Linux

如何在 Fedora 中安裝源 rpm(src.rpm)?

  • November 6, 2009

如何在 Fedora 中安裝源 rpm(src.rpm)?

當我嘗試使用範例命令安裝包(例如 openssh)後重建規範文件時:

rpmbuild -ba openssh.spec 

我收到以下消息,但未完成建構

Executing(%prep): /bin/sh -e /var/tmp/rpm-tmp.QkUOot
+ umask 022
+ cd /root/rpmbuild/BUILD
+ LANG=C
+ export LANG
+ unset DISPLAY
+ cd /root/rpmbuild/BUILD
+ rm -rf openssh-3.9p1
+ /usr/bin/gzip -dc /root/rpmbuild/SOURCES/openssh-3.9p1-noacss.tar.gz
+ /bin/tar -xf -
+ STATUS=0
+ '[' 0 -ne 0 ']'
+ cd openssh-3.9p1
+ /bin/chmod -Rf a+rX,u+w,g-w,o-w .
+ echo 'Patch #0 (openssh-3.9p1-redhat.patch):'
Patch #0 (openssh-3.9p1-redhat.patch):
+ /bin/cat /root/rpmbuild/SOURCES/openssh-3.9p1-redhat.patch
+ /usr/bin/patch -s -p1 -b --suffix .redhat --fuzz=0
+ echo 'Patch #1 (openssh-3.6.1p2-groups.patch):'
Patch #1 (openssh-3.6.1p2-groups.patch):
+ /bin/cat /root/rpmbuild/SOURCES/openssh-3.6.1p2-groups.patch
+ /usr/bin/patch -s -p1 -b --suffix .groups --fuzz=0
1 out of 1 hunk FAILED -- saving rejects to file sshd.c.rej
error: Bad exit status from /var/tmp/rpm-tmp.QkUOot (%prep)


RPM build errors:
   Bad exit status from /var/tmp/rpm-tmp.QkUOot (%prep)

在此文件 (rpm-tmp.QkUOot) 中存在以下消息:

#!/bin/sh

 RPM_SOURCE_DIR="/root/rpmbuild/SOURCES"
 RPM_BUILD_DIR="/root/rpmbuild/BUILD"
 RPM_OPT_FLAGS="-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m32 -march=i386 -mtune=generic -fasynchronous-unwind-tables"
 RPM_ARCH="i386"
 RPM_OS="linux"
 export RPM_SOURCE_DIR RPM_BUILD_DIR RPM_OPT_FLAGS RPM_ARCH RPM_OS
 RPM_DOC_DIR="/usr/share/doc"
 export RPM_DOC_DIR
 RPM_PACKAGE_NAME="openssh"
 RPM_PACKAGE_VERSION="3.9p1"
 RPM_PACKAGE_RELEASE="8.RHEL4.17.endian2"
 export RPM_PACKAGE_NAME RPM_PACKAGE_VERSION RPM_PACKAGE_RELEASE
 RPM_BUILD_ROOT="/root/rpmbuild/BUILDROOT/openssh-3.9p1-8.RHEL4.17.endian2.i386"
 export RPM_BUILD_ROOT

 PKG_CONFIG_PATH="/usr/lib/pkgconfig:/usr/share/pkgconfig"
 export PKG_CONFIG_PATH

 set -x
 umask 022
 cd "/root/rpmbuild/BUILD"
LANG=C
export LANG
unset DISPLAY
cd '/root/rpmbuild/BUILD'
rm -rf 'openssh-3.9p1'
/usr/bin/gzip -dc '/root/rpmbuild/SOURCES/openssh-3.9p1-noacss.tar.gz' | /bin/tar -xf - 
STATUS=$?
if [ $STATUS -ne 0 ]; then
 exit $STATUS
fi
cd 'openssh-3.9p1'
/bin/chmod -Rf a+rX,u+w,g-w,o-w .
echo "Patch #0 (openssh-3.9p1-redhat.patch):"
/bin/cat /root/rpmbuild/SOURCES/openssh-3.9p1-redhat.patch | /usr/bin/patch -s -p1 -b --suffix .redhat --fuzz=0

echo "Patch #1 (openssh-3.6.1p2-groups.patch):"
/bin/cat /root/rpmbuild/SOURCES/openssh-3.6.1p2-groups.patch | /usr/bin/patch -s -p1 -b --suffix .groups --fuzz=0

echo "Patch #2 (openssh-3.8.1p1-skip-initial.patch):"
/bin/cat /root/rpmbuild/SOURCES/openssh-3.8.1p1-skip-initial.patch | /usr/bin/patch -s -p1 -b --suffix .skip-initial --fuzz=0

echo "Patch #3 (openssh-3.8.1p1-krb5-config.patch):"
/bin/cat /root/rpmbuild/SOURCES/openssh-3.8.1p1-krb5-config.patch | /usr/bin/patch -s -p1 -b --suffix .krb5-config --fuzz=0

echo "Patch #4 (openssh-3.9p1-vendor.patch):"
/bin/cat /root/rpmbuild/SOURCES/openssh-3.9p1-vendor.patch | /usr/bin/patch -s -p1 -b --suffix .vendor --fuzz=0

echo "Patch #5 (openssh-3.9p1-no-log-signal.patch):"
/bin/cat /root/rpmbuild/SOURCES/openssh-3.9p1-no-log-signal.patch | /usr/bin/patch -s -p1 -b --suffix .signal --fuzz=0

echo "Patch #6 (openssh-3.9p1-exit-deadlock.patch):"
/bin/cat /root/rpmbuild/SOURCES/openssh-3.9p1-exit-deadlock.patch | /usr/bin/patch -s -p1 -b --suffix .exit-deadlock --fuzz=0

echo "Patch #7 (openssh-3.9p1-gid.patch):"
/bin/cat /root/rpmbuild/SOURCES/openssh-3.9p1-gid.patch | /usr/bin/patch -s -p1 -b --suffix .gid --fuzz=0

echo "Patch #8 (openssh-3.9p1-loginuid.patch):"
/bin/cat /root/rpmbuild/SOURCES/openssh-3.9p1-loginuid.patch | /usr/bin/patch -s -p1 -b --suffix .loginuid --fuzz=0

#SELinux
echo "Patch #12 (openssh-selinux.patch):"
/bin/cat /root/rpmbuild/SOURCES/openssh-selinux.patch | /usr/bin/patch -s -p1 -b --suffix .selinux --fuzz=0

echo "Patch #16 (openssh-3.9p1-audit.patch):"
/bin/cat /root/rpmbuild/SOURCES/openssh-3.9p1-audit.patch | /usr/bin/patch -s -p1 -b --suffix .audit --fuzz=0

#%patch20 -p0 -b .gssapimitm
echo "Patch #21 (openssh-3.9p1-skip-used.patch):"
/bin/cat /root/rpmbuild/SOURCES/openssh-3.9p1-skip-used.patch | /usr/bin/patch -s -p1 -b --suffix .skip-used --fuzz=0

echo "Patch #22 (openssh-3.9p1-can-2005-2798.patch):"
/bin/cat /root/rpmbuild/SOURCES/openssh-3.9p1-can-2005-2798.patch | /usr/bin/patch -s -p3 -b --suffix .destroy-creds --fuzz=0

echo "Patch #23 (openssh-3.9p1-scp-no-system.patch):"
/bin/cat /root/rpmbuild/SOURCES/openssh-3.9p1-scp-no-system.patch | /usr/bin/patch -s -p1 -b --suffix .no-system --fuzz=0

echo "Patch #24 (openssh-3.9p1-safe-stop.patch):"
/bin/cat /root/rpmbuild/SOURCES/openssh-3.9p1-safe-stop.patch | /usr/bin/patch -s -p1 -b --suffix .safe-stop --fuzz=0

echo "Patch #25 (openssh-3.9p1-scp-no-overwrite.patch):"
/bin/cat /root/rpmbuild/SOURCES/openssh-3.9p1-scp-no-overwrite.patch | /usr/bin/patch -s -p1 -b --suffix .no-overwrite --fuzz=0

echo "Patch #26 (openssh-3.9p1-pam-message.patch):"
/bin/cat /root/rpmbuild/SOURCES/openssh-3.9p1-pam-message.patch | /usr/bin/patch -s -p0 -b --suffix .pam-message --fuzz=0

echo "Patch #27 (openssh-3.9p1-log-in-chroot.patch):"
/bin/cat /root/rpmbuild/SOURCES/openssh-3.9p1-log-in-chroot.patch | /usr/bin/patch -s -p1 -b --suffix .log-chroot --fuzz=0

echo "Patch #28 (openssh-3.9p1-cve-2006-4924.patch):"
/bin/cat /root/rpmbuild/SOURCES/openssh-3.9p1-cve-2006-4924.patch | /usr/bin/patch -s -p1 -b --suffix .deattack-dos --fuzz=0

echo "Patch #29 (openssh-3.9p1-cve-2006-5051.patch):"
/bin/cat /root/rpmbuild/SOURCES/openssh-3.9p1-cve-2006-5051.patch | /usr/bin/patch -s -p1 -b --suffix .sig-no-cleanup --fuzz=0

echo "Patch #100 (openssh-3.9p1-rc-condstop.patch):"
/bin/cat /root/rpmbuild/SOURCES/openssh-3.9p1-rc-condstop.patch | /usr/bin/patch -s -p1 -b --suffix .condstop --fuzz=0

echo "Patch #30 (openssh-3.9p1-cve-2006-5794.patch):"
/bin/cat /root/rpmbuild/SOURCES/openssh-3.9p1-cve-2006-5794.patch | /usr/bin/patch -s -p1 -b --suffix .verify --fuzz=0

echo "Patch #31 (openssh-3.9p1-buffer-len.patch):"
/bin/cat /root/rpmbuild/SOURCES/openssh-3.9p1-buffer-len.patch | /usr/bin/patch -s -p1 -b --suffix .buffer-len --fuzz=0

echo "Patch #32 (openssh-3.9p1-no-dup-logs.patch):"
/bin/cat /root/rpmbuild/SOURCES/openssh-3.9p1-no-dup-logs.patch | /usr/bin/patch -s -p1 -b --suffix .no-dups --fuzz=0

echo "Patch #33 (openssh-4.3p2-no-v6only.patch):"
/bin/cat /root/rpmbuild/SOURCES/openssh-4.3p2-no-v6only.patch | /usr/bin/patch -s -p1 -b --suffix .no-v6only --fuzz=0

echo "Patch #34 (openssh-3.9p1-hash-known.patch):"
/bin/cat /root/rpmbuild/SOURCES/openssh-3.9p1-hash-known.patch | /usr/bin/patch -s -p1 -b --suffix .hash-known --fuzz=0

echo "Patch #35 (openssh-3.9p1-pam-session.patch):"
/bin/cat /root/rpmbuild/SOURCES/openssh-3.9p1-pam-session.patch | /usr/bin/patch -s -p1 -b --suffix .pam-session --fuzz=0

echo "Patch #36 (openssh-3.9p1-gssapi-canohost.patch):"
/bin/cat /root/rpmbuild/SOURCES/openssh-3.9p1-gssapi-canohost.patch | /usr/bin/patch -s -p1 -b --suffix .canohost --fuzz=0

echo "Patch #37 (openssh-3.9p1-cve-2006-5052.patch):"
/bin/cat /root/rpmbuild/SOURCES/openssh-3.9p1-cve-2006-5052.patch | /usr/bin/patch -s -p1 -b --suffix .krb5-leak --fuzz=0

echo "Patch #38 (openssh-3.9p1-sftp-memleak.patch):"
/bin/cat /root/rpmbuild/SOURCES/openssh-3.9p1-sftp-memleak.patch | /usr/bin/patch -s -p1 -b --suffix .sftp-memleak --fuzz=0

echo "Patch #39 (openssh-3.9p1-restart-reliable.patch):"
/bin/cat /root/rpmbuild/SOURCES/openssh-3.9p1-restart-reliable.patch | /usr/bin/patch -s -p1 -b --suffix .restart-reliable --fuzz=0

echo "Patch #40 (openssh-3.9p1-close-sock.patch):"
/bin/cat /root/rpmbuild/SOURCES/openssh-3.9p1-close-sock.patch | /usr/bin/patch -s -p1 -b --suffix .close-sock --fuzz=0

echo "Patch #41 (openssh-4.3p2-cve-2007-3102.patch):"
/bin/cat /root/rpmbuild/SOURCES/openssh-4.3p2-cve-2007-3102.patch | /usr/bin/patch -s -p1 -b --suffix .inject-fix --fuzz=0

echo "Patch #42 (openssh-3.9p1-sftp-drain-acks.patch):"
/bin/cat /root/rpmbuild/SOURCES/openssh-3.9p1-sftp-drain-acks.patch | /usr/bin/patch -s -p1 -b --suffix .drain-acks --fuzz=0

echo "Patch #43 (openssh-3.9p1-buffer-nonfatal.patch):"
/bin/cat /root/rpmbuild/SOURCES/openssh-3.9p1-buffer-nonfatal.patch | /usr/bin/patch -s -p1 -b --suffix .nonfatal --fuzz=0

echo "Patch #44 (openssh-3.9p1-scp-manpage.patch):"
/bin/cat /root/rpmbuild/SOURCES/openssh-3.9p1-scp-manpage.patch | /usr/bin/patch -s -p0 -b --suffix .scp-manpage --fuzz=0

echo "Patch #45 (openssh-4.7-cve-2007-4752.patch):"
/bin/cat /root/rpmbuild/SOURCES/openssh-4.7-cve-2007-4752.patch | /usr/bin/patch -s -p0 -b --suffix .scp-manpage --fuzz=0

autoreconf

並且在規範文件中存在以下消息:

%if %{?WITH_SELINUX:0}%{!?WITH_SELINUX:1}
%define WITH_SELINUX 1
%endif
%if %{WITH_SELINUX}
# Audit patch applicable only over SELinux patch
%define WITH_AUDIT 1
%endif

# OpenSSH privilege separation requires a user & group ID
%define sshd_uid    74
%define sshd_gid    74

# Version of ssh-askpass
%define aversion 1.2.4.1

# Do we want to disable building of x11-askpass? (1=yes 0=no)
%define no_x11_askpass 1

# Do we want to disable building of gnome-askpass? (1=yes 0=no)
%define no_gnome_askpass 1

# Do we want to link against a static libcrypto? (1=yes 0=no)
%define static_libcrypto 0

# Do we want smartcard support (1=yes 0=no)
%define scard 0

# Use GTK2 instead of GNOME in gnome-ssh-askpass
%define gtk2 1

# Is this build for RHL 6.x?
%define build6x 0

# Build position-independent executables (requires toolchain support)?
%define pie 1

# Do we want kerberos5 support (1=yes 0=no)
%define kerberos5 0

# Whether or not /sbin/nologin exists.
%define nologin 1

# Reserve options to override askpass settings with:
# rpm -ba|--rebuild --define 'skip_xxx 1'
%{?with_x11_askpass:%define no_x11_askpass 0}
%{?with_gnome_askpass:%define no_gnome_askpass 0}

# Add option to build without GTK2 for older platforms with only GTK+.
# RedHat <= 7.2 and Red Hat Advanced Server 2.1 are examples.
# rpm -ba|--rebuild --define 'no_gtk2 1'
%{?no_gtk2:%define gtk2 0}

# Is this a build for RHL 6.x or earlier?
%{?build_6x:%define build6x 1}

# If this is RHL 6.x, the default configuration has sysconfdir in /usr/etc.
%if %{build6x}
%define _sysconfdir /etc
%endif

# Options for static OpenSSL link:
# rpm -ba|--rebuild --define "static_openssl 1"
%{?static_openssl:%define static_libcrypto 1}

# Options for Smartcard support: (needs libsectok and openssl-engine)
# rpm -ba|--rebuild --define "smartcard 1"
%{?smartcard:%define scard 1}

# Is this a build for the rescue CD (without PAM, with MD5)? (1=yes 0=no)
%define rescue 0
%{?build_rescue:%define rescue 1}

# Turn off some stuff for resuce builds
%if %{rescue}
%define kerberos5 0
%endif

Summary: The OpenSSH implementation of SSH protocol versions 1 and 2.
Name: openssh
Version: 3.9p1
Epoch: 1
%define rel 8.RHEL4.17.endian2
%if %{rescue}
Release: %{rel}rescue
%else
Release: %{rel}
%endif
URL: http://www.openssh.com/portable.html
#Source0: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz
#Source1: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz.sig
Source0: openssh-%{version}-noacss.tar.gz
Source1: openssh-nukeacss.sh
Source2: http://www.pobox.com/~jmknoble/software/x11-ssh-askpass/x11-ssh-askpass-%{aversion}.tar.gz
Patch0: openssh-3.9p1-redhat.patch
Patch1: openssh-3.6.1p2-groups.patch
Patch2: openssh-3.8.1p1-skip-initial.patch
Patch3: openssh-3.8.1p1-krb5-config.patch
Patch4: openssh-3.9p1-vendor.patch
Patch5: openssh-3.9p1-no-log-signal.patch
Patch6: openssh-3.9p1-exit-deadlock.patch
Patch7: openssh-3.9p1-gid.patch
Patch8: openssh-3.9p1-loginuid.patch
Patch12: openssh-selinux.patch
Patch16: openssh-3.9p1-audit.patch
Patch20: openssh-3.8p1-gssapimitm.patch
Patch21: openssh-3.9p1-skip-used.patch
Patch22: openssh-3.9p1-can-2005-2798.patch
Patch23: openssh-3.9p1-scp-no-system.patch
Patch24: openssh-3.9p1-safe-stop.patch
Patch25: openssh-3.9p1-scp-no-overwrite.patch
Patch26: openssh-3.9p1-pam-message.patch
Patch27: openssh-3.9p1-log-in-chroot.patch
Patch28: openssh-3.9p1-cve-2006-4924.patch
Patch29: openssh-3.9p1-cve-2006-5051.patch
Patch30: openssh-3.9p1-cve-2006-5794.patch
Patch31: openssh-3.9p1-buffer-len.patch
Patch32: openssh-3.9p1-no-dup-logs.patch
Patch33: openssh-4.3p2-no-v6only.patch
Patch34: openssh-3.9p1-hash-known.patch
Patch35: openssh-3.9p1-pam-session.patch
Patch36: openssh-3.9p1-gssapi-canohost.patch
Patch37: openssh-3.9p1-cve-2006-5052.patch
Patch38: openssh-3.9p1-sftp-memleak.patch
Patch39: openssh-3.9p1-restart-reliable.patch
Patch40: openssh-3.9p1-close-sock.patch
Patch41: openssh-4.3p2-cve-2007-3102.patch
Patch42: openssh-3.9p1-sftp-drain-acks.patch
Patch43: openssh-3.9p1-buffer-nonfatal.patch
Patch44: openssh-3.9p1-scp-manpage.patch
Patch45: openssh-4.7-cve-2007-4752.patch
Patch100: openssh-3.9p1-rc-condstop.patch
License: BSD
Group: Applications/Internet
BuildRoot: %{_tmppath}/%{name}-%{version}-buildroot
BuildRequires: openssl-devel
Obsoletes: ssh
%if %{nologin}
Requires: /sbin/nologin
%endif

Requires: initscripts

%if ! %{no_gnome_askpass}
%if %{gtk2}
BuildPreReq: gtk2-devel, xauth
%else
BuildPreReq: gnome-libs-devel
%endif
%endif

%if %{scard}
BuildPreReq: sharutils
%endif
BuildPreReq: autoconf, openssl-devel, perl, zlib-devel
BuildPreReq: util-linux, groff, man
BuildPreReq: glibc-devel, pam-devel

%if ! %{no_x11_askpass}
BuildPreReq: XFree86-devel
%endif

%if %{kerberos5}
BuildPreReq: krb5-devel
%endif

%if %{WITH_SELINUX}
Requires: libselinux >= 1.17.9
BuildRequires: libselinux-devel >= 1.17.9
%endif

%if %{WITH_AUDIT}
BuildRequires: audit-libs-devel >= 1.0.12
%endif

%package extras
Summary: The OpenSSH implementation of SSH protocol version 2.
Requires: openssh = %{epoch}:%{version}-%{release}
Group: Applications/Internet


%package clients
Summary: OpenSSH clients.
Requires: openssh = %{epoch}:%{version}-%{release}
Group: Applications/Internet
Obsoletes: ssh-clients


%package clients-extras
Summary: OpenSSH clients.
Requires: openssh-clients = %{epoch}:%{version}-%{release}
Group: Applications/Internet


%package server
Summary: The OpenSSH server daemon.
Group: System Environment/Daemons
Obsoletes: ssh-server
PreReq: openssh = %{epoch}:%{version}-%{release}, /usr/sbin/useradd, /usr/bin/id
%if ! %{build6x}
Requires: /etc/pam.d/system-auth, /%{_lib}/security/pam_loginuid.so
%endif

%if %{WITH_AUDIT}
Requires: audit-libs >= 1.0.12
%endif

%package server-extras
Summary: The OpenSSH server daemon.
Group: System Environment/Daemons
PreReq: openssh-server = %{epoch}:%{version}-%{release}

%package askpass
Summary: A passphrase dialog for OpenSSH and X.
Group: Applications/Internet
Requires: openssh = %{epoch}:%{version}-%{release}
Obsoletes: ssh-extras

%package askpass-gnome
Summary: A passphrase dialog for OpenSSH, X, and GNOME.
Group: Applications/Internet
Requires: openssh = %{epoch}:%{version}-%{release}
Obsoletes: ssh-extras

%description
SSH (Secure SHell) is a program for logging into and executing
commands on a remote machine. SSH is intended to replace rlogin and
rsh, and to provide secure encrypted communications between two
untrusted hosts over an insecure network. X11 connections and
arbitrary TCP/IP ports can also be forwarded over the secure channel.

OpenSSH is OpenBSD's version of the last free version of SSH, bringing
it up to date in terms of security and features, as well as removing
all patented algorithms to separate libraries.

This package includes the core files necessary for both the OpenSSH
client and server. To make this package useful, you should also
install openssh-clients, openssh-server, or both.

%description extras
SSH (Secure SHell) is a program for logging into and executing
commands on a remote machine. SSH is intended to replace rlogin and
rsh, and to provide secure encrypted communications between two
untrusted hosts over an insecure network. X11 connections and
arbitrary TCP/IP ports can also be forwarded over the secure channel.

OpenSSH is OpenBSD's version of the last free version of SSH, bringing
it up to date in terms of security and features, as well as removing
all patented algorithms to separate libraries.

This package includes the core files necessary for both the OpenSSH
client and server. To make this package useful, you should also
install openssh-clients, openssh-server, or both.

This package contains ripped down files

%description clients
OpenSSH is a free version of SSH (Secure SHell), a program for logging
into and executing commands on a remote machine. This package includes
the clients necessary to make encrypted connections to SSH servers.
You'll also need to install the openssh package on OpenSSH clients.

%description server
OpenSSH is a free version of SSH (Secure SHell), a program for logging
into and executing commands on a remote machine. This package contains
the secure shell daemon (sshd). The sshd daemon allows SSH clients to
securely connect to your SSH server. You also need to have the openssh
package installed.


%description clients-extras
OpenSSH is a free version of SSH (Secure SHell), a program for logging
into and executing commands on a remote machine. This package includes
the clients necessary to make encrypted connections to SSH servers.
You'll also need to install the openssh package on OpenSSH clients.

This package contains ripped down files

%description server-extras
OpenSSH is a free version of SSH (Secure SHell), a program for logging
into and executing commands on a remote machine. This package contains
the secure shell daemon (sshd). The sshd daemon allows SSH clients to
securely connect to your SSH server. You also need to have the openssh
package installed.

This package contains ripped down files

%description askpass
OpenSSH is a free version of SSH (Secure SHell), a program for logging
into and executing commands on a remote machine. This package contains
an X11 passphrase dialog for OpenSSH.

%description askpass-gnome
OpenSSH is a free version of SSH (Secure SHell), a program for logging
into and executing commands on a remote machine. This package contains
an X11 passphrase dialog for OpenSSH and the GNOME GUI desktop
environment.

%prep

%if ! %{no_x11_askpass}
%setup -q -a 2
%else
%setup -q
%endif
%patch0 -p1 -b .redhat
%patch1 -p1 -b .groups
%patch2 -p1 -b .skip-initial
%patch3 -p1 -b .krb5-config
%patch4 -p1 -b .vendor
%patch5 -p1 -b .signal
%patch6 -p1 -b .exit-deadlock
%patch7 -p1 -b .gid
%patch8 -p1 -b .loginuid

%if %{WITH_SELINUX}
#SELinux
%patch12 -p1 -b .selinux
%endif

%if %{WITH_AUDIT}
%patch16 -p1 -b .audit
%endif

#%patch20 -p0 -b .gssapimitm
%patch21 -p1 -b .skip-used
%patch22 -p3 -b .destroy-creds
%patch23 -p1 -b .no-system
%patch24 -p1 -b .safe-stop
%patch25 -p1 -b .no-overwrite
%patch26 -p0 -b .pam-message
%patch27 -p1 -b .log-chroot
%patch28 -p1 -b .deattack-dos
%patch29 -p1 -b .sig-no-cleanup
%patch100 -p1 -b .condstop
%patch30 -p1 -b .verify
%patch31 -p1 -b .buffer-len
%patch32 -p1 -b .no-dups
%patch33 -p1 -b .no-v6only
%patch34 -p1 -b .hash-known
%patch35 -p1 -b .pam-session
%patch36 -p1 -b .canohost
%patch37 -p1 -b .krb5-leak
%patch38 -p1 -b .sftp-memleak
%patch39 -p1 -b .restart-reliable
%patch40 -p1 -b .close-sock
%patch41 -p1 -b .inject-fix
%patch42 -p1 -b .drain-acks
%patch43 -p1 -b .nonfatal
%patch44 -p0 -b .scp-manpage
%patch45 -p0 -b .scp-manpage

autoreconf

%build
CFLAGS="$RPM_OPT_FLAGS"; export CFLAGS
%if %{rescue}
CFLAGS="$CFLAGS -Os"
%endif
%if %{pie}
%ifarch s390 s390x
CFLAGS="$CFLAGS -fPIE"
%else
CFLAGS="$CFLAGS -fpie"
%endif
export CFLAGS
LDFLAGS="$LDFLAGS -pie"; export LDFLAGS
%endif
%if %{build6x}
export CFLAGS="$CFLAGS -D__func__=__FUNCTION__"
%endif
%if %{kerberos5}
krb5_prefix=`krb5-config --prefix`
if test "$krb5_prefix" != "%{_prefix}" ; then
   CPPFLAGS="$CPPFLAGS -I${krb5_prefix}/include -I${krb5_prefix}/include/gssapi"; export CPPFLAGS
   CFLAGS="$CFLAGS -I${krb5_prefix}/include -I${krb5_prefix}/include/gssapi"
   LDFLAGS="$LDFLAGS -L${krb5_prefix}/%{_lib}"; export LDFLAGS
else
   krb5_prefix=
   CPPFLAGS="-I%{_includedir}/gssapi"; export CPPFLAGS
   CFLAGS="$CFLAGS -I%{_includedir}/gssapi"
fi
%endif

%configure \
   --sysconfdir=%{_sysconfdir}/ssh \
   --libexecdir=%{_libexecdir}/openssh \
   --datadir=%{_datadir}/openssh \
   --with-default-path=/bin:/usr/bin \
   --with-superuser-path=/sbin:/bin:/usr/sbin:/usr/bin \
   --with-privsep-path=%{_var}/empty/sshd \
   --enable-vendor-patchlevel="endian-%{version}-%{release}" \
%if %{scard}
   --with-smartcard \
%endif
%if %{build6x}
   --with-ipv4-default \
%endif
%if %{rescue}
   --without-pam \
%else
   --with-pam \
%endif
%if %{WITH_SELINUX}
   --with-selinux \
%else
   --without-selinux \
%endif
%if %{WITH_AUDIT}
   --with-linux-audit \
%endif
%if %{kerberos5}
   --with-kerberos5${krb5_prefix:+=${krb5_prefix}}
%else
   --without-kerberos5
%endif

%if %{static_libcrypto}
perl -pi -e "s|-lcrypto|%{_libdir}/libcrypto.a|g" Makefile
%endif

make

%if ! %{no_x11_askpass}
pushd x11-ssh-askpass-%{aversion}
# This configure can't handle platform strings.
./configure --prefix=%{_prefix} --libdir=%{_libdir} --libexecdir=%{_libexecdir}/openssh
xmkmf -a
make
popd
%endif

# Define a variable to toggle gnome1/gtk2 building.  This is necessary
# because RPM doesn't handle nested %if statements.
%if %{gtk2}
   gtk2=yes
%else
   gtk2=no
%endif

%if ! %{no_gnome_askpass}
pushd contrib
if [ $gtk2 = yes ] ; then
   make gnome-ssh-askpass2
   mv gnome-ssh-askpass2 gnome-ssh-askpass
else
   make gnome-ssh-askpass1
   mv gnome-ssh-askpass1 gnome-ssh-askpass
fi
popd
%endif

%install
rm -rf $RPM_BUILD_ROOT
mkdir -p -m755 $RPM_BUILD_ROOT%{_sysconfdir}/ssh
mkdir -p -m755 $RPM_BUILD_ROOT%{_libexecdir}/openssh
mkdir -p -m755 $RPM_BUILD_ROOT%{_var}/empty/sshd
mkdir -p -m755 $RPM_BUILD_ROOT%{_var}/run/sshd
make install DESTDIR=$RPM_BUILD_ROOT

install -d $RPM_BUILD_ROOT/etc/pam.d/
install -d $RPM_BUILD_ROOT/etc/rc.d/init.d
install -d $RPM_BUILD_ROOT%{_libexecdir}/openssh
%if %{build6x}
install -m644 contrib/redhat/sshd.pam.old  $RPM_BUILD_ROOT/etc/pam.d/sshd
install -m755 contrib/redhat/sshd.init.old $RPM_BUILD_ROOT/etc/rc.d/init.d/sshd
%else
install -m644 contrib/redhat/sshd.pam      $RPM_BUILD_ROOT/etc/pam.d/sshd
install -m755 contrib/redhat/sshd.init     $RPM_BUILD_ROOT/etc/rc.d/init.d/sshd
%endif

%if ! %{no_x11_askpass}
install -s x11-ssh-askpass-%{aversion}/x11-ssh-askpass $RPM_BUILD_ROOT%{_libexecdir}/openssh/x11-ssh-askpass
ln -s x11-ssh-askpass $RPM_BUILD_ROOT%{_libexecdir}/openssh/ssh-askpass
%endif

%if ! %{no_gnome_askpass}
install -s contrib/gnome-ssh-askpass $RPM_BUILD_ROOT%{_libexecdir}/openssh/gnome-ssh-askpass
%endif

%if ! %{scard}
   rm -f $RPM_BUILD_ROOT%{_datadir}/openssh/Ssh.bin
%endif

%if ! %{no_gnome_askpass}
install -m 755 -d $RPM_BUILD_ROOT%{_sysconfdir}/profile.d/
install -m 755 contrib/redhat/gnome-ssh-askpass.csh $RPM_BUILD_ROOT%{_sysconfdir}/profile.d/
install -m 755 contrib/redhat/gnome-ssh-askpass.sh $RPM_BUILD_ROOT%{_sysconfdir}/profile.d/
%endif

%if %{no_gnome_askpass}
rm -f $RPM_BUILD_ROOT/etc/profile.d/gnome-ssh-askpass.*
%endif

perl -pi -e "s|$RPM_BUILD_ROOT||g" $RPM_BUILD_ROOT%{_mandir}/man*/*

%clean
rm -rf $RPM_BUILD_ROOT

%triggerun server -- ssh-server
if [ "$1" != 0 -a -r /var/run/sshd.pid ] ; then
   touch /var/run/sshd.restart
fi

%triggerun server -- openssh-server < 2.5.0p1
# Count the number of HostKey and HostDsaKey statements we have.
gawk    'BEGIN {IGNORECASE=1}
    /^hostkey/ || /^hostdsakey/ {sawhostkey = sawhostkey + 1}
    END {exit sawhostkey}' /etc/ssh/sshd_config
# And if we only found one, we know the client was relying on the old default
# behavior, which loaded the the SSH2 DSA host key when HostDsaKey wasn't
# specified.  Now that HostKey is used for both SSH1 and SSH2 keys, specifying
# one nullifies the default, which would have loaded both.
if [ $? -eq 1 ] ; then
   echo HostKey /etc/ssh/ssh_host_rsa_key >> /etc/ssh/sshd_config
   echo HostKey /etc/ssh/ssh_host_dsa_key >> /etc/ssh/sshd_config
fi

%triggerpostun server -- ssh-server
if [ "$1" != 0 ] ; then
   if test -f /var/run/sshd.restart ; then
       rm -f /var/run/sshd.restart
       /etc/init.d/sshd start > /dev/null 2>&1 || :
   fi
fi

%pre server
%if %{nologin}
/usr/sbin/useradd -c "Privilege-separated SSH" -u 74 \
   -s /sbin/nologin -r -d /var/empty/sshd sshd 2> /dev/null || :
%else
/usr/sbin/useradd -c "Privilege-separated SSH" -u 74 \
   -s /dev/null -r -d /var/empty/sshd sshd 2> /dev/null || :
%endif

%postun server
/etc/init.d/sshd condrestart > /dev/null 2>&1 || :

%preun server
if [ "$1" = 0 ]
then
   /etc/init.d/sshd stop > /dev/null 2>&1 || :
fi

%files
%defattr(-,root,root)
%attr(0755,root,root) %dir %{_sysconfdir}/ssh
%attr(0600,root,root) %config(noreplace) %{_sysconfdir}/ssh/moduli
%if ! %{rescue}
%attr(0755,root,root) %{_bindir}/ssh-keygen
%attr(0755,root,root) %dir %{_libexecdir}/openssh
%attr(4711,root,root) %{_libexecdir}/openssh/ssh-keysign
%endif
%if %{scard}
%attr(0755,root,root) %dir %{_datadir}/openssh
%attr(0644,root,root) %{_datadir}/openssh/Ssh.bin
%endif

%files extras
%defattr(-,root,root)
%doc CREDITS ChangeLog INSTALL LICENCE OVERVIEW README* RFC* TODO WARNING*
%if ! %{rescue}
%attr(0644,root,root) %{_mandir}/man1/ssh-keygen.1*
%attr(0644,root,root) %{_mandir}/man8/ssh-keysign.8*
%endif

%files clients
%defattr(-,root,root)
%attr(0755,root,root) %{_bindir}/ssh
%attr(0755,root,root) %{_bindir}/scp
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/ssh/ssh_config

%files clients-extras
%defattr(-,root,root)
%attr(-,root,root) %{_bindir}/slogin
%attr(0644,root,root) %{_mandir}/man1/ssh.1*
%attr(0644,root,root) %{_mandir}/man1/scp.1*
%attr(0644,root,root) %{_mandir}/man1/slogin.1*
%attr(0644,root,root) %{_mandir}/man5/ssh_config.5*
%if ! %{rescue}
%attr(2755,root,nobody) %{_bindir}/ssh-agent
%attr(0755,root,root) %{_bindir}/ssh-add
%attr(0755,root,root) %{_bindir}/ssh-keyscan
%attr(0755,root,root) %{_bindir}/sftp
%attr(0644,root,root) %{_mandir}/man1/ssh-agent.1*
%attr(0644,root,root) %{_mandir}/man1/ssh-add.1*
%attr(0644,root,root)

出於某種原因,更新檔 #1 無法應用。您可以查看 sshd.c.rej 以找出不匹配的確切位置。

引用自:https://serverfault.com/questions/82233