File gsi-openssh.spec of Package gsi-openssh

#
# spec file for package gsi-openssh
#
# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.

# Please submit bugfixes or comments via http://bugs.opensuse.org/
#


# Do we want GSI support (1=yes 0=no)
%global gsi 1

Name:           gsi-openssh
%global ossh_name	openssh
%define _fwdefdir %{_sysconfdir}/sysconfig/SuSEfirewall2.d/services
%define _appdefdir      %{_prefix}/share/X11/app-defaults
BuildRequires:  audit-devel
BuildRequires:  autoconf
BuildRequires:  groff
BuildRequires:  krb5-devel
BuildRequires:  libedit-devel
%if 0%{suse_version} > 1100
BuildRequires:  libselinux-devel
%endif
BuildRequires:  openssl-devel
BuildRequires:  pam-devel
BuildRequires:  tcpd-devel
Requires:       /bin/netstat
PreReq:         pwdutils %{insserv_prereq} %{fillup_prereq} coreutils
Conflicts:      nonfreessh
Version:        6.1p1
Release:        0
%define xversion 1.2.4.1
Summary:        Secure Shell Client and Server (Remote Login Program)
License:        BSD-3-Clause and MIT
Group:          Productivity/Networking/SSH
Url:            http://www.openssh.com/
Source:         ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz
Source1:        gsisshd.init
Source2:        gsisshd.pamd
Source4:        README.SuSE
Source5:        converter.tar.bz2
Source6:        README.kerberos
Source7:        gsissh.reg
#Source8:        ssh-askpass
Source9:        gsisshd.fw
Source10:       sysconfig.gsissh
Source11:       gsisshd-gen-keys-start
Source12:       gsisshd.service
Source99:       README.sshd-and-gsisshd
Patch:          %{ossh_name}-5.9p1-sshd_config.diff
Patch2:         %{ossh_name}-5.9p1-pam-fix2.diff
Patch3:         %{ossh_name}-5.9p1-saveargv-fix.diff
Patch4:         %{ossh_name}-5.9p1-pam-fix3.diff
Patch5:         %{ossh_name}-5.9p1-gssapimitm.patch
Patch6:         %{ossh_name}-5.9p1-eal3.diff
Patch7:         %{ossh_name}-5.9p1-engines.diff
Patch8:         %{ossh_name}-5.9p1-blocksigalrm.diff
Patch9:         %{ossh_name}-5.9p1-send_locale.diff
Patch10:        %{ossh_name}-5.9p1-xauthlocalhostname.diff
Patch12:        %{ossh_name}-5.9p1-xauth.diff
Patch14:        %{ossh_name}-5.9p1-default-protocol.diff
Patch15:        %{ossh_name}-5.9p1-audit.patch
Patch16:        %{ossh_name}-5.9p1-pts.diff
Patch17:        %{ossh_name}-5.9p1-homechroot.patch
Patch18:        %{ossh_name}-5.9p1-sshconfig-knownhostschanges.diff
Patch19:        %{ossh_name}-5.9p1-host_ident.diff
Patch20:        converter-linking.patch
Patch21:        openssh-nocrazyabicheck.patch
Patch22:        openssh-nodaemon-nopid.patch

# This is the patch that adds GSI support
# Based on http://grid.ncsa.illinois.edu/ssh/dl/patch/openssh-6.0p1.patch
Patch98:        openssh-6.1p1-gsissh-SuSE.patch

BuildRoot:      %{_tmppath}/%{name}-%{version}-build
%if 0%{?suse_version} > 1140
BuildRequires:  systemd
%{?systemd_requires}
%define has_systemd 1
%endif

%if %{gsi}
BuildRequires:  globus-common >= 14
BuildRequires:  globus-common-devel >= 14
BuildRequires:  globus-core-devel >= 8
BuildRequires:  globus-gss-assist-devel >= 8
BuildRequires:  libglobus_gssapi_gsi4 >= 10
BuildRequires:  libglobus_gssapi_gsi4-devel >= 10
%endif

%{!?_initddir:%global _initddir %{_initrddir}}

%description
SSH (Secure Shell) is a program for logging into and executing commands
on a remote machine. It is intended to replace rsh (rlogin and rsh) and
provides openssl (secure encrypted communication) between two untrusted
hosts over an insecure network.

xorg-x11 (X Window System) connections and arbitrary TCP/IP ports can
also be forwarded over the secure channel.

%prep
%setup -q -a 5 -n openssh-%{version}
%patch 
%patch2
%patch3
%patch4
%patch5
%patch6 -p1
%patch7 -p1
%patch8
%patch9
%patch10
%patch12
%patch14
%patch15 -p1
%patch16
%patch17
%patch18
%patch19 -p1
%patch20
%patch21
%patch22
%patch98 -p1

cp -v %{SOURCE4} .
cp -v %{SOURCE6} .

sed 's/sshd.pid/gsisshd.pid/' -i pathnames.h
sed 's!$(piddir)/sshd.pid!$(piddir)/gsisshd.pid!' -i Makefile.in

%build
autoreconf -fiv
%ifarch s390 s390x %sparc
PIEFLAGS="-fPIE"
%else
PIEFLAGS="-fpie"
%endif
 %if 0%{?suse_version} >= 1140
# TODO: review this extra D flag for OpenSuSE versions!
export CFLAGS="%{optflags} $PIEFLAGS -DGSSAPI_EXT_H_ -fstack-protector"
%else
export CFLAGS="%{optflags} $PIEFLAGS -fstack-protector"
%endif

export CXXFLAGS="%{optflags} $PIEFLAGS -fstack-protector"
export LDFLAGS="-pie"

#%if %{kerberos5}
#krb5_prefix=`krb5-config --prefix`
#if test "$krb5_prefix" != "%{_prefix}" ; then
#	CPPFLAGS="$CPPFLAGS -I${krb5_prefix}/include -I${krb5_prefix}/include/gssapi"; export CPPFLAGS
#	CFLAGS="$CFLAGS -I${krb5_prefix}/include -I${krb5_prefix}/include/gssapi"
#	LDFLAGS="$LDFLAGS -L${krb5_prefix}/%{_lib}"; export LDFLAGS
#else
#	krb5_prefix=
	#CPPFLAGS="-I%{_includedir}/gssapi"; export CPPFLAGS
	#CFLAGS="$CFLAGS -I%{_includedir}/gssapi"
#fi
#%endif

%configure \
    --with-ssl-engine \
%if 0%{suse_version} >= 1140
    --with-libedit \
%endif
    --sysconfdir=%{_sysconfdir}/gsissh \
    --libexecdir=%{_libexecdir}/gsissh \
    --with-tcp-wrappers \
%if 0%{suse_version} > 1100
    --with-selinux \
%endif
    --with-pam \
    --with-kerberos5=/usr \
    --with-privsep-path=/var/lib/empty \
    --with-sandbox=rlimit \
    --disable-strip \
    --with-linux-audit \
    --with-xauth=%{_prefix}/bin/xauth \
    --target=%{_target_cpu}-suse-linux \
%if %{gsi}
	--with-gsi
%else
	--without-gsi
%endif
#   --with-afs=/usr \

make SSH_PROGRAM=%{_bindir}/gsissh \
     ASKPASS_PROGRAM=%{_libexecdir}/openssh/ssh-askpass %{?_smp_mflags}
(cd converter; make %{?_smp_mflags})

%install
make DESTDIR=%{buildroot}/ install
install -d -m 755 %{buildroot}%{_sysconfdir}/pam.d
install -d -m 755 %{buildroot}/var/lib/gsisshd
install -m 644 %{S:2} %{buildroot}%{_sysconfdir}/pam.d/gsisshd
install -d -m 755 %{buildroot}%{_sysconfdir}/slp.reg.d/
install -m 644 %{S:7} %{buildroot}%{_sysconfdir}/slp.reg.d/
install -d -m 755 %{buildroot}%{_initddir}
install -m 755 %{S:1} %{buildroot}%{_initddir}/gsisshd
ln -vs ../..%{_initddir}/gsisshd %{buildroot}%{_sbindir}/rcgsisshd
install -d -m 755 %{buildroot}/var/adm/fillup-templates
install -m 644 %{S:10} %{buildroot}/var/adm/fillup-templates
# install shell script to automate the process of adding your public key to a remote machine
install -m 755 contrib/ssh-copy-id %{buildroot}%{_bindir}
install -m 644 contrib/ssh-copy-id.1 %{buildroot}%{_mandir}/man1
#sed -e "s,@LIBEXEC@,%{_libexecdir},g" < %{S:8} > %{buildroot}%{_libexecdir}/gsissh/gsissh-askpass
( cd converter; make install DESTDIR=%{buildroot} )
rm -f %{buildroot}%{_datadir}/Ssh.bin
sed -i -e s@/usr/libexec@%{_libexecdir}@g %{buildroot}%{_sysconfdir}/gsissh/sshd_config
#install firewall definitions format is described here:
#%{_datadir}/SuSEfirewall2/services/TEMPLATE
mkdir -p %{buildroot}%{_fwdefdir}
install -m 644 %{S:9} %{buildroot}%{_fwdefdir}/gsisshd
%if 0%{?has_systemd}
install -D -m 0755 %{SOURCE11} %{buildroot}%{_sbindir}/gsisshd-gen-keys-start
install -D -m 0644 %{SOURCE12} %{buildroot}%{_unitdir}/gsisshd.service
%endif

#rm $RPM_BUILD_ROOT%{_bindir}/ssh-add
#rm $RPM_BUILD_ROOT%{_bindir}/ssh-agent
#rm $RPM_BUILD_ROOT%{_bindir}/ssh-keyscan
#rm $RPM_BUILD_ROOT%{_mandir}/man1/ssh-add.1*
#rm $RPM_BUILD_ROOT%{_mandir}/man1/ssh-agent.1*
#rm $RPM_BUILD_ROOT%{_mandir}/man1/ssh-keyscan.1*

for f in $RPM_BUILD_ROOT%{_bindir}/s* \
	 $RPM_BUILD_ROOT%{_sbindir}/s* \
	 $RPM_BUILD_ROOT%{_mandir}/man*/s* ; do
    mv $f `dirname $f`/gsi`basename $f`
done

for f in $RPM_BUILD_ROOT%{_mandir}/man*/m* ; do
    mv $f `dirname $f`/gsi`basename $f`
done

ln -sf gsissh $RPM_BUILD_ROOT%{_bindir}/gsislogin
ln -sf gsissh.1 $RPM_BUILD_ROOT%{_mandir}/man1/gsislogin.1

%pre
#getent group sshd >/dev/null || %{_sbindir}/groupadd -o -r sshd
getent group sshd >/dev/null || %{_sbindir}/groupadd -r sshd
getent passwd sshd >/dev/null || %{_sbindir}/useradd -r -g sshd -d /var/lib/sshd -s /bin/false -c "SSH daemon" sshd
%if 0%{?has_systemd}
%service_add_pre gsisshd.service
%endif

%post
%{fillup_and_insserv -n gsissh gsisshd}
%if 0%{?has_systemd}
%service_add_post gsisshd.service
%endif

%preun
%stop_on_removal gsisshd
%if 0%{?has_systemd}
%service_del_preun gsisshd.service
%endif

%postun
%restart_on_update gsisshd
%{insserv_cleanup}
%if 0%{?has_systemd}
%service_del_postun gsisshd.service
%endif

%files
%defattr(-,root,root)
%dir %attr(755,root,root) /var/lib/gsisshd
%doc README.SuSE README.kerberos ChangeLog OVERVIEW README TODO LICENCE CREDITS
%attr(0755,root,root) %dir %{_sysconfdir}/gsissh
%attr(0600,root,root) %config(noreplace) %{_sysconfdir}/gsissh/moduli
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/gsissh/ssh_config
%attr(0640,root,root) %config(noreplace) %{_sysconfdir}/gsissh/sshd_config
%attr(0644,root,root) %config %{_sysconfdir}/pam.d/gsisshd
%attr(0755,root,root) %config %{_initddir}/gsisshd
%attr(0755,root,root) %{_bindir}/gsissh
%{_bindir}/gsiscp
%{_bindir}/gsisftp
%{_bindir}/gsislogin
%{_bindir}/gsissh-*
%{_sbindir}/*
%attr(444,root,root) %doc %{_mandir}/man1/gsiscp.1.gz
%attr(444,root,root) %doc %{_mandir}/man1/gsissh-keygen.1.gz
%attr(444,root,root) %doc %{_mandir}/man1/gsissh-keyconverter.1.gz
%attr(444,root,root) %doc %{_mandir}/man1/gsissh.1.gz
%attr(444,root,root) %doc %{_mandir}/man1/gsislogin.1.gz
%attr(444,root,root) %doc %{_mandir}/man1/gsissh-agent.1*
%attr(444,root,root) %doc %{_mandir}/man1/gsissh-add.1*
%attr(444,root,root) %doc %{_mandir}/man1/gsissh-keyscan.1*
%attr(444,root,root) %doc %{_mandir}/man1/gsisftp.1*
%attr(444,root,root) %doc %{_mandir}/man1/gsissh-copy-id.1*
%attr(444,root,root) %doc %{_mandir}/man5/*
%attr(444,root,root) %doc %{_mandir}/man8/*
%attr(0755,root,root) %dir %{_libexecdir}/gsissh
%attr(0755,root,root) %{_libexecdir}/gsissh/sftp-server
%attr(0755,root,root) %{_libexecdir}/gsissh/ssh-keysign
%attr(0755,root,root) %{_libexecdir}/gsissh/ssh-pkcs11-helper
#%attr(0755,root,root) %{_libexecdir}/ssh/ssh-askpass
%dir %{_sysconfdir}/slp.reg.d
%config %{_sysconfdir}/slp.reg.d/gsissh.reg
/var/adm/fillup-templates/sysconfig.gsissh
%config %{_fwdefdir}/gsisshd
%if 0%{?has_systemd}
%{_sbindir}/gsisshd-gen-keys-start
%{_unitdir}/gsisshd.service
%endif

%changelog