[ipfire-3.x.git] / openssh / openssh.nm

###############################################################################
# IPFire.org    - An Open Source Firewall Solution                            #
# Copyright (C) - IPFire Development Team <info@ipfire.org>                   #
###############################################################################

name       = openssh
version    = 7.5p1
release    = 1

groups     = Application/Internet
url        = http://www.openssh.com/portable.html
license    = MIT
summary    = An open source implementation of SSH protocol versions 1 and 2.

description
	SSH (Secure SHell) is a program for logging into and executing
	commands on a remote machine. SSH is intended to replace rlogin and
	rsh, and to provide secure encrypted communications between two
	untrusted hosts over an insecure network.
end

source_dl  = http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/

build
	requires
		autoconf
		automake
		groff
		libedit-devel
		ncurses-devel
		openldap-devel
		openssl-devel >= 1.0.2
		pam-devel
		util-linux
		zlib-devel
	end

	configure_options += \
		--sysconfdir=%{sysconfdir}/ssh \
		--datadir=%{datadir}/sshd \
		--libexecdir=%{libdir}/openssh \
		--with-default-path=/usr/local/bin:/bin:/usr/bin \
		--with-superuser-path=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin \
		--with-privsep-path=/var/empty/sshd \
		--enable-vendor-patchlevel="%{DISTRO_NAME} %{thisver}" \
		--disable-strip \
		--with-ssl-engine \
		--with-authorized-keys-command \
		--with-ipaddr-display \
		--with-pam \
		--with-libedit

	prepare_cmds
		autoreconf -vfi
	end

	install_cmds
		# Disable GSS API authentication because KRB5 is required for that.
		sed -e "s/^.*GSSAPIAuthentication/#&/" -i %{BUILDROOT}/etc/ssh/ssh_config

		# Enable PAM usage, disable ChallengeResponseAuthentication, enable root login and disable Motd.
		sed \
			-e '/^#ChallengeResponseAuthentication yes$/c ChallengeResponseAuthentication no' \
			-e '/^#PrintMotd yes$/c PrintMotd no' \
			-e '/^#UsePAM no$/c UsePAM yes' \
			-e '/^#PermitRootLogin prohibit-password$/c PermitRootLogin yes' \
			-i %{BUILDROOT}/etc/ssh/sshd_config

		# Install scriptfile for key generation
		mkdir -pv %{BUILDROOT}%{sbindir}
		install -m 754 %{DIR_SOURCE}/sshd-keygen %{BUILDROOT}%{sbindir}

		# Install ssh-copy-id.
		install -m755 contrib/ssh-copy-id %{BUILDROOT}%{bindir}
		install contrib/ssh-copy-id.1 %{BUILDROOT}%{mandir}/man1/
	end
end

packages
	package openssh
		prerequires
			shadow-utils
		end

		configfiles
			%{sysconfdir}/ssh/moduli
		end

		script prein
			getent group ssh_keys >/dev/null || groupadd -r ssh_keys
		end
	end

	package openssh-clients
		summary = OpenSSH client applications.
		description = %{summary}

		requires = openssh = %{thisver}

		files
			%{sysconfdir}/ssh/ssh_config
			%{bindir}/scp
			%{bindir}/sftp
			%{bindir}/slogin
			%{bindir}/ssh
			%{bindir}/ssh-add
			%{bindir}/ssh-agent
			%{bindir}/ssh-copy-id
			%{bindir}/ssh-keyscan
			%{libdir}/openssh/ssh-pkcs11-helper
			%{mandir}/man1/scp.1*
			%{mandir}/man1/sftp.1*
			%{mandir}/man1/slogin.1*
			%{mandir}/man1/ssh-add.1*
			%{mandir}/man1/ssh-agent.1*
			%{mandir}/man1/ssh-copy-id.1*
			%{mandir}/man1/ssh-keyscan.1*
			%{mandir}/man1/ssh.1*
			%{mandir}/man5/ssh_config.5*
			%{mandir}/man8/ssh-pkcs11-helper.8*
		end

		configfiles
			%{sysconfdir}/ssh/ssh_config
		end
	end

	package openssh-server
		summary = OpenSSH server applications.
		description = %{summary}

		requires
			audit
			openssh = %{thisver}
		end

		files
			%{sysconfdir}/pam.d/sshd
			%{sysconfdir}/ssh/sshd_config
			%{unitdir}/sshd.service
			%{unitdir}/sshd-keygen.service
			%{unitdir}/sshd@.service
			%{unitdir}/sshd.socket
			%{libdir}/openssh/sftp-server
			%{sbindir}/sshd-keygen
			%{sbindir}/sshd
			%{mandir}/man5/sshd_config.5*
			%{mandir}/man5/moduli.5*
			%{mandir}/man8/sshd.8*
			%{mandir}/man8/sftp-server.8*
			/var/empty/sshd
		end

		configfiles
			%{sysconfdir}/ssh/sshd_config
		end

		prerequires
			shadow-utils
			systemd-units
		end

		script prein
			# Create unprivileged user and group.
			getent group sshd >/dev/null || groupadd -r sshd
			getent passwd sshd >/dev/null || useradd -r -g sshd \
				-c "Privilege-separated SSH" \
				-d /var/empty/sshd -s /sbin/nologin sshd
		end

		script postin
			/bin/systemctl daemon-reload >/dev/null 2>&1 || :
		end

		script preun
			/bin/systemctl --no-reload disable sshd.service >/dev/null 2>&1 || :
			/bin/systemctl --no-reload disable sshd.socket
			/bin/systemctl stop sshd.service >/dev/null 2>&1 || :
			/bin/systemctl stop sshd.socket >/dev/null 2>&1 || :
		end

		script postun
			/bin/systemctl daemon-reload >/dev/null 2>&1 || :
		end

		script postup
			# Enable root login.
			sed -e '/^#PermitRootLogin prohibit-password$/c PermitRootLogin yes' \
				-i %{sysconfdir}/ssh/sshd_config

			/bin/systemctl daemon-reload >/dev/null 2>&1 || :

			/bin/systemctl try-restart sshd.service >/dev/null 2>&1 || :
			/bin/systemctl try-restart sshd-keygen.service >/dev/null 2>&1 || :
		end
	end

	package %{name}-debuginfo
		template DEBUGINFO
	end
end
Commit	Line	Data
8b63a194	1	###############################################################################
802ea3af MT	2	# IPFire.org - An Open Source Firewall Solution #
802ea3af MT	3	# Copyright (C) - IPFire Development Team <info@ipfire.org> #
8b63a194	4	###############################################################################
8b63a194	5
802ea3af	6	name = openssh
cd560506	7	version = 7.5p1
b4e630c0	8	release = 1
8b63a194	9
802ea3af MT	10	groups = Application/Internet
	11	url = http://www.openssh.com/portable.html
	12	license = MIT
	13	summary = An open source implementation of SSH protocol versions 1 and 2.
8b63a194	14
802ea3af	15	description
9d8fd3ad SS	16	SSH (Secure SHell) is a program for logging into and executing
	17	commands on a remote machine. SSH is intended to replace rlogin and
	18	rsh, and to provide secure encrypted communications between two
8b63a194	19	untrusted hosts over an insecure network.
802ea3af	20	end
8b63a194	21
9d8fd3ad	22	source_dl = http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/
8b63a194	23
802ea3af MT	24	build
802ea3af MT	25	requires
9d8fd3ad SS	26	autoconf
9d8fd3ad SS	27	automake
e78de92e MT	28	groff
e78de92e MT	29	libedit-devel
e78de92e MT	30	ncurses-devel
e78de92e MT	31	openldap-devel
b4e630c0	32	openssl-devel >= 1.0.2
802ea3af	33	pam-devel
e78de92e	34	util-linux
802ea3af MT	35	zlib-devel
802ea3af MT	36	end
ba2e7991	37
802ea3af	38	configure_options += \
e78de92e MT	39	--sysconfdir=%{sysconfdir}/ssh \
	40	--datadir=%{datadir}/sshd \
	41	--libexecdir=%{libdir}/openssh \
	42	--with-default-path=/usr/local/bin:/bin:/usr/bin \
	43	--with-superuser-path=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin \
	44	--with-privsep-path=/var/empty/sshd \
	45	--enable-vendor-patchlevel="%{DISTRO_NAME} %{thisver}" \
	46	--disable-strip \
	47	--with-ssl-engine \
	48	--with-authorized-keys-command \
	49	--with-ipaddr-display \
802ea3af	50	--with-pam \
cd560506	51	--with-libedit
b771887d	52
9d8fd3ad	53	prepare_cmds
e78de92e	54	autoreconf -vfi
9d8fd3ad SS	55	end
9d8fd3ad SS	56
802ea3af	57	install_cmds
cdfe238b MT	58	# Disable GSS API authentication because KRB5 is required for that.
cdfe238b MT	59	sed -e "s/^.*GSSAPIAuthentication/#&/" -i %{BUILDROOT}/etc/ssh/ssh_config
99c42052	60
11858f06	61	# Enable PAM usage, disable ChallengeResponseAuthentication, enable root login and disable Motd.
17d728c8 SS	62	sed \
	63	-e '/^#ChallengeResponseAuthentication yes$/c ChallengeResponseAuthentication no' \
	64	-e '/^#PrintMotd yes$/c PrintMotd no' \
	65	-e '/^#UsePAM no$/c UsePAM yes' \
11858f06	66	-e '/^#PermitRootLogin prohibit-password$/c PermitRootLogin yes' \
17d728c8 SS	67	-i %{BUILDROOT}/etc/ssh/sshd_config
17d728c8 SS	68
802ea3af	69	# Install scriptfile for key generation
e78de92e MT	70	mkdir -pv %{BUILDROOT}%{sbindir}
	71	install -m 754 %{DIR_SOURCE}/sshd-keygen %{BUILDROOT}%{sbindir}
	72
	73	# Install ssh-copy-id.
	74	install -m755 contrib/ssh-copy-id %{BUILDROOT}%{bindir}
	75	install contrib/ssh-copy-id.1 %{BUILDROOT}%{mandir}/man1/
802ea3af MT	76	end
802ea3af MT	77	end
99c42052	78
802ea3af MT	79	packages
802ea3af MT	80	package openssh
e78de92e MT	81	prerequires
	82	shadow-utils
	83	end
	84
e78de92e MT	85	configfiles
	86	%{sysconfdir}/ssh/moduli
	87	end
	88
	89	script prein
eccf0dae	90	getent group ssh_keys >/dev/null \|\| groupadd -r ssh_keys
802ea3af MT	91	end
802ea3af MT	92	end
1f9bc2f0	93
802ea3af MT	94	package openssh-clients
	95	summary = OpenSSH client applications.
	96	description = %{summary}
1f9bc2f0	97
e78de92e MT	98	requires = openssh = %{thisver}
e78de92e MT	99
802ea3af	100	files
e78de92e MT	101	%{sysconfdir}/ssh/ssh_config
	102	%{bindir}/scp
	103	%{bindir}/sftp
	104	%{bindir}/slogin
	105	%{bindir}/ssh
	106	%{bindir}/ssh-add
	107	%{bindir}/ssh-agent
	108	%{bindir}/ssh-copy-id
	109	%{bindir}/ssh-keyscan
	110	%{libdir}/openssh/ssh-pkcs11-helper
	111	%{mandir}/man1/scp.1*
	112	%{mandir}/man1/sftp.1*
	113	%{mandir}/man1/slogin.1*
	114	%{mandir}/man1/ssh-add.1*
	115	%{mandir}/man1/ssh-agent.1*
	116	%{mandir}/man1/ssh-copy-id.1*
	117	%{mandir}/man1/ssh-keyscan.1*
	118	%{mandir}/man1/ssh.1*
	119	%{mandir}/man5/ssh_config.5*
	120	%{mandir}/man8/ssh-pkcs11-helper.8*
802ea3af	121	end
cdfe238b MT	122
cdfe238b MT	123	configfiles
e78de92e	124	%{sysconfdir}/ssh/ssh_config
cdfe238b	125	end
802ea3af	126	end
1f9bc2f0	127
802ea3af MT	128	package openssh-server
	129	summary = OpenSSH server applications.
	130	description = %{summary}
1f9bc2f0	131
23a87d82 MT	132	requires
	133	audit
	134	openssh = %{thisver}
	135	end
1f9bc2f0	136
802ea3af	137	files
e78de92e MT	138	%{sysconfdir}/pam.d/sshd
e78de92e MT	139	%{sysconfdir}/ssh/sshd_config
839658bf	140	%{unitdir}/sshd.service
43c69e28	141	%{unitdir}/sshd-keygen.service
11858f06 SS	142	%{unitdir}/sshd@.service
11858f06 SS	143	%{unitdir}/sshd.socket
e78de92e MT	144	%{libdir}/openssh/sftp-server
	145	%{sbindir}/sshd-keygen
	146	%{sbindir}/sshd
	147	%{mandir}/man5/sshd_config.5*
	148	%{mandir}/man5/moduli.5*
	149	%{mandir}/man8/sshd.8*
	150	%{mandir}/man8/sftp-server.8*
	151	/var/empty/sshd
802ea3af	152	end
65de838d	153
cdfe238b	154	configfiles
e78de92e	155	%{sysconfdir}/ssh/sshd_config
cdfe238b MT	156	end
cdfe238b MT	157
4d26274c SS	158	prerequires
	159	shadow-utils
	160	systemd-units
	161	end
65de838d MT	162
65de838d MT	163	script prein
802ea3af	164	# Create unprivileged user and group.
e78de92e MT	165	getent group sshd >/dev/null \|\| groupadd -r sshd
	166	getent passwd sshd >/dev/null \|\| useradd -r -g sshd \
	167	-c "Privilege-separated SSH" \
	168	-d /var/empty/sshd -s /sbin/nologin sshd
802ea3af	169	end
65de838d MT	170
	171	script postin
	172	/bin/systemctl daemon-reload >/dev/null 2>&1 \|\| :
	173	end
	174
	175	script preun
e78de92e	176	/bin/systemctl --no-reload disable sshd.service >/dev/null 2>&1 \|\| :
11858f06	177	/bin/systemctl --no-reload disable sshd.socket
e78de92e	178	/bin/systemctl stop sshd.service >/dev/null 2>&1 \|\| :
11858f06	179	/bin/systemctl stop sshd.socket >/dev/null 2>&1 \|\| :
65de838d MT	180	end
	181
	182	script postun
	183	/bin/systemctl daemon-reload >/dev/null 2>&1 \|\| :
	184	end
	185
	186	script postup
11858f06 SS	187	# Enable root login.
	188	sed -e '/^#PermitRootLogin prohibit-password$/c PermitRootLogin yes' \
	189	-i %{sysconfdir}/ssh/sshd_config
	190
65de838d	191	/bin/systemctl daemon-reload >/dev/null 2>&1 \|\| :
e78de92e MT	192
	193	/bin/systemctl try-restart sshd.service >/dev/null 2>&1 \|\| :
	194	/bin/systemctl try-restart sshd-keygen.service >/dev/null 2>&1 \|\| :
65de838d	195	end
802ea3af	196	end
1f9bc2f0 MT	197
	198	package %{name}-debuginfo
	199	template DEBUGINFO
	200	end
802ea3af	201	end