diff --git a/openssh.spec b/openssh.spec index 01a671c2c283e89e408a337409a89bb7853a6381..ba485cf1c658800ba4c5df451e65006db95bb6de 100644 --- a/openssh.spec +++ b/openssh.spec @@ -1,4 +1,4 @@ -%define anolis_release 1 +%define anolis_release 2 # Do we want SELinux & Audit %if 0%{?!noselinux:1} %global WITH_SELINUX 1 @@ -45,6 +45,12 @@ # rpm -ba|--rebuild --define "static_openssl 1" %{?static_openssl:%global static_libcrypto 1} +# Options for libfido2 support +# libfido2 has strong dependecy on libcbor, but libcbor changes its soname too often, +# which will lead to frequent rebuilds of libfido. providing a switch on libfido2 support +# within openssh is a must-have choice. +%bcond_with libfido2 + # Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1 %global openssh_ver 9.0p1 %global pam_ssh_agent_ver 0.10.4 @@ -242,7 +248,9 @@ BuildRequires: systemd-devel BuildRequires: systemd-rpm-macros BuildRequires: gcc make BuildRequires: p11-kit-devel +%if %{with libfido2} BuildRequires: libfido2-devel +%endif Recommends: p11-kit Obsoletes: openssh-ldap < 8.3p1-4 Obsoletes: openssh-cavs < 8.4p1-5 @@ -477,6 +485,11 @@ fi --without-hardening `# The hardening flags are configured by system` \ --with-systemd \ --with-default-pkcs11-provider=yes \ +%if %{with libfido2} + --enable-security-key \ +%else + --disable-security-key \ +%endif --with-security-key-builtin=yes \ --with-pam \ %if %{WITH_SELINUX} @@ -536,7 +549,6 @@ make tests %endif %install -rm -rf $RPM_BUILD_ROOT mkdir -p -m755 $RPM_BUILD_ROOT%{_sysconfdir}/ssh mkdir -p -m755 $RPM_BUILD_ROOT%{_sysconfdir}/ssh/ssh_config.d mkdir -p -m755 $RPM_BUILD_ROOT%{_sysconfdir}/ssh/sshd_config.d @@ -707,6 +719,9 @@ test -f %{sysconfig_anaconda} && \ %endif %changelog +* Fri Feb 17 2023 Funda Wang - 9.0p1-2 +- Add switch for libfido2 support + * Thu Feb 02 2023 happy_orange - 9.0p1-1 - update to 9.0p1