From a8c7a62ad4a2401e1200cef2c180d34f95aaf7cc Mon Sep 17 00:00:00 2001 From: Tim Rice Date: Thu, 26 Apr 2001 22:50:48 -0700 Subject: - (tim) update contrib/caldera files with what Caldera is using. --- ChangeLog | 4 +- contrib/caldera/openssh.spec | 593 ++++++++++++++++++---------------------- contrib/caldera/ssh-host-keygen | 36 +++ contrib/caldera/sshd.daemons | 6 - contrib/caldera/sshd.init | 206 ++++++++------ 5 files changed, 422 insertions(+), 423 deletions(-) create mode 100755 contrib/caldera/ssh-host-keygen delete mode 100644 contrib/caldera/sshd.daemons diff --git a/ChangeLog b/ChangeLog index a6e31672..61f98436 100644 --- a/ChangeLog +++ b/ChangeLog @@ -10,6 +10,8 @@ - (bal) Cygwin lacks setgroups() API. Patch by Corinna Vinschen - (bal) version.h synced, RPM specs updated for 2.9 + - (tim) update contrib/caldera files with what Caldera is using. + 20010425 - OpenBSD CVS Sync @@ -5265,4 +5267,4 @@ - Wrote replacements for strlcpy and mkdtemp - Released 1.0pre1 -$Id: ChangeLog,v 1.1177 2001/04/27 02:15:00 mouring Exp $ +$Id: ChangeLog,v 1.1178 2001/04/27 05:50:48 tim Exp $ diff --git a/contrib/caldera/openssh.spec b/contrib/caldera/openssh.spec index defe1c23..f40b22ed 100644 --- a/contrib/caldera/openssh.spec +++ b/contrib/caldera/openssh.spec @@ -1,340 +1,281 @@ -# Version of OpenSSH -%define oversion 2.9p1 - -# Version of ssh-askpass -%define aversion 1.2.0 - -# Do we want to disable building of x11-askpass? (1=yes 0=no) -%define no_x11_askpass 0 - -# Do we want to disable building of gnome-askpass? (1=yes 0=no) -%define no_gnome_askpass 1 - -# Do we want to include contributed programs? (1=yes 0=no) -%define contrib_programs 1 - -Summary: OpenSSH free Secure Shell (SSH) implementation -Name: openssh -Version: %{oversion} -Release: 1 -Packager: Damien Miller -URL: http://www.openssh.com/ -Source0: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{oversion}.tar.gz -Source1: http://www.ntrnet.net/~jmknoble/software/x11-ssh-askpass/x11-ssh-askpass-%{aversion}.tar.gz -Copyright: BSD -Group: Applications/Internet -BuildRoot: /var/tmp/openssh-%{Version}-buildroot -#BuildRoot: /tmp/openssh-%{Version}-buildroot -Obsoletes: ssh -PreReq: openssl >= 0.9.5a -Requires: openssl >= 0.9.5a -BuildPreReq: perl, openssl-devel, tcp_wrappers -BuildPreReq: /bin/login, /usr/bin/rsh, /usr/include/security/pam_appl.h -%if ! %{no_gnome_askpass} -BuildPreReq: gnome-libs-devel -%endif - -%package clients -Summary: OpenSSH Secure Shell protocol clients -Requires: openssh = %{Version}-%{release} -Group: Applications/Internet -Obsoletes: ssh-clients - -%package server -Summary: OpenSSH Secure Shell protocol server (sshd) -Group: System Environment/Daemons -Obsoletes: ssh-server -#PreReq: openssh chkconfig >= 0.9 - -%package askpass -Summary: OpenSSH X11 passphrase dialog -Group: Applications/Internet -Requires: openssh = %{Version}-%{release} -Obsoletes: ssh-extras - -%package askpass-gnome -Summary: OpenSSH GNOME passphrase dialog -Group: Applications/Internet -Requires: openssh = %{Version}-%{release} -Obsoletes: ssh-extras - -%description -Ssh (Secure Shell) a program for logging into a remote machine and for -executing commands in a remote machine. It is intended to replace -rlogin and rsh, and provide secure encrypted communications between -two untrusted hosts over an insecure network. X11 connections and -arbitrary TCP/IP ports can also be forwarded over the secure channel. - -OpenSSH is OpenBSD's rework of the last free version of SSH, bringing it -up to date in terms of security and features, as well as removing all -patented algorithms to separate libraries (OpenSSL). - -This package includes the core files necessary for both the OpenSSH -client and server. To make this package useful, you should also -install openssh-clients, openssh-server, or both. - -%description clients -Ssh (Secure Shell) a program for logging into a remote machine and for -executing commands in a remote machine. It is intended to replace -rlogin and rsh, and provide secure encrypted communications between -two untrusted hosts over an insecure network. X11 connections and -arbitrary TCP/IP ports can also be forwarded over the secure channel. - -OpenSSH is OpenBSD's rework of the last free version of SSH, bringing it -up to date in terms of security and features, as well as removing all -patented algorithms to separate libraries (OpenSSL). - -This package includes the clients necessary to make encrypted connections -to SSH servers. - -%description server -Ssh (Secure Shell) a program for logging into a remote machine and for -executing commands in a remote machine. It is intended to replace -rlogin and rsh, and provide secure encrypted communications between -two untrusted hosts over an insecure network. X11 connections and -arbitrary TCP/IP ports can also be forwarded over the secure channel. - -OpenSSH is OpenBSD's rework of the last free version of SSH, bringing it -up to date in terms of security and features, as well as removing all -patented algorithms to separate libraries (OpenSSL). - -This package contains the secure shell daemon. The sshd is the server -part of the secure shell protocol and allows ssh clients to connect to -your host. - -%description askpass -Ssh (Secure Shell) a program for logging into a remote machine and for -executing commands in a remote machine. It is intended to replace -rlogin and rsh, and provide secure encrypted communications between -two untrusted hosts over an insecure network. X11 connections and -arbitrary TCP/IP ports can also be forwarded over the secure channel. - -OpenSSH is OpenBSD's rework of the last free version of SSH, bringing it -up to date in terms of security and features, as well as removing all -patented algorithms to separate libraries (OpenSSL). - -This package contains Jim Knoble's X11 passphrase -dialog. - -%description askpass-gnome -Ssh (Secure Shell) a program for logging into a remote machine and for -executing commands in a remote machine. It is intended to replace -rlogin and rsh, and provide secure encrypted communications between -two untrusted hosts over an insecure network. X11 connections and -arbitrary TCP/IP ports can also be forwarded over the secure channel. - -OpenSSH is OpenBSD's rework of the last free version of SSH, bringing it -up to date in terms of security and features, as well as removing all -patented algorithms to separate libraries (OpenSSL). - -This package contains the GNOME passphrase dialog. - -%prep - -%setup -a 1 - -%build - -%define _sysconfdir /etc/ssh - -CFLAGS="$RPM_OPT_FLAGS" \ - ./configure \ - --prefix=/usr \ - --sysconfdir=/etc/ssh \ - --libexecdir=%{_libexecdir}/openssh \ - --with-pam \ - --with-tcp-wrappers \ - --with-ipv4-default \ - --with-rsh=/usr/bin/rsh +%define askpass 1.2.0 + +Name : openssh +Version : 2.9p1 +Release : 1 +Group : System/Network + +Summary : OpenSSH free Secure Shell (SSH) implementation. +Summary(de) : OpenSSH - freie Implementation der Secure Shell (SSH). +Summary(es) : OpenSSH implementación libre de Secure Shell (SSH). +Summary(fr) : Implémentation libre du shell sécurisé OpenSSH (SSH). +Summary(it) : Implementazione gratuita OpenSSH della Secure Shell. +Summary(pt) : Implementação livre OpenSSH do protocolo 'Secure Shell' (SSH). + +Copyright : BSD +Packager : Stephan Seyboth +#Icon : . +URL : http://www.openssh.com/ + +Obsoletes : ssh, ssh-clients, openssh-clients + +BuildRoot : /tmp/%{Name}-%{Version} + +Source0: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{Version}.tar.gz +Source1: http://www.ntrnet.net/~jmknoble/software/x11-ssh-askpass/x11-ssh-askpass-%{askpass}.tar.gz + + +%Package server +Group : System/Network +Requires : openssh = %{Version} +Obsoletes : ssh-server + +Summary : OpenSSH Secure Shell protocol server (sshd). +Summary(de) : OpenSSH Secure Shell Protocol Server (sshd). +Summary(es) : Servidor del protocolo OpenSSH Secure Shell (sshd). +Summary(fr) : Serveur de protocole du shell sécurisé OpenSSH (sshd). +Summary(it) : Server OpenSSH per il protocollo Secure Shell (sshd). +Summary(pt) : Servidor do protocolo 'Secure Shell' OpenSSH (sshd). + + +%Package askpass +Group : System/Network +Requires : openssh = %{Version} +Obsoletes : ssh-extras + +Summary : OpenSSH X11 pass-phrase dialog. +Summary(de) : OpenSSH X11 Passwort-Dialog. +Summary(es) : Aplicación de petición de frase clave OpenSSH X11. +Summary(fr) : Dialogue pass-phrase X11 d'OpenSSH. +Summary(it) : Finestra di dialogo X11 per la frase segreta di OpenSSH. +Summary(pt) : Diálogo de pedido de senha para X11 do OpenSSH. + + +%Description +OpenSSH (Secure Shell) provides access to a remote system. It replaces +telnet, rlogin, rexec, and rsh, and provides secure encrypted +communications between two untrusted hosts over an insecure network. +X11 connections and arbitrary TCP/IP ports can also be forwarded over +the secure channel. + +%Description -l de +OpenSSH (Secure Shell) stellt den Zugang zu anderen Rechnern her. Es ersetzt +telnet, rlogin, rexec und rsh und stellt eine sichere, verschlüsselte +Verbindung zwischen zwei nicht vertrauenswürdigen Hosts über eine unsicheres +Netzwerk her. X11 Verbindungen und beliebige andere TCP/IP Ports können ebenso +über den sicheren Channel weitergeleitet werden. + +%Description -l es +OpenSSH (Secure Shell) proporciona acceso a sistemas remotos. Reemplaza a +telnet, rlogin, rexec, y rsh, y proporciona comunicaciones seguras encriptadas +entre dos equipos entre los que no se ha establecido confianza a través de una +red insegura. Las conexiones X11 y puertos TCP/IP arbitrarios también pueden +ser canalizadas sobre el canal seguro. + +%Description -l fr +OpenSSH (Secure Shell) fournit un accès à un système distant. Il remplace +telnet, rlogin, rexec et rsh, tout en assurant des communications cryptées +securisées entre deux hôtes non fiabilisés sur un réseau non sécurisé. Des +connexions X11 et des ports TCP/IP arbitraires peuvent également être +transmis sur le canal sécurisé. + +%Description -l it +OpenSSH (Secure Shell) fornisce l'accesso ad un sistema remoto. +Sostituisce telnet, rlogin, rexec, e rsh, e fornisce comunicazioni sicure +e crittate tra due host non fidati su una rete non sicura. Le connessioni +X11 ad una porta TCP/IP arbitraria possono essere inoltrate attraverso +un canale sicuro. + +%Description -l pt +OpenSSH (Secure Shell) fornece acesso a um sistema remoto. Substitui o +telnet, rlogin, rexec, e o rsh e fornece comunicações seguras e cifradas +entre duas máquinas sem confiança mútua sobre uma rede insegura. +Ligações X11 e portos TCP/IP arbitrários também poder ser reenviados +pelos porto seguro. + +%Description server +This package installs the sshd, the server portion of OpenSSH. + +%Description -l de server +Dieses Paket installiert den sshd, den Server-Teil der OpenSSH. + +%Description -l es server +Este paquete instala sshd, la parte servidor de OpenSSH. + +%Description -l fr server +Ce paquetage installe le 'sshd', partie serveur de OpenSSH. + +%Description -l it server +Questo pacchetto installa sshd, il server di OpenSSH. + +%Description -l pt server +Este pacote intala o sshd, o servidor do OpenSSH. + +%Description askpass +This package contains an X11-based passphrase dialog. + +%Description -l de askpass +Dieses Paket enthält einen X11-basierten Passwort Dialog. + +%Description -l es askpass +Este paquete contiene una aplicación para petición de frases-contraseña basada +en X11. + +%Description -l fr askpass +Ce paquetage contient un dialogue de passphrase basé sur X11. + +%Description -l it askpass +Questo pacchetto contiene una finestra di X11 che chiede la frase segreta. + +%Description -l pt askpass +Este pacote contém um diálogo de senha para o X11. + +%Prep +%setup +%setup -D -T -a1 + + +%Build +CFLAGS="$RPM_OPT_FLAGS" \ +./configure \ + --prefix=/usr \ + --sysconfdir=/etc/ssh \ + --libexecdir=/usr/lib/ssh \ + --with-pam \ + --with-tcp-wrappers \ + --with-ipv4-default \ make -%if ! %{no_x11_askpass} -cd x11-ssh-askpass-%{aversion} +cd x11-ssh-askpass-%{askpass} xmkmf -a make -cd .. -%endif - -%if ! %{no_gnome_askpass} -cd contrib -gcc -O -g `gnome-config --cflags gnome gnomeui` \ - gnome-ssh-askpass.c -o gnome-ssh-askpass \ - `gnome-config --libs gnome gnomeui` -cd .. -%endif - -%install -rm -rf $RPM_BUILD_ROOT -make install DESTDIR=$RPM_BUILD_ROOT/ - -# setup the environment we want -perl -pi -e "s,PermitRootLogin yes,PermitRootLogin no,;" \ - -e "s,X11Forwarding no,X11Forwarding yes,;" \ - -e "s,CheckMail no,CheckMail yes,;" \ - -e "s,^#Subsystem sftp,Subsystem sftp,;" \ - $RPM_BUILD_ROOT/etc/ssh/sshd_config - -install -d $RPM_BUILD_ROOT/etc/pam.d/ -install -d $RPM_BUILD_ROOT/etc/rc.d/init.d -install -d $RPM_BUILD_ROOT/etc/sysconfig/daemons -install -d $RPM_BUILD_ROOT%{_libexecdir}/openssh -install -d $RPM_BUILD_ROOT/usr/local/bin -install -d $RPM_BUILD_ROOT/usr/local/man/man1 -install -m644 contrib/caldera/sshd.pam $RPM_BUILD_ROOT/etc/pam.d/sshd -install -m755 contrib/caldera/sshd.init $RPM_BUILD_ROOT/etc/rc.d/init.d/sshd -install -m755 contrib/caldera/sshd.daemons $RPM_BUILD_ROOT/etc/sysconfig/daemons/sshd -perl -pi -e "s,\@OPENSSH_VERSION\@,%{Name}-%{Version},g" \ - $RPM_BUILD_ROOT/etc/rc.d/init.d/sshd -perl -pi -e "s,\@OPENSSH_VERSION\@,%{Name}-%{Version},g" \ - $RPM_BUILD_ROOT/etc/sysconfig/daemons/sshd -%if %{contrib_programs} -install -m755 contrib/make-ssh-known-hosts.pl $RPM_BUILD_ROOT/usr/local/bin -install -m644 contrib/make-ssh-known-hosts.1 $RPM_BUILD_ROOT/usr/local/man/man1 -install -m755 contrib/ssh-copy-id $RPM_BUILD_ROOT/usr/local/bin -install -m644 contrib/ssh-copy-id.1 $RPM_BUILD_ROOT/usr/local/man/man1 -%endif - -%if ! %{no_x11_askpass} -install -s x11-ssh-askpass-%{aversion}/x11-ssh-askpass $RPM_BUILD_ROOT/usr/libexec/openssh/x11-ssh-askpass -ln -s /usr/libexec/openssh/x11-ssh-askpass $RPM_BUILD_ROOT/usr/libexec/openssh/ssh-askpass -install -d $RPM_BUILD_ROOT/usr/X11R6/man/man1 -install -c -m 0444 x11-ssh-askpass-%{aversion}/x11-ssh-askpass.man $RPM_BUILD_ROOT/usr/X11R6/man/man1/x11-ssh-askpass.1x -ln -s /usr/X11R6/man/man1/x11-ssh-askpass.1x $RPM_BUILD_ROOT/usr/X11R6/man/man1/ssh-askpass.1x -%endif - -%if ! %{no_gnome_askpass} -install -s contrib/gnome-ssh-askpass $RPM_BUILD_ROOT/usr/libexec/openssh/gnome-ssh-askpass -%endif - -%clean -##rm -rf $RPM_BUILD_ROOT - -%post server -if [ "$1" = 1 ]; then - echo "Creating SSH stop/start scripts in the rc directories..." -# /sbin/chkconfig --add sshd - lisa --SysV-init install sshd S90 2:3:4:5 K05 0:1:6 -fi -if test -r /var/run/sshd.pid -then - echo "Restarting the running SSH daemon..." - /etc/rc.d/init.d/sshd restart >&2 + + +%Install +%{mkDESTDIR} + +make DESTDIR="$DESTDIR" install + +make -C x11-ssh-askpass-%{askpass} DESTDIR="$DESTDIR" \ + BINDIR="/usr/lib/ssh" install + +%{fixManPages} + +# install remaining docs +NV="$DESTDIR%{_defaultdocdir}/%{Name}-%{Version}" +mkdir -p $NV +cp -a CREDITS ChangeLog LICENCE OVERVIEW README* TODO $NV +mkdir -p $NV/x11-ssh-askpass-%{askpass} +cp -a x11-ssh-askpass-%{askpass}/{README,ChangeLog,SshAskpass*.ad} \ + $NV/x11-ssh-askpass-%{askpass} + + +# OpenLinux specific configuration +mkdir -p $DESTDIR/{etc/pam.d,%{SVIcdir},%{SVIdir}} + +# enabling X11 forwarding on the server is convenient and okay, +# on the client side it's a potential security risk! +%{fixUP} -vg $DESTDIR/etc/ssh/sshd_config 'X11Forwarding no' \ + 'X11Forwarding yes' + +install -m644 contrib/caldera/sshd.pam $DESTDIR/etc/pam.d/sshd +# FIXME: disabled, find out why this doesn't work with nis +%{fixUP} -vg $DESTDIR/etc/pam.d/sshd '(.*pam_limits.*)' '#$1' + +install -m 0755 contrib/caldera/sshd.init $DESTDIR%{SVIdir}/sshd +%{fixUP} -T $DESTDIR/%{SVIdir} -e 's:\@SVIdir\@:%{SVIdir}:' +%{fixUP} -T $DESTDIR/%{SVIdir} -e 's:\@sysconfdir\@:/etc/ssh:' + +cat <<-EoD > $DESTDIR%{SVIcdir}/sshd + IDENT=sshd + DESCRIPTIVE="OpenSSH secure shell daemon" + # This service will be marked as 'skipped' on boot if there + # is no host key. Use ssh-host-keygen to generate one + ONBOOT="yes" + OPTIONS="" +EoD + +SKG=$DESTDIR/usr/sbin/ssh-host-keygen +install -m 0755 contrib/caldera/ssh-host-keygen $SKG +%{fixUP} -T $SKG -e 's:\@sysconfdir\@:/etc/ssh:' +%{fixUP} -T $SKG -e 's:\@sshkeygen\@:/usr/bin/ssh-keygen:' + + +# generate file lists +%{mkLists} -c %{Name} +%{mkLists} -d %{Name} << 'EOF' +/etc/ssh base +^/etc/ IGNORED +%{_defaultdocdir}/$ IGNORED +askpass askpass +* default +EOF +%{mkLists} -a -f %{Name} << 'EOF' +^/etc * prefix(%%config) +/usr/X11R6/lib/X11/app-defaults IGNORED +[Aa]skpass askpass +%{_defaultdocdir}/%{Name}-%{Version}/ base +ssh-keygen base +sshd server +sftp-server server +.* base +EOF + + +%Clean +%{rmDESTDIR} + + +%Post +# Generate host key when none is present to get up and running, +# both client and server require this for host-based auth! +# ssh-host-keygen checks for existing keys. +/usr/sbin/ssh-host-keygen +: # to protect the rpm database + + +%Post server +if [ -x %{LSBinit}-install ]; then + %{LSBinit}-install sshd else - echo "Starting the SSH daemon..." - /etc/rc.d/init.d/sshd start >&2 + lisa --SysV-init install sshd S55 3:4:5 K45 0:1:2:6 fi -%preun server -if [ "$1" = 0 ] ; then - echo "Stopping the SSH daemon..." - /etc/rc.d/init.d/sshd stop >&2 - echo "Removing SSH stop/start scripts from the rc directories..." -# /sbin/chkconfig --del sshd - lisa --SysV-init remove sshd $1 +! %{SVIdir}/sshd status || %{SVIdir}/sshd restart +: # to protect the rpm database + + +%PreUn server +[ "$1" = 0 ] || exit 0 + +! %{SVIdir}/sshd status || %{SVIdir}/sshd stop +: # to protect the rpm database + + +%PostUn server +if [ -x %{LSBinit}-remove ]; then + %{LSBinit}-remove sshd +else + lisa --SysV-init remove sshd $1 fi +: # to protect the rpm database -%files -%defattr(-,root,root) -%doc ChangeLog OVERVIEW README* INSTALL -%doc CREDITS LICENCE -%attr(0755,root,root) %{_bindir}/ssh-keygen -%attr(0755,root,root) %{_bindir}/scp -%attr(0755,root,root) %{_bindir}/ssh-keyscan -%attr(0644,root,root) %{_mandir}/man1/ssh-keygen.1* -%attr(0644,root,root) %{_mandir}/man1/ssh-keyscan.1* -%attr(0644,root,root) %{_mandir}/man1/scp.1* -%attr(0755,root,root) %dir %{_sysconfdir} -%attr(0600,root,root) %config(noreplace) %{_sysconfdir}/primes -%attr(0755,root,root) %dir %{_libexecdir}/openssh - -%files clients -%defattr(-,root,root) -%attr(4755,root,root) %{_bindir}/ssh -%attr(0755,root,root) %{_bindir}/ssh-agent -%attr(0755,root,root) %{_bindir}/ssh-add -%attr(0755,root,root) %{_bindir}/ssh-keyscan -%attr(0755,root,root) %{_bindir}/sftp -%attr(0644,root,root) %{_mandir}/man1/ssh.1* -%attr(0644,root,root) %{_mandir}/man1/ssh-agent.1* -%attr(0644,root,root) %{_mandir}/man1/ssh-add.1* -%attr(0644,root,root) %{_mandir}/man1/ssh-keyscan.1* -%attr(0644,root,root) %{_mandir}/man1/sftp.1* -%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/ssh_config -%attr(-,root,root) %{_bindir}/slogin -%attr(-,root,root) %{_mandir}/man1/slogin.1* -%if %{contrib_programs} -%attr(0755,root,root) /usr/local/bin/make-ssh-known-hosts.pl -%attr(0644,root,root) /usr/local/man/man1/make-ssh-known-hosts.1 -%attr(0755,root,root) /usr/local/bin/ssh-copy-id -%attr(0644,root,root) /usr/local/man/man1/ssh-copy-id.1 -%endif - -%files server + +%Files -f files-%{Name}-base %defattr(-,root,root) -%attr(0751,root,root) %{_sbindir}/sshd -%attr(0755,root,root) %{_libexecdir}/openssh/sftp-server -%attr(0644,root,root) %{_mandir}/man8/sshd.8* -%attr(0644,root,root) %{_mandir}/man8/sftp-server.8* -#%attr(0600,root,root) %config(noreplace) %{_sysconfdir}/sshd_config -%attr(0600,root,root) %config %{_sysconfdir}/sshd_config -%attr(0600,root,root) %config(noreplace) /etc/pam.d/sshd -%attr(0755,root,root) %config /etc/rc.d/init.d/sshd -%attr(0755,root,root) %config /etc/sysconfig/daemons/sshd - -%if ! %{no_x11_askpass} -%files askpass + + +%Files server -f files-%{Name}-server %defattr(-,root,root) -%doc x11-ssh-askpass-%{aversion}/README -%doc x11-ssh-askpass-%{aversion}/ChangeLog -%doc x11-ssh-askpass-%{aversion}/SshAskpass*.ad -%attr(0755,root,root) %{_libexecdir}/openssh/ssh-askpass -%attr(0755,root,root) %{_libexecdir}/openssh/x11-ssh-askpass -%attr(0644,root,root) /usr/X11R6/man/man1/x11-ssh-askpass.1x -%attr(-,root,root) /usr/X11R6/man/man1/ssh-askpass.1x -%endif - -%if ! %{no_gnome_askpass} -%files askpass-gnome + + +%Files askpass -f files-%{Name}-askpass %defattr(-,root,root) -%attr(0755,root,root) %{_libexecdir}/openssh/gnome-ssh-askpass -%endif - -%changelog -* Mon Oct 18 2000 Damien Miller -- Merge some of Nalin Dahyabhai changes from the - Redhat 7.0 spec file -* Tue Sep 05 2000 Damien Miller -- Use RPM configure macro -* Tue Aug 08 2000 Damien Miller -- Some surgery to sshd.init (generate keys at runtime) -- Cleanup of groups and removal of keygen calls -* Wed Jul 12 2000 Damien Miller -- Make building of X11-askpass and gnome-askpass optional -* Mon Jun 12 2000 Damien Miller -- Glob manpages to catch compressed files -* Wed Mar 15 2000 Damien Miller -- Updated for new location -- Updated for new gnome-ssh-askpass build -* Sun Dec 26 1999 Damien Miller -- Added Jim Knoble's askpass -* Mon Nov 15 1999 Damien Miller -- Split subpackages further based on patch from jim knoble -* Sat Nov 13 1999 Damien Miller -- Added 'Obsoletes' directives -* Tue Nov 09 1999 Damien Miller -- Use make install -- Subpackages -* Mon Nov 08 1999 Damien Miller -- Added links for slogin -- Fixed perms on manpages -* Sat Oct 30 1999 Damien Miller -- Renamed init script -* Fri Oct 29 1999 Damien Miller -- Back to old binary names -* Thu Oct 28 1999 Damien Miller -- Use autoconf -- New binary names -* Wed Oct 27 1999 Damien Miller -- Initial RPMification, based on Jan "Yenya" Kasprzak's spec. + +%ChangeLog +* Mon Jan 01 1998 ... +Template Version: 1.31 + +$Id: openssh.spec,v 1.15 2001/04/27 05:50:49 tim Exp $ diff --git a/contrib/caldera/ssh-host-keygen b/contrib/caldera/ssh-host-keygen new file mode 100755 index 00000000..28a97b9b --- /dev/null +++ b/contrib/caldera/ssh-host-keygen @@ -0,0 +1,36 @@ +#! /bin/sh +# +# $Id: ssh-host-keygen,v 1.1 2001/04/27 05:50:50 tim Exp $ +# +# This script is normally run only *once* for a given host +# (in a given period of time) -- on updates/upgrades/recovery +# the ssh_host_key* files _should_ be retained! Otherwise false +# "man-in-the-middle-attack" alerts will frighten unsuspecting +# clients... + +keydir=@sysconfdir@ +keygen=@sshkeygen@ + +if [ -f $keydir/ssh_host_key -o \ + -f $keydir/ssh_host_key.pub ]; then + echo "You already have an SSH1 RSA host key in $keydir/ssh_host_key." +else + echo "Generating 1024 bit SSH1 RSA host key." + $keygen -b 1024 -t rsa1 -f $keydir/ssh_host_key -C '' -N '' +fi + +if [ -f $keydir/ssh_host_rsa_key -o \ + -f $keydir/ssh_host_rsa_key.pub ]; then + echo "You already have an SSH2 RSA host key in $keydir/ssh_host_rsa_key." +else + echo "Generating 1024 bit SSH2 RSA host key." + $keygen -b 1024 -t rsa -f $keydir/ssh_host_rsa_key -C '' -N '' +fi + +if [ -f $keydir/ssh_host_dsa_key -o \ + -f $keydir/ssh_host_dsa_key.pub ]; then + echo "You already have an SSH2 DSA host key in $keydir/ssh_host_dsa_key." +else + echo "Generating SSH2 DSA host key." + $keygen -t dsa -f $keydir/ssh_host_dsa_key -C '' -N '' +fi diff --git a/contrib/caldera/sshd.daemons b/contrib/caldera/sshd.daemons deleted file mode 100644 index b7515040..00000000 --- a/contrib/caldera/sshd.daemons +++ /dev/null @@ -1,6 +0,0 @@ -IDENT=sshd -SHORT="sshd" -DESCRIPTIVE="@OPENSSH_VERSION@" -DAEMON=/usr/sbin/sshd -# DAEMON_ARGS="-p some_other_port" -ONBOOT=yes diff --git a/contrib/caldera/sshd.init b/contrib/caldera/sshd.init index 17643391..e60f8afe 100755 --- a/contrib/caldera/sshd.init +++ b/contrib/caldera/sshd.init @@ -1,99 +1,125 @@ -#! /bin/sh +#! /bin/bash # -# Generic network daemon RC script. If installed as /etc/rc.d/init.d/foobar, -# it source /etc/sysconfig/daemons/foobar and looks at the -# variable definitions (Bourne shell syntax). Variables marked with an -# asterisk are required. +# $Id: sshd.init,v 1.2 2001/04/27 05:50:50 tim Exp $ # -# * IDENT=sshd -# DESCRIPTIVE="@OPENSSH_VERSION@" -# * DAEMON=/usr/sbin/sshd -# DAEMON_ARGS="-p some_other_port" -# ONBOOT=yes +### BEGIN INIT INFO +# Provides: +# Required-Start: $network +# Required-Stop: +# Default-Start: 3 4 5 +# Default-Stop: 0 1 2 6 +# Description: sshd +# Bring up/down the OpenSSH secure shell daemon. +### END INIT INFO # +# Written by Miquel van Smoorenburg . +# Modified for Debian GNU/Linux by Ian Murdock . +# Modified for OpenLinux by Raymund Will -# Source networking configuration. -. /etc/sysconfig/network - -# Check that networking is up. -[ ${NETWORKING} = "no" ] && exit 0 - -# Source function library, check sysconfig/daemon file and source it. -. /etc/rc.d/init.d/functions - -[ -x $DAEMON ] || exit 0 - -# Some functions to make the below more readable -KEYGEN=/usr/bin/ssh-keygen -RSA1_KEY=/etc/ssh/ssh_host_key -RSA_KEY=/etc/ssh/ssh_host_rsa_key -DSA_KEY=/etc/ssh/ssh_host_dsa_key -PID_FILE=/var/run/sshd.pid -do_rsa1_keygen() { - if ! test -f $RSA1_KEY ; then - echo -n "Generating SSH1 RSA host key: " - if $KEYGEN -q -t rsa1 -f $RSA1_KEY -C '' -N '' >&/dev/null; then - echo "RSA1 key generation success" - else - echo "RSA1 key generation failure" - exit 1 - fi - fi -} -do_rsa_keygen() { - if ! test -f $RSA_KEY ; then - echo -n "Generating SSH2 RSA host key: " - if $KEYGEN -q -t rsa -f $RSA_KEY -C '' -N '' >&/dev/null; then - echo "RSA key generation success" - else - echo "RSA key generation failure" - exit 1 - fi - fi -} -do_dsa_keygen() { - if ! test -f $DSA_KEY ; then - echo -n "Generating SSH2 DSA host key: " - if $KEYGEN -q -t dsa -f $DSA_KEY -C '' -N '' >&/dev/null; then - echo "DSA key generation success" - else - echo "DSA key generation failure" - exit 1 - fi - fi +NAME=sshd +DAEMON=/usr/sbin/$NAME +# Hack-Alert(TM)! This is necessary to get around the 'reload'-problem +# created by recent OpenSSH daemon/ssd combinations. See Caldera internal +# PR [linux/8278] for details... +PIDF=/var/run/$NAME.pid +NAME=$DAEMON + +_status() { + [ -z "$1" ] || local pidf="$1" + local ret=-1 + local pid + if [ -n "$pidf" ] && [ -r "$pidf" ]; then + pid=$(head -1 $pidf) + else + pid=$(pidof $NAME) + fi + + if [ ! -e $SVIlock ]; then + # no lock-file => not started == stopped? + ret=3 + elif { [ -n "$pidf" ] && [ ! -f "$pidf" ] } || [ -z "$pid" ]; then + # pid-file given but not present or no pid => died, but was not stopped + ret=2 + elif [ -r /proc/$pid/cmdline ] && + echo -ne $NAME'\000' | cmp -s - /proc/$pid/cmdline; then + # pid-file given and present or pid found => check process... + # but don't compare exe, as this will fail after an update! + # compares OK => all's well, that ends well... + ret=0 + else + # no such process or exe does not match => stale pid-file or process died + # just recently... + ret=1 + fi + return $ret } -# See how we were called. +# Source function library (and set vital variables). +. @SVIdir@/functions + case "$1" in - start) - # Create keys if necessary - do_rsa1_keygen - do_rsa_keygen - do_dsa_keygen - - # Start daemons. - [ ! -e $LOCK ] || exit 1 - echo -n "Starting $SUBSYS services: " - start-stop-daemon -S -n $IDENT -x $DAEMON -- $DAEMON_ARGS - sleep 1 - echo . - touch $LOCK - ;; - stop) - # Stop daemons. - [ -e $LOCK ] || exit 0 - echo -n "Stopping $SUBSYS services: " - start-stop-daemon -K -n $IDENT -x $DAEMON - echo - rm -f $LOCK - ;; - restart) - $0 stop - $0 start - ;; - *) - echo "Usage: $SUBSYS {start|stop|restart}" - exit 1 + start) + [ ! -e $SVIlock ] || exit 0 + [ -x $DAEMON ] || exit 5 + SVIemptyConfig @sysconfdir@/sshd_config && exit 6 + + if [ ! \( -f @sysconfdir@/ssh_host_key -a \ + -f @sysconfdir@/ssh_host_key.pub \) -a \ + ! \( -f @sysconfdir@/ssh_host_rsa_key -a \ + -f @sysconfdir@/ssh_host_rsa_key.pub \) -a \ + ! \( -f @sysconfdir@/ssh_host_dsa_key -a \ + -f @sysconfdir@/ssh_host_dsa_key.pub \) ]; then + + echo "$SVIsubsys: host key not initialized: skipped!" + echo "$SVIsubsys: use ssh-host-keygen to generate one!" + exit 6 + fi + + echo -n "Starting $SVIsubsys services: " + ssd -S -x $DAEMON -n $NAME -- $OPTIONS + ret=$? + + echo "." + touch $SVIlock + ;; + + stop) + [ -e $SVIlock ] || exit 0 + + echo -n "Stopping $SVIsubsys services: " + ssd -K -p $PIDF -n $NAME + ret=$? + + echo "." + rm -f $SVIlock + ;; + + force-reload|reload) + [ -e $SVIlock ] || exit 0 + + echo "Reloading $SVIsubsys configuration files: " + ssd -K --signal 1 -q -p $PIDF -n $NAME + ret=$? + echo "done." + ;; + + restart) + $0 stop + $0 start + ret=$? + ;; + + status) + _status $PIDF + ret=$? + ;; + + *) + echo "Usage: $SVIscript {[re]start|stop|[force-]reload|status}" + ret=2 + ;; + esac -exit 0 +exit $ret + -- cgit v1.2.3