2 # - add trigger to enable this:
3 # * sshd(8): This release turns on pre-auth sandboxing sshd by default for
4 # new installs, by setting UsePrivilegeSeparation=sandbox in sshd_config.
7 %bcond_without audit # sshd audit support
8 %bcond_with gnome # gnome-askpass (GNOME 1.x) utility
9 %bcond_without gtk # gnome-askpass (GTK+ 2.x) utility
10 %bcond_without ldap # LDAP support
11 %bcond_with ldns # DNSSEC support via libldns
12 %bcond_without libedit # libedit (editline/history support in sftp client)
13 %bcond_without kerberos5 # Kerberos5 support
14 %bcond_without selinux # SELinux support
15 %bcond_without libseccomp # use libseccomp for seccomp privsep (requires 3.5 kernel)
16 %bcond_with hpn # High Performance SSH/SCP - HPN-SSH including Cipher NONE (broken too often)
17 %bcond_without tests # test suite
19 # gtk2-based gnome-askpass means no gnome1-based
20 %{?with_gtk:%undefine with_gnome}
22 %if "%{pld_release}" == "ac"
23 %define pam_ver 0.79.0
25 %define pam_ver 1:1.1.8-5
27 Summary: OpenSSH free Secure Shell (SSH) implementation
28 Summary(de.UTF-8): OpenSSH - freie Implementation der Secure Shell (SSH)
29 Summary(es.UTF-8): Implementación libre de SSH
30 Summary(fr.UTF-8): Implémentation libre du shell sécurisé OpenSSH (SSH)
31 Summary(it.UTF-8): Implementazione gratuita OpenSSH della Secure Shell
32 Summary(pl.UTF-8): Publicznie dostępna implementacja bezpiecznego shella (SSH)
33 Summary(pt.UTF-8): Implementação livre OpenSSH do protocolo 'Secure Shell' (SSH)
34 Summary(pt_BR.UTF-8): Implementação livre do SSH
35 Summary(ru.UTF-8): OpenSSH - свободная реализация протокола Secure Shell (SSH)
36 Summary(uk.UTF-8): OpenSSH - вільна реалізація протоколу Secure Shell (SSH)
42 Group: Applications/Networking
43 Source0: http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/%{name}-%{version}.tar.gz
44 # Source0-md5: ce1d090fa6239fd38eb989d5e983b074
45 Source1: http://www.mif.pg.gda.pl/homepages/ankry/man-PLD/%{name}-non-english-man-pages.tar.bz2
46 # Source1-md5: 66943d481cc422512b537bcc2c7400d1
47 Source2: %{name}d.init
48 Source3: %{name}d.pamd
49 Source4: %{name}.sysconfig
51 Source6: ssh-agent.conf
52 Source7: %{name}-lpk.schema
56 Source12: sshd@.service
58 Patch1: %{name}-tests-reuseport.patch
59 Patch2: %{name}-pam_misc.patch
60 Patch3: %{name}-sigpipe.patch
61 # http://pkgs.fedoraproject.org/gitweb/?p=openssh.git;a=tree
62 Patch4: %{name}-ldap.patch
63 Patch5: %{name}-ldap-fixes.patch
64 Patch6: ldap.conf.patch
65 Patch7: %{name}-config.patch
66 Patch8: ldap-helper-sigpipe.patch
67 # High Performance SSH/SCP - HPN-SSH - http://www.psc.edu/networking/projects/hpn-ssh/
68 # http://www.psc.edu/networking/projects/hpn-ssh/openssh-5.2p1-hpn13v6.diff.gz
69 Patch9: %{name}-5.2p1-hpn13v6.diff
70 Patch10: %{name}-include.patch
71 Patch11: %{name}-chroot.patch
72 Patch14: %{name}-bind.patch
73 Patch15: %{name}-disable_ldap.patch
74 URL: http://www.openssh.com/portable.html
75 BuildRequires: %{__perl}
76 %{?with_audit:BuildRequires: audit-libs-devel}
77 BuildRequires: autoconf >= 2.50
78 BuildRequires: automake
79 %{?with_gnome:BuildRequires: gnome-libs-devel}
80 %{?with_gtk:BuildRequires: gtk+2-devel}
81 %{?with_kerberos5:BuildRequires: heimdal-devel >= 0.7}
82 %{?with_ldns:BuildRequires: ldns-devel}
83 %{?with_libedit:BuildRequires: libedit-devel}
84 BuildRequires: libseccomp-devel
85 %{?with_selinux:BuildRequires: libselinux-devel}
86 %{?with_ldap:BuildRequires: openldap-devel}
87 BuildRequires: openssl-devel >= 1.0.1
88 BuildRequires: pam-devel
89 %{?with_gtk:BuildRequires: pkgconfig}
90 BuildRequires: rpm >= 4.4.9-56
91 BuildRequires: rpmbuild(macros) >= 1.627
92 BuildRequires: sed >= 4.0
93 BuildRequires: zlib-devel >= 1.2.3
94 %if %{with tests} && 0%(id -u sshd >/dev/null 2>&1; echo $?)
95 BuildRequires: %{name}-server
97 %if %{with tests} && %{with libseccomp}
98 # libseccomp based sandbox requires NO_NEW_PRIVS prctl flag
99 BuildRequires: uname(release) >= 3.5
101 Requires: zlib >= 1.2.3
102 %if "%{pld_release}" == "ac"
103 Requires: filesystem >= 2.0-1
104 Requires: pam >= 0.79.0
106 Requires: filesystem >= 3.0-11
107 Requires: pam >= %{pam_ver}
108 Suggests: xorg-app-xauth
111 BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
113 %define _sysconfdir /etc/ssh
114 %define _libexecdir %{_libdir}/%{name}
115 %define _privsepdir /usr/share/empty
116 %define schemadir /usr/share/openldap/schema
119 Ssh (Secure Shell) a program for logging into a remote machine and for
120 executing commands in a remote machine. It is intended to replace
121 rlogin and rsh, and provide secure encrypted communications between
122 two untrusted hosts over an insecure network. X11 connections and
123 arbitrary TCP/IP ports can also be forwarded over the secure channel.
125 OpenSSH is OpenBSD's rework of the last free version of SSH, bringing
126 it up to date in terms of security and features, as well as removing
127 all patented algorithms to seperate libraries (OpenSSL).
129 This package includes the core files necessary for both the OpenSSH
130 client and server. To make this package useful, you should also
131 install openssh-clients, openssh-server, or both.
134 This release includes High Performance SSH/SCP patches from
135 http://www.psc.edu/networking/projects/hpn-ssh/ which are supposed to
136 increase throughput on fast connections with high RTT (20-150 msec).
137 See the website for '-w' values for your connection and /proc/sys TCP
138 values. BTW. in a LAN you have got generally RTT < 1 msec.
141 %description -l de.UTF-8
142 OpenSSH (Secure Shell) stellt den Zugang zu anderen Rechnern her. Es
143 ersetzt telnet, rlogin, rexec und rsh und stellt eine sichere,
144 verschlüsselte Verbindung zwischen zwei nicht vertrauenswürdigen Hosts
145 über eine unsicheres Netzwerk her. X11 Verbindungen und beliebige
146 andere TCP/IP Ports können ebenso über den sicheren Channel
147 weitergeleitet werden.
149 %description -l es.UTF-8
150 SSH es un programa para accesar y ejecutar órdenes en computadores
151 remotos. Sustituye rlogin y rsh, y suministra un canal de comunicación
152 seguro entre dos servidores en una red insegura. Conexiones X11 y
153 puertas TCP/IP arbitrárias también pueden ser usadas por el canal
156 OpenSSH es el resultado del trabajo del equipo de OpenBSD para
157 continuar la última versión gratuita de SSH, actualizándolo en
158 términos de seguridad y recursos,así también eliminando todos los
159 algoritmos patentados y colocándolos en bibliotecas separadas
162 Este paquete contiene "port" para Linux de OpenSSH. Se debe instalar
163 también el paquete openssh-clients u openssh-server o ambos.
165 %description -l fr.UTF-8
166 OpenSSH (Secure Shell) fournit un accès à un système distant. Il
167 remplace telnet, rlogin, rexec et rsh, tout en assurant des
168 communications cryptées securisées entre deux hôtes non fiabilisés sur
169 un réseau non sécurisé. Des connexions X11 et des ports TCP/IP
170 arbitraires peuvent également être transmis sur le canal sécurisé.
172 %description -l it.UTF-8
173 OpenSSH (Secure Shell) fornisce l'accesso ad un sistema remoto.
174 Sostituisce telnet, rlogin, rexec, e rsh, e fornisce comunicazioni
175 sicure e crittate tra due host non fidati su una rete non sicura. Le
176 connessioni X11 ad una porta TCP/IP arbitraria possono essere
177 inoltrate attraverso un canale sicuro.
179 %description -l pl.UTF-8
180 Ssh (Secure Shell) to program służący do logowania się na zdalną
181 maszynę i uruchamiania na niej aplikacji. W zamierzeniu openssh ma
182 zastąpić rlogin, rsh i dostarczyć bezpieczne, szyfrowane połączenie
183 pomiędzy dwoma hostami.
185 Ten pakiet zawiera podstawowe pliki potrzebne zarówno po stronie
186 klienta jak i serwera OpenSSH. Aby był użyteczny, trzeba zainstalować
187 co najmniej jeden z pakietów: openssh-clients lub openssh-server.
190 Ta wersja zawiera łaty z projektu High Performance SSH/SCP
191 http://www.psc.edu/networking/projects/hpn-ssh/, które mają na celu
192 zwiększenie przepustowości transmisji dla szybkich połączeń z dużym
193 RTT (20-150 msec). Na stronie projektu znaleźć można odpowednie dla
194 danego połączenia wartości parametru '-w' oraz opcje /proc/sys dla
195 TCP. Nawiasem mówiąc w sieciach LAN RTT < 1 msec.
198 %description -l pt.UTF-8
199 OpenSSH (Secure Shell) fornece acesso a um sistema remoto. Substitui o
200 telnet, rlogin, rexec, e o rsh e fornece comunicações seguras e
201 cifradas entre duas máquinas sem confiança mútua sobre uma rede
202 insegura. Ligações X11 e portos TCP/IP arbitrários também poder ser
203 reenviados pelo canal seguro.
205 %description -l pt_BR.UTF-8
206 SSH é um programa para acessar e executar comandos em máquinas
207 remotas. Ele substitui rlogin e rsh, e provem um canal de comunicação
208 seguro entre dois hosts em uma rede insegura. Conexões X11 e portas
209 TCP/IP arbitrárias também podem ser usadas pelo canal seguro.
211 OpenSSH é o resultado do trabalho da equipe do OpenBSD em continuar a
212 última versão gratuita do SSH, atualizando-o em termos de segurança e
213 recursos, assim como removendo todos os algoritmos patenteados e
214 colocando-os em bibliotecas separadas (OpenSSL).
216 Esse pacote contém o "port" pra Linux do OpenSSH. Você deve instalar
217 também ou o pacote openssh-clients, ou o openssh-server, ou ambos.
219 %description -l ru.UTF-8
220 Ssh (Secure Shell) - это программа для "захода" (login) на удаленную
221 машину и для выполнения команд на удаленной машине. Она предназначена
222 для замены rlogin и rsh и обеспечивает безопасную шифрованную
223 коммуникацию между двумя хостами в сети, являющейся небезопасной.
224 Соединения X11 и любые порты TCP/IP могут также быть проведены через
227 OpenSSH - это переделка командой разработчиков OpenBSD последней
228 свободной версии SSH, доведенная до современного состояния в терминах
229 уровня безопасности и поддерживаемых возможностей. Все патентованные
230 алгоритмы вынесены в отдельные библиотеки (OpenSSL).
232 Этот пакет содержит файлы, необходимые как для клиента, так и для
233 сервера OpenSSH. Вам нужно будет установить еще openssh-clients,
234 openssh-server, или оба пакета.
236 %description -l uk.UTF-8
237 Ssh (Secure Shell) - це програма для "заходу" (login) до віддаленої
238 машини та для виконання команд на віддаленій машині. Вона призначена
239 для заміни rlogin та rsh і забезпечує безпечну шифровану комунікацію
240 між двома хостами в мережі, яка не є безпечною. З'єднання X11 та
241 довільні порти TCP/IP можуть також бути проведені через безпечний
244 OpenSSH - це переробка командою розробників OpenBSD останньої вільної
245 версії SSH, доведена до сучасного стану в термінах рівня безпеки та
246 підтримуваних можливостей. Всі патентовані алгоритми винесені до
247 окремих бібліотек (OpenSSL).
249 Цей пакет містить файли, необхідні як для клієнта, так і для сервера
250 OpenSSH. Вам потрібно буде ще встановити openssh-clients,
251 openssh-server, чи обидва пакети.
254 Summary: OpenSSH Secure Shell protocol clients
255 Summary(es.UTF-8): Clientes de OpenSSH
256 Summary(pl.UTF-8): Klienci protokołu Secure Shell
257 Summary(pt_BR.UTF-8): Clientes do OpenSSH
258 Summary(ru.UTF-8): OpenSSH - клиенты протокола Secure Shell
259 Summary(uk.UTF-8): OpenSSH - клієнти протоколу Secure Shell
260 Group: Applications/Networking
262 Provides: ssh-clients
263 Obsoletes: ssh-clients
264 %requires_eq_to openssl openssl-devel
267 Ssh (Secure Shell) a program for logging into a remote machine and for
268 executing commands in a remote machine. It is intended to replace
269 rlogin and rsh, and provide secure encrypted communications between
270 two untrusted hosts over an insecure network. X11 connections and
271 arbitrary TCP/IP ports can also be forwarded over the secure channel.
273 OpenSSH is OpenBSD's rework of the last free version of SSH, bringing
274 it up to date in terms of security and features, as well as removing
275 all patented algorithms to seperate libraries (OpenSSL).
277 This package includes the clients necessary to make encrypted
278 connections to SSH servers.
280 %description clients -l es.UTF-8
281 Este paquete incluye los clientes que se necesitan para hacer
282 conexiones codificadas con servidores SSH.
284 %description clients -l pl.UTF-8
285 Ssh (Secure Shell) to program służący do logowania się na zdalną
286 maszynę i uruchamiania na niej aplikacji. W zamierzeniu openssh ma
287 zastąpić rlogin, rsh i dostarczyć bezpieczne, szyfrowane połączenie
288 pomiędzy dwoma hostami.
290 Ten pakiet zawiera klientów służących do łączenia się z serwerami SSH.
292 %description clients -l pt_BR.UTF-8
293 Esse pacote inclui os clientes necessários para fazer conexões
294 encriptadas com servidores SSH.
296 %description clients -l ru.UTF-8
297 Ssh (Secure Shell) - это программа для "захода" (login) на удаленную
298 машину и для выполнения команд на удаленной машине.
300 Этот пакет содержит программы-клиенты, необходимые для установления
301 зашифрованных соединений с серверами SSH.
303 %description clients -l uk.UTF-8
304 Ssh (Secure Shell) - це програма для "заходу" (login) до віддаленої
305 машини та для виконання команд на віддаленій машині.
307 Цей пакет містить програми-клієнти, необхідні для встановлення
308 зашифрованих з'єднань з серверами SSH.
310 %package clients-agent-profile_d
311 Summary: OpenSSH Secure Shell agent init script
312 Summary(pl.UTF-8): Skrypt startowy agenta OpenSSH
313 Group: Applications/Networking
314 Requires: %{name}-clients = %{epoch}:%{version}-%{release}
316 %description clients-agent-profile_d
317 profile.d scripts for starting SSH agent.
319 %description clients-agent-profile_d -l pl.UTF-8
320 Skrypty profile.d do uruchamiania agenta SSH.
322 %package clients-agent-xinitrc
323 Summary: OpenSSH Secure Shell agent init script
324 Summary(pl.UTF-8): Skrypt inicjujący agenta ssh przez xinitrc
325 Group: Applications/Networking
326 Requires: %{name}-clients-agent-profile_d = %{epoch}:%{version}-%{release}
329 %description clients-agent-xinitrc
330 xinitrc scripts for starting SSH agent.
332 %description clients-agent-xinitrc -l pl.UTF-8
333 Skrypty xinitrc do uruchamiania agenta SSH.
336 Summary: OpenSSH Secure Shell protocol server (sshd)
337 Summary(de.UTF-8): OpenSSH Secure Shell Protocol-Server (sshd)
338 Summary(es.UTF-8): Servidor OpenSSH para comunicaciones codificadas
339 Summary(fr.UTF-8): Serveur de protocole du shell sécurisé OpenSSH (sshd)
340 Summary(it.UTF-8): Server OpenSSH per il protocollo Secure Shell (sshd)
341 Summary(pl.UTF-8): Serwer protokołu Secure Shell (sshd)
342 Summary(pt.UTF-8): Servidor do protocolo 'Secure Shell' OpenSSH (sshd)
343 Summary(pt_BR.UTF-8): Servidor OpenSSH para comunicações encriptadas
344 Summary(ru.UTF-8): OpenSSH - сервер протокола Secure Shell (sshd)
345 Summary(uk.UTF-8): OpenSSH - сервер протоколу Secure Shell (sshd)
346 Group: Networking/Daemons
347 Requires(post): /sbin/chkconfig
349 Requires(post,preun): /sbin/chkconfig
350 Requires(postun): /usr/sbin/userdel
351 Requires(pre): /bin/id
352 Requires(pre): /usr/sbin/useradd
353 Requires(post,preun,postun): systemd-units >= 38
354 Requires: %{name} = %{epoch}:%{version}-%{release}
355 Requires: pam >= %{pam_ver}
356 Requires: rc-scripts >= 0.4.3.0
357 Requires: systemd-units >= 38
358 %{?with_libseccomp:Requires: uname(release) >= 3.5}
360 %{?with_ldap:Suggests: %{name}-server-ldap}
362 Suggests: xorg-app-xauth
365 %requires_eq_to openssl openssl-devel
368 Ssh (Secure Shell) a program for logging into a remote machine and for
369 executing commands in a remote machine. It is intended to replace
370 rlogin and rsh, and provide secure encrypted communications between
371 two untrusted hosts over an insecure network. X11 connections and
372 arbitrary TCP/IP ports can also be forwarded over the secure channel.
374 OpenSSH is OpenBSD's rework of the last free version of SSH, bringing
375 it up to date in terms of security and features, as well as removing
376 all patented algorithms to seperate libraries (OpenSSL).
378 This package contains the secure shell daemon. The sshd is the server
379 part of the secure shell protocol and allows ssh clients to connect to
382 %description server -l de.UTF-8
383 Dieses Paket installiert den sshd, den Server-Teil der OpenSSH.
385 %description server -l es.UTF-8
386 Este paquete contiene el servidor SSH. sshd es la parte servidor del
387 protocolo secure shell y permite que clientes ssh se conecten a su
390 %description server -l fr.UTF-8
391 Ce paquetage installe le 'sshd', partie serveur de OpenSSH.
393 %description server -l it.UTF-8
394 Questo pacchetto installa sshd, il server di OpenSSH.
396 %description server -l pl.UTF-8
397 Ssh (Secure Shell) to program służący do logowania się na zdalną
398 maszynę i uruchamiania na niej aplikacji. W zamierzeniu openssh ma
399 zastąpić rlogin, rsh i dostarczyć bezpieczne, szyfrowane połączenie
400 pomiędzy dwoma hostami.
402 Ten pakiet zawiera serwer sshd (do którego mogą łączyć się klienci
405 %description server -l pt.UTF-8
406 Este pacote intala o sshd, o servidor do OpenSSH.
408 %description server -l pt_BR.UTF-8
409 Esse pacote contém o servidor SSH. O sshd é a parte servidor do
410 protocolo secure shell e permite que clientes ssh se conectem ao seu
413 %description server -l ru.UTF-8
414 Ssh (Secure Shell) - это программа для "захода" (login) на удаленную
415 машину и для выполнения команд на удаленной машине.
417 Этот пакет содержит sshd - "демон" Secure Shell. sshd - это серверная
418 часть протокола Secure Shell, позволяющая клиентам ssh соединяться с
421 %description server -l uk.UTF-8
422 Ssh (Secure Shell) - це програма для "заходу" (login) до віддаленої
423 машини та для виконання команд на віддаленій машині.
425 Цей пакет містить sshd - "демон" Secure Shell. sshd - це серверна
426 частина протоколу Secure Shell, яка дозволяє клієнтам ssh зв'язуватись
430 Summary: A LDAP support for open source SSH server daemon
431 Summary(pl.UTF-8): Wsparcie LDAP dla serwera OpenSSH
433 Requires: %{name} = %{epoch}:%{version}-%{release}
434 Requires: openldap-nss-config
436 %description server-ldap
437 OpenSSH LDAP backend is a way how to distribute the authorized tokens
438 among the servers in the network.
440 %description server-ldap -l pl.UTF-8
441 Backend LDAP dla OpenSSH to metoda rozprowadzania autoryzowanych
442 tokenów między serwerami w sieci.
444 %package gnome-askpass
445 Summary: OpenSSH GNOME passphrase dialog
446 Summary(de.UTF-8): OpenSSH GNOME Passwort-Dialog
447 Summary(es.UTF-8): Diálogo para introducción de passphrase para GNOME
448 Summary(fr.UTF-8): Dialogue pass-phrase GNOME d'OpenSSH
449 Summary(it.UTF-8): Finestra di dialogo GNOME per la frase segreta di OpenSSH
450 Summary(pl.UTF-8): Odpytywacz hasła OpenSSH dla GNOME
451 Summary(pt.UTF-8): Diálogo de pedido de senha para GNOME do OpenSSH
452 Summary(pt_BR.UTF-8): Diálogo para entrada de passphrase para GNOME
453 Summary(ru.UTF-8): OpenSSH - диалог ввода ключевой фразы (passphrase) для GNOME
454 Summary(uk.UTF-8): OpenSSH - діалог вводу ключової фрази (passphrase) для GNOME
455 Group: Applications/Networking
456 Requires: %{name} = %{epoch}:%{version}-%{release}
457 Obsoletes: openssh-askpass
458 Obsoletes: ssh-askpass
459 Obsoletes: ssh-extras
461 %description gnome-askpass
462 Ssh (Secure Shell) a program for logging into a remote machine and for
463 executing commands in a remote machine. It is intended to replace
464 rlogin and rsh, and provide secure encrypted communications between
465 two untrusted hosts over an insecure network. X11 connections and
466 arbitrary TCP/IP ports can also be forwarded over the secure channel.
468 OpenSSH is OpenBSD's rework of the last free version of SSH, bringing
469 it up to date in terms of security and features, as well as removing
470 all patented algorithms to seperate libraries (OpenSSL).
472 This package contains the GNOME passphrase dialog.
474 %description gnome-askpass -l es.UTF-8
475 Este paquete contiene un programa que abre una caja de diálogo para
476 entrada de passphrase en GNOME.
478 %description gnome-askpass -l pl.UTF-8
479 Ssh (Secure Shell) to program służący do logowania się na zdalną
480 maszynę i uruchamiania na niej aplikacji. W zamierzeniu openssh ma
481 zastąpić rlogin, rsh i dostarczyć bezpieczne, szyfrowane połączenie
482 pomiędzy dwoma hostami.
484 Ten pakiet zawiera ,,odpytywacz hasła'' dla GNOME.
486 %description gnome-askpass -l pt_BR.UTF-8
487 Esse pacote contém um programa que abre uma caixa de diálogo para
488 entrada de passphrase no GNOME.
490 %description gnome-askpass -l ru.UTF-8
491 Ssh (Secure Shell) - это программа для "захода" (login) на удаленную
492 машину и для выполнения команд на удаленной машине.
494 Этот пакет содержит диалог ввода ключевой фразы для использования под
497 %description gnome-askpass -l uk.UTF-8
498 Ssh (Secure Shell) - це програма для "заходу" (login) до віддаленої
499 машини та для виконання команд на віддаленій машині.
501 Цей пакет містить діалог вводу ключової фрази для використання під
504 %package -n openldap-schema-openssh-lpk
505 Summary: OpenSSH LDAP Public Key schema
506 Summary(pl.UTF-8): Schemat klucza publicznego LDAP dla OpenSSH
507 Group: Networking/Daemons
508 Requires(post,postun): sed >= 4.0
509 Requires: openldap-servers
510 %if "%{_rpmversion}" >= "5"
514 %description -n openldap-schema-openssh-lpk
515 This package contains OpenSSH LDAP Public Key schema for openldap.
517 %description -n openldap-schema-openssh-lpk -l pl.UTF-8
518 Ten pakiet zawiera schemat klucza publicznego LDAP dla OpenSSH dla
533 %{?with_hpn:%patch9 -p1}
538 %{!?with_ldap:%patch15 -p1}
540 %if "%{pld_release}" == "ac"
541 # fix for missing x11.pc
542 %{__sed} -i -e 's/\(`$(PKG_CONFIG) --libs gtk+-2.0\) x11`/\1` -lX11/' contrib/Makefile
545 # hack since arc4random from openbsd-compat needs symbols from libssh and vice versa
546 sed -i -e 's#-lssh -lopenbsd-compat#-lssh -lopenbsd-compat -lssh -lopenbsd-compat#g' Makefile*
548 grep -rl /usr/libexec/openssh/ssh-ldap-helper . | xargs \
549 %{__sed} -i -e 's,/usr/libexec/openssh/ssh-ldap-helper,%{_libexecdir}/ssh-ldap-helper,'
551 # prevent being ovewritten by aclocal calls
552 %{__mv} aclocal.m4 acinclude.m4
555 cp /usr/share/automake/config.sub .
559 CPPFLAGS="%{rpmcppflags} -DCHROOT -std=gnu99"
566 %{?with_audit:--with-audit=linux} \
567 --with-ipaddr-display \
568 %{?with_kerberos5:--with-kerberos5=/usr} \
569 --with-ldap%{!?with_ldap:=no} \
570 %{?with_ldns:--with-ldns} \
571 %{?with_libedit:--with-libedit} \
573 --with-md5-passwords \
575 --with-pid-dir=%{_localstatedir}/run \
576 --with-privsep-path=%{_privsepdir} \
577 --with-privsep-user=sshd \
578 %{?with_selinux:--with-selinux} \
579 %if "%{pld_release}" == "ac"
580 --with-xauth=/usr/X11R6/bin/xauth
582 --with-sandbox=seccomp_filter \
583 --with-xauth=%{_bindir}/xauth
586 echo '#define LOGIN_PROGRAM "/bin/login"' >>config.h
590 %{?with_tests:%{__make} -j1 tests}
594 %{__make} gnome-ssh-askpass1 \
595 CC="%{__cc} %{rpmldflags} %{rpmcflags}"
598 %{__make} gnome-ssh-askpass2 \
599 CC="%{__cc} %{rpmldflags} %{rpmcflags}"
603 rm -rf $RPM_BUILD_ROOT
604 install -d $RPM_BUILD_ROOT{%{_sysconfdir},/etc/{pam.d,rc.d/init.d,sysconfig,security,env.d}} \
605 $RPM_BUILD_ROOT{%{_libexecdir}/ssh,%{schemadir},%{systemdunitdir}}
606 install -d $RPM_BUILD_ROOT/etc/{profile.d,X11/xinit/xinitrc.d}
609 DESTDIR=$RPM_BUILD_ROOT
611 bzip2 -dc %{SOURCE1} | tar xf - -C $RPM_BUILD_ROOT%{_mandir}
613 install -p %{SOURCE2} $RPM_BUILD_ROOT/etc/rc.d/init.d/sshd
614 cp -p %{SOURCE3} $RPM_BUILD_ROOT/etc/pam.d/sshd
615 cp -p %{SOURCE4} $RPM_BUILD_ROOT/etc/sysconfig/sshd
616 cp -p %{SOURCE5} $RPM_BUILD_ROOT/etc/profile.d
617 ln -sf /etc/profile.d/ssh-agent.sh $RPM_BUILD_ROOT/etc/X11/xinit/xinitrc.d/ssh-agent.sh
618 cp -p %{SOURCE6} $RPM_BUILD_ROOT%{_sysconfdir}
619 cp -p %{SOURCE7} $RPM_BUILD_ROOT%{schemadir}
621 cp -p %{SOURCE9} %{SOURCE11} %{SOURCE12} $RPM_BUILD_ROOT%{systemdunitdir}
622 install -p %{SOURCE10} $RPM_BUILD_ROOT%{_libexecdir}/sshd-keygen
624 %{__sed} -i -e 's|@@LIBEXECDIR@@|%{_libexecdir}|g' \
625 $RPM_BUILD_ROOT/etc/rc.d/init.d/sshd \
626 $RPM_BUILD_ROOT%{systemdunitdir}/sshd.service \
627 $RPM_BUILD_ROOT%{_libexecdir}/sshd-keygen
630 install -p contrib/gnome-ssh-askpass1 $RPM_BUILD_ROOT%{_libexecdir}/ssh/ssh-askpass
633 install -p contrib/gnome-ssh-askpass2 $RPM_BUILD_ROOT%{_libexecdir}/ssh/ssh-askpass
635 %if %{with gnome} || %{with gtk}
636 cat << 'EOF' >$RPM_BUILD_ROOT/etc/env.d/GNOME_SSH_ASKPASS_GRAB_SERVER
637 #GNOME_SSH_ASKPASS_GRAB_SERVER="true"
639 cat << 'EOF' >$RPM_BUILD_ROOT/etc/env.d/GNOME_SSH_ASKPASS_GRAB_POINTER
640 #GNOME_SSH_ASKPASS_GRAB_POINTER="true"
642 ln -s %{_libexecdir}/ssh/ssh-askpass $RPM_BUILD_ROOT%{_libexecdir}/ssh-askpass
645 install -p contrib/ssh-copy-id $RPM_BUILD_ROOT%{_bindir}
646 cp -p contrib/ssh-copy-id.1 $RPM_BUILD_ROOT%{_mandir}/man1
648 touch $RPM_BUILD_ROOT/etc/security/blacklist.sshd
650 cat << 'EOF' > $RPM_BUILD_ROOT/etc/env.d/SSH_ASKPASS
651 #SSH_ASKPASS="%{_libexecdir}/ssh-askpass"
654 %if "%{pld_release}" == "ac"
655 # not present in ac, no point searching it
656 %{__sed} -i -e '/pam_keyinit.so/d' $RPM_BUILD_ROOT/etc/pam.d/sshd
657 # openssl on ac does not have OPENSSL_HAS_ECC
658 %{__sed} -i -e '/ecdsa/d' $RPM_BUILD_ROOT%{_libexecdir}/sshd-keygen
662 # remove recording user's login uid to the process attribute
663 %{__sed} -i -e '/pam_loginuid.so/d' $RPM_BUILD_ROOT/etc/pam.d/sshd
666 %{__rm} $RPM_BUILD_ROOT%{_mandir}/README.openssh-non-english-man-pages
667 %{?with_ldap:%{__rm} $RPM_BUILD_ROOT%{_sysconfdir}/ldap.conf}
670 rm -rf $RPM_BUILD_ROOT
681 %postun gnome-askpass
685 %useradd -P %{name}-server -u 40 -d %{_privsepdir} -s /bin/false -c "OpenSSH PrivSep User" -g nobody sshd
688 /sbin/chkconfig --add sshd
689 %service sshd reload "OpenSSH Daemon"
691 %systemd_post sshd.service
694 if [ "$1" = "0" ]; then
696 /sbin/chkconfig --del sshd
698 %systemd_preun sshd.service
701 if [ "$1" = "0" ]; then
706 %triggerpostun server -- %{name}-server < 2:7.0p1-2
707 %banner %{name}-server -e << EOF
708 !!!!!!!!!!!!!!!!!!!!!!! WARNING !!!!!!!!!!!!!!!!!!!
709 ! Starting from openssh 7.0 DSA keys are disabled !
710 ! on server and client side. You will NOT be able !
711 ! to use DSA keys for authentication. Please read !
712 ! about PubkeyAcceptedKeyTypes in man ssh_config. !
713 !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
716 %triggerpostun server -- %{name}-server < 6.2p1-1
717 cp -f %{_sysconfdir}/sshd_config{,.rpmorig}
718 sed -i -e 's#AuthorizedKeysCommandRunAs#AuthorizedKeysCommandUser##g' %{_sysconfdir}/sshd_config
720 %triggerpostun server -- %{name}-server < 2:5.9p1-8
721 # lpk.patch to ldap.patch
722 if grep -qE '^(UseLPK|Lpk)' %{_sysconfdir}/sshd_config; then
723 echo >&2 "Migrating LPK patch to LDAP patch"
724 cp -f %{_sysconfdir}/sshd_config{,.rpmorig}
726 # disable old configs
727 # just UseLPK/LkpLdapConf supported for now
728 s/^\s*UseLPK/## Obsolete &/
729 s/^\s*Lpk/## Obsolete &/
730 # Enable new ones, assumes /etc/ldap.conf defaults, see HOWTO.ldap-keys
731 /UseLPK/iAuthorizedKeysCommand %{_libexecdir}/ssh-ldap-wrapper
732 ' %{_sysconfdir}/sshd_config
733 if [ ! -x /bin/systemd_booted ] || ! /bin/systemd_booted; then
734 /bin/systemctl try-restart sshd.service || :
736 %service -q sshd reload
739 %systemd_trigger sshd.service
740 if [ -x /bin/systemd_booted ] && /bin/systemd_booted; then
741 %banner %{name}-server -e << EOF
742 !!!!!!!!!!!!!!!!!!!!!!! WARNING !!!!!!!!!!!!!!!!!!!!!!!!!
743 ! Native systemd support for sshd has been installed. !
744 ! Restarting sshd.service with systemctl WILL kill all !
745 ! active ssh sessions (daemon as such will be started). !
746 !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
750 %post -n openldap-schema-openssh-lpk
751 %openldap_schema_register %{schemadir}/openssh-lpk.schema
752 %service -q ldap restart
754 %postun -n openldap-schema-openssh-lpk
755 if [ "$1" = "0" ]; then
756 %openldap_schema_unregister %{schemadir}/openssh-lpk.schema
757 %service -q ldap restart
761 %defattr(644,root,root,755)
762 %doc TODO README OVERVIEW CREDITS Change*
763 %attr(755,root,root) %{_bindir}/ssh-key*
764 #%attr(755,root,root) %{_bindir}/ssh-vulnkey*
765 %{_mandir}/man1/ssh-key*.1*
766 #%{_mandir}/man1/ssh-vulnkey*.1*
771 %defattr(644,root,root,755)
772 %attr(755,root,root) %{_bindir}/ssh
773 %attr(755,root,root) %{_bindir}/sftp
774 %attr(755,root,root) %{_bindir}/ssh-agent
775 %attr(755,root,root) %{_bindir}/ssh-add
776 %attr(755,root,root) %{_bindir}/ssh-copy-id
777 %attr(755,root,root) %{_bindir}/scp
778 %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/ssh_config
779 %config(noreplace,missingok) %verify(not md5 mtime size) /etc/env.d/SSH_ASKPASS
780 %{_mandir}/man1/scp.1*
781 %{_mandir}/man1/ssh.1*
782 %{_mandir}/man1/sftp.1*
783 %{_mandir}/man1/ssh-agent.1*
784 %{_mandir}/man1/ssh-add.1*
785 %{_mandir}/man1/ssh-copy-id.1*
786 %{_mandir}/man5/ssh_config.5*
787 %lang(it) %{_mandir}/it/man1/ssh.1*
788 %lang(it) %{_mandir}/it/man5/ssh_config.5*
789 %lang(pl) %{_mandir}/pl/man1/scp.1*
790 %lang(zh_CN) %{_mandir}/zh_CN/man1/scp.1*
792 # for host-based auth (suid required for accessing private host key)
793 #%attr(4755,root,root) %{_libexecdir}/ssh-keysign
794 #%{_mandir}/man8/ssh-keysign.8*
796 %files clients-agent-profile_d
797 %defattr(644,root,root,755)
798 %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/ssh-agent.conf
799 %attr(755,root,root) /etc/profile.d/ssh-agent.sh
801 %files clients-agent-xinitrc
802 %defattr(644,root,root,755)
803 %attr(755,root,root) /etc/X11/xinit/xinitrc.d/ssh-agent.sh
806 %defattr(644,root,root,755)
807 %attr(755,root,root) %{_sbindir}/sshd
808 %attr(755,root,root) %{_libexecdir}/sftp-server
809 %attr(755,root,root) %{_libexecdir}/ssh-keysign
810 %attr(755,root,root) %{_libexecdir}/ssh-pkcs11-helper
811 %attr(755,root,root) %{_libexecdir}/sshd-keygen
812 %{_mandir}/man8/sshd.8*
813 %{_mandir}/man8/sftp-server.8*
814 %{_mandir}/man8/ssh-keysign.8*
815 %{_mandir}/man8/ssh-pkcs11-helper.8*
816 %{_mandir}/man5/sshd_config.5*
817 %{_mandir}/man5/moduli.5*
818 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/sshd_config
819 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/pam.d/sshd
820 %attr(640,root,root) %{_sysconfdir}/moduli
821 %attr(754,root,root) /etc/rc.d/init.d/sshd
822 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/sysconfig/sshd
823 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/security/blacklist.sshd
824 %{systemdunitdir}/sshd.service
825 %{systemdunitdir}/sshd.socket
826 %{systemdunitdir}/sshd@.service
830 %defattr(644,root,root,755)
831 %doc HOWTO.ldap-keys ldap.conf
832 %attr(755,root,root) %{_libexecdir}/ssh-ldap-helper
833 %attr(755,root,root) %{_libexecdir}/ssh-ldap-wrapper
834 %{_mandir}/man5/ssh-ldap.conf.5*
835 %{_mandir}/man8/ssh-ldap-helper.8*
838 %if %{with gnome} || %{with gtk}
840 %defattr(644,root,root,755)
841 %config(noreplace,missingok) %verify(not md5 mtime size) /etc/env.d/GNOME_SSH_ASKPASS*
842 %dir %{_libexecdir}/ssh
843 %attr(755,root,root) %{_libexecdir}/ssh/ssh-askpass
844 %attr(755,root,root) %{_libexecdir}/ssh-askpass
848 %files -n openldap-schema-openssh-lpk
849 %defattr(644,root,root,755)
850 %{schemadir}/openssh-lpk.schema