summaryrefslogtreecommitdiff
path: root/contrib/caldera/openssh.spec
diff options
context:
space:
mode:
authorTim Rice <tim@multitalents.net>2002-06-25 19:28:55 -0700
committerTim Rice <tim@multitalents.net>2002-06-25 19:28:55 -0700
commit6de3dfd929adaa1d0a05c98cd9df4a48ed534205 (patch)
tree32e8dba234839823033b6aa9f39739730b5217e7 /contrib/caldera/openssh.spec
parent40b011c7fe2aede4e43be7049f074ab7c2347b2c (diff)
[contrib/caldera/openssh.spec] add support for privsep
Diffstat (limited to 'contrib/caldera/openssh.spec')
-rw-r--r--contrib/caldera/openssh.spec26
1 files changed, 24 insertions, 2 deletions
diff --git a/contrib/caldera/openssh.spec b/contrib/caldera/openssh.spec
index 0a3c26931..37466c42c 100644
--- a/contrib/caldera/openssh.spec
+++ b/contrib/caldera/openssh.spec
@@ -11,6 +11,9 @@
11%define _sysconfdir /etc/ssh 11%define _sysconfdir /etc/ssh
12%define _libexecdir %{_libdir}/ssh 12%define _libexecdir %{_libdir}/ssh
13 13
14# Do we want to disable root_login? (1=yes 0=no)
15%define no_root_login 0
16
14#old cvs stuff. please update before use. may be deprecated. 17#old cvs stuff. please update before use. may be deprecated.
15%define use_stable 1 18%define use_stable 1
16%if %{use_stable} 19%if %{use_stable}
@@ -25,6 +28,10 @@
25%define xsa x11-ssh-askpass 28%define xsa x11-ssh-askpass
26%define askpass %{xsa}-1.2.4.1 29%define askpass %{xsa}-1.2.4.1
27 30
31# OpenSSH privilege separation requires a user & group ID
32%define sshd_uid 67
33%define sshd_gid 67
34
28Name : openssh 35Name : openssh
29Version : %{version}%{cvs} 36Version : %{version}%{cvs}
30Release : %{release} 37Release : %{release}
@@ -174,6 +181,9 @@ CFLAGS="$RPM_OPT_FLAGS" \
174 --with-pam \ 181 --with-pam \
175 --with-tcp-wrappers \ 182 --with-tcp-wrappers \
176 --with-ipv4-default \ 183 --with-ipv4-default \
184 --sysconfdir=%{_sysconfdir}/ssh \
185 --libexecdir=%{_libexecdir}/openssh \
186 --with-privsep-path=%{_var}/empty/sshd \
177 #leave this line for easy edits. 187 #leave this line for easy edits.
178 188
179%__make CFLAGS="$RPM_OPT_FLAGS" 189%__make CFLAGS="$RPM_OPT_FLAGS"
@@ -198,11 +208,17 @@ xmkmf
198 208
199# OpenLinux specific configuration 209# OpenLinux specific configuration
200mkdir -p %{buildroot}{/etc/pam.d,%{SVIcdir},%{SVIdir}} 210mkdir -p %{buildroot}{/etc/pam.d,%{SVIcdir},%{SVIdir}}
211mkdir -p %{buildroot}%{_var}/empty/sshd
201 212
202# enabling X11 forwarding on the server is convenient and okay, 213# enabling X11 forwarding on the server is convenient and okay,
203# on the client side it's a potential security risk! 214# on the client side it's a potential security risk!
204%__perl -pi -e 's:X11Forwarding no:X11Forwarding yes:g' \ 215%__perl -pi -e 's:#X11Forwarding no:X11Forwarding yes:g' \
216 %{buildroot}%{_sysconfdir}/sshd_config
217
218%if %{no_root_login}
219%__perl -pi -e 's:#PermitRootLogin yes:PermitRootLogin no:g' \
205 %{buildroot}%{_sysconfdir}/sshd_config 220 %{buildroot}%{_sysconfdir}/sshd_config
221%endif
206 222
207install -m644 contrib/caldera/sshd.pam %{buildroot}/etc/pam.d/sshd 223install -m644 contrib/caldera/sshd.pam %{buildroot}/etc/pam.d/sshd
208# FIXME: disabled, find out why this doesn't work with nis 224# FIXME: disabled, find out why this doesn't work with nis
@@ -265,6 +281,11 @@ rm %{buildroot}%{_mandir}/man1/slogin.1 && \
265/usr/sbin/ssh-host-keygen 281/usr/sbin/ssh-host-keygen
266: # to protect the rpm database 282: # to protect the rpm database
267 283
284%pre server
285%{_sbindir}/groupadd -g %{sshd_gid} sshd 2>/dev/null || :
286%{_sbindir}/useradd -d /var/empty/sshd -s /bin/false -u %{sshd_uid} \
287 -c "SSH Daemon virtual user" -g sshd sshd 2>/dev/null || :
288: # to protect the rpm database
268 289
269%Post server 290%Post server
270if [ -x %{LSBinit}-install ]; then 291if [ -x %{LSBinit}-install ]; then
@@ -312,6 +333,7 @@ fi
312 333
313%Files server 334%Files server
314%defattr(-,root,root) 335%defattr(-,root,root)
336%dir %attr(0700,root,root) %{_var}/empty/sshd
315%config %{SVIdir}/sshd 337%config %{SVIdir}/sshd
316%config /etc/pam.d/sshd 338%config /etc/pam.d/sshd
317%config %{_sysconfdir}/moduli 339%config %{_sysconfdir}/moduli
@@ -333,4 +355,4 @@ fi
333* Mon Jan 01 1998 ... 355* Mon Jan 01 1998 ...
334Template Version: 1.31 356Template Version: 1.31
335 357
336$Id: openssh.spec,v 1.34 2002/06/25 17:07:26 tim Exp $ 358$Id: openssh.spec,v 1.35 2002/06/26 02:28:56 tim Exp $