2007-01-07 17:26:05 +01:00
|
|
|
#
|
2011-02-01 15:14:14 +01:00
|
|
|
# spec file for package openssh
|
2007-01-07 17:26:05 +01:00
|
|
|
#
|
2020-09-18 19:44:52 +02:00
|
|
|
# Copyright (c) 2020 SUSE LLC
|
2007-01-07 17:26:05 +01:00
|
|
|
#
|
2008-08-23 01:32:08 +02:00
|
|
|
# All modifications and additions to the file contributed by third parties
|
|
|
|
|
# remain the property of their copyright owners, unless otherwise agreed
|
|
|
|
|
# upon. The license for this file, and modifications and additions to the
|
|
|
|
|
# file, is the same license as for the pristine package itself (unless the
|
|
|
|
|
# license for the pristine package is not an Open Source License, in which
|
|
|
|
|
# case the license is the MIT License). An "Open Source License" is a
|
|
|
|
|
# license that conforms to the Open Source Definition (Version 1.9)
|
|
|
|
|
# published by the Open Source Initiative.
|
|
|
|
|
|
2019-07-22 20:28:13 +02:00
|
|
|
# Please submit bugfixes or comments via https://bugs.opensuse.org/
|
2007-01-07 17:26:05 +01:00
|
|
|
#
|
|
|
|
|
|
2016-04-06 13:34:51 +02:00
|
|
|
%define sandbox_seccomp 0
|
2019-01-28 11:41:40 +01:00
|
|
|
%ifnarch ppc
|
2014-02-18 14:04:57 +01:00
|
|
|
%define sandbox_seccomp 1
|
|
|
|
|
%endif
|
2019-01-04 07:19:36 +01:00
|
|
|
%define _fwdir %{_sysconfdir}/sysconfig/SuSEfirewall2.d
|
|
|
|
|
%define _fwdefdir %{_fwdir}/services
|
2016-04-06 13:34:51 +02:00
|
|
|
%define _appdefdir %( grep "configdirspec=" $( which xmkmf ) | sed -r 's,^[^=]+=.*-I(.*)/config.*$,\\1/app-defaults,' )
|
2018-10-17 10:57:56 +02:00
|
|
|
%define CHECKSUM_SUFFIX .hmac
|
|
|
|
|
%define CHECKSUM_HMAC_KEY "HMAC_KEY:OpenSSH-FIPS@SLE"
|
2023-05-22 21:32:26 +02:00
|
|
|
%bcond_without ldap
|
|
|
|
|
|
|
|
|
|
%if 0%{?suse_version} >= 1550
|
|
|
|
|
%bcond_without wtmpdb
|
2024-05-14 08:52:13 +02:00
|
|
|
%bcond_with allow_root_password_login_by_default
|
2023-05-22 21:32:26 +02:00
|
|
|
%else
|
|
|
|
|
%bcond_with wtmpdb
|
2024-05-14 08:52:13 +02:00
|
|
|
%bcond_without allow_root_password_login_by_default
|
2023-05-22 21:32:26 +02:00
|
|
|
%endif
|
2020-10-15 16:25:21 +02:00
|
|
|
|
2018-10-17 10:57:56 +02:00
|
|
|
#Compat macro for new _fillupdir macro introduced in Nov 2017
|
|
|
|
|
%if ! %{defined _fillupdir}
|
|
|
|
|
%define _fillupdir %{_localstatedir}/adm/fillup-templates
|
2016-09-30 22:34:19 +02:00
|
|
|
%endif
|
2018-10-17 10:57:56 +02:00
|
|
|
Name: openssh
|
Accepting request 1150500 from home:hpjansson:branches:network
- Update to openssh 9.6p1:
* No changes for askpass, see main package changelog for
details.
- Update to openssh 9.6p1:
= Security
* ssh(1), sshd(8): implement protocol extensions to thwart the
so-called "Terrapin attack" discovered by Fabian Bäumer, Marcus
Brinkmann and Jörg Schwenk. This attack allows a MITM to effect a
limited break of the integrity of the early encrypted SSH transport
protocol by sending extra messages prior to the commencement of
encryption, and deleting an equal number of consecutive messages
immediately after encryption starts. A peer SSH client/server
would not be able to detect that messages were deleted.
* ssh-agent(1): when adding PKCS#11-hosted private keys while
specifying destination constraints, if the PKCS#11 token returned
multiple keys then only the first key had the constraints applied.
Use of regular private keys, FIDO tokens and unconstrained keys
are unaffected.
* ssh(1): if an invalid user or hostname that contained shell
metacharacters was passed to ssh(1), and a ProxyCommand,
LocalCommand directive or "match exec" predicate referenced the
user or hostname via %u, %h or similar expansion token, then
an attacker who could supply arbitrary user/hostnames to ssh(1)
could potentially perform command injection depending on what
quoting was present in the user-supplied ssh_config(5) directive.
= Potentially incompatible changes
* ssh(1), sshd(8): the RFC4254 connection/channels protocol provides
a TCP-like window mechanism that limits the amount of data that
can be sent without acceptance from the peer. In cases where this
OBS-URL: https://build.opensuse.org/request/show/1150500
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=255
2024-02-25 19:43:17 +01:00
|
|
|
Version: 9.6p1
|
2011-12-21 18:59:28 +01:00
|
|
|
Release: 0
|
2007-01-07 17:26:05 +01:00
|
|
|
Summary: Secure Shell Client and Server (Remote Login Program)
|
2018-04-06 06:49:00 +02:00
|
|
|
License: BSD-2-Clause AND MIT
|
2011-12-21 18:59:28 +01:00
|
|
|
Group: Productivity/Networking/SSH
|
2020-06-03 15:03:53 +02:00
|
|
|
URL: https://www.openssh.com/
|
2021-01-18 02:12:55 +01:00
|
|
|
Source0: https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz
|
|
|
|
|
Source1: https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz.asc
|
2007-01-07 17:26:05 +01:00
|
|
|
Source2: sshd.pamd
|
2016-05-30 03:36:18 +02:00
|
|
|
Source3: README.SUSE
|
2013-09-19 06:09:33 +02:00
|
|
|
Source4: README.kerberos
|
|
|
|
|
Source5: ssh.reg
|
|
|
|
|
Source6: ssh-askpass
|
|
|
|
|
Source7: sshd.fw
|
|
|
|
|
Source8: sysconfig.ssh
|
|
|
|
|
Source9: sshd-gen-keys-start
|
|
|
|
|
Source10: sshd.service
|
2016-05-30 03:36:18 +02:00
|
|
|
Source11: README.FIPS
|
2018-01-12 01:42:53 +01:00
|
|
|
Source12: cavs_driver-ssh.pl
|
2020-06-03 15:03:53 +02:00
|
|
|
Source13: https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/RELEASE_KEY.asc#/openssh.keyring
|
2021-01-24 19:19:54 +01:00
|
|
|
Source14: sysusers-sshd.conf
|
2023-04-13 23:23:05 +02:00
|
|
|
Source15: sshd-sle.pamd
|
2018-10-17 10:57:56 +02:00
|
|
|
Patch1: openssh-7.7p1-X11_trusted_forwarding.patch
|
|
|
|
|
Patch3: openssh-7.7p1-enable_PAM_by_default.patch
|
|
|
|
|
Patch4: openssh-7.7p1-eal3.patch
|
|
|
|
|
Patch6: openssh-7.7p1-send_locale.patch
|
|
|
|
|
Patch7: openssh-7.7p1-hostname_changes_when_forwarding_X.patch
|
|
|
|
|
Patch8: openssh-7.7p1-remove_xauth_cookies_on_exit.patch
|
|
|
|
|
Patch9: openssh-7.7p1-pts_names_formatting.patch
|
|
|
|
|
Patch10: openssh-7.7p1-pam_check_locks.patch
|
2018-10-19 15:24:01 +02:00
|
|
|
# https://bugzilla.mindrot.org/show_bug.cgi?id=2752
|
2018-10-17 10:57:56 +02:00
|
|
|
Patch14: openssh-7.7p1-seccomp_stat.patch
|
2018-10-19 15:24:01 +02:00
|
|
|
# https://bugzilla.mindrot.org/show_bug.cgi?id=2752
|
2018-10-17 10:57:56 +02:00
|
|
|
Patch15: openssh-7.7p1-seccomp_ipc_flock.patch
|
2018-10-19 15:24:01 +02:00
|
|
|
# https://bugzilla.mindrot.org/show_bug.cgi?id=2752
|
2018-10-19 15:44:30 +02:00
|
|
|
# Local FIPS patchset
|
2018-10-17 10:57:56 +02:00
|
|
|
Patch17: openssh-7.7p1-fips.patch
|
2018-10-19 15:44:30 +02:00
|
|
|
# Local cavs patchset
|
2018-10-17 10:57:56 +02:00
|
|
|
Patch18: openssh-7.7p1-cavstest-ctr.patch
|
2018-10-19 15:44:30 +02:00
|
|
|
# Local cavs patchset
|
2018-10-17 10:57:56 +02:00
|
|
|
Patch19: openssh-7.7p1-cavstest-kdf.patch
|
2018-10-19 15:44:30 +02:00
|
|
|
# Local FIPS patchset
|
2018-10-17 10:57:56 +02:00
|
|
|
Patch20: openssh-7.7p1-fips_checks.patch
|
2018-10-19 15:24:01 +02:00
|
|
|
# https://bugzilla.mindrot.org/show_bug.cgi?id=2641
|
2018-10-17 10:57:56 +02:00
|
|
|
Patch22: openssh-7.7p1-systemd-notify.patch
|
2019-10-10 15:32:50 +02:00
|
|
|
Patch23: openssh-8.0p1-gssapi-keyex.patch
|
2018-10-19 15:44:30 +02:00
|
|
|
# https://bugzilla.mindrot.org/show_bug.cgi?id=1402
|
2019-10-10 15:32:50 +02:00
|
|
|
Patch24: openssh-8.1p1-audit.patch
|
2018-10-19 15:44:30 +02:00
|
|
|
# Local patch to disable runtime abi SSL checks, quite pointless for us
|
2018-10-17 10:57:56 +02:00
|
|
|
Patch26: openssh-7.7p1-disable_openssl_abi_check.patch
|
2018-10-19 15:24:01 +02:00
|
|
|
# https://bugzilla.mindrot.org/show_bug.cgi?id=2641
|
2018-10-17 10:57:56 +02:00
|
|
|
Patch27: openssh-7.7p1-no_fork-no_pid_file.patch
|
|
|
|
|
Patch28: openssh-7.7p1-host_ident.patch
|
2018-10-19 15:12:48 +02:00
|
|
|
# https://bugzilla.mindrot.org/show_bug.cgi?id=1844
|
2018-10-17 10:57:56 +02:00
|
|
|
Patch29: openssh-7.7p1-sftp_force_permissions.patch
|
2018-10-19 15:24:01 +02:00
|
|
|
# https://bugzilla.mindrot.org/show_bug.cgi?id=2143
|
2018-10-17 10:57:56 +02:00
|
|
|
Patch30: openssh-7.7p1-X_forward_with_disabled_ipv6.patch
|
|
|
|
|
Patch31: openssh-7.7p1-ldap.patch
|
2018-10-19 15:24:01 +02:00
|
|
|
# https://bugzilla.mindrot.org/show_bug.cgi?id=2213
|
2018-10-17 10:57:56 +02:00
|
|
|
Patch32: openssh-7.7p1-IPv6_X_forwarding.patch
|
|
|
|
|
Patch33: openssh-7.7p1-sftp_print_diagnostic_messages.patch
|
2019-10-15 09:47:08 +02:00
|
|
|
Patch34: openssh-7.9p1-keygen-preserve-perms.patch
|
|
|
|
|
Patch35: openssh-7.9p1-revert-new-qos-defaults.patch
|
2019-11-14 16:26:26 +01:00
|
|
|
Patch36: openssh-8.1p1-seccomp-clock_nanosleep.patch
|
2020-02-18 16:10:09 +01:00
|
|
|
Patch37: openssh-8.1p1-seccomp-clock_nanosleep_time64.patch
|
|
|
|
|
Patch38: openssh-8.1p1-seccomp-clock_gettime64.patch
|
2020-02-28 13:19:42 +01:00
|
|
|
Patch39: openssh-8.1p1-use-openssl-kdf.patch
|
2020-11-22 17:59:16 +01:00
|
|
|
Patch40: openssh-8.1p1-ed25519-use-openssl-rng.patch
|
|
|
|
|
Patch41: openssh-fips-ensure-approved-moduli.patch
|
|
|
|
|
Patch42: openssh-link-with-sk.patch
|
2021-01-23 00:06:22 +01:00
|
|
|
Patch43: openssh-reenable-dh-group14-sha1-default.patch
|
2021-01-27 20:14:20 +01:00
|
|
|
Patch45: openssh-8.4p1-ssh_config_d.patch
|
2021-02-15 11:04:25 +01:00
|
|
|
Patch46: openssh-whitelist-syscalls.patch
|
2021-04-09 03:57:00 +02:00
|
|
|
Patch47: openssh-8.4p1-vendordir.patch
|
2021-06-23 20:30:23 +02:00
|
|
|
Patch48: openssh-8.4p1-pam_motd.patch
|
2022-11-15 16:28:59 +01:00
|
|
|
Patch49: openssh-do-not-send-empty-message.patch
|
2022-12-21 11:48:51 +01:00
|
|
|
Patch50: openssh-openssl-3.patch
|
2023-05-22 21:32:26 +02:00
|
|
|
Patch51: wtmpdb.patch
|
2023-09-19 00:02:17 +02:00
|
|
|
Patch52: logind_set_tty.patch
|
2024-04-05 13:08:11 +02:00
|
|
|
Patch54: openssh-mitigate-lingering-secrets.patch
|
2023-05-22 21:32:26 +02:00
|
|
|
Patch100: fix-missing-lz.patch
|
2023-11-28 17:35:34 +01:00
|
|
|
Patch102: openssh-7.8p1-role-mls.patch
|
|
|
|
|
Patch103: openssh-6.6p1-privsep-selinux.patch
|
|
|
|
|
Patch104: openssh-6.6p1-keycat.patch
|
|
|
|
|
Patch105: openssh-6.6.1p1-selinux-contexts.patch
|
|
|
|
|
Patch106: openssh-7.6p1-cleanup-selinux.patch
|
2024-04-04 11:11:25 +02:00
|
|
|
# PATCH-FIX-OPENSUSE bsc#1211301 Add crypto-policies support
|
|
|
|
|
Patch107: openssh-9.6p1-crypto-policies.patch
|
|
|
|
|
Patch108: openssh-9.6p1-crypto-policies-man.patch
|
2024-05-14 08:52:13 +02:00
|
|
|
%if 0%{with allow_root_password_login_by_default}
|
|
|
|
|
Patch1000: openssh-7.7p1-allow_root_password_login.patch
|
|
|
|
|
%endif
|
2018-10-17 10:57:56 +02:00
|
|
|
BuildRequires: audit-devel
|
2021-01-18 02:12:55 +01:00
|
|
|
BuildRequires: automake
|
2018-10-17 10:57:56 +02:00
|
|
|
BuildRequires: groff
|
|
|
|
|
BuildRequires: libedit-devel
|
|
|
|
|
BuildRequires: libselinux-devel
|
2023-05-22 21:32:26 +02:00
|
|
|
%if %{with ldap}
|
2018-10-17 10:57:56 +02:00
|
|
|
BuildRequires: openldap2-devel
|
2023-05-22 21:32:26 +02:00
|
|
|
%endif
|
2022-12-21 11:48:51 +01:00
|
|
|
BuildRequires: openssl-devel
|
2018-10-17 10:57:56 +02:00
|
|
|
BuildRequires: pam-devel
|
|
|
|
|
BuildRequires: pkgconfig
|
|
|
|
|
BuildRequires: zlib-devel
|
2023-05-22 21:32:26 +02:00
|
|
|
BuildRequires: pkgconfig(libfido2) >= 1.2.0
|
2018-10-17 10:57:56 +02:00
|
|
|
BuildRequires: pkgconfig(libsystemd)
|
2021-01-24 19:19:54 +01:00
|
|
|
BuildRequires: sysuser-shadow
|
|
|
|
|
BuildRequires: sysuser-tools
|
2020-09-18 19:44:52 +02:00
|
|
|
Requires: %{name}-clients = %{version}-%{release}
|
|
|
|
|
Requires: %{name}-server = %{version}-%{release}
|
2019-01-28 09:02:07 +01:00
|
|
|
%if 0%{?suse_version} >= 1550
|
|
|
|
|
BuildRequires: pkgconfig(krb5)
|
|
|
|
|
%else
|
|
|
|
|
BuildRequires: krb5-mini-devel
|
|
|
|
|
%endif
|
2023-05-22 21:32:26 +02:00
|
|
|
%if %{with wtmpdb}
|
|
|
|
|
BuildRequires: pkgconfig(libwtmpdb)
|
|
|
|
|
%endif
|
2021-01-23 00:06:22 +01:00
|
|
|
Requires(pre): findutils
|
|
|
|
|
Requires(pre): grep
|
2011-12-26 08:09:33 +01:00
|
|
|
|
2007-01-07 17:26:05 +01:00
|
|
|
%description
|
|
|
|
|
SSH (Secure Shell) is a program for logging into and executing commands
|
2020-09-18 19:44:52 +02:00
|
|
|
on a remote machine. It replaces rsh (rlogin and rsh) and
|
2020-10-15 16:25:21 +02:00
|
|
|
provides secure encrypted communication between two untrusted
|
2007-07-27 02:01:43 +02:00
|
|
|
hosts over an insecure network.
|
|
|
|
|
|
|
|
|
|
xorg-x11 (X Window System) connections and arbitrary TCP/IP ports can
|
|
|
|
|
also be forwarded over the secure channel.
|
2007-01-07 17:26:05 +01:00
|
|
|
|
2020-09-18 19:44:52 +02:00
|
|
|
This is a dummy package that pulls in both the client and server
|
|
|
|
|
components.
|
|
|
|
|
|
|
|
|
|
%package common
|
|
|
|
|
Summary: SSH (Secure Shell) common files
|
|
|
|
|
Group: Productivity/Networking/SSH
|
|
|
|
|
Conflicts: nonfreessh
|
|
|
|
|
Conflicts: %{name}-fips < %{version}-%{release}
|
|
|
|
|
Conflicts: %{name}-fips > %{version}-%{release}
|
|
|
|
|
|
|
|
|
|
%description common
|
|
|
|
|
SSH (Secure Shell) is a program for logging into and executing commands
|
|
|
|
|
on a remote machine. It replaces rsh (rlogin and rsh) and
|
2020-10-15 16:25:21 +02:00
|
|
|
provides secure encrypted communication between two untrusted
|
2020-09-18 19:44:52 +02:00
|
|
|
hosts over an insecure network.
|
|
|
|
|
|
|
|
|
|
xorg-x11 (X Window System) connections and arbitrary TCP/IP ports can
|
|
|
|
|
also be forwarded over the secure channel.
|
|
|
|
|
|
|
|
|
|
This package contains common files for the Secure Shell server and
|
|
|
|
|
clients.
|
|
|
|
|
|
2020-09-14 12:47:29 +02:00
|
|
|
%package server
|
|
|
|
|
Summary: SSH (Secure Shell) server
|
|
|
|
|
Group: Productivity/Networking/SSH
|
2020-09-18 19:44:52 +02:00
|
|
|
Requires: %{name}-common = %{version}-%{release}
|
2024-04-15 08:21:11 +02:00
|
|
|
Requires: crypto-policies >= 20220824
|
2020-09-18 19:44:52 +02:00
|
|
|
Recommends: audit
|
2021-01-23 00:06:22 +01:00
|
|
|
Requires(pre): findutils
|
|
|
|
|
Requires(pre): grep
|
2020-09-18 19:44:52 +02:00
|
|
|
Requires(post): %fillup_prereq
|
|
|
|
|
Requires(post): permissions
|
|
|
|
|
Provides: openssh:%{_sbindir}/sshd
|
2021-01-24 19:19:54 +01:00
|
|
|
%sysusers_requires
|
2020-09-14 12:47:29 +02:00
|
|
|
|
|
|
|
|
%description server
|
2020-09-18 19:44:52 +02:00
|
|
|
SSH (Secure Shell) is a program for logging into and executing commands
|
|
|
|
|
on a remote machine. It replaces rsh (rlogin and rsh) and
|
2020-10-15 16:25:21 +02:00
|
|
|
provides secure encrypted communication between two untrusted
|
2020-09-18 19:44:52 +02:00
|
|
|
hosts over an insecure network.
|
|
|
|
|
|
|
|
|
|
xorg-x11 (X Window System) connections and arbitrary TCP/IP ports can
|
|
|
|
|
also be forwarded over the secure channel.
|
|
|
|
|
|
|
|
|
|
This package contains the Secure Shell daemon, which allows clients to
|
|
|
|
|
securely connect to your server.
|
2020-09-14 12:47:29 +02:00
|
|
|
|
2024-05-14 08:52:13 +02:00
|
|
|
%if 0%{with allow_root_password_login_by_default}
|
|
|
|
|
%package server-config-disallow-rootlogin
|
|
|
|
|
Summary: Config to disallow password root logins to sshd
|
|
|
|
|
Group: Productivity/Networking/SSH
|
|
|
|
|
Requires: %{name}-server = %{version}-%{release}
|
|
|
|
|
Conflicts: %{name}-server-config-rootlogin
|
|
|
|
|
|
|
|
|
|
%description server-config-disallow-rootlogin
|
|
|
|
|
The openssh-server package by default allows password based
|
|
|
|
|
root logins. This package provides a config that disallows root
|
|
|
|
|
to log in using the passwor. It's useful to secure your system
|
|
|
|
|
preventing password attacks on the root account over ssh.
|
|
|
|
|
%else
|
2022-04-29 02:45:48 +02:00
|
|
|
%package server-config-rootlogin
|
|
|
|
|
Summary: Config to permit root logins to sshd
|
|
|
|
|
Group: Productivity/Networking/SSH
|
|
|
|
|
Requires: %{name}-server = %{version}-%{release}
|
2024-05-14 08:52:13 +02:00
|
|
|
Conflicts: %{name}-server-config-disallow-rootlogin
|
2022-04-29 02:45:48 +02:00
|
|
|
|
|
|
|
|
%description server-config-rootlogin
|
|
|
|
|
The openssh-server package by default disallows password based
|
|
|
|
|
root logins. This package provides a config that does. It's useful
|
|
|
|
|
to temporarily have a password based login to be able to use
|
|
|
|
|
ssh-copy-id(1).
|
2024-05-14 08:52:13 +02:00
|
|
|
%endif
|
2022-04-29 02:45:48 +02:00
|
|
|
|
2020-09-14 12:47:29 +02:00
|
|
|
%package clients
|
|
|
|
|
Summary: SSH (Secure Shell) client applications
|
|
|
|
|
Group: Productivity/Networking/SSH
|
2024-04-04 11:11:25 +02:00
|
|
|
Requires: crypto-policies >= 20220824
|
2020-09-18 19:44:52 +02:00
|
|
|
Requires: %{name}-common = %{version}-%{release}
|
|
|
|
|
Provides: openssh:%{_bindir}/ssh
|
2020-09-14 12:47:29 +02:00
|
|
|
|
|
|
|
|
%description clients
|
2020-09-18 19:44:52 +02:00
|
|
|
SSH (Secure Shell) is a program for logging into and executing commands
|
|
|
|
|
on a remote machine. It replaces rsh (rlogin and rsh) and
|
2020-10-15 16:25:21 +02:00
|
|
|
provides secure encrypted communication between two untrusted
|
2020-09-18 19:44:52 +02:00
|
|
|
hosts over an insecure network.
|
|
|
|
|
|
|
|
|
|
xorg-x11 (X Window System) connections and arbitrary TCP/IP ports can
|
|
|
|
|
also be forwarded over the secure channel.
|
|
|
|
|
|
|
|
|
|
This package contains clients for making secure connections to Secure
|
|
|
|
|
Shell servers.
|
2020-09-14 12:47:29 +02:00
|
|
|
|
2023-05-22 21:32:26 +02:00
|
|
|
%if %{with ldap}
|
2014-01-31 13:18:41 +01:00
|
|
|
%package helpers
|
|
|
|
|
Summary: OpenSSH AuthorizedKeysCommand helpers
|
2013-09-19 06:09:33 +02:00
|
|
|
Group: Productivity/Networking/SSH
|
2020-09-18 19:44:52 +02:00
|
|
|
Requires: %{name}-common = %{version}-%{release}
|
2013-09-19 06:09:33 +02:00
|
|
|
|
2014-01-31 13:18:41 +01:00
|
|
|
%description helpers
|
2020-09-18 19:44:52 +02:00
|
|
|
SSH (Secure Shell) is a program for logging into and executing commands
|
|
|
|
|
on a remote machine. It replaces rsh (rlogin and rsh) and
|
2020-10-15 16:25:21 +02:00
|
|
|
provides secure encrypted communication between two untrusted
|
2020-09-18 19:44:52 +02:00
|
|
|
hosts over an insecure network.
|
|
|
|
|
|
|
|
|
|
xorg-x11 (X Window System) connections and arbitrary TCP/IP ports can
|
|
|
|
|
also be forwarded over the secure channel.
|
|
|
|
|
|
|
|
|
|
This package contains helper applications for OpenSSH which retrieve
|
|
|
|
|
keys from various sources.
|
2023-05-22 21:32:26 +02:00
|
|
|
%endif
|
2013-09-19 06:09:33 +02:00
|
|
|
|
2014-04-14 23:53:01 +02:00
|
|
|
%package fips
|
2020-09-18 19:44:52 +02:00
|
|
|
Summary: OpenSSH FIPS crypto module HMACs
|
2014-04-14 23:53:01 +02:00
|
|
|
Group: Productivity/Networking/SSH
|
2020-09-18 19:44:52 +02:00
|
|
|
Requires: %{name}-common = %{version}-%{release}
|
|
|
|
|
Conflicts: %{name}-common < %{version}-%{release}
|
|
|
|
|
Conflicts: %{name}-common > %{version}-%{release}
|
2016-05-30 03:36:18 +02:00
|
|
|
Obsoletes: %{name}-hmac
|
2014-04-14 23:53:01 +02:00
|
|
|
|
|
|
|
|
%description fips
|
2020-09-18 19:44:52 +02:00
|
|
|
This package contains hashes that, together with the main openssh packages,
|
|
|
|
|
form the FIPS certifiable crypto module.
|
2014-04-14 23:53:01 +02:00
|
|
|
|
2018-01-12 01:42:53 +01:00
|
|
|
%package cavs
|
2020-09-18 19:44:52 +02:00
|
|
|
Summary: OpenSSH FIPS crypto module CAVS tests
|
2018-01-12 01:42:53 +01:00
|
|
|
Group: Productivity/Networking/SSH
|
2020-09-18 19:44:52 +02:00
|
|
|
Requires: %{name}-common = %{version}-%{release}
|
2018-01-12 01:42:53 +01:00
|
|
|
|
|
|
|
|
%description cavs
|
2020-10-15 16:25:21 +02:00
|
|
|
This package contains the FIPS-140 CAVS (Cryptographic Algorithm
|
2020-09-18 19:44:52 +02:00
|
|
|
Validation Program/Suite) related tests of OpenSSH.
|
2016-05-30 03:36:18 +02:00
|
|
|
|
2007-01-07 17:26:05 +01:00
|
|
|
%prep
|
2018-10-17 10:57:56 +02:00
|
|
|
%setup -q
|
2016-05-30 03:36:18 +02:00
|
|
|
cp %{SOURCE3} %{SOURCE4} %{SOURCE11} .
|
2007-01-07 17:26:05 +01:00
|
|
|
|
2018-10-17 10:57:56 +02:00
|
|
|
%autopatch -p1
|
|
|
|
|
|
2019-01-04 07:19:36 +01:00
|
|
|
# set libexec dir in the LDAP patch
|
2018-05-01 01:44:41 +02:00
|
|
|
sed -i.libexec 's,@LIBEXECDIR@,%{_libexecdir}/ssh,' \
|
|
|
|
|
$( grep -Rl @LIBEXECDIR@ \
|
2023-05-22 21:32:26 +02:00
|
|
|
$( grep "^+++" %{PATCH31} | sed -r 's@^.+/([^/\t ]+).*$@\1@' )
|
2018-05-01 01:44:41 +02:00
|
|
|
)
|
2016-04-06 13:34:51 +02:00
|
|
|
|
2018-01-12 01:42:53 +01:00
|
|
|
%build
|
2011-09-07 17:50:44 +02:00
|
|
|
autoreconf -fiv
|
2018-10-17 10:57:56 +02:00
|
|
|
%ifarch s390 s390x %{sparc}
|
2007-01-07 17:26:05 +01:00
|
|
|
PIEFLAGS="-fPIE"
|
|
|
|
|
%else
|
|
|
|
|
PIEFLAGS="-fpie"
|
|
|
|
|
%endif
|
2013-09-19 06:09:33 +02:00
|
|
|
CFLAGS="%{optflags} $PIEFLAGS -fstack-protector"
|
|
|
|
|
CXXFLAGS="%{optflags} $PIEFLAGS -fstack-protector"
|
|
|
|
|
LDFLAGS="-pie -Wl,--as-needed"
|
2019-01-04 07:19:36 +01:00
|
|
|
#CPPFLAGS="%%{optflags} -DUSE_INTERNAL_B64"
|
2013-09-19 06:09:33 +02:00
|
|
|
export LDFLAGS CFLAGS CXXFLAGS CPPFLAGS
|
2016-05-30 03:36:18 +02:00
|
|
|
%configure \
|
2011-10-19 04:18:13 +02:00
|
|
|
--sysconfdir=%{_sysconfdir}/ssh \
|
|
|
|
|
--libexecdir=%{_libexecdir}/ssh \
|
2011-02-04 11:44:51 +01:00
|
|
|
--with-selinux \
|
2013-09-19 06:09:33 +02:00
|
|
|
--with-pid-dir=/run \
|
2018-01-12 13:57:27 +01:00
|
|
|
--with-systemd \
|
2013-09-19 06:09:33 +02:00
|
|
|
--with-ssl-engine \
|
2011-02-04 11:44:51 +01:00
|
|
|
--with-pam \
|
2013-09-19 06:09:33 +02:00
|
|
|
--with-kerberos5=%{_prefix} \
|
2018-10-17 10:57:56 +02:00
|
|
|
--with-privsep-path=%{_localstatedir}/lib/empty \
|
2014-02-14 15:54:10 +01:00
|
|
|
%if %{sandbox_seccomp}
|
|
|
|
|
--with-sandbox=seccomp_filter \
|
|
|
|
|
%else
|
2011-10-19 04:18:13 +02:00
|
|
|
--with-sandbox=rlimit \
|
2013-09-19 06:09:33 +02:00
|
|
|
%endif
|
2011-02-04 11:44:51 +01:00
|
|
|
--disable-strip \
|
2013-09-19 06:09:33 +02:00
|
|
|
--with-audit=linux \
|
2023-05-22 21:32:26 +02:00
|
|
|
%if %{with ldap}
|
2013-09-19 06:09:33 +02:00
|
|
|
--with-ldap \
|
2023-05-22 21:32:26 +02:00
|
|
|
%endif
|
2013-09-19 06:09:33 +02:00
|
|
|
--with-xauth=%{_bindir}/xauth \
|
|
|
|
|
--with-libedit \
|
2023-05-22 21:32:26 +02:00
|
|
|
%if %{with wtmpdb}
|
|
|
|
|
--with-wtmpdb \
|
2023-09-19 00:02:17 +02:00
|
|
|
%endif
|
|
|
|
|
%if 0%{?suse_version} >= 1550
|
|
|
|
|
--disable-lastlog \
|
|
|
|
|
--with-logind \
|
2023-05-22 21:32:26 +02:00
|
|
|
%endif
|
2020-06-06 08:49:00 +02:00
|
|
|
--with-security-key-builtin \
|
2018-10-17 11:24:31 +02:00
|
|
|
--target=%{_target_cpu}-suse-linux
|
2013-09-19 06:09:33 +02:00
|
|
|
|
2020-06-03 15:03:53 +02:00
|
|
|
%make_build
|
2021-04-09 03:57:00 +02:00
|
|
|
%sysusers_generate_pre %{SOURCE14} sshd sshd.conf
|
2013-09-19 06:09:33 +02:00
|
|
|
|
2007-01-07 17:26:05 +01:00
|
|
|
%install
|
2018-10-17 10:57:56 +02:00
|
|
|
%make_install
|
2021-01-04 18:53:11 +01:00
|
|
|
%if %{defined _distconfdir}
|
2022-08-29 10:24:07 +02:00
|
|
|
install -d -m 755 %{buildroot}%{_pam_vendordir}
|
|
|
|
|
install -m 644 %{SOURCE2} %{buildroot}%{_pam_vendordir}/sshd
|
2021-01-04 18:53:11 +01:00
|
|
|
%else
|
2023-04-13 23:23:05 +02:00
|
|
|
# SLE has no distconfdir, so use sle PAM config
|
2011-10-19 04:18:13 +02:00
|
|
|
install -d -m 755 %{buildroot}%{_sysconfdir}/pam.d
|
2023-04-13 23:23:05 +02:00
|
|
|
install -m 644 %{SOURCE15} %{buildroot}%{_sysconfdir}/pam.d/sshd
|
2021-01-04 18:53:11 +01:00
|
|
|
%endif
|
|
|
|
|
install -d -m 755 %{buildroot}%{_localstatedir}/lib/sshd
|
2021-01-27 20:14:20 +01:00
|
|
|
install -d -m 755 %{buildroot}%{_sysconfdir}/ssh/ssh_config.d
|
|
|
|
|
install -d -m 755 %{buildroot}%{_sysconfdir}/ssh/sshd_config.d
|
2023-12-19 02:39:20 +01:00
|
|
|
%if 0%{?suse_version} < 1600
|
2011-10-19 04:18:13 +02:00
|
|
|
install -d -m 755 %{buildroot}%{_sysconfdir}/slp.reg.d/
|
2013-09-19 06:09:33 +02:00
|
|
|
install -m 644 %{SOURCE5} %{buildroot}%{_sysconfdir}/slp.reg.d/
|
2023-12-19 02:39:20 +01:00
|
|
|
%endif
|
2014-02-14 15:54:10 +01:00
|
|
|
install -D -m 0644 %{SOURCE10} %{buildroot}%{_unitdir}/sshd.service
|
2018-10-17 10:57:56 +02:00
|
|
|
ln -s service %{buildroot}%{_sbindir}/rcsshd
|
2018-01-12 13:57:27 +01:00
|
|
|
install -d -m 755 %{buildroot}%{_fillupdir}
|
|
|
|
|
install -m 644 %{SOURCE8} %{buildroot}%{_fillupdir}
|
2007-01-07 17:26:05 +01:00
|
|
|
# install shell script to automate the process of adding your public key to a remote machine
|
2011-10-19 04:18:13 +02:00
|
|
|
install -m 755 contrib/ssh-copy-id %{buildroot}%{_bindir}
|
2011-11-02 16:44:39 +01:00
|
|
|
install -m 644 contrib/ssh-copy-id.1 %{buildroot}%{_mandir}/man1
|
2018-10-17 10:57:56 +02:00
|
|
|
sed -i -e s@%{_prefix}/libexec@%{_libexecdir}@g %{buildroot}%{_sysconfdir}/ssh/sshd_config
|
2013-09-19 06:09:33 +02:00
|
|
|
|
2024-05-14 08:52:13 +02:00
|
|
|
%if 0%{with allow_root_password_login_by_default}
|
|
|
|
|
echo "PermitRootLogin prohibit-password" > %{buildroot}%{_sysconfdir}/ssh/sshd_config.d/51-permit-root-login.conf
|
|
|
|
|
%else
|
2023-05-22 21:32:26 +02:00
|
|
|
echo "PermitRootLogin yes" > %{buildroot}%{_sysconfdir}/ssh/sshd_config.d/50-permit-root-login.conf
|
2024-05-14 08:52:13 +02:00
|
|
|
%endif
|
2023-05-22 21:32:26 +02:00
|
|
|
|
2021-04-27 15:00:08 +02:00
|
|
|
# Move /etc to /usr/etc/ssh
|
2023-05-22 21:32:26 +02:00
|
|
|
%if %{defined _distconfdir}
|
2022-04-29 02:45:48 +02:00
|
|
|
mkdir -p %{buildroot}%{_distconfdir}/ssh/ssh{,d}_config.d
|
2021-04-27 15:00:08 +02:00
|
|
|
mv %{buildroot}%{_sysconfdir}/ssh/moduli %{buildroot}%{_distconfdir}/ssh/
|
|
|
|
|
mv %{buildroot}%{_sysconfdir}/ssh/ssh_config %{buildroot}%{_distconfdir}/ssh/
|
|
|
|
|
mv %{buildroot}%{_sysconfdir}/ssh/sshd_config %{buildroot}%{_distconfdir}/ssh/
|
2024-05-14 08:52:13 +02:00
|
|
|
%if 0%{with allow_root_password_login_by_default}
|
|
|
|
|
mv %{buildroot}%{_sysconfdir}/ssh/sshd_config.d/51-permit-root-login.conf %{buildroot}%{_distconfdir}/ssh/sshd_config.d/51-permit-root-login.conf
|
|
|
|
|
%else
|
2023-05-22 21:32:26 +02:00
|
|
|
mv %{buildroot}%{_sysconfdir}/ssh/sshd_config.d/50-permit-root-login.conf %{buildroot}%{_distconfdir}/ssh/sshd_config.d/50-permit-root-login.conf
|
|
|
|
|
%endif
|
2024-05-14 08:52:13 +02:00
|
|
|
%endif
|
2021-04-09 03:57:00 +02:00
|
|
|
|
2024-04-04 11:11:25 +02:00
|
|
|
install -m 644 ssh_config_suse %{buildroot}%{_sysconfdir}/ssh/ssh_config.d/50-suse.conf
|
|
|
|
|
%if %{defined _distconfdir}
|
|
|
|
|
install -m 644 sshd_config_suse_cp %{buildroot}%{_distconfdir}/ssh/sshd_config.d/40-suse-crypto-policies.conf
|
|
|
|
|
%else
|
|
|
|
|
install -m 644 sshd_config_suse_cp %{buildroot}%{_sysconfdir}/ssh/sshd_config.d/40-suse-crypto-policies.conf
|
|
|
|
|
%endif
|
|
|
|
|
|
2019-08-19 11:45:46 +02:00
|
|
|
%if 0%{?suse_version} < 1550
|
2018-12-11 17:01:09 +01:00
|
|
|
# install firewall definitions
|
2011-11-02 16:44:39 +01:00
|
|
|
mkdir -p %{buildroot}%{_fwdefdir}
|
2013-09-19 06:09:33 +02:00
|
|
|
install -m 644 %{SOURCE7} %{buildroot}%{_fwdefdir}/sshd
|
2019-08-19 11:45:46 +02:00
|
|
|
%endif
|
2013-09-19 06:09:33 +02:00
|
|
|
|
|
|
|
|
# askpass wrapper
|
|
|
|
|
sed -e "s,@LIBEXECDIR@,%{_libexecdir},g" < %{SOURCE6} > %{buildroot}%{_libexecdir}/ssh/ssh-askpass
|
2018-01-12 01:42:53 +01:00
|
|
|
sed -e "s,@LIBEXECDIR@,%{_libexecdir},g" < %{SOURCE12} > %{buildroot}%{_libexecdir}/ssh/cavs_driver-ssh.pl
|
2013-09-19 06:09:33 +02:00
|
|
|
rm -f %{buildroot}%{_datadir}/Ssh.bin
|
2014-02-14 15:54:10 +01:00
|
|
|
# sshd keys generator wrapper
|
2013-09-19 06:09:33 +02:00
|
|
|
install -D -m 0755 %{SOURCE9} %{buildroot}%{_sbindir}/sshd-gen-keys-start
|
2007-01-07 17:26:05 +01:00
|
|
|
|
2021-01-24 19:19:54 +01:00
|
|
|
# Install sysusers.d config for sshd user
|
|
|
|
|
mkdir -p %{buildroot}%{_sysusersdir}
|
|
|
|
|
install -m 644 %{SOURCE14} %{buildroot}%{_sysusersdir}/sshd.conf
|
|
|
|
|
|
2024-04-04 11:11:43 +02:00
|
|
|
rm %{buildroot}%{_libexecdir}/ssh/ssh-keycat
|
2023-11-28 17:35:34 +01:00
|
|
|
#rm -r %{buildroot}/usr/lib/debug/.build-id
|
|
|
|
|
|
2014-04-14 23:53:01 +02:00
|
|
|
# the hmac hashes - taken from openssl
|
|
|
|
|
#
|
|
|
|
|
# re-define the __os_install_post macro: the macro strips
|
|
|
|
|
# the binaries and thereby invalidates any hashes created earlier.
|
|
|
|
|
#
|
2019-01-04 07:19:36 +01:00
|
|
|
# this shows up earlier because otherwise the %%expand of
|
2014-04-14 23:53:01 +02:00
|
|
|
# the macro is too late.
|
|
|
|
|
%{expand:%%global __os_install_post {%__os_install_post
|
|
|
|
|
for b in \
|
|
|
|
|
%{_bindir}/ssh \
|
|
|
|
|
%{_sbindir}/sshd \
|
|
|
|
|
%{_libexecdir}/ssh/sftp-server \
|
|
|
|
|
; do
|
2016-05-30 03:36:18 +02:00
|
|
|
openssl dgst -sha256 -binary -hmac %{CHECKSUM_HMAC_KEY} < %{buildroot}$b > %{buildroot}$b%{CHECKSUM_SUFFIX}
|
2014-04-14 23:53:01 +02:00
|
|
|
done
|
|
|
|
|
|
|
|
|
|
}}
|
|
|
|
|
|
2021-01-24 19:19:54 +01:00
|
|
|
%pre server -f sshd.pre
|
2021-01-04 18:53:11 +01:00
|
|
|
%if %{defined _distconfdir}
|
2021-06-23 21:02:47 +02:00
|
|
|
# Prepare for migration to /usr/etc.
|
2021-01-04 18:53:11 +01:00
|
|
|
test -f /etc/pam.d/sshd.rpmsave && mv -v /etc/pam.d/sshd.rpmsave /etc/pam.d/sshd.rpmsave.old ||:
|
2021-06-23 21:02:47 +02:00
|
|
|
test -f /etc/ssh/sshd_config.rpmsave && mv -v /etc/ssh/sshd_config.rpmsave /etc/ssh/sshd_config.rpmsave.old ||:
|
2021-01-04 18:53:11 +01:00
|
|
|
%endif
|
|
|
|
|
|
2011-11-29 20:55:10 +01:00
|
|
|
%service_add_pre sshd.service
|
2011-10-19 04:18:13 +02:00
|
|
|
|
2020-09-14 12:47:29 +02:00
|
|
|
%post server
|
2020-09-25 21:42:09 +02:00
|
|
|
%{fillup_only -n ssh}
|
2011-11-29 20:55:10 +01:00
|
|
|
%service_add_post sshd.service
|
2020-10-15 16:25:21 +02:00
|
|
|
|
2024-05-17 10:01:30 +02:00
|
|
|
%if ! %{defined _distconfdir}
|
|
|
|
|
test -f /etc/ssh/sshd_config && (grep -q "^Include /etc/ssh/sshd_config\.d/\*\.conf" /etc/ssh/sshd_config || ( \
|
|
|
|
|
echo "WARNING: /etc/ssh/sshd_config doesn't include config files from"
|
|
|
|
|
echo " /etc/ssh/sshd_config.d/ . The crypto-policies configuration won't"
|
|
|
|
|
echo "be honored until the following line is added at the start of"
|
|
|
|
|
echo "/etc/ssh/sshd_config :"
|
|
|
|
|
echo "Include /etc/ssh/sshd_config.d/*.conf" ) ) ||:
|
|
|
|
|
%endif
|
|
|
|
|
|
2020-09-14 12:47:29 +02:00
|
|
|
%preun server
|
2011-11-29 20:55:10 +01:00
|
|
|
%service_del_preun sshd.service
|
2007-01-07 17:26:05 +01:00
|
|
|
|
2020-09-14 12:47:29 +02:00
|
|
|
%postun server
|
2016-05-30 03:36:18 +02:00
|
|
|
# The openssh-fips trigger script for openssh will normally restart sshd once
|
2020-10-15 16:25:21 +02:00
|
|
|
# it gets installed, so only restart the service here if openssh-fips is not
|
|
|
|
|
# present.
|
|
|
|
|
if rpm -q openssh-fips >/dev/null 2>/dev/null; then
|
|
|
|
|
%service_del_postun_without_restart sshd.service
|
|
|
|
|
else
|
2014-02-14 15:54:10 +01:00
|
|
|
%service_del_postun sshd.service
|
2020-10-15 16:25:21 +02:00
|
|
|
fi
|
2007-01-07 17:26:05 +01:00
|
|
|
|
2024-05-17 10:01:30 +02:00
|
|
|
%if ! %{defined _distconfdir}
|
|
|
|
|
%post server-config-disallow-rootlogin
|
|
|
|
|
test -f /etc/ssh/sshd_config && (grep -q "^Include /etc/ssh/sshd_config\.d/\*\.conf" /etc/ssh/sshd_config || ( \
|
|
|
|
|
echo "WARNING: /etc/ssh/sshd_config doesn't include config files from"
|
|
|
|
|
echo " /etc/ssh/sshd_config.d/ . The config file installed by"
|
|
|
|
|
echo "openssh-server-config-disallow-rootlogin won't be used until"
|
|
|
|
|
echo "the following line is added at the start of /etc/ssh/sshd_config :"
|
|
|
|
|
echo "Include /etc/ssh/sshd_config.d/*.conf" ) ) ||:
|
|
|
|
|
%endif
|
|
|
|
|
|
2021-01-04 18:53:11 +01:00
|
|
|
%if %{defined _distconfdir}
|
|
|
|
|
%posttrans server
|
|
|
|
|
# Migration to /usr/etc.
|
|
|
|
|
test -f /etc/pam.d/sshd.rpmsave && mv -v /etc/pam.d/sshd.rpmsave /etc/pam.d/sshd ||:
|
2021-06-23 21:02:47 +02:00
|
|
|
test -f /etc/ssh/sshd_config.rpmsave && mv -v /etc/ssh/sshd_config.rpmsave /etc/ssh/sshd_config ||:
|
2021-01-04 18:53:11 +01:00
|
|
|
%endif
|
|
|
|
|
|
2021-06-23 21:02:47 +02:00
|
|
|
%if %{defined _distconfdir}
|
|
|
|
|
%pre clients
|
|
|
|
|
# Prepare for migration to /usr/etc.
|
|
|
|
|
test -f /etc/ssh/ssh_config.rpmsave && mv -v /etc/ssh/ssh_config.rpmsave /etc/ssh/ssh_config.rpmsave.old ||:
|
|
|
|
|
%endif
|
|
|
|
|
|
2024-05-17 10:01:30 +02:00
|
|
|
%if ! %{defined _distconfdir}
|
|
|
|
|
%post clients
|
|
|
|
|
test -f /etc/ssh/ssh_config && (grep -q "^Include /etc/ssh/ssh_config\.d/\*\.conf" /etc/ssh/ssh_config || ( \
|
|
|
|
|
echo "WARNING: /etc/ssh/ssh_config doesn't include config files from"
|
|
|
|
|
echo " /etc/ssh/ssh_config.d/ . The crypto-policies configuration won't"
|
|
|
|
|
echo "be honored until the following line is added at the start of"
|
|
|
|
|
echo "/etc/ssh/ssh_config :"
|
|
|
|
|
echo "Include /etc/ssh/ssh_config.d/*.conf" ) ) ||:
|
|
|
|
|
%endif
|
|
|
|
|
|
2021-06-23 21:02:47 +02:00
|
|
|
%if %{defined _distconfdir}
|
|
|
|
|
%posttrans clients
|
|
|
|
|
# Migration to /usr/etc.
|
|
|
|
|
test -f /etc/ssh/ssh_config.rpmsave && mv -v /etc/ssh/ssh_config.rpmsave /etc/ssh/ssh_config ||:
|
|
|
|
|
%endif
|
2021-01-04 18:53:11 +01:00
|
|
|
|
2016-05-30 03:36:18 +02:00
|
|
|
%triggerin -n openssh-fips -- %{name} = %{version}-%{release}
|
|
|
|
|
%restart_on_update sshd
|
|
|
|
|
|
2007-01-07 17:26:05 +01:00
|
|
|
%files
|
2020-09-18 19:44:52 +02:00
|
|
|
# openssh is an empty package that depends on -clients and -server,
|
|
|
|
|
# resulting in a clean upgrade path from prior to the split even when
|
|
|
|
|
# recommends are disabled.
|
|
|
|
|
|
|
|
|
|
%files common
|
2018-04-06 06:49:00 +02:00
|
|
|
%license LICENCE
|
|
|
|
|
%doc README.SUSE README.kerberos README.FIPS ChangeLog OVERVIEW README TODO CREDITS
|
2011-10-19 04:18:13 +02:00
|
|
|
%attr(0755,root,root) %dir %{_sysconfdir}/ssh
|
2023-05-22 21:32:26 +02:00
|
|
|
%if %{defined _distconfdir}
|
2021-04-27 15:00:08 +02:00
|
|
|
%attr(0755,root,root) %dir %{_distconfdir}/ssh
|
|
|
|
|
%attr(0600,root,root) %{_distconfdir}/ssh/moduli
|
2023-05-22 21:32:26 +02:00
|
|
|
%attr(0755,root,root) %dir %{_distconfdir}/ssh/ssh_config.d
|
|
|
|
|
%else
|
|
|
|
|
%attr(0755,root,root) %dir %{_sysconfdir}/ssh
|
2024-04-15 08:21:11 +02:00
|
|
|
%attr(0600,root,root) %config(noreplace) %{_sysconfdir}/ssh/moduli
|
2023-05-22 21:32:26 +02:00
|
|
|
%attr(0755,root,root) %dir %{_sysconfdir}/ssh/ssh_config.d
|
|
|
|
|
%endif
|
2020-09-14 12:47:29 +02:00
|
|
|
%attr(0444,root,root) %{_mandir}/man1/ssh-keygen.1*
|
|
|
|
|
%attr(0444,root,root) %{_mandir}/man5/moduli.5*
|
|
|
|
|
%attr(0755,root,root) %{_bindir}/ssh-keygen*
|
|
|
|
|
|
|
|
|
|
%files server
|
|
|
|
|
%attr(0755,root,root) %{_sbindir}/sshd
|
|
|
|
|
%attr(0755,root,root) %{_sbindir}/rcsshd
|
|
|
|
|
%attr(0755,root,root) %{_sbindir}/sshd-gen-keys-start
|
2021-01-27 20:14:20 +01:00
|
|
|
%dir %attr(0755,root,root) %{_localstatedir}/lib/sshd
|
|
|
|
|
%dir %attr(0755,root,root) %{_sysconfdir}/ssh/sshd_config.d
|
2023-05-22 21:32:26 +02:00
|
|
|
%if %{defined _distconfdir}
|
2021-04-27 15:00:08 +02:00
|
|
|
%attr(0755,root,root) %dir %{_distconfdir}/ssh
|
2023-05-22 21:32:26 +02:00
|
|
|
%attr(0755,root,root) %dir %{_distconfdir}/ssh/sshd_config.d
|
2024-04-04 11:11:43 +02:00
|
|
|
%attr(0640,root,root) %config(noreplace) %{_distconfdir}/ssh/sshd_config
|
2022-08-29 10:24:07 +02:00
|
|
|
%attr(0644,root,root) %{_pam_vendordir}/sshd
|
2021-01-04 18:53:11 +01:00
|
|
|
%else
|
2024-04-04 11:11:43 +02:00
|
|
|
%attr(0640,root,root) %config(noreplace) %{_sysconfdir}/ssh/sshd_config
|
2013-09-19 06:09:33 +02:00
|
|
|
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/pam.d/sshd
|
2021-01-04 18:53:11 +01:00
|
|
|
%endif
|
2024-04-04 11:11:25 +02:00
|
|
|
%if %{defined _distconfdir}
|
|
|
|
|
%attr(0600,root,root) %config(noreplace) %{_distconfdir}/ssh/sshd_config.d/40-suse-crypto-policies.conf
|
|
|
|
|
%else
|
|
|
|
|
%attr(0600,root,root) %config(noreplace) %{_sysconfdir}/ssh/sshd_config.d/40-suse-crypto-policies.conf
|
|
|
|
|
%endif
|
2018-10-17 10:57:56 +02:00
|
|
|
%attr(0644,root,root) %{_unitdir}/sshd.service
|
2021-01-24 19:19:54 +01:00
|
|
|
%attr(0644,root,root) %{_sysusersdir}/sshd.conf
|
2020-09-14 12:47:29 +02:00
|
|
|
%attr(0444,root,root) %{_mandir}/man5/sshd_config*
|
|
|
|
|
%attr(0444,root,root) %{_mandir}/man8/sftp-server.8*
|
|
|
|
|
%attr(0444,root,root) %{_mandir}/man8/sshd.8*
|
|
|
|
|
%attr(0755,root,root) %{_libexecdir}/ssh/sftp-server
|
2023-12-19 02:39:20 +01:00
|
|
|
%if 0%{?suse_version} < 1600
|
2011-10-19 04:18:13 +02:00
|
|
|
%dir %{_sysconfdir}/slp.reg.d
|
|
|
|
|
%config %{_sysconfdir}/slp.reg.d/ssh.reg
|
2023-12-19 02:39:20 +01:00
|
|
|
%endif
|
2018-01-12 13:57:27 +01:00
|
|
|
%{_fillupdir}/sysconfig.ssh
|
2019-08-19 11:45:46 +02:00
|
|
|
%if 0%{?suse_version} < 1550
|
2019-01-04 07:19:36 +01:00
|
|
|
%dir %{_fwdir}
|
|
|
|
|
%dir %{_fwdefdir}
|
2013-09-19 06:09:33 +02:00
|
|
|
%config %{_fwdefdir}/sshd
|
2019-08-19 11:45:46 +02:00
|
|
|
%endif
|
2013-09-19 06:09:33 +02:00
|
|
|
|
2024-05-14 08:52:13 +02:00
|
|
|
%if 0%{with allow_root_password_login_by_default}
|
|
|
|
|
%files server-config-disallow-rootlogin
|
|
|
|
|
%if %{defined _distconfdir}
|
|
|
|
|
%{_distconfdir}/ssh/sshd_config.d/51-permit-root-login.conf
|
|
|
|
|
%else
|
|
|
|
|
%config(noreplace) %{_sysconfdir}/ssh/sshd_config.d/51-permit-root-login.conf
|
|
|
|
|
%endif
|
|
|
|
|
%else
|
2022-04-29 02:45:48 +02:00
|
|
|
%files server-config-rootlogin
|
2023-05-22 21:32:26 +02:00
|
|
|
%if %{defined _distconfdir}
|
2022-04-29 02:45:48 +02:00
|
|
|
%{_distconfdir}/ssh/sshd_config.d/50-permit-root-login.conf
|
2023-05-22 21:32:26 +02:00
|
|
|
%else
|
2024-04-15 08:21:11 +02:00
|
|
|
%config(noreplace) %{_sysconfdir}/ssh/sshd_config.d/50-permit-root-login.conf
|
2023-05-22 21:32:26 +02:00
|
|
|
%endif
|
2024-05-14 08:52:13 +02:00
|
|
|
%endif
|
2022-04-29 02:45:48 +02:00
|
|
|
|
2020-09-14 12:47:29 +02:00
|
|
|
%files clients
|
2021-01-27 20:14:20 +01:00
|
|
|
%dir %attr(0755,root,root) %{_sysconfdir}/ssh/ssh_config.d
|
2024-04-04 11:11:25 +02:00
|
|
|
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/ssh/ssh_config.d/50-suse.conf
|
2023-05-22 21:32:26 +02:00
|
|
|
%if %{defined _distconfdir}
|
2021-04-27 15:00:08 +02:00
|
|
|
%attr(0644,root,root) %{_distconfdir}/ssh/ssh_config
|
2023-05-22 21:32:26 +02:00
|
|
|
%else
|
2024-04-15 08:21:11 +02:00
|
|
|
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/ssh/ssh_config
|
2023-05-22 21:32:26 +02:00
|
|
|
%endif
|
2020-09-14 12:47:29 +02:00
|
|
|
%attr(0755,root,root) %{_bindir}/ssh
|
|
|
|
|
%attr(0755,root,root) %{_bindir}/scp*
|
|
|
|
|
%attr(0755,root,root) %{_bindir}/sftp*
|
|
|
|
|
%attr(0755,root,root) %{_bindir}/ssh-add*
|
|
|
|
|
%attr(0755,root,root) %{_bindir}/ssh-agent*
|
|
|
|
|
%attr(0755,root,root) %{_bindir}/ssh-copy-id*
|
|
|
|
|
%attr(0755,root,root) %{_bindir}/ssh-keyscan*
|
|
|
|
|
%attr(0755,root,root) %dir %{_libexecdir}/ssh
|
|
|
|
|
%attr(0755,root,root) %{_libexecdir}/ssh/ssh-askpass*
|
|
|
|
|
%attr(0755,root,root) %{_libexecdir}/ssh/ssh-keysign*
|
|
|
|
|
%attr(0755,root,root) %{_libexecdir}/ssh/ssh-pkcs11-helper*
|
|
|
|
|
%attr(0755,root,root) %{_libexecdir}/ssh/ssh-sk-helper*
|
|
|
|
|
%attr(0444,root,root) %{_mandir}/man1/scp.1*
|
|
|
|
|
%attr(0444,root,root) %{_mandir}/man1/sftp.1*
|
|
|
|
|
%attr(0444,root,root) %{_mandir}/man1/ssh-add.1*
|
|
|
|
|
%attr(0444,root,root) %{_mandir}/man1/ssh-agent.1*
|
|
|
|
|
%attr(0444,root,root) %{_mandir}/man1/ssh-keyscan.1*
|
|
|
|
|
%attr(0444,root,root) %{_mandir}/man1/ssh.1*
|
|
|
|
|
%attr(0444,root,root) %{_mandir}/man1/ssh-copy-id.1*
|
|
|
|
|
%attr(0444,root,root) %{_mandir}/man5/ssh_config.5*
|
|
|
|
|
%attr(0444,root,root) %{_mandir}/man8/ssh-pkcs11-helper.8*
|
|
|
|
|
%attr(0444,root,root) %{_mandir}/man8/ssh-sk-helper.8*
|
|
|
|
|
%attr(0444,root,root) %{_mandir}/man8/ssh-keysign.8*
|
|
|
|
|
|
2023-05-22 21:32:26 +02:00
|
|
|
%if %{with ldap}
|
2014-01-31 13:18:41 +01:00
|
|
|
%files helpers
|
2013-09-19 06:09:33 +02:00
|
|
|
%attr(0755,root,root) %dir %{_sysconfdir}/ssh
|
2018-05-01 01:44:41 +02:00
|
|
|
%verify(not mode) %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/ssh/ldap.conf
|
2013-09-19 06:09:33 +02:00
|
|
|
%attr(0755,root,root) %dir %{_libexecdir}/ssh
|
2018-05-01 01:44:41 +02:00
|
|
|
%attr(0755,root,root) %{_libexecdir}/ssh/ssh-ldap*
|
2019-01-28 09:02:07 +01:00
|
|
|
%attr(0444,root,root) %{_mandir}/man5/ssh-ldap*
|
|
|
|
|
%attr(0444,root,root) %{_mandir}/man8/ssh-ldap*
|
2018-05-01 01:44:41 +02:00
|
|
|
%doc HOWTO.ldap-keys openssh-lpk-openldap.schema openssh-lpk-sun.schema
|
2023-05-22 21:32:26 +02:00
|
|
|
%endif
|
2007-01-07 17:26:05 +01:00
|
|
|
|
2014-04-14 23:53:01 +02:00
|
|
|
%files fips
|
2016-05-30 03:36:18 +02:00
|
|
|
%attr(0444,root,root) %{_bindir}/ssh%{CHECKSUM_SUFFIX}
|
|
|
|
|
%attr(0444,root,root) %{_sbindir}/sshd%{CHECKSUM_SUFFIX}
|
|
|
|
|
%attr(0444,root,root) %{_libexecdir}/ssh/sftp-server%{CHECKSUM_SUFFIX}
|
|
|
|
|
|
2018-01-12 01:42:53 +01:00
|
|
|
%files cavs
|
|
|
|
|
%attr(0755,root,root) %{_libexecdir}/ssh/cavs*
|
2014-04-14 23:53:01 +02:00
|
|
|
|
2007-02-22 14:37:20 +01:00
|
|
|
%changelog
|
