]>
Commit | Line | Data |
---|---|---|
3a075991 AM |
1 | # TODO: |
2 | # - add trigger to enable this: | |
3 | # * sshd(8): This release turns on pre-auth sandboxing sshd by default for | |
4 | # new installs, by setting UsePrivilegeSeparation=sandbox in sshd_config. | |
2ebfbf87 | 5 | # |
2ca913e8 | 6 | # Conditional build: |
bb7a58b9 | 7 | %bcond_without audit # sshd audit support |
be127028 JB |
8 | %bcond_with gnome # gnome-askpass (GNOME 1.x) utility |
9 | %bcond_without gtk # gnome-askpass (GTK+ 2.x) utility | |
10 | %bcond_without ldap # LDAP support | |
11 | %bcond_with ldns # DNSSEC support via libldns | |
12 | %bcond_without libedit # libedit (editline/history support in sftp client) | |
13 | %bcond_without kerberos5 # Kerberos5 support | |
14 | %bcond_without selinux # SELinux support | |
cebd27df | 15 | %bcond_without libseccomp # use libseccomp for seccomp privsep (requires 3.5 kernel) |
5c609334 | 16 | %bcond_with hpn # High Performance SSH/SCP - HPN-SSH including Cipher NONE (broken too often) |
be127028 | 17 | %bcond_without tests # test suite |
dfcab906 | 18 | %bcond_with tests_conch # run conch interoperability tests |
516496e1 | 19 | |
cef904f1 JB |
20 | # gtk2-based gnome-askpass means no gnome1-based |
21 | %{?with_gtk:%undefine with_gnome} | |
cc788d8e | 22 | |
2ebfbf87 ER |
23 | %if "%{pld_release}" == "ac" |
24 | %define pam_ver 0.79.0 | |
25 | %else | |
afced56b | 26 | %define pam_ver 1:1.1.8-5 |
2ebfbf87 | 27 | %endif |
52000378 | 28 | Summary: OpenSSH free Secure Shell (SSH) implementation |
25e16946 ER |
29 | Summary(de.UTF-8): OpenSSH - freie Implementation der Secure Shell (SSH) |
30 | Summary(es.UTF-8): Implementación libre de SSH | |
31 | Summary(fr.UTF-8): Implémentation libre du shell sécurisé OpenSSH (SSH) | |
32 | Summary(it.UTF-8): Implementazione gratuita OpenSSH della Secure Shell | |
33 | Summary(pl.UTF-8): Publicznie dostępna implementacja bezpiecznego shella (SSH) | |
34 | Summary(pt.UTF-8): Implementação livre OpenSSH do protocolo 'Secure Shell' (SSH) | |
35 | Summary(pt_BR.UTF-8): Implementação livre do SSH | |
36 | Summary(ru.UTF-8): OpenSSH - свободная реализация протокола Secure Shell (SSH) | |
37 | Summary(uk.UTF-8): OpenSSH - вільна реалізація протоколу Secure Shell (SSH) | |
52000378 | 38 | Name: openssh |
96e630ce JP |
39 | Version: 9.4p1 |
40 | Release: 1 | |
f5fc6a92 | 41 | Epoch: 2 |
5d1c7089 | 42 | License: BSD |
43 | Group: Applications/Networking | |
9e60e43d | 44 | Source0: https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/%{name}-%{version}.tar.gz |
96e630ce | 45 | # Source0-md5: 4bbd56a7ba51b0cd61debe8f9e77f8bb |
486d736c JR |
46 | Source1: http://www.mif.pg.gda.pl/homepages/ankry/man-PLD/%{name}-non-english-man-pages.tar.bz2 |
47 | # Source1-md5: 66943d481cc422512b537bcc2c7400d1 | |
48 | Source2: %{name}d.init | |
49 | Source3: %{name}d.pamd | |
50 | Source4: %{name}.sysconfig | |
51 | Source5: ssh-agent.sh | |
52 | Source6: ssh-agent.conf | |
b32891d6 | 53 | Source7: %{name}-lpk.schema |
c75fc765 JR |
54 | Source9: sshd.service |
55 | Source10: sshd-keygen | |
84b4a299 ER |
56 | Source11: sshd.socket |
57 | Source12: sshd@.service | |
ea055907 | 58 | Patch100: %{name}-git.patch |
e179aa75 | 59 | # Patch100-md5: eb723cc4f21efc32752161d539c9c5e9 |
babeef58 | 60 | Patch0: %{name}-no-pty-tests.patch |
f5fe75c7 | 61 | Patch1: %{name}-tests-reuseport.patch |
8d59ede4 JB |
62 | Patch2: %{name}-pam_misc.patch |
63 | Patch3: %{name}-sigpipe.patch | |
501aed94 | 64 | # http://pkgs.fedoraproject.org/gitweb/?p=openssh.git;a=tree |
2faa36da ER |
65 | Patch4: %{name}-ldap.patch |
66 | Patch5: %{name}-ldap-fixes.patch | |
a46537e7 ER |
67 | Patch6: ldap.conf.patch |
68 | Patch7: %{name}-config.patch | |
69 | Patch8: ldap-helper-sigpipe.patch | |
0a069c2e | 70 | # High Performance SSH/SCP - HPN-SSH - http://www.psc.edu/networking/projects/hpn-ssh/ |
0d5b2bd4 ER |
71 | # http://www.psc.edu/networking/projects/hpn-ssh/openssh-5.2p1-hpn13v6.diff.gz |
72 | Patch9: %{name}-5.2p1-hpn13v6.diff | |
8ecc35d4 | 73 | |
100234b3 | 74 | Patch11: %{name}-chroot.patch |
cf41b13a | 75 | |
dfcab906 | 76 | Patch13: %{name}-skip-interop-tests.patch |
eefe27ae | 77 | Patch14: %{name}-bind.patch |
f4e7272b | 78 | Patch15: %{name}-disable_ldap.patch |
c5eb8e82 | 79 | URL: http://www.openssh.com/portable.html |
0a069c2e | 80 | BuildRequires: %{__perl} |
26d23d17 JB |
81 | %{?with_audit:BuildRequires: audit-libs-devel} |
82 | BuildRequires: autoconf >= 2.50 | |
8f12ae30 | 83 | BuildRequires: automake |
9cfed0b2 | 84 | %{?with_gnome:BuildRequires: gnome-libs-devel} |
85 | %{?with_gtk:BuildRequires: gtk+2-devel} | |
044fff96 | 86 | %{?with_kerberos5:BuildRequires: heimdal-devel >= 0.7} |
be127028 | 87 | %{?with_ldns:BuildRequires: ldns-devel} |
f6c7fa07 | 88 | %{?with_libedit:BuildRequires: libedit-devel} |
fb727dfc | 89 | BuildRequires: libfido2-devel >= 1.5.0 |
2c09e4b5 | 90 | %{?with_libseccomp:BuildRequires: libseccomp-devel} |
70329622 | 91 | %{?with_selinux:BuildRequires: libselinux-devel} |
044fff96 | 92 | %{?with_ldap:BuildRequires: openldap-devel} |
96e630ce | 93 | BuildRequires: openssl-devel >= 1.1.1 |
92d612e6 | 94 | BuildRequires: pam-devel |
9cfed0b2 | 95 | %{?with_gtk:BuildRequires: pkgconfig} |
dfcab906 JP |
96 | %if %{with tests} && %{with tests_conch} |
97 | BuildRequires: python-TwistedConch | |
98 | %endif | |
2ebfbf87 | 99 | BuildRequires: rpm >= 4.4.9-56 |
9b081c51 | 100 | BuildRequires: rpm-build >= 4.6 |
56a884d0 | 101 | BuildRequires: rpmbuild(macros) >= 1.752 |
a42c5034 | 102 | BuildRequires: sed >= 4.0 |
3512e61a | 103 | BuildRequires: zlib-devel >= 1.2.3 |
744d77c8 | 104 | %if %{with tests} && 0%(id -u sshd >/dev/null 2>&1; echo $?) |
9880a59f ER |
105 | BuildRequires: %{name}-server |
106 | %endif | |
ea57cfec ER |
107 | %if %{with tests} && %{with libseccomp} |
108 | # libseccomp based sandbox requires NO_NEW_PRIVS prctl flag | |
109 | BuildRequires: uname(release) >= 3.5 | |
110 | %endif | |
3512e61a | 111 | Requires: zlib >= 1.2.3 |
f937b661 | 112 | Obsoletes: ssh |
05fbd2e9 | 113 | BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n) |
52000378 | 114 | |
b7b47957 | 115 | %define _sysconfdir /etc/ssh |
1dd7cf18 | 116 | %define _libexecdir %{_libdir}/%{name} |
a14c109c | 117 | %define _privsepdir /usr/share/empty |
b32891d6 | 118 | %define schemadir /usr/share/openldap/schema |
6fe24471 AF |
119 | |
120 | %description | |
121 | Ssh (Secure Shell) a program for logging into a remote machine and for | |
11530f15 | 122 | executing commands in a remote machine. It is intended to replace |
123 | rlogin and rsh, and provide secure encrypted communications between | |
124 | two untrusted hosts over an insecure network. X11 connections and | |
125 | arbitrary TCP/IP ports can also be forwarded over the secure channel. | |
6fe24471 | 126 | |
11530f15 | 127 | OpenSSH is OpenBSD's rework of the last free version of SSH, bringing |
128 | it up to date in terms of security and features, as well as removing | |
129 | all patented algorithms to seperate libraries (OpenSSL). | |
6fe24471 | 130 | |
11530f15 | 131 | This package includes the core files necessary for both the OpenSSH |
132 | client and server. To make this package useful, you should also | |
133 | install openssh-clients, openssh-server, or both. | |
a42c5034 | 134 | |
0d5b2bd4 | 135 | %if %{with hpn} |
0a069c2e | 136 | This release includes High Performance SSH/SCP patches from |
a42c5034 ER |
137 | http://www.psc.edu/networking/projects/hpn-ssh/ which are supposed to |
138 | increase throughput on fast connections with high RTT (20-150 msec). | |
088aab43 | 139 | See the website for '-w' values for your connection and /proc/sys TCP |
140 | values. BTW. in a LAN you have got generally RTT < 1 msec. | |
141 | %endif | |
6fe24471 | 142 | |
84ae85a3 | 143 | %description -l de.UTF-8 |
aebfac88 JB |
144 | OpenSSH (Secure Shell) stellt den Zugang zu anderen Rechnern her. Es |
145 | ersetzt telnet, rlogin, rexec und rsh und stellt eine sichere, | |
84ae85a3 JR |
146 | verschlüsselte Verbindung zwischen zwei nicht vertrauenswürdigen Hosts |
147 | über eine unsicheres Netzwerk her. X11 Verbindungen und beliebige | |
148 | andere TCP/IP Ports können ebenso über den sicheren Channel | |
aebfac88 JB |
149 | weitergeleitet werden. |
150 | ||
84ae85a3 JR |
151 | %description -l es.UTF-8 |
152 | SSH es un programa para accesar y ejecutar órdenes en computadores | |
153 | remotos. Sustituye rlogin y rsh, y suministra un canal de comunicación | |
6c34819e | 154 | seguro entre dos servidores en una red insegura. Conexiones X11 y |
84ae85a3 | 155 | puertas TCP/IP arbitrárias también pueden ser usadas por el canal |
6c34819e | 156 | seguro. |
157 | ||
158 | OpenSSH es el resultado del trabajo del equipo de OpenBSD para | |
84ae85a3 JR |
159 | continuar la última versión gratuita de SSH, actualizándolo en |
160 | términos de seguridad y recursos,así también eliminando todos los | |
161 | algoritmos patentados y colocándolos en bibliotecas separadas | |
6c34819e | 162 | (OpenSSL). |
163 | ||
164 | Este paquete contiene "port" para Linux de OpenSSH. Se debe instalar | |
84ae85a3 | 165 | también el paquete openssh-clients u openssh-server o ambos. |
6c34819e | 166 | |
84ae85a3 JR |
167 | %description -l fr.UTF-8 |
168 | OpenSSH (Secure Shell) fournit un accès à un système distant. Il | |
aebfac88 | 169 | remplace telnet, rlogin, rexec et rsh, tout en assurant des |
84ae85a3 JR |
170 | communications cryptées securisées entre deux hôtes non fiabilisés sur |
171 | un réseau non sécurisé. Des connexions X11 et des ports TCP/IP | |
172 | arbitraires peuvent également être transmis sur le canal sécurisé. | |
aebfac88 | 173 | |
84ae85a3 | 174 | %description -l it.UTF-8 |
aebfac88 JB |
175 | OpenSSH (Secure Shell) fornisce l'accesso ad un sistema remoto. |
176 | Sostituisce telnet, rlogin, rexec, e rsh, e fornisce comunicazioni | |
177 | sicure e crittate tra due host non fidati su una rete non sicura. Le | |
178 | connessioni X11 ad una porta TCP/IP arbitraria possono essere | |
179 | inoltrate attraverso un canale sicuro. | |
180 | ||
84ae85a3 JR |
181 | %description -l pl.UTF-8 |
182 | Ssh (Secure Shell) to program służący do logowania się na zdalną | |
183 | maszynę i uruchamiania na niej aplikacji. W zamierzeniu openssh ma | |
184 | zastąpić rlogin, rsh i dostarczyć bezpieczne, szyfrowane połączenie | |
185 | pomiędzy dwoma hostami. | |
93e2d77c | 186 | |
84ae85a3 JR |
187 | Ten pakiet zawiera podstawowe pliki potrzebne zarówno po stronie |
188 | klienta jak i serwera OpenSSH. Aby był użyteczny, trzeba zainstalować | |
189 | co najmniej jeden z pakietów: openssh-clients lub openssh-server. | |
a42c5034 | 190 | |
0d5b2bd4 | 191 | %if %{with hpn} |
84ae85a3 JR |
192 | Ta wersja zawiera łaty z projektu High Performance SSH/SCP |
193 | http://www.psc.edu/networking/projects/hpn-ssh/, które mają na celu | |
a42c5034 ER |
194 | zwiększenie przepustowości transmisji dla szybkich połączeń z dużym |
195 | RTT (20-150 msec). Na stronie projektu znaleźć można odpowednie dla | |
196 | danego połączenia wartości parametru '-w' oraz opcje /proc/sys dla | |
197 | TCP. Nawiasem mówiąc w sieciach LAN RTT < 1 msec. | |
088aab43 | 198 | %endif |
aebfac88 | 199 | |
84ae85a3 | 200 | %description -l pt.UTF-8 |
aebfac88 | 201 | OpenSSH (Secure Shell) fornece acesso a um sistema remoto. Substitui o |
84ae85a3 JR |
202 | telnet, rlogin, rexec, e o rsh e fornece comunicações seguras e |
203 | cifradas entre duas máquinas sem confiança mútua sobre uma rede | |
204 | insegura. Ligações X11 e portos TCP/IP arbitrários também poder ser | |
aebfac88 JB |
205 | reenviados pelo canal seguro. |
206 | ||
84ae85a3 JR |
207 | %description -l pt_BR.UTF-8 |
208 | SSH é um programa para acessar e executar comandos em máquinas | |
209 | remotas. Ele substitui rlogin e rsh, e provem um canal de comunicação | |
210 | seguro entre dois hosts em uma rede insegura. Conexões X11 e portas | |
211 | TCP/IP arbitrárias também podem ser usadas pelo canal seguro. | |
6c34819e | 212 | |
84ae85a3 JR |
213 | OpenSSH é o resultado do trabalho da equipe do OpenBSD em continuar a |
214 | última versão gratuita do SSH, atualizando-o em termos de segurança e | |
6c34819e | 215 | recursos, assim como removendo todos os algoritmos patenteados e |
216 | colocando-os em bibliotecas separadas (OpenSSL). | |
217 | ||
84ae85a3 JR |
218 | Esse pacote contém o "port" pra Linux do OpenSSH. Você deve instalar |
219 | também ou o pacote openssh-clients, ou o openssh-server, ou ambos. | |
220 | ||
221 | %description -l ru.UTF-8 | |
222 | Ssh (Secure Shell) - это программа для "захода" (login) на удаленную | |
223 | машину и для выполнения команд на удаленной машине. Она предназначена | |
224 | для замены rlogin и rsh и обеспечивает безопасную шифрованную | |
225 | коммуникацию между двумя хостами в сети, являющейся небезопасной. | |
226 | Соединения X11 и любые порты TCP/IP могут также быть проведены через | |
227 | безопасный канал. | |
228 | ||
229 | OpenSSH - это переделка командой разработчиков OpenBSD последней | |
230 | свободной версии SSH, доведенная до современного состояния в терминах | |
231 | уровня безопасности и поддерживаемых возможностей. Все патентованные | |
232 | алгоритмы вынесены в отдельные библиотеки (OpenSSL). | |
233 | ||
234 | Этот пакет содержит файлы, необходимые как для клиента, так и для | |
235 | сервера OpenSSH. Вам нужно будет установить еще openssh-clients, | |
236 | openssh-server, или оба пакета. | |
237 | ||
238 | %description -l uk.UTF-8 | |
239 | Ssh (Secure Shell) - це програма для "заходу" (login) до віддаленої | |
240 | машини та для виконання команд на віддаленій машині. Вона призначена | |
241 | для заміни rlogin та rsh і забезпечує безпечну шифровану комунікацію | |
242 | між двома хостами в мережі, яка не є безпечною. З'єднання X11 та | |
243 | довільні порти TCP/IP можуть також бути проведені через безпечний | |
244 | канал. | |
245 | ||
246 | OpenSSH - це переробка командою розробників OpenBSD останньої вільної | |
247 | версії SSH, доведена до сучасного стану в термінах рівня безпеки та | |
248 | підтримуваних можливостей. Всі патентовані алгоритми винесені до | |
249 | окремих бібліотек (OpenSSL). | |
250 | ||
251 | Цей пакет містить файли, необхідні як для клієнта, так і для сервера | |
252 | OpenSSH. Вам потрібно буде ще встановити openssh-clients, | |
253 | openssh-server, чи обидва пакети. | |
cb086001 | 254 | |
52000378 AF |
255 | %package clients |
256 | Summary: OpenSSH Secure Shell protocol clients | |
25e16946 ER |
257 | Summary(es.UTF-8): Clientes de OpenSSH |
258 | Summary(pl.UTF-8): Klienci protokołu Secure Shell | |
259 | Summary(pt_BR.UTF-8): Clientes do OpenSSH | |
260 | Summary(ru.UTF-8): OpenSSH - клиенты протокола Secure Shell | |
261 | Summary(uk.UTF-8): OpenSSH - клієнти протоколу Secure Shell | |
52000378 | 262 | Group: Applications/Networking |
74ae1f27 | 263 | Requires: %{name} = %{epoch}:%{version}-%{release} |
0ce7c246 | 264 | Suggests: %{name}-clients-helper-fido = %{epoch}:%{version}-%{release} |
516496e1 | 265 | Provides: ssh-clients |
a14c109c | 266 | Obsoletes: ssh-clients |
40030b4d | 267 | %requires_eq_to openssl%{?_isa} openssl-devel |
6fe24471 | 268 | |
52000378 AF |
269 | %description clients |
270 | Ssh (Secure Shell) a program for logging into a remote machine and for | |
11530f15 | 271 | executing commands in a remote machine. It is intended to replace |
272 | rlogin and rsh, and provide secure encrypted communications between | |
273 | two untrusted hosts over an insecure network. X11 connections and | |
274 | arbitrary TCP/IP ports can also be forwarded over the secure channel. | |
6fe24471 | 275 | |
11530f15 | 276 | OpenSSH is OpenBSD's rework of the last free version of SSH, bringing |
277 | it up to date in terms of security and features, as well as removing | |
278 | all patented algorithms to seperate libraries (OpenSSL). | |
52000378 | 279 | |
11530f15 | 280 | This package includes the clients necessary to make encrypted |
281 | connections to SSH servers. | |
52000378 | 282 | |
84ae85a3 | 283 | %description clients -l es.UTF-8 |
6c34819e | 284 | Este paquete incluye los clientes que se necesitan para hacer |
285 | conexiones codificadas con servidores SSH. | |
286 | ||
84ae85a3 JR |
287 | %description clients -l pl.UTF-8 |
288 | Ssh (Secure Shell) to program służący do logowania się na zdalną | |
289 | maszynę i uruchamiania na niej aplikacji. W zamierzeniu openssh ma | |
290 | zastąpić rlogin, rsh i dostarczyć bezpieczne, szyfrowane połączenie | |
291 | pomiędzy dwoma hostami. | |
93e2d77c | 292 | |
84ae85a3 | 293 | Ten pakiet zawiera klientów służących do łączenia się z serwerami SSH. |
93e2d77c | 294 | |
84ae85a3 JR |
295 | %description clients -l pt_BR.UTF-8 |
296 | Esse pacote inclui os clientes necessários para fazer conexões | |
6c34819e | 297 | encriptadas com servidores SSH. |
298 | ||
84ae85a3 JR |
299 | %description clients -l ru.UTF-8 |
300 | Ssh (Secure Shell) - это программа для "захода" (login) на удаленную | |
301 | машину и для выполнения команд на удаленной машине. | |
cb086001 | 302 | |
84ae85a3 JR |
303 | Этот пакет содержит программы-клиенты, необходимые для установления |
304 | зашифрованных соединений с серверами SSH. | |
cb086001 | 305 | |
84ae85a3 JR |
306 | %description clients -l uk.UTF-8 |
307 | Ssh (Secure Shell) - це програма для "заходу" (login) до віддаленої | |
308 | машини та для виконання команд на віддаленій машині. | |
cb086001 | 309 | |
84ae85a3 JR |
310 | Цей пакет містить програми-клієнти, необхідні для встановлення |
311 | зашифрованих з'єднань з серверами SSH. | |
cb086001 | 312 | |
8a7ba6eb AM |
313 | %package clients-agent-profile_d |
314 | Summary: OpenSSH Secure Shell agent init script | |
4944be5f | 315 | Summary(pl.UTF-8): Skrypt startowy agenta OpenSSH |
8a7ba6eb AM |
316 | Group: Applications/Networking |
317 | Requires: %{name}-clients = %{epoch}:%{version}-%{release} | |
318 | ||
319 | %description clients-agent-profile_d | |
320 | profile.d scripts for starting SSH agent. | |
321 | ||
4944be5f JB |
322 | %description clients-agent-profile_d -l pl.UTF-8 |
323 | Skrypty profile.d do uruchamiania agenta SSH. | |
324 | ||
8a7ba6eb AM |
325 | %package clients-agent-xinitrc |
326 | Summary: OpenSSH Secure Shell agent init script | |
327 | Summary(pl.UTF-8): Skrypt inicjujący agenta ssh przez xinitrc | |
328 | Group: Applications/Networking | |
329 | Requires: %{name}-clients-agent-profile_d = %{epoch}:%{version}-%{release} | |
330 | Requires: xinitrc | |
331 | ||
332 | %description clients-agent-xinitrc | |
333 | xinitrc scripts for starting SSH agent. | |
334 | ||
4944be5f JB |
335 | %description clients-agent-xinitrc -l pl.UTF-8 |
336 | Skrypty xinitrc do uruchamiania agenta SSH. | |
8a7ba6eb | 337 | |
0ce7c246 BS |
338 | %package clients-helper-fido |
339 | Summary: OpenSSH helper for FIDO authenticator | |
340 | Summary(pl.UTF-8): OpenSSH helper obsługujący klucz autoryzujący FIDO | |
341 | Group: Applications/Networking | |
342 | Requires: %{name}-clients = %{epoch}:%{version}-%{release} | |
0d9b67e3 | 343 | Requires: libfido2 >= 1.5.0 |
0ce7c246 BS |
344 | |
345 | %description clients-helper-fido | |
346 | OpenSSH helper for FIDO authenticator. | |
347 | ||
348 | %description clients-helper-fido -l pl.UTF-8 | |
349 | OpenSSH helper obsługujący klucz autoryzujący FIDO. | |
350 | ||
52000378 AF |
351 | %package server |
352 | Summary: OpenSSH Secure Shell protocol server (sshd) | |
25e16946 ER |
353 | Summary(de.UTF-8): OpenSSH Secure Shell Protocol-Server (sshd) |
354 | Summary(es.UTF-8): Servidor OpenSSH para comunicaciones codificadas | |
355 | Summary(fr.UTF-8): Serveur de protocole du shell sécurisé OpenSSH (sshd) | |
356 | Summary(it.UTF-8): Server OpenSSH per il protocollo Secure Shell (sshd) | |
357 | Summary(pl.UTF-8): Serwer protokołu Secure Shell (sshd) | |
358 | Summary(pt.UTF-8): Servidor do protocolo 'Secure Shell' OpenSSH (sshd) | |
359 | Summary(pt_BR.UTF-8): Servidor OpenSSH para comunicações encriptadas | |
360 | Summary(ru.UTF-8): OpenSSH - сервер протокола Secure Shell (sshd) | |
361 | Summary(uk.UTF-8): OpenSSH - сервер протоколу Secure Shell (sshd) | |
52000378 | 362 | Group: Networking/Daemons |
2ebfbf87 | 363 | Requires(post): /sbin/chkconfig |
40cb2e83 | 364 | Requires(post): grep |
0a069c2e | 365 | Requires(post,preun): /sbin/chkconfig |
9b604401 | 366 | Requires(postun): /usr/sbin/userdel |
0a069c2e ER |
367 | Requires(pre): /bin/id |
368 | Requires(pre): /usr/sbin/useradd | |
40e0df39 | 369 | Requires(post,preun,postun): systemd-units >= 38 |
0a069c2e | 370 | Requires: %{name} = %{epoch}:%{version}-%{release} |
b4741779 JP |
371 | %if "%{pld_release}" == "ac" |
372 | Requires: filesystem >= 2.0-1 | |
373 | Requires: pam >= 0.79.0 | |
374 | %else | |
375 | Requires: filesystem >= 3.0-11 | |
2ebfbf87 | 376 | Requires: pam >= %{pam_ver} |
b4741779 JP |
377 | Suggests: xorg-app-xauth |
378 | %endif | |
c0f446a0 | 379 | Requires: rc-scripts >= 0.4.3.0 |
40e0df39 | 380 | Requires: systemd-units >= 38 |
a5562ea2 | 381 | %{?with_libseccomp:Requires: uname(release) >= 3.5} |
0a069c2e | 382 | Requires: util-linux |
80fcc8c8 | 383 | %{?with_ldap:Suggests: %{name}-server-ldap} |
0d5b2bd4 | 384 | Suggests: /bin/login |
141a04d1 | 385 | Suggests: xorg-app-xauth |
516496e1 ER |
386 | Provides: ssh-server |
387 | Provides: user(sshd) | |
40030b4d | 388 | %requires_eq_to openssl%{?_isa} openssl-devel |
52000378 AF |
389 | |
390 | %description server | |
391 | Ssh (Secure Shell) a program for logging into a remote machine and for | |
11530f15 | 392 | executing commands in a remote machine. It is intended to replace |
393 | rlogin and rsh, and provide secure encrypted communications between | |
394 | two untrusted hosts over an insecure network. X11 connections and | |
395 | arbitrary TCP/IP ports can also be forwarded over the secure channel. | |
52000378 | 396 | |
11530f15 | 397 | OpenSSH is OpenBSD's rework of the last free version of SSH, bringing |
398 | it up to date in terms of security and features, as well as removing | |
399 | all patented algorithms to seperate libraries (OpenSSL). | |
52000378 | 400 | |
11530f15 | 401 | This package contains the secure shell daemon. The sshd is the server |
402 | part of the secure shell protocol and allows ssh clients to connect to | |
403 | your host. | |
6fe24471 | 404 | |
84ae85a3 | 405 | %description server -l de.UTF-8 |
aebfac88 JB |
406 | Dieses Paket installiert den sshd, den Server-Teil der OpenSSH. |
407 | ||
84ae85a3 | 408 | %description server -l es.UTF-8 |
6c34819e | 409 | Este paquete contiene el servidor SSH. sshd es la parte servidor del |
410 | protocolo secure shell y permite que clientes ssh se conecten a su | |
411 | servidor. | |
412 | ||
84ae85a3 | 413 | %description server -l fr.UTF-8 |
aebfac88 JB |
414 | Ce paquetage installe le 'sshd', partie serveur de OpenSSH. |
415 | ||
84ae85a3 | 416 | %description server -l it.UTF-8 |
aebfac88 JB |
417 | Questo pacchetto installa sshd, il server di OpenSSH. |
418 | ||
84ae85a3 JR |
419 | %description server -l pl.UTF-8 |
420 | Ssh (Secure Shell) to program służący do logowania się na zdalną | |
421 | maszynę i uruchamiania na niej aplikacji. W zamierzeniu openssh ma | |
422 | zastąpić rlogin, rsh i dostarczyć bezpieczne, szyfrowane połączenie | |
423 | pomiędzy dwoma hostami. | |
93e2d77c | 424 | |
84ae85a3 | 425 | Ten pakiet zawiera serwer sshd (do którego mogą łączyć się klienci |
11530f15 | 426 | ssh). |
93e2d77c | 427 | |
84ae85a3 | 428 | %description server -l pt.UTF-8 |
aebfac88 JB |
429 | Este pacote intala o sshd, o servidor do OpenSSH. |
430 | ||
84ae85a3 JR |
431 | %description server -l pt_BR.UTF-8 |
432 | Esse pacote contém o servidor SSH. O sshd é a parte servidor do | |
6c34819e | 433 | protocolo secure shell e permite que clientes ssh se conectem ao seu |
434 | host. | |
435 | ||
84ae85a3 JR |
436 | %description server -l ru.UTF-8 |
437 | Ssh (Secure Shell) - это программа для "захода" (login) на удаленную | |
438 | машину и для выполнения команд на удаленной машине. | |
cb086001 | 439 | |
84ae85a3 JR |
440 | Этот пакет содержит sshd - "демон" Secure Shell. sshd - это серверная |
441 | часть протокола Secure Shell, позволяющая клиентам ssh соединяться с | |
442 | вашим хостом. | |
cb086001 | 443 | |
84ae85a3 JR |
444 | %description server -l uk.UTF-8 |
445 | Ssh (Secure Shell) - це програма для "заходу" (login) до віддаленої | |
446 | машини та для виконання команд на віддаленій машині. | |
cb086001 | 447 | |
84ae85a3 JR |
448 | Цей пакет містить sshd - "демон" Secure Shell. sshd - це серверна |
449 | частина протоколу Secure Shell, яка дозволяє клієнтам ssh зв'язуватись | |
450 | з вашим хостом. | |
cb086001 | 451 | |
44144fb7 ER |
452 | %package server-ldap |
453 | Summary: A LDAP support for open source SSH server daemon | |
bb7a58b9 | 454 | Summary(pl.UTF-8): Wsparcie LDAP dla serwera OpenSSH |
44144fb7 | 455 | Group: Daemons |
1a0628c8 | 456 | Requires: %{name} = %{epoch}:%{version}-%{release} |
69658eff | 457 | Requires: openldap-nss-config |
44144fb7 ER |
458 | |
459 | %description server-ldap | |
460 | OpenSSH LDAP backend is a way how to distribute the authorized tokens | |
461 | among the servers in the network. | |
462 | ||
bb7a58b9 JB |
463 | %description server-ldap -l pl.UTF-8 |
464 | Backend LDAP dla OpenSSH to metoda rozprowadzania autoryzowanych | |
465 | tokenów między serwerami w sieci. | |
466 | ||
6e70f4f7 | 467 | %package gnome-askpass |
52000378 | 468 | Summary: OpenSSH GNOME passphrase dialog |
25e16946 ER |
469 | Summary(de.UTF-8): OpenSSH GNOME Passwort-Dialog |
470 | Summary(es.UTF-8): Diálogo para introducción de passphrase para GNOME | |
471 | Summary(fr.UTF-8): Dialogue pass-phrase GNOME d'OpenSSH | |
472 | Summary(it.UTF-8): Finestra di dialogo GNOME per la frase segreta di OpenSSH | |
473 | Summary(pl.UTF-8): Odpytywacz hasła OpenSSH dla GNOME | |
474 | Summary(pt.UTF-8): Diálogo de pedido de senha para GNOME do OpenSSH | |
475 | Summary(pt_BR.UTF-8): Diálogo para entrada de passphrase para GNOME | |
476 | Summary(ru.UTF-8): OpenSSH - диалог ввода ключевой фразы (passphrase) для GNOME | |
477 | Summary(uk.UTF-8): OpenSSH - діалог вводу ключової фрази (passphrase) для GNOME | |
52000378 | 478 | Group: Applications/Networking |
96f686c2 | 479 | Requires: %{name} = %{epoch}:%{version}-%{release} |
f937b661 | 480 | Obsoletes: openssh-askpass |
0a069c2e ER |
481 | Obsoletes: ssh-askpass |
482 | Obsoletes: ssh-extras | |
52000378 | 483 | |
6e70f4f7 | 484 | %description gnome-askpass |
52000378 | 485 | Ssh (Secure Shell) a program for logging into a remote machine and for |
11530f15 | 486 | executing commands in a remote machine. It is intended to replace |
487 | rlogin and rsh, and provide secure encrypted communications between | |
488 | two untrusted hosts over an insecure network. X11 connections and | |
489 | arbitrary TCP/IP ports can also be forwarded over the secure channel. | |
52000378 | 490 | |
11530f15 | 491 | OpenSSH is OpenBSD's rework of the last free version of SSH, bringing |
492 | it up to date in terms of security and features, as well as removing | |
493 | all patented algorithms to seperate libraries (OpenSSL). | |
52000378 AF |
494 | |
495 | This package contains the GNOME passphrase dialog. | |
496 | ||
84ae85a3 JR |
497 | %description gnome-askpass -l es.UTF-8 |
498 | Este paquete contiene un programa que abre una caja de diálogo para | |
6c34819e | 499 | entrada de passphrase en GNOME. |
500 | ||
84ae85a3 JR |
501 | %description gnome-askpass -l pl.UTF-8 |
502 | Ssh (Secure Shell) to program służący do logowania się na zdalną | |
503 | maszynę i uruchamiania na niej aplikacji. W zamierzeniu openssh ma | |
504 | zastąpić rlogin, rsh i dostarczyć bezpieczne, szyfrowane połączenie | |
505 | pomiędzy dwoma hostami. | |
93e2d77c | 506 | |
84ae85a3 | 507 | Ten pakiet zawiera ,,odpytywacz hasła'' dla GNOME. |
93e2d77c | 508 | |
84ae85a3 JR |
509 | %description gnome-askpass -l pt_BR.UTF-8 |
510 | Esse pacote contém um programa que abre uma caixa de diálogo para | |
6c34819e | 511 | entrada de passphrase no GNOME. |
512 | ||
84ae85a3 JR |
513 | %description gnome-askpass -l ru.UTF-8 |
514 | Ssh (Secure Shell) - это программа для "захода" (login) на удаленную | |
515 | машину и для выполнения команд на удаленной машине. | |
cb086001 | 516 | |
84ae85a3 | 517 | Этот пакет содержит диалог ввода ключевой фразы для использования под |
cb086001 | 518 | GNOME. |
519 | ||
84ae85a3 JR |
520 | %description gnome-askpass -l uk.UTF-8 |
521 | Ssh (Secure Shell) - це програма для "заходу" (login) до віддаленої | |
522 | машини та для виконання команд на віддаленій машині. | |
cb086001 | 523 | |
84ae85a3 | 524 | Цей пакет містить діалог вводу ключової фрази для використання під |
cb086001 | 525 | GNOME. |
526 | ||
b32891d6 JR |
527 | %package -n openldap-schema-openssh-lpk |
528 | Summary: OpenSSH LDAP Public Key schema | |
529 | Summary(pl.UTF-8): Schemat klucza publicznego LDAP dla OpenSSH | |
530 | Group: Networking/Daemons | |
531 | Requires(post,postun): sed >= 4.0 | |
532 | Requires: openldap-servers | |
759c2429 | 533 | BuildArch: noarch |
b32891d6 JR |
534 | |
535 | %description -n openldap-schema-openssh-lpk | |
536 | This package contains OpenSSH LDAP Public Key schema for openldap. | |
537 | ||
538 | %description -n openldap-schema-openssh-lpk -l pl.UTF-8 | |
0d5b2bd4 ER |
539 | Ten pakiet zawiera schemat klucza publicznego LDAP dla OpenSSH dla |
540 | openldap-a. | |
b32891d6 | 541 | |
52000378 | 542 | %prep |
ecf377a3 | 543 | %setup -q |
52f772a6 | 544 | #%%patch100 -p1 |
fdf9e348 | 545 | |
efacc8d4 | 546 | %patch0 -p1 |
f5fe75c7 | 547 | %patch1 -p1 |
1aca01a4 | 548 | %patch2 -p1 |
200ba837 | 549 | %patch3 -p1 |
8e00389d ER |
550 | %patch4 -p1 |
551 | %patch5 -p1 | |
501aed94 | 552 | %patch6 -p1 |
c53de5e9 | 553 | %patch7 -p1 |
a46537e7 | 554 | %patch8 -p1 |
ec3e8a5a | 555 | |
516496e1 | 556 | %{?with_hpn:%patch9 -p1} |
8ecc35d4 | 557 | |
100234b3 | 558 | %patch11 -p1 |
cf41b13a | 559 | |
dfcab906 | 560 | %patch13 -p1 |
c70906af | 561 | |
eefe27ae | 562 | %patch14 -p1 |
7effd328 | 563 | %{!?with_ldap:%patch15 -p1} |
52000378 | 564 | |
a42c5034 ER |
565 | %if "%{pld_release}" == "ac" |
566 | # fix for missing x11.pc | |
8f8ef1eb | 567 | %{__sed} -i -e 's/\(`$(PKG_CONFIG) --libs gtk+-2.0\) x11`/\1` -lX11/' contrib/Makefile |
a42c5034 ER |
568 | %endif |
569 | ||
afde20c1 | 570 | # hack since arc4random from openbsd-compat needs symbols from libssh and vice versa |
e257fca1 | 571 | sed -i -e 's#-lssh -lopenbsd-compat#-lssh -lopenbsd-compat -lssh -lopenbsd-compat#g' Makefile* |
afde20c1 | 572 | |
8e00389d ER |
573 | grep -rl /usr/libexec/openssh/ssh-ldap-helper . | xargs \ |
574 | %{__sed} -i -e 's,/usr/libexec/openssh/ssh-ldap-helper,%{_libexecdir}/ssh-ldap-helper,' | |
575 | ||
60e5e1f7 | 576 | # prevent being ovewritten by aclocal calls |
be127028 | 577 | %{__mv} aclocal.m4 acinclude.m4 |
60e5e1f7 | 578 | |
52000378 | 579 | %build |
0b24ec17 | 580 | %{__aclocal} |
5c76eb87 | 581 | %{__autoconf} |
501aed94 | 582 | %{__autoheader} |
95c415ad | 583 | CPPFLAGS="%{rpmcppflags} -DCHROOT -std=gnu99" |
52000378 | 584 | %configure \ |
c59fae24 | 585 | PERL=%{__perl} \ |
26d23d17 JB |
586 | --disable-strip \ |
587 | --enable-utmpx \ | |
588 | --enable-wtmpx \ | |
93e2d77c | 589 | --with-4in6 \ |
26d23d17 JB |
590 | %{?with_audit:--with-audit=linux} \ |
591 | --with-ipaddr-display \ | |
4a5c0c7d | 592 | %{?with_kerberos5:--with-kerberos5=/usr} \ |
8e00389d | 593 | --with-ldap%{!?with_ldap:=no} \ |
be127028 | 594 | %{?with_ldns:--with-ldns} \ |
26d23d17 | 595 | %{?with_libedit:--with-libedit} \ |
e129ff5e | 596 | --with-mantype=doc \ |
26d23d17 JB |
597 | --with-md5-passwords \ |
598 | --with-pam \ | |
05fbd2e9 | 599 | --with-pid-dir=%{_localstatedir}/run \ |
26d23d17 | 600 | --with-privsep-path=%{_privsepdir} \ |
d9c4ed5d | 601 | --with-privsep-user=sshd \ |
204858e5 | 602 | --with-security-key-builtin \ |
26d23d17 | 603 | %{?with_selinux:--with-selinux} \ |
2ebfbf87 | 604 | %if "%{pld_release}" == "ac" |
26d23d17 | 605 | --with-xauth=/usr/X11R6/bin/xauth |
2ebfbf87 | 606 | %else |
2c09e4b5 | 607 | %if %{with libseccomp} |
c6dafd57 | 608 | --with-sandbox=seccomp_filter \ |
2c09e4b5 AM |
609 | %else |
610 | --with-sandbox=rlimit \ | |
611 | %endif | |
26d23d17 | 612 | --with-xauth=%{_bindir}/xauth |
2ebfbf87 | 613 | %endif |
82f989ae | 614 | |
b8002dec | 615 | echo '#define LOGIN_PROGRAM "/bin/login"' >>config.h |
f9bf943b | 616 | |
100832a0 | 617 | %{__make} |
475ef6df | 618 | |
f5009688 AG |
619 | %if %{with tests} |
620 | %{__make} -j1 tests \ | |
e5444da8 | 621 | TEST_SSH_PORT=$((4242 + ${RANDOM:-$$} % 1000)) \ |
dfcab906 JP |
622 | TEST_SSH_TRACE="yes" \ |
623 | %if %{without tests_conch} | |
624 | SKIP_LTESTS="conch-ciphers" | |
625 | %endif | |
f5009688 | 626 | %endif |
6ab60e34 | 627 | |
40cb2e83 | 628 | cd contrib |
9cfed0b2 | 629 | %if %{with gnome} |
40cb2e83 JB |
630 | %{__make} gnome-ssh-askpass1 \ |
631 | CC="%{__cc} %{rpmldflags} %{rpmcflags}" | |
632 | %endif | |
9cfed0b2 | 633 | %if %{with gtk} |
40cb2e83 JB |
634 | %{__make} gnome-ssh-askpass2 \ |
635 | CC="%{__cc} %{rpmldflags} %{rpmcflags}" | |
636 | %endif | |
6fe24471 AF |
637 | |
638 | %install | |
639 | rm -rf $RPM_BUILD_ROOT | |
982e1069 | 640 | install -d $RPM_BUILD_ROOT{%{_sysconfdir},/etc/{pam.d,rc.d/init.d,sysconfig,security,env.d}} \ |
c75fc765 | 641 | $RPM_BUILD_ROOT{%{_libexecdir}/ssh,%{schemadir},%{systemdunitdir}} |
8a7ba6eb | 642 | install -d $RPM_BUILD_ROOT/etc/{profile.d,X11/xinit/xinitrc.d} |
52000378 | 643 | |
9a2a459a PG |
644 | %{__make} install \ |
645 | DESTDIR=$RPM_BUILD_ROOT | |
0d32b20f | 646 | |
486d736c | 647 | bzip2 -dc %{SOURCE1} | tar xf - -C $RPM_BUILD_ROOT%{_mandir} |
40cb2e83 | 648 | |
3b7de962 ER |
649 | install -p %{SOURCE2} $RPM_BUILD_ROOT/etc/rc.d/init.d/sshd |
650 | cp -p %{SOURCE3} $RPM_BUILD_ROOT/etc/pam.d/sshd | |
55c2af60 ER |
651 | cp -p %{SOURCE4} $RPM_BUILD_ROOT/etc/sysconfig/sshd |
652 | cp -p %{SOURCE5} $RPM_BUILD_ROOT/etc/profile.d | |
35cb43f7 | 653 | ln -sf /etc/profile.d/ssh-agent.sh $RPM_BUILD_ROOT/etc/X11/xinit/xinitrc.d/ssh-agent.sh |
55c2af60 ER |
654 | cp -p %{SOURCE6} $RPM_BUILD_ROOT%{_sysconfdir} |
655 | cp -p %{SOURCE7} $RPM_BUILD_ROOT%{schemadir} | |
c0f446a0 | 656 | |
35cb43f7 ER |
657 | cp -p %{SOURCE9} %{SOURCE11} %{SOURCE12} $RPM_BUILD_ROOT%{systemdunitdir} |
658 | install -p %{SOURCE10} $RPM_BUILD_ROOT%{_libexecdir}/sshd-keygen | |
c75fc765 | 659 | |
8d556bba | 660 | %{__sed} -i -e 's|@@LIBEXECDIR@@|%{_libexecdir}|g' \ |
87aca12d | 661 | $RPM_BUILD_ROOT/etc/rc.d/init.d/sshd \ |
d3fc9aae | 662 | $RPM_BUILD_ROOT%{systemdunitdir}/sshd.service \ |
dbfa4526 | 663 | $RPM_BUILD_ROOT%{systemdunitdir}/sshd@.service \ |
35cb43f7 | 664 | $RPM_BUILD_ROOT%{_libexecdir}/sshd-keygen |
84b4a299 | 665 | |
9cfed0b2 | 666 | %if %{with gnome} |
55c2af60 | 667 | install -p contrib/gnome-ssh-askpass1 $RPM_BUILD_ROOT%{_libexecdir}/ssh/ssh-askpass |
40cb2e83 | 668 | %endif |
9cfed0b2 | 669 | %if %{with gtk} |
55c2af60 | 670 | install -p contrib/gnome-ssh-askpass2 $RPM_BUILD_ROOT%{_libexecdir}/ssh/ssh-askpass |
1d1e6997 PG |
671 | %endif |
672 | %if %{with gnome} || %{with gtk} | |
6157007b | 673 | cat << 'EOF' >$RPM_BUILD_ROOT/etc/env.d/GNOME_SSH_ASKPASS_GRAB_SERVER |
1d1e6997 PG |
674 | #GNOME_SSH_ASKPASS_GRAB_SERVER="true" |
675 | EOF | |
6157007b | 676 | cat << 'EOF' >$RPM_BUILD_ROOT/etc/env.d/GNOME_SSH_ASKPASS_GRAB_POINTER |
1d1e6997 PG |
677 | #GNOME_SSH_ASKPASS_GRAB_POINTER="true" |
678 | EOF | |
4ae0bc0d | 679 | ln -s %{_libexecdir}/ssh/ssh-askpass $RPM_BUILD_ROOT%{_libexecdir}/ssh-askpass |
40cb2e83 | 680 | %endif |
6e70f4f7 | 681 | |
55c2af60 ER |
682 | install -p contrib/ssh-copy-id $RPM_BUILD_ROOT%{_bindir} |
683 | cp -p contrib/ssh-copy-id.1 $RPM_BUILD_ROOT%{_mandir}/man1 | |
0906c8d0 | 684 | |
ffbc041f | 685 | touch $RPM_BUILD_ROOT/etc/security/blacklist.sshd |
643dc12f | 686 | |
b8002dec | 687 | cat << 'EOF' > $RPM_BUILD_ROOT/etc/env.d/SSH_ASKPASS |
1d1e6997 PG |
688 | #SSH_ASKPASS="%{_libexecdir}/ssh-askpass" |
689 | EOF | |
690 | ||
3b7de962 ER |
691 | %if "%{pld_release}" == "ac" |
692 | # not present in ac, no point searching it | |
693 | %{__sed} -i -e '/pam_keyinit.so/d' $RPM_BUILD_ROOT/etc/pam.d/sshd | |
694 | # openssl on ac does not have OPENSSL_HAS_ECC | |
695 | %{__sed} -i -e '/ecdsa/d' $RPM_BUILD_ROOT%{_libexecdir}/sshd-keygen | |
696 | %endif | |
697 | ||
698 | %if %{without audit} | |
699 | # remove recording user's login uid to the process attribute | |
700 | %{__sed} -i -e '/pam_loginuid.so/d' $RPM_BUILD_ROOT/etc/pam.d/sshd | |
701 | %endif | |
702 | ||
26d23d17 | 703 | %{__rm} $RPM_BUILD_ROOT%{_mandir}/README.openssh-non-english-man-pages |
f4e7272b | 704 | %{?with_ldap:%{__rm} $RPM_BUILD_ROOT%{_sysconfdir}/ldap.conf} |
92815192 | 705 | |
6fe24471 AF |
706 | %clean |
707 | rm -rf $RPM_BUILD_ROOT | |
708 | ||
b259ae2c ER |
709 | %post clients |
710 | %env_update | |
711 | ||
712 | %postun clients | |
713 | %env_update | |
714 | ||
715 | %post gnome-askpass | |
716 | %env_update | |
717 | ||
718 | %postun gnome-askpass | |
719 | %env_update | |
720 | ||
8a304ceb | 721 | %pre server |
0225d3b8 | 722 | %useradd -P %{name}-server -u 40 -d %{_privsepdir} -s /bin/false -c "OpenSSH PrivSep User" -g nobody sshd |
4c8ae2f8 | 723 | |
52000378 | 724 | %post server |
d7fde396 | 725 | /sbin/chkconfig --add sshd |
fb0e16d1 | 726 | %service sshd reload "OpenSSH Daemon" |
c75fc765 JR |
727 | NORESTART=1 |
728 | %systemd_post sshd.service | |
6fe24471 | 729 | |
52000378 | 730 | %preun server |
d7fde396 | 731 | if [ "$1" = "0" ]; then |
b054de44 | 732 | %service sshd stop |
d7fde396 | 733 | /sbin/chkconfig --del sshd |
734 | fi | |
c75fc765 | 735 | %systemd_preun sshd.service |
6fe24471 | 736 | |
9b604401 JB |
737 | %postun server |
738 | if [ "$1" = "0" ]; then | |
5f4ffc90 | 739 | %userremove sshd |
9b604401 | 740 | fi |
c75fc765 | 741 | %systemd_reload |
9b604401 | 742 | |
5fdee2c7 | 743 | %triggerpostun server -- %{name}-server < 2:7.0p1-2 |
a80b2943 AM |
744 | %banner %{name}-server -e << EOF |
745 | !!!!!!!!!!!!!!!!!!!!!!! WARNING !!!!!!!!!!!!!!!!!!! | |
746 | ! Starting from openssh 7.0 DSA keys are disabled ! | |
747 | ! on server and client side. You will NOT be able ! | |
748 | ! to use DSA keys for authentication. Please read ! | |
749 | ! about PubkeyAcceptedKeyTypes in man ssh_config. ! | |
750 | !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! | |
751 | EOF | |
752 | ||
ec3e8a5a AM |
753 | %triggerpostun server -- %{name}-server < 6.2p1-1 |
754 | cp -f %{_sysconfdir}/sshd_config{,.rpmorig} | |
755 | sed -i -e 's#AuthorizedKeysCommandRunAs#AuthorizedKeysCommandUser##g' %{_sysconfdir}/sshd_config | |
756 | ||
c75fc765 | 757 | %triggerpostun server -- %{name}-server < 2:5.9p1-8 |
3906e3c0 ER |
758 | # lpk.patch to ldap.patch |
759 | if grep -qE '^(UseLPK|Lpk)' %{_sysconfdir}/sshd_config; then | |
760 | echo >&2 "Migrating LPK patch to LDAP patch" | |
761 | cp -f %{_sysconfdir}/sshd_config{,.rpmorig} | |
762 | %{__sed} -i -e ' | |
763 | # disable old configs | |
764 | # just UseLPK/LkpLdapConf supported for now | |
a3c4f69a ER |
765 | s/^\s*UseLPK/## Obsolete &/ |
766 | s/^\s*Lpk/## Obsolete &/ | |
3906e3c0 | 767 | # Enable new ones, assumes /etc/ldap.conf defaults, see HOWTO.ldap-keys |
fb0e16d1 | 768 | /UseLPK/iAuthorizedKeysCommand %{_libexecdir}/ssh-ldap-wrapper |
3906e3c0 | 769 | ' %{_sysconfdir}/sshd_config |
c75fc765 JR |
770 | if [ ! -x /bin/systemd_booted ] || ! /bin/systemd_booted; then |
771 | /bin/systemctl try-restart sshd.service || : | |
772 | else | |
773 | %service -q sshd reload | |
774 | fi | |
3906e3c0 | 775 | fi |
c75fc765 | 776 | %systemd_trigger sshd.service |
76ae1815 JR |
777 | if [ -x /bin/systemd_booted ] && /bin/systemd_booted; then |
778 | %banner %{name}-server -e << EOF | |
779 | !!!!!!!!!!!!!!!!!!!!!!! WARNING !!!!!!!!!!!!!!!!!!!!!!!!! | |
780 | ! Native systemd support for sshd has been installed. ! | |
781 | ! Restarting sshd.service with systemctl WILL kill all ! | |
782 | ! active ssh sessions (daemon as such will be started). ! | |
783 | !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! | |
784 | EOF | |
785 | fi | |
3906e3c0 | 786 | |
7073aeeb JR |
787 | %post -n openldap-schema-openssh-lpk |
788 | %openldap_schema_register %{schemadir}/openssh-lpk.schema | |
789 | %service -q ldap restart | |
790 | ||
791 | %postun -n openldap-schema-openssh-lpk | |
792 | if [ "$1" = "0" ]; then | |
793 | %openldap_schema_unregister %{schemadir}/openssh-lpk.schema | |
794 | %service -q ldap restart | |
795 | fi | |
796 | ||
6fe24471 | 797 | %files |
52000378 | 798 | %defattr(644,root,root,755) |
afde20c1 | 799 | %doc TODO README OVERVIEW CREDITS Change* |
a6eef44c | 800 | %attr(755,root,root) %{_bindir}/ssh-key* |
942a5500 | 801 | #%attr(755,root,root) %{_bindir}/ssh-vulnkey* |
a6eef44c | 802 | %{_mandir}/man1/ssh-key*.1* |
942a5500 | 803 | #%{_mandir}/man1/ssh-vulnkey*.1* |
52000378 | 804 | %dir %{_sysconfdir} |
9df62d0f | 805 | %dir %{_libexecdir} |
52000378 AF |
806 | |
807 | %files clients | |
808 | %defattr(644,root,root,755) | |
96f686c2 | 809 | %attr(755,root,root) %{_bindir}/ssh |
96f686c2 JB |
810 | %attr(755,root,root) %{_bindir}/sftp |
811 | %attr(755,root,root) %{_bindir}/ssh-agent | |
812 | %attr(755,root,root) %{_bindir}/ssh-add | |
0906c8d0 | 813 | %attr(755,root,root) %{_bindir}/ssh-copy-id |
96f686c2 | 814 | %attr(755,root,root) %{_bindir}/scp |
11023d4b | 815 | %attr(755,root,root) %{_libexecdir}/ssh-pkcs11-helper |
794e0987 JB |
816 | %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/ssh_config |
817 | %config(noreplace,missingok) %verify(not md5 mtime size) /etc/env.d/SSH_ASKPASS | |
52000378 AF |
818 | %{_mandir}/man1/scp.1* |
819 | %{_mandir}/man1/ssh.1* | |
a6eef44c | 820 | %{_mandir}/man1/sftp.1* |
52000378 AF |
821 | %{_mandir}/man1/ssh-agent.1* |
822 | %{_mandir}/man1/ssh-add.1* | |
0906c8d0 | 823 | %{_mandir}/man1/ssh-copy-id.1* |
902cef13 | 824 | %{_mandir}/man5/ssh_config.5* |
11023d4b | 825 | %{_mandir}/man8/ssh-pkcs11-helper.8* |
2b7669a6 | 826 | %lang(it) %{_mandir}/it/man1/ssh.1* |
827 | %lang(it) %{_mandir}/it/man5/ssh_config.5* | |
828 | %lang(pl) %{_mandir}/pl/man1/scp.1* | |
829 | %lang(zh_CN) %{_mandir}/zh_CN/man1/scp.1* | |
ec82f607 JB |
830 | |
831 | # for host-based auth (suid required for accessing private host key) | |
832 | #%attr(4755,root,root) %{_libexecdir}/ssh-keysign | |
833 | #%{_mandir}/man8/ssh-keysign.8* | |
52000378 | 834 | |
8a7ba6eb AM |
835 | %files clients-agent-profile_d |
836 | %defattr(644,root,root,755) | |
837 | %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/ssh-agent.conf | |
838 | %attr(755,root,root) /etc/profile.d/ssh-agent.sh | |
839 | ||
840 | %files clients-agent-xinitrc | |
841 | %defattr(644,root,root,755) | |
842 | %attr(755,root,root) /etc/X11/xinit/xinitrc.d/ssh-agent.sh | |
843 | ||
0ce7c246 BS |
844 | %files clients-helper-fido |
845 | %defattr(644,root,root,755) | |
846 | %attr(755,root,root) %{_libexecdir}/ssh-sk-helper | |
847 | %{_mandir}/man8/ssh-sk-helper.8* | |
848 | ||
52000378 AF |
849 | %files server |
850 | %defattr(644,root,root,755) | |
851 | %attr(755,root,root) %{_sbindir}/sshd | |
a6eef44c | 852 | %attr(755,root,root) %{_libexecdir}/sftp-server |
ad852e00 | 853 | %attr(755,root,root) %{_libexecdir}/ssh-keysign |
c75fc765 | 854 | %attr(755,root,root) %{_libexecdir}/sshd-keygen |
52000378 | 855 | %{_mandir}/man8/sshd.8* |
a6eef44c | 856 | %{_mandir}/man8/sftp-server.8* |
ad852e00 | 857 | %{_mandir}/man8/ssh-keysign.8* |
902cef13 | 858 | %{_mandir}/man5/sshd_config.5* |
78aa4c3c | 859 | %{_mandir}/man5/moduli.5* |
794e0987 JB |
860 | %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/sshd_config |
861 | %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/pam.d/sshd | |
f88c7731 | 862 | %{_sysconfdir}/moduli |
52000378 | 863 | %attr(754,root,root) /etc/rc.d/init.d/sshd |
794e0987 JB |
864 | %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/sysconfig/sshd |
865 | %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/security/blacklist.sshd | |
c75fc765 | 866 | %{systemdunitdir}/sshd.service |
84b4a299 ER |
867 | %{systemdunitdir}/sshd.socket |
868 | %{systemdunitdir}/sshd@.service | |
52000378 | 869 | |
44144fb7 ER |
870 | %if %{with ldap} |
871 | %files server-ldap | |
872 | %defattr(644,root,root,755) | |
873 | %doc HOWTO.ldap-keys ldap.conf | |
874 | %attr(755,root,root) %{_libexecdir}/ssh-ldap-helper | |
875 | %attr(755,root,root) %{_libexecdir}/ssh-ldap-wrapper | |
876 | %{_mandir}/man5/ssh-ldap.conf.5* | |
877 | %{_mandir}/man8/ssh-ldap-helper.8* | |
878 | %endif | |
879 | ||
0d32b20f | 880 | %if %{with gnome} || %{with gtk} |
40cb2e83 JB |
881 | %files gnome-askpass |
882 | %defattr(644,root,root,755) | |
794e0987 | 883 | %config(noreplace,missingok) %verify(not md5 mtime size) /etc/env.d/GNOME_SSH_ASKPASS* |
40cb2e83 JB |
884 | %dir %{_libexecdir}/ssh |
885 | %attr(755,root,root) %{_libexecdir}/ssh/ssh-askpass | |
4ae0bc0d | 886 | %attr(755,root,root) %{_libexecdir}/ssh-askpass |
40cb2e83 | 887 | %endif |
b32891d6 JR |
888 | |
889 | %if %{with ldap} | |
890 | %files -n openldap-schema-openssh-lpk | |
891 | %defattr(644,root,root,755) | |
892 | %{schemadir}/openssh-lpk.schema | |
893 | %endif |