[people/amarx/ipfire-3.x.git] / openssh / openssh.nm

###############################################################################
# IPFire.org    - An Open Source Firewall Solution                            #
# Copyright (C) - IPFire Development Team <info@ipfire.org>                   #
###############################################################################

name       = openssh
version    = 5.9p1
release    = 5

groups     = Application/Internet
url        = http://www.openssh.com/portable.html
license    = MIT
summary    = An open source implementation of SSH protocol versions 1 and 2.

description
	SSH (Secure SHell) is a program for logging into and executing
	commands on a remote machine. SSH is intended to replace rlogin and
	rsh, and to provide secure encrypted communications between two
	untrusted hosts over an insecure network.
end

source_dl  = http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/

build
	requires
		audit-devel
		autoconf
		automake
		groff
		libedit-devel
		libselinux-devel
		ncurses-devel
		openldap-devel
		openssl-devel >= 1.0.0d-2
		pam-devel
		util-linux
		zlib-devel
	end

	# Apply patches in a special order
	patches
		openssh-5.9p1-coverity.patch
		openssh-5.8p1-fingerprint.patch
		openssh-5.8p1-getaddrinfo.patch
		openssh-5.8p1-packet.patch
		openssh-5.9p1-2auth.patch
		openssh-5.9p1-role.patch
		openssh-5.9p1-mls.patch
		openssh-5.9p1-sftp-chroot.patch
		openssh-5.9p1-akc.patch
		openssh-5.9p1-keygen.patch
		openssh-5.2p1-allow-ip-opts.patch
		openssh-5.9p1-randclean.patch
		openssh-5.8p1-keyperm.patch
		openssh-5.8p2-remove-stale-control-socket.patch
		openssh-5.9p1-ipv6man.patch
		openssh-5.8p2-sigpipe.patch
		openssh-5.8p2-askpass-ld.patch
		openssh-5.5p1-x11.patch
		openssh-5.6p1-exit-deadlock.patch
		openssh-5.1p1-askpass-progress.patch
		openssh-4.3p2-askpass-grab-info.patch
		openssh-5.9p1-edns.patch
		openssh-5.1p1-scp-manpage.patch
		openssh-5.8p1-localdomain.patch
		openssh-5.9p1-ipfire.patch
		openssh-5.9p1-entropy.patch
		openssh-5.9p1-vendor.patch
		openssh-5.8p2-force_krb.patch
		openssh-5.9p1-kuserok.patch
	end

	configure_options += \
		--sysconfdir=%{sysconfdir}/ssh \
		--datadir=%{datadir}/sshd \
		--libexecdir=%{libdir}/openssh \
		--with-default-path=/usr/local/bin:/bin:/usr/bin \
		--with-superuser-path=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin \
		--with-privsep-path=/var/empty/sshd \
		--enable-vendor-patchlevel="%{DISTRO_NAME} %{thisver}" \
		--disable-strip \
		--with-ssl-engine \
		--with-authorized-keys-command \
		--with-ipaddr-display \
		--with-ldap \
		--with-pam \
		--with-libedit \
		--with-selinux \
		--with-audit=linux

	prepare_cmds
		autoreconf -vfi
	end

	install_cmds
		# Disable GSS API authentication because KRB5 is required for that.
		sed -e "s/^.*GSSAPIAuthentication/#&/" -i %{BUILDROOT}/etc/ssh/ssh_config

		# Install scriptfile for key generation
		mkdir -pv %{BUILDROOT}%{sbindir}
		install -m 754 %{DIR_SOURCE}/sshd-keygen %{BUILDROOT}%{sbindir}

		# Install ssh-copy-id.
		install -m755 contrib/ssh-copy-id %{BUILDROOT}%{bindir}
		install contrib/ssh-copy-id.1 %{BUILDROOT}%{mandir}/man1/
	end
end

packages
	package openssh
		prerequires
			shadow-utils
		end

		requires
			openssh-clients = %{thisver}
			openssh-server = %{thisver}
		end

		configfiles
			%{sysconfdir}/ssh/moduli
		end

		script prein
			getent group ssh_keys >/dev/null || groupadd -r ssh_keys
		end
	end

	package openssh-clients
		summary = OpenSSH client applications.
		description = %{summary}

		requires = openssh = %{thisver}

		files
			%{sysconfdir}/ssh/ssh_config
			%{bindir}/scp
			%{bindir}/sftp
			%{bindir}/slogin
			%{bindir}/ssh
			%{bindir}/ssh-add
			%{bindir}/ssh-agent
			%{bindir}/ssh-copy-id
			%{bindir}/ssh-keyscan
			%{libdir}/openssh/ssh-pkcs11-helper
			%{mandir}/man1/scp.1*
			%{mandir}/man1/sftp.1*
			%{mandir}/man1/slogin.1*
			%{mandir}/man1/ssh-add.1*
			%{mandir}/man1/ssh-agent.1*
			%{mandir}/man1/ssh-copy-id.1*
			%{mandir}/man1/ssh-keyscan.1*
			%{mandir}/man1/ssh.1*
			%{mandir}/man5/ssh_config.5*
			%{mandir}/man8/ssh-pkcs11-helper.8*
		end

		configfiles
			%{sysconfdir}/ssh/ssh_config
		end
	end

	package openssh-server
		summary = OpenSSH server applications.
		description = %{summary}

		requires = openssh = %{thisver}

		files
			%{sysconfdir}/pam.d/sshd
			%{sysconfdir}/ssh/sshd_config
			/lib/systemd
			%{libdir}/openssh/sftp-server
			%{sbindir}/sshd-keygen
			%{sbindir}/sshd
			%{mandir}/man5/sshd_config.5*
			%{mandir}/man5/moduli.5*
			%{mandir}/man8/sshd.8*
			%{mandir}/man8/sftp-server.8*
			/var/empty/sshd
		end

		configfiles
			%{sysconfdir}/ssh/sshd_config
		end

		prerequires
			shadow-utils
			systemd-units
		end

		script prein
			# Create unprivileged user and group.
			getent group sshd >/dev/null || groupadd -r sshd
			getent passwd sshd >/dev/null || useradd -r -g sshd \
				-c "Privilege-separated SSH" \
				-d /var/empty/sshd -s /sbin/nologin sshd
		end

		script postin
			/bin/systemctl daemon-reload >/dev/null 2>&1 || :
		end

		script preun
			/bin/systemctl --no-reload disable sshd.service >/dev/null 2>&1 || :
			/bin/systemctl stop sshd.service >/dev/null 2>&1 || :
		end

		script postun
			/bin/systemctl daemon-reload >/dev/null 2>&1 || :
		end

		script postup
			/bin/systemctl daemon-reload >/dev/null 2>&1 || :

			/bin/systemctl try-restart sshd.service >/dev/null 2>&1 || :
			/bin/systemctl try-restart sshd-keygen.service >/dev/null 2>&1 || :
		end
	end

	package %{name}-debuginfo
		template DEBUGINFO
	end
end
Commit	Line	Data
8b63a194	1	###############################################################################
802ea3af MT	2	# IPFire.org - An Open Source Firewall Solution #
802ea3af MT	3	# Copyright (C) - IPFire Development Team <info@ipfire.org> #
8b63a194	4	###############################################################################
8b63a194	5
802ea3af	6	name = openssh
9d8fd3ad	7	version = 5.9p1
eccf0dae	8	release = 5
8b63a194	9
802ea3af MT	10	groups = Application/Internet
	11	url = http://www.openssh.com/portable.html
	12	license = MIT
	13	summary = An open source implementation of SSH protocol versions 1 and 2.
8b63a194	14
802ea3af	15	description
9d8fd3ad SS	16	SSH (Secure SHell) is a program for logging into and executing
	17	commands on a remote machine. SSH is intended to replace rlogin and
	18	rsh, and to provide secure encrypted communications between two
8b63a194	19	untrusted hosts over an insecure network.
802ea3af	20	end
8b63a194	21
9d8fd3ad	22	source_dl = http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/
8b63a194	23
802ea3af MT	24	build
	25	requires
	26	audit-devel
9d8fd3ad SS	27	autoconf
9d8fd3ad SS	28	automake
e78de92e MT	29	groff
e78de92e MT	30	libedit-devel
802ea3af	31	libselinux-devel
e78de92e MT	32	ncurses-devel
	33	openldap-devel
	34	openssl-devel >= 1.0.0d-2
802ea3af	35	pam-devel
e78de92e	36	util-linux
802ea3af MT	37	zlib-devel
802ea3af MT	38	end
ba2e7991	39
802ea3af MT	40	# Apply patches in a special order
802ea3af MT	41	patches
9d8fd3ad	42	openssh-5.9p1-coverity.patch
802ea3af	43	openssh-5.8p1-fingerprint.patch
9d8fd3ad SS	44	openssh-5.8p1-getaddrinfo.patch
	45	openssh-5.8p1-packet.patch
	46	openssh-5.9p1-2auth.patch
	47	openssh-5.9p1-role.patch
	48	openssh-5.9p1-mls.patch
	49	openssh-5.9p1-sftp-chroot.patch
	50	openssh-5.9p1-akc.patch
	51	openssh-5.9p1-keygen.patch
802ea3af	52	openssh-5.2p1-allow-ip-opts.patch
9d8fd3ad SS	53	openssh-5.9p1-randclean.patch
	54	openssh-5.8p1-keyperm.patch
	55	openssh-5.8p2-remove-stale-control-socket.patch
	56	openssh-5.9p1-ipv6man.patch
	57	openssh-5.8p2-sigpipe.patch
	58	openssh-5.8p2-askpass-ld.patch
802ea3af MT	59	openssh-5.5p1-x11.patch
	60	openssh-5.6p1-exit-deadlock.patch
	61	openssh-5.1p1-askpass-progress.patch
	62	openssh-4.3p2-askpass-grab-info.patch
9d8fd3ad	63	openssh-5.9p1-edns.patch
802ea3af	64	openssh-5.1p1-scp-manpage.patch
9d8fd3ad SS	65	openssh-5.8p1-localdomain.patch
	66	openssh-5.9p1-ipfire.patch
	67	openssh-5.9p1-entropy.patch
	68	openssh-5.9p1-vendor.patch
	69	openssh-5.8p2-force_krb.patch
	70	openssh-5.9p1-kuserok.patch
802ea3af	71	end
ba2e7991	72
802ea3af	73	configure_options += \
e78de92e MT	74	--sysconfdir=%{sysconfdir}/ssh \
	75	--datadir=%{datadir}/sshd \
	76	--libexecdir=%{libdir}/openssh \
	77	--with-default-path=/usr/local/bin:/bin:/usr/bin \
	78	--with-superuser-path=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin \
	79	--with-privsep-path=/var/empty/sshd \
	80	--enable-vendor-patchlevel="%{DISTRO_NAME} %{thisver}" \
	81	--disable-strip \
	82	--with-ssl-engine \
	83	--with-authorized-keys-command \
	84	--with-ipaddr-display \
	85	--with-ldap \
802ea3af	86	--with-pam \
e78de92e	87	--with-libedit \
802ea3af	88	--with-selinux \
802ea3af	89	--with-audit=linux
b771887d	90
9d8fd3ad	91	prepare_cmds
e78de92e	92	autoreconf -vfi
9d8fd3ad SS	93	end
9d8fd3ad SS	94
802ea3af	95	install_cmds
cdfe238b MT	96	# Disable GSS API authentication because KRB5 is required for that.
cdfe238b MT	97	sed -e "s/^.*GSSAPIAuthentication/#&/" -i %{BUILDROOT}/etc/ssh/ssh_config
99c42052	98
802ea3af	99	# Install scriptfile for key generation
e78de92e MT	100	mkdir -pv %{BUILDROOT}%{sbindir}
	101	install -m 754 %{DIR_SOURCE}/sshd-keygen %{BUILDROOT}%{sbindir}
	102
	103	# Install ssh-copy-id.
	104	install -m755 contrib/ssh-copy-id %{BUILDROOT}%{bindir}
	105	install contrib/ssh-copy-id.1 %{BUILDROOT}%{mandir}/man1/
802ea3af MT	106	end
802ea3af MT	107	end
99c42052	108
802ea3af MT	109	packages
802ea3af MT	110	package openssh
e78de92e MT	111	prerequires
	112	shadow-utils
	113	end
	114
802ea3af	115	requires
e78de92e MT	116	openssh-clients = %{thisver}
	117	openssh-server = %{thisver}
	118	end
	119
	120	configfiles
	121	%{sysconfdir}/ssh/moduli
	122	end
	123
	124	script prein
eccf0dae	125	getent group ssh_keys >/dev/null \|\| groupadd -r ssh_keys
802ea3af MT	126	end
802ea3af MT	127	end
1f9bc2f0	128
802ea3af MT	129	package openssh-clients
	130	summary = OpenSSH client applications.
	131	description = %{summary}
1f9bc2f0	132
e78de92e MT	133	requires = openssh = %{thisver}
e78de92e MT	134
802ea3af	135	files
e78de92e MT	136	%{sysconfdir}/ssh/ssh_config
	137	%{bindir}/scp
	138	%{bindir}/sftp
	139	%{bindir}/slogin
	140	%{bindir}/ssh
	141	%{bindir}/ssh-add
	142	%{bindir}/ssh-agent
	143	%{bindir}/ssh-copy-id
	144	%{bindir}/ssh-keyscan
	145	%{libdir}/openssh/ssh-pkcs11-helper
	146	%{mandir}/man1/scp.1*
	147	%{mandir}/man1/sftp.1*
	148	%{mandir}/man1/slogin.1*
	149	%{mandir}/man1/ssh-add.1*
	150	%{mandir}/man1/ssh-agent.1*
	151	%{mandir}/man1/ssh-copy-id.1*
	152	%{mandir}/man1/ssh-keyscan.1*
	153	%{mandir}/man1/ssh.1*
	154	%{mandir}/man5/ssh_config.5*
	155	%{mandir}/man8/ssh-pkcs11-helper.8*
802ea3af	156	end
cdfe238b MT	157
cdfe238b MT	158	configfiles
e78de92e	159	%{sysconfdir}/ssh/ssh_config
cdfe238b	160	end
802ea3af	161	end
1f9bc2f0	162
802ea3af MT	163	package openssh-server
	164	summary = OpenSSH server applications.
	165	description = %{summary}
1f9bc2f0	166
e78de92e	167	requires = openssh = %{thisver}
1f9bc2f0	168
802ea3af	169	files
e78de92e MT	170	%{sysconfdir}/pam.d/sshd
	171	%{sysconfdir}/ssh/sshd_config
	172	/lib/systemd
	173	%{libdir}/openssh/sftp-server
	174	%{sbindir}/sshd-keygen
	175	%{sbindir}/sshd
	176	%{mandir}/man5/sshd_config.5*
	177	%{mandir}/man5/moduli.5*
	178	%{mandir}/man8/sshd.8*
	179	%{mandir}/man8/sftp-server.8*
	180	/var/empty/sshd
802ea3af	181	end
65de838d	182
cdfe238b	183	configfiles
e78de92e	184	%{sysconfdir}/ssh/sshd_config
cdfe238b MT	185	end
cdfe238b MT	186
4d26274c SS	187	prerequires
	188	shadow-utils
	189	systemd-units
	190	end
65de838d MT	191
65de838d MT	192	script prein
802ea3af	193	# Create unprivileged user and group.
e78de92e MT	194	getent group sshd >/dev/null \|\| groupadd -r sshd
	195	getent passwd sshd >/dev/null \|\| useradd -r -g sshd \
	196	-c "Privilege-separated SSH" \
	197	-d /var/empty/sshd -s /sbin/nologin sshd
802ea3af	198	end
65de838d MT	199
	200	script postin
	201	/bin/systemctl daemon-reload >/dev/null 2>&1 \|\| :
	202	end
	203
	204	script preun
e78de92e	205	/bin/systemctl --no-reload disable sshd.service >/dev/null 2>&1 \|\| :
e78de92e	206	/bin/systemctl stop sshd.service >/dev/null 2>&1 \|\| :
65de838d MT	207	end
	208
	209	script postun
	210	/bin/systemctl daemon-reload >/dev/null 2>&1 \|\| :
	211	end
	212
	213	script postup
	214	/bin/systemctl daemon-reload >/dev/null 2>&1 \|\| :
e78de92e MT	215
	216	/bin/systemctl try-restart sshd.service >/dev/null 2>&1 \|\| :
	217	/bin/systemctl try-restart sshd-keygen.service >/dev/null 2>&1 \|\| :
65de838d	218	end
802ea3af	219	end
1f9bc2f0 MT	220
	221	package %{name}-debuginfo
	222	template DEBUGINFO
	223	end
802ea3af	224	end