- fix ssh-ldap-helper path

[packages/openssh.git] / openssh.spec

diff --git a/openssh.spec b/openssh.spec
index 642692aa84b27fba6201de5410db91d8fedfc3e6..e9c331e30b40dd191e7fd39f8191e1d2cd688f59 100644 (file)
--- a/openssh.spec
+++ b/openssh.spec
@@ -52,7 +52,10 @@ Patch3:              %{name}-sigpipe.patch
 # http://pkgs.fedoraproject.org/gitweb/?p=openssh.git;a=tree
 Patch4:                %{name}-5.9p1-ldap.patch
 Patch5:                %{name}-5.9p1-ldap-fixes.patch
+Patch8:                ldap.conf.patch
 Patch6:                %{name}-config.patch
+# https://bugzilla.mindrot.org/show_bug.cgi?id=1663
+Patch7:                authorized-keys-command.patch
 # High Performance SSH/SCP - HPN-SSH - http://www.psc.edu/networking/projects/hpn-ssh/
 # http://www.psc.edu/networking/projects/hpn-ssh/openssh-5.2p1-hpn13v6.diff.gz
 Patch9:                %{name}-5.2p1-hpn13v6.diff
@@ -495,9 +498,11 @@ openldap-a.
 %patch0 -p1
 %patch2 -p1
 %patch3 -p1
-%{?with_ldap:%patch4 -p1}
+%patch4 -p1
 %patch5 -p1
+%patch8 -p1
 %patch6 -p1
+%patch7 -p1
 %{?with_hpn:%patch9 -p1}
 %patch10 -p1
 %patch11 -p1
@@ -520,6 +525,9 @@ install -p %{SOURCE2} sshd.init
 # hack since arc4random from openbsd-compat needs symbols from libssh and vice versa
 sed -i -e 's#-lssh -lopenbsd-compat#-lssh -lopenbsd-compat -lssh#g' Makefile*
 
+grep -rl /usr/libexec/openssh/ssh-ldap-helper . | xargs \
+%{__sed} -i -e 's,/usr/libexec/openssh/ssh-ldap-helper,%{_libexecdir}/ssh-ldap-helper,'
+
 %build
 cp /usr/share/automake/config.sub .
 %{__aclocal}
@@ -535,11 +543,12 @@ CPPFLAGS="-DCHROOT"
        %{?with_audit:--with-audit=linux} \
        --with-ipaddr-display \
        %{?with_kerberos5:--with-kerberos5=/usr} \
-       %{?with_ldap:--with-ldap} \
+       --with-ldap%{!?with_ldap:=no} \
        %{?with_libedit:--with-libedit} \
        --with-mantype=man \
        --with-md5-passwords \
        --with-pam \
+       --with-authorized-keys-command \
        --with-pid-dir=%{_localstatedir}/run \
        --with-privsep-path=%{_privsepdir} \
        %{?with_selinux:--with-selinux} \
@@ -613,6 +622,7 @@ cat << 'EOF' > $RPM_BUILD_ROOT/etc/env.d/SSH_ASKPASS
 EOF
 
 %{__rm} $RPM_BUILD_ROOT%{_mandir}/README.openssh-non-english-man-pages
+%{__rm} $RPM_BUILD_ROOT%{_sysconfdir}/ldap.conf
 
 %clean
 rm -rf $RPM_BUILD_ROOT
@@ -651,6 +661,21 @@ if [ "$1" = "0" ]; then
        %userremove sshd
 fi
 
+%triggerpostun server -- %{name}-server < 2:5.9p1-1
+# lpk.patch to ldap.patch
+if grep -qE '^(UseLPK|Lpk)' %{_sysconfdir}/sshd_config; then
+       echo >&2 "Migrating LPK patch to LDAP patch"
+       cp -f %{_sysconfdir}/sshd_config{,.rpmorig}
+       %{__sed} -i -e '
+               # disable old configs
+               # just UseLPK/LkpLdapConf supported for now
+               s/^UseLPK/## Obsolete &/
+               s/^Lpk/## Obsolete &/
+               # Enable new ones, assumes /etc/ldap.conf defaults, see HOWTO.ldap-keys
+               /UseLPK/iAuthorizedKeysCommand "%{_libexecdir}/ssh-ldap-wrapper"
+       ' %{_sysconfdir}/sshd_config
+fi
+
 %post server-upstart
 %upstart_post sshd
 
@@ -716,6 +741,7 @@ fi
 
 %files server
 %defattr(644,root,root,755)
+%doc HOWTO.ldap-keys ldap.conf
 %attr(755,root,root) %{_sbindir}/sshd
 %attr(755,root,root) %{_libexecdir}/sftp-server
 %attr(755,root,root) %{_libexecdir}/ssh-keysign
@@ -731,7 +757,6 @@ fi
 %{_mandir}/man5/ssh-ldap.conf.5*
 %{_mandir}/man5/moduli.5*
 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/sshd_config
-%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/ldap.conf
 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/pam.d/sshd
 %attr(640,root,root) %{_sysconfdir}/moduli
 %attr(754,root,root) /etc/rc.d/init.d/sshd