Dominique Leuenberger 2020-09-28 11:56:50 +00:00 committed by Git OBS Bridge
parent 0b6a0633f1
commit 3ce85325a2
4 changed files with 51 additions and 182 deletions

View File

@ -1,13 +1,3 @@
-------------------------------------------------------------------
Thu Sep 17 20:41:39 UTC 2020 - Jan Engelhardt <jengelh@inai.de>
- Upgrade some old specfile constructs/macros.
-------------------------------------------------------------------
Thu Sep 10 22:44:00 UTC 2020 - Hans Petter Jansson <hpj@suse.com>
- Supplement openssh-clients instead of openssh (bsc#1176434).
------------------------------------------------------------------- -------------------------------------------------------------------
Thu Jul 18 14:07:56 UTC 2019 - Fabian Vogt <fvogt@suse.com> Thu Jul 18 14:07:56 UTC 2019 - Fabian Vogt <fvogt@suse.com>

View File

@ -1,7 +1,7 @@
# #
# spec file for package openssh-askpass-gnome # spec file for package openssh-askpass-gnome
# #
# Copyright (c) 2020 SUSE LLC # Copyright (c) 2020 SUSE LINUX GmbH, Nuernberg, Germany.
# #
# All modifications and additions to the file contributed by third parties # All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed # remain the property of their copyright owners, unless otherwise agreed
@ -27,7 +27,7 @@ URL: http://www.openssh.com/
Source: http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/%{_name}-%{version}.tar.gz Source: http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/%{_name}-%{version}.tar.gz
Source42: http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/%{_name}-%{version}.tar.gz.asc Source42: http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/%{_name}-%{version}.tar.gz.asc
Requires: %{_name} = %{version} Requires: %{_name} = %{version}
Supplements: packageand(openssh-clients:libgtk-3-0) Supplements: packageand(openssh:libgtk-3-0)
%if 0%{?suse_version} >= 1550 %if 0%{?suse_version} >= 1550
BuildRequires: gtk3-devel BuildRequires: gtk3-devel
%else %else
@ -40,15 +40,15 @@ for executing commands on a remote machine. This package contains a
GNOME-based passphrase dialog for OpenSSH. GNOME-based passphrase dialog for OpenSSH.
%prep %prep
%autosetup -p1 -n %{_name}-%{version} %setup -q -n %{_name}-%{version}
%build %build
cd contrib cd contrib
export CFLAGS="%{optflags}" export CFLAGS="%{optflags}"
%if 0%{?suse_version} >= 1550 %if 0%{?suse_version} >= 1550
%make_build gnome-ssh-askpass3 make %{?_smp_mflags} gnome-ssh-askpass3
%else %else
%make_build gnome-ssh-askpass2 make %{?_smp_mflags} gnome-ssh-askpass2
%endif %endif
%install %install

View File

@ -1,30 +1,3 @@
-------------------------------------------------------------------
Fri Sep 25 13:40:51 UTC 2020 - Dominique Leuenberger <dimstar@opensuse.org>
- Fix fillup-template usage:
+ %post server needs to reference ssh (not sshd), which matches
the sysconfig.ssh file name the package ships.
+ %post client does not need any fillup_ calls, as there is no
client-relevant sysconfig file present. The naming of the
sysconfig file (ssh instead of sshd) is unfortunate.
-------------------------------------------------------------------
Thu Sep 17 20:41:39 UTC 2020 - Jan Engelhardt <jengelh@inai.de>
- Move some Requires to the right subpackage.
- Avoid ">&" bashism in %post.
- Upgrade some old specfile constructs/macros and drop unnecessary
%{?systemd_*}.
- Trim descriptions and straighten out the grammar.
-------------------------------------------------------------------
Thu Sep 10 21:38:30 UTC 2020 - Hans Petter Jansson <hpj@suse.com>
- Split openssh package into openssh, openssh-common,
openssh-server and openssh-clients. This allows for the ssh
clients to be installed without the server component
(bsc#1176434).
------------------------------------------------------------------- -------------------------------------------------------------------
Fri Jun 5 00:36:08 UTC 2020 - Hans Petter Jansson <hpj@suse.com> Fri Jun 5 00:36:08 UTC 2020 - Hans Petter Jansson <hpj@suse.com>

View File

@ -1,7 +1,7 @@
# #
# spec file for package openssh # spec file for package openssh
# #
# Copyright (c) 2020 SUSE LLC # Copyright (c) 2020 SUSE LINUX GmbH, Nuernberg, Germany.
# #
# All modifications and additions to the file contributed by third parties # All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed # remain the property of their copyright owners, unless otherwise agreed
@ -113,8 +113,14 @@ BuildRequires: pkgconfig
BuildRequires: zlib-devel BuildRequires: zlib-devel
BuildRequires: pkgconfig(libfido2) BuildRequires: pkgconfig(libfido2)
BuildRequires: pkgconfig(libsystemd) BuildRequires: pkgconfig(libsystemd)
Requires: %{name}-clients = %{version}-%{release} Requires(post): %fillup_prereq
Requires: %{name}-server = %{version}-%{release} Requires(pre): shadow
Recommends: %{name}-helpers = %{version}-%{release}
Recommends: audit
Conflicts: %{name}-fips < %{version}-%{release}
Conflicts: %{name}-fips > %{version}-%{release}
Conflicts: nonfreessh
%{?systemd_requires}
%if %{with tirpc} %if %{with tirpc}
BuildRequires: libtirpc-devel BuildRequires: libtirpc-devel
%endif %endif
@ -126,112 +132,40 @@ BuildRequires: krb5-mini-devel
%description %description
SSH (Secure Shell) is a program for logging into and executing commands SSH (Secure Shell) is a program for logging into and executing commands
on a remote machine. It replaces rsh (rlogin and rsh) and on a remote machine. It is intended to replace rsh (rlogin and rsh) and
provides a secure encrypted communication between two untrusted provides openssl (secure encrypted communication) between two untrusted
hosts over an insecure network. hosts over an insecure network.
xorg-x11 (X Window System) connections and arbitrary TCP/IP ports can xorg-x11 (X Window System) connections and arbitrary TCP/IP ports can
also be forwarded over the secure channel. also be forwarded over the secure channel.
This is a dummy package that pulls in both the client and server
components.
%package common
Summary: SSH (Secure Shell) common files
Group: Productivity/Networking/SSH
Conflicts: nonfreessh
Conflicts: %{name}-fips < %{version}-%{release}
Conflicts: %{name}-fips > %{version}-%{release}
%description common
SSH (Secure Shell) is a program for logging into and executing commands
on a remote machine. It replaces rsh (rlogin and rsh) and
provides a secure encrypted communication between two untrusted
hosts over an insecure network.
xorg-x11 (X Window System) connections and arbitrary TCP/IP ports can
also be forwarded over the secure channel.
This package contains common files for the Secure Shell server and
clients.
%package server
Summary: SSH (Secure Shell) server
Group: Productivity/Networking/SSH
Requires: %{name}-common = %{version}-%{release}
Recommends: audit
Requires(pre): shadow
Requires(post): %fillup_prereq
Requires(post): permissions
Provides: openssh:%{_sbindir}/sshd
%description server
SSH (Secure Shell) is a program for logging into and executing commands
on a remote machine. It replaces rsh (rlogin and rsh) and
provides a secure encrypted communication between two untrusted
hosts over an insecure network.
xorg-x11 (X Window System) connections and arbitrary TCP/IP ports can
also be forwarded over the secure channel.
This package contains the Secure Shell daemon, which allows clients to
securely connect to your server.
%package clients
Summary: SSH (Secure Shell) client applications
Group: Productivity/Networking/SSH
Requires: %{name}-common = %{version}-%{release}
Provides: openssh:%{_bindir}/ssh
%description clients
SSH (Secure Shell) is a program for logging into and executing commands
on a remote machine. It replaces rsh (rlogin and rsh) and
provides a secure encrypted communication between two untrusted
hosts over an insecure network.
xorg-x11 (X Window System) connections and arbitrary TCP/IP ports can
also be forwarded over the secure channel.
This package contains clients for making secure connections to Secure
Shell servers.
%package helpers %package helpers
Summary: OpenSSH AuthorizedKeysCommand helpers Summary: OpenSSH AuthorizedKeysCommand helpers
Group: Productivity/Networking/SSH Group: Productivity/Networking/SSH
Requires: %{name}-common = %{version}-%{release} Requires: %{name} = %{version}-%{release}
%description helpers %description helpers
SSH (Secure Shell) is a program for logging into and executing commands Helper applications for OpenSSH which retrieve keys from various sources.
on a remote machine. It replaces rsh (rlogin and rsh) and
provides a secure encrypted communication between two untrusted
hosts over an insecure network.
xorg-x11 (X Window System) connections and arbitrary TCP/IP ports can
also be forwarded over the secure channel.
This package contains helper applications for OpenSSH which retrieve
keys from various sources.
%package fips %package fips
Summary: OpenSSH FIPS crypto module HMACs Summary: OpenSSH FIPS cryptomodule HMACs
Group: Productivity/Networking/SSH Group: Productivity/Networking/SSH
Requires: %{name}-common = %{version}-%{release} Requires: %{name} = %{version}-%{release}
Conflicts: %{name}-common < %{version}-%{release} Conflicts: %{name} < %{version}-%{release}
Conflicts: %{name}-common > %{version}-%{release} Conflicts: %{name} > %{version}-%{release}
Obsoletes: %{name}-hmac Obsoletes: %{name}-hmac
%description fips %description fips
This package contains hashes that, together with the main openssh packages, Hashes that together with the main package form the FIPS certifiable
form the FIPS certifiable crypto module. cryptomodule.
%package cavs %package cavs
Summary: OpenSSH FIPS crypto module CAVS tests Summary: OpenSSH FIPS cryptomodule CAVS tests
Group: Productivity/Networking/SSH Group: Productivity/Networking/SSH
Requires: %{name}-common = %{version}-%{release} Requires: %{name} = %{version}-%{release}
%description cavs %description cavs
This package contains the FIPS140 CAVS (Cryptographic Algorithm FIPS140 CAVS tests related parts of the OpenSSH package
Validation Program/Suite) related tests of OpenSSH.
%prep %prep
%setup -q %setup -q
@ -330,58 +264,56 @@ done
}} }}
%pre server %pre
getent group sshd >/dev/null || %{_sbindir}/groupadd -r sshd getent group sshd >/dev/null || %{_sbindir}/groupadd -r sshd
getent passwd sshd >/dev/null || %{_sbindir}/useradd -r -g sshd -d %{_localstatedir}/lib/sshd -s /bin/false -c "SSH daemon" sshd getent passwd sshd >/dev/null || %{_sbindir}/useradd -r -g sshd -d %{_localstatedir}/lib/sshd -s /bin/false -c "SSH daemon" sshd
%service_add_pre sshd.service %service_add_pre sshd.service
%post server %post
%{fillup_only -n ssh} %{fillup_only -n ssh sshd}
%service_add_post sshd.service %service_add_post sshd.service
%set_permissions %{_sysconfdir}/ssh/sshd_config %set_permissions %{_sysconfdir}/ssh/sshd_config
%preun server %preun
%service_del_preun sshd.service %service_del_preun sshd.service
%postun server %postun
# The openssh-fips trigger script for openssh will normally restart sshd once # The openssh-fips trigger script for openssh will normally restart sshd once
# it gets installed, so only restart the service here is openssh-fips is not # it gets installed, so only restart the service here is openssh-fips is not
# present # present
rpm -q openssh-fips >/dev/null 2>/dev/null && DISABLE_RESTART_ON_UPDATE=yes rpm -q openssh-fips >& /dev/null && DISABLE_RESTART_ON_UPDATE=yes
%service_del_postun sshd.service %service_del_postun sshd.service
%triggerin -n openssh-fips -- %{name} = %{version}-%{release} %triggerin -n openssh-fips -- %{name} = %{version}-%{release}
%restart_on_update sshd %restart_on_update sshd
%verifyscript server %verifyscript
%verify_permissions -e %{_sysconfdir}/ssh/sshd_config %verify_permissions -e %{_sysconfdir}/ssh/sshd_config
%files %files
# openssh is an empty package that depends on -clients and -server, %exclude %{_bindir}/ssh%{CHECKSUM_SUFFIX}
# resulting in a clean upgrade path from prior to the split even when %exclude %{_sbindir}/sshd%{CHECKSUM_SUFFIX}
# recommends are disabled. %exclude %{_libexecdir}/ssh/sftp-server%{CHECKSUM_SUFFIX}
%exclude %{_libexecdir}/ssh/cavs*
%files common %dir %attr(755,root,root) %{_localstatedir}/lib/sshd
%license LICENCE %license LICENCE
%doc README.SUSE README.kerberos README.FIPS ChangeLog OVERVIEW README TODO CREDITS %doc README.SUSE README.kerberos README.FIPS ChangeLog OVERVIEW README TODO CREDITS
%attr(0755,root,root) %dir %{_sysconfdir}/ssh %attr(0755,root,root) %dir %{_sysconfdir}/ssh
%attr(0600,root,root) %config(noreplace) %{_sysconfdir}/ssh/moduli %attr(0600,root,root) %config(noreplace) %{_sysconfdir}/ssh/moduli
%attr(0444,root,root) %{_mandir}/man1/ssh-keygen.1* %verify(not mode) %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/ssh/ssh_config
%attr(0444,root,root) %{_mandir}/man5/moduli.5* %verify(not mode) %attr(0600,root,root) %config(noreplace) %{_sysconfdir}/ssh/sshd_config
%attr(0755,root,root) %{_bindir}/ssh-keygen*
%files server
%attr(0755,root,root) %{_sbindir}/sshd
%attr(0755,root,root) %{_sbindir}/rcsshd
%attr(0755,root,root) %{_sbindir}/sshd-gen-keys-start
%dir %attr(755,root,root) %{_localstatedir}/lib/sshd
%verify(not mode) %attr(0640,root,root) %config(noreplace) %{_sysconfdir}/ssh/sshd_config
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/pam.d/sshd %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/pam.d/sshd
%attr(0644,root,root) %{_unitdir}/sshd.service %attr(0644,root,root) %{_unitdir}/sshd.service
%attr(0444,root,root) %{_mandir}/man5/sshd_config* %attr(0755,root,root) %{_bindir}/*
%attr(0444,root,root) %{_mandir}/man8/sftp-server.8* %attr(0755,root,root) %{_sbindir}/*
%attr(0444,root,root) %{_mandir}/man8/sshd.8* %attr(0755,root,root) %dir %{_libexecdir}/ssh
%attr(0755,root,root) %{_libexecdir}/ssh/sftp-server %exclude %{_libexecdir}/ssh/ssh-ldap*
%attr(0755,root,root) %{_libexecdir}/ssh/*
%attr(0444,root,root) %{_mandir}/man1/*
%attr(0444,root,root) %{_mandir}/man5/*
%attr(0444,root,root) %{_mandir}/man8/*
%exclude %{_mandir}/man5/ssh-ldap*
%exclude %{_mandir}/man8/ssh-ldap*
%dir %{_sysconfdir}/slp.reg.d %dir %{_sysconfdir}/slp.reg.d
%config %{_sysconfdir}/slp.reg.d/ssh.reg %config %{_sysconfdir}/slp.reg.d/ssh.reg
%{_fillupdir}/sysconfig.ssh %{_fillupdir}/sysconfig.ssh
@ -391,32 +323,6 @@ rpm -q openssh-fips >/dev/null 2>/dev/null && DISABLE_RESTART_ON_UPDATE=yes
%config %{_fwdefdir}/sshd %config %{_fwdefdir}/sshd
%endif %endif
%files clients
%verify(not mode) %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/ssh/ssh_config
%attr(0755,root,root) %{_bindir}/ssh
%attr(0755,root,root) %{_bindir}/scp*
%attr(0755,root,root) %{_bindir}/sftp*
%attr(0755,root,root) %{_bindir}/ssh-add*
%attr(0755,root,root) %{_bindir}/ssh-agent*
%attr(0755,root,root) %{_bindir}/ssh-copy-id*
%attr(0755,root,root) %{_bindir}/ssh-keyscan*
%attr(0755,root,root) %dir %{_libexecdir}/ssh
%attr(0755,root,root) %{_libexecdir}/ssh/ssh-askpass*
%attr(0755,root,root) %{_libexecdir}/ssh/ssh-keysign*
%attr(0755,root,root) %{_libexecdir}/ssh/ssh-pkcs11-helper*
%attr(0755,root,root) %{_libexecdir}/ssh/ssh-sk-helper*
%attr(0444,root,root) %{_mandir}/man1/scp.1*
%attr(0444,root,root) %{_mandir}/man1/sftp.1*
%attr(0444,root,root) %{_mandir}/man1/ssh-add.1*
%attr(0444,root,root) %{_mandir}/man1/ssh-agent.1*
%attr(0444,root,root) %{_mandir}/man1/ssh-keyscan.1*
%attr(0444,root,root) %{_mandir}/man1/ssh.1*
%attr(0444,root,root) %{_mandir}/man1/ssh-copy-id.1*
%attr(0444,root,root) %{_mandir}/man5/ssh_config.5*
%attr(0444,root,root) %{_mandir}/man8/ssh-pkcs11-helper.8*
%attr(0444,root,root) %{_mandir}/man8/ssh-sk-helper.8*
%attr(0444,root,root) %{_mandir}/man8/ssh-keysign.8*
%files helpers %files helpers
%attr(0755,root,root) %dir %{_sysconfdir}/ssh %attr(0755,root,root) %dir %{_sysconfdir}/ssh
%verify(not mode) %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/ssh/ldap.conf %verify(not mode) %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/ssh/ldap.conf