Systemd compatibility according to Mathieu Bridon <bochecha@fedoraproject.org>
Split out the host keygen into their own command, to ease future migration to systemd. Compatitbility with the init script was kept. Migrate the package to full native systemd unit files, according to the Fedora packaging guidelines. Prepate the unit files for running an ondemand server. (do not add it actually)
This commit is contained in:
parent
29b683c1d2
commit
5c8b5cb538
144
openssh.spec
144
openssh.spec
@ -48,9 +48,6 @@
|
||||
%define pam_ssh_agent 0
|
||||
%endif
|
||||
|
||||
# Whether add systemd units
|
||||
%define systemd 0
|
||||
|
||||
# Reserve options to override askpass settings with:
|
||||
# rpm -ba|--rebuild --define 'skip_xxx 1'
|
||||
%{?skip_gnome_askpass:%global no_gnome_askpass 1}
|
||||
@ -82,7 +79,7 @@
|
||||
|
||||
# Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1
|
||||
%define openssh_ver 5.8p2
|
||||
%define openssh_rel 10
|
||||
%define openssh_rel 13
|
||||
%define pam_ssh_agent_ver 0.9.2
|
||||
%define pam_ssh_agent_rel 31
|
||||
|
||||
@ -105,11 +102,11 @@ Source4: http://prdownloads.sourceforge.net/pamsshagentauth/pam_ssh_agent_auth/p
|
||||
Source5: pam_ssh_agent-rmheaders
|
||||
Source6: ssh-keycat.pam
|
||||
Source7: sshd.sysconfig
|
||||
Source8: ssh-keygen-dsa.service
|
||||
Source9: ssh-keygen-rsa.service
|
||||
Source10: ssh-keygen-rsa1.service
|
||||
Source8: sshd-keygen.service
|
||||
Source9: sshd@.service
|
||||
Source10: sshd.socket
|
||||
Source11: sshd.service
|
||||
Source12: sshd.socket
|
||||
Source13: sshd-keygen
|
||||
|
||||
Patch99: openssh-5.8p1-wIm.patch
|
||||
#https://bugzilla.mindrot.org/show_bug.cgi?id=1635 (WONTFIX)
|
||||
@ -263,10 +260,27 @@ Requires: fipscheck-lib%{_isa} >= 1.3.0
|
||||
Summary: An open source SSH server daemon
|
||||
Group: System Environment/Daemons
|
||||
Requires: openssh = %{version}-%{release}
|
||||
Requires(post): chkconfig >= 0.9, /sbin/service
|
||||
Requires(pre): /usr/sbin/useradd
|
||||
Requires: pam >= 1.0.1-3
|
||||
Requires: fipscheck-lib%{_isa} >= 1.3.0
|
||||
Requires(post): systemd-units
|
||||
Requires(preun): systemd-units
|
||||
Requires(postun): systemd-units
|
||||
# This is actually needed for the %triggerun script but Requires(triggerun)
|
||||
# is not valid. We can use %post because this particular %triggerun script
|
||||
# should fire just after this package is installed.
|
||||
Requires(post): systemd-sysv
|
||||
|
||||
# Not yet ready
|
||||
# %package server-ondemand
|
||||
# Summary: Systemd unit file to run an ondemand OpenSSH server
|
||||
# Group: System Environment/Daemons
|
||||
# Requires: %{name}-server%{?_isa} = %{version}-%{release}
|
||||
|
||||
%package server-sysvinit
|
||||
Summary: The SysV initscript to manage the OpenSSH server.
|
||||
Group: System Environment/Daemons
|
||||
Requires: %{name}-server%{?_isa} = %{version}-%{release}
|
||||
|
||||
%if %{ldap}
|
||||
%package ldap
|
||||
@ -319,6 +333,19 @@ into and executing commands on a remote machine. This package contains
|
||||
the secure shell daemon (sshd). The sshd daemon allows SSH clients to
|
||||
securely connect to your SSH server.
|
||||
|
||||
# %description server-ondemand
|
||||
# OpenSSH is a free version of SSH (Secure SHell), a program for logging
|
||||
# into and executing commands on a remote machine. This package contains
|
||||
# the systemd unit files to run an ondemand (socket activated) SSH server.
|
||||
|
||||
%description server-sysvinit
|
||||
OpenSSH is a free version of SSH (Secure SHell), a program for logging
|
||||
into and executing commands on a remote machine. This package contains
|
||||
the SysV init script to manage the OpenSSH server when running a legacy
|
||||
SysV-compatible init system.
|
||||
|
||||
It is not required when the init system used is systemd.
|
||||
|
||||
%if %{ldap}
|
||||
%description ldap
|
||||
OpenSSH LDAP backend is a way how to distribute the authorized tokens
|
||||
@ -541,14 +568,12 @@ install -m644 %{SOURCE2} $RPM_BUILD_ROOT/etc/pam.d/sshd
|
||||
install -m644 %{SOURCE6} $RPM_BUILD_ROOT/etc/pam.d/ssh-keycat
|
||||
install -m755 %{SOURCE3} $RPM_BUILD_ROOT/etc/rc.d/init.d/sshd
|
||||
install -m644 %{SOURCE7} $RPM_BUILD_ROOT/etc/sysconfig/sshd
|
||||
%if %{systemd}
|
||||
install -m755 %{SOURCE13} $RPM_BUILD_ROOT/%{_sbindir}/sshd-keygen
|
||||
install -d -m755 $RPM_BUILD_ROOT/%{_unitdir}
|
||||
install -m644 %{SOURCE8} $RPM_BUILD_ROOT/%{_unitdir}/ssh-keygen-dsa.service
|
||||
install -m644 %{SOURCE9} $RPM_BUILD_ROOT/%{_unitdir}/ssh-keygen-rsa.service
|
||||
install -m644 %{SOURCE10} $RPM_BUILD_ROOT/%{_unitdir}/ssh-keygen-rsa1.service
|
||||
install -m644 %{SOURCE8} $RPM_BUILD_ROOT/%{_unitdir}/sshd-keygen.service
|
||||
install -m644 %{SOURCE9} $RPM_BUILD_ROOT/%{_unitdir}/sshd@.service
|
||||
install -m644 %{SOURCE10} $RPM_BUILD_ROOT/%{_unitdir}/sshd.socket
|
||||
install -m644 %{SOURCE11} $RPM_BUILD_ROOT/%{_unitdir}/sshd.service
|
||||
install -m644 %{SOURCE12} $RPM_BUILD_ROOT/%{_unitdir}/sshd.socket
|
||||
%endif
|
||||
install -m755 contrib/ssh-copy-id $RPM_BUILD_ROOT%{_bindir}/
|
||||
install contrib/ssh-copy-id.1 $RPM_BUILD_ROOT%{_mandir}/man1/
|
||||
|
||||
@ -602,56 +627,39 @@ getent passwd sshd >/dev/null || \
|
||||
%endif
|
||||
|
||||
%post server
|
||||
%if %{systemd}
|
||||
if [ -x /bin/systemctl ]; then
|
||||
if [ $1 -eq 1 ]; then
|
||||
if [ $1 -eq 1 ] ; then
|
||||
/bin/systemctl enable sshd.service >/dev/null 2>&1 || :
|
||||
/bin/systemctl enable ssh-keygen-dsa.service >/dev/null 2>&1 || :
|
||||
/bin/systemctl enable ssh-keygen-rsa.service >/dev/null 2>&1 || :
|
||||
/bin/systemctl enable ssh-keygen-rsa1.service >/dev/null 2>&1 || :
|
||||
fi
|
||||
/bin/systemctl enable sshd-keygen.service >/dev/null 2>&1 || :
|
||||
fi
|
||||
%endif
|
||||
if [ -x /sbin/chkconfig ]; then
|
||||
/sbin/chkconfig --add sshd
|
||||
fi
|
||||
exit 0
|
||||
|
||||
%postun server
|
||||
%if %{systemd}
|
||||
if [ -x /bin/systemctl ]; then
|
||||
/bin/systemctl daemon-reload >/dev/null 2>&1 || :
|
||||
if [ $1 -ge 1 ]; then
|
||||
/bin/systemctl daemon-reload >/dev/null 2>&1 || :
|
||||
if [ $1 -ge 1 ] ; then
|
||||
# Package upgrade, not uninstall
|
||||
/bin/systemctl try-restart sshd.service >/dev/null 2>&1 || :
|
||||
fi
|
||||
/bin/systemctl try-restart sshd-keygen.service >/dev/null 2>&1 || :
|
||||
fi
|
||||
%endif
|
||||
if [ -x /sbin/service ]; then
|
||||
if [ $1 -ne 0 ]; then
|
||||
/sbin/service sshd condrestart > /dev/null 2>&1 || :
|
||||
fi
|
||||
fi
|
||||
exit 0
|
||||
|
||||
%preun server
|
||||
if [ $1 -eq 0 ]; then
|
||||
%if %{systemd}
|
||||
if [ -x /bin/systemctl ]; then
|
||||
/bin/systemctl disable sshd.service > /dev/null 2>&1 || :
|
||||
/bin/systemctl disable ssh-keygen-dsa.service > /dev/null 2>&1 || :
|
||||
/bin/systemctl disable ssh-keygen-rsa.service > /dev/null 2>&1 || :
|
||||
/bin/systemctl disable ssh-keygen-rsa1.service > /dev/null 2>&1 || :
|
||||
if [ $1 -eq 0 ] ; then
|
||||
# Package removal, not upgrade
|
||||
/bin/systemctl --no-reload disable sshd.service > /dev/null 2>&1 || :
|
||||
/bin/systemctl --no-reload disable sshd-keygen.service > /dev/null 2>&1 || :
|
||||
/bin/systemctl stop sshd.service > /dev/null 2>&1 || :
|
||||
fi
|
||||
%endif
|
||||
if [ -x /sbin/service ]; then
|
||||
/sbin/service sshd stop > /dev/null 2>&1 || :
|
||||
fi
|
||||
if [ -x /sbin/chkconfig ]; then
|
||||
/sbin/chkconfig --del sshd
|
||||
fi
|
||||
/bin/systemctl stop sshd-keygen.service > /dev/null 2>&1 || :
|
||||
fi
|
||||
exit 0
|
||||
|
||||
%triggerun -n openssh-server -- openssh-server < 5.8p2-12
|
||||
/usr/bin/systemd-sysv-convert --save sshd >/dev/null 2>&1 || :
|
||||
/bin/systemctl enable sshd.service >/dev/null 2>&1
|
||||
/bin/systemctl enable sshd-keygen.service >/dev/null 2>&1
|
||||
/sbin/chkconfig --del sshd >/dev/null 2>&1 || :
|
||||
/bin/systemctl try-restart sshd.service >/dev/null 2>&1 || :
|
||||
# This one was never a service, so we don't simply restart it
|
||||
/bin/systemctl is-active -q sshd.service && /bin/systemctl start sshd-keygen.service >/dev/null 2>&1 || :
|
||||
|
||||
%triggerpostun -n openssh-server-sysvinit -- openssh-server < 5.8p2-12
|
||||
/sbin/chkconfig --add sshd >/dev/null 2>&1 || :
|
||||
|
||||
%files
|
||||
%defattr(-,root,root)
|
||||
@ -701,6 +709,7 @@ exit 0
|
||||
%defattr(-,root,root)
|
||||
%dir %attr(0711,root,root) %{_var}/empty/sshd
|
||||
%attr(0755,root,root) %{_sbindir}/sshd
|
||||
%attr(0755,root,root) %{_sbindir}/sshd-keygen
|
||||
%attr(0644,root,root) %{_libdir}/fipscheck/sshd.hmac
|
||||
%attr(0755,root,root) %{_libexecdir}/openssh/sftp-server
|
||||
%attr(0644,root,root) %{_mandir}/man5/sshd_config.5*
|
||||
@ -710,14 +719,17 @@ exit 0
|
||||
%attr(0600,root,root) %config(noreplace) %{_sysconfdir}/ssh/sshd_config
|
||||
%attr(0644,root,root) %config(noreplace) /etc/pam.d/sshd
|
||||
%attr(0640,root,root) %config(noreplace) /etc/sysconfig/sshd
|
||||
%attr(0755,root,root) /etc/rc.d/init.d/sshd
|
||||
%if %{systemd}
|
||||
%attr(0644,root,root) %{_unitdir}/ssh-keygen-dsa.service
|
||||
%attr(0644,root,root) %{_unitdir}/ssh-keygen-rsa.service
|
||||
%attr(0644,root,root) %{_unitdir}/ssh-keygen-rsa1.service
|
||||
%attr(0644,root,root) %{_unitdir}/sshd-keygen.service
|
||||
%attr(0644,root,root) %{_unitdir}/sshd.service
|
||||
%attr(0644,root,root) %{_unitdir}/sshd.socket
|
||||
%endif
|
||||
|
||||
# %files server-ondemand
|
||||
# %defattr(-,root,root)
|
||||
# %attr(0644,root,root) %{_unitdir}/sshd@.service
|
||||
# %attr(0644,root,root) %{_unitdir}/sshd.socket
|
||||
|
||||
%files server-sysvinit
|
||||
%defattr(-,root,root)
|
||||
%attr(0755,root,root) /etc/rc.d/init.d/sshd
|
||||
%endif
|
||||
|
||||
%if %{ldap}
|
||||
@ -753,6 +765,14 @@ exit 0
|
||||
%endif
|
||||
|
||||
%changelog
|
||||
* Tue Jun 28 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p2-11 + 0.9.2-31
|
||||
- Systemd compatibility according to Mathieu Bridon <bochecha@fedoraproject.org>
|
||||
- Split out the host keygen into their own command, to ease future migration
|
||||
to systemd. Compatitbility with the init script was kept.
|
||||
- Migrate the package to full native systemd unit files, according to the Fedora
|
||||
packaging guidelines.
|
||||
- Prepate the unit files for running an ondemand server. (do not add it actually)
|
||||
|
||||
* Tue Jun 21 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p2-10 + 0.9.2-31
|
||||
- Mention IPv6 usage in man pages
|
||||
|
||||
|
@ -1,18 +0,0 @@
|
||||
[Unit]
|
||||
Description=SSH DSA Keygeneration.
|
||||
After=syslog.target
|
||||
Before=sshd.service
|
||||
ConditionPathExists=!/etc/ssh/ssh_host_dsa_key
|
||||
|
||||
[Service]
|
||||
Type=oneshot
|
||||
EnvironmentFile=/etc/sysconfig/sshd
|
||||
ExecStart=/usr/bin/ssh-keygen -q -t dsa -f /etc/ssh/ssh_host_dsa_key -C '' -N ''
|
||||
ExecStartPost=/bin/chown root:ssh_keys /etc/ssh/ssh_host_dsa_key
|
||||
ExecStartPost=/bin/chmod 640 /etc/ssh/ssh_host_dsa_key
|
||||
ExecStartPost=/bin/chmod 644 /etc/ssh/ssh_host_dsa_key.pub
|
||||
ExecStartPost=/sbin/restorecon /etc/ssh/ssh_host_dsa_key /etc/ssh/ssh_host_dsa_key.pub
|
||||
RemainAfterExit=yes
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
@ -1,18 +0,0 @@
|
||||
[Unit]
|
||||
Description=SSH RSA Keygeneration.
|
||||
After=syslog.target
|
||||
Before=sshd.service
|
||||
ConditionPathExists=!/etc/ssh/ssh_host_rsa_key
|
||||
|
||||
[Service]
|
||||
Type=oneshot
|
||||
EnvironmentFile=/etc/sysconfig/sshd
|
||||
ExecStart=/usr/bin/ssh-keygen -q -t rsa -f /etc/ssh/ssh_host_rsa_key -C '' -N ''
|
||||
ExecStartPost=/bin/chown root:ssh_keys /etc/ssh/ssh_host_rsa_key
|
||||
ExecStartPost=/bin/chmod 640 /etc/ssh/ssh_host_rsa_key
|
||||
ExecStartPost=/bin/chmod 644 /etc/ssh/ssh_host_rsa_key.pub
|
||||
ExecStartPost=/sbin/restorecon /ssh/ssh_host_rsa_key /etc/ssh/ssh_host_rsa_key.pub
|
||||
RemainAfterExit=yes
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
@ -1,18 +0,0 @@
|
||||
[Unit]
|
||||
Description=SSH RSA1 Keygeneration.
|
||||
After=syslog.target
|
||||
Before=sshd.service
|
||||
ConditionPathExists=!/etc/ssh/ssh_host_key
|
||||
|
||||
[Service]
|
||||
Type=oneshot
|
||||
EnvironmentFile=/etc/sysconfig/sshd
|
||||
ExecStart=/usr/bin/ssh-keygen -q -t rsa1 -f /etc/ssh/ssh_host_key -C '' -N ''
|
||||
ExecStartPost=/bin/chown root:ssh_keys /etc/ssh/ssh_host_key
|
||||
ExecStartPost=/bin/chmod 640 /etc/ssh/ssh_host_key
|
||||
ExecStartPost=/bin/chmod 644 /etc/ssh/ssh_host_key.pub
|
||||
ExecStartPost=/sbin/restorecon /etc/ssh/ssh_host_key /etc/ssh/ssh_host_key.pub
|
||||
RemainAfterExit=yes
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
75
sshd.init
75
sshd.init
@ -37,79 +37,12 @@ prog="sshd"
|
||||
lockfile=/var/lock/subsys/$prog
|
||||
|
||||
# Some functions to make the below more readable
|
||||
KEYGEN=/usr/bin/ssh-keygen
|
||||
SSHD=/usr/sbin/sshd
|
||||
RSA1_KEY=/etc/ssh/ssh_host_key
|
||||
RSA_KEY=/etc/ssh/ssh_host_rsa_key
|
||||
DSA_KEY=/etc/ssh/ssh_host_dsa_key
|
||||
XPID_FILE=/var/run/sshd.pid
|
||||
PID_FILE=/var/run/sshd-s.pid
|
||||
|
||||
runlevel=$(set -- $(runlevel); eval "echo \$$#" )
|
||||
|
||||
do_rsa1_keygen() {
|
||||
if [ ! -s $RSA1_KEY ]; then
|
||||
echo -n $"Generating SSH1 RSA host key: "
|
||||
rm -f $RSA1_KEY
|
||||
if test ! -f $RSA1_KEY && $KEYGEN -q -t rsa1 -f $RSA1_KEY -C '' -N '' >&/dev/null; then
|
||||
chgrp ssh_keys $RSA1_KEY
|
||||
chmod 640 $RSA1_KEY
|
||||
chmod 644 $RSA1_KEY.pub
|
||||
if [ -x /sbin/restorecon ]; then
|
||||
/sbin/restorecon $RSA1_KEY.pub
|
||||
fi
|
||||
success $"RSA1 key generation"
|
||||
echo
|
||||
else
|
||||
failure $"RSA1 key generation"
|
||||
echo
|
||||
exit 1
|
||||
fi
|
||||
fi
|
||||
}
|
||||
|
||||
do_rsa_keygen() {
|
||||
if [ ! -s $RSA_KEY ]; then
|
||||
echo -n $"Generating SSH2 RSA host key: "
|
||||
rm -f $RSA_KEY
|
||||
if test ! -f $RSA_KEY && $KEYGEN -q -t rsa -f $RSA_KEY -C '' -N '' >&/dev/null; then
|
||||
chgrp ssh_keys $RSA_KEY
|
||||
chmod 640 $RSA_KEY
|
||||
chmod 644 $RSA_KEY.pub
|
||||
if [ -x /sbin/restorecon ]; then
|
||||
/sbin/restorecon $RSA_KEY.pub
|
||||
fi
|
||||
success $"RSA key generation"
|
||||
echo
|
||||
else
|
||||
failure $"RSA key generation"
|
||||
echo
|
||||
exit 1
|
||||
fi
|
||||
fi
|
||||
}
|
||||
|
||||
do_dsa_keygen() {
|
||||
if [ ! -s $DSA_KEY ]; then
|
||||
echo -n $"Generating SSH2 DSA host key: "
|
||||
rm -f $DSA_KEY
|
||||
if test ! -f $DSA_KEY && $KEYGEN -q -t dsa -f $DSA_KEY -C '' -N '' >&/dev/null; then
|
||||
chgrp ssh_keys $DSA_KEY
|
||||
chmod 640 $DSA_KEY
|
||||
chmod 644 $DSA_KEY.pub
|
||||
if [ -x /sbin/restorecon ]; then
|
||||
/sbin/restorecon $DSA_KEY.pub
|
||||
fi
|
||||
success $"DSA key generation"
|
||||
echo
|
||||
else
|
||||
failure $"DSA key generation"
|
||||
echo
|
||||
exit 1
|
||||
fi
|
||||
fi
|
||||
}
|
||||
|
||||
do_restart_sanity_check()
|
||||
{
|
||||
$SSHD -t
|
||||
@ -125,13 +58,7 @@ start()
|
||||
[ -x $SSHD ] || exit 5
|
||||
[ -f /etc/ssh/sshd_config ] || exit 6
|
||||
# Create keys if necessary
|
||||
if [ "x${AUTOCREATE_SERVER_KEYS}" != xNO ]; then
|
||||
do_rsa_keygen
|
||||
if [ "x${AUTOCREATE_SERVER_KEYS}" != xRSAONLY ]; then
|
||||
do_rsa1_keygen
|
||||
do_dsa_keygen
|
||||
fi
|
||||
fi
|
||||
/usr/sbin/sshd-keygen
|
||||
|
||||
echo -n $"Starting $prog: "
|
||||
$SSHD $OPTIONS && success || failure
|
||||
|
@ -3,11 +3,8 @@ Description=OpenSSH server daemon.
|
||||
After=syslog.target network.target
|
||||
|
||||
[Service]
|
||||
Type=forking
|
||||
PIDFile=/var/run/sshd.pid
|
||||
EnvironmentFile=/etc/sysconfig/sshd
|
||||
ExecStartPre=/usr/sbin/sshd -t
|
||||
ExecStart=/usr/sbin/sshd $OPTIONS
|
||||
ExecStart=/usr/sbin/sshd -D
|
||||
ExecReload=/bin/kill -HUP $MAINPID
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
|
@ -1,5 +1,4 @@
|
||||
[Unit]
|
||||
Description=OpenSSH Server Socket.
|
||||
Conflicts=sshd.service
|
||||
|
||||
[Socket]
|
||||
|
Loading…
Reference in New Issue
Block a user