[gsi-openssh/f16] Drop openssh-5.8p2-unblock-signals.patch - not needed for GT >= 5.2 Based on openssh-5.8p2-23.fc16

Mattias Ellert ellert at fedoraproject.org
Sun Jan 22 18:06:42 UTC 2012 

commit afe782b77d3041320dbd88bed2ef0f0f015cbb0d
Author: Mattias Ellert <mattias.ellert at fysast.uu.se>
Date:   Sun Jan 22 17:50:20 2012 +0100

    Drop openssh-5.8p2-unblock-signals.patch - not needed for GT >= 5.2
    Based on openssh-5.8p2-23.fc16

 gsi-openssh.spec                    |   20 +++++----
 openssh-5.8p2-gsissh.patch          |    4 +-
 openssh-5.8p2-log-usepam-no.patch   |   28 +++++++++++++
 openssh-5.8p2-unblock-signals.patch |   76 -----------------------------------
 4 files changed, 42 insertions(+), 86 deletions(-)
---
diff --git a/gsi-openssh.spec b/gsi-openssh.spec
index ea0594c..9fe2ce8 100644
--- a/gsi-openssh.spec
+++ b/gsi-openssh.spec
@@ -36,7 +36,7 @@
 %global nologin 1
 
 %global openssh_ver 5.8p2
-%global openssh_rel 3
+%global openssh_rel 4
 
 Summary: An implementation of the SSH protocol with GSI authentication
 Name: gsi-openssh
@@ -144,6 +144,8 @@ Patch67: openssh-5.8p2-unconfined.patch
 Patch69: openssh-5.8p2-askpass-ld.patch
 #https://bugzilla.redhat.com/show_bug.cgi?id=739989
 Patch70: openssh-5.8p2-copy-id-restorecon.patch
+# warn users for unsupported UsePAM=no
+Patch71: openssh-5.8p2-log-usepam-no.patch
 #---
 #https://bugzilla.mindrot.org/show_bug.cgi?id=1604
 # sctp
@@ -153,10 +155,6 @@ Patch70: openssh-5.8p2-copy-id-restorecon.patch
 # Based on http://grid.ncsa.illinois.edu/ssh/dl/patch/openssh-5.8p2.patch
 Patch98: openssh-5.8p2-gsissh.patch
 
-# The gsissh server has problems with blocked signals in threaded globus libs
-# This patch from OSG resolves these problems
-Patch99: openssh-5.8p2-unblock-signals.patch
-
 License: BSD
 Group: Applications/Internet
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -182,8 +180,10 @@ BuildRequires: krb5-devel
 %endif
 
 %if %{gsi}
-BuildRequires: globus-gss-assist-devel
-BuildRequires: globus-usage-devel
+BuildRequires: globus-gss-assist-devel >= 8
+BuildRequires: globus-gssapi-gsi >= 10
+BuildRequires: globus-common >=	 14
+BuildRequires: globus-usage-devel >= 3
 %endif
 
 %if %{libedit}
@@ -310,8 +310,8 @@ This version of OpenSSH has been modified to support GSI authentication.
 %patch67 -p1 -b .unconfined
 %patch69 -p1 -b .askpass-ld
 %patch70 -p1 -b .restorecon
+%patch71 -p1 -b .log-usepam-no
 %patch98 -p1 -b .gsi
-%patch99 -p1 -b .signals
 
 sed 's/sshd.pid/gsisshd.pid/' -i pathnames.h
 sed 's!$(piddir)/sshd.pid!$(piddir)/gsisshd.pid!' -i Makefile.in
@@ -533,6 +533,10 @@ fi
 %attr(0644,root,root) %{_unitdir}/gsisshd.service
 
 %changelog
+* Sun Jan 22 2012 Mattias Ellert <mattias.ellert at fysast.uu.se> - 5.8p2-4
+- Drop openssh-5.8p2-unblock-signals.patch - not needed for GT >= 5.2
+- Based on openssh-5.8p2-23.fc16
+
 * Sun Nov 27 2011 Mattias Ellert <mattias.ellert at fysast.uu.se> - 5.8p2-3
 - Based on openssh-5.8p2-22.fc16
 
diff --git a/openssh-5.8p2-gsissh.patch b/openssh-5.8p2-gsissh.patch
index ee6c47f..bfa3cbe 100644
--- a/openssh-5.8p2-gsissh.patch
+++ b/openssh-5.8p2-gsissh.patch
@@ -606,8 +606,8 @@ diff -Nur openssh-5.8p2.orig/configure.ac openssh-5.8p2/configure.ac
 +		GSSAPI="GSI"
 +	fi
 +
-+	LIBS="$LIBS `pkg-config --libs globus-gss-assist`"
-+	CPPFLAGS="$CPPFLAGS `pkg-config --cflags globus-gss-assist`"
++	LIBS="$LIBS `pkg-config --libs globus-gss-assist globus-gssapi-gsi globus-common`"
++	CPPFLAGS="$CPPFLAGS `pkg-config --cflags globus-gss-assist globus-gssapi-gsi globus-common`"
 +
 +	AC_DEFINE(GSSAPI)
 +	AC_DEFINE(HAVE_GSSAPI_H)
diff --git a/openssh-5.8p2-log-usepam-no.patch b/openssh-5.8p2-log-usepam-no.patch
new file mode 100644
index 0000000..614d2cd
--- /dev/null
+++ b/openssh-5.8p2-log-usepam-no.patch
@@ -0,0 +1,28 @@
+diff --git a/sshd.c b/sshd.c
+index 8dcfdf2..95b63ad 100644
+--- a/sshd.c
++++ b/sshd.c
+@@ -1592,6 +1592,10 @@ main(int ac, char **av)
+ 	parse_server_config(&options, rexeced_flag ? "rexec" : config_file_name,
+ 	    &cfg, NULL, NULL, NULL);
+ 
++	/* 'UsePAM no' is not supported in Fedora */
++	if (! options.use_pam)
++		logit("WARNING: 'UsePAM no' is not supported in Fedora and may cause several problems.");
++
+ 	seed_rng();
+ 
+ 	/* Fill in default values for those options not explicitly set. */
+diff --git a/sshd_config b/sshd_config
+index 8c16754..9f28b04 100644
+--- a/sshd_config
++++ b/sshd_config
+@@ -92,6 +92,8 @@ GSSAPICleanupCredentials yes
+ # If you just want the PAM account and session checks to run without
+ # PAM authentication, then enable this but set PasswordAuthentication
+ # and ChallengeResponseAuthentication to 'no'.
++# WARNING: 'UsePAM no' is not supported in Fedora and may cause several
++# problems.
+ #UsePAM no
+ UsePAM yes
+

More information about the scm-commits mailing list