[people/pmueller/ipfire-3.x.git] / openssh / openssh.nm

###############################################################################
# IPFire.org    - An Open Source Firewall Solution                            #
# Copyright (C) - IPFire Development Team <info@ipfire.org>                   #
###############################################################################

name       = openssh
version    = 9.1p1
release    = 4

groups     = Application/Internet
url        = https://www.openssh.com/portable.html
license    = MIT
summary    = An open source implementation of SSH protocol versions 1 and 2.

description
	SSH (Secure SHell) is a program for logging into and executing
	commands on a remote machine. SSH is intended to replace rlogin and
	rsh, and to provide secure encrypted communications between two
	untrusted hosts over an insecure network.
end

source_dl  = https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/

build
	requires
		autoconf
		automake
		groff
		libedit-devel
		ncurses-devel
		openldap-devel
		openssl-devel >= 1.0.2
		pam-devel
		util-linux
		zlib-devel
	end

	configure_options += \
		--sysconfdir=%{sysconfdir}/ssh \
		--datadir=%{datadir}/sshd \
		--libexecdir=%{libdir}/openssh \
		--with-default-path=/usr/local/bin:/bin:/usr/bin \
		--with-superuser-path=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin \
		--with-privsep-path=%{sharedstatedir}/sshd \
		--enable-vendor-patchlevel="%{DISTRO_NAME} %{thisver}" \
		--disable-strip \
		--with-ssl-engine \
		--with-authorized-keys-command \
		--with-ipaddr-display \
		--with-pam \
		--with-libedit

	prepare_cmds
		autoreconf -vfi
	end

	install_cmds
		# Disable GSS API authentication because KRB5 is required for that.
		sed -e "s/^.*GSSAPIAuthentication/#&/" -i %{BUILDROOT}/etc/ssh/ssh_config

		# Enable PAM usage, disable ChallengeResponseAuthentication, enable root login and disable Motd.
		sed \
			-e '/^#ChallengeResponseAuthentication yes$/c ChallengeResponseAuthentication no' \
			-e '/^#PrintMotd yes$/c PrintMotd no' \
			-e '/^#UsePAM no$/c UsePAM yes' \
			-e '/^#PermitRootLogin prohibit-password$/c PermitRootLogin yes' \
			-i %{BUILDROOT}/etc/ssh/sshd_config

		# Install scriptfile for key generation
		mkdir -pv %{BUILDROOT}%{sbindir}
		install -m 755 %{DIR_SOURCE}/sshd-keygen %{BUILDROOT}%{sbindir}

		# Install ssh-copy-id.
		install -m755 contrib/ssh-copy-id %{BUILDROOT}%{bindir}
		install contrib/ssh-copy-id.1 %{BUILDROOT}%{mandir}/man1/
	end
end

packages
	package openssh
		prerequires
			shadow-utils
		end

		configfiles
			%{sysconfdir}/ssh/moduli
		end

		script prein
			getent group ssh_keys >/dev/null || groupadd -r ssh_keys
		end
	end

	package openssh-clients
		summary = OpenSSH client applications.
		description = %{summary}

		requires = openssh = %{thisver}

		files
			%{sysconfdir}/ssh/ssh_config
			%{bindir}/scp
			%{bindir}/sftp
			%{bindir}/slogin
			%{bindir}/ssh
			%{bindir}/ssh-add
			%{bindir}/ssh-agent
			%{bindir}/ssh-copy-id
			%{bindir}/ssh-keyscan
			%{libdir}/openssh/ssh-pkcs11-helper
			%{mandir}/man1/scp.1*
			%{mandir}/man1/sftp.1*
			%{mandir}/man1/slogin.1*
			%{mandir}/man1/ssh-add.1*
			%{mandir}/man1/ssh-agent.1*
			%{mandir}/man1/ssh-copy-id.1*
			%{mandir}/man1/ssh-keyscan.1*
			%{mandir}/man1/ssh.1*
			%{mandir}/man5/ssh_config.5*
			%{mandir}/man8/ssh-pkcs11-helper.8*
		end

		configfiles
			%{sysconfdir}/ssh/ssh_config
		end
	end

	package openssh-server
		summary = OpenSSH server applications.
		description = %{summary}

		requires
			openssh = %{thisver}
		end

		files
			%{sysconfdir}/pam.d/sshd
			%{sysconfdir}/ssh/sshd_config
			%{unitdir}/sshd.service
			%{unitdir}/sshd-keygen.service
			%{unitdir}/sshd@.service
			%{unitdir}/sshd.socket
			%{libdir}/openssh/sftp-server
			%{sbindir}/sshd-keygen
			%{sbindir}/sshd
			%{mandir}/man5/sshd_config.5*
			%{mandir}/man5/moduli.5*
			%{mandir}/man8/sshd.8*
			%{mandir}/man8/sftp-server.8*
			%{sharedstatedir}/sshd
		end

		configfiles
			%{sysconfdir}/ssh/sshd_config
		end

		prerequires
			shadow-utils
			systemd-units
		end

		script prein
			# Create unprivileged user and group.
			getent group sshd >/dev/null || groupadd -r sshd
			getent passwd sshd >/dev/null || useradd -r -g sshd \
				-c "Privilege-separated SSH" \
				-d /var/lib/sshd -s /sbin/nologin sshd
		end

		script postin
			/bin/systemctl daemon-reload >/dev/null 2>&1 || :
		end

		script preun
			/bin/systemctl --no-reload disable sshd.service >/dev/null 2>&1 || :
			/bin/systemctl --no-reload disable sshd.socket
			/bin/systemctl stop sshd.service >/dev/null 2>&1 || :
			/bin/systemctl stop sshd.socket >/dev/null 2>&1 || :
		end

		script postun
			/bin/systemctl daemon-reload >/dev/null 2>&1 || :
		end

		script postup
			# Enable root login.
			sed -e '/^#PermitRootLogin prohibit-password$/c PermitRootLogin yes' \
				-i %{sysconfdir}/ssh/sshd_config

			/bin/systemctl daemon-reload >/dev/null 2>&1 || :

			/bin/systemctl try-restart sshd.service >/dev/null 2>&1 || :
			/bin/systemctl try-restart sshd-keygen.service >/dev/null 2>&1 || :
		end
	end

	package %{name}-debuginfo
		template DEBUGINFO
	end
end
Commit	Line	Data
8b63a194	1	###############################################################################
802ea3af MT	2	# IPFire.org - An Open Source Firewall Solution #
802ea3af MT	3	# Copyright (C) - IPFire Development Team <info@ipfire.org> #
8b63a194	4	###############################################################################
8b63a194	5
802ea3af	6	name = openssh
32c9022c	7	version = 9.1p1
c0ca282a	8	release = 4
8b63a194	9
802ea3af	10	groups = Application/Internet
32c9022c	11	url = https://www.openssh.com/portable.html
802ea3af MT	12	license = MIT
802ea3af MT	13	summary = An open source implementation of SSH protocol versions 1 and 2.
8b63a194	14
802ea3af	15	description
9d8fd3ad SS	16	SSH (Secure SHell) is a program for logging into and executing
	17	commands on a remote machine. SSH is intended to replace rlogin and
	18	rsh, and to provide secure encrypted communications between two
8b63a194	19	untrusted hosts over an insecure network.
802ea3af	20	end
8b63a194	21
32c9022c	22	source_dl = https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/
8b63a194	23
802ea3af MT	24	build
802ea3af MT	25	requires
9d8fd3ad SS	26	autoconf
9d8fd3ad SS	27	automake
e78de92e MT	28	groff
e78de92e MT	29	libedit-devel
e78de92e MT	30	ncurses-devel
e78de92e MT	31	openldap-devel
b4e630c0	32	openssl-devel >= 1.0.2
802ea3af	33	pam-devel
e78de92e	34	util-linux
802ea3af MT	35	zlib-devel
802ea3af MT	36	end
ba2e7991	37
802ea3af	38	configure_options += \
e78de92e MT	39	--sysconfdir=%{sysconfdir}/ssh \
	40	--datadir=%{datadir}/sshd \
	41	--libexecdir=%{libdir}/openssh \
	42	--with-default-path=/usr/local/bin:/bin:/usr/bin \
	43	--with-superuser-path=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin \
c0ca282a	44	--with-privsep-path=%{sharedstatedir}/sshd \
e78de92e MT	45	--enable-vendor-patchlevel="%{DISTRO_NAME} %{thisver}" \
	46	--disable-strip \
	47	--with-ssl-engine \
	48	--with-authorized-keys-command \
	49	--with-ipaddr-display \
802ea3af	50	--with-pam \
cd560506	51	--with-libedit
b771887d	52
9d8fd3ad	53	prepare_cmds
e78de92e	54	autoreconf -vfi
9d8fd3ad SS	55	end
9d8fd3ad SS	56
802ea3af	57	install_cmds
cdfe238b MT	58	# Disable GSS API authentication because KRB5 is required for that.
cdfe238b MT	59	sed -e "s/^.*GSSAPIAuthentication/#&/" -i %{BUILDROOT}/etc/ssh/ssh_config
99c42052	60
11858f06	61	# Enable PAM usage, disable ChallengeResponseAuthentication, enable root login and disable Motd.
17d728c8 SS	62	sed \
	63	-e '/^#ChallengeResponseAuthentication yes$/c ChallengeResponseAuthentication no' \
	64	-e '/^#PrintMotd yes$/c PrintMotd no' \
	65	-e '/^#UsePAM no$/c UsePAM yes' \
11858f06	66	-e '/^#PermitRootLogin prohibit-password$/c PermitRootLogin yes' \
17d728c8 SS	67	-i %{BUILDROOT}/etc/ssh/sshd_config
17d728c8 SS	68
802ea3af	69	# Install scriptfile for key generation
e78de92e	70	mkdir -pv %{BUILDROOT}%{sbindir}
1e431bbd	71	install -m 755 %{DIR_SOURCE}/sshd-keygen %{BUILDROOT}%{sbindir}
e78de92e MT	72
	73	# Install ssh-copy-id.
	74	install -m755 contrib/ssh-copy-id %{BUILDROOT}%{bindir}
	75	install contrib/ssh-copy-id.1 %{BUILDROOT}%{mandir}/man1/
802ea3af MT	76	end
802ea3af MT	77	end
99c42052	78
802ea3af MT	79	packages
802ea3af MT	80	package openssh
e78de92e MT	81	prerequires
	82	shadow-utils
	83	end
	84
e78de92e MT	85	configfiles
	86	%{sysconfdir}/ssh/moduli
	87	end
	88
	89	script prein
eccf0dae	90	getent group ssh_keys >/dev/null \|\| groupadd -r ssh_keys
802ea3af MT	91	end
802ea3af MT	92	end
1f9bc2f0	93
802ea3af MT	94	package openssh-clients
	95	summary = OpenSSH client applications.
	96	description = %{summary}
1f9bc2f0	97
e78de92e MT	98	requires = openssh = %{thisver}
e78de92e MT	99
802ea3af	100	files
e78de92e MT	101	%{sysconfdir}/ssh/ssh_config
	102	%{bindir}/scp
	103	%{bindir}/sftp
	104	%{bindir}/slogin
	105	%{bindir}/ssh
	106	%{bindir}/ssh-add
	107	%{bindir}/ssh-agent
	108	%{bindir}/ssh-copy-id
	109	%{bindir}/ssh-keyscan
	110	%{libdir}/openssh/ssh-pkcs11-helper
	111	%{mandir}/man1/scp.1*
	112	%{mandir}/man1/sftp.1*
	113	%{mandir}/man1/slogin.1*
	114	%{mandir}/man1/ssh-add.1*
	115	%{mandir}/man1/ssh-agent.1*
	116	%{mandir}/man1/ssh-copy-id.1*
	117	%{mandir}/man1/ssh-keyscan.1*
	118	%{mandir}/man1/ssh.1*
	119	%{mandir}/man5/ssh_config.5*
	120	%{mandir}/man8/ssh-pkcs11-helper.8*
802ea3af	121	end
cdfe238b MT	122
cdfe238b MT	123	configfiles
e78de92e	124	%{sysconfdir}/ssh/ssh_config
cdfe238b	125	end
802ea3af	126	end
1f9bc2f0	127
802ea3af MT	128	package openssh-server
	129	summary = OpenSSH server applications.
	130	description = %{summary}
1f9bc2f0	131
23a87d82	132	requires
23a87d82 MT	133	openssh = %{thisver}
23a87d82 MT	134	end
1f9bc2f0	135
802ea3af	136	files
e78de92e MT	137	%{sysconfdir}/pam.d/sshd
e78de92e MT	138	%{sysconfdir}/ssh/sshd_config
839658bf	139	%{unitdir}/sshd.service
43c69e28	140	%{unitdir}/sshd-keygen.service
11858f06 SS	141	%{unitdir}/sshd@.service
11858f06 SS	142	%{unitdir}/sshd.socket
e78de92e MT	143	%{libdir}/openssh/sftp-server
	144	%{sbindir}/sshd-keygen
	145	%{sbindir}/sshd
	146	%{mandir}/man5/sshd_config.5*
	147	%{mandir}/man5/moduli.5*
	148	%{mandir}/man8/sshd.8*
	149	%{mandir}/man8/sftp-server.8*
c0ca282a	150	%{sharedstatedir}/sshd
802ea3af	151	end
65de838d	152
cdfe238b	153	configfiles
e78de92e	154	%{sysconfdir}/ssh/sshd_config
cdfe238b MT	155	end
cdfe238b MT	156
4d26274c SS	157	prerequires
	158	shadow-utils
	159	systemd-units
	160	end
65de838d MT	161
65de838d MT	162	script prein
802ea3af	163	# Create unprivileged user and group.
e78de92e MT	164	getent group sshd >/dev/null \|\| groupadd -r sshd
	165	getent passwd sshd >/dev/null \|\| useradd -r -g sshd \
	166	-c "Privilege-separated SSH" \
c0ca282a	167	-d /var/lib/sshd -s /sbin/nologin sshd
802ea3af	168	end
65de838d MT	169
	170	script postin
	171	/bin/systemctl daemon-reload >/dev/null 2>&1 \|\| :
	172	end
	173
	174	script preun
e78de92e	175	/bin/systemctl --no-reload disable sshd.service >/dev/null 2>&1 \|\| :
11858f06	176	/bin/systemctl --no-reload disable sshd.socket
e78de92e	177	/bin/systemctl stop sshd.service >/dev/null 2>&1 \|\| :
11858f06	178	/bin/systemctl stop sshd.socket >/dev/null 2>&1 \|\| :
65de838d MT	179	end
	180
	181	script postun
	182	/bin/systemctl daemon-reload >/dev/null 2>&1 \|\| :
	183	end
	184
	185	script postup
11858f06 SS	186	# Enable root login.
	187	sed -e '/^#PermitRootLogin prohibit-password$/c PermitRootLogin yes' \
	188	-i %{sysconfdir}/ssh/sshd_config
	189
65de838d	190	/bin/systemctl daemon-reload >/dev/null 2>&1 \|\| :
e78de92e MT	191
	192	/bin/systemctl try-restart sshd.service >/dev/null 2>&1 \|\| :
	193	/bin/systemctl try-restart sshd-keygen.service >/dev/null 2>&1 \|\| :
65de838d	194	end
802ea3af	195	end
1f9bc2f0 MT	196
	197	package %{name}-debuginfo
	198	template DEBUGINFO
	199	end
802ea3af	200	end