]>
Commit | Line | Data |
---|---|---|
680cee3b | 1 | |
2 | # Some of this will need re-evaluation post-LSB. The SVIdir is there | |
3 | # because the link appeared broken. The rest is for easy compilation, | |
4 | # the tradeoff open to discussion. (LC957) | |
5 | ||
6 | %define SVIdir /etc/rc.d/init.d | |
7 | %{!?_defaultdocdir:%define _defaultdocdir %{_prefix}/share/doc/packages} | |
8 | %{!?SVIcdir:%define SVIcdir /etc/sysconfig/daemons} | |
9 | ||
10 | %define _mandir %{_prefix}/share/man/en | |
11 | %define _sysconfdir /etc/ssh | |
12 | %define _libexecdir %{_libdir}/ssh | |
13 | ||
14 | # Do we want to disable root_login? (1=yes 0=no) | |
15 | %define no_root_login 0 | |
16 | ||
17 | #old cvs stuff. please update before use. may be deprecated. | |
18 | %define use_stable 1 | |
19 | %if %{use_stable} | |
7e772e1f | 20 | %define version 3.6.1p2 |
3c0ef626 | 21 | %define cvs %{nil} |
680cee3b | 22 | %define release 2 |
3c0ef626 | 23 | %else |
680cee3b | 24 | %define version 2.9.9p2 |
25 | %define cvs cvs20011009 | |
3c0ef626 | 26 | %define release 0r1 |
27 | %endif | |
28 | %define xsa x11-ssh-askpass | |
29 | %define askpass %{xsa}-1.2.4.1 | |
30 | ||
680cee3b | 31 | # OpenSSH privilege separation requires a user & group ID |
32 | %define sshd_uid 67 | |
33 | %define sshd_gid 67 | |
34 | ||
3c0ef626 | 35 | Name : openssh |
36 | Version : %{version}%{cvs} | |
37 | Release : %{release} | |
38 | Group : System/Network | |
39 | ||
40 | Summary : OpenSSH free Secure Shell (SSH) implementation. | |
680cee3b | 41 | Summary(de) : OpenSSH - freie Implementation der Secure Shell (SSH). |
42 | Summary(es) : OpenSSH implementación libre de Secure Shell (SSH). | |
43 | Summary(fr) : Implémentation libre du shell sécurisé OpenSSH (SSH). | |
44 | Summary(it) : Implementazione gratuita OpenSSH della Secure Shell. | |
45 | Summary(pt) : Implementação livre OpenSSH do protocolo 'Secure Shell' (SSH). | |
46 | Summary(pt_BR) : Implementação livre OpenSSH do protocolo Secure Shell (SSH). | |
3c0ef626 | 47 | |
48 | Copyright : BSD | |
49 | Packager : Raymund Will <ray@caldera.de> | |
50 | URL : http://www.openssh.com/ | |
51 | ||
52 | Obsoletes : ssh, ssh-clients, openssh-clients | |
53 | ||
680cee3b | 54 | BuildRoot : /tmp/%{name}-%{version} |
55 | BuildRequires : XFree86-imake | |
3c0ef626 | 56 | |
680cee3b | 57 | # %{use_stable}==1: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable |
58 | # %{use_stable}==0: :pserver:cvs@bass.directhit.com:/cvs/openssh_cvs | |
59 | Source0: see-above:/.../openssh-%{version}.tar.gz | |
60 | %if %{use_stable} | |
61 | Source1: see-above:/.../openssh-%{version}.tar.gz.sig | |
3c0ef626 | 62 | %endif |
63 | Source2: http://www.ntrnet.net/~jmknoble/software/%{xsa}/%{askpass}.tar.gz | |
64 | Source3: http://www.openssh.com/faq.html | |
65 | ||
3c0ef626 | 66 | %Package server |
67 | Group : System/Network | |
680cee3b | 68 | Requires : openssh = %{version} |
3c0ef626 | 69 | Obsoletes : ssh-server |
70 | ||
71 | Summary : OpenSSH Secure Shell protocol server (sshd). | |
680cee3b | 72 | Summary(de) : OpenSSH Secure Shell Protocol-Server (sshd). |
73 | Summary(es) : Servidor del protocolo OpenSSH Secure Shell (sshd). | |
74 | Summary(fr) : Serveur de protocole du shell sécurisé OpenSSH (sshd). | |
75 | Summary(it) : Server OpenSSH per il protocollo Secure Shell (sshd). | |
76 | Summary(pt) : Servidor do protocolo 'Secure Shell' OpenSSH (sshd). | |
77 | Summary(pt_BR) : Servidor do protocolo Secure Shell OpenSSH (sshd). | |
3c0ef626 | 78 | |
79 | ||
80 | %Package askpass | |
81 | Group : System/Network | |
680cee3b | 82 | Requires : openssh = %{version} |
3c0ef626 | 83 | URL : http://www.ntrnet.net/~jmknoble/software/x11-ssh-askpass/ |
84 | Obsoletes : ssh-extras | |
85 | ||
86 | Summary : OpenSSH X11 pass-phrase dialog. | |
680cee3b | 87 | Summary(de) : OpenSSH X11 Passwort-Dialog. |
88 | Summary(es) : Aplicación de petición de frase clave OpenSSH X11. | |
89 | Summary(fr) : Dialogue pass-phrase X11 d'OpenSSH. | |
90 | Summary(it) : Finestra di dialogo X11 per la frase segreta di OpenSSH. | |
91 | Summary(pt) : Diálogo de pedido de senha para X11 do OpenSSH. | |
92 | Summary(pt_BR) : Diálogo de pedido de senha para X11 do OpenSSH. | |
3c0ef626 | 93 | |
94 | ||
680cee3b | 95 | %Description |
96 | OpenSSH (Secure Shell) provides access to a remote system. It replaces | |
97 | telnet, rlogin, rexec, and rsh, and provides secure encrypted | |
98 | communications between two untrusted hosts over an insecure network. | |
99 | X11 connections and arbitrary TCP/IP ports can also be forwarded over | |
100 | the secure channel. | |
3c0ef626 | 101 | |
680cee3b | 102 | %Description -l de |
103 | OpenSSH (Secure Shell) stellt den Zugang zu anderen Rechnern her. Es ersetzt | |
104 | telnet, rlogin, rexec und rsh und stellt eine sichere, verschlüsselte | |
105 | Verbindung zwischen zwei nicht vertrauenswürdigen Hosts über eine unsicheres | |
106 | Netzwerk her. X11 Verbindungen und beliebige andere TCP/IP Ports können ebenso | |
107 | über den sicheren Channel weitergeleitet werden. | |
108 | ||
109 | %Description -l es | |
110 | OpenSSH (Secure Shell) proporciona acceso a sistemas remotos. Reemplaza a | |
111 | telnet, rlogin, rexec, y rsh, y proporciona comunicaciones seguras encriptadas | |
112 | entre dos equipos entre los que no se ha establecido confianza a través de una | |
113 | red insegura. Las conexiones X11 y puertos TCP/IP arbitrarios también pueden | |
114 | ser canalizadas sobre el canal seguro. | |
115 | ||
116 | %Description -l fr | |
117 | OpenSSH (Secure Shell) fournit un accès à un système distant. Il remplace | |
118 | telnet, rlogin, rexec et rsh, tout en assurant des communications cryptées | |
119 | securisées entre deux hôtes non fiabilisés sur un réseau non sécurisé. Des | |
120 | connexions X11 et des ports TCP/IP arbitraires peuvent également être | |
121 | transmis sur le canal sécurisé. | |
122 | ||
123 | %Description -l it | |
124 | OpenSSH (Secure Shell) fornisce l'accesso ad un sistema remoto. | |
125 | Sostituisce telnet, rlogin, rexec, e rsh, e fornisce comunicazioni sicure | |
126 | e crittate tra due host non fidati su una rete non sicura. Le connessioni | |
127 | X11 ad una porta TCP/IP arbitraria possono essere inoltrate attraverso | |
128 | un canale sicuro. | |
129 | ||
130 | %Description -l pt | |
131 | OpenSSH (Secure Shell) fornece acesso a um sistema remoto. Substitui o | |
132 | telnet, rlogin, rexec, e o rsh e fornece comunicações seguras e cifradas | |
133 | entre duas máquinas sem confiança mútua sobre uma rede insegura. | |
134 | Ligações X11 e portos TCP/IP arbitrários também poder ser reenviados | |
135 | pelo canal seguro. | |
136 | ||
137 | %Description -l pt_BR | |
138 | O OpenSSH (Secure Shell) fornece acesso a um sistema remoto. Substitui o | |
139 | telnet, rlogin, rexec, e o rsh e fornece comunicações seguras e criptografadas | |
140 | entre duas máquinas sem confiança mútua sobre uma rede insegura. | |
141 | Ligações X11 e portas TCP/IP arbitrárias também podem ser reenviadas | |
142 | pelo canal seguro. | |
143 | ||
144 | %Description server | |
145 | This package installs the sshd, the server portion of OpenSSH. | |
146 | ||
147 | %Description -l de server | |
148 | Dieses Paket installiert den sshd, den Server-Teil der OpenSSH. | |
149 | ||
150 | %Description -l es server | |
151 | Este paquete instala sshd, la parte servidor de OpenSSH. | |
152 | ||
153 | %Description -l fr server | |
154 | Ce paquetage installe le 'sshd', partie serveur de OpenSSH. | |
155 | ||
156 | %Description -l it server | |
157 | Questo pacchetto installa sshd, il server di OpenSSH. | |
158 | ||
159 | %Description -l pt server | |
160 | Este pacote intala o sshd, o servidor do OpenSSH. | |
161 | ||
162 | %Description -l pt_BR server | |
163 | Este pacote intala o sshd, o servidor do OpenSSH. | |
164 | ||
165 | %Description askpass | |
166 | This package contains an X11-based pass-phrase dialog used per | |
167 | default by ssh-add(1). It is based on %{askpass} | |
168 | by Jim Knoble <jmknoble@pobox.com>. | |
169 | ||
170 | ||
171 | %Prep | |
172 | %setup %([ -z "%{cvs}" ] || echo "-n %{name}_cvs") -a2 | |
173 | %if ! %{use_stable} | |
3c0ef626 | 174 | autoreconf |
175 | %endif | |
176 | ||
177 | ||
178 | %Build | |
179 | CFLAGS="$RPM_OPT_FLAGS" \ | |
680cee3b | 180 | %configure \ |
3c0ef626 | 181 | --with-pam \ |
182 | --with-tcp-wrappers \ | |
183 | --with-ipv4-default \ | |
680cee3b | 184 | --with-privsep-path=%{_var}/empty/sshd \ |
185 | #leave this line for easy edits. | |
3c0ef626 | 186 | |
680cee3b | 187 | %__make CFLAGS="$RPM_OPT_FLAGS" |
3c0ef626 | 188 | |
189 | cd %{askpass} | |
680cee3b | 190 | %configure \ |
191 | #leave this line for easy edits. | |
192 | ||
3c0ef626 | 193 | xmkmf |
680cee3b | 194 | %__make includes |
195 | %__make | |
3c0ef626 | 196 | |
197 | ||
198 | %Install | |
680cee3b | 199 | [ %{buildroot} != "/" ] && rm -rf %{buildroot} |
3c0ef626 | 200 | |
6a9b3198 | 201 | make install DESTDIR=%{buildroot} |
680cee3b | 202 | %makeinstall -C %{askpass} \ |
203 | BINDIR=%{_libexecdir} \ | |
204 | MANPATH=%{_mandir} \ | |
205 | DESTDIR=%{buildroot} | |
3c0ef626 | 206 | |
207 | # OpenLinux specific configuration | |
680cee3b | 208 | mkdir -p %{buildroot}{/etc/pam.d,%{SVIcdir},%{SVIdir}} |
209 | mkdir -p %{buildroot}%{_var}/empty/sshd | |
3c0ef626 | 210 | |
211 | # enabling X11 forwarding on the server is convenient and okay, | |
680cee3b | 212 | # on the client side it's a potential security risk! |
213 | %__perl -pi -e 's:#X11Forwarding no:X11Forwarding yes:g' \ | |
214 | %{buildroot}%{_sysconfdir}/sshd_config | |
215 | ||
216 | %if %{no_root_login} | |
217 | %__perl -pi -e 's:#PermitRootLogin yes:PermitRootLogin no:g' \ | |
218 | %{buildroot}%{_sysconfdir}/sshd_config | |
219 | %endif | |
3c0ef626 | 220 | |
680cee3b | 221 | install -m644 contrib/caldera/sshd.pam %{buildroot}/etc/pam.d/sshd |
222 | # FIXME: disabled, find out why this doesn't work with nis | |
223 | %__perl -pi -e 's:(.*pam_limits.*):#$1:' \ | |
224 | %{buildroot}/etc/pam.d/sshd | |
3c0ef626 | 225 | |
680cee3b | 226 | install -m 0755 contrib/caldera/sshd.init %{buildroot}%{SVIdir}/sshd |
3c0ef626 | 227 | |
680cee3b | 228 | # the last one is needless, but more future-proof |
229 | find %{buildroot}%{SVIdir} -type f -exec \ | |
230 | %__perl -pi -e 's:\@SVIdir\@:%{SVIdir}:g;\ | |
231 | s:\@sysconfdir\@:%{_sysconfdir}:g; \ | |
232 | s:/usr/sbin:%{_sbindir}:g'\ | |
233 | \{\} \; | |
234 | ||
235 | cat <<-EoD > %{buildroot}%{SVIcdir}/sshd | |
3c0ef626 | 236 | IDENT=sshd |
237 | DESCRIPTIVE="OpenSSH secure shell daemon" | |
238 | # This service will be marked as 'skipped' on boot if there | |
680cee3b | 239 | # is no host key. Use ssh-host-keygen to generate one |
3c0ef626 | 240 | ONBOOT="yes" |
241 | OPTIONS="" | |
242 | EoD | |
243 | ||
680cee3b | 244 | SKG=%{buildroot}%{_sbindir}/ssh-host-keygen |
3c0ef626 | 245 | install -m 0755 contrib/caldera/ssh-host-keygen $SKG |
680cee3b | 246 | # Fix up some path names in the keygen toy^Hol |
247 | %__perl -pi -e 's:\@sysconfdir\@:%{_sysconfdir}:g; \ | |
248 | s:\@sshkeygen\@:%{_bindir}/ssh-keygen:g' \ | |
249 | %{buildroot}%{_sbindir}/ssh-host-keygen | |
3c0ef626 | 250 | |
680cee3b | 251 | # This looks terrible. Expect it to change. |
3c0ef626 | 252 | # install remaining docs |
680cee3b | 253 | DocD="%{buildroot}%{_defaultdocdir}/%{name}-%{version}" |
3c0ef626 | 254 | mkdir -p $DocD/%{askpass} |
680cee3b | 255 | cp -a CREDITS ChangeLog LICENCE OVERVIEW README* TODO $DocD |
256 | install -p -m 0444 %{SOURCE3} $DocD/faq.html | |
3c0ef626 | 257 | cp -a %{askpass}/{README,ChangeLog,TODO,SshAskpass*.ad} $DocD/%{askpass} |
680cee3b | 258 | %if %{use_stable} |
259 | cp -p %{askpass}/%{xsa}.man $DocD/%{askpass}/%{xsa}.1 | |
260 | %else | |
261 | cp -p %{askpass}/%{xsa}.man %{buildroot}%{_mandir}man1/%{xsa}.1 | |
262 | ln -s %{xsa}.1 %{buildroot}%{_mandir}man1/ssh-askpass.1 | |
263 | %endif | |
3c0ef626 | 264 | |
680cee3b | 265 | find %{buildroot}%{_mandir} -type f -not -name '*.gz' -print0 | xargs -0r %__gzip -9nf |
266 | rm %{buildroot}%{_mandir}/man1/slogin.1 && \ | |
267 | ln -s %{_mandir}/man1/ssh.1.gz \ | |
268 | %{buildroot}%{_mandir}/man1/slogin.1.gz | |
3c0ef626 | 269 | |
270 | ||
271 | %Clean | |
680cee3b | 272 | #%{rmDESTDIR} |
273 | [ %{buildroot} != "/" ] && rm -rf %{buildroot} | |
3c0ef626 | 274 | |
275 | %Post | |
276 | # Generate host key when none is present to get up and running, | |
277 | # both client and server require this for host-based auth! | |
278 | # ssh-host-keygen checks for existing keys. | |
279 | /usr/sbin/ssh-host-keygen | |
280 | : # to protect the rpm database | |
281 | ||
680cee3b | 282 | %pre server |
283 | %{_sbindir}/groupadd -g %{sshd_gid} sshd 2>/dev/null || : | |
284 | %{_sbindir}/useradd -d /var/empty/sshd -s /bin/false -u %{sshd_uid} \ | |
285 | -c "SSH Daemon virtual user" -g sshd sshd 2>/dev/null || : | |
286 | : # to protect the rpm database | |
3c0ef626 | 287 | |
288 | %Post server | |
289 | if [ -x %{LSBinit}-install ]; then | |
290 | %{LSBinit}-install sshd | |
291 | else | |
700318f3 | 292 | lisa --SysV-init install sshd S55 2:3:4:5 K45 0:1:6 |
3c0ef626 | 293 | fi |
294 | ||
295 | ! %{SVIdir}/sshd status || %{SVIdir}/sshd restart | |
296 | : # to protect the rpm database | |
297 | ||
298 | ||
299 | %PreUn server | |
300 | [ "$1" = 0 ] || exit 0 | |
301 | ||
302 | ! %{SVIdir}/sshd status || %{SVIdir}/sshd stop | |
303 | : # to protect the rpm database | |
304 | ||
305 | ||
306 | %PostUn server | |
307 | if [ -x %{LSBinit}-remove ]; then | |
308 | %{LSBinit}-remove sshd | |
309 | else | |
310 | lisa --SysV-init remove sshd $1 | |
311 | fi | |
312 | : # to protect the rpm database | |
313 | ||
314 | ||
680cee3b | 315 | %Files |
3c0ef626 | 316 | %defattr(-,root,root) |
680cee3b | 317 | %dir %{_sysconfdir} |
318 | %config %{_sysconfdir}/ssh_config | |
6a9b3198 | 319 | %{_bindir}/scp |
320 | %{_bindir}/sftp | |
321 | %{_bindir}/ssh | |
322 | %{_bindir}/slogin | |
323 | %{_bindir}/ssh-add | |
324 | %attr(2755,root,nobody) %{_bindir}/ssh-agent | |
325 | %{_bindir}/ssh-keygen | |
326 | %{_bindir}/ssh-keyscan | |
680cee3b | 327 | %dir %{_libexecdir} |
6a9b3198 | 328 | %attr(4711,root,root) %{_libexecdir}/ssh-keysign |
680cee3b | 329 | %{_sbindir}/ssh-host-keygen |
330 | %dir %{_defaultdocdir}/%{name}-%{version} | |
331 | %{_defaultdocdir}/%{name}-%{version}/CREDITS | |
332 | %{_defaultdocdir}/%{name}-%{version}/ChangeLog | |
333 | %{_defaultdocdir}/%{name}-%{version}/LICENCE | |
334 | %{_defaultdocdir}/%{name}-%{version}/OVERVIEW | |
335 | %{_defaultdocdir}/%{name}-%{version}/README* | |
336 | %{_defaultdocdir}/%{name}-%{version}/TODO | |
337 | %{_defaultdocdir}/%{name}-%{version}/faq.html | |
338 | %{_mandir}/man1/* | |
6a9b3198 | 339 | %{_mandir}/man8/ssh-keysign.8.gz |
340 | %{_mandir}/man5/ssh_config.5.gz | |
680cee3b | 341 | |
342 | %Files server | |
3c0ef626 | 343 | %defattr(-,root,root) |
6a9b3198 | 344 | %dir %{_var}/empty/sshd |
680cee3b | 345 | %config %{SVIdir}/sshd |
346 | %config /etc/pam.d/sshd | |
347 | %config %{_sysconfdir}/moduli | |
348 | %config %{_sysconfdir}/sshd_config | |
349 | %config %{SVIcdir}/sshd | |
350 | %{_libexecdir}/sftp-server | |
351 | %{_sbindir}/sshd | |
6a9b3198 | 352 | %{_mandir}/man5/sshd_config.5.gz |
680cee3b | 353 | %{_mandir}/man8/sftp-server.8.gz |
354 | %{_mandir}/man8/sshd.8.gz | |
355 | ||
356 | %Files askpass | |
3c0ef626 | 357 | %defattr(-,root,root) |
680cee3b | 358 | %{_libexecdir}/ssh-askpass |
359 | %{_libexecdir}/x11-ssh-askpass | |
360 | %{_defaultdocdir}/%{name}-%{version}/%{askpass} | |
361 | ||
3c0ef626 | 362 | |
363 | %ChangeLog | |
364 | * Mon Jan 01 1998 ... | |
680cee3b | 365 | Template Version: 1.31 |
3c0ef626 | 366 | |
367 | $Id$ |