diff --git a/openssh-clients-fips.conf b/openssh-clients-fips.conf deleted file mode 100644 index 1884348..0000000 --- a/openssh-clients-fips.conf +++ /dev/null @@ -1 +0,0 @@ --b /usr/bin/ssh diff --git a/openssh-server-fips.conf b/openssh-server-fips.conf deleted file mode 100644 index 52abdf4..0000000 --- a/openssh-server-fips.conf +++ /dev/null @@ -1 +0,0 @@ --b /usr/sbin/sshd diff --git a/openssh.spec b/openssh.spec index 0e30356..ed31163 100644 --- a/openssh.spec +++ b/openssh.spec @@ -87,8 +87,6 @@ Source10: sshd.socket Source11: sshd.service Source12: sshd-keygen.service Source13: sshd-keygen -Source14: openssh-clients-fips.conf -Source15: openssh-server-fips.conf # Internal debug Patch0: openssh-5.9p1-wIm.patch @@ -237,11 +235,6 @@ BuildRequires: xauth Summary: An open source SSH client applications Group: Applications/Internet Requires: openssh = %{version}-%{release} - -%package clients-fips -Summary: The FIPS module package for SSH client -Group: Applications/Internet -Requires: openssh-clients = %{version}-%{release} Requires: fipscheck-lib%{_isa} >= 1.3.0 %package server @@ -250,16 +243,11 @@ Group: System Environment/Daemons Requires: openssh = %{version}-%{release} Requires(pre): /usr/sbin/useradd Requires: pam >= 1.0.1-3 +Requires: fipscheck-lib%{_isa} >= 1.3.0 Requires(post): systemd-units Requires(preun): systemd-units Requires(postun): systemd-units -%package server-fips -Summary: The FIPS module package for SSH server daemon -Group: System Environment/Daemons -Requires: openssh-server = %{version}-%{release} -Requires: fipscheck-lib%{_isa} >= 1.3.0 - # Not yet ready # %package server-ondemand # Summary: Systemd unit file to run an ondemand OpenSSH server @@ -316,24 +304,12 @@ OpenSSH is a free version of SSH (Secure SHell), a program for logging into and executing commands on a remote machine. This package includes the clients necessary to make encrypted connections to SSH servers. -%description clients-fips -OpenSSH is a free version of SSH (Secure SHell), a program for logging -into and executing commands on a remote machine. This package includes -the files that complete the installation of the OpenSSH client FIPS -module. - %description server OpenSSH is a free version of SSH (Secure SHell), a program for logging into and executing commands on a remote machine. This package contains the secure shell daemon (sshd). The sshd daemon allows SSH clients to securely connect to your SSH server. -%description server-fips -OpenSSH is a free version of SSH (Secure SHell), a program for logging -into and executing commands on a remote machine. This package contains -the files that complete the installation of the OpenSSH server FIPS -module. - %description server-sysvinit OpenSSH is a free version of SSH (Secure SHell), a program for logging into and executing commands on a remote machine. This package contains @@ -615,13 +591,6 @@ pushd pam_ssh_agent_auth-%{pam_ssh_agent_ver} make install DESTDIR=$RPM_BUILD_ROOT popd %endif - -#install prelink blacklists -mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/prelink.conf.d -install -m644 %{SOURCE14} %{SOURCE15} \ - $RPM_BUILD_ROOT/%{_sysconfdir}/prelink.conf.d/ - - %clean rm -rf $RPM_BUILD_ROOT @@ -634,15 +603,9 @@ getent passwd sshd >/dev/null || \ useradd -c "Privilege-separated SSH" -u %{sshd_uid} -g sshd \ -s /sbin/nologin -r -d /var/empty/sshd sshd 2> /dev/null || : -%post clients-fips -prelink -u %{_bindir}/ssh 2>/dev/null || : - %post server %systemd_post sshd.service sshd.socket -%post server-fips -prelink -u %{_sbindir}/sshd 2>/dev/null || : - %preun server %systemd_preun sshd.service sshd.socket @@ -678,6 +641,7 @@ prelink -u %{_sbindir}/sshd 2>/dev/null || : %files clients %defattr(-,root,root) %attr(0755,root,root) %{_bindir}/ssh +%attr(0644,root,root) %{_libdir}/fipscheck/ssh.hmac %attr(0644,root,root) %{_mandir}/man1/ssh.1* %attr(0755,root,root) %{_bindir}/scp %attr(0644,root,root) %{_mandir}/man1/scp.1* @@ -700,19 +664,13 @@ prelink -u %{_sbindir}/sshd 2>/dev/null || : %attr(0644,root,root) %{_mandir}/man8/ssh-pkcs11-helper.8* %endif -%files clients-fips -%defattr(-,root,root) -%attr(0644,root,root) %{_libdir}/fipscheck/ssh.hmac -# We don't want to depend on prelink for this directory -%dir %{_sysconfdir}/prelink.conf.d -%{_sysconfdir}/prelink.conf.d/openssh-clients-fips.conf - %if ! %{rescue} %files server %defattr(-,root,root) %dir %attr(0711,root,root) %{_var}/empty/sshd %attr(0755,root,root) %{_sbindir}/sshd %attr(0755,root,root) %{_sbindir}/sshd-keygen +%attr(0644,root,root) %{_libdir}/fipscheck/sshd.hmac %attr(0755,root,root) %{_libexecdir}/openssh/sftp-server %attr(0644,root,root) %{_mandir}/man5/sshd_config.5* %attr(0644,root,root) %{_mandir}/man5/moduli.5* @@ -726,13 +684,6 @@ prelink -u %{_sbindir}/sshd 2>/dev/null || : %attr(0644,root,root) %{_unitdir}/sshd.socket %attr(0644,root,root) %{_unitdir}/sshd-keygen.service -%files server-fips -%defattr(-,root,root) -%attr(0644,root,root) %{_libdir}/fipscheck/sshd.hmac -# We don't want to depend on prelink for this directory -%dir %{_sysconfdir}/prelink.conf.d -%{_sysconfdir}/prelink.conf.d/openssh-server-fips.conf - %files server-sysvinit %defattr(-,root,root) %attr(0755,root,root) /etc/rc.d/init.d/sshd