[packages/openssh.git] / openssh.spec

Summary:	OpenSSH free Secure Shell (SSH) implementation
Name:		openssh
Version:	1.2.3
Release:	1
License:	BSD
Group:		Applications/Networking
Group(pl):	Aplikacje/Sieciowe
Source0:	ftp://ftp.franken.de/pub/Linux/openssh/files/%{name}-%{version}.tar.gz
Source1:	opensshd.conf
Source2:	openssh.conf
Source3:	opensshd.init
Source4:	opensshd.pamd
Source5:	openssh.sysconfig
Source6:	passwd.pamd
Patch0:		openssh-PAM_NEW_AUTHTOK.patch
Patch1:		openssh-libwrap.patch
BuildRequires:	openssl-devel >= 0.9.4-2
BuildRequires:	zlib-devel
BuildRequires:	pam-devel
BuildRequires:	XFree86-devel
BuildRequires:	gnome-libs-devel
BuildRoot:	%{tmpdir}/%{name}-%{version}-root-%(id -u -n)
Obsoletes:	ssh < %{version}, ssh > %{version}

%define		_sysconfdir	/etc/ssh

%description
Ssh (Secure Shell) a program for logging into a remote machine and for
executing commands in a remote machine. It is intended to replace rlogin and
rsh, and provide secure encrypted communications between two untrusted hosts
over an insecure network. X11 connections and arbitrary TCP/IP ports can
also be forwarded over the secure channel.

OpenSSH is OpenBSD's rework of the last free version of SSH, bringing it up
to date in terms of security and features, as well as removing all patented
algorithms to seperate libraries (OpenSSL).

This package includes the core files necessary for both the OpenSSH
client and server. To make this package useful, you should also
install openssh-clients, openssh-server, or both.

%package clients
Summary:	OpenSSH Secure Shell protocol clients
Requires:	openssh
Group:		Applications/Networking
Group(pl):	Aplikacje/Sieciowe
Obsoletes:	ssh-clients < %{version}, ssh-clients > %{version}
Requires:	%{name} = %{version}

%description clients
Ssh (Secure Shell) a program for logging into a remote machine and for
executing commands in a remote machine. It is intended to replace rlogin and
rsh, and provide secure encrypted communications between two untrusted hosts
over an insecure network. X11 connections and arbitrary TCP/IP ports can
also be forwarded over the secure channel.

OpenSSH is OpenBSD's rework of the last free version of SSH, bringing it up
to date in terms of security and features, as well as removing all patented
algorithms to seperate libraries (OpenSSL).

This package includes the clients necessary to make encrypted connections to
SSH servers.

%package server
Summary:	OpenSSH Secure Shell protocol server (sshd)
Requires:	openssh chkconfig >= 0.9
Group:		Networking/Daemons
Group(pl):	Sieciowe/Serwery
Obsoletes:	ssh-server < %{version}, ssh-server > %{version}
Requires:	rc-scripts
Requires:	/bin/login
Requires:	util-linux
Prereq:		%{name} = %{version}

%description server
Ssh (Secure Shell) a program for logging into a remote machine and for
executing commands in a remote machine. It is intended to replace rlogin and
rsh, and provide secure encrypted communications between two untrusted hosts
over an insecure network. X11 connections and arbitrary TCP/IP ports can
also be forwarded over the secure channel.

OpenSSH is OpenBSD's rework of the last free version of SSH, bringing it up
to date in terms of security and features, as well as removing all patented
algorithms to seperate libraries (OpenSSL).

This package contains the secure shell daemon. The sshd is the server part
of the secure shell protocol and allows ssh clients to connect to your host.

%package gnome-askpass
Summary:	OpenSSH GNOME passphrase dialog
Group:		Applications/Networking
Group(pl):	Aplikacje/Sieciowe
Requires:	%{name} = %{version}
Obsoletes:	ssh-extras < %{version}, ssh-extras > %{version}
Obsoletes:	ssh-askpass < %{version}, ssh-askpass > %{version}
Obsoletes:	openssh-askpass < %{version}, openssh-askpass > %{version}

%description gnome-askpass
Ssh (Secure Shell) a program for logging into a remote machine and for
executing commands in a remote machine. It is intended to replace rlogin
and rsh, and provide secure encrypted communications between two untrusted
hosts over an insecure network. X11 connections and arbitrary TCP/IP ports
can also be forwarded over the secure channel.

OpenSSH is OpenBSD's rework of the last free version of SSH, bringing it up
to date in terms of security and features, as well as removing all patented
algorithms to seperate libraries (OpenSSL).

This package contains the GNOME passphrase dialog.

%prep
%setup  -q
%patch0 -p1
%patch1 -p1

%build
autoconf
%configure \
	--with-gnome-askpass \
	--with-tcp-wrappers \
	--with-md5-passwords \
	--with-ipaddr-display \
	--enable-ipv6 \
	--enable-log-auth 

# with ipv4-default sshd can't listen on IPv6 and IPv4 sockets
#	--with-ipv4-default \
# broken options
#	--without-kerberos4 \
#	--without-afs \
#	--without-skey 

echo '#define LOGIN_PROGRAM           "/bin/login"' >>config.h

make

%install
rm -rf $RPM_BUILD_ROOT

install -d $RPM_BUILD_ROOT{%{_sysconfdir},/etc/{pam.d,rc.d/init.d,sysconfig,security}}

make install DESTDIR="$RPM_BUILD_ROOT"

install %{SOURCE4} $RPM_BUILD_ROOT/etc/pam.d/sshd
install %{SOURCE6} $RPM_BUILD_ROOT/etc/pam.d/passwdssh
install %{SOURCE5} $RPM_BUILD_ROOT/etc/sysconfig/sshd
install %{SOURCE3} $RPM_BUILD_ROOT/etc/rc.d/init.d/sshd
install %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/ssh_config
install %{SOURCE1} $RPM_BUILD_ROOT%{_sysconfdir}/sshd_config

mv -f 	$RPM_BUILD_ROOT%{_libexecdir}/ssh/gnome-ssh-askpass \
	$RPM_BUILD_ROOT%{_libexecdir}/ssh/ssh-askpass

gzip -9fn ChangeLog OVERVIEW COPYING.Ylonen README README.Ylonen UPGRADING \
	$RPM_BUILD_ROOT/%{_mandir}/man*/*

touch $RPM_BUILD_ROOT/etc/security/blacklist.sshd
	
%clean
rm -rf $RPM_BUILD_ROOT

%post server
/sbin/chkconfig --add sshd
if [ ! -f /etc/ssh/ssh_host_key -o ! -s /etc/ssh/ssh_host_key ]; then
	/usr/bin/ssh-keygen -b 1024 -f /etc/ssh/ssh_host_key -N '' 1>&2
fi
if [ -f /var/lock/subsys/sshd ]; then
	/etc/rc.d/init.d/sshd restart 1>&2
fi
if ! grep ssh /etc/security/passwd.conf >/dev/null 2>&1 ; then
	echo "ssh" >> /etc/security/passwd.conf
fi

%preun server
if [ "$1" = 0 ]; then
	if [ -f /var/lock/subsys/sshd ]; then
		/etc/rc.d/init.d/sshd stop 1>&2
	fi
	/sbin/chkconfig --del sshd
fi

%files
%defattr(644,root,root,755)
%doc {ChangeLog,OVERVIEW,COPYING.Ylonen,README,README.Ylonen,UPGRADING}.gz
%attr(755,root,root) %{_bindir}/ssh-keygen
%{_mandir}/man1/ssh-keygen.1*
%dir %{_sysconfdir}

%files clients
%defattr(644,root,root,755)
# suid root ?
#%attr(4755,root,root) %{_bindir}/ssh
%attr(0755,root,root) %{_bindir}/ssh
%attr(0755,root,root) %{_bindir}/ssh-agent
%attr(0755,root,root) %{_bindir}/ssh-add
#%attr(0755,root,root) %{_bindir}/slogin
%attr(755,root,root) %{_bindir}/scp
%{_mandir}/man1/scp.1*
%{_mandir}/man1/ssh.1*
%{_mandir}/man1/ssh-agent.1*
%{_mandir}/man1/ssh-add.1*
#%{_mandir}/man1/slogin.1
%config(noreplace) %verify(not md5 size mtime) %{_sysconfdir}/ssh_config

%files server
%defattr(644,root,root,755)
%attr(755,root,root) %{_sbindir}/sshd
%{_mandir}/man8/sshd.8*
%attr(640,root,root) %config(noreplace) %verify(not md5 size mtime) %{_sysconfdir}/sshd_config
%attr(640,root,root) %config(noreplace) %verify(not md5 size mtime) /etc/pam.d/sshd
%attr(754,root,root) /etc/rc.d/init.d/sshd
%attr(640,root,root) %config(noreplace) %verify(not md5 size mtime) /etc/sysconfig/sshd
%attr(640,root,root) %config(noreplace) %verify(not md5 size mtime) /etc/security/blacklist.sshd

%files gnome-askpass
%defattr(644,root,root,755)
%dir %{_libexecdir}/ssh
%attr(755,root,root) %{_libexecdir}/ssh/ssh-askpass
Commit	Line	Data
52000378 AF	1	Summary: OpenSSH free Secure Shell (SSH) implementation
52000378 AF	2	Name: openssh
c5a94bba	3	Version: 1.2.3
82f989ae	4	Release: 1
5d1c7089	5	License: BSD
	6	Group: Applications/Networking
	7	Group(pl): Aplikacje/Sieciowe
c5a94bba	8	Source0: ftp://ftp.franken.de/pub/Linux/openssh/files/%{name}-%{version}.tar.gz
52000378 AF	9	Source1: opensshd.conf
	10	Source2: openssh.conf
	11	Source3: opensshd.init
	12	Source4: opensshd.pamd
	13	Source5: openssh.sysconfig
ec00afd0	14	Source6: passwd.pamd
4946f6e5 JR	15	Patch0: openssh-PAM_NEW_AUTHTOK.patch
4946f6e5 JR	16	Patch1: openssh-libwrap.patch
4bb0eece	17	BuildRequires: openssl-devel >= 0.9.4-2
52000378 AF	18	BuildRequires: zlib-devel
	19	BuildRequires: pam-devel
	20	BuildRequires: XFree86-devel
	21	BuildRequires: gnome-libs-devel
88c1aa50	22	BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
a8f907dc	23	Obsoletes: ssh < %{version}, ssh > %{version}
52000378	24
b7b47957	25	%define _sysconfdir /etc/ssh
6fe24471 AF	26
	27	%description
	28	Ssh (Secure Shell) a program for logging into a remote machine and for
b5529f6f	29	executing commands in a remote machine. It is intended to replace rlogin and
	30	rsh, and provide secure encrypted communications between two untrusted hosts
	31	over an insecure network. X11 connections and arbitrary TCP/IP ports can
	32	also be forwarded over the secure channel.
6fe24471	33
b5529f6f	34	OpenSSH is OpenBSD's rework of the last free version of SSH, bringing it up
	35	to date in terms of security and features, as well as removing all patented
	36	algorithms to seperate libraries (OpenSSL).
6fe24471	37
52000378	38	This package includes the core files necessary for both the OpenSSH
b5529f6f	39	client and server. To make this package useful, you should also
52000378	40	install openssh-clients, openssh-server, or both.
6fe24471	41
52000378 AF	42	%package clients
	43	Summary: OpenSSH Secure Shell protocol clients
	44	Requires: openssh
	45	Group: Applications/Networking
	46	Group(pl): Aplikacje/Sieciowe
a8f907dc	47	Obsoletes: ssh-clients < %{version}, ssh-clients > %{version}
52000378	48	Requires: %{name} = %{version}
6fe24471	49
52000378 AF	50	%description clients
52000378 AF	51	Ssh (Secure Shell) a program for logging into a remote machine and for
b5529f6f	52	executing commands in a remote machine. It is intended to replace rlogin and
	53	rsh, and provide secure encrypted communications between two untrusted hosts
	54	over an insecure network. X11 connections and arbitrary TCP/IP ports can
	55	also be forwarded over the secure channel.
6fe24471	56
b5529f6f	57	OpenSSH is OpenBSD's rework of the last free version of SSH, bringing it up
	58	to date in terms of security and features, as well as removing all patented
	59	algorithms to seperate libraries (OpenSSL).
52000378	60
b5529f6f	61	This package includes the clients necessary to make encrypted connections to
b5529f6f	62	SSH servers.
52000378 AF	63
	64	%package server
	65	Summary: OpenSSH Secure Shell protocol server (sshd)
	66	Requires: openssh chkconfig >= 0.9
	67	Group: Networking/Daemons
	68	Group(pl): Sieciowe/Serwery
a8f907dc	69	Obsoletes: ssh-server < %{version}, ssh-server > %{version}
52000378	70	Requires: rc-scripts
b5529f6f	71	Requires: /bin/login
b5529f6f	72	Requires: util-linux
52000378 AF	73	Prereq: %{name} = %{version}
	74
	75	%description server
	76	Ssh (Secure Shell) a program for logging into a remote machine and for
b5529f6f	77	executing commands in a remote machine. It is intended to replace rlogin and
	78	rsh, and provide secure encrypted communications between two untrusted hosts
	79	over an insecure network. X11 connections and arbitrary TCP/IP ports can
	80	also be forwarded over the secure channel.
52000378	81
b5529f6f	82	OpenSSH is OpenBSD's rework of the last free version of SSH, bringing it up
	83	to date in terms of security and features, as well as removing all patented
	84	algorithms to seperate libraries (OpenSSL).
52000378	85
b5529f6f	86	This package contains the secure shell daemon. The sshd is the server part
b5529f6f	87	of the secure shell protocol and allows ssh clients to connect to your host.
6fe24471	88
6e70f4f7	89	%package gnome-askpass
52000378 AF	90	Summary: OpenSSH GNOME passphrase dialog
	91	Group: Applications/Networking
	92	Group(pl): Aplikacje/Sieciowe
	93	Requires: %{name} = %{version}
a8f907dc	94	Obsoletes: ssh-extras < %{version}, ssh-extras > %{version}
	95	Obsoletes: ssh-askpass < %{version}, ssh-askpass > %{version}
	96	Obsoletes: openssh-askpass < %{version}, openssh-askpass > %{version}
52000378	97
6e70f4f7	98	%description gnome-askpass
52000378	99	Ssh (Secure Shell) a program for logging into a remote machine and for
b5529f6f	100	executing commands in a remote machine. It is intended to replace rlogin
	101	and rsh, and provide secure encrypted communications between two untrusted
	102	hosts over an insecure network. X11 connections and arbitrary TCP/IP ports
	103	can also be forwarded over the secure channel.
52000378	104
b5529f6f	105	OpenSSH is OpenBSD's rework of the last free version of SSH, bringing it up
	106	to date in terms of security and features, as well as removing all patented
	107	algorithms to seperate libraries (OpenSSL).
52000378 AF	108
	109	This package contains the GNOME passphrase dialog.
	110
52000378 AF	111	%prep
52000378 AF	112	%setup -q
4946f6e5	113	%patch0 -p1
82f989ae	114	%patch1 -p1
52000378 AF	115
	116	%build
	117	autoconf
	118	%configure \
f9bf943b AF	119	--with-gnome-askpass \
	120	--with-tcp-wrappers \
	121	--with-md5-passwords \
4946f6e5	122	--with-ipaddr-display \
82f989ae	123	--enable-ipv6 \
f9bf943b	124	--enable-log-auth
82f989ae AF	125
	126	# with ipv4-default sshd can't listen on IPv6 and IPv4 sockets
	127	# --with-ipv4-default \
	128	# broken options
f9bf943b AF	129	# --without-kerberos4 \
	130	# --without-afs \
	131	# --without-skey
	132
	133	echo '#define LOGIN_PROGRAM "/bin/login"' >>config.h
	134
52000378	135	make
6fe24471 AF	136
	137	%install
	138	rm -rf $RPM_BUILD_ROOT
6fe24471	139
ffbc041f	140	install -d $RPM_BUILD_ROOT{%{_sysconfdir},/etc/{pam.d,rc.d/init.d,sysconfig,security}}
52000378	141
b5529f6f	142	make install DESTDIR="$RPM_BUILD_ROOT"
52000378 AF	143
52000378 AF	144	install %{SOURCE4} $RPM_BUILD_ROOT/etc/pam.d/sshd
ec00afd0	145	install %{SOURCE6} $RPM_BUILD_ROOT/etc/pam.d/passwdssh
52000378	146	install %{SOURCE5} $RPM_BUILD_ROOT/etc/sysconfig/sshd
b7b47957	147	install %{SOURCE3} $RPM_BUILD_ROOT/etc/rc.d/init.d/sshd
52000378 AF	148	install %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/ssh_config
	149	install %{SOURCE1} $RPM_BUILD_ROOT%{_sysconfdir}/sshd_config
	150
6e70f4f7 AF	151	mv -f $RPM_BUILD_ROOT%{_libexecdir}/ssh/gnome-ssh-askpass \
	152	$RPM_BUILD_ROOT%{_libexecdir}/ssh/ssh-askpass
	153
52000378 AF	154	gzip -9fn ChangeLog OVERVIEW COPYING.Ylonen README README.Ylonen UPGRADING \
52000378 AF	155	$RPM_BUILD_ROOT/%{_mandir}/man/
ffbc041f	156
ffbc041f	157	touch $RPM_BUILD_ROOT/etc/security/blacklist.sshd
52000378	158
6fe24471 AF	159	%clean
	160	rm -rf $RPM_BUILD_ROOT
	161
52000378 AF	162	%post server
	163	/sbin/chkconfig --add sshd
	164	if [ ! -f /etc/ssh/ssh_host_key -o ! -s /etc/ssh/ssh_host_key ]; then
8b6ffaee	165	/usr/bin/ssh-keygen -b 1024 -f /etc/ssh/ssh_host_key -N '' 1>&2
6fe24471	166	fi
8b6ffaee AF	167	if [ -f /var/lock/subsys/sshd ]; then
8b6ffaee AF	168	/etc/rc.d/init.d/sshd restart 1>&2
6fe24471	169	fi
ec00afd0 JR	170	if ! grep ssh /etc/security/passwd.conf >/dev/null 2>&1 ; then
	171	echo "ssh" >> /etc/security/passwd.conf
	172	fi
6fe24471	173
52000378	174	%preun server
b5529f6f	175	if [ "$1" = 0 ]; then
8b6ffaee AF	176	if [ -f /var/lock/subsys/sshd ]; then
8b6ffaee AF	177	/etc/rc.d/init.d/sshd stop 1>&2
b5529f6f	178	fi
52000378	179	/sbin/chkconfig --del sshd
6fe24471 AF	180	fi
	181
	182	%files
52000378 AF	183	%defattr(644,root,root,755)
	184	%doc {ChangeLog,OVERVIEW,COPYING.Ylonen,README,README.Ylonen,UPGRADING}.gz
	185	%attr(755,root,root) %{_bindir}/ssh-keygen
	186	%{_mandir}/man1/ssh-keygen.1*
	187	%dir %{_sysconfdir}
	188
	189	%files clients
	190	%defattr(644,root,root,755)
	191	# suid root ?
	192	#%attr(4755,root,root) %{_bindir}/ssh
	193	%attr(0755,root,root) %{_bindir}/ssh
	194	%attr(0755,root,root) %{_bindir}/ssh-agent
	195	%attr(0755,root,root) %{_bindir}/ssh-add
	196	#%attr(0755,root,root) %{_bindir}/slogin
	197	%attr(755,root,root) %{_bindir}/scp
	198	%{_mandir}/man1/scp.1*
	199	%{_mandir}/man1/ssh.1*
	200	%{_mandir}/man1/ssh-agent.1*
	201	%{_mandir}/man1/ssh-add.1*
	202	#%{_mandir}/man1/slogin.1
	203	%config(noreplace) %verify(not md5 size mtime) %{_sysconfdir}/ssh_config
	204
	205	%files server
	206	%defattr(644,root,root,755)
	207	%attr(755,root,root) %{_sbindir}/sshd
	208	%{_mandir}/man8/sshd.8*
	209	%attr(640,root,root) %config(noreplace) %verify(not md5 size mtime) %{_sysconfdir}/sshd_config
	210	%attr(640,root,root) %config(noreplace) %verify(not md5 size mtime) /etc/pam.d/sshd
	211	%attr(754,root,root) /etc/rc.d/init.d/sshd
	212	%attr(640,root,root) %config(noreplace) %verify(not md5 size mtime) /etc/sysconfig/sshd
ffbc041f	213	%attr(640,root,root) %config(noreplace) %verify(not md5 size mtime) /etc/security/blacklist.sshd
52000378	214
6e70f4f7	215	%files gnome-askpass
52000378 AF	216	%defattr(644,root,root,755)
	217	%dir %{_libexecdir}/ssh
	218	%attr(755,root,root) %{_libexecdir}/ssh/ssh-askpass