X-Git-Url: https://git.pld-linux.org/?a=blobdiff_plain;f=openssh.spec;h=ae83926214efb7f1c5e8f4078c0fe595be0de47e;hb=9be30b5d5c94d5e5b9c88d237b0e2812bfafb057;hp=0b3bf7995c4cfbd5cf01e8284844b14d5d352065;hpb=f92e73b9c613e41239952955c9204c7814992761;p=packages%2Fopenssh.git diff --git a/openssh.spec b/openssh.spec index 0b3bf79..ae83926 100644 --- a/openssh.spec +++ b/openssh.spec @@ -1,14 +1,22 @@ # # Conditional build: -%bcond_with gnome # without gnome-askpass utility -%bcond_without gtk # without gtk (2.x) +%bcond_without chroot # without chrooted user environment support +%bcond_with gnome # with gnome-askpass (GNOME 1.x) utility +%bcond_without gtk # without GTK+ (2.x) %bcond_with ldap # with ldap support +%bcond_without libedit # without libedit (editline/history support in sftp client) %bcond_without kerberos5 # without kerberos5 support -%bcond_without chroot # without chrooted user environment support +%bcond_without selinux # build without SELinux support %bcond_with sshagentsh # with system-wide script for starting ssh-agent +%bcond_with hpn # with High Performance SSH/SCP - HPN-SSH (see patch comment) +%bcond_with hpn_none # with hpn (above) and '-z' none cipher option # +%if %{with hpn_none} +%undefine with_hpn +%endif # gtk2-based gnome-askpass means no gnome1-based %{?with_gtk:%undefine with_gnome} +%define _rel 4 Summary: OpenSSH free Secure Shell (SSH) implementation Summary(de): OpenSSH - freie Implementation der Secure Shell (SSH) Summary(es): Implementación libre de SSH @@ -20,56 +28,66 @@ Summary(pt_BR): Implementa Summary(ru): OpenSSH - Ó×ÏÂÏÄÎÁÑ ÒÅÁÌÉÚÁÃÉÑ ÐÒÏÔÏËÏÌÁ Secure Shell (SSH) Summary(uk): OpenSSH - צÌØÎÁ ÒÅÁ̦ÚÁÃ¦Ñ ÐÒÏÔÏËÏÌÕ Secure Shell (SSH) Name: openssh -Version: 3.8.1p1 -Release: 2 +Version: 4.3p2 +Release: %{_rel}%{?with_hpn:hpn}%{?with_hpn_none:hpn_none} Epoch: 2 License: BSD Group: Applications/Networking Source0: ftp://ftp.ca.openbsd.org/pub/OpenBSD/OpenSSH/portable/%{name}-%{version}.tar.gz -# Source0-md5: 1dbfd40ae683f822ae917eebf171ca42 +# Source0-md5: 7e9880ac20a9b9db0d3fea30a9ff3d46 Source1: %{name}d.conf Source2: %{name}.conf Source3: %{name}d.init Source4: %{name}d.pamd Source5: %{name}.sysconfig Source6: passwd.pamd -Source7: http://www.mif.pg.gda.pl/homepages/ankry/man-PLD/openssh-non-english-man-pages.tar.bz2 +Source7: http://www.mif.pg.gda.pl/homepages/ankry/man-PLD/%{name}-non-english-man-pages.tar.bz2 # Source7-md5: 66943d481cc422512b537bcc2c7400d1 -Source9: http://www.imasy.or.jp/~gotoh/ssh/connect.c -# NoSource9-md5: c78de727e1208799072be78c05d64398 -Source10: http://www.imasy.or.jp/~gotoh/ssh/connect.html -# NoSource10-md5: f14cb61fafd067a3f5ce4eaa9643bf05 +Source9: http://www.taiyo.co.jp/~gotoh/ssh/connect.c +# Source9-md5: b856937f1cdfca7a3ccfb2fac36ef726 +Source10: http://www.taiyo.co.jp/~gotoh/ssh/connect.html +# Source10-md5: bb972b3a9d435c62023b355960d78f78 Source11: ssh-agent.sh Source12: ssh-agent.conf Patch0: %{name}-no_libnsl.patch +Patch1: %{name}-ac_fix.patch Patch2: %{name}-linux-ipv6.patch Patch3: %{name}-pam_misc.patch Patch4: %{name}-sigpipe.patch -# http://ldappubkey.gcu-squad.org/ -Patch5: ldappubkey-ossh3.6-v2.patch +# http://www.opendarwin.org/projects/openssh-lpk/ +Patch5: %{name}-lpk-4.3p1-0.3.7.patch Patch6: %{name}-heimdal.patch Patch7: %{name}-pam-conv.patch # http://chrootssh.sourceforge.net/download/osshChroot-3.7.1p2.diff Patch8: %{name}-chroot.patch Patch9: %{name}-selinux.patch Patch10: %{name}-selinux-pld.patch +# HPN patches rediffed due sigpipe patch. +# High Performance SSH/SCP - HPN-SSH - http://www.psc.edu/networking/projects/hpn-ssh/ +# http://www.psc.edu/networking/projects/hpn-ssh/openssh-4.2p1-hpn11.diff +Patch11: %{name}-4.3p1-hpn11.patch +# Adds HPN (see p11) and an undocumented -z none cipher flag +# http://www.psc.edu/networking/projects/hpn-ssh/openssh-4.2p1-hpn11-none.diff +Patch12: %{name}-4.3p1-hpn11-none.patch +Patch13: %{name}-include.patch URL: http://www.openssh.com/ +BuildRequires: %{__perl} BuildRequires: autoconf BuildRequires: automake %{?with_gnome:BuildRequires: gnome-libs-devel} %{?with_gtk:BuildRequires: gtk+2-devel} -%{?with_kerberos5:BuildRequires: heimdal-devel} -BuildRequires: libselinux-devel +%{?with_kerberos5:BuildRequires: heimdal-devel >= 0.7} +%{?with_libedit:BuildRequires: libedit-devel} +%{?with_selinux:BuildRequires: libselinux-devel} BuildRequires: libwrap-devel %{?with_ldap:BuildRequires: openldap-devel} BuildRequires: openssl-devel >= 0.9.7d BuildRequires: pam-devel -BuildRequires: %{__perl} %{?with_gtk:BuildRequires: pkgconfig} +BuildRequires: rpmbuild(macros) >= 1.318 BuildRequires: zlib-devel -PreReq: FHS >= 2.1-24 -PreReq: openssl >= 0.9.7d -%{?with_sshagentsh:Requires: xinitrc} +Requires: FHS >= 2.1-24 +Requires: pam >= 0.79.0 Obsoletes: ssh BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n) @@ -91,6 +109,22 @@ all patented algorithms to seperate libraries (OpenSSL). This package includes the core files necessary for both the OpenSSH client and server. To make this package useful, you should also install openssh-clients, openssh-server, or both. +%if %{with hpn} || %{with hpn_none} +This release includes High Performance SSH/SCP patches from +http://www.psc.edu/networking/projects/hpn-ssh/ which are supposed +to increase throughput on fast connections with high RTT (20-150 msec). +See the website for '-w' values for your connection and /proc/sys TCP +values. BTW. in a LAN you have got generally RTT < 1 msec. +%endif +%if %{with hpn_none} +It also includes an undocumented '-z' option which switches +the cipher to none after authentication is completed. Data is +still secured from tampering and corruption in transit through +the use of the Message Authentication Code (MAC). +This option will significantly reduce the number of cpu cycles used +by the SSH/SCP process. This may allow some users to see significant +improvement in (sniffable) data tranfer rates. +%endif %description -l de OpenSSH (Secure Shell) stellt den Zugang zu anderen Rechnern her. Es @@ -134,11 +168,28 @@ inoltrate attraverso un canale sicuro. Ssh (Secure Shell) to program s³u¿±cy do logowania siê na zdaln± maszynê i uruchamiania na niej aplikacji. W zamierzeniu openssh ma zast±piæ rlogin, rsh i dostarczyæ bezpieczne, szyfrowane po³±czenie -pomiedzy dwoma hostami. +pomiêdzy dwoma hostami. Ten pakiet zawiera podstawowe pliki potrzebne zarówno po stronie klienta jak i serwera OpenSSH. Aby by³ u¿yteczny, trzeba zainstalowaæ co najmniej jeden z pakietów: openssh-clients lub openssh-server. +%if %{with hpn} || %{with hpn_none} +Ta wersja zawiera ³aty z projektu High Performance SSH/SCP +http://www.psc.edu/networking/projects/hpn-ssh/, które maj± na celu +zwiêkszenie przepustowo¶ci transmisji dla szybkich po³±czeñ +z du¿ym RTT (20-150 msec). Na stronie projektu znale¼æ mo¿na +odpowednie dla danego po³±czenia warto¶ci parametru '-w' oraz +opcje /proc/sys dla TCP. Nawiasem mówi±c w sieciach LAN RTT < 1 msec. +%endif +%if %{with hpn_none} +Obs³ugiwana jest równie¿ nieudokumentowana opcja '-z' odpowiedzialna +za wy³±czenie szyfrowania danych po zakoñczeniu procesu uwierzytelniania. +Dane s± zabezpieczone przed modyfikacj± lub uszkodzeniem przez +stosowanie Message Authentication Code (MAC). +Opcja ta znacznie redukuje liczbê cykli procesora zu¿ywanych przez +procesy SSH/SCP. W wybranych zastosowaniach mo¿e ona wp³yn±æ +na wyra¼ne przyspieszenie (pods³uchiwalnej) transmisji danych. +%endif %description -l pt OpenSSH (Secure Shell) fornece acesso a um sistema remoto. Substitui o @@ -203,8 +254,9 @@ Summary(pt_BR): Clientes do OpenSSH Summary(ru): OpenSSH - ËÌÉÅÎÔÙ ÐÒÏÔÏËÏÌÁ Secure Shell Summary(uk): OpenSSH - Ë̦¤ÎÔÉ ÐÒÏÔÏËÏÌÕ Secure Shell Group: Applications/Networking +Requires: %{name} = %{epoch}:%{version}-%{release} +%{?with_sshagentsh:Requires: xinitrc} Provides: ssh-clients -Requires: %{name} = %{epoch}:%{version} Obsoletes: ssh-clients %description clients @@ -229,7 +281,7 @@ conexiones codificadas con servidores SSH. Ssh (Secure Shell) to program s³u¿±cy do logowania siê na zdaln± maszynê i uruchamiania na niej aplikacji. W zamierzeniu openssh ma zast±piæ rlogin, rsh i dostarczyæ bezpieczne, szyfrowane po³±czenie -pomiedzy dwoma hostami. +pomiêdzy dwoma hostami. Ten pakiet zawiera klientów s³u¿±cych do ³±czenia siê z serwerami SSH. @@ -263,18 +315,19 @@ Summary(pt_BR): Servidor OpenSSH para comunica Summary(ru): OpenSSH - ÓÅÒ×ÅÒ ÐÒÏÔÏËÏÌÁ Secure Shell (sshd) Summary(uk): OpenSSH - ÓÅÒ×ÅÒ ÐÒÏÔÏËÏÌÕ Secure Shell (sshd) Group: Networking/Daemons -PreReq: %{name} = %{epoch}:%{version} -PreReq: rc-scripts >= 0.3.1-15 -Requires(pre): /bin/id -Requires(pre): /usr/sbin/useradd -Requires(post,preun): /sbin/chkconfig Requires(post): chkconfig >= 0.9 Requires(post): grep +Requires(post,preun): /sbin/chkconfig Requires(postun): /usr/sbin/userdel +Requires(pre): /bin/id +Requires(pre): /usr/sbin/useradd +Requires: %{name} = %{epoch}:%{version}-%{release} Requires: /bin/login -Requires: util-linux Requires: pam >= 0.77.3 +Requires: rc-scripts >= 0.4.0.18 +Requires: util-linux Provides: ssh-server +Provides: user(sshd) %description server Ssh (Secure Shell) a program for logging into a remote machine and for @@ -309,7 +362,7 @@ Questo pacchetto installa sshd, il server di OpenSSH. Ssh (Secure Shell) to program s³u¿±cy do logowania siê na zdaln± maszynê i uruchamiania na niej aplikacji. W zamierzeniu openssh ma zast±piæ rlogin, rsh i dostarczyæ bezpieczne, szyfrowane po³±czenie -pomiedzy dwoma hostami. +pomiêdzy dwoma hostami. Ten pakiet zawiera serwer sshd (do którego mog± ³±czyæ siê klienci ssh). @@ -350,10 +403,10 @@ Summary(pt_BR): Di Summary(ru): OpenSSH - ÄÉÁÌÏÇ ××ÏÄÁ ËÌÀÞÅ×ÏÊ ÆÒÁÚÙ (passphrase) ÄÌÑ GNOME Summary(uk): OpenSSH - ĦÁÌÏÇ ××ÏÄÕ ËÌÀÞÏ×ϧ ÆÒÁÚÉ (passphrase) ÄÌÑ GNOME Group: Applications/Networking -Requires: %{name} = %{epoch}:%{version} -Obsoletes: ssh-extras -Obsoletes: ssh-askpass +Requires: %{name} = %{epoch}:%{version}-%{release} Obsoletes: openssh-askpass +Obsoletes: ssh-askpass +Obsoletes: ssh-extras %description gnome-askpass Ssh (Secure Shell) a program for logging into a remote machine and for @@ -376,7 +429,7 @@ entrada de passphrase en GNOME. Ssh (Secure Shell) to program s³u¿±cy do logowania siê na zdaln± maszynê i uruchamiania na niej aplikacji. W zamierzeniu openssh ma zast±piæ rlogin, rsh i dostarczyæ bezpieczne, szyfrowane po³±czenie -pomiedzy dwoma hostami. +pomiêdzy dwoma hostami. Ten pakiet zawiera ,,odpytywacz has³a'' dla GNOME. @@ -401,6 +454,7 @@ GNOME. %prep %setup -q %patch0 -p1 +%patch1 -p1 %patch2 -p1 %patch3 -p1 %patch4 -p1 @@ -408,8 +462,11 @@ GNOME. %{?with_kerberos5:%patch6 -p1} #%patch7 -p1 %patch8 -p1 -%patch9 -p1 -%patch10 -p1 +%{?with_selinux:%patch9 -p1} +%{?with_selinux:%patch10 -p1} +%{?with_hpn:%patch11 -p1} +%{?with_hpn_none:%patch12 -p1} +%patch13 -p1 %build cp %{_datadir}/automake/config.sub . @@ -423,6 +480,7 @@ cp %{_datadir}/automake/config.sub . --with-mantype=man \ --with-md5-passwords \ --with-ipaddr-display \ + %{?with_libedit:--with-libedit} \ --with-4in6 \ --disable-suid-ssh \ --with-tcp-wrappers \ @@ -431,7 +489,9 @@ cp %{_datadir}/automake/config.sub . %{?with_kerberos5:--with-kerberos5} \ --with-privsep-path=%{_privsepdir} \ --with-pid-dir=%{_localstatedir}/run \ - --with-xauth=/usr/X11R6/bin/xauth + --with-xauth=/usr/bin/xauth \ + --enable-utmpx \ + --enable-wtmpx echo '#define LOGIN_PROGRAM "/bin/login"' >>config.h @@ -453,14 +513,14 @@ cd contrib %install rm -rf $RPM_BUILD_ROOT -install -d $RPM_BUILD_ROOT{%{_sysconfdir},/etc/{pam.d,rc.d/init.d,sysconfig,security}} \ +install -d $RPM_BUILD_ROOT{%{_sysconfdir},/etc/{pam.d,rc.d/init.d,sysconfig,security,env.d}} \ $RPM_BUILD_ROOT%{_libexecdir}/ssh %{?with_sshagentsh:install -d $RPM_BUILD_ROOT/etc/{profile.d,X11/xinit/xinitrc.d}} %{__make} install \ DESTDIR=$RPM_BUILD_ROOT -install connect $RPM_BUILD_ROOT%{_bindir} +install connect $RPM_BUILD_ROOT%{_bindir} install %{SOURCE4} $RPM_BUILD_ROOT/etc/pam.d/sshd install %{SOURCE6} $RPM_BUILD_ROOT/etc/pam.d/passwdssh install %{SOURCE5} $RPM_BUILD_ROOT/etc/sysconfig/sshd @@ -468,19 +528,26 @@ install %{SOURCE3} $RPM_BUILD_ROOT/etc/rc.d/init.d/sshd install %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/ssh_config install %{SOURCE1} $RPM_BUILD_ROOT%{_sysconfdir}/sshd_config %if %{with sshagentsh} -install %{SOURCE11} $RPM_BUILD_ROOT/etc/profile.d/ +install %{SOURCE11} $RPM_BUILD_ROOT/etc/profile.d ln -sf /etc/profile.d/ssh-agent.sh $RPM_BUILD_ROOT/etc/X11/xinit/xinitrc.d/ssh-agent.sh -install %{SOURCE12} $RPM_BUILD_ROOT/etc/ssh/ +install %{SOURCE12} $RPM_BUILD_ROOT%{_sysconfdir} %endif bzip2 -dc %{SOURCE7} | tar xf - -C $RPM_BUILD_ROOT%{_mandir} %if %{with gnome} install contrib/gnome-ssh-askpass1 $RPM_BUILD_ROOT%{_libexecdir}/ssh/ssh-askpass -ln -s %{_libexecdir}/ssh/ssh-askpass $RPM_BUILD_ROOT%{_libexecdir}/ssh-askpass %endif %if %{with gtk} install contrib/gnome-ssh-askpass2 $RPM_BUILD_ROOT%{_libexecdir}/ssh/ssh-askpass +%endif +%if %{with gnome} || %{with gtk} +cat << EOF >$RPM_BUILD_ROOT/etc/env.d/GNOME_SSH_ASKPASS_GRAB_SERVER +#GNOME_SSH_ASKPASS_GRAB_SERVER="true" +EOF +cat << EOF >$RPM_BUILD_ROOT/etc/env.d/GNOME_SSH_ASKPASS_GRAB_POINTER +#GNOME_SSH_ASKPASS_GRAB_POINTER="true" +EOF ln -s %{_libexecdir}/ssh/ssh-askpass $RPM_BUILD_ROOT%{_libexecdir}/ssh-askpass %endif @@ -489,26 +556,35 @@ echo ".so ssh.1" > $RPM_BUILD_ROOT%{_mandir}/man1/slogin.1 touch $RPM_BUILD_ROOT/etc/security/blacklist.sshd +%if "%{_lib}" != "lib" +find $RPM_BUILD_ROOT%{_sysconfdir} -type f -print0 | xargs -0 perl -pi -e "s#/usr/lib#/usr/%{_lib}#" +%endif + +cat << EOF >$RPM_BUILD_ROOT/etc/env.d/SSH_ASKPASS +#SSH_ASKPASS="%{_libexecdir}/ssh-askpass" +EOF + %clean rm -rf $RPM_BUILD_ROOT +%post clients +%env_update + +%postun clients +%env_update + +%post gnome-askpass +%env_update + +%postun gnome-askpass +%env_update + %pre server -if [ -n "`id -u sshd 2>/dev/null`" ]; then - if [ "`id -u sshd`" != "40" ]; then - echo "Error: user sshd doesn't have uid=40. Correct this before installing ssh server." 1>&2 - exit 1 - fi -else - /usr/sbin/useradd -u 40 -d %{_privsepdir} -s /bin/false -M -r -c "OpenSSH PrivSep User" -g nobody sshd 1>&2 -fi +%useradd -P %{name}-server -u 40 -d %{_privsepdir} -s /bin/false -c "OpenSSH PrivSep User" -g nobody sshd %post server /sbin/chkconfig --add sshd -if [ -f /var/lock/subsys/sshd ]; then - /etc/rc.d/init.d/sshd restart 1>&2 -else - echo "Run \"/etc/rc.d/init.d/sshd start\" to start openssh daemon." -fi +%service sshd reload "openssh daemon" if ! grep -qs ssh /etc/security/passwd.conf ; then umask 022 echo "ssh" >> /etc/security/passwd.conf @@ -516,15 +592,13 @@ fi %preun server if [ "$1" = "0" ]; then - if [ -f /var/lock/subsys/sshd ]; then - /etc/rc.d/init.d/sshd stop 1>&2 - fi + %service sshd stop /sbin/chkconfig --del sshd fi %postun server if [ "$1" = "0" ]; then - /usr/sbin/userdel sshd + %userremove sshd fi %files @@ -533,22 +607,24 @@ fi %attr(755,root,root) %{_bindir}/ssh-key* %{_mandir}/man1/ssh-key*.1* %dir %{_sysconfdir} +%dir %{_libexecdir} %files clients %defattr(644,root,root,755) %doc connect.html -%attr(0755,root,root) %{_bindir}/connect -%attr(0755,root,root) %{_bindir}/ssh -%attr(0755,root,root) %{_bindir}/slogin -%attr(0755,root,root) %{_bindir}/sftp -%attr(0755,root,root) %{_bindir}/ssh-agent -%attr(0755,root,root) %{_bindir}/ssh-add -%attr(0755,root,root) %{_bindir}/scp -%config(noreplace) %verify(not md5 size mtime) %{_sysconfdir}/ssh_config +%attr(755,root,root) %{_bindir}/connect +%attr(755,root,root) %{_bindir}/ssh +%attr(755,root,root) %{_bindir}/slogin +%attr(755,root,root) %{_bindir}/sftp +%attr(755,root,root) %{_bindir}/ssh-agent +%attr(755,root,root) %{_bindir}/ssh-add +%attr(755,root,root) %{_bindir}/scp +%config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/ssh_config +%config(noreplace,missingok) %verify(not md5 mtime size) /etc/env.d/SSH_ASKPASS %if %{with sshagentsh} -%config(noreplace) %verify(not md5 size mtime) %{_sysconfdir}/ssh-agent.conf -%attr(0755,root,root) /etc/profile.d/ssh-agent.sh -%attr(0755,root,root) /etc/X11/xinit/xinitrc.d/ssh-agent.sh +%config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/ssh-agent.conf +%attr(755,root,root) /etc/profile.d/ssh-agent.sh +%attr(755,root,root) /etc/X11/xinit/xinitrc.d/ssh-agent.sh %endif %{_mandir}/man1/scp.1* %{_mandir}/man1/ssh.1* @@ -571,21 +647,21 @@ fi %attr(755,root,root) %{_sbindir}/sshd %attr(755,root,root) %{_libexecdir}/sftp-server %attr(755,root,root) %{_libexecdir}/ssh-keysign -%dir %{_libexecdir} %{_mandir}/man8/sshd.8* %{_mandir}/man8/sftp-server.8* %{_mandir}/man8/ssh-keysign.8* %{_mandir}/man5/sshd_config.5* -%attr(640,root,root) %config(noreplace) %verify(not md5 size mtime) %{_sysconfdir}/sshd_config -%attr(640,root,root) %config(noreplace) %verify(not md5 size mtime) /etc/pam.d/sshd +%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/sshd_config +%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/pam.d/sshd %attr(640,root,root) %{_sysconfdir}/moduli %attr(754,root,root) /etc/rc.d/init.d/sshd -%attr(640,root,root) %config(noreplace) %verify(not md5 size mtime) /etc/sysconfig/sshd -%attr(640,root,root) %config(noreplace) %verify(not md5 size mtime) /etc/security/blacklist.sshd +%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/sysconfig/sshd +%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/security/blacklist.sshd %if %{with gnome} || %{with gtk} %files gnome-askpass %defattr(644,root,root,755) +%config(noreplace,missingok) %verify(not md5 mtime size) /etc/env.d/GNOME_SSH_ASKPASS* %dir %{_libexecdir}/ssh %attr(755,root,root) %{_libexecdir}/ssh/ssh-askpass %attr(755,root,root) %{_libexecdir}/ssh-askpass