[gsi-openssh] Based on openssh-5.9p1-13.fc17

Mattias Ellert ellert at fedoraproject.org
Sun Nov 27 10:52:22 UTC 2011 

commit 89939551f6a0d09a51dc409d2e761eabb5513114
Author: Mattias Ellert <mattias.ellert at fysast.uu.se>
Date:   Sun Nov 27 08:02:29 2011 +0100

    Based on openssh-5.9p1-13.fc17

 gsi-openssh.spec                       |    8 +++++++-
 gsisshd-keygen                         |    6 +++---
 gsisshd-keygen.service                 |    1 +
 gsisshd.service                        |    5 +++--
 openssh-5.9p1-copy-id-restorecon.patch |   12 ++++++++++++
 5 files changed, 26 insertions(+), 6 deletions(-)
---
diff --git a/gsi-openssh.spec b/gsi-openssh.spec
index d9130c0..1e28c66 100644
--- a/gsi-openssh.spec
+++ b/gsi-openssh.spec
@@ -32,7 +32,7 @@
 %global nologin 1
 
 %global openssh_ver 5.9p1
-%global openssh_rel 2
+%global openssh_rel 3
 
 Summary: An implementation of the SSH protocol with GSI authentication
 Name: gsi-openssh
@@ -136,6 +136,8 @@ Patch707: openssh-5.9p1-redhat.patch
 Patch708: openssh-5.9p1-entropy.patch
 #https://bugzilla.mindrot.org/show_bug.cgi?id=1640 (WONTFIX)
 Patch709: openssh-5.9p1-vendor.patch
+#?
+Patch710: openssh-5.9p1-copy-id-restorecon.patch
 
 #http://www.sxw.org.uk/computing/patches/openssh.html
 Patch800: openssh-5.9p1-gsskex.patch
@@ -306,6 +308,7 @@ This version of OpenSSH has been modified to support GSI authentication.
 %patch707 -p1 -b .redhat
 %patch708 -p1 -b .entropy
 %patch709 -p1 -b .vendor
+%patch710 -p1 -b .restorecon
 
 %patch800 -p1 -b .gsskex
 %patch801 -p1 -b .force_krb
@@ -534,6 +537,9 @@ fi
 %attr(0644,root,root) %{_unitdir}/gsisshd.service
 
 %changelog
+* Sun Nov 27 2011 Mattias Ellert <mattias.ellert at fysast.uu.se> - 5.9p1-3
+- Based on openssh-5.9p1-13.fc17
+
 * Thu Nov 17 2011 Mattias Ellert <mattias.ellert at fysast.uu.se> - 5.9p1-2
 - Based on openssh-5.9p1-11.fc17
 
diff --git a/gsisshd-keygen b/gsisshd-keygen
index 36976f0..1df8d71 100644
--- a/gsisshd-keygen
+++ b/gsisshd-keygen
@@ -23,7 +23,7 @@ do_rsa1_keygen() {
 		rm -f $RSA1_KEY
 		if test ! -f $RSA1_KEY && $KEYGEN -q -t rsa1 -f $RSA1_KEY -C '' -N '' >&/dev/null; then
 			chgrp ssh_keys $RSA1_KEY
-			chmod 640 $RSA1_KEY
+			chmod 600 $RSA1_KEY
 			chmod 644 $RSA1_KEY.pub
 			if [ -x /sbin/restorecon ]; then
 			    /sbin/restorecon $RSA1_KEY.pub
@@ -44,7 +44,7 @@ do_rsa_keygen() {
 		rm -f $RSA_KEY
 		if test ! -f $RSA_KEY && $KEYGEN -q -t rsa -f $RSA_KEY -C '' -N '' >&/dev/null; then
 			chgrp ssh_keys $RSA_KEY
-			chmod 640 $RSA_KEY
+			chmod 600 $RSA_KEY
 			chmod 644 $RSA_KEY.pub
 			if [ -x /sbin/restorecon ]; then
 			    /sbin/restorecon $RSA_KEY.pub
@@ -65,7 +65,7 @@ do_dsa_keygen() {
 		rm -f $DSA_KEY
 		if test ! -f $DSA_KEY && $KEYGEN -q -t dsa -f $DSA_KEY -C '' -N '' >&/dev/null; then
 			chgrp ssh_keys $DSA_KEY
-			chmod 640 $DSA_KEY
+			chmod 600 $DSA_KEY
 			chmod 644 $DSA_KEY.pub
 			if [ -x /sbin/restorecon ]; then
 			    /sbin/restorecon $DSA_KEY.pub
diff --git a/gsisshd-keygen.service b/gsisshd-keygen.service
index 6f86c84..486f4a6 100644
--- a/gsisshd-keygen.service
+++ b/gsisshd-keygen.service
@@ -5,6 +5,7 @@ Before=gsisshd.service
 
 [Service]
 Type=oneshot
+EnvironmentFile=/etc/sysconfig/gsisshd
 ExecStart=/usr/sbin/gsisshd-keygen
 RemainAfterExit=yes
 
diff --git a/gsisshd.service b/gsisshd.service
index 73a2edd..a279ecf 100644
--- a/gsisshd.service
+++ b/gsisshd.service
@@ -1,9 +1,10 @@
 [Unit]
-Description=gsissh server daemon.
+Description=gsissh server daemon
 After=syslog.target network.target auditd.service
 
 [Service]
-ExecStart=/usr/sbin/gsisshd -D
+EnvironmentFile=/etc/sysconfig/gsisshd
+ExecStart=/usr/sbin/gsisshd -D $OPTIONS
 ExecReload=/bin/kill -HUP $MAINPID
 
 [Install]
diff --git a/openssh-5.9p1-copy-id-restorecon.patch b/openssh-5.9p1-copy-id-restorecon.patch
new file mode 100644
index 0000000..5ebd5eb
--- /dev/null
+++ b/openssh-5.9p1-copy-id-restorecon.patch
@@ -0,0 +1,12 @@
+diff -up openssh-5.9p1/contrib/ssh-copy-id.restorecon openssh-5.9p1/contrib/ssh-copy-id
+--- openssh-5.9p1/contrib/ssh-copy-id.restorecon	2011-08-17 04:05:49.000000000 +0200
++++ openssh-5.9p1/contrib/ssh-copy-id	2011-11-21 08:40:56.000000000 +0100
+@@ -41,7 +41,7 @@ fi
+ # strip any trailing colon
+ host=`echo $1 | sed 's/:$//'`
+ 
+-{ eval "$GET_ID" ; } | ssh $host "umask 077; test -d ~/.ssh || mkdir ~/.ssh ; cat >> ~/.ssh/authorized_keys" || exit 1
++{ eval "$GET_ID" ; } | ssh $host "umask 077; test -d ~/.ssh || mkdir ~/.ssh ; cat >> ~/.ssh/authorized_keys && (test -x /sbin/restorecon && /sbin/restorecon ~/.ssh ~/.ssh/authorized_keys >/dev/null 2>&1 || true)" || exit 1
+ 
+ cat <<EOF
+ Now try logging into the machine, with "ssh '$host'", and check in:

More information about the scm-commits mailing list