From 53f3b9b431345060d2d393865a16760fbf3f082f Mon Sep 17 00:00:00 2001 From: Anas Nashif Date: Sun, 1 Jul 2012 13:16:57 +0100 Subject: [PATCH] install systemd files in %_libdir add privillage seperation directory files Change-Id: Ic47dfc7d498b4f0799d1967ecb18ec407e4936a5 --- packaging/openssh.changes | 22 +++++++---- packaging/openssh.spec | 64 +++++++++++++++++++------------- packaging/{sshd-hostkeys => sshd-keygen} | 4 +- packaging/sshd-keygen.service | 10 +++++ packaging/sshd-keys.service | 11 ------ 5 files changed, 65 insertions(+), 46 deletions(-) rename packaging/{sshd-hostkeys => sshd-keygen} (79%) create mode 100644 packaging/sshd-keygen.service delete mode 100644 packaging/sshd-keys.service diff --git a/packaging/openssh.changes b/packaging/openssh.changes index a1dbf82..88e439c 100644 --- a/packaging/openssh.changes +++ b/packaging/openssh.changes @@ -1,22 +1,28 @@ -* Tue Jun 26 2012 Prajwal Mohan -- Removing the dependency on useradd temporarily +* Mon Jul 02 2012 Anas Nashif 20120626.1@6949823 +- add privillage seperation directory files -* Mon Jun 25 2012 Anas Nashif 5ce6cbf +* Sun Jul 01 2012 Anas Nashif 20120626.1@896f8b7 +- install systemd files in %_libdir + +* Tue Jun 26 2012 Prajwal Mohan 20120626.1@93c05e9 +- Removing the dependency on useradd temporarily + +* Mon Jun 25 2012 Anas Nashif 20120626.1@4bfbbe3 - Update to 5.6p1 -* Tue Jun 12 2012 Chengwei Yang c930434 +* Tue Jun 12 2012 Chengwei Yang 20120626.1@c930434 - fix build failure -* Fri Jun 01 2012 Anas Nashif e43f12c +* Fri Jun 01 2012 Anas Nashif 20120626.1@e43f12c - DO NOT create host keys in %post -* Wed May 30 2012 Ryan Ware 3a23953 +* Wed May 30 2012 Ryan Ware 20120626.1@3a23953 - Add default Smack manifest for openssh.spec -* Sun Apr 29 2012 Kim Kibum 9d488d7 +* Sun Apr 29 2012 Kim Kibum 20120626.1@9d488d7 - upload tizen1.0 source -* Fri Jan 06 2012 Kibum Kim 5c170d0 +* Fri Jan 06 2012 Kibum Kim 20120626.1@5c170d0 - Git init [ Eunkyoung Kim ] - Initial empty repository diff --git a/packaging/openssh.spec b/packaging/openssh.spec index 5cbd379..f079787 100644 --- a/packaging/openssh.spec +++ b/packaging/openssh.spec @@ -10,8 +10,8 @@ Source1: openssh-nukeacss.sh Source4: sshd.service Source5: sshd@.service Source6: sshd.socket -Source7: sshd-keys.service -Source8: sshd-hostkeys +Source7: sshd-keygen.service +Source8: sshd-keygen Source1001: openssh.manifest Patch0: 0001-customize-configuration.patch @@ -44,7 +44,6 @@ Requires: openssh = %{version} Summary: The OpenSSH server daemon Group: System/Daemons Requires: openssh = %{version} -#Requires(pre): /usr/sbin/useradd %description @@ -120,31 +119,45 @@ install -d %{buildroot}%{_libexecdir}/openssh install -m755 contrib/ssh-copy-id %{buildroot}%{_bindir}/ # systemd integration -install -D -m 0644 %{SOURCE4} %{buildroot}/%{_lib}/systemd/system/sshd.service -install -D -m 0644 %{SOURCE5} %{buildroot}/%{_lib}/systemd/system/sshd@.service -install -D -m 0644 %{SOURCE6} %{buildroot}/%{_lib}/systemd/system/sshd.socket -install -D -m 0644 %{SOURCE7} %{buildroot}/%{_lib}/systemd/system/sshd-keys.service -mkdir -p %{buildroot}/%{_lib}/systemd/system/multi-user.target.wants -ln -s ../sshd.socket %{buildroot}/%{_lib}/systemd/system/multi-user.target.wants/sshd.socket -install -D -m 0755 %{SOURCE8} %{buildroot}%{_sbindir}/sshd-hostkeys -mkdir -p %{buildroot}/%{_lib}/systemd/system/multi-user.target.wants -ln -s ../sshd-keys.service %{buildroot}/%{_lib}/systemd/system/multi-user.target.wants/sshd-keys.service +install -D -m 0644 %{SOURCE4} %{buildroot}/%{_libdir}/systemd/system/sshd.service +install -D -m 0644 %{SOURCE5} %{buildroot}/%{_libdir}/systemd/system/sshd@.service +install -D -m 0644 %{SOURCE6} %{buildroot}/%{_libdir}/systemd/system/sshd.socket +install -D -m 0644 %{SOURCE7} %{buildroot}/%{_libdir}/systemd/system/sshd-keygen.service +mkdir -p %{buildroot}/%{_libdir}/systemd/system/multi-user.target.wants +ln -s ../sshd.socket %{buildroot}/%{_libdir}/systemd/system/multi-user.target.wants/sshd.socket +install -D -m 0755 %{SOURCE8} %{buildroot}%{_sbindir}/sshd-keygen +mkdir -p %{buildroot}/%{_libdir}/systemd/system/multi-user.target.wants +ln -s ../sshd-keygen.service %{buildroot}/%{_libdir}/systemd/system/multi-user.target.wants/sshd-keygen.service rm -f %{buildroot}%{_sysconfdir}/profile.d/gnome-ssh-askpass.* +mkdir -p %{buildroot}/var/empty/sshd + %remove_docs rm -rf %{buildroot}%{_datadir}/man -%triggerun server -- ssh-server -if [ "$1" != 0 -a -r /var/run/sshd.pid ] ; then - touch /var/run/sshd.restart + +%post server +if [ $1 -eq 1 ] ; then + /usr/bin/systemctl daemon-reload >/dev/null 2>&1 || : + /usr//bin/systemctl enable sshd.service >/dev/null 2>&1 || : + /usr//bin/systemctl enable sshd-keygen.service >/dev/null 2>&1 || : fi -#%pre server -#/usr/sbin/useradd -c "Privilege-separated SSH" -u %{sshd_uid} \ -# -s /bin/false -r -d /var/empty/sshd sshd 2> /dev/null || : +%postun server +/usr/bin/systemctl daemon-reload >/dev/null 2>&1 || : +if [ $1 -ge 1 ] ; then + # Package upgrade, not uninstall + /usr//bin/systemctl try-restart sshd.service >/dev/null 2>&1 || : +fi +%preun server +if [ $1 -eq 0 ] ; then + # Package removal, not upgrade + /usr/bin/systemctl --no-reload disable sshd.service > /dev/null 2>&1 || : + /usr//bin/systemctl stop sshd.service > /dev/null 2>&1 || : +fi %files @@ -172,14 +185,15 @@ fi %files server %manifest openssh.manifest %dir %attr(0711,root,root) +%attr(0750,root,root) /var/empty/sshd %attr(0755,root,root) %{_sbindir}/sshd %attr(0755,root,root) %{_libexecdir}/openssh/sftp-server %attr(0600,root,root) %config(noreplace) %{_sysconfdir}/ssh/sshd_config -/%{_lib}/systemd/system/sshd.service -/%{_lib}/systemd/system/sshd.socket -/%{_lib}/systemd/system/sshd@.service -/%{_lib}/systemd/system/sshd-keys.service -/%{_lib}/systemd/system/multi-user.target.wants/sshd.socket -/%{_lib}/systemd/system/multi-user.target.wants/sshd-keys.service -%{_sbindir}/sshd-hostkeys +%{_libdir}/systemd/system/sshd.service +%{_libdir}/systemd/system/sshd.socket +%{_libdir}/systemd/system/sshd@.service +%{_libdir}/systemd/system/sshd-keygen.service +%{_libdir}/systemd/system/multi-user.target.wants/sshd.socket +%{_libdir}/systemd/system/multi-user.target.wants/sshd-keygen.service +%{_sbindir}/sshd-keygen diff --git a/packaging/sshd-hostkeys b/packaging/sshd-keygen similarity index 79% rename from packaging/sshd-hostkeys rename to packaging/sshd-keygen index 697c2be..6d9c8f2 100644 --- a/packaging/sshd-hostkeys +++ b/packaging/sshd-keygen @@ -5,8 +5,8 @@ make_key() if [ ! -f /etc/ssh/$1 ]; then echo "Generating $2 key: /etc/ssh/$1" ssh-keygen -q -t $2 -N '' -f /etc/ssh/$1 - chmod 600 /etc/ssh/$1 - chmod 644 /etc/ssh/$1.pub + /bin/chmod 600 /etc/ssh/$1 + /bin/chmod 644 /etc/ssh/$1.pub fi } diff --git a/packaging/sshd-keygen.service b/packaging/sshd-keygen.service new file mode 100644 index 0000000..aa334a7 --- /dev/null +++ b/packaging/sshd-keygen.service @@ -0,0 +1,10 @@ +[Unit] +Description=SSH server keys generation. + +[Service] +Type=oneshot +ExecStart=/usr/sbin/sshd-keygen +RemainAfterExit=yes + +[Install] +WantedBy=multi-user.target diff --git a/packaging/sshd-keys.service b/packaging/sshd-keys.service deleted file mode 100644 index a1a7e05..0000000 --- a/packaging/sshd-keys.service +++ /dev/null @@ -1,11 +0,0 @@ -[Unit] -Description=Create sshd host keys - -[Service] -Type=oneshot -ExecStart=/usr/sbin/sshd-hostkeys -ExecStartPost=/bin/ln -s /dev/null /etc/systemd/system/sshd-keys.service - -[Install] -WantedBy=multi-user.target - -- 2.7.4