############################################################################### # IPFire.org - An Open Source Firewall Solution # # Copyright (C) - IPFire Development Team # ############################################################################### name = openssh version = 5.9p1 release = 2 groups = Application/Internet url = http://www.openssh.com/portable.html license = MIT summary = An open source implementation of SSH protocol versions 1 and 2. description SSH (Secure SHell) is a program for logging into and executing commands on a remote machine. SSH is intended to replace rlogin and rsh, and to provide secure encrypted communications between two untrusted hosts over an insecure network. end source_dl = http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/ build requires audit-devel autoconf automake libselinux-devel nss-devel openssl-devel>=1.0.0d-2 pam-devel zlib-devel end # Apply patches in a special order patches openssh-5.9p1-coverity.patch openssh-5.8p1-fingerprint.patch openssh-5.8p1-getaddrinfo.patch openssh-5.8p1-packet.patch openssh-5.9p1-2auth.patch openssh-5.9p1-role.patch openssh-5.9p1-mls.patch openssh-5.9p1-sftp-chroot.patch openssh-5.9p1-akc.patch openssh-5.9p1-keygen.patch openssh-5.2p1-allow-ip-opts.patch openssh-5.9p1-randclean.patch openssh-5.8p1-keyperm.patch openssh-5.8p2-remove-stale-control-socket.patch openssh-5.9p1-ipv6man.patch openssh-5.8p2-sigpipe.patch openssh-5.8p2-askpass-ld.patch openssh-5.5p1-x11.patch openssh-5.6p1-exit-deadlock.patch openssh-5.1p1-askpass-progress.patch openssh-4.3p2-askpass-grab-info.patch openssh-5.9p1-edns.patch openssh-5.1p1-scp-manpage.patch openssh-5.8p1-localdomain.patch openssh-5.9p1-ipfire.patch openssh-5.9p1-entropy.patch openssh-5.9p1-vendor.patch openssh-5.8p2-force_krb.patch openssh-5.9p1-kuserok.patch end configure_options += \ --sysconfdir=/etc/ssh \ --datadir=/usr/share/sshd \ --libexecdir=/usr/lib/openssh \ --with-md5-passwords \ --with-privsep-path=/var/lib/sshd \ --with-pam \ --with-selinux \ --with-audit=linux prepare_cmds autoreconf end install_cmds # Disable GSS API authentication because KRB5 is required for that. sed -e "s/^.*GSSAPIAuthentication/#&/" -i %{BUILDROOT}/etc/ssh/ssh_config # Install scriptfile for key generation install -m 754 %{DIR_SOURCE}/ssh-keygen %{BUILDROOT}/usr/lib/openssh/ end end packages package openssh requires openssh-clients=%{thisver} openssh-server=%{thisver} end end package openssh-clients summary = OpenSSH client applications. description = %{summary} files /etc/ssh/ssh_config /usr/bin/scp /usr/bin/sftp /usr/bin/slogin /usr/bin/ssh /usr/bin/ssh-add /usr/bin/ssh-agent /usr/bin/ssh-keyscan /usr/lib/openssh/ssh-pkcs11-helper /usr/share/man/cat1/scp.1 /usr/share/man/cat1/sftp.1 /usr/share/man/cat1/slogin.1 /usr/share/man/cat1/ssh-add.1 /usr/share/man/cat1/ssh-agent.1 /usr/share/man/cat1/ssh-keyscan.1 /usr/share/man/cat1/ssh.1 /usr/share/man/cat5/ssh_config.5 /usr/share/man/cat8/ssh-pkcs11-helper.8 end configfiles /etc/ssh/ssh_config end end package openssh-server summary = OpenSSH server applications. description = %{summary} # /usr/bin/ssh-keygen is needed to generate keys for the ssh server. requires = /usr/bin/ssh-keygen files /etc/pam.d/sshd /etc/ssh/moduli /etc/ssh/sshd_config /lib/systemd/system/openssh.service /usr/lib/openssh/sftp-server /usr/lib/openssh/ssh-keygen /usr/sbin/sshd /usr/share/man/cat5/sshd_config.5* /usr/share/man/cat5/moduli.5* /usr/share/man/cat8/sshd.8* /usr/share/man/cat8/sftp-server.8* /var/lib/sshd end configfiles /etc/ssh/sshd_config end prerequires = shadow-utils systemd-units script prein # Create unprivileged user and group. getent group sshd || groupadd -r sshd getent passwd sshd || useradd -r -g sshd \ -d /var/lib/sshd -s /sbin/nologin sshd end script postin /bin/systemctl daemon-reload >/dev/null 2>&1 || : end script preun /bin/systemctl --no-reload disable openssh.service >/dev/null 2>&1 || : /bin/systemctl stop openssh.service >/dev/null 2>&1 || : end script postun /bin/systemctl daemon-reload >/dev/null 2>&1 || : end script postup /bin/systemctl daemon-reload >/dev/null 2>&1 || : end end end