From olivleh1@kartoffel.salatschuessel.net  Sat Nov 13 16:49:07 2004
Return-Path: <olivleh1@kartoffel.salatschuessel.net>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 8B38C16A4CE; Sat, 13 Nov 2004 16:49:07 +0000 (GMT)
Received: from kartoffel.salatschuessel.net (pD9E210B0.dip.t-dialin.net [217.226.16.176])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id 7A0EE43D46; Sat, 13 Nov 2004 16:49:06 +0000 (GMT)
	(envelope-from olivleh1@kartoffel.salatschuessel.net)
Received: from kartoffel.salatschuessel.net (localhost [127.0.0.1])
	by kartoffel.salatschuessel.net (8.12.11/8.12.11) with ESMTP id iADGoFMR055005;
	Sat, 13 Nov 2004 17:50:15 +0100 (CET)
	(envelope-from olivleh1@kartoffel.salatschuessel.net)
Received: (from olivleh1@localhost)
	by kartoffel.salatschuessel.net (8.12.11/8.12.11/Submit) id iADGoFQk055004;
	Sat, 13 Nov 2004 17:50:15 +0100 (CET)
	(envelope-from olivleh1)
Message-Id: <200411131650.iADGoFQk055004@kartoffel.salatschuessel.net>
Date: Sat, 13 Nov 2004 17:50:15 +0100 (CET)
From: Oliver Lehmann <oliver@freebsd.org>
Reply-To: Oliver Lehmann <oliver@freebsd.org>
To: FreeBSD-gnats-submit@freebsd.org
Cc: Oliver Lehmann <oliver@freebsd.org>
Subject: rc.d/sshd does not work with ports-ssh 
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         73909
>Category:       conf
>Synopsis:       [patch] rc.d/sshd does not work with ports-ssh
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    freebsd-rc
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sat Nov 13 16:50:27 GMT 2004
>Closed-Date:    Wed Jun 07 10:46:47 GMT 2006
>Last-Modified:  Wed Jun 07 10:46:47 GMT 2006
>Originator:     Oliver Lehmann
>Release:        FreeBSD 4.10-STABLE i386
>Organization:
>Environment:
System: FreeBSD kartoffel.salatschuessel.net 4.10-STABLE FreeBSD 4.10-STABLE #0: Fri Jun 4 20:32:48 CEST 2004 olivleh1@kartoffel.salatschuessel.net:/usr/obj/usr/src/sys/KARTOFFEL i386


	FreeBSD avocado.salatschuessel.net 5.3-STABLE FreeBSD 5.3-STABLE #1: Sat Nov 13 15:16:49 CET 2004     olivleh1@avocado.salatschuessel.net:/usr/obj/usr/src/sys/AVOCADO  i386
>Description:
	the script complains about a nonexistent /usr/sbin/ssh-keygen... that is
	true.. because it is instaled in /usr/local/bin/ssh-keygen if I use sshd
	from ports
>How-To-Repeat:
        don't install base-ssh and base-ssl
        remove /etc/ssh
        keep sshd_enable="YES" and sshd_program="/usr/local/sbin/sshd" in your rc.conf
        run /etc/rc.d/sshd start
>Fix:


--- sshd.diff begins here ---
--- sshd.orig	Sat Nov 13 17:30:12 2004
+++ sshd	Sat Nov 13 17:41:16 2004
@@ -15,9 +15,18 @@
 start_precmd="sshd_precmd"
 pidfile="/var/run/${name}.pid"
 extra_commands="keygen reload"

 timeout=300
 
+get_prefix() {
+	PREFIX=${sshd_program%%/sbin/sshd}
+	if [ "$PREFIX" != "/usr" ] ; then
+		ETCDIR="$PREFIX/etc"
+	else
+		ETCDIR="/etc"
+	fi
+}
+
 user_reseed()
 {
 	(
@@ -42,47 +50,49 @@
 
 sshd_keygen()
 {
+	get_prefix
 	(
 	umask 022
 
 	# Can't do anything if ssh is not installed
-	[ -x /usr/bin/ssh-keygen ] || {
-		warn "/usr/bin/ssh-keygen does not exist."
+	[ -x ${PREFIX}/bin/ssh-keygen ] || {
+		warn "${PREFIX}/bin/ssh-keygen does not exist."
 		return 1
 	}
 
-	if [ -f /etc/ssh/ssh_host_key ]; then
+	if [ -f ${ETCDIR}/ssh/ssh_host_key ]; then
 		echo "You already have an RSA host key" \
-		    "in /etc/ssh/ssh_host_key"
+		    "in ${ETCDIR}/ssh/ssh_host_key"
 		echo "Skipping protocol version 1 RSA Key Generation"
 	else
-		/usr/bin/ssh-keygen -t rsa1 -b 1024 \
-		    -f /etc/ssh/ssh_host_key -N ''
+		${PREFIX}/bin/ssh-keygen -t rsa1 -b 1024 \
+		    -f ${ETCDIR}/ssh/ssh_host_key -N ''
 	fi
 
-	if [ -f /etc/ssh/ssh_host_dsa_key ]; then
+	if [ -f ${ETCDIR}/ssh/ssh_host_dsa_key ]; then
 		echo "You already have a DSA host key" \
-		    "in /etc/ssh/ssh_host_dsa_key"
+		    "in ${ETCDIR}/ssh/ssh_host_dsa_key"
 		echo "Skipping protocol version 2 DSA Key Generation"
 	else
-		/usr/bin/ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N ''
+		${PREFIX}/bin/ssh-keygen -t dsa -f ${ETCDIR}/ssh/ssh_host_dsa_key -N ''
 	fi
 
-	if [ -f /etc/ssh/ssh_host_rsa_key ]; then
+	if [ -f ${ETCDIR}/ssh/ssh_host_rsa_key ]; then
 		echo "You already have a RSA host key" \
-		    "in /etc/ssh/ssh_host_rsa_key"
+		    "in ${ETCDIR}/ssh/ssh_host_rsa_key"
 		echo "Skipping protocol version 2 RSA Key Generation"
 	else
-		/usr/bin/ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N ''
+		${PREFIX}/bin/ssh-keygen -t rsa -f ${ETCDIR}/ssh/ssh_host_rsa_key -N ''
 	fi
 	)
 }
 
 sshd_precmd()
 {
-	if [ ! -f /etc/ssh/ssh_host_key -o \
-	    ! -f /etc/ssh/ssh_host_dsa_key -o \
-	    ! -f /etc/ssh/ssh_host_rsa_key ]; then
+	get_prefix
+	if [ ! -f ${ETCDIR}/ssh/ssh_host_key -o \
+	    ! -f ${ETCDIR}/ssh/ssh_host_dsa_key -o \
+	    ! -f ${ETCDIR}/ssh/ssh_host_rsa_key ]; then
 		user_reseed
 		run_rc_command keygen
 	fi
--- sshd.diff ends here ---


>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->freebsd-rc 
Responsible-Changed-By: dougb 
Responsible-Changed-When: Mon Dec 5 09:17:23 GMT 2005 
Responsible-Changed-Why:  

Bring this to the attention of the list 

http://www.freebsd.org/cgi/query-pr.cgi?pr=73909 

From: Florent Thoumie <flz@xbsd.org>
To: bug-followup@FreeBSD.org
Cc: dougb@FreeBSD.org, brooks@FreeBSD.org
Subject: Re: conf/73909
Date: Mon, 20 Mar 2006 20:52:24 +0100

 Sounds correct to me, and that way we could remove sshd.sh installed
 from security/openssh*.
 
 dougb/brooks cc'ed since they're my usual candidates when seeking
 approval :)
 
 Florent
 

From: Brooks Davis <brooks@one-eyed-alien.net>
To: Florent Thoumie <flz@xbsd.org>
Cc: bug-followup@FreeBSD.org, dougb@FreeBSD.org, brooks@FreeBSD.org
Subject: Re: conf/73909
Date: Mon, 20 Mar 2006 17:29:45 -0800

 --bp/iNruPH9dso1Pn
 Content-Type: text/plain; charset=us-ascii
 Content-Disposition: inline
 Content-Transfer-Encoding: quoted-printable
 
 On Mon, Mar 20, 2006 at 08:52:24PM +0100, Florent Thoumie wrote:
 > Sounds correct to me, and that way we could remove sshd.sh installed
 > from security/openssh*.
 >=20
 > dougb/brooks cc'ed since they're my usual candidates when seeking
 > approval :)
 
 It's OK as far as it goes.  I'd be tempted to have the script create
 symlinks to /etc/ssh/XXX when it exists and ETCDIR/ssh/XXX does not, but
 I don't think that's absolutly necessicary.
 
 -- Brooks
 
 --=20
 Any statement of the form "X is the one, true Y" is FALSE.
 PGP fingerprint 655D 519C 26A7 82E7 2529  9BF0 5D8E 8BE9 F238 1AD4
 
 --bp/iNruPH9dso1Pn
 Content-Type: application/pgp-signature
 Content-Disposition: inline
 
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.2.1 (GNU/Linux)
 
 iD8DBQFEH1cHXY6L6fI4GtQRAiQHAJ9g0x9HvJ41k33ZA76Ezg8IQpmYXwCgifhR
 C7FPVideTHZtW53/QmL2U8Q=
 =EeZG
 -----END PGP SIGNATURE-----
 
 --bp/iNruPH9dso1Pn--
State-Changed-From-To: open->patched 
State-Changed-By: flz 
State-Changed-When: Tue Apr 18 11:53:05 UTC 2006 
State-Changed-Why:  
I committed a fix some days ago. I'm waiting for the freeze to end to 
MFC this change to RELENG_[56]. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=73909 
State-Changed-From-To: patched->closed 
State-Changed-By: flz 
State-Changed-When: Wed Jun 7 10:46:16 UTC 2006 
State-Changed-Why:  
MFC'ed to RELENG_6. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=73909 
>Unformatted:
