From 69bab956fe02835bb931f73b907054fe759c9853 Mon Sep 17 00:00:00 2001 From: "Andrew J. Hesford" Date: Fri, 4 Dec 2020 09:30:44 -0500 Subject: [PATCH] openssh: fix ssh-copy-id (for real this time) --- srcpkgs/openssh/patches/ssh-copy-id.patch | 78 +++++++++++++++++++++++ srcpkgs/openssh/template | 2 +- 2 files changed, 79 insertions(+), 1 deletion(-) create mode 100644 srcpkgs/openssh/patches/ssh-copy-id.patch diff --git a/srcpkgs/openssh/patches/ssh-copy-id.patch b/srcpkgs/openssh/patches/ssh-copy-id.patch new file mode 100644 index 00000000000..d79c35a29a6 --- /dev/null +++ b/srcpkgs/openssh/patches/ssh-copy-id.patch @@ -0,0 +1,78 @@ +Accumulated changes to fix ssh-copy-id, pulled from +https://github.com/openssh/openssh-portable/tree/ce941c75ea9cd6c358508a5b206809846c8d9240 + +--- contrib/ssh-copy-id ++++ contrib/ssh-copy-id +@@ -76,7 +76,7 @@ + } + + use_id_file() { +- local L_ID_FILE="$1" ++ L_ID_FILE="$1" + + if [ -z "$L_ID_FILE" ] ; then + printf '%s: ERROR: no ID file found\n' "$0" +@@ -94,7 +94,7 @@ + # check that the files are readable + for f in "$PUB_ID_FILE" ${PRIV_ID_FILE:+"$PRIV_ID_FILE"} ; do + ErrMSG=$( { : < "$f" ; } 2>&1 ) || { +- local L_PRIVMSG="" ++ L_PRIVMSG="" + [ "$f" = "$PRIV_ID_FILE" ] && L_PRIVMSG=" (to install the contents of '$PUB_ID_FILE' anyway, look at the -f option)" + printf "\\n%s: ERROR: failed to open ID file '%s': %s\\n" "$0" "$f" "$(printf '%s\n%s\n' "$ErrMSG" "$L_PRIVMSG" | sed -e 's/.*: *//')" + exit 1 +@@ -169,7 +169,7 @@ + # populate_new_ids() uses several global variables ($USER_HOST, $SSH_OPTS ...) + # and has the side effect of setting $NEW_IDS + populate_new_ids() { +- local L_SUCCESS="$1" ++ L_SUCCESS="$1" + + # shellcheck disable=SC2086 + if [ "$FORCED" ] ; then +@@ -181,13 +181,12 @@ + eval set -- "$SSH_OPTS" + + umask 0177 +- local L_TMP_ID_FILE + L_TMP_ID_FILE=$(mktemp ~/.ssh/ssh-copy-id_id.XXXXXXXXXX) + if test $? -ne 0 || test "x$L_TMP_ID_FILE" = "x" ; then + printf '%s: ERROR: mktemp failed\n' "$0" >&2 + exit 1 + fi +- local L_CLEANUP="rm -f \"$L_TMP_ID_FILE\" \"${L_TMP_ID_FILE}.stderr\"" ++ L_CLEANUP="rm -f \"$L_TMP_ID_FILE\" \"${L_TMP_ID_FILE}.stderr\"" + # shellcheck disable=SC2064 + trap "$L_CLEANUP" EXIT TERM INT QUIT + printf '%s: INFO: attempting to log in with the new key(s), to filter out any that are already installed\n' "$0" >&2 +@@ -237,7 +236,8 @@ + # produce a one-liner to add the keys to remote authorized_keys file + # optionally takes an alternative path for authorized_keys + installkeys_sh() { +- local AUTH_KEY_FILE=${1:-.ssh/authorized_keys} ++ AUTH_KEY_FILE=${1:-.ssh/authorized_keys} ++ AUTH_KEY_DIR=$(dirname "${AUTH_KEY_FILE}") + + # In setting INSTALLKEYS_SH: + # the tr puts it all on one line (to placate tcsh) +@@ -247,10 +247,10 @@ + # the -z `tail ...` checks for a trailing newline. The echo adds one if was missing + # the cat adds the keys we're getting via STDIN + # and if available restorecon is used to restore the SELinux context +- INSTALLKEYS_SH=$(tr '\t\n' ' ' <<-EOF) ++ INSTALLKEYS_SH=$(tr '\t\n' ' ' <<-EOF + cd; + umask 077; +- mkdir -p $(dirname "${AUTH_KEY_FILE}") && ++ mkdir -p "${AUTH_KEY_DIR}" && + { [ -z \`tail -1c ${AUTH_KEY_FILE} 2>/dev/null\` ] || echo >> ${AUTH_KEY_FILE}; } && + cat >> ${AUTH_KEY_FILE} || + exit 1; +@@ -258,6 +258,7 @@ + restorecon -F .ssh ${AUTH_KEY_FILE}; + fi + EOF ++ ) + + # to defend against quirky remote shells: use 'exec sh -c' to get POSIX; + printf "exec sh -c '%s'" "${INSTALLKEYS_SH}" diff --git a/srcpkgs/openssh/template b/srcpkgs/openssh/template index bd8fe3981aa..8878dd9ca65 100644 --- a/srcpkgs/openssh/template +++ b/srcpkgs/openssh/template @@ -1,7 +1,7 @@ # Template file for 'openssh' pkgname=openssh version=8.4p1 -revision=2 +revision=3 build_style=gnu-configure configure_args="--datadir=/usr/share/openssh --sysconfdir=/etc/ssh --without-selinux --with-privsep-user=nobody