SHA256
1
0
forked from pool/openssh

Accepting request 837828 from network

- Fix fillup-template usage:
  + %post server needs to reference ssh (not sshd), which matches
    the sysconfig.ssh file name the package ships.
  + %post client does not need any fillup_ calls, as there is no
    client-relevant sysconfig file present. The naming of the
    sysconfig file (ssh instead of sshd) is unfortunate. (forwarded request 837497 from dimstar)

OBS-URL: https://build.opensuse.org/request/show/837828
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssh?expand=0&rev=141
This commit is contained in:
Dominique Leuenberger 2020-09-27 09:48:28 +00:00 committed by Git OBS Bridge
commit 0b6a0633f1
4 changed files with 182 additions and 51 deletions

View File

@ -1,3 +1,13 @@
-------------------------------------------------------------------
Thu Sep 17 20:41:39 UTC 2020 - Jan Engelhardt <jengelh@inai.de>
- Upgrade some old specfile constructs/macros.
-------------------------------------------------------------------
Thu Sep 10 22:44:00 UTC 2020 - Hans Petter Jansson <hpj@suse.com>
- Supplement openssh-clients instead of openssh (bsc#1176434).
-------------------------------------------------------------------
Thu Jul 18 14:07:56 UTC 2019 - Fabian Vogt <fvogt@suse.com>

View File

@ -1,7 +1,7 @@
#
# spec file for package openssh-askpass-gnome
#
# Copyright (c) 2020 SUSE LINUX GmbH, Nuernberg, Germany.
# Copyright (c) 2020 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@ -27,7 +27,7 @@ URL: http://www.openssh.com/
Source: http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/%{_name}-%{version}.tar.gz
Source42: http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/%{_name}-%{version}.tar.gz.asc
Requires: %{_name} = %{version}
Supplements: packageand(openssh:libgtk-3-0)
Supplements: packageand(openssh-clients:libgtk-3-0)
%if 0%{?suse_version} >= 1550
BuildRequires: gtk3-devel
%else
@ -40,15 +40,15 @@ for executing commands on a remote machine. This package contains a
GNOME-based passphrase dialog for OpenSSH.
%prep
%setup -q -n %{_name}-%{version}
%autosetup -p1 -n %{_name}-%{version}
%build
cd contrib
export CFLAGS="%{optflags}"
%if 0%{?suse_version} >= 1550
make %{?_smp_mflags} gnome-ssh-askpass3
%make_build gnome-ssh-askpass3
%else
make %{?_smp_mflags} gnome-ssh-askpass2
%make_build gnome-ssh-askpass2
%endif
%install

View File

@ -1,3 +1,30 @@
-------------------------------------------------------------------
Fri Sep 25 13:40:51 UTC 2020 - Dominique Leuenberger <dimstar@opensuse.org>
- Fix fillup-template usage:
+ %post server needs to reference ssh (not sshd), which matches
the sysconfig.ssh file name the package ships.
+ %post client does not need any fillup_ calls, as there is no
client-relevant sysconfig file present. The naming of the
sysconfig file (ssh instead of sshd) is unfortunate.
-------------------------------------------------------------------
Thu Sep 17 20:41:39 UTC 2020 - Jan Engelhardt <jengelh@inai.de>
- Move some Requires to the right subpackage.
- Avoid ">&" bashism in %post.
- Upgrade some old specfile constructs/macros and drop unnecessary
%{?systemd_*}.
- Trim descriptions and straighten out the grammar.
-------------------------------------------------------------------
Thu Sep 10 21:38:30 UTC 2020 - Hans Petter Jansson <hpj@suse.com>
- Split openssh package into openssh, openssh-common,
openssh-server and openssh-clients. This allows for the ssh
clients to be installed without the server component
(bsc#1176434).
-------------------------------------------------------------------
Fri Jun 5 00:36:08 UTC 2020 - Hans Petter Jansson <hpj@suse.com>

View File

@ -1,7 +1,7 @@
#
# spec file for package openssh
#
# Copyright (c) 2020 SUSE LINUX GmbH, Nuernberg, Germany.
# Copyright (c) 2020 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@ -113,14 +113,8 @@ BuildRequires: pkgconfig
BuildRequires: zlib-devel
BuildRequires: pkgconfig(libfido2)
BuildRequires: pkgconfig(libsystemd)
Requires(post): %fillup_prereq
Requires(pre): shadow
Recommends: %{name}-helpers = %{version}-%{release}
Recommends: audit
Conflicts: %{name}-fips < %{version}-%{release}
Conflicts: %{name}-fips > %{version}-%{release}
Conflicts: nonfreessh
%{?systemd_requires}
Requires: %{name}-clients = %{version}-%{release}
Requires: %{name}-server = %{version}-%{release}
%if %{with tirpc}
BuildRequires: libtirpc-devel
%endif
@ -132,40 +126,112 @@ BuildRequires: krb5-mini-devel
%description
SSH (Secure Shell) is a program for logging into and executing commands
on a remote machine. It is intended to replace rsh (rlogin and rsh) and
provides openssl (secure encrypted communication) between two untrusted
on a remote machine. It replaces rsh (rlogin and rsh) and
provides a secure encrypted communication between two untrusted
hosts over an insecure network.
xorg-x11 (X Window System) connections and arbitrary TCP/IP ports can
also be forwarded over the secure channel.
This is a dummy package that pulls in both the client and server
components.
%package common
Summary: SSH (Secure Shell) common files
Group: Productivity/Networking/SSH
Conflicts: nonfreessh
Conflicts: %{name}-fips < %{version}-%{release}
Conflicts: %{name}-fips > %{version}-%{release}
%description common
SSH (Secure Shell) is a program for logging into and executing commands
on a remote machine. It replaces rsh (rlogin and rsh) and
provides a secure encrypted communication between two untrusted
hosts over an insecure network.
xorg-x11 (X Window System) connections and arbitrary TCP/IP ports can
also be forwarded over the secure channel.
This package contains common files for the Secure Shell server and
clients.
%package server
Summary: SSH (Secure Shell) server
Group: Productivity/Networking/SSH
Requires: %{name}-common = %{version}-%{release}
Recommends: audit
Requires(pre): shadow
Requires(post): %fillup_prereq
Requires(post): permissions
Provides: openssh:%{_sbindir}/sshd
%description server
SSH (Secure Shell) is a program for logging into and executing commands
on a remote machine. It replaces rsh (rlogin and rsh) and
provides a secure encrypted communication between two untrusted
hosts over an insecure network.
xorg-x11 (X Window System) connections and arbitrary TCP/IP ports can
also be forwarded over the secure channel.
This package contains the Secure Shell daemon, which allows clients to
securely connect to your server.
%package clients
Summary: SSH (Secure Shell) client applications
Group: Productivity/Networking/SSH
Requires: %{name}-common = %{version}-%{release}
Provides: openssh:%{_bindir}/ssh
%description clients
SSH (Secure Shell) is a program for logging into and executing commands
on a remote machine. It replaces rsh (rlogin and rsh) and
provides a secure encrypted communication between two untrusted
hosts over an insecure network.
xorg-x11 (X Window System) connections and arbitrary TCP/IP ports can
also be forwarded over the secure channel.
This package contains clients for making secure connections to Secure
Shell servers.
%package helpers
Summary: OpenSSH AuthorizedKeysCommand helpers
Group: Productivity/Networking/SSH
Requires: %{name} = %{version}-%{release}
Requires: %{name}-common = %{version}-%{release}
%description helpers
Helper applications for OpenSSH which retrieve keys from various sources.
SSH (Secure Shell) is a program for logging into and executing commands
on a remote machine. It replaces rsh (rlogin and rsh) and
provides a secure encrypted communication between two untrusted
hosts over an insecure network.
xorg-x11 (X Window System) connections and arbitrary TCP/IP ports can
also be forwarded over the secure channel.
This package contains helper applications for OpenSSH which retrieve
keys from various sources.
%package fips
Summary: OpenSSH FIPS cryptomodule HMACs
Summary: OpenSSH FIPS crypto module HMACs
Group: Productivity/Networking/SSH
Requires: %{name} = %{version}-%{release}
Conflicts: %{name} < %{version}-%{release}
Conflicts: %{name} > %{version}-%{release}
Requires: %{name}-common = %{version}-%{release}
Conflicts: %{name}-common < %{version}-%{release}
Conflicts: %{name}-common > %{version}-%{release}
Obsoletes: %{name}-hmac
%description fips
Hashes that together with the main package form the FIPS certifiable
cryptomodule.
This package contains hashes that, together with the main openssh packages,
form the FIPS certifiable crypto module.
%package cavs
Summary: OpenSSH FIPS cryptomodule CAVS tests
Summary: OpenSSH FIPS crypto module CAVS tests
Group: Productivity/Networking/SSH
Requires: %{name} = %{version}-%{release}
Requires: %{name}-common = %{version}-%{release}
%description cavs
FIPS140 CAVS tests related parts of the OpenSSH package
This package contains the FIPS140 CAVS (Cryptographic Algorithm
Validation Program/Suite) related tests of OpenSSH.
%prep
%setup -q
@ -264,56 +330,58 @@ done
}}
%pre
%pre server
getent group sshd >/dev/null || %{_sbindir}/groupadd -r sshd
getent passwd sshd >/dev/null || %{_sbindir}/useradd -r -g sshd -d %{_localstatedir}/lib/sshd -s /bin/false -c "SSH daemon" sshd
%service_add_pre sshd.service
%post
%{fillup_only -n ssh sshd}
%post server
%{fillup_only -n ssh}
%service_add_post sshd.service
%set_permissions %{_sysconfdir}/ssh/sshd_config
%preun
%preun server
%service_del_preun sshd.service
%postun
%postun server
# The openssh-fips trigger script for openssh will normally restart sshd once
# it gets installed, so only restart the service here is openssh-fips is not
# present
rpm -q openssh-fips >& /dev/null && DISABLE_RESTART_ON_UPDATE=yes
rpm -q openssh-fips >/dev/null 2>/dev/null && DISABLE_RESTART_ON_UPDATE=yes
%service_del_postun sshd.service
%triggerin -n openssh-fips -- %{name} = %{version}-%{release}
%restart_on_update sshd
%verifyscript
%verifyscript server
%verify_permissions -e %{_sysconfdir}/ssh/sshd_config
%files
%exclude %{_bindir}/ssh%{CHECKSUM_SUFFIX}
%exclude %{_sbindir}/sshd%{CHECKSUM_SUFFIX}
%exclude %{_libexecdir}/ssh/sftp-server%{CHECKSUM_SUFFIX}
%exclude %{_libexecdir}/ssh/cavs*
%dir %attr(755,root,root) %{_localstatedir}/lib/sshd
# openssh is an empty package that depends on -clients and -server,
# resulting in a clean upgrade path from prior to the split even when
# recommends are disabled.
%files common
%license LICENCE
%doc README.SUSE README.kerberos README.FIPS ChangeLog OVERVIEW README TODO CREDITS
%attr(0755,root,root) %dir %{_sysconfdir}/ssh
%attr(0600,root,root) %config(noreplace) %{_sysconfdir}/ssh/moduli
%verify(not mode) %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/ssh/ssh_config
%verify(not mode) %attr(0600,root,root) %config(noreplace) %{_sysconfdir}/ssh/sshd_config
%attr(0444,root,root) %{_mandir}/man1/ssh-keygen.1*
%attr(0444,root,root) %{_mandir}/man5/moduli.5*
%attr(0755,root,root) %{_bindir}/ssh-keygen*
%files server
%attr(0755,root,root) %{_sbindir}/sshd
%attr(0755,root,root) %{_sbindir}/rcsshd
%attr(0755,root,root) %{_sbindir}/sshd-gen-keys-start
%dir %attr(755,root,root) %{_localstatedir}/lib/sshd
%verify(not mode) %attr(0640,root,root) %config(noreplace) %{_sysconfdir}/ssh/sshd_config
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/pam.d/sshd
%attr(0644,root,root) %{_unitdir}/sshd.service
%attr(0755,root,root) %{_bindir}/*
%attr(0755,root,root) %{_sbindir}/*
%attr(0755,root,root) %dir %{_libexecdir}/ssh
%exclude %{_libexecdir}/ssh/ssh-ldap*
%attr(0755,root,root) %{_libexecdir}/ssh/*
%attr(0444,root,root) %{_mandir}/man1/*
%attr(0444,root,root) %{_mandir}/man5/*
%attr(0444,root,root) %{_mandir}/man8/*
%exclude %{_mandir}/man5/ssh-ldap*
%exclude %{_mandir}/man8/ssh-ldap*
%attr(0444,root,root) %{_mandir}/man5/sshd_config*
%attr(0444,root,root) %{_mandir}/man8/sftp-server.8*
%attr(0444,root,root) %{_mandir}/man8/sshd.8*
%attr(0755,root,root) %{_libexecdir}/ssh/sftp-server
%dir %{_sysconfdir}/slp.reg.d
%config %{_sysconfdir}/slp.reg.d/ssh.reg
%{_fillupdir}/sysconfig.ssh
@ -323,6 +391,32 @@ rpm -q openssh-fips >& /dev/null && DISABLE_RESTART_ON_UPDATE=yes
%config %{_fwdefdir}/sshd
%endif
%files clients
%verify(not mode) %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/ssh/ssh_config
%attr(0755,root,root) %{_bindir}/ssh
%attr(0755,root,root) %{_bindir}/scp*
%attr(0755,root,root) %{_bindir}/sftp*
%attr(0755,root,root) %{_bindir}/ssh-add*
%attr(0755,root,root) %{_bindir}/ssh-agent*
%attr(0755,root,root) %{_bindir}/ssh-copy-id*
%attr(0755,root,root) %{_bindir}/ssh-keyscan*
%attr(0755,root,root) %dir %{_libexecdir}/ssh
%attr(0755,root,root) %{_libexecdir}/ssh/ssh-askpass*
%attr(0755,root,root) %{_libexecdir}/ssh/ssh-keysign*
%attr(0755,root,root) %{_libexecdir}/ssh/ssh-pkcs11-helper*
%attr(0755,root,root) %{_libexecdir}/ssh/ssh-sk-helper*
%attr(0444,root,root) %{_mandir}/man1/scp.1*
%attr(0444,root,root) %{_mandir}/man1/sftp.1*
%attr(0444,root,root) %{_mandir}/man1/ssh-add.1*
%attr(0444,root,root) %{_mandir}/man1/ssh-agent.1*
%attr(0444,root,root) %{_mandir}/man1/ssh-keyscan.1*
%attr(0444,root,root) %{_mandir}/man1/ssh.1*
%attr(0444,root,root) %{_mandir}/man1/ssh-copy-id.1*
%attr(0444,root,root) %{_mandir}/man5/ssh_config.5*
%attr(0444,root,root) %{_mandir}/man8/ssh-pkcs11-helper.8*
%attr(0444,root,root) %{_mandir}/man8/ssh-sk-helper.8*
%attr(0444,root,root) %{_mandir}/man8/ssh-keysign.8*
%files helpers
%attr(0755,root,root) %dir %{_sysconfdir}/ssh
%verify(not mode) %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/ssh/ldap.conf