diff --git a/openssh-askpass-gnome.changes b/openssh-askpass-gnome.changes index 9109aa5..77a3ebe 100644 --- a/openssh-askpass-gnome.changes +++ b/openssh-askpass-gnome.changes @@ -1,13 +1,3 @@ -------------------------------------------------------------------- -Thu Sep 17 20:41:39 UTC 2020 - Jan Engelhardt - -- Upgrade some old specfile constructs/macros. - -------------------------------------------------------------------- -Thu Sep 10 22:44:00 UTC 2020 - Hans Petter Jansson - -- Supplement openssh-clients instead of openssh (bsc#1176434). - ------------------------------------------------------------------- Thu Jul 18 14:07:56 UTC 2019 - Fabian Vogt diff --git a/openssh-askpass-gnome.spec b/openssh-askpass-gnome.spec index 7df1ed5..92dfc7e 100644 --- a/openssh-askpass-gnome.spec +++ b/openssh-askpass-gnome.spec @@ -1,7 +1,7 @@ # # spec file for package openssh-askpass-gnome # -# Copyright (c) 2020 SUSE LLC +# Copyright (c) 2020 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -27,7 +27,7 @@ URL: http://www.openssh.com/ Source: http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/%{_name}-%{version}.tar.gz Source42: http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/%{_name}-%{version}.tar.gz.asc Requires: %{_name} = %{version} -Supplements: packageand(openssh-clients:libgtk-3-0) +Supplements: packageand(openssh:libgtk-3-0) %if 0%{?suse_version} >= 1550 BuildRequires: gtk3-devel %else @@ -40,15 +40,15 @@ for executing commands on a remote machine. This package contains a GNOME-based passphrase dialog for OpenSSH. %prep -%autosetup -p1 -n %{_name}-%{version} +%setup -q -n %{_name}-%{version} %build cd contrib export CFLAGS="%{optflags}" %if 0%{?suse_version} >= 1550 -%make_build gnome-ssh-askpass3 +make %{?_smp_mflags} gnome-ssh-askpass3 %else -%make_build gnome-ssh-askpass2 +make %{?_smp_mflags} gnome-ssh-askpass2 %endif %install diff --git a/openssh.changes b/openssh.changes index 4511472..6f11825 100644 --- a/openssh.changes +++ b/openssh.changes @@ -1,30 +1,3 @@ -------------------------------------------------------------------- -Fri Sep 25 13:40:51 UTC 2020 - Dominique Leuenberger - -- Fix fillup-template usage: - + %post server needs to reference ssh (not sshd), which matches - the sysconfig.ssh file name the package ships. - + %post client does not need any fillup_ calls, as there is no - client-relevant sysconfig file present. The naming of the - sysconfig file (ssh instead of sshd) is unfortunate. - -------------------------------------------------------------------- -Thu Sep 17 20:41:39 UTC 2020 - Jan Engelhardt - -- Move some Requires to the right subpackage. -- Avoid ">&" bashism in %post. -- Upgrade some old specfile constructs/macros and drop unnecessary - %{?systemd_*}. -- Trim descriptions and straighten out the grammar. - -------------------------------------------------------------------- -Thu Sep 10 21:38:30 UTC 2020 - Hans Petter Jansson - -- Split openssh package into openssh, openssh-common, - openssh-server and openssh-clients. This allows for the ssh - clients to be installed without the server component - (bsc#1176434). - ------------------------------------------------------------------- Fri Jun 5 00:36:08 UTC 2020 - Hans Petter Jansson diff --git a/openssh.spec b/openssh.spec index 140a4ca..00b915f 100644 --- a/openssh.spec +++ b/openssh.spec @@ -1,7 +1,7 @@ # # spec file for package openssh # -# Copyright (c) 2020 SUSE LLC +# Copyright (c) 2020 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -113,8 +113,14 @@ BuildRequires: pkgconfig BuildRequires: zlib-devel BuildRequires: pkgconfig(libfido2) BuildRequires: pkgconfig(libsystemd) -Requires: %{name}-clients = %{version}-%{release} -Requires: %{name}-server = %{version}-%{release} +Requires(post): %fillup_prereq +Requires(pre): shadow +Recommends: %{name}-helpers = %{version}-%{release} +Recommends: audit +Conflicts: %{name}-fips < %{version}-%{release} +Conflicts: %{name}-fips > %{version}-%{release} +Conflicts: nonfreessh +%{?systemd_requires} %if %{with tirpc} BuildRequires: libtirpc-devel %endif @@ -126,112 +132,40 @@ BuildRequires: krb5-mini-devel %description SSH (Secure Shell) is a program for logging into and executing commands -on a remote machine. It replaces rsh (rlogin and rsh) and -provides a secure encrypted communication between two untrusted +on a remote machine. It is intended to replace rsh (rlogin and rsh) and +provides openssl (secure encrypted communication) between two untrusted hosts over an insecure network. xorg-x11 (X Window System) connections and arbitrary TCP/IP ports can also be forwarded over the secure channel. -This is a dummy package that pulls in both the client and server -components. - -%package common -Summary: SSH (Secure Shell) common files -Group: Productivity/Networking/SSH -Conflicts: nonfreessh -Conflicts: %{name}-fips < %{version}-%{release} -Conflicts: %{name}-fips > %{version}-%{release} - -%description common -SSH (Secure Shell) is a program for logging into and executing commands -on a remote machine. It replaces rsh (rlogin and rsh) and -provides a secure encrypted communication between two untrusted -hosts over an insecure network. - -xorg-x11 (X Window System) connections and arbitrary TCP/IP ports can -also be forwarded over the secure channel. - -This package contains common files for the Secure Shell server and -clients. - -%package server -Summary: SSH (Secure Shell) server -Group: Productivity/Networking/SSH -Requires: %{name}-common = %{version}-%{release} -Recommends: audit -Requires(pre): shadow -Requires(post): %fillup_prereq -Requires(post): permissions -Provides: openssh:%{_sbindir}/sshd - -%description server -SSH (Secure Shell) is a program for logging into and executing commands -on a remote machine. It replaces rsh (rlogin and rsh) and -provides a secure encrypted communication between two untrusted -hosts over an insecure network. - -xorg-x11 (X Window System) connections and arbitrary TCP/IP ports can -also be forwarded over the secure channel. - -This package contains the Secure Shell daemon, which allows clients to -securely connect to your server. - -%package clients -Summary: SSH (Secure Shell) client applications -Group: Productivity/Networking/SSH -Requires: %{name}-common = %{version}-%{release} -Provides: openssh:%{_bindir}/ssh - -%description clients -SSH (Secure Shell) is a program for logging into and executing commands -on a remote machine. It replaces rsh (rlogin and rsh) and -provides a secure encrypted communication between two untrusted -hosts over an insecure network. - -xorg-x11 (X Window System) connections and arbitrary TCP/IP ports can -also be forwarded over the secure channel. - -This package contains clients for making secure connections to Secure -Shell servers. - %package helpers Summary: OpenSSH AuthorizedKeysCommand helpers Group: Productivity/Networking/SSH -Requires: %{name}-common = %{version}-%{release} +Requires: %{name} = %{version}-%{release} %description helpers -SSH (Secure Shell) is a program for logging into and executing commands -on a remote machine. It replaces rsh (rlogin and rsh) and -provides a secure encrypted communication between two untrusted -hosts over an insecure network. - -xorg-x11 (X Window System) connections and arbitrary TCP/IP ports can -also be forwarded over the secure channel. - -This package contains helper applications for OpenSSH which retrieve -keys from various sources. +Helper applications for OpenSSH which retrieve keys from various sources. %package fips -Summary: OpenSSH FIPS crypto module HMACs +Summary: OpenSSH FIPS cryptomodule HMACs Group: Productivity/Networking/SSH -Requires: %{name}-common = %{version}-%{release} -Conflicts: %{name}-common < %{version}-%{release} -Conflicts: %{name}-common > %{version}-%{release} +Requires: %{name} = %{version}-%{release} +Conflicts: %{name} < %{version}-%{release} +Conflicts: %{name} > %{version}-%{release} Obsoletes: %{name}-hmac %description fips -This package contains hashes that, together with the main openssh packages, -form the FIPS certifiable crypto module. +Hashes that together with the main package form the FIPS certifiable +cryptomodule. %package cavs -Summary: OpenSSH FIPS crypto module CAVS tests +Summary: OpenSSH FIPS cryptomodule CAVS tests Group: Productivity/Networking/SSH -Requires: %{name}-common = %{version}-%{release} +Requires: %{name} = %{version}-%{release} %description cavs -This package contains the FIPS140 CAVS (Cryptographic Algorithm -Validation Program/Suite) related tests of OpenSSH. +FIPS140 CAVS tests related parts of the OpenSSH package %prep %setup -q @@ -330,58 +264,56 @@ done }} -%pre server +%pre getent group sshd >/dev/null || %{_sbindir}/groupadd -r sshd getent passwd sshd >/dev/null || %{_sbindir}/useradd -r -g sshd -d %{_localstatedir}/lib/sshd -s /bin/false -c "SSH daemon" sshd %service_add_pre sshd.service -%post server -%{fillup_only -n ssh} +%post +%{fillup_only -n ssh sshd} %service_add_post sshd.service %set_permissions %{_sysconfdir}/ssh/sshd_config -%preun server +%preun %service_del_preun sshd.service -%postun server +%postun # The openssh-fips trigger script for openssh will normally restart sshd once # it gets installed, so only restart the service here is openssh-fips is not # present -rpm -q openssh-fips >/dev/null 2>/dev/null && DISABLE_RESTART_ON_UPDATE=yes +rpm -q openssh-fips >& /dev/null && DISABLE_RESTART_ON_UPDATE=yes %service_del_postun sshd.service %triggerin -n openssh-fips -- %{name} = %{version}-%{release} %restart_on_update sshd -%verifyscript server +%verifyscript %verify_permissions -e %{_sysconfdir}/ssh/sshd_config %files -# openssh is an empty package that depends on -clients and -server, -# resulting in a clean upgrade path from prior to the split even when -# recommends are disabled. - -%files common +%exclude %{_bindir}/ssh%{CHECKSUM_SUFFIX} +%exclude %{_sbindir}/sshd%{CHECKSUM_SUFFIX} +%exclude %{_libexecdir}/ssh/sftp-server%{CHECKSUM_SUFFIX} +%exclude %{_libexecdir}/ssh/cavs* +%dir %attr(755,root,root) %{_localstatedir}/lib/sshd %license LICENCE %doc README.SUSE README.kerberos README.FIPS ChangeLog OVERVIEW README TODO CREDITS %attr(0755,root,root) %dir %{_sysconfdir}/ssh %attr(0600,root,root) %config(noreplace) %{_sysconfdir}/ssh/moduli -%attr(0444,root,root) %{_mandir}/man1/ssh-keygen.1* -%attr(0444,root,root) %{_mandir}/man5/moduli.5* -%attr(0755,root,root) %{_bindir}/ssh-keygen* - -%files server -%attr(0755,root,root) %{_sbindir}/sshd -%attr(0755,root,root) %{_sbindir}/rcsshd -%attr(0755,root,root) %{_sbindir}/sshd-gen-keys-start -%dir %attr(755,root,root) %{_localstatedir}/lib/sshd -%verify(not mode) %attr(0640,root,root) %config(noreplace) %{_sysconfdir}/ssh/sshd_config +%verify(not mode) %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/ssh/ssh_config +%verify(not mode) %attr(0600,root,root) %config(noreplace) %{_sysconfdir}/ssh/sshd_config %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/pam.d/sshd %attr(0644,root,root) %{_unitdir}/sshd.service -%attr(0444,root,root) %{_mandir}/man5/sshd_config* -%attr(0444,root,root) %{_mandir}/man8/sftp-server.8* -%attr(0444,root,root) %{_mandir}/man8/sshd.8* -%attr(0755,root,root) %{_libexecdir}/ssh/sftp-server +%attr(0755,root,root) %{_bindir}/* +%attr(0755,root,root) %{_sbindir}/* +%attr(0755,root,root) %dir %{_libexecdir}/ssh +%exclude %{_libexecdir}/ssh/ssh-ldap* +%attr(0755,root,root) %{_libexecdir}/ssh/* +%attr(0444,root,root) %{_mandir}/man1/* +%attr(0444,root,root) %{_mandir}/man5/* +%attr(0444,root,root) %{_mandir}/man8/* +%exclude %{_mandir}/man5/ssh-ldap* +%exclude %{_mandir}/man8/ssh-ldap* %dir %{_sysconfdir}/slp.reg.d %config %{_sysconfdir}/slp.reg.d/ssh.reg %{_fillupdir}/sysconfig.ssh @@ -391,32 +323,6 @@ rpm -q openssh-fips >/dev/null 2>/dev/null && DISABLE_RESTART_ON_UPDATE=yes %config %{_fwdefdir}/sshd %endif -%files clients -%verify(not mode) %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/ssh/ssh_config -%attr(0755,root,root) %{_bindir}/ssh -%attr(0755,root,root) %{_bindir}/scp* -%attr(0755,root,root) %{_bindir}/sftp* -%attr(0755,root,root) %{_bindir}/ssh-add* -%attr(0755,root,root) %{_bindir}/ssh-agent* -%attr(0755,root,root) %{_bindir}/ssh-copy-id* -%attr(0755,root,root) %{_bindir}/ssh-keyscan* -%attr(0755,root,root) %dir %{_libexecdir}/ssh -%attr(0755,root,root) %{_libexecdir}/ssh/ssh-askpass* -%attr(0755,root,root) %{_libexecdir}/ssh/ssh-keysign* -%attr(0755,root,root) %{_libexecdir}/ssh/ssh-pkcs11-helper* -%attr(0755,root,root) %{_libexecdir}/ssh/ssh-sk-helper* -%attr(0444,root,root) %{_mandir}/man1/scp.1* -%attr(0444,root,root) %{_mandir}/man1/sftp.1* -%attr(0444,root,root) %{_mandir}/man1/ssh-add.1* -%attr(0444,root,root) %{_mandir}/man1/ssh-agent.1* -%attr(0444,root,root) %{_mandir}/man1/ssh-keyscan.1* -%attr(0444,root,root) %{_mandir}/man1/ssh.1* -%attr(0444,root,root) %{_mandir}/man1/ssh-copy-id.1* -%attr(0444,root,root) %{_mandir}/man5/ssh_config.5* -%attr(0444,root,root) %{_mandir}/man8/ssh-pkcs11-helper.8* -%attr(0444,root,root) %{_mandir}/man8/ssh-sk-helper.8* -%attr(0444,root,root) %{_mandir}/man8/ssh-keysign.8* - %files helpers %attr(0755,root,root) %dir %{_sysconfdir}/ssh %verify(not mode) %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/ssh/ldap.conf