]> git.ipfire.org Git - people/pmueller/ipfire-3.x.git/blob - openssh/openssh.nm
projects / people / pmueller / ipfire-3.x.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
openssh: Update to 9.4p1
[people/pmueller/ipfire-3.x.git] / openssh / openssh.nm
1 ###############################################################################
2 # IPFire.org - An Open Source Firewall Solution #
3 # Copyright (C) - IPFire Development Team <info@ipfire.org> #
4 ###############################################################################
5
6 name = openssh
7 version = 9.4p1
8 release = 1
9
10 groups = Application/Internet
11 url = https://www.openssh.com/portable.html
12 license = MIT
13 summary = An open source implementation of SSH protocol versions 1 and 2.
14
15 description
16 SSH (Secure SHell) is a program for logging into and executing
17 commands on a remote machine. SSH is intended to replace rlogin and
18 rsh, and to provide secure encrypted communications between two
19 untrusted hosts over an insecure network.
20 end
21
22 source_dl = https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/
23
24 build
25 requires
26 autoconf
27 automake
28 groff
29 libedit-devel
30 ncurses-devel
31 openldap-devel
32 openssl-devel >= 1.0.2
33 pam-devel
34 util-linux
35 zlib-devel
36 end
37
38 configure += \
39 --sysconfdir=%{sysconfdir}/ssh \
40 --datadir=%{datadir}/sshd \
41 --libexecdir=%{libdir}/openssh \
42 --with-default-path=/usr/local/bin:/bin:/usr/bin \
43 --with-superuser-path=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin \
44 --with-privsep-path=%{sharedstatedir}/sshd \
45 --disable-strip \
46 --with-ssl-engine \
47 --with-ipaddr-display \
48 --with-pam \
49 --with-libedit \
50 --without-zlib-version-check
51
52 prepare_cmds
53 autoreconf -vfi
54 end
55
56 install_cmds
57 # Disable GSS API authentication because KRB5 is required for that.
58 sed -e "s/^.*GSSAPIAuthentication/#&/" -i %{BUILDROOT}/etc/ssh/ssh_config
59
60 # Enable PAM usage, disable ChallengeResponseAuthentication, enable root login and disable Motd.
61 sed \
62 -e '/^#ChallengeResponseAuthentication yes$/c ChallengeResponseAuthentication no' \
63 -e '/^#PrintMotd yes$/c PrintMotd no' \
64 -e '/^#UsePAM no$/c UsePAM yes' \
65 -e '/^#PermitRootLogin prohibit-password$/c PermitRootLogin yes' \
66 -i %{BUILDROOT}/etc/ssh/sshd_config
67
68 # Install scriptfile for key generation
69 mkdir -pv %{BUILDROOT}%{sbindir}
70 install -m 755 %{DIR_SOURCE}/sshd-keygen %{BUILDROOT}%{sbindir}
71
72 # Install ssh-copy-id.
73 install -m755 contrib/ssh-copy-id %{BUILDROOT}%{bindir}
74 install contrib/ssh-copy-id.1 %{BUILDROOT}%{mandir}/man1/
75 end
76 end
77
78 packages
79 package openssh
80 prerequires
81 shadow-utils
82 end
83
84 configfiles
85 %{sysconfdir}/ssh/moduli
86 end
87
88 script prein
89 getent group ssh_keys >/dev/null || groupadd -r ssh_keys
90 end
91 end
92
93 package openssh-clients
94 summary = OpenSSH client applications.
95 description = %{summary}
96
97 requires = openssh = %{thisver}
98
99 files
100 %{sysconfdir}/ssh/ssh_config
101 %{bindir}/scp
102 %{bindir}/sftp
103 %{bindir}/slogin
104 %{bindir}/ssh
105 %{bindir}/ssh-add
106 %{bindir}/ssh-agent
107 %{bindir}/ssh-copy-id
108 %{bindir}/ssh-keyscan
109 %{libdir}/openssh/ssh-pkcs11-helper
110 %{mandir}/man1/scp.1*
111 %{mandir}/man1/sftp.1*
112 %{mandir}/man1/slogin.1*
113 %{mandir}/man1/ssh-add.1*
114 %{mandir}/man1/ssh-agent.1*
115 %{mandir}/man1/ssh-copy-id.1*
116 %{mandir}/man1/ssh-keyscan.1*
117 %{mandir}/man1/ssh.1*
118 %{mandir}/man5/ssh_config.5*
119 %{mandir}/man8/ssh-pkcs11-helper.8*
120 end
121
122 configfiles
123 %{sysconfdir}/ssh/ssh_config
124 end
125 end
126
127 package openssh-server
128 summary = OpenSSH server applications.
129 description = %{summary}
130
131 requires
132 openssh = %{thisver}
133 end
134
135 files
136 %{sysconfdir}/pam.d/sshd
137 %{sysconfdir}/ssh/sshd_config
138 %{unitdir}/sshd.service
139 %{unitdir}/sshd-keygen.service
140 %{unitdir}/sshd@.service
141 %{unitdir}/sshd.socket
142 %{libdir}/openssh/sftp-server
143 %{sbindir}/sshd-keygen
144 %{sbindir}/sshd
145 %{mandir}/man5/sshd_config.5*
146 %{mandir}/man5/moduli.5*
147 %{mandir}/man8/sshd.8*
148 %{mandir}/man8/sftp-server.8*
149 %{sharedstatedir}/sshd
150 end
151
152 configfiles
153 %{sysconfdir}/ssh/sshd_config
154 end
155
156 prerequires
157 shadow-utils
158 systemd-units
159 end
160
161 script prein
162 # Create unprivileged user and group.
163 getent group sshd >/dev/null || groupadd -r sshd
164 getent passwd sshd >/dev/null || useradd -r -g sshd \
165 -c "Privilege-separated SSH" \
166 -d /var/lib/sshd -s /sbin/nologin sshd
167 end
168
169 script postin
170 /bin/systemctl daemon-reload >/dev/null 2>&1 || :
171 end
172
173 script preun
174 /bin/systemctl --no-reload disable sshd.service >/dev/null 2>&1 || :
175 /bin/systemctl --no-reload disable sshd.socket
176 /bin/systemctl stop sshd.service >/dev/null 2>&1 || :
177 /bin/systemctl stop sshd.socket >/dev/null 2>&1 || :
178 end
179
180 script postun
181 /bin/systemctl daemon-reload >/dev/null 2>&1 || :
182 end
183
184 script postup
185 # Enable root login.
186 sed -e '/^#PermitRootLogin prohibit-password$/c PermitRootLogin yes' \
187 -i %{sysconfdir}/ssh/sshd_config
188
189 /bin/systemctl daemon-reload >/dev/null 2>&1 || :
190
191 /bin/systemctl try-restart sshd.service >/dev/null 2>&1 || :
192 /bin/systemctl try-restart sshd-keygen.service >/dev/null 2>&1 || :
193 end
194 end
195
196 package %{name}-debuginfo
197 template DEBUGINFO
198 end
199 end
Peter's tree of IPFire 3.x