X-Git-Url: http://andersk.mit.edu/gitweb/openssh.git/blobdiff_plain/9a6cede3dbf82ce267019370e9e9de2426ed35f3..962386fc6b973d2f02ab00bb181ddb77e09c5dc2:/contrib/suse/openssh.spec diff --git a/contrib/suse/openssh.spec b/contrib/suse/openssh.spec index ab16c40b..12661eea 100644 --- a/contrib/suse/openssh.spec +++ b/contrib/suse/openssh.spec @@ -1,13 +1,29 @@ -Summary: OpenSSH, a free Secure Shell (SSH) implementation -Name: openssh -Version: 1.2.3pre2 -Release: 1 -Source0: openssh-%{version}.tar.gz -Copyright: BSD -Group: Applications/Internet -BuildRoot: /tmp/openssh-%{version}-buildroot -PreReq: openssl -Obsoletes: ssh +# Default values for additional components +%define build_x11_askpass 1 + +# Define the UID/GID to use for privilege separation +%define sshd_gid 65 +%define sshd_uid 71 + +# The version of x11-ssh-askpass to use +%define xversion 1.2.4.1 + +# Allow the ability to override defaults with -D skip_xxx=1 +%{?skip_x11_askpass:%define build_x11_askpass 0} + +Summary: OpenSSH, a free Secure Shell (SSH) protocol implementation +Name: openssh +Version: 5.3p1 +URL: http://www.openssh.com/ +Release: 1 +Source0: openssh-%{version}.tar.gz +Source1: x11-ssh-askpass-%{xversion}.tar.gz +License: BSD +Group: Productivity/Networking/SSH +BuildRoot: %{_tmppath}/openssh-%{version}-buildroot +PreReq: openssl +Obsoletes: ssh +Provides: ssh # # (Build[ing] Prereq[uisites] only work for RPM 2.95 and newer.) # building prerequisites -- stuff for @@ -15,90 +31,60 @@ Obsoletes: ssh # TCP Wrappers (nkitb), # and Gnome (glibdev, gtkdev, and gnlibsd) # -BuildPrereq: openssl-devel -BuildPrereq: nkitb -BuildPrereq: glibdev -BuildPrereq: gtkdev -BuildPrereq: gnlibsd - -%package clients -Summary: OpenSSH Secure Shell protocol clients -Requires: openssh -Group: Applications/Internet -Obsoletes: ssh-clients - -%package server -Summary: OpenSSH Secure Shell protocol server (sshd) -Requires: openssh -Group: System Environment/Daemons -PreReq: openssh -Obsoletes: ssh-server - -%package askpass -Summary: OpenSSH GNOME passphrase dialog -Group: Applications/Internet -Requires: openssh -Obsoletes: ssh-extras -Obsoletes: ssh-askpass +BuildPrereq: openssl +BuildPrereq: nkitb +#BuildPrereq: glibdev +#BuildPrereq: gtkdev +#BuildPrereq: gnlibsd + +%package askpass +Summary: A passphrase dialog for OpenSSH and the X window System. +Group: Productivity/Networking/SSH +Requires: openssh = %{version} +Obsoletes: ssh-extras +Provides: openssh:${_libdir}/ssh/ssh-askpass + +%if %{build_x11_askpass} +BuildPrereq: XFree86-devel +%endif %description -Ssh (Secure Shell) a program for logging into a remote machine and for +Ssh (Secure Shell) is a program for logging into a remote machine and for executing commands in a remote machine. It is intended to replace rlogin and rsh, and provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forwarded over the secure channel. OpenSSH is OpenBSD's rework of the last free version of SSH, bringing it -up to date in terms of security and features, as well as removing all +up to date in terms of security and features, as well as removing all patented algorithms to seperate libraries (OpenSSL). -This package includes the core files necessary for both the OpenSSH -client and server. To make this package useful, you should also -install openssh-clients, openssh-server, or both. - -%description clients -Ssh (Secure Shell) a program for logging into a remote machine and for -executing commands in a remote machine. It is intended to replace -rlogin and rsh, and provide secure encrypted communications between -two untrusted hosts over an insecure network. X11 connections and -arbitrary TCP/IP ports can also be forwarded over the secure channel. - -OpenSSH is OpenBSD's rework of the last free version of SSH, bringing it -up to date in terms of security and features, as well as removing all -patented algorithms to seperate libraries (OpenSSL). - -This package includes the clients necessary to make encrypted connections -to SSH servers. - -%description server -Ssh (Secure Shell) a program for logging into a remote machine and for -executing commands in a remote machine. It is intended to replace -rlogin and rsh, and provide secure encrypted communications between -two untrusted hosts over an insecure network. X11 connections and -arbitrary TCP/IP ports can also be forwarded over the secure channel. - -OpenSSH is OpenBSD's rework of the last free version of SSH, bringing it -up to date in terms of security and features, as well as removing all -patented algorithms to seperate libraries (OpenSSL). - -This package contains the secure shell daemon. The sshd is the server -part of the secure shell protocol and allows ssh clients to connect to -your host. +This package includes all files necessary for both the OpenSSH +client and server. %description askpass -Ssh (Secure Shell) a program for logging into a remote machine and for +Ssh (Secure Shell) is a program for logging into a remote machine and for executing commands in a remote machine. It is intended to replace rlogin and rsh, and provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forwarded over the secure channel. OpenSSH is OpenBSD's rework of the last free version of SSH, bringing it -up to date in terms of security and features, as well as removing all +up to date in terms of security and features, as well as removing all patented algorithms to seperate libraries (OpenSSL). -This package contains the GNOME passphrase dialog. +This package contains an X Window System passphrase dialog for OpenSSH. %changelog +* Wed Oct 26 2005 Iain Morgan +- Removed accidental inclusion of --without-zlib-version-check +* Tue Oct 25 2005 Iain Morgan +- Overhaul to deal with newer versions of SuSE and OpenSSH +* Mon Jun 12 2000 Damien Miller +- Glob manpages to catch compressed files +* Wed Mar 15 2000 Damien Miller +- Updated for new location +- Updated for new gnome-ssh-askpass build * Sun Dec 26 1999 Chris Saia - Made symlink to gnome-ssh-askpass called ssh-askpass * Wed Nov 24 1999 Chris Saia @@ -140,104 +126,125 @@ This package contains the GNOME passphrase dialog. %prep +%if %{build_x11_askpass} +%setup -q -a 1 +%else %setup -q +%endif %build CFLAGS="$RPM_OPT_FLAGS" \ -./configure --prefix=/usr --sysconfdir=/etc/ssh --with-gnome-askpass \ - --with-tcp-wrappers --with-ipv4-default +%configure --prefix=/usr \ + --sysconfdir=%{_sysconfdir}/ssh \ + --mandir=%{_mandir} \ + --with-privsep-path=/var/lib/empty \ + --with-pam \ + --with-tcp-wrappers \ + --libexecdir=%{_libdir}/ssh +make + +%if %{build_x11_askpass} +cd x11-ssh-askpass-%{xversion} +%configure --mandir=/usr/X11R6/man \ + --libexecdir=%{_libdir}/ssh +xmkmf -a make +cd .. +%endif %install rm -rf $RPM_BUILD_ROOT make install DESTDIR=$RPM_BUILD_ROOT/ -install -d $RPM_BUILD_ROOT/etc/ssh/ install -d $RPM_BUILD_ROOT/etc/pam.d/ -install -d $RPM_BUILD_ROOT/sbin/init.d/ +install -d $RPM_BUILD_ROOT/etc/init.d/ install -d $RPM_BUILD_ROOT/var/adm/fillup-templates -install -m644 sshd.pam.generic $RPM_BUILD_ROOT/etc/pam.d/sshd -install -m744 packages/suse/rc.sshd $RPM_BUILD_ROOT/sbin/init.d/sshd -ln -s ../../sbin/init.d/sshd $RPM_BUILD_ROOT/usr/sbin/rcsshd -ln -s gnome-ssh-askpass $RPM_BUILD_ROOT/usr/libexec/ssh/ssh-askpass -install -m744 packages/suse/rc.config.sshd \ +install -m644 contrib/sshd.pam.generic $RPM_BUILD_ROOT/etc/pam.d/sshd +install -m744 contrib/suse/rc.sshd $RPM_BUILD_ROOT/etc/init.d/sshd +install -m744 contrib/suse/sysconfig.ssh \ $RPM_BUILD_ROOT/var/adm/fillup-templates +%if %{build_x11_askpass} +cd x11-ssh-askpass-%{xversion} +make install install.man BINDIR=%{_libdir}/ssh DESTDIR=$RPM_BUILD_ROOT/ +rm -f $RPM_BUILD_ROOT/usr/share/Ssh.bin +%endif + %clean rm -rf $RPM_BUILD_ROOT -%post server -if [ "$1" = 1 ]; then - echo "Creating SSH stop/start scripts in the rc directories..." - ln -s ../sshd /sbin/init.d/rc2.d/K20sshd - ln -s ../sshd /sbin/init.d/rc2.d/S20sshd - ln -s ../sshd /sbin/init.d/rc3.d/K20sshd - ln -s ../sshd /sbin/init.d/rc3.d/S20sshd -fi -echo "Updating /etc/rc.config..." -if [ -x /bin/fillup ] ; then - /bin/fillup -q -d = etc/rc.config var/adm/fillup-templates/rc.config.sshd -else - echo "ERROR: fillup not found. This should NOT happen in SuSE Linux." - echo "Update /etc/rc.config by hand from the following template file:" - echo " /var/adm/fillup-templates/rc.config.sshd" -fi +%pre +/usr/sbin/groupadd -g %{sshd_gid} -o -r sshd 2> /dev/null || : +/usr/sbin/useradd -r -o -g sshd -u %{sshd_uid} -s /bin/false -c "SSH Privilege Separation User" -d /var/lib/sshd sshd 2> /dev/null || : + +%post if [ ! -f /etc/ssh/ssh_host_key -o ! -s /etc/ssh/ssh_host_key ]; then - echo "Generating SSH host key..." - /usr/bin/ssh-keygen -b 1024 -f /etc/ssh/ssh_host_key -N '' >&2 + echo "Generating SSH RSA host key..." + /usr/bin/ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N '' >&2 fi -if test -r /var/run/sshd.pid -then - echo "Restarting the running SSH daemon..." - /usr/sbin/rcsshd restart >&2 +if [ ! -f /etc/ssh/ssh_host_dsa_key -o ! -s /etc/ssh/ssh_host_dsa_key ]; then + echo "Generating SSH DSA host key..." + /usr/bin/ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N '' >&2 fi +%{fillup_and_insserv -n -s -y ssh sshd START_SSHD} +%run_permissions -%preun server -if [ "$1" = 0 ] -then - echo "Stopping the SSH daemon..." - /usr/sbin/rcsshd stop >&2 - echo "Removing SSH stop/start scripts from the rc directories..." - rm /sbin/init.d/rc2.d/K20sshd - rm /sbin/init.d/rc2.d/S20sshd - rm /sbin/init.d/rc3.d/K20sshd - rm /sbin/init.d/rc3.d/S20sshd -fi +%verifyscript +%verify_permissions -e /etc/ssh/sshd_config -e /etc/ssh/ssh_config -e /usr/bin/ssh + +%preun +%stop_on_removal sshd + +%postun +%restart_on_update sshd +%{insserv_cleanup} %files %defattr(-,root,root) -%doc COPYING.Ylonen ChangeLog OVERVIEW README README.Ylonen -%doc RFC.nroff TODO UPGRADING CREDITS -%attr(0755,root,root) /usr/bin/ssh-keygen -%attr(0755,root,root) /usr/bin/scp -%attr(0644,root,root) %doc /usr/man/man1/ssh-keygen.1 -%attr(0644,root,root) %doc /usr/man/man1/scp.1 -%attr(0755,root,root) %dir /etc/ssh -%attr(0755,root,root) %dir /usr/libexec/ssh - -%files clients -%defattr(-,root,root) -%attr(4755,root,root) /usr/bin/ssh -%attr(0755,root,root) /usr/bin/ssh-agent -%attr(0755,root,root) /usr/bin/ssh-add -%attr(0644,root,root) %doc /usr/man/man1/ssh.1 -%attr(0644,root,root) %doc /usr/man/man1/ssh-agent.1 -%attr(0644,root,root) %doc /usr/man/man1/ssh-add.1 -%attr(0644,root,root) %config /etc/ssh/ssh_config -%attr(-,root,root) /usr/bin/slogin -%attr(-,root,root) %doc /usr/man/man1/slogin.1 - -%files server -%defattr(-,root,root) -%attr(0755,root,root) /usr/sbin/sshd -%attr(0644,root,root) %doc /usr/man/man8/sshd.8 -%attr(0600,root,root) %config /etc/ssh/sshd_config -%attr(0644,root,root) %config /etc/pam.d/sshd -%attr(0755,root,root) %config /sbin/init.d/sshd -%attr(-,root,root) /usr/sbin/rcsshd -%attr(0644,root,root) /var/adm/fillup-templates/rc.config.sshd - +%doc ChangeLog OVERVIEW README* PROTOCOL* +%doc TODO CREDITS LICENCE +%attr(0755,root,root) %dir %{_sysconfdir}/ssh +%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/ssh/ssh_config +%attr(0600,root,root) %config(noreplace) %{_sysconfdir}/ssh/sshd_config +%attr(0600,root,root) %config(noreplace) %{_sysconfdir}/ssh/moduli +%attr(0644,root,root) %config(noreplace) /etc/pam.d/sshd +%attr(0755,root,root) %config /etc/init.d/sshd +%attr(0755,root,root) %{_bindir}/ssh-keygen +%attr(0755,root,root) %{_bindir}/scp +%attr(0755,root,root) %{_bindir}/ssh +%attr(-,root,root) %{_bindir}/slogin +%attr(0755,root,root) %{_bindir}/ssh-agent +%attr(0755,root,root) %{_bindir}/ssh-add +%attr(0755,root,root) %{_bindir}/ssh-keyscan +%attr(0755,root,root) %{_bindir}/sftp +%attr(0755,root,root) %{_sbindir}/sshd +%attr(0755,root,root) %dir %{_libdir}/ssh +%attr(0755,root,root) %{_libdir}/ssh/sftp-server +%attr(4711,root,root) %{_libdir}/ssh/ssh-keysign +%attr(0644,root,root) %doc %{_mandir}/man1/scp.1* +%attr(0644,root,root) %doc %{_mandir}/man1/sftp.1* +%attr(-,root,root) %doc %{_mandir}/man1/slogin.1* +%attr(0644,root,root) %doc %{_mandir}/man1/ssh.1* +%attr(0644,root,root) %doc %{_mandir}/man1/ssh-add.1* +%attr(0644,root,root) %doc %{_mandir}/man1/ssh-agent.1* +%attr(0644,root,root) %doc %{_mandir}/man1/ssh-keygen.1* +%attr(0644,root,root) %doc %{_mandir}/man1/ssh-keyscan.1* +%attr(0644,root,root) %doc %{_mandir}/man5/moduli.5* +%attr(0644,root,root) %doc %{_mandir}/man5/ssh_config.5* +%attr(0644,root,root) %doc %{_mandir}/man5/sshd_config.5* +%attr(0644,root,root) %doc %{_mandir}/man8/sftp-server.8* +%attr(0644,root,root) %doc %{_mandir}/man8/ssh-keysign.8* +%attr(0644,root,root) %doc %{_mandir}/man8/sshd.8* +%attr(0644,root,root) /var/adm/fillup-templates/sysconfig.ssh + +%if %{build_x11_askpass} %files askpass %defattr(-,root,root) -%attr(0755,root,root) /usr/libexec/ssh/ssh-askpass -%attr(0755,root,root) /usr/libexec/ssh/gnome-ssh-askpass - +%doc x11-ssh-askpass-%{xversion}/README +%doc x11-ssh-askpass-%{xversion}/ChangeLog +%doc x11-ssh-askpass-%{xversion}/SshAskpass*.ad +%attr(0755,root,root) %{_libdir}/ssh/ssh-askpass +%attr(0755,root,root) %{_libdir}/ssh/x11-ssh-askpass +%attr(0644,root,root) %doc /usr/X11R6/man/man1/ssh-askpass.1x* +%attr(0644,root,root) %doc /usr/X11R6/man/man1/x11-ssh-askpass.1x* +%attr(0644,root,root) %config /usr/X11R6/lib/X11/app-defaults/SshAskpass +%endif