-%define askpass 1.2.2
+
+# Some of this will need re-evaluation post-LSB. The SVIdir is there
+# because the link appeared broken. The rest is for easy compilation,
+# the tradeoff open to discussion. (LC957)
+
+%define SVIdir /etc/rc.d/init.d
+%{!?_defaultdocdir:%define _defaultdocdir %{_prefix}/share/doc/packages}
+%{!?SVIcdir:%define SVIcdir /etc/sysconfig/daemons}
+
+%define _mandir %{_prefix}/share/man/en
+%define _sysconfdir /etc/ssh
+%define _libexecdir %{_libdir}/ssh
+
+# Do we want to disable root_login? (1=yes 0=no)
+%define no_root_login 0
+
+#old cvs stuff. please update before use. may be deprecated.
+%define use_stable 1
+%if %{use_stable}
+ %define version 3.4p1
+ %define cvs %{nil}
+ %define release 2
+%else
+ %define version 2.9.9p2
+ %define cvs cvs20011009
+ %define release 0r1
+%endif
+%define xsa x11-ssh-askpass
+%define askpass %{xsa}-1.2.4.1
+
+# OpenSSH privilege separation requires a user & group ID
+%define sshd_uid 67
+%define sshd_gid 67
Name : openssh
-Version : 2.9p2
-Release : 3
+Version : %{version}%{cvs}
+Release : %{release}
Group : System/Network
Summary : OpenSSH free Secure Shell (SSH) implementation.
Summary(pt_BR) : Implementação livre OpenSSH do protocolo Secure Shell (SSH).
Copyright : BSD
-Packager : Stephan Seyboth <sps@caldera.de>
-#Icon : .
+Packager : Raymund Will <ray@caldera.de>
URL : http://www.openssh.com/
Obsoletes : ssh, ssh-clients, openssh-clients
-BuildRoot : /tmp/%{Name}-%{Version}
-
-Source0: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{Version}.tar.gz
-Source1: http://www.ntrnet.net/~jmknoble/software/x11-ssh-askpass/x11-ssh-askpass-%{askpass}.tar.gz
-Source2: http://www.openssh.com/openssh-faq.html
+BuildRoot : /tmp/%{name}-%{version}
+BuildRequires : XFree86-imake
+# %{use_stable}==1: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable
+# %{use_stable}==0: :pserver:cvs@bass.directhit.com:/cvs/openssh_cvs
+Source0: see-above:/.../openssh-%{version}.tar.gz
+%if %{use_stable}
+Source1: see-above:/.../openssh-%{version}.tar.gz.sig
+%endif
+Source2: http://www.ntrnet.net/~jmknoble/software/%{xsa}/%{askpass}.tar.gz
+Source3: http://www.openssh.com/faq.html
%Package server
Group : System/Network
-Requires : openssh = %{Version}
+Requires : openssh = %{version}
Obsoletes : ssh-server
Summary : OpenSSH Secure Shell protocol server (sshd).
%Package askpass
Group : System/Network
-Requires : openssh = %{Version}
+Requires : openssh = %{version}
+URL : http://www.ntrnet.net/~jmknoble/software/x11-ssh-askpass/
Obsoletes : ssh-extras
Summary : OpenSSH X11 pass-phrase dialog.
Este pacote intala o sshd, o servidor do OpenSSH.
%Description askpass
-This package contains an X11-based passphrase dialog.
-
-%Description -l de askpass
-Dieses Paket enthält einen X11-basierten Passwort Dialog.
-
-%Description -l es askpass
-Este paquete contiene una aplicación para petición de frases-contraseña basada
-en X11.
-
-%Description -l fr askpass
-Ce paquetage contient un dialogue de passphrase basé sur X11.
-
-%Description -l it askpass
-Questo pacchetto contiene una finestra di X11 che chiede la frase segreta.
-
-%Description -l pt askpass
-Este pacote contém um diálogo de senha para o X11.
+This package contains an X11-based pass-phrase dialog used per
+default by ssh-add(1). It is based on %{askpass}
+by Jim Knoble <jmknoble@pobox.com>.
-%Description -l pt_BR askpass
-Este pacote contem um diálogo de frase-senha para o X11.
%Prep
-%setup
-%setup -D -T -a1
+%setup %([ -z "%{cvs}" ] || echo "-n %{name}_cvs") -a2
+%if ! %{use_stable}
+ autoreconf
+%endif
%Build
CFLAGS="$RPM_OPT_FLAGS" \
-./configure \
- --prefix=/usr \
- --sysconfdir=/etc/ssh \
- --libexecdir=/usr/lib/ssh \
+%configure \
--with-pam \
--with-tcp-wrappers \
--with-ipv4-default \
+ --sysconfdir=%{_sysconfdir}/ssh \
+ --libexecdir=%{_libexecdir}/openssh \
+ --with-privsep-path=%{_var}/empty/sshd \
+ #leave this line for easy edits.
-make
+%__make CFLAGS="$RPM_OPT_FLAGS"
+
+cd %{askpass}
+%configure \
+ #leave this line for easy edits.
-cd x11-ssh-askpass-%{askpass}
-./configure
xmkmf
-make includes
-make
+%__make includes
+%__make
%Install
-%{mkDESTDIR}
-
-make DESTDIR="$DESTDIR" install
-
-make -C x11-ssh-askpass-%{askpass} DESTDIR="$DESTDIR" \
- BINDIR="/usr/lib/ssh" install
-
-%{fixManPages}
-
-# install remaining docs
-NV="$DESTDIR%{_defaultdocdir}/%{Name}-%{Version}"
-mkdir -p $NV
-cp -a CREDITS ChangeLog LICENCE OVERVIEW README* TODO $NV
-cp %{SOURCE2} $NV/faq.html
-mkdir -p $NV/x11-ssh-askpass-%{askpass}
-cp -a x11-ssh-askpass-%{askpass}/{README,ChangeLog,TODO,SshAskpass*.ad} \
- $NV/x11-ssh-askpass-%{askpass}
+[ %{buildroot} != "/" ] && rm -rf %{buildroot}
+%makeinstall
+%makeinstall -C %{askpass} \
+ BINDIR=%{_libexecdir} \
+ MANPATH=%{_mandir} \
+ DESTDIR=%{buildroot}
# OpenLinux specific configuration
-mkdir -p $DESTDIR/{etc/pam.d,%{SVIcdir},%{SVIdir}}
+mkdir -p %{buildroot}{/etc/pam.d,%{SVIcdir},%{SVIdir}}
+mkdir -p %{buildroot}%{_var}/empty/sshd
# enabling X11 forwarding on the server is convenient and okay,
# on the client side it's a potential security risk!
-%{fixUP} -vg $DESTDIR/etc/ssh/sshd_config 'X11Forwarding no' \
- 'X11Forwarding yes'
-
-cat <<-EOF >> $DESTDIR/etc/ssh/ssh_config
-
- # This retains the old behaviour of trying the SSH1 protocol
- # before the more secure SSH2 one. Note that the SSH2 keys are
- # stored in a different format so you will have to generate and
- # distribute a new public/private key pair to migrate. See the
- # ssh(1) man-page for details
- Host *
- Protocol 1,2
-EOF
-
-install -m644 contrib/caldera/sshd.pam $DESTDIR/etc/pam.d/sshd
+%__perl -pi -e 's:#X11Forwarding no:X11Forwarding yes:g' \
+ %{buildroot}%{_sysconfdir}/sshd_config
+
+%if %{no_root_login}
+%__perl -pi -e 's:#PermitRootLogin yes:PermitRootLogin no:g' \
+ %{buildroot}%{_sysconfdir}/sshd_config
+%endif
+
+install -m644 contrib/caldera/sshd.pam %{buildroot}/etc/pam.d/sshd
# FIXME: disabled, find out why this doesn't work with nis
-%{fixUP} -vg $DESTDIR/etc/pam.d/sshd '(.*pam_limits.*)' '#$1'
+%__perl -pi -e 's:(.*pam_limits.*):#$1:' \
+ %{buildroot}/etc/pam.d/sshd
+
+install -m 0755 contrib/caldera/sshd.init %{buildroot}%{SVIdir}/sshd
-install -m 0755 contrib/caldera/sshd.init $DESTDIR%{SVIdir}/sshd
-%{fixUP} -T $DESTDIR/%{SVIdir} -e 's:\@SVIdir\@:%{SVIdir}:'
-%{fixUP} -T $DESTDIR/%{SVIdir} -e 's:\@sysconfdir\@:/etc/ssh:'
+# the last one is needless, but more future-proof
+find %{buildroot}%{SVIdir} -type f -exec \
+ %__perl -pi -e 's:\@SVIdir\@:%{SVIdir}:g;\
+ s:\@sysconfdir\@:%{_sysconfdir}:g; \
+ s:/usr/sbin:%{_sbindir}:g'\
+ \{\} \;
-cat <<-EoD > $DESTDIR%{SVIcdir}/sshd
+cat <<-EoD > %{buildroot}%{SVIcdir}/sshd
IDENT=sshd
DESCRIPTIVE="OpenSSH secure shell daemon"
# This service will be marked as 'skipped' on boot if there
OPTIONS=""
EoD
-SKG=$DESTDIR/usr/sbin/ssh-host-keygen
+SKG=%{buildroot}%{_sbindir}/ssh-host-keygen
install -m 0755 contrib/caldera/ssh-host-keygen $SKG
-%{fixUP} -T $SKG -e 's:\@sysconfdir\@:/etc/ssh:'
-%{fixUP} -T $SKG -e 's:\@sshkeygen\@:/usr/bin/ssh-keygen:'
-
-
-# generate file lists
-%{mkLists} -c %{Name}
-%{mkLists} -d %{Name} << 'EOF'
-/etc/ssh base
-^/etc/ IGNORED
-%{_defaultdocdir}/$ IGNORED
-askpass askpass
-* default
-EOF
-%{mkLists} -a -f %{Name} << 'EOF'
-^/etc * prefix(%%config)
-/usr/X11R6/lib/X11/app-defaults IGNORED
-[Aa]skpass askpass
-%{_defaultdocdir}/%{Name}-%{Version}/ base
-ssh-keygen base
-sshd server
-sftp-server server
-.* base
-EOF
+# Fix up some path names in the keygen toy^Hol
+ %__perl -pi -e 's:\@sysconfdir\@:%{_sysconfdir}:g; \
+ s:\@sshkeygen\@:%{_bindir}/ssh-keygen:g' \
+ %{buildroot}%{_sbindir}/ssh-host-keygen
+# This looks terrible. Expect it to change.
+# install remaining docs
+DocD="%{buildroot}%{_defaultdocdir}/%{name}-%{version}"
+mkdir -p $DocD/%{askpass}
+cp -a CREDITS ChangeLog LICENCE OVERVIEW README* TODO $DocD
+install -p -m 0444 %{SOURCE3} $DocD/faq.html
+cp -a %{askpass}/{README,ChangeLog,TODO,SshAskpass*.ad} $DocD/%{askpass}
+%if %{use_stable}
+ cp -p %{askpass}/%{xsa}.man $DocD/%{askpass}/%{xsa}.1
+%else
+ cp -p %{askpass}/%{xsa}.man %{buildroot}%{_mandir}man1/%{xsa}.1
+ ln -s %{xsa}.1 %{buildroot}%{_mandir}man1/ssh-askpass.1
+%endif
+
+find %{buildroot}%{_mandir} -type f -not -name '*.gz' -print0 | xargs -0r %__gzip -9nf
+rm %{buildroot}%{_mandir}/man1/slogin.1 && \
+ ln -s %{_mandir}/man1/ssh.1.gz \
+ %{buildroot}%{_mandir}/man1/slogin.1.gz
-%Clean
-%{rmDESTDIR}
+%Clean
+#%{rmDESTDIR}
+[ %{buildroot} != "/" ] && rm -rf %{buildroot}
%Post
# Generate host key when none is present to get up and running,
/usr/sbin/ssh-host-keygen
: # to protect the rpm database
+%pre server
+%{_sbindir}/groupadd -g %{sshd_gid} sshd 2>/dev/null || :
+%{_sbindir}/useradd -d /var/empty/sshd -s /bin/false -u %{sshd_uid} \
+ -c "SSH Daemon virtual user" -g sshd sshd 2>/dev/null || :
+: # to protect the rpm database
%Post server
if [ -x %{LSBinit}-install ]; then
%{LSBinit}-install sshd
else
- lisa --SysV-init install sshd S55 3:4:5 K45 0:1:2:6
+ lisa --SysV-init install sshd S55 2:3:4:5 K45 0:1:6
fi
! %{SVIdir}/sshd status || %{SVIdir}/sshd restart
: # to protect the rpm database
-%Files -f files-%{Name}-base
+%Files
%defattr(-,root,root)
-
-
-%Files server -f files-%{Name}-server
+%dir %{_sysconfdir}
+%config %{_sysconfdir}/ssh_config
+%{_bindir}/*
+%dir %{_libexecdir}
+%{_sbindir}/ssh-host-keygen
+%dir %{_defaultdocdir}/%{name}-%{version}
+%{_defaultdocdir}/%{name}-%{version}/CREDITS
+%{_defaultdocdir}/%{name}-%{version}/ChangeLog
+%{_defaultdocdir}/%{name}-%{version}/LICENCE
+%{_defaultdocdir}/%{name}-%{version}/OVERVIEW
+%{_defaultdocdir}/%{name}-%{version}/README*
+%{_defaultdocdir}/%{name}-%{version}/TODO
+%{_defaultdocdir}/%{name}-%{version}/faq.html
+%{_mandir}/man1/*
+
+%Files server
%defattr(-,root,root)
-
-
-%Files askpass -f files-%{Name}-askpass
+%dir %attr(0700,root,root) %{_var}/empty/sshd
+%config %{SVIdir}/sshd
+%config /etc/pam.d/sshd
+%config %{_sysconfdir}/moduli
+%config %{_sysconfdir}/sshd_config
+%config %{SVIcdir}/sshd
+%{_libexecdir}/sftp-server
+%{_sbindir}/sshd
+%{_mandir}/man8/sftp-server.8.gz
+%{_mandir}/man8/sshd.8.gz
+
+%Files askpass
%defattr(-,root,root)
-
+%{_libexecdir}/ssh-askpass
+%{_libexecdir}/x11-ssh-askpass
+%{_defaultdocdir}/%{name}-%{version}/%{askpass}
+
%ChangeLog
* Mon Jan 01 1998 ...