ellert pushed to gsi-openssh (f21). "Based on openssh-6.6.1p1-12.fc21"
notifications at fedoraproject.org
notifications at fedoraproject.org
Mon Apr 13 18:03:12 UTC 2015
>From 17725e15da78edd0e0553401be2b712bf5c7911b Mon Sep 17 00:00:00 2001
From: Mattias Ellert <mattias.ellert at fysast.uu.se>
Date: Mon, 13 Apr 2015 20:01:21 +0200
Subject: Based on openssh-6.6.1p1-12.fc21
diff --git a/gsi-openssh.spec b/gsi-openssh.spec
index a3bf8b6..7e30efa 100644
--- a/gsi-openssh.spec
+++ b/gsi-openssh.spec
@@ -29,7 +29,7 @@
%global ldap 1
%global openssh_ver 6.6.1p1
-%global openssh_rel 4
+%global openssh_rel 5
Summary: An implementation of the SSH protocol with GSI authentication
Name: gsi-openssh
@@ -47,6 +47,7 @@ Source10: gsisshd.socket
Source11: gsisshd.service
Source12: gsisshd-keygen.service
Source13: gsisshd-keygen
+Source14: gsisshd.tmpfiles
Source99: README.sshd-and-gsisshd
#?
@@ -101,8 +102,6 @@ Patch703: openssh-4.3p2-askpass-grab-info.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=205842
# drop? Patch704: openssh-5.9p1-edns.patch
#?
-Patch705: openssh-5.1p1-scp-manpage.patch
-#?
Patch706: openssh-6.6.1p1-localdomain.patch
#https://bugzilla.mindrot.org/show_bug.cgi?id=1635 (WONTFIX)
Patch707: openssh-6.6p1-redhat.patch
@@ -170,6 +169,10 @@ Patch918: openssh-6.6.1p1-log-in-chroot.patch
Patch919: openssh-6.6.1p1-scp-non-existing-directory.patch
# Config parser shouldn't accept ip/port syntax (#1130733)
Patch920: openssh-6.6.1p1-ip-port-config-parser.patch
+# fix ssh-copy-id on non-sh shells (#1045191)
+Patch921: openssh-6.7p1-fix-ssh-copy-id-on-non-sh-shell.patch
+# Solve issue with ssh-copy-id and keys without trailing newline (#1093168)
+Patch922: openssh-6.7p1-ssh-copy-id-truncated-keys.patch
# This is the patch that adds GSI support
# Based on http://grid.ncsa.illinois.edu/ssh/dl/patch/openssh-6.6p1.patch
@@ -298,7 +301,6 @@ This version of OpenSSH has been modified to support GSI authentication.
%patch703 -p1 -b .grab-info
# investigate - https://bugzilla.redhat.com/show_bug.cgi?id=205842
# probably not needed anymore %patch704 -p1 -b .edns
-# drop it %patch705 -p1 -b .manpage
%patch706 -p1 -b .localdomain
%patch707 -p1 -b .redhat
%patch708 -p1 -b .entropy
@@ -330,6 +332,8 @@ This version of OpenSSH has been modified to support GSI authentication.
%patch919 -p1 -b .scp
%patch920 -p1 -b .config
%patch802 -p1 -b .GSSAPIEnablek5users
+%patch921 -p1 -b .ssh-copy-id
+%patch922 -p1 -b .newline
%patch200 -p1 -b .audit
%patch201 -p1 -b .audit-fps
@@ -449,6 +453,7 @@ install -m644 %{SOURCE9} $RPM_BUILD_ROOT/%{_unitdir}/gsisshd at .service
install -m644 %{SOURCE10} $RPM_BUILD_ROOT/%{_unitdir}/gsisshd.socket
install -m644 %{SOURCE11} $RPM_BUILD_ROOT/%{_unitdir}/gsisshd.service
install -m644 %{SOURCE12} $RPM_BUILD_ROOT/%{_unitdir}/gsisshd-keygen.service
+install -m644 -D %{SOURCE14} $RPM_BUILD_ROOT%{_tmpfilesdir}/gsissh.conf
rm $RPM_BUILD_ROOT%{_bindir}/ssh-add
rm $RPM_BUILD_ROOT%{_bindir}/ssh-agent
@@ -549,8 +554,12 @@ getent passwd sshd >/dev/null || \
%attr(0644,root,root) %{_unitdir}/gsisshd at .service
%attr(0644,root,root) %{_unitdir}/gsisshd.socket
%attr(0644,root,root) %{_unitdir}/gsisshd-keygen.service
+%attr(0644,root,root) %{_tmpfilesdir}/gsissh.conf
%changelog
+* Mon Apr 13 2015 Mattias Ellert <mattias.ellert at fysast.uu.se> - 6.6.1p1-5
+- Based on openssh-6.6.1p1-12.fc21
+
* Thu Jan 15 2015 Mattias Ellert <mattias.ellert at fysast.uu.se> - 6.6.1p1-4
- Based on openssh-6.6.1p1-11.1.fc21
diff --git a/gsisshd.tmpfiles b/gsisshd.tmpfiles
new file mode 100644
index 0000000..e13d962
--- /dev/null
+++ b/gsisshd.tmpfiles
@@ -0,0 +1 @@
+d /var/empty/gsisshd 711 root root -
diff --git a/openssh-5.1p1-scp-manpage.patch b/openssh-5.1p1-scp-manpage.patch
deleted file mode 100644
index e314a05..0000000
--- a/openssh-5.1p1-scp-manpage.patch
+++ /dev/null
@@ -1,18 +0,0 @@
-diff -up openssh-5.1p1/scp.1.manpage openssh-5.1p1/scp.1
---- openssh-5.1p1/scp.1.manpage 2008-07-12 09:12:49.000000000 +0200
-+++ openssh-5.1p1/scp.1 2008-07-23 19:18:15.000000000 +0200
-@@ -66,6 +66,14 @@ treating file names containing
- as host specifiers.
- Copies between two remote hosts are also permitted.
- .Pp
-+When copying a source file to a target file which already exists,
-+.Nm
-+will replace the contents of the target file (keeping the inode).
-+.Pp
-+If the target file does not yet exist, an empty file with the target
-+file name is created, then filled with the source file contents.
-+No attempt is made at "near-atomic" transfer using temporary files.
-+.Pp
- The options are as follows:
- .Bl -tag -width Ds
- .It Fl 1
diff --git a/openssh-6.7p1-fix-ssh-copy-id-on-non-sh-shell.patch b/openssh-6.7p1-fix-ssh-copy-id-on-non-sh-shell.patch
new file mode 100644
index 0000000..f6997a2
--- /dev/null
+++ b/openssh-6.7p1-fix-ssh-copy-id-on-non-sh-shell.patch
@@ -0,0 +1,16 @@
+diff --git a/contrib/ssh-copy-id b/contrib/ssh-copy-id
+index 8e1091c..4bba5d6 100644
+--- a/contrib/ssh-copy-id
++++ b/contrib/ssh-copy-id
+@@ -274,9 +274,9 @@ case "$REMOTE_VERSION" in
+ populate_new_ids 0
+ fi
+ [ "$DRY_RUN" ] || printf '%s\n' "$NEW_IDS" | ssh "$@" "
+- umask 077 ;
++ exec sh -c 'umask 077 ;
+ mkdir -p .ssh && cat >> .ssh/authorized_keys || exit 1 ;
+- if type restorecon >/dev/null 2>&1 ; then restorecon -F .ssh .ssh/authorized_keys ; fi" \
++ if type restorecon >/dev/null 2>&1 ; then restorecon -F .ssh .ssh/authorized_keys ; fi'" \
+ || exit 1
+ ADDED=$(printf '%s\n' "$NEW_IDS" | wc -l)
+ ;;
diff --git a/openssh-6.7p1-ssh-copy-id-truncated-keys.patch b/openssh-6.7p1-ssh-copy-id-truncated-keys.patch
new file mode 100644
index 0000000..f4c91a4
--- /dev/null
+++ b/openssh-6.7p1-ssh-copy-id-truncated-keys.patch
@@ -0,0 +1,13 @@
+diff --git a/contrib/ssh-copy-id b/contrib/ssh-copy-id
+index 4bba5d6..ed1208e 100644
+--- a/contrib/ssh-copy-id
++++ b/contrib/ssh-copy-id
+@@ -207,7 +207,7 @@ populate_new_ids() {
+ printf '%s: INFO: attempting to log in with the new key(s), to filter out any that are already installed\n' "$0" >&2
+ NEW_IDS=$(
+ eval $GET_ID | {
+- while read ID ; do
++ while read ID || [[ -n $ID ]]; do
+ printf '%s\n' "$ID" > $L_TMP_ID_FILE
+
+ # the next line assumes $PRIV_ID_FILE only set if using a single id file - this
--
cgit v0.10.2
http://pkgs.fedoraproject.org/cgit/gsi-openssh.git/commit/?h=f21&id=17725e15da78edd0e0553401be2b712bf5c7911b
More information about the scm-commits
mailing list