]>
Commit | Line | Data |
---|---|---|
8b63a194 | 1 | ############################################################################### |
802ea3af MT |
2 | # IPFire.org - An Open Source Firewall Solution # |
3 | # Copyright (C) - IPFire Development Team <info@ipfire.org> # | |
8b63a194 | 4 | ############################################################################### |
5 | ||
802ea3af | 6 | name = openssh |
11858f06 | 7 | version = 7.4p1 |
b4e630c0 | 8 | release = 1 |
8b63a194 | 9 | |
802ea3af MT |
10 | groups = Application/Internet |
11 | url = http://www.openssh.com/portable.html | |
12 | license = MIT | |
13 | summary = An open source implementation of SSH protocol versions 1 and 2. | |
8b63a194 | 14 | |
802ea3af | 15 | description |
9d8fd3ad SS |
16 | SSH (Secure SHell) is a program for logging into and executing |
17 | commands on a remote machine. SSH is intended to replace rlogin and | |
18 | rsh, and to provide secure encrypted communications between two | |
8b63a194 | 19 | untrusted hosts over an insecure network. |
802ea3af | 20 | end |
8b63a194 | 21 | |
9d8fd3ad | 22 | source_dl = http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/ |
8b63a194 | 23 | |
802ea3af MT |
24 | build |
25 | requires | |
26 | audit-devel | |
9d8fd3ad SS |
27 | autoconf |
28 | automake | |
e78de92e MT |
29 | groff |
30 | libedit-devel | |
e78de92e MT |
31 | ncurses-devel |
32 | openldap-devel | |
b4e630c0 | 33 | openssl-devel >= 1.0.2 |
802ea3af | 34 | pam-devel |
e78de92e | 35 | util-linux |
802ea3af MT |
36 | zlib-devel |
37 | end | |
ba2e7991 | 38 | |
802ea3af | 39 | configure_options += \ |
e78de92e MT |
40 | --sysconfdir=%{sysconfdir}/ssh \ |
41 | --datadir=%{datadir}/sshd \ | |
42 | --libexecdir=%{libdir}/openssh \ | |
43 | --with-default-path=/usr/local/bin:/bin:/usr/bin \ | |
44 | --with-superuser-path=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin \ | |
45 | --with-privsep-path=/var/empty/sshd \ | |
46 | --enable-vendor-patchlevel="%{DISTRO_NAME} %{thisver}" \ | |
47 | --disable-strip \ | |
48 | --with-ssl-engine \ | |
49 | --with-authorized-keys-command \ | |
50 | --with-ipaddr-display \ | |
802ea3af | 51 | --with-pam \ |
e78de92e | 52 | --with-libedit \ |
802ea3af | 53 | --with-audit=linux |
b771887d | 54 | |
9d8fd3ad | 55 | prepare_cmds |
e78de92e | 56 | autoreconf -vfi |
9d8fd3ad SS |
57 | end |
58 | ||
802ea3af | 59 | install_cmds |
cdfe238b MT |
60 | # Disable GSS API authentication because KRB5 is required for that. |
61 | sed -e "s/^.*GSSAPIAuthentication/#&/" -i %{BUILDROOT}/etc/ssh/ssh_config | |
99c42052 | 62 | |
11858f06 | 63 | # Enable PAM usage, disable ChallengeResponseAuthentication, enable root login and disable Motd. |
17d728c8 SS |
64 | sed \ |
65 | -e '/^#ChallengeResponseAuthentication yes$/c ChallengeResponseAuthentication no' \ | |
66 | -e '/^#PrintMotd yes$/c PrintMotd no' \ | |
67 | -e '/^#UsePAM no$/c UsePAM yes' \ | |
11858f06 | 68 | -e '/^#PermitRootLogin prohibit-password$/c PermitRootLogin yes' \ |
17d728c8 SS |
69 | -i %{BUILDROOT}/etc/ssh/sshd_config |
70 | ||
802ea3af | 71 | # Install scriptfile for key generation |
e78de92e MT |
72 | mkdir -pv %{BUILDROOT}%{sbindir} |
73 | install -m 754 %{DIR_SOURCE}/sshd-keygen %{BUILDROOT}%{sbindir} | |
74 | ||
75 | # Install ssh-copy-id. | |
76 | install -m755 contrib/ssh-copy-id %{BUILDROOT}%{bindir} | |
77 | install contrib/ssh-copy-id.1 %{BUILDROOT}%{mandir}/man1/ | |
802ea3af MT |
78 | end |
79 | end | |
99c42052 | 80 | |
802ea3af MT |
81 | packages |
82 | package openssh | |
e78de92e MT |
83 | prerequires |
84 | shadow-utils | |
85 | end | |
86 | ||
e78de92e MT |
87 | configfiles |
88 | %{sysconfdir}/ssh/moduli | |
89 | end | |
90 | ||
91 | script prein | |
eccf0dae | 92 | getent group ssh_keys >/dev/null || groupadd -r ssh_keys |
802ea3af MT |
93 | end |
94 | end | |
1f9bc2f0 | 95 | |
802ea3af MT |
96 | package openssh-clients |
97 | summary = OpenSSH client applications. | |
98 | description = %{summary} | |
1f9bc2f0 | 99 | |
e78de92e MT |
100 | requires = openssh = %{thisver} |
101 | ||
802ea3af | 102 | files |
e78de92e MT |
103 | %{sysconfdir}/ssh/ssh_config |
104 | %{bindir}/scp | |
105 | %{bindir}/sftp | |
106 | %{bindir}/slogin | |
107 | %{bindir}/ssh | |
108 | %{bindir}/ssh-add | |
109 | %{bindir}/ssh-agent | |
110 | %{bindir}/ssh-copy-id | |
111 | %{bindir}/ssh-keyscan | |
112 | %{libdir}/openssh/ssh-pkcs11-helper | |
113 | %{mandir}/man1/scp.1* | |
114 | %{mandir}/man1/sftp.1* | |
115 | %{mandir}/man1/slogin.1* | |
116 | %{mandir}/man1/ssh-add.1* | |
117 | %{mandir}/man1/ssh-agent.1* | |
118 | %{mandir}/man1/ssh-copy-id.1* | |
119 | %{mandir}/man1/ssh-keyscan.1* | |
120 | %{mandir}/man1/ssh.1* | |
121 | %{mandir}/man5/ssh_config.5* | |
122 | %{mandir}/man8/ssh-pkcs11-helper.8* | |
802ea3af | 123 | end |
cdfe238b MT |
124 | |
125 | configfiles | |
e78de92e | 126 | %{sysconfdir}/ssh/ssh_config |
cdfe238b | 127 | end |
802ea3af | 128 | end |
1f9bc2f0 | 129 | |
802ea3af MT |
130 | package openssh-server |
131 | summary = OpenSSH server applications. | |
132 | description = %{summary} | |
1f9bc2f0 | 133 | |
23a87d82 MT |
134 | requires |
135 | audit | |
136 | openssh = %{thisver} | |
137 | end | |
1f9bc2f0 | 138 | |
802ea3af | 139 | files |
e78de92e MT |
140 | %{sysconfdir}/pam.d/sshd |
141 | %{sysconfdir}/ssh/sshd_config | |
839658bf | 142 | %{unitdir}/sshd.service |
43c69e28 | 143 | %{unitdir}/sshd-keygen.service |
11858f06 SS |
144 | %{unitdir}/sshd@.service |
145 | %{unitdir}/sshd.socket | |
e78de92e MT |
146 | %{libdir}/openssh/sftp-server |
147 | %{sbindir}/sshd-keygen | |
148 | %{sbindir}/sshd | |
149 | %{mandir}/man5/sshd_config.5* | |
150 | %{mandir}/man5/moduli.5* | |
151 | %{mandir}/man8/sshd.8* | |
152 | %{mandir}/man8/sftp-server.8* | |
153 | /var/empty/sshd | |
802ea3af | 154 | end |
65de838d | 155 | |
cdfe238b | 156 | configfiles |
e78de92e | 157 | %{sysconfdir}/ssh/sshd_config |
cdfe238b MT |
158 | end |
159 | ||
4d26274c SS |
160 | prerequires |
161 | shadow-utils | |
162 | systemd-units | |
163 | end | |
65de838d MT |
164 | |
165 | script prein | |
802ea3af | 166 | # Create unprivileged user and group. |
e78de92e MT |
167 | getent group sshd >/dev/null || groupadd -r sshd |
168 | getent passwd sshd >/dev/null || useradd -r -g sshd \ | |
169 | -c "Privilege-separated SSH" \ | |
170 | -d /var/empty/sshd -s /sbin/nologin sshd | |
802ea3af | 171 | end |
65de838d MT |
172 | |
173 | script postin | |
174 | /bin/systemctl daemon-reload >/dev/null 2>&1 || : | |
175 | end | |
176 | ||
177 | script preun | |
e78de92e | 178 | /bin/systemctl --no-reload disable sshd.service >/dev/null 2>&1 || : |
11858f06 | 179 | /bin/systemctl --no-reload disable sshd.socket |
e78de92e | 180 | /bin/systemctl stop sshd.service >/dev/null 2>&1 || : |
11858f06 | 181 | /bin/systemctl stop sshd.socket >/dev/null 2>&1 || : |
65de838d MT |
182 | end |
183 | ||
184 | script postun | |
185 | /bin/systemctl daemon-reload >/dev/null 2>&1 || : | |
186 | end | |
187 | ||
188 | script postup | |
11858f06 SS |
189 | # Enable root login. |
190 | sed -e '/^#PermitRootLogin prohibit-password$/c PermitRootLogin yes' \ | |
191 | -i %{sysconfdir}/ssh/sshd_config | |
192 | ||
65de838d | 193 | /bin/systemctl daemon-reload >/dev/null 2>&1 || : |
e78de92e MT |
194 | |
195 | /bin/systemctl try-restart sshd.service >/dev/null 2>&1 || : | |
196 | /bin/systemctl try-restart sshd-keygen.service >/dev/null 2>&1 || : | |
65de838d | 197 | end |
802ea3af | 198 | end |
1f9bc2f0 MT |
199 | |
200 | package %{name}-debuginfo | |
201 | template DEBUGINFO | |
202 | end | |
802ea3af | 203 | end |