[people/arne_f/ipfire-3.x.git] / openssh / openssh.nm

###############################################################################
# IPFire.org    - An Open Source Firewall Solution                            #
# Copyright (C) - IPFire Development Team <info@ipfire.org>                   #
###############################################################################

name       = openssh
version    = 6.8p1
release    = 1

groups     = Application/Internet
url        = http://www.openssh.com/portable.html
license    = MIT
summary    = An open source implementation of SSH protocol versions 1 and 2.

description
	SSH (Secure SHell) is a program for logging into and executing
	commands on a remote machine. SSH is intended to replace rlogin and
	rsh, and to provide secure encrypted communications between two
	untrusted hosts over an insecure network.
end

source_dl  = http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/

build
	requires
		audit-devel
		autoconf
		automake
		groff
		libedit-devel
		libselinux-devel
		ncurses-devel
		openldap-devel
		openssl-devel >= 1.0.0d-2
		pam-devel
		util-linux
		zlib-devel
	end

	configure_options += \
		--sysconfdir=%{sysconfdir}/ssh \
		--datadir=%{datadir}/sshd \
		--libexecdir=%{libdir}/openssh \
		--with-default-path=/usr/local/bin:/bin:/usr/bin \
		--with-superuser-path=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin \
		--with-privsep-path=/var/empty/sshd \
		--enable-vendor-patchlevel="%{DISTRO_NAME} %{thisver}" \
		--disable-strip \
		--with-ssl-engine \
		--with-authorized-keys-command \
		--with-ipaddr-display \
		--with-pam \
		--with-libedit \
		--with-selinux \
		--with-audit=linux

	prepare_cmds
		autoreconf -vfi
	end

	install_cmds
		# Disable GSS API authentication because KRB5 is required for that.
		sed -e "s/^.*GSSAPIAuthentication/#&/" -i %{BUILDROOT}/etc/ssh/ssh_config

		# Enable PAM usage, disable ChallengeResponseAuthentication and disable Motd.
		sed \
			-e '/^#ChallengeResponseAuthentication yes$/c ChallengeResponseAuthentication no' \
			-e '/^#PrintMotd yes$/c PrintMotd no' \
			-e '/^#UsePAM no$/c UsePAM yes' \
			-i %{BUILDROOT}/etc/ssh/sshd_config

		# Install scriptfile for key generation
		mkdir -pv %{BUILDROOT}%{sbindir}
		install -m 754 %{DIR_SOURCE}/sshd-keygen %{BUILDROOT}%{sbindir}

		# Install ssh-copy-id.
		install -m755 contrib/ssh-copy-id %{BUILDROOT}%{bindir}
		install contrib/ssh-copy-id.1 %{BUILDROOT}%{mandir}/man1/
	end
end

packages
	package openssh
		prerequires
			shadow-utils
		end

		configfiles
			%{sysconfdir}/ssh/moduli
		end

		script prein
			getent group ssh_keys >/dev/null || groupadd -r ssh_keys
		end
	end

	package openssh-clients
		summary = OpenSSH client applications.
		description = %{summary}

		requires = openssh = %{thisver}

		files
			%{sysconfdir}/ssh/ssh_config
			%{bindir}/scp
			%{bindir}/sftp
			%{bindir}/slogin
			%{bindir}/ssh
			%{bindir}/ssh-add
			%{bindir}/ssh-agent
			%{bindir}/ssh-copy-id
			%{bindir}/ssh-keyscan
			%{libdir}/openssh/ssh-pkcs11-helper
			%{mandir}/man1/scp.1*
			%{mandir}/man1/sftp.1*
			%{mandir}/man1/slogin.1*
			%{mandir}/man1/ssh-add.1*
			%{mandir}/man1/ssh-agent.1*
			%{mandir}/man1/ssh-copy-id.1*
			%{mandir}/man1/ssh-keyscan.1*
			%{mandir}/man1/ssh.1*
			%{mandir}/man5/ssh_config.5*
			%{mandir}/man8/ssh-pkcs11-helper.8*
		end

		configfiles
			%{sysconfdir}/ssh/ssh_config
		end
	end

	package openssh-server
		summary = OpenSSH server applications.
		description = %{summary}

		requires
			audit
			openssh = %{thisver}
		end

		files
			%{sysconfdir}/pam.d/sshd
			%{sysconfdir}/ssh/sshd_config
			%{unitdir}/sshd.service
			%{unitdir}/sshd-keygen.service
			%{libdir}/openssh/sftp-server
			%{sbindir}/sshd-keygen
			%{sbindir}/sshd
			%{mandir}/man5/sshd_config.5*
			%{mandir}/man5/moduli.5*
			%{mandir}/man8/sshd.8*
			%{mandir}/man8/sftp-server.8*
			/var/empty/sshd
		end

		configfiles
			%{sysconfdir}/ssh/sshd_config
		end

		prerequires
			shadow-utils
			systemd-units
		end

		script prein
			# Create unprivileged user and group.
			getent group sshd >/dev/null || groupadd -r sshd
			getent passwd sshd >/dev/null || useradd -r -g sshd \
				-c "Privilege-separated SSH" \
				-d /var/empty/sshd -s /sbin/nologin sshd
		end

		script postin
			/bin/systemctl daemon-reload >/dev/null 2>&1 || :
		end

		script preun
			/bin/systemctl --no-reload disable sshd.service >/dev/null 2>&1 || :
			/bin/systemctl stop sshd.service >/dev/null 2>&1 || :
		end

		script postun
			/bin/systemctl daemon-reload >/dev/null 2>&1 || :
		end

		script postup
			/bin/systemctl daemon-reload >/dev/null 2>&1 || :

			/bin/systemctl try-restart sshd.service >/dev/null 2>&1 || :
			/bin/systemctl try-restart sshd-keygen.service >/dev/null 2>&1 || :
		end
	end

	package %{name}-debuginfo
		template DEBUGINFO
	end
end
Commit	Line	Data
8b63a194	1	###############################################################################
802ea3af MT	2	# IPFire.org - An Open Source Firewall Solution #
802ea3af MT	3	# Copyright (C) - IPFire Development Team <info@ipfire.org> #
8b63a194	4	###############################################################################
8b63a194	5
802ea3af	6	name = openssh
17d728c8	7	version = 6.8p1
43c69e28	8	release = 1
8b63a194	9
802ea3af MT	10	groups = Application/Internet
	11	url = http://www.openssh.com/portable.html
	12	license = MIT
	13	summary = An open source implementation of SSH protocol versions 1 and 2.
8b63a194	14
802ea3af	15	description
9d8fd3ad SS	16	SSH (Secure SHell) is a program for logging into and executing
	17	commands on a remote machine. SSH is intended to replace rlogin and
	18	rsh, and to provide secure encrypted communications between two
8b63a194	19	untrusted hosts over an insecure network.
802ea3af	20	end
8b63a194	21
9d8fd3ad	22	source_dl = http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/
8b63a194	23
802ea3af MT	24	build
	25	requires
	26	audit-devel
9d8fd3ad SS	27	autoconf
9d8fd3ad SS	28	automake
e78de92e MT	29	groff
e78de92e MT	30	libedit-devel
802ea3af	31	libselinux-devel
e78de92e MT	32	ncurses-devel
	33	openldap-devel
	34	openssl-devel >= 1.0.0d-2
802ea3af	35	pam-devel
e78de92e	36	util-linux
802ea3af MT	37	zlib-devel
802ea3af MT	38	end
ba2e7991	39
802ea3af	40	configure_options += \
e78de92e MT	41	--sysconfdir=%{sysconfdir}/ssh \
	42	--datadir=%{datadir}/sshd \
	43	--libexecdir=%{libdir}/openssh \
	44	--with-default-path=/usr/local/bin:/bin:/usr/bin \
	45	--with-superuser-path=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin \
	46	--with-privsep-path=/var/empty/sshd \
	47	--enable-vendor-patchlevel="%{DISTRO_NAME} %{thisver}" \
	48	--disable-strip \
	49	--with-ssl-engine \
	50	--with-authorized-keys-command \
	51	--with-ipaddr-display \
802ea3af	52	--with-pam \
e78de92e	53	--with-libedit \
802ea3af	54	--with-selinux \
802ea3af	55	--with-audit=linux
b771887d	56
9d8fd3ad	57	prepare_cmds
e78de92e	58	autoreconf -vfi
9d8fd3ad SS	59	end
9d8fd3ad SS	60
802ea3af	61	install_cmds
cdfe238b MT	62	# Disable GSS API authentication because KRB5 is required for that.
cdfe238b MT	63	sed -e "s/^.*GSSAPIAuthentication/#&/" -i %{BUILDROOT}/etc/ssh/ssh_config
99c42052	64
17d728c8 SS	65	# Enable PAM usage, disable ChallengeResponseAuthentication and disable Motd.
	66	sed \
	67	-e '/^#ChallengeResponseAuthentication yes$/c ChallengeResponseAuthentication no' \
	68	-e '/^#PrintMotd yes$/c PrintMotd no' \
	69	-e '/^#UsePAM no$/c UsePAM yes' \
	70	-i %{BUILDROOT}/etc/ssh/sshd_config
	71
802ea3af	72	# Install scriptfile for key generation
e78de92e MT	73	mkdir -pv %{BUILDROOT}%{sbindir}
	74	install -m 754 %{DIR_SOURCE}/sshd-keygen %{BUILDROOT}%{sbindir}
	75
	76	# Install ssh-copy-id.
	77	install -m755 contrib/ssh-copy-id %{BUILDROOT}%{bindir}
	78	install contrib/ssh-copy-id.1 %{BUILDROOT}%{mandir}/man1/
802ea3af MT	79	end
802ea3af MT	80	end
99c42052	81
802ea3af MT	82	packages
802ea3af MT	83	package openssh
e78de92e MT	84	prerequires
	85	shadow-utils
	86	end
	87
e78de92e MT	88	configfiles
	89	%{sysconfdir}/ssh/moduli
	90	end
	91
	92	script prein
eccf0dae	93	getent group ssh_keys >/dev/null \|\| groupadd -r ssh_keys
802ea3af MT	94	end
802ea3af MT	95	end
1f9bc2f0	96
802ea3af MT	97	package openssh-clients
	98	summary = OpenSSH client applications.
	99	description = %{summary}
1f9bc2f0	100
e78de92e MT	101	requires = openssh = %{thisver}
e78de92e MT	102
802ea3af	103	files
e78de92e MT	104	%{sysconfdir}/ssh/ssh_config
	105	%{bindir}/scp
	106	%{bindir}/sftp
	107	%{bindir}/slogin
	108	%{bindir}/ssh
	109	%{bindir}/ssh-add
	110	%{bindir}/ssh-agent
	111	%{bindir}/ssh-copy-id
	112	%{bindir}/ssh-keyscan
	113	%{libdir}/openssh/ssh-pkcs11-helper
	114	%{mandir}/man1/scp.1*
	115	%{mandir}/man1/sftp.1*
	116	%{mandir}/man1/slogin.1*
	117	%{mandir}/man1/ssh-add.1*
	118	%{mandir}/man1/ssh-agent.1*
	119	%{mandir}/man1/ssh-copy-id.1*
	120	%{mandir}/man1/ssh-keyscan.1*
	121	%{mandir}/man1/ssh.1*
	122	%{mandir}/man5/ssh_config.5*
	123	%{mandir}/man8/ssh-pkcs11-helper.8*
802ea3af	124	end
cdfe238b MT	125
cdfe238b MT	126	configfiles
e78de92e	127	%{sysconfdir}/ssh/ssh_config
cdfe238b	128	end
802ea3af	129	end
1f9bc2f0	130
802ea3af MT	131	package openssh-server
	132	summary = OpenSSH server applications.
	133	description = %{summary}
1f9bc2f0	134
23a87d82 MT	135	requires
	136	audit
	137	openssh = %{thisver}
	138	end
1f9bc2f0	139
802ea3af	140	files
e78de92e MT	141	%{sysconfdir}/pam.d/sshd
e78de92e MT	142	%{sysconfdir}/ssh/sshd_config
839658bf	143	%{unitdir}/sshd.service
43c69e28	144	%{unitdir}/sshd-keygen.service
e78de92e MT	145	%{libdir}/openssh/sftp-server
	146	%{sbindir}/sshd-keygen
	147	%{sbindir}/sshd
	148	%{mandir}/man5/sshd_config.5*
	149	%{mandir}/man5/moduli.5*
	150	%{mandir}/man8/sshd.8*
	151	%{mandir}/man8/sftp-server.8*
	152	/var/empty/sshd
802ea3af	153	end
65de838d	154
cdfe238b	155	configfiles
e78de92e	156	%{sysconfdir}/ssh/sshd_config
cdfe238b MT	157	end
cdfe238b MT	158
4d26274c SS	159	prerequires
	160	shadow-utils
	161	systemd-units
	162	end
65de838d MT	163
65de838d MT	164	script prein
802ea3af	165	# Create unprivileged user and group.
e78de92e MT	166	getent group sshd >/dev/null \|\| groupadd -r sshd
	167	getent passwd sshd >/dev/null \|\| useradd -r -g sshd \
	168	-c "Privilege-separated SSH" \
	169	-d /var/empty/sshd -s /sbin/nologin sshd
802ea3af	170	end
65de838d MT	171
	172	script postin
	173	/bin/systemctl daemon-reload >/dev/null 2>&1 \|\| :
	174	end
	175
	176	script preun
e78de92e	177	/bin/systemctl --no-reload disable sshd.service >/dev/null 2>&1 \|\| :
e78de92e	178	/bin/systemctl stop sshd.service >/dev/null 2>&1 \|\| :
65de838d MT	179	end
	180
	181	script postun
	182	/bin/systemctl daemon-reload >/dev/null 2>&1 \|\| :
	183	end
	184
	185	script postup
	186	/bin/systemctl daemon-reload >/dev/null 2>&1 \|\| :
e78de92e MT	187
	188	/bin/systemctl try-restart sshd.service >/dev/null 2>&1 \|\| :
	189	/bin/systemctl try-restart sshd-keygen.service >/dev/null 2>&1 \|\| :
65de838d	190	end
802ea3af	191	end
1f9bc2f0 MT	192
	193	package %{name}-debuginfo
	194	template DEBUGINFO
	195	end
802ea3af	196	end