Accepting request 887559 from home:hpjansson:openssh-tw

- Change vendor configuration dir from /usr/share/ssh/ to /usr/etc/ssh/. - Remove upgrade enablement hack. This has been fixed in systemd-rpm-macros (bsc#1180083). OBS-URL: https://build.opensuse.org/request/show/887559 OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=230
2021-04-27 13:00:08 +00:00 · 2021-04-27 13:00:08 +00:00 · b0cebdb7b8
commit b0cebdb7b8
parent d13558019e
3 changed files with 22 additions and 56 deletions
--- a/openssh-8.4p1-vendordir.patch
+++ b/openssh-8.4p1-vendordir.patch
@ -51,7 +51,7 @@ diff -u openssh-8.4p1/pathnames.h openssh-8.4p1-vendor/pathnames.h
 #define SSHDIR				ETCDIR "/ssh"
 #endif
 
-+#define VENDORDIR			"/usr/share/ssh"
+#define VENDORDIR			"/usr/etc/ssh"
 +
 #ifndef _PATH_SSH_PIDDIR
 #define _PATH_SSH_PIDDIR		"/var/run"
@ -124,7 +124,7 @@ diff -u openssh-8.4p1/ssh_config.5 openssh-8.4p1-vendor/ssh_config.5
 .Pq Pa /etc/ssh/ssh_config
 +.It
 +vendor configuration file
-+.Pq Pa /usr/share/ssh/ssh_config
+.Pq Pa /usr/etc/ssh/ssh_config
 .El
 .Pp
 For each parameter, the first obtained value
@ -132,7 +132,7 @@ diff -u openssh-8.4p1/ssh_config.5 openssh-8.4p1-vendor/ssh_config.5
 values that are not specified in the user's configuration file, and
 for those users who do not have a configuration file.
 This file must be world-readable.
-+.It Pa /usr/share/ssh/ssh_config
+.It Pa /usr/etc/ssh/ssh_config
 +Vendor specific configuraiton file.
 +This file provides the vendor defaults and is used as fallback if the
 +.Ic /etc/ssh/ssh_config
@ -192,7 +192,7 @@ diff -u openssh-8.4p1/sshd_config.5 openssh-8.4p1-vendor/sshd_config.5
 .Pa /etc/ssh/sshd_config
 -(or the file specified with
 +(
-+.Pa /usr/share/ssh/sshd_config
+.Pa /usr/etc/ssh/sshd_config
 +if the file does not exist or the file specified with
 .Fl f
 on the command line).
--- a/openssh.changes
+++ b/openssh.changes
@ -1,3 +1,11 @@
+-------------------------------------------------------------------
+Thu Apr 22 12:02:55 UTC 2021 - Hans Petter Jansson <hpj@suse.com>
+
+- Change vendor configuration dir from /usr/share/ssh/ to
+  /usr/etc/ssh/.
+- Remove upgrade enablement hack. This has been fixed in
+  systemd-rpm-macros (bsc#1180083).
+
 -------------------------------------------------------------------
 Wed Feb 24 13:20:37 UTC 2021 - Thorsten Kukuk <kukuk@suse.com>

--- a/openssh.spec
+++ b/openssh.spec
@ -29,8 +29,6 @@
 %define _appdefdir  %( grep "configdirspec=" $( which xmkmf ) | sed -r 's,^[^=]+=.*-I(.*)/config.*$,\\1/app-defaults,' )
 %define CHECKSUM_SUFFIX .hmac
 %define CHECKSUM_HMAC_KEY "HMAC_KEY:OpenSSH-FIPS@SLE"
-%define _tmpenableddir  %{_localstatedir}/lib/sshd
-%define _tmpenabledfile %{_tmpenableddir}/is-enabled.rpmtmp

 #Compat macro for new _fillupdir macro introduced in Nov 2017
 %if ! %{defined _fillupdir}
@ -322,11 +320,11 @@ install -m 755 contrib/ssh-copy-id %{buildroot}%{_bindir}
 install -m 644 contrib/ssh-copy-id.1 %{buildroot}%{_mandir}/man1
 sed -i -e s@%{_prefix}/libexec@%{_libexecdir}@g %{buildroot}%{_sysconfdir}/ssh/sshd_config

-# Move /etc to /usr/share/ssh
-mkdir -p %{buildroot}%{_datadir}/ssh
-mv %{buildroot}%{_sysconfdir}/ssh/moduli %{buildroot}%{_datadir}/ssh/
-mv %{buildroot}%{_sysconfdir}/ssh/ssh_config %{buildroot}%{_datadir}/ssh/
-mv %{buildroot}%{_sysconfdir}/ssh/sshd_config %{buildroot}%{_datadir}/ssh/
+# Move /etc to /usr/etc/ssh
+mkdir -p %{buildroot}%{_distconfdir}/ssh
+mv %{buildroot}%{_sysconfdir}/ssh/moduli %{buildroot}%{_distconfdir}/ssh/
+mv %{buildroot}%{_sysconfdir}/ssh/ssh_config %{buildroot}%{_distconfdir}/ssh/
+mv %{buildroot}%{_sysconfdir}/ssh/sshd_config %{buildroot}%{_distconfdir}/ssh/

 %if 0%{?suse_version} < 1550
 # install firewall definitions
@ -363,52 +361,17 @@ done

 }}

-%pre
-# Remember whether the sshd service was enabled prior to an upgrade. This
-# is needed when upgrading to a split-off openssh-server package. The
-# %%service_add_post scriptlet (in %%post server) will see it as a new service
-# and apply the preset, disabling it. We need to reenable it afterwards if
-# necessary.
-mkdir -p %{_tmpenableddir} || :
-if [ -x %{_bindir}/systemctl ]; then
-    %{_bindir}/systemctl is-enabled sshd > %{_tmpenabledfile} || :
-else
-    if find %{_sysconfdir}/init.d/rc[35].d -type l -regex '.*/S[0-9]+sshd' \
-        -exec readlink -f {} \; | grep '/etc/init.d/sshd$' >/dev/null 2>&1
-    then echo "enabled" > %{_tmpenabledfile} || :; fi
-fi
-
 %pre server -f sshd.pre
 %if %{defined _distconfdir}
 # move outdated pam.d/*.rpmsave file away
 test -f /etc/pam.d/sshd.rpmsave && mv -v /etc/pam.d/sshd.rpmsave /etc/pam.d/sshd.rpmsave.old ||:
 %endif

-# See %%pre.
-mkdir -p %{_tmpenableddir} || :
-if [ -x %{_bindir}/systemctl ]; then
-    %{_bindir}/systemctl is-enabled sshd > %{_tmpenabledfile} || :
-else
-    if find %{_sysconfdir}/init.d/rc[35].d -type l -regex '.*/S[0-9]+sshd' \
-        -exec readlink -f {} \; | grep '/etc/init.d/sshd$' >/dev/null 2>&1
-    then echo "enabled" > %{_tmpenabledfile} || :; fi
-fi
-
 %service_add_pre sshd.service

 %post server
 %{fillup_only -n ssh}
 %service_add_post sshd.service
-#%set_permissions %{_sysconfdir}/ssh/sshd_config
-
-# Work around %%service_add_post disabling the service on upgrades where
-# the package name changed.
-if [ -x %{_bindir}/systemctl ] && [ -f %{_tmpenabledfile} ] \
-    && [ x$(cat %{_tmpenabledfile} || :) == "xenabled" ]; then
-    systemctl enable sshd || :
-fi
-
-rm -f %{_tmpenabledfile}

 %preun server
 %service_del_preun sshd.service
@ -433,9 +396,6 @@ test -f /etc/pam.d/sshd.rpmsave && mv -v /etc/pam.d/sshd.rpmsave /etc/pam.d/sshd
 %triggerin -n openssh-fips -- %{name} = %{version}-%{release}
 %restart_on_update sshd

-#%verifyscript server
-#%verify_permissions -e %{_sysconfdir}/ssh/sshd_config
-
 %files
 # openssh is an empty package that depends on -clients and -server,
 # resulting in a clean upgrade path from prior to the split even when
@ -445,8 +405,8 @@ test -f /etc/pam.d/sshd.rpmsave && mv -v /etc/pam.d/sshd.rpmsave /etc/pam.d/sshd
 %license LICENCE
 %doc README.SUSE README.kerberos README.FIPS ChangeLog OVERVIEW README TODO CREDITS
 %attr(0755,root,root) %dir %{_sysconfdir}/ssh
-%attr(0755,root,root) %dir %{_datadir}/ssh
-%attr(0600,root,root) %{_datadir}/ssh/moduli
+%attr(0755,root,root) %dir %{_distconfdir}/ssh
+%attr(0600,root,root) %{_distconfdir}/ssh/moduli
 %attr(0444,root,root) %{_mandir}/man1/ssh-keygen.1*
 %attr(0444,root,root) %{_mandir}/man5/moduli.5*
 %attr(0755,root,root) %{_bindir}/ssh-keygen*
@ -457,8 +417,8 @@ test -f /etc/pam.d/sshd.rpmsave && mv -v /etc/pam.d/sshd.rpmsave /etc/pam.d/sshd
 %attr(0755,root,root) %{_sbindir}/sshd-gen-keys-start
 %dir %attr(0755,root,root) %{_localstatedir}/lib/sshd
 %dir %attr(0755,root,root) %{_sysconfdir}/ssh/sshd_config.d
-%attr(0755,root,root) %dir %{_datadir}/ssh
-%attr(0640,root,root) %{_datadir}/ssh/sshd_config
+%attr(0755,root,root) %dir %{_distconfdir}/ssh
+%attr(0640,root,root) %{_distconfdir}/ssh/sshd_config
 %if %{defined _distconfdir}
 %attr(0644,root,root) %{_distconfdir}/pam.d/sshd
 %else
@ -480,10 +440,8 @@ test -f /etc/pam.d/sshd.rpmsave && mv -v /etc/pam.d/sshd.rpmsave /etc/pam.d/sshd
 %endif

 %files clients
-#%verify(not mode) %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/ssh/ssh_config
-%attr(0755,root,root) %dir %{_datadir}/ssh
 %dir %attr(0755,root,root) %{_sysconfdir}/ssh/ssh_config.d
-%attr(0644,root,root) %{_datadir}/ssh/ssh_config
+%attr(0644,root,root) %{_distconfdir}/ssh/ssh_config
 %attr(0755,root,root) %{_bindir}/ssh
 %attr(0755,root,root) %{_bindir}/scp*
 %attr(0755,root,root) %{_bindir}/sftp*