]>
Commit | Line | Data |
---|---|---|
8b63a194 | 1 | ############################################################################### |
802ea3af MT |
2 | # IPFire.org - An Open Source Firewall Solution # |
3 | # Copyright (C) - IPFire Development Team <info@ipfire.org> # | |
8b63a194 | 4 | ############################################################################### |
5 | ||
802ea3af | 6 | name = openssh |
ead1dbde MT |
7 | version = 9.4p1 |
8 | release = 1 | |
8b63a194 | 9 | |
802ea3af | 10 | groups = Application/Internet |
32c9022c | 11 | url = https://www.openssh.com/portable.html |
802ea3af MT |
12 | license = MIT |
13 | summary = An open source implementation of SSH protocol versions 1 and 2. | |
8b63a194 | 14 | |
802ea3af | 15 | description |
9d8fd3ad SS |
16 | SSH (Secure SHell) is a program for logging into and executing |
17 | commands on a remote machine. SSH is intended to replace rlogin and | |
18 | rsh, and to provide secure encrypted communications between two | |
8b63a194 | 19 | untrusted hosts over an insecure network. |
802ea3af | 20 | end |
8b63a194 | 21 | |
32c9022c | 22 | source_dl = https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/ |
8b63a194 | 23 | |
802ea3af MT |
24 | build |
25 | requires | |
9d8fd3ad SS |
26 | autoconf |
27 | automake | |
e78de92e MT |
28 | groff |
29 | libedit-devel | |
e78de92e MT |
30 | ncurses-devel |
31 | openldap-devel | |
b4e630c0 | 32 | openssl-devel >= 1.0.2 |
802ea3af | 33 | pam-devel |
e78de92e | 34 | util-linux |
802ea3af MT |
35 | zlib-devel |
36 | end | |
ba2e7991 | 37 | |
ead1dbde | 38 | configure += \ |
e78de92e MT |
39 | --sysconfdir=%{sysconfdir}/ssh \ |
40 | --datadir=%{datadir}/sshd \ | |
41 | --libexecdir=%{libdir}/openssh \ | |
42 | --with-default-path=/usr/local/bin:/bin:/usr/bin \ | |
43 | --with-superuser-path=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin \ | |
c0ca282a | 44 | --with-privsep-path=%{sharedstatedir}/sshd \ |
e78de92e MT |
45 | --disable-strip \ |
46 | --with-ssl-engine \ | |
e78de92e | 47 | --with-ipaddr-display \ |
802ea3af | 48 | --with-pam \ |
ead1dbde MT |
49 | --with-libedit \ |
50 | --without-zlib-version-check | |
b771887d | 51 | |
9d8fd3ad | 52 | prepare_cmds |
e78de92e | 53 | autoreconf -vfi |
9d8fd3ad SS |
54 | end |
55 | ||
802ea3af | 56 | install_cmds |
cdfe238b MT |
57 | # Disable GSS API authentication because KRB5 is required for that. |
58 | sed -e "s/^.*GSSAPIAuthentication/#&/" -i %{BUILDROOT}/etc/ssh/ssh_config | |
99c42052 | 59 | |
11858f06 | 60 | # Enable PAM usage, disable ChallengeResponseAuthentication, enable root login and disable Motd. |
17d728c8 SS |
61 | sed \ |
62 | -e '/^#ChallengeResponseAuthentication yes$/c ChallengeResponseAuthentication no' \ | |
63 | -e '/^#PrintMotd yes$/c PrintMotd no' \ | |
64 | -e '/^#UsePAM no$/c UsePAM yes' \ | |
11858f06 | 65 | -e '/^#PermitRootLogin prohibit-password$/c PermitRootLogin yes' \ |
17d728c8 SS |
66 | -i %{BUILDROOT}/etc/ssh/sshd_config |
67 | ||
802ea3af | 68 | # Install scriptfile for key generation |
e78de92e | 69 | mkdir -pv %{BUILDROOT}%{sbindir} |
1e431bbd | 70 | install -m 755 %{DIR_SOURCE}/sshd-keygen %{BUILDROOT}%{sbindir} |
e78de92e MT |
71 | |
72 | # Install ssh-copy-id. | |
73 | install -m755 contrib/ssh-copy-id %{BUILDROOT}%{bindir} | |
74 | install contrib/ssh-copy-id.1 %{BUILDROOT}%{mandir}/man1/ | |
802ea3af MT |
75 | end |
76 | end | |
99c42052 | 77 | |
802ea3af MT |
78 | packages |
79 | package openssh | |
e78de92e MT |
80 | prerequires |
81 | shadow-utils | |
82 | end | |
83 | ||
e78de92e MT |
84 | configfiles |
85 | %{sysconfdir}/ssh/moduli | |
86 | end | |
87 | ||
88 | script prein | |
eccf0dae | 89 | getent group ssh_keys >/dev/null || groupadd -r ssh_keys |
802ea3af MT |
90 | end |
91 | end | |
1f9bc2f0 | 92 | |
802ea3af MT |
93 | package openssh-clients |
94 | summary = OpenSSH client applications. | |
95 | description = %{summary} | |
1f9bc2f0 | 96 | |
e78de92e MT |
97 | requires = openssh = %{thisver} |
98 | ||
802ea3af | 99 | files |
e78de92e MT |
100 | %{sysconfdir}/ssh/ssh_config |
101 | %{bindir}/scp | |
102 | %{bindir}/sftp | |
103 | %{bindir}/slogin | |
104 | %{bindir}/ssh | |
105 | %{bindir}/ssh-add | |
106 | %{bindir}/ssh-agent | |
107 | %{bindir}/ssh-copy-id | |
108 | %{bindir}/ssh-keyscan | |
109 | %{libdir}/openssh/ssh-pkcs11-helper | |
110 | %{mandir}/man1/scp.1* | |
111 | %{mandir}/man1/sftp.1* | |
112 | %{mandir}/man1/slogin.1* | |
113 | %{mandir}/man1/ssh-add.1* | |
114 | %{mandir}/man1/ssh-agent.1* | |
115 | %{mandir}/man1/ssh-copy-id.1* | |
116 | %{mandir}/man1/ssh-keyscan.1* | |
117 | %{mandir}/man1/ssh.1* | |
118 | %{mandir}/man5/ssh_config.5* | |
119 | %{mandir}/man8/ssh-pkcs11-helper.8* | |
802ea3af | 120 | end |
cdfe238b MT |
121 | |
122 | configfiles | |
e78de92e | 123 | %{sysconfdir}/ssh/ssh_config |
cdfe238b | 124 | end |
802ea3af | 125 | end |
1f9bc2f0 | 126 | |
802ea3af MT |
127 | package openssh-server |
128 | summary = OpenSSH server applications. | |
129 | description = %{summary} | |
1f9bc2f0 | 130 | |
23a87d82 | 131 | requires |
23a87d82 MT |
132 | openssh = %{thisver} |
133 | end | |
1f9bc2f0 | 134 | |
802ea3af | 135 | files |
e78de92e MT |
136 | %{sysconfdir}/pam.d/sshd |
137 | %{sysconfdir}/ssh/sshd_config | |
839658bf | 138 | %{unitdir}/sshd.service |
43c69e28 | 139 | %{unitdir}/sshd-keygen.service |
11858f06 SS |
140 | %{unitdir}/sshd@.service |
141 | %{unitdir}/sshd.socket | |
e78de92e MT |
142 | %{libdir}/openssh/sftp-server |
143 | %{sbindir}/sshd-keygen | |
144 | %{sbindir}/sshd | |
145 | %{mandir}/man5/sshd_config.5* | |
146 | %{mandir}/man5/moduli.5* | |
147 | %{mandir}/man8/sshd.8* | |
148 | %{mandir}/man8/sftp-server.8* | |
c0ca282a | 149 | %{sharedstatedir}/sshd |
802ea3af | 150 | end |
65de838d | 151 | |
cdfe238b | 152 | configfiles |
e78de92e | 153 | %{sysconfdir}/ssh/sshd_config |
cdfe238b MT |
154 | end |
155 | ||
4d26274c SS |
156 | prerequires |
157 | shadow-utils | |
158 | systemd-units | |
159 | end | |
65de838d MT |
160 | |
161 | script prein | |
802ea3af | 162 | # Create unprivileged user and group. |
e78de92e MT |
163 | getent group sshd >/dev/null || groupadd -r sshd |
164 | getent passwd sshd >/dev/null || useradd -r -g sshd \ | |
165 | -c "Privilege-separated SSH" \ | |
c0ca282a | 166 | -d /var/lib/sshd -s /sbin/nologin sshd |
802ea3af | 167 | end |
65de838d MT |
168 | |
169 | script postin | |
170 | /bin/systemctl daemon-reload >/dev/null 2>&1 || : | |
171 | end | |
172 | ||
173 | script preun | |
e78de92e | 174 | /bin/systemctl --no-reload disable sshd.service >/dev/null 2>&1 || : |
11858f06 | 175 | /bin/systemctl --no-reload disable sshd.socket |
e78de92e | 176 | /bin/systemctl stop sshd.service >/dev/null 2>&1 || : |
11858f06 | 177 | /bin/systemctl stop sshd.socket >/dev/null 2>&1 || : |
65de838d MT |
178 | end |
179 | ||
180 | script postun | |
181 | /bin/systemctl daemon-reload >/dev/null 2>&1 || : | |
182 | end | |
183 | ||
184 | script postup | |
11858f06 SS |
185 | # Enable root login. |
186 | sed -e '/^#PermitRootLogin prohibit-password$/c PermitRootLogin yes' \ | |
187 | -i %{sysconfdir}/ssh/sshd_config | |
188 | ||
65de838d | 189 | /bin/systemctl daemon-reload >/dev/null 2>&1 || : |
e78de92e MT |
190 | |
191 | /bin/systemctl try-restart sshd.service >/dev/null 2>&1 || : | |
192 | /bin/systemctl try-restart sshd-keygen.service >/dev/null 2>&1 || : | |
65de838d | 193 | end |
802ea3af | 194 | end |
1f9bc2f0 MT |
195 | |
196 | package %{name}-debuginfo | |
197 | template DEBUGINFO | |
198 | end | |
802ea3af | 199 | end |