[gsi-openssh/f16] Based on openssh-5.8p2-22.fc16

Sun Nov 27 10:52:15 UTC 2011

commit 2d2eb1835b8ed2f2daefc5b7d80b263c0e592263
Author: Mattias Ellert <mattias.ellert at fysast.uu.se>
Date:   Sun Nov 27 11:40:17 2011 +0100

    Based on openssh-5.8p2-22.fc16

 gsi-openssh.spec                       |   15 ++++++++++++---
 gsisshd-keygen                         |    6 +++---
 gsisshd-keygen.service                 |    1 +
 gsisshd.service                        |    5 +++--
 openssh-5.8p2-askpass-ld.patch         |   18 ++++++++++++++++++
 openssh-5.8p2-copy-id-restorecon.patch |   12 ++++++++++++
 openssh-5.8p2-gsissh.patch             |    2 +-
 sources                                |    2 +-
 8 files changed, 51 insertions(+), 10 deletions(-)
---

diff --git a/gsi-openssh.spec b/gsi-openssh.spec
index cade6fd..ea0594c 100644
--- a/gsi-openssh.spec
+++ b/gsi-openssh.spec
@@ -36,7 +36,7 @@
 %global nologin 1
 
 %global openssh_ver 5.8p2
-%global openssh_rel 2
+%global openssh_rel 3
 
 Summary: An implementation of the SSH protocol with GSI authentication
 Name: gsi-openssh
@@ -136,10 +136,14 @@ Patch63: openssh-5.8p2-force_krb.patch
 Patch64: openssh-5.8p2-kuserok.patch
 #https://bugzilla.mindrot.org/show_bug.cgi?id=1329 (WONTFIX)
 Patch65: openssh-5.8p2-remove-stale-control-socket.patch
-#https://bugzilla.mindrot.org/show_bug.cgi?id=1919
-Patch66: openssh-5.8p2-ipv6man.patch
 #?
+Patch66: openssh-5.8p2-ipv6man.patch
+#https://bugzilla.mindrot.org/show_bug.cgi?id=1919
 Patch67: openssh-5.8p2-unconfined.patch
+#?
+Patch69: openssh-5.8p2-askpass-ld.patch
+#https://bugzilla.redhat.com/show_bug.cgi?id=739989
+Patch70: openssh-5.8p2-copy-id-restorecon.patch
 #---
 #https://bugzilla.mindrot.org/show_bug.cgi?id=1604
 # sctp
@@ -304,6 +308,8 @@ This version of OpenSSH has been modified to support GSI authentication.
 %patch65 -p1 -b .remove_stale
 %patch66 -p1 -b .ipv6man
 %patch67 -p1 -b .unconfined
+%patch69 -p1 -b .askpass-ld
+%patch70 -p1 -b .restorecon
 %patch98 -p1 -b .gsi
 %patch99 -p1 -b .signals
 
@@ -527,6 +533,9 @@ fi
 %attr(0644,root,root) %{_unitdir}/gsisshd.service
 
 %changelog
+* Sun Nov 27 2011 Mattias Ellert <mattias.ellert at fysast.uu.se> - 5.8p2-3
+- Based on openssh-5.8p2-22.fc16
+
 * Thu Oct 06 2011 Mattias Ellert <mattias.ellert at fysast.uu.se> - 5.8p2-2
 - Change package name gsissh → gsi-openssh
 - Based on openssh-5.8p2-16.fc16.1
diff --git a/gsisshd-keygen b/gsisshd-keygen
index 36976f0..1df8d71 100644
--- a/gsisshd-keygen
+++ b/gsisshd-keygen
@@ -23,7 +23,7 @@ do_rsa1_keygen() {
 		rm -f $RSA1_KEY
 		if test ! -f $RSA1_KEY && $KEYGEN -q -t rsa1 -f $RSA1_KEY -C '' -N '' >&/dev/null; then
 			chgrp ssh_keys $RSA1_KEY
-			chmod 640 $RSA1_KEY
+			chmod 600 $RSA1_KEY
 			chmod 644 $RSA1_KEY.pub
 			if [ -x /sbin/restorecon ]; then
 			    /sbin/restorecon $RSA1_KEY.pub
@@ -44,7 +44,7 @@ do_rsa_keygen() {
 		rm -f $RSA_KEY
 		if test ! -f $RSA_KEY && $KEYGEN -q -t rsa -f $RSA_KEY -C '' -N '' >&/dev/null; then
 			chgrp ssh_keys $RSA_KEY
-			chmod 640 $RSA_KEY
+			chmod 600 $RSA_KEY
 			chmod 644 $RSA_KEY.pub
 			if [ -x /sbin/restorecon ]; then
 			    /sbin/restorecon $RSA_KEY.pub
@@ -65,7 +65,7 @@ do_dsa_keygen() {
 		rm -f $DSA_KEY
 		if test ! -f $DSA_KEY && $KEYGEN -q -t dsa -f $DSA_KEY -C '' -N '' >&/dev/null; then
 			chgrp ssh_keys $DSA_KEY
-			chmod 640 $DSA_KEY
+			chmod 600 $DSA_KEY
 			chmod 644 $DSA_KEY.pub
 			if [ -x /sbin/restorecon ]; then
 			    /sbin/restorecon $DSA_KEY.pub
diff --git a/gsisshd-keygen.service b/gsisshd-keygen.service
index 6f86c84..486f4a6 100644
--- a/gsisshd-keygen.service
+++ b/gsisshd-keygen.service
@@ -5,6 +5,7 @@ Before=gsisshd.service
 
 [Service]
 Type=oneshot
+EnvironmentFile=/etc/sysconfig/gsisshd
 ExecStart=/usr/sbin/gsisshd-keygen
 RemainAfterExit=yes
 
diff --git a/gsisshd.service b/gsisshd.service
index 73a2edd..a279ecf 100644
--- a/gsisshd.service
+++ b/gsisshd.service
@@ -1,9 +1,10 @@
 [Unit]
-Description=gsissh server daemon.
+Description=gsissh server daemon
 After=syslog.target network.target auditd.service
 
 [Service]
-ExecStart=/usr/sbin/gsisshd -D
+EnvironmentFile=/etc/sysconfig/gsisshd
+ExecStart=/usr/sbin/gsisshd -D $OPTIONS
 ExecReload=/bin/kill -HUP $MAINPID
 
 [Install]
diff --git a/openssh-5.8p2-askpass-ld.patch b/openssh-5.8p2-askpass-ld.patch
new file mode 100644
index 0000000..5b85c80
--- /dev/null
+++ b/openssh-5.8p2-askpass-ld.patch
@@ -0,0 +1,18 @@
+diff -up openssh-5.8p2/contrib/Makefile.askpass-ld openssh-5.8p2/contrib/Makefile
+--- openssh-5.8p2/contrib/Makefile.askpass-ld	2011-08-08 22:54:06.050546199 +0200
++++ openssh-5.8p2/contrib/Makefile	2011-08-08 22:54:43.364420118 +0200
+@@ -2,12 +2,12 @@ all:
+ 	@echo "Valid targets: gnome-ssh-askpass1 gnome-ssh-askpass2"
+ 
+ gnome-ssh-askpass1: gnome-ssh-askpass1.c
+-	$(CC) `gnome-config --cflags gnome gnomeui` \
++	$(CC) ${CFLAGS} `gnome-config --cflags gnome gnomeui` \
+ 		gnome-ssh-askpass1.c -o gnome-ssh-askpass1 \
+ 		`gnome-config --libs gnome gnomeui`
+ 
+ gnome-ssh-askpass2: gnome-ssh-askpass2.c
+-	$(CC) `pkg-config --cflags gtk+-2.0` \
++	$(CC) ${CFLAGS} `pkg-config --cflags gtk+-2.0` \
+ 		gnome-ssh-askpass2.c -o gnome-ssh-askpass2 \
+ 		`pkg-config --libs gtk+-2.0 x11`
+ 
diff --git a/openssh-5.8p2-copy-id-restorecon.patch b/openssh-5.8p2-copy-id-restorecon.patch
new file mode 100644
index 0000000..5ebd5eb
--- /dev/null
+++ b/openssh-5.8p2-copy-id-restorecon.patch
@@ -0,0 +1,12 @@
+diff -up openssh-5.9p1/contrib/ssh-copy-id.restorecon openssh-5.9p1/contrib/ssh-copy-id
+--- openssh-5.9p1/contrib/ssh-copy-id.restorecon	2011-08-17 04:05:49.000000000 +0200
++++ openssh-5.9p1/contrib/ssh-copy-id	2011-11-21 08:40:56.000000000 +0100
+@@ -41,7 +41,7 @@ fi
+ # strip any trailing colon
+ host=`echo $1 | sed 's/:$//'`
+ 
+-{ eval "$GET_ID" ; } | ssh $host "umask 077; test -d ~/.ssh || mkdir ~/.ssh ; cat >> ~/.ssh/authorized_keys" || exit 1
++{ eval "$GET_ID" ; } | ssh $host "umask 077; test -d ~/.ssh || mkdir ~/.ssh ; cat >> ~/.ssh/authorized_keys && (test -x /sbin/restorecon && /sbin/restorecon ~/.ssh ~/.ssh/authorized_keys >/dev/null 2>&1 || true)" || exit 1
+ 
+ cat <<EOF
+ Now try logging into the machine, with "ssh '$host'", and check in:
diff --git a/openssh-5.8p2-gsissh.patch b/openssh-5.8p2-gsissh.patch
index cbbdbe0..ee6c47f 100644
--- a/openssh-5.8p2-gsissh.patch
+++ b/openssh-5.8p2-gsissh.patch
@@ -2951,7 +2951,7 @@ diff -Nur openssh-5.8p2.orig/version.h openssh-5.8p2/version.h
 +
  #define SSH_VERSION	"OpenSSH_5.8"
  
- #define SSH_PORTABLE	"p1"
+ #define SSH_PORTABLE	"p2"
 -#define SSH_RELEASE	SSH_VERSION SSH_PORTABLE
 +#define SSH_RELEASE	SSH_VERSION SSH_PORTABLE \
 +			NCSA_VERSION GSI_VERSION KRB5_VERSION
diff --git a/sources b/sources
index f4d750b..e08f162 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-123003edd779504e12e1c8b58e7ce5dc  openssh-5.8p2-noacss.tar.bz2
+5549d0b7b6bfadfd28eb90e63dd6f5f1  openssh-5.8p2-noacss.tar.bz2
