From bda5168147039e2ef59671a1209ecf4f176f1682ffb32e9f4ebe1beeb406d124 Mon Sep 17 00:00:00 2001 From: Hans Petter Jansson Date: Fri, 18 Sep 2020 17:44:52 +0000 Subject: [PATCH] Accepting request 835301 from home:jengelh:branches:network (re)based onto//includes 835039 - Move some Requires to the right subpackage. OBS-URL: https://build.opensuse.org/request/show/835301 OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=214 --- openssh-askpass-gnome.changes | 5 ++ openssh-askpass-gnome.spec | 8 +-- openssh.changes | 16 ++++- openssh.spec | 114 ++++++++++++++++++++++++---------- 4 files changed, 104 insertions(+), 39 deletions(-) diff --git a/openssh-askpass-gnome.changes b/openssh-askpass-gnome.changes index d986388..9109aa5 100644 --- a/openssh-askpass-gnome.changes +++ b/openssh-askpass-gnome.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Thu Sep 17 20:41:39 UTC 2020 - Jan Engelhardt + +- Upgrade some old specfile constructs/macros. + ------------------------------------------------------------------- Thu Sep 10 22:44:00 UTC 2020 - Hans Petter Jansson diff --git a/openssh-askpass-gnome.spec b/openssh-askpass-gnome.spec index 526b21f..7df1ed5 100644 --- a/openssh-askpass-gnome.spec +++ b/openssh-askpass-gnome.spec @@ -1,7 +1,7 @@ # # spec file for package openssh-askpass-gnome # -# Copyright (c) 2020 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2020 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -40,15 +40,15 @@ for executing commands on a remote machine. This package contains a GNOME-based passphrase dialog for OpenSSH. %prep -%setup -q -n %{_name}-%{version} +%autosetup -p1 -n %{_name}-%{version} %build cd contrib export CFLAGS="%{optflags}" %if 0%{?suse_version} >= 1550 -make %{?_smp_mflags} gnome-ssh-askpass3 +%make_build gnome-ssh-askpass3 %else -make %{?_smp_mflags} gnome-ssh-askpass2 +%make_build gnome-ssh-askpass2 %endif %install diff --git a/openssh.changes b/openssh.changes index 69d90f0..d949009 100644 --- a/openssh.changes +++ b/openssh.changes @@ -1,9 +1,19 @@ +------------------------------------------------------------------- +Thu Sep 17 20:41:39 UTC 2020 - Jan Engelhardt + +- Move some Requires to the right subpackage. +- Avoid ">&" bashism in %post. +- Upgrade some old specfile constructs/macros and drop unnecessary + %{?systemd_*}. +- Trim descriptions and straighten out the grammar. + ------------------------------------------------------------------- Thu Sep 10 21:38:30 UTC 2020 - Hans Petter Jansson -- Split openssh package into openssh, openssh-server and - openssh-clients. This allows for the ssh clients to be installed - without the server component (bsc#1176434). +- Split openssh package into openssh, openssh-common, + openssh-server and openssh-clients. This allows for the ssh + clients to be installed without the server component + (bsc#1176434). ------------------------------------------------------------------- Fri Jun 5 00:36:08 UTC 2020 - Hans Petter Jansson diff --git a/openssh.spec b/openssh.spec index 3d6810b..04fcf21 100644 --- a/openssh.spec +++ b/openssh.spec @@ -1,7 +1,7 @@ # # spec file for package openssh # -# Copyright (c) 2020 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2020 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -113,17 +113,8 @@ BuildRequires: pkgconfig BuildRequires: zlib-devel BuildRequires: pkgconfig(libfido2) BuildRequires: pkgconfig(libsystemd) -Requires(post): %fillup_prereq -Requires(pre): shadow -PreReq: permissions -Recommends: %{name}-server = %{version}-%{release} -Recommends: %{name}-clients = %{version}-%{release} -Recommends: %{name}-helpers = %{version}-%{release} -Recommends: audit -Conflicts: %{name}-fips < %{version}-%{release} -Conflicts: %{name}-fips > %{version}-%{release} -Conflicts: nonfreessh -%{?systemd_requires} +Requires: %{name}-clients = %{version}-%{release} +Requires: %{name}-server = %{version}-%{release} %if %{with tirpc} BuildRequires: libtirpc-devel %endif @@ -135,58 +126,112 @@ BuildRequires: krb5-mini-devel %description SSH (Secure Shell) is a program for logging into and executing commands -on a remote machine. It is intended to replace rsh (rlogin and rsh) and -provides openssl (secure encrypted communication) between two untrusted +on a remote machine. It replaces rsh (rlogin and rsh) and +provides a secure encrypted communication between two untrusted hosts over an insecure network. xorg-x11 (X Window System) connections and arbitrary TCP/IP ports can also be forwarded over the secure channel. +This is a dummy package that pulls in both the client and server +components. + +%package common +Summary: SSH (Secure Shell) common files +Group: Productivity/Networking/SSH +Conflicts: nonfreessh +Conflicts: %{name}-fips < %{version}-%{release} +Conflicts: %{name}-fips > %{version}-%{release} + +%description common +SSH (Secure Shell) is a program for logging into and executing commands +on a remote machine. It replaces rsh (rlogin and rsh) and +provides a secure encrypted communication between two untrusted +hosts over an insecure network. + +xorg-x11 (X Window System) connections and arbitrary TCP/IP ports can +also be forwarded over the secure channel. + +This package contains common files for the Secure Shell server and +clients. + %package server Summary: SSH (Secure Shell) server Group: Productivity/Networking/SSH -Requires: openssh = %{version}-%{release} +Requires: %{name}-common = %{version}-%{release} +Recommends: audit +Requires(pre): shadow +Requires(post): %fillup_prereq +Requires(post): permissions +Provides: openssh:%{_sbindir}/sshd %description server -The SSH (Secure Shell) daemon allows clients to securely connect to your -server. +SSH (Secure Shell) is a program for logging into and executing commands +on a remote machine. It replaces rsh (rlogin and rsh) and +provides a secure encrypted communication between two untrusted +hosts over an insecure network. + +xorg-x11 (X Window System) connections and arbitrary TCP/IP ports can +also be forwarded over the secure channel. + +This package contains the Secure Shell daemon, which allows clients to +securely connect to your server. %package clients Summary: SSH (Secure Shell) client applications Group: Productivity/Networking/SSH -Requires: openssh = %{version}-%{release} +Requires: %{name}-common = %{version}-%{release} +Provides: openssh:%{_bindir}/ssh %description clients -This package contains clients for making secure connections to SSH (Secure -Shell) servers. +SSH (Secure Shell) is a program for logging into and executing commands +on a remote machine. It replaces rsh (rlogin and rsh) and +provides a secure encrypted communication between two untrusted +hosts over an insecure network. + +xorg-x11 (X Window System) connections and arbitrary TCP/IP ports can +also be forwarded over the secure channel. + +This package contains clients for making secure connections to Secure +Shell servers. %package helpers Summary: OpenSSH AuthorizedKeysCommand helpers Group: Productivity/Networking/SSH -Requires: %{name} = %{version}-%{release} +Requires: %{name}-common = %{version}-%{release} %description helpers -Helper applications for OpenSSH which retrieve keys from various sources. +SSH (Secure Shell) is a program for logging into and executing commands +on a remote machine. It replaces rsh (rlogin and rsh) and +provides a secure encrypted communication between two untrusted +hosts over an insecure network. + +xorg-x11 (X Window System) connections and arbitrary TCP/IP ports can +also be forwarded over the secure channel. + +This package contains helper applications for OpenSSH which retrieve +keys from various sources. %package fips -Summary: OpenSSH FIPS cryptomodule HMACs +Summary: OpenSSH FIPS crypto module HMACs Group: Productivity/Networking/SSH -Requires: %{name} = %{version}-%{release} -Conflicts: %{name} < %{version}-%{release} -Conflicts: %{name} > %{version}-%{release} +Requires: %{name}-common = %{version}-%{release} +Conflicts: %{name}-common < %{version}-%{release} +Conflicts: %{name}-common > %{version}-%{release} Obsoletes: %{name}-hmac %description fips -Hashes that together with the main package form the FIPS certifiable -cryptomodule. +This package contains hashes that, together with the main openssh packages, +form the FIPS certifiable crypto module. %package cavs -Summary: OpenSSH FIPS cryptomodule CAVS tests +Summary: OpenSSH FIPS crypto module CAVS tests Group: Productivity/Networking/SSH -Requires: %{name} = %{version}-%{release} +Requires: %{name}-common = %{version}-%{release} %description cavs -FIPS140 CAVS tests related parts of the OpenSSH package +This package contains the FIPS140 CAVS (Cryptographic Algorithm +Validation Program/Suite) related tests of OpenSSH. %prep %setup -q @@ -305,7 +350,7 @@ getent passwd sshd >/dev/null || %{_sbindir}/useradd -r -g sshd -d %{_localstate # The openssh-fips trigger script for openssh will normally restart sshd once # it gets installed, so only restart the service here is openssh-fips is not # present -rpm -q openssh-fips >& /dev/null && DISABLE_RESTART_ON_UPDATE=yes +rpm -q openssh-fips >/dev/null 2>/dev/null && DISABLE_RESTART_ON_UPDATE=yes %service_del_postun sshd.service %triggerin -n openssh-fips -- %{name} = %{version}-%{release} @@ -315,6 +360,11 @@ rpm -q openssh-fips >& /dev/null && DISABLE_RESTART_ON_UPDATE=yes %verify_permissions -e %{_sysconfdir}/ssh/sshd_config %files +# openssh is an empty package that depends on -clients and -server, +# resulting in a clean upgrade path from prior to the split even when +# recommends are disabled. + +%files common %license LICENCE %doc README.SUSE README.kerberos README.FIPS ChangeLog OVERVIEW README TODO CREDITS %attr(0755,root,root) %dir %{_sysconfdir}/ssh