diff options
| author | Tim Rice <tim@multitalents.net> | 2002-06-25 19:28:55 -0700 |
|---|---|---|
| committer | Tim Rice <tim@multitalents.net> | 2002-06-25 19:28:55 -0700 |
| commit | 6de3dfd929adaa1d0a05c98cd9df4a48ed534205 (patch) | |
| tree | 32e8dba234839823033b6aa9f39739730b5217e7 /contrib/caldera/openssh.spec | |
| parent | 40b011c7fe2aede4e43be7049f074ab7c2347b2c (diff) | |
[contrib/caldera/openssh.spec] add support for privsep
Diffstat (limited to 'contrib/caldera/openssh.spec')
| -rw-r--r-- | contrib/caldera/openssh.spec | 26 |
1 files changed, 24 insertions, 2 deletions
diff --git a/contrib/caldera/openssh.spec b/contrib/caldera/openssh.spec index 0a3c26931..37466c42c 100644 --- a/contrib/caldera/openssh.spec +++ b/contrib/caldera/openssh.spec | |||
| @@ -11,6 +11,9 @@ | |||
| 11 | %define _sysconfdir /etc/ssh | 11 | %define _sysconfdir /etc/ssh |
| 12 | %define _libexecdir %{_libdir}/ssh | 12 | %define _libexecdir %{_libdir}/ssh |
| 13 | 13 | ||
| 14 | # Do we want to disable root_login? (1=yes 0=no) | ||
| 15 | %define no_root_login 0 | ||
| 16 | |||
| 14 | #old cvs stuff. please update before use. may be deprecated. | 17 | #old cvs stuff. please update before use. may be deprecated. |
| 15 | %define use_stable 1 | 18 | %define use_stable 1 |
| 16 | %if %{use_stable} | 19 | %if %{use_stable} |
| @@ -25,6 +28,10 @@ | |||
| 25 | %define xsa x11-ssh-askpass | 28 | %define xsa x11-ssh-askpass |
| 26 | %define askpass %{xsa}-1.2.4.1 | 29 | %define askpass %{xsa}-1.2.4.1 |
| 27 | 30 | ||
| 31 | # OpenSSH privilege separation requires a user & group ID | ||
| 32 | %define sshd_uid 67 | ||
| 33 | %define sshd_gid 67 | ||
| 34 | |||
| 28 | Name : openssh | 35 | Name : openssh |
| 29 | Version : %{version}%{cvs} | 36 | Version : %{version}%{cvs} |
| 30 | Release : %{release} | 37 | Release : %{release} |
| @@ -174,6 +181,9 @@ CFLAGS="$RPM_OPT_FLAGS" \ | |||
| 174 | --with-pam \ | 181 | --with-pam \ |
| 175 | --with-tcp-wrappers \ | 182 | --with-tcp-wrappers \ |
| 176 | --with-ipv4-default \ | 183 | --with-ipv4-default \ |
| 184 | --sysconfdir=%{_sysconfdir}/ssh \ | ||
| 185 | --libexecdir=%{_libexecdir}/openssh \ | ||
| 186 | --with-privsep-path=%{_var}/empty/sshd \ | ||
| 177 | #leave this line for easy edits. | 187 | #leave this line for easy edits. |
| 178 | 188 | ||
| 179 | %__make CFLAGS="$RPM_OPT_FLAGS" | 189 | %__make CFLAGS="$RPM_OPT_FLAGS" |
| @@ -198,11 +208,17 @@ xmkmf | |||
| 198 | 208 | ||
| 199 | # OpenLinux specific configuration | 209 | # OpenLinux specific configuration |
| 200 | mkdir -p %{buildroot}{/etc/pam.d,%{SVIcdir},%{SVIdir}} | 210 | mkdir -p %{buildroot}{/etc/pam.d,%{SVIcdir},%{SVIdir}} |
| 211 | mkdir -p %{buildroot}%{_var}/empty/sshd | ||
| 201 | 212 | ||
| 202 | # enabling X11 forwarding on the server is convenient and okay, | 213 | # enabling X11 forwarding on the server is convenient and okay, |
| 203 | # on the client side it's a potential security risk! | 214 | # on the client side it's a potential security risk! |
| 204 | %__perl -pi -e 's:X11Forwarding no:X11Forwarding yes:g' \ | 215 | %__perl -pi -e 's:#X11Forwarding no:X11Forwarding yes:g' \ |
| 216 | %{buildroot}%{_sysconfdir}/sshd_config | ||
| 217 | |||
| 218 | %if %{no_root_login} | ||
| 219 | %__perl -pi -e 's:#PermitRootLogin yes:PermitRootLogin no:g' \ | ||
| 205 | %{buildroot}%{_sysconfdir}/sshd_config | 220 | %{buildroot}%{_sysconfdir}/sshd_config |
| 221 | %endif | ||
| 206 | 222 | ||
| 207 | install -m644 contrib/caldera/sshd.pam %{buildroot}/etc/pam.d/sshd | 223 | install -m644 contrib/caldera/sshd.pam %{buildroot}/etc/pam.d/sshd |
| 208 | # FIXME: disabled, find out why this doesn't work with nis | 224 | # FIXME: disabled, find out why this doesn't work with nis |
| @@ -265,6 +281,11 @@ rm %{buildroot}%{_mandir}/man1/slogin.1 && \ | |||
| 265 | /usr/sbin/ssh-host-keygen | 281 | /usr/sbin/ssh-host-keygen |
| 266 | : # to protect the rpm database | 282 | : # to protect the rpm database |
| 267 | 283 | ||
| 284 | %pre server | ||
| 285 | %{_sbindir}/groupadd -g %{sshd_gid} sshd 2>/dev/null || : | ||
| 286 | %{_sbindir}/useradd -d /var/empty/sshd -s /bin/false -u %{sshd_uid} \ | ||
| 287 | -c "SSH Daemon virtual user" -g sshd sshd 2>/dev/null || : | ||
| 288 | : # to protect the rpm database | ||
| 268 | 289 | ||
| 269 | %Post server | 290 | %Post server |
| 270 | if [ -x %{LSBinit}-install ]; then | 291 | if [ -x %{LSBinit}-install ]; then |
| @@ -312,6 +333,7 @@ fi | |||
| 312 | 333 | ||
| 313 | %Files server | 334 | %Files server |
| 314 | %defattr(-,root,root) | 335 | %defattr(-,root,root) |
| 336 | %dir %attr(0700,root,root) %{_var}/empty/sshd | ||
| 315 | %config %{SVIdir}/sshd | 337 | %config %{SVIdir}/sshd |
| 316 | %config /etc/pam.d/sshd | 338 | %config /etc/pam.d/sshd |
| 317 | %config %{_sysconfdir}/moduli | 339 | %config %{_sysconfdir}/moduli |
| @@ -333,4 +355,4 @@ fi | |||
| 333 | * Mon Jan 01 1998 ... | 355 | * Mon Jan 01 1998 ... |
| 334 | Template Version: 1.31 | 356 | Template Version: 1.31 |
| 335 | 357 | ||
| 336 | $Id: openssh.spec,v 1.34 2002/06/25 17:07:26 tim Exp $ | 358 | $Id: openssh.spec,v 1.35 2002/06/26 02:28:56 tim Exp $ |