PR#36: Split including crypto-policies to a separate config - rpms/openssh

rpms / openssh

#36 Split including crypto-policies to a separate config

Closed 23 days ago by dbelyavs. Opened 10 months ago by dbelyavs.

rpms/ dbelyavs/openssh split_our_conf into rawhide

Split including crypto-policies to a separate config

Dmitry Belyavskiy • 10 months ago

5d48877

openssh-7.7p1-redhat.patch

file modified

+12 -8

		`@@ -80,14 +80,7 @@`
		`diff -up openssh/sshd_config_redhat.redhat openssh/sshd_config_redhat`
		`--- openssh/sshd_config_redhat.redhat 2020-02-13 18:14:02.268006439 +0100`
		`+++ openssh/sshd_config_redhat 2020-02-13 18:19:20.765035947 +0100`
		`- @@ -0,0 +1,22 @@`
		`- +# This system is following system-wide crypto policy. The changes to`
		`- +# crypto properties (Ciphers, MACs, ...) will not have any effect in`
		`- +# this or following included files. To override some configuration option,`
		`- +# write it before this block or include it before this file.`
		`- +# Please, see manual pages for update-crypto-policies(8) and sshd_config(5).`
		`- +Include /etc/crypto-policies/back-ends/opensshserver.config`
		`- +`
		`+ @@ -0,0 +1,15 @@`
		`+SyslogFacility AUTHPRIV`
		`+`
		`+ChallengeResponseAuthentication no`
		`@@ -103,3 +96,14 @@`
		`+# as it is more configurable and versatile than the built-in version.`
		`+PrintMotd no`
		`+`
		`+ diff -up openssh/sshd_config_redhat.redhat openssh/sshd_config_redhat`
		`+ --- openssh/sshd_config_redhat_cp.redhat 2020-02-13 18:14:02.268006439 +0100`
		`+ +++ openssh/sshd_config_redhat_cp 2020-02-13 18:19:20.765035947 +0100`
		`+ @@ -0,0 +1,7 @@`
		`+ +# This system is following system-wide crypto policy. The changes to`
		`+ +# crypto properties (Ciphers, MACs, ...) will not have any effect in`
		`+ +# this or following included files. To override some configuration option,`
		`+ +# write it before this block or include it before this file.`
		`+ +# Please, see manual pages for update-crypto-policies(8) and sshd_config(5).`
		`+ +Include /etc/crypto-policies/back-ends/opensshserver.config`
		`+ +`

openssh.spec

file modified

+6 -1

		`@@ -47,7 +47,7 @@`

		`# Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1`
		`%global openssh_ver 9.0p1`
		`- %global openssh_rel 7`
		`+ %global openssh_rel 8`
		`%global pam_ssh_agent_ver 0.10.4`
		`%global pam_ssh_agent_rel 7`

		`@@ -569,6 +569,7 @@`
		`install -m644 %{SOURCE6} $RPM_BUILD_ROOT/etc/pam.d/ssh-keycat`
		`install -m644 %{SOURCE7} $RPM_BUILD_ROOT/etc/sysconfig/sshd`
		`install -m644 ssh_config_redhat $RPM_BUILD_ROOT%{_sysconfdir}/ssh/ssh_config.d/50-redhat.conf`
		`+ install -m644 sshd_config_redhat_cp $RPM_BUILD_ROOT%{_sysconfdir}/ssh/sshd_config.d/40-redhat-crypto-policies.conf`
		`install -m644 sshd_config_redhat $RPM_BUILD_ROOT%{_sysconfdir}/ssh/sshd_config.d/50-redhat.conf`
		`install -d -m755 $RPM_BUILD_ROOT/%{_unitdir}`
		`install -m644 %{SOURCE9} $RPM_BUILD_ROOT/%{_unitdir}/sshd@.service`
		`@@ -692,6 +693,7 @@`
		`%attr(0644,root,root) %{_mandir}/man8/sftp-server.8*`
		`%attr(0600,root,root) %config(noreplace) %{_sysconfdir}/ssh/sshd_config`
		`%dir %attr(0700,root,root) %{_sysconfdir}/ssh/sshd_config.d/`
		`+ %attr(0600,root,root) %config(noreplace) %{_sysconfdir}/ssh/sshd_config.d/40-redhat-crypto-policies.conf`
		`%attr(0600,root,root) %config(noreplace) %{_sysconfdir}/ssh/sshd_config.d/50-redhat.conf`
		`%attr(0644,root,root) %config(noreplace) /etc/pam.d/sshd`
		`%attr(0640,root,root) %config(noreplace) /etc/sysconfig/sshd`
		`@@ -722,6 +724,9 @@`
		`%endif`

		`%changelog`
		`+ * Fri Oct 21 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 9.0p1-8`
		`+ - Split including crypto-policies to a separate config (rhbz#1970566)`
		`+`
		`* Fri Oct 21 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 9.0p1-7`
		`- Check IP opts length (rhbz#1960015)`