SERVER="true"
658 cat << 'EOF' >$RPM_BUILD_ROOT/etc/env.d/GNOME_SSH_ASKPASS_GRAB_POINTER
659 #GNOME_SSH_ASKPASS_GRAB_POINTER="true"
661 ln -s %{_libexecdir}/ssh/ssh-askpass $RPM_BUILD_ROOT%{_libexecdir}/ssh-askpass
664 install -p contrib/ssh-copy-id $RPM_BUILD_ROOT%{_bindir}
665 cp -p contrib/ssh-copy-id.1 $RPM_BUILD_ROOT%{_mandir}/man1
667 touch $RPM_BUILD_ROOT/etc/security/blacklist.sshd
669 cat << 'EOF' > $RPM_BUILD_ROOT/etc/env.d/SSH_ASKPASS
670 #SSH_ASKPASS="%{_libexecdir}/ssh-askpass"
673 %if "%{pld_release}" == "ac"
674 # not present in ac, no point searching it
675 %{__sed} -i -e '/pam_keyinit.so/d' $RPM_BUILD_ROOT/etc/pam.d/sshd
676 # openssl on ac does not have OPENSSL_HAS_ECC
677 %{__sed} -i -e '/ecdsa/d' $RPM_BUILD_ROOT%{_libexecdir}/sshd-keygen
681 # remove recording user's login uid to the process attribute
682 %{__sed} -i -e '/pam_loginuid.so/d' $RPM_BUILD_ROOT/etc/pam.d/sshd
685 %{__rm} $RPM_BUILD_ROOT%{_mandir}/README.openssh-non-english-man-pages
686 %{?with_ldap:%{__rm} $RPM_BUILD_ROOT%{_sysconfdir}/ldap.conf}
689 rm -rf $RPM_BUILD_ROOT
700 %postun gnome-askpass
704 %useradd -P %{name}-server -u 40 -d %{_privsepdir} -s /bin/false -c "OpenSSH PrivSep User" -g nobody sshd
707 /sbin/chkconfig --add sshd
708 %service sshd reload "OpenSSH Daemon"
710 %systemd_post sshd.service
713 if [ "$1" = "0" ]; then
715 /sbin/chkconfig --del sshd
717 %systemd_preun sshd.service
720 if [ "$1" = "0" ]; then
725 %triggerpostun server -- %{name}-server < 2:7.0p1-2
726 %banner %{name}-server -e << EOF
727 !!!!!!!!!!!!!!!!!!!!!!! WARNING !!!!!!!!!!!!!!!!!!!
728 ! Starting from openssh 7.0 DSA keys are disabled !
729 ! on server and client side. You will NOT be able !
730 ! to use DSA keys for authentication. Please read !
731 ! about PubkeyAcceptedKeyTypes in man ssh_config. !
732 !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
735 %triggerpostun server -- %{name}-server < 6.2p1-1
736 cp -f %{_sysconfdir}/sshd_config{,.rpmorig}
737 sed -i -e 's#AuthorizedKeysCommandRunAs#AuthorizedKeysCommandUser##g' %{_sysconfdir}/sshd_config
739 %triggerpostun server -- %{name}-server < 2:5.9p1-8
740 # lpk.patch to ldap.patch
741 if grep -qE '^(UseLPK|Lpk)' %{_sysconfdir}/sshd_config; then
742 echo >&2 "Migrating LPK patch to LDAP patch"
743 cp -f %{_sysconfdir}/sshd_config{,.rpmorig}
745 # disable old configs
746 # just UseLPK/LkpLdapConf supported for now
747 s/^\s*UseLPK/## Obsolete &/
748 s/^\s*Lpk/## Obsolete &/
749 # Enable new ones, assumes /etc/ldap.conf defaults, see HOWTO.ldap-keys
750 /UseLPK/iAuthorizedKeysCommand %{_libexecdir}/ssh-ldap-wrapper
751 ' %{_sysconfdir}/sshd_config
752 if [ ! -x /bin/systemd_booted ] || ! /bin/systemd_booted; then
753 /bin/systemctl try-restart sshd.service || :
755 %service -q sshd reload
758 %systemd_trigger sshd.service
759 if [ -x /bin/systemd_booted ] && /bin/systemd_booted; then
760 %banner %{name}-server -e << EOF
761 !!!!!!!!!!!!!!!!!!!!!!! WARNING !!!!!!!!!!!!!!!!!!!!!!!!!
762 ! Native systemd support for sshd has been installed. !
763 ! Restarting sshd.service with systemctl WILL kill all !
764 ! active ssh sessions (daemon as such will be started). !
765 !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
769 %post -n openldap-schema-openssh-lpk
770 %openldap_schema_register %{schemadir}/openssh-lpk.schema
771 %service -q ldap restart
773 %postun -n openldap-schema-openssh-lpk
774 if [ "$1" = "0" ]; then
775 %openldap_schema_unregister %{schemadir}/openssh-lpk.schema
776 %service -q ldap restart
780 %defattr(644,root,root,755)
781 %doc TODO README OVERVIEW CREDITS Change*
782 %attr(755,root,root) %{_bindir}/ssh-key*
783 #%attr(755,root,root) %{_bindir}/ssh-vulnkey*
784 %{_mandir}/man1/ssh-key*.1*
785 #%{_mandir}/man1/ssh-vulnkey*.1*
790 %defattr(644,root,root,755)
791 %attr(755,root,root) %{_bindir}/ssh
792 %attr(755,root,root) %{_bindir}/sftp
793 %attr(755,root,root) %{_bindir}/ssh-agent
794 %attr(755,root,root) %{_bindir}/ssh-add
795 %attr(755,root,root) %{_bindir}/ssh-copy-id
796 %attr(755,root,root) %{_bindir}/scp
797 %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/ssh_config
798 %config(noreplace,missingok) %verify(not md5 mtime size) /etc/env.d/SSH_ASKPASS
799 %{_mandir}/man1/scp.1*
800 %{_mandir}/man1/ssh.1*
801 %{_mandir}/man1/sftp.1*
802 %{_mandir}/man1/ssh-agent.1*
803 %{_mandir}/man1/ssh-add.1*
804 %{_mandir}/man1/ssh-copy-id.1*
805 %{_mandir}/man5/ssh_config.5*
806 %lang(it) %{_mandir}/it/man1/ssh.1*
807 %lang(it) %{_mandir}/it/man5/ssh_config.5*
808 %lang(pl) %{_mandir}/pl/man1/scp.1*
809 %lang(zh_CN) %{_mandir}/zh_CN/man1/scp.1*
811 # for host-based auth (suid required for accessing private host key)
812 #%attr(4755,root,root) %{_libexecdir}/ssh-keysign
813 #%{_mandir}/man8/ssh-keysign.8*
815 %files clients-agent-profile_d
816 %defattr(644,root,root,755)
817 %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/ssh-agent.conf
818 %attr(755,root,root) /etc/profile.d/ssh-agent.sh
820 %files clients-agent-xinitrc
821 %defattr(644,root,root,755)
822 %attr(755,root,root) /etc/X11/xinit/xinitrc.d/ssh-agent.sh
825 %defattr(644,root,root,755)
826 %attr(755,root,root) %{_sbindir}/sshd
827 %attr(755,root,root) %{_libexecdir}/sftp-server
828 %attr(755,root,root) %{_libexecdir}/ssh-keysign
829 %attr(755,root,root) %{_libexecdir}/ssh-pkcs11-helper
830 %attr(755,root,root) %{_libexecdir}/sshd-keygen
831 %{_mandir}/man8/sshd.8*
832 %{_mandir}/man8/sftp-server.8*
833 %{_mandir}/man8/ssh-keysign.8*
834 %{_mandir}/man8/ssh-pkcs11-helper.8*
835 %{_mandir}/man5/sshd_config.5*
836 %{_mandir}/man5/moduli.5*
837 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/sshd_config
838 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/pam.d/sshd
839 %{_sysconfdir}/moduli
840 %attr(754,root,root) /etc/rc.d/init.d/sshd
841 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/sysconfig/sshd
842 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/security/blacklist.sshd
843 %{systemdunitdir}/sshd.service
844 %{systemdunitdir}/sshd.socket
845 %{systemdunitdir}/sshd@.service
849 %defattr(644,root,root,755)
850 %doc HOWTO.ldap-keys ldap.conf
851 %attr(755,root,root) %{_libexecdir}/ssh-ldap-helper
852 %attr(755,root,root) %{_libexecdir}/ssh-ldap-wrapper
853 %{_mandir}/man5/ssh-ldap.conf.5*
854 %{_mandir}/man8/ssh-ldap-helper.8*
857 %if %{with gnome} || %{with gtk}
859 %defattr(644,root,root,755)
860 %config(noreplace,missingok) %verify(not md5 mtime size) /etc/env.d/GNOME_SSH_ASKPASS*
861 %dir %{_libexecdir}/ssh
862 %attr(755,root,root) %{_libexecdir}/ssh/ssh-askpass
863 %attr(755,root,root) %{_libexecdir}/ssh-askpass
867 %files -n openldap-schema-openssh-lpk
868 %defattr(644,root,root,755)
869 %{schemadir}/openssh-lpk.schema