## ## openssh.spec -- OpenPKG RPM Specification ## Copyright (c) 2000-2005 The OpenPKG Project ## Copyright (c) 2000-2005 Ralf S. Engelschall ## Copyright (c) 2000-2005 Cable & Wireless ## ## Permission to use, copy, modify, and distribute this software for ## any purpose with or without fee is hereby granted, provided that ## the above copyright notice and this permission notice appear in all ## copies. ## ## THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED ## WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF ## MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. ## IN NO EVENT SHALL THE AUTHORS AND COPYRIGHT HOLDERS AND THEIR ## CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ## SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT ## LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF ## USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ## ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, ## OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT ## OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ## SUCH DAMAGE. ## # package versions %define V_base 3.9 %define V_portable p1 %define V_watchdog 3.9p1 %define V_ldap_base 3.7.1p2 %define V_ldap_vers1 v2.01 %define V_ldap_vers2 v201 # package information Name: openssh Summary: Secure Shell (SSH) URL: http://www.openssh.com/ Vendor: The OpenBSD Project Packager: The OpenPKG Project Distribution: OpenPKG Class: CORE Group: Security License: BSD Version: %{V_base}%{V_portable} Release: 2.3.0 # package options %option with_fsl yes %option with_alias no %option with_chroot no %option with_ldap no %option with_pam no %option with_sftplogging no %option with_skey no %option with_watchdog no %option with_wrap no %option with_x11 no # list of sources Source0: ftp://ftp.openssh.com/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz Source1: rc.openssh Source2: fsl.openssh Source3: sshd_config Source4: ssh_config Source5: ssh-askpass Source6: ssh-keyman Source7: ssh-keyman.1 Source8: ssh-keyman.pod Patch0: openssh.patch Patch1: openssh.patch.chroot Patch2: openssh.patch.alias Patch3: http://www.sc.isc.tohoku.ac.jp/~hgot/sources/openssh-%{V_watchdog}-watchdog.patch.tgz Patch4: http://ldappubkey.gcu-squad.org/%{V_ldap_vers1}/ldappubkey-ossh%{V_ldap_base}-%{V_ldap_vers2}.patch Patch5: openssh.patch.sftplogging Patch6: openssh.patch.scpbindir # build information Prefix: %{l_prefix} BuildRoot: %{l_buildroot} BuildPreReq: OpenPKG, openpkg >= 2.3.0, perl PreReq: OpenPKG, openpkg >= 2.3.0 BuildPreReq: openssl, zlib PreReq: openssl, zlib %if "%{with_pam}" == "yes" BuildPreReq: PAM PreReq: PAM %endif %if "%{with_fsl}" == "yes" BuildPreReq: fsl >= 1.2.0 PreReq: fsl >= 1.2.0 %endif %if "%{with_skey}" == "yes" BuildPreReq: skey PreReq: skey %endif %if "%{with_x11}" == "yes" BuildPreReq: X11 PreReq: X11 %endif %if "%{with_ldap}" == "yes" BuildPreReq: openldap PreReq: openldap %endif %if "%{with_wrap}" == "yes" BuildPreReq: tcpwrappers PreReq: tcpwrappers %endif AutoReq: no AutoReqProv: no %description Secure Shell (SSH) is a facility for logging into a remote machine and for remotely executing commands on a remote machine. It is intended to replace rlogin(1) and rsh(1), and provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forwarded over the secure channel. OpenSSH is OpenBSD's rework of the last free version of SSH, bringing it up to date in terms of security and features, as well as removing all patented algorithms to separate libraries (OpenSSL). %track prog openssh = { version = %{version} url = ftp://ftp.openssh.com/pub/OpenBSD/OpenSSH/portable/ regex = openssh-(__VER__)\.tar\.gz } prog openssh:watchdog = { version = %{V_watchdog} url = http://www.sc.isc.tohoku.ac.jp/~hgot/sources/openssh-watchdog.html regex = HREF=.openssh-(__VER__)-watchdog\.patch\.tgz } %prep # unpack and patch distribution %setup -q %patch -p0 -P 0 %{l_shtool} subst \ -e 's;@l_openpkg_release@;%{l_openpkg_release -F "OpenPKG-%s"};' \ version.h %if "%{with_chroot}" == "yes" %patch -p0 -P 1 %endif %if "%{with_alias}" == "yes" %patch -p0 -P 2 %endif %if "%{with_watchdog}" == "yes" %{l_gzip} -d -c %{SOURCE openssh-%{V_watchdog}-watchdog.patch.tgz} | %{l_tar} xf - %{l_patch} -p0 -b /dev/null || true strip $RPM_BUILD_ROOT%{l_prefix}/libexec/openssh/* 2>/dev/null || true # install ssh-askpass wrapper %{l_shtool} mkdir -f -p -m 755 \ $RPM_BUILD_ROOT%{l_prefix}/libexec/openssh %{l_shtool} install -c -m 755 %{l_value -s -a} \ %{SOURCE ssh-askpass} \ $RPM_BUILD_ROOT%{l_prefix}/libexec/openssh/ # make sure the state directory exists %{l_shtool} mkdir -f -p -m 755 \ $RPM_BUILD_ROOT%{l_prefix}/var/openssh \ $RPM_BUILD_ROOT%{l_prefix}/var/openssh/empty # install addons %{l_shtool} mkdir -f -p -m 755 \ $RPM_BUILD_ROOT%{l_prefix}/bin \ $RPM_BUILD_ROOT%{l_prefix}/man/man1 %{l_shtool} install -c -m 755 %{l_value -s -a} \ %{SOURCE ssh-keyman} \ $RPM_BUILD_ROOT%{l_prefix}/bin/ %{l_shtool} install -c -m 644 %{l_value -s -a} \ %{SOURCE ssh-keyman.1} \ $RPM_BUILD_ROOT%{l_prefix}/man/man1/ # install run-command script %{l_shtool} mkdir -f -p -m 755 \ $RPM_BUILD_ROOT%{l_prefix}/etc/rc.d %{l_shtool} install -c -m 755 %{l_value -s -a} \ %{SOURCE rc.openssh} \ $RPM_BUILD_ROOT%{l_prefix}/etc/rc.d/ # install reasonable ssh server and client configuration files %{l_shtool} mkdir -f -p -m 755 \ $RPM_BUILD_ROOT%{l_prefix}/etc/openssh %{l_shtool} install -c -m 644 %{l_value -s -a} \ -e 's;@l_x11forwarding@;%{with_x11};' \ %{SOURCE sshd_config} \ $RPM_BUILD_ROOT%{l_prefix}/etc/openssh/ %{l_shtool} install -c -m 644 %{l_value -s -a} \ %{SOURCE ssh_config} \ $RPM_BUILD_ROOT%{l_prefix}/etc/openssh/ # install OSSP fsl configuration %{l_shtool} mkdir -f -p -m 755 \ $RPM_BUILD_ROOT%{l_prefix}/etc/fsl %{l_shtool} install -c -m 644 %{l_value -s -a} \ %{SOURCE fsl.openssh} \ $RPM_BUILD_ROOT%{l_prefix}/etc/fsl/ # determine installation files %{l_rpmtool} files -v -ofiles -r$RPM_BUILD_ROOT \ %{l_files_std} \ '%not %dir %{l_prefix}/etc/fsl' \ '%config %{l_prefix}/etc/fsl/fsl.openssh' \ '%config %{l_prefix}/etc/openssh/*' \ '%attr(4711,%{l_susr},%{l_mgrp}) %{l_prefix}/libexec/openssh/ssh-keysign' \ '%dir %attr(700,%{l_susr},%{l_mgrp}) %{l_prefix}/var/openssh/empty' %files -f files %clean rm -rf $RPM_BUILD_ROOT %post # generate server RSA1 (SSH1) key if [ ! -f "$RPM_INSTALL_PREFIX/etc/openssh/ssh_host_key" -o \ ! -s "$RPM_INSTALL_PREFIX/etc/openssh/ssh_host_key" ]; then $RPM_INSTALL_PREFIX/bin/ssh-keygen -t rsa1 -b 2048 \ -f $RPM_INSTALL_PREFIX/etc/openssh/ssh_host_key \ -N '' -C `hostname` 1>&2 fi # generate server RSA (SSH2) key if [ ! -f "$RPM_INSTALL_PREFIX/etc/openssh/ssh_host_rsa_key" -o \ ! -s "$RPM_INSTALL_PREFIX/etc/openssh/ssh_host_rsa_key" ]; then $RPM_INSTALL_PREFIX/bin/ssh-keygen -t rsa -b 2048 \ -f $RPM_INSTALL_PREFIX/etc/openssh/ssh_host_rsa_key \ -N '' -C `hostname` 1>&2 fi # generate server DSA (SSH2) key if [ ! -f "$RPM_INSTALL_PREFIX/etc/openssh/ssh_host_dsa_key" -o \ ! -s "$RPM_INSTALL_PREFIX/etc/openssh/ssh_host_dsa_key" ]; then $RPM_INSTALL_PREFIX/bin/ssh-keygen -t dsa -b 2048 \ -f $RPM_INSTALL_PREFIX/etc/openssh/ssh_host_dsa_key \ -N '' -C `hostname` 1>&2 fi %if "%{with_pam}" == "yes" # add PAM configuration entry if [ $1 -eq 1 ]; then $RPM_INSTALL_PREFIX/sbin/pamtool --add --smart --name=openssh fi %endif # after upgrade, restart service [ $1 -eq 2 ] || exit 0 eval `%{l_rc} openssh status 2>/dev/null` [ ".$openssh_active" = .yes ] && %{l_rc} openssh restart exit 0 %preun # before erase, stop service and remove log files [ $1 -eq 0 ] || exit 0 %{l_rc} openssh stop 2>/dev/null rm -f $RPM_INSTALL_PREFIX/var/openssh/openssh.log* >/dev/null 2>&1 || true %if "%{with_pam}" == "yes" # remove PAM configuration entry $RPM_INSTALL_PREFIX/sbin/pamtool --remove --smart --name=openssh %endif exit 0