You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
414 lines
14 KiB
414 lines
14 KiB
## |
|
## openssh.spec -- OpenPKG RPM Package Specification |
|
## Copyright (c) 2000-2020 OpenPKG Project <http://openpkg.org/> |
|
## |
|
## Permission to use, copy, modify, and distribute this software for |
|
## any purpose with or without fee is hereby granted, provided that |
|
## the above copyright notice and this permission notice appear in all |
|
## copies. |
|
## |
|
## THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED |
|
## WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF |
|
## MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. |
|
## IN NO EVENT SHALL THE AUTHORS AND COPYRIGHT HOLDERS AND THEIR |
|
## CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, |
|
## SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT |
|
## LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF |
|
## USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND |
|
## ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, |
|
## OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT |
|
## OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
|
## SUCH DAMAGE. |
|
## |
|
|
|
# package versions |
|
%define V_base 8.1 |
|
%define V_portable p1 |
|
%define V_connect 100 |
|
%define V_hpn 7_8_P1-hpn-14.16 |
|
|
|
# package information |
|
Name: openssh |
|
Summary: Secure Shell (SSH) |
|
URL: http://www.openssh.com/ |
|
Vendor: The OpenBSD Project |
|
Packager: OpenPKG Project |
|
Distribution: OpenPKG Community |
|
Class: CORE |
|
Group: SSH |
|
License: BSD |
|
Version: %{V_base}%{V_portable} |
|
Release: 20191009 |
|
|
|
# package options |
|
%option with_fsl yes |
|
%option with_connect no |
|
%option with_alias no |
|
%option with_chroot no |
|
%option with_ldap no |
|
%option with_pam no |
|
%option with_kerberos no |
|
%option with_skey no |
|
%option with_wrap no |
|
%option with_trysetpath no |
|
%option with_libedit no |
|
%option with_hpn no |
|
|
|
# list of sources |
|
Source0: ftp://ftp3.usa.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz |
|
Source1: rc.openssh |
|
Source2: fsl.openssh |
|
Source3: sshd_config |
|
Source4: ssh_config |
|
Source5: ssh-askpass |
|
Source6: ssh-keyman |
|
Source7: ssh-keyman.1 |
|
Source8: ssh-keyman.pod |
|
Source9: http://download.openpkg.org/components/versioned/openssh-connect/openssh-connect-%{V_connect}.tar.gz |
|
Patch0: openssh.patch |
|
Patch1: openssh.patch.chroot |
|
Patch2: openssh.patch.alias |
|
Patch3: openssh.patch.lpk |
|
Patch4: openssh.patch.scpbindir |
|
Patch5: http://download.sourceforge.net/hpnssh/openssh-%{V_hpn}.diff |
|
|
|
# build information |
|
BuildPreReq: OpenPKG, openpkg >= 20160101, perl |
|
PreReq: OpenPKG, openpkg >= 20160101 |
|
BuildPreReq: openssl, zlib |
|
PreReq: openssl, zlib |
|
%if "%{with_pam}" == "yes" |
|
BuildPreReq: PAM |
|
PreReq: PAM |
|
%endif |
|
%if "%{with_kerberos}" == "yes" |
|
BuildPreReq: KERBEROS |
|
PreReq: KERBEROS |
|
%endif |
|
%if "%{with_fsl}" == "yes" |
|
BuildPreReq: fsl |
|
PreReq: fsl |
|
%endif |
|
%if "%{with_skey}" == "yes" |
|
BuildPreReq: skey |
|
PreReq: skey |
|
%endif |
|
%if "%{with_ldap}" == "yes" |
|
BuildPreReq: openldap |
|
PreReq: openldap |
|
%endif |
|
%if "%{with_wrap}" == "yes" |
|
BuildPreReq: tcpwrappers |
|
PreReq: tcpwrappers |
|
%endif |
|
%if "%{with_libedit}" == "yes" |
|
BuildPreReq: libedit |
|
PreReq: libedit |
|
%endif |
|
|
|
%description |
|
Secure Shell (SSH) is a facility for logging into a remote machine |
|
and for remotely executing commands on a remote machine. It is |
|
intended to replace rlogin(1) and rsh(1), and provide secure |
|
encrypted communications between two untrusted hosts over an |
|
insecure network. X11 connections and arbitrary TCP/IP ports can |
|
also be forwarded over the secure channel. OpenSSH is OpenBSD's |
|
rework of the last free version of SSH, bringing it up to date in |
|
terms of security and features, as well as removing all patented |
|
algorithms to separate libraries (OpenSSL). |
|
|
|
%track |
|
prog openssh = { |
|
version = %{version} |
|
url = ftp://ftp3.usa.openbsd.org/pub/OpenBSD/OpenSSH/portable/ |
|
regex = openssh-(\d+\.\d+p\d+)\.tar\.gz |
|
} |
|
prog openssh:hpn = { |
|
version = %{V_hpn} |
|
url = https://sourceforge.net/projects/hpnssh/files/ |
|
regex = openssh-([0-9].+?)\.diff |
|
} |
|
|
|
%prep |
|
# unpack and patch distribution |
|
%setup -q |
|
%if "%{with_connect}" == "yes" |
|
%setup -q -D -T -a 9 |
|
%endif |
|
%patch -p0 -P 0 |
|
%if "%{with_chroot}" == "yes" |
|
%patch -p0 -P 1 |
|
%endif |
|
%if "%{with_alias}" == "yes" |
|
%patch -p0 -P 2 |
|
%endif |
|
%if "%{with_ldap}" == "yes" |
|
%patch -p0 -P 3 |
|
%endif |
|
%if "%{with_hpn}" == "yes" |
|
cat %{SOURCE openssh-%{V_hpn}.diff} |\ |
|
sed -e '/^diff.*\/version\.h/,$d' | %{l_patch} -p1 -b |
|
%{l_shtool} subst -e 's;\(SSH_VERSION SSH_PORTABLE\);\1 "-hpn";' version.h |
|
%endif |
|
sed -e 's;@l_prefix@;%{l_prefix};g' %{SOURCE openssh.patch.scpbindir} | %{l_patch} -p0 -b |
|
case "%{l_platform -t}" in |
|
*-darwin* ) |
|
%{l_shtool} subst \ |
|
-e 's;LIBS="-lcrypto $LIBS";LIBS="%{l_prefix}/lib/libcrypto.a $LIBS";' \ |
|
configure |
|
;; |
|
esac |
|
%{l_shtool} subst \ |
|
-e 's;@l_openpkg_release@;%{l_openpkg_release -F "OpenPKG-%%t"};' \ |
|
version.h |
|
|
|
%build |
|
# configure package |
|
cflags="" |
|
ldflags="" |
|
%if "%{with_chroot}" == "yes" |
|
cflags="$cflags -DUSE_CHROOT" |
|
%endif |
|
%if "%{with_alias}" == "yes" |
|
cflags="$cflags -DUSE_ALIAS" |
|
%endif |
|
%if "%{with_pam}" == "yes" |
|
cflags="$cflags -I`%{l_rc} --query pam_incdir`" |
|
ldflags="$ldflags -L`%{l_rc} --query pam_libdir`" |
|
%endif |
|
%if "%{with_ldap}" == "yes" |
|
cflags="$cflags -DLDAP_DEPRECATED" |
|
ldflags="$ldflags -lldap -llber -lcrypto -lssl" |
|
%endif |
|
strip="--enable-strip"; %{l_shtool} path strip || strip="--disable-strip" |
|
CC="%{l_cc}" \ |
|
CFLAGS="%{l_cflags -O} %{l_cppflags} $cflags" \ |
|
LDFLAGS="%{l_ldflags} %{l_fsl_ldflags} $ldflags" \ |
|
LIBS="%{l_fsl_libs}" \ |
|
GREP="grep" \ |
|
./configure \ |
|
--prefix=%{l_prefix} \ |
|
--sbindir=%{l_prefix}/bin \ |
|
--mandir=%{l_prefix}/man \ |
|
--infodir=%{l_prefix}/info \ |
|
--sysconfdir=%{l_prefix}/etc/openssh \ |
|
--libexecdir=%{l_prefix}/libexec/openssh \ |
|
--localstatedir=%{l_prefix}/var/openssh \ |
|
--with-pid-dir=%{l_prefix}/var/openssh/run \ |
|
--with-ssl-dir=%{l_prefix} \ |
|
%if "%{with_skey}" == "yes" |
|
--with-skey=%{l_prefix} \ |
|
%endif |
|
%if "%{with_pam}" == "yes" |
|
--with-pam \ |
|
%else |
|
--without-pam \ |
|
%endif |
|
%if "%{with_wrap}" == "yes" |
|
--with-tcp-wrappers=%{l_prefix} \ |
|
%endif |
|
%if "%{with_ldap}" == "yes" |
|
--with-ldap=%{l_prefix} \ |
|
%endif |
|
%if "%{with_libedit}" == "yes" |
|
--with-libedit=%{l_prefix} \ |
|
%endif |
|
--with-md5-passwords \ |
|
--with-zlib=%{l_prefix} \ |
|
%if "%{with_kerberos}" == "yes" |
|
--with-kerberos5=%{l_prefix} \ |
|
%else |
|
--without-kerberos5 \ |
|
%endif |
|
--with-mantype=man \ |
|
%if "%{with_trysetpath}" == "yes" |
|
--enable-etc-default-login \ |
|
--with-default-path=%{l_prefix}/bin:/bin:/usr/bin \ |
|
--with-superuser-path=%{l_prefix}/bin:/bin:/usr/bin:%{l_prefix}/sbin:/sbin:/usr/sbin \ |
|
%else |
|
--disable-etc-default-login \ |
|
--with-default-path=/bin:/usr/bin \ |
|
--with-superuser-path=/bin:/usr/bin:/sbin:/usr/sbin \ |
|
%endif |
|
--with-privsep-user=%{l_nusr} \ |
|
--with-privsep-path=%{l_prefix}/var/openssh/empty \ |
|
$strip |
|
|
|
# build package |
|
%{l_make} %{l_mflags -O} |
|
|
|
%if "%{with_connect}" == "yes" |
|
# build proxy connect utility |
|
( cd openssh-connect |
|
CC="%{l_cc}" \ |
|
CFLAGS="%{l_cflags -O}" \ |
|
CPPFLAGS="%{l_cppflags}" \ |
|
LDFLAGS="%{l_ldflags}" \ |
|
./configure \ |
|
--prefix=%{l_prefix} |
|
%{l_make} %{l_mflags} |
|
) || exit $? |
|
%endif |
|
|
|
%install |
|
# perform standard installation procedure of OpenSSH |
|
%{l_make} %{l_mflags} install DESTDIR=$RPM_BUILD_ROOT |
|
|
|
# strip down installation tree |
|
rm -rf $RPM_BUILD_ROOT%{l_prefix}/share |
|
rm -f $RPM_BUILD_ROOT%{l_prefix}/bin/slogin |
|
rm -f $RPM_BUILD_ROOT%{l_prefix}/man/man1/slogin.1 |
|
strip $RPM_BUILD_ROOT%{l_prefix}/bin/* 2>/dev/null || true |
|
strip $RPM_BUILD_ROOT%{l_prefix}/libexec/openssh/* 2>/dev/null || true |
|
|
|
# install contrib addon |
|
%{l_shtool} install -c -m 755 \ |
|
contrib/ssh-copy-id $RPM_BUILD_ROOT%{l_prefix}/bin/ |
|
%{l_shtool} install -c -m 644 \ |
|
contrib/ssh-copy-id.1 $RPM_BUILD_ROOT%{l_prefix}/man/man1/ |
|
|
|
%if "%{with_connect}" == "yes" |
|
# install proxy connect utility |
|
( cd openssh-connect |
|
strip connect 2>/dev/null || true |
|
%{l_shtool} install -c -m 755 connect \ |
|
$RPM_BUILD_ROOT%{l_prefix}/bin/ssh-connect |
|
) || exit $? |
|
%endif |
|
|
|
# install ssh-askpass wrapper |
|
%{l_shtool} mkdir -f -p -m 755 \ |
|
$RPM_BUILD_ROOT%{l_prefix}/libexec/openssh |
|
%{l_shtool} install -c -m 755 %{l_value -s -a} \ |
|
%{SOURCE ssh-askpass} \ |
|
$RPM_BUILD_ROOT%{l_prefix}/libexec/openssh/ |
|
|
|
# make sure the state directory exists |
|
%{l_shtool} mkdir -f -p -m 755 \ |
|
$RPM_BUILD_ROOT%{l_prefix}/var/openssh \ |
|
$RPM_BUILD_ROOT%{l_prefix}/var/openssh/empty \ |
|
$RPM_BUILD_ROOT%{l_prefix}/var/openssh/log \ |
|
$RPM_BUILD_ROOT%{l_prefix}/var/openssh/run |
|
|
|
# install addons |
|
%{l_shtool} mkdir -f -p -m 755 \ |
|
$RPM_BUILD_ROOT%{l_prefix}/bin \ |
|
$RPM_BUILD_ROOT%{l_prefix}/man/man1 |
|
%{l_shtool} install -c -m 755 %{l_value -s -a} \ |
|
%{SOURCE ssh-keyman} \ |
|
$RPM_BUILD_ROOT%{l_prefix}/bin/ |
|
%{l_shtool} install -c -m 644 %{l_value -s -a} \ |
|
%{SOURCE ssh-keyman.1} \ |
|
$RPM_BUILD_ROOT%{l_prefix}/man/man1/ |
|
|
|
# install run-command script |
|
%{l_shtool} mkdir -f -p -m 755 \ |
|
$RPM_BUILD_ROOT%{l_prefix}/etc/rc.d |
|
%{l_shtool} install -c -m 755 %{l_value -s -a} \ |
|
%{SOURCE rc.openssh} \ |
|
$RPM_BUILD_ROOT%{l_prefix}/etc/rc.d/ |
|
|
|
# install reasonable ssh server and client configuration files |
|
%{l_shtool} mkdir -f -p -m 755 \ |
|
$RPM_BUILD_ROOT%{l_prefix}/etc/openssh |
|
%{l_shtool} install -c -m 644 %{l_value -s -a} \ |
|
%{SOURCE sshd_config} \ |
|
$RPM_BUILD_ROOT%{l_prefix}/etc/openssh/ |
|
%{l_shtool} install -c -m 644 %{l_value -s -a} \ |
|
%{SOURCE ssh_config} \ |
|
$RPM_BUILD_ROOT%{l_prefix}/etc/openssh/ |
|
|
|
# install OSSP fsl configuration |
|
%{l_shtool} mkdir -f -p -m 755 \ |
|
$RPM_BUILD_ROOT%{l_prefix}/etc/fsl |
|
%{l_shtool} install -c -m 644 %{l_value -s -a} \ |
|
%{SOURCE fsl.openssh} \ |
|
$RPM_BUILD_ROOT%{l_prefix}/etc/fsl/ |
|
|
|
# determine installation files |
|
%{l_rpmtool} files -v -ofiles -r$RPM_BUILD_ROOT \ |
|
%{l_files_std} \ |
|
'%config %{l_prefix}/etc/fsl/fsl.openssh' \ |
|
'%config %{l_prefix}/etc/openssh/*' \ |
|
'%attr(4711,%{l_susr},%{l_mgrp}) %{l_prefix}/libexec/openssh/ssh-keysign' \ |
|
'%attr(-,%{l_rusr},%{l_rgrp}) %{l_prefix}/var/openssh/*' \ |
|
'%dir %attr(700,%{l_susr},%{l_mgrp}) %{l_prefix}/var/openssh/empty' |
|
|
|
%files -f files |
|
|
|
%clean |
|
|
|
%post |
|
# generate server RSA key |
|
if [ ! -f "$RPM_INSTALL_PREFIX/etc/openssh/ssh_host_rsa_key" -o \ |
|
! -s "$RPM_INSTALL_PREFIX/etc/openssh/ssh_host_rsa_key" ]; then |
|
rm -f $RPM_INSTALL_PREFIX/etc/openssh/ssh_host_rsa_key 2>/dev/null || true |
|
$RPM_INSTALL_PREFIX/bin/ssh-keygen -t rsa -b 2048 \ |
|
-f $RPM_INSTALL_PREFIX/etc/openssh/ssh_host_rsa_key \ |
|
-N '' -C `hostname` 1>&2 |
|
fi |
|
|
|
# generate server DSA key |
|
if [ ! -f "$RPM_INSTALL_PREFIX/etc/openssh/ssh_host_dsa_key" -o \ |
|
! -s "$RPM_INSTALL_PREFIX/etc/openssh/ssh_host_dsa_key" ]; then |
|
rm -f $RPM_INSTALL_PREFIX/etc/openssh/ssh_host_dsa_key 2>/dev/null || true |
|
$RPM_INSTALL_PREFIX/bin/ssh-keygen -t dsa -b 1024 \ |
|
-f $RPM_INSTALL_PREFIX/etc/openssh/ssh_host_dsa_key \ |
|
-N '' -C `hostname` 1>&2 |
|
fi |
|
|
|
# generate server ECDSA key |
|
if [ ! -f "$RPM_INSTALL_PREFIX/etc/openssh/ssh_host_ecdsa_key" -o \ |
|
! -s "$RPM_INSTALL_PREFIX/etc/openssh/ssh_host_ecdsa_key" ]; then |
|
rm -f $RPM_INSTALL_PREFIX/etc/openssh/ssh_host_ecdsa_key 2>/dev/null || true |
|
$RPM_INSTALL_PREFIX/bin/ssh-keygen -t ecdsa -b 521 \ |
|
-f $RPM_INSTALL_PREFIX/etc/openssh/ssh_host_ecdsa_key \ |
|
-N '' -C `hostname` 1>&2 |
|
fi |
|
|
|
# generate server ED25519 key |
|
if [ ! -f "$RPM_INSTALL_PREFIX/etc/openssh/ssh_host_ed25519_key" -o \ |
|
! -s "$RPM_INSTALL_PREFIX/etc/openssh/ssh_host_ed25519_key" ]; then |
|
rm -f $RPM_INSTALL_PREFIX/etc/openssh/ssh_host_ed25519_key 2>/dev/null || true |
|
$RPM_INSTALL_PREFIX/bin/ssh-keygen -t ed25519 \ |
|
-f $RPM_INSTALL_PREFIX/etc/openssh/ssh_host_ed25519_key \ |
|
-N '' -C `hostname` 1>&2 |
|
fi |
|
|
|
%if "%{with_pam}" == "yes" |
|
# add PAM configuration entry |
|
if [ $1 -eq 1 ]; then |
|
$RPM_INSTALL_PREFIX/sbin/pamtool --add --smart --name=openssh |
|
fi |
|
%endif |
|
|
|
# on install, warn about PATH issues |
|
if [ $1 -eq 1 ]; then |
|
( echo "Make sure sshd users have the proper PATH set to find" |
|
echo "utilities like scp, sftp-server, rsync, cvs, svn etc." |
|
%if "%{with_trysetpath}" == "yes" |
|
echo "This package tries to set the PATH for users and" |
|
echo "root properly. The success of this attempt is platform" |
|
echo "specific and out of OpenPKG scope. Please verify" |
|
echo "whether it works as expected." |
|
%endif |
|
) | %{l_rpmtool} msg -b -t warn |
|
fi |
|
|
|
# after upgrade, restart service |
|
[ $1 -eq 2 ] || exit 0 |
|
eval `%{l_rc} openssh status 2>/dev/null` |
|
[ ".$openssh_active" = .yes ] && %{l_rc} openssh restart |
|
exit 0 |
|
|
|
%preun |
|
# before erase, stop service and remove log files |
|
[ $1 -eq 0 ] || exit 0 |
|
%{l_rc} openssh stop 2>/dev/null |
|
rm -f $RPM_INSTALL_PREFIX/var/openssh/openssh.log* >/dev/null 2>&1 || true |
|
%if "%{with_pam}" == "yes" |
|
# remove PAM configuration entry |
|
$RPM_INSTALL_PREFIX/sbin/pamtool --remove --smart --name=openssh |
|
%endif |
|
exit 0 |
|
|
|
|