# # spec file for package openssh # # Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via http://bugs.opensuse.org/ # Name: openssh %define _fwdefdir %{_sysconfdir}/sysconfig/SuSEfirewall2.d/services %define _appdefdir %{_prefix}/share/X11/app-defaults BuildRequires: audit-devel BuildRequires: autoconf BuildRequires: groff BuildRequires: krb5-devel BuildRequires: libedit-devel %if 0%{suse_version} > 1100 BuildRequires: libselinux-devel %endif BuildRequires: openssl-devel BuildRequires: pam-devel BuildRequires: tcpd-devel Requires: /bin/netstat PreReq: pwdutils %{insserv_prereq} %{fillup_prereq} coreutils Conflicts: nonfreessh Recommends: xauth Version: 6.1p1 Release: 0 %define xversion 1.2.4.1 Summary: Secure Shell Client and Server (Remote Login Program) License: BSD-3-Clause and MIT Group: Productivity/Networking/SSH Url: http://www.openssh.com/ Source: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz Source1: sshd.init Source2: sshd.pamd Source4: README.SuSE Source5: converter.tar.bz2 Source6: README.kerberos Source7: ssh.reg Source8: ssh-askpass Source9: sshd.fw Source10: sysconfig.ssh Source11: sshd-gen-keys-start Source12: sshd.service Patch: %{name}-5.9p1-sshd_config.diff Patch2: %{name}-5.9p1-pam-fix2.diff Patch3: %{name}-5.9p1-saveargv-fix.diff Patch4: %{name}-5.9p1-pam-fix3.diff Patch5: %{name}-5.9p1-gssapimitm.patch Patch6: %{name}-5.9p1-eal3.diff Patch7: %{name}-5.9p1-engines.diff Patch8: %{name}-5.9p1-blocksigalrm.diff Patch9: %{name}-5.9p1-send_locale.diff Patch10: %{name}-5.9p1-xauthlocalhostname.diff Patch12: %{name}-5.9p1-xauth.diff Patch14: %{name}-5.9p1-default-protocol.diff Patch15: %{name}-5.9p1-audit.patch Patch16: %{name}-5.9p1-pts.diff Patch17: %{name}-5.9p1-homechroot.patch Patch18: %{name}-5.9p1-sshconfig-knownhostschanges.diff Patch19: %{name}-5.9p1-host_ident.diff Patch20: converter-linking.patch Patch21: openssh-nocrazyabicheck.patch Patch22: openssh-nodaemon-nopid.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build %if 0%{?suse_version} > 1140 BuildRequires: pkgconfig(systemd) %{?systemd_requires} %define has_systemd 1 %endif %{!?_initddir:%global _initddir %{_initrddir}} %description SSH (Secure Shell) is a program for logging into and executing commands on a remote machine. It is intended to replace rsh (rlogin and rsh) and provides openssl (secure encrypted communication) between two untrusted hosts over an insecure network. xorg-x11 (X Window System) connections and arbitrary TCP/IP ports can also be forwarded over the secure channel. %prep %setup -q -a 5 %patch %patch2 %patch3 %patch4 %patch5 %patch6 -p1 %patch7 -p1 %patch8 %patch9 %patch10 %patch12 %patch14 %patch15 -p1 %patch16 %patch17 %patch18 %patch19 -p1 %patch20 %patch21 %patch22 cp -v %{SOURCE4} . cp -v %{SOURCE6} . %build autoreconf -fiv %ifarch s390 s390x %sparc PIEFLAGS="-fPIE" %else PIEFLAGS="-fpie" %endif export CFLAGS="%{optflags} $PIEFLAGS -fstack-protector" export CXXFLAGS="%{optflags} $PIEFLAGS -fstack-protector" export LDFLAGS="-pie" %configure \ --with-ssl-engine \ %if 0%{suse_version} >= 1140 --with-libedit \ %endif --sysconfdir=%{_sysconfdir}/ssh \ --libexecdir=%{_libexecdir}/ssh \ --with-tcp-wrappers \ %if 0%{suse_version} > 1100 --with-selinux \ %endif --with-pam \ --with-kerberos5=/usr \ --with-privsep-path=/var/lib/empty \ --with-sandbox=rlimit \ --disable-strip \ --with-linux-audit \ --with-xauth=%{_prefix}/bin/xauth \ --target=%{_target_cpu}-suse-linux # --with-afs=/usr \ make %{?_smp_mflags} (cd converter; make %{?_smp_mflags}) %install make DESTDIR=%{buildroot}/ install install -d -m 755 %{buildroot}%{_sysconfdir}/pam.d install -d -m 755 %{buildroot}/var/lib/sshd install -m 644 %{S:2} %{buildroot}%{_sysconfdir}/pam.d/sshd install -d -m 755 %{buildroot}%{_sysconfdir}/slp.reg.d/ install -m 644 %{S:7} %{buildroot}%{_sysconfdir}/slp.reg.d/ install -d -m 755 %{buildroot}%{_initddir} install -m 755 %{S:1} %{buildroot}%{_initddir}/sshd ln -vs ../..%{_initddir}/sshd %{buildroot}%{_sbindir}/rcsshd install -d -m 755 %{buildroot}/var/adm/fillup-templates install -m 644 %{S:10} %{buildroot}/var/adm/fillup-templates # install shell script to automate the process of adding your public key to a remote machine install -m 755 contrib/ssh-copy-id %{buildroot}%{_bindir} install -m 644 contrib/ssh-copy-id.1 %{buildroot}%{_mandir}/man1 sed -e "s,@LIBEXEC@,%{_libexecdir},g" < %{S:8} > %{buildroot}%{_libexecdir}/ssh/ssh-askpass ( cd converter; make install DESTDIR=%{buildroot} ) rm -f %{buildroot}%{_datadir}/Ssh.bin sed -i -e s@/usr/libexec@%{_libexecdir}@g %{buildroot}%{_sysconfdir}/ssh/sshd_config #install firewall definitions format is described here: #%{_datadir}/SuSEfirewall2/services/TEMPLATE mkdir -p %{buildroot}%{_fwdefdir} install -m 644 %{S:9} %{buildroot}%{_fwdefdir}/sshd %if 0%{?has_systemd} install -D -m 0755 %{SOURCE11} %{buildroot}%{_sbindir}/sshd-gen-keys-start install -D -m 0644 %{SOURCE12} %{buildroot}%{_unitdir}/sshd.service %endif %pre getent group sshd >/dev/null || %{_sbindir}/groupadd -r sshd getent passwd sshd >/dev/null || %{_sbindir}/useradd -r -g sshd -d /var/lib/sshd -s /bin/false -c "SSH daemon" sshd %if 0%{?has_systemd} %service_add_pre sshd.service %endif %post %{fillup_and_insserv -n ssh sshd} %if 0%{?has_systemd} %service_add_post sshd.service %endif %preun %stop_on_removal sshd %if 0%{?has_systemd} %service_del_preun sshd.service %endif %postun %restart_on_update sshd %{insserv_cleanup} %if 0%{?has_systemd} %service_del_postun sshd.service %endif %files %defattr(-,root,root) %dir %attr(755,root,root) /var/lib/sshd %doc README.SuSE README.kerberos ChangeLog OVERVIEW README TODO LICENCE CREDITS %attr(0755,root,root) %dir %{_sysconfdir}/ssh %attr(0600,root,root) %config(noreplace) %{_sysconfdir}/ssh/moduli %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/ssh/ssh_config %attr(0640,root,root) %config(noreplace) %{_sysconfdir}/ssh/sshd_config %attr(0644,root,root) %config %{_sysconfdir}/pam.d/sshd %attr(0755,root,root) %config %{_initddir}/sshd %attr(0755,root,root) %{_bindir}/ssh %{_bindir}/scp %{_bindir}/sftp %{_bindir}/slogin %{_bindir}/ssh-* %{_sbindir}/* %attr(444,root,root) %doc %{_mandir}/man1/scp.1.gz %attr(444,root,root) %doc %{_mandir}/man1/ssh-keygen.1.gz %attr(444,root,root) %doc %{_mandir}/man1/ssh-keyconverter.1.gz %attr(444,root,root) %doc %{_mandir}/man1/ssh.1.gz %attr(444,root,root) %doc %{_mandir}/man1/slogin.1.gz %attr(444,root,root) %doc %{_mandir}/man1/ssh-agent.1* %attr(444,root,root) %doc %{_mandir}/man1/ssh-add.1* %attr(444,root,root) %doc %{_mandir}/man1/ssh-keyscan.1* %attr(444,root,root) %doc %{_mandir}/man1/sftp.1* %attr(444,root,root) %doc %{_mandir}/man1/ssh-copy-id.1* %attr(444,root,root) %doc %{_mandir}/man5/* %attr(444,root,root) %doc %{_mandir}/man8/* %attr(0755,root,root) %dir %{_libexecdir}/ssh %attr(0755,root,root) %{_libexecdir}/ssh/sftp-server %attr(0755,root,root) %{_libexecdir}/ssh/ssh-keysign %attr(0755,root,root) %{_libexecdir}/ssh/ssh-pkcs11-helper %attr(0755,root,root) %{_libexecdir}/ssh/ssh-askpass %dir %{_sysconfdir}/slp.reg.d %config %{_sysconfdir}/slp.reg.d/ssh.reg /var/adm/fillup-templates/sysconfig.ssh %config %{_fwdefdir}/sshd %if 0%{?has_systemd} %{_sbindir}/sshd-gen-keys-start %{_unitdir}/sshd.service %endif %changelog