From 5a89c49d11b7f1475331312b6c86021f821baac44c0fda7841de74c96d3d7d9b Mon Sep 17 00:00:00 2001 From: Petr Cerny Date: Wed, 19 Oct 2011 02:18:13 +0000 Subject: [PATCH] Accepting request 88642 from home:pcerny:factory - Update to 5.9p1 * sandboxing privsep child through rlimit - spec files and sources cleanup - removed bogus key size from init script OBS-URL: https://build.opensuse.org/request/show/88642 OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=14 --- openssh-5.8p2.tar.bz2 | 3 - ...fix.diff => openssh-5.9p1-askpass-fix.diff | 0 ...1-audit.patch => openssh-5.9p1-audit.patch | 20 +- ...rm.diff => openssh-5.9p1-blocksigalrm.diff | 1 + ...iff => openssh-5.9p1-default-protocol.diff | 0 ...5.8p1-eal3.diff => openssh-5.9p1-eal3.diff | 0 ...engines.diff => openssh-5.9p1-engines.diff | 4 +- ...tm.patch => openssh-5.9p1-gssapimitm.patch | 2 +- ...ot.patch => openssh-5.9p1-homechroot.patch | 0 ...dent.diff => openssh-5.9p1-host_ident.diff | 2 +- ...m-fix2.diff => openssh-5.9p1-pam-fix2.diff | 0 ...m-fix3.diff => openssh-5.9p1-pam-fix3.diff | 0 ...h-5.8p1-pts.diff => openssh-5.9p1-pts.diff | 0 ...ix.diff => openssh-5.9p1-saveargv-fix.diff | 0 ...ale.diff => openssh-5.9p1-send_locale.diff | 0 ...ssh-5.9p1-sshconfig-knownhostschanges.diff | 0 ...fig.diff => openssh-5.9p1-sshd_config.diff | 0 ...8p1-xauth.diff => openssh-5.9p1-xauth.diff | 0 ...f => openssh-5.9p1-xauthlocalhostname.diff | 0 openssh-5.9p1.tar.bz2 | 3 + openssh-SuSE.tar.bz2 | 3 - openssh-askpass-gnome.changes | 5 + openssh-askpass-gnome.spec | 38 ++-- openssh.changes | 6 + openssh.spec | 177 ++++++++++-------- sshd.init | 137 ++++++++++++++ sysconfig.ssh | 9 + 27 files changed, 295 insertions(+), 115 deletions(-) delete mode 100644 openssh-5.8p2.tar.bz2 rename openssh-5.8p1-askpass-fix.diff => openssh-5.9p1-askpass-fix.diff (100%) rename openssh-5.8p1-audit.patch => openssh-5.9p1-audit.patch (94%) rename openssh-5.8p1-blocksigalrm.diff => openssh-5.9p1-blocksigalrm.diff (97%) rename openssh-5.8p1-default-protocol.diff => openssh-5.9p1-default-protocol.diff (100%) rename openssh-5.8p1-eal3.diff => openssh-5.9p1-eal3.diff (100%) rename openssh-5.8p1-engines.diff => openssh-5.9p1-engines.diff (99%) rename openssh-5.8p1-gssapimitm.patch => openssh-5.9p1-gssapimitm.patch (99%) rename openssh-5.8p1-homechroot.patch => openssh-5.9p1-homechroot.patch (100%) rename openssh-5.8p1-host_ident.diff => openssh-5.9p1-host_ident.diff (95%) rename openssh-5.8p1-pam-fix2.diff => openssh-5.9p1-pam-fix2.diff (100%) rename openssh-5.8p1-pam-fix3.diff => openssh-5.9p1-pam-fix3.diff (100%) rename openssh-5.8p1-pts.diff => openssh-5.9p1-pts.diff (100%) rename openssh-5.8p1-saveargv-fix.diff => openssh-5.9p1-saveargv-fix.diff (100%) rename openssh-5.8p1-send_locale.diff => openssh-5.9p1-send_locale.diff (100%) rename openssh-5.8p1-sshconfig-knownhostschanges.diff => openssh-5.9p1-sshconfig-knownhostschanges.diff (100%) rename openssh-5.8p1-sshd_config.diff => openssh-5.9p1-sshd_config.diff (100%) rename openssh-5.8p1-xauth.diff => openssh-5.9p1-xauth.diff (100%) rename openssh-5.8p1-xauthlocalhostname.diff => openssh-5.9p1-xauthlocalhostname.diff (100%) create mode 100644 openssh-5.9p1.tar.bz2 delete mode 100644 openssh-SuSE.tar.bz2 create mode 100644 sshd.init create mode 100644 sysconfig.ssh diff --git a/openssh-5.8p2.tar.bz2 b/openssh-5.8p2.tar.bz2 deleted file mode 100644 index c2f4012..0000000 --- a/openssh-5.8p2.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:517e6b2b0c528a7300315db224cf8b2377f87d71d7a0775572f1ce811d6b218a -size 900171 diff --git a/openssh-5.8p1-askpass-fix.diff b/openssh-5.9p1-askpass-fix.diff similarity index 100% rename from openssh-5.8p1-askpass-fix.diff rename to openssh-5.9p1-askpass-fix.diff diff --git a/openssh-5.8p1-audit.patch b/openssh-5.9p1-audit.patch similarity index 94% rename from openssh-5.8p1-audit.patch rename to openssh-5.9p1-audit.patch index e3af877..643f69b 100644 --- a/openssh-5.8p1-audit.patch +++ b/openssh-5.9p1-audit.patch @@ -60,34 +60,34 @@ Index: openssh-5.8p1/config.h.in +/* Define if you want Linux audit support. */ +#undef HAVE_LINUX_AUDIT + - /* Define to 1 if your processor stores words with the most significant byte - first (like Motorola and SPARC, unlike Intel and VAX). */ - #undef WORDS_BIGENDIAN + /* Define WORDS_BIGENDIAN to 1 if your processor stores words with the most + significant byte first (like Motorola and SPARC, unlike Intel). */ + #if defined AC_APPLE_UNIVERSAL_BUILD Index: openssh-5.8p1/configure.ac =================================================================== --- openssh-5.8p1.orig/configure.ac +++ openssh-5.8p1/configure.ac @@ -3522,6 +3522,20 @@ AC_ARG_WITH(selinux, - AC_SUBST(SSHLIBS) - AC_SUBST(SSHDLIBS) + AC_SUBST([SSHLIBS]) + AC_SUBST([SSHDLIBS]) +# Check whether user wants Linux audit support +LINUX_AUDIT_MSG="no" +LIBAUDIT="" -+AC_ARG_WITH(linux-audit, ++AC_ARG_WITH([linux-audit], + [ --with-linux-audit Enable Linux audit support], + [ if test "x$withval" != "xno" ; then -+ AC_DEFINE(HAVE_LINUX_AUDIT,1,[Define if you want Linux audit support.]) ++ AC_DEFINE([HAVE_LINUX_AUDIT],[1],[Define if you want Linux audit support.]) + LINUX_AUDIT_MSG="yes" -+ AC_CHECK_HEADERS(libaudit.h) ++ AC_CHECK_HEADERS([libaudit.h]) + LIBAUDIT="-laudit" + fi + ]) -+AC_SUBST(LIBAUDIT) ++AC_SUBST([LIBAUDIT]) + # Check whether user wants Kerberos 5 support KRB5_MSG="no" - AC_ARG_WITH(kerberos5, + AC_ARG_WITH([kerberos5], @@ -4316,6 +4330,7 @@ echo " PAM support echo " OSF SIA support: $SIA_MSG" echo " KerberosV support: $KRB5_MSG" diff --git a/openssh-5.8p1-blocksigalrm.diff b/openssh-5.9p1-blocksigalrm.diff similarity index 97% rename from openssh-5.8p1-blocksigalrm.diff rename to openssh-5.9p1-blocksigalrm.diff index 5b44ed0..a6293f9 100644 --- a/openssh-5.8p1-blocksigalrm.diff +++ b/openssh-5.9p1-blocksigalrm.diff @@ -16,6 +16,7 @@ Index: log.c int pri = LOG_INFO; + sigset_t nset, oset; int saved_errno = errno; + log_handler_fn *tmp_handler; if (level > log_level) @@ -387,6 +389,14 @@ do_log(LogLevel level, const char *fmt, diff --git a/openssh-5.8p1-default-protocol.diff b/openssh-5.9p1-default-protocol.diff similarity index 100% rename from openssh-5.8p1-default-protocol.diff rename to openssh-5.9p1-default-protocol.diff diff --git a/openssh-5.8p1-eal3.diff b/openssh-5.9p1-eal3.diff similarity index 100% rename from openssh-5.8p1-eal3.diff rename to openssh-5.9p1-eal3.diff diff --git a/openssh-5.8p1-engines.diff b/openssh-5.9p1-engines.diff similarity index 99% rename from openssh-5.8p1-engines.diff rename to openssh-5.9p1-engines.diff index e6521d2..f7cb94d 100644 --- a/openssh-5.8p1-engines.diff +++ b/openssh-5.9p1-engines.diff @@ -42,8 +42,8 @@ Index: openssh-5.8p1/ssh-agent.c + ENGINE_register_all_complete(); + __progname = ssh_get_progname(av[0]); - init_rng(); seed_rng(); + Index: openssh-5.8p1/ssh-keygen.c =================================================================== --- openssh-5.8p1.orig/ssh-keygen.c @@ -67,7 +67,7 @@ Index: openssh-5.8p1/ssh-keygen.c + log_init(argv[0], SYSLOG_LEVEL_INFO, SYSLOG_FACILITY_USER, 1); - init_rng(); + seed_rng(); Index: openssh-5.8p1/ssh-keysign.c =================================================================== --- openssh-5.8p1.orig/ssh-keysign.c diff --git a/openssh-5.8p1-gssapimitm.patch b/openssh-5.9p1-gssapimitm.patch similarity index 99% rename from openssh-5.8p1-gssapimitm.patch rename to openssh-5.9p1-gssapimitm.patch index fbb2c81..2999d6c 100644 --- a/openssh-5.8p1-gssapimitm.patch +++ b/openssh-5.9p1-gssapimitm.patch @@ -153,7 +153,7 @@ Index: servconf.c @@ -322,7 +325,7 @@ typedef enum { sBanner, sUseDNS, sHostbasedAuthentication, sHostbasedUsesNameFromPacketOnly, sClientAliveInterval, - sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2, + sClientAliveCountMax, sAuthorizedKeysFile, - sGssAuthentication, sGssCleanupCreds, sAcceptEnv, sPermitTunnel, + sGssAuthentication, sGssCleanupCreds, sAcceptEnv, sPermitTunnel, sGssEnableMITM, sMatch, sPermitOpen, sForceCommand, sChrootDirectory, diff --git a/openssh-5.8p1-homechroot.patch b/openssh-5.9p1-homechroot.patch similarity index 100% rename from openssh-5.8p1-homechroot.patch rename to openssh-5.9p1-homechroot.patch diff --git a/openssh-5.8p1-host_ident.diff b/openssh-5.9p1-host_ident.diff similarity index 95% rename from openssh-5.8p1-host_ident.diff rename to openssh-5.9p1-host_ident.diff index cd47914..b50f31d 100644 --- a/openssh-5.8p1-host_ident.diff +++ b/openssh-5.9p1-host_ident.diff @@ -3,7 +3,7 @@ Index: openssh-5.7p1/sshconnect.c --- openssh-5.7p1.orig/sshconnect.c +++ openssh-5.7p1/sshconnect.c @@ -958,6 +958,11 @@ check_host_key(char *hostname, struct so - user_hostfile); + user_hostfiles[0]); error("Offending %s key in %s:%lu", key_type(host_found->key), host_found->file, host_found->line); + error("You can use following command to remove all keys for this IP:"); diff --git a/openssh-5.8p1-pam-fix2.diff b/openssh-5.9p1-pam-fix2.diff similarity index 100% rename from openssh-5.8p1-pam-fix2.diff rename to openssh-5.9p1-pam-fix2.diff diff --git a/openssh-5.8p1-pam-fix3.diff b/openssh-5.9p1-pam-fix3.diff similarity index 100% rename from openssh-5.8p1-pam-fix3.diff rename to openssh-5.9p1-pam-fix3.diff diff --git a/openssh-5.8p1-pts.diff b/openssh-5.9p1-pts.diff similarity index 100% rename from openssh-5.8p1-pts.diff rename to openssh-5.9p1-pts.diff diff --git a/openssh-5.8p1-saveargv-fix.diff b/openssh-5.9p1-saveargv-fix.diff similarity index 100% rename from openssh-5.8p1-saveargv-fix.diff rename to openssh-5.9p1-saveargv-fix.diff diff --git a/openssh-5.8p1-send_locale.diff b/openssh-5.9p1-send_locale.diff similarity index 100% rename from openssh-5.8p1-send_locale.diff rename to openssh-5.9p1-send_locale.diff diff --git a/openssh-5.8p1-sshconfig-knownhostschanges.diff b/openssh-5.9p1-sshconfig-knownhostschanges.diff similarity index 100% rename from openssh-5.8p1-sshconfig-knownhostschanges.diff rename to openssh-5.9p1-sshconfig-knownhostschanges.diff diff --git a/openssh-5.8p1-sshd_config.diff b/openssh-5.9p1-sshd_config.diff similarity index 100% rename from openssh-5.8p1-sshd_config.diff rename to openssh-5.9p1-sshd_config.diff diff --git a/openssh-5.8p1-xauth.diff b/openssh-5.9p1-xauth.diff similarity index 100% rename from openssh-5.8p1-xauth.diff rename to openssh-5.9p1-xauth.diff diff --git a/openssh-5.8p1-xauthlocalhostname.diff b/openssh-5.9p1-xauthlocalhostname.diff similarity index 100% rename from openssh-5.8p1-xauthlocalhostname.diff rename to openssh-5.9p1-xauthlocalhostname.diff diff --git a/openssh-5.9p1.tar.bz2 b/openssh-5.9p1.tar.bz2 new file mode 100644 index 0000000..e4b12ed --- /dev/null +++ b/openssh-5.9p1.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:478962a2757c61d73de051b8cf8ace9f8f5c4cff5910ca7ba5a7735c5a2ab980 +size 894158 diff --git a/openssh-SuSE.tar.bz2 b/openssh-SuSE.tar.bz2 deleted file mode 100644 index af1915f..0000000 --- a/openssh-SuSE.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:f8266c1a050015a77ba8f6f1fd51aa1ce60d5b913564392bb205f94fedd4548c -size 1965 diff --git a/openssh-askpass-gnome.changes b/openssh-askpass-gnome.changes index 1fe64e8..52793eb 100644 --- a/openssh-askpass-gnome.changes +++ b/openssh-askpass-gnome.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Wed Oct 19 00:40:15 UTC 2011 - pcerny@suse.com + +- Update to 5.9p1 + ------------------------------------------------------------------- Fri Feb 4 11:19:14 UTC 2011 - lchiquitto@novell.com diff --git a/openssh-askpass-gnome.spec b/openssh-askpass-gnome.spec index c68ab31..81be083 100644 --- a/openssh-askpass-gnome.spec +++ b/openssh-askpass-gnome.spec @@ -21,24 +21,25 @@ Name: openssh-askpass-gnome BuildRequires: gtk2-devel krb5-devel openssh openssl-devel pam-devel tcpd-devel update-desktop-files License: BSD3c(or similar) Group: Productivity/Networking/SSH -Version: 5.8p2 +Version: 5.9p1 Release: 1 Requires: openssh = %{version} openssh-askpass = %{version} AutoReqProv: on Summary: A GNOME-Based Passphrase Dialog for OpenSSH -URL: http://www.openssh.com/ +Url: http://www.openssh.com/ %define _name openssh Source: %{_name}-%{version}.tar.bz2 -Patch: %{_name}-5.8p1-sshd_config.diff -Patch1: %{_name}-5.8p1-pam-fix2.diff -Patch2: %{_name}-5.8p1-saveargv-fix.diff -Patch3: %{_name}-5.8p1-pam-fix3.diff -Patch4: %{_name}-5.8p1-gssapimitm.patch -Patch5: %{_name}-5.8p1-eal3.diff -Patch6: %{_name}-5.8p1-engines.diff -Patch7: %{_name}-5.8p1-blocksigalrm.diff +Patch: %{_name}-5.9p1-sshd_config.diff +Patch1: %{_name}-5.9p1-pam-fix2.diff +Patch2: %{_name}-5.9p1-saveargv-fix.diff +Patch3: %{_name}-5.9p1-pam-fix3.diff +Patch4: %{_name}-5.9p1-gssapimitm.patch +Patch5: %{_name}-5.9p1-eal3.diff +Patch6: %{_name}-5.9p1-engines.diff +Patch7: %{_name}-5.9p1-blocksigalrm.diff BuildRoot: %{_tmppath}/%{name}-%{version}-build + %description SSH (Secure Shell) is a program for logging into a remote machine and for executing commands on a remote machine. This package contains a @@ -55,14 +56,15 @@ GNOME-based passphrase dialog for OpenSSH. %patch6 -p1 %patch7 + %build %{?suse_update_config:%{suse_update_config}} aclocal autoheader autoconf %configure \ - --sysconfdir=%_sysconfdir/ssh \ - --libexecdir=%_libexecdir/ssh \ + --sysconfdir=%{_sysconfdir}/ssh \ + --libexecdir=%{_libexecdir}/ssh \ --with-tcp-wrappers \ --with-pam \ --with-kerberos5=/usr \ @@ -73,13 +75,17 @@ cd contrib make %{?_smp_mflags} gnome-ssh-askpass2 mv gnome-ssh-askpass2 gnome-ssh-askpass + %install -install -d -m 755 %buildroot/%_libexecdir/ssh/ -install contrib/gnome-ssh-askpass %buildroot/%_libexecdir/ssh/gnome-ssh-askpass +install -d -m 755 %{buildroot}%{_libexecdir}/ssh/ +install contrib/gnome-ssh-askpass %{buildroot}%{_libexecdir}/ssh/gnome-ssh-askpass + %files %defattr(-,root,root) -%dir %_libexecdir/ssh -%attr(0755,root,root) %_libexecdir/ssh/gnome-ssh-askpass +%dir %{_libexecdir}/ssh +%attr(0755,root,root) %{_libexecdir}/ssh/gnome-ssh-askpass + + %changelog diff --git a/openssh.changes b/openssh.changes index bd6f448..3a3f638 100644 --- a/openssh.changes +++ b/openssh.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Wed Oct 19 00:32:20 UTC 2011 - pcerny@suse.com + +- Update to 5.9p1 + * sandboxing privsep child through rlimit + ------------------------------------------------------------------- Fri Sep 16 09:43:47 UTC 2011 - jengelh@medozas.de diff --git a/openssh.spec b/openssh.spec index 7bb934e..3badb0b 100644 --- a/openssh.spec +++ b/openssh.spec @@ -18,7 +18,7 @@ Name: openssh -%define _fwdefdir %_sysconfdir/sysconfig/SuSEfirewall2.d/services +%define _fwdefdir %{_sysconfdir}/sysconfig/SuSEfirewall2.d/services %define _appdefdir %{_prefix}/share/X11/app-defaults BuildRequires: audit-devel krb5-devel openssl-devel pam-devel tcpd-devel xorg-x11-devel BuildRequires: libselinux-devel @@ -26,15 +26,15 @@ BuildRequires: libedit-devel License: BSD3c(or similar) ; MIT License (or similar) Group: Productivity/Networking/SSH Requires: /bin/netstat -PreReq: pwdutils %insserv_prereq %fillup_prereq coreutils +PreReq: pwdutils %{insserv_prereq} %{fillup_prereq} coreutils Conflicts: nonfreessh -Version: 5.8p2 +Version: 5.9p1 Release: 1 %define xversion 1.2.4.1 Summary: Secure Shell Client and Server (Remote Login Program) -URL: http://www.openssh.com/ +Url: http://www.openssh.com/ Source: %{name}-%{version}.tar.bz2 -Source1: %{name}-SuSE.tar.bz2 +Source1: sshd.init Source2: sshd.pamd Source3: x11-ssh-askpass-%{xversion}.tar.bz2 Source4: README.SuSE @@ -43,34 +43,37 @@ Source6: README.kerberos Source7: ssh.reg Source8: ssh-askpass Source9: sshd.fw -Patch: %{name}-5.8p1-sshd_config.diff -Patch1: %{name}-5.8p1-askpass-fix.diff -Patch2: %{name}-5.8p1-pam-fix2.diff -Patch3: %{name}-5.8p1-saveargv-fix.diff -Patch4: %{name}-5.8p1-pam-fix3.diff -Patch5: %{name}-5.8p1-gssapimitm.patch -Patch6: %{name}-5.8p1-eal3.diff -Patch7: %{name}-5.8p1-engines.diff -Patch8: %{name}-5.8p1-blocksigalrm.diff -Patch9: %{name}-5.8p1-send_locale.diff -Patch10: %{name}-5.8p1-xauthlocalhostname.diff -Patch12: %{name}-5.8p1-xauth.diff -Patch14: %{name}-5.8p1-default-protocol.diff -Patch15: %{name}-5.8p1-audit.patch -Patch16: %{name}-5.8p1-pts.diff -Patch17: %{name}-5.8p1-homechroot.patch -Patch18: %{name}-5.8p1-sshconfig-knownhostschanges.diff -Patch19: %{name}-5.8p1-host_ident.diff +Source10: sysconfig.ssh +Patch: %{name}-5.9p1-sshd_config.diff +Patch1: %{name}-5.9p1-askpass-fix.diff +Patch2: %{name}-5.9p1-pam-fix2.diff +Patch3: %{name}-5.9p1-saveargv-fix.diff +Patch4: %{name}-5.9p1-pam-fix3.diff +Patch5: %{name}-5.9p1-gssapimitm.patch +Patch6: %{name}-5.9p1-eal3.diff +Patch7: %{name}-5.9p1-engines.diff +Patch8: %{name}-5.9p1-blocksigalrm.diff +Patch9: %{name}-5.9p1-send_locale.diff +Patch10: %{name}-5.9p1-xauthlocalhostname.diff +Patch12: %{name}-5.9p1-xauth.diff +Patch14: %{name}-5.9p1-default-protocol.diff +Patch15: %{name}-5.9p1-audit.patch +Patch16: %{name}-5.9p1-pts.diff +Patch17: %{name}-5.9p1-homechroot.patch +Patch18: %{name}-5.9p1-sshconfig-knownhostschanges.diff +Patch19: %{name}-5.9p1-host_ident.diff Patch20: converter-linking.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build + %package askpass License: BSD3c(or similar) ; MIT License (or similar) Summary: A passphrase dialog for OpenSSH and the X Window System Requires: openssh = %{version} -Provides: openssh:%_libexecdir/ssh/ssh-askpass +Provides: openssh:%{_libexecdir}/ssh/ssh-askpass Group: Productivity/Networking/SSH + %description SSH (Secure Shell) is a program for logging into and executing commands on a remote machine. It is intended to replace rsh (rlogin and rsh) and @@ -86,7 +89,7 @@ for executing commands on a remote machine. This package contains an X Window System passphrase dialog for OpenSSH. %prep -%setup -q -b 3 -a 1 -a 5 +%setup -q -b 3 -a 5 %patch %patch2 %patch3 @@ -110,6 +113,7 @@ cp -v %{SOURCE6} . cd ../x11-ssh-askpass-%{xversion} %patch1 + %build autoreconf -fiv %ifarch s390 s390x %sparc @@ -117,20 +121,22 @@ PIEFLAGS="-fPIE" %else PIEFLAGS="-fpie" %endif -%configure --with-ssl-engine \ - CFLAGS="%optflags $PIEFLAGS -fstack-protector" \ - CXXFLAGS="%optflags $PIEFLAGS -fstack-protector" \ - LDFLAGS="-pie" \ +export CFLAGS="%{optflags} $PIEFLAGS -fstack-protector" +export CXXFLAGS="%{optflags} $PIEFLAGS -fstack-protector" +export LDFLAGS="-pie" +%configure \ + --with-ssl-engine \ %if 0%{suse_version} >= 1140 --with-libedit \ %endif - --sysconfdir=%_sysconfdir/ssh \ - --libexecdir=%_libexecdir/ssh \ + --sysconfdir=%{_sysconfdir}/ssh \ + --libexecdir=%{_libexecdir}/ssh \ --with-tcp-wrappers \ --with-selinux \ --with-pam \ --with-kerberos5=/usr \ --with-privsep-path=/var/lib/empty \ + --with-sandbox=rlimit \ --disable-strip \ --with-linux-audit \ --with-xauth=%{_prefix}/bin/xauth \ @@ -141,67 +147,77 @@ make %{?_smp_mflags} cd contrib cd ../../x11-ssh-askpass-%{xversion} %configure \ - --libexecdir=%_libdir/ssh + --libexecdir=%{_libdir}/ssh xmkmf -make includes USRLIBDIR=%_libdir -make %{?_smp_mflags} USRLIBDIR=%_libdir CCOPTIONS="%optflags" +make includes USRLIBDIR=%{_libdir} +make %{?_smp_mflags} USRLIBDIR=%{_libdir} CCOPTIONS="%{optflags}" + %install -make DESTDIR=%buildroot/ install -install -d -m 755 %buildroot%_sysconfdir/pam.d -install -d -m 755 %buildroot/var/lib/sshd -install -m 644 %{S:2} %buildroot%_sysconfdir/pam.d/sshd -install -d -m 755 %buildroot%_sysconfdir/slp.reg.d/ -install -m 644 %{S:7} %buildroot%_sysconfdir/slp.reg.d/ -cp -a SuSE/* %buildroot +make DESTDIR=%{buildroot}/ install +install -d -m 755 %{buildroot}%{_sysconfdir}/pam.d +install -d -m 755 %{buildroot}/var/lib/sshd +install -m 644 %{S:2} %{buildroot}%{_sysconfdir}/pam.d/sshd +install -d -m 755 %{buildroot}%{_sysconfdir}/slp.reg.d/ +install -m 644 %{S:7} %{buildroot}%{_sysconfdir}/slp.reg.d/ +install -d -m 755 %{buildroot}/etc/init.d +install -m 755 %{S:1} %{buildroot}/etc/init.d/sshd +ln -vs ../../etc/init.d/sshd %{buildroot}/usr/sbin/rcsshd +install -d -m 755 %{buildroot}/var/adm/fillup-templates +install -m 644 %{S:10} %{buildroot}/var/adm/fillup-templates # install shell script to automate the process of adding your public key to a remote machine -install -m 755 contrib/ssh-copy-id %buildroot%_bindir -install -m 644 contrib/ssh-copy-id.1 %buildroot/%_mandir/man1 -(cd converter; make install DESTDIR=%buildroot/) -cd ../x11-ssh-askpass-%xversion -make BINDIR=%_libexecdir/ssh DESTDIR=%buildroot install install.man -rm -rf %buildroot/%_libexecdir/ssh/ssh-askpass -sed -e "s@usr/lib/ssh@usr/%_lib/ssh@" < %{S:8} > %buildroot/%_libexecdir/ssh/ssh-askpass -rm -f %buildroot%_datadir/Ssh.bin -sed -i -e s@/usr/libexec@%_libexecdir@g %buildroot%_sysconfdir/ssh/sshd_config +install -m 755 contrib/ssh-copy-id %{buildroot}%{_bindir} +install -m 644 contrib/ssh-copy-id.1 %{buildroot}/%{_mandir}/man1 +(cd converter; make install DESTDIR=%{buildroot}/) +cd ../x11-ssh-askpass-%{xversion} +make BINDIR=%{_libexecdir}/ssh DESTDIR=%{buildroot} install install.man +rm -rf %{buildroot}/%{_libexecdir}/ssh/ssh-askpass +sed -e "s@usr/lib/ssh@usr/%{_lib}/ssh@" < %{S:8} > %{buildroot}/%{_libexecdir}/ssh/ssh-askpass +rm -f %{buildroot}%{_datadir}/Ssh.bin +sed -i -e s@/usr/libexec@%{_libexecdir}@g %{buildroot}%{_sysconfdir}/ssh/sshd_config #install firewall definitions format is described here: -#%_datadir/SuSEfirewall2/services/TEMPLATE -mkdir -p %buildroot/%{_fwdefdir} -install -m 644 %{S:9} %buildroot/%{_fwdefdir}/sshd +#%{_datadir}/SuSEfirewall2/services/TEMPLATE +mkdir -p %{buildroot}/%{_fwdefdir} +install -m 644 %{S:9} %{buildroot}/%{_fwdefdir}/sshd + %pre -getent group sshd >/dev/null || %_sbindir/groupadd -o -r sshd -getent passwd sshd >/dev/null || %_sbindir/useradd -r -g sshd -d /var/lib/sshd -s /bin/false -c "SSH daemon" sshd +getent group sshd >/dev/null || %{_sbindir}/groupadd -o -r sshd +getent passwd sshd >/dev/null || %{_sbindir}/useradd -r -g sshd -d /var/lib/sshd -s /bin/false -c "SSH daemon" sshd + %post %{fillup_and_insserv -n ssh sshd} + %preun %stop_on_removal sshd + %postun %restart_on_update sshd %{insserv_cleanup} + %files %defattr(-,root,root) %dir %attr(755,root,root) /var/lib/sshd %doc README.SuSE README.kerberos ChangeLog OVERVIEW README TODO LICENCE CREDITS -%attr(0755,root,root) %dir %_sysconfdir/ssh -%attr(0600,root,root) %config(noreplace) %_sysconfdir/ssh/moduli -%attr(0644,root,root) %config(noreplace) %_sysconfdir/ssh/ssh_config -%attr(0640,root,root) %config(noreplace) %_sysconfdir/ssh/sshd_config -%attr(0644,root,root) %config %_sysconfdir/pam.d/sshd -%attr(0755,root,root) %config %_initddir/sshd -%attr(0755,root,root) %_bindir/ssh -%_bindir/scp -%_bindir/sftp -%_bindir/slogin -%_bindir/ssh-* -%_sbindir/* +%attr(0755,root,root) %dir %{_sysconfdir}/ssh +%attr(0600,root,root) %config(noreplace) %{_sysconfdir}/ssh/moduli +%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/ssh/ssh_config +%attr(0640,root,root) %config(noreplace) %{_sysconfdir}/ssh/sshd_config +%attr(0644,root,root) %config %{_sysconfdir}/pam.d/sshd +%attr(0755,root,root) %config %{_initddir}/sshd +%attr(0755,root,root) %{_bindir}/ssh +%{_bindir}/scp +%{_bindir}/sftp +%{_bindir}/slogin +%{_bindir}/ssh-* +%{_sbindir}/* %attr(444,root,root) %doc %{_mandir}/man1/scp.1.gz %attr(444,root,root) %doc %{_mandir}/man1/ssh-keygen.1.gz -%attr(444,root,root) %doc %_mandir/man1/ssh-keyconverter.1.gz +%attr(444,root,root) %doc %{_mandir}/man1/ssh-keyconverter.1.gz %attr(444,root,root) %doc %{_mandir}/man1/ssh.1.gz %attr(444,root,root) %doc %{_mandir}/man1/slogin.1.gz %attr(444,root,root) %doc %{_mandir}/man1/ssh-agent.1* @@ -211,21 +227,24 @@ getent passwd sshd >/dev/null || %_sbindir/useradd -r -g sshd -d /var/lib/sshd - %attr(444,root,root) %doc %{_mandir}/man1/ssh-copy-id.1* %attr(444,root,root) %doc %{_mandir}/man5/* %attr(444,root,root) %doc %{_mandir}/man8/* -%attr(0755,root,root) %dir %_libexecdir/ssh -%attr(0755,root,root) %_libexecdir/ssh/sftp-server -%attr(0755,root,root) %_libexecdir/ssh/ssh-keysign -%attr(0755,root,root) %_libexecdir/ssh/ssh-pkcs11-helper -%dir %_sysconfdir/slp.reg.d -%config %_sysconfdir/slp.reg.d/ssh.reg +%attr(0755,root,root) %dir %{_libexecdir}/ssh +%attr(0755,root,root) %{_libexecdir}/ssh/sftp-server +%attr(0755,root,root) %{_libexecdir}/ssh/ssh-keysign +%attr(0755,root,root) %{_libexecdir}/ssh/ssh-pkcs11-helper +%dir %{_sysconfdir}/slp.reg.d +%config %{_sysconfdir}/slp.reg.d/ssh.reg /var/adm/fillup-templates/sysconfig.ssh %config %{_fwdefdir}/sshd + %files askpass %defattr(-,root,root) -%attr(0755,root,root) %_libexecdir/ssh/ssh-askpass -%attr(0755,root,root) %_libexecdir/ssh/x11-ssh-askpass -%doc %_mandir/man1/ssh-askpass.1x.gz -%doc %_mandir/man1/x11-ssh-askpass.1x.gz -%_appdefdir/SshAskpass +%attr(0755,root,root) %{_libexecdir}/ssh/ssh-askpass +%attr(0755,root,root) %{_libexecdir}/ssh/x11-ssh-askpass +%doc %{_mandir}/man1/ssh-askpass.1x.gz +%doc %{_mandir}/man1/x11-ssh-askpass.1x.gz +%{_appdefdir}/SshAskpass + + %changelog diff --git a/sshd.init b/sshd.init new file mode 100644 index 0000000..86ce3ba --- /dev/null +++ b/sshd.init @@ -0,0 +1,137 @@ +#! /bin/sh +# Copyright (c) 1995-2000 SuSE GmbH Nuernberg, Germany. +# +# Author: Jiri Smid +# +# /etc/init.d/sshd +# +# and symbolic its link +# +# /usr/sbin/rcsshd +# +### BEGIN INIT INFO +# Provides: sshd +# Required-Start: $network $remote_fs +# Required-Stop: $network $remote_fs +# Default-Start: 3 5 +# Default-Stop: 0 1 2 6 +# Description: Start the sshd daemon +### END INIT INFO + +SSHD_BIN=/usr/sbin/sshd +test -x $SSHD_BIN || exit 5 + +SSHD_SYSCONFIG=/etc/sysconfig/ssh +test -r $SSHD_SYSCONFIG || exit 6 +. $SSHD_SYSCONFIG + +SSHD_PIDFILE=/var/run/sshd.init.pid + +. /etc/rc.status + +# Shell functions sourced from /etc/rc.status: +# rc_check check and set local and overall rc status +# rc_status check and set local and overall rc status +# rc_status -v ditto but be verbose in local rc status +# rc_status -v -r ditto and clear the local rc status +# rc_failed set local and overall rc status to failed +# rc_reset clear local rc status (overall remains) +# rc_exit exit appropriate to overall rc status + +# First reset status of this service +rc_reset + +case "$1" in + start) + if ! grep -q '^[[:space:]]*HostKey[[:space:]]' /etc/ssh/sshd_config; then + if ! test -f /etc/ssh/ssh_host_key ; then + echo Generating /etc/ssh/ssh_host_key. + ssh-keygen -t rsa1 -b 2048 -f /etc/ssh/ssh_host_key -N '' + fi + if ! test -f /etc/ssh/ssh_host_dsa_key ; then + echo Generating /etc/ssh/ssh_host_dsa_key. + ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N '' + fi + if ! test -f /etc/ssh/ssh_host_rsa_key ; then + echo Generating /etc/ssh/ssh_host_rsa_key. + ssh-keygen -t rsa -b 2048 -f /etc/ssh/ssh_host_rsa_key -N '' + fi + if ! test -f /etc/ssh/ssh_host_ecdsa_key ; then + echo Generating /etc/ssh/ssh_host_ecdsa_key. + ssh-keygen -t ecdsa -b 256 -f /etc/ssh/ssh_host_ecdsa_key -N '' + fi + fi + echo -n "Starting SSH daemon" + ## Start daemon with startproc(8). If this fails + ## the echo return value is set appropriate. + + startproc -f $SSHD_BIN $SSHD_OPTS -o "PidFile=$SSHD_PIDFILE" + + # Remember status and be verbose + rc_status -v + ;; + stop) + echo -n "Shutting down SSH daemon" + ## Stop daemon with killproc(8) and if this fails + ## set echo the echo return value. + + killproc -p $SSHD_PIDFILE -TERM $SSHD_BIN + + # Remember status and be verbose + rc_status -v + ;; + try-restart) + ## Stop the service and if this succeeds (i.e. the + ## service was running before), start it again. + $0 status >/dev/null && $0 restart + + # Remember status and be quiet + rc_status + ;; + restart) + ## Stop the service and regardless of whether it was + ## running or not, start it again. + $0 stop + $0 start + + # Remember status and be quiet + rc_status + ;; + force-reload|reload) + ## Signal the daemon to reload its config. Most daemons + ## do this on signal 1 (SIGHUP). + + echo -n "Reload service sshd" + + killproc -p $SSHD_PIDFILE -HUP $SSHD_BIN + + rc_status -v + + ;; + status) + echo -n "Checking for service sshd " + ## Check status with checkproc(8), if process is running + ## checkproc will return with exit status 0. + + # Status has a slightly different for the status command: + # 0 - service running + # 1 - service dead, but /var/run/ pid file exists + # 2 - service dead, but /var/lock/ lock file exists + # 3 - service not running + + checkproc -p $SSHD_PIDFILE $SSHD_BIN + + rc_status -v + ;; + probe) + ## Optional: Probe for the necessity of a reload, + ## give out the argument which is required for a reload. + + test /etc/ssh/sshd_config -nt $SSHD_PIDFILE && echo reload + ;; + *) + echo "Usage: $0 {start|stop|status|try-restart|restart|force-reload|reload|probe}" + exit 1 + ;; +esac +rc_exit diff --git a/sysconfig.ssh b/sysconfig.ssh new file mode 100644 index 0000000..81c642a --- /dev/null +++ b/sysconfig.ssh @@ -0,0 +1,9 @@ +## Path: Network/Remote access/SSH +## Description: SSH server settings +## Type: string +## Default: "" +## ServiceRestart: sshd +# +# Options for sshd +# +SSHD_OPTS=""