Репозиторий Sisyphus
Последнее обновление: 1 октября 2023 | Пакетов: 18631 | Посещений: 37918820
en ru br
Репозитории ALT

Группа :: Сети/Удалённый доступ
Пакет: openquantumsafe-openssh

 Главная   Изменения   Спек   Патчи   Sources   Загрузить   Gear   Bugs and FR  Repocop 

# SPDX-License-Identifier: GPL-2.0-only
# Based on openssh.spec from openssh and openssh-gostcrypto by glebfm.
%define _unpackaged_files_terminate_build 1
%define _stripped_files_terminate_build 1
%set_verify_elf_method strict

Name: openquantumsafe-openssh
Version: 8.9p1.202306
Release: alt1

Summary: OQS-OpenSSH is a fork of OpenSSH that adds quantum-safe algorithms
License: SSH-OpenSSH and ALT-Public-Domain and BSD-3-Clause and Beerware
Group: Networking/Remote access
Url: https://openquantumsafe.org/applications/ssh.html
Vcs: https://github.com/open-quantum-safe/openssh
Source: %name-%version.tar

%define confdir %_sysconfdir/openssh
%define _chrootdir /var/empty
%define docdir %_docdir/%name-%version
%def_with pam_userpass
%def_with libedit
%def_with libaudit
%def_with kerberos5
%def_with selinux
%def_with openssl
%def_without security_key_builtin
%def_with zlib

%{expand: %%global _libexecdir %_libexecdir/openssh}
%define _pamdir /etc/pam.d

Conflicts: openssh
Requires: %name-clients = %EVR
Requires: %name-server  = %EVR

BuildRequires: liboqs-devel >= 0.7.2
BuildRequires: libssl-devel
BuildRequires: pam_userpass-devel
%{?_with_zlib:BuildRequires: zlib-devel}
%{?_with_libedit:BuildRequires: libedit-devel}
%{?_with_libaudit:BuildRequires: libaudit-devel}
%{?_with_kerberos5:BuildRequires: libkrb5-devel}
%{?_with_selinux:BuildRequires: libselinux-devel}
# To generate algorithms
BuildRequires: python3-module-jinja2
BuildRequires: python3-module-yaml

%package common
Summary: OQS-OpenSSH common files
Group: Networking/Remote access
Provides: openssh-common = %EVR
Conflicts: openssh-common
Conflicts: %name < %EVR

%package clients
Summary: OQS-OpenSSH Secure Shell protocol clients
Group: Networking/Remote access
Provides: openssh-clients = %EVR
Conflicts: openssh-clients
Requires: %name-common = %EVR

%package keysign
Summary: OQS-OpenSSH helper program for hostbased authentication
Group: Networking/Remote access
Provides: openssh-keysign = %EVR
Conflicts: openssh-keysign
Requires: %name-clients = %EVR

%package server
Summary: OQS-OpenSSH Secure Shell protocol daemon
Group: System/Servers
Provides: openssh-server = %EVR
Conflicts: openssh-server
Requires(pre,post): %name-server-control = %EVR
Requires: %_chrootdir, syslogd-daemon
# Because of /etc/syslog.d/ feature.
Conflicts: syslogd < 1.4.1-alt11

%package server-control
Summary: Control rules for the OQS-OpenSSH server configuration
License: GPLv2+
Group: System/Servers
BuildArch: noarch
Provides: openssh-server-control = %EVR
Conflicts: openssh-server-control
Requires: %name-common = %EVR

%package askpass-common
Summary: OQS-OpenSSH common passphrase dialog infrastructure
Group: Networking/Remote access
BuildArch: noarch
Provides: openssh-askpass-common = %EVR
Conflicts: openssh-askpass-common
Requires: %name-common = %EVR
Provides: %_libexecdir

%global preamble OQS-OpenSSH is a fork of OpenSSH that adds quantum-safe cryptography to\
enable its use and evaluation in the SSH protocol.\
Both liboqs and this fork are part of the Open Quantum Safe (OQS) project,\
which aims to develop and prototype quantum-safe cryptography.\
IT IS AT AN EXPERIMENTAL STAGE, and has not received the same level of\
auditing and analysis that OpenSSH has received. See README for details.\


%description common

This package includes common files necessary for both the OpenSSH
client and server.

%description clients

This package includes the clients necessary to make encrypted connections
to SSH servers.

%description keysign
ssh-keysign is used by ssh(1) to access the local host keys and generate
the digital signature required during hostbased authentication with SSH
protocol version 2.  ssh-keysign is not intended to be invoked by the
user, but from ssh(1).  See ssh(1) and sshd(8) for more information about
hostbased authentication.

%description server

This package contains the secure shell daemon.  The sshd is the server
part of the secure shell protocol and allows ssh clients to connect to
your host.

%description server-control
This package contains control rules for OpenSSH server configuration.
See control(8) for details.

%description askpass-common

This package contains OpenSSH passphrase dialog infrastructure.
These dialogs are intended to be called from the ssh-add program and
not invoked directly.

# https://github.com/open-quantum-safe/openssh/wiki/Using-liboqs-supported-algorithms-in-the-fork
python3 oqs-template/generate.py


export ac_cv_path_LOGIN_PROGRAM_FALLBACK=/bin/login
export ac_cv_path_NROFF=/usr/bin/nroff
export ac_cv_path_PATH_PASSWD_PROG=/usr/bin/passwd
export ac_cv_path_PROG_LASTLOG=/usr/bin/lastlog
export ac_cv_path_xauth_path=/usr/bin/xauth

%configure \
--sysconfdir=%confdir \
--without-rpath \
--disable-strip \
--with-mantype=doc \
--with-pam \
--with-ipaddr-display \
--with-privsep-user=sshd \
--with-privsep-path=%_chrootdir \
--with-default-path=/bin:/usr/bin:/usr/local/bin \
--with-superuser-path=/sbin:/usr/sbin:/usr/local/sbin:/bin:/usr/bin:/usr/local/bin \
%{subst_with kerberos5} \
%{subst_with libedit} \
%{subst_with openssl} \
%{subst_with selinux} \
%{?_with_libaudit:--with-audit=linux} \
%{?_with_security_key_builtin:--with-security-key-builtin} \
--with-liboqs-dir=%_prefix \


mkdir -p %buildroot{%_libexecdir,%_sysconfdir{,/X11}/profile.d,%systemd_unitdir}
mkdir -p %buildroot%confdir/authorized_keys{,2}
install -pD -m600 alt/sshd.pamd \
install -pD -m755 alt/sshd.init \
install -pD -m600 alt/sshd.sysconfig \
install -p -m755 alt/rescp \
install -p -m755 alt/ssh-agent.sh \
install -pD -m755 alt/sftp.control \
install -pD -m755 alt/sshd-allow-groups.control \
install -pD -m755 alt/sshd-password-auth.control \

install -pD -m644 alt/sshd.service \

sed -i 's, at LIBEXECDIR at ,%_libexecdir,g' \

install -p -m755 contrib/ssh-copy-id %buildroot%_bindir/
install -p -m644 contrib/ssh-copy-id.1 %buildroot%_man1dir/

chmod 711 %buildroot%_sbindir/*

install -p -m755 alt/ssh-askpass.{sh,csh} \

mkdir -p %buildroot%docdir
install -pm644 CREDITS LICENCE README* PROTOCOL* alt/[CR]* alt/faq.html \

./ssh -V
# Query all available algorithms
for q in `./ssh -Q help`; do
./ssh -Q $q | sed "s/^/ $q : /" >&2
done | sort -V

%pre clients
/usr/sbin/groupadd -r -f sshagent

%pre server
/usr/sbin/groupadd -r -f sshd
/usr/sbin/useradd -r -g sshd -d %_chrootdir -s /dev/null -n sshd >/dev/null 2>&1 ||:
%pre_control sftp sshd-allow-groups sshd-password-auth

%post server
%post_control -s enabled sftp
%post_control -s disabled sshd-allow-groups
%post_control -s default sshd-password-auth
if [ $1 -ge 2 ]; then
/sbin/service sshd condreload ||:
/sbin/chkconfig --add sshd ||:

%preun server
if [ $1 = 0 ]; then
/sbin/chkconfig --del sshd ||:


%files common

%files clients
%attr(751,root,root) %dir %confdir
%config(noreplace) %confdir/ssh_config
%config(noreplace) %_sysconfdir/X11/profile.d/*
%attr(2711,root,sshagent) %_bindir/ssh-agent
%attr(751,root,root) %dir %_libexecdir

%files keysign
%attr(751,root,root) %dir %_libexecdir

%files server
%attr(751,root,root) %dir %confdir
%attr(600,root,root) %config %confdir/moduli
%attr(600,root,root) %config(noreplace) %verify(not size md5 mtime) %confdir/sshd_config
%attr(600,root,root) %config(noreplace) %_pamdir/sshd
%attr(600,root,root) %config(noreplace) %_sysconfdir/sysconfig/sshd
%attr(755,root,root) %config %_initdir/sshd
%attr(751,root,root) %dir %confdir/authorized_keys*
%attr(751,root,root) %dir %_libexecdir

%files server-control
%attr(755,root,root) %_controldir/*

%files askpass-common
%attr(751,root,root) %dir %_libexecdir


Полный changelog можно просмотреть здесь

дизайн и разработка: Vladimir Lettiev aka crux © 2004-2005, Andrew Avramenko aka liks © 2007-2008
текущий майнтейнер: Michael Shigorin