[freenx-server] Use authorized_keys instead of *_keys2 for OpenSSH 5.9p1 compat (#830838).

Ville Skyttä scop at fedoraproject.org
Sun Jun 17 10:46:34 UTC 2012 

commit c74548c8f566c503726e5544c94f2c481e643195
Author: Ville Skyttä <ville.skytta at iki.fi>
Date:   Sun Jun 17 13:46:24 2012 +0300

    Use authorized_keys instead of *_keys2 for OpenSSH 5.9p1 compat (#830838).
    
    - Drop EL < 5 build support.

 freenx-server-0.7.3-authkeys2-830838.patch |   24 +++++++++++++++
 freenx-server.spec                         |   43 ++++++++++++++-------------
 2 files changed, 46 insertions(+), 21 deletions(-)
---
diff --git a/freenx-server-0.7.3-authkeys2-830838.patch b/freenx-server-0.7.3-authkeys2-830838.patch
new file mode 100644
index 0000000..0bfe25f
--- /dev/null
+++ b/freenx-server-0.7.3-authkeys2-830838.patch
@@ -0,0 +1,24 @@
+diff -up freenx-server-0.7.3/nxkeygen~ freenx-server-0.7.3/nxkeygen
+--- freenx-server-0.7.3/nxkeygen~	2012-06-14 21:36:03.271909685 +0300
++++ freenx-server-0.7.3/nxkeygen	2012-06-14 21:37:46.177685991 +0300
+@@ -51,7 +51,7 @@ main ()
+ 		chown nx:root $x
+ 	done
+ 	
+-	# copy the key to the authorized_keys2 file
++	# copy the key to the authorized_keys file
+ 	rm -f $NX_KEY_DIR/$SSH_AUTHORIZED_KEYS
+ 	echo -n "no-port-forwarding,no-agent-forwarding,command=\"$PATH_BIN/nxserver\" " >$NX_KEY_DIR/$SSH_AUTHORIZED_KEYS
+ 	cat ${NX_SERVER_KEY} >> $NX_KEY_DIR/$SSH_AUTHORIZED_KEYS
+diff -up freenx-server-0.7.3/nxloadconfig~ freenx-server-0.7.3/nxloadconfig
+--- freenx-server-0.7.3/nxloadconfig~	2012-06-14 21:36:03.307909232 +0300
++++ freenx-server-0.7.3/nxloadconfig	2012-06-14 21:37:50.437634443 +0300
+@@ -70,7 +70,7 @@ APPLICATION_LIBRARY_PATH="" #Calculated
+ APPLICATION_LIBRARY_PRELOAD="" #Calculated
+ 
+ # the name of the authorized keys file for ssh
+-SSH_AUTHORIZED_KEYS="authorized_keys2"
++SSH_AUTHORIZED_KEYS="authorized_keys"
+ 
+ # retest values like xauth, netcat and checks for nxdesktop/nxviewer availability
+ # set to 0 if you are sure, you set the right values
diff --git a/freenx-server.spec b/freenx-server.spec
index 5c8ae28..a0191c9 100644
--- a/freenx-server.spec
+++ b/freenx-server.spec
@@ -1,5 +1,3 @@
-%bcond_with oldx11
-
 %if 0%{?fedora} > 15
 %bcond_without systemd
 %else
@@ -19,7 +17,7 @@
 Summary: Free Software (GPL) Implementation of the NX Server
 Name: freenx-server
 Version: 0.7.3
-Release: 26%{?dist}
+Release: 27%{?dist}
 License: GPLv2
 Group: Applications/Internet
 URL: http://freenx.berlios.de/
@@ -36,6 +34,7 @@ Patch5: freenx-server-0.7.3-optflags.patch
 Patch6: freenx-server-0.7.3-init.patch
 Patch7: freenx-server-0.7.3-nxipp.patch
 Patch8: freenx-server-0.7.3-nxagent-version-827176.patch
+Patch9: freenx-server-0.7.3-authkeys2-830838.patch
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
 BuildRequires: imake, redhat-release
 %if %{with systemd}
@@ -47,12 +46,7 @@ Requires(postun): systemd-units
 %endif
 Requires: nx%{?_isa} cups
 Requires: openssh-server nc expect which perl
-Requires: xorg-x11-server-Xorg xorg-x11-apps
-%if %{with oldx11}
-Requires: fonts-xorg-base
-%else
-Requires: xorg-x11-fonts-misc
-%endif
+Requires: xorg-x11-server-Xorg xorg-x11-apps xorg-x11-fonts-misc
 
 Obsoletes: freenx < %{version}-%{release}
 Provides: freenx = %{version}-%{release}
@@ -74,6 +68,7 @@ under the GPL. FreeNX-server is a GPL implementation of the NX Server.
 %patch6 -p1 -b .init
 %patch7 -p1 -b .nxipp
 %patch8 -p1 -b .nxagent-version
+%patch9 -p1 -b .authkeys2
 
 sed -i -e's,\$NX_DIR/bin,%{_pkglibexecdir},g'\
   -e's,\$NX_DIR/lib,%{_pkglibdir},g'\
@@ -106,14 +101,12 @@ touch %{buildroot}/etc/nxserver/users.id_dsa.pub
 # Create the nx user home
 mkdir -p %{buildroot}/var/lib/nxserver/home/.ssh
 chmod -R 0700 %{buildroot}/var/lib/nxserver
-ln -s /etc/nxserver/server.id_dsa.pub.key \
-  %{buildroot}/var/lib/nxserver/home/.ssh/authorized_keys2
-ln -s /etc/nxserver/server.id_dsa.pub.key \
-  %{buildroot}/var/lib/nxserver/home/.ssh/authorized_keys2.disabled
-for f in client.id_dsa.key known_hosts ; do
-  touch %{buildroot}/var/lib/nxserver/home/.ssh/$f
-  chmod 0600 %{buildroot}/var/lib/nxserver/home/.ssh/$f
-done
+touch %{buildroot}/var/lib/nxserver/home/.ssh/authorized_keys
+touch %{buildroot}/var/lib/nxserver/home/.ssh/authorized_keys.disabled
+touch %{buildroot}/var/lib/nxserver/home/.ssh/client.id_dsa.key
+touch %{buildroot}/var/lib/nxserver/home/.ssh/known_hosts
+touch %{buildroot}/var/lib/nxserver/home/.ssh/server.id_dsa.pub.key
+chmod 0600 %{buildroot}/var/lib/nxserver/home/.ssh/*
 mkdir -p %{buildroot}/var/lib/nxserver/db/closed
 mkdir -p %{buildroot}/var/lib/nxserver/db/running
 mkdir -p %{buildroot}/var/lib/nxserver/db/failed
@@ -154,6 +147,13 @@ systemctl daemon-reload &>/dev/null
 %else
 /sbin/chkconfig --add freenx-server
 %endif
+if [ $1 -gt 1 ]; then # for migrating to >= 0.7.3-27
+    cd /var/lib/nxserver/home/.ssh
+    [ -e authorized_keys2 ] && [ ! -e authorized_keys ] && \
+        mv authorized_keys2 authorized_keys
+    [ -e authorized_keys2.disabled ] && [ ! -e authorized_keys.disabled ] && \
+        mv authorized_keys2.disabled authorized_keys.disabled
+fi
 exit 0
 
 %preun
@@ -201,13 +201,14 @@ systemctl daemon-reload &>/dev/null || :
 /var/lib/nxserver/db
 %dir /var/lib/nxserver/home
 %dir /var/lib/nxserver/home/.ssh
-%ghost /var/lib/nxserver/home/.ssh/authorized_keys2
-/var/lib/nxserver/home/.ssh/authorized_keys2.disabled
-%ghost /var/lib/nxserver/home/.ssh/client.id_dsa.key
-%ghost /var/lib/nxserver/home/.ssh/known_hosts
+%ghost /var/lib/nxserver/home/.ssh/*
 /var/log/nx
 
 %changelog
+* Thu Jun 14 2012 Ville Skyttä <ville.skytta at iki.fi> - 0.7.3-27
+- Use authorized_keys instead of *_keys2 for OpenSSH 5.9p1 compat (#830838).
+- Drop EL < 5 build support.
+
 * Mon Jun  4 2012 Ville Skyttä <ville.skytta at iki.fi> - 0.7.3-26
 - Hush bogus NX 3.[45] incompatibility warning (Christian Ziemski, #827176).

More information about the scm-commits mailing list