[people/pmueller/ipfire-3.x.git] / openssh / openssh.nm

###############################################################################
# IPFire.org    - An Open Source Firewall Solution                            #
# Copyright (C) - IPFire Development Team <info@ipfire.org>                   #
###############################################################################

name       = openssh
version    = 5.9p1
release    = 8

groups     = Application/Internet
url        = http://www.openssh.com/portable.html
license    = MIT
summary    = An open source implementation of SSH protocol versions 1 and 2.

description
	SSH (Secure SHell) is a program for logging into and executing
	commands on a remote machine. SSH is intended to replace rlogin and
	rsh, and to provide secure encrypted communications between two
	untrusted hosts over an insecure network.
end

source_dl  = http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/

build
	requires
		audit-devel
		autoconf
		automake
		groff
		libedit-devel
		libselinux-devel
		ncurses-devel
		openldap-devel
		openssl-devel >= 1.0.0d-2
		pam-devel
		util-linux
		zlib-devel
	end

	# Apply patches in a special order
	patches
		openssh-5.9p1-coverity.patch
		openssh-5.8p1-fingerprint.patch
		openssh-5.8p1-getaddrinfo.patch
		openssh-5.8p1-packet.patch
		openssh-5.9p1-2auth.patch
		openssh-5.9p1-role.patch
		openssh-5.9p1-mls.patch
		openssh-5.9p1-sftp-chroot.patch
		openssh-5.9p1-akc.patch
		openssh-5.9p1-keygen.patch
		openssh-5.2p1-allow-ip-opts.patch
		openssh-5.9p1-randclean.patch
		openssh-5.8p1-keyperm.patch
		openssh-5.8p2-remove-stale-control-socket.patch
		openssh-5.9p1-ipv6man.patch
		openssh-5.8p2-sigpipe.patch
		openssh-5.8p2-askpass-ld.patch
		openssh-5.5p1-x11.patch
		openssh-5.6p1-exit-deadlock.patch
		openssh-5.1p1-askpass-progress.patch
		openssh-4.3p2-askpass-grab-info.patch
		openssh-5.9p1-edns.patch
		openssh-5.1p1-scp-manpage.patch
		openssh-5.8p1-localdomain.patch
		openssh-5.9p1-ipfire.patch
		openssh-5.9p1-entropy.patch
		openssh-5.9p1-vendor.patch
		openssh-5.8p2-force_krb.patch
		openssh-5.9p1-kuserok.patch
	end

	configure_options += \
		--sysconfdir=%{sysconfdir}/ssh \
		--datadir=%{datadir}/sshd \
		--libexecdir=%{libdir}/openssh \
		--with-default-path=/usr/local/bin:/bin:/usr/bin \
		--with-superuser-path=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin \
		--with-privsep-path=/var/empty/sshd \
		--enable-vendor-patchlevel="%{DISTRO_NAME} %{thisver}" \
		--disable-strip \
		--with-ssl-engine \
		--with-authorized-keys-command \
		--with-ipaddr-display \
		--with-ldap \
		--with-pam \
		--with-libedit \
		--with-selinux \
		--with-audit=linux

	prepare_cmds
		autoreconf -vfi
	end

	install_cmds
		# Disable GSS API authentication because KRB5 is required for that.
		sed -e "s/^.*GSSAPIAuthentication/#&/" -i %{BUILDROOT}/etc/ssh/ssh_config

		# Install scriptfile for key generation
		mkdir -pv %{BUILDROOT}%{sbindir}
		install -m 754 %{DIR_SOURCE}/sshd-keygen %{BUILDROOT}%{sbindir}

		# Install ssh-copy-id.
		install -m755 contrib/ssh-copy-id %{BUILDROOT}%{bindir}
		install contrib/ssh-copy-id.1 %{BUILDROOT}%{mandir}/man1/
	end
end

packages
	package openssh
		prerequires
			shadow-utils
		end

		configfiles
			%{sysconfdir}/ssh/moduli
		end

		script prein
			getent group ssh_keys >/dev/null || groupadd -r ssh_keys
		end
	end

	package openssh-clients
		summary = OpenSSH client applications.
		description = %{summary}

		requires = openssh = %{thisver}

		files
			%{sysconfdir}/ssh/ssh_config
			%{bindir}/scp
			%{bindir}/sftp
			%{bindir}/slogin
			%{bindir}/ssh
			%{bindir}/ssh-add
			%{bindir}/ssh-agent
			%{bindir}/ssh-copy-id
			%{bindir}/ssh-keyscan
			%{libdir}/openssh/ssh-pkcs11-helper
			%{mandir}/man1/scp.1*
			%{mandir}/man1/sftp.1*
			%{mandir}/man1/slogin.1*
			%{mandir}/man1/ssh-add.1*
			%{mandir}/man1/ssh-agent.1*
			%{mandir}/man1/ssh-copy-id.1*
			%{mandir}/man1/ssh-keyscan.1*
			%{mandir}/man1/ssh.1*
			%{mandir}/man5/ssh_config.5*
			%{mandir}/man8/ssh-pkcs11-helper.8*
		end

		configfiles
			%{sysconfdir}/ssh/ssh_config
		end
	end

	package openssh-server
		summary = OpenSSH server applications.
		description = %{summary}

		requires
			audit
			openssh = %{thisver}
		end

		files
			%{sysconfdir}/pam.d/sshd
			%{sysconfdir}/ssh/sshd_config
			%{unitdir}/sshd.service
			%{libdir}/openssh/sftp-server
			%{sbindir}/sshd-keygen
			%{sbindir}/sshd
			%{mandir}/man5/sshd_config.5*
			%{mandir}/man5/moduli.5*
			%{mandir}/man8/sshd.8*
			%{mandir}/man8/sftp-server.8*
			/var/empty/sshd
		end

		configfiles
			%{sysconfdir}/ssh/sshd_config
		end

		prerequires
			shadow-utils
			systemd-units
		end

		script prein
			# Create unprivileged user and group.
			getent group sshd >/dev/null || groupadd -r sshd
			getent passwd sshd >/dev/null || useradd -r -g sshd \
				-c "Privilege-separated SSH" \
				-d /var/empty/sshd -s /sbin/nologin sshd
		end

		script postin
			/bin/systemctl daemon-reload >/dev/null 2>&1 || :
		end

		script preun
			/bin/systemctl --no-reload disable sshd.service >/dev/null 2>&1 || :
			/bin/systemctl stop sshd.service >/dev/null 2>&1 || :
		end

		script postun
			/bin/systemctl daemon-reload >/dev/null 2>&1 || :
		end

		script postup
			/bin/systemctl daemon-reload >/dev/null 2>&1 || :

			/bin/systemctl try-restart sshd.service >/dev/null 2>&1 || :
			/bin/systemctl try-restart sshd-keygen.service >/dev/null 2>&1 || :
		end
	end

	package %{name}-debuginfo
		template DEBUGINFO
	end
end
Commit	Line	Data
8b63a194	1	###############################################################################
802ea3af MT	2	# IPFire.org - An Open Source Firewall Solution #
802ea3af MT	3	# Copyright (C) - IPFire Development Team <info@ipfire.org> #
8b63a194	4	###############################################################################
8b63a194	5
802ea3af	6	name = openssh
9d8fd3ad	7	version = 5.9p1
84d71be7	8	release = 8
8b63a194	9
802ea3af MT	10	groups = Application/Internet
	11	url = http://www.openssh.com/portable.html
	12	license = MIT
	13	summary = An open source implementation of SSH protocol versions 1 and 2.
8b63a194	14
802ea3af	15	description
9d8fd3ad SS	16	SSH (Secure SHell) is a program for logging into and executing
	17	commands on a remote machine. SSH is intended to replace rlogin and
	18	rsh, and to provide secure encrypted communications between two
8b63a194	19	untrusted hosts over an insecure network.
802ea3af	20	end
8b63a194	21
9d8fd3ad	22	source_dl = http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/
8b63a194	23
802ea3af MT	24	build
	25	requires
	26	audit-devel
9d8fd3ad SS	27	autoconf
9d8fd3ad SS	28	automake
e78de92e MT	29	groff
e78de92e MT	30	libedit-devel
802ea3af	31	libselinux-devel
e78de92e MT	32	ncurses-devel
	33	openldap-devel
	34	openssl-devel >= 1.0.0d-2
802ea3af	35	pam-devel
e78de92e	36	util-linux
802ea3af MT	37	zlib-devel
802ea3af MT	38	end
ba2e7991	39
802ea3af MT	40	# Apply patches in a special order
802ea3af MT	41	patches
9d8fd3ad	42	openssh-5.9p1-coverity.patch
802ea3af	43	openssh-5.8p1-fingerprint.patch
9d8fd3ad SS	44	openssh-5.8p1-getaddrinfo.patch
	45	openssh-5.8p1-packet.patch
	46	openssh-5.9p1-2auth.patch
	47	openssh-5.9p1-role.patch
	48	openssh-5.9p1-mls.patch
	49	openssh-5.9p1-sftp-chroot.patch
	50	openssh-5.9p1-akc.patch
	51	openssh-5.9p1-keygen.patch
802ea3af	52	openssh-5.2p1-allow-ip-opts.patch
9d8fd3ad SS	53	openssh-5.9p1-randclean.patch
	54	openssh-5.8p1-keyperm.patch
	55	openssh-5.8p2-remove-stale-control-socket.patch
	56	openssh-5.9p1-ipv6man.patch
	57	openssh-5.8p2-sigpipe.patch
	58	openssh-5.8p2-askpass-ld.patch
802ea3af MT	59	openssh-5.5p1-x11.patch
	60	openssh-5.6p1-exit-deadlock.patch
	61	openssh-5.1p1-askpass-progress.patch
	62	openssh-4.3p2-askpass-grab-info.patch
9d8fd3ad	63	openssh-5.9p1-edns.patch
802ea3af	64	openssh-5.1p1-scp-manpage.patch
9d8fd3ad SS	65	openssh-5.8p1-localdomain.patch
	66	openssh-5.9p1-ipfire.patch
	67	openssh-5.9p1-entropy.patch
	68	openssh-5.9p1-vendor.patch
	69	openssh-5.8p2-force_krb.patch
	70	openssh-5.9p1-kuserok.patch
802ea3af	71	end
ba2e7991	72
802ea3af	73	configure_options += \
e78de92e MT	74	--sysconfdir=%{sysconfdir}/ssh \
	75	--datadir=%{datadir}/sshd \
	76	--libexecdir=%{libdir}/openssh \
	77	--with-default-path=/usr/local/bin:/bin:/usr/bin \
	78	--with-superuser-path=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin \
	79	--with-privsep-path=/var/empty/sshd \
	80	--enable-vendor-patchlevel="%{DISTRO_NAME} %{thisver}" \
	81	--disable-strip \
	82	--with-ssl-engine \
	83	--with-authorized-keys-command \
	84	--with-ipaddr-display \
	85	--with-ldap \
802ea3af	86	--with-pam \
e78de92e	87	--with-libedit \
802ea3af	88	--with-selinux \
802ea3af	89	--with-audit=linux
b771887d	90
9d8fd3ad	91	prepare_cmds
e78de92e	92	autoreconf -vfi
9d8fd3ad SS	93	end
9d8fd3ad SS	94
802ea3af	95	install_cmds
cdfe238b MT	96	# Disable GSS API authentication because KRB5 is required for that.
cdfe238b MT	97	sed -e "s/^.*GSSAPIAuthentication/#&/" -i %{BUILDROOT}/etc/ssh/ssh_config
99c42052	98
802ea3af	99	# Install scriptfile for key generation
e78de92e MT	100	mkdir -pv %{BUILDROOT}%{sbindir}
	101	install -m 754 %{DIR_SOURCE}/sshd-keygen %{BUILDROOT}%{sbindir}
	102
	103	# Install ssh-copy-id.
	104	install -m755 contrib/ssh-copy-id %{BUILDROOT}%{bindir}
	105	install contrib/ssh-copy-id.1 %{BUILDROOT}%{mandir}/man1/
802ea3af MT	106	end
802ea3af MT	107	end
99c42052	108
802ea3af MT	109	packages
802ea3af MT	110	package openssh
e78de92e MT	111	prerequires
	112	shadow-utils
	113	end
	114
e78de92e MT	115	configfiles
	116	%{sysconfdir}/ssh/moduli
	117	end
	118
	119	script prein
eccf0dae	120	getent group ssh_keys >/dev/null \|\| groupadd -r ssh_keys
802ea3af MT	121	end
802ea3af MT	122	end
1f9bc2f0	123
802ea3af MT	124	package openssh-clients
	125	summary = OpenSSH client applications.
	126	description = %{summary}
1f9bc2f0	127
e78de92e MT	128	requires = openssh = %{thisver}
e78de92e MT	129
802ea3af	130	files
e78de92e MT	131	%{sysconfdir}/ssh/ssh_config
	132	%{bindir}/scp
	133	%{bindir}/sftp
	134	%{bindir}/slogin
	135	%{bindir}/ssh
	136	%{bindir}/ssh-add
	137	%{bindir}/ssh-agent
	138	%{bindir}/ssh-copy-id
	139	%{bindir}/ssh-keyscan
	140	%{libdir}/openssh/ssh-pkcs11-helper
	141	%{mandir}/man1/scp.1*
	142	%{mandir}/man1/sftp.1*
	143	%{mandir}/man1/slogin.1*
	144	%{mandir}/man1/ssh-add.1*
	145	%{mandir}/man1/ssh-agent.1*
	146	%{mandir}/man1/ssh-copy-id.1*
	147	%{mandir}/man1/ssh-keyscan.1*
	148	%{mandir}/man1/ssh.1*
	149	%{mandir}/man5/ssh_config.5*
	150	%{mandir}/man8/ssh-pkcs11-helper.8*
802ea3af	151	end
cdfe238b MT	152
cdfe238b MT	153	configfiles
e78de92e	154	%{sysconfdir}/ssh/ssh_config
cdfe238b	155	end
802ea3af	156	end
1f9bc2f0	157
802ea3af MT	158	package openssh-server
	159	summary = OpenSSH server applications.
	160	description = %{summary}
1f9bc2f0	161
23a87d82 MT	162	requires
	163	audit
	164	openssh = %{thisver}
	165	end
1f9bc2f0	166
802ea3af	167	files
e78de92e MT	168	%{sysconfdir}/pam.d/sshd
e78de92e MT	169	%{sysconfdir}/ssh/sshd_config
839658bf	170	%{unitdir}/sshd.service
e78de92e MT	171	%{libdir}/openssh/sftp-server
	172	%{sbindir}/sshd-keygen
	173	%{sbindir}/sshd
	174	%{mandir}/man5/sshd_config.5*
	175	%{mandir}/man5/moduli.5*
	176	%{mandir}/man8/sshd.8*
	177	%{mandir}/man8/sftp-server.8*
	178	/var/empty/sshd
802ea3af	179	end
65de838d	180
cdfe238b	181	configfiles
e78de92e	182	%{sysconfdir}/ssh/sshd_config
cdfe238b MT	183	end
cdfe238b MT	184
4d26274c SS	185	prerequires
	186	shadow-utils
	187	systemd-units
	188	end
65de838d MT	189
65de838d MT	190	script prein
802ea3af	191	# Create unprivileged user and group.
e78de92e MT	192	getent group sshd >/dev/null \|\| groupadd -r sshd
	193	getent passwd sshd >/dev/null \|\| useradd -r -g sshd \
	194	-c "Privilege-separated SSH" \
	195	-d /var/empty/sshd -s /sbin/nologin sshd
802ea3af	196	end
65de838d MT	197
	198	script postin
	199	/bin/systemctl daemon-reload >/dev/null 2>&1 \|\| :
	200	end
	201
	202	script preun
e78de92e	203	/bin/systemctl --no-reload disable sshd.service >/dev/null 2>&1 \|\| :
e78de92e	204	/bin/systemctl stop sshd.service >/dev/null 2>&1 \|\| :
65de838d MT	205	end
	206
	207	script postun
	208	/bin/systemctl daemon-reload >/dev/null 2>&1 \|\| :
	209	end
	210
	211	script postup
	212	/bin/systemctl daemon-reload >/dev/null 2>&1 \|\| :
e78de92e MT	213
	214	/bin/systemctl try-restart sshd.service >/dev/null 2>&1 \|\| :
	215	/bin/systemctl try-restart sshd-keygen.service >/dev/null 2>&1 \|\| :
65de838d	216	end
802ea3af	217	end
1f9bc2f0 MT	218
	219	package %{name}-debuginfo
	220	template DEBUGINFO
	221	end
802ea3af	222	end