- (djm) Cleanup Redhat RPMs. Generate keys at runtime rather than install

time, spec file cleanup.

ChangeLog

@@ -1,3 +1,7 @@
+20000808
+ - (djm) Cleanup Redhat RPMs. Generate keys at runtime rather than install
+   time, spec file cleanup.
+
 20000807
  - (djm) Set 0755 on binaries during install. Report from Lutz Jaenicke
  - (djm) Suppress error messages on channel close shutdown() failurs

contrib/redhat/openssh.spec

@@ -1,5 +1,5 @@
 # Version of OpenSSH
-%define oversion 2.1.1p4
+%define oversion 2.1.1p5
 
 # Version of ssh-askpass
 %define aversion 1.0
@@ -14,9 +14,9 @@ Summary: OpenSSH free Secure Shell (SSH) implementation
 Name: openssh
 Version: %{oversion}
 Release: 1
-Packager: Damien Miller <djm@ibs.com.au>
+Packager: Damien Miller <djm@mindrot.org>
 URL: http://www.openssh.com/
-Source0: http://violet.ibs.com.au/openssh/files/openssh-%{oversion}.tar.gz
+Source0: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{oversion}.tar.gz
 Source1: http://www.ntrnet.net/~jmknoble/software/x11-ssh-askpass/x11-ssh-askpass-%{aversion}.tar.gz
 Copyright: BSD
 Group: Applications/Internet
@@ -27,14 +27,14 @@ Requires: openssl >= 0.9.5a
 BuildPreReq: perl
 BuildPreReq: openssl-devel
 BuildPreReq: tcp_wrappers
-%if ! %{no_x11_askpass}
+%if ! %{no_gnome_askpass}
 BuildPreReq: gnome-libs-devel
 %endif
 
 %package clients
 Summary: OpenSSH Secure Shell protocol clients
 Requires: openssh
-Group: System Environment/Daemons
+Group: Applications/Internet
 Obsoletes: ssh-clients
 
 %package server
@@ -127,6 +127,9 @@ patented algorithms to seperate libraries (OpenSSL).
 This package contains the GNOME passphrase dialog.
 
 %changelog
+* Tue Aug 08 2000 Damien Miller <djm@mindrot.org>
+- Some surgery to sshd.init (generate keys at runtime)
+- Cleanup of groups and removal of keygen calls
 * Wed Jul 12 2000 Damien Miller <djm@mindrot.org>
 - Make building of X11-askpass and gnome-askpass optional
 * Mon Jun 12 2000 Damien Miller <djm@mindrot.org>
@@ -208,20 +211,12 @@ rm -rf $RPM_BUILD_ROOT
 
 %post server
 /sbin/chkconfig --add sshd
-if [ ! -f /etc/ssh/ssh_host_key -o ! -s /etc/ssh/ssh_host_key ]; then
+if test -r /var/run/sshd.pid ; then
-	/usr/bin/ssh-keygen -b 1024 -f /etc/ssh/ssh_host_key -N '' >&2
-fi
-if [ ! -f /etc/ssh/ssh_host_dsa_key -o ! -s /etc/ssh/ssh_host_dsa_key ]; then
-	/usr/bin/ssh-keygen -d -f /etc/ssh/ssh_host_dsa_key -N '' >&2
-fi
-if test -r /var/run/sshd.pid
-then
 	/etc/rc.d/init.d/sshd restart >&2
 fi
 
 %preun server
-if [ "$1" = 0 ]
+if [ "$1" = 0 ] ; then
-then
 	/etc/rc.d/init.d/sshd stop >&2
 	/sbin/chkconfig --del sshd
 fi
@@ -272,4 +267,3 @@ fi
 %defattr(-,root,root)
 %attr(0755,root,root) /usr/libexec/ssh/gnome-ssh-askpass
 %endif
-

contrib/redhat/sshd.init

@@ -17,44 +17,73 @@
 
 RETVAL=0
 
+# Some functions to make the below more readable
+KEYGEN=/usr/bin/ssh-keygen
+RSA_KEY=/etc/ssh/ssh_host_key
+DSA_KEY=/etc/ssh/ssh_host_dsa_key
+PID_FILE=/var/run/sshd.pid
+do_rsa_keygen() {
+	if $KEYGEN -R && ! test -f $RSA_KEY ; then
+		echo -n "Generating SSH RSA host key: "
+		if $KEYGEN -q -b 1024 -f $RSA_KEY -C '' -N '' >&/dev/null; then
+			success "RSA key generation"
+			echo
+		else
+			failure "RSA key generation"
+			echo
+			exit 1
+		fi
+	fi
+}
+do_dsa_keygen() {
+	if ! test -f $DSA_KEY ; then
+		echo -n "Generating SSH DSA host key: "
+		if $KEYGEN -q -d -b 1024 -f $DSA_KEY -C '' -N '' >&/dev/null; then
+			success "DSA key generation"
+			echo
+		else
+			failure "DSA key generation"
+			echo
+			exit 1
+		fi
+	fi
+}
+
 case "$1" in
-  start)
+	start)
-	echo -n "Starting sshd: "
+		# Create keys if necessary
-	if [ ! -f /var/run/sshd.pid ] ; then
+		do_rsa_keygen;
-	  case "`type -type success`" in
+		do_dsa_keygen;
-	    function)
+		
-	      /usr/sbin/sshd && success "sshd startup" || failure "sshd startup"
+		echo -n "Starting sshd: "
-	      RETVAL=$?
+		if [ ! -f $PID_FILE ] ; then
-	    ;;
+			daemon sshd
-	    *)
+			RETVAL=$?
-	      /usr/sbin/sshd && echo -n "sshd "
+			touch /var/lock/subsys/sshd
-	      RETVAL=$?
+		fi
-	    ;;
+		echo
-	  esac
+		;;
-	  [ $RETVAL -eq 0 ] && touch /var/lock/subsys/sshd
+	stop)
-	fi
+		echo -n "Shutting down sshd: "
-	echo
+		if [ -f $PID_FILE ] ; then
-	;;
+			killproc sshd
-  stop)
+			[ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/sshd
-	echo -n "Shutting down sshd: "
+		fi
-	if [ -f /var/run/sshd.pid ] ; then
+		echo
-		killproc sshd
+		;;
-	fi
+	restart)
-	echo
+		$0 stop
-	[ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/sshd
+		$0 start
-	;;
+		RETVAL=$?
-  restart)
+		;;
-        $0 stop
+	status)
-        $0 start
+		status sshd
-	RETVAL=$?
+		RETVAL=$?
-        ;;
+		;;
-  status)
+	*)
-        status sshd
+		echo "Usage: sshd {start|stop|restart|status}"
-	RETVAL=$?
+		exit 1
-        ;;
+		;;
-  *)
-	echo "Usage: sshd {start|stop|restart|status}"
-	exit 1
 esac
 
 exit $RETVAL

contrib/redhat/sshd.init-5.x

@@ -0,0 +1,61 @@
+#!/bin/bash
+
+# Init file for OpenSSH server daemon
+#
+# chkconfig: 2345 55 25
+# description: OpenSSH server daemon
+#
+# processname: sshd
+# config: /etc/ssh/ssh_host_key
+# config: /etc/ssh/ssh_host_key.pub
+# config: /etc/ssh/ssh_random_seed
+# config: /etc/ssh/sshd_config
+# pidfile: /var/run/sshd.pid
+
+# source function library
+. /etc/rc.d/init.d/functions
+
+RETVAL=0
+
+case "$1" in
+	start)
+		echo -n "Starting sshd: "
+		if [ ! -f /var/run/sshd.pid ] ; then
+			case "`type -type success`" in
+				function)
+					/usr/sbin/sshd && success "sshd startup" || failure "sshd startup"
+					RETVAL=$?
+					;;
+				*)
+					/usr/sbin/sshd && echo -n "sshd "
+					RETVAL=$?
+					;;
+			esac
+			[ $RETVAL -eq 0 ] && touch /var/lock/subsys/sshd
+		fi
+		echo
+		;;
+	stop)
+		echo -n "Shutting down sshd: "
+		if [ -f /var/run/sshd.pid ] ; then
+			killproc sshd
+		fi
+		echo
+		[ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/sshd
+		;;
+	restart)
+		$0 stop
+		$0 start
+		RETVAL=$?
+		;;
+	status)
+		status sshd
+		RETVAL=$?
+		;;
+	*)
+		echo "Usage: sshd {start|stop|restart|status}"
+		exit 1
+		;;
+esac
+
+exit $RETVAL