From b0cebdb7b8abc606850680ab627e09d51bf2ef034021a328d3522a40ff12bf26 Mon Sep 17 00:00:00 2001 From: Hans Petter Jansson Date: Tue, 27 Apr 2021 13:00:08 +0000 Subject: [PATCH] Accepting request 887559 from home:hpjansson:openssh-tw - Change vendor configuration dir from /usr/share/ssh/ to /usr/etc/ssh/. - Remove upgrade enablement hack. This has been fixed in systemd-rpm-macros (bsc#1180083). OBS-URL: https://build.opensuse.org/request/show/887559 OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=230 --- openssh-8.4p1-vendordir.patch | 8 ++--- openssh.changes | 8 +++++ openssh.spec | 62 ++++++----------------------------- 3 files changed, 22 insertions(+), 56 deletions(-) diff --git a/openssh-8.4p1-vendordir.patch b/openssh-8.4p1-vendordir.patch index 4cd9346..9566a96 100644 --- a/openssh-8.4p1-vendordir.patch +++ b/openssh-8.4p1-vendordir.patch @@ -51,7 +51,7 @@ diff -u openssh-8.4p1/pathnames.h openssh-8.4p1-vendor/pathnames.h #define SSHDIR ETCDIR "/ssh" #endif -+#define VENDORDIR "/usr/share/ssh" ++#define VENDORDIR "/usr/etc/ssh" + #ifndef _PATH_SSH_PIDDIR #define _PATH_SSH_PIDDIR "/var/run" @@ -124,7 +124,7 @@ diff -u openssh-8.4p1/ssh_config.5 openssh-8.4p1-vendor/ssh_config.5 .Pq Pa /etc/ssh/ssh_config +.It +vendor configuration file -+.Pq Pa /usr/share/ssh/ssh_config ++.Pq Pa /usr/etc/ssh/ssh_config .El .Pp For each parameter, the first obtained value @@ -132,7 +132,7 @@ diff -u openssh-8.4p1/ssh_config.5 openssh-8.4p1-vendor/ssh_config.5 values that are not specified in the user's configuration file, and for those users who do not have a configuration file. This file must be world-readable. -+.It Pa /usr/share/ssh/ssh_config ++.It Pa /usr/etc/ssh/ssh_config +Vendor specific configuraiton file. +This file provides the vendor defaults and is used as fallback if the +.Ic /etc/ssh/ssh_config @@ -192,7 +192,7 @@ diff -u openssh-8.4p1/sshd_config.5 openssh-8.4p1-vendor/sshd_config.5 .Pa /etc/ssh/sshd_config -(or the file specified with +( -+.Pa /usr/share/ssh/sshd_config ++.Pa /usr/etc/ssh/sshd_config +if the file does not exist or the file specified with .Fl f on the command line). diff --git a/openssh.changes b/openssh.changes index 1a38a66..e970f28 100644 --- a/openssh.changes +++ b/openssh.changes @@ -1,3 +1,11 @@ +------------------------------------------------------------------- +Thu Apr 22 12:02:55 UTC 2021 - Hans Petter Jansson + +- Change vendor configuration dir from /usr/share/ssh/ to + /usr/etc/ssh/. +- Remove upgrade enablement hack. This has been fixed in + systemd-rpm-macros (bsc#1180083). + ------------------------------------------------------------------- Wed Feb 24 13:20:37 UTC 2021 - Thorsten Kukuk diff --git a/openssh.spec b/openssh.spec index 0846fd6..4fce50c 100644 --- a/openssh.spec +++ b/openssh.spec @@ -29,8 +29,6 @@ %define _appdefdir %( grep "configdirspec=" $( which xmkmf ) | sed -r 's,^[^=]+=.*-I(.*)/config.*$,\\1/app-defaults,' ) %define CHECKSUM_SUFFIX .hmac %define CHECKSUM_HMAC_KEY "HMAC_KEY:OpenSSH-FIPS@SLE" -%define _tmpenableddir %{_localstatedir}/lib/sshd -%define _tmpenabledfile %{_tmpenableddir}/is-enabled.rpmtmp #Compat macro for new _fillupdir macro introduced in Nov 2017 %if ! %{defined _fillupdir} @@ -322,11 +320,11 @@ install -m 755 contrib/ssh-copy-id %{buildroot}%{_bindir} install -m 644 contrib/ssh-copy-id.1 %{buildroot}%{_mandir}/man1 sed -i -e s@%{_prefix}/libexec@%{_libexecdir}@g %{buildroot}%{_sysconfdir}/ssh/sshd_config -# Move /etc to /usr/share/ssh -mkdir -p %{buildroot}%{_datadir}/ssh -mv %{buildroot}%{_sysconfdir}/ssh/moduli %{buildroot}%{_datadir}/ssh/ -mv %{buildroot}%{_sysconfdir}/ssh/ssh_config %{buildroot}%{_datadir}/ssh/ -mv %{buildroot}%{_sysconfdir}/ssh/sshd_config %{buildroot}%{_datadir}/ssh/ +# Move /etc to /usr/etc/ssh +mkdir -p %{buildroot}%{_distconfdir}/ssh +mv %{buildroot}%{_sysconfdir}/ssh/moduli %{buildroot}%{_distconfdir}/ssh/ +mv %{buildroot}%{_sysconfdir}/ssh/ssh_config %{buildroot}%{_distconfdir}/ssh/ +mv %{buildroot}%{_sysconfdir}/ssh/sshd_config %{buildroot}%{_distconfdir}/ssh/ %if 0%{?suse_version} < 1550 # install firewall definitions @@ -363,52 +361,17 @@ done }} -%pre -# Remember whether the sshd service was enabled prior to an upgrade. This -# is needed when upgrading to a split-off openssh-server package. The -# %%service_add_post scriptlet (in %%post server) will see it as a new service -# and apply the preset, disabling it. We need to reenable it afterwards if -# necessary. -mkdir -p %{_tmpenableddir} || : -if [ -x %{_bindir}/systemctl ]; then - %{_bindir}/systemctl is-enabled sshd > %{_tmpenabledfile} || : -else - if find %{_sysconfdir}/init.d/rc[35].d -type l -regex '.*/S[0-9]+sshd' \ - -exec readlink -f {} \; | grep '/etc/init.d/sshd$' >/dev/null 2>&1 - then echo "enabled" > %{_tmpenabledfile} || :; fi -fi - %pre server -f sshd.pre %if %{defined _distconfdir} # move outdated pam.d/*.rpmsave file away test -f /etc/pam.d/sshd.rpmsave && mv -v /etc/pam.d/sshd.rpmsave /etc/pam.d/sshd.rpmsave.old ||: %endif -# See %%pre. -mkdir -p %{_tmpenableddir} || : -if [ -x %{_bindir}/systemctl ]; then - %{_bindir}/systemctl is-enabled sshd > %{_tmpenabledfile} || : -else - if find %{_sysconfdir}/init.d/rc[35].d -type l -regex '.*/S[0-9]+sshd' \ - -exec readlink -f {} \; | grep '/etc/init.d/sshd$' >/dev/null 2>&1 - then echo "enabled" > %{_tmpenabledfile} || :; fi -fi - %service_add_pre sshd.service %post server %{fillup_only -n ssh} %service_add_post sshd.service -#%set_permissions %{_sysconfdir}/ssh/sshd_config - -# Work around %%service_add_post disabling the service on upgrades where -# the package name changed. -if [ -x %{_bindir}/systemctl ] && [ -f %{_tmpenabledfile} ] \ - && [ x$(cat %{_tmpenabledfile} || :) == "xenabled" ]; then - systemctl enable sshd || : -fi - -rm -f %{_tmpenabledfile} %preun server %service_del_preun sshd.service @@ -433,9 +396,6 @@ test -f /etc/pam.d/sshd.rpmsave && mv -v /etc/pam.d/sshd.rpmsave /etc/pam.d/sshd %triggerin -n openssh-fips -- %{name} = %{version}-%{release} %restart_on_update sshd -#%verifyscript server -#%verify_permissions -e %{_sysconfdir}/ssh/sshd_config - %files # openssh is an empty package that depends on -clients and -server, # resulting in a clean upgrade path from prior to the split even when @@ -445,8 +405,8 @@ test -f /etc/pam.d/sshd.rpmsave && mv -v /etc/pam.d/sshd.rpmsave /etc/pam.d/sshd %license LICENCE %doc README.SUSE README.kerberos README.FIPS ChangeLog OVERVIEW README TODO CREDITS %attr(0755,root,root) %dir %{_sysconfdir}/ssh -%attr(0755,root,root) %dir %{_datadir}/ssh -%attr(0600,root,root) %{_datadir}/ssh/moduli +%attr(0755,root,root) %dir %{_distconfdir}/ssh +%attr(0600,root,root) %{_distconfdir}/ssh/moduli %attr(0444,root,root) %{_mandir}/man1/ssh-keygen.1* %attr(0444,root,root) %{_mandir}/man5/moduli.5* %attr(0755,root,root) %{_bindir}/ssh-keygen* @@ -457,8 +417,8 @@ test -f /etc/pam.d/sshd.rpmsave && mv -v /etc/pam.d/sshd.rpmsave /etc/pam.d/sshd %attr(0755,root,root) %{_sbindir}/sshd-gen-keys-start %dir %attr(0755,root,root) %{_localstatedir}/lib/sshd %dir %attr(0755,root,root) %{_sysconfdir}/ssh/sshd_config.d -%attr(0755,root,root) %dir %{_datadir}/ssh -%attr(0640,root,root) %{_datadir}/ssh/sshd_config +%attr(0755,root,root) %dir %{_distconfdir}/ssh +%attr(0640,root,root) %{_distconfdir}/ssh/sshd_config %if %{defined _distconfdir} %attr(0644,root,root) %{_distconfdir}/pam.d/sshd %else @@ -480,10 +440,8 @@ test -f /etc/pam.d/sshd.rpmsave && mv -v /etc/pam.d/sshd.rpmsave /etc/pam.d/sshd %endif %files clients -#%verify(not mode) %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/ssh/ssh_config -%attr(0755,root,root) %dir %{_datadir}/ssh %dir %attr(0755,root,root) %{_sysconfdir}/ssh/ssh_config.d -%attr(0644,root,root) %{_datadir}/ssh/ssh_config +%attr(0644,root,root) %{_distconfdir}/ssh/ssh_config %attr(0755,root,root) %{_bindir}/ssh %attr(0755,root,root) %{_bindir}/scp* %attr(0755,root,root) %{_bindir}/sftp*