]> git.ipfire.org Git - people/pmueller/ipfire-3.x.git/blob - openssh/openssh.nm
audit: Drop package
[people/pmueller/ipfire-3.x.git] / openssh / openssh.nm
1 ###############################################################################
2 # IPFire.org - An Open Source Firewall Solution #
3 # Copyright (C) - IPFire Development Team <info@ipfire.org> #
4 ###############################################################################
5
6 name = openssh
7 version = 9.1p1
8 release = 2
9
10 groups = Application/Internet
11 url = https://www.openssh.com/portable.html
12 license = MIT
13 summary = An open source implementation of SSH protocol versions 1 and 2.
14
15 description
16 SSH (Secure SHell) is a program for logging into and executing
17 commands on a remote machine. SSH is intended to replace rlogin and
18 rsh, and to provide secure encrypted communications between two
19 untrusted hosts over an insecure network.
20 end
21
22 source_dl = https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/
23
24 build
25 requires
26 autoconf
27 automake
28 groff
29 libedit-devel
30 ncurses-devel
31 openldap-devel
32 openssl-devel >= 1.0.2
33 pam-devel
34 util-linux
35 zlib-devel
36 end
37
38 configure_options += \
39 --sysconfdir=%{sysconfdir}/ssh \
40 --datadir=%{datadir}/sshd \
41 --libexecdir=%{libdir}/openssh \
42 --with-default-path=/usr/local/bin:/bin:/usr/bin \
43 --with-superuser-path=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin \
44 --with-privsep-path=/var/empty/sshd \
45 --enable-vendor-patchlevel="%{DISTRO_NAME} %{thisver}" \
46 --disable-strip \
47 --with-ssl-engine \
48 --with-authorized-keys-command \
49 --with-ipaddr-display \
50 --with-pam \
51 --with-libedit
52
53 prepare_cmds
54 autoreconf -vfi
55 end
56
57 install_cmds
58 # Disable GSS API authentication because KRB5 is required for that.
59 sed -e "s/^.*GSSAPIAuthentication/#&/" -i %{BUILDROOT}/etc/ssh/ssh_config
60
61 # Enable PAM usage, disable ChallengeResponseAuthentication, enable root login and disable Motd.
62 sed \
63 -e '/^#ChallengeResponseAuthentication yes$/c ChallengeResponseAuthentication no' \
64 -e '/^#PrintMotd yes$/c PrintMotd no' \
65 -e '/^#UsePAM no$/c UsePAM yes' \
66 -e '/^#PermitRootLogin prohibit-password$/c PermitRootLogin yes' \
67 -i %{BUILDROOT}/etc/ssh/sshd_config
68
69 # Install scriptfile for key generation
70 mkdir -pv %{BUILDROOT}%{sbindir}
71 install -m 754 %{DIR_SOURCE}/sshd-keygen %{BUILDROOT}%{sbindir}
72
73 # Install ssh-copy-id.
74 install -m755 contrib/ssh-copy-id %{BUILDROOT}%{bindir}
75 install contrib/ssh-copy-id.1 %{BUILDROOT}%{mandir}/man1/
76 end
77 end
78
79 packages
80 package openssh
81 prerequires
82 shadow-utils
83 end
84
85 configfiles
86 %{sysconfdir}/ssh/moduli
87 end
88
89 script prein
90 getent group ssh_keys >/dev/null || groupadd -r ssh_keys
91 end
92 end
93
94 package openssh-clients
95 summary = OpenSSH client applications.
96 description = %{summary}
97
98 requires = openssh = %{thisver}
99
100 files
101 %{sysconfdir}/ssh/ssh_config
102 %{bindir}/scp
103 %{bindir}/sftp
104 %{bindir}/slogin
105 %{bindir}/ssh
106 %{bindir}/ssh-add
107 %{bindir}/ssh-agent
108 %{bindir}/ssh-copy-id
109 %{bindir}/ssh-keyscan
110 %{libdir}/openssh/ssh-pkcs11-helper
111 %{mandir}/man1/scp.1*
112 %{mandir}/man1/sftp.1*
113 %{mandir}/man1/slogin.1*
114 %{mandir}/man1/ssh-add.1*
115 %{mandir}/man1/ssh-agent.1*
116 %{mandir}/man1/ssh-copy-id.1*
117 %{mandir}/man1/ssh-keyscan.1*
118 %{mandir}/man1/ssh.1*
119 %{mandir}/man5/ssh_config.5*
120 %{mandir}/man8/ssh-pkcs11-helper.8*
121 end
122
123 configfiles
124 %{sysconfdir}/ssh/ssh_config
125 end
126 end
127
128 package openssh-server
129 summary = OpenSSH server applications.
130 description = %{summary}
131
132 requires
133 openssh = %{thisver}
134 end
135
136 files
137 %{sysconfdir}/pam.d/sshd
138 %{sysconfdir}/ssh/sshd_config
139 %{unitdir}/sshd.service
140 %{unitdir}/sshd-keygen.service
141 %{unitdir}/sshd@.service
142 %{unitdir}/sshd.socket
143 %{libdir}/openssh/sftp-server
144 %{sbindir}/sshd-keygen
145 %{sbindir}/sshd
146 %{mandir}/man5/sshd_config.5*
147 %{mandir}/man5/moduli.5*
148 %{mandir}/man8/sshd.8*
149 %{mandir}/man8/sftp-server.8*
150 /var/empty/sshd
151 end
152
153 configfiles
154 %{sysconfdir}/ssh/sshd_config
155 end
156
157 prerequires
158 shadow-utils
159 systemd-units
160 end
161
162 script prein
163 # Create unprivileged user and group.
164 getent group sshd >/dev/null || groupadd -r sshd
165 getent passwd sshd >/dev/null || useradd -r -g sshd \
166 -c "Privilege-separated SSH" \
167 -d /var/empty/sshd -s /sbin/nologin sshd
168 end
169
170 script postin
171 /bin/systemctl daemon-reload >/dev/null 2>&1 || :
172 end
173
174 script preun
175 /bin/systemctl --no-reload disable sshd.service >/dev/null 2>&1 || :
176 /bin/systemctl --no-reload disable sshd.socket
177 /bin/systemctl stop sshd.service >/dev/null 2>&1 || :
178 /bin/systemctl stop sshd.socket >/dev/null 2>&1 || :
179 end
180
181 script postun
182 /bin/systemctl daemon-reload >/dev/null 2>&1 || :
183 end
184
185 script postup
186 # Enable root login.
187 sed -e '/^#PermitRootLogin prohibit-password$/c PermitRootLogin yes' \
188 -i %{sysconfdir}/ssh/sshd_config
189
190 /bin/systemctl daemon-reload >/dev/null 2>&1 || :
191
192 /bin/systemctl try-restart sshd.service >/dev/null 2>&1 || :
193 /bin/systemctl try-restart sshd-keygen.service >/dev/null 2>&1 || :
194 end
195 end
196
197 package %{name}-debuginfo
198 template DEBUGINFO
199 end
200 end