From 73c8bea57bc903a4925abb0cc6ccbdb24357bdf8 Mon Sep 17 00:00:00 2001
From: Automatic Build System <autodist@openmamba.org>
Date: Sun, 22 Sep 2024 11:47:18 +0200
Subject: [PATCH] automatic version update by autodist [release
 9.9p1-1mamba;Sun Sep 22 2024]

---
 openssh-sshd-makecerts      | 86 -------------------------------------
 openssh-sshd.service        |  6 +--
 openssh-sshd@.service       |  6 +--
 openssh-sshdgenkeys.service | 12 ++++++
 openssh.spec                | 47 +++++++++-----------
 5 files changed, 39 insertions(+), 118 deletions(-)
 delete mode 100644 openssh-sshd-makecerts
 create mode 100644 openssh-sshdgenkeys.service

diff --git a/openssh-sshd-makecerts b/openssh-sshd-makecerts
deleted file mode 100644
index 55b2a90..0000000
--- a/openssh-sshd-makecerts
+++ /dev/null
@@ -1,86 +0,0 @@
-#!/bin/sh
-
-#RSA1_KEY=/etc/ssh/ssh_host_key
-RSA_KEY=/etc/ssh/ssh_host_rsa_key
-DSA_KEY=/etc/ssh/ssh_host_dsa_key
-ECDSA_KEY=/etc/ssh/ssh_host_ecdsa_key
-ED25519_KEY=/etc/ssh/ssh_host_ed25519_key
-
-KEYGEN=/usr/bin/ssh-keygen
-
-#function do_rsa1_keygen
-#{
-#   if [ ! -s $RSA1_KEY ]; then
-#      echo -n $"Generating SSH1 RSA host key: "
-#      if $KEYGEN -q -t rsa1 -f $RSA1_KEY -C '' -N '' >&/dev/null; then
-#         chmod 600 $RSA1_KEY
-#         chmod 644 $RSA1_KEY.pub
-#      else
-#         echo $"RSA1 key generation failed!"
-#         exit 1
-#      fi
-#   fi
-#}
-
-function do_rsa_keygen
-{
-   if [ ! -s $RSA_KEY ]; then
-      echo -n $"Generating SSH2 RSA host key: "
-      if $KEYGEN -q -t rsa -f $RSA_KEY -C '' -N '' >&/dev/null; then
-        chmod 600 $RSA_KEY
-        chmod 644 $RSA_KEY.pub
-     else
-        echo $"RSA key generation failed!"
-        exit 1
-     fi
-   fi
-}
-
-function do_dsa_keygen
-{
-   if [ ! -s $DSA_KEY ]; then
-      echo -n $"Generating SSH2 DSA host key: "
-      if $KEYGEN -q -t dsa -f $DSA_KEY -C '' -N '' >&/dev/null; then
-         chmod 600 $DSA_KEY
-         chmod 644 $DSA_KEY.pub
-      else
-         echo $"DSA key generation failed!"
-         exit 1
-      fi
-   fi
-}
-
-function do_ecdsa_keygen
-{
-   if [ ! -s $ECDSA_KEY ]; then
-      echo -n $"Generating SSH2 ECDSA host key: "
-      if $KEYGEN -q -t ecdsa -f $ECDSA_KEY -C '' -N '' >&/dev/null; then
-         chmod 600 $ECDSA_KEY
-         chmod 644 $ECDSA_KEY.pub
-      else
-         failure $"ECDSA key generation failed!"
-         exit 1
-      fi
-   fi
-}
-
-function do_ed25519_keygen
-{
-   if [ ! -s $ED25519_KEY ]; then
-      echo -n $"Generating SSH2 ED25519 host key: "
-      if $KEYGEN -q -t ed25519 -f $ED25519_KEY -C '' -N '' >&/dev/null; then
-         chmod 600 $ED25519_KEY
-         chmod 644 $ED25519_KEY.pub
-      else
-         failure $"ED25519 key generation failed!"
-         exit 1
-      fi
-   fi
-}
-
-# Create keys if necessary
-do_rsa_keygen
-do_dsa_keygen
-do_ecdsa_keygen
-do_ed25519_keygen
-exit 0
diff --git a/openssh-sshd.service b/openssh-sshd.service
index c794020..4980732 100644
--- a/openssh-sshd.service
+++ b/openssh-sshd.service
@@ -1,12 +1,12 @@
 [Unit]
 Description=OpenSSH server daemon
-After=syslog.target network.target auditd.service
+Wants=sshdgenkeys.service
+After=sshdgenkeys.service
+After=auditd.service network.target
 ConditionPathExists=!/etc/ssh/sshd_not_to_be_run
 
 [Service]
 EnvironmentFile=-/etc/sysconfig/ssh
-#ExecStartPre=/usr/bin/test -c /dev/null
-ExecStartPre=/usr/bin/ssh-makecerts
 ExecStart=/usr/sbin/sshd -D $SSHD_OPTS
 ExecReload=/bin/kill -HUP $MAINPID
 KillMode=process
diff --git a/openssh-sshd@.service b/openssh-sshd@.service
index 4595c81..3a0db38 100644
--- a/openssh-sshd@.service
+++ b/openssh-sshd@.service
@@ -1,10 +1,10 @@
 [Unit]
 Description=OpenSSH per-connection server daemon
-After=auditd.service
+Wants=sshdgenkeys.service
+After=sshdgenkeys.service
+After=auditd.service network.target
 
 [Service]
 EnvironmentFile=-/etc/sysconfig/ssh
-#ExecStartPre=/usr/bin/test -c /dev/null
-ExecStartPre=/usr/bin/ssh-makecerts
 ExecStart=-/usr/sbin/sshd -i $SSHD_OPTS
 StandardInput=socket
diff --git a/openssh-sshdgenkeys.service b/openssh-sshdgenkeys.service
new file mode 100644
index 0000000..900cb22
--- /dev/null
+++ b/openssh-sshdgenkeys.service
@@ -0,0 +1,12 @@
+[Unit]
+Description=SSH Key Generation
+ConditionPathExists=|!/etc/ssh/ssh_host_ecdsa_key
+ConditionPathExists=|!/etc/ssh/ssh_host_ecdsa_key.pub
+ConditionPathExists=|!/etc/ssh/ssh_host_ed25519_key
+ConditionPathExists=|!/etc/ssh/ssh_host_ed25519_key.pub
+ConditionPathExists=|!/etc/ssh/ssh_host_rsa_key
+ConditionPathExists=|!/etc/ssh/ssh_host_rsa_key.pub
+
+[Service]
+ExecStart=/usr/bin/ssh-keygen -A
+Type=oneshot
diff --git a/openssh.spec b/openssh.spec
index c091cec..509bbf6 100644
--- a/openssh.spec
+++ b/openssh.spec
@@ -6,7 +6,7 @@
 %define with_selinux  0
 
 Name:          openssh
-Version:       9.8p1
+Version:       9.9p1
 Release:       1mamba
 Summary:       OpenSSH free Secure Shell (SSH) implementation
 Group:         Network/Security
@@ -16,7 +16,7 @@ Packager:      Silvan Calarco <silvan.calarco@mambasoft.it>
 URL:           https://www.openssh.com/
 Source0:       http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz
 Source1:       openssh-pamdconf
-Source2:       openssh-sshd-makecerts
+Source2:       openssh-sshdgenkeys.service
 Source3:       openssh-sshd.service
 Source4:       openssh-sshd@.service
 Source5:       openssh-sshd.socket
@@ -168,7 +168,7 @@ install -d %{buildroot}%{_sysconfdir}/{ssh,pam.d}
 %makeinstall
 
 install -D -m 600 %{S:1} %{buildroot}%{_sysconfdir}/pam.d/sshd
-install -D -m 755 %{SOURCE2} %{buildroot}%{_bindir}/ssh-makecerts
+install -D -m 755 %{SOURCE2} %{buildroot}%{_unitdir}/sshdgenkeys.service
 install -D -m 644 %{SOURCE3} %{buildroot}%{_unitdir}/sshd.service
 install -D -m 644 %{SOURCE4} %{buildroot}%{_unitdir}/sshd@.service
 install -D -m 644 %{SOURCE5} %{buildroot}%{_unitdir}/sshd.socket
@@ -206,15 +206,12 @@ fi
 /usr/sbin/groupadd sshd -g %{groupid} 2>/dev/null || :
 /usr/sbin/useradd -u %{userid} -g sshd -c 'ssh daemon' -d /var/empty \
    -s /bin/false sshd 2>/dev/null
-exit 0
+:
 
 %post server
-if [ $1 -eq 1 ]; then
-# new install
-   %{_bindir}/ssh-makecerts
-#   /sbin/chkconfig --add sshd
-#   service sshd start
-fi
+%systemd_post sshdgenkeys.service
+%systemd_post sshd.socket
+
 if [ $1 -gt 1 ]; then
 # update
    sed -i 's/#X11Forwarding no/X11Forwarding yes/' \
@@ -222,32 +219,23 @@ if [ $1 -gt 1 ]; then
    grep "AcceptEnv" %{_sysconfdir}/ssh/sshd_config >/dev/null || \
       echo "    AcceptEnv LANG LC_*" >> %{_sysconfdir}/ssh/sshd_config
 fi
-exit 0
-
-%posttrans server
-systemctl -q daemon-reload
-systemctl -q enable sshd.socket
-systemctl -q start sshd.socket
-exit 0
+:
 
 %preun server
-if [ $1 -eq 0 ]; then
-# erase
-   systemctl -q stop sshd.socket
-   systemctl -q disable sshd.socket
-fi
-exit 0
+%systemd_preun sshdgenkeys.service
+%systemd_preun sshd.socket
+:
 
 %postun server
-systemctl -q daemon-reload
-exit 0
+%systemd_postun_with_restart sshdgenkeys.service
+%systemd_postun sshd.socket
+:
 
 %files common
 %defattr(-,root,root)
 %{_bindir}/ssh-copy-id
 %{_bindir}/ssh-keygen
 %{_bindir}/ssh-keyscan
-%{_bindir}/ssh-makecerts
 %{_libexecdir}/openssh/ssh-keysign
 %{_libexecdir}/openssh/ssh-pkcs11-helper
 %{_libexecdir}/openssh/ssh-sk-helper
@@ -279,6 +267,7 @@ exit 0
 %config(noreplace) %{_sysconfdir}/ssh/moduli
 %config(noreplace) %attr(0600,root,root) %{_sysconfdir}/ssh/sshd_config
 %{_sbindir}/sshd
+%{_unitdir}/sshdgenkeys.service
 %{_unitdir}/sshd.service
 %{_unitdir}/sshd.socket
 %{_unitdir}/sshd@.service
@@ -296,6 +285,12 @@ exit 0
 %{_libexecdir}/openssh/ssh-askpass
 
 %changelog
+* Sun Sep 22 2024 Automatic Build System <autodist@openmamba.org> 9.9p1-1mamba
+- automatic version update by autodist
+
+* Sat Sep 21 2024 Silvan Calarco <silvan.calarco@mambasoft.it> 9.8p1-2mamba
+- replace old ssh-makecerts with sshdgenkeys service
+
 * Sat Jul 06 2024 Automatic Build System <autodist@openmamba.org> 9.8p1-1mamba
 - automatic version update by autodist