- (djm) Cleanup Redhat RPMs. Generate keys at runtime rather than install
time, spec file cleanup.
diff --git a/ChangeLog b/ChangeLog
index dc39a4a..237a1d9 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,7 @@
+20000808
+ - (djm) Cleanup Redhat RPMs. Generate keys at runtime rather than install
+ time, spec file cleanup.
+
20000807
- (djm) Set 0755 on binaries during install. Report from Lutz Jaenicke
- (djm) Suppress error messages on channel close shutdown() failurs
diff --git a/contrib/redhat/openssh.spec b/contrib/redhat/openssh.spec
index e1feb77..e593f28 100644
--- a/contrib/redhat/openssh.spec
+++ b/contrib/redhat/openssh.spec
@@ -1,5 +1,5 @@
# Version of OpenSSH
-%define oversion 2.1.1p4
+%define oversion 2.1.1p5
# Version of ssh-askpass
%define aversion 1.0
@@ -14,9 +14,9 @@
Name: openssh
Version: %{oversion}
Release: 1
-Packager: Damien Miller <djm@ibs.com.au>
+Packager: Damien Miller <djm@mindrot.org>
URL: http://www.openssh.com/
-Source0: http://violet.ibs.com.au/openssh/files/openssh-%{oversion}.tar.gz
+Source0: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{oversion}.tar.gz
Source1: http://www.ntrnet.net/~jmknoble/software/x11-ssh-askpass/x11-ssh-askpass-%{aversion}.tar.gz
Copyright: BSD
Group: Applications/Internet
@@ -27,14 +27,14 @@
BuildPreReq: perl
BuildPreReq: openssl-devel
BuildPreReq: tcp_wrappers
-%if ! %{no_x11_askpass}
+%if ! %{no_gnome_askpass}
BuildPreReq: gnome-libs-devel
%endif
%package clients
Summary: OpenSSH Secure Shell protocol clients
Requires: openssh
-Group: System Environment/Daemons
+Group: Applications/Internet
Obsoletes: ssh-clients
%package server
@@ -127,6 +127,9 @@
This package contains the GNOME passphrase dialog.
%changelog
+* Tue Aug 08 2000 Damien Miller <djm@mindrot.org>
+- Some surgery to sshd.init (generate keys at runtime)
+- Cleanup of groups and removal of keygen calls
* Wed Jul 12 2000 Damien Miller <djm@mindrot.org>
- Make building of X11-askpass and gnome-askpass optional
* Mon Jun 12 2000 Damien Miller <djm@mindrot.org>
@@ -208,20 +211,12 @@
%post server
/sbin/chkconfig --add sshd
-if [ ! -f /etc/ssh/ssh_host_key -o ! -s /etc/ssh/ssh_host_key ]; then
- /usr/bin/ssh-keygen -b 1024 -f /etc/ssh/ssh_host_key -N '' >&2
-fi
-if [ ! -f /etc/ssh/ssh_host_dsa_key -o ! -s /etc/ssh/ssh_host_dsa_key ]; then
- /usr/bin/ssh-keygen -d -f /etc/ssh/ssh_host_dsa_key -N '' >&2
-fi
-if test -r /var/run/sshd.pid
-then
+if test -r /var/run/sshd.pid ; then
/etc/rc.d/init.d/sshd restart >&2
fi
%preun server
-if [ "$1" = 0 ]
-then
+if [ "$1" = 0 ] ; then
/etc/rc.d/init.d/sshd stop >&2
/sbin/chkconfig --del sshd
fi
@@ -272,4 +267,3 @@
%defattr(-,root,root)
%attr(0755,root,root) /usr/libexec/ssh/gnome-ssh-askpass
%endif
-
diff --git a/contrib/redhat/sshd.init b/contrib/redhat/sshd.init
index cac91bb..487d128 100755
--- a/contrib/redhat/sshd.init
+++ b/contrib/redhat/sshd.init
@@ -17,44 +17,73 @@
RETVAL=0
+# Some functions to make the below more readable
+KEYGEN=/usr/bin/ssh-keygen
+RSA_KEY=/etc/ssh/ssh_host_key
+DSA_KEY=/etc/ssh/ssh_host_dsa_key
+PID_FILE=/var/run/sshd.pid
+do_rsa_keygen() {
+ if $KEYGEN -R && ! test -f $RSA_KEY ; then
+ echo -n "Generating SSH RSA host key: "
+ if $KEYGEN -q -b 1024 -f $RSA_KEY -C '' -N '' >&/dev/null; then
+ success "RSA key generation"
+ echo
+ else
+ failure "RSA key generation"
+ echo
+ exit 1
+ fi
+ fi
+}
+do_dsa_keygen() {
+ if ! test -f $DSA_KEY ; then
+ echo -n "Generating SSH DSA host key: "
+ if $KEYGEN -q -d -b 1024 -f $DSA_KEY -C '' -N '' >&/dev/null; then
+ success "DSA key generation"
+ echo
+ else
+ failure "DSA key generation"
+ echo
+ exit 1
+ fi
+ fi
+}
+
case "$1" in
- start)
- echo -n "Starting sshd: "
- if [ ! -f /var/run/sshd.pid ] ; then
- case "`type -type success`" in
- function)
- /usr/sbin/sshd && success "sshd startup" || failure "sshd startup"
- RETVAL=$?
- ;;
- *)
- /usr/sbin/sshd && echo -n "sshd "
- RETVAL=$?
- ;;
- esac
- [ $RETVAL -eq 0 ] && touch /var/lock/subsys/sshd
- fi
- echo
- ;;
- stop)
- echo -n "Shutting down sshd: "
- if [ -f /var/run/sshd.pid ] ; then
- killproc sshd
- fi
- echo
- [ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/sshd
- ;;
- restart)
- $0 stop
- $0 start
- RETVAL=$?
- ;;
- status)
- status sshd
- RETVAL=$?
- ;;
- *)
- echo "Usage: sshd {start|stop|restart|status}"
- exit 1
+ start)
+ # Create keys if necessary
+ do_rsa_keygen;
+ do_dsa_keygen;
+
+ echo -n "Starting sshd: "
+ if [ ! -f $PID_FILE ] ; then
+ daemon sshd
+ RETVAL=$?
+ touch /var/lock/subsys/sshd
+ fi
+ echo
+ ;;
+ stop)
+ echo -n "Shutting down sshd: "
+ if [ -f $PID_FILE ] ; then
+ killproc sshd
+ [ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/sshd
+ fi
+ echo
+ ;;
+ restart)
+ $0 stop
+ $0 start
+ RETVAL=$?
+ ;;
+ status)
+ status sshd
+ RETVAL=$?
+ ;;
+ *)
+ echo "Usage: sshd {start|stop|restart|status}"
+ exit 1
+ ;;
esac
exit $RETVAL
diff --git a/contrib/redhat/sshd.init-5.x b/contrib/redhat/sshd.init-5.x
new file mode 100755
index 0000000..e836b69
--- /dev/null
+++ b/contrib/redhat/sshd.init-5.x
@@ -0,0 +1,61 @@
+#!/bin/bash
+
+# Init file for OpenSSH server daemon
+#
+# chkconfig: 2345 55 25
+# description: OpenSSH server daemon
+#
+# processname: sshd
+# config: /etc/ssh/ssh_host_key
+# config: /etc/ssh/ssh_host_key.pub
+# config: /etc/ssh/ssh_random_seed
+# config: /etc/ssh/sshd_config
+# pidfile: /var/run/sshd.pid
+
+# source function library
+. /etc/rc.d/init.d/functions
+
+RETVAL=0
+
+case "$1" in
+ start)
+ echo -n "Starting sshd: "
+ if [ ! -f /var/run/sshd.pid ] ; then
+ case "`type -type success`" in
+ function)
+ /usr/sbin/sshd && success "sshd startup" || failure "sshd startup"
+ RETVAL=$?
+ ;;
+ *)
+ /usr/sbin/sshd && echo -n "sshd "
+ RETVAL=$?
+ ;;
+ esac
+ [ $RETVAL -eq 0 ] && touch /var/lock/subsys/sshd
+ fi
+ echo
+ ;;
+ stop)
+ echo -n "Shutting down sshd: "
+ if [ -f /var/run/sshd.pid ] ; then
+ killproc sshd
+ fi
+ echo
+ [ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/sshd
+ ;;
+ restart)
+ $0 stop
+ $0 start
+ RETVAL=$?
+ ;;
+ status)
+ status sshd
+ RETVAL=$?
+ ;;
+ *)
+ echo "Usage: sshd {start|stop|restart|status}"
+ exit 1
+ ;;
+esac
+
+exit $RETVAL