Accepting request 835301 from home:jengelh:branches:network

(re)based onto//includes 835039 - Move some Requires to the right subpackage. OBS-URL: https://build.opensuse.org/request/show/835301 OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=214
2020-09-18 17:44:52 +00:00
parent c5fddd4115
commit bda5168147
4 changed files with 104 additions and 39 deletions
--- a/openssh.spec
+++ b/openssh.spec
@@ -1,7 +1,7 @@
 #
 # spec file for package openssh
 #
-# Copyright (c) 2020 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2020 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -113,17 +113,8 @@ BuildRequires:  pkgconfig
 BuildRequires:  zlib-devel
 BuildRequires:  pkgconfig(libfido2)
 BuildRequires:  pkgconfig(libsystemd)
-Requires(post): %fillup_prereq
-Requires(pre):  shadow
-PreReq:         permissions
-Recommends:     %{name}-server = %{version}-%{release}
-Recommends:     %{name}-clients = %{version}-%{release}
-Recommends:     %{name}-helpers = %{version}-%{release}
-Recommends:     audit
-Conflicts:      %{name}-fips < %{version}-%{release}
-Conflicts:      %{name}-fips > %{version}-%{release}
-Conflicts:      nonfreessh
-%{?systemd_requires}
+Requires:       %{name}-clients = %{version}-%{release}
+Requires:       %{name}-server = %{version}-%{release}
 %if %{with tirpc}
 BuildRequires:  libtirpc-devel
 %endif
@@ -135,58 +126,112 @@ BuildRequires:  krb5-mini-devel

 %description
 SSH (Secure Shell) is a program for logging into and executing commands
-on a remote machine. It is intended to replace rsh (rlogin and rsh) and
-provides openssl (secure encrypted communication) between two untrusted
+on a remote machine. It replaces rsh (rlogin and rsh) and
+provides a secure encrypted communication between two untrusted
 hosts over an insecure network.

 xorg-x11 (X Window System) connections and arbitrary TCP/IP ports can
 also be forwarded over the secure channel.

+This is a dummy package that pulls in both the client and server
+components.
+
+%package common
+Summary:        SSH (Secure Shell) common files
+Group:          Productivity/Networking/SSH
+Conflicts:      nonfreessh
+Conflicts:      %{name}-fips < %{version}-%{release}
+Conflicts:      %{name}-fips > %{version}-%{release}
+
+%description common
+SSH (Secure Shell) is a program for logging into and executing commands
+on a remote machine. It replaces rsh (rlogin and rsh) and
+provides a secure encrypted communication between two untrusted
+hosts over an insecure network.
+
+xorg-x11 (X Window System) connections and arbitrary TCP/IP ports can
+also be forwarded over the secure channel.
+
+This package contains common files for the Secure Shell server and
+clients.
+
 %package server
 Summary:        SSH (Secure Shell) server
 Group:          Productivity/Networking/SSH
-Requires:       openssh = %{version}-%{release}
+Requires:       %{name}-common = %{version}-%{release}
+Recommends:     audit
+Requires(pre):  shadow
+Requires(post): %fillup_prereq
+Requires(post): permissions
+Provides:       openssh:%{_sbindir}/sshd

 %description server
-The SSH (Secure Shell) daemon allows clients to securely connect to your
-server.
+SSH (Secure Shell) is a program for logging into and executing commands
+on a remote machine. It replaces rsh (rlogin and rsh) and
+provides a secure encrypted communication between two untrusted
+hosts over an insecure network.
+
+xorg-x11 (X Window System) connections and arbitrary TCP/IP ports can
+also be forwarded over the secure channel.
+
+This package contains the Secure Shell daemon, which allows clients to
+securely connect to your server.

 %package clients
 Summary:        SSH (Secure Shell) client applications
 Group:          Productivity/Networking/SSH
-Requires:       openssh = %{version}-%{release}
+Requires:       %{name}-common = %{version}-%{release}
+Provides:       openssh:%{_bindir}/ssh

 %description clients
-This package contains clients for making secure connections to SSH (Secure
-Shell) servers.
+SSH (Secure Shell) is a program for logging into and executing commands
+on a remote machine. It replaces rsh (rlogin and rsh) and
+provides a secure encrypted communication between two untrusted
+hosts over an insecure network.
+
+xorg-x11 (X Window System) connections and arbitrary TCP/IP ports can
+also be forwarded over the secure channel.
+
+This package contains clients for making secure connections to Secure
+Shell servers.

 %package helpers
 Summary:        OpenSSH AuthorizedKeysCommand helpers
 Group:          Productivity/Networking/SSH
-Requires:       %{name} = %{version}-%{release}
+Requires:       %{name}-common = %{version}-%{release}

 %description helpers
-Helper applications for OpenSSH which retrieve keys from various sources.
+SSH (Secure Shell) is a program for logging into and executing commands
+on a remote machine. It replaces rsh (rlogin and rsh) and
+provides a secure encrypted communication between two untrusted
+hosts over an insecure network.
+
+xorg-x11 (X Window System) connections and arbitrary TCP/IP ports can
+also be forwarded over the secure channel.
+
+This package contains helper applications for OpenSSH which retrieve
+keys from various sources.

 %package fips
-Summary:        OpenSSH FIPS cryptomodule HMACs
+Summary:        OpenSSH FIPS crypto module HMACs
 Group:          Productivity/Networking/SSH
-Requires:       %{name} = %{version}-%{release}
-Conflicts:      %{name} < %{version}-%{release}
-Conflicts:      %{name} > %{version}-%{release}
+Requires:       %{name}-common = %{version}-%{release}
+Conflicts:      %{name}-common < %{version}-%{release}
+Conflicts:      %{name}-common > %{version}-%{release}
 Obsoletes:      %{name}-hmac

 %description fips
-Hashes that together with the main package form the FIPS certifiable
-cryptomodule.
+This package contains hashes that, together with the main openssh packages,
+form the FIPS certifiable crypto module.

 %package cavs
-Summary:        OpenSSH FIPS cryptomodule CAVS tests
+Summary:        OpenSSH FIPS crypto module CAVS tests
 Group:          Productivity/Networking/SSH
-Requires:       %{name} = %{version}-%{release}
+Requires:       %{name}-common = %{version}-%{release}

 %description cavs
-FIPS140 CAVS tests related parts of the OpenSSH package
+This package contains the FIPS140 CAVS (Cryptographic Algorithm
+Validation Program/Suite) related tests of OpenSSH.

 %prep
 %setup -q
@@ -305,7 +350,7 @@ getent passwd sshd >/dev/null || %{_sbindir}/useradd -r -g sshd -d %{_localstate
 # The openssh-fips trigger script for openssh will normally restart sshd once
 # it gets installed, so only restart the service here is openssh-fips is not
 # present
-rpm -q openssh-fips >& /dev/null && DISABLE_RESTART_ON_UPDATE=yes
+rpm -q openssh-fips >/dev/null 2>/dev/null && DISABLE_RESTART_ON_UPDATE=yes
 %service_del_postun sshd.service

 %triggerin -n openssh-fips -- %{name} = %{version}-%{release}
@@ -315,6 +360,11 @@ rpm -q openssh-fips >& /dev/null && DISABLE_RESTART_ON_UPDATE=yes
 %verify_permissions -e %{_sysconfdir}/ssh/sshd_config

 %files
+# openssh is an empty package that depends on -clients and -server,
+# resulting in a clean upgrade path from prior to the split even when
+# recommends are disabled.
+
+%files common
 %license LICENCE
 %doc README.SUSE README.kerberos README.FIPS ChangeLog OVERVIEW README TODO CREDITS
 %attr(0755,root,root) %dir %{_sysconfdir}/ssh