[contrib/caldera/openssh.spec] add support for privsep
This commit is contained in:
Tim Rice
parent
40b011c7fe
commit
6de3dfd929
|
|
@ -33,6 +33,7 @@
|
|||
- (bal) fixed NeXTStep missing munmap() issue. It defines HAVE_MMAP,
|
||||
but it all damned lies.
|
||||
- (stevesk) [README.privsep] more for sshd pseudo-account.
|
||||
- (tim) [contrib/caldera/openssh.spec] add support for privsep
|
||||
|
||||
20020625
|
||||
- (stevesk) [INSTALL acconfig.h configure.ac defines.h] remove --with-rsh
|
||||
|
|
@ -1132,4 +1133,4 @@
|
|||
- (stevesk) entropy.c: typo in debug message
|
||||
- (djm) ssh-keygen -i needs seeded RNG; report from markus@
|
||||
|
||||
$Id: ChangeLog,v 1.2287 2002/06/26 00:43:57 stevesk Exp $
|
||||
$Id: ChangeLog,v 1.2288 2002/06/26 02:28:55 tim Exp $
|
||||
|
|
|
|||
|
|
@ -11,6 +11,9 @@
|
|||
%define _sysconfdir /etc/ssh
|
||||
%define _libexecdir %{_libdir}/ssh
|
||||
|
||||
# Do we want to disable root_login? (1=yes 0=no)
|
||||
%define no_root_login 0
|
||||
|
||||
#old cvs stuff. please update before use. may be deprecated.
|
||||
%define use_stable 1
|
||||
%if %{use_stable}
|
||||
|
|
@ -25,6 +28,10 @@
|
|||
%define xsa x11-ssh-askpass
|
||||
%define askpass %{xsa}-1.2.4.1
|
||||
|
||||
# OpenSSH privilege separation requires a user & group ID
|
||||
%define sshd_uid 67
|
||||
%define sshd_gid 67
|
||||
|
||||
Name : openssh
|
||||
Version : %{version}%{cvs}
|
||||
Release : %{release}
|
||||
|
|
@ -174,6 +181,9 @@ CFLAGS="$RPM_OPT_FLAGS" \
|
|||
--with-pam \
|
||||
--with-tcp-wrappers \
|
||||
--with-ipv4-default \
|
||||
--sysconfdir=%{_sysconfdir}/ssh \
|
||||
--libexecdir=%{_libexecdir}/openssh \
|
||||
--with-privsep-path=%{_var}/empty/sshd \
|
||||
#leave this line for easy edits.
|
||||
|
||||
%__make CFLAGS="$RPM_OPT_FLAGS"
|
||||
|
|
@ -198,12 +208,18 @@ xmkmf
|
|||
|
||||
# OpenLinux specific configuration
|
||||
mkdir -p %{buildroot}{/etc/pam.d,%{SVIcdir},%{SVIdir}}
|
||||
mkdir -p %{buildroot}%{_var}/empty/sshd
|
||||
|
||||
# enabling X11 forwarding on the server is convenient and okay,
|
||||
# on the client side it's a potential security risk!
|
||||
%__perl -pi -e 's:X11Forwarding no:X11Forwarding yes:g' \
|
||||
%__perl -pi -e 's:#X11Forwarding no:X11Forwarding yes:g' \
|
||||
%{buildroot}%{_sysconfdir}/sshd_config
|
||||
|
||||
%if %{no_root_login}
|
||||
%__perl -pi -e 's:#PermitRootLogin yes:PermitRootLogin no:g' \
|
||||
%{buildroot}%{_sysconfdir}/sshd_config
|
||||
%endif
|
||||
|
||||
install -m644 contrib/caldera/sshd.pam %{buildroot}/etc/pam.d/sshd
|
||||
# FIXME: disabled, find out why this doesn't work with nis
|
||||
%__perl -pi -e 's:(.*pam_limits.*):#$1:' \
|
||||
|
|
@ -265,6 +281,11 @@ rm %{buildroot}%{_mandir}/man1/slogin.1 && \
|
|||
/usr/sbin/ssh-host-keygen
|
||||
: # to protect the rpm database
|
||||
|
||||
%pre server
|
||||
%{_sbindir}/groupadd -g %{sshd_gid} sshd 2>/dev/null || :
|
||||
%{_sbindir}/useradd -d /var/empty/sshd -s /bin/false -u %{sshd_uid} \
|
||||
-c "SSH Daemon virtual user" -g sshd sshd 2>/dev/null || :
|
||||
: # to protect the rpm database
|
||||
|
||||
%Post server
|
||||
if [ -x %{LSBinit}-install ]; then
|
||||
|
|
@ -312,6 +333,7 @@ fi
|
|||
|
||||
%Files server
|
||||
%defattr(-,root,root)
|
||||
%dir %attr(0700,root,root) %{_var}/empty/sshd
|
||||
%config %{SVIdir}/sshd
|
||||
%config /etc/pam.d/sshd
|
||||
%config %{_sysconfdir}/moduli
|
||||
|
|
@ -333,4 +355,4 @@ fi
|
|||
* Mon Jan 01 1998 ...
|
||||
Template Version: 1.31
|
||||
|
||||
$Id: openssh.spec,v 1.34 2002/06/25 17:07:26 tim Exp $
|
||||
$Id: openssh.spec,v 1.35 2002/06/26 02:28:56 tim Exp $
|
||||
|
|
|
|||
Loading…
Reference in New Issue