SHA256
1
0
forked from pool/openssh

Accepting request 887559 from home:hpjansson:openssh-tw

- Change vendor configuration dir from /usr/share/ssh/ to
  /usr/etc/ssh/.
- Remove upgrade enablement hack. This has been fixed in
  systemd-rpm-macros (bsc#1180083).

OBS-URL: https://build.opensuse.org/request/show/887559
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=230
This commit is contained in:
Hans Petter Jansson 2021-04-27 13:00:08 +00:00 committed by Git OBS Bridge
parent d13558019e
commit b0cebdb7b8
3 changed files with 22 additions and 56 deletions

View File

@ -51,7 +51,7 @@ diff -u openssh-8.4p1/pathnames.h openssh-8.4p1-vendor/pathnames.h
#define SSHDIR ETCDIR "/ssh"
#endif
+#define VENDORDIR "/usr/share/ssh"
+#define VENDORDIR "/usr/etc/ssh"
+
#ifndef _PATH_SSH_PIDDIR
#define _PATH_SSH_PIDDIR "/var/run"
@ -124,7 +124,7 @@ diff -u openssh-8.4p1/ssh_config.5 openssh-8.4p1-vendor/ssh_config.5
.Pq Pa /etc/ssh/ssh_config
+.It
+vendor configuration file
+.Pq Pa /usr/share/ssh/ssh_config
+.Pq Pa /usr/etc/ssh/ssh_config
.El
.Pp
For each parameter, the first obtained value
@ -132,7 +132,7 @@ diff -u openssh-8.4p1/ssh_config.5 openssh-8.4p1-vendor/ssh_config.5
values that are not specified in the user's configuration file, and
for those users who do not have a configuration file.
This file must be world-readable.
+.It Pa /usr/share/ssh/ssh_config
+.It Pa /usr/etc/ssh/ssh_config
+Vendor specific configuraiton file.
+This file provides the vendor defaults and is used as fallback if the
+.Ic /etc/ssh/ssh_config
@ -192,7 +192,7 @@ diff -u openssh-8.4p1/sshd_config.5 openssh-8.4p1-vendor/sshd_config.5
.Pa /etc/ssh/sshd_config
-(or the file specified with
+(
+.Pa /usr/share/ssh/sshd_config
+.Pa /usr/etc/ssh/sshd_config
+if the file does not exist or the file specified with
.Fl f
on the command line).

View File

@ -1,3 +1,11 @@
-------------------------------------------------------------------
Thu Apr 22 12:02:55 UTC 2021 - Hans Petter Jansson <hpj@suse.com>
- Change vendor configuration dir from /usr/share/ssh/ to
/usr/etc/ssh/.
- Remove upgrade enablement hack. This has been fixed in
systemd-rpm-macros (bsc#1180083).
-------------------------------------------------------------------
Wed Feb 24 13:20:37 UTC 2021 - Thorsten Kukuk <kukuk@suse.com>

View File

@ -29,8 +29,6 @@
%define _appdefdir %( grep "configdirspec=" $( which xmkmf ) | sed -r 's,^[^=]+=.*-I(.*)/config.*$,\\1/app-defaults,' )
%define CHECKSUM_SUFFIX .hmac
%define CHECKSUM_HMAC_KEY "HMAC_KEY:OpenSSH-FIPS@SLE"
%define _tmpenableddir %{_localstatedir}/lib/sshd
%define _tmpenabledfile %{_tmpenableddir}/is-enabled.rpmtmp
#Compat macro for new _fillupdir macro introduced in Nov 2017
%if ! %{defined _fillupdir}
@ -322,11 +320,11 @@ install -m 755 contrib/ssh-copy-id %{buildroot}%{_bindir}
install -m 644 contrib/ssh-copy-id.1 %{buildroot}%{_mandir}/man1
sed -i -e s@%{_prefix}/libexec@%{_libexecdir}@g %{buildroot}%{_sysconfdir}/ssh/sshd_config
# Move /etc to /usr/share/ssh
mkdir -p %{buildroot}%{_datadir}/ssh
mv %{buildroot}%{_sysconfdir}/ssh/moduli %{buildroot}%{_datadir}/ssh/
mv %{buildroot}%{_sysconfdir}/ssh/ssh_config %{buildroot}%{_datadir}/ssh/
mv %{buildroot}%{_sysconfdir}/ssh/sshd_config %{buildroot}%{_datadir}/ssh/
# Move /etc to /usr/etc/ssh
mkdir -p %{buildroot}%{_distconfdir}/ssh
mv %{buildroot}%{_sysconfdir}/ssh/moduli %{buildroot}%{_distconfdir}/ssh/
mv %{buildroot}%{_sysconfdir}/ssh/ssh_config %{buildroot}%{_distconfdir}/ssh/
mv %{buildroot}%{_sysconfdir}/ssh/sshd_config %{buildroot}%{_distconfdir}/ssh/
%if 0%{?suse_version} < 1550
# install firewall definitions
@ -363,52 +361,17 @@ done
}}
%pre
# Remember whether the sshd service was enabled prior to an upgrade. This
# is needed when upgrading to a split-off openssh-server package. The
# %%service_add_post scriptlet (in %%post server) will see it as a new service
# and apply the preset, disabling it. We need to reenable it afterwards if
# necessary.
mkdir -p %{_tmpenableddir} || :
if [ -x %{_bindir}/systemctl ]; then
%{_bindir}/systemctl is-enabled sshd > %{_tmpenabledfile} || :
else
if find %{_sysconfdir}/init.d/rc[35].d -type l -regex '.*/S[0-9]+sshd' \
-exec readlink -f {} \; | grep '/etc/init.d/sshd$' >/dev/null 2>&1
then echo "enabled" > %{_tmpenabledfile} || :; fi
fi
%pre server -f sshd.pre
%if %{defined _distconfdir}
# move outdated pam.d/*.rpmsave file away
test -f /etc/pam.d/sshd.rpmsave && mv -v /etc/pam.d/sshd.rpmsave /etc/pam.d/sshd.rpmsave.old ||:
%endif
# See %%pre.
mkdir -p %{_tmpenableddir} || :
if [ -x %{_bindir}/systemctl ]; then
%{_bindir}/systemctl is-enabled sshd > %{_tmpenabledfile} || :
else
if find %{_sysconfdir}/init.d/rc[35].d -type l -regex '.*/S[0-9]+sshd' \
-exec readlink -f {} \; | grep '/etc/init.d/sshd$' >/dev/null 2>&1
then echo "enabled" > %{_tmpenabledfile} || :; fi
fi
%service_add_pre sshd.service
%post server
%{fillup_only -n ssh}
%service_add_post sshd.service
#%set_permissions %{_sysconfdir}/ssh/sshd_config
# Work around %%service_add_post disabling the service on upgrades where
# the package name changed.
if [ -x %{_bindir}/systemctl ] && [ -f %{_tmpenabledfile} ] \
&& [ x$(cat %{_tmpenabledfile} || :) == "xenabled" ]; then
systemctl enable sshd || :
fi
rm -f %{_tmpenabledfile}
%preun server
%service_del_preun sshd.service
@ -433,9 +396,6 @@ test -f /etc/pam.d/sshd.rpmsave && mv -v /etc/pam.d/sshd.rpmsave /etc/pam.d/sshd
%triggerin -n openssh-fips -- %{name} = %{version}-%{release}
%restart_on_update sshd
#%verifyscript server
#%verify_permissions -e %{_sysconfdir}/ssh/sshd_config
%files
# openssh is an empty package that depends on -clients and -server,
# resulting in a clean upgrade path from prior to the split even when
@ -445,8 +405,8 @@ test -f /etc/pam.d/sshd.rpmsave && mv -v /etc/pam.d/sshd.rpmsave /etc/pam.d/sshd
%license LICENCE
%doc README.SUSE README.kerberos README.FIPS ChangeLog OVERVIEW README TODO CREDITS
%attr(0755,root,root) %dir %{_sysconfdir}/ssh
%attr(0755,root,root) %dir %{_datadir}/ssh
%attr(0600,root,root) %{_datadir}/ssh/moduli
%attr(0755,root,root) %dir %{_distconfdir}/ssh
%attr(0600,root,root) %{_distconfdir}/ssh/moduli
%attr(0444,root,root) %{_mandir}/man1/ssh-keygen.1*
%attr(0444,root,root) %{_mandir}/man5/moduli.5*
%attr(0755,root,root) %{_bindir}/ssh-keygen*
@ -457,8 +417,8 @@ test -f /etc/pam.d/sshd.rpmsave && mv -v /etc/pam.d/sshd.rpmsave /etc/pam.d/sshd
%attr(0755,root,root) %{_sbindir}/sshd-gen-keys-start
%dir %attr(0755,root,root) %{_localstatedir}/lib/sshd
%dir %attr(0755,root,root) %{_sysconfdir}/ssh/sshd_config.d
%attr(0755,root,root) %dir %{_datadir}/ssh
%attr(0640,root,root) %{_datadir}/ssh/sshd_config
%attr(0755,root,root) %dir %{_distconfdir}/ssh
%attr(0640,root,root) %{_distconfdir}/ssh/sshd_config
%if %{defined _distconfdir}
%attr(0644,root,root) %{_distconfdir}/pam.d/sshd
%else
@ -480,10 +440,8 @@ test -f /etc/pam.d/sshd.rpmsave && mv -v /etc/pam.d/sshd.rpmsave /etc/pam.d/sshd
%endif
%files clients
#%verify(not mode) %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/ssh/ssh_config
%attr(0755,root,root) %dir %{_datadir}/ssh
%dir %attr(0755,root,root) %{_sysconfdir}/ssh/ssh_config.d
%attr(0644,root,root) %{_datadir}/ssh/ssh_config
%attr(0644,root,root) %{_distconfdir}/ssh/ssh_config
%attr(0755,root,root) %{_bindir}/ssh
%attr(0755,root,root) %{_bindir}/scp*
%attr(0755,root,root) %{_bindir}/sftp*