- fix ssh-ldap-helper path

[packages/openssh.git] / openssh.spec

diff --git a/openssh.spec b/openssh.spec
index dde7c167a539e5a7b5e848461ea99c983898d7d8..e9c331e30b40dd191e7fd39f8191e1d2cd688f59 100644 (file)
--- a/openssh.spec
+++ b/openssh.spec
@@ -52,7 +52,10 @@ Patch3:              %{name}-sigpipe.patch
 # http://pkgs.fedoraproject.org/gitweb/?p=openssh.git;a=tree
 Patch4:                %{name}-5.9p1-ldap.patch
 Patch5:                %{name}-5.9p1-ldap-fixes.patch
+Patch8:                ldap.conf.patch
 Patch6:                %{name}-config.patch
+# https://bugzilla.mindrot.org/show_bug.cgi?id=1663
+Patch7:                authorized-keys-command.patch
 # High Performance SSH/SCP - HPN-SSH - http://www.psc.edu/networking/projects/hpn-ssh/
 # http://www.psc.edu/networking/projects/hpn-ssh/openssh-5.2p1-hpn13v6.diff.gz
 Patch9:                %{name}-5.2p1-hpn13v6.diff
@@ -495,9 +498,11 @@ openldap-a.
 %patch0 -p1
 %patch2 -p1
 %patch3 -p1
-%{?with_ldap:%patch4 -p1}
+%patch4 -p1
 %patch5 -p1
+%patch8 -p1
 %patch6 -p1
+%patch7 -p1
 %{?with_hpn:%patch9 -p1}
 %patch10 -p1
 %patch11 -p1
@@ -520,6 +525,9 @@ install -p %{SOURCE2} sshd.init
 # hack since arc4random from openbsd-compat needs symbols from libssh and vice versa
 sed -i -e 's#-lssh -lopenbsd-compat#-lssh -lopenbsd-compat -lssh#g' Makefile*
 
+grep -rl /usr/libexec/openssh/ssh-ldap-helper . | xargs \
+%{__sed} -i -e 's,/usr/libexec/openssh/ssh-ldap-helper,%{_libexecdir}/ssh-ldap-helper,'
+
 %build
 cp /usr/share/automake/config.sub .
 %{__aclocal}
@@ -535,11 +543,12 @@ CPPFLAGS="-DCHROOT"
        %{?with_audit:--with-audit=linux} \
        --with-ipaddr-display \
        %{?with_kerberos5:--with-kerberos5=/usr} \
-       %{?with_ldap:--with-ldap} \
+       --with-ldap%{!?with_ldap:=no} \
        %{?with_libedit:--with-libedit} \
        --with-mantype=man \
        --with-md5-passwords \
        --with-pam \
+       --with-authorized-keys-command \
        --with-pid-dir=%{_localstatedir}/run \
        --with-privsep-path=%{_privsepdir} \
        %{?with_selinux:--with-selinux} \
@@ -613,6 +622,7 @@ cat << 'EOF' > $RPM_BUILD_ROOT/etc/env.d/SSH_ASKPASS
 EOF
 
 %{__rm} $RPM_BUILD_ROOT%{_mandir}/README.openssh-non-english-man-pages
+%{__rm} $RPM_BUILD_ROOT%{_sysconfdir}/ldap.conf
 
 %clean
 rm -rf $RPM_BUILD_ROOT
@@ -651,7 +661,7 @@ if [ "$1" = "0" ]; then
        %userremove sshd
 fi
 
-%triggerpostun server -- %{name}-server < 5.9p1-1
+%triggerpostun server -- %{name}-server < 2:5.9p1-1
 # lpk.patch to ldap.patch
 if grep -qE '^(UseLPK|Lpk)' %{_sysconfdir}/sshd_config; then
        echo >&2 "Migrating LPK patch to LDAP patch"
@@ -660,7 +670,7 @@ if grep -qE '^(UseLPK|Lpk)' %{_sysconfdir}/sshd_config; then
                # disable old configs
                # just UseLPK/LkpLdapConf supported for now
                s/^UseLPK/## Obsolete &/
-               s/^LPK/## Obsolete &/
+               s/^Lpk/## Obsolete &/
                # Enable new ones, assumes /etc/ldap.conf defaults, see HOWTO.ldap-keys
                /UseLPK/iAuthorizedKeysCommand "%{_libexecdir}/ssh-ldap-wrapper"
        ' %{_sysconfdir}/sshd_config
@@ -731,7 +741,7 @@ fi
 
 %files server
 %defattr(644,root,root,755)
-%doc HOWTO.ldap-keys
+%doc HOWTO.ldap-keys ldap.conf
 %attr(755,root,root) %{_sbindir}/sshd
 %attr(755,root,root) %{_libexecdir}/sftp-server
 %attr(755,root,root) %{_libexecdir}/ssh-keysign
@@ -747,7 +757,6 @@ fi
 %{_mandir}/man5/ssh-ldap.conf.5*
 %{_mandir}/man5/moduli.5*
 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/sshd_config
-%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/ldap.conf
 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/pam.d/sshd
 %attr(640,root,root) %{_sysconfdir}/moduli
 %attr(754,root,root) /etc/rc.d/init.d/sshd