rpm/openssh
SHA256
1
0
Fork 0
forked from pool/openssh
Code Pull Requests Activity

Accepting request 887559 from home:hpjansson:openssh-tw

Browse Source 
- Change vendor configuration dir from /usr/share/ssh/ to
  /usr/etc/ssh/.
- Remove upgrade enablement hack. This has been fixed in
  systemd-rpm-macros (bsc#1180083).

OBS-URL: https://build.opensuse.org/request/show/887559
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=230
This commit is contained in:
Hans Petter Jansson
2021-04-27 13:00:08 +00:00
committed by Git OBS Bridge
parent d13558019e
commit b0cebdb7b8
3 changed files with 22 additions and 56 deletions
Download Patch File Download Diff File Expand all files Collapse all files

62
openssh.spec
View File

@@ -29,8 +29,6 @@
%define _appdefdir %( grep "configdirspec=" $( which xmkmf ) | sed -r 's,^[^=]+=.*-I(.*)/config.*$,\\1/app-defaults,' )
%define CHECKSUM_SUFFIX .hmac
%define CHECKSUM_HMAC_KEY "HMAC_KEY:OpenSSH-FIPS@SLE"
%define _tmpenableddir %{_localstatedir}/lib/sshd
%define _tmpenabledfile %{_tmpenableddir}/is-enabled.rpmtmp
#Compat macro for new _fillupdir macro introduced in Nov 2017
%if ! %{defined _fillupdir}
@@ -322,11 +320,11 @@ install -m 755 contrib/ssh-copy-id %{buildroot}%{_bindir}
install -m 644 contrib/ssh-copy-id.1 %{buildroot}%{_mandir}/man1
sed -i -e s@%{_prefix}/libexec@%{_libexecdir}@g %{buildroot}%{_sysconfdir}/ssh/sshd_config
# Move /etc to /usr/share/ssh
mkdir -p %{buildroot}%{_datadir}/ssh
mv %{buildroot}%{_sysconfdir}/ssh/moduli %{buildroot}%{_datadir}/ssh/
mv %{buildroot}%{_sysconfdir}/ssh/ssh_config %{buildroot}%{_datadir}/ssh/
mv %{buildroot}%{_sysconfdir}/ssh/sshd_config %{buildroot}%{_datadir}/ssh/
# Move /etc to /usr/etc/ssh
mkdir -p %{buildroot}%{_distconfdir}/ssh
mv %{buildroot}%{_sysconfdir}/ssh/moduli %{buildroot}%{_distconfdir}/ssh/
mv %{buildroot}%{_sysconfdir}/ssh/ssh_config %{buildroot}%{_distconfdir}/ssh/
mv %{buildroot}%{_sysconfdir}/ssh/sshd_config %{buildroot}%{_distconfdir}/ssh/
%if 0%{?suse_version} < 1550
# install firewall definitions
@@ -363,52 +361,17 @@ done
}}
%pre
# Remember whether the sshd service was enabled prior to an upgrade. This
# is needed when upgrading to a split-off openssh-server package. The
# %%service_add_post scriptlet (in %%post server) will see it as a new service
# and apply the preset, disabling it. We need to reenable it afterwards if
# necessary.
mkdir -p %{_tmpenableddir} || :
if [ -x %{_bindir}/systemctl ]; then
%{_bindir}/systemctl is-enabled sshd > %{_tmpenabledfile} || :
else
if find %{_sysconfdir}/init.d/rc[35].d -type l -regex '.*/S[0-9]+sshd' \
-exec readlink -f {} \; | grep '/etc/init.d/sshd$' >/dev/null 2>&1
then echo "enabled" > %{_tmpenabledfile} || :; fi
fi
%pre server -f sshd.pre
%if %{defined _distconfdir}
# move outdated pam.d/*.rpmsave file away
test -f /etc/pam.d/sshd.rpmsave && mv -v /etc/pam.d/sshd.rpmsave /etc/pam.d/sshd.rpmsave.old ||:
%endif
# See %%pre.
mkdir -p %{_tmpenableddir} || :
if [ -x %{_bindir}/systemctl ]; then
%{_bindir}/systemctl is-enabled sshd > %{_tmpenabledfile} || :
else
if find %{_sysconfdir}/init.d/rc[35].d -type l -regex '.*/S[0-9]+sshd' \
-exec readlink -f {} \; | grep '/etc/init.d/sshd$' >/dev/null 2>&1
then echo "enabled" > %{_tmpenabledfile} || :; fi
fi
%service_add_pre sshd.service
%post server
%{fillup_only -n ssh}
%service_add_post sshd.service
#%set_permissions %{_sysconfdir}/ssh/sshd_config
# Work around %%service_add_post disabling the service on upgrades where
# the package name changed.
if [ -x %{_bindir}/systemctl ] && [ -f %{_tmpenabledfile} ] \
&& [ x$(cat %{_tmpenabledfile} || :) == "xenabled" ]; then
systemctl enable sshd || :
fi
rm -f %{_tmpenabledfile}
%preun server
%service_del_preun sshd.service
@@ -433,9 +396,6 @@ test -f /etc/pam.d/sshd.rpmsave && mv -v /etc/pam.d/sshd.rpmsave /etc/pam.d/sshd
%triggerin -n openssh-fips -- %{name} = %{version}-%{release}
%restart_on_update sshd
#%verifyscript server
#%verify_permissions -e %{_sysconfdir}/ssh/sshd_config
%files
# openssh is an empty package that depends on -clients and -server,
# resulting in a clean upgrade path from prior to the split even when
@@ -445,8 +405,8 @@ test -f /etc/pam.d/sshd.rpmsave && mv -v /etc/pam.d/sshd.rpmsave /etc/pam.d/sshd
%license LICENCE
%doc README.SUSE README.kerberos README.FIPS ChangeLog OVERVIEW README TODO CREDITS
%attr(0755,root,root) %dir %{_sysconfdir}/ssh
%attr(0755,root,root) %dir %{_datadir}/ssh
%attr(0600,root,root) %{_datadir}/ssh/moduli
%attr(0755,root,root) %dir %{_distconfdir}/ssh
%attr(0600,root,root) %{_distconfdir}/ssh/moduli
%attr(0444,root,root) %{_mandir}/man1/ssh-keygen.1*
%attr(0444,root,root) %{_mandir}/man5/moduli.5*
%attr(0755,root,root) %{_bindir}/ssh-keygen*
@@ -457,8 +417,8 @@ test -f /etc/pam.d/sshd.rpmsave && mv -v /etc/pam.d/sshd.rpmsave /etc/pam.d/sshd
%attr(0755,root,root) %{_sbindir}/sshd-gen-keys-start
%dir %attr(0755,root,root) %{_localstatedir}/lib/sshd
%dir %attr(0755,root,root) %{_sysconfdir}/ssh/sshd_config.d
%attr(0755,root,root) %dir %{_datadir}/ssh
%attr(0640,root,root) %{_datadir}/ssh/sshd_config
%attr(0755,root,root) %dir %{_distconfdir}/ssh
%attr(0640,root,root) %{_distconfdir}/ssh/sshd_config
%if %{defined _distconfdir}
%attr(0644,root,root) %{_distconfdir}/pam.d/sshd
%else
@@ -480,10 +440,8 @@ test -f /etc/pam.d/sshd.rpmsave && mv -v /etc/pam.d/sshd.rpmsave /etc/pam.d/sshd
%endif
%files clients
#%verify(not mode) %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/ssh/ssh_config
%attr(0755,root,root) %dir %{_datadir}/ssh
%dir %attr(0755,root,root) %{_sysconfdir}/ssh/ssh_config.d
%attr(0644,root,root) %{_datadir}/ssh/ssh_config
%attr(0644,root,root) %{_distconfdir}/ssh/ssh_config
%attr(0755,root,root) %{_bindir}/ssh
%attr(0755,root,root) %{_bindir}/scp*
%attr(0755,root,root) %{_bindir}/sftp*