[ipfire-3.x.git] / openssh / openssh.nm

###############################################################################
# IPFire.org    - An Open Source Firewall Solution                            #
# Copyright (C) - IPFire Development Team <info@ipfire.org>                   #
###############################################################################

name       = openssh
version    = 7.4p1
release    = 1

groups     = Application/Internet
url        = http://www.openssh.com/portable.html
license    = MIT
summary    = An open source implementation of SSH protocol versions 1 and 2.

description
	SSH (Secure SHell) is a program for logging into and executing
	commands on a remote machine. SSH is intended to replace rlogin and
	rsh, and to provide secure encrypted communications between two
	untrusted hosts over an insecure network.
end

source_dl  = http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/

build
	requires
		audit-devel
		autoconf
		automake
		groff
		libedit-devel
		ncurses-devel
		openldap-devel
		openssl-devel >= 1.0.2
		pam-devel
		util-linux
		zlib-devel
	end

	configure_options += \
		--sysconfdir=%{sysconfdir}/ssh \
		--datadir=%{datadir}/sshd \
		--libexecdir=%{libdir}/openssh \
		--with-default-path=/usr/local/bin:/bin:/usr/bin \
		--with-superuser-path=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin \
		--with-privsep-path=/var/empty/sshd \
		--enable-vendor-patchlevel="%{DISTRO_NAME} %{thisver}" \
		--disable-strip \
		--with-ssl-engine \
		--with-authorized-keys-command \
		--with-ipaddr-display \
		--with-pam \
		--with-libedit \
		--with-audit=linux

	prepare_cmds
		autoreconf -vfi
	end

	install_cmds
		# Disable GSS API authentication because KRB5 is required for that.
		sed -e "s/^.*GSSAPIAuthentication/#&/" -i %{BUILDROOT}/etc/ssh/ssh_config

		# Enable PAM usage, disable ChallengeResponseAuthentication, enable root login and disable Motd.
		sed \
			-e '/^#ChallengeResponseAuthentication yes$/c ChallengeResponseAuthentication no' \
			-e '/^#PrintMotd yes$/c PrintMotd no' \
			-e '/^#UsePAM no$/c UsePAM yes' \
			-e '/^#PermitRootLogin prohibit-password$/c PermitRootLogin yes' \
			-i %{BUILDROOT}/etc/ssh/sshd_config

		# Install scriptfile for key generation
		mkdir -pv %{BUILDROOT}%{sbindir}
		install -m 754 %{DIR_SOURCE}/sshd-keygen %{BUILDROOT}%{sbindir}

		# Install ssh-copy-id.
		install -m755 contrib/ssh-copy-id %{BUILDROOT}%{bindir}
		install contrib/ssh-copy-id.1 %{BUILDROOT}%{mandir}/man1/
	end
end

packages
	package openssh
		prerequires
			shadow-utils
		end

		configfiles
			%{sysconfdir}/ssh/moduli
		end

		script prein
			getent group ssh_keys >/dev/null || groupadd -r ssh_keys
		end
	end

	package openssh-clients
		summary = OpenSSH client applications.
		description = %{summary}

		requires = openssh = %{thisver}

		files
			%{sysconfdir}/ssh/ssh_config
			%{bindir}/scp
			%{bindir}/sftp
			%{bindir}/slogin
			%{bindir}/ssh
			%{bindir}/ssh-add
			%{bindir}/ssh-agent
			%{bindir}/ssh-copy-id
			%{bindir}/ssh-keyscan
			%{libdir}/openssh/ssh-pkcs11-helper
			%{mandir}/man1/scp.1*
			%{mandir}/man1/sftp.1*
			%{mandir}/man1/slogin.1*
			%{mandir}/man1/ssh-add.1*
			%{mandir}/man1/ssh-agent.1*
			%{mandir}/man1/ssh-copy-id.1*
			%{mandir}/man1/ssh-keyscan.1*
			%{mandir}/man1/ssh.1*
			%{mandir}/man5/ssh_config.5*
			%{mandir}/man8/ssh-pkcs11-helper.8*
		end

		configfiles
			%{sysconfdir}/ssh/ssh_config
		end
	end

	package openssh-server
		summary = OpenSSH server applications.
		description = %{summary}

		requires
			audit
			openssh = %{thisver}
		end

		files
			%{sysconfdir}/pam.d/sshd
			%{sysconfdir}/ssh/sshd_config
			%{unitdir}/sshd.service
			%{unitdir}/sshd-keygen.service
			%{unitdir}/sshd@.service
			%{unitdir}/sshd.socket
			%{libdir}/openssh/sftp-server
			%{sbindir}/sshd-keygen
			%{sbindir}/sshd
			%{mandir}/man5/sshd_config.5*
			%{mandir}/man5/moduli.5*
			%{mandir}/man8/sshd.8*
			%{mandir}/man8/sftp-server.8*
			/var/empty/sshd
		end

		configfiles
			%{sysconfdir}/ssh/sshd_config
		end

		prerequires
			shadow-utils
			systemd-units
		end

		script prein
			# Create unprivileged user and group.
			getent group sshd >/dev/null || groupadd -r sshd
			getent passwd sshd >/dev/null || useradd -r -g sshd \
				-c "Privilege-separated SSH" \
				-d /var/empty/sshd -s /sbin/nologin sshd
		end

		script postin
			/bin/systemctl daemon-reload >/dev/null 2>&1 || :
		end

		script preun
			/bin/systemctl --no-reload disable sshd.service >/dev/null 2>&1 || :
			/bin/systemctl --no-reload disable sshd.socket
			/bin/systemctl stop sshd.service >/dev/null 2>&1 || :
			/bin/systemctl stop sshd.socket >/dev/null 2>&1 || :
		end

		script postun
			/bin/systemctl daemon-reload >/dev/null 2>&1 || :
		end

		script postup
			# Enable root login.
			sed -e '/^#PermitRootLogin prohibit-password$/c PermitRootLogin yes' \
				-i %{sysconfdir}/ssh/sshd_config

			/bin/systemctl daemon-reload >/dev/null 2>&1 || :

			/bin/systemctl try-restart sshd.service >/dev/null 2>&1 || :
			/bin/systemctl try-restart sshd-keygen.service >/dev/null 2>&1 || :
		end
	end

	package %{name}-debuginfo
		template DEBUGINFO
	end
end
Commit	Line	Data
8b63a194	1	###############################################################################
802ea3af MT	2	# IPFire.org - An Open Source Firewall Solution #
802ea3af MT	3	# Copyright (C) - IPFire Development Team <info@ipfire.org> #
8b63a194	4	###############################################################################
8b63a194	5
802ea3af	6	name = openssh
11858f06	7	version = 7.4p1
b4e630c0	8	release = 1
8b63a194	9
802ea3af MT	10	groups = Application/Internet
	11	url = http://www.openssh.com/portable.html
	12	license = MIT
	13	summary = An open source implementation of SSH protocol versions 1 and 2.
8b63a194	14
802ea3af	15	description
9d8fd3ad SS	16	SSH (Secure SHell) is a program for logging into and executing
	17	commands on a remote machine. SSH is intended to replace rlogin and
	18	rsh, and to provide secure encrypted communications between two
8b63a194	19	untrusted hosts over an insecure network.
802ea3af	20	end
8b63a194	21
9d8fd3ad	22	source_dl = http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/
8b63a194	23
802ea3af MT	24	build
	25	requires
	26	audit-devel
9d8fd3ad SS	27	autoconf
9d8fd3ad SS	28	automake
e78de92e MT	29	groff
e78de92e MT	30	libedit-devel
e78de92e MT	31	ncurses-devel
e78de92e MT	32	openldap-devel
b4e630c0	33	openssl-devel >= 1.0.2
802ea3af	34	pam-devel
e78de92e	35	util-linux
802ea3af MT	36	zlib-devel
802ea3af MT	37	end
ba2e7991	38
802ea3af	39	configure_options += \
e78de92e MT	40	--sysconfdir=%{sysconfdir}/ssh \
	41	--datadir=%{datadir}/sshd \
	42	--libexecdir=%{libdir}/openssh \
	43	--with-default-path=/usr/local/bin:/bin:/usr/bin \
	44	--with-superuser-path=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin \
	45	--with-privsep-path=/var/empty/sshd \
	46	--enable-vendor-patchlevel="%{DISTRO_NAME} %{thisver}" \
	47	--disable-strip \
	48	--with-ssl-engine \
	49	--with-authorized-keys-command \
	50	--with-ipaddr-display \
802ea3af	51	--with-pam \
e78de92e	52	--with-libedit \
802ea3af	53	--with-audit=linux
b771887d	54
9d8fd3ad	55	prepare_cmds
e78de92e	56	autoreconf -vfi
9d8fd3ad SS	57	end
9d8fd3ad SS	58
802ea3af	59	install_cmds
cdfe238b MT	60	# Disable GSS API authentication because KRB5 is required for that.
cdfe238b MT	61	sed -e "s/^.*GSSAPIAuthentication/#&/" -i %{BUILDROOT}/etc/ssh/ssh_config
99c42052	62
11858f06	63	# Enable PAM usage, disable ChallengeResponseAuthentication, enable root login and disable Motd.
17d728c8 SS	64	sed \
	65	-e '/^#ChallengeResponseAuthentication yes$/c ChallengeResponseAuthentication no' \
	66	-e '/^#PrintMotd yes$/c PrintMotd no' \
	67	-e '/^#UsePAM no$/c UsePAM yes' \
11858f06	68	-e '/^#PermitRootLogin prohibit-password$/c PermitRootLogin yes' \
17d728c8 SS	69	-i %{BUILDROOT}/etc/ssh/sshd_config
17d728c8 SS	70
802ea3af	71	# Install scriptfile for key generation
e78de92e MT	72	mkdir -pv %{BUILDROOT}%{sbindir}
	73	install -m 754 %{DIR_SOURCE}/sshd-keygen %{BUILDROOT}%{sbindir}
	74
	75	# Install ssh-copy-id.
	76	install -m755 contrib/ssh-copy-id %{BUILDROOT}%{bindir}
	77	install contrib/ssh-copy-id.1 %{BUILDROOT}%{mandir}/man1/
802ea3af MT	78	end
802ea3af MT	79	end
99c42052	80
802ea3af MT	81	packages
802ea3af MT	82	package openssh
e78de92e MT	83	prerequires
	84	shadow-utils
	85	end
	86
e78de92e MT	87	configfiles
	88	%{sysconfdir}/ssh/moduli
	89	end
	90
	91	script prein
eccf0dae	92	getent group ssh_keys >/dev/null \|\| groupadd -r ssh_keys
802ea3af MT	93	end
802ea3af MT	94	end
1f9bc2f0	95
802ea3af MT	96	package openssh-clients
	97	summary = OpenSSH client applications.
	98	description = %{summary}
1f9bc2f0	99
e78de92e MT	100	requires = openssh = %{thisver}
e78de92e MT	101
802ea3af	102	files
e78de92e MT	103	%{sysconfdir}/ssh/ssh_config
	104	%{bindir}/scp
	105	%{bindir}/sftp
	106	%{bindir}/slogin
	107	%{bindir}/ssh
	108	%{bindir}/ssh-add
	109	%{bindir}/ssh-agent
	110	%{bindir}/ssh-copy-id
	111	%{bindir}/ssh-keyscan
	112	%{libdir}/openssh/ssh-pkcs11-helper
	113	%{mandir}/man1/scp.1*
	114	%{mandir}/man1/sftp.1*
	115	%{mandir}/man1/slogin.1*
	116	%{mandir}/man1/ssh-add.1*
	117	%{mandir}/man1/ssh-agent.1*
	118	%{mandir}/man1/ssh-copy-id.1*
	119	%{mandir}/man1/ssh-keyscan.1*
	120	%{mandir}/man1/ssh.1*
	121	%{mandir}/man5/ssh_config.5*
	122	%{mandir}/man8/ssh-pkcs11-helper.8*
802ea3af	123	end
cdfe238b MT	124
cdfe238b MT	125	configfiles
e78de92e	126	%{sysconfdir}/ssh/ssh_config
cdfe238b	127	end
802ea3af	128	end
1f9bc2f0	129
802ea3af MT	130	package openssh-server
	131	summary = OpenSSH server applications.
	132	description = %{summary}
1f9bc2f0	133
23a87d82 MT	134	requires
	135	audit
	136	openssh = %{thisver}
	137	end
1f9bc2f0	138
802ea3af	139	files
e78de92e MT	140	%{sysconfdir}/pam.d/sshd
e78de92e MT	141	%{sysconfdir}/ssh/sshd_config
839658bf	142	%{unitdir}/sshd.service
43c69e28	143	%{unitdir}/sshd-keygen.service
11858f06 SS	144	%{unitdir}/sshd@.service
11858f06 SS	145	%{unitdir}/sshd.socket
e78de92e MT	146	%{libdir}/openssh/sftp-server
	147	%{sbindir}/sshd-keygen
	148	%{sbindir}/sshd
	149	%{mandir}/man5/sshd_config.5*
	150	%{mandir}/man5/moduli.5*
	151	%{mandir}/man8/sshd.8*
	152	%{mandir}/man8/sftp-server.8*
	153	/var/empty/sshd
802ea3af	154	end
65de838d	155
cdfe238b	156	configfiles
e78de92e	157	%{sysconfdir}/ssh/sshd_config
cdfe238b MT	158	end
cdfe238b MT	159
4d26274c SS	160	prerequires
	161	shadow-utils
	162	systemd-units
	163	end
65de838d MT	164
65de838d MT	165	script prein
802ea3af	166	# Create unprivileged user and group.
e78de92e MT	167	getent group sshd >/dev/null \|\| groupadd -r sshd
	168	getent passwd sshd >/dev/null \|\| useradd -r -g sshd \
	169	-c "Privilege-separated SSH" \
	170	-d /var/empty/sshd -s /sbin/nologin sshd
802ea3af	171	end
65de838d MT	172
	173	script postin
	174	/bin/systemctl daemon-reload >/dev/null 2>&1 \|\| :
	175	end
	176
	177	script preun
e78de92e	178	/bin/systemctl --no-reload disable sshd.service >/dev/null 2>&1 \|\| :
11858f06	179	/bin/systemctl --no-reload disable sshd.socket
e78de92e	180	/bin/systemctl stop sshd.service >/dev/null 2>&1 \|\| :
11858f06	181	/bin/systemctl stop sshd.socket >/dev/null 2>&1 \|\| :
65de838d MT	182	end
	183
	184	script postun
	185	/bin/systemctl daemon-reload >/dev/null 2>&1 \|\| :
	186	end
	187
	188	script postup
11858f06 SS	189	# Enable root login.
	190	sed -e '/^#PermitRootLogin prohibit-password$/c PermitRootLogin yes' \
	191	-i %{sysconfdir}/ssh/sshd_config
	192
65de838d	193	/bin/systemctl daemon-reload >/dev/null 2>&1 \|\| :
e78de92e MT	194
	195	/bin/systemctl try-restart sshd.service >/dev/null 2>&1 \|\| :
	196	/bin/systemctl try-restart sshd-keygen.service >/dev/null 2>&1 \|\| :
65de838d	197	end
802ea3af	198	end
1f9bc2f0 MT	199
	200	package %{name}-debuginfo
	201	template DEBUGINFO
	202	end
802ea3af	203	end