openssh/openssh.nm

   1 ###############################################################################
   2 # IPFire.org    - An Open Source Firewall Solution                            #
   3 # Copyright (C) - IPFire Development Team <info@ipfire.org>                   #
   4 ###############################################################################
   5
   6 name       = openssh
   7 version    = 5.9p1
   8 release    = 4
   9
  10 groups     = Application/Internet
  11 url        = http://www.openssh.com/portable.html
  12 license    = MIT
  13 summary    = An open source implementation of SSH protocol versions 1 and 2.
  14
  15 description
  16         SSH (Secure SHell) is a program for logging into and executing
  17         commands on a remote machine. SSH is intended to replace rlogin and
  18         rsh, and to provide secure encrypted communications between two
  19         untrusted hosts over an insecure network.
  20 end
  21
  22 source_dl  = http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/
  23
  24 build
  25         requires
  26                 audit-devel
  27                 autoconf
  28                 automake
  29                 groff
  30                 libedit-devel
  31                 libselinux-devel
  32                 ncurses-devel
  33                 openldap-devel
  34                 openssl-devel >= 1.0.0d-2
  35                 pam-devel
  36                 util-linux
  37                 zlib-devel
  38         end
  39
  40         # Apply patches in a special order
  41         patches
  42                 openssh-5.9p1-coverity.patch
  43                 openssh-5.8p1-fingerprint.patch
  44                 openssh-5.8p1-getaddrinfo.patch
  45                 openssh-5.8p1-packet.patch
  46                 openssh-5.9p1-2auth.patch
  47                 openssh-5.9p1-role.patch
  48                 openssh-5.9p1-mls.patch
  49                 openssh-5.9p1-sftp-chroot.patch
  50                 openssh-5.9p1-akc.patch
  51                 openssh-5.9p1-keygen.patch
  52                 openssh-5.2p1-allow-ip-opts.patch
  53                 openssh-5.9p1-randclean.patch
  54                 openssh-5.8p1-keyperm.patch
  55                 openssh-5.8p2-remove-stale-control-socket.patch
  56                 openssh-5.9p1-ipv6man.patch
  57                 openssh-5.8p2-sigpipe.patch
  58                 openssh-5.8p2-askpass-ld.patch
  59                 openssh-5.5p1-x11.patch
  60                 openssh-5.6p1-exit-deadlock.patch
  61                 openssh-5.1p1-askpass-progress.patch
  62                 openssh-4.3p2-askpass-grab-info.patch
  63                 openssh-5.9p1-edns.patch
  64                 openssh-5.1p1-scp-manpage.patch
  65                 openssh-5.8p1-localdomain.patch
  66                 openssh-5.9p1-ipfire.patch
  67                 openssh-5.9p1-entropy.patch
  68                 openssh-5.9p1-vendor.patch
  69                 openssh-5.8p2-force_krb.patch
  70                 openssh-5.9p1-kuserok.patch
  71         end
  72
  73         configure_options += \
  74                 --sysconfdir=%{sysconfdir}/ssh \
  75                 --datadir=%{datadir}/sshd \
  76                 --libexecdir=%{libdir}/openssh \
  77                 --with-default-path=/usr/local/bin:/bin:/usr/bin \
  78                 --with-superuser-path=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin \
  79                 --with-privsep-path=/var/empty/sshd \
  80                 --enable-vendor-patchlevel="%{DISTRO_NAME} %{thisver}" \
  81                 --disable-strip \
  82                 --with-ssl-engine \
  83                 --with-authorized-keys-command \
  84                 --with-ipaddr-display \
  85                 --with-ldap \
  86                 --with-pam \
  87                 --with-libedit \
  88                 --with-selinux \
  89                 --with-audit=linux
  90
  91         prepare_cmds
  92                 autoreconf -vfi
  93         end
  94
  95         install_cmds
  96                 # Disable GSS API authentication because KRB5 is required for that.
  97                 sed -e "s/^.*GSSAPIAuthentication/#&/" -i %{BUILDROOT}/etc/ssh/ssh_config
  98
  99                 # Install scriptfile for key generation
 100                 mkdir -pv %{BUILDROOT}%{sbindir}
 101                 install -m 754 %{DIR_SOURCE}/sshd-keygen %{BUILDROOT}%{sbindir}
 102
 103                 # Install ssh-copy-id.
 104                 install -m755 contrib/ssh-copy-id %{BUILDROOT}%{bindir}
 105                 install contrib/ssh-copy-id.1 %{BUILDROOT}%{mandir}/man1/
 106         end
 107 end
 108
 109 packages
 110         package openssh
 111                 prerequires
 112                         shadow-utils
 113                 end
 114
 115                 requires
 116                         openssh-clients = %{thisver}
 117                         openssh-server = %{thisver}
 118                 end
 119
 120                 configfiles
 121                         %{sysconfdir}/ssh/moduli
 122                 end
 123
 124                 script prein
 125                         getent group sshd_keys >/dev/null || groupadd -r ssh_keys || :
 126                 end
 127         end
 128
 129         package openssh-clients
 130                 summary = OpenSSH client applications.
 131                 description = %{summary}
 132
 133                 requires = openssh = %{thisver}
 134
 135                 files
 136                         %{sysconfdir}/ssh/ssh_config
 137                         %{bindir}/scp
 138                         %{bindir}/sftp
 139                         %{bindir}/slogin
 140                         %{bindir}/ssh
 141                         %{bindir}/ssh-add
 142                         %{bindir}/ssh-agent
 143                         %{bindir}/ssh-copy-id
 144                         %{bindir}/ssh-keyscan
 145                         %{libdir}/openssh/ssh-pkcs11-helper
 146                         %{mandir}/man1/scp.1*
 147                         %{mandir}/man1/sftp.1*
 148                         %{mandir}/man1/slogin.1*
 149                         %{mandir}/man1/ssh-add.1*
 150                         %{mandir}/man1/ssh-agent.1*
 151                         %{mandir}/man1/ssh-copy-id.1*
 152                         %{mandir}/man1/ssh-keyscan.1*
 153                         %{mandir}/man1/ssh.1*
 154                         %{mandir}/man5/ssh_config.5*
 155                         %{mandir}/man8/ssh-pkcs11-helper.8*
 156                 end
 157
 158                 configfiles
 159                         %{sysconfdir}/ssh/ssh_config
 160                 end
 161         end
 162
 163         package openssh-server
 164                 summary = OpenSSH server applications.
 165                 description = %{summary}
 166
 167                 requires = openssh = %{thisver}
 168
 169                 files
 170                         %{sysconfdir}/pam.d/sshd
 171                         %{sysconfdir}/ssh/sshd_config
 172                         /lib/systemd
 173                         %{libdir}/openssh/sftp-server
 174                         %{sbindir}/sshd-keygen
 175                         %{sbindir}/sshd
 176                         %{mandir}/man5/sshd_config.5*
 177                         %{mandir}/man5/moduli.5*
 178                         %{mandir}/man8/sshd.8*
 179                         %{mandir}/man8/sftp-server.8*
 180                         /var/empty/sshd
 181                 end
 182
 183                 configfiles
 184                         %{sysconfdir}/ssh/sshd_config
 185                 end
 186
 187                 prerequires
 188                         shadow-utils
 189                         systemd-units
 190                 end
 191
 192                 script prein
 193                         # Create unprivileged user and group.
 194                         getent group sshd >/dev/null || groupadd -r sshd
 195                         getent passwd sshd >/dev/null || useradd -r -g sshd \
 196                                 -c "Privilege-separated SSH" \
 197                                 -d /var/empty/sshd -s /sbin/nologin sshd
 198                 end
 199
 200                 script postin
 201                         /bin/systemctl daemon-reload >/dev/null 2>&1 || :
 202                 end
 203
 204                 script preun
 205                         /bin/systemctl --no-reload disable sshd.service >/dev/null 2>&1 || :
 206                         /bin/systemctl --no-reload disable sshd-keygen.service >/dev/null 2>&1 || :
 207                         /bin/systemctl stop sshd.service >/dev/null 2>&1 || :
 208                         /bin/systemctl stop sshd-keygen.service >/dev/null 2>&1 || :
 209                 end
 210
 211                 script postun
 212                         /bin/systemctl daemon-reload >/dev/null 2>&1 || :
 213                 end
 214
 215                 script postup
 216                         /bin/systemctl daemon-reload >/dev/null 2>&1 || :
 217
 218                         /bin/systemctl try-restart sshd.service >/dev/null 2>&1 || :
 219                         /bin/systemctl try-restart sshd-keygen.service >/dev/null 2>&1 || :
 220                 end
 221         end
 222
 223         package %{name}-debuginfo
 224                 template DEBUGINFO
 225         end
 226 end