diff --git a/.gear/rules b/.gear/rules index cb10a838..964224b4 100644 --- a/.gear/rules +++ b/.gear/rules @@ -1 +1,2 @@ tar: . name=@name@-@version@-@release@ +copy?: *.patch diff --git a/alt/sshd.init b/alt/sshd.init index c722e0ae..238eb7c9 100755 --- a/alt/sshd.init +++ b/alt/sshd.init @@ -7,7 +7,7 @@ # # processname: sshd # config: /etc/openssh/sshd_config -# pidfile: /var/run/sshd.pid +# pidfile: run/sshd.pid WITHOUT_RC_COMPAT=1 @@ -19,8 +19,8 @@ SourceIfNotEmpty /etc/sysconfig/network EXTRAOPTIONS= PROCESSNAME=sshd -PIDFILE=/var/run/$PROCESSNAME.pid -LOCKFILE=/var/lock/subsys/$PROCESSNAME +PIDFILE=run/$PROCESSNAME.pid +LOCKFILE=/run/lock/subsys/$PROCESSNAME # Source config. SourceIfNotEmpty /etc/sysconfig/$PROCESSNAME diff --git a/openssh.spec b/openssh.spec index fdd4993d..73603195 100644 --- a/openssh.spec +++ b/openssh.spec @@ -1,6 +1,6 @@ Name: openssh Version: 7.9p1 -Release: alt1 +Release: alt2 Summary: OpenSSH free Secure Shell (SSH) implementation License: BSD-style @@ -8,6 +8,7 @@ Group: Networking/Remote access Url: http://www.openssh.com/portable.html # git://git.altlinux.org/gears/o/openssh.git Source: %name-%version-%release.tar +Patch: replaced_rundir-7.9p1.patch %define confdir %_sysconfdir/%name %define _chrootdir /var/empty @@ -156,6 +157,7 @@ not invoked directly. %prep %setup -n %name-%version-%release +%patch -p1 %build %autoreconf diff --git a/replaced_rundir-7.9p1.patch b/replaced_rundir-7.9p1.patch new file mode 100644 index 00000000..5c8fe047 --- /dev/null +++ b/replaced_rundir-7.9p1.patch @@ -0,0 +1,230 @@ +diff --git a/Makefile.in b/Makefile.in +index 126b2c74..f53bb732 100644 +--- a/Makefile.in ++++ b/Makefile.in +@@ -138,7 +138,7 @@ PATHSUBS = \ + -e 's|/etc/ssh/ssh_host_dsa_key|$(sysconfdir)/ssh_host_dsa_key|g' \ + -e 's|/etc/ssh/ssh_host_rsa_key|$(sysconfdir)/ssh_host_rsa_key|g' \ + -e 's|/etc/ssh/ssh_host_ed25519_key|$(sysconfdir)/ssh_host_ed25519_key|g' \ +- -e 's|/var/run/sshd.pid|$(piddir)/sshd.pid|g' \ ++ -e 's|/run/sshd.pid|$(piddir)/sshd.pid|g' \ + -e 's|/etc/moduli|$(sysconfdir)/moduli|g' \ + -e 's|/etc/ssh/moduli|$(sysconfdir)/moduli|g' \ + -e 's|/etc/ssh/sshrc|$(sysconfdir)/sshrc|g' \ +diff --git a/configure.ac b/configure.ac +index 68fd22b2..8b38aa1b 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -3146,11 +3146,11 @@ AC_ARG_WITH([prngd-port], + + # PRNGD Unix domain socket + AC_ARG_WITH([prngd-socket], +- [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)], ++ [ --with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/run/egd-pool)], + [ + case "$withval" in + yes) +- withval="/var/run/egd-pool" ++ withval="/run/egd-pool" + ;; + no) + withval="" +@@ -3179,7 +3179,7 @@ AC_ARG_WITH([prngd-socket], + if test "x$OPENSSL_SEEDS_ITSELF" != "xyes" ; then + AC_MSG_CHECKING([for PRNGD/EGD socket]) + # Insert other locations here +- for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do ++ for sock in /run/egd-pool /dev/egd-pool /etc/entropy; do + if test -r $sock && $TEST_MINUS_S_SH -c "test -S $sock -o -p $sock" ; then + PRNGD_SOCKET="$sock" + AC_DEFINE_UNQUOTED([PRNGD_SOCKET], ["$PRNGD_SOCKET"]) +@@ -4943,7 +4943,7 @@ AC_ARG_WITH([bsd-auth], + ) + + # Where to place sshd.pid +-piddir=/var/run ++piddir=/run + # make sure the directory exists + if test ! -d $piddir ; then + piddir=`eval echo ${sysconfdir}` +@@ -5127,7 +5127,7 @@ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ + ]) + if test -z "$conf_utmp_location"; then + if test x"$system_utmp_path" = x"no" ; then +- for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do ++ for f in /etc/utmp /usr/adm/utmp /run/utmp; do + if test -f $f ; then + conf_utmp_location=$f + fi +diff --git a/contrib/suse/rc.sshd b/contrib/suse/rc.sshd +index 28f28e41..602e9909 100644 +--- a/contrib/suse/rc.sshd ++++ b/contrib/suse/rc.sshd +@@ -99,8 +99,8 @@ case "$1" in + + # Status has a slightly different for the status command: + # 0 - service running +- # 1 - service dead, but /var/run/ pid file exists +- # 2 - service dead, but /var/lock/ lock file exists ++ # 1 - service dead, but /run/ pid file exists ++ # 2 - service dead, but /run/lock/ lock file exists + # 3 - service not running + + checkproc -p $SSHD_PIDFILE $SSHD_BIN +diff --git a/pathnames.h b/pathnames.h +index 6fb4767c..0a3773e4 100644 +--- a/pathnames.h ++++ b/pathnames.h +@@ -19,7 +19,7 @@ + #endif + + #ifndef _PATH_SSH_PIDDIR +-#define _PATH_SSH_PIDDIR "/var/run" ++#define _PATH_SSH_PIDDIR "/run" + #endif + + /* +diff --git a/regress/Makefile b/regress/Makefile +index 647b4a04..49311c35 100644 +--- a/regress/Makefile ++++ b/regress/Makefile +@@ -122,7 +122,7 @@ CLEANFILES= *.core actual agent-key.* authorized_keys_${USERNAME} \ + t8.out t8.out.pub t9.out t9.out.pub testdata \ + user_*key* user_ca* user_key* + +-SUDO_CLEAN+= /var/run/testdata_${USERNAME} /var/run/keycommand_${USERNAME} ++SUDO_CLEAN+= /run/testdata_${USERNAME} /run/keycommand_${USERNAME} + + # Enable all malloc(3) randomisations and checks + TEST_ENV= "MALLOC_OPTIONS=CFGJRSUX" +diff --git a/regress/keys-command.sh b/regress/keys-command.sh +index 4029e2c7..e277e327 100644 +--- a/regress/keys-command.sh ++++ b/regress/keys-command.sh +@@ -3,9 +3,9 @@ + + tid="authorized keys from command" + +-if [ -z "$SUDO" -a ! -w /var/run ]; then ++if [ -z "$SUDO" -a ! -w /run ]; then + echo "skipped (SUDO not set)" +- echo "need SUDO to create file in /var/run, test won't work without" ++ echo "need SUDO to create file in /run, test won't work without" + exit 0 + fi + +@@ -17,9 +17,9 @@ chmod a+rw $OBJ/keys-command-args + expected_key_text=`awk '{ print $2 }' < $OBJ/rsa.pub` + expected_key_fp=`$SSHKEYGEN -lf $OBJ/rsa.pub | awk '{ print $2 }'` + +-# Establish a AuthorizedKeysCommand in /var/run where it will have ++# Establish a AuthorizedKeysCommand in /run where it will have + # acceptable directory permissions. +-KEY_COMMAND="/var/run/keycommand_${LOGNAME}" ++KEY_COMMAND="/run/keycommand_${LOGNAME}" + cat << _EOF | $SUDO sh -c "rm -f '$KEY_COMMAND' ; cat > '$KEY_COMMAND'" + #!/bin/sh + echo args: "\$@" >> $OBJ/keys-command-args +@@ -76,7 +76,7 @@ if [ -x $KEY_COMMAND ]; then + fail "connect failed" + fi + else +- echo "SKIPPED: $KEY_COMMAND not executable (/var/run mounted noexec?)" ++ echo "SKIPPED: $KEY_COMMAND not executable (/run mounted noexec?)" + fi + + $SUDO rm -f $KEY_COMMAND +diff --git a/regress/principals-command.sh b/regress/principals-command.sh +index bcc68e80..da6a9106 100644 +--- a/regress/principals-command.sh ++++ b/regress/principals-command.sh +@@ -6,9 +6,9 @@ tid="authorized principals command" + rm -f $OBJ/user_ca_key* $OBJ/cert_user_key* + cp $OBJ/sshd_proxy $OBJ/sshd_proxy_bak + +-if [ -z "$SUDO" -a ! -w /var/run ]; then ++if [ -z "$SUDO" -a ! -w /run ]; then + echo "skipped (SUDO not set)" +- echo "need SUDO to create file in /var/run, test won't work without" ++ echo "need SUDO to create file in /run, test won't work without" + exit 0 + fi + +@@ -28,9 +28,9 @@ CA_BODY=`cat $OBJ/user_ca_key.pub | awk '{ print $2 }'` + CERT_FP=`${SSHKEYGEN} -lf $OBJ/cert_user_key-cert.pub | awk '{ print $2 }'` + CA_FP=`${SSHKEYGEN} -lf $OBJ/user_ca_key.pub | awk '{ print $2 }'` + +-# Establish a AuthorizedPrincipalsCommand in /var/run where it will have ++# Establish a AuthorizedPrincipalsCommand in /run where it will have + # acceptable directory permissions. +-PRINCIPALS_COMMAND="/var/run/principals_command_${LOGNAME}" ++PRINCIPALS_COMMAND="/run/principals_command_${LOGNAME}" + cat << _EOF | $SUDO sh -c "cat > '$PRINCIPALS_COMMAND'" + #!/bin/sh + test "x\$1" != "x${LOGNAME}" && exit 1 +@@ -164,5 +164,5 @@ if [ -x $PRINCIPALS_COMMAND ]; then + done + else + echo "SKIPPED: $PRINCIPALS_COMMAND not executable " \ +- "(/var/run mounted noexec?)" ++ "(/run mounted noexec?)" + fi +diff --git a/regress/sftp-chroot.sh b/regress/sftp-chroot.sh +index ba5bd1ef..ab806566 100644 +--- a/regress/sftp-chroot.sh ++++ b/regress/sftp-chroot.sh +@@ -3,12 +3,12 @@ + + tid="sftp in chroot" + +-CHROOT=/var/run ++CHROOT=/run + FILENAME=testdata_${USER} + PRIVDATA=${CHROOT}/${FILENAME} + +-if [ -z "$SUDO" -a ! -w /var/run ]; then +- echo "need SUDO to create file in /var/run, test won't work without" ++if [ -z "$SUDO" -a ! -w /run ]; then ++ echo "need SUDO to create file in /run, test won't work without" + echo SKIPPED + exit 0 + fi +diff --git a/sshd.8 b/sshd.8 +index d33a50a1..fdd84c8f 100644 +--- a/sshd.8 ++++ b/sshd.8 +@@ -958,7 +958,7 @@ during privilege separation in the pre-authentication phase. + The directory should not contain any files and must be owned by root + and not group or world-writable. + .Pp +-.It Pa /var/run/sshd.pid ++.It Pa /run/sshd.pid + Contains the process ID of the + .Nm + listening for connections (if there are several daemons running +diff --git a/sshd_config b/sshd_config +index 014b16f7..abe467ad 100644 +--- a/sshd_config ++++ b/sshd_config +@@ -95,7 +95,7 @@ + #ClientAliveInterval 0 + #ClientAliveCountMax 3 + #UseDNS no +-#PidFile /var/run/sshd.pid ++#PidFile /run/sshd.pid + #MaxStartups 10:30:100 + #PermitTunnel no + #ChrootDirectory none +diff --git a/sshd_config.5 b/sshd_config.5 +index 47db015f..6bf8ed27 100644 +--- a/sshd_config.5 ++++ b/sshd_config.5 +@@ -1363,7 +1363,7 @@ SSH daemon, or + .Cm none + to not write one. + The default is +-.Pa /var/run/sshd.pid . ++.Pa /run/sshd.pid . + .It Cm Port + Specifies the port number that + .Xr sshd 8