diff options
Diffstat (limited to 'contrib/redhat')
-rw-r--r-- | contrib/redhat/openssh.spec | 69 | ||||
-rwxr-xr-x | contrib/redhat/sshd.init | 1 | ||||
-rwxr-xr-x | contrib/redhat/sshd.init.old | 17 |
3 files changed, 52 insertions, 35 deletions
diff --git a/contrib/redhat/openssh.spec b/contrib/redhat/openssh.spec index a96a36e49..a0d5e2071 100644 --- a/contrib/redhat/openssh.spec +++ b/contrib/redhat/openssh.spec | |||
@@ -1,5 +1,5 @@ | |||
1 | %define ver 7.6p1 | 1 | %define ver 7.7p1 |
2 | %define rel 1 | 2 | %define rel 1%{?dist} |
3 | 3 | ||
4 | # OpenSSH privilege separation requires a user & group ID | 4 | # OpenSSH privilege separation requires a user & group ID |
5 | %define sshd_uid 74 | 5 | %define sshd_uid 74 |
@@ -23,8 +23,19 @@ | |||
23 | # Use GTK2 instead of GNOME in gnome-ssh-askpass | 23 | # Use GTK2 instead of GNOME in gnome-ssh-askpass |
24 | %define gtk2 1 | 24 | %define gtk2 1 |
25 | 25 | ||
26 | # Is this build for RHL 6.x? | 26 | # Use build6x options for older RHEL builds |
27 | # RHEL 7 not yet supported | ||
28 | %if 0%{?rhel} > 6 | ||
27 | %define build6x 0 | 29 | %define build6x 0 |
30 | %else | ||
31 | %define build6x 1 | ||
32 | %endif | ||
33 | |||
34 | %if 0%{?fedora} >= 26 | ||
35 | %define compat_openssl 1 | ||
36 | %else | ||
37 | %define compat_openssl 0 | ||
38 | %endif | ||
28 | 39 | ||
29 | # Do we want kerberos5 support (1=yes 0=no) | 40 | # Do we want kerberos5 support (1=yes 0=no) |
30 | %define kerberos5 1 | 41 | %define kerberos5 1 |
@@ -64,7 +75,7 @@ | |||
64 | %define kerberos5 0 | 75 | %define kerberos5 0 |
65 | %endif | 76 | %endif |
66 | 77 | ||
67 | Summary: The OpenSSH implementation of SSH protocol versions 1 and 2. | 78 | Summary: The OpenSSH implementation of SSH protocol version 2. |
68 | Name: openssh | 79 | Name: openssh |
69 | Version: %{ver} | 80 | Version: %{ver} |
70 | %if %{rescue} | 81 | %if %{rescue} |
@@ -74,9 +85,7 @@ Release: %{rel} | |||
74 | %endif | 85 | %endif |
75 | URL: https://www.openssh.com/portable.html | 86 | URL: https://www.openssh.com/portable.html |
76 | Source0: https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz | 87 | Source0: https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz |
77 | %if ! %{no_x11_askpass} | ||
78 | Source1: http://www.jmknoble.net/software/x11-ssh-askpass/x11-ssh-askpass-%{aversion}.tar.gz | 88 | Source1: http://www.jmknoble.net/software/x11-ssh-askpass/x11-ssh-askpass-%{aversion}.tar.gz |
79 | %endif | ||
80 | License: BSD | 89 | License: BSD |
81 | Group: Applications/Internet | 90 | Group: Applications/Internet |
82 | BuildRoot: %{_tmppath}/%{name}-%{version}-buildroot | 91 | BuildRoot: %{_tmppath}/%{name}-%{version}-buildroot |
@@ -86,7 +95,13 @@ PreReq: initscripts >= 5.00 | |||
86 | %else | 95 | %else |
87 | Requires: initscripts >= 5.20 | 96 | Requires: initscripts >= 5.20 |
88 | %endif | 97 | %endif |
89 | BuildRequires: perl, openssl-devel | 98 | BuildRequires: perl |
99 | %if %{compat_openssl} | ||
100 | BuildRequires: compat-openssl10-devel | ||
101 | %else | ||
102 | BuildRequires: openssl-devel >= 1.0.1 | ||
103 | BuildRequires: openssl-devel < 1.1 | ||
104 | %endif | ||
90 | BuildRequires: /bin/login | 105 | BuildRequires: /bin/login |
91 | %if ! %{build6x} | 106 | %if ! %{build6x} |
92 | BuildRequires: glibc-devel, pam | 107 | BuildRequires: glibc-devel, pam |
@@ -95,6 +110,12 @@ BuildRequires: /usr/include/security/pam_appl.h | |||
95 | %endif | 110 | %endif |
96 | %if ! %{no_x11_askpass} | 111 | %if ! %{no_x11_askpass} |
97 | BuildRequires: /usr/include/X11/Xlib.h | 112 | BuildRequires: /usr/include/X11/Xlib.h |
113 | # Xt development tools | ||
114 | BuildRequires: libXt-devel | ||
115 | # Provides xmkmf | ||
116 | BuildRequires: imake | ||
117 | # Rely on relatively recent gtk | ||
118 | BuildRequires: gtk2-devel | ||
98 | %endif | 119 | %endif |
99 | %if ! %{no_gnome_askpass} | 120 | %if ! %{no_gnome_askpass} |
100 | BuildRequires: pkgconfig | 121 | BuildRequires: pkgconfig |
@@ -183,11 +204,6 @@ environment. | |||
183 | CFLAGS="$RPM_OPT_FLAGS -Os"; export CFLAGS | 204 | CFLAGS="$RPM_OPT_FLAGS -Os"; export CFLAGS |
184 | %endif | 205 | %endif |
185 | 206 | ||
186 | %if %{kerberos5} | ||
187 | K5DIR=`rpm -ql krb5-devel | grep 'include/krb5\.h' | sed 's,\/include\/krb5.h,,'` | ||
188 | echo K5DIR=$K5DIR | ||
189 | %endif | ||
190 | |||
191 | %configure \ | 207 | %configure \ |
192 | --sysconfdir=%{_sysconfdir}/ssh \ | 208 | --sysconfdir=%{_sysconfdir}/ssh \ |
193 | --libexecdir=%{_libexecdir}/openssh \ | 209 | --libexecdir=%{_libexecdir}/openssh \ |
@@ -196,6 +212,9 @@ echo K5DIR=$K5DIR | |||
196 | --with-superuser-path=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin \ | 212 | --with-superuser-path=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin \ |
197 | --with-privsep-path=%{_var}/empty/sshd \ | 213 | --with-privsep-path=%{_var}/empty/sshd \ |
198 | --with-md5-passwords \ | 214 | --with-md5-passwords \ |
215 | --mandir=%{_mandir} \ | ||
216 | --with-mantype=man \ | ||
217 | --disable-strip \ | ||
199 | %if %{scard} | 218 | %if %{scard} |
200 | --with-smartcard \ | 219 | --with-smartcard \ |
201 | %endif | 220 | %endif |
@@ -262,12 +281,12 @@ install -m644 contrib/redhat/sshd.pam $RPM_BUILD_ROOT/etc/pam.d/sshd | |||
262 | install -m755 contrib/redhat/sshd.init $RPM_BUILD_ROOT/etc/rc.d/init.d/sshd | 281 | install -m755 contrib/redhat/sshd.init $RPM_BUILD_ROOT/etc/rc.d/init.d/sshd |
263 | 282 | ||
264 | %if ! %{no_x11_askpass} | 283 | %if ! %{no_x11_askpass} |
265 | install -s x11-ssh-askpass-%{aversion}/x11-ssh-askpass $RPM_BUILD_ROOT%{_libexecdir}/openssh/x11-ssh-askpass | 284 | install x11-ssh-askpass-%{aversion}/x11-ssh-askpass $RPM_BUILD_ROOT%{_libexecdir}/openssh/x11-ssh-askpass |
266 | ln -s x11-ssh-askpass $RPM_BUILD_ROOT%{_libexecdir}/openssh/ssh-askpass | 285 | ln -s x11-ssh-askpass $RPM_BUILD_ROOT%{_libexecdir}/openssh/ssh-askpass |
267 | %endif | 286 | %endif |
268 | 287 | ||
269 | %if ! %{no_gnome_askpass} | 288 | %if ! %{no_gnome_askpass} |
270 | install -s contrib/gnome-ssh-askpass $RPM_BUILD_ROOT%{_libexecdir}/openssh/gnome-ssh-askpass | 289 | install contrib/gnome-ssh-askpass $RPM_BUILD_ROOT%{_libexecdir}/openssh/gnome-ssh-askpass |
271 | %endif | 290 | %endif |
272 | 291 | ||
273 | %if ! %{scard} | 292 | %if ! %{scard} |
@@ -391,7 +410,7 @@ fi | |||
391 | %doc x11-ssh-askpass-%{aversion}/README | 410 | %doc x11-ssh-askpass-%{aversion}/README |
392 | %doc x11-ssh-askpass-%{aversion}/ChangeLog | 411 | %doc x11-ssh-askpass-%{aversion}/ChangeLog |
393 | %doc x11-ssh-askpass-%{aversion}/SshAskpass*.ad | 412 | %doc x11-ssh-askpass-%{aversion}/SshAskpass*.ad |
394 | %attr(0755,root,root) %{_libexecdir}/openssh/ssh-askpass | 413 | %{_libexecdir}/openssh/ssh-askpass |
395 | %attr(0755,root,root) %{_libexecdir}/openssh/x11-ssh-askpass | 414 | %attr(0755,root,root) %{_libexecdir}/openssh/x11-ssh-askpass |
396 | %endif | 415 | %endif |
397 | 416 | ||
@@ -403,6 +422,22 @@ fi | |||
403 | %endif | 422 | %endif |
404 | 423 | ||
405 | %changelog | 424 | %changelog |
425 | * Sat Feb 10 2018 Darren Tucker <dtucker@dtucker.net> | ||
426 | - Update openssl-devel dependency to match current requirements. | ||
427 | - Handle Fedora >=6 openssl 1.0 compat libs. | ||
428 | - Remove SSH1 from description. | ||
429 | - Don't strip binaries at build time so that debuginfo package can be | ||
430 | created. | ||
431 | |||
432 | * Sun Nov 16 2014 Nico Kadel-Garcia <nakdel@gmail.com> | ||
433 | - Add '--mandir' and '--with-mantype' for RHEL 5 compatibility | ||
434 | - Add 'dist' option to 'ver' so package names reflect OS at build time | ||
435 | - Always include x11-ssh-askpass tarball in SRPM | ||
436 | - Add openssh-x11-aspass BuildRequires for libXT-devel, imake, gtk2-devel | ||
437 | - Discard 'K5DIR' reporting, not usable inside 'mock' for RHEL 5 compatibility | ||
438 | - Discard obsolete '--with-rsh' configure option | ||
439 | - Update openssl-devel dependency to 0.9.8f, as found in autoconf | ||
440 | |||
406 | * Wed Jul 14 2010 Tim Rice <tim@multitalents.net> | 441 | * Wed Jul 14 2010 Tim Rice <tim@multitalents.net> |
407 | - test for skip_x11_askpass (line 77) should have been for no_x11_askpass | 442 | - test for skip_x11_askpass (line 77) should have been for no_x11_askpass |
408 | 443 | ||
@@ -414,7 +449,7 @@ fi | |||
414 | - Don't install profile.d scripts when not building with GNOME/GTK askpass | 449 | - Don't install profile.d scripts when not building with GNOME/GTK askpass |
415 | (patch from bet@rahul.net) | 450 | (patch from bet@rahul.net) |
416 | 451 | ||
417 | * Wed Oct 01 2002 Damien Miller <djm@mindrot.org> | 452 | * Tue Oct 01 2002 Damien Miller <djm@mindrot.org> |
418 | - Install ssh-agent setgid nobody to prevent ptrace() key theft attacks | 453 | - Install ssh-agent setgid nobody to prevent ptrace() key theft attacks |
419 | 454 | ||
420 | * Mon Sep 30 2002 Damien Miller <djm@mindrot.org> | 455 | * Mon Sep 30 2002 Damien Miller <djm@mindrot.org> |
@@ -460,7 +495,7 @@ fi | |||
460 | - remove dependency on db1-devel, which has just been swallowed up whole | 495 | - remove dependency on db1-devel, which has just been swallowed up whole |
461 | by gnome-libs-devel | 496 | by gnome-libs-devel |
462 | 497 | ||
463 | * Sun Dec 29 2001 Nalin Dahyabhai <nalin@redhat.com> | 498 | * Sat Dec 29 2001 Nalin Dahyabhai <nalin@redhat.com> |
464 | - adjust build dependencies so that build6x actually works right (fix | 499 | - adjust build dependencies so that build6x actually works right (fix |
465 | from Hugo van der Kooij) | 500 | from Hugo van der Kooij) |
466 | 501 | ||
diff --git a/contrib/redhat/sshd.init b/contrib/redhat/sshd.init index 40c8dfd9f..8ee5fcd3b 100755 --- a/contrib/redhat/sshd.init +++ b/contrib/redhat/sshd.init | |||
@@ -40,7 +40,6 @@ start() | |||
40 | # Create keys if necessary | 40 | # Create keys if necessary |
41 | /usr/bin/ssh-keygen -A | 41 | /usr/bin/ssh-keygen -A |
42 | if [ -x /sbin/restorecon ]; then | 42 | if [ -x /sbin/restorecon ]; then |
43 | /sbin/restorecon /etc/ssh/ssh_host_key.pub | ||
44 | /sbin/restorecon /etc/ssh/ssh_host_rsa_key.pub | 43 | /sbin/restorecon /etc/ssh/ssh_host_rsa_key.pub |
45 | /sbin/restorecon /etc/ssh/ssh_host_dsa_key.pub | 44 | /sbin/restorecon /etc/ssh/ssh_host_dsa_key.pub |
46 | /sbin/restorecon /etc/ssh/ssh_host_ecdsa_key.pub | 45 | /sbin/restorecon /etc/ssh/ssh_host_ecdsa_key.pub |
diff --git a/contrib/redhat/sshd.init.old b/contrib/redhat/sshd.init.old index 0deb6080e..8a30f7da4 100755 --- a/contrib/redhat/sshd.init.old +++ b/contrib/redhat/sshd.init.old | |||
@@ -24,7 +24,6 @@ prog="sshd" | |||
24 | # Some functions to make the below more readable | 24 | # Some functions to make the below more readable |
25 | KEYGEN=/usr/bin/ssh-keygen | 25 | KEYGEN=/usr/bin/ssh-keygen |
26 | SSHD=/usr/sbin/sshd | 26 | SSHD=/usr/sbin/sshd |
27 | RSA1_KEY=/etc/ssh/ssh_host_key | ||
28 | RSA_KEY=/etc/ssh/ssh_host_rsa_key | 27 | RSA_KEY=/etc/ssh/ssh_host_rsa_key |
29 | DSA_KEY=/etc/ssh/ssh_host_dsa_key | 28 | DSA_KEY=/etc/ssh/ssh_host_dsa_key |
30 | PID_FILE=/var/run/sshd.pid | 29 | PID_FILE=/var/run/sshd.pid |
@@ -61,21 +60,6 @@ my_failure() { | |||
61 | ;; | 60 | ;; |
62 | esac | 61 | esac |
63 | } | 62 | } |
64 | do_rsa1_keygen() { | ||
65 | if [ ! -s $RSA1_KEY ]; then | ||
66 | echo -n "Generating SSH1 RSA host key: " | ||
67 | if $KEYGEN -q -t rsa1 -f $RSA1_KEY -C '' -N '' >&/dev/null; then | ||
68 | chmod 600 $RSA1_KEY | ||
69 | chmod 644 $RSA1_KEY.pub | ||
70 | my_success "RSA1 key generation" | ||
71 | echo | ||
72 | else | ||
73 | my_failure "RSA1 key generation" | ||
74 | echo | ||
75 | exit 1 | ||
76 | fi | ||
77 | fi | ||
78 | } | ||
79 | do_rsa_keygen() { | 63 | do_rsa_keygen() { |
80 | if [ ! -s $RSA_KEY ]; then | 64 | if [ ! -s $RSA_KEY ]; then |
81 | echo -n "Generating SSH2 RSA host key: " | 65 | echo -n "Generating SSH2 RSA host key: " |
@@ -119,7 +103,6 @@ do_restart_sanity_check() { | |||
119 | case "$1" in | 103 | case "$1" in |
120 | start) | 104 | start) |
121 | # Create keys if necessary | 105 | # Create keys if necessary |
122 | do_rsa1_keygen; | ||
123 | do_rsa_keygen; | 106 | do_rsa_keygen; |
124 | do_dsa_keygen; | 107 | do_dsa_keygen; |
125 | 108 | ||