Linux
如何在 Fedora 中安裝源 rpm(src.rpm)?
如何在 Fedora 中安裝源 rpm(src.rpm)?
當我嘗試使用範例命令安裝包(例如 openssh)後重建規範文件時:
rpmbuild -ba openssh.spec
我收到以下消息,但未完成建構
Executing(%prep): /bin/sh -e /var/tmp/rpm-tmp.QkUOot + umask 022 + cd /root/rpmbuild/BUILD + LANG=C + export LANG + unset DISPLAY + cd /root/rpmbuild/BUILD + rm -rf openssh-3.9p1 + /usr/bin/gzip -dc /root/rpmbuild/SOURCES/openssh-3.9p1-noacss.tar.gz + /bin/tar -xf - + STATUS=0 + '[' 0 -ne 0 ']' + cd openssh-3.9p1 + /bin/chmod -Rf a+rX,u+w,g-w,o-w . + echo 'Patch #0 (openssh-3.9p1-redhat.patch):' Patch #0 (openssh-3.9p1-redhat.patch): + /bin/cat /root/rpmbuild/SOURCES/openssh-3.9p1-redhat.patch + /usr/bin/patch -s -p1 -b --suffix .redhat --fuzz=0 + echo 'Patch #1 (openssh-3.6.1p2-groups.patch):' Patch #1 (openssh-3.6.1p2-groups.patch): + /bin/cat /root/rpmbuild/SOURCES/openssh-3.6.1p2-groups.patch + /usr/bin/patch -s -p1 -b --suffix .groups --fuzz=0 1 out of 1 hunk FAILED -- saving rejects to file sshd.c.rej error: Bad exit status from /var/tmp/rpm-tmp.QkUOot (%prep) RPM build errors: Bad exit status from /var/tmp/rpm-tmp.QkUOot (%prep)
在此文件 (rpm-tmp.QkUOot) 中存在以下消息:
#!/bin/sh RPM_SOURCE_DIR="/root/rpmbuild/SOURCES" RPM_BUILD_DIR="/root/rpmbuild/BUILD" RPM_OPT_FLAGS="-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m32 -march=i386 -mtune=generic -fasynchronous-unwind-tables" RPM_ARCH="i386" RPM_OS="linux" export RPM_SOURCE_DIR RPM_BUILD_DIR RPM_OPT_FLAGS RPM_ARCH RPM_OS RPM_DOC_DIR="/usr/share/doc" export RPM_DOC_DIR RPM_PACKAGE_NAME="openssh" RPM_PACKAGE_VERSION="3.9p1" RPM_PACKAGE_RELEASE="8.RHEL4.17.endian2" export RPM_PACKAGE_NAME RPM_PACKAGE_VERSION RPM_PACKAGE_RELEASE RPM_BUILD_ROOT="/root/rpmbuild/BUILDROOT/openssh-3.9p1-8.RHEL4.17.endian2.i386" export RPM_BUILD_ROOT PKG_CONFIG_PATH="/usr/lib/pkgconfig:/usr/share/pkgconfig" export PKG_CONFIG_PATH set -x umask 022 cd "/root/rpmbuild/BUILD" LANG=C export LANG unset DISPLAY cd '/root/rpmbuild/BUILD' rm -rf 'openssh-3.9p1' /usr/bin/gzip -dc '/root/rpmbuild/SOURCES/openssh-3.9p1-noacss.tar.gz' | /bin/tar -xf - STATUS=$? if [ $STATUS -ne 0 ]; then exit $STATUS fi cd 'openssh-3.9p1' /bin/chmod -Rf a+rX,u+w,g-w,o-w . echo "Patch #0 (openssh-3.9p1-redhat.patch):" /bin/cat /root/rpmbuild/SOURCES/openssh-3.9p1-redhat.patch | /usr/bin/patch -s -p1 -b --suffix .redhat --fuzz=0 echo "Patch #1 (openssh-3.6.1p2-groups.patch):" /bin/cat /root/rpmbuild/SOURCES/openssh-3.6.1p2-groups.patch | /usr/bin/patch -s -p1 -b --suffix .groups --fuzz=0 echo "Patch #2 (openssh-3.8.1p1-skip-initial.patch):" /bin/cat /root/rpmbuild/SOURCES/openssh-3.8.1p1-skip-initial.patch | /usr/bin/patch -s -p1 -b --suffix .skip-initial --fuzz=0 echo "Patch #3 (openssh-3.8.1p1-krb5-config.patch):" /bin/cat /root/rpmbuild/SOURCES/openssh-3.8.1p1-krb5-config.patch | /usr/bin/patch -s -p1 -b --suffix .krb5-config --fuzz=0 echo "Patch #4 (openssh-3.9p1-vendor.patch):" /bin/cat /root/rpmbuild/SOURCES/openssh-3.9p1-vendor.patch | /usr/bin/patch -s -p1 -b --suffix .vendor --fuzz=0 echo "Patch #5 (openssh-3.9p1-no-log-signal.patch):" /bin/cat /root/rpmbuild/SOURCES/openssh-3.9p1-no-log-signal.patch | /usr/bin/patch -s -p1 -b --suffix .signal --fuzz=0 echo "Patch #6 (openssh-3.9p1-exit-deadlock.patch):" /bin/cat /root/rpmbuild/SOURCES/openssh-3.9p1-exit-deadlock.patch | /usr/bin/patch -s -p1 -b --suffix .exit-deadlock --fuzz=0 echo "Patch #7 (openssh-3.9p1-gid.patch):" /bin/cat /root/rpmbuild/SOURCES/openssh-3.9p1-gid.patch | /usr/bin/patch -s -p1 -b --suffix .gid --fuzz=0 echo "Patch #8 (openssh-3.9p1-loginuid.patch):" /bin/cat /root/rpmbuild/SOURCES/openssh-3.9p1-loginuid.patch | /usr/bin/patch -s -p1 -b --suffix .loginuid --fuzz=0 #SELinux echo "Patch #12 (openssh-selinux.patch):" /bin/cat /root/rpmbuild/SOURCES/openssh-selinux.patch | /usr/bin/patch -s -p1 -b --suffix .selinux --fuzz=0 echo "Patch #16 (openssh-3.9p1-audit.patch):" /bin/cat /root/rpmbuild/SOURCES/openssh-3.9p1-audit.patch | /usr/bin/patch -s -p1 -b --suffix .audit --fuzz=0 #%patch20 -p0 -b .gssapimitm echo "Patch #21 (openssh-3.9p1-skip-used.patch):" /bin/cat /root/rpmbuild/SOURCES/openssh-3.9p1-skip-used.patch | /usr/bin/patch -s -p1 -b --suffix .skip-used --fuzz=0 echo "Patch #22 (openssh-3.9p1-can-2005-2798.patch):" /bin/cat /root/rpmbuild/SOURCES/openssh-3.9p1-can-2005-2798.patch | /usr/bin/patch -s -p3 -b --suffix .destroy-creds --fuzz=0 echo "Patch #23 (openssh-3.9p1-scp-no-system.patch):" /bin/cat /root/rpmbuild/SOURCES/openssh-3.9p1-scp-no-system.patch | /usr/bin/patch -s -p1 -b --suffix .no-system --fuzz=0 echo "Patch #24 (openssh-3.9p1-safe-stop.patch):" /bin/cat /root/rpmbuild/SOURCES/openssh-3.9p1-safe-stop.patch | /usr/bin/patch -s -p1 -b --suffix .safe-stop --fuzz=0 echo "Patch #25 (openssh-3.9p1-scp-no-overwrite.patch):" /bin/cat /root/rpmbuild/SOURCES/openssh-3.9p1-scp-no-overwrite.patch | /usr/bin/patch -s -p1 -b --suffix .no-overwrite --fuzz=0 echo "Patch #26 (openssh-3.9p1-pam-message.patch):" /bin/cat /root/rpmbuild/SOURCES/openssh-3.9p1-pam-message.patch | /usr/bin/patch -s -p0 -b --suffix .pam-message --fuzz=0 echo "Patch #27 (openssh-3.9p1-log-in-chroot.patch):" /bin/cat /root/rpmbuild/SOURCES/openssh-3.9p1-log-in-chroot.patch | /usr/bin/patch -s -p1 -b --suffix .log-chroot --fuzz=0 echo "Patch #28 (openssh-3.9p1-cve-2006-4924.patch):" /bin/cat /root/rpmbuild/SOURCES/openssh-3.9p1-cve-2006-4924.patch | /usr/bin/patch -s -p1 -b --suffix .deattack-dos --fuzz=0 echo "Patch #29 (openssh-3.9p1-cve-2006-5051.patch):" /bin/cat /root/rpmbuild/SOURCES/openssh-3.9p1-cve-2006-5051.patch | /usr/bin/patch -s -p1 -b --suffix .sig-no-cleanup --fuzz=0 echo "Patch #100 (openssh-3.9p1-rc-condstop.patch):" /bin/cat /root/rpmbuild/SOURCES/openssh-3.9p1-rc-condstop.patch | /usr/bin/patch -s -p1 -b --suffix .condstop --fuzz=0 echo "Patch #30 (openssh-3.9p1-cve-2006-5794.patch):" /bin/cat /root/rpmbuild/SOURCES/openssh-3.9p1-cve-2006-5794.patch | /usr/bin/patch -s -p1 -b --suffix .verify --fuzz=0 echo "Patch #31 (openssh-3.9p1-buffer-len.patch):" /bin/cat /root/rpmbuild/SOURCES/openssh-3.9p1-buffer-len.patch | /usr/bin/patch -s -p1 -b --suffix .buffer-len --fuzz=0 echo "Patch #32 (openssh-3.9p1-no-dup-logs.patch):" /bin/cat /root/rpmbuild/SOURCES/openssh-3.9p1-no-dup-logs.patch | /usr/bin/patch -s -p1 -b --suffix .no-dups --fuzz=0 echo "Patch #33 (openssh-4.3p2-no-v6only.patch):" /bin/cat /root/rpmbuild/SOURCES/openssh-4.3p2-no-v6only.patch | /usr/bin/patch -s -p1 -b --suffix .no-v6only --fuzz=0 echo "Patch #34 (openssh-3.9p1-hash-known.patch):" /bin/cat /root/rpmbuild/SOURCES/openssh-3.9p1-hash-known.patch | /usr/bin/patch -s -p1 -b --suffix .hash-known --fuzz=0 echo "Patch #35 (openssh-3.9p1-pam-session.patch):" /bin/cat /root/rpmbuild/SOURCES/openssh-3.9p1-pam-session.patch | /usr/bin/patch -s -p1 -b --suffix .pam-session --fuzz=0 echo "Patch #36 (openssh-3.9p1-gssapi-canohost.patch):" /bin/cat /root/rpmbuild/SOURCES/openssh-3.9p1-gssapi-canohost.patch | /usr/bin/patch -s -p1 -b --suffix .canohost --fuzz=0 echo "Patch #37 (openssh-3.9p1-cve-2006-5052.patch):" /bin/cat /root/rpmbuild/SOURCES/openssh-3.9p1-cve-2006-5052.patch | /usr/bin/patch -s -p1 -b --suffix .krb5-leak --fuzz=0 echo "Patch #38 (openssh-3.9p1-sftp-memleak.patch):" /bin/cat /root/rpmbuild/SOURCES/openssh-3.9p1-sftp-memleak.patch | /usr/bin/patch -s -p1 -b --suffix .sftp-memleak --fuzz=0 echo "Patch #39 (openssh-3.9p1-restart-reliable.patch):" /bin/cat /root/rpmbuild/SOURCES/openssh-3.9p1-restart-reliable.patch | /usr/bin/patch -s -p1 -b --suffix .restart-reliable --fuzz=0 echo "Patch #40 (openssh-3.9p1-close-sock.patch):" /bin/cat /root/rpmbuild/SOURCES/openssh-3.9p1-close-sock.patch | /usr/bin/patch -s -p1 -b --suffix .close-sock --fuzz=0 echo "Patch #41 (openssh-4.3p2-cve-2007-3102.patch):" /bin/cat /root/rpmbuild/SOURCES/openssh-4.3p2-cve-2007-3102.patch | /usr/bin/patch -s -p1 -b --suffix .inject-fix --fuzz=0 echo "Patch #42 (openssh-3.9p1-sftp-drain-acks.patch):" /bin/cat /root/rpmbuild/SOURCES/openssh-3.9p1-sftp-drain-acks.patch | /usr/bin/patch -s -p1 -b --suffix .drain-acks --fuzz=0 echo "Patch #43 (openssh-3.9p1-buffer-nonfatal.patch):" /bin/cat /root/rpmbuild/SOURCES/openssh-3.9p1-buffer-nonfatal.patch | /usr/bin/patch -s -p1 -b --suffix .nonfatal --fuzz=0 echo "Patch #44 (openssh-3.9p1-scp-manpage.patch):" /bin/cat /root/rpmbuild/SOURCES/openssh-3.9p1-scp-manpage.patch | /usr/bin/patch -s -p0 -b --suffix .scp-manpage --fuzz=0 echo "Patch #45 (openssh-4.7-cve-2007-4752.patch):" /bin/cat /root/rpmbuild/SOURCES/openssh-4.7-cve-2007-4752.patch | /usr/bin/patch -s -p0 -b --suffix .scp-manpage --fuzz=0 autoreconf
並且在規範文件中存在以下消息:
%if %{?WITH_SELINUX:0}%{!?WITH_SELINUX:1} %define WITH_SELINUX 1 %endif %if %{WITH_SELINUX} # Audit patch applicable only over SELinux patch %define WITH_AUDIT 1 %endif # OpenSSH privilege separation requires a user & group ID %define sshd_uid 74 %define sshd_gid 74 # Version of ssh-askpass %define aversion 1.2.4.1 # Do we want to disable building of x11-askpass? (1=yes 0=no) %define no_x11_askpass 1 # Do we want to disable building of gnome-askpass? (1=yes 0=no) %define no_gnome_askpass 1 # Do we want to link against a static libcrypto? (1=yes 0=no) %define static_libcrypto 0 # Do we want smartcard support (1=yes 0=no) %define scard 0 # Use GTK2 instead of GNOME in gnome-ssh-askpass %define gtk2 1 # Is this build for RHL 6.x? %define build6x 0 # Build position-independent executables (requires toolchain support)? %define pie 1 # Do we want kerberos5 support (1=yes 0=no) %define kerberos5 0 # Whether or not /sbin/nologin exists. %define nologin 1 # Reserve options to override askpass settings with: # rpm -ba|--rebuild --define 'skip_xxx 1' %{?with_x11_askpass:%define no_x11_askpass 0} %{?with_gnome_askpass:%define no_gnome_askpass 0} # Add option to build without GTK2 for older platforms with only GTK+. # RedHat <= 7.2 and Red Hat Advanced Server 2.1 are examples. # rpm -ba|--rebuild --define 'no_gtk2 1' %{?no_gtk2:%define gtk2 0} # Is this a build for RHL 6.x or earlier? %{?build_6x:%define build6x 1} # If this is RHL 6.x, the default configuration has sysconfdir in /usr/etc. %if %{build6x} %define _sysconfdir /etc %endif # Options for static OpenSSL link: # rpm -ba|--rebuild --define "static_openssl 1" %{?static_openssl:%define static_libcrypto 1} # Options for Smartcard support: (needs libsectok and openssl-engine) # rpm -ba|--rebuild --define "smartcard 1" %{?smartcard:%define scard 1} # Is this a build for the rescue CD (without PAM, with MD5)? (1=yes 0=no) %define rescue 0 %{?build_rescue:%define rescue 1} # Turn off some stuff for resuce builds %if %{rescue} %define kerberos5 0 %endif Summary: The OpenSSH implementation of SSH protocol versions 1 and 2. Name: openssh Version: 3.9p1 Epoch: 1 %define rel 8.RHEL4.17.endian2 %if %{rescue} Release: %{rel}rescue %else Release: %{rel} %endif URL: http://www.openssh.com/portable.html #Source0: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz #Source1: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz.sig Source0: openssh-%{version}-noacss.tar.gz Source1: openssh-nukeacss.sh Source2: http://www.pobox.com/~jmknoble/software/x11-ssh-askpass/x11-ssh-askpass-%{aversion}.tar.gz Patch0: openssh-3.9p1-redhat.patch Patch1: openssh-3.6.1p2-groups.patch Patch2: openssh-3.8.1p1-skip-initial.patch Patch3: openssh-3.8.1p1-krb5-config.patch Patch4: openssh-3.9p1-vendor.patch Patch5: openssh-3.9p1-no-log-signal.patch Patch6: openssh-3.9p1-exit-deadlock.patch Patch7: openssh-3.9p1-gid.patch Patch8: openssh-3.9p1-loginuid.patch Patch12: openssh-selinux.patch Patch16: openssh-3.9p1-audit.patch Patch20: openssh-3.8p1-gssapimitm.patch Patch21: openssh-3.9p1-skip-used.patch Patch22: openssh-3.9p1-can-2005-2798.patch Patch23: openssh-3.9p1-scp-no-system.patch Patch24: openssh-3.9p1-safe-stop.patch Patch25: openssh-3.9p1-scp-no-overwrite.patch Patch26: openssh-3.9p1-pam-message.patch Patch27: openssh-3.9p1-log-in-chroot.patch Patch28: openssh-3.9p1-cve-2006-4924.patch Patch29: openssh-3.9p1-cve-2006-5051.patch Patch30: openssh-3.9p1-cve-2006-5794.patch Patch31: openssh-3.9p1-buffer-len.patch Patch32: openssh-3.9p1-no-dup-logs.patch Patch33: openssh-4.3p2-no-v6only.patch Patch34: openssh-3.9p1-hash-known.patch Patch35: openssh-3.9p1-pam-session.patch Patch36: openssh-3.9p1-gssapi-canohost.patch Patch37: openssh-3.9p1-cve-2006-5052.patch Patch38: openssh-3.9p1-sftp-memleak.patch Patch39: openssh-3.9p1-restart-reliable.patch Patch40: openssh-3.9p1-close-sock.patch Patch41: openssh-4.3p2-cve-2007-3102.patch Patch42: openssh-3.9p1-sftp-drain-acks.patch Patch43: openssh-3.9p1-buffer-nonfatal.patch Patch44: openssh-3.9p1-scp-manpage.patch Patch45: openssh-4.7-cve-2007-4752.patch Patch100: openssh-3.9p1-rc-condstop.patch License: BSD Group: Applications/Internet BuildRoot: %{_tmppath}/%{name}-%{version}-buildroot BuildRequires: openssl-devel Obsoletes: ssh %if %{nologin} Requires: /sbin/nologin %endif Requires: initscripts %if ! %{no_gnome_askpass} %if %{gtk2} BuildPreReq: gtk2-devel, xauth %else BuildPreReq: gnome-libs-devel %endif %endif %if %{scard} BuildPreReq: sharutils %endif BuildPreReq: autoconf, openssl-devel, perl, zlib-devel BuildPreReq: util-linux, groff, man BuildPreReq: glibc-devel, pam-devel %if ! %{no_x11_askpass} BuildPreReq: XFree86-devel %endif %if %{kerberos5} BuildPreReq: krb5-devel %endif %if %{WITH_SELINUX} Requires: libselinux >= 1.17.9 BuildRequires: libselinux-devel >= 1.17.9 %endif %if %{WITH_AUDIT} BuildRequires: audit-libs-devel >= 1.0.12 %endif %package extras Summary: The OpenSSH implementation of SSH protocol version 2. Requires: openssh = %{epoch}:%{version}-%{release} Group: Applications/Internet %package clients Summary: OpenSSH clients. Requires: openssh = %{epoch}:%{version}-%{release} Group: Applications/Internet Obsoletes: ssh-clients %package clients-extras Summary: OpenSSH clients. Requires: openssh-clients = %{epoch}:%{version}-%{release} Group: Applications/Internet %package server Summary: The OpenSSH server daemon. Group: System Environment/Daemons Obsoletes: ssh-server PreReq: openssh = %{epoch}:%{version}-%{release}, /usr/sbin/useradd, /usr/bin/id %if ! %{build6x} Requires: /etc/pam.d/system-auth, /%{_lib}/security/pam_loginuid.so %endif %if %{WITH_AUDIT} Requires: audit-libs >= 1.0.12 %endif %package server-extras Summary: The OpenSSH server daemon. Group: System Environment/Daemons PreReq: openssh-server = %{epoch}:%{version}-%{release} %package askpass Summary: A passphrase dialog for OpenSSH and X. Group: Applications/Internet Requires: openssh = %{epoch}:%{version}-%{release} Obsoletes: ssh-extras %package askpass-gnome Summary: A passphrase dialog for OpenSSH, X, and GNOME. Group: Applications/Internet Requires: openssh = %{epoch}:%{version}-%{release} Obsoletes: ssh-extras %description SSH (Secure SHell) is a program for logging into and executing commands on a remote machine. SSH is intended to replace rlogin and rsh, and to provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forwarded over the secure channel. OpenSSH is OpenBSD's version of the last free version of SSH, bringing it up to date in terms of security and features, as well as removing all patented algorithms to separate libraries. This package includes the core files necessary for both the OpenSSH client and server. To make this package useful, you should also install openssh-clients, openssh-server, or both. %description extras SSH (Secure SHell) is a program for logging into and executing commands on a remote machine. SSH is intended to replace rlogin and rsh, and to provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forwarded over the secure channel. OpenSSH is OpenBSD's version of the last free version of SSH, bringing it up to date in terms of security and features, as well as removing all patented algorithms to separate libraries. This package includes the core files necessary for both the OpenSSH client and server. To make this package useful, you should also install openssh-clients, openssh-server, or both. This package contains ripped down files %description clients OpenSSH is a free version of SSH (Secure SHell), a program for logging into and executing commands on a remote machine. This package includes the clients necessary to make encrypted connections to SSH servers. You'll also need to install the openssh package on OpenSSH clients. %description server OpenSSH is a free version of SSH (Secure SHell), a program for logging into and executing commands on a remote machine. This package contains the secure shell daemon (sshd). The sshd daemon allows SSH clients to securely connect to your SSH server. You also need to have the openssh package installed. %description clients-extras OpenSSH is a free version of SSH (Secure SHell), a program for logging into and executing commands on a remote machine. This package includes the clients necessary to make encrypted connections to SSH servers. You'll also need to install the openssh package on OpenSSH clients. This package contains ripped down files %description server-extras OpenSSH is a free version of SSH (Secure SHell), a program for logging into and executing commands on a remote machine. This package contains the secure shell daemon (sshd). The sshd daemon allows SSH clients to securely connect to your SSH server. You also need to have the openssh package installed. This package contains ripped down files %description askpass OpenSSH is a free version of SSH (Secure SHell), a program for logging into and executing commands on a remote machine. This package contains an X11 passphrase dialog for OpenSSH. %description askpass-gnome OpenSSH is a free version of SSH (Secure SHell), a program for logging into and executing commands on a remote machine. This package contains an X11 passphrase dialog for OpenSSH and the GNOME GUI desktop environment. %prep %if ! %{no_x11_askpass} %setup -q -a 2 %else %setup -q %endif %patch0 -p1 -b .redhat %patch1 -p1 -b .groups %patch2 -p1 -b .skip-initial %patch3 -p1 -b .krb5-config %patch4 -p1 -b .vendor %patch5 -p1 -b .signal %patch6 -p1 -b .exit-deadlock %patch7 -p1 -b .gid %patch8 -p1 -b .loginuid %if %{WITH_SELINUX} #SELinux %patch12 -p1 -b .selinux %endif %if %{WITH_AUDIT} %patch16 -p1 -b .audit %endif #%patch20 -p0 -b .gssapimitm %patch21 -p1 -b .skip-used %patch22 -p3 -b .destroy-creds %patch23 -p1 -b .no-system %patch24 -p1 -b .safe-stop %patch25 -p1 -b .no-overwrite %patch26 -p0 -b .pam-message %patch27 -p1 -b .log-chroot %patch28 -p1 -b .deattack-dos %patch29 -p1 -b .sig-no-cleanup %patch100 -p1 -b .condstop %patch30 -p1 -b .verify %patch31 -p1 -b .buffer-len %patch32 -p1 -b .no-dups %patch33 -p1 -b .no-v6only %patch34 -p1 -b .hash-known %patch35 -p1 -b .pam-session %patch36 -p1 -b .canohost %patch37 -p1 -b .krb5-leak %patch38 -p1 -b .sftp-memleak %patch39 -p1 -b .restart-reliable %patch40 -p1 -b .close-sock %patch41 -p1 -b .inject-fix %patch42 -p1 -b .drain-acks %patch43 -p1 -b .nonfatal %patch44 -p0 -b .scp-manpage %patch45 -p0 -b .scp-manpage autoreconf %build CFLAGS="$RPM_OPT_FLAGS"; export CFLAGS %if %{rescue} CFLAGS="$CFLAGS -Os" %endif %if %{pie} %ifarch s390 s390x CFLAGS="$CFLAGS -fPIE" %else CFLAGS="$CFLAGS -fpie" %endif export CFLAGS LDFLAGS="$LDFLAGS -pie"; export LDFLAGS %endif %if %{build6x} export CFLAGS="$CFLAGS -D__func__=__FUNCTION__" %endif %if %{kerberos5} krb5_prefix=`krb5-config --prefix` if test "$krb5_prefix" != "%{_prefix}" ; then CPPFLAGS="$CPPFLAGS -I${krb5_prefix}/include -I${krb5_prefix}/include/gssapi"; export CPPFLAGS CFLAGS="$CFLAGS -I${krb5_prefix}/include -I${krb5_prefix}/include/gssapi" LDFLAGS="$LDFLAGS -L${krb5_prefix}/%{_lib}"; export LDFLAGS else krb5_prefix= CPPFLAGS="-I%{_includedir}/gssapi"; export CPPFLAGS CFLAGS="$CFLAGS -I%{_includedir}/gssapi" fi %endif %configure \ --sysconfdir=%{_sysconfdir}/ssh \ --libexecdir=%{_libexecdir}/openssh \ --datadir=%{_datadir}/openssh \ --with-default-path=/bin:/usr/bin \ --with-superuser-path=/sbin:/bin:/usr/sbin:/usr/bin \ --with-privsep-path=%{_var}/empty/sshd \ --enable-vendor-patchlevel="endian-%{version}-%{release}" \ %if %{scard} --with-smartcard \ %endif %if %{build6x} --with-ipv4-default \ %endif %if %{rescue} --without-pam \ %else --with-pam \ %endif %if %{WITH_SELINUX} --with-selinux \ %else --without-selinux \ %endif %if %{WITH_AUDIT} --with-linux-audit \ %endif %if %{kerberos5} --with-kerberos5${krb5_prefix:+=${krb5_prefix}} %else --without-kerberos5 %endif %if %{static_libcrypto} perl -pi -e "s|-lcrypto|%{_libdir}/libcrypto.a|g" Makefile %endif make %if ! %{no_x11_askpass} pushd x11-ssh-askpass-%{aversion} # This configure can't handle platform strings. ./configure --prefix=%{_prefix} --libdir=%{_libdir} --libexecdir=%{_libexecdir}/openssh xmkmf -a make popd %endif # Define a variable to toggle gnome1/gtk2 building. This is necessary # because RPM doesn't handle nested %if statements. %if %{gtk2} gtk2=yes %else gtk2=no %endif %if ! %{no_gnome_askpass} pushd contrib if [ $gtk2 = yes ] ; then make gnome-ssh-askpass2 mv gnome-ssh-askpass2 gnome-ssh-askpass else make gnome-ssh-askpass1 mv gnome-ssh-askpass1 gnome-ssh-askpass fi popd %endif %install rm -rf $RPM_BUILD_ROOT mkdir -p -m755 $RPM_BUILD_ROOT%{_sysconfdir}/ssh mkdir -p -m755 $RPM_BUILD_ROOT%{_libexecdir}/openssh mkdir -p -m755 $RPM_BUILD_ROOT%{_var}/empty/sshd mkdir -p -m755 $RPM_BUILD_ROOT%{_var}/run/sshd make install DESTDIR=$RPM_BUILD_ROOT install -d $RPM_BUILD_ROOT/etc/pam.d/ install -d $RPM_BUILD_ROOT/etc/rc.d/init.d install -d $RPM_BUILD_ROOT%{_libexecdir}/openssh %if %{build6x} install -m644 contrib/redhat/sshd.pam.old $RPM_BUILD_ROOT/etc/pam.d/sshd install -m755 contrib/redhat/sshd.init.old $RPM_BUILD_ROOT/etc/rc.d/init.d/sshd %else install -m644 contrib/redhat/sshd.pam $RPM_BUILD_ROOT/etc/pam.d/sshd install -m755 contrib/redhat/sshd.init $RPM_BUILD_ROOT/etc/rc.d/init.d/sshd %endif %if ! %{no_x11_askpass} install -s x11-ssh-askpass-%{aversion}/x11-ssh-askpass $RPM_BUILD_ROOT%{_libexecdir}/openssh/x11-ssh-askpass ln -s x11-ssh-askpass $RPM_BUILD_ROOT%{_libexecdir}/openssh/ssh-askpass %endif %if ! %{no_gnome_askpass} install -s contrib/gnome-ssh-askpass $RPM_BUILD_ROOT%{_libexecdir}/openssh/gnome-ssh-askpass %endif %if ! %{scard} rm -f $RPM_BUILD_ROOT%{_datadir}/openssh/Ssh.bin %endif %if ! %{no_gnome_askpass} install -m 755 -d $RPM_BUILD_ROOT%{_sysconfdir}/profile.d/ install -m 755 contrib/redhat/gnome-ssh-askpass.csh $RPM_BUILD_ROOT%{_sysconfdir}/profile.d/ install -m 755 contrib/redhat/gnome-ssh-askpass.sh $RPM_BUILD_ROOT%{_sysconfdir}/profile.d/ %endif %if %{no_gnome_askpass} rm -f $RPM_BUILD_ROOT/etc/profile.d/gnome-ssh-askpass.* %endif perl -pi -e "s|$RPM_BUILD_ROOT||g" $RPM_BUILD_ROOT%{_mandir}/man*/* %clean rm -rf $RPM_BUILD_ROOT %triggerun server -- ssh-server if [ "$1" != 0 -a -r /var/run/sshd.pid ] ; then touch /var/run/sshd.restart fi %triggerun server -- openssh-server < 2.5.0p1 # Count the number of HostKey and HostDsaKey statements we have. gawk 'BEGIN {IGNORECASE=1} /^hostkey/ || /^hostdsakey/ {sawhostkey = sawhostkey + 1} END {exit sawhostkey}' /etc/ssh/sshd_config # And if we only found one, we know the client was relying on the old default # behavior, which loaded the the SSH2 DSA host key when HostDsaKey wasn't # specified. Now that HostKey is used for both SSH1 and SSH2 keys, specifying # one nullifies the default, which would have loaded both. if [ $? -eq 1 ] ; then echo HostKey /etc/ssh/ssh_host_rsa_key >> /etc/ssh/sshd_config echo HostKey /etc/ssh/ssh_host_dsa_key >> /etc/ssh/sshd_config fi %triggerpostun server -- ssh-server if [ "$1" != 0 ] ; then if test -f /var/run/sshd.restart ; then rm -f /var/run/sshd.restart /etc/init.d/sshd start > /dev/null 2>&1 || : fi fi %pre server %if %{nologin} /usr/sbin/useradd -c "Privilege-separated SSH" -u 74 \ -s /sbin/nologin -r -d /var/empty/sshd sshd 2> /dev/null || : %else /usr/sbin/useradd -c "Privilege-separated SSH" -u 74 \ -s /dev/null -r -d /var/empty/sshd sshd 2> /dev/null || : %endif %postun server /etc/init.d/sshd condrestart > /dev/null 2>&1 || : %preun server if [ "$1" = 0 ] then /etc/init.d/sshd stop > /dev/null 2>&1 || : fi %files %defattr(-,root,root) %attr(0755,root,root) %dir %{_sysconfdir}/ssh %attr(0600,root,root) %config(noreplace) %{_sysconfdir}/ssh/moduli %if ! %{rescue} %attr(0755,root,root) %{_bindir}/ssh-keygen %attr(0755,root,root) %dir %{_libexecdir}/openssh %attr(4711,root,root) %{_libexecdir}/openssh/ssh-keysign %endif %if %{scard} %attr(0755,root,root) %dir %{_datadir}/openssh %attr(0644,root,root) %{_datadir}/openssh/Ssh.bin %endif %files extras %defattr(-,root,root) %doc CREDITS ChangeLog INSTALL LICENCE OVERVIEW README* RFC* TODO WARNING* %if ! %{rescue} %attr(0644,root,root) %{_mandir}/man1/ssh-keygen.1* %attr(0644,root,root) %{_mandir}/man8/ssh-keysign.8* %endif %files clients %defattr(-,root,root) %attr(0755,root,root) %{_bindir}/ssh %attr(0755,root,root) %{_bindir}/scp %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/ssh/ssh_config %files clients-extras %defattr(-,root,root) %attr(-,root,root) %{_bindir}/slogin %attr(0644,root,root) %{_mandir}/man1/ssh.1* %attr(0644,root,root) %{_mandir}/man1/scp.1* %attr(0644,root,root) %{_mandir}/man1/slogin.1* %attr(0644,root,root) %{_mandir}/man5/ssh_config.5* %if ! %{rescue} %attr(2755,root,nobody) %{_bindir}/ssh-agent %attr(0755,root,root) %{_bindir}/ssh-add %attr(0755,root,root) %{_bindir}/ssh-keyscan %attr(0755,root,root) %{_bindir}/sftp %attr(0644,root,root) %{_mandir}/man1/ssh-agent.1* %attr(0644,root,root) %{_mandir}/man1/ssh-add.1* %attr(0644,root,root)
出於某種原因,更新檔 #1 無法應用。您可以查看 sshd.c.rej 以找出不匹配的確切位置。