1 2# Some of this will need re-evaluation post-LSB. The SVIdir is there 3# because the link appeared broken. The rest is for easy compilation, 4# the tradeoff open to discussion. (LC957) 5 6%define SVIdir /etc/rc.d/init.d 7%{!?_defaultdocdir:%define _defaultdocdir %{_prefix}/share/doc/packages} 8%{!?SVIcdir:%define SVIcdir /etc/sysconfig/daemons} 9 10%define _mandir %{_prefix}/share/man/en 11%define _sysconfdir /etc/ssh 12%define _libexecdir %{_libdir}/ssh 13 14# Do we want to disable root_login? (1=yes 0=no) 15%define no_root_login 0 16 17#old cvs stuff. please update before use. may be deprecated. 18%define use_stable 1 19%define version 5.9p1 20%if %{use_stable} 21 %define cvs %{nil} 22 %define release 1 23%else 24 %define cvs cvs20050315 25 %define release 0r1 26%endif 27%define xsa x11-ssh-askpass 28%define askpass %{xsa}-1.2.4.1 29 30# OpenSSH privilege separation requires a user & group ID 31%define sshd_uid 67 32%define sshd_gid 67 33 34Name : openssh 35Version : %{version}%{cvs} 36Release : %{release} 37Group : System/Network 38 39Summary : OpenSSH free Secure Shell (SSH) implementation. 40Summary(de) : OpenSSH - freie Implementation der Secure Shell (SSH). 41Summary(es) : OpenSSH implementaci�n libre de Secure Shell (SSH). 42Summary(fr) : Impl�mentation libre du shell s�curis� OpenSSH (SSH). 43Summary(it) : Implementazione gratuita OpenSSH della Secure Shell. 44Summary(pt) : Implementa��o livre OpenSSH do protocolo 'Secure Shell' (SSH). 45Summary(pt_BR) : Implementa��o livre OpenSSH do protocolo Secure Shell (SSH). 46 47Copyright : BSD 48Packager : Raymund Will <ray@caldera.de> 49URL : http://www.openssh.com/ 50 51Obsoletes : ssh, ssh-clients, openssh-clients 52 53BuildRoot : /tmp/%{name}-%{version} 54BuildRequires : XFree86-imake 55 56# %{use_stable}==1: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable 57# %{use_stable}==0: :pserver:cvs@bass.directhit.com:/cvs/openssh_cvs 58Source0: see-above:/.../openssh-%{version}.tar.gz 59%if %{use_stable} 60Source1: see-above:/.../openssh-%{version}.tar.gz.asc 61%endif 62Source2: http://www.jmknoble.net/software/%{xsa}/%{askpass}.tar.gz 63Source3: http://www.openssh.com/faq.html 64 65%Package server 66Group : System/Network 67Requires : openssh = %{version} 68Obsoletes : ssh-server 69 70Summary : OpenSSH Secure Shell protocol server (sshd). 71Summary(de) : OpenSSH Secure Shell Protocol-Server (sshd). 72Summary(es) : Servidor del protocolo OpenSSH Secure Shell (sshd). 73Summary(fr) : Serveur de protocole du shell s�curis� OpenSSH (sshd). 74Summary(it) : Server OpenSSH per il protocollo Secure Shell (sshd). 75Summary(pt) : Servidor do protocolo 'Secure Shell' OpenSSH (sshd). 76Summary(pt_BR) : Servidor do protocolo Secure Shell OpenSSH (sshd). 77 78 79%Package askpass 80Group : System/Network 81Requires : openssh = %{version} 82URL : http://www.jmknoble.net/software/x11-ssh-askpass/ 83Obsoletes : ssh-extras 84 85Summary : OpenSSH X11 pass-phrase dialog. 86Summary(de) : OpenSSH X11 Passwort-Dialog. 87Summary(es) : Aplicaci�n de petici�n de frase clave OpenSSH X11. 88Summary(fr) : Dialogue pass-phrase X11 d'OpenSSH. 89Summary(it) : Finestra di dialogo X11 per la frase segreta di OpenSSH. 90Summary(pt) : Di�logo de pedido de senha para X11 do OpenSSH. 91Summary(pt_BR) : Di�logo de pedido de senha para X11 do OpenSSH. 92 93 94%Description 95OpenSSH (Secure Shell) provides access to a remote system. It replaces 96telnet, rlogin, rexec, and rsh, and provides secure encrypted 97communications between two untrusted hosts over an insecure network. 98X11 connections and arbitrary TCP/IP ports can also be forwarded over 99the secure channel. 100 101%Description -l de 102OpenSSH (Secure Shell) stellt den Zugang zu anderen Rechnern her. Es ersetzt 103telnet, rlogin, rexec und rsh und stellt eine sichere, verschl�sselte 104Verbindung zwischen zwei nicht vertrauensw�rdigen Hosts �ber eine unsicheres 105Netzwerk her. X11 Verbindungen und beliebige andere TCP/IP Ports k�nnen ebenso 106�ber den sicheren Channel weitergeleitet werden. 107 108%Description -l es 109OpenSSH (Secure Shell) proporciona acceso a sistemas remotos. Reemplaza a 110telnet, rlogin, rexec, y rsh, y proporciona comunicaciones seguras encriptadas 111entre dos equipos entre los que no se ha establecido confianza a trav�s de una 112red insegura. Las conexiones X11 y puertos TCP/IP arbitrarios tambi�n pueden 113ser canalizadas sobre el canal seguro. 114 115%Description -l fr 116OpenSSH (Secure Shell) fournit un acc�s � un syst�me distant. Il remplace 117telnet, rlogin, rexec et rsh, tout en assurant des communications crypt�es 118securis�es entre deux h�tes non fiabilis�s sur un r�seau non s�curis�. Des 119connexions X11 et des ports TCP/IP arbitraires peuvent �galement �tre 120transmis sur le canal s�curis�. 121 122%Description -l it 123OpenSSH (Secure Shell) fornisce l'accesso ad un sistema remoto. 124Sostituisce telnet, rlogin, rexec, e rsh, e fornisce comunicazioni sicure 125e crittate tra due host non fidati su una rete non sicura. Le connessioni 126X11 ad una porta TCP/IP arbitraria possono essere inoltrate attraverso 127un canale sicuro. 128 129%Description -l pt 130OpenSSH (Secure Shell) fornece acesso a um sistema remoto. Substitui o 131telnet, rlogin, rexec, e o rsh e fornece comunica��es seguras e cifradas 132entre duas m�quinas sem confian�a m�tua sobre uma rede insegura. 133Liga��es X11 e portos TCP/IP arbitr�rios tamb�m poder ser reenviados 134pelo canal seguro. 135 136%Description -l pt_BR 137O OpenSSH (Secure Shell) fornece acesso a um sistema remoto. Substitui o 138telnet, rlogin, rexec, e o rsh e fornece comunica��es seguras e criptografadas 139entre duas m�quinas sem confian�a m�tua sobre uma rede insegura. 140Liga��es X11 e portas TCP/IP arbitr�rias tamb�m podem ser reenviadas 141pelo canal seguro. 142 143%Description server 144This package installs the sshd, the server portion of OpenSSH. 145 146%Description -l de server 147Dieses Paket installiert den sshd, den Server-Teil der OpenSSH. 148 149%Description -l es server 150Este paquete instala sshd, la parte servidor de OpenSSH. 151 152%Description -l fr server 153Ce paquetage installe le 'sshd', partie serveur de OpenSSH. 154 155%Description -l it server 156Questo pacchetto installa sshd, il server di OpenSSH. 157 158%Description -l pt server 159Este pacote intala o sshd, o servidor do OpenSSH. 160 161%Description -l pt_BR server 162Este pacote intala o sshd, o servidor do OpenSSH. 163 164%Description askpass 165This package contains an X11-based pass-phrase dialog used per 166default by ssh-add(1). It is based on %{askpass} 167by Jim Knoble <jmknoble@pobox.com>. 168 169 170%Prep 171%setup %([ -z "%{cvs}" ] || echo "-n %{name}_cvs") -a2 172%if ! %{use_stable} 173 autoreconf 174%endif 175 176 177%Build 178CFLAGS="$RPM_OPT_FLAGS" \ 179%configure \ 180 --with-pam \ 181 --with-tcp-wrappers \ 182 --with-privsep-path=%{_var}/empty/sshd \ 183 #leave this line for easy edits. 184 185%__make 186 187cd %{askpass} 188%configure \ 189 #leave this line for easy edits. 190 191xmkmf 192%__make includes 193%__make 194 195 196%Install 197[ %{buildroot} != "/" ] && rm -rf %{buildroot} 198 199make install DESTDIR=%{buildroot} 200%makeinstall -C %{askpass} \ 201 BINDIR=%{_libexecdir} \ 202 MANPATH=%{_mandir} \ 203 DESTDIR=%{buildroot} 204 205# OpenLinux specific configuration 206mkdir -p %{buildroot}{/etc/pam.d,%{SVIcdir},%{SVIdir}} 207mkdir -p %{buildroot}%{_var}/empty/sshd 208 209# enabling X11 forwarding on the server is convenient and okay, 210# on the client side it's a potential security risk! 211%__perl -pi -e 's:#X11Forwarding no:X11Forwarding yes:g' \ 212 %{buildroot}%{_sysconfdir}/sshd_config 213 214%if %{no_root_login} 215%__perl -pi -e 's:#PermitRootLogin yes:PermitRootLogin no:g' \ 216 %{buildroot}%{_sysconfdir}/sshd_config 217%endif 218 219install -m644 contrib/caldera/sshd.pam %{buildroot}/etc/pam.d/sshd 220# FIXME: disabled, find out why this doesn't work with nis 221%__perl -pi -e 's:(.*pam_limits.*):#$1:' \ 222 %{buildroot}/etc/pam.d/sshd 223 224install -m 0755 contrib/caldera/sshd.init %{buildroot}%{SVIdir}/sshd 225 226# the last one is needless, but more future-proof 227find %{buildroot}%{SVIdir} -type f -exec \ 228 %__perl -pi -e 's:\@SVIdir\@:%{SVIdir}:g;\ 229 s:\@sysconfdir\@:%{_sysconfdir}:g; \ 230 s:/usr/sbin:%{_sbindir}:g'\ 231 \{\} \; 232 233cat <<-EoD > %{buildroot}%{SVIcdir}/sshd 234 IDENT=sshd 235 DESCRIPTIVE="OpenSSH secure shell daemon" 236 # This service will be marked as 'skipped' on boot if there 237 # is no host key. Use ssh-host-keygen to generate one 238 ONBOOT="yes" 239 OPTIONS="" 240EoD 241 242SKG=%{buildroot}%{_sbindir}/ssh-host-keygen 243install -m 0755 contrib/caldera/ssh-host-keygen $SKG 244# Fix up some path names in the keygen toy^Hol 245 %__perl -pi -e 's:\@sysconfdir\@:%{_sysconfdir}:g; \ 246 s:\@sshkeygen\@:%{_bindir}/ssh-keygen:g' \ 247 %{buildroot}%{_sbindir}/ssh-host-keygen 248 249# This looks terrible. Expect it to change. 250# install remaining docs 251DocD="%{buildroot}%{_defaultdocdir}/%{name}-%{version}" 252mkdir -p $DocD/%{askpass} 253cp -a CREDITS ChangeLog LICENCE OVERVIEW README* TODO PROTOCOL* $DocD 254install -p -m 0444 %{SOURCE3} $DocD/faq.html 255cp -a %{askpass}/{README,ChangeLog,TODO,SshAskpass*.ad} $DocD/%{askpass} 256%if %{use_stable} 257 cp -p %{askpass}/%{xsa}.man $DocD/%{askpass}/%{xsa}.1 258%else 259 cp -p %{askpass}/%{xsa}.man %{buildroot}%{_mandir}man1/%{xsa}.1 260 ln -s %{xsa}.1 %{buildroot}%{_mandir}man1/ssh-askpass.1 261%endif 262 263find %{buildroot}%{_mandir} -type f -not -name '*.gz' -print0 | xargs -0r %__gzip -9nf 264rm %{buildroot}%{_mandir}/man1/slogin.1 && \ 265 ln -s %{_mandir}/man1/ssh.1.gz \ 266 %{buildroot}%{_mandir}/man1/slogin.1.gz 267 268 269%Clean 270#%{rmDESTDIR} 271[ %{buildroot} != "/" ] && rm -rf %{buildroot} 272 273%Post 274# Generate host key when none is present to get up and running, 275# both client and server require this for host-based auth! 276# ssh-host-keygen checks for existing keys. 277/usr/sbin/ssh-host-keygen 278: # to protect the rpm database 279 280%pre server 281%{_sbindir}/groupadd -g %{sshd_gid} sshd 2>/dev/null || : 282%{_sbindir}/useradd -d /var/empty/sshd -s /bin/false -u %{sshd_uid} \ 283 -c "SSH Daemon virtual user" -g sshd sshd 2>/dev/null || : 284: # to protect the rpm database 285 286%Post server 287if [ -x %{LSBinit}-install ]; then 288 %{LSBinit}-install sshd 289else 290 lisa --SysV-init install sshd S55 2:3:4:5 K45 0:1:6 291fi 292 293! %{SVIdir}/sshd status || %{SVIdir}/sshd restart 294: # to protect the rpm database 295 296 297%PreUn server 298[ "$1" = 0 ] || exit 0 299! %{SVIdir}/sshd status || %{SVIdir}/sshd stop 300if [ -x %{LSBinit}-remove ]; then 301 %{LSBinit}-remove sshd 302else 303 lisa --SysV-init remove sshd $1 304fi 305: # to protect the rpm database 306 307%Files 308%defattr(-,root,root) 309%dir %{_sysconfdir} 310%config %{_sysconfdir}/ssh_config 311%{_bindir}/scp 312%{_bindir}/sftp 313%{_bindir}/ssh 314%{_bindir}/slogin 315%{_bindir}/ssh-add 316%attr(2755,root,nobody) %{_bindir}/ssh-agent 317%{_bindir}/ssh-keygen 318%{_bindir}/ssh-keyscan 319%dir %{_libexecdir} 320%attr(4711,root,root) %{_libexecdir}/ssh-keysign 321%{_libexecdir}/ssh-pkcs11-helper 322%{_sbindir}/ssh-host-keygen 323%dir %{_defaultdocdir}/%{name}-%{version} 324%{_defaultdocdir}/%{name}-%{version}/CREDITS 325%{_defaultdocdir}/%{name}-%{version}/ChangeLog 326%{_defaultdocdir}/%{name}-%{version}/LICENCE 327%{_defaultdocdir}/%{name}-%{version}/OVERVIEW 328%{_defaultdocdir}/%{name}-%{version}/README* 329%{_defaultdocdir}/%{name}-%{version}/TODO 330%{_defaultdocdir}/%{name}-%{version}/faq.html 331%{_mandir}/man1/* 332%{_mandir}/man8/ssh-keysign.8.gz 333%{_mandir}/man8/ssh-pkcs11-helper.8.gz 334%{_mandir}/man5/ssh_config.5.gz 335 336%Files server 337%defattr(-,root,root) 338%dir %{_var}/empty/sshd 339%config %{SVIdir}/sshd 340%config /etc/pam.d/sshd 341%config %{_sysconfdir}/moduli 342%config %{_sysconfdir}/sshd_config 343%config %{SVIcdir}/sshd 344%{_libexecdir}/sftp-server 345%{_sbindir}/sshd 346%{_mandir}/man5/moduli.5.gz 347%{_mandir}/man5/sshd_config.5.gz 348%{_mandir}/man8/sftp-server.8.gz 349%{_mandir}/man8/sshd.8.gz 350 351%Files askpass 352%defattr(-,root,root) 353%{_libexecdir}/ssh-askpass 354%{_libexecdir}/x11-ssh-askpass 355%{_defaultdocdir}/%{name}-%{version}/%{askpass} 356 357 358%ChangeLog 359* Tue Jan 18 2011 Tim Rice <tim@multitalents.net> 360- Use CFLAGS from Makefile instead of RPM so build completes. 361- Signatures were changed to .asc since 4.1p1. 362 363* Mon Jan 01 1998 ... 364Template Version: 1.31 365 366$Id: openssh.spec,v 1.75.2.1 2011/09/05 00:28:11 djm Exp $ 367