###############################################################################
name = openssh
-version = 5.8p1
-release = 8
+version = 6.8p1
+release = 1
-maintainer =
groups = Application/Internet
url = http://www.openssh.com/portable.html
license = MIT
summary = An open source implementation of SSH protocol versions 1 and 2.
description
- SSH (Secure SHell) is a program for logging into and executing \
- commands on a remote machine. SSH is intended to replace rlogin and \
- rsh, and to provide secure encrypted communications between two \
+ SSH (Secure SHell) is a program for logging into and executing
+ commands on a remote machine. SSH is intended to replace rlogin and
+ rsh, and to provide secure encrypted communications between two
untrusted hosts over an insecure network.
end
-source_dl =
+source_dl = http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/
build
requires
audit-devel
+ autoconf
+ automake
+ groff
+ libedit-devel
libselinux-devel
- nss-devel
- openssl-devel>=1.0.0d-2
+ ncurses-devel
+ openldap-devel
+ openssl-devel >= 1.0.0d-2
pam-devel
+ util-linux
zlib-devel
end
- # Apply patches in a special order
- patches
- openssh-5.6p1-redhat.patch
- openssh-5.8p1-fingerprint.patch
- openssh-5.8p1-authorized-keys-command.patch
- openssh-5.8p1-selinux.patch
- openssh-5.8p1-selinux-role.patch
- openssh-5.8p1-mls.patch
- openssh-5.6p1-keygen.patch
- openssh-5.2p1-allow-ip-opts.patch
- openssh-5.8p1-randclean.patch
- openssh-5.8p1-kuserok.patch
- openssh-5.5p1-x11.patch
- openssh-5.6p1-exit-deadlock.patch
- openssh-5.1p1-askpass-progress.patch
- openssh-4.3p2-askpass-grab-info.patch
- openssh-5.2p1-edns.patch
- openssh-5.1p1-scp-manpage.patch
- end
-
configure_options += \
- --sysconfdir=/etc/ssh \
- --datadir=/usr/share/sshd \
- --libexecdir=/usr/lib/openssh \
- --with-md5-passwords \
- --with-privsep-path=/var/lib/sshd \
+ --sysconfdir=%{sysconfdir}/ssh \
+ --datadir=%{datadir}/sshd \
+ --libexecdir=%{libdir}/openssh \
+ --with-default-path=/usr/local/bin:/bin:/usr/bin \
+ --with-superuser-path=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin \
+ --with-privsep-path=/var/empty/sshd \
+ --enable-vendor-patchlevel="%{DISTRO_NAME} %{thisver}" \
+ --disable-strip \
+ --with-ssl-engine \
+ --with-authorized-keys-command \
+ --with-ipaddr-display \
--with-pam \
+ --with-libedit \
--with-selinux \
- --with-nss \
--with-audit=linux
+ prepare_cmds
+ autoreconf -vfi
+ end
+
install_cmds
- mkdir -pv %{BUILDROOT}/etc/ssh
- cp -vf %{DIR_SOURCE}/sshd_config %{BUILDROOT}/etc/ssh/sshd_config
+ # Disable GSS API authentication because KRB5 is required for that.
+ sed -e "s/^.*GSSAPIAuthentication/#&/" -i %{BUILDROOT}/etc/ssh/ssh_config
+
+ # Enable PAM usage, disable ChallengeResponseAuthentication and disable Motd.
+ sed \
+ -e '/^#ChallengeResponseAuthentication yes$/c ChallengeResponseAuthentication no' \
+ -e '/^#PrintMotd yes$/c PrintMotd no' \
+ -e '/^#UsePAM no$/c UsePAM yes' \
+ -i %{BUILDROOT}/etc/ssh/sshd_config
# Install scriptfile for key generation
- install -m 754 %{DIR_SOURCE}/ssh-keygen %{BUILDROOT}/usr/lib/openssh/
+ mkdir -pv %{BUILDROOT}%{sbindir}
+ install -m 754 %{DIR_SOURCE}/sshd-keygen %{BUILDROOT}%{sbindir}
+
+ # Install ssh-copy-id.
+ install -m755 contrib/ssh-copy-id %{BUILDROOT}%{bindir}
+ install contrib/ssh-copy-id.1 %{BUILDROOT}%{mandir}/man1/
end
end
packages
package openssh
- requires
- openssh-clients=%{thisver}
- openssh-server=%{thisver}
+ prerequires
+ shadow-utils
+ end
+
+ configfiles
+ %{sysconfdir}/ssh/moduli
+ end
+
+ script prein
+ getent group ssh_keys >/dev/null || groupadd -r ssh_keys
end
end
-
+
package openssh-clients
summary = OpenSSH client applications.
description = %{summary}
-
+
+ requires = openssh = %{thisver}
+
files
- /etc/ssh/ssh_config
- /usr/bin/scp
- /usr/bin/sftp
- /usr/bin/slogin
- /usr/bin/ssh
- /usr/bin/ssh-add
- /usr/bin/ssh-agent
- /usr/bin/ssh-keyscan
- /usr/lib/openssh/ssh-pkcs11-helper
- /usr/share/man/cat1/scp.1
- /usr/share/man/cat1/sftp.1
- /usr/share/man/cat1/slogin.1
- /usr/share/man/cat1/ssh-add.1
- /usr/share/man/cat1/ssh-agent.1
- /usr/share/man/cat1/ssh-keyscan.1
- /usr/share/man/cat1/ssh.1
- /usr/share/man/cat5/ssh_config.5
- /usr/share/man/cat8/ssh-pkcs11-helper.8
+ %{sysconfdir}/ssh/ssh_config
+ %{bindir}/scp
+ %{bindir}/sftp
+ %{bindir}/slogin
+ %{bindir}/ssh
+ %{bindir}/ssh-add
+ %{bindir}/ssh-agent
+ %{bindir}/ssh-copy-id
+ %{bindir}/ssh-keyscan
+ %{libdir}/openssh/ssh-pkcs11-helper
+ %{mandir}/man1/scp.1*
+ %{mandir}/man1/sftp.1*
+ %{mandir}/man1/slogin.1*
+ %{mandir}/man1/ssh-add.1*
+ %{mandir}/man1/ssh-agent.1*
+ %{mandir}/man1/ssh-copy-id.1*
+ %{mandir}/man1/ssh-keyscan.1*
+ %{mandir}/man1/ssh.1*
+ %{mandir}/man5/ssh_config.5*
+ %{mandir}/man8/ssh-pkcs11-helper.8*
+ end
+
+ configfiles
+ %{sysconfdir}/ssh/ssh_config
end
end
-
+
package openssh-server
summary = OpenSSH server applications.
description = %{summary}
-
- # /usr/bin/ssh-keygen is needed to generate keys for the ssh server.
- requires = /usr/bin/ssh-keygen
-
+
+ requires
+ audit
+ openssh = %{thisver}
+ end
+
files
- /etc/pam.d/sshd
- /etc/ssh/moduli
- /etc/ssh/sshd_config
- /lib/systemd/system/openssh.service
- /usr/lib/openssh/sftp-server
- /usr/lib/openssh/ssh-keygen
- /usr/sbin/sshd
- /usr/share/man/cat5/sshd_config.5*
- /usr/share/man/cat5/moduli.5*
- /usr/share/man/cat8/sshd.8*
- /usr/share/man/cat8/sftp-server.8*
- /var/lib/sshd
+ %{sysconfdir}/pam.d/sshd
+ %{sysconfdir}/ssh/sshd_config
+ %{unitdir}/sshd.service
+ %{unitdir}/sshd-keygen.service
+ %{libdir}/openssh/sftp-server
+ %{sbindir}/sshd-keygen
+ %{sbindir}/sshd
+ %{mandir}/man5/sshd_config.5*
+ %{mandir}/man5/moduli.5*
+ %{mandir}/man8/sshd.8*
+ %{mandir}/man8/sftp-server.8*
+ /var/empty/sshd
end
-
- script postin
+
+ configfiles
+ %{sysconfdir}/ssh/sshd_config
+ end
+
+ prerequires
+ shadow-utils
+ systemd-units
+ end
+
+ script prein
# Create unprivileged user and group.
- getent group sshd || groupadd -r sshd
- getent passwd sshd || useradd -r -g sshd \
- -d /var/lib/sshd -s /sbin/nologin sshd
-
- systemctl --system daemon-reload
- systemctl enable openssh.service
+ getent group sshd >/dev/null || groupadd -r sshd
+ getent passwd sshd >/dev/null || useradd -r -g sshd \
+ -c "Privilege-separated SSH" \
+ -d /var/empty/sshd -s /sbin/nologin sshd
+ end
+
+ script postin
+ /bin/systemctl daemon-reload >/dev/null 2>&1 || :
end
-
- #script postup = postin
+
+ script preun
+ /bin/systemctl --no-reload disable sshd.service >/dev/null 2>&1 || :
+ /bin/systemctl stop sshd.service >/dev/null 2>&1 || :
+ end
+
+ script postun
+ /bin/systemctl daemon-reload >/dev/null 2>&1 || :
+ end
+
+ script postup
+ /bin/systemctl daemon-reload >/dev/null 2>&1 || :
+
+ /bin/systemctl try-restart sshd.service >/dev/null 2>&1 || :
+ /bin/systemctl try-restart sshd-keygen.service >/dev/null 2>&1 || :
+ end
+ end
+
+ package %{name}-debuginfo
+ template DEBUGINFO
end
end
projects / people / amarx / ipfire-3.x.git / blobdiff