ellert pushed to gsi-openssh (f21). "Based on openssh-6.6.1p1-12.fc21"

notifications at fedoraproject.org notifications at fedoraproject.org
Mon Apr 13 18:03:12 UTC 2015 

>From 17725e15da78edd0e0553401be2b712bf5c7911b Mon Sep 17 00:00:00 2001
From: Mattias Ellert <mattias.ellert at fysast.uu.se>
Date: Mon, 13 Apr 2015 20:01:21 +0200
Subject: Based on openssh-6.6.1p1-12.fc21


diff --git a/gsi-openssh.spec b/gsi-openssh.spec
index a3bf8b6..7e30efa 100644
--- a/gsi-openssh.spec
+++ b/gsi-openssh.spec
@@ -29,7 +29,7 @@
 %global ldap 1
 
 %global openssh_ver 6.6.1p1
-%global openssh_rel 4
+%global openssh_rel 5
 
 Summary: An implementation of the SSH protocol with GSI authentication
 Name: gsi-openssh
@@ -47,6 +47,7 @@ Source10: gsisshd.socket
 Source11: gsisshd.service
 Source12: gsisshd-keygen.service
 Source13: gsisshd-keygen
+Source14: gsisshd.tmpfiles
 Source99: README.sshd-and-gsisshd
 
 #?
@@ -101,8 +102,6 @@ Patch703: openssh-4.3p2-askpass-grab-info.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=205842
 # drop? Patch704: openssh-5.9p1-edns.patch
 #?
-Patch705: openssh-5.1p1-scp-manpage.patch
-#?
 Patch706: openssh-6.6.1p1-localdomain.patch
 #https://bugzilla.mindrot.org/show_bug.cgi?id=1635 (WONTFIX)
 Patch707: openssh-6.6p1-redhat.patch
@@ -170,6 +169,10 @@ Patch918: openssh-6.6.1p1-log-in-chroot.patch
 Patch919: openssh-6.6.1p1-scp-non-existing-directory.patch
 # Config parser shouldn't accept ip/port syntax (#1130733)
 Patch920: openssh-6.6.1p1-ip-port-config-parser.patch
+# fix ssh-copy-id on non-sh shells (#1045191)
+Patch921: openssh-6.7p1-fix-ssh-copy-id-on-non-sh-shell.patch
+# Solve issue with ssh-copy-id and keys without trailing newline (#1093168)
+Patch922: openssh-6.7p1-ssh-copy-id-truncated-keys.patch
 
 # This is the patch that adds GSI support
 # Based on http://grid.ncsa.illinois.edu/ssh/dl/patch/openssh-6.6p1.patch
@@ -298,7 +301,6 @@ This version of OpenSSH has been modified to support GSI authentication.
 %patch703 -p1 -b .grab-info
 # investigate - https://bugzilla.redhat.com/show_bug.cgi?id=205842
 # probably not needed anymore %patch704 -p1 -b .edns
-# drop it %patch705 -p1 -b .manpage
 %patch706 -p1 -b .localdomain
 %patch707 -p1 -b .redhat
 %patch708 -p1 -b .entropy
@@ -330,6 +332,8 @@ This version of OpenSSH has been modified to support GSI authentication.
 %patch919 -p1 -b .scp
 %patch920 -p1 -b .config
 %patch802 -p1 -b .GSSAPIEnablek5users
+%patch921 -p1 -b .ssh-copy-id
+%patch922 -p1 -b .newline
 
 %patch200 -p1 -b .audit
 %patch201 -p1 -b .audit-fps
@@ -449,6 +453,7 @@ install -m644 %{SOURCE9} $RPM_BUILD_ROOT/%{_unitdir}/gsisshd at .service
 install -m644 %{SOURCE10} $RPM_BUILD_ROOT/%{_unitdir}/gsisshd.socket
 install -m644 %{SOURCE11} $RPM_BUILD_ROOT/%{_unitdir}/gsisshd.service
 install -m644 %{SOURCE12} $RPM_BUILD_ROOT/%{_unitdir}/gsisshd-keygen.service
+install -m644 -D %{SOURCE14} $RPM_BUILD_ROOT%{_tmpfilesdir}/gsissh.conf
 
 rm $RPM_BUILD_ROOT%{_bindir}/ssh-add
 rm $RPM_BUILD_ROOT%{_bindir}/ssh-agent
@@ -549,8 +554,12 @@ getent passwd sshd >/dev/null || \
 %attr(0644,root,root) %{_unitdir}/gsisshd at .service
 %attr(0644,root,root) %{_unitdir}/gsisshd.socket
 %attr(0644,root,root) %{_unitdir}/gsisshd-keygen.service
+%attr(0644,root,root) %{_tmpfilesdir}/gsissh.conf
 
 %changelog
+* Mon Apr 13 2015 Mattias Ellert <mattias.ellert at fysast.uu.se> - 6.6.1p1-5
+- Based on openssh-6.6.1p1-12.fc21
+
 * Thu Jan 15 2015 Mattias Ellert <mattias.ellert at fysast.uu.se> - 6.6.1p1-4
 - Based on openssh-6.6.1p1-11.1.fc21
 
diff --git a/gsisshd.tmpfiles b/gsisshd.tmpfiles
new file mode 100644
index 0000000..e13d962
--- /dev/null
+++ b/gsisshd.tmpfiles
@@ -0,0 +1 @@
+d /var/empty/gsisshd 711 root root -
diff --git a/openssh-5.1p1-scp-manpage.patch b/openssh-5.1p1-scp-manpage.patch
deleted file mode 100644
index e314a05..0000000
--- a/openssh-5.1p1-scp-manpage.patch
+++ /dev/null
@@ -1,18 +0,0 @@
-diff -up openssh-5.1p1/scp.1.manpage openssh-5.1p1/scp.1
---- openssh-5.1p1/scp.1.manpage	2008-07-12 09:12:49.000000000 +0200
-+++ openssh-5.1p1/scp.1	2008-07-23 19:18:15.000000000 +0200
-@@ -66,6 +66,14 @@ treating file names containing
- as host specifiers.
- Copies between two remote hosts are also permitted.
- .Pp
-+When copying a source file to a target file which already exists,
-+.Nm 
-+will replace the contents of the target file (keeping the inode).
-+.Pp
-+If the target file does not yet exist, an empty file with the target
-+file name is created, then filled with the source file contents.
-+No attempt is made at "near-atomic" transfer using temporary files.
-+.Pp
- The options are as follows:
- .Bl -tag -width Ds
- .It Fl 1
diff --git a/openssh-6.7p1-fix-ssh-copy-id-on-non-sh-shell.patch b/openssh-6.7p1-fix-ssh-copy-id-on-non-sh-shell.patch
new file mode 100644
index 0000000..f6997a2
--- /dev/null
+++ b/openssh-6.7p1-fix-ssh-copy-id-on-non-sh-shell.patch
@@ -0,0 +1,16 @@
+diff --git a/contrib/ssh-copy-id b/contrib/ssh-copy-id
+index 8e1091c..4bba5d6 100644
+--- a/contrib/ssh-copy-id
++++ b/contrib/ssh-copy-id
+@@ -274,9 +274,9 @@ case "$REMOTE_VERSION" in
+       populate_new_ids 0
+     fi
+     [ "$DRY_RUN" ] || printf '%s\n' "$NEW_IDS" | ssh "$@" "
+-		umask 077 ;
++		exec sh -c 'umask 077 ;
+ 		mkdir -p .ssh && cat >> .ssh/authorized_keys || exit 1 ;
+-		if type restorecon >/dev/null 2>&1 ; then restorecon -F .ssh .ssh/authorized_keys ; fi" \
++		if type restorecon >/dev/null 2>&1 ; then restorecon -F .ssh .ssh/authorized_keys ; fi'" \
+       || exit 1
+     ADDED=$(printf '%s\n' "$NEW_IDS" | wc -l)
+     ;;
diff --git a/openssh-6.7p1-ssh-copy-id-truncated-keys.patch b/openssh-6.7p1-ssh-copy-id-truncated-keys.patch
new file mode 100644
index 0000000..f4c91a4
--- /dev/null
+++ b/openssh-6.7p1-ssh-copy-id-truncated-keys.patch
@@ -0,0 +1,13 @@
+diff --git a/contrib/ssh-copy-id b/contrib/ssh-copy-id
+index 4bba5d6..ed1208e 100644
+--- a/contrib/ssh-copy-id
++++ b/contrib/ssh-copy-id
+@@ -207,7 +207,7 @@ populate_new_ids() {
+   printf '%s: INFO: attempting to log in with the new key(s), to filter out any that are already installed\n' "$0" >&2
+   NEW_IDS=$(
+     eval $GET_ID | {
+-      while read ID ; do
++      while read ID || [[ -n $ID ]]; do
+         printf '%s\n' "$ID" > $L_TMP_ID_FILE
+ 
+         # the next line assumes $PRIV_ID_FILE only set if using a single id file - this
-- 
cgit v0.10.2


	http://pkgs.fedoraproject.org/cgit/gsi-openssh.git/commit/?h=f21&id=17725e15da78edd0e0553401be2b712bf5c7911b

More information about the scm-commits mailing list