[people/ms/ipfire-3.x.git] / openssh / openssh.nm

###############################################################################
# IPFire.org    - An Open Source Firewall Solution                            #
# Copyright (C) - IPFire Development Team <info@ipfire.org>                   #
###############################################################################

name       = openssh
version    = 6.1p1
release    = 1

groups     = Application/Internet
url        = http://www.openssh.com/portable.html
license    = MIT
summary    = An open source implementation of SSH protocol versions 1 and 2.

description
	SSH (Secure SHell) is a program for logging into and executing
	commands on a remote machine. SSH is intended to replace rlogin and
	rsh, and to provide secure encrypted communications between two
	untrusted hosts over an insecure network.
end

source_dl  = http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/

build
	requires
		audit-devel
		autoconf
		automake
		groff
		libedit-devel
		libselinux-devel
		ncurses-devel
		openldap-devel
		openssl-devel >= 1.0.0d-2
		pam-devel
		util-linux
		zlib-devel
	end

	# Apply patches in a special order
	patches
		openssh-6.1p1-coverity.patch
		openssh-5.8p1-fingerprint.patch
		openssh-5.8p1-getaddrinfo.patch
		openssh-5.8p1-packet.patch
		openssh-6.1p1-authenticationmethods.patch
		openssh-6.1p1-role-mls.patch
		openssh-5.9p1-sftp-chroot.patch
		openssh-6.1p1-akc.patch
		openssh-5.2p1-allow-ip-opts.patch
		openssh-5.9p1-randclean.patch
		openssh-5.8p1-keyperm.patch
		openssh-5.8p2-remove-stale-control-socket.patch
		openssh-5.9p1-ipv6man.patch
		openssh-5.8p2-sigpipe.patch
		openssh-6.1p1-askpass-ld.patch
		openssh-5.5p1-x11.patch
		openssh-5.6p1-exit-deadlock.patch
		openssh-5.1p1-askpass-progress.patch
		openssh-4.3p2-askpass-grab-info.patch
		openssh-5.9p1-edns.patch
		openssh-5.1p1-scp-manpage.patch
		openssh-5.8p1-localdomain.patch
		openssh-5.9p1-ipfire.patch
		openssh-6.0p1-entropy.patch
		openssh-6.1p1-vendor.patch
		openssh-5.8p2-force_krb.patch
		openssh-6.1p1-kuserok.patch
		openssh-6.1p1-required-authentications.patch
	end

	configure_options += \
		--sysconfdir=%{sysconfdir}/ssh \
		--datadir=%{datadir}/sshd \
		--libexecdir=%{libdir}/openssh \
		--with-default-path=/usr/local/bin:/bin:/usr/bin \
		--with-superuser-path=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin \
		--with-privsep-path=/var/empty/sshd \
		--enable-vendor-patchlevel="%{DISTRO_NAME} %{thisver}" \
		--disable-strip \
		--with-ssl-engine \
		--with-authorized-keys-command \
		--with-ipaddr-display \
		--with-pam \
		--with-libedit \
		--with-selinux \
		--with-audit=linux

	prepare_cmds
		autoreconf -vfi
	end

	install_cmds
		# Disable GSS API authentication because KRB5 is required for that.
		sed -e "s/^.*GSSAPIAuthentication/#&/" -i %{BUILDROOT}/etc/ssh/ssh_config

		# Install scriptfile for key generation
		mkdir -pv %{BUILDROOT}%{sbindir}
		install -m 754 %{DIR_SOURCE}/sshd-keygen %{BUILDROOT}%{sbindir}

		# Install ssh-copy-id.
		install -m755 contrib/ssh-copy-id %{BUILDROOT}%{bindir}
		install contrib/ssh-copy-id.1 %{BUILDROOT}%{mandir}/man1/
	end
end

packages
	package openssh
		prerequires
			shadow-utils
		end

		configfiles
			%{sysconfdir}/ssh/moduli
		end

		script prein
			getent group ssh_keys >/dev/null || groupadd -r ssh_keys
		end
	end

	package openssh-clients
		summary = OpenSSH client applications.
		description = %{summary}

		requires = openssh = %{thisver}

		files
			%{sysconfdir}/ssh/ssh_config
			%{bindir}/scp
			%{bindir}/sftp
			%{bindir}/slogin
			%{bindir}/ssh
			%{bindir}/ssh-add
			%{bindir}/ssh-agent
			%{bindir}/ssh-copy-id
			%{bindir}/ssh-keyscan
			%{libdir}/openssh/ssh-pkcs11-helper
			%{mandir}/man1/scp.1*
			%{mandir}/man1/sftp.1*
			%{mandir}/man1/slogin.1*
			%{mandir}/man1/ssh-add.1*
			%{mandir}/man1/ssh-agent.1*
			%{mandir}/man1/ssh-copy-id.1*
			%{mandir}/man1/ssh-keyscan.1*
			%{mandir}/man1/ssh.1*
			%{mandir}/man5/ssh_config.5*
			%{mandir}/man8/ssh-pkcs11-helper.8*
		end

		configfiles
			%{sysconfdir}/ssh/ssh_config
		end
	end

	package openssh-server
		summary = OpenSSH server applications.
		description = %{summary}

		requires
			audit
			openssh = %{thisver}
		end

		files
			%{sysconfdir}/pam.d/sshd
			%{sysconfdir}/ssh/sshd_config
			%{unitdir}/sshd.service
			%{unitdir}/sshd-keygen.service
			%{libdir}/openssh/sftp-server
			%{sbindir}/sshd-keygen
			%{sbindir}/sshd
			%{mandir}/man5/sshd_config.5*
			%{mandir}/man5/moduli.5*
			%{mandir}/man8/sshd.8*
			%{mandir}/man8/sftp-server.8*
			/var/empty/sshd
		end

		configfiles
			%{sysconfdir}/ssh/sshd_config
		end

		prerequires
			shadow-utils
			systemd-units
		end

		script prein
			# Create unprivileged user and group.
			getent group sshd >/dev/null || groupadd -r sshd
			getent passwd sshd >/dev/null || useradd -r -g sshd \
				-c "Privilege-separated SSH" \
				-d /var/empty/sshd -s /sbin/nologin sshd
		end

		script postin
			/bin/systemctl daemon-reload >/dev/null 2>&1 || :
		end

		script preun
			/bin/systemctl --no-reload disable sshd.service >/dev/null 2>&1 || :
			/bin/systemctl stop sshd.service >/dev/null 2>&1 || :
		end

		script postun
			/bin/systemctl daemon-reload >/dev/null 2>&1 || :
		end

		script postup
			/bin/systemctl daemon-reload >/dev/null 2>&1 || :

			/bin/systemctl try-restart sshd.service >/dev/null 2>&1 || :
			/bin/systemctl try-restart sshd-keygen.service >/dev/null 2>&1 || :
		end
	end

	package %{name}-debuginfo
		template DEBUGINFO
	end
end
Commit	Line	Data
8b63a194	1	###############################################################################
802ea3af MT	2	# IPFire.org - An Open Source Firewall Solution #
802ea3af MT	3	# Copyright (C) - IPFire Development Team <info@ipfire.org> #
8b63a194	4	###############################################################################
8b63a194	5
802ea3af	6	name = openssh
43c69e28 SS	7	version = 6.1p1
43c69e28 SS	8	release = 1
8b63a194	9
802ea3af MT	10	groups = Application/Internet
	11	url = http://www.openssh.com/portable.html
	12	license = MIT
	13	summary = An open source implementation of SSH protocol versions 1 and 2.
8b63a194	14
802ea3af	15	description
9d8fd3ad SS	16	SSH (Secure SHell) is a program for logging into and executing
	17	commands on a remote machine. SSH is intended to replace rlogin and
	18	rsh, and to provide secure encrypted communications between two
8b63a194	19	untrusted hosts over an insecure network.
802ea3af	20	end
8b63a194	21
9d8fd3ad	22	source_dl = http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/
8b63a194	23
802ea3af MT	24	build
	25	requires
	26	audit-devel
9d8fd3ad SS	27	autoconf
9d8fd3ad SS	28	automake
e78de92e MT	29	groff
e78de92e MT	30	libedit-devel
802ea3af	31	libselinux-devel
e78de92e MT	32	ncurses-devel
	33	openldap-devel
	34	openssl-devel >= 1.0.0d-2
802ea3af	35	pam-devel
e78de92e	36	util-linux
802ea3af MT	37	zlib-devel
802ea3af MT	38	end
ba2e7991	39
802ea3af MT	40	# Apply patches in a special order
802ea3af MT	41	patches
43c69e28	42	openssh-6.1p1-coverity.patch
802ea3af	43	openssh-5.8p1-fingerprint.patch
9d8fd3ad SS	44	openssh-5.8p1-getaddrinfo.patch
9d8fd3ad SS	45	openssh-5.8p1-packet.patch
43c69e28 SS	46	openssh-6.1p1-authenticationmethods.patch
43c69e28 SS	47	openssh-6.1p1-role-mls.patch
9d8fd3ad	48	openssh-5.9p1-sftp-chroot.patch
43c69e28	49	openssh-6.1p1-akc.patch
802ea3af	50	openssh-5.2p1-allow-ip-opts.patch
9d8fd3ad SS	51	openssh-5.9p1-randclean.patch
	52	openssh-5.8p1-keyperm.patch
	53	openssh-5.8p2-remove-stale-control-socket.patch
	54	openssh-5.9p1-ipv6man.patch
	55	openssh-5.8p2-sigpipe.patch
43c69e28	56	openssh-6.1p1-askpass-ld.patch
802ea3af MT	57	openssh-5.5p1-x11.patch
	58	openssh-5.6p1-exit-deadlock.patch
	59	openssh-5.1p1-askpass-progress.patch
	60	openssh-4.3p2-askpass-grab-info.patch
9d8fd3ad	61	openssh-5.9p1-edns.patch
802ea3af	62	openssh-5.1p1-scp-manpage.patch
9d8fd3ad SS	63	openssh-5.8p1-localdomain.patch
9d8fd3ad SS	64	openssh-5.9p1-ipfire.patch
43c69e28 SS	65	openssh-6.0p1-entropy.patch
43c69e28 SS	66	openssh-6.1p1-vendor.patch
9d8fd3ad	67	openssh-5.8p2-force_krb.patch
43c69e28 SS	68	openssh-6.1p1-kuserok.patch
43c69e28 SS	69	openssh-6.1p1-required-authentications.patch
802ea3af	70	end
ba2e7991	71
802ea3af	72	configure_options += \
e78de92e MT	73	--sysconfdir=%{sysconfdir}/ssh \
	74	--datadir=%{datadir}/sshd \
	75	--libexecdir=%{libdir}/openssh \
	76	--with-default-path=/usr/local/bin:/bin:/usr/bin \
	77	--with-superuser-path=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin \
	78	--with-privsep-path=/var/empty/sshd \
	79	--enable-vendor-patchlevel="%{DISTRO_NAME} %{thisver}" \
	80	--disable-strip \
	81	--with-ssl-engine \
	82	--with-authorized-keys-command \
	83	--with-ipaddr-display \
802ea3af	84	--with-pam \
e78de92e	85	--with-libedit \
802ea3af	86	--with-selinux \
802ea3af	87	--with-audit=linux
b771887d	88
9d8fd3ad	89	prepare_cmds
e78de92e	90	autoreconf -vfi
9d8fd3ad SS	91	end
9d8fd3ad SS	92
802ea3af	93	install_cmds
cdfe238b MT	94	# Disable GSS API authentication because KRB5 is required for that.
cdfe238b MT	95	sed -e "s/^.*GSSAPIAuthentication/#&/" -i %{BUILDROOT}/etc/ssh/ssh_config
99c42052	96
802ea3af	97	# Install scriptfile for key generation
e78de92e MT	98	mkdir -pv %{BUILDROOT}%{sbindir}
	99	install -m 754 %{DIR_SOURCE}/sshd-keygen %{BUILDROOT}%{sbindir}
	100
	101	# Install ssh-copy-id.
	102	install -m755 contrib/ssh-copy-id %{BUILDROOT}%{bindir}
	103	install contrib/ssh-copy-id.1 %{BUILDROOT}%{mandir}/man1/
802ea3af MT	104	end
802ea3af MT	105	end
99c42052	106
802ea3af MT	107	packages
802ea3af MT	108	package openssh
e78de92e MT	109	prerequires
	110	shadow-utils
	111	end
	112
e78de92e MT	113	configfiles
	114	%{sysconfdir}/ssh/moduli
	115	end
	116
	117	script prein
eccf0dae	118	getent group ssh_keys >/dev/null \|\| groupadd -r ssh_keys
802ea3af MT	119	end
802ea3af MT	120	end
1f9bc2f0	121
802ea3af MT	122	package openssh-clients
	123	summary = OpenSSH client applications.
	124	description = %{summary}
1f9bc2f0	125
e78de92e MT	126	requires = openssh = %{thisver}
e78de92e MT	127
802ea3af	128	files
e78de92e MT	129	%{sysconfdir}/ssh/ssh_config
	130	%{bindir}/scp
	131	%{bindir}/sftp
	132	%{bindir}/slogin
	133	%{bindir}/ssh
	134	%{bindir}/ssh-add
	135	%{bindir}/ssh-agent
	136	%{bindir}/ssh-copy-id
	137	%{bindir}/ssh-keyscan
	138	%{libdir}/openssh/ssh-pkcs11-helper
	139	%{mandir}/man1/scp.1*
	140	%{mandir}/man1/sftp.1*
	141	%{mandir}/man1/slogin.1*
	142	%{mandir}/man1/ssh-add.1*
	143	%{mandir}/man1/ssh-agent.1*
	144	%{mandir}/man1/ssh-copy-id.1*
	145	%{mandir}/man1/ssh-keyscan.1*
	146	%{mandir}/man1/ssh.1*
	147	%{mandir}/man5/ssh_config.5*
	148	%{mandir}/man8/ssh-pkcs11-helper.8*
802ea3af	149	end
cdfe238b MT	150
cdfe238b MT	151	configfiles
e78de92e	152	%{sysconfdir}/ssh/ssh_config
cdfe238b	153	end
802ea3af	154	end
1f9bc2f0	155
802ea3af MT	156	package openssh-server
	157	summary = OpenSSH server applications.
	158	description = %{summary}
1f9bc2f0	159
23a87d82 MT	160	requires
	161	audit
	162	openssh = %{thisver}
	163	end
1f9bc2f0	164
802ea3af	165	files
e78de92e MT	166	%{sysconfdir}/pam.d/sshd
e78de92e MT	167	%{sysconfdir}/ssh/sshd_config
839658bf	168	%{unitdir}/sshd.service
43c69e28	169	%{unitdir}/sshd-keygen.service
e78de92e MT	170	%{libdir}/openssh/sftp-server
	171	%{sbindir}/sshd-keygen
	172	%{sbindir}/sshd
	173	%{mandir}/man5/sshd_config.5*
	174	%{mandir}/man5/moduli.5*
	175	%{mandir}/man8/sshd.8*
	176	%{mandir}/man8/sftp-server.8*
	177	/var/empty/sshd
802ea3af	178	end
65de838d	179
cdfe238b	180	configfiles
e78de92e	181	%{sysconfdir}/ssh/sshd_config
cdfe238b MT	182	end
cdfe238b MT	183
4d26274c SS	184	prerequires
	185	shadow-utils
	186	systemd-units
	187	end
65de838d MT	188
65de838d MT	189	script prein
802ea3af	190	# Create unprivileged user and group.
e78de92e MT	191	getent group sshd >/dev/null \|\| groupadd -r sshd
	192	getent passwd sshd >/dev/null \|\| useradd -r -g sshd \
	193	-c "Privilege-separated SSH" \
	194	-d /var/empty/sshd -s /sbin/nologin sshd
802ea3af	195	end
65de838d MT	196
	197	script postin
	198	/bin/systemctl daemon-reload >/dev/null 2>&1 \|\| :
	199	end
	200
	201	script preun
e78de92e	202	/bin/systemctl --no-reload disable sshd.service >/dev/null 2>&1 \|\| :
e78de92e	203	/bin/systemctl stop sshd.service >/dev/null 2>&1 \|\| :
65de838d MT	204	end
	205
	206	script postun
	207	/bin/systemctl daemon-reload >/dev/null 2>&1 \|\| :
	208	end
	209
	210	script postup
	211	/bin/systemctl daemon-reload >/dev/null 2>&1 \|\| :
e78de92e MT	212
	213	/bin/systemctl try-restart sshd.service >/dev/null 2>&1 \|\| :
	214	/bin/systemctl try-restart sshd-keygen.service >/dev/null 2>&1 \|\| :
65de838d	215	end
802ea3af	216	end
1f9bc2f0 MT	217
	218	package %{name}-debuginfo
	219	template DEBUGINFO
	220	end
802ea3af	221	end