## ## openssh.spec -- OpenPKG RPM Specification ## Copyright (c) 2000-2001 Cable & Wireless Deutschland GmbH ## Copyright (c) 2000-2001 Ralf S. Engelschall ## ## Permission to use, copy, modify, and distribute this software for ## any purpose with or without fee is hereby granted, provided that ## the above copyright notice and this permission notice appear in all ## copies. ## ## THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED ## WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF ## MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. ## IN NO EVENT SHALL THE AUTHORS AND COPYRIGHT HOLDERS AND THEIR ## CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ## SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT ## LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF ## USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ## ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, ## OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT ## OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ## SUCH DAMAGE. ## %define V_openssh 2.9p2 %define V_scanssh 1.55 # package information Name: openssh Summary: Secure Shell (SSH) URL: http://www.openssh.com/ Vendor: The OpenBSD Project Packager: The OpenPKG Project Distribution: OpenPKG [EXP] Group: Cryptography License: BSD Version: %{V_openssh} Release: 8 # list of sources Source0: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{V_openssh}.tar.gz Source1: http://www.monkey.org/~provos/scanssh-%{V_scanssh}.tar.gz Source2: rc.openssh Source3: sshd_config Source4: ssh_config # build information Prefix: %{l_prefix} BuildRoot: %{l_buildroot} BuildPreReq: OpenPKG, openpkg >= 0.9-33, perl, openssl, zlib, skey, libpcap PreReq: OpenPKG, openpkg >= 0.9-33 AutoReq: no AutoReqProv: no %description Secure Shell (SSH) is a facility for logging into a remote machine and for remotely executing commands on a remote machine. It is intended to replace rlogin(1) and rsh(1), and provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forwarded over the secure channel. OpenSSH is OpenBSD's rework of the last free version of SSH, bringing it up to date in terms of security and features, as well as removing all patented algorithms to separate libraries (OpenSSL). %prep %setup0 -q -c -n openssh-%{version} %setup1 -q -T -D -a 1 %build ( cd openssh-%{V_openssh} # configure source tree CC="%{l_cc}" \ CFLAGS="%{l_cflags -O} -I%{l_prefix}/include" \ LDFLAGS="-L%{l_prefix}/lib" \ LIBS="-lcrypt" \ ./configure \ --prefix=%{l_prefix} \ --sbindir=%{l_prefix}/bin \ --mandir=%{l_prefix}/man \ --infodir=%{l_prefix}/info \ --sysconfdir=%{l_prefix}/etc/openssh \ --libexecdir=%{l_prefix}/libexec/openssh \ --localstatedir=%{l_prefix}/var/openssh \ --with-pid-dir=%{l_prefix}/var/openssh \ --with-ssl-dir=%{l_prefix} \ --with-skey=%{l_prefix} \ --with-ipv4-default \ --with-md5-passwords \ --with-pam \ --without-kerberos4 \ --disable-suid-ssh \ --without-rsh \ --with-default-path=%{l_prefix}/bin:/bin:/usr/bin:/usr/local/bin # build package %{l_make} %{l_mflags -O} ) ( cd scanssh CC="%{l_cc}" \ CFLAGS="%{l_cflags -O} -I%{l_prefix}/include/openssl -I%{l_prefix}/include" \ LDFLAGS="-L%{l_prefix}/lib" \ ./configure \ --prefix=%{l_prefix} %{l_make} %{l_mflags -O} ) %install rm -rf $RPM_BUILD_ROOT ( cd openssh-%{V_openssh} # perform standard installation procedure of OpenSSH %{l_make} %{l_mflags} install DESTDIR=$RPM_BUILD_ROOT ) ( cd scanssh # perform standard installation procedure of ScanSSH %{l_make} %{l_mflags} install DESTDIR=$RPM_BUILD_ROOT ) # strip down installation tree rm -f $RPM_BUILD_ROOT%{l_prefix}/bin/slogin rm -f $RPM_BUILD_ROOT%{l_prefix}/man/man1/slogin.1 strip $RPM_BUILD_ROOT%{l_prefix}/bin/* 2> /dev/null || true strip $RPM_BUILD_ROOT%{l_prefix}/libexec/openssh/* 2> /dev/null || true # make sure the state directory exists %{l_shtool} mkdir -f -p -m 755 $RPM_BUILD_ROOT%{l_prefix}/var/openssh # install run-command script %{l_shtool} mkdir -f -p -m 755 $RPM_BUILD_ROOT%{l_prefix}/etc/rc.d %{l_shtool} install -c -m 755 -e "s;@l_prefix@;%{l_prefix};g" \ %{SOURCE rc.openssh} $RPM_BUILD_ROOT%{l_prefix}/etc/rc.d/ # install reasonable ssh server and client configuration files case "%{l_target}" in *-freebsd* ) uselogin=yes; printmotd=no ;; *-linux* ) uselogin=yes; printmotd=no ;; *-solaris* ) uselogin=no; printmotd=yes ;; # "uselogin" does not work on Solaris! esac %{l_shtool} install -c -m 644 \ -e "s;@l_prefix@;%{l_prefix};g" \ -e "s;@uselogin@;$uselogin;" \ -e "s;@printmotd@;$printmotd;" \ %{SOURCE sshd_config} $RPM_BUILD_ROOT%{l_prefix}/etc/openssh/ %{l_shtool} install -c -m 644 -e "s;@l_prefix@;%{l_prefix};g" \ %{SOURCE ssh_config} $RPM_BUILD_ROOT%{l_prefix}/etc/openssh/ # determine installation files %{l_rpmtool} files -v -ofiles -r$RPM_BUILD_ROOT \ %{l_files_std} \ '%config %{l_prefix}/etc/openssh/*' %files -f files %clean rm -rf $RPM_BUILD_ROOT %post # generate server RSA key if [ ! -f "$RPM_INSTALL_PREFIX/etc/openssh/ssh_host_key" -o \ ! -s "$RPM_INSTALL_PREFIX/etc/openssh/ssh_host_key" ] ; then $RPM_INSTALL_PREFIX/bin/ssh-keygen -b 1024 \ -f $RPM_INSTALL_PREFIX/etc/openssh/ssh_host_key \ -N '' -C `hostname` 1>&2 fi # generate server DSA key if [ ! -f "$RPM_INSTALL_PREFIX/etc/openssh/ssh_host_dsa_key" -o \ ! -s "$RPM_INSTALL_PREFIX/etc/openssh/ssh_host_dsa_key" ] ; then $RPM_INSTALL_PREFIX/bin/ssh-keygen -d \ -f $RPM_INSTALL_PREFIX/etc/openssh/ssh_host_dsa_key \ -N '' -C `hostname` 1>&2 fi # add PAM configuration entry if [ -f /etc/pam.conf ]; then check=`grep "^#" /etc/pam.conf` if [ ".$check" = . ]; then ( echo "#" case "%{l_target}" in *-freebsd* ) echo "sshd auth sufficient pam_skey.so" echo "sshd auth required pam_unix.so try_first_pass" echo "sshd account required pam_unix.so" echo "sshd password required pam_permit.so" echo "sshd session required pam_permit.so" ;; *-linux* ) echo "sshd auth required /lib/security/pam_unix_auth.so shadow nodelay" echo "sshd auth required /lib/security/pam_nologin.so" echo "sshd account required /lib/security/pam_unix_acct.so" echo "sshd password required /lib/security/pam_unix_passwd.so shadow nullok use_authtok" echo "sshd session required /lib/security/pam_unix_session.so" echo "sshd session required /lib/security/pam_limits.so" ;; *-solaris* ) echo "sshd auth required /usr/lib/security/pam_unix.so try_first_pass" echo "sshd account required /usr/lib/security/pam_unix.so" echo "sshd password required /usr/lib/security/pam_unix.so" echo "sshd session required /usr/lib/security/pam_unix.so" ;; esac echo "#" ) >>/etc/pam.conf fi fi %preun # remove PAM configuration entry if [ -f /etc/pam.conf ]; then check=`grep "^#" /etc/pam.conf` if [ ".$check" != . ]; then cp /etc/pam.conf /etc/pam.conf.tmp && \ sed -e "/^#/,/^#<\\/OpenPKG>/d" \ /etc/pam.conf && \ rm -f /etc/pam.conf.tmp fi fi