1 2# Some of this will need re-evaluation post-LSB. The SVIdir is there 3# because the link appeared broken. The rest is for easy compilation, 4# the tradeoff open to discussion. (LC957) 5 6%define SVIdir /etc/rc.d/init.d 7%{!?_defaultdocdir:%define _defaultdocdir %{_prefix}/share/doc/packages} 8%{!?SVIcdir:%define SVIcdir /etc/sysconfig/daemons} 9 10%define _mandir %{_prefix}/share/man/en 11%define _sysconfdir /etc/ssh 12%define _libexecdir %{_libdir}/ssh 13 14# Do we want to disable root_login? (1=yes 0=no) 15%define no_root_login 0 16 17#old cvs stuff. please update before use. may be deprecated. 18%define use_stable 1 19%define version 5.9p1 20%if %{use_stable} 21 %define cvs %{nil} 22 %define release 1 23%else 24 %define cvs cvs20050315 25 %define release 0r1 26%endif 27%define xsa x11-ssh-askpass 28%define askpass %{xsa}-1.2.4.1 29 30# OpenSSH privilege separation requires a user & group ID 31%define sshd_uid 67 32%define sshd_gid 67 33 34Name : openssh 35Version : %{version}%{cvs} 36Release : %{release} 37Group : System/Network 38 39Summary : OpenSSH free Secure Shell (SSH) implementation. 40Summary(de) : OpenSSH - freie Implementation der Secure Shell (SSH). 41Summary(es) : OpenSSH implementación libre de Secure Shell (SSH). 42Summary(fr) : Implémentation libre du shell sécurisé OpenSSH (SSH). 43Summary(it) : Implementazione gratuita OpenSSH della Secure Shell. 44Summary(pt) : Implementação livre OpenSSH do protocolo 'Secure Shell' (SSH). 45Summary(pt_BR) : Implementação livre OpenSSH do protocolo Secure Shell (SSH). 46 47Copyright : BSD 48Packager : Raymund Will <ray@caldera.de> 49URL : http://www.openssh.com/ 50 51Obsoletes : ssh, ssh-clients, openssh-clients 52 53BuildRoot : /tmp/%{name}-%{version} 54BuildRequires : XFree86-imake 55 56# %{use_stable}==1: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable 57# %{use_stable}==0: :pserver:cvs@bass.directhit.com:/cvs/openssh_cvs 58Source0: see-above:/.../openssh-%{version}.tar.gz 59%if %{use_stable} 60Source1: see-above:/.../openssh-%{version}.tar.gz.asc 61%endif 62Source2: http://www.jmknoble.net/software/%{xsa}/%{askpass}.tar.gz 63Source3: http://www.openssh.com/faq.html 64 65%Package server 66Group : System/Network 67Requires : openssh = %{version} 68Obsoletes : ssh-server 69 70Summary : OpenSSH Secure Shell protocol server (sshd). 71Summary(de) : OpenSSH Secure Shell Protocol-Server (sshd). 72Summary(es) : Servidor del protocolo OpenSSH Secure Shell (sshd). 73Summary(fr) : Serveur de protocole du shell sécurisé OpenSSH (sshd). 74Summary(it) : Server OpenSSH per il protocollo Secure Shell (sshd). 75Summary(pt) : Servidor do protocolo 'Secure Shell' OpenSSH (sshd). 76Summary(pt_BR) : Servidor do protocolo Secure Shell OpenSSH (sshd). 77 78 79%Package askpass 80Group : System/Network 81Requires : openssh = %{version} 82URL : http://www.jmknoble.net/software/x11-ssh-askpass/ 83Obsoletes : ssh-extras 84 85Summary : OpenSSH X11 pass-phrase dialog. 86Summary(de) : OpenSSH X11 Passwort-Dialog. 87Summary(es) : Aplicación de petición de frase clave OpenSSH X11. 88Summary(fr) : Dialogue pass-phrase X11 d'OpenSSH. 89Summary(it) : Finestra di dialogo X11 per la frase segreta di OpenSSH. 90Summary(pt) : Diálogo de pedido de senha para X11 do OpenSSH. 91Summary(pt_BR) : Diálogo de pedido de senha para X11 do OpenSSH. 92 93 94%Description 95OpenSSH (Secure Shell) provides access to a remote system. It replaces 96telnet, rlogin, rexec, and rsh, and provides secure encrypted 97communications between two untrusted hosts over an insecure network. 98X11 connections and arbitrary TCP/IP ports can also be forwarded over 99the secure channel. 100 101%Description -l de 102OpenSSH (Secure Shell) stellt den Zugang zu anderen Rechnern her. Es ersetzt 103telnet, rlogin, rexec und rsh und stellt eine sichere, verschlüsselte 104Verbindung zwischen zwei nicht vertrauenswürdigen Hosts über eine unsicheres 105Netzwerk her. X11 Verbindungen und beliebige andere TCP/IP Ports können ebenso 106über den sicheren Channel weitergeleitet werden. 107 108%Description -l es 109OpenSSH (Secure Shell) proporciona acceso a sistemas remotos. Reemplaza a 110telnet, rlogin, rexec, y rsh, y proporciona comunicaciones seguras encriptadas 111entre dos equipos entre los que no se ha establecido confianza a través de una 112red insegura. Las conexiones X11 y puertos TCP/IP arbitrarios también pueden 113ser canalizadas sobre el canal seguro. 114 115%Description -l fr 116OpenSSH (Secure Shell) fournit un accès à un système distant. Il remplace 117telnet, rlogin, rexec et rsh, tout en assurant des communications cryptées 118securisées entre deux hôtes non fiabilisés sur un réseau non sécurisé. Des 119connexions X11 et des ports TCP/IP arbitraires peuvent également être 120transmis sur le canal sécurisé. 121 122%Description -l it 123OpenSSH (Secure Shell) fornisce l'accesso ad un sistema remoto. 124Sostituisce telnet, rlogin, rexec, e rsh, e fornisce comunicazioni sicure 125e crittate tra due host non fidati su una rete non sicura. Le connessioni 126X11 ad una porta TCP/IP arbitraria possono essere inoltrate attraverso 127un canale sicuro. 128 129%Description -l pt 130OpenSSH (Secure Shell) fornece acesso a um sistema remoto. Substitui o 131telnet, rlogin, rexec, e o rsh e fornece comunicações seguras e cifradas 132entre duas máquinas sem confiança mútua sobre uma rede insegura. 133Ligações X11 e portos TCP/IP arbitrários também poder ser reenviados 134pelo canal seguro. 135 136%Description -l pt_BR 137O OpenSSH (Secure Shell) fornece acesso a um sistema remoto. Substitui o 138telnet, rlogin, rexec, e o rsh e fornece comunicações seguras e criptografadas 139entre duas máquinas sem confiança mútua sobre uma rede insegura. 140Ligações X11 e portas TCP/IP arbitrárias também podem ser reenviadas 141pelo canal seguro. 142 143%Description server 144This package installs the sshd, the server portion of OpenSSH. 145 146%Description -l de server 147Dieses Paket installiert den sshd, den Server-Teil der OpenSSH. 148 149%Description -l es server 150Este paquete instala sshd, la parte servidor de OpenSSH. 151 152%Description -l fr server 153Ce paquetage installe le 'sshd', partie serveur de OpenSSH. 154 155%Description -l it server 156Questo pacchetto installa sshd, il server di OpenSSH. 157 158%Description -l pt server 159Este pacote intala o sshd, o servidor do OpenSSH. 160 161%Description -l pt_BR server 162Este pacote intala o sshd, o servidor do OpenSSH. 163 164%Description askpass 165This package contains an X11-based pass-phrase dialog used per 166default by ssh-add(1). It is based on %{askpass} 167by Jim Knoble <jmknoble@pobox.com>. 168 169 170%Prep 171%setup %([ -z "%{cvs}" ] || echo "-n %{name}_cvs") -a2 172%if ! %{use_stable} 173 autoreconf 174%endif 175 176 177%Build 178CFLAGS="$RPM_OPT_FLAGS" \ 179%configure \ 180 --with-pam \ 181 --with-tcp-wrappers \ 182 --with-privsep-path=%{_var}/empty/sshd \ 183 #leave this line for easy edits. 184 185%__make 186 187cd %{askpass} 188%configure \ 189 #leave this line for easy edits. 190 191xmkmf 192%__make includes 193%__make 194 195 196%Install 197[ %{buildroot} != "/" ] && rm -rf %{buildroot} 198 199make install DESTDIR=%{buildroot} 200%makeinstall -C %{askpass} \ 201 BINDIR=%{_libexecdir} \ 202 MANPATH=%{_mandir} \ 203 DESTDIR=%{buildroot} 204 205# OpenLinux specific configuration 206mkdir -p %{buildroot}{/etc/pam.d,%{SVIcdir},%{SVIdir}} 207mkdir -p %{buildroot}%{_var}/empty/sshd 208 209# enabling X11 forwarding on the server is convenient and okay, 210# on the client side it's a potential security risk! 211%__perl -pi -e 's:#X11Forwarding no:X11Forwarding yes:g' \ 212 %{buildroot}%{_sysconfdir}/sshd_config 213 214%if %{no_root_login} 215%__perl -pi -e 's:#PermitRootLogin yes:PermitRootLogin no:g' \ 216 %{buildroot}%{_sysconfdir}/sshd_config 217%endif 218 219install -m644 contrib/caldera/sshd.pam %{buildroot}/etc/pam.d/sshd 220# FIXME: disabled, find out why this doesn't work with nis 221%__perl -pi -e 's:(.*pam_limits.*):#$1:' \ 222 %{buildroot}/etc/pam.d/sshd 223 224install -m 0755 contrib/caldera/sshd.init %{buildroot}%{SVIdir}/sshd 225 226# the last one is needless, but more future-proof 227find %{buildroot}%{SVIdir} -type f -exec \ 228 %__perl -pi -e 's:\@SVIdir\@:%{SVIdir}:g;\ 229 s:\@sysconfdir\@:%{_sysconfdir}:g; \ 230 s:/usr/sbin:%{_sbindir}:g'\ 231 \{\} \; 232 233cat <<-EoD > %{buildroot}%{SVIcdir}/sshd 234 IDENT=sshd 235 DESCRIPTIVE="OpenSSH secure shell daemon" 236 # This service will be marked as 'skipped' on boot if there 237 # is no host key. Use ssh-host-keygen to generate one 238 ONBOOT="yes" 239 OPTIONS="" 240EoD 241 242SKG=%{buildroot}%{_sbindir}/ssh-host-keygen 243install -m 0755 contrib/caldera/ssh-host-keygen $SKG 244# Fix up some path names in the keygen toy^Hol 245 %__perl -pi -e 's:\@sysconfdir\@:%{_sysconfdir}:g; \ 246 s:\@sshkeygen\@:%{_bindir}/ssh-keygen:g' \ 247 %{buildroot}%{_sbindir}/ssh-host-keygen 248 249# This looks terrible. Expect it to change. 250# install remaining docs 251DocD="%{buildroot}%{_defaultdocdir}/%{name}-%{version}" 252mkdir -p $DocD/%{askpass} 253cp -a CREDITS ChangeLog LICENCE OVERVIEW README* TODO PROTOCOL* $DocD 254install -p -m 0444 %{SOURCE3} $DocD/faq.html 255cp -a %{askpass}/{README,ChangeLog,TODO,SshAskpass*.ad} $DocD/%{askpass} 256%if %{use_stable} 257 cp -p %{askpass}/%{xsa}.man $DocD/%{askpass}/%{xsa}.1 258%else 259 cp -p %{askpass}/%{xsa}.man %{buildroot}%{_mandir}man1/%{xsa}.1 260 ln -s %{xsa}.1 %{buildroot}%{_mandir}man1/ssh-askpass.1 261%endif 262 263find %{buildroot}%{_mandir} -type f -not -name '*.gz' -print0 | xargs -0r %__gzip -9nf 264rm %{buildroot}%{_mandir}/man1/slogin.1 && \ 265 ln -s %{_mandir}/man1/ssh.1.gz \ 266 %{buildroot}%{_mandir}/man1/slogin.1.gz 267 268 269%Clean 270#%{rmDESTDIR} 271[ %{buildroot} != "/" ] && rm -rf %{buildroot} 272 273%Post 274# Generate host key when none is present to get up and running, 275# both client and server require this for host-based auth! 276# ssh-host-keygen checks for existing keys. 277/usr/sbin/ssh-host-keygen 278: # to protect the rpm database 279 280%pre server 281%{_sbindir}/groupadd -g %{sshd_gid} sshd 2>/dev/null || : 282%{_sbindir}/useradd -d /var/empty/sshd -s /bin/false -u %{sshd_uid} \ 283 -c "SSH Daemon virtual user" -g sshd sshd 2>/dev/null || : 284: # to protect the rpm database 285 286%Post server 287if [ -x %{LSBinit}-install ]; then 288 %{LSBinit}-install sshd 289else 290 lisa --SysV-init install sshd S55 2:3:4:5 K45 0:1:6 291fi 292 293! %{SVIdir}/sshd status || %{SVIdir}/sshd restart 294: # to protect the rpm database 295 296 297%PreUn server 298[ "$1" = 0 ] || exit 0 299! %{SVIdir}/sshd status || %{SVIdir}/sshd stop 300if [ -x %{LSBinit}-remove ]; then 301 %{LSBinit}-remove sshd 302else 303 lisa --SysV-init remove sshd $1 304fi 305: # to protect the rpm database 306 307%Files 308%defattr(-,root,root) 309%dir %{_sysconfdir} 310%config %{_sysconfdir}/ssh_config 311%{_bindir}/scp 312%{_bindir}/sftp 313%{_bindir}/ssh 314%{_bindir}/slogin 315%{_bindir}/ssh-add 316%attr(2755,root,nobody) %{_bindir}/ssh-agent 317%{_bindir}/ssh-keygen 318%{_bindir}/ssh-keyscan 319%dir %{_libexecdir} 320%attr(4711,root,root) %{_libexecdir}/ssh-keysign 321%{_libexecdir}/ssh-pkcs11-helper 322%{_sbindir}/ssh-host-keygen 323%dir %{_defaultdocdir}/%{name}-%{version} 324%{_defaultdocdir}/%{name}-%{version}/CREDITS 325%{_defaultdocdir}/%{name}-%{version}/ChangeLog 326%{_defaultdocdir}/%{name}-%{version}/LICENCE 327%{_defaultdocdir}/%{name}-%{version}/OVERVIEW 328%{_defaultdocdir}/%{name}-%{version}/README* 329%{_defaultdocdir}/%{name}-%{version}/TODO 330%{_defaultdocdir}/%{name}-%{version}/faq.html 331%{_mandir}/man1/* 332%{_mandir}/man8/ssh-keysign.8.gz 333%{_mandir}/man8/ssh-pkcs11-helper.8.gz 334%{_mandir}/man5/ssh_config.5.gz 335 336%Files server 337%defattr(-,root,root) 338%dir %{_var}/empty/sshd 339%config %{SVIdir}/sshd 340%config /etc/pam.d/sshd 341%config %{_sysconfdir}/moduli 342%config %{_sysconfdir}/sshd_config 343%config %{SVIcdir}/sshd 344%{_libexecdir}/sftp-server 345%{_sbindir}/sshd 346%{_mandir}/man5/moduli.5.gz 347%{_mandir}/man5/sshd_config.5.gz 348%{_mandir}/man8/sftp-server.8.gz 349%{_mandir}/man8/sshd.8.gz 350 351%Files askpass 352%defattr(-,root,root) 353%{_libexecdir}/ssh-askpass 354%{_libexecdir}/x11-ssh-askpass 355%{_defaultdocdir}/%{name}-%{version}/%{askpass} 356 357 358%ChangeLog 359* Tue Jan 18 2011 Tim Rice <tim@multitalents.net> 360- Use CFLAGS from Makefile instead of RPM so build completes. 361- Signatures were changed to .asc since 4.1p1. 362 363* Mon Jan 01 1998 ... 364Template Version: 1.31 365 366$Id: openssh.spec,v 1.75.2.1 2011/09/05 00:28:11 djm Exp $ 367