* [IPFire-SCM] [git.ipfire.org] IPFire 3.x development tree branch, master, updated. e78de92e15c1bb378e6447cf8b7131e491b00b29
@ 2012-03-11 23:23 git
0 siblings, 0 replies; only message in thread
From: git @ 2012-03-11 23:23 UTC (permalink / raw)
To: ipfire-scm
[-- Attachment #1: Type: text/plain, Size: 16304 bytes --]
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 3.x development tree".
The branch, master has been updated
via e78de92e15c1bb378e6447cf8b7131e491b00b29 (commit)
via 40c54876556beb130f2f17211a69a23d5be9587a (commit)
via a5d9074a463a3c13e46784a0b1e0e7a548027c97 (commit)
from 47902c21be198525dc2ebe7f4caed1c6d2497346 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit e78de92e15c1bb378e6447cf8b7131e491b00b29
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Mon Mar 12 00:22:18 2012 +0100
openssh: Some bigger changes.
Adopts systemd files from Fedora and cleans up a lot
in the makefile.
commit 40c54876556beb130f2f17211a69a23d5be9587a
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Sun Mar 11 23:42:07 2012 +0100
grubby: Update to version 8.9.
Fixes #10059, #10062.
commit a5d9074a463a3c13e46784a0b1e0e7a548027c97
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Sun Mar 11 23:41:39 2012 +0100
samba: Make package compile on x86_64.
-----------------------------------------------------------------------
Summary of changes:
grubby/grubby.nm | 16 +++-
openssh/openssh.nm | 139 ++++++++++++++++++++++-------------
openssh/ssh-keygen | 8 --
openssh/sshd-keygen | 63 ++++++++++++++++
openssh/sshd.pam | 20 +++--
openssh/systemd/openssh.service | 12 ---
openssh/systemd/sshd-keygen.service | 12 +++
openssh/systemd/sshd.service | 10 +++
openssh/systemd/sshd.socket | 10 +++
openssh/systemd/sshd(a).service | 8 ++
samba/samba.nm | 26 +++---
11 files changed, 230 insertions(+), 94 deletions(-)
delete mode 100644 openssh/ssh-keygen
create mode 100644 openssh/sshd-keygen
delete mode 100644 openssh/systemd/openssh.service
create mode 100644 openssh/systemd/sshd-keygen.service
create mode 100644 openssh/systemd/sshd.service
create mode 100644 openssh/systemd/sshd.socket
create mode 100644 openssh/systemd/sshd(a).service
Difference in files:
diff --git a/grubby/grubby.nm b/grubby/grubby.nm
index 92c1a58..830f27d 100644
--- a/grubby/grubby.nm
+++ b/grubby/grubby.nm
@@ -4,7 +4,7 @@
###############################################################################
name = grubby
-version = 8.3
+version = 8.9
release = 1
groups = System/Base
@@ -20,7 +20,8 @@ description
environment.
end
-sources = %{thisapp}.tar.bz2
+# Source tarballs must be generated from git.
+sources = %{thisapp}.tar.bz2
build
requires
@@ -34,11 +35,20 @@ build
make test
end
- make_install_targets += mandir=/usr/share/man
+ make_install_targets += mandir=%{mandir}
end
packages
package %{name}
+ # Pull in uboot-tools on ARM platforms.
+ if "%{DISTRO_ARCH}" == "armv7hl"
+ requires += uboot-tools
+ end
+
+ if "%{DISTRO_ARCH}" == "armv5tel"
+ requires += uboot-tools
+ end
+ end
package %{name}-debuginfo
template DEBUGINFO
diff --git a/openssh/openssh.nm b/openssh/openssh.nm
index 0b0250c..d04d2b2 100644
--- a/openssh/openssh.nm
+++ b/openssh/openssh.nm
@@ -5,7 +5,7 @@
name = openssh
version = 5.9p1
-release = 3
+release = 4
groups = Application/Internet
url = http://www.openssh.com/portable.html
@@ -26,10 +26,14 @@ build
audit-devel
autoconf
automake
+ groff
+ libedit-devel
libselinux-devel
- nss-devel
- openssl-devel>=1.0.0d-2
+ ncurses-devel
+ openldap-devel
+ openssl-devel >= 1.0.0d-2
pam-devel
+ util-linux
zlib-devel
end
@@ -67,17 +71,25 @@ build
end
configure_options += \
- --sysconfdir=/etc/ssh \
- --datadir=/usr/share/sshd \
- --libexecdir=/usr/lib/openssh \
- --with-md5-passwords \
- --with-privsep-path=/var/lib/sshd \
+ --sysconfdir=%{sysconfdir}/ssh \
+ --datadir=%{datadir}/sshd \
+ --libexecdir=%{libdir}/openssh \
+ --with-default-path=/usr/local/bin:/bin:/usr/bin \
+ --with-superuser-path=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin \
+ --with-privsep-path=/var/empty/sshd \
+ --enable-vendor-patchlevel="%{DISTRO_NAME} %{thisver}" \
+ --disable-strip \
+ --with-ssl-engine \
+ --with-authorized-keys-command \
+ --with-ipaddr-display \
+ --with-ldap \
--with-pam \
+ --with-libedit \
--with-selinux \
--with-audit=linux
prepare_cmds
- autoreconf
+ autoreconf -vfi
end
install_cmds
@@ -85,15 +97,32 @@ build
sed -e "s/^.*GSSAPIAuthentication/#&/" -i %{BUILDROOT}/etc/ssh/ssh_config
# Install scriptfile for key generation
- install -m 754 %{DIR_SOURCE}/ssh-keygen %{BUILDROOT}/usr/lib/openssh/
+ mkdir -pv %{BUILDROOT}%{sbindir}
+ install -m 754 %{DIR_SOURCE}/sshd-keygen %{BUILDROOT}%{sbindir}
+
+ # Install ssh-copy-id.
+ install -m755 contrib/ssh-copy-id %{BUILDROOT}%{bindir}
+ install contrib/ssh-copy-id.1 %{BUILDROOT}%{mandir}/man1/
end
end
packages
package openssh
+ prerequires
+ shadow-utils
+ end
+
requires
- openssh-clients=%{thisver}
- openssh-server=%{thisver}
+ openssh-clients = %{thisver}
+ openssh-server = %{thisver}
+ end
+
+ configfiles
+ %{sysconfdir}/ssh/moduli
+ end
+
+ script prein
+ getent group sshd_keys >/dev/null || groupadd -r ssh_keys || :
end
end
@@ -101,29 +130,33 @@ packages
summary = OpenSSH client applications.
description = %{summary}
+ requires = openssh = %{thisver}
+
files
- /etc/ssh/ssh_config
- /usr/bin/scp
- /usr/bin/sftp
- /usr/bin/slogin
- /usr/bin/ssh
- /usr/bin/ssh-add
- /usr/bin/ssh-agent
- /usr/bin/ssh-keyscan
- /usr/lib/openssh/ssh-pkcs11-helper
- /usr/share/man/cat1/scp.1
- /usr/share/man/cat1/sftp.1
- /usr/share/man/cat1/slogin.1
- /usr/share/man/cat1/ssh-add.1
- /usr/share/man/cat1/ssh-agent.1
- /usr/share/man/cat1/ssh-keyscan.1
- /usr/share/man/cat1/ssh.1
- /usr/share/man/cat5/ssh_config.5
- /usr/share/man/cat8/ssh-pkcs11-helper.8
+ %{sysconfdir}/ssh/ssh_config
+ %{bindir}/scp
+ %{bindir}/sftp
+ %{bindir}/slogin
+ %{bindir}/ssh
+ %{bindir}/ssh-add
+ %{bindir}/ssh-agent
+ %{bindir}/ssh-copy-id
+ %{bindir}/ssh-keyscan
+ %{libdir}/openssh/ssh-pkcs11-helper
+ %{mandir}/man1/scp.1*
+ %{mandir}/man1/sftp.1*
+ %{mandir}/man1/slogin.1*
+ %{mandir}/man1/ssh-add.1*
+ %{mandir}/man1/ssh-agent.1*
+ %{mandir}/man1/ssh-copy-id.1*
+ %{mandir}/man1/ssh-keyscan.1*
+ %{mandir}/man1/ssh.1*
+ %{mandir}/man5/ssh_config.5*
+ %{mandir}/man8/ssh-pkcs11-helper.8*
end
configfiles
- /etc/ssh/ssh_config
+ %{sysconfdir}/ssh/ssh_config
end
end
@@ -131,26 +164,24 @@ packages
summary = OpenSSH server applications.
description = %{summary}
- # /usr/bin/ssh-keygen is needed to generate keys for the ssh server.
- requires = /usr/bin/ssh-keygen
+ requires = openssh = %{thisver}
files
- /etc/pam.d/sshd
- /etc/ssh/moduli
- /etc/ssh/sshd_config
- /lib/systemd/system/openssh.service
- /usr/lib/openssh/sftp-server
- /usr/lib/openssh/ssh-keygen
- /usr/sbin/sshd
- /usr/share/man/cat5/sshd_config.5*
- /usr/share/man/cat5/moduli.5*
- /usr/share/man/cat8/sshd.8*
- /usr/share/man/cat8/sftp-server.8*
- /var/lib/sshd
+ %{sysconfdir}/pam.d/sshd
+ %{sysconfdir}/ssh/sshd_config
+ /lib/systemd
+ %{libdir}/openssh/sftp-server
+ %{sbindir}/sshd-keygen
+ %{sbindir}/sshd
+ %{mandir}/man5/sshd_config.5*
+ %{mandir}/man5/moduli.5*
+ %{mandir}/man8/sshd.8*
+ %{mandir}/man8/sftp-server.8*
+ /var/empty/sshd
end
configfiles
- /etc/ssh/sshd_config
+ %{sysconfdir}/ssh/sshd_config
end
prerequires
@@ -160,9 +191,10 @@ packages
script prein
# Create unprivileged user and group.
- getent group sshd || groupadd -r sshd
- getent passwd sshd || useradd -r -g sshd \
- -d /var/lib/sshd -s /sbin/nologin sshd
+ getent group sshd >/dev/null || groupadd -r sshd
+ getent passwd sshd >/dev/null || useradd -r -g sshd \
+ -c "Privilege-separated SSH" \
+ -d /var/empty/sshd -s /sbin/nologin sshd
end
script postin
@@ -170,8 +202,10 @@ packages
end
script preun
- /bin/systemctl --no-reload disable openssh.service >/dev/null 2>&1 || :
- /bin/systemctl stop openssh.service >/dev/null 2>&1 || :
+ /bin/systemctl --no-reload disable sshd.service >/dev/null 2>&1 || :
+ /bin/systemctl --no-reload disable sshd-keygen.service >/dev/null 2>&1 || :
+ /bin/systemctl stop sshd.service >/dev/null 2>&1 || :
+ /bin/systemctl stop sshd-keygen.service >/dev/null 2>&1 || :
end
script postun
@@ -180,6 +214,9 @@ packages
script postup
/bin/systemctl daemon-reload >/dev/null 2>&1 || :
+
+ /bin/systemctl try-restart sshd.service >/dev/null 2>&1 || :
+ /bin/systemctl try-restart sshd-keygen.service >/dev/null 2>&1 || :
end
end
diff --git a/openssh/ssh-keygen b/openssh/ssh-keygen
deleted file mode 100644
index 46e64d6..0000000
--- a/openssh/ssh-keygen
+++ /dev/null
@@ -1,8 +0,0 @@
-#! /bin/sh
-
-# Generates keyfiles for defined algorithm
-for algo in dsa rsa ecdsa; do
- [ -e "/etc/ssh/ssh_host_${algo}_key" ] && continue
- /usr/bin/ssh-keygen -q -t ${algo} -N "" -f /etc/ssh/ssh_host_${algo}_key
-done
-
diff --git a/openssh/sshd-keygen b/openssh/sshd-keygen
new file mode 100644
index 0000000..619e839
--- /dev/null
+++ b/openssh/sshd-keygen
@@ -0,0 +1,63 @@
+#!/bin/bash
+
+# Create the host keys for the OpenSSH server.
+#
+
+# Some functions to make the below more readable
+KEYGEN=/usr/bin/ssh-keygen
+RSA1_KEY=/etc/ssh/ssh_host_key
+RSA_KEY=/etc/ssh/ssh_host_rsa_key
+DSA_KEY=/etc/ssh/ssh_host_dsa_key
+
+do_rsa1_keygen() {
+ if [ ! -s $RSA1_KEY ]; then
+ rm -f $RSA1_KEY
+ if test ! -f $RSA1_KEY && $KEYGEN -q -t rsa1 -f $RSA1_KEY -C '' -N '' >&/dev/null; then
+ chgrp ssh_keys $RSA1_KEY
+ chmod 600 $RSA1_KEY
+ chmod 644 $RSA1_KEY.pub
+ if [ -x /sbin/restorecon ]; then
+ /sbin/restorecon $RSA1_KEY.pub
+ fi
+ else
+ exit 1
+ fi
+ fi
+}
+
+do_rsa_keygen() {
+ if [ ! -s $RSA_KEY ]; then
+ rm -f $RSA_KEY
+ if test ! -f $RSA_KEY && $KEYGEN -q -t rsa -f $RSA_KEY -C '' -N '' >&/dev/null; then
+ chgrp ssh_keys $RSA_KEY
+ chmod 600 $RSA_KEY
+ chmod 644 $RSA_KEY.pub
+ if [ -x /sbin/restorecon ]; then
+ /sbin/restorecon $RSA_KEY.pub
+ fi
+ else
+ exit 1
+ fi
+ fi
+}
+
+do_dsa_keygen() {
+ if [ ! -s $DSA_KEY ]; then
+ rm -f $DSA_KEY
+ if test ! -f $DSA_KEY && $KEYGEN -q -t dsa -f $DSA_KEY -C '' -N '' >&/dev/null; then
+ chgrp ssh_keys $DSA_KEY
+ chmod 600 $DSA_KEY
+ chmod 644 $DSA_KEY.pub
+ if [ -x /sbin/restorecon ]; then
+ /sbin/restorecon $DSA_KEY.pub
+ fi
+ else
+ exit 1
+ fi
+ fi
+}
+
+# Create keys
+do_rsa_keygen
+do_rsa1_keygen
+do_dsa_keygen
diff --git a/openssh/sshd.pam b/openssh/sshd.pam
index ba632dd..a80e450 100644
--- a/openssh/sshd.pam
+++ b/openssh/sshd.pam
@@ -1,9 +1,15 @@
#%PAM-1.0
-auth include system-auth
-
+auth required pam_sepermit.so
+auth substack password-auth
+auth include postlogin
account required pam_nologin.so
-account include system-auth
-
-password include system-auth
-
-session include system-auth
+account include password-auth
+password include password-auth
+# pam_selinux.so close should be the first session rule
+session required pam_selinux.so close
+session required pam_loginuid.so
+# pam_selinux.so open should only be followed by sessions to be executed in the user context
+session required pam_selinux.so open env_params
+session optional pam_keyinit.so force revoke
+session include password-auth
+session include postlogin
diff --git a/openssh/systemd/openssh.service b/openssh/systemd/openssh.service
deleted file mode 100644
index 7fdd641..0000000
--- a/openssh/systemd/openssh.service
+++ /dev/null
@@ -1,12 +0,0 @@
-[Unit]
-Description=OpenSSH Server
-After=network.target
-
-[Service]
-ExecStartPre=/usr/lib/openssh/ssh-keygen
-ExecStart=/usr/sbin/sshd -D
-ExecReload=/bin/kill -HUP $MAINPID
-Restart=always
-
-[Install]
-WantedBy=multi-user.target
diff --git a/openssh/systemd/sshd-keygen.service b/openssh/systemd/sshd-keygen.service
new file mode 100644
index 0000000..bfef328
--- /dev/null
+++ b/openssh/systemd/sshd-keygen.service
@@ -0,0 +1,12 @@
+[Unit]
+Description=SSH server keys generation.
+After=syslog.target
+Before=sshd.service
+
+[Service]
+Type=oneshot
+ExecStart=/usr/sbin/sshd-keygen
+RemainAfterExit=yes
+
+[Install]
+WantedBy=multi-user.target
diff --git a/openssh/systemd/sshd.service b/openssh/systemd/sshd.service
new file mode 100644
index 0000000..6b90aa1
--- /dev/null
+++ b/openssh/systemd/sshd.service
@@ -0,0 +1,10 @@
+[Unit]
+Description=OpenSSH server daemon
+After=syslog.target network.target auditd.service
+
+[Service]
+ExecStart=/usr/sbin/sshd -D $OPTIONS
+ExecReload=/bin/kill -HUP $MAINPID
+
+[Install]
+WantedBy=multi-user.target
diff --git a/openssh/systemd/sshd.socket b/openssh/systemd/sshd.socket
new file mode 100644
index 0000000..94b9533
--- /dev/null
+++ b/openssh/systemd/sshd.socket
@@ -0,0 +1,10 @@
+[Unit]
+Description=OpenSSH Server Socket
+Conflicts=sshd.service
+
+[Socket]
+ListenStream=22
+Accept=yes
+
+[Install]
+WantedBy=sockets.target
diff --git a/openssh/systemd/sshd(a).service b/openssh/systemd/sshd(a).service
new file mode 100644
index 0000000..09f995e
--- /dev/null
+++ b/openssh/systemd/sshd(a).service
@@ -0,0 +1,8 @@
+[Unit]
+Description=OpenSSH per-connection server daemon
+After=syslog.target auditd.service
+
+[Service]
+EnvironmentFile=/etc/sysconfig/sshd
+ExecStart=-/usr/sbin/sshd -i $OPTIONS
+StandardInput=socket
diff --git a/samba/samba.nm b/samba/samba.nm
index dcf1edf..5902b9b 100644
--- a/samba/samba.nm
+++ b/samba/samba.nm
@@ -5,7 +5,7 @@
name = samba
version = 3.6.3
-release = 1
+release = 2
maintainer = Christian Schmidt <christian.schmidt(a)ipfire.org>
groups = Networking/Daemons
@@ -53,17 +53,17 @@ build
DIR_APP = %{DIR_SRC}/%{thisapp}/source3
configure_options += \
- --prefix=/usr \
+ --prefix=%{prefix} \
--localstatedir=/var \
- --with-lockdir=/var/lib/samba \
- --with-piddir=/var/run \
- --with-mandir=/usr/share/man \
- --with-privatedir=/var/lib/samba/private \
+ --with-lockdir=%{sharedstatedir}/samba \
+ --with-piddir=%{rundir} \
+ --with-mandir=%{mandir} \
+ --with-privatedir=%{sharedstatedir}/samba/private \
--with-logfilebase=/var/log/samba \
- --with-modulesdir=/usr/lib/samba \
- --with-configdir=/etc/samba \
- --with-pammodulesdir=/lib/security \
- --with-swatdir=/usr/share/swat \
+ --with-modulesdir=%{libdir}/samba \
+ --with-configdir=%{sysconfdir}/samba \
+ --with-pammodulesdir=/%{lib}/security \
+ --with-swatdir=%{datadir}/swat \
--with-automount \
--with-libsmbclient \
--with-libsmbsharemodes \
@@ -81,8 +81,8 @@ build
all modules
install_cmds
- mkdir -pv %{BUILDROOT}/etc/samba
- echo "127.0.0.1 localhost" > %{BUILDROOT}/etc/samba/lmhosts
+ mkdir -pv %{BUILDROOT}%{sysconfdir}/samba
+ echo "127.0.0.1 localhost" > %{BUILDROOT}%{sysconfdir}/samba/lmhosts
end
end
@@ -96,7 +96,7 @@ packages
package %{name}-devel
template DEVEL
- requires += %{name}-libs=%{thisver}
+ requires += %{name}-libs = %{thisver}
end
package %{name}-debuginfo
hooks/post-receive
--
IPFire 3.x development tree
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2012-03-11 23:23 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2012-03-11 23:23 [IPFire-SCM] [git.ipfire.org] IPFire 3.x development tree branch, master, updated. e78de92e15c1bb378e6447cf8b7131e491b00b29 git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox