From 1f2a4cd9cc364dd62979ddaa7f9c70a3a9b7d330d2e02bbba4d94f4a6b2f252b Mon Sep 17 00:00:00 2001 From: Antonio Larrosa Date: Mon, 15 Apr 2024 06:21:11 +0000 Subject: [PATCH] Accepting request 1167038 from home:alarrosa:branches:network - Make openssh-server recommend the openssh-server-config-rootlogin package in SLE in order to keep the same behaviour of previous SPs where the PermitRootLogin default was set to yes. - Fix crypto-policies requirement to be set by openssh-server, not the config-rootlogin subpackage. - Add back %config(noreplace) tag for more config files that were already set like this in previous SPs. OBS-URL: https://build.opensuse.org/request/show/1167038 OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=263 --- openssh.changes | 11 +++++++++++ openssh.spec | 11 +++++++---- 2 files changed, 18 insertions(+), 4 deletions(-) diff --git a/openssh.changes b/openssh.changes index eed4894..6808adb 100644 --- a/openssh.changes +++ b/openssh.changes @@ -1,3 +1,14 @@ +------------------------------------------------------------------- +Fri Apr 12 10:04:45 UTC 2024 - Antonio Larrosa + +- Make openssh-server recommend the openssh-server-config-rootlogin + package in SLE in order to keep the same behaviour of previous + SPs where the PermitRootLogin default was set to yes. +- Fix crypto-policies requirement to be set by openssh-server, not + the config-rootlogin subpackage. +- Add back %config(noreplace) tag for more config files that were + already set like this in previous SPs. + ------------------------------------------------------------------- Thu Apr 11 06:35:21 UTC 2024 - Arnav Singh diff --git a/openssh.spec b/openssh.spec index 7e87b12..99c96b5 100644 --- a/openssh.spec +++ b/openssh.spec @@ -190,7 +190,11 @@ clients. Summary: SSH (Secure Shell) server Group: Productivity/Networking/SSH Requires: %{name}-common = %{version}-%{release} +Requires: crypto-policies >= 20220824 Recommends: audit +%if 0%{?suse_version} == 1500 +Recommends: openssh-server-config-rootlogin +%endif Requires(pre): findutils Requires(pre): grep Requires(post): %fillup_prereq @@ -213,7 +217,6 @@ securely connect to your server. %package server-config-rootlogin Summary: Config to permit root logins to sshd Group: Productivity/Networking/SSH -Requires: crypto-policies >= 20220824 Requires: %{name}-server = %{version}-%{release} %description server-config-rootlogin @@ -485,7 +488,7 @@ test -f /etc/ssh/ssh_config.rpmsave && mv -v /etc/ssh/ssh_config.rpmsave /etc/ss %attr(0755,root,root) %dir %{_distconfdir}/ssh/ssh_config.d %else %attr(0755,root,root) %dir %{_sysconfdir}/ssh -%attr(0600,root,root) %{_sysconfdir}/ssh/moduli +%attr(0600,root,root) %config(noreplace) %{_sysconfdir}/ssh/moduli %attr(0755,root,root) %dir %{_sysconfdir}/ssh/ssh_config.d %endif %attr(0444,root,root) %{_mandir}/man1/ssh-keygen.1* @@ -533,7 +536,7 @@ test -f /etc/ssh/ssh_config.rpmsave && mv -v /etc/ssh/ssh_config.rpmsave /etc/ss %if %{defined _distconfdir} %{_distconfdir}/ssh/sshd_config.d/50-permit-root-login.conf %else -%{_sysconfdir}/ssh/sshd_config.d/50-permit-root-login.conf +%config(noreplace) %{_sysconfdir}/ssh/sshd_config.d/50-permit-root-login.conf %endif %files clients @@ -542,7 +545,7 @@ test -f /etc/ssh/ssh_config.rpmsave && mv -v /etc/ssh/ssh_config.rpmsave /etc/ss %if %{defined _distconfdir} %attr(0644,root,root) %{_distconfdir}/ssh/ssh_config %else -%attr(0644,root,root) %{_sysconfdir}/ssh/ssh_config +%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/ssh/ssh_config %endif %attr(0755,root,root) %{_bindir}/ssh %attr(0755,root,root) %{_bindir}/scp*