openssh/openssh.spec

249 lines
8.1 KiB
RPMSpec
Raw Normal View History

#
# spec file for package openssh
#
# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
Name: openssh
%define _fwdefdir %{_sysconfdir}/sysconfig/SuSEfirewall2.d/services
%define _appdefdir %{_prefix}/share/X11/app-defaults
BuildRequires: audit-devel
BuildRequires: autoconf
BuildRequires: groff
BuildRequires: krb5-devel
BuildRequires: libedit-devel
%if 0%{suse_version} > 1100
BuildRequires: libselinux-devel
%endif
BuildRequires: openssl-devel
BuildRequires: pam-devel
BuildRequires: tcpd-devel
Requires: /bin/netstat
PreReq: pwdutils %{insserv_prereq} %{fillup_prereq} coreutils
Conflicts: nonfreessh
Recommends: xauth
- Updated to 6.1p1, a bugfix release Features: * sshd(8): This release turns on pre-auth sandboxing sshd by default for new installs, by setting UsePrivilegeSeparation=sandbox in sshd_config. * ssh-keygen(1): Add options to specify starting line number and number of lines to process when screening moduli candidates, allowing processing of different parts of a candidate moduli file in parallel * sshd(8): The Match directive now supports matching on the local (listen) address and port upon which the incoming connection was received via LocalAddress and LocalPort clauses. * sshd(8): Extend sshd_config Match directive to allow setting AcceptEnv and {Allow,Deny}{Users,Groups} * Add support for RFC6594 SSHFP DNS records for ECDSA key types. bz#1978 * ssh-keygen(1): Allow conversion of RSA1 keys to public PEM and PKCS8 * sshd(8): Allow the sshd_config PermitOpen directive to accept "none" as an argument to refuse all port-forwarding requests. * sshd(8): Support "none" as an argument for AuthorizedPrincipalsFile * ssh-keyscan(1): Look for ECDSA keys by default. bz#1971 * sshd(8): Add "VersionAddendum" to sshd_config to allow server operators to append some arbitrary text to the server SSH protocol banner. Bugfixes: * ssh(1)/sshd(8): Don't spin in accept() in situations of file descriptor exhaustion. Instead back off for a while. * ssh(1)/sshd(8): Remove hmac-sha2-256-96 and hmac-sha2-512-96 MACs as they were removed from the specification. bz#2023, * sshd(8): Handle long comments in config files better. bz#2025 * ssh(1): Delay setting tty_flag so RequestTTY options are correctly picked up. bz#1995 * sshd(8): Fix handling of /etc/nologin incorrectly being applied to root on platforms that use login_cap. OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=42
2012-11-13 11:50:53 +01:00
Version: 6.1p1
Release: 0
%define xversion 1.2.4.1
Summary: Secure Shell Client and Server (Remote Login Program)
License: BSD-3-Clause and MIT
Group: Productivity/Networking/SSH
Url: http://www.openssh.com/
Source: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz
Source1: sshd.init
Source2: sshd.pamd
Source4: README.SuSE
Source5: converter.tar.bz2
Source6: README.kerberos
Source7: ssh.reg
Source8: ssh-askpass
Source9: sshd.fw
Source10: sysconfig.ssh
Source11: sshd-gen-keys-start
Source12: sshd.service
Patch: %{name}-5.9p1-sshd_config.diff
Patch2: %{name}-5.9p1-pam-fix2.diff
Patch3: %{name}-5.9p1-saveargv-fix.diff
Patch4: %{name}-5.9p1-pam-fix3.diff
Patch5: %{name}-5.9p1-gssapimitm.patch
Patch6: %{name}-5.9p1-eal3.diff
Patch7: %{name}-5.9p1-engines.diff
Patch8: %{name}-5.9p1-blocksigalrm.diff
Patch9: %{name}-5.9p1-send_locale.diff
Patch10: %{name}-5.9p1-xauthlocalhostname.diff
Patch12: %{name}-5.9p1-xauth.diff
Patch14: %{name}-5.9p1-default-protocol.diff
Patch15: %{name}-5.9p1-audit.patch
Patch16: %{name}-5.9p1-pts.diff
Patch17: %{name}-5.9p1-homechroot.patch
Patch18: %{name}-5.9p1-sshconfig-knownhostschanges.diff
Patch19: %{name}-5.9p1-host_ident.diff
Patch20: converter-linking.patch
Patch21: openssh-nocrazyabicheck.patch
Patch22: openssh-nodaemon-nopid.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%if 0%{?suse_version} > 1140
BuildRequires: pkgconfig(systemd)
%{?systemd_requires}
%define has_systemd 1
%endif
%{!?_initddir:%global _initddir %{_initrddir}}
%description
SSH (Secure Shell) is a program for logging into and executing commands
on a remote machine. It is intended to replace rsh (rlogin and rsh) and
provides openssl (secure encrypted communication) between two untrusted
hosts over an insecure network.
xorg-x11 (X Window System) connections and arbitrary TCP/IP ports can
also be forwarded over the secure channel.
%prep
%setup -q -a 5
%patch
%patch2
%patch3
%patch4
%patch5
%patch6 -p1
%patch7 -p1
%patch8
%patch9
%patch10
%patch12
%patch14
%patch15 -p1
%patch16
%patch17
%patch18
%patch19 -p1
%patch20
%patch21
%patch22
cp -v %{SOURCE4} .
cp -v %{SOURCE6} .
%build
autoreconf -fiv
%ifarch s390 s390x %sparc
PIEFLAGS="-fPIE"
%else
PIEFLAGS="-fpie"
%endif
export CFLAGS="%{optflags} $PIEFLAGS -fstack-protector"
export CXXFLAGS="%{optflags} $PIEFLAGS -fstack-protector"
export LDFLAGS="-pie"
%configure \
--with-ssl-engine \
%if 0%{suse_version} >= 1140
--with-libedit \
%endif
--sysconfdir=%{_sysconfdir}/ssh \
--libexecdir=%{_libexecdir}/ssh \
--with-tcp-wrappers \
%if 0%{suse_version} > 1100
--with-selinux \
%endif
--with-pam \
--with-kerberos5=/usr \
--with-privsep-path=/var/lib/empty \
--with-sandbox=rlimit \
--disable-strip \
--with-linux-audit \
--with-xauth=%{_prefix}/bin/xauth \
--target=%{_target_cpu}-suse-linux
# --with-afs=/usr \
make %{?_smp_mflags}
(cd converter; make %{?_smp_mflags})
%install
make DESTDIR=%{buildroot}/ install
install -d -m 755 %{buildroot}%{_sysconfdir}/pam.d
install -d -m 755 %{buildroot}/var/lib/sshd
install -m 644 %{S:2} %{buildroot}%{_sysconfdir}/pam.d/sshd
install -d -m 755 %{buildroot}%{_sysconfdir}/slp.reg.d/
install -m 644 %{S:7} %{buildroot}%{_sysconfdir}/slp.reg.d/
install -d -m 755 %{buildroot}%{_initddir}
install -m 755 %{S:1} %{buildroot}%{_initddir}/sshd
ln -vs ../..%{_initddir}/sshd %{buildroot}%{_sbindir}/rcsshd
install -d -m 755 %{buildroot}/var/adm/fillup-templates
install -m 644 %{S:10} %{buildroot}/var/adm/fillup-templates
# install shell script to automate the process of adding your public key to a remote machine
install -m 755 contrib/ssh-copy-id %{buildroot}%{_bindir}
install -m 644 contrib/ssh-copy-id.1 %{buildroot}%{_mandir}/man1
sed -e "s,@LIBEXEC@,%{_libexecdir},g" < %{S:8} > %{buildroot}%{_libexecdir}/ssh/ssh-askpass
( cd converter; make install DESTDIR=%{buildroot} )
rm -f %{buildroot}%{_datadir}/Ssh.bin
sed -i -e s@/usr/libexec@%{_libexecdir}@g %{buildroot}%{_sysconfdir}/ssh/sshd_config
#install firewall definitions format is described here:
#%{_datadir}/SuSEfirewall2/services/TEMPLATE
mkdir -p %{buildroot}%{_fwdefdir}
install -m 644 %{S:9} %{buildroot}%{_fwdefdir}/sshd
%if 0%{?has_systemd}
install -D -m 0755 %{SOURCE11} %{buildroot}%{_sbindir}/sshd-gen-keys-start
install -D -m 0644 %{SOURCE12} %{buildroot}%{_unitdir}/sshd.service
%endif
%pre
getent group sshd >/dev/null || %{_sbindir}/groupadd -r sshd
getent passwd sshd >/dev/null || %{_sbindir}/useradd -r -g sshd -d /var/lib/sshd -s /bin/false -c "SSH daemon" sshd
%if 0%{?has_systemd}
%service_add_pre sshd.service
%endif
%post
%{fillup_and_insserv -n ssh sshd}
%if 0%{?has_systemd}
%service_add_post sshd.service
%endif
%preun
%stop_on_removal sshd
%if 0%{?has_systemd}
%service_del_preun sshd.service
%endif
%postun
%restart_on_update sshd
%{insserv_cleanup}
%if 0%{?has_systemd}
%service_del_postun sshd.service
%endif
%files
%defattr(-,root,root)
%dir %attr(755,root,root) /var/lib/sshd
%doc README.SuSE README.kerberos ChangeLog OVERVIEW README TODO LICENCE CREDITS
%attr(0755,root,root) %dir %{_sysconfdir}/ssh
%attr(0600,root,root) %config(noreplace) %{_sysconfdir}/ssh/moduli
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/ssh/ssh_config
%attr(0640,root,root) %config(noreplace) %{_sysconfdir}/ssh/sshd_config
%attr(0644,root,root) %config %{_sysconfdir}/pam.d/sshd
%attr(0755,root,root) %config %{_initddir}/sshd
%attr(0755,root,root) %{_bindir}/ssh
%{_bindir}/scp
%{_bindir}/sftp
%{_bindir}/slogin
%{_bindir}/ssh-*
%{_sbindir}/*
%attr(444,root,root) %doc %{_mandir}/man1/scp.1.gz
%attr(444,root,root) %doc %{_mandir}/man1/ssh-keygen.1.gz
%attr(444,root,root) %doc %{_mandir}/man1/ssh-keyconverter.1.gz
%attr(444,root,root) %doc %{_mandir}/man1/ssh.1.gz
%attr(444,root,root) %doc %{_mandir}/man1/slogin.1.gz
%attr(444,root,root) %doc %{_mandir}/man1/ssh-agent.1*
%attr(444,root,root) %doc %{_mandir}/man1/ssh-add.1*
%attr(444,root,root) %doc %{_mandir}/man1/ssh-keyscan.1*
%attr(444,root,root) %doc %{_mandir}/man1/sftp.1*
%attr(444,root,root) %doc %{_mandir}/man1/ssh-copy-id.1*
%attr(444,root,root) %doc %{_mandir}/man5/*
%attr(444,root,root) %doc %{_mandir}/man8/*
%attr(0755,root,root) %dir %{_libexecdir}/ssh
%attr(0755,root,root) %{_libexecdir}/ssh/sftp-server
%attr(0755,root,root) %{_libexecdir}/ssh/ssh-keysign
%attr(0755,root,root) %{_libexecdir}/ssh/ssh-pkcs11-helper
%attr(0755,root,root) %{_libexecdir}/ssh/ssh-askpass
%dir %{_sysconfdir}/slp.reg.d
%config %{_sysconfdir}/slp.reg.d/ssh.reg
/var/adm/fillup-templates/sysconfig.ssh
%config %{_fwdefdir}/sshd
%if 0%{?has_systemd}
%{_sbindir}/sshd-gen-keys-start
%{_unitdir}/sshd.service
%endif
%changelog