[gsi-openssh] Based on openssh-5.9p1-13.fc17
Mattias Ellert
ellert at fedoraproject.org
Sun Nov 27 10:52:22 UTC 2011
commit 89939551f6a0d09a51dc409d2e761eabb5513114
Author: Mattias Ellert <mattias.ellert at fysast.uu.se>
Date: Sun Nov 27 08:02:29 2011 +0100
Based on openssh-5.9p1-13.fc17
gsi-openssh.spec | 8 +++++++-
gsisshd-keygen | 6 +++---
gsisshd-keygen.service | 1 +
gsisshd.service | 5 +++--
openssh-5.9p1-copy-id-restorecon.patch | 12 ++++++++++++
5 files changed, 26 insertions(+), 6 deletions(-)
---
diff --git a/gsi-openssh.spec b/gsi-openssh.spec
index d9130c0..1e28c66 100644
--- a/gsi-openssh.spec
+++ b/gsi-openssh.spec
@@ -32,7 +32,7 @@
%global nologin 1
%global openssh_ver 5.9p1
-%global openssh_rel 2
+%global openssh_rel 3
Summary: An implementation of the SSH protocol with GSI authentication
Name: gsi-openssh
@@ -136,6 +136,8 @@ Patch707: openssh-5.9p1-redhat.patch
Patch708: openssh-5.9p1-entropy.patch
#https://bugzilla.mindrot.org/show_bug.cgi?id=1640 (WONTFIX)
Patch709: openssh-5.9p1-vendor.patch
+#?
+Patch710: openssh-5.9p1-copy-id-restorecon.patch
#http://www.sxw.org.uk/computing/patches/openssh.html
Patch800: openssh-5.9p1-gsskex.patch
@@ -306,6 +308,7 @@ This version of OpenSSH has been modified to support GSI authentication.
%patch707 -p1 -b .redhat
%patch708 -p1 -b .entropy
%patch709 -p1 -b .vendor
+%patch710 -p1 -b .restorecon
%patch800 -p1 -b .gsskex
%patch801 -p1 -b .force_krb
@@ -534,6 +537,9 @@ fi
%attr(0644,root,root) %{_unitdir}/gsisshd.service
%changelog
+* Sun Nov 27 2011 Mattias Ellert <mattias.ellert at fysast.uu.se> - 5.9p1-3
+- Based on openssh-5.9p1-13.fc17
+
* Thu Nov 17 2011 Mattias Ellert <mattias.ellert at fysast.uu.se> - 5.9p1-2
- Based on openssh-5.9p1-11.fc17
diff --git a/gsisshd-keygen b/gsisshd-keygen
index 36976f0..1df8d71 100644
--- a/gsisshd-keygen
+++ b/gsisshd-keygen
@@ -23,7 +23,7 @@ do_rsa1_keygen() {
rm -f $RSA1_KEY
if test ! -f $RSA1_KEY && $KEYGEN -q -t rsa1 -f $RSA1_KEY -C '' -N '' >&/dev/null; then
chgrp ssh_keys $RSA1_KEY
- chmod 640 $RSA1_KEY
+ chmod 600 $RSA1_KEY
chmod 644 $RSA1_KEY.pub
if [ -x /sbin/restorecon ]; then
/sbin/restorecon $RSA1_KEY.pub
@@ -44,7 +44,7 @@ do_rsa_keygen() {
rm -f $RSA_KEY
if test ! -f $RSA_KEY && $KEYGEN -q -t rsa -f $RSA_KEY -C '' -N '' >&/dev/null; then
chgrp ssh_keys $RSA_KEY
- chmod 640 $RSA_KEY
+ chmod 600 $RSA_KEY
chmod 644 $RSA_KEY.pub
if [ -x /sbin/restorecon ]; then
/sbin/restorecon $RSA_KEY.pub
@@ -65,7 +65,7 @@ do_dsa_keygen() {
rm -f $DSA_KEY
if test ! -f $DSA_KEY && $KEYGEN -q -t dsa -f $DSA_KEY -C '' -N '' >&/dev/null; then
chgrp ssh_keys $DSA_KEY
- chmod 640 $DSA_KEY
+ chmod 600 $DSA_KEY
chmod 644 $DSA_KEY.pub
if [ -x /sbin/restorecon ]; then
/sbin/restorecon $DSA_KEY.pub
diff --git a/gsisshd-keygen.service b/gsisshd-keygen.service
index 6f86c84..486f4a6 100644
--- a/gsisshd-keygen.service
+++ b/gsisshd-keygen.service
@@ -5,6 +5,7 @@ Before=gsisshd.service
[Service]
Type=oneshot
+EnvironmentFile=/etc/sysconfig/gsisshd
ExecStart=/usr/sbin/gsisshd-keygen
RemainAfterExit=yes
diff --git a/gsisshd.service b/gsisshd.service
index 73a2edd..a279ecf 100644
--- a/gsisshd.service
+++ b/gsisshd.service
@@ -1,9 +1,10 @@
[Unit]
-Description=gsissh server daemon.
+Description=gsissh server daemon
After=syslog.target network.target auditd.service
[Service]
-ExecStart=/usr/sbin/gsisshd -D
+EnvironmentFile=/etc/sysconfig/gsisshd
+ExecStart=/usr/sbin/gsisshd -D $OPTIONS
ExecReload=/bin/kill -HUP $MAINPID
[Install]
diff --git a/openssh-5.9p1-copy-id-restorecon.patch b/openssh-5.9p1-copy-id-restorecon.patch
new file mode 100644
index 0000000..5ebd5eb
--- /dev/null
+++ b/openssh-5.9p1-copy-id-restorecon.patch
@@ -0,0 +1,12 @@
+diff -up openssh-5.9p1/contrib/ssh-copy-id.restorecon openssh-5.9p1/contrib/ssh-copy-id
+--- openssh-5.9p1/contrib/ssh-copy-id.restorecon 2011-08-17 04:05:49.000000000 +0200
++++ openssh-5.9p1/contrib/ssh-copy-id 2011-11-21 08:40:56.000000000 +0100
+@@ -41,7 +41,7 @@ fi
+ # strip any trailing colon
+ host=`echo $1 | sed 's/:$//'`
+
+-{ eval "$GET_ID" ; } | ssh $host "umask 077; test -d ~/.ssh || mkdir ~/.ssh ; cat >> ~/.ssh/authorized_keys" || exit 1
++{ eval "$GET_ID" ; } | ssh $host "umask 077; test -d ~/.ssh || mkdir ~/.ssh ; cat >> ~/.ssh/authorized_keys && (test -x /sbin/restorecon && /sbin/restorecon ~/.ssh ~/.ssh/authorized_keys >/dev/null 2>&1 || true)" || exit 1
+
+ cat <<EOF
+ Now try logging into the machine, with "ssh '$host'", and check in:
More information about the scm-commits
mailing list