# Version of ssh-askpass
%define aversion 1.0.1

Summary: OpenSSH free Secure Shell (SSH) implementation
Name: openssh
Version: 2.2.0p1
Release: 7mdk
URL: http://www.openssh.com/
Source:  ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.bz2
Source1: http://www.ntrnet.net/~jmknoble/software/x11-ssh-askpass/x11-ssh-askpass-%{aversion}.tar.bz2
# ssh-copy-id taken from debian, with "usage" added
Source2: ssh-copy-id.bz2 
Patch0: openssh-2.2.0p1-reload.patch.bz2
Patch1: openssh-2.2.0p1-mandrake.patch.bz2
Copyright: BSD
Group: Networking/Remote access
BuildRoot: %{_tmppath}/openssh-%{version}-buildroot
Obsoletes: ssh
PreReq: openssl >= 0.9.5a
BuildRequires: perl openssl-devel tcp_wrappers-devel

%package clients
Summary: OpenSSH Secure Shell protocol clients
Requires: openssh openssh-askpass
Group: Networking/Remote access
Obsoletes: ssh-clients

%package server
Summary: OpenSSH Secure Shell protocol server (sshd)
PreReq: openssh chkconfig >= 0.9
Group: System/Servers
Obsoletes: ssh-server
PreReq: openssh chkconfig >= 0.9

%package askpass
Summary: OpenSSH X11 passphrase dialog
Group: Networking/Remote access
Requires: openssh
Obsoletes: ssh-extras
Obsoletes: ssh-askpass
PreReq: /usr/sbin/update-alternatives

%package askpass-gnome
Summary: OpenSSH GNOME passphrase dialog
Group: Networking/Remote access
Requires: openssh
Obsoletes: ssh-extras
PreReq: /usr/sbin/update-alternatives
Provides: openssh-askpass

%description
Ssh (Secure Shell) a program for logging into a remote machine and for
executing commands in a remote machine.  It is intended to replace
rlogin and rsh, and provide secure encrypted communications between
two untrusted hosts over an insecure network.  X11 connections and
arbitrary TCP/IP ports can also be forwarded over the secure channel.

OpenSSH is OpenBSD's rework of the last free version of SSH, bringing it
up to date in terms of security and features, as well as removing all 
patented algorithms to separate libraries (OpenSSL).

This package includes the core files necessary for both the OpenSSH
client and server.  To make this package useful, you should also
install openssh-clients, openssh-server, or both.

%description clients
Ssh (Secure Shell) a program for logging into a remote machine and for
executing commands in a remote machine.  It is intended to replace
rlogin and rsh, and provide secure encrypted communications between
two untrusted hosts over an insecure network.  X11 connections and
arbitrary TCP/IP ports can also be forwarded over the secure channel.

OpenSSH is OpenBSD's rework of the last free version of SSH, bringing it
up to date in terms of security and features, as well as removing all 
patented algorithms to separate libraries (OpenSSL).

This package includes the clients necessary to make encrypted connections
to SSH servers.

%description server
Ssh (Secure Shell) a program for logging into a remote machine and for
executing commands in a remote machine.  It is intended to replace
rlogin and rsh, and provide secure encrypted communications between
two untrusted hosts over an insecure network.  X11 connections and
arbitrary TCP/IP ports can also be forwarded over the secure channel.

OpenSSH is OpenBSD's rework of the last free version of SSH, bringing it
up to date in terms of security and features, as well as removing all 
patented algorithms to separate libraries (OpenSSL).

This package contains the secure shell daemon. The sshd is the server 
part of the secure shell protocol and allows ssh clients to connect to 
your host.

%description askpass
Ssh (Secure Shell) a program for logging into a remote machine and for
executing commands in a remote machine.  It is intended to replace
rlogin and rsh, and provide secure encrypted communications between
two untrusted hosts over an insecure network.  X11 connections and
arbitrary TCP/IP ports can also be forwarded over the secure channel.

OpenSSH is OpenBSD's rework of the last free version of SSH, bringing it
up to date in terms of security and features, as well as removing all 
patented algorithms to separate libraries (OpenSSL).

This package contains Jim Knoble's <jmknoble@pobox.com> X11 passphrase 
dialog.

%description askpass-gnome
Ssh (Secure Shell) a program for logging into a remote machine and for
executing commands in a remote machine.  It is intended to replace
rlogin and rsh, and provide secure encrypted communications between
two untrusted hosts over an insecure network.  X11 connections and
arbitrary TCP/IP ports can also be forwarded over the secure channel.

OpenSSH is OpenBSD's rework of the last free version of SSH, bringing it
up to date in terms of security and features, as well as removing all 
patented algorithms to separate libraries (OpenSSL).

This package contains the GNOME passphrase dialog.

%prep
%setup -q -a 1
%patch0 -p0 -b .fred
%patch1 -p1 -b .mdkconf

%build
CFLAGS="$RPM_OPT_FLAGS" ./configure --prefix=/usr --sysconfdir=/etc/ssh \
 --with-tcp-wrappers  --with-ipv4-default --with-rsh=%{_bindir}/rsh \
  --libexecdir=%{_libdir} --mandir=%{_mandir}
make

cd x11-ssh-askpass-%{aversion}
xmkmf -a
make
cd ..

cd contrib
gcc -O -g `gnome-config --cflags gnome gnomeui` \
        gnome-ssh-askpass.c -o gnome-ssh-askpass \
        `gnome-config --libs gnome gnomeui`
cd ..
%install
rm -rf $RPM_BUILD_ROOT
make install DESTDIR=$RPM_BUILD_ROOT/

install -d $RPM_BUILD_ROOT/etc/ssh
install -d $RPM_BUILD_ROOT/etc/pam.d/
install -d $RPM_BUILD_ROOT/etc/rc.d/init.d
install -m644 contrib/redhat/sshd.pam $RPM_BUILD_ROOT/etc/pam.d/sshd
install -m755 contrib/redhat/sshd.init $RPM_BUILD_ROOT/etc/rc.d/init.d/sshd

if [[ -f sshd_config.out ]]; then 
	install -m600 sshd_config.out $RPM_BUILD_ROOT/etc/ssh/sshd_config
else 
	install -m600 sshd_config $RPM_BUILD_ROOT/etc/ssh/sshd_config
fi

if [[ -f ssh_config.out ]]; then
    install -m644 ssh_config.out $RPM_BUILD_ROOT/etc/ssh/ssh_config
else
    install -m644 ssh_config $RPM_BUILD_ROOT/etc/ssh/ssh_config
fi
echo "    StrictHostKeyChecking no" >> $RPM_BUILD_ROOT/etc/ssh/ssh_config

mkdir -p $RPM_BUILD_ROOT%{_libdir}/ssh
install -m 755 -s x11-ssh-askpass-%{aversion}/x11-ssh-askpass $RPM_BUILD_ROOT%{_libdir}/ssh/x11-ssh-askpass
(cd $RPM_BUILD_ROOT%{_bindir}; ln -s ../../%{_libdir}/ssh/ssh-askpass)

install -m 755 contrib/gnome-ssh-askpass $RPM_BUILD_ROOT%{_libdir}/ssh/gnome-ssh-askpass

bzcat %{SOURCE2} > $RPM_BUILD_ROOT/%{_bindir}/ssh-copy-id
chmod a+x $RPM_BUILD_ROOT/%{_bindir}/ssh-copy-id
install -m 644 contrib/ssh-copy-id.1 $RPM_BUILD_ROOT/%{_mandir}/man1/

%clean
rm -rf $RPM_BUILD_ROOT

%post server
/sbin/chkconfig --add sshd
if [ ! -f /etc/ssh/ssh_host_key -o ! -s /etc/ssh/ssh_host_key ]; then
	%{_bindir}/ssh-keygen -b 1024 -f /etc/ssh/ssh_host_key -N '' >&2
fi
if [ ! -f /etc/ssh/ssh_host_dsa_key -o ! -s /etc/ssh/ssh_host_dsa_key ]; then
	%{_bindir}/ssh-keygen -d -f /etc/ssh/ssh_host_dsa_key -N '' >&2
fi
/sbin/service sshd condrestart >&2 || :

%preun server
if [ "$1" = 0 ]; then
	/etc/rc.d/init.d/sshd stop >&2 || :
	/sbin/chkconfig --del sshd
fi

%post askpass
update-alternatives --install %{_libdir}/ssh/ssh-askpass ssh-askpass %{_libdir}/ssh/x11-ssh-askpass 10

%postun askpass
[ $1 = 0 ] || exit 0
update-alternatives --remove ssh-askpass %{_libdir}/ssh/x11-ssh-askpass

%post askpass-gnome
update-alternatives --install %{_libdir}/ssh/ssh-askpass ssh-askpass %{_libdir}/ssh/gnome-ssh-askpass 20

%postun askpass-gnome
[ $1 = 0 ] || exit 0
update-alternatives --remove ssh-askpass %{_libdir}/ssh/gnome-ssh-askpass

%files
%defattr(-,root,root)
%doc ChangeLog OVERVIEW COPYING.Ylonen README* INSTALL 
%doc CREDITS UPGRADING
%{_bindir}/ssh-keygen
%{_bindir}/scp
%{_mandir}/man1/ssh-keygen.1*
%{_mandir}/man1/scp.1*
%dir /etc/ssh

%files clients
%defattr(-,root,root)
%{_bindir}/ssh
%{_bindir}/ssh-agent
%{_bindir}/ssh-add
%{_bindir}/ssh-copy-id
%{_bindir}/slogin
%{_mandir}/man1/ssh-copy-id.1*
%{_mandir}/man1/slogin.1*
%{_mandir}/man1/ssh.1*
%{_mandir}/man1/ssh-agent.1*
%{_mandir}/man1/ssh-add.1*
%config(noreplace) /etc/ssh/ssh_config
%{_bindir}/ssh-askpass

%files server
%defattr(-,root,root)
%{_sbindir}/sshd
%{_mandir}/man8/sshd.8*
%config(noreplace) /etc/rc.d/init.d/sshd
%attr(0600,root,root) %config(noreplace) /etc/ssh/sshd_config
%attr(0600,root,root) %config(noreplace) /etc/pam.d/sshd

%files askpass
%defattr(-,root,root)
%doc x11-ssh-askpass-%{aversion}/README
%doc x11-ssh-askpass-%{aversion}/ChangeLog
%doc x11-ssh-askpass-%{aversion}/SshAskpass*.ad
%{_libdir}/ssh/x11-ssh-askpass

%files askpass-gnome
%defattr(-,root,root)
%{_libdir}/ssh/gnome-ssh-askpass

%changelog
* Tue Oct 17 2000 Frederic Lepied <flepied@mandrakesoft.com> 2.2.0p1-7mdk
- ssh suid.

* Thu Oct  5 2000 Frederic Lepied <flepied@mandrakesoft.com> 2.2.0p1-6mdk
- don't try Protocol 2 first (chmou sucks).
- ssh not suid.

* Tue Sep 26 2000 Chmouel Boudjnah <chmouel@mandrakesoft.com> 2.2.0p1-5mdk
- Pamstackizification.
- X11Forwarding = yes by defaut.

* Fri Sep 15 2000 Frederic Lepied <flepied@mandrakesoft.com> 2.2.0p1-4mdk
- fixed the init script to restart even if forked daemon are still present.

* Tue Sep 12 2000 Frederic Lepied <flepied@mandrakesoft.com> 2.2.0p1-3mdk
- put priority to 20 for gnome alternative of ssh-askpass.

* Mon Sep 11 2000 Frederic Lepied <flepied@mandrakesoft.com> 2.2.0p1-2mdk
- x11-ssh-askpass version 1.0.1
- new package askpass-gnome (use update-alternatives).

* Thu Sep  7 2000 Frederic Lepied <flepied@mandrakesoft.com> 2.2.0p1-1mdk
- 2.2.0p1
- added copy-id man page
- make a symlink in libdir to ssh-askpass to allow ssh-add to find it.
- added reload and condrestart to init script.

* Tue Aug  8 2000 Pixel <pixel@mandrakesoft.com> 2.1.1p3-3mdk
- remove the BuildRequires gnome-libs-devel

* Thu Aug  3 2000 Pixel <pixel@mandrakesoft.com> 2.1.1p3-2mdk
- cleanup, macrozaition
- add script ssh-copy-id from debian's ssh (i just added a usage)
- StrictHostKeyChecking set to "no" in /etc/ssh/ssh_config (it was "ask"),
  so you won't get the following unless the identification changed
  "The authenticity of host 'linux-mandrake.com' can't be established.
   RSA key fingerprint is 9b:f4:10:21:d6:ff:b2:46:d6:86:b1:42:70:4e:5d:e3.
   Are you sure you want to continue connecting (yes/no)? "

* Thu Jul 13 2000 Frederic Lepied <flepied@mandrakesoft.com> 2.1.1p3-1mdk
- 2.1.1p3

* Mon Jul  3 2000 Frederic Lepied <flepied@mandrakesoft.com> 2.1.1p2-1mdk
- 2.1.1p2

* Wed Jun 14 2000 Chmouel Boudjnah <chmouel@mandrakesoft.com> 2.1.1p1-2mdk
- Move all /usr/lib/ files to /usr/bin/.

* Tue Jun 13 2000 Frederic Lepied <flepied@mandrakesoft.com> 2.1.1p1-1mdk
- move /usr/libexec => /usr/lib
- 2.1.1p1

* Thu Jun  8 2000 Frederic Lepied <flepied@mandrakesoft.com> 2.1.0p3-2mdk
- removed unneeded BuildPreReq on gnome-libs-devel.

* Thu Jun  8 2000 Frederic Lepied <flepied@mandrakesoft.com> 2.1.0p3-1mdk
- 2.1.0p3

* Fri May 26 2000 Frederic Lepied <flepied@mandrakesoft.com> 2.1.0p2-1mdk
- 2.1.0p2

* Mon May 08 2000 Jean-Michel Dault <jmdault@mandrakesoft.com> 1.2.2-3mdk
- add Prereq openssl so the post script works.

* Tue Apr 25 2000 Chmouel Boudjnah <chmouel@mandrakesoft.com> 1.2.2-2mdk
- Upgrade groups.
- Clean-up specs.

* Fri Feb  4 2000 Yoann Vandoorselaere <yoann@mandrakesoft.com>
- openssh 1.2.2 release
- if it exist, install the .out version of ssh[d]_config.

* Mon Jan  3 2000 Jean-Michel Dault <jmdault@netrevolution.com>
- final cleanup for Mandrake 7

* Mon Jan  3 2000 Jean-Michel Dault <jmdault@netrevolution.com>
- updated to 1.2.1pre24
- linked with openssl instead of ssleay

* Mon Jan  3 2000 Yoann Vandoorselaere <yoann@mandrakesoft.com>
- Fix a problem with sshd not using the good path.
- Enable tcp wrapper support.

* Mon Dec 13 1999 Yoann Vandoorselaere <yoann@mandrakesoft.com>
- openssh-1.2pre17 released.

* Thu Dec  2 1999 Yoann Vandoorselaere <yoann@mandrakesoft.com>

- First Mandrake release.