rpms/openssh
3
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Revert "add -fips subpackages that contains the FIPS module files"

Browse Source 
This reverts commit 227f4f7628.
This commit is contained in:
Petr Lautrbach 2013-10-08 17:13:39 +02:00
parent d4d8299c30
commit 2ae5f9ff89
3 changed files with 3 additions and 54 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
openssh-clients-fips.conf
View File

@ -1 +0,0 @@
-b /usr/bin/ssh

1
openssh-server-fips.conf
View File

@ -1 +0,0 @@
-b /usr/sbin/sshd

55
openssh.spec
View File

@ -87,8 +87,6 @@ Source10: sshd.socket
Source11: sshd.service Source11: sshd.service
Source12: sshd-keygen.service Source12: sshd-keygen.service
Source13: sshd-keygen Source13: sshd-keygen
Source14: openssh-clients-fips.conf
Source15: openssh-server-fips.conf
# Internal debug # Internal debug
Patch0: openssh-5.9p1-wIm.patch Patch0: openssh-5.9p1-wIm.patch
@ -237,11 +235,6 @@ BuildRequires: xauth
Summary: An open source SSH client applications Summary: An open source SSH client applications
Group: Applications/Internet Group: Applications/Internet
Requires: openssh = %{version}-%{release} Requires: openssh = %{version}-%{release}
%package clients-fips
Summary: The FIPS module package for SSH client
Group: Applications/Internet
Requires: openssh-clients = %{version}-%{release}
Requires: fipscheck-lib%{_isa} >= 1.3.0 Requires: fipscheck-lib%{_isa} >= 1.3.0
%package server %package server
@ -250,16 +243,11 @@ Group: System Environment/Daemons
Requires: openssh = %{version}-%{release} Requires: openssh = %{version}-%{release}
Requires(pre): /usr/sbin/useradd Requires(pre): /usr/sbin/useradd
Requires: pam >= 1.0.1-3 Requires: pam >= 1.0.1-3
Requires: fipscheck-lib%{_isa} >= 1.3.0
Requires(post): systemd-units Requires(post): systemd-units
Requires(preun): systemd-units Requires(preun): systemd-units
Requires(postun): systemd-units Requires(postun): systemd-units
%package server-fips
Summary: The FIPS module package for SSH server daemon
Group: System Environment/Daemons
Requires: openssh-server = %{version}-%{release}
Requires: fipscheck-lib%{_isa} >= 1.3.0
# Not yet ready # Not yet ready
# %package server-ondemand # %package server-ondemand
# Summary: Systemd unit file to run an ondemand OpenSSH server # Summary: Systemd unit file to run an ondemand OpenSSH server
@ -316,24 +304,12 @@ OpenSSH is a free version of SSH (Secure SHell), a program for logging
into and executing commands on a remote machine. This package includes into and executing commands on a remote machine. This package includes
the clients necessary to make encrypted connections to SSH servers. the clients necessary to make encrypted connections to SSH servers.
%description clients-fips
OpenSSH is a free version of SSH (Secure SHell), a program for logging
into and executing commands on a remote machine. This package includes
the files that complete the installation of the OpenSSH client FIPS
module.
%description server %description server
OpenSSH is a free version of SSH (Secure SHell), a program for logging OpenSSH is a free version of SSH (Secure SHell), a program for logging
into and executing commands on a remote machine. This package contains into and executing commands on a remote machine. This package contains
the secure shell daemon (sshd). The sshd daemon allows SSH clients to the secure shell daemon (sshd). The sshd daemon allows SSH clients to
securely connect to your SSH server. securely connect to your SSH server.
%description server-fips
OpenSSH is a free version of SSH (Secure SHell), a program for logging
into and executing commands on a remote machine. This package contains
the files that complete the installation of the OpenSSH server FIPS
module.
%description server-sysvinit %description server-sysvinit
OpenSSH is a free version of SSH (Secure SHell), a program for logging OpenSSH is a free version of SSH (Secure SHell), a program for logging
into and executing commands on a remote machine. This package contains into and executing commands on a remote machine. This package contains
@ -615,13 +591,6 @@ pushd pam_ssh_agent_auth-%{pam_ssh_agent_ver}
make install DESTDIR=$RPM_BUILD_ROOT make install DESTDIR=$RPM_BUILD_ROOT
popd popd
%endif %endif
#install prelink blacklists
mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/prelink.conf.d
install -m644 %{SOURCE14} %{SOURCE15} \
$RPM_BUILD_ROOT/%{_sysconfdir}/prelink.conf.d/
%clean %clean
rm -rf $RPM_BUILD_ROOT rm -rf $RPM_BUILD_ROOT
@ -634,15 +603,9 @@ getent passwd sshd >/dev/null || \
useradd -c "Privilege-separated SSH" -u %{sshd_uid} -g sshd \ useradd -c "Privilege-separated SSH" -u %{sshd_uid} -g sshd \
-s /sbin/nologin -r -d /var/empty/sshd sshd 2> /dev/null || : -s /sbin/nologin -r -d /var/empty/sshd sshd 2> /dev/null || :
%post clients-fips
prelink -u %{_bindir}/ssh 2>/dev/null || :
%post server %post server
%systemd_post sshd.service sshd.socket %systemd_post sshd.service sshd.socket
%post server-fips
prelink -u %{_sbindir}/sshd 2>/dev/null || :
%preun server %preun server
%systemd_preun sshd.service sshd.socket %systemd_preun sshd.service sshd.socket
@ -678,6 +641,7 @@ prelink -u %{_sbindir}/sshd 2>/dev/null || :
%files clients %files clients
%defattr(-,root,root) %defattr(-,root,root)
%attr(0755,root,root) %{_bindir}/ssh %attr(0755,root,root) %{_bindir}/ssh
%attr(0644,root,root) %{_libdir}/fipscheck/ssh.hmac
%attr(0644,root,root) %{_mandir}/man1/ssh.1* %attr(0644,root,root) %{_mandir}/man1/ssh.1*
%attr(0755,root,root) %{_bindir}/scp %attr(0755,root,root) %{_bindir}/scp
%attr(0644,root,root) %{_mandir}/man1/scp.1* %attr(0644,root,root) %{_mandir}/man1/scp.1*
@ -700,19 +664,13 @@ prelink -u %{_sbindir}/sshd 2>/dev/null || :
%attr(0644,root,root) %{_mandir}/man8/ssh-pkcs11-helper.8* %attr(0644,root,root) %{_mandir}/man8/ssh-pkcs11-helper.8*
%endif %endif
%files clients-fips
%defattr(-,root,root)
%attr(0644,root,root) %{_libdir}/fipscheck/ssh.hmac
# We don't want to depend on prelink for this directory
%dir %{_sysconfdir}/prelink.conf.d
%{_sysconfdir}/prelink.conf.d/openssh-clients-fips.conf
%if ! %{rescue} %if ! %{rescue}
%files server %files server
%defattr(-,root,root) %defattr(-,root,root)
%dir %attr(0711,root,root) %{_var}/empty/sshd %dir %attr(0711,root,root) %{_var}/empty/sshd
%attr(0755,root,root) %{_sbindir}/sshd %attr(0755,root,root) %{_sbindir}/sshd
%attr(0755,root,root) %{_sbindir}/sshd-keygen %attr(0755,root,root) %{_sbindir}/sshd-keygen
%attr(0644,root,root) %{_libdir}/fipscheck/sshd.hmac
%attr(0755,root,root) %{_libexecdir}/openssh/sftp-server %attr(0755,root,root) %{_libexecdir}/openssh/sftp-server
%attr(0644,root,root) %{_mandir}/man5/sshd_config.5* %attr(0644,root,root) %{_mandir}/man5/sshd_config.5*
%attr(0644,root,root) %{_mandir}/man5/moduli.5* %attr(0644,root,root) %{_mandir}/man5/moduli.5*
@ -726,13 +684,6 @@ prelink -u %{_sbindir}/sshd 2>/dev/null || :
%attr(0644,root,root) %{_unitdir}/sshd.socket %attr(0644,root,root) %{_unitdir}/sshd.socket
%attr(0644,root,root) %{_unitdir}/sshd-keygen.service %attr(0644,root,root) %{_unitdir}/sshd-keygen.service
%files server-fips
%defattr(-,root,root)
%attr(0644,root,root) %{_libdir}/fipscheck/sshd.hmac
# We don't want to depend on prelink for this directory
%dir %{_sysconfdir}/prelink.conf.d
%{_sysconfdir}/prelink.conf.d/openssh-server-fips.conf
%files server-sysvinit %files server-sysvinit
%defattr(-,root,root) %defattr(-,root,root)
%attr(0755,root,root) /etc/rc.d/init.d/sshd %attr(0755,root,root) /etc/rc.d/init.d/sshd