- (djm) Cleanup Redhat RPMs. Generate keys at runtime rather than install

   time, spec file cleanup.

3 files changed, 136 insertions, 52 deletions

diff --git a/contrib/redhat/openssh.spec b/contrib/redhat/openssh.spec
index e1feb778e..e593f2813 100644
--- a/contrib/redhat/openssh.spec
+++ b/contrib/redhat/openssh.spec
@@ -1,5 +1,5 @@
 # Version of OpenSSH
-%define oversion 2.1.1p4
+%define oversion 2.1.1p5
 
 # Version of ssh-askpass
 %define aversion 1.0
@@ -14,9 +14,9 @@ Summary: OpenSSH free Secure Shell (SSH) implementation
 Name: openssh
 Version: %{oversion}
 Release: 1
-Packager: Damien Miller <djm@ibs.com.au>
+Packager: Damien Miller <djm@mindrot.org>
 URL: http://www.openssh.com/
-Source0: http://violet.ibs.com.au/openssh/files/openssh-%{oversion}.tar.gz
+Source0: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{oversion}.tar.gz
 Source1: http://www.ntrnet.net/~jmknoble/software/x11-ssh-askpass/x11-ssh-askpass-%{aversion}.tar.gz
 Copyright: BSD
 Group: Applications/Internet
@@ -27,14 +27,14 @@ Requires: openssl >= 0.9.5a
 BuildPreReq: perl
 BuildPreReq: openssl-devel
 BuildPreReq: tcp_wrappers
-%if ! %{no_x11_askpass}
+%if ! %{no_gnome_askpass}
 BuildPreReq: gnome-libs-devel
 %endif
 
 %package clients
 Summary: OpenSSH Secure Shell protocol clients
 Requires: openssh
-Group: System Environment/Daemons
+Group: Applications/Internet
 Obsoletes: ssh-clients
 
 %package server
@@ -127,6 +127,9 @@ patented algorithms to seperate libraries (OpenSSL).
 This package contains the GNOME passphrase dialog.
 
 %changelog
+* Tue Aug 08 2000 Damien Miller <djm@mindrot.org>
+- Some surgery to sshd.init (generate keys at runtime)
+- Cleanup of groups and removal of keygen calls
 * Wed Jul 12 2000 Damien Miller <djm@mindrot.org>
 - Make building of X11-askpass and gnome-askpass optional
 * Mon Jun 12 2000 Damien Miller <djm@mindrot.org>
@@ -208,20 +211,12 @@ rm -rf $RPM_BUILD_ROOT
 
 %post server
 /sbin/chkconfig --add sshd
-if [ ! -f /etc/ssh/ssh_host_key -o ! -s /etc/ssh/ssh_host_key ]; then
-        /usr/bin/ssh-keygen -b 1024 -f /etc/ssh/ssh_host_key -N '' >&2
-fi
-if [ ! -f /etc/ssh/ssh_host_dsa_key -o ! -s /etc/ssh/ssh_host_dsa_key ]; then
-        /usr/bin/ssh-keygen -d -f /etc/ssh/ssh_host_dsa_key -N '' >&2
-fi
-if test -r /var/run/sshd.pid
-then
+if test -r /var/run/sshd.pid ; then
         /etc/rc.d/init.d/sshd restart >&2
 fi
 
 %preun server
-if [ "$1" = 0 ]
-then
+if [ "$1" = 0 ] ; then
         /etc/rc.d/init.d/sshd stop >&2
         /sbin/chkconfig --del sshd
 fi
@@ -272,4 +267,3 @@ fi
 %defattr(-,root,root)
 %attr(0755,root,root) /usr/libexec/ssh/gnome-ssh-askpass
 %endif
-
diff --git a/contrib/redhat/sshd.init b/contrib/redhat/sshd.init
index cac91bb51..487d12897 100755
--- a/contrib/redhat/sshd.init
+++ b/contrib/redhat/sshd.init
@@ -17,44 +17,73 @@
 
 RETVAL=0
 
-case "$1" in
-  start)
-        echo -n "Starting sshd: "
-        if [ ! -f /var/run/sshd.pid ] ; then
-          case "`type -type success`" in
-            function)
-              /usr/sbin/sshd && success "sshd startup" || failure "sshd startup"
-              RETVAL=$?
-            ;;
-            *)
-              /usr/sbin/sshd && echo -n "sshd "
-              RETVAL=$?
-            ;;
-          esac
-          [ $RETVAL -eq 0 ] && touch /var/lock/subsys/sshd
+# Some functions to make the below more readable
+KEYGEN=/usr/bin/ssh-keygen
+RSA_KEY=/etc/ssh/ssh_host_key
+DSA_KEY=/etc/ssh/ssh_host_dsa_key
+PID_FILE=/var/run/sshd.pid
+do_rsa_keygen() {
+        if $KEYGEN -R && ! test -f $RSA_KEY ; then
+                echo -n "Generating SSH RSA host key: "
+                if $KEYGEN -q -b 1024 -f $RSA_KEY -C '' -N '' >&/dev/null; then
+                        success "RSA key generation"
+                        echo
+                else
+                        failure "RSA key generation"
+                        echo
+                        exit 1
+                fi
         fi
-        echo
-        ;;
-  stop)
-        echo -n "Shutting down sshd: "
-        if [ -f /var/run/sshd.pid ] ; then
-                killproc sshd
+}
+do_dsa_keygen() {
+        if ! test -f $DSA_KEY ; then
+                echo -n "Generating SSH DSA host key: "
+                if $KEYGEN -q -d -b 1024 -f $DSA_KEY -C '' -N '' >&/dev/null; then
+                        success "DSA key generation"
+                        echo
+                else
+                        failure "DSA key generation"
+                        echo
+                        exit 1
+                fi
         fi
-        echo
-        [ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/sshd
-        ;;
-  restart)
-        $0 stop
-        $0 start
-        RETVAL=$?
-        ;;
-  status)
-        status sshd
-        RETVAL=$?
-        ;;
-  *)
-        echo "Usage: sshd {start|stop|restart|status}"
-        exit 1
+}
+
+case "$1" in
+        start)
+                # Create keys if necessary
+                do_rsa_keygen;
+                do_dsa_keygen;
+                
+                echo -n "Starting sshd: "
+                if [ ! -f $PID_FILE ] ; then
+                        daemon sshd
+                        RETVAL=$?
+                        touch /var/lock/subsys/sshd
+                fi
+                echo
+                ;;
+        stop)
+                echo -n "Shutting down sshd: "
+                if [ -f $PID_FILE ] ; then
+                        killproc sshd
+                        [ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/sshd
+                fi
+                echo
+                ;;
+        restart)
+                $0 stop
+                $0 start
+                RETVAL=$?
+                ;;
+        status)
+                status sshd
+                RETVAL=$?
+                ;;
+        *)
+                echo "Usage: sshd {start|stop|restart|status}"
+                exit 1
+                ;;
 esac
 
 exit $RETVAL
diff --git a/contrib/redhat/sshd.init-5.x b/contrib/redhat/sshd.init-5.x
new file mode 100755
index 000000000..e836b6919
--- /dev/null
+++ b/contrib/redhat/sshd.init-5.x
@@ -0,0 +1,61 @@
+#!/bin/bash
+
+# Init file for OpenSSH server daemon
+#
+# chkconfig: 2345 55 25
+# description: OpenSSH server daemon
+#
+# processname: sshd
+# config: /etc/ssh/ssh_host_key
+# config: /etc/ssh/ssh_host_key.pub
+# config: /etc/ssh/ssh_random_seed
+# config: /etc/ssh/sshd_config
+# pidfile: /var/run/sshd.pid
+
+# source function library
+. /etc/rc.d/init.d/functions
+
+RETVAL=0
+
+case "$1" in
+        start)
+                echo -n "Starting sshd: "
+                if [ ! -f /var/run/sshd.pid ] ; then
+                        case "`type -type success`" in
+                                function)
+                                        /usr/sbin/sshd && success "sshd startup" || failure "sshd startup"
+                                        RETVAL=$?
+                                        ;;
+                                *)
+                                        /usr/sbin/sshd && echo -n "sshd "
+                                        RETVAL=$?
+                                        ;;
+                        esac
+                        [ $RETVAL -eq 0 ] && touch /var/lock/subsys/sshd
+                fi
+                echo
+                ;;
+        stop)
+                echo -n "Shutting down sshd: "
+                if [ -f /var/run/sshd.pid ] ; then
+                        killproc sshd
+                fi
+                echo
+                [ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/sshd
+                ;;
+        restart)
+                $0 stop
+                $0 start
+                RETVAL=$?
+                ;;
+        status)
+                status sshd
+                RETVAL=$?
+                ;;
+        *)
+                echo "Usage: sshd {start|stop|restart|status}"
+                exit 1
+                ;;
+esac
+
+exit $RETVAL