# http://pkgs.fedoraproject.org/gitweb/?p=openssh.git;a=tree
Patch4: %{name}-5.9p1-ldap.patch
Patch5: %{name}-5.9p1-ldap-fixes.patch
+Patch8: ldap.conf.patch
Patch6: %{name}-config.patch
+# https://bugzilla.mindrot.org/show_bug.cgi?id=1663
+Patch7: authorized-keys-command.patch
# High Performance SSH/SCP - HPN-SSH - http://www.psc.edu/networking/projects/hpn-ssh/
# http://www.psc.edu/networking/projects/hpn-ssh/openssh-5.2p1-hpn13v6.diff.gz
Patch9: %{name}-5.2p1-hpn13v6.diff
%patch0 -p1
%patch2 -p1
%patch3 -p1
-%{?with_ldap:%patch4 -p1}
+%patch4 -p1
%patch5 -p1
+%patch8 -p1
%patch6 -p1
+%patch7 -p1
%{?with_hpn:%patch9 -p1}
%patch10 -p1
%patch11 -p1
# hack since arc4random from openbsd-compat needs symbols from libssh and vice versa
sed -i -e 's#-lssh -lopenbsd-compat#-lssh -lopenbsd-compat -lssh#g' Makefile*
+grep -rl /usr/libexec/openssh/ssh-ldap-helper . | xargs \
+%{__sed} -i -e 's,/usr/libexec/openssh/ssh-ldap-helper,%{_libexecdir}/ssh-ldap-helper,'
+
%build
cp /usr/share/automake/config.sub .
%{__aclocal}
%{?with_audit:--with-audit=linux} \
--with-ipaddr-display \
%{?with_kerberos5:--with-kerberos5=/usr} \
- %{?with_ldap:--with-ldap} \
+ --with-ldap%{!?with_ldap:=no} \
%{?with_libedit:--with-libedit} \
--with-mantype=man \
--with-md5-passwords \
--with-pam \
+ --with-authorized-keys-command \
--with-pid-dir=%{_localstatedir}/run \
--with-privsep-path=%{_privsepdir} \
%{?with_selinux:--with-selinux} \
EOF
%{__rm} $RPM_BUILD_ROOT%{_mandir}/README.openssh-non-english-man-pages
+%{__rm} $RPM_BUILD_ROOT%{_sysconfdir}/ldap.conf
%clean
rm -rf $RPM_BUILD_ROOT
%userremove sshd
fi
-%triggerpostun server -- %{name}-server < 5.9p1-1
+%triggerpostun server -- %{name}-server < 2:5.9p1-1
# lpk.patch to ldap.patch
if grep -qE '^(UseLPK|Lpk)' %{_sysconfdir}/sshd_config; then
echo >&2 "Migrating LPK patch to LDAP patch"
# disable old configs
# just UseLPK/LkpLdapConf supported for now
s/^UseLPK/## Obsolete &/
- s/^LPK/## Obsolete &/
+ s/^Lpk/## Obsolete &/
# Enable new ones, assumes /etc/ldap.conf defaults, see HOWTO.ldap-keys
/UseLPK/iAuthorizedKeysCommand "%{_libexecdir}/ssh-ldap-wrapper"
' %{_sysconfdir}/sshd_config
%files server
%defattr(644,root,root,755)
-%doc HOWTO.ldap-keys
+%doc HOWTO.ldap-keys ldap.conf
%attr(755,root,root) %{_sbindir}/sshd
%attr(755,root,root) %{_libexecdir}/sftp-server
%attr(755,root,root) %{_libexecdir}/ssh-keysign
%{_mandir}/man5/ssh-ldap.conf.5*
%{_mandir}/man5/moduli.5*
%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/sshd_config
-%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/ldap.conf
%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/pam.d/sshd
%attr(640,root,root) %{_sysconfdir}/moduli
%attr(754,root,root) /etc/rc.d/init.d/sshd