[gsi-openssh/f16] Based on openssh-5.8p2-22.fc16
Mattias Ellert
ellert at fedoraproject.org
Sun Nov 27 10:52:15 UTC 2011
commit 2d2eb1835b8ed2f2daefc5b7d80b263c0e592263
Author: Mattias Ellert <mattias.ellert at fysast.uu.se>
Date: Sun Nov 27 11:40:17 2011 +0100
Based on openssh-5.8p2-22.fc16
gsi-openssh.spec | 15 ++++++++++++---
gsisshd-keygen | 6 +++---
gsisshd-keygen.service | 1 +
gsisshd.service | 5 +++--
openssh-5.8p2-askpass-ld.patch | 18 ++++++++++++++++++
openssh-5.8p2-copy-id-restorecon.patch | 12 ++++++++++++
openssh-5.8p2-gsissh.patch | 2 +-
sources | 2 +-
8 files changed, 51 insertions(+), 10 deletions(-)
---
diff --git a/gsi-openssh.spec b/gsi-openssh.spec
index cade6fd..ea0594c 100644
--- a/gsi-openssh.spec
+++ b/gsi-openssh.spec
@@ -36,7 +36,7 @@
%global nologin 1
%global openssh_ver 5.8p2
-%global openssh_rel 2
+%global openssh_rel 3
Summary: An implementation of the SSH protocol with GSI authentication
Name: gsi-openssh
@@ -136,10 +136,14 @@ Patch63: openssh-5.8p2-force_krb.patch
Patch64: openssh-5.8p2-kuserok.patch
#https://bugzilla.mindrot.org/show_bug.cgi?id=1329 (WONTFIX)
Patch65: openssh-5.8p2-remove-stale-control-socket.patch
-#https://bugzilla.mindrot.org/show_bug.cgi?id=1919
-Patch66: openssh-5.8p2-ipv6man.patch
#?
+Patch66: openssh-5.8p2-ipv6man.patch
+#https://bugzilla.mindrot.org/show_bug.cgi?id=1919
Patch67: openssh-5.8p2-unconfined.patch
+#?
+Patch69: openssh-5.8p2-askpass-ld.patch
+#https://bugzilla.redhat.com/show_bug.cgi?id=739989
+Patch70: openssh-5.8p2-copy-id-restorecon.patch
#---
#https://bugzilla.mindrot.org/show_bug.cgi?id=1604
# sctp
@@ -304,6 +308,8 @@ This version of OpenSSH has been modified to support GSI authentication.
%patch65 -p1 -b .remove_stale
%patch66 -p1 -b .ipv6man
%patch67 -p1 -b .unconfined
+%patch69 -p1 -b .askpass-ld
+%patch70 -p1 -b .restorecon
%patch98 -p1 -b .gsi
%patch99 -p1 -b .signals
@@ -527,6 +533,9 @@ fi
%attr(0644,root,root) %{_unitdir}/gsisshd.service
%changelog
+* Sun Nov 27 2011 Mattias Ellert <mattias.ellert at fysast.uu.se> - 5.8p2-3
+- Based on openssh-5.8p2-22.fc16
+
* Thu Oct 06 2011 Mattias Ellert <mattias.ellert at fysast.uu.se> - 5.8p2-2
- Change package name gsissh → gsi-openssh
- Based on openssh-5.8p2-16.fc16.1
diff --git a/gsisshd-keygen b/gsisshd-keygen
index 36976f0..1df8d71 100644
--- a/gsisshd-keygen
+++ b/gsisshd-keygen
@@ -23,7 +23,7 @@ do_rsa1_keygen() {
rm -f $RSA1_KEY
if test ! -f $RSA1_KEY && $KEYGEN -q -t rsa1 -f $RSA1_KEY -C '' -N '' >&/dev/null; then
chgrp ssh_keys $RSA1_KEY
- chmod 640 $RSA1_KEY
+ chmod 600 $RSA1_KEY
chmod 644 $RSA1_KEY.pub
if [ -x /sbin/restorecon ]; then
/sbin/restorecon $RSA1_KEY.pub
@@ -44,7 +44,7 @@ do_rsa_keygen() {
rm -f $RSA_KEY
if test ! -f $RSA_KEY && $KEYGEN -q -t rsa -f $RSA_KEY -C '' -N '' >&/dev/null; then
chgrp ssh_keys $RSA_KEY
- chmod 640 $RSA_KEY
+ chmod 600 $RSA_KEY
chmod 644 $RSA_KEY.pub
if [ -x /sbin/restorecon ]; then
/sbin/restorecon $RSA_KEY.pub
@@ -65,7 +65,7 @@ do_dsa_keygen() {
rm -f $DSA_KEY
if test ! -f $DSA_KEY && $KEYGEN -q -t dsa -f $DSA_KEY -C '' -N '' >&/dev/null; then
chgrp ssh_keys $DSA_KEY
- chmod 640 $DSA_KEY
+ chmod 600 $DSA_KEY
chmod 644 $DSA_KEY.pub
if [ -x /sbin/restorecon ]; then
/sbin/restorecon $DSA_KEY.pub
diff --git a/gsisshd-keygen.service b/gsisshd-keygen.service
index 6f86c84..486f4a6 100644
--- a/gsisshd-keygen.service
+++ b/gsisshd-keygen.service
@@ -5,6 +5,7 @@ Before=gsisshd.service
[Service]
Type=oneshot
+EnvironmentFile=/etc/sysconfig/gsisshd
ExecStart=/usr/sbin/gsisshd-keygen
RemainAfterExit=yes
diff --git a/gsisshd.service b/gsisshd.service
index 73a2edd..a279ecf 100644
--- a/gsisshd.service
+++ b/gsisshd.service
@@ -1,9 +1,10 @@
[Unit]
-Description=gsissh server daemon.
+Description=gsissh server daemon
After=syslog.target network.target auditd.service
[Service]
-ExecStart=/usr/sbin/gsisshd -D
+EnvironmentFile=/etc/sysconfig/gsisshd
+ExecStart=/usr/sbin/gsisshd -D $OPTIONS
ExecReload=/bin/kill -HUP $MAINPID
[Install]
diff --git a/openssh-5.8p2-askpass-ld.patch b/openssh-5.8p2-askpass-ld.patch
new file mode 100644
index 0000000..5b85c80
--- /dev/null
+++ b/openssh-5.8p2-askpass-ld.patch
@@ -0,0 +1,18 @@
+diff -up openssh-5.8p2/contrib/Makefile.askpass-ld openssh-5.8p2/contrib/Makefile
+--- openssh-5.8p2/contrib/Makefile.askpass-ld 2011-08-08 22:54:06.050546199 +0200
++++ openssh-5.8p2/contrib/Makefile 2011-08-08 22:54:43.364420118 +0200
+@@ -2,12 +2,12 @@ all:
+ @echo "Valid targets: gnome-ssh-askpass1 gnome-ssh-askpass2"
+
+ gnome-ssh-askpass1: gnome-ssh-askpass1.c
+- $(CC) `gnome-config --cflags gnome gnomeui` \
++ $(CC) ${CFLAGS} `gnome-config --cflags gnome gnomeui` \
+ gnome-ssh-askpass1.c -o gnome-ssh-askpass1 \
+ `gnome-config --libs gnome gnomeui`
+
+ gnome-ssh-askpass2: gnome-ssh-askpass2.c
+- $(CC) `pkg-config --cflags gtk+-2.0` \
++ $(CC) ${CFLAGS} `pkg-config --cflags gtk+-2.0` \
+ gnome-ssh-askpass2.c -o gnome-ssh-askpass2 \
+ `pkg-config --libs gtk+-2.0 x11`
+
diff --git a/openssh-5.8p2-copy-id-restorecon.patch b/openssh-5.8p2-copy-id-restorecon.patch
new file mode 100644
index 0000000..5ebd5eb
--- /dev/null
+++ b/openssh-5.8p2-copy-id-restorecon.patch
@@ -0,0 +1,12 @@
+diff -up openssh-5.9p1/contrib/ssh-copy-id.restorecon openssh-5.9p1/contrib/ssh-copy-id
+--- openssh-5.9p1/contrib/ssh-copy-id.restorecon 2011-08-17 04:05:49.000000000 +0200
++++ openssh-5.9p1/contrib/ssh-copy-id 2011-11-21 08:40:56.000000000 +0100
+@@ -41,7 +41,7 @@ fi
+ # strip any trailing colon
+ host=`echo $1 | sed 's/:$//'`
+
+-{ eval "$GET_ID" ; } | ssh $host "umask 077; test -d ~/.ssh || mkdir ~/.ssh ; cat >> ~/.ssh/authorized_keys" || exit 1
++{ eval "$GET_ID" ; } | ssh $host "umask 077; test -d ~/.ssh || mkdir ~/.ssh ; cat >> ~/.ssh/authorized_keys && (test -x /sbin/restorecon && /sbin/restorecon ~/.ssh ~/.ssh/authorized_keys >/dev/null 2>&1 || true)" || exit 1
+
+ cat <<EOF
+ Now try logging into the machine, with "ssh '$host'", and check in:
diff --git a/openssh-5.8p2-gsissh.patch b/openssh-5.8p2-gsissh.patch
index cbbdbe0..ee6c47f 100644
--- a/openssh-5.8p2-gsissh.patch
+++ b/openssh-5.8p2-gsissh.patch
@@ -2951,7 +2951,7 @@ diff -Nur openssh-5.8p2.orig/version.h openssh-5.8p2/version.h
+
#define SSH_VERSION "OpenSSH_5.8"
- #define SSH_PORTABLE "p1"
+ #define SSH_PORTABLE "p2"
-#define SSH_RELEASE SSH_VERSION SSH_PORTABLE
+#define SSH_RELEASE SSH_VERSION SSH_PORTABLE \
+ NCSA_VERSION GSI_VERSION KRB5_VERSION
diff --git a/sources b/sources
index f4d750b..e08f162 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-123003edd779504e12e1c8b58e7ce5dc openssh-5.8p2-noacss.tar.bz2
+5549d0b7b6bfadfd28eb90e63dd6f5f1 openssh-5.8p2-noacss.tar.bz2
More information about the scm-commits
mailing list