[ contrib/caldera/openssh.spec contrib/caldera/sshd.init]

Updates from Raymund Will <ray@caldera.de>
[acconfig.h configure.in] Clean up login checks.
Problem reported by Jim Knoble <jmknoble@pobox.com>

ChangeLog

@@ -1,4 +1,10 @@
-20011123
+20011103
+ - (tim) [ contrib/caldera/openssh.spec contrib/caldera/sshd.init] Updates 
+   from Raymund Will <ray@caldera.de>
+   [acconfig.h configure.in] Clean up login checks.
+   Problem reported by Jim Knoble <jmknoble@pobox.com>
+
+20011101
  - (djm) Compat define for OpenSSL < 0.9.6 (No OPENSSL_free)
 
 20011031
@@ -6795,4 +6801,4 @@
  - Wrote replacements for strlcpy and mkdtemp
  - Released 1.0pre1
 
-$Id: ChangeLog,v 1.1630 2001/10/31 22:32:34 djm Exp $
+$Id: ChangeLog,v 1.1631 2001/11/03 19:09:32 tim Exp $

acconfig.h

@@ -1,4 +1,4 @@
-/* $Id: acconfig.h,v 1.118 2001/10/22 00:53:59 tim Exp $ */
+/* $Id: acconfig.h,v 1.119 2001/11/03 19:09:33 tim Exp $ */
 
 #ifndef _CONFIG_H
 #define _CONFIG_H
@@ -178,9 +178,6 @@
 /* Define if you want to specify the path to your wtmpx file */
 #undef CONF_WTMPX_FILE
 
-/* Define is libutil has login() function */
-#undef HAVE_LIBUTIL_LOGIN
-
 /* Define if you want external askpass support */
 #undef USE_EXTERNAL_ASKPASS
 

configure.ac

@@ -1,4 +1,4 @@
-# $Id: configure.ac,v 1.3 2001/10/27 17:45:37 tim Exp $
+# $Id: configure.ac,v 1.4 2001/11/03 19:09:33 tim Exp $
 
 AC_INIT
 AC_CONFIG_SRCDIR([ssh.c])
@@ -370,9 +370,6 @@ fi
 
 AC_CHECK_FUNC(getspnam, ,
 	AC_CHECK_LIB(gen, getspnam, LIBS="$LIBS -lgen"))
-AC_CHECK_FUNC(login, ,
-	AC_CHECK_LIB(util, login,
-		AC_DEFINE(HAVE_LIBUTIL_LOGIN) LIBS="$LIBS -lutil"))
 
 dnl zlib is required
 AC_ARG_WITH(zlib,
@@ -426,6 +423,11 @@ AC_CHECK_FUNC(utimes,
 	[], [ AC_CHECK_LIB(c89, utimes, LIBS="$LIBS -lc89") ]
 )
 
+dnl    Checks for libutil functions
+AC_CHECK_HEADERS(libutil.h)
+AC_SEARCH_LIBS(login, util bsd, [AC_DEFINE(HAVE_LOGIN)])
+AC_CHECK_FUNCS(logout updwtmp logwtmp)
+
 AC_FUNC_STRFTIME
 
 # Checks for header files.
@@ -617,9 +619,6 @@ int main(int argc, char **argv) {
 
 dnl    Checks for time functions
 AC_CHECK_FUNCS(gettimeofday time)
-dnl    Checks for libutil functions
-AC_CHECK_HEADERS(libutil.h)
-AC_CHECK_FUNCS(login logout updwtmp logwtmp)
 dnl    Checks for utmp functions
 AC_CHECK_FUNCS(endutent getutent getutid getutline pututline setutent)
 AC_CHECK_FUNCS(utmpname)
@@ -632,11 +631,6 @@ AC_CHECK_FUNC(getuserattr,
 	[AC_CHECK_LIB(s, getuserattr, [LIBS="$LIBS -ls"; AC_DEFINE(HAVE_GETUSERATTR)])]
 )
 
-AC_CHECK_FUNC(login, 
-	[AC_DEFINE(HAVE_LOGIN)],
-	[AC_CHECK_LIB(bsd, login, [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_LOGIN)])]
-)
-
 AC_CHECK_FUNC(daemon, 
 	[AC_DEFINE(HAVE_DAEMON)],
 	[AC_CHECK_LIB(bsd, daemon, [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_DAEMON)])]

contrib/caldera/openssh.spec

@@ -1,30 +1,39 @@
-%define askpass		1.2.4.1
+%define use-stable	1
+%if %{use-stable}
+  %define version 	3.0p1
+  %define cvs		%{nil}
+  %define release 	1
+%else
+  %define version 	3.0p1
+  %define cvs		cvs20011102
+  %define release 	0r1
+%endif
+%define xsa		x11-ssh-askpass		
+%define askpass		%{xsa}-1.2.4.1
 
 Name        	: openssh
-Version     	: 3.0p1
-Release     	: 1
+Version     	: %{version}%{cvs}
+Release     	: %{release}
 Group       	: System/Network
 
-Summary     	: OpenSSH free Secure Shell (SSH) protocol implementation.
-Summary(de) 	: OpenSSH - freie Implementation der Secure Shell (SSH).
-Summary(es) 	: OpenSSH implementación libre de Secure Shell (SSH).
-Summary(fr) 	: Implémentation libre du shell sécurisé OpenSSH (SSH).
-Summary(it) 	: Implementazione gratuita OpenSSH della Secure Shell.
-Summary(pt) 	: Implementação livre OpenSSH do protocolo 'Secure Shell' (SSH).
-Summary(pt_BR) 	: Implementação livre OpenSSH do protocolo Secure Shell (SSH).
+Summary     	: OpenSSH free Secure Shell (SSH) implementation.
 
 Copyright   	: BSD
-Packager    	: Stephan Seyboth <sps@caldera.de>
-#Icon        	: .
+Packager    	: Raymund Will <ray@caldera.de>
 URL         	: http://www.openssh.com/
 
 Obsoletes   	: ssh, ssh-clients, openssh-clients
 
 BuildRoot   	: /tmp/%{Name}-%{Version}
 
-Source0: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{Version}.tar.gz
-Source1: http://www.ntrnet.net/~jmknoble/software/x11-ssh-askpass/x11-ssh-askpass-%{askpass}.tar.gz
-Source2: http://www.openssh.com/faq.html
+# %{use-stable}==1:	ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable
+# %{use-stable}==0:	:pserver:cvs@bass.directhit.com:/cvs/openssh_cvs
+Source0: see-above:/.../openssh-%{Version}.tar.gz
+%if %{use-stable}
+Source1: see-above:/.../openssh-%{Version}.tar.gz.sig
+%endif
+Source2: http://www.ntrnet.net/~jmknoble/software/%{xsa}/%{askpass}.tar.gz
+Source3: http://www.openssh.com/faq.html
 
 
 %Package server
@@ -33,123 +42,23 @@ Requires    	: openssh = %{Version}
 Obsoletes   	: ssh-server
 
 Summary     	: OpenSSH Secure Shell protocol server (sshd).
-Summary(de) 	: OpenSSH Secure Shell Protocol-Server (sshd).
-Summary(es) 	: Servidor del protocolo OpenSSH Secure Shell (sshd).
-Summary(fr) 	: Serveur de protocole du shell sécurisé OpenSSH (sshd).
-Summary(it) 	: Server OpenSSH per il protocollo Secure Shell (sshd).
-Summary(pt) 	: Servidor do protocolo 'Secure Shell' OpenSSH (sshd).
-Summary(pt_BR) 	: Servidor do protocolo Secure Shell OpenSSH (sshd).
 
 
 %Package askpass
 Group       	: System/Network
 Requires    	: openssh = %{Version}
+URL       	: http://www.ntrnet.net/~jmknoble/software/x11-ssh-askpass/
 Obsoletes   	: ssh-extras
 
 Summary     	: OpenSSH X11 pass-phrase dialog.
-Summary(de) 	: OpenSSH X11 Passwort-Dialog.
-Summary(es) 	: Aplicación de petición de frase clave OpenSSH X11.
-Summary(fr) 	: Dialogue pass-phrase X11 d'OpenSSH.
-Summary(it) 	: Finestra di dialogo X11 per la frase segreta di OpenSSH.
-Summary(pt) 	: Diálogo de pedido de senha para X11 do OpenSSH.
-Summary(pt_BR) 	: Diálogo de pedido de senha para X11 do OpenSSH.
 
 
-%Description
-OpenSSH (Secure Shell) provides access to a remote system. It replaces
-telnet, rlogin,  rexec, and rsh, and provides secure encrypted 
-communications between two untrusted hosts over an insecure network.  
-X11 connections and arbitrary TCP/IP ports can also be forwarded over 
-the secure channel.
-
-%Description -l de
-OpenSSH (Secure Shell) stellt den Zugang zu anderen Rechnern her. Es ersetzt
-telnet, rlogin, rexec und rsh und stellt eine sichere, verschlüsselte
-Verbindung zwischen zwei nicht vertrauenswürdigen Hosts über eine unsicheres
-Netzwerk her. X11 Verbindungen und beliebige andere TCP/IP Ports können ebenso
-über den sicheren Channel weitergeleitet werden.
-
-%Description -l es
-OpenSSH (Secure Shell) proporciona acceso a sistemas remotos. Reemplaza a
-telnet, rlogin, rexec, y rsh, y proporciona comunicaciones seguras encriptadas
-entre dos equipos entre los que no se ha establecido confianza a través de una
-red insegura. Las conexiones X11 y puertos TCP/IP arbitrarios también pueden
-ser canalizadas sobre el canal seguro.
-
-%Description -l fr
-OpenSSH (Secure Shell) fournit un accès à un système distant. Il remplace
-telnet, rlogin, rexec et rsh, tout en assurant des communications cryptées
-securisées entre deux hôtes non fiabilisés sur un réseau non sécurisé. Des
-connexions X11 et des ports TCP/IP arbitraires peuvent également être
-transmis sur le canal sécurisé.
-
-%Description -l it
-OpenSSH (Secure Shell) fornisce l'accesso ad un sistema remoto.
-Sostituisce telnet, rlogin, rexec, e rsh, e fornisce comunicazioni sicure
-e crittate tra due host non fidati su una rete non sicura. Le connessioni
-X11 ad una porta TCP/IP arbitraria possono essere inoltrate attraverso
-un canale sicuro.
-
-%Description -l pt
-OpenSSH (Secure Shell) fornece acesso a um sistema remoto. Substitui o
-telnet, rlogin, rexec, e o rsh e fornece comunicações seguras e cifradas
-entre duas máquinas sem confiança mútua sobre uma rede insegura.
-Ligações X11 e portos TCP/IP arbitrários também poder ser reenviados
-pelo canal seguro.
-
-%Description -l pt_BR
-O OpenSSH (Secure Shell) fornece acesso a um sistema remoto. Substitui o
-telnet, rlogin, rexec, e o rsh e fornece comunicações seguras e criptografadas
-entre duas máquinas sem confiança mútua sobre uma rede insegura.
-Ligações X11 e portas TCP/IP arbitrárias também podem ser reenviadas
-pelo canal seguro.
-
-%Description server
-This package installs the sshd, the server portion of OpenSSH. 
-
-%Description -l de server
-Dieses Paket installiert den sshd, den Server-Teil der OpenSSH.
-
-%Description -l es server
-Este paquete instala sshd, la parte servidor de OpenSSH.
-
-%Description -l fr server
-Ce paquetage installe le 'sshd', partie serveur de OpenSSH.
-
-%Description -l it server
-Questo pacchetto installa sshd, il server di OpenSSH.
-
-%Description -l pt server
-Este pacote intala o sshd, o servidor do OpenSSH.
-
-%Description -l pt_BR server
-Este pacote intala o sshd, o servidor do OpenSSH.
-
-%Description askpass
-This package contains an X11-based passphrase dialog.
-
-%Description -l de askpass
-Dieses Paket enthält einen X11-basierten Passwort Dialog.
-
-%Description -l es askpass
-Este paquete contiene una aplicación para petición de frases-contraseña basada
-en X11.
-
-%Description -l fr askpass
-Ce paquetage contient un dialogue de passphrase basé sur X11.
-
-%Description -l it askpass
-Questo pacchetto contiene una finestra di X11 che chiede la frase segreta.
-
-%Description -l pt askpass
-Este pacote contém um diálogo de senha para o X11.
-
-%Description -l pt_BR askpass
-Este pacote contem um diálogo de frase-senha para o X11.
-
 %Prep
-%setup
-%setup -D -T -a1
+%setup %([ -z "%{cvs}" ] || echo "-n %{Name}_cvs") -a2
+
+%if ! %{use-stable}
+  autoreconf
+%endif
 
 
 %Build
@@ -158,14 +67,13 @@ CFLAGS="$RPM_OPT_FLAGS" \
             --prefix=/usr \
             --sysconfdir=/etc/ssh \
             --libexecdir=/usr/lib/ssh \
-            --datadir=/usr/share/openssh \
             --with-pam \
             --with-tcp-wrappers \
             --with-ipv4-default \
 
 make
 
-cd x11-ssh-askpass-%{askpass}
+cd %{askpass}
 ./configure
 xmkmf
 make includes
@@ -177,61 +85,51 @@ make
 
 make DESTDIR="$DESTDIR" install
 
-make -C x11-ssh-askpass-%{askpass} DESTDIR="$DESTDIR" \
-                                   BINDIR="/usr/lib/ssh" install
-
-%{fixManPages}
-
-# install remaining docs
-NV="$DESTDIR%{_defaultdocdir}/%{Name}-%{Version}"
-mkdir -p $NV
-cp -a CREDITS ChangeLog LICENCE OVERVIEW README* TODO $NV
-cp %{SOURCE2} $NV/faq.html
-mkdir -p $NV/x11-ssh-askpass-%{askpass}
-cp -a x11-ssh-askpass-%{askpass}/{README,ChangeLog,TODO,SshAskpass*.ad} \
-      $NV/x11-ssh-askpass-%{askpass}
-
+make -C %{askpass} BINDIR="/usr/lib/ssh" install
 
 # OpenLinux specific configuration
 mkdir -p $DESTDIR/{etc/pam.d,%{SVIcdir},%{SVIdir}}
 
 # enabling X11 forwarding on the server is convenient and okay,
-# on the client side it's a potential security risk!
-%{fixUP} -vg  $DESTDIR/etc/ssh/sshd_config 'X11Forwarding no' \
-                                           'X11Forwarding yes'
-
-cat <<-EOF >> $DESTDIR/etc/ssh/ssh_config
-	
-	# This retains the old behaviour of trying the SSH1 protocol
-	# before the more secure SSH2 one. Note that the SSH2 keys are
-	# stored in a different format so you will have to generate and
-	# distribute a new public/private key pair to migrate. See the
-	# ssh(1) man-page for details
-	Host *
-	Protocol 1,2
-EOF
+# on the client side we consider it a potential security risk!
+%{fixUP} -vT  $DESTDIR/etc/ssh/sshd_config -e '
+   s/X11Forwarding no/X11Forwarding yes/i'
 
 install -m644 contrib/caldera/sshd.pam $DESTDIR/etc/pam.d/sshd
-# FIXME: disabled, find out why this doesn't work with nis
-%{fixUP} -vg  $DESTDIR/etc/pam.d/sshd '(.*pam_limits.*)' '#$1'
+# FIXME: disabled, find out why this doesn't work with NIS
+%{fixUP} -vT $DESTDIR/etc/pam.d/sshd -e 's/^(.*pam_limits.*)$/#$1/'
 
 install -m 0755 contrib/caldera/sshd.init $DESTDIR%{SVIdir}/sshd
-%{fixUP} -T $DESTDIR/%{SVIdir} -e 's:\@SVIdir\@:%{SVIdir}:'
-%{fixUP} -T $DESTDIR/%{SVIdir} -e 's:\@sysconfdir\@:/etc/ssh:'
+%{fixUP} -vT $DESTDIR/%{SVIdir} -e 's:\@SVIdir\@:%{SVIdir}: +
+   s:\@sysconfdir\@:/etc/ssh:'
 
 cat <<-EoD > $DESTDIR%{SVIcdir}/sshd
 	IDENT=sshd
 	DESCRIPTIVE="OpenSSH secure shell daemon"
 	# This service will be marked as 'skipped' on boot if there
-	# is no host key. Use ssh-host-keygen to generate one
+	# is no host key. Use ssh-host-keygen to generate one.
 	ONBOOT="yes"
 	OPTIONS=""
 EoD
 
 SKG=$DESTDIR/usr/sbin/ssh-host-keygen
 install -m 0755 contrib/caldera/ssh-host-keygen $SKG
-%{fixUP} -T $SKG -e 's:\@sysconfdir\@:/etc/ssh:'
-%{fixUP} -T $SKG -e 's:\@sshkeygen\@:/usr/bin/ssh-keygen:'
+%{fixUP} -T $SKG -e 's:\@sysconfdir\@:/etc/ssh: +
+   s:\@sshkeygen\@:/usr/bin/ssh-keygen:'
+
+
+# install remaining docs
+DocD="$DESTDIR%{_defaultdocdir}/%{Name}-%{Version}"; mkdir -p $DocD/00-LEGAL
+cp -a LICENCE $DocD/00-LEGAL
+cp -a CREDITS ChangeLog OVERVIEW README* TODO  $DocD
+install -p -m 0444 -o 0 -g 0 %{SOURCE3}  $DocD/faq.html
+mkdir -p $DocD/%{askpass}
+cp -a %{askpass}/{README,ChangeLog,TODO,SshAskpass*.ad}  $DocD/%{askpass}
+
+cp -p %{askpass}/%{xsa}.man $DESTDIR/usr/man/man1/%{xsa}.1
+ln -s  %{xsa}.1 $DESTDIR/usr/man/man1/ssh-askpass.1
+
+%{fixManPages}
 
 
 # generate file lists
@@ -245,10 +143,12 @@ askpass					askpass
 EOF
 %{mkLists} -a -f %{Name} << 'EOF'
 ^/etc					*		prefix(%%config)
-/usr/X11R6/lib/X11/app-defaults		IGNORED
+/usr/X11R6/lib/X11/app-defaults 	IGNORED
+Ssh.bin 				IGNORED		# for now
 [Aa]skpass				askpass
 %{_defaultdocdir}/%{Name}-%{Version}/	base
 ssh-keygen				base
+moduli					server
 sshd					server
 sftp-server				server
 .*					base
@@ -306,8 +206,22 @@ fi
 %defattr(-,root,root)
 
 
+%Description
+OpenSSH (Secure Shell) provides access to a remote system. It replaces
+telnet, rlogin,  rexec, and rsh, and provides secure encrypted 
+communications between two untrusted hosts over an insecure network.  
+X11 connections and arbitrary TCP/IP ports can also be forwarded over 
+the secure channel.
+
+%Description server
+This package installs the sshd, the server portion of OpenSSH. 
+
+%Description askpass
+This package contains an X11-based pass-phrase dialog used per
+default by ssh-add(1). It is based on %{askpass}
+by Jim Knoble <jmknoble@pobox.com>.
+
 %ChangeLog
 * Mon Jan 01 1998 ...
-Template Version: 1.31
 
-$Id: openssh.spec,v 1.23 2001/10/24 21:06:08 mouring Exp $
+$Id: openssh.spec,v 1.24 2001/11/03 19:09:33 tim Exp $

contrib/caldera/sshd.init

@@ -1,6 +1,6 @@
 #! /bin/bash
 #
-# $Id: sshd.init,v 1.2 2001/04/27 05:50:50 tim Exp $
+# $Id: sshd.init,v 1.3 2001/11/03 19:09:33 tim Exp $
 #
 ### BEGIN INIT INFO
 # Provides:
@@ -37,7 +37,7 @@ _status() {
   if [ ! -e $SVIlock ]; then
     # no lock-file => not started == stopped?
     ret=3
-  elif { [ -n "$pidf" ] && [ ! -f "$pidf" ] } || [ -z "$pid" ]; then
+  elif [ -n "$pidf" -a ! -f "$pidf" ] || [ -z "$pid" ]; then
     # pid-file given but not present or no pid => died, but was not stopped
     ret=2
   elif [ -r /proc/$pid/cmdline ] &&