SPECS: openssh-blacklist.spec (NEW) - default blacklist for known bad publi...

jajcus jajcus at pld-linux.org
Tue May 20 15:42:15 CEST 2008 

Author: jajcus                       Date: Tue May 20 13:42:15 2008 GMT
Module: SPECS                         Tag: HEAD
---- Log message:
- default blacklist for known bad public SSH keys (generated using the broken Debian openssl)

---- Files affected:
SPECS:
   openssh-blacklist.spec (NONE -> 1.1)  (NEW)

---- Diffs:

================================================================
Index: SPECS/openssh-blacklist.spec
diff -u /dev/null SPECS/openssh-blacklist.spec:1.1
--- /dev/null	Tue May 20 15:42:15 2008
+++ SPECS/openssh-blacklist.spec	Tue May 20 15:42:09 2008
@@ -0,0 +1,51 @@
+# $Revision$, $Date$
+#
+Summary:	List of blacklisted OpenSSH RSA and DSA keys
+Name:		openssh-blacklist
+Version:	0.2.1
+Release:	1
+License:	GPLv3
+Group:		Applications
+Source0:	http://ftp.debian.org/debian/pool/main/o/openssh-blacklist/%{name}_%{version}.tar.gz
+# Source0-md5:	726869883bff9953537b2a07bbfef3c8
+Suggests:	openssh >= 2:5.0p1-5
+BuildRoot:	%{tmpdir}/%{name}-%{version}-root-%(id -u -n)
+
+%description
+Contains a set of default SSH keys that were known to have been
+generated by Debian machines during the time when the Debian OpenSSL
+package had a broken Random Number Generator.
+
+%prep
+%setup -q
+
+%build
+mkdir tmp
+
+for i in `ls [RD]SA-* | cut -d. -f1 | sort -u`; do
+	cat debian/blacklist.prefix > tmp/blacklist.$i
+	cat $i.* | cut -b13- | sort >> tmp/blacklist.$i
+done
+
+%install
+rm -rf $RPM_BUILD_ROOT
+install -d $RPM_BUILD_ROOT%{_sysconfdir}/ssh
+install tmp/blacklist.* $RPM_BUILD_ROOT%{_sysconfdir}/ssh
+
+%clean
+rm -rf $RPM_BUILD_ROOT
+
+%files
+%defattr(644,root,root,755)
+%doc README debian/README.Debian debian/copyright
+%{_sysconfdir}/ssh/blacklist.*
+
+%define date	%(echo `LC_ALL="C" date +"%a %b %d %Y"`)
+%changelog
+* %{date} PLD Team <feedback at pld-linux.org>
+All persons listed below can be reached at <cvs_login>@pld-linux.org
+
+$Log$
+Revision 1.1  2008-05-20 13:42:09  jajcus
+- default blacklist for known bad public SSH keys (generated using the broken Debian openssl)
+
================================================================

More information about the pld-cvs-commit mailing list