[openssh] - Make fipscheck hmacs compliant with FHS - requires new fipscheck

Tomáš Mráz tmraz at fedoraproject.org
Wed Sep 8 07:00:20 UTC 2010 

commit 13fa787ecc35d6c9eea9e64c1f42f49e2ee978ce
Author: Tomas Mraz <tmraz at fedoraproject.org>
Date:   Wed Sep 8 09:00:22 2010 +0200

    - Make fipscheck hmacs compliant with FHS - requires new fipscheck

 openssh.spec |   19 ++++++++++++-------
 1 files changed, 12 insertions(+), 7 deletions(-)
---
diff --git a/openssh.spec b/openssh.spec
index 964b95e..b1ad3c7 100644
--- a/openssh.spec
+++ b/openssh.spec
@@ -71,7 +71,7 @@
 
 # Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1
 %define openssh_ver 5.6p1
-%define openssh_rel 2
+%define openssh_rel 3
 %define pam_ssh_agent_ver 0.9.2
 %define pam_ssh_agent_rel 27
 
@@ -157,7 +157,7 @@ BuildRequires: audit-libs-devel
 BuildRequires: util-linux, groff
 BuildRequires: pam-devel
 BuildRequires: tcp_wrappers-devel
-BuildRequires: fipscheck-devel
+BuildRequires: fipscheck-devel >= 1.3.0
 BuildRequires: openssl-devel >= 0.9.8j
 
 %if %{kerberos5}
@@ -183,8 +183,9 @@ BuildRequires: xauth
 
 %package clients
 Summary: An open source SSH client applications
-Requires: openssh = %{version}-%{release}
 Group: Applications/Internet
+Requires: openssh = %{version}-%{release}
+Requires: fipscheck-lib%{_isa} >= 1.3.0
 
 %package server
 Summary: An open source SSH server daemon
@@ -193,6 +194,7 @@ Requires: openssh = %{version}-%{release}
 Requires(post): chkconfig >= 0.9, /sbin/service
 Requires(pre): /usr/sbin/useradd
 Requires: pam >= 1.0.1-3
+Requires: fipscheck-lib%{_isa} >= 1.3.0
 
 %if %{ldap}
 %package ldap
@@ -415,8 +417,7 @@ popd
     %{?__debug_package:%{__debug_install_post}} \
     %{__arch_install_post} \
     %{__os_install_post} \
-    fipshmac $RPM_BUILD_ROOT%{_bindir}/ssh \
-    fipshmac $RPM_BUILD_ROOT%{_sbindir}/sshd \
+    fipshmac -d $RPM_BUILD_ROOT%{_libdir}/fipscheck $RPM_BUILD_ROOT%{_bindir}/ssh $RPM_BUILD_ROOT%{_sbindir}/sshd \
 %{nil}
 
 %install
@@ -430,6 +431,7 @@ rm -f $RPM_BUILD_ROOT%{_sysconfdir}/ssh/ldap.conf
 install -d $RPM_BUILD_ROOT/etc/pam.d/
 install -d $RPM_BUILD_ROOT/etc/rc.d/init.d
 install -d $RPM_BUILD_ROOT%{_libexecdir}/openssh
+install -d $RPM_BUILD_ROOT%{_libdir}/fipscheck
 install -m644 %{SOURCE2} $RPM_BUILD_ROOT/etc/pam.d/sshd
 install -m755 %{SOURCE3} $RPM_BUILD_ROOT/etc/rc.d/init.d/sshd
 install -m755 contrib/ssh-copy-id $RPM_BUILD_ROOT%{_bindir}/
@@ -514,7 +516,7 @@ fi
 %files clients
 %defattr(-,root,root)
 %attr(0755,root,root) %{_bindir}/ssh
-%attr(0644,root,root) %{_bindir}/.ssh.hmac
+%attr(0644,root,root) %{_libdir}/fipscheck/ssh.hmac
 %attr(0644,root,root) %{_mandir}/man1/ssh.1*
 %attr(0755,root,root) %{_bindir}/scp
 %attr(0644,root,root) %{_mandir}/man1/scp.1*
@@ -542,7 +544,7 @@ fi
 %defattr(-,root,root)
 %dir %attr(0711,root,root) %{_var}/empty/sshd
 %attr(0755,root,root) %{_sbindir}/sshd
-%attr(0644,root,root) %{_sbindir}/.sshd.hmac
+%attr(0644,root,root) %{_libdir}/fipscheck/sshd.hmac
 %attr(0755,root,root) %{_libexecdir}/openssh/sftp-server
 %attr(0644,root,root) %{_mandir}/man5/sshd_config.5*
 %attr(0644,root,root) %{_mandir}/man5/moduli.5*
@@ -579,6 +581,9 @@ fi
 %endif
 
 %changelog
+* Wed Sep  8 2010 Tomas Mraz <tmraz at redhat.com> - 5.6p1-3 + 0.9.2-27
+- Make fipscheck hmacs compliant with FHS - requires new fipscheck
+
 * Fri Sep  3 2010 Jan F. Chadima <jchadima at redhat.com> - 5.6p1-2 + 0.9.2-27
 - Added -z relro -z now to LDFLAGS

More information about the scm-commits mailing list