This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 3.x development tree".
The branch, master has been updated via e78de92e15c1bb378e6447cf8b7131e491b00b29 (commit) via 40c54876556beb130f2f17211a69a23d5be9587a (commit) via a5d9074a463a3c13e46784a0b1e0e7a548027c97 (commit) from 47902c21be198525dc2ebe7f4caed1c6d2497346 (commit)
Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.
- Log ----------------------------------------------------------------- commit e78de92e15c1bb378e6447cf8b7131e491b00b29 Author: Michael Tremer michael.tremer@ipfire.org Date: Mon Mar 12 00:22:18 2012 +0100
openssh: Some bigger changes.
Adopts systemd files from Fedora and cleans up a lot in the makefile.
commit 40c54876556beb130f2f17211a69a23d5be9587a Author: Michael Tremer michael.tremer@ipfire.org Date: Sun Mar 11 23:42:07 2012 +0100
grubby: Update to version 8.9.
Fixes #10059, #10062.
commit a5d9074a463a3c13e46784a0b1e0e7a548027c97 Author: Michael Tremer michael.tremer@ipfire.org Date: Sun Mar 11 23:41:39 2012 +0100
samba: Make package compile on x86_64.
-----------------------------------------------------------------------
Summary of changes: grubby/grubby.nm | 16 +++- openssh/openssh.nm | 139 ++++++++++++++++++++++------------- openssh/ssh-keygen | 8 -- openssh/sshd-keygen | 63 ++++++++++++++++ openssh/sshd.pam | 20 +++-- openssh/systemd/openssh.service | 12 --- openssh/systemd/sshd-keygen.service | 12 +++ openssh/systemd/sshd.service | 10 +++ openssh/systemd/sshd.socket | 10 +++ openssh/systemd/sshd@.service | 8 ++ samba/samba.nm | 26 +++--- 11 files changed, 230 insertions(+), 94 deletions(-) delete mode 100644 openssh/ssh-keygen create mode 100644 openssh/sshd-keygen delete mode 100644 openssh/systemd/openssh.service create mode 100644 openssh/systemd/sshd-keygen.service create mode 100644 openssh/systemd/sshd.service create mode 100644 openssh/systemd/sshd.socket create mode 100644 openssh/systemd/sshd@.service
Difference in files: diff --git a/grubby/grubby.nm b/grubby/grubby.nm index 92c1a58..830f27d 100644 --- a/grubby/grubby.nm +++ b/grubby/grubby.nm @@ -4,7 +4,7 @@ ###############################################################################
name = grubby -version = 8.3 +version = 8.9 release = 1
groups = System/Base @@ -20,7 +20,8 @@ description environment. end
-sources = %{thisapp}.tar.bz2 +# Source tarballs must be generated from git. +sources = %{thisapp}.tar.bz2
build requires @@ -34,11 +35,20 @@ build make test end
- make_install_targets += mandir=/usr/share/man + make_install_targets += mandir=%{mandir} end
packages package %{name} + # Pull in uboot-tools on ARM platforms. + if "%{DISTRO_ARCH}" == "armv7hl" + requires += uboot-tools + end + + if "%{DISTRO_ARCH}" == "armv5tel" + requires += uboot-tools + end + end
package %{name}-debuginfo template DEBUGINFO diff --git a/openssh/openssh.nm b/openssh/openssh.nm index 0b0250c..d04d2b2 100644 --- a/openssh/openssh.nm +++ b/openssh/openssh.nm @@ -5,7 +5,7 @@
name = openssh version = 5.9p1 -release = 3 +release = 4
groups = Application/Internet url = http://www.openssh.com/portable.html @@ -26,10 +26,14 @@ build audit-devel autoconf automake + groff + libedit-devel libselinux-devel - nss-devel - openssl-devel>=1.0.0d-2 + ncurses-devel + openldap-devel + openssl-devel >= 1.0.0d-2 pam-devel + util-linux zlib-devel end
@@ -67,17 +71,25 @@ build end
configure_options += \ - --sysconfdir=/etc/ssh \ - --datadir=/usr/share/sshd \ - --libexecdir=/usr/lib/openssh \ - --with-md5-passwords \ - --with-privsep-path=/var/lib/sshd \ + --sysconfdir=%{sysconfdir}/ssh \ + --datadir=%{datadir}/sshd \ + --libexecdir=%{libdir}/openssh \ + --with-default-path=/usr/local/bin:/bin:/usr/bin \ + --with-superuser-path=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin \ + --with-privsep-path=/var/empty/sshd \ + --enable-vendor-patchlevel="%{DISTRO_NAME} %{thisver}" \ + --disable-strip \ + --with-ssl-engine \ + --with-authorized-keys-command \ + --with-ipaddr-display \ + --with-ldap \ --with-pam \ + --with-libedit \ --with-selinux \ --with-audit=linux
prepare_cmds - autoreconf + autoreconf -vfi end
install_cmds @@ -85,15 +97,32 @@ build sed -e "s/^.*GSSAPIAuthentication/#&/" -i %{BUILDROOT}/etc/ssh/ssh_config
# Install scriptfile for key generation - install -m 754 %{DIR_SOURCE}/ssh-keygen %{BUILDROOT}/usr/lib/openssh/ + mkdir -pv %{BUILDROOT}%{sbindir} + install -m 754 %{DIR_SOURCE}/sshd-keygen %{BUILDROOT}%{sbindir} + + # Install ssh-copy-id. + install -m755 contrib/ssh-copy-id %{BUILDROOT}%{bindir} + install contrib/ssh-copy-id.1 %{BUILDROOT}%{mandir}/man1/ end end
packages package openssh + prerequires + shadow-utils + end + requires - openssh-clients=%{thisver} - openssh-server=%{thisver} + openssh-clients = %{thisver} + openssh-server = %{thisver} + end + + configfiles + %{sysconfdir}/ssh/moduli + end + + script prein + getent group sshd_keys >/dev/null || groupadd -r ssh_keys || : end end
@@ -101,29 +130,33 @@ packages summary = OpenSSH client applications. description = %{summary}
+ requires = openssh = %{thisver} + files - /etc/ssh/ssh_config - /usr/bin/scp - /usr/bin/sftp - /usr/bin/slogin - /usr/bin/ssh - /usr/bin/ssh-add - /usr/bin/ssh-agent - /usr/bin/ssh-keyscan - /usr/lib/openssh/ssh-pkcs11-helper - /usr/share/man/cat1/scp.1 - /usr/share/man/cat1/sftp.1 - /usr/share/man/cat1/slogin.1 - /usr/share/man/cat1/ssh-add.1 - /usr/share/man/cat1/ssh-agent.1 - /usr/share/man/cat1/ssh-keyscan.1 - /usr/share/man/cat1/ssh.1 - /usr/share/man/cat5/ssh_config.5 - /usr/share/man/cat8/ssh-pkcs11-helper.8 + %{sysconfdir}/ssh/ssh_config + %{bindir}/scp + %{bindir}/sftp + %{bindir}/slogin + %{bindir}/ssh + %{bindir}/ssh-add + %{bindir}/ssh-agent + %{bindir}/ssh-copy-id + %{bindir}/ssh-keyscan + %{libdir}/openssh/ssh-pkcs11-helper + %{mandir}/man1/scp.1* + %{mandir}/man1/sftp.1* + %{mandir}/man1/slogin.1* + %{mandir}/man1/ssh-add.1* + %{mandir}/man1/ssh-agent.1* + %{mandir}/man1/ssh-copy-id.1* + %{mandir}/man1/ssh-keyscan.1* + %{mandir}/man1/ssh.1* + %{mandir}/man5/ssh_config.5* + %{mandir}/man8/ssh-pkcs11-helper.8* end
configfiles - /etc/ssh/ssh_config + %{sysconfdir}/ssh/ssh_config end end
@@ -131,26 +164,24 @@ packages summary = OpenSSH server applications. description = %{summary}
- # /usr/bin/ssh-keygen is needed to generate keys for the ssh server. - requires = /usr/bin/ssh-keygen + requires = openssh = %{thisver}
files - /etc/pam.d/sshd - /etc/ssh/moduli - /etc/ssh/sshd_config - /lib/systemd/system/openssh.service - /usr/lib/openssh/sftp-server - /usr/lib/openssh/ssh-keygen - /usr/sbin/sshd - /usr/share/man/cat5/sshd_config.5* - /usr/share/man/cat5/moduli.5* - /usr/share/man/cat8/sshd.8* - /usr/share/man/cat8/sftp-server.8* - /var/lib/sshd + %{sysconfdir}/pam.d/sshd + %{sysconfdir}/ssh/sshd_config + /lib/systemd + %{libdir}/openssh/sftp-server + %{sbindir}/sshd-keygen + %{sbindir}/sshd + %{mandir}/man5/sshd_config.5* + %{mandir}/man5/moduli.5* + %{mandir}/man8/sshd.8* + %{mandir}/man8/sftp-server.8* + /var/empty/sshd end
configfiles - /etc/ssh/sshd_config + %{sysconfdir}/ssh/sshd_config end
prerequires @@ -160,9 +191,10 @@ packages
script prein # Create unprivileged user and group. - getent group sshd || groupadd -r sshd - getent passwd sshd || useradd -r -g sshd \ - -d /var/lib/sshd -s /sbin/nologin sshd + getent group sshd >/dev/null || groupadd -r sshd + getent passwd sshd >/dev/null || useradd -r -g sshd \ + -c "Privilege-separated SSH" \ + -d /var/empty/sshd -s /sbin/nologin sshd end
script postin @@ -170,8 +202,10 @@ packages end
script preun - /bin/systemctl --no-reload disable openssh.service >/dev/null 2>&1 || : - /bin/systemctl stop openssh.service >/dev/null 2>&1 || : + /bin/systemctl --no-reload disable sshd.service >/dev/null 2>&1 || : + /bin/systemctl --no-reload disable sshd-keygen.service >/dev/null 2>&1 || : + /bin/systemctl stop sshd.service >/dev/null 2>&1 || : + /bin/systemctl stop sshd-keygen.service >/dev/null 2>&1 || : end
script postun @@ -180,6 +214,9 @@ packages
script postup /bin/systemctl daemon-reload >/dev/null 2>&1 || : + + /bin/systemctl try-restart sshd.service >/dev/null 2>&1 || : + /bin/systemctl try-restart sshd-keygen.service >/dev/null 2>&1 || : end end
diff --git a/openssh/ssh-keygen b/openssh/ssh-keygen deleted file mode 100644 index 46e64d6..0000000 --- a/openssh/ssh-keygen +++ /dev/null @@ -1,8 +0,0 @@ -#! /bin/sh - -# Generates keyfiles for defined algorithm -for algo in dsa rsa ecdsa; do - [ -e "/etc/ssh/ssh_host_${algo}_key" ] && continue - /usr/bin/ssh-keygen -q -t ${algo} -N "" -f /etc/ssh/ssh_host_${algo}_key -done - diff --git a/openssh/sshd-keygen b/openssh/sshd-keygen new file mode 100644 index 0000000..619e839 --- /dev/null +++ b/openssh/sshd-keygen @@ -0,0 +1,63 @@ +#!/bin/bash + +# Create the host keys for the OpenSSH server. +# + +# Some functions to make the below more readable +KEYGEN=/usr/bin/ssh-keygen +RSA1_KEY=/etc/ssh/ssh_host_key +RSA_KEY=/etc/ssh/ssh_host_rsa_key +DSA_KEY=/etc/ssh/ssh_host_dsa_key + +do_rsa1_keygen() { + if [ ! -s $RSA1_KEY ]; then + rm -f $RSA1_KEY + if test ! -f $RSA1_KEY && $KEYGEN -q -t rsa1 -f $RSA1_KEY -C '' -N '' >&/dev/null; then + chgrp ssh_keys $RSA1_KEY + chmod 600 $RSA1_KEY + chmod 644 $RSA1_KEY.pub + if [ -x /sbin/restorecon ]; then + /sbin/restorecon $RSA1_KEY.pub + fi + else + exit 1 + fi + fi +} + +do_rsa_keygen() { + if [ ! -s $RSA_KEY ]; then + rm -f $RSA_KEY + if test ! -f $RSA_KEY && $KEYGEN -q -t rsa -f $RSA_KEY -C '' -N '' >&/dev/null; then + chgrp ssh_keys $RSA_KEY + chmod 600 $RSA_KEY + chmod 644 $RSA_KEY.pub + if [ -x /sbin/restorecon ]; then + /sbin/restorecon $RSA_KEY.pub + fi + else + exit 1 + fi + fi +} + +do_dsa_keygen() { + if [ ! -s $DSA_KEY ]; then + rm -f $DSA_KEY + if test ! -f $DSA_KEY && $KEYGEN -q -t dsa -f $DSA_KEY -C '' -N '' >&/dev/null; then + chgrp ssh_keys $DSA_KEY + chmod 600 $DSA_KEY + chmod 644 $DSA_KEY.pub + if [ -x /sbin/restorecon ]; then + /sbin/restorecon $DSA_KEY.pub + fi + else + exit 1 + fi + fi +} + +# Create keys +do_rsa_keygen +do_rsa1_keygen +do_dsa_keygen diff --git a/openssh/sshd.pam b/openssh/sshd.pam index ba632dd..a80e450 100644 --- a/openssh/sshd.pam +++ b/openssh/sshd.pam @@ -1,9 +1,15 @@ #%PAM-1.0 -auth include system-auth - +auth required pam_sepermit.so +auth substack password-auth +auth include postlogin account required pam_nologin.so -account include system-auth - -password include system-auth - -session include system-auth +account include password-auth +password include password-auth +# pam_selinux.so close should be the first session rule +session required pam_selinux.so close +session required pam_loginuid.so +# pam_selinux.so open should only be followed by sessions to be executed in the user context +session required pam_selinux.so open env_params +session optional pam_keyinit.so force revoke +session include password-auth +session include postlogin diff --git a/openssh/systemd/openssh.service b/openssh/systemd/openssh.service deleted file mode 100644 index 7fdd641..0000000 --- a/openssh/systemd/openssh.service +++ /dev/null @@ -1,12 +0,0 @@ -[Unit] -Description=OpenSSH Server -After=network.target - -[Service] -ExecStartPre=/usr/lib/openssh/ssh-keygen -ExecStart=/usr/sbin/sshd -D -ExecReload=/bin/kill -HUP $MAINPID -Restart=always - -[Install] -WantedBy=multi-user.target diff --git a/openssh/systemd/sshd-keygen.service b/openssh/systemd/sshd-keygen.service new file mode 100644 index 0000000..bfef328 --- /dev/null +++ b/openssh/systemd/sshd-keygen.service @@ -0,0 +1,12 @@ +[Unit] +Description=SSH server keys generation. +After=syslog.target +Before=sshd.service + +[Service] +Type=oneshot +ExecStart=/usr/sbin/sshd-keygen +RemainAfterExit=yes + +[Install] +WantedBy=multi-user.target diff --git a/openssh/systemd/sshd.service b/openssh/systemd/sshd.service new file mode 100644 index 0000000..6b90aa1 --- /dev/null +++ b/openssh/systemd/sshd.service @@ -0,0 +1,10 @@ +[Unit] +Description=OpenSSH server daemon +After=syslog.target network.target auditd.service + +[Service] +ExecStart=/usr/sbin/sshd -D $OPTIONS +ExecReload=/bin/kill -HUP $MAINPID + +[Install] +WantedBy=multi-user.target diff --git a/openssh/systemd/sshd.socket b/openssh/systemd/sshd.socket new file mode 100644 index 0000000..94b9533 --- /dev/null +++ b/openssh/systemd/sshd.socket @@ -0,0 +1,10 @@ +[Unit] +Description=OpenSSH Server Socket +Conflicts=sshd.service + +[Socket] +ListenStream=22 +Accept=yes + +[Install] +WantedBy=sockets.target diff --git a/openssh/systemd/sshd@.service b/openssh/systemd/sshd@.service new file mode 100644 index 0000000..09f995e --- /dev/null +++ b/openssh/systemd/sshd@.service @@ -0,0 +1,8 @@ +[Unit] +Description=OpenSSH per-connection server daemon +After=syslog.target auditd.service + +[Service] +EnvironmentFile=/etc/sysconfig/sshd +ExecStart=-/usr/sbin/sshd -i $OPTIONS +StandardInput=socket diff --git a/samba/samba.nm b/samba/samba.nm index dcf1edf..5902b9b 100644 --- a/samba/samba.nm +++ b/samba/samba.nm @@ -5,7 +5,7 @@
name = samba version = 3.6.3 -release = 1 +release = 2
maintainer = Christian Schmidt christian.schmidt@ipfire.org groups = Networking/Daemons @@ -53,17 +53,17 @@ build DIR_APP = %{DIR_SRC}/%{thisapp}/source3
configure_options += \ - --prefix=/usr \ + --prefix=%{prefix} \ --localstatedir=/var \ - --with-lockdir=/var/lib/samba \ - --with-piddir=/var/run \ - --with-mandir=/usr/share/man \ - --with-privatedir=/var/lib/samba/private \ + --with-lockdir=%{sharedstatedir}/samba \ + --with-piddir=%{rundir} \ + --with-mandir=%{mandir} \ + --with-privatedir=%{sharedstatedir}/samba/private \ --with-logfilebase=/var/log/samba \ - --with-modulesdir=/usr/lib/samba \ - --with-configdir=/etc/samba \ - --with-pammodulesdir=/lib/security \ - --with-swatdir=/usr/share/swat \ + --with-modulesdir=%{libdir}/samba \ + --with-configdir=%{sysconfdir}/samba \ + --with-pammodulesdir=/%{lib}/security \ + --with-swatdir=%{datadir}/swat \ --with-automount \ --with-libsmbclient \ --with-libsmbsharemodes \ @@ -81,8 +81,8 @@ build all modules
install_cmds - mkdir -pv %{BUILDROOT}/etc/samba - echo "127.0.0.1 localhost" > %{BUILDROOT}/etc/samba/lmhosts + mkdir -pv %{BUILDROOT}%{sysconfdir}/samba + echo "127.0.0.1 localhost" > %{BUILDROOT}%{sysconfdir}/samba/lmhosts end end
@@ -96,7 +96,7 @@ packages package %{name}-devel template DEVEL
- requires += %{name}-libs=%{thisver} + requires += %{name}-libs = %{thisver} end
package %{name}-debuginfo
hooks/post-receive -- IPFire 3.x development tree