summaryrefslogtreecommitdiff
path: root/contrib/redhat
diff options
context:
space:
mode:
Diffstat (limited to 'contrib/redhat')
-rw-r--r--contrib/redhat/openssh.spec69
-rwxr-xr-xcontrib/redhat/sshd.init1
-rwxr-xr-xcontrib/redhat/sshd.init.old17
3 files changed, 52 insertions, 35 deletions
diff --git a/contrib/redhat/openssh.spec b/contrib/redhat/openssh.spec
index a96a36e49..a0d5e2071 100644
--- a/contrib/redhat/openssh.spec
+++ b/contrib/redhat/openssh.spec
@@ -1,5 +1,5 @@
1%define ver 7.6p1 1%define ver 7.7p1
2%define rel 1 2%define rel 1%{?dist}
3 3
4# OpenSSH privilege separation requires a user & group ID 4# OpenSSH privilege separation requires a user & group ID
5%define sshd_uid 74 5%define sshd_uid 74
@@ -23,8 +23,19 @@
23# Use GTK2 instead of GNOME in gnome-ssh-askpass 23# Use GTK2 instead of GNOME in gnome-ssh-askpass
24%define gtk2 1 24%define gtk2 1
25 25
26# Is this build for RHL 6.x? 26# Use build6x options for older RHEL builds
27# RHEL 7 not yet supported
28%if 0%{?rhel} > 6
27%define build6x 0 29%define build6x 0
30%else
31%define build6x 1
32%endif
33
34%if 0%{?fedora} >= 26
35%define compat_openssl 1
36%else
37%define compat_openssl 0
38%endif
28 39
29# Do we want kerberos5 support (1=yes 0=no) 40# Do we want kerberos5 support (1=yes 0=no)
30%define kerberos5 1 41%define kerberos5 1
@@ -64,7 +75,7 @@
64%define kerberos5 0 75%define kerberos5 0
65%endif 76%endif
66 77
67Summary: The OpenSSH implementation of SSH protocol versions 1 and 2. 78Summary: The OpenSSH implementation of SSH protocol version 2.
68Name: openssh 79Name: openssh
69Version: %{ver} 80Version: %{ver}
70%if %{rescue} 81%if %{rescue}
@@ -74,9 +85,7 @@ Release: %{rel}
74%endif 85%endif
75URL: https://www.openssh.com/portable.html 86URL: https://www.openssh.com/portable.html
76Source0: https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz 87Source0: https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz
77%if ! %{no_x11_askpass}
78Source1: http://www.jmknoble.net/software/x11-ssh-askpass/x11-ssh-askpass-%{aversion}.tar.gz 88Source1: http://www.jmknoble.net/software/x11-ssh-askpass/x11-ssh-askpass-%{aversion}.tar.gz
79%endif
80License: BSD 89License: BSD
81Group: Applications/Internet 90Group: Applications/Internet
82BuildRoot: %{_tmppath}/%{name}-%{version}-buildroot 91BuildRoot: %{_tmppath}/%{name}-%{version}-buildroot
@@ -86,7 +95,13 @@ PreReq: initscripts >= 5.00
86%else 95%else
87Requires: initscripts >= 5.20 96Requires: initscripts >= 5.20
88%endif 97%endif
89BuildRequires: perl, openssl-devel 98BuildRequires: perl
99%if %{compat_openssl}
100BuildRequires: compat-openssl10-devel
101%else
102BuildRequires: openssl-devel >= 1.0.1
103BuildRequires: openssl-devel < 1.1
104%endif
90BuildRequires: /bin/login 105BuildRequires: /bin/login
91%if ! %{build6x} 106%if ! %{build6x}
92BuildRequires: glibc-devel, pam 107BuildRequires: glibc-devel, pam
@@ -95,6 +110,12 @@ BuildRequires: /usr/include/security/pam_appl.h
95%endif 110%endif
96%if ! %{no_x11_askpass} 111%if ! %{no_x11_askpass}
97BuildRequires: /usr/include/X11/Xlib.h 112BuildRequires: /usr/include/X11/Xlib.h
113# Xt development tools
114BuildRequires: libXt-devel
115# Provides xmkmf
116BuildRequires: imake
117# Rely on relatively recent gtk
118BuildRequires: gtk2-devel
98%endif 119%endif
99%if ! %{no_gnome_askpass} 120%if ! %{no_gnome_askpass}
100BuildRequires: pkgconfig 121BuildRequires: pkgconfig
@@ -183,11 +204,6 @@ environment.
183CFLAGS="$RPM_OPT_FLAGS -Os"; export CFLAGS 204CFLAGS="$RPM_OPT_FLAGS -Os"; export CFLAGS
184%endif 205%endif
185 206
186%if %{kerberos5}
187K5DIR=`rpm -ql krb5-devel | grep 'include/krb5\.h' | sed 's,\/include\/krb5.h,,'`
188echo K5DIR=$K5DIR
189%endif
190
191%configure \ 207%configure \
192 --sysconfdir=%{_sysconfdir}/ssh \ 208 --sysconfdir=%{_sysconfdir}/ssh \
193 --libexecdir=%{_libexecdir}/openssh \ 209 --libexecdir=%{_libexecdir}/openssh \
@@ -196,6 +212,9 @@ echo K5DIR=$K5DIR
196 --with-superuser-path=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin \ 212 --with-superuser-path=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin \
197 --with-privsep-path=%{_var}/empty/sshd \ 213 --with-privsep-path=%{_var}/empty/sshd \
198 --with-md5-passwords \ 214 --with-md5-passwords \
215 --mandir=%{_mandir} \
216 --with-mantype=man \
217 --disable-strip \
199%if %{scard} 218%if %{scard}
200 --with-smartcard \ 219 --with-smartcard \
201%endif 220%endif
@@ -262,12 +281,12 @@ install -m644 contrib/redhat/sshd.pam $RPM_BUILD_ROOT/etc/pam.d/sshd
262install -m755 contrib/redhat/sshd.init $RPM_BUILD_ROOT/etc/rc.d/init.d/sshd 281install -m755 contrib/redhat/sshd.init $RPM_BUILD_ROOT/etc/rc.d/init.d/sshd
263 282
264%if ! %{no_x11_askpass} 283%if ! %{no_x11_askpass}
265install -s x11-ssh-askpass-%{aversion}/x11-ssh-askpass $RPM_BUILD_ROOT%{_libexecdir}/openssh/x11-ssh-askpass 284install x11-ssh-askpass-%{aversion}/x11-ssh-askpass $RPM_BUILD_ROOT%{_libexecdir}/openssh/x11-ssh-askpass
266ln -s x11-ssh-askpass $RPM_BUILD_ROOT%{_libexecdir}/openssh/ssh-askpass 285ln -s x11-ssh-askpass $RPM_BUILD_ROOT%{_libexecdir}/openssh/ssh-askpass
267%endif 286%endif
268 287
269%if ! %{no_gnome_askpass} 288%if ! %{no_gnome_askpass}
270install -s contrib/gnome-ssh-askpass $RPM_BUILD_ROOT%{_libexecdir}/openssh/gnome-ssh-askpass 289install contrib/gnome-ssh-askpass $RPM_BUILD_ROOT%{_libexecdir}/openssh/gnome-ssh-askpass
271%endif 290%endif
272 291
273%if ! %{scard} 292%if ! %{scard}
@@ -391,7 +410,7 @@ fi
391%doc x11-ssh-askpass-%{aversion}/README 410%doc x11-ssh-askpass-%{aversion}/README
392%doc x11-ssh-askpass-%{aversion}/ChangeLog 411%doc x11-ssh-askpass-%{aversion}/ChangeLog
393%doc x11-ssh-askpass-%{aversion}/SshAskpass*.ad 412%doc x11-ssh-askpass-%{aversion}/SshAskpass*.ad
394%attr(0755,root,root) %{_libexecdir}/openssh/ssh-askpass 413%{_libexecdir}/openssh/ssh-askpass
395%attr(0755,root,root) %{_libexecdir}/openssh/x11-ssh-askpass 414%attr(0755,root,root) %{_libexecdir}/openssh/x11-ssh-askpass
396%endif 415%endif
397 416
@@ -403,6 +422,22 @@ fi
403%endif 422%endif
404 423
405%changelog 424%changelog
425* Sat Feb 10 2018 Darren Tucker <dtucker@dtucker.net>
426- Update openssl-devel dependency to match current requirements.
427- Handle Fedora >=6 openssl 1.0 compat libs.
428- Remove SSH1 from description.
429- Don't strip binaries at build time so that debuginfo package can be
430 created.
431
432* Sun Nov 16 2014 Nico Kadel-Garcia <nakdel@gmail.com>
433- Add '--mandir' and '--with-mantype' for RHEL 5 compatibility
434- Add 'dist' option to 'ver' so package names reflect OS at build time
435- Always include x11-ssh-askpass tarball in SRPM
436- Add openssh-x11-aspass BuildRequires for libXT-devel, imake, gtk2-devel
437- Discard 'K5DIR' reporting, not usable inside 'mock' for RHEL 5 compatibility
438- Discard obsolete '--with-rsh' configure option
439- Update openssl-devel dependency to 0.9.8f, as found in autoconf
440
406* Wed Jul 14 2010 Tim Rice <tim@multitalents.net> 441* Wed Jul 14 2010 Tim Rice <tim@multitalents.net>
407- test for skip_x11_askpass (line 77) should have been for no_x11_askpass 442- test for skip_x11_askpass (line 77) should have been for no_x11_askpass
408 443
@@ -414,7 +449,7 @@ fi
414- Don't install profile.d scripts when not building with GNOME/GTK askpass 449- Don't install profile.d scripts when not building with GNOME/GTK askpass
415 (patch from bet@rahul.net) 450 (patch from bet@rahul.net)
416 451
417* Wed Oct 01 2002 Damien Miller <djm@mindrot.org> 452* Tue Oct 01 2002 Damien Miller <djm@mindrot.org>
418- Install ssh-agent setgid nobody to prevent ptrace() key theft attacks 453- Install ssh-agent setgid nobody to prevent ptrace() key theft attacks
419 454
420* Mon Sep 30 2002 Damien Miller <djm@mindrot.org> 455* Mon Sep 30 2002 Damien Miller <djm@mindrot.org>
@@ -460,7 +495,7 @@ fi
460- remove dependency on db1-devel, which has just been swallowed up whole 495- remove dependency on db1-devel, which has just been swallowed up whole
461 by gnome-libs-devel 496 by gnome-libs-devel
462 497
463* Sun Dec 29 2001 Nalin Dahyabhai <nalin@redhat.com> 498* Sat Dec 29 2001 Nalin Dahyabhai <nalin@redhat.com>
464- adjust build dependencies so that build6x actually works right (fix 499- adjust build dependencies so that build6x actually works right (fix
465 from Hugo van der Kooij) 500 from Hugo van der Kooij)
466 501
diff --git a/contrib/redhat/sshd.init b/contrib/redhat/sshd.init
index 40c8dfd9f..8ee5fcd3b 100755
--- a/contrib/redhat/sshd.init
+++ b/contrib/redhat/sshd.init
@@ -40,7 +40,6 @@ start()
40 # Create keys if necessary 40 # Create keys if necessary
41 /usr/bin/ssh-keygen -A 41 /usr/bin/ssh-keygen -A
42 if [ -x /sbin/restorecon ]; then 42 if [ -x /sbin/restorecon ]; then
43 /sbin/restorecon /etc/ssh/ssh_host_key.pub
44 /sbin/restorecon /etc/ssh/ssh_host_rsa_key.pub 43 /sbin/restorecon /etc/ssh/ssh_host_rsa_key.pub
45 /sbin/restorecon /etc/ssh/ssh_host_dsa_key.pub 44 /sbin/restorecon /etc/ssh/ssh_host_dsa_key.pub
46 /sbin/restorecon /etc/ssh/ssh_host_ecdsa_key.pub 45 /sbin/restorecon /etc/ssh/ssh_host_ecdsa_key.pub
diff --git a/contrib/redhat/sshd.init.old b/contrib/redhat/sshd.init.old
index 0deb6080e..8a30f7da4 100755
--- a/contrib/redhat/sshd.init.old
+++ b/contrib/redhat/sshd.init.old
@@ -24,7 +24,6 @@ prog="sshd"
24# Some functions to make the below more readable 24# Some functions to make the below more readable
25KEYGEN=/usr/bin/ssh-keygen 25KEYGEN=/usr/bin/ssh-keygen
26SSHD=/usr/sbin/sshd 26SSHD=/usr/sbin/sshd
27RSA1_KEY=/etc/ssh/ssh_host_key
28RSA_KEY=/etc/ssh/ssh_host_rsa_key 27RSA_KEY=/etc/ssh/ssh_host_rsa_key
29DSA_KEY=/etc/ssh/ssh_host_dsa_key 28DSA_KEY=/etc/ssh/ssh_host_dsa_key
30PID_FILE=/var/run/sshd.pid 29PID_FILE=/var/run/sshd.pid
@@ -61,21 +60,6 @@ my_failure() {
61 ;; 60 ;;
62 esac 61 esac
63} 62}
64do_rsa1_keygen() {
65 if [ ! -s $RSA1_KEY ]; then
66 echo -n "Generating SSH1 RSA host key: "
67 if $KEYGEN -q -t rsa1 -f $RSA1_KEY -C '' -N '' >&/dev/null; then
68 chmod 600 $RSA1_KEY
69 chmod 644 $RSA1_KEY.pub
70 my_success "RSA1 key generation"
71 echo
72 else
73 my_failure "RSA1 key generation"
74 echo
75 exit 1
76 fi
77 fi
78}
79do_rsa_keygen() { 63do_rsa_keygen() {
80 if [ ! -s $RSA_KEY ]; then 64 if [ ! -s $RSA_KEY ]; then
81 echo -n "Generating SSH2 RSA host key: " 65 echo -n "Generating SSH2 RSA host key: "
@@ -119,7 +103,6 @@ do_restart_sanity_check() {
119case "$1" in 103case "$1" in
120 start) 104 start)
121 # Create keys if necessary 105 # Create keys if necessary
122 do_rsa1_keygen;
123 do_rsa_keygen; 106 do_rsa_keygen;
124 do_dsa_keygen; 107 do_dsa_keygen;
125 108