From 2a4f84e7cec93103dbaebecdc24ace36c73f8b85 Mon Sep 17 00:00:00 2001 From: Dmitry Belyavskiy Date: Fri, 11 Oct 2024 12:19:11 +0200 Subject: [PATCH] Separate ssh-keysign to a dedicated package Resolves: RHEL-62112 --- openssh-9.9p1-separate-keysign.patch | 12 ++++++++++++ openssh.spec | 19 +++++++++++++++++-- 2 files changed, 29 insertions(+), 2 deletions(-) create mode 100644 openssh-9.9p1-separate-keysign.patch diff --git a/openssh-9.9p1-separate-keysign.patch b/openssh-9.9p1-separate-keysign.patch new file mode 100644 index 0000000..ff0e35f --- /dev/null +++ b/openssh-9.9p1-separate-keysign.patch @@ -0,0 +1,12 @@ +diff -up openssh-9.9p1/ssh_config.5.xxx openssh-9.9p1/ssh_config.5 +--- openssh-9.9p1/ssh_config.5.xxx 2024-10-11 12:01:14.260566303 +0200 ++++ openssh-9.9p1/ssh_config.5 2024-10-11 12:01:59.725654775 +0200 +@@ -759,7 +759,7 @@ or + This option should be placed in the non-hostspecific section. + See + .Xr ssh-keysign 8 +-for more information. ++for more information. ssh-keysign should be installed explicitly. + .It Cm EscapeChar + Sets the escape character (default: + .Ql ~ ) . diff --git a/openssh.spec b/openssh.spec index 513354f..db7c945 100644 --- a/openssh.spec +++ b/openssh.spec @@ -195,6 +195,7 @@ Patch1012: openssh-9.0p1-evp-fips-kex.patch Patch1014: openssh-8.7p1-nohostsha1proof.patch Patch1015: openssh-9.6p1-pam-rhost.patch +Patch1016: openssh-9.9p1-separate-keysign.patch License: BSD-3-Clause AND BSD-2-Clause AND ISC AND SSH-OpenSSH AND ssh-keyscan AND sprintf AND LicenseRef-Fedora-Public-Domain AND X11-distribute-modifications-variant Requires: /sbin/nologin @@ -247,6 +248,10 @@ Summary: An open source SSH client applications Requires: openssh = %{version}-%{release} Requires: crypto-policies >= 20220824-1 +%package keysign +Summary: A helper program used for host-based authentication +Requires: openssh = %{version}-%{release} + %package server Summary: An open source SSH server daemon Requires: openssh = %{version}-%{release} @@ -286,6 +291,11 @@ OpenSSH is a free version of SSH (Secure SHell), a program for logging into and executing commands on a remote machine. This package includes the clients necessary to make encrypted connections to SSH servers. +%description keysign +OpenSSH is a free version of SSH (Secure SHell), a program for logging +into and executing commands on a remote machine. ssh-keysign is a +helper program used for host-based authentication disabled by default. + %description server OpenSSH is a free version of SSH (Secure SHell), a program for logging into and executing commands on a remote machine. This package contains @@ -367,6 +377,7 @@ gpgv2 --quiet --keyring %{SOURCE3} %{SOURCE1} %{SOURCE0} %patch -P 1012 -p1 -b .evp-fips-dh %patch -P 1014 -p1 -b .nosha1hostproof %patch -P 1015 -p1 -b .pam-rhost +%patch -P 1016 -p1 -b .sep-keysign %patch -P 100 -p1 -b .coverity @@ -573,8 +584,6 @@ test -f %{sysconfig_anaconda} && \ %attr(0755,root,root) %{_bindir}/ssh-keygen %attr(0644,root,root) %{_mandir}/man1/ssh-keygen.1* %attr(0755,root,root) %dir %{_libexecdir}/openssh -%attr(4555,root,root) %{_libexecdir}/openssh/ssh-keysign -%attr(0644,root,root) %{_mandir}/man8/ssh-keysign.8* %files clients %attr(0755,root,root) %{_bindir}/ssh @@ -602,6 +611,10 @@ test -f %{sysconfig_anaconda} && \ %attr(0644,root,root) %{_userunitdir}/ssh-agent.service %attr(0644,root,root) %{_userunitdir}/ssh-agent.socket +%files keysign +%attr(4555,root,root) %{_libexecdir}/openssh/ssh-keysign +%attr(0644,root,root) %{_mandir}/man8/ssh-keysign.8* + %files server %dir %attr(0711,root,root) %{_datadir}/empty.sshd %attr(0755,root,root) %{_sbindir}/sshd @@ -647,6 +660,8 @@ test -f %{sysconfig_anaconda} && \ * Thu Oct 10 2024 Dmitry Belyavskiy - 9.9p1-1 - Update to OpenSSH 9.9p1 Resolves: RHEL-60564 +- Separate ssh-keysign to a dedicated package + Resolves: RHEL-62112 * Mon Sep 16 2024 Dmitry Belyavskiy - 9.8p1-6 - rebuilt