[people/pmueller/ipfire-3.x.git] / openssh / openssh.nm

###############################################################################
# IPFire.org    - An Open Source Firewall Solution                            #
# Copyright (C) - IPFire Development Team <info@ipfire.org>                   #
###############################################################################

name       = openssh
version    = 9.4p1
release    = 1

groups     = Application/Internet
url        = https://www.openssh.com/portable.html
license    = MIT
summary    = An open source implementation of SSH protocol versions 1 and 2.

description
	SSH (Secure SHell) is a program for logging into and executing
	commands on a remote machine. SSH is intended to replace rlogin and
	rsh, and to provide secure encrypted communications between two
	untrusted hosts over an insecure network.
end

source_dl  = https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/

build
	requires
		autoconf
		automake
		groff
		libedit-devel
		ncurses-devel
		openldap-devel
		openssl-devel >= 1.0.2
		pam-devel
		util-linux
		zlib-devel
	end

	configure += \
		--sysconfdir=%{sysconfdir}/ssh \
		--datadir=%{datadir}/sshd \
		--libexecdir=%{libdir}/openssh \
		--with-default-path=/usr/local/bin:/bin:/usr/bin \
		--with-superuser-path=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin \
		--with-privsep-path=%{sharedstatedir}/sshd \
		--disable-strip \
		--with-ssl-engine \
		--with-ipaddr-display \
		--with-pam \
		--with-libedit \
		--without-zlib-version-check

	prepare_cmds
		autoreconf -vfi
	end

	install_cmds
		# Disable GSS API authentication because KRB5 is required for that.
		sed -e "s/^.*GSSAPIAuthentication/#&/" -i %{BUILDROOT}/etc/ssh/ssh_config

		# Enable PAM usage, disable ChallengeResponseAuthentication, enable root login and disable Motd.
		sed \
			-e '/^#ChallengeResponseAuthentication yes$/c ChallengeResponseAuthentication no' \
			-e '/^#PrintMotd yes$/c PrintMotd no' \
			-e '/^#UsePAM no$/c UsePAM yes' \
			-e '/^#PermitRootLogin prohibit-password$/c PermitRootLogin yes' \
			-i %{BUILDROOT}/etc/ssh/sshd_config

		# Install scriptfile for key generation
		mkdir -pv %{BUILDROOT}%{sbindir}
		install -m 755 %{DIR_SOURCE}/sshd-keygen %{BUILDROOT}%{sbindir}

		# Install ssh-copy-id.
		install -m755 contrib/ssh-copy-id %{BUILDROOT}%{bindir}
		install contrib/ssh-copy-id.1 %{BUILDROOT}%{mandir}/man1/
	end
end

packages
	package openssh
		prerequires
			shadow-utils
		end

		configfiles
			%{sysconfdir}/ssh/moduli
		end

		script prein
			getent group ssh_keys >/dev/null || groupadd -r ssh_keys
		end
	end

	package openssh-clients
		summary = OpenSSH client applications.
		description = %{summary}

		requires = openssh = %{thisver}

		files
			%{sysconfdir}/ssh/ssh_config
			%{bindir}/scp
			%{bindir}/sftp
			%{bindir}/slogin
			%{bindir}/ssh
			%{bindir}/ssh-add
			%{bindir}/ssh-agent
			%{bindir}/ssh-copy-id
			%{bindir}/ssh-keyscan
			%{libdir}/openssh/ssh-pkcs11-helper
			%{mandir}/man1/scp.1*
			%{mandir}/man1/sftp.1*
			%{mandir}/man1/slogin.1*
			%{mandir}/man1/ssh-add.1*
			%{mandir}/man1/ssh-agent.1*
			%{mandir}/man1/ssh-copy-id.1*
			%{mandir}/man1/ssh-keyscan.1*
			%{mandir}/man1/ssh.1*
			%{mandir}/man5/ssh_config.5*
			%{mandir}/man8/ssh-pkcs11-helper.8*
		end

		configfiles
			%{sysconfdir}/ssh/ssh_config
		end
	end

	package openssh-server
		summary = OpenSSH server applications.
		description = %{summary}

		requires
			openssh = %{thisver}
		end

		files
			%{sysconfdir}/pam.d/sshd
			%{sysconfdir}/ssh/sshd_config
			%{unitdir}/sshd.service
			%{unitdir}/sshd-keygen.service
			%{unitdir}/sshd@.service
			%{unitdir}/sshd.socket
			%{libdir}/openssh/sftp-server
			%{sbindir}/sshd-keygen
			%{sbindir}/sshd
			%{mandir}/man5/sshd_config.5*
			%{mandir}/man5/moduli.5*
			%{mandir}/man8/sshd.8*
			%{mandir}/man8/sftp-server.8*
			%{sharedstatedir}/sshd
		end

		configfiles
			%{sysconfdir}/ssh/sshd_config
		end

		prerequires
			shadow-utils
			systemd-units
		end

		script prein
			# Create unprivileged user and group.
			getent group sshd >/dev/null || groupadd -r sshd
			getent passwd sshd >/dev/null || useradd -r -g sshd \
				-c "Privilege-separated SSH" \
				-d /var/lib/sshd -s /sbin/nologin sshd
		end

		script postin
			/bin/systemctl daemon-reload >/dev/null 2>&1 || :
		end

		script preun
			/bin/systemctl --no-reload disable sshd.service >/dev/null 2>&1 || :
			/bin/systemctl --no-reload disable sshd.socket
			/bin/systemctl stop sshd.service >/dev/null 2>&1 || :
			/bin/systemctl stop sshd.socket >/dev/null 2>&1 || :
		end

		script postun
			/bin/systemctl daemon-reload >/dev/null 2>&1 || :
		end

		script postup
			# Enable root login.
			sed -e '/^#PermitRootLogin prohibit-password$/c PermitRootLogin yes' \
				-i %{sysconfdir}/ssh/sshd_config

			/bin/systemctl daemon-reload >/dev/null 2>&1 || :

			/bin/systemctl try-restart sshd.service >/dev/null 2>&1 || :
			/bin/systemctl try-restart sshd-keygen.service >/dev/null 2>&1 || :
		end
	end

	package %{name}-debuginfo
		template DEBUGINFO
	end
end
Commit	Line	Data
8b63a194	1	###############################################################################
802ea3af MT	2	# IPFire.org - An Open Source Firewall Solution #
802ea3af MT	3	# Copyright (C) - IPFire Development Team <info@ipfire.org> #
8b63a194	4	###############################################################################
8b63a194	5
802ea3af	6	name = openssh
ead1dbde MT	7	version = 9.4p1
ead1dbde MT	8	release = 1
8b63a194	9
802ea3af	10	groups = Application/Internet
32c9022c	11	url = https://www.openssh.com/portable.html
802ea3af MT	12	license = MIT
802ea3af MT	13	summary = An open source implementation of SSH protocol versions 1 and 2.
8b63a194	14
802ea3af	15	description
9d8fd3ad SS	16	SSH (Secure SHell) is a program for logging into and executing
	17	commands on a remote machine. SSH is intended to replace rlogin and
	18	rsh, and to provide secure encrypted communications between two
8b63a194	19	untrusted hosts over an insecure network.
802ea3af	20	end
8b63a194	21
32c9022c	22	source_dl = https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/
8b63a194	23
802ea3af MT	24	build
802ea3af MT	25	requires
9d8fd3ad SS	26	autoconf
9d8fd3ad SS	27	automake
e78de92e MT	28	groff
e78de92e MT	29	libedit-devel
e78de92e MT	30	ncurses-devel
e78de92e MT	31	openldap-devel
b4e630c0	32	openssl-devel >= 1.0.2
802ea3af	33	pam-devel
e78de92e	34	util-linux
802ea3af MT	35	zlib-devel
802ea3af MT	36	end
ba2e7991	37
ead1dbde	38	configure += \
e78de92e MT	39	--sysconfdir=%{sysconfdir}/ssh \
	40	--datadir=%{datadir}/sshd \
	41	--libexecdir=%{libdir}/openssh \
	42	--with-default-path=/usr/local/bin:/bin:/usr/bin \
	43	--with-superuser-path=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin \
c0ca282a	44	--with-privsep-path=%{sharedstatedir}/sshd \
e78de92e MT	45	--disable-strip \
e78de92e MT	46	--with-ssl-engine \
e78de92e	47	--with-ipaddr-display \
802ea3af	48	--with-pam \
ead1dbde MT	49	--with-libedit \
ead1dbde MT	50	--without-zlib-version-check
b771887d	51
9d8fd3ad	52	prepare_cmds
e78de92e	53	autoreconf -vfi
9d8fd3ad SS	54	end
9d8fd3ad SS	55
802ea3af	56	install_cmds
cdfe238b MT	57	# Disable GSS API authentication because KRB5 is required for that.
cdfe238b MT	58	sed -e "s/^.*GSSAPIAuthentication/#&/" -i %{BUILDROOT}/etc/ssh/ssh_config
99c42052	59
11858f06	60	# Enable PAM usage, disable ChallengeResponseAuthentication, enable root login and disable Motd.
17d728c8 SS	61	sed \
	62	-e '/^#ChallengeResponseAuthentication yes$/c ChallengeResponseAuthentication no' \
	63	-e '/^#PrintMotd yes$/c PrintMotd no' \
	64	-e '/^#UsePAM no$/c UsePAM yes' \
11858f06	65	-e '/^#PermitRootLogin prohibit-password$/c PermitRootLogin yes' \
17d728c8 SS	66	-i %{BUILDROOT}/etc/ssh/sshd_config
17d728c8 SS	67
802ea3af	68	# Install scriptfile for key generation
e78de92e	69	mkdir -pv %{BUILDROOT}%{sbindir}
1e431bbd	70	install -m 755 %{DIR_SOURCE}/sshd-keygen %{BUILDROOT}%{sbindir}
e78de92e MT	71
	72	# Install ssh-copy-id.
	73	install -m755 contrib/ssh-copy-id %{BUILDROOT}%{bindir}
	74	install contrib/ssh-copy-id.1 %{BUILDROOT}%{mandir}/man1/
802ea3af MT	75	end
802ea3af MT	76	end
99c42052	77
802ea3af MT	78	packages
802ea3af MT	79	package openssh
e78de92e MT	80	prerequires
	81	shadow-utils
	82	end
	83
e78de92e MT	84	configfiles
	85	%{sysconfdir}/ssh/moduli
	86	end
	87
	88	script prein
eccf0dae	89	getent group ssh_keys >/dev/null \|\| groupadd -r ssh_keys
802ea3af MT	90	end
802ea3af MT	91	end
1f9bc2f0	92
802ea3af MT	93	package openssh-clients
	94	summary = OpenSSH client applications.
	95	description = %{summary}
1f9bc2f0	96
e78de92e MT	97	requires = openssh = %{thisver}
e78de92e MT	98
802ea3af	99	files
e78de92e MT	100	%{sysconfdir}/ssh/ssh_config
	101	%{bindir}/scp
	102	%{bindir}/sftp
	103	%{bindir}/slogin
	104	%{bindir}/ssh
	105	%{bindir}/ssh-add
	106	%{bindir}/ssh-agent
	107	%{bindir}/ssh-copy-id
	108	%{bindir}/ssh-keyscan
	109	%{libdir}/openssh/ssh-pkcs11-helper
	110	%{mandir}/man1/scp.1*
	111	%{mandir}/man1/sftp.1*
	112	%{mandir}/man1/slogin.1*
	113	%{mandir}/man1/ssh-add.1*
	114	%{mandir}/man1/ssh-agent.1*
	115	%{mandir}/man1/ssh-copy-id.1*
	116	%{mandir}/man1/ssh-keyscan.1*
	117	%{mandir}/man1/ssh.1*
	118	%{mandir}/man5/ssh_config.5*
	119	%{mandir}/man8/ssh-pkcs11-helper.8*
802ea3af	120	end
cdfe238b MT	121
cdfe238b MT	122	configfiles
e78de92e	123	%{sysconfdir}/ssh/ssh_config
cdfe238b	124	end
802ea3af	125	end
1f9bc2f0	126
802ea3af MT	127	package openssh-server
	128	summary = OpenSSH server applications.
	129	description = %{summary}
1f9bc2f0	130
23a87d82	131	requires
23a87d82 MT	132	openssh = %{thisver}
23a87d82 MT	133	end
1f9bc2f0	134
802ea3af	135	files
e78de92e MT	136	%{sysconfdir}/pam.d/sshd
e78de92e MT	137	%{sysconfdir}/ssh/sshd_config
839658bf	138	%{unitdir}/sshd.service
43c69e28	139	%{unitdir}/sshd-keygen.service
11858f06 SS	140	%{unitdir}/sshd@.service
11858f06 SS	141	%{unitdir}/sshd.socket
e78de92e MT	142	%{libdir}/openssh/sftp-server
	143	%{sbindir}/sshd-keygen
	144	%{sbindir}/sshd
	145	%{mandir}/man5/sshd_config.5*
	146	%{mandir}/man5/moduli.5*
	147	%{mandir}/man8/sshd.8*
	148	%{mandir}/man8/sftp-server.8*
c0ca282a	149	%{sharedstatedir}/sshd
802ea3af	150	end
65de838d	151
cdfe238b	152	configfiles
e78de92e	153	%{sysconfdir}/ssh/sshd_config
cdfe238b MT	154	end
cdfe238b MT	155
4d26274c SS	156	prerequires
	157	shadow-utils
	158	systemd-units
	159	end
65de838d MT	160
65de838d MT	161	script prein
802ea3af	162	# Create unprivileged user and group.
e78de92e MT	163	getent group sshd >/dev/null \|\| groupadd -r sshd
	164	getent passwd sshd >/dev/null \|\| useradd -r -g sshd \
	165	-c "Privilege-separated SSH" \
c0ca282a	166	-d /var/lib/sshd -s /sbin/nologin sshd
802ea3af	167	end
65de838d MT	168
	169	script postin
	170	/bin/systemctl daemon-reload >/dev/null 2>&1 \|\| :
	171	end
	172
	173	script preun
e78de92e	174	/bin/systemctl --no-reload disable sshd.service >/dev/null 2>&1 \|\| :
11858f06	175	/bin/systemctl --no-reload disable sshd.socket
e78de92e	176	/bin/systemctl stop sshd.service >/dev/null 2>&1 \|\| :
11858f06	177	/bin/systemctl stop sshd.socket >/dev/null 2>&1 \|\| :
65de838d MT	178	end
	179
	180	script postun
	181	/bin/systemctl daemon-reload >/dev/null 2>&1 \|\| :
	182	end
	183
	184	script postup
11858f06 SS	185	# Enable root login.
	186	sed -e '/^#PermitRootLogin prohibit-password$/c PermitRootLogin yes' \
	187	-i %{sysconfdir}/ssh/sshd_config
	188
65de838d	189	/bin/systemctl daemon-reload >/dev/null 2>&1 \|\| :
e78de92e MT	190
	191	/bin/systemctl try-restart sshd.service >/dev/null 2>&1 \|\| :
	192	/bin/systemctl try-restart sshd-keygen.service >/dev/null 2>&1 \|\| :
65de838d	193	end
802ea3af	194	end
1f9bc2f0 MT	195
	196	package %{name}-debuginfo
	197	template DEBUGINFO
	198	end
802ea3af	199	end