Attachment #1014 for bug #1106




# Default values for additional components
%define build_x11_askpass	1

# Define the UID/GID to use for privilege separation
%define sshd_gid	65
%define sshd_uid	71

# The version of x11-ssh-askpass to use
%define xversion	1.2.4.1

# Allow the ability to override defaults with -D skip_xxx=1
%{?skip_x11_askpass:%define build_x11_askpass 0}

Summary:	OpenSSH, a free Secure Shell (SSH) protocol implementation
Name:		openssh
Version:	4.2p1
URL:		http://www.openssh.com/
Release:	1
Source0:	openssh-%{version}.tar.gz
Source1:	x11-ssh-askpass-%{xversion}.tar.gz
License:	BSD
Group:		Productivity/Networking/SSH
BuildRoot:	%{_tmppath}/openssh-%{version}-buildroot
PreReq:		openssl
Obsoletes:	ssh
Provides:	ssh
#
# (Build[ing] Prereq[uisites] only work for RPM 2.95 and newer.)
# building prerequisites -- stuff for

#   TCP Wrappers (nkitb),
#   and Gnome (glibdev, gtkdev, and gnlibsd)
#
BuildPrereq:	openssl
BuildPrereq:	nkitb
#BuildPrereq:	glibdev
#BuildPrereq:	gtkdev
#BuildPrereq:	gnlibsd

%package	askpass
Summary:	A passphrase dialog for OpenSSH and the X window System.
Group:		Productivity/Networking/SSH
Requires:	openssh = %{version}
Obsoletes:	ssh-extras
Provides:	openssh:${_libdir}/ssh/ssh-askpass

%if %{build_x11_askpass}
BuildPrereq:	XFree86-devel
%endif

%description
Ssh (Secure Shell) is a program for logging into a remote machine and for
executing commands in a remote machine.  It is intended to replace
rlogin and rsh, and provide secure encrypted communications between
two untrusted hosts over an insecure network.  X11 connections and

patented algorithms to seperate libraries (OpenSSL).

This package includes all files necessary for both the OpenSSH
client and server.

%description askpass
Ssh (Secure Shell) is a program for logging into a remote machine and for
executing commands in a remote machine.  It is intended to replace
rlogin and rsh, and provide secure encrypted communications between
two untrusted hosts over an insecure network.  X11 connections and
arbitrary TCP/IP ports can also be forwarded over the secure channel.

OpenSSH is OpenBSD's rework of the last free version of SSH, bringing it
up to date in terms of security and features, as well as removing all
patented algorithms to seperate libraries (OpenSSL).

This package contains an X Window System passphrase dialog for OpenSSH.

%changelog
* Wed Oct 26 2005 Iain Morgan <imorgan@nas.nasa.gov>
- Removed accidental inclusion of --without-zlib-version-check
* Tue Oct 25 2005 Iain Morgan <imorgan@nas.nasa.gov>
- Overhaul to deal with newer versions of SuSE and OpenSSH
* Mon Jun 12 2000 Damien Miller <djm@mindrot.org>
- Glob manpages to catch compressed files
* Wed Mar 15 2000 Damien Miller <djm@ibs.com.au>


%prep

%if %{build_x11_askpass}
%setup -q -a 1
%else
%setup -q
%endif

%build
CFLAGS="$RPM_OPT_FLAGS" \
%configure	--prefix=/usr \
		--sysconfdir=%{_sysconfdir}/ssh \
		--mandir=%{_mandir} \
		--with-privsep-path=/var/lib/empty \
		--with-pam \
		--with-gnome-askpass \
		--with-tcp-wrappers \
		--libexecdir=%{_libdir}/ssh
		--libexecdir=/usr/lib/ssh
make

%if %{build_x11_askpass}
cd x11-ssh-askpass-%{xversion}
%configure	--mandir=/usr/X11R6/man \
		--libexecdir=%{_libdir}/ssh
xmkmf -a
make
cd ..
%endif

%install
rm -rf $RPM_BUILD_ROOT
make install DESTDIR=$RPM_BUILD_ROOT/
install -d $RPM_BUILD_ROOT/etc/ssh/
install -d $RPM_BUILD_ROOT/etc/pam.d/
install -d $RPM_BUILD_ROOT/etc/init.d/
install -d $RPM_BUILD_ROOT/var/adm/fillup-templates
install -d $RPM_BUILD_ROOT/usr/lib/ssh
install -m644 contrib/sshd.pam.generic $RPM_BUILD_ROOT/etc/pam.d/sshd
install -m744 contrib/suse/rc.sshd $RPM_BUILD_ROOT/etc/init.d/sshd
install -m744 contrib/suse/sysconfig.ssh \
install -s contrib/gnome-ssh-askpass $RPM_BUILD_ROOT/usr/lib/ssh/gnome-ssh-askpass
ln -s gnome-ssh-askpass $RPM_BUILD_ROOT/usr/lib/ssh/ssh-askpass
install -m744 contrib/suse/rc.config.sshd \
   $RPM_BUILD_ROOT/var/adm/fillup-templates

%if %{build_x11_askpass}
cd x11-ssh-askpass-%{xversion}
make install install.man BINDIR=%{_libdir}/ssh DESTDIR=$RPM_BUILD_ROOT/
rm -f $RPM_BUILD_ROOT/usr/share/Ssh.bin
%endif

%clean
rm -rf $RPM_BUILD_ROOT

%pre
/usr/sbin/groupadd -g %{sshd_gid} -o -r sshd 2> /dev/null || :
/usr/sbin/useradd -r -o -g sshd -u %{sshd_uid} -s /bin/false -c "SSH Privilege Separation User" -d /var/lib/sshd sshd 2> /dev/null || :

%post
if [ "$1" = 1 ]; then
  echo "Creating SSH stop/start scripts in the rc directories..."
  ln -s ../sshd /sbin/init.d/rc2.d/K20sshd
  ln -s ../sshd /sbin/init.d/rc2.d/S20sshd
  ln -s ../sshd /sbin/init.d/rc3.d/K20sshd
  ln -s ../sshd /sbin/init.d/rc3.d/S20sshd
fi
echo "Updating /etc/rc.config..."
if [ -x /bin/fillup ] ; then
  /bin/fillup -q -d = etc/rc.config var/adm/fillup-templates/rc.config.sshd
else
  echo "ERROR: fillup not found.  This should NOT happen in SuSE Linux."
  echo "Update /etc/rc.config by hand from the following template file:"
  echo "  /var/adm/fillup-templates/rc.config.sshd"
fi
if [ ! -f /etc/ssh/ssh_host_key -o ! -s /etc/ssh/ssh_host_key ]; then
	echo "Generating SSH RSA host key..."
	/usr/bin/ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N '' >&2
fi
if [ ! -f /etc/ssh/ssh_host_dsa_key -o ! -s /etc/ssh/ssh_host_dsa_key ]; then
	echo "Generating SSH DSA host key..."
	/usr/bin/ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N '' >&2
fi
if test -r /var/run/sshd.pid
then
	echo "Restarting the running SSH daemon..."
	/usr/sbin/rcsshd restart >&2
fi
%{fillup_and_insserv -n -s -y ssh sshd START_SSHD}
%run_permissions

%verifyscript
%verify_permissions -e /etc/ssh/sshd_config -e /etc/ssh/ssh_config -e /usr/bin/ssh

%preun
%stop_on_removal sshd

%postun
%restart_on_update sshd
%{insserv_cleanup}
	rm /sbin/init.d/rc2.d/K20sshd
	rm /sbin/init.d/rc2.d/S20sshd
	rm /sbin/init.d/rc3.d/K20sshd
	rm /sbin/init.d/rc3.d/S20sshd
fi

%files
%defattr(-,root,root)
%doc ChangeLog OVERVIEW README*
%doc RFC.nroff TODO CREDITS LICENCE
%attr(0755,root,root) %dir %{_sysconfdir}/ssh
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/ssh/ssh_config
%attr(0600,root,root) %config(noreplace) %{_sysconfdir}/ssh/sshd_config
%attr(0600,root,root) %config(noreplace) %{_sysconfdir}/ssh/moduli
%attr(0644,root,root) %config(noreplace) /etc/pam.d/sshd
%attr(0755,root,root) %config /etc/init.d/sshd
%attr(0755,root,root) %{_bindir}/ssh-keygen
%attr(0755,root,root) %{_bindir}/scp
%attr(4755,root,root) %{_bindir}/ssh
%attr(-,root,root) %{_bindir}/slogin
%attr(0755,root,root) %{_bindir}/ssh-agent
%attr(0755,root,root) %{_bindir}/ssh-add
%attr(0755,root,root) %{_bindir}/ssh-keyscan
%attr(0755,root,root) %{_bindir}/sftp
%attr(0755,root,root) %{_sbindir}/sshd
%attr(0755,root,root) %dir %{_libdir}/ssh
%attr(0755,root,root) %{_libdir}/ssh/sftp-server
%attr(4711,root,root) %{_libdir}/ssh/ssh-keysign
%attr(0644,root,root) %doc %{_mandir}/man1/scp.1*
%attr(0644,root,root) %doc %{_mandir}/man1/sftp.1*
%attr(-,root,root) %doc %{_mandir}/man1/slogin.1*
%attr(0644,root,root) %doc %{_mandir}/man1/ssh.1*
%attr(0644,root,root) %doc %{_mandir}/man1/ssh-add.1*
%attr(0644,root,root) %doc %{_mandir}/man1/ssh-agent.1*
%attr(0644,root,root) %doc %{_mandir}/man1/ssh-keygen.1*
%attr(0644,root,root) %doc %{_mandir}/man1/ssh-keyscan.1*
%attr(0644,root,root) %doc %{_mandir}/man5/ssh_config.5*
%attr(0644,root,root) %doc %{_mandir}/man5/sshd_config.5*
%attr(0644,root,root) %doc %{_mandir}/man8/sftp-server.8*
%attr(0644,root,root) %doc %{_mandir}/man8/ssh-keysign.8*
%attr(0644,root,root) %doc %{_mandir}/man8/sshd.8*
%attr(0644,root,root) /var/adm/fillup-templates/sysconfig.ssh

%if %{build_x11_askpass}
%files askpass
%defattr(-,root,root)
%doc x11-ssh-askpass-%{xversion}/README
%doc x11-ssh-askpass-%{xversion}/ChangeLog
%doc x11-ssh-askpass-%{xversion}/SshAskpass*.ad
%attr(0755,root,root) %{_libdir}/ssh/ssh-askpass
%attr(0755,root,root) %{_libdir}/ssh/x11-ssh-askpass
%attr(0644,root,root) %doc /usr/X11R6/man/man1/ssh-askpass.1x*
%attr(0644,root,root) %doc /usr/X11R6/man/man1/x11-ssh-askpass.1x*
%attr(0644,root,root) %config /usr/X11R6/lib/X11/app-defaults/SshAskpass
%endif




#! /bin/sh
# Copyright (c) 1995-2000 SuSE GmbH Nuernberg, Germany.
#
# Author: Jiri Smid <feedback@suse.de>
#
# /etc/init.d/sshd
#
#   and symbolic its link
#
# /usr/sbin/rcsshd
#
### BEGIN INIT INFO
# Provides: sshd
# Required-Start: $network $remote_fs
# Required-Stop: $network $remote_fs
# Default-Start: 3 5
# Default-Stop: 0 1 2 6
# Description: Start the sshd daemon
### END INIT INFO

SSHD_BIN=/usr/sbin/sshd
test -x $SSHD_BIN || exit 5

SSHD_SYSCONFIG=/etc/sysconfig/ssh
test -r $SSHD_SYSCONFIG || exit 6
. $SSHD_SYSCONFIG

SSHD_PIDFILE=/var/run/sshd.init.pid

. /etc/rc.status

# Shell functions sourced from /etc/rc.status:
#      rc_check         check and set local and overall rc status
#      rc_status        check and set local and overall rc status
#      rc_status -v     ditto but be verbose in local rc status
#      rc_status -v -r  ditto and clear the local rc status
#      rc_failed        set local and overall rc status to failed
#      rc_reset         clear local rc status (overall remains)
#      rc_exit          exit appropriate to overall rc status

# First reset status of this service
rc_reset

# Determine the base and follow a runlevel link name.
base=${0##*/}
link=${base#*[SK][0-9][0-9]}

# Force execution if not called by a runlevel directory.
test $link = $base && START_SSHD=yes
test "$START_SSHD" = yes || exit 0

# The echo return value for success (defined in /etc/rc.config).
return=$rc_done
case "$1" in
    start)
        if ! test -f /etc/ssh/ssh_host_key ; then
	    echo Generating /etc/ssh/ssh_host_key.
	    ssh-keygen -t rsa1 -b 1024 -f /etc/ssh/ssh_host_key -N ''
        fi
        if ! test -f /etc/ssh/ssh_host_dsa_key ; then
	    echo Generating /etc/ssh/ssh_host_dsa_key.
	    
	    ssh-keygen -t dsa -b 1024 -f /etc/ssh/ssh_host_dsa_key -N ''
        fi
        if ! test -f /etc/ssh/ssh_host_rsa_key ; then
	    echo Generating /etc/ssh/ssh_host_rsa_key.
	    
	    ssh-keygen -t rsa -b 1024 -f /etc/ssh/ssh_host_rsa_key -N ''
        fi
	echo -n "Starting SSH daemon"
	## Start daemon with startproc(8). If this fails
	## the echo return value is set appropriate.

	startproc -f -p $SSHD_PIDFILE /usr/sbin/sshd $SSHD_OPTS -o "PidFile=$SSHD_PIDFILE" 

	# Remember status and be verbose
	rc_status -v
	;;
    stop)
	echo -n "Shutting down SSH daemon"
	## Stop daemon with killproc(8) and if this fails
	## set echo the echo return value.

	killproc -p $SSHD_PIDFILE -TERM /usr/sbin/sshd

	# Remember status and be verbose
	rc_status -v
	;;
    try-restart)
        ## Stop the service and if this succeeds (i.e. the 
        ## service was running before), start it again.
        $0 status >/dev/null &&  $0 restart

        # Remember status and be quiet
        rc_status
        ;;
    restart)
        ## Stop the service and regardless of whether it was
        ## running or not, start it again.
        $0 stop
        $0 start

        # Remember status and be quiet
        rc_status
        ;;
    force-reload|reload)
	## Signal the daemon to reload its config. Most daemons
	## do this on signal 1 (SIGHUP).

	echo -n "Reload service sshd"

	killproc -p $SSHD_PIDFILE -HUP /usr/sbin/sshd

        rc_status -v

        ;;
    status)
	echo -n "Checking for service sshd "
        ## Check status with checkproc(8), if process is running
        ## checkproc will return with exit status 0.

        # Status has a slightly different for the status command:
        # 0 - service running
        # 1 - service dead, but /var/run/  pid  file exists
        # 2 - service dead, but /var/lock/ lock file exists
        # 3 - service not running

	checkproc -p $SSHD_PIDFILE /usr/sbin/sshd

	rc_status -v
	;;
    probe)
	## Optional: Probe for the necessity of a reload,
	## give out the argument which is required for a reload.

        test /etc/ssh/sshd_config -nt $SSHD_PIDFILE && echo reload
	;;
    *)
	echo "Usage: $0 {start|stop|status|try-restart|restart|force-reload|reload|probe}"
	exit 1
	;;
esac
rc_exit
# Inform the caller not only verbosely and set an exit status.
test "$return" = "$rc_done" || exit 1
exit 0

Line 0 Link Here

(-)openssh-4.2p1.orig/contrib/suse/sysconfig.ssh (+9 lines)
	1	## Path: Network/Remote access/SSH
	2	## Description: SSH server settings
	3	## Type: string
	4	## Default: ""
	5	## ServiceRestart: sshd
	6	#
	7	# Options for sshd
	8	#
	9	SSHD_OPTS=""

Return to bug 1106

Lines 1-14 Link Here

(-)openssh-4.2p1.orig/contrib/suse/openssh.spec (-97 / +147 lines)
1	Summary: OpenSSH, a free Secure Shell (SSH) protocol implementation	1	# Default values for additional components
2	Name: openssh	2	%define build_x11_askpass 1
3	Version: 4.2p1	3
4	URL: http://www.openssh.com/	4	# Define the UID/GID to use for privilege separation
5	Release: 1	5	%define sshd_gid 65
6	Source0: openssh-%{version}.tar.gz	6	%define sshd_uid 71
7	Copyright: BSD	7
8	Group: Applications/Internet	8	# The version of x11-ssh-askpass to use
9	BuildRoot: /tmp/openssh-%{version}-buildroot	9	%define xversion 1.2.4.1
10	PreReq: openssl	10
11	Obsoletes: ssh	11	# Allow the ability to override defaults with -D skip_xxx=1
		12	%{?skip_x11_askpass:%define build_x11_askpass 0}
		13
		14	Summary: OpenSSH, a free Secure Shell (SSH) protocol implementation
		15	Name: openssh
		16	Version: 4.2p1
		17	URL: http://www.openssh.com/
		18	Release: 1
		19	Source0: openssh-%{version}.tar.gz
		20	Source1: x11-ssh-askpass-%{xversion}.tar.gz
		21	License: BSD
		22	Group: Productivity/Networking/SSH
		23	BuildRoot: %{_tmppath}/openssh-%{version}-buildroot
		24	PreReq: openssl
		25	Obsoletes: ssh
		26	Provides: ssh
12	#	27	#
13	# (Build[ing] Prereq[uisites] only work for RPM 2.95 and newer.)	28	# (Build[ing] Prereq[uisites] only work for RPM 2.95 and newer.)
14	# building prerequisites -- stuff for	29	# building prerequisites -- stuff for
Lines 16-29 Link Here
16	# TCP Wrappers (nkitb),	31	# TCP Wrappers (nkitb),
17	# and Gnome (glibdev, gtkdev, and gnlibsd)	32	# and Gnome (glibdev, gtkdev, and gnlibsd)
18	#	33	#
19	BuildPrereq: openssl	34	BuildPrereq: openssl
20	BuildPrereq: nkitb	35	BuildPrereq: nkitb
21	BuildPrereq: glibdev	36	#BuildPrereq: glibdev
22	BuildPrereq: gtkdev	37	#BuildPrereq: gtkdev
23	BuildPrereq: gnlibsd	38	#BuildPrereq: gnlibsd
		39
		40	%package askpass
		41	Summary: A passphrase dialog for OpenSSH and the X window System.
		42	Group: Productivity/Networking/SSH
		43	Requires: openssh = %{version}
		44	Obsoletes: ssh-extras
		45	Provides: openssh:${_libdir}/ssh/ssh-askpass
		46
		47	%if %{build_x11_askpass}
		48	BuildPrereq: XFree86-devel
		49	%endif
24		50
25	%description	51	%description
26	Ssh (Secure Shell) a program for logging into a remote machine and for	52	Ssh (Secure Shell) is a program for logging into a remote machine and for
27	executing commands in a remote machine. It is intended to replace	53	executing commands in a remote machine. It is intended to replace
28	rlogin and rsh, and provide secure encrypted communications between	54	rlogin and rsh, and provide secure encrypted communications between
29	two untrusted hosts over an insecure network. X11 connections and	55	two untrusted hosts over an insecure network. X11 connections and
Lines 34-43 Link Here
34	patented algorithms to seperate libraries (OpenSSL).	60	patented algorithms to seperate libraries (OpenSSL).
35		61
36	This package includes all files necessary for both the OpenSSH	62	This package includes all files necessary for both the OpenSSH
37	client and server. Additionally, this package contains the GNOME	63	client and server.
38	passphrase dialog.	64
		65	%description askpass
		66	Ssh (Secure Shell) is a program for logging into a remote machine and for
		67	executing commands in a remote machine. It is intended to replace
		68	rlogin and rsh, and provide secure encrypted communications between
		69	two untrusted hosts over an insecure network. X11 connections and
		70	arbitrary TCP/IP ports can also be forwarded over the secure channel.
		71
		72	OpenSSH is OpenBSD's rework of the last free version of SSH, bringing it
		73	up to date in terms of security and features, as well as removing all
		74	patented algorithms to seperate libraries (OpenSSL).
		75
		76	This package contains an X Window System passphrase dialog for OpenSSH.
39		77
40	%changelog	78	%changelog
		79	* Wed Oct 26 2005 Iain Morgan <imorgan@nas.nasa.gov>
		80	- Removed accidental inclusion of --without-zlib-version-check
		81	* Tue Oct 25 2005 Iain Morgan <imorgan@nas.nasa.gov>
		82	- Overhaul to deal with newer versions of SuSE and OpenSSH
41	* Mon Jun 12 2000 Damien Miller <djm@mindrot.org>	83	* Mon Jun 12 2000 Damien Miller <djm@mindrot.org>
42	- Glob manpages to catch compressed files	84	- Glob manpages to catch compressed files
43	* Wed Mar 15 2000 Damien Miller <djm@ibs.com.au>	85	* Wed Mar 15 2000 Damien Miller <djm@ibs.com.au>
Lines 84-199 Link Here
84		126
85	%prep	127	%prep
86		128
		129	%if %{build_x11_askpass}
		130	%setup -q -a 1
		131	%else
87	%setup -q	132	%setup -q
		133	%endif
88		134
89	%build	135	%build
90	CFLAGS="$RPM_OPT_FLAGS" \	136	CFLAGS="$RPM_OPT_FLAGS" \
91	./configure --prefix=/usr \	137	%configure --prefix=/usr \
92	--sysconfdir=/etc/ssh \	138	--sysconfdir=%{_sysconfdir}/ssh \
93	--datadir=/usr/share/openssh \	139	--mandir=%{_mandir} \
		140	--with-privsep-path=/var/lib/empty \
94	--with-pam \	141	--with-pam \
95	--with-gnome-askpass \
96	--with-tcp-wrappers \	142	--with-tcp-wrappers \
97	--with-ipv4-default \	143	--libexecdir=%{_libdir}/ssh
98	--libexecdir=/usr/lib/ssh
99	make	144	make
100		145
101	cd contrib	146	%if %{build_x11_askpass}
102	gcc -O -g `gnome-config --cflags gnome gnomeui` \	147	cd x11-ssh-askpass-%{xversion}
103	gnome-ssh-askpass.c -o gnome-ssh-askpass \	148	%configure --mandir=/usr/X11R6/man \
104	`gnome-config --libs gnome gnomeui`	149	--libexecdir=%{_libdir}/ssh
		150	xmkmf -a
		151	make
105	cd ..	152	cd ..
		153	%endif
106		154
107	%install	155	%install
108	rm -rf $RPM_BUILD_ROOT	156	rm -rf $RPM_BUILD_ROOT
109	make install DESTDIR=$RPM_BUILD_ROOT/	157	make install DESTDIR=$RPM_BUILD_ROOT/
110	install -d $RPM_BUILD_ROOT/etc/ssh/
111	install -d $RPM_BUILD_ROOT/etc/pam.d/	158	install -d $RPM_BUILD_ROOT/etc/pam.d/
112	install -d $RPM_BUILD_ROOT/sbin/init.d/	159	install -d $RPM_BUILD_ROOT/etc/init.d/
113	install -d $RPM_BUILD_ROOT/var/adm/fillup-templates	160	install -d $RPM_BUILD_ROOT/var/adm/fillup-templates
114	install -d $RPM_BUILD_ROOT/usr/lib/ssh
115	install -m644 contrib/sshd.pam.generic $RPM_BUILD_ROOT/etc/pam.d/sshd	161	install -m644 contrib/sshd.pam.generic $RPM_BUILD_ROOT/etc/pam.d/sshd
116	install -m744 contrib/suse/rc.sshd $RPM_BUILD_ROOT/sbin/init.d/sshd	162	install -m744 contrib/suse/rc.sshd $RPM_BUILD_ROOT/etc/init.d/sshd
117	ln -s ../../sbin/init.d/sshd $RPM_BUILD_ROOT/usr/sbin/rcsshd	163	install -m744 contrib/suse/sysconfig.ssh \
118	install -s contrib/gnome-ssh-askpass $RPM_BUILD_ROOT/usr/lib/ssh/gnome-ssh-askpass
119	ln -s gnome-ssh-askpass $RPM_BUILD_ROOT/usr/lib/ssh/ssh-askpass
120	install -m744 contrib/suse/rc.config.sshd \
121	$RPM_BUILD_ROOT/var/adm/fillup-templates	164	$RPM_BUILD_ROOT/var/adm/fillup-templates
122		165
		166	%if %{build_x11_askpass}
		167	cd x11-ssh-askpass-%{xversion}
		168	make install install.man BINDIR=%{_libdir}/ssh DESTDIR=$RPM_BUILD_ROOT/
		169	rm -f $RPM_BUILD_ROOT/usr/share/Ssh.bin
		170	%endif
		171
123	%clean	172	%clean
124	rm -rf $RPM_BUILD_ROOT	173	rm -rf $RPM_BUILD_ROOT
125		174
		175	%pre
		176	/usr/sbin/groupadd -g %{sshd_gid} -o -r sshd 2> /dev/null \|\| :
		177	/usr/sbin/useradd -r -o -g sshd -u %{sshd_uid} -s /bin/false -c "SSH Privilege Separation User" -d /var/lib/sshd sshd 2> /dev/null \|\| :
		178
126	%post	179	%post
127	if [ "$1" = 1 ]; then
128	echo "Creating SSH stop/start scripts in the rc directories..."
129	ln -s ../sshd /sbin/init.d/rc2.d/K20sshd
130	ln -s ../sshd /sbin/init.d/rc2.d/S20sshd
131	ln -s ../sshd /sbin/init.d/rc3.d/K20sshd
132	ln -s ../sshd /sbin/init.d/rc3.d/S20sshd
133	fi
134	echo "Updating /etc/rc.config..."
135	if [ -x /bin/fillup ] ; then
136	/bin/fillup -q -d = etc/rc.config var/adm/fillup-templates/rc.config.sshd
137	else
138	echo "ERROR: fillup not found. This should NOT happen in SuSE Linux."
139	echo "Update /etc/rc.config by hand from the following template file:"
140	echo " /var/adm/fillup-templates/rc.config.sshd"
141	fi
142	if [ ! -f /etc/ssh/ssh_host_key -o ! -s /etc/ssh/ssh_host_key ]; then	180	if [ ! -f /etc/ssh/ssh_host_key -o ! -s /etc/ssh/ssh_host_key ]; then
143	echo "Generating SSH host key..."	181	echo "Generating SSH RSA host key..."
144	/usr/bin/ssh-keygen -b 1024 -f /etc/ssh/ssh_host_key -N '' >&2	182	/usr/bin/ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N '' >&2
145	fi	183	fi
146	if [ ! -f /etc/ssh/ssh_host_dsa_key -o ! -s /etc/ssh/ssh_host_dsa_key ]; then	184	if [ ! -f /etc/ssh/ssh_host_dsa_key -o ! -s /etc/ssh/ssh_host_dsa_key ]; then
147	echo "Generating SSH DSA host key..."	185	echo "Generating SSH DSA host key..."
148	/usr/bin/ssh-keygen -d -f /etc/ssh/ssh_host_dsa_key -N '' >&2	186	/usr/bin/ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N '' >&2
149	fi
150	if test -r /var/run/sshd.pid
151	then
152	echo "Restarting the running SSH daemon..."
153	/usr/sbin/rcsshd restart >&2
154	fi	187	fi
		188	%{fillup_and_insserv -n -s -y ssh sshd START_SSHD}
		189	%run_permissions
		190
		191	%verifyscript
		192	%verify_permissions -e /etc/ssh/sshd_config -e /etc/ssh/ssh_config -e /usr/bin/ssh
155		193
156	%preun	194	%preun
157	if [ "$1" = 0 ]	195	%stop_on_removal sshd
158	then	196
159	echo "Stopping the SSH daemon..."	197	%postun
160	/usr/sbin/rcsshd stop >&2	198	%restart_on_update sshd
161	echo "Removing SSH stop/start scripts from the rc directories..."	199	%{insserv_cleanup}
162	rm /sbin/init.d/rc2.d/K20sshd
163	rm /sbin/init.d/rc2.d/S20sshd
164	rm /sbin/init.d/rc3.d/K20sshd
165	rm /sbin/init.d/rc3.d/S20sshd
166	fi
167		200
168	%files	201	%files
169	%defattr(-,root,root)	202	%defattr(-,root,root)
170	%doc ChangeLog OVERVIEW README*	203	%doc ChangeLog OVERVIEW README*
171	%doc RFC.nroff TODO CREDITS LICENCE	204	%doc RFC.nroff TODO CREDITS LICENCE
172	%attr(0755,root,root) %dir /etc/ssh	205	%attr(0755,root,root) %dir %{_sysconfdir}/ssh
173	%attr(0644,root,root) %config /etc/ssh/ssh_config	206	%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/ssh/ssh_config
174	%attr(0600,root,root) %config /etc/ssh/sshd_config	207	%attr(0600,root,root) %config(noreplace) %{_sysconfdir}/ssh/sshd_config
175	%attr(0600,root,root) %config /etc/ssh/moduli	208	%attr(0600,root,root) %config(noreplace) %{_sysconfdir}/ssh/moduli
176	%attr(0644,root,root) %config /etc/pam.d/sshd	209	%attr(0644,root,root) %config(noreplace) /etc/pam.d/sshd
177	%attr(0755,root,root) %config /sbin/init.d/sshd	210	%attr(0755,root,root) %config /etc/init.d/sshd
178	%attr(0755,root,root) /usr/bin/ssh-keygen	211	%attr(0755,root,root) %{_bindir}/ssh-keygen
179	%attr(0755,root,root) /usr/bin/scp	212	%attr(0755,root,root) %{_bindir}/scp
180	%attr(4755,root,root) /usr/bin/ssh	213	%attr(4755,root,root) %{_bindir}/ssh
181	%attr(-,root,root) /usr/bin/slogin	214	%attr(-,root,root) %{_bindir}/slogin
182	%attr(0755,root,root) /usr/bin/ssh-agent	215	%attr(0755,root,root) %{_bindir}/ssh-agent
183	%attr(0755,root,root) /usr/bin/ssh-add	216	%attr(0755,root,root) %{_bindir}/ssh-add
184	%attr(0755,root,root) /usr/bin/ssh-keyscan	217	%attr(0755,root,root) %{_bindir}/ssh-keyscan
185	%attr(0755,root,root) /usr/bin/sftp	218	%attr(0755,root,root) %{_bindir}/sftp
186	%attr(0755,root,root) /usr/sbin/sshd	219	%attr(0755,root,root) %{_sbindir}/sshd
187	%attr(-,root,root) /usr/sbin/rcsshd	220	%attr(0755,root,root) %dir %{_libdir}/ssh
188	%attr(0755,root,root) %dir /usr/lib/ssh	221	%attr(0755,root,root) %{_libdir}/ssh/sftp-server
189	%attr(0755,root,root) /usr/lib/ssh/ssh-askpass	222	%attr(4711,root,root) %{_libdir}/ssh/ssh-keysign
190	%attr(0755,root,root) /usr/lib/ssh/gnome-ssh-askpass	223	%attr(0644,root,root) %doc %{_mandir}/man1/scp.1*
191	%attr(0644,root,root) %doc /usr/man/man1/scp.1*	224	%attr(0644,root,root) %doc %{_mandir}/man1/sftp.1*
192	%attr(0644,root,root) %doc /usr/man/man1/ssh.1*	225	%attr(-,root,root) %doc %{_mandir}/man1/slogin.1*
193	%attr(-,root,root) %doc /usr/man/man1/slogin.1*	226	%attr(0644,root,root) %doc %{_mandir}/man1/ssh.1*
194	%attr(0644,root,root) %doc /usr/man/man1/ssh-agent.1*	227	%attr(0644,root,root) %doc %{_mandir}/man1/ssh-add.1*
195	%attr(0644,root,root) %doc /usr/man/man1/ssh-add.1*	228	%attr(0644,root,root) %doc %{_mandir}/man1/ssh-agent.1*
196	%attr(0644,root,root) %doc /usr/man/man1/ssh-keygen.1*	229	%attr(0644,root,root) %doc %{_mandir}/man1/ssh-keygen.1*
197	%attr(0644,root,root) %doc /usr/man/man8/sshd.8*	230	%attr(0644,root,root) %doc %{_mandir}/man1/ssh-keyscan.1*
198	%attr(0644,root,root) /var/adm/fillup-templates/rc.config.sshd	231	%attr(0644,root,root) %doc %{_mandir}/man5/ssh_config.5*
		232	%attr(0644,root,root) %doc %{_mandir}/man5/sshd_config.5*
		233	%attr(0644,root,root) %doc %{_mandir}/man8/sftp-server.8*
		234	%attr(0644,root,root) %doc %{_mandir}/man8/ssh-keysign.8*
		235	%attr(0644,root,root) %doc %{_mandir}/man8/sshd.8*
		236	%attr(0644,root,root) /var/adm/fillup-templates/sysconfig.ssh
199		237
		238	%if %{build_x11_askpass}
		239	%files askpass
		240	%defattr(-,root,root)
		241	%doc x11-ssh-askpass-%{xversion}/README
		242	%doc x11-ssh-askpass-%{xversion}/ChangeLog
		243	%doc x11-ssh-askpass-%{xversion}/SshAskpass*.ad
		244	%attr(0755,root,root) %{_libdir}/ssh/ssh-askpass
		245	%attr(0755,root,root) %{_libdir}/ssh/x11-ssh-askpass
		246	%attr(0644,root,root) %doc /usr/X11R6/man/man1/ssh-askpass.1x*
		247	%attr(0644,root,root) %doc /usr/X11R6/man/man1/x11-ssh-askpass.1x*
		248	%attr(0644,root,root) %config /usr/X11R6/lib/X11/app-defaults/SshAskpass
		249	%endif

Lines 1-80 Link Here

(-)openssh-4.2p1.orig/contrib/suse/rc.sshd (-43 / +96 lines)
1	#! /bin/sh	1	#! /bin/sh
2	# Copyright (c) 1995-1998 SuSE GmbH Nuernberg, Germany.	2	# Copyright (c) 1995-2000 SuSE GmbH Nuernberg, Germany.
3	#	3	#
4	# Author: Chris Saia <csaia@wtower.com>	4	# Author: Jiri Smid <feedback@suse.de>
5	#	5	#
6	# /sbin/init.d/sshd	6	# /etc/init.d/sshd
7	#	7	#
8	# and symbolic its link	8	# and symbolic its link
9	#	9	#
10	# /sbin/rcsshd	10	# /usr/sbin/rcsshd
11	#	11	#
		12	### BEGIN INIT INFO
		13	# Provides: sshd
		14	# Required-Start: $network $remote_fs
		15	# Required-Stop: $network $remote_fs
		16	# Default-Start: 3 5
		17	# Default-Stop: 0 1 2 6
		18	# Description: Start the sshd daemon
		19	### END INIT INFO
		20
		21	SSHD_BIN=/usr/sbin/sshd
		22	test -x $SSHD_BIN \|\| exit 5
		23
		24	SSHD_SYSCONFIG=/etc/sysconfig/ssh
		25	test -r $SSHD_SYSCONFIG \|\| exit 6
		26	. $SSHD_SYSCONFIG
		27
		28	SSHD_PIDFILE=/var/run/sshd.init.pid
		29
		30	. /etc/rc.status
		31
		32	# Shell functions sourced from /etc/rc.status:
		33	# rc_check check and set local and overall rc status
		34	# rc_status check and set local and overall rc status
		35	# rc_status -v ditto but be verbose in local rc status
		36	# rc_status -v -r ditto and clear the local rc status
		37	# rc_failed set local and overall rc status to failed
		38	# rc_reset clear local rc status (overall remains)
		39	# rc_exit exit appropriate to overall rc status
12		40
13	. /etc/rc.config	41	# First reset status of this service
		42	rc_reset
14		43
15	# Determine the base and follow a runlevel link name.
16	base=${0##*/}
17	link=${base#*[SK][0-9][0-9]}
18
19	# Force execution if not called by a runlevel directory.
20	test $link = $base && START_SSHD=yes
21	test "$START_SSHD" = yes \|\| exit 0
22
23	# The echo return value for success (defined in /etc/rc.config).
24	return=$rc_done
25	case "$1" in	44	case "$1" in
26	start)	45	start)
27	echo -n "Starting service sshd"	46	if ! test -f /etc/ssh/ssh_host_key ; then
		47	echo Generating /etc/ssh/ssh_host_key.
		48	ssh-keygen -t rsa1 -b 1024 -f /etc/ssh/ssh_host_key -N ''
		49	fi
		50	if ! test -f /etc/ssh/ssh_host_dsa_key ; then
		51	echo Generating /etc/ssh/ssh_host_dsa_key.
		52
		53	ssh-keygen -t dsa -b 1024 -f /etc/ssh/ssh_host_dsa_key -N ''
		54	fi
		55	if ! test -f /etc/ssh/ssh_host_rsa_key ; then
		56	echo Generating /etc/ssh/ssh_host_rsa_key.
		57
		58	ssh-keygen -t rsa -b 1024 -f /etc/ssh/ssh_host_rsa_key -N ''
		59	fi
		60	echo -n "Starting SSH daemon"
28	## Start daemon with startproc(8). If this fails	61	## Start daemon with startproc(8). If this fails
29	## the echo return value is set appropriate.	62	## the echo return value is set appropriate.
30		63
31	startproc /usr/sbin/sshd \|\| return=$rc_failed	64	startproc -f -p $SSHD_PIDFILE /usr/sbin/sshd $SSHD_OPTS -o "PidFile=$SSHD_PIDFILE"
32		65
33	echo -e "$return"	66	# Remember status and be verbose
		67	rc_status -v
34	;;	68	;;
35	stop)	69	stop)
36	echo -n "Stopping service sshd"	70	echo -n "Shutting down SSH daemon"
37	## Stop daemon with killproc(8) and if this fails	71	## Stop daemon with killproc(8) and if this fails
38	## set echo the echo return value.	72	## set echo the echo return value.
39		73
40	killproc -TERM /usr/sbin/sshd \|\| return=$rc_failed	74	killproc -p $SSHD_PIDFILE -TERM /usr/sbin/sshd
41		75
42	echo -e "$return"	76	# Remember status and be verbose
		77	rc_status -v
43	;;	78	;;
		79	try-restart)
		80	## Stop the service and if this succeeds (i.e. the
		81	## service was running before), start it again.
		82	$0 status >/dev/null && $0 restart
		83
		84	# Remember status and be quiet
		85	rc_status
		86	;;
44	restart)	87	restart)
45	## If first returns OK call the second, if first or	88	## Stop the service and regardless of whether it was
46	## second command fails, set echo return value.	89	## running or not, start it again.
47	$0 stop && $0 start \|\| return=$rc_failed	90	$0 stop
48	;;	91	$0 start
49	reload)	92
50	## Choose ONE of the following two cases:	93	# Remember status and be quiet
51		94	rc_status
52	## First possibility: A few services accepts a signal	95	;;
53	## to reread the (changed) configuration.	96	force-reload\|reload)
		97	## Signal the daemon to reload its config. Most daemons
		98	## do this on signal 1 (SIGHUP).
54		99
55	echo -n "Reload service sshd"	100	echo -n "Reload service sshd"
56	killproc -HUP /usr/sbin/sshd \|\| return=$rc_failed	101
57	echo -e "$return"	102	killproc -p $SSHD_PIDFILE -HUP /usr/sbin/sshd
58	;;	103
		104	rc_status -v
		105
		106	;;
59	status)	107	status)
60	echo -n "Checking for service sshd"	108	echo -n "Checking for service sshd "
61	## Check status with checkproc(8), if process is running	109	## Check status with checkproc(8), if process is running
62	## checkproc will return with exit status 0.	110	## checkproc will return with exit status 0.
		111
		112	# Status has a slightly different for the status command:
		113	# 0 - service running
		114	# 1 - service dead, but /var/run/ pid file exists
		115	# 2 - service dead, but /var/lock/ lock file exists
		116	# 3 - service not running
63		117
64	checkproc /usr/sbin/sshd && echo OK \|\| echo No process	118	checkproc -p $SSHD_PIDFILE /usr/sbin/sshd
		119
		120	rc_status -v
65	;;	121	;;
66	probe)	122	probe)
67	## Optional: Probe for the necessity of a reload,	123	## Optional: Probe for the necessity of a reload,
68	## give out the argument which is required for a reload.	124	## give out the argument which is required for a reload.
69		125
70	test /etc/ssh/sshd_config -nt /var/run/sshd.pid && echo reload	126	test /etc/ssh/sshd_config -nt $SSHD_PIDFILE && echo reload
71	;;	127	;;
72	*)	128	*)
73	echo "Usage: $0 {start\|stop\|status\|restart\|reload[\|probe]}"	129	echo "Usage: $0 {start\|stop\|status\|try-restart\|restart\|force-reload\|reload\|probe}"
74	exit 1	130	exit 1
75	;;	131	;;
76	esac	132	esac
77		133	rc_exit
78	# Inform the caller not only verbosely and set an exit status.
79	test "$return" = "$rc_done" \|\| exit 1
80	exit 0