Accepting request 866139 from home:hpjansson:branches:network

- Improve robustness of sshd init detection when upgrading from a pre-systemd distribution. - Add openssh-reenable-dh-group14-sha1-default.patch, which adds diffie-hellman-group14-sha1 key exchange back to the default list (bsc#1180958). This is needed for backwards compatibility with older platforms. OBS-URL: https://build.opensuse.org/request/show/866139 OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=224
2021-01-22 23:06:22 +00:00
parent dcc585e9d2
commit f66af91814
3 changed files with 66 additions and 5 deletions
--- a/openssh.spec
+++ b/openssh.spec
@@ -107,6 +107,7 @@ Patch39:        openssh-8.1p1-use-openssl-kdf.patch
 Patch40:        openssh-8.1p1-ed25519-use-openssl-rng.patch
 Patch41:        openssh-fips-ensure-approved-moduli.patch
 Patch42:        openssh-link-with-sk.patch
+Patch43:        openssh-reenable-dh-group14-sha1-default.patch
 BuildRequires:  audit-devel
 BuildRequires:  automake
 BuildRequires:  groff
@@ -129,6 +130,8 @@ BuildRequires:  pkgconfig(krb5)
 %else
 BuildRequires:  krb5-mini-devel
 %endif
+Requires(pre):  findutils
+Requires(pre):  grep

 %description
 SSH (Secure Shell) is a program for logging into and executing commands
@@ -166,6 +169,8 @@ Summary:        SSH (Secure Shell) server
 Group:          Productivity/Networking/SSH
 Requires:       %{name}-common = %{version}-%{release}
 Recommends:     audit
+Requires(pre):  findutils
+Requires(pre):  grep
 Requires(pre):  shadow
 Requires(post): %fillup_prereq
 Requires(post): permissions
@@ -350,8 +355,9 @@ mkdir -p %{_tmpenableddir} || :
 if [ -x %{_bindir}/systemctl ]; then
    %{_bindir}/systemctl is-enabled sshd > %{_tmpenabledfile} || :
 else
-    if [ x$(find %{_sysconfdir}/init.d/rc[35].d -name 'S*' -type l -exec readlink -f {} \; | grep sshd$ | uniq) \
-        == x%{_sysconfdir}/init.d/sshd ]; then echo "enabled" > %{_tmpenabledfile} || :; fi
+    if find %{_sysconfdir}/init.d/rc[35].d -type l -regex '.*/S[0-9]+sshd' \
+        -exec readlink -f {} \; | grep '/etc/init.d/sshd$' >/dev/null 2>&1
+    then echo "enabled" > %{_tmpenabledfile} || :; fi
 fi

 %pre server
@@ -362,14 +368,14 @@ getent passwd sshd >/dev/null || %{_sbindir}/useradd -r -g sshd -d %{_localstate
 test -f /etc/pam.d/sshd.rpmsave && mv -v /etc/pam.d/sshd.rpmsave /etc/pam.d/sshd.rpmsave.old ||:
 %endif

-
 # See %%pre.
 mkdir -p %{_tmpenableddir} || :
 if [ -x %{_bindir}/systemctl ]; then
    %{_bindir}/systemctl is-enabled sshd > %{_tmpenabledfile} || :
 else
-    if [ x$(find %{_sysconfdir}/init.d/rc[35].d -name 'S*' -type l -exec readlink -f {} \; | grep sshd$ | uniq) \
-        == x%{_sysconfdir}/init.d/sshd ]; then echo "enabled" > %{_tmpenabledfile} || :; fi
+    if find %{_sysconfdir}/init.d/rc[35].d -type l -regex '.*/S[0-9]+sshd' \
+        -exec readlink -f {} \; | grep '/etc/init.d/sshd$' >/dev/null 2>&1
+    then echo "enabled" > %{_tmpenabledfile} || :; fi
 fi

 %service_add_pre sshd.service