X-Git-Url: http://andersk.mit.edu/gitweb/openssh.git/blobdiff_plain/3ed9ebdb90fe4730884ee45eff7a60f6b7f596cf..962386fc6b973d2f02ab00bb181ddb77e09c5dc2:/contrib/redhat/openssh.spec diff --git a/contrib/redhat/openssh.spec b/contrib/redhat/openssh.spec index b3dccfba..1bdaf2d9 100644 --- a/contrib/redhat/openssh.spec +++ b/contrib/redhat/openssh.spec @@ -1,4 +1,4 @@ -%define ver 3.2.3p1 +%define ver 5.3p1 %define rel 1 # OpenSSH privilege separation requires a user & group ID @@ -20,24 +20,31 @@ # Do we want smartcard support (1=yes 0=no) %define scard 0 +# Use GTK2 instead of GNOME in gnome-ssh-askpass +%define gtk2 1 + # Is this build for RHL 6.x? %define build6x 0 -# Disable IPv6 (avoids DNS hangs on some glibc versions) -%define noip6 0 +# Do we want kerberos5 support (1=yes 0=no) +%define kerberos5 1 # Reserve options to override askpass settings with: # rpm -ba|--rebuild --define 'skip_xxx 1' %{?skip_x11_askpass:%define no_x11_askpass 1} %{?skip_gnome_askpass:%define no_gnome_askpass 1} +# Add option to build without GTK2 for older platforms with only GTK+. +# RedHat <= 7.2 and Red Hat Advanced Server 2.1 are examples. +# rpm -ba|--rebuild --define 'no_gtk2 1' +%{?no_gtk2:%define gtk2 0} + # Is this a build for RHL 6.x or earlier? %{?build_6x:%define build6x 1} # If this is RHL 6.x, the default configuration has sysconfdir in /usr/etc. %if %{build6x} %define _sysconfdir /etc -%define noip6 1 %endif # Options for static OpenSSL link: @@ -48,14 +55,15 @@ # rpm -ba|--rebuild --define "smartcard 1" %{?smartcard:%define scard 1} -# Option to disable ipv6 -# rpm -ba|--rebuild --define "noipv6 1" -%{?noipv6:%define noip6 1} - # Is this a build for the rescue CD (without PAM, with MD5)? (1=yes 0=no) %define rescue 0 %{?build_rescue:%define rescue 1} +# Turn off some stuff for resuce builds +%if %{rescue} +%define kerberos5 0 +%endif + Summary: The OpenSSH implementation of SSH protocol versions 1 and 2. Name: openssh Version: %{ver} @@ -66,7 +74,9 @@ Release: %{rel} %endif URL: http://www.openssh.com/portable.html Source0: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz -Source1: http://www.pobox.com/~jmknoble/software/x11-ssh-askpass/x11-ssh-askpass-%{aversion}.tar.gz +%if ! %{skip_x11_askpass} +Source1: http://www.jmknoble.net/software/x11-ssh-askpass/x11-ssh-askpass-%{aversion}.tar.gz +%endif License: BSD Group: Applications/Internet BuildRoot: %{_tmppath}/%{name}-%{version}-buildroot @@ -76,18 +86,22 @@ PreReq: initscripts >= 5.00 %else PreReq: initscripts >= 5.20 %endif -BuildPreReq: perl, openssl-devel, sharutils, tcp_wrappers +BuildPreReq: perl, openssl-devel, tcp_wrappers BuildPreReq: /bin/login -%if %{build6x} +%if ! %{build6x} BuildPreReq: glibc-devel, pam %else -BuildPreReq: db1-devel, /usr/include/security/pam_appl.h +BuildPreReq: /usr/include/security/pam_appl.h %endif %if ! %{no_x11_askpass} BuildPreReq: XFree86-devel %endif %if ! %{no_gnome_askpass} -BuildPreReq: gnome-libs-devel +BuildPreReq: pkgconfig +%endif +%if %{kerberos5} +BuildPreReq: krb5-devel +BuildPreReq: krb5-libs %endif %package clients @@ -169,6 +183,11 @@ environment. CFLAGS="$RPM_OPT_FLAGS -Os"; export CFLAGS %endif +%if %{kerberos5} +K5DIR=`rpm -ql krb5-devel | grep include/krb5.h | sed 's,\/include\/krb5.h,,'` +echo K5DIR=$K5DIR +%endif + %configure \ --sysconfdir=%{_sysconfdir}/ssh \ --libexecdir=%{_libexecdir}/openssh \ @@ -178,16 +197,17 @@ CFLAGS="$RPM_OPT_FLAGS -Os"; export CFLAGS --with-default-path=/usr/local/bin:/bin:/usr/bin \ --with-superuser-path=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin \ --with-privsep-path=%{_var}/empty/sshd \ + --with-md5-passwords \ %if %{scard} --with-smartcard \ %endif -%if %{noip6} - --with-ipv4-default \ -%endif %if %{rescue} - --without-pam --with-md5-passwords + --without-pam \ %else - --with-pam --with-kerberos5=/usr/kerberos + --with-pam \ +%endif +%if %{kerberos5} + --with-kerberos5=$K5DIR \ %endif @@ -205,11 +225,23 @@ make popd %endif +# Define a variable to toggle gnome1/gtk2 building. This is necessary +# because RPM doesn't handle nested %if statements. +%if %{gtk2} + gtk2=yes +%else + gtk2=no +%endif + %if ! %{no_gnome_askpass} pushd contrib -gcc $RPM_OPT_FLAGS `gnome-config --cflags gnome gnomeui` \ - gnome-ssh-askpass.c -o gnome-ssh-askpass \ - `gnome-config --libs gnome gnomeui` +if [ $gtk2 = yes ] ; then + make gnome-ssh-askpass2 + mv gnome-ssh-askpass2 gnome-ssh-askpass +else + make gnome-ssh-askpass1 + mv gnome-ssh-askpass1 gnome-ssh-askpass +fi popd %endif @@ -240,9 +272,15 @@ ln -s x11-ssh-askpass $RPM_BUILD_ROOT%{_libexecdir}/openssh/ssh-askpass install -s contrib/gnome-ssh-askpass $RPM_BUILD_ROOT%{_libexecdir}/openssh/gnome-ssh-askpass %endif +%if ! %{scard} + rm -f $RPM_BUILD_ROOT/usr/share/openssh/Ssh.bin +%endif + +%if ! %{no_gnome_askpass} install -m 755 -d $RPM_BUILD_ROOT%{_sysconfdir}/profile.d/ install -m 755 contrib/redhat/gnome-ssh-askpass.csh $RPM_BUILD_ROOT%{_sysconfdir}/profile.d/ install -m 755 contrib/redhat/gnome-ssh-askpass.sh $RPM_BUILD_ROOT%{_sysconfdir}/profile.d/ +%endif perl -pi -e "s|$RPM_BUILD_ROOT||g" $RPM_BUILD_ROOT%{_mandir}/man*/* @@ -297,7 +335,7 @@ fi %files %defattr(-,root,root) -%doc CREDITS ChangeLog INSTALL LICENCE OVERVIEW README* RFC* TODO WARNING* +%doc CREDITS ChangeLog INSTALL LICENCE OVERVIEW README* PROTOCOL* TODO WARNING* %attr(0755,root,root) %{_bindir}/scp %attr(0644,root,root) %{_mandir}/man1/scp.1* %attr(0755,root,root) %dir %{_sysconfdir}/ssh @@ -306,6 +344,8 @@ fi %attr(0755,root,root) %{_bindir}/ssh-keygen %attr(0644,root,root) %{_mandir}/man1/ssh-keygen.1* %attr(0755,root,root) %dir %{_libexecdir}/openssh +%attr(4711,root,root) %{_libexecdir}/openssh/ssh-keysign +%attr(0644,root,root) %{_mandir}/man8/ssh-keysign.8* %endif %if %{scard} %attr(0755,root,root) %dir %{_datadir}/openssh @@ -314,13 +354,14 @@ fi %files clients %defattr(-,root,root) -%attr(4755,root,root) %{_bindir}/ssh +%attr(0755,root,root) %{_bindir}/ssh %attr(0644,root,root) %{_mandir}/man1/ssh.1* +%attr(0644,root,root) %{_mandir}/man5/ssh_config.5* %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/ssh/ssh_config %attr(-,root,root) %{_bindir}/slogin %attr(-,root,root) %{_mandir}/man1/slogin.1* %if ! %{rescue} -%attr(0755,root,root) %{_bindir}/ssh-agent +%attr(2755,root,nobody) %{_bindir}/ssh-agent %attr(0755,root,root) %{_bindir}/ssh-add %attr(0755,root,root) %{_bindir}/ssh-keyscan %attr(0755,root,root) %{_bindir}/sftp @@ -337,6 +378,8 @@ fi %attr(0755,root,root) %{_sbindir}/sshd %attr(0755,root,root) %{_libexecdir}/openssh/sftp-server %attr(0644,root,root) %{_mandir}/man8/sshd.8* +%attr(0644,root,root) %{_mandir}/man5/moduli.5* +%attr(0644,root,root) %{_mandir}/man5/sshd_config.5* %attr(0644,root,root) %{_mandir}/man8/sftp-server.8* %attr(0755,root,root) %dir %{_sysconfdir}/ssh %attr(0600,root,root) %config(noreplace) %{_sysconfdir}/ssh/sshd_config @@ -362,6 +405,25 @@ fi %endif %changelog +* Mon Jun 2 2003 Damien Miller +- Remove noip6 option. This may be controlled at run-time in client config + file using new AddressFamily directive + +* Mon May 12 2003 Damien Miller +- Don't install profile.d scripts when not building with GNOME/GTK askpass + (patch from bet@rahul.net) + +* Wed Oct 01 2002 Damien Miller +- Install ssh-agent setgid nobody to prevent ptrace() key theft attacks + +* Mon Sep 30 2002 Damien Miller +- Use contrib/ Makefile for building askpass programs + +* Fri Jun 21 2002 Damien Miller +- Merge in spec changes from seba@iq.pl (Sebastian Pachuta) +- Add new {ssh,sshd}_config.5 manpages +- Add new ssh-keysign program and remove setuid from ssh client + * Fri May 10 2002 Damien Miller - Merge in spec changes from RedHat, reorgansie a little - Add Privsep user, group and directory @@ -504,7 +566,7 @@ fi * Sun Apr 8 2001 Preston Brown - remove explicit openssl requirement, fixes builddistro issue -- make initscript stop() function wait until sshd really dead to avoid +- make initscript stop() function wait until sshd really dead to avoid races in condrestart * Mon Apr 2 2001 Nalin Dahyabhai