Hello community, here is the log from the commit of package fonehome for openSUSE:Factory checked in at 2013-02-20 09:23:54 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/fonehome (Old) and /work/SRC/openSUSE:Factory/.fonehome.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "fonehome", Maintainer is "" Changes: -------- --- /work/SRC/openSUSE:Factory/fonehome/fonehome.changes 2013-02-14 20:36:14.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.fonehome.new/fonehome.changes 2013-02-20 09:23:56.000000000 +0100 @@ -1,0 +2,10 @@ +Tue Feb 19 18:46:45 UTC 2013 - [email protected] + +- Revert inadvertent spec file changes in previous commit + +------------------------------------------------------------------- +Mon Feb 18 16:23:13 UTC 2013 - [email protected] + +- Upgrade to version 1.0.28 + +------------------------------------------------------------------- Old: ---- fonehome-1.0.21.tar.gz New: ---- fonehome-1.0.28.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ fonehome.spec ++++++ --- /var/tmp/diff_new_pack.xBoO3f/_old 2013-02-20 09:23:57.000000000 +0100 +++ /var/tmp/diff_new_pack.xBoO3f/_new 2013-02-20 09:23:57.000000000 +0100 @@ -1,6 +1,7 @@ # # spec file for package fonehome # +# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany. # Copyright (c) 2012 Archie L. Cobbs <[email protected]> # # All modifications and additions to the file contributed by third parties @@ -11,10 +12,11 @@ # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# + # Please submit bugfixes or comments via http://bugs.opensuse.org/ # + # client side %define clientdir %{_datadir}/%{name} %define scriptfile %{_bindir}/%{name} @@ -38,15 +40,15 @@ %define authkeys_options no-X11-forwarding,no-agent-forwarding,no-pty,permitopen="0.0.0.0:9",command="sleep 99999d" Name: fonehome -Version: 1.0.21 -Release: 1 +Version: 1.0.28 +Release: 0 Summary: Remote access to machines behind firewalls -Group: System/Daemons License: Apache-2.0 -BuildRoot: %{_tmppath}/%{name}-root -Buildarch: noarch +Group: System/Daemons +BuildRoot: %{_tmppath}/%{name}-%{version}-build +BuildArch: noarch Source: %{name}-%{version}.tar.gz -URL: http://code.google.com/p/%{name}/ +Url: http://code.google.com/p/%{name}/ Requires: openssh %description @@ -210,3 +212,4 @@ %ghost %verify(not size md5 mtime) %attr(644,%{username},%{usergroup}) %{servpubkey} %ghost %verify(not size md5 mtime) %attr(644,%{username},%{usergroup}) %{authkeys} +%changelog ++++++ fonehome-1.0.21.tar.gz -> fonehome-1.0.28.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/fonehome-1.0.21/CHANGES new/fonehome-1.0.28/CHANGES --- old/fonehome-1.0.21/CHANGES 2013-01-03 23:21:19.000000000 +0100 +++ new/fonehome-1.0.28/CHANGES 2013-02-18 17:20:47.000000000 +0100 @@ -1,4 +1,14 @@ +Version 1.0.28 Released February 18, 2013 + + - Move home directory to /var/lib/fonehome-sever + - Tighen security with no-pty and permitopen="0.0.0.0:9" + - Remove sshd_config mods from %post script + - Remove these flags no longer needed with newer SSH: + -oUserKnownHostsFile=/dev/null + -oGlobalKnownHostsFile=/dev/null + -oNoHostAuthenticationForLocalhost=yes + Version 1.0.21 Released January 3, 2013 - Move fonehome-server's homedir to /usr/share. @@ -13,4 +23,4 @@ - Initial release -$Id: CHANGES 21 2013-01-03 22:21:19Z archie.cobbs $ +$Id: CHANGES 28 2013-02-18 16:20:12Z archie.cobbs $ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/fonehome-1.0.21/src/rpm/fonehome.spec new/fonehome-1.0.28/src/rpm/fonehome.spec --- old/fonehome-1.0.21/src/rpm/fonehome.spec 2013-01-03 23:06:56.000000000 +0100 +++ new/fonehome-1.0.28/src/rpm/fonehome.spec 1970-01-01 01:00:00.000000000 +0100 @@ -1,208 +0,0 @@ -# -# spec file for package fonehome -# -# Copyright (c) 2012 Archie L. Cobbs <[email protected]> -# -# All modifications and additions to the file contributed by third parties -# remain the property of their copyright owners, unless otherwise agreed -# upon. The license for this file, and modifications and additions to the -# file, is the same license as for the pristine package itself (unless the -# license for the pristine package is not an Open Source License, in which -# case the license is the MIT License). An "Open Source License" is a -# license that conforms to the Open Source Definition (Version 1.9) -# published by the Open Source Initiative. -# -# Please submit bugfixes or comments via http://bugs.opensuse.org/ -# - -%define username %{name} -%define usergroup %{name} -%define clientdir %{_datadir}/%{name} -%define serverdir %{_datadir}/%{name}-server -%define sshd_config %{_sysconfdir}/ssh/sshd_config -%define scriptfile %{_bindir}/%{name} -%define initfile %{_sysconfdir}/init.d/%{name} -%define confdir %{_sysconfdir}/%{name} -%define conffile %{confdir}/%{name}.conf -%define keyfile %{confdir}/%{name}.key -%define hostsfile %{confdir}/%{name}.hosts -%define portsfile %{_sysconfdir}/%{name}-ports.conf -%define retrydelay 30 - -Name: fonehome -Version: %{fonehome_version} -Release: 1 -Summary: Remote access to machines behind firewalls -Group: System/Daemons -License: Apache-2.0 -BuildRoot: %{_tmppath}/%{name}-root -Buildarch: noarch -Source: %{name}-%{version}.tar.gz -URL: http://code.google.com/p/%{name}/ -Requires: openssh - -%description -fonehome allows remote access to machines behind firewalls using SSH -port forwarding. - -The fonehome client is a daemon that runs on remote client machines that -are behind some firewall that you either do not control or do not want -to reconfigure, but which does allow normal outgoing TCP connections. The -clients use SSH to connect to a fonehome server to which you have direct -access. The SSH connections include reverse-forwarded TCP ports which -in turn allow you to connect back to the remote machine. - -This setup is useful in situations where you have several machines -deployed in the field and want to maintain access to them from a central -operations server. - -%clean -rm -rf %{buildroot} - -%prep -%setup - -%build -subst() -{ - sed -r \ - -e 's|@fonehomename@|%{name}|g' \ - -e 's|@fonehomeuser@|%{username}|g' \ - -e 's|@fonehomeconf@|%{conffile}|g' \ - -e 's|@fonehomeports@|%{portsfile}|g' \ - -e 's|@fonehomekey@|%{keyfile}|g' \ - -e 's|@fonehomehosts@|%{hostsfile}|g' \ - -e 's|@fonehomeretry@|%{retrydelay}|g' \ - -e 's|@fonehomeinit@|%{initfile}|g' \ - -e 's|@fonehomescript@|%{scriptfile}|g' -} -subst < src/conf/fonehome.conf.sample > fonehome.conf.sample -subst < src/conf/fonehome-ports.conf.sample > fonehome-ports.conf.sample -subst < src/scripts/fonehome-init.sh > fonehome-init -subst < src/scripts/fonehome.sh > fonehome -subst < src/scripts/fhshow.sh > fhshow -subst < src/scripts/fhssh.sh > fhssh -subst < src/man/fhssh.1 > fhssh.1 -subst < src/man/fhscp.1 > fhscp.1 -subst < src/man/fhshow.1 > fhshow.1 -subst < src/man/fonehome.1 > fonehome.1 - -%install - -# init script -install -d %{buildroot}%{_sysconfdir}/init.d -install fonehome-init %{buildroot}%{initfile} -install -d %{buildroot}%{_sbindir} -ln -s %{initfile} %{buildroot}%{_sbindir}/rcfonehome - -# man pages -install -d %{buildroot}%{_mandir}/man1 -install *.1 %{buildroot}%{_mandir}/man1/ - -# script files -install -d %{buildroot}%{_bindir} -install fonehome fhs{sh,how} %{buildroot}/%{_bindir}/ -ln %{buildroot}/%{_bindir}/fhs{sh,cp} - -# config files -install -d %{buildroot}%{confdir} -install -d %{buildroot}%{clientdir} -install fonehome.conf.sample %{buildroot}%{clientdir}/ -install fonehome.conf.sample %{buildroot}%{conffile} -install fonehome-ports.conf.sample %{buildroot}%{portsfile} - -# fonehome user -install -d %{buildroot}%{serverdir}/.ssh - -%preun -%{stop_on_removal %{name}} - -%postun -# No restart_on_update - don't kill the connection we are using to update this RPM with! -%{insserv_cleanup} - -%files -%defattr(644,root,root,755) -%dir %attr(700,root,root) %{confdir} -%config(noreplace) %{conffile} -%ghost %attr(644,root,root) %{hostsfile} -%ghost %attr(600,root,root) %{keyfile} -%attr(755,root,root) %{initfile} -%attr(755,root,root) %{scriptfile} -%attr(755,root,root) %{_sbindir}/rcfonehome -%{_mandir}/man1/fonehome.1* -%{clientdir} - -%package server -Summary: Server for %{name} SSH connections -Group: System/Daemons -Requires(pre): pwdutils -Requires(post): openssh - -%description server -fonehome allows remote access to machines behind firewalls using SSH -port forwarding. This package is installed on the machine that you -want to be the fonehome server. - -%pre server - -# Create user and group -if ! getent group '%{usergroup}' >/dev/null 2>&1; then - groupadd -r '%{usergroup}' -fi -if ! id '%{username}' >/dev/null 2>&1; then - useradd -r -p '*' -d '%{serverdir}' -g '%{usergroup}' -c 'Fonehome User' -s /bin/false '%{username}' -fi - -%post server - -# Function that patches a file using sed(1). -# First argument is filename, subsequent arguments are passed to sed(1). -sed_patch_file() -{ - FILE="${1}" - shift - sed ${1+"$@"} < "${FILE}" > "${FILE}".new - if ! diff -q "${FILE}" "${FILE}".new >/dev/null; then - [ -e "${FILE}".old ] || cp -a "${FILE}"{,.old} - cat "${FILE}".new > "${FILE}" - fi - rm -f "${FILE}".new -} - -# Tweak SSHD config so it quickly detects a disconnected client (hopefully before the client does) -sed_patch_file %{sshd_config} -r \ - -e 's/^([[:space:]]*#)?([[:space:]]*TCPKeepAlive[[:space:]]).*$/\2yes/g' \ - -e 's/^([[:space:]]*#)?([[:space:]]*ClientAliveInterval[[:space:]]).*$/\220/g' \ - -e 's/^([[:space:]]*#)?([[:space:]]*ClientAliveCountMax[[:space:]]).*$/\23/g' - -# Generate ssh key pair for user fonehome -if ! [ -e %{serverdir}/.ssh/id_rsa ]; then - ssh-keygen -t rsa -N '' -C '%{username}' -f %{serverdir}/.ssh/id_rsa - chmod 600 %{serverdir}/.ssh/id_rsa - chown root:root %{serverdir}/.ssh/id_rsa -fi - -# Allow incoming ssh connections, with restrictions -sed -r 's/^.*(ssh-rsa[[:space:]].*)$/no-X11-forwarding,no-agent-forwarding,command="sleep 365d" \1/g' \ - < %{serverdir}/.ssh/id_rsa.pub > %{serverdir}/.ssh/authorized_keys - -# Set ownership and permissions -chmod 644 %{serverdir}/.ssh/{id_rsa.pub,authorized_keys} -chown %{username}:%{usergroup} %{serverdir}/.ssh/{id_rsa.pub,authorized_keys} - -%files server -%defattr(644,root,root,755) -%{_mandir}/man1/fhssh.1* -%{_mandir}/man1/fhscp.1* -%{_mandir}/man1/fhshow.1* -%attr(755,root,root) %{_bindir}/fhshow -%attr(755,root,root) %{_bindir}/fhssh -%attr(755,root,root) %{_bindir}/fhscp -%config(noreplace missingok) %{portsfile} -%dir %attr(755,%{username},%{usergroup}) %{serverdir} -%dir %attr(700,%{username},%{usergroup}) %{serverdir}/.ssh -%ghost %verify(not size md5 mtime) %attr(600,root,root) %{serverdir}/.ssh/id_rsa -%ghost %verify(not size md5 mtime) %attr(644,%{username},%{usergroup}) %{serverdir}/.ssh/id_rsa.pub -%ghost %verify(not size md5 mtime) %attr(644,%{username},%{usergroup}) %{serverdir}/.ssh/authorized_keys - diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/fonehome-1.0.21/src/scripts/fhssh.sh new/fonehome-1.0.28/src/scripts/fhssh.sh --- old/fonehome-1.0.21/src/scripts/fhssh.sh 2011-12-27 20:44:34.000000000 +0100 +++ new/fonehome-1.0.28/src/scripts/fhssh.sh 2013-02-18 17:20:47.000000000 +0100 @@ -1,5 +1,5 @@ #!/bin/bash -# $Id: fhssh.sh 2 2011-12-27 19:44:34Z archie.cobbs $ +# $Id: fhssh.sh 27 2013-02-18 16:17:28Z archie.cobbs $ # Constants PORTSFILE="@fonehomeports@" @@ -81,8 +81,5 @@ exec "${NAME:2}" ${ADD_ARGS} \ -oPort="${PORT}" \ -oProtocol=2 \ - -oUserKnownHostsFile=/dev/null \ - -oGlobalKnownHostsFile=/dev/null \ - -oNoHostAuthenticationForLocalhost=yes \ "${PARAMETERS[@]}" -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
