[people/pmueller/ipfire-3.x.git] / openssh / openssh.nm

###############################################################################
# IPFire.org    - An Open Source Firewall Solution                            #
# Copyright (C) - IPFire Development Team <info@ipfire.org>                   #
###############################################################################

name       = openssh
version    = 7.3p1
release    = 1

groups     = Application/Internet
url        = http://www.openssh.com/portable.html
license    = MIT
summary    = An open source implementation of SSH protocol versions 1 and 2.

description
	SSH (Secure SHell) is a program for logging into and executing
	commands on a remote machine. SSH is intended to replace rlogin and
	rsh, and to provide secure encrypted communications between two
	untrusted hosts over an insecure network.
end

source_dl  = http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/

build
	requires
		audit-devel
		autoconf
		automake
		groff
		libedit-devel
		ncurses-devel
		openldap-devel
		openssl-devel >= 1.0.2
		pam-devel
		util-linux
		zlib-devel
	end

	configure_options += \
		--sysconfdir=%{sysconfdir}/ssh \
		--datadir=%{datadir}/sshd \
		--libexecdir=%{libdir}/openssh \
		--with-default-path=/usr/local/bin:/bin:/usr/bin \
		--with-superuser-path=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin \
		--with-privsep-path=/var/empty/sshd \
		--enable-vendor-patchlevel="%{DISTRO_NAME} %{thisver}" \
		--disable-strip \
		--with-ssl-engine \
		--with-authorized-keys-command \
		--with-ipaddr-display \
		--with-pam \
		--with-libedit \
		--with-audit=linux

	prepare_cmds
		autoreconf -vfi
	end

	install_cmds
		# Disable GSS API authentication because KRB5 is required for that.
		sed -e "s/^.*GSSAPIAuthentication/#&/" -i %{BUILDROOT}/etc/ssh/ssh_config

		# Enable PAM usage, disable ChallengeResponseAuthentication and disable Motd.
		sed \
			-e '/^#ChallengeResponseAuthentication yes$/c ChallengeResponseAuthentication no' \
			-e '/^#PrintMotd yes$/c PrintMotd no' \
			-e '/^#UsePAM no$/c UsePAM yes' \
			-i %{BUILDROOT}/etc/ssh/sshd_config

		# Install scriptfile for key generation
		mkdir -pv %{BUILDROOT}%{sbindir}
		install -m 754 %{DIR_SOURCE}/sshd-keygen %{BUILDROOT}%{sbindir}

		# Install ssh-copy-id.
		install -m755 contrib/ssh-copy-id %{BUILDROOT}%{bindir}
		install contrib/ssh-copy-id.1 %{BUILDROOT}%{mandir}/man1/
	end
end

packages
	package openssh
		prerequires
			shadow-utils
		end

		configfiles
			%{sysconfdir}/ssh/moduli
		end

		script prein
			getent group ssh_keys >/dev/null || groupadd -r ssh_keys
		end
	end

	package openssh-clients
		summary = OpenSSH client applications.
		description = %{summary}

		requires = openssh = %{thisver}

		files
			%{sysconfdir}/ssh/ssh_config
			%{bindir}/scp
			%{bindir}/sftp
			%{bindir}/slogin
			%{bindir}/ssh
			%{bindir}/ssh-add
			%{bindir}/ssh-agent
			%{bindir}/ssh-copy-id
			%{bindir}/ssh-keyscan
			%{libdir}/openssh/ssh-pkcs11-helper
			%{mandir}/man1/scp.1*
			%{mandir}/man1/sftp.1*
			%{mandir}/man1/slogin.1*
			%{mandir}/man1/ssh-add.1*
			%{mandir}/man1/ssh-agent.1*
			%{mandir}/man1/ssh-copy-id.1*
			%{mandir}/man1/ssh-keyscan.1*
			%{mandir}/man1/ssh.1*
			%{mandir}/man5/ssh_config.5*
			%{mandir}/man8/ssh-pkcs11-helper.8*
		end

		configfiles
			%{sysconfdir}/ssh/ssh_config
		end
	end

	package openssh-server
		summary = OpenSSH server applications.
		description = %{summary}

		requires
			audit
			openssh = %{thisver}
		end

		files
			%{sysconfdir}/pam.d/sshd
			%{sysconfdir}/ssh/sshd_config
			%{unitdir}/sshd.service
			%{unitdir}/sshd-keygen.service
			%{libdir}/openssh/sftp-server
			%{sbindir}/sshd-keygen
			%{sbindir}/sshd
			%{mandir}/man5/sshd_config.5*
			%{mandir}/man5/moduli.5*
			%{mandir}/man8/sshd.8*
			%{mandir}/man8/sftp-server.8*
			/var/empty/sshd
		end

		configfiles
			%{sysconfdir}/ssh/sshd_config
		end

		prerequires
			shadow-utils
			systemd-units
		end

		script prein
			# Create unprivileged user and group.
			getent group sshd >/dev/null || groupadd -r sshd
			getent passwd sshd >/dev/null || useradd -r -g sshd \
				-c "Privilege-separated SSH" \
				-d /var/empty/sshd -s /sbin/nologin sshd
		end

		script postin
			/bin/systemctl daemon-reload >/dev/null 2>&1 || :
		end

		script preun
			/bin/systemctl --no-reload disable sshd.service >/dev/null 2>&1 || :
			/bin/systemctl stop sshd.service >/dev/null 2>&1 || :
		end

		script postun
			/bin/systemctl daemon-reload >/dev/null 2>&1 || :
		end

		script postup
			/bin/systemctl daemon-reload >/dev/null 2>&1 || :

			/bin/systemctl try-restart sshd.service >/dev/null 2>&1 || :
			/bin/systemctl try-restart sshd-keygen.service >/dev/null 2>&1 || :
		end
	end

	package %{name}-debuginfo
		template DEBUGINFO
	end
end
Commit	Line	Data
8b63a194	1	###############################################################################
802ea3af MT	2	# IPFire.org - An Open Source Firewall Solution #
802ea3af MT	3	# Copyright (C) - IPFire Development Team <info@ipfire.org> #
8b63a194	4	###############################################################################
8b63a194	5
802ea3af	6	name = openssh
b4e630c0 SS	7	version = 7.3p1
b4e630c0 SS	8	release = 1
8b63a194	9
802ea3af MT	10	groups = Application/Internet
	11	url = http://www.openssh.com/portable.html
	12	license = MIT
	13	summary = An open source implementation of SSH protocol versions 1 and 2.
8b63a194	14
802ea3af	15	description
9d8fd3ad SS	16	SSH (Secure SHell) is a program for logging into and executing
	17	commands on a remote machine. SSH is intended to replace rlogin and
	18	rsh, and to provide secure encrypted communications between two
8b63a194	19	untrusted hosts over an insecure network.
802ea3af	20	end
8b63a194	21
9d8fd3ad	22	source_dl = http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/
8b63a194	23
802ea3af MT	24	build
	25	requires
	26	audit-devel
9d8fd3ad SS	27	autoconf
9d8fd3ad SS	28	automake
e78de92e MT	29	groff
e78de92e MT	30	libedit-devel
e78de92e MT	31	ncurses-devel
e78de92e MT	32	openldap-devel
b4e630c0	33	openssl-devel >= 1.0.2
802ea3af	34	pam-devel
e78de92e	35	util-linux
802ea3af MT	36	zlib-devel
802ea3af MT	37	end
ba2e7991	38
802ea3af	39	configure_options += \
e78de92e MT	40	--sysconfdir=%{sysconfdir}/ssh \
	41	--datadir=%{datadir}/sshd \
	42	--libexecdir=%{libdir}/openssh \
	43	--with-default-path=/usr/local/bin:/bin:/usr/bin \
	44	--with-superuser-path=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin \
	45	--with-privsep-path=/var/empty/sshd \
	46	--enable-vendor-patchlevel="%{DISTRO_NAME} %{thisver}" \
	47	--disable-strip \
	48	--with-ssl-engine \
	49	--with-authorized-keys-command \
	50	--with-ipaddr-display \
802ea3af	51	--with-pam \
e78de92e	52	--with-libedit \
802ea3af	53	--with-audit=linux
b771887d	54
9d8fd3ad	55	prepare_cmds
e78de92e	56	autoreconf -vfi
9d8fd3ad SS	57	end
9d8fd3ad SS	58
802ea3af	59	install_cmds
cdfe238b MT	60	# Disable GSS API authentication because KRB5 is required for that.
cdfe238b MT	61	sed -e "s/^.*GSSAPIAuthentication/#&/" -i %{BUILDROOT}/etc/ssh/ssh_config
99c42052	62
17d728c8 SS	63	# Enable PAM usage, disable ChallengeResponseAuthentication and disable Motd.
	64	sed \
	65	-e '/^#ChallengeResponseAuthentication yes$/c ChallengeResponseAuthentication no' \
	66	-e '/^#PrintMotd yes$/c PrintMotd no' \
	67	-e '/^#UsePAM no$/c UsePAM yes' \
	68	-i %{BUILDROOT}/etc/ssh/sshd_config
	69
802ea3af	70	# Install scriptfile for key generation
e78de92e MT	71	mkdir -pv %{BUILDROOT}%{sbindir}
	72	install -m 754 %{DIR_SOURCE}/sshd-keygen %{BUILDROOT}%{sbindir}
	73
	74	# Install ssh-copy-id.
	75	install -m755 contrib/ssh-copy-id %{BUILDROOT}%{bindir}
	76	install contrib/ssh-copy-id.1 %{BUILDROOT}%{mandir}/man1/
802ea3af MT	77	end
802ea3af MT	78	end
99c42052	79
802ea3af MT	80	packages
802ea3af MT	81	package openssh
e78de92e MT	82	prerequires
	83	shadow-utils
	84	end
	85
e78de92e MT	86	configfiles
	87	%{sysconfdir}/ssh/moduli
	88	end
	89
	90	script prein
eccf0dae	91	getent group ssh_keys >/dev/null \|\| groupadd -r ssh_keys
802ea3af MT	92	end
802ea3af MT	93	end
1f9bc2f0	94
802ea3af MT	95	package openssh-clients
	96	summary = OpenSSH client applications.
	97	description = %{summary}
1f9bc2f0	98
e78de92e MT	99	requires = openssh = %{thisver}
e78de92e MT	100
802ea3af	101	files
e78de92e MT	102	%{sysconfdir}/ssh/ssh_config
	103	%{bindir}/scp
	104	%{bindir}/sftp
	105	%{bindir}/slogin
	106	%{bindir}/ssh
	107	%{bindir}/ssh-add
	108	%{bindir}/ssh-agent
	109	%{bindir}/ssh-copy-id
	110	%{bindir}/ssh-keyscan
	111	%{libdir}/openssh/ssh-pkcs11-helper
	112	%{mandir}/man1/scp.1*
	113	%{mandir}/man1/sftp.1*
	114	%{mandir}/man1/slogin.1*
	115	%{mandir}/man1/ssh-add.1*
	116	%{mandir}/man1/ssh-agent.1*
	117	%{mandir}/man1/ssh-copy-id.1*
	118	%{mandir}/man1/ssh-keyscan.1*
	119	%{mandir}/man1/ssh.1*
	120	%{mandir}/man5/ssh_config.5*
	121	%{mandir}/man8/ssh-pkcs11-helper.8*
802ea3af	122	end
cdfe238b MT	123
cdfe238b MT	124	configfiles
e78de92e	125	%{sysconfdir}/ssh/ssh_config
cdfe238b	126	end
802ea3af	127	end
1f9bc2f0	128
802ea3af MT	129	package openssh-server
	130	summary = OpenSSH server applications.
	131	description = %{summary}
1f9bc2f0	132
23a87d82 MT	133	requires
	134	audit
	135	openssh = %{thisver}
	136	end
1f9bc2f0	137
802ea3af	138	files
e78de92e MT	139	%{sysconfdir}/pam.d/sshd
e78de92e MT	140	%{sysconfdir}/ssh/sshd_config
839658bf	141	%{unitdir}/sshd.service
43c69e28	142	%{unitdir}/sshd-keygen.service
e78de92e MT	143	%{libdir}/openssh/sftp-server
	144	%{sbindir}/sshd-keygen
	145	%{sbindir}/sshd
	146	%{mandir}/man5/sshd_config.5*
	147	%{mandir}/man5/moduli.5*
	148	%{mandir}/man8/sshd.8*
	149	%{mandir}/man8/sftp-server.8*
	150	/var/empty/sshd
802ea3af	151	end
65de838d	152
cdfe238b	153	configfiles
e78de92e	154	%{sysconfdir}/ssh/sshd_config
cdfe238b MT	155	end
cdfe238b MT	156
4d26274c SS	157	prerequires
	158	shadow-utils
	159	systemd-units
	160	end
65de838d MT	161
65de838d MT	162	script prein
802ea3af	163	# Create unprivileged user and group.
e78de92e MT	164	getent group sshd >/dev/null \|\| groupadd -r sshd
	165	getent passwd sshd >/dev/null \|\| useradd -r -g sshd \
	166	-c "Privilege-separated SSH" \
	167	-d /var/empty/sshd -s /sbin/nologin sshd
802ea3af	168	end
65de838d MT	169
	170	script postin
	171	/bin/systemctl daemon-reload >/dev/null 2>&1 \|\| :
	172	end
	173
	174	script preun
e78de92e	175	/bin/systemctl --no-reload disable sshd.service >/dev/null 2>&1 \|\| :
e78de92e	176	/bin/systemctl stop sshd.service >/dev/null 2>&1 \|\| :
65de838d MT	177	end
	178
	179	script postun
	180	/bin/systemctl daemon-reload >/dev/null 2>&1 \|\| :
	181	end
	182
	183	script postup
	184	/bin/systemctl daemon-reload >/dev/null 2>&1 \|\| :
e78de92e MT	185
	186	/bin/systemctl try-restart sshd.service >/dev/null 2>&1 \|\| :
	187	/bin/systemctl try-restart sshd-keygen.service >/dev/null 2>&1 \|\| :
65de838d	188	end
802ea3af	189	end
1f9bc2f0 MT	190
	191	package %{name}-debuginfo
	192	template DEBUGINFO
	193	end
802ea3af	194	end