Accepting request 840337 from home:hpjansson:sle-14821
- Work around %service_add_post disabling sshd on upgrade with package name change (bsc#1177039). - Use of DISABLE_RESTART_ON_UPDATE is deprecated. Replace it with %service_del_postun_without_restart OBS-URL: https://build.opensuse.org/request/show/840337 OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=218
This commit is contained in:
Hans Petter Jansson
Git OBS Bridge
parent
633a41eb24
commit
f0e7b033d5
@ -1,3 +1,9 @@
|
||||
-------------------------------------------------------------------
|
||||
Thu Oct 8 21:38:27 UTC 2020 - Hans Petter Jansson <hpj@suse.com>
|
||||
|
||||
- Work around %service_add_post disabling sshd on upgrade with
|
||||
package name change (bsc#1177039).
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Sep 25 13:40:51 UTC 2020 - Dominique Leuenberger <dimstar@opensuse.org>
|
||||
|
||||
@ -8,6 +14,13 @@ Fri Sep 25 13:40:51 UTC 2020 - Dominique Leuenberger <dimstar@opensuse.org>
|
||||
client-relevant sysconfig file present. The naming of the
|
||||
sysconfig file (ssh instead of sshd) is unfortunate.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Sep 25 10:59:50 UTC 2020 - Franck Bui <fbui@suse.com>
|
||||
|
||||
- Use of DISABLE_RESTART_ON_UPDATE is deprecated.
|
||||
|
||||
Replace it with %service_del_postun_without_restart
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Sep 17 20:41:39 UTC 2020 - Jan Engelhardt <jengelh@inai.de>
|
||||
|
||||
|
||||
51
openssh.spec
51
openssh.spec
@ -30,6 +30,9 @@
|
||||
%define _appdefdir %( grep "configdirspec=" $( which xmkmf ) | sed -r 's,^[^=]+=.*-I(.*)/config.*$,\\1/app-defaults,' )
|
||||
%define CHECKSUM_SUFFIX .hmac
|
||||
%define CHECKSUM_HMAC_KEY "HMAC_KEY:OpenSSH-FIPS@SLE"
|
||||
%define _tmpenableddir %{_localstatedir}/lib/sshd
|
||||
%define _tmpenabledfile %{_tmpenableddir}/is-enabled.rpmtmp
|
||||
|
||||
#Compat macro for new _fillupdir macro introduced in Nov 2017
|
||||
%if ! %{defined _fillupdir}
|
||||
%define _fillupdir %{_localstatedir}/adm/fillup-templates
|
||||
@ -127,7 +130,7 @@ BuildRequires: krb5-mini-devel
|
||||
%description
|
||||
SSH (Secure Shell) is a program for logging into and executing commands
|
||||
on a remote machine. It replaces rsh (rlogin and rsh) and
|
||||
provides a secure encrypted communication between two untrusted
|
||||
provides secure encrypted communication between two untrusted
|
||||
hosts over an insecure network.
|
||||
|
||||
xorg-x11 (X Window System) connections and arbitrary TCP/IP ports can
|
||||
@ -146,7 +149,7 @@ Conflicts: %{name}-fips > %{version}-%{release}
|
||||
%description common
|
||||
SSH (Secure Shell) is a program for logging into and executing commands
|
||||
on a remote machine. It replaces rsh (rlogin and rsh) and
|
||||
provides a secure encrypted communication between two untrusted
|
||||
provides secure encrypted communication between two untrusted
|
||||
hosts over an insecure network.
|
||||
|
||||
xorg-x11 (X Window System) connections and arbitrary TCP/IP ports can
|
||||
@ -168,7 +171,7 @@ Provides: openssh:%{_sbindir}/sshd
|
||||
%description server
|
||||
SSH (Secure Shell) is a program for logging into and executing commands
|
||||
on a remote machine. It replaces rsh (rlogin and rsh) and
|
||||
provides a secure encrypted communication between two untrusted
|
||||
provides secure encrypted communication between two untrusted
|
||||
hosts over an insecure network.
|
||||
|
||||
xorg-x11 (X Window System) connections and arbitrary TCP/IP ports can
|
||||
@ -186,7 +189,7 @@ Provides: openssh:%{_bindir}/ssh
|
||||
%description clients
|
||||
SSH (Secure Shell) is a program for logging into and executing commands
|
||||
on a remote machine. It replaces rsh (rlogin and rsh) and
|
||||
provides a secure encrypted communication between two untrusted
|
||||
provides secure encrypted communication between two untrusted
|
||||
hosts over an insecure network.
|
||||
|
||||
xorg-x11 (X Window System) connections and arbitrary TCP/IP ports can
|
||||
@ -203,7 +206,7 @@ Requires: %{name}-common = %{version}-%{release}
|
||||
%description helpers
|
||||
SSH (Secure Shell) is a program for logging into and executing commands
|
||||
on a remote machine. It replaces rsh (rlogin and rsh) and
|
||||
provides a secure encrypted communication between two untrusted
|
||||
provides secure encrypted communication between two untrusted
|
||||
hosts over an insecure network.
|
||||
|
||||
xorg-x11 (X Window System) connections and arbitrary TCP/IP ports can
|
||||
@ -230,7 +233,7 @@ Group: Productivity/Networking/SSH
|
||||
Requires: %{name}-common = %{version}-%{release}
|
||||
|
||||
%description cavs
|
||||
This package contains the FIPS140 CAVS (Cryptographic Algorithm
|
||||
This package contains the FIPS-140 CAVS (Cryptographic Algorithm
|
||||
Validation Program/Suite) related tests of OpenSSH.
|
||||
|
||||
%prep
|
||||
@ -330,9 +333,27 @@ done
|
||||
|
||||
}}
|
||||
|
||||
%pre
|
||||
# Remember whether the sshd service was enabled prior to an upgrade. This
|
||||
# is needed when upgrading to a split-off openssh-server package. The
|
||||
# %%service_add_post scriptlet (in %%post server) will see it as a new service
|
||||
# and apply the preset, disabling it. We need to reenable it afterwards if
|
||||
# necessary.
|
||||
if [ -x %{_bindir}/systemctl ]; then
|
||||
mkdir -p %{_tmpenableddir} || :
|
||||
%{_bindir}/systemctl is-enabled sshd > %{_tmpenabledfile} || :
|
||||
fi
|
||||
|
||||
%pre server
|
||||
getent group sshd >/dev/null || %{_sbindir}/groupadd -r sshd
|
||||
getent passwd sshd >/dev/null || %{_sbindir}/useradd -r -g sshd -d %{_localstatedir}/lib/sshd -s /bin/false -c "SSH daemon" sshd
|
||||
|
||||
# See %%pre.
|
||||
if [ -x %{_bindir}/systemctl ]; then
|
||||
mkdir -p %{_tmpenableddir} || :
|
||||
%{_bindir}/systemctl is-enabled sshd > %{_tmpenabledfile} || :
|
||||
fi
|
||||
|
||||
%service_add_pre sshd.service
|
||||
|
||||
%post server
|
||||
@ -340,15 +361,27 @@ getent passwd sshd >/dev/null || %{_sbindir}/useradd -r -g sshd -d %{_localstate
|
||||
%service_add_post sshd.service
|
||||
%set_permissions %{_sysconfdir}/ssh/sshd_config
|
||||
|
||||
# Work around %%service_add_post disabling the service on upgrades where
|
||||
# the package name changed.
|
||||
if [ -x %{_bindir}/systemctl ] && [ -f %{_tmpenabledfile} ] \
|
||||
&& [ x$(cat %{_tmpenabledfile} || :) == "xenabled" ]; then
|
||||
systemctl enable sshd || :
|
||||
fi
|
||||
|
||||
rm -f %{_tmpenabledfile}
|
||||
|
||||
%preun server
|
||||
%service_del_preun sshd.service
|
||||
|
||||
%postun server
|
||||
# The openssh-fips trigger script for openssh will normally restart sshd once
|
||||
# it gets installed, so only restart the service here is openssh-fips is not
|
||||
# present
|
||||
rpm -q openssh-fips >/dev/null 2>/dev/null && DISABLE_RESTART_ON_UPDATE=yes
|
||||
# it gets installed, so only restart the service here if openssh-fips is not
|
||||
# present.
|
||||
if rpm -q openssh-fips >/dev/null 2>/dev/null; then
|
||||
%service_del_postun_without_restart sshd.service
|
||||
else
|
||||
%service_del_postun sshd.service
|
||||
fi
|
||||
|
||||
%triggerin -n openssh-fips -- %{name} = %{version}-%{release}
|
||||
%restart_on_update sshd
|
||||
|
||||
Loading…
Reference in New Issue
Block a user