2 # - add trigger to enable this:
3 # * sshd(8): This release turns on pre-auth sandboxing sshd by default for
4 # new installs, by setting UsePrivilegeSeparation=sandbox in sshd_config.
7 %bcond_without audit # sshd audit support
8 %bcond_with gnome # gnome-askpass (GNOME 1.x) utility
9 %bcond_without gtk # gnome-askpass (GTK+ 2.x) utility
10 %bcond_without ldap # LDAP support
11 %bcond_with ldns # DNSSEC support via libldns
12 %bcond_without libedit # libedit (editline/history support in sftp client)
13 %bcond_without kerberos5 # Kerberos5 support
14 %bcond_without selinux # SELinux support
15 %bcond_without libseccomp # use libseccomp for seccomp privsep (requires 3.5 kernel)
16 %bcond_with hpn # High Performance SSH/SCP - HPN-SSH including Cipher NONE (broken too often)
17 %bcond_without tests # test suite
18 %bcond_with tests_conch # run conch interoperability tests
20 # gtk2-based gnome-askpass means no gnome1-based
21 %{?with_gtk:%undefine with_gnome}
23 %if "%{pld_release}" == "ac"
24 %define pam_ver 0.79.0
26 %define pam_ver 1:1.1.8-5
28 Summary: OpenSSH free Secure Shell (SSH) implementation
29 Summary(de.UTF-8): OpenSSH - freie Implementation der Secure Shell (SSH)
30 Summary(es.UTF-8): Implementación libre de SSH
31 Summary(fr.UTF-8): Implémentation libre du shell sécurisé OpenSSH (SSH)
32 Summary(it.UTF-8): Implementazione gratuita OpenSSH della Secure Shell
33 Summary(pl.UTF-8): Publicznie dostępna implementacja bezpiecznego shella (SSH)
34 Summary(pt.UTF-8): Implementação livre OpenSSH do protocolo 'Secure Shell' (SSH)
35 Summary(pt_BR.UTF-8): Implementação livre do SSH
36 Summary(ru.UTF-8): OpenSSH - свободная реализация протокола Secure Shell (SSH)
37 Summary(uk.UTF-8): OpenSSH - вільна реалізація протоколу Secure Shell (SSH)
43 Group: Applications/Networking
44 Source0: https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/%{name}-%{version}.tar.gz
45 # Source0-md5: 3d29a7394816deeb57186899d7f7662c
46 Source1: http://www.mif.pg.gda.pl/homepages/ankry/man-PLD/%{name}-non-english-man-pages.tar.bz2
47 # Source1-md5: 66943d481cc422512b537bcc2c7400d1
48 Source2: %{name}d.init
49 Source3: %{name}d.pamd
50 Source4: %{name}.sysconfig
52 Source6: ssh-agent.conf
53 Source7: %{name}-lpk.schema
57 Source12: sshd@.service
58 Patch100: %{name}-git.patch
59 # Patch100-md5: eb723cc4f21efc32752161d539c9c5e9
60 Patch0: %{name}-no-pty-tests.patch
61 Patch1: %{name}-tests-reuseport.patch
62 Patch2: %{name}-pam_misc.patch
63 Patch3: %{name}-sigpipe.patch
64 # http://pkgs.fedoraproject.org/gitweb/?p=openssh.git;a=tree
65 Patch4: %{name}-ldap.patch
66 Patch5: %{name}-ldap-fixes.patch
67 Patch6: ldap.conf.patch
68 Patch7: %{name}-config.patch
69 Patch8: ldap-helper-sigpipe.patch
70 # High Performance SSH/SCP - HPN-SSH - http://www.psc.edu/networking/projects/hpn-ssh/
71 # http://www.psc.edu/networking/projects/hpn-ssh/openssh-5.2p1-hpn13v6.diff.gz
72 Patch9: %{name}-5.2p1-hpn13v6.diff
74 Patch11: %{name}-chroot.patch
76 Patch13: %{name}-skip-interop-tests.patch
77 Patch14: %{name}-bind.patch
78 Patch15: %{name}-disable_ldap.patch
79 URL: http://www.openssh.com/portable.html
80 BuildRequires: %{__perl}
81 %{?with_audit:BuildRequires: audit-libs-devel}
82 BuildRequires: autoconf >= 2.50
83 BuildRequires: automake
84 %{?with_gnome:BuildRequires: gnome-libs-devel}
85 %{?with_gtk:BuildRequires: gtk+2-devel}
86 %{?with_kerberos5:BuildRequires: heimdal-devel >= 0.7}
87 %{?with_ldns:BuildRequires: ldns-devel}
88 %{?with_libedit:BuildRequires: libedit-devel}
89 BuildRequires: libfido2-devel >= 1.5.0
90 %{?with_libseccomp:BuildRequires: libseccomp-devel}
91 %{?with_selinux:BuildRequires: libselinux-devel}
92 %{?with_ldap:BuildRequires: openldap-devel}
93 BuildRequires: openssl-devel >= 1.1.1
94 BuildRequires: pam-devel
95 %{?with_gtk:BuildRequires: pkgconfig}
96 %if %{with tests} && %{with tests_conch}
97 BuildRequires: python-TwistedConch
99 BuildRequires: rpm >= 4.4.9-56
100 BuildRequires: rpm-build >= 4.6
101 BuildRequires: rpmbuild(macros) >= 1.752
102 BuildRequires: sed >= 4.0
103 BuildRequires: zlib-devel >= 1.2.3
104 %if %{with tests} && 0%(id -u sshd >/dev/null 2>&1; echo $?)
105 BuildRequires: %{name}-server
107 %if %{with tests} && %{with libseccomp}
108 # libseccomp based sandbox requires NO_NEW_PRIVS prctl flag
109 BuildRequires: uname(release) >= 3.5
111 Requires: zlib >= 1.2.3
113 BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
115 %define _sysconfdir /etc/ssh
116 %define _libexecdir %{_libdir}/%{name}
117 %define _privsepdir /usr/share/empty
118 %define schemadir /usr/share/openldap/schema
121 Ssh (Secure Shell) a program for logging into a remote machine and for
122 executing commands in a remote machine. It is intended to replace
123 rlogin and rsh, and provide secure encrypted communications between
124 two untrusted hosts over an insecure network. X11 connections and
125 arbitrary TCP/IP ports can also be forwarded over the secure channel.
127 OpenSSH is OpenBSD's rework of the last free version of SSH, bringing
128 it up to date in terms of security and features, as well as removing
129 all patented algorithms to seperate libraries (OpenSSL).
131 This package includes the core files necessary for both the OpenSSH
132 client and server. To make this package useful, you should also
133 install openssh-clients, openssh-server, or both.
136 This release includes High Performance SSH/SCP patches from
137 http://www.psc.edu/networking/projects/hpn-ssh/ which are supposed to
138 increase throughput on fast connections with high RTT (20-150 msec).
139 See the website for '-w' values for your connection and /proc/sys TCP
140 values. BTW. in a LAN you have got generally RTT < 1 msec.
143 %description -l de.UTF-8
144 OpenSSH (Secure Shell) stellt den Zugang zu anderen Rechnern her. Es
145 ersetzt telnet, rlogin, rexec und rsh und stellt eine sichere,
146 verschlüsselte Verbindung zwischen zwei nicht vertrauenswürdigen Hosts
147 über eine unsicheres Netzwerk her. X11 Verbindungen und beliebige
148 andere TCP/IP Ports können ebenso über den sicheren Channel
149 weitergeleitet werden.
151 %description -l es.UTF-8
152 SSH es un programa para accesar y ejecutar órdenes en computadores
153 remotos. Sustituye rlogin y rsh, y suministra un canal de comunicación
154 seguro entre dos servidores en una red insegura. Conexiones X11 y
155 puertas TCP/IP arbitrárias también pueden ser usadas por el canal
158 OpenSSH es el resultado del trabajo del equipo de OpenBSD para
159 continuar la última versión gratuita de SSH, actualizándolo en
160 términos de seguridad y recursos,así también eliminando todos los
161 algoritmos patentados y colocándolos en bibliotecas separadas
164 Este paquete contiene "port" para Linux de OpenSSH. Se debe instalar
165 también el paquete openssh-clients u openssh-server o ambos.
167 %description -l fr.UTF-8
168 OpenSSH (Secure Shell) fournit un accès à un système distant. Il
169 remplace telnet, rlogin, rexec et rsh, tout en assurant des
170 communications cryptées securisées entre deux hôtes non fiabilisés sur
171 un réseau non sécurisé. Des connexions X11 et des ports TCP/IP
172 arbitraires peuvent également être transmis sur le canal sécurisé.
174 %description -l it.UTF-8
175 OpenSSH (Secure Shell) fornisce l'accesso ad un sistema remoto.
176 Sostituisce telnet, rlogin, rexec, e rsh, e fornisce comunicazioni
177 sicure e crittate tra due host non fidati su una rete non sicura. Le
178 connessioni X11 ad una porta TCP/IP arbitraria possono essere
179 inoltrate attraverso un canale sicuro.
181 %description -l pl.UTF-8
182 Ssh (Secure Shell) to program służący do logowania się na zdalną
183 maszynę i uruchamiania na niej aplikacji. W zamierzeniu openssh ma
184 zastąpić rlogin, rsh i dostarczyć bezpieczne, szyfrowane połączenie
185 pomiędzy dwoma hostami.
187 Ten pakiet zawiera podstawowe pliki potrzebne zarówno po stronie
188 klienta jak i serwera OpenSSH. Aby był użyteczny, trzeba zainstalować
189 co najmniej jeden z pakietów: openssh-clients lub openssh-server.
192 Ta wersja zawiera łaty z projektu High Performance SSH/SCP
193 http://www.psc.edu/networking/projects/hpn-ssh/, które mają na celu
194 zwiększenie przepustowości transmisji dla szybkich połączeń z dużym
195 RTT (20-150 msec). Na stronie projektu znaleźć można odpowednie dla
196 danego połączenia wartości parametru '-w' oraz opcje /proc/sys dla
197 TCP. Nawiasem mówiąc w sieciach LAN RTT < 1 msec.
200 %description -l pt.UTF-8
201 OpenSSH (Secure Shell) fornece acesso a um sistema remoto. Substitui o
202 telnet, rlogin, rexec, e o rsh e fornece comunicações seguras e
203 cifradas entre duas máquinas sem confiança mútua sobre uma rede
204 insegura. Ligações X11 e portos TCP/IP arbitrários também poder ser
205 reenviados pelo canal seguro.
207 %description -l pt_BR.UTF-8
208 SSH é um programa para acessar e executar comandos em máquinas
209 remotas. Ele substitui rlogin e rsh, e provem um canal de comunicação
210 seguro entre dois hosts em uma rede insegura. Conexões X11 e portas
211 TCP/IP arbitrárias também podem ser usadas pelo canal seguro.
213 OpenSSH é o resultado do trabalho da equipe do OpenBSD em continuar a
214 última versão gratuita do SSH, atualizando-o em termos de segurança e
215 recursos, assim como removendo todos os algoritmos patenteados e
216 colocando-os em bibliotecas separadas (OpenSSL).
218 Esse pacote contém o "port" pra Linux do OpenSSH. Você deve instalar
219 também ou o pacote openssh-clients, ou o openssh-server, ou ambos.
221 %description -l ru.UTF-8
222 Ssh (Secure Shell) - это программа для "захода" (login) на удаленную
223 машину и для выполнения команд на удаленной машине. Она предназначена
224 для замены rlogin и rsh и обеспечивает безопасную шифрованную
225 коммуникацию между двумя хостами в сети, являющейся небезопасной.
226 Соединения X11 и любые порты TCP/IP могут также быть проведены через
229 OpenSSH - это переделка командой разработчиков OpenBSD последней
230 свободной версии SSH, доведенная до современного состояния в терминах
231 уровня безопасности и поддерживаемых возможностей. Все патентованные
232 алгоритмы вынесены в отдельные библиотеки (OpenSSL).
234 Этот пакет содержит файлы, необходимые как для клиента, так и для
235 сервера OpenSSH. Вам нужно будет установить еще openssh-clients,
236 openssh-server, или оба пакета.
238 %description -l uk.UTF-8
239 Ssh (Secure Shell) - це програма для "заходу" (login) до віддаленої
240 машини та для виконання команд на віддаленій машині. Вона призначена
241 для заміни rlogin та rsh і забезпечує безпечну шифровану комунікацію
242 між двома хостами в мережі, яка не є безпечною. З'єднання X11 та
243 довільні порти TCP/IP можуть також бути проведені через безпечний
246 OpenSSH - це переробка командою розробників OpenBSD останньої вільної
247 версії SSH, доведена до сучасного стану в термінах рівня безпеки та
248 підтримуваних можливостей. Всі патентовані алгоритми винесені до
249 окремих бібліотек (OpenSSL).
251 Цей пакет містить файли, необхідні як для клієнта, так і для сервера
252 OpenSSH. Вам потрібно буде ще встановити openssh-clients,
253 openssh-server, чи обидва пакети.
256 Summary: OpenSSH Secure Shell protocol clients
257 Summary(es.UTF-8): Clientes de OpenSSH
258 Summary(pl.UTF-8): Klienci protokołu Secure Shell
259 Summary(pt_BR.UTF-8): Clientes do OpenSSH
260 Summary(ru.UTF-8): OpenSSH - клиенты протокола Secure Shell
261 Summary(uk.UTF-8): OpenSSH - клієнти протоколу Secure Shell
262 Group: Applications/Networking
263 Requires: %{name} = %{epoch}:%{version}-%{release}
264 Suggests: %{name}-clients-helper-fido = %{epoch}:%{version}-%{release}
265 Provides: ssh-clients
266 Obsoletes: ssh-clients
267 %requires_eq_to openssl%{?_isa} openssl-devel
270 Ssh (Secure Shell) a program for logging into a remote machine and for
271 executing commands in a remote machine. It is intended to replace
272 rlogin and rsh, and provide secure encrypted communications between
273 two untrusted hosts over an insecure network. X11 connections and
274 arbitrary TCP/IP ports can also be forwarded over the secure channel.
276 OpenSSH is OpenBSD's rework of the last free version of SSH, bringing
277 it up to date in terms of security and features, as well as removing
278 all patented algorithms to seperate libraries (OpenSSL).
280 This package includes the clients necessary to make encrypted
281 connections to SSH servers.
283 %description clients -l es.UTF-8
284 Este paquete incluye los clientes que se necesitan para hacer
285 conexiones codificadas con servidores SSH.
287 %description clients -l pl.UTF-8
288 Ssh (Secure Shell) to program służący do logowania się na zdalną
289 maszynę i uruchamiania na niej aplikacji. W zamierzeniu openssh ma
290 zastąpić rlogin, rsh i dostarczyć bezpieczne, szyfrowane połączenie
291 pomiędzy dwoma hostami.
293 Ten pakiet zawiera klientów służących do łączenia się z serwerami SSH.
295 %description clients -l pt_BR.UTF-8
296 Esse pacote inclui os clientes necessários para fazer conexões
297 encriptadas com servidores SSH.
299 %description clients -l ru.UTF-8
300 Ssh (Secure Shell) - это программа для "захода" (login) на удаленную
301 машину и для выполнения команд на удаленной машине.
303 Этот пакет содержит программы-клиенты, необходимые для установления
304 зашифрованных соединений с серверами SSH.
306 %description clients -l uk.UTF-8
307 Ssh (Secure Shell) - це програма для "заходу" (login) до віддаленої
308 машини та для виконання команд на віддаленій машині.
310 Цей пакет містить програми-клієнти, необхідні для встановлення
311 зашифрованих з'єднань з серверами SSH.
313 %package clients-agent-profile_d
314 Summary: OpenSSH Secure Shell agent init script
315 Summary(pl.UTF-8): Skrypt startowy agenta OpenSSH
316 Group: Applications/Networking
317 Requires: %{name}-clients = %{epoch}:%{version}-%{release}
319 %description clients-agent-profile_d
320 profile.d scripts for starting SSH agent.
322 %description clients-agent-profile_d -l pl.UTF-8
323 Skrypty profile.d do uruchamiania agenta SSH.
325 %package clients-agent-xinitrc
326 Summary: OpenSSH Secure Shell agent init script
327 Summary(pl.UTF-8): Skrypt inicjujący agenta ssh przez xinitrc
328 Group: Applications/Networking
329 Requires: %{name}-clients-agent-profile_d = %{epoch}:%{version}-%{release}
332 %description clients-agent-xinitrc
333 xinitrc scripts for starting SSH agent.
335 %description clients-agent-xinitrc -l pl.UTF-8
336 Skrypty xinitrc do uruchamiania agenta SSH.
338 %package clients-helper-fido
339 Summary: OpenSSH helper for FIDO authenticator
340 Summary(pl.UTF-8): OpenSSH helper obsługujący klucz autoryzujący FIDO
341 Group: Applications/Networking
342 Requires: %{name}-clients = %{epoch}:%{version}-%{release}
343 Requires: libfido2 >= 1.5.0
345 %description clients-helper-fido
346 OpenSSH helper for FIDO authenticator.
348 %description clients-helper-fido -l pl.UTF-8
349 OpenSSH helper obsługujący klucz autoryzujący FIDO.
352 Summary: OpenSSH Secure Shell protocol server (sshd)
353 Summary(de.UTF-8): OpenSSH Secure Shell Protocol-Server (sshd)
354 Summary(es.UTF-8): Servidor OpenSSH para comunicaciones codificadas
355 Summary(fr.UTF-8): Serveur de protocole du shell sécurisé OpenSSH (sshd)
356 Summary(it.UTF-8): Server OpenSSH per il protocollo Secure Shell (sshd)
357 Summary(pl.UTF-8): Serwer protokołu Secure Shell (sshd)
358 Summary(pt.UTF-8): Servidor do protocolo 'Secure Shell' OpenSSH (sshd)
359 Summary(pt_BR.UTF-8): Servidor OpenSSH para comunicações encriptadas
360 Summary(ru.UTF-8): OpenSSH - сервер протокола Secure Shell (sshd)
361 Summary(uk.UTF-8): OpenSSH - сервер протоколу Secure Shell (sshd)
362 Group: Networking/Daemons
363 Requires(post): /sbin/chkconfig
365 Requires(post,preun): /sbin/chkconfig
366 Requires(postun): /usr/sbin/userdel
367 Requires(pre): /bin/id
368 Requires(pre): /usr/sbin/useradd
369 Requires(post,preun,postun): systemd-units >= 38
370 Requires: %{name} = %{epoch}:%{version}-%{release}
371 %if "%{pld_release}" == "ac"
372 Requires: filesystem >= 2.0-1
373 Requires: pam >= 0.79.0
375 Requires: filesystem >= 3.0-11
376 Requires: pam >= %{pam_ver}
377 Suggests: xorg-app-xauth
379 Requires: rc-scripts >= 0.4.3.0
380 Requires: systemd-units >= 38
381 %{?with_libseccomp:Requires: uname(release) >= 3.5}
383 %{?with_ldap:Suggests: %{name}-server-ldap}
385 Suggests: xorg-app-xauth
388 %requires_eq_to openssl%{?_isa} openssl-devel
391 Ssh (Secure Shell) a program for logging into a remote machine and for
392 executing commands in a remote machine. It is intended to replace
393 rlogin and rsh, and provide secure encrypted communications between
394 two untrusted hosts over an insecure network. X11 connections and
395 arbitrary TCP/IP ports can also be forwarded over the secure channel.
397 OpenSSH is OpenBSD's rework of the last free version of SSH, bringing
398 it up to date in terms of security and features, as well as removing
399 all patented algorithms to seperate libraries (OpenSSL).
401 This package contains the secure shell daemon. The sshd is the server
402 part of the secure shell protocol and allows ssh clients to connect to
405 %description server -l de.UTF-8
406 Dieses Paket installiert den sshd, den Server-Teil der OpenSSH.
408 %description server -l es.UTF-8
409 Este paquete contiene el servidor SSH. sshd es la parte servidor del
410 protocolo secure shell y permite que clientes ssh se conecten a su
413 %description server -l fr.UTF-8
414 Ce paquetage installe le 'sshd', partie serveur de OpenSSH.
416 %description server -l it.UTF-8
417 Questo pacchetto installa sshd, il server di OpenSSH.
419 %description server -l pl.UTF-8
420 Ssh (Secure Shell) to program służący do logowania się na zdalną
421 maszynę i uruchamiania na niej aplikacji. W zamierzeniu openssh ma
422 zastąpić rlogin, rsh i dostarczyć bezpieczne, szyfrowane połączenie
423 pomiędzy dwoma hostami.
425 Ten pakiet zawiera serwer sshd (do którego mogą łączyć się klienci
428 %description server -l pt.UTF-8
429 Este pacote intala o sshd, o servidor do OpenSSH.
431 %description server -l pt_BR.UTF-8
432 Esse pacote contém o servidor SSH. O sshd é a parte servidor do
433 protocolo secure shell e permite que clientes ssh se conectem ao seu
436 %description server -l ru.UTF-8
437 Ssh (Secure Shell) - это программа для "захода" (login) на удаленную
438 машину и для выполнения команд на удаленной машине.
440 Этот пакет содержит sshd - "демон" Secure Shell. sshd - это серверная
441 часть протокола Secure Shell, позволяющая клиентам ssh соединяться с
444 %description server -l uk.UTF-8
445 Ssh (Secure Shell) - це програма для "заходу" (login) до віддаленої
446 машини та для виконання команд на віддаленій машині.
448 Цей пакет містить sshd - "демон" Secure Shell. sshd - це серверна
449 частина протоколу Secure Shell, яка дозволяє клієнтам ssh зв'язуватись
453 Summary: A LDAP support for open source SSH server daemon
454 Summary(pl.UTF-8): Wsparcie LDAP dla serwera OpenSSH
456 Requires: %{name} = %{epoch}:%{version}-%{release}
457 Requires: openldap-nss-config
459 %description server-ldap
460 OpenSSH LDAP backend is a way how to distribute the authorized tokens
461 among the servers in the network.
463 %description server-ldap -l pl.UTF-8
464 Backend LDAP dla OpenSSH to metoda rozprowadzania autoryzowanych
465 tokenów między serwerami w sieci.
467 %package gnome-askpass
468 Summary: OpenSSH GNOME passphrase dialog
469 Summary(de.UTF-8): OpenSSH GNOME Passwort-Dialog
470 Summary(es.UTF-8): Diálogo para introducción de passphrase para GNOME
471 Summary(fr.UTF-8): Dialogue pass-phrase GNOME d'OpenSSH
472 Summary(it.UTF-8): Finestra di dialogo GNOME per la frase segreta di OpenSSH
473 Summary(pl.UTF-8): Odpytywacz hasła OpenSSH dla GNOME
474 Summary(pt.UTF-8): Diálogo de pedido de senha para GNOME do OpenSSH
475 Summary(pt_BR.UTF-8): Diálogo para entrada de passphrase para GNOME
476 Summary(ru.UTF-8): OpenSSH - диалог ввода ключевой фразы (passphrase) для GNOME
477 Summary(uk.UTF-8): OpenSSH - діалог вводу ключової фрази (passphrase) для GNOME
478 Group: Applications/Networking
479 Requires: %{name} = %{epoch}:%{version}-%{release}
480 Obsoletes: openssh-askpass
481 Obsoletes: ssh-askpass
482 Obsoletes: ssh-extras
484 %description gnome-askpass
485 Ssh (Secure Shell) a program for logging into a remote machine and for
486 executing commands in a remote machine. It is intended to replace
487 rlogin and rsh, and provide secure encrypted communications between
488 two untrusted hosts over an insecure network. X11 connections and
489 arbitrary TCP/IP ports can also be forwarded over the secure channel.
491 OpenSSH is OpenBSD's rework of the last free version of SSH, bringing
492 it up to date in terms of security and features, as well as removing
493 all patented algorithms to seperate libraries (OpenSSL).
495 This package contains the GNOME passphrase dialog.
497 %description gnome-askpass -l es.UTF-8
498 Este paquete contiene un programa que abre una caja de diálogo para
499 entrada de passphrase en GNOME.
501 %description gnome-askpass -l pl.UTF-8
502 Ssh (Secure Shell) to program służący do logowania się na zdalną
503 maszynę i uruchamiania na niej aplikacji. W zamierzeniu openssh ma
504 zastąpić rlogin, rsh i dostarczyć bezpieczne, szyfrowane połączenie
505 pomiędzy dwoma hostami.
507 Ten pakiet zawiera ,,odpytywacz hasła'' dla GNOME.
509 %description gnome-askpass -l pt_BR.UTF-8
510 Esse pacote contém um programa que abre uma caixa de diálogo para
511 entrada de passphrase no GNOME.
513 %description gnome-askpass -l ru.UTF-8
514 Ssh (Secure Shell) - это программа для "захода" (login) на удаленную
515 машину и для выполнения команд на удаленной машине.
517 Этот пакет содержит диалог ввода ключевой фразы для использования под
520 %description gnome-askpass -l uk.UTF-8
521 Ssh (Secure Shell) - це програма для "заходу" (login) до віддаленої
522 машини та для виконання команд на віддаленій машині.
524 Цей пакет містить діалог вводу ключової фрази для використання під
527 %package -n openldap-schema-openssh-lpk
528 Summary: OpenSSH LDAP Public Key schema
529 Summary(pl.UTF-8): Schemat klucza publicznego LDAP dla OpenSSH
530 Group: Networking/Daemons
531 Requires(post,postun): sed >= 4.0
532 Requires: openldap-servers
535 %description -n openldap-schema-openssh-lpk
536 This package contains OpenSSH LDAP Public Key schema for openldap.
538 %description -n openldap-schema-openssh-lpk -l pl.UTF-8
539 Ten pakiet zawiera schemat klucza publicznego LDAP dla OpenSSH dla
556 %{?with_hpn:%patch9 -p1}
563 %{!?with_ldap:%patch15 -p1}
565 %if "%{pld_release}" == "ac"
566 # fix for missing x11.pc
567 %{__sed} -i -e 's/\(`$(PKG_CONFIG) --libs gtk+-2.0\) x11`/\1` -lX11/' contrib/Makefile
570 # hack since arc4random from openbsd-compat needs symbols from libssh and vice versa
571 sed -i -e 's#-lssh -lopenbsd-compat#-lssh -lopenbsd-compat -lssh -lopenbsd-compat#g' Makefile*
573 grep -rl /usr/libexec/openssh/ssh-ldap-helper . | xargs \
574 %{__sed} -i -e 's,/usr/libexec/openssh/ssh-ldap-helper,%{_libexecdir}/ssh-ldap-helper,'
576 # prevent being ovewritten by aclocal calls
577 %{__mv} aclocal.m4 acinclude.m4
583 CPPFLAGS="%{rpmcppflags} -DCHROOT -std=gnu99"
590 %{?with_audit:--with-audit=linux} \
591 --with-ipaddr-display \
592 %{?with_kerberos5:--with-kerberos5=/usr} \
593 --with-ldap%{!?with_ldap:=no} \
594 %{?with_ldns:--with-ldns} \
595 %{?with_libedit:--with-libedit} \
597 --with-md5-passwords \
599 --with-pid-dir=%{_localstatedir}/run \
600 --with-privsep-path=%{_privsepdir} \
601 --with-privsep-user=sshd \
602 --with-security-key-builtin \
603 %{?with_selinux:--with-selinux} \
604 %if "%{pld_release}" == "ac"
605 --with-xauth=/usr/X11R6/bin/xauth
607 %if %{with libseccomp}
608 --with-sandbox=seccomp_filter \
610 --with-sandbox=rlimit \
612 --with-xauth=%{_bindir}/xauth
615 echo '#define LOGIN_PROGRAM "/bin/login"' >>config.h
620 %{__make} -j1 tests \
621 TEST_SSH_PORT=$((4242 + ${RANDOM:-$$} % 1000)) \
622 TEST_SSH_TRACE="yes" \
623 %if %{without tests_conch}
624 SKIP_LTESTS="conch-ciphers"
630 %{__make} gnome-ssh-askpass1 \
631 CC="%{__cc} %{rpmldflags} %{rpmcflags}"
634 %{__make} gnome-ssh-askpass2 \
635 CC="%{__cc} %{rpmldflags} %{rpmcflags}"
639 rm -rf $RPM_BUILD_ROOT
640 install -d $RPM_BUILD_ROOT{%{_sysconfdir},/etc/{pam.d,rc.d/init.d,sysconfig,security,env.d}} \
641 $RPM_BUILD_ROOT{%{_libexecdir}/ssh,%{schemadir},%{systemdunitdir}}
642 install -d $RPM_BUILD_ROOT/etc/{profile.d,X11/xinit/xinitrc.d}
645 DESTDIR=$RPM_BUILD_ROOT
647 bzip2 -dc %{SOURCE1} | tar xf - -C $RPM_BUILD_ROOT%{_mandir}
649 install -p %{SOURCE2} $RPM_BUILD_ROOT/etc/rc.d/init.d/sshd
650 cp -p %{SOURCE3} $RPM_BUILD_ROOT/etc/pam.d/sshd
651 cp -p %{SOURCE4} $RPM_BUILD_ROOT/etc/sysconfig/sshd
652 cp -p %{SOURCE5} $RPM_BUILD_ROOT/etc/profile.d
653 ln -sf /etc/profile.d/ssh-agent.sh $RPM_BUILD_ROOT/etc/X11/xinit/xinitrc.d/ssh-agent.sh
654 cp -p %{SOURCE6} $RPM_BUILD_ROOT%{_sysconfdir}
655 cp -p %{SOURCE7} $RPM_BUILD_ROOT%{schemadir}
657 cp -p %{SOURCE9} %{SOURCE11} %{SOURCE12} $RPM_BUILD_ROOT%{systemdunitdir}
658 install -p %{SOURCE10} $RPM_BUILD_ROOT%{_libexecdir}/sshd-keygen
660 %{__sed} -i -e 's|@@LIBEXECDIR@@|%{_libexecdir}|g' \
661 $RPM_BUILD_ROOT/etc/rc.d/init.d/sshd \
662 $RPM_BUILD_ROOT%{systemdunitdir}/sshd.service \
663 $RPM_BUILD_ROOT%{systemdunitdir}/sshd@.service \
664 $RPM_BUILD_ROOT%{_libexecdir}/sshd-keygen
667 install -p contrib/gnome-ssh-askpass1 $RPM_BUILD_ROOT%{_libexecdir}/ssh/ssh-askpass
670 install -p contrib/gnome-ssh-askpass2 $RPM_BUILD_ROOT%{_libexecdir}/ssh/ssh-askpass
672 %if %{with gnome} || %{with gtk}
673 cat << 'EOF' >$RPM_BUILD_ROOT/etc/env.d/GNOME_SSH_ASKPASS_GRAB_SERVER
674 #GNOME_SSH_ASKPASS_GRAB_SERVER="true"
676 cat << 'EOF' >$RPM_BUILD_ROOT/etc/env.d/GNOME_SSH_ASKPASS_GRAB_POINTER
677 #GNOME_SSH_ASKPASS_GRAB_POINTER="true"
679 ln -s %{_libexecdir}/ssh/ssh-askpass $RPM_BUILD_ROOT%{_libexecdir}/ssh-askpass
682 install -p contrib/ssh-copy-id $RPM_BUILD_ROOT%{_bindir}
683 cp -p contrib/ssh-copy-id.1 $RPM_BUILD_ROOT%{_mandir}/man1
685 touch $RPM_BUILD_ROOT/etc/security/blacklist.sshd
687 cat << 'EOF' > $RPM_BUILD_ROOT/etc/env.d/SSH_ASKPASS
688 #SSH_ASKPASS="%{_libexecdir}/ssh-askpass"
691 %if "%{pld_release}" == "ac"
692 # not present in ac, no point searching it
693 %{__sed} -i -e '/pam_keyinit.so/d' $RPM_BUILD_ROOT/etc/pam.d/sshd
694 # openssl on ac does not have OPENSSL_HAS_ECC
695 %{__sed} -i -e '/ecdsa/d' $RPM_BUILD_ROOT%{_libexecdir}/sshd-keygen
699 # remove recording user's login uid to the process attribute
700 %{__sed} -i -e '/pam_loginuid.so/d' $RPM_BUILD_ROOT/etc/pam.d/sshd
703 %{__rm} $RPM_BUILD_ROOT%{_mandir}/README.openssh-non-english-man-pages
704 %{?with_ldap:%{__rm} $RPM_BUILD_ROOT%{_sysconfdir}/ldap.conf}
707 rm -rf $RPM_BUILD_ROOT
718 %postun gnome-askpass
722 %useradd -P %{name}-server -u 40 -d %{_privsepdir} -s /bin/false -c "OpenSSH PrivSep User" -g nobody sshd
725 /sbin/chkconfig --add sshd
726 %service sshd reload "OpenSSH Daemon"
728 %systemd_post sshd.service
731 if [ "$1" = "0" ]; then
733 /sbin/chkconfig --del sshd
735 %systemd_preun sshd.service
738 if [ "$1" = "0" ]; then
743 %triggerpostun server -- %{name}-server < 2:7.0p1-2
744 %banner %{name}-server -e << EOF
745 !!!!!!!!!!!!!!!!!!!!!!! WARNING !!!!!!!!!!!!!!!!!!!
746 ! Starting from openssh 7.0 DSA keys are disabled !
747 ! on server and client side. You will NOT be able !
748 ! to use DSA keys for authentication. Please read !
749 ! about PubkeyAcceptedKeyTypes in man ssh_config. !
750 !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
753 %triggerpostun server -- %{name}-server < 6.2p1-1
754 cp -f %{_sysconfdir}/sshd_config{,.rpmorig}
755 sed -i -e 's#AuthorizedKeysCommandRunAs#AuthorizedKeysCommandUser##g' %{_sysconfdir}/sshd_config
757 %triggerpostun server -- %{name}-server < 2:5.9p1-8
758 # lpk.patch to ldap.patch
759 if grep -qE '^(UseLPK|Lpk)' %{_sysconfdir}/sshd_config; then
760 echo >&2 "Migrating LPK patch to LDAP patch"
761 cp -f %{_sysconfdir}/sshd_config{,.rpmorig}
763 # disable old configs
764 # just UseLPK/LkpLdapConf supported for now
765 s/^\s*UseLPK/## Obsolete &/
766 s/^\s*Lpk/## Obsolete &/
767 # Enable new ones, assumes /etc/ldap.conf defaults, see HOWTO.ldap-keys
768 /UseLPK/iAuthorizedKeysCommand %{_libexecdir}/ssh-ldap-wrapper
769 ' %{_sysconfdir}/sshd_config
770 if [ ! -x /bin/systemd_booted ] || ! /bin/systemd_booted; then
771 /bin/systemctl try-restart sshd.service || :
773 %service -q sshd reload
776 %systemd_trigger sshd.service
777 if [ -x /bin/systemd_booted ] && /bin/systemd_booted; then
778 %banner %{name}-server -e << EOF
779 !!!!!!!!!!!!!!!!!!!!!!! WARNING !!!!!!!!!!!!!!!!!!!!!!!!!
780 ! Native systemd support for sshd has been installed. !
781 ! Restarting sshd.service with systemctl WILL kill all !
782 ! active ssh sessions (daemon as such will be started). !
783 !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
787 %post -n openldap-schema-openssh-lpk
788 %openldap_schema_register %{schemadir}/openssh-lpk.schema
789 %service -q ldap restart
791 %postun -n openldap-schema-openssh-lpk
792 if [ "$1" = "0" ]; then
793 %openldap_schema_unregister %{schemadir}/openssh-lpk.schema
794 %service -q ldap restart
798 %defattr(644,root,root,755)
799 %doc TODO README OVERVIEW CREDITS Change*
800 %attr(755,root,root) %{_bindir}/ssh-key*
801 #%attr(755,root,root) %{_bindir}/ssh-vulnkey*
802 %{_mandir}/man1/ssh-key*.1*
803 #%{_mandir}/man1/ssh-vulnkey*.1*
808 %defattr(644,root,root,755)
809 %attr(755,root,root) %{_bindir}/ssh
810 %attr(755,root,root) %{_bindir}/sftp
811 %attr(755,root,root) %{_bindir}/ssh-agent
812 %attr(755,root,root) %{_bindir}/ssh-add
813 %attr(755,root,root) %{_bindir}/ssh-copy-id
814 %attr(755,root,root) %{_bindir}/scp
815 %attr(755,root,root) %{_libexecdir}/ssh-pkcs11-helper
816 %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/ssh_config
817 %config(noreplace,missingok) %verify(not md5 mtime size) /etc/env.d/SSH_ASKPASS
818 %{_mandir}/man1/scp.1*
819 %{_mandir}/man1/ssh.1*
820 %{_mandir}/man1/sftp.1*
821 %{_mandir}/man1/ssh-agent.1*
822 %{_mandir}/man1/ssh-add.1*
823 %{_mandir}/man1/ssh-copy-id.1*
824 %{_mandir}/man5/ssh_config.5*
825 %{_mandir}/man8/ssh-pkcs11-helper.8*
826 %lang(it) %{_mandir}/it/man1/ssh.1*
827 %lang(it) %{_mandir}/it/man5/ssh_config.5*
828 %lang(pl) %{_mandir}/pl/man1/scp.1*
829 %lang(zh_CN) %{_mandir}/zh_CN/man1/scp.1*
831 # for host-based auth (suid required for accessing private host key)
832 #%attr(4755,root,root) %{_libexecdir}/ssh-keysign
833 #%{_mandir}/man8/ssh-keysign.8*
835 %files clients-agent-profile_d
836 %defattr(644,root,root,755)
837 %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/ssh-agent.conf
838 %attr(755,root,root) /etc/profile.d/ssh-agent.sh
840 %files clients-agent-xinitrc
841 %defattr(644,root,root,755)
842 %attr(755,root,root) /etc/X11/xinit/xinitrc.d/ssh-agent.sh
844 %files clients-helper-fido
845 %defattr(644,root,root,755)
846 %attr(755,root,root) %{_libexecdir}/ssh-sk-helper
847 %{_mandir}/man8/ssh-sk-helper.8*
850 %defattr(644,root,root,755)
851 %attr(755,root,root) %{_sbindir}/sshd
852 %attr(755,root,root) %{_libexecdir}/sftp-server
853 %attr(755,root,root) %{_libexecdir}/ssh-keysign
854 %attr(755,root,root) %{_libexecdir}/sshd-keygen
855 %{_mandir}/man8/sshd.8*
856 %{_mandir}/man8/sftp-server.8*
857 %{_mandir}/man8/ssh-keysign.8*
858 %{_mandir}/man5/sshd_config.5*
859 %{_mandir}/man5/moduli.5*
860 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/sshd_config
861 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/pam.d/sshd
862 %{_sysconfdir}/moduli
863 %attr(754,root,root) /etc/rc.d/init.d/sshd
864 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/sysconfig/sshd
865 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/security/blacklist.sshd
866 %{systemdunitdir}/sshd.service
867 %{systemdunitdir}/sshd.socket
868 %{systemdunitdir}/sshd@.service
872 %defattr(644,root,root,755)
873 %doc HOWTO.ldap-keys ldap.conf
874 %attr(755,root,root) %{_libexecdir}/ssh-ldap-helper
875 %attr(755,root,root) %{_libexecdir}/ssh-ldap-wrapper
876 %{_mandir}/man5/ssh-ldap.conf.5*
877 %{_mandir}/man8/ssh-ldap-helper.8*
880 %if %{with gnome} || %{with gtk}
882 %defattr(644,root,root,755)
883 %config(noreplace,missingok) %verify(not md5 mtime size) /etc/env.d/GNOME_SSH_ASKPASS*
884 %dir %{_libexecdir}/ssh
885 %attr(755,root,root) %{_libexecdir}/ssh/ssh-askpass
886 %attr(755,root,root) %{_libexecdir}/ssh-askpass
890 %files -n openldap-schema-openssh-lpk
891 %defattr(644,root,root,755)
892 %{schemadir}/openssh-lpk.schema