summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorColin Watson <cjwatson@debian.org>2012-08-24 06:51:20 +0100
committerColin Watson <cjwatson@debian.org>2012-08-24 06:51:20 +0100
commit01f52391c7edd110be9c00cda1861854921f0f36 (patch)
tree462871a6da81c13603508449ae786b807b775f3d
parent3ec2c116fbf387c31bd080b9b184339e2b34319d (diff)
Call restorecon on copied ~/.ssh/authorized_keys if possible, since some
SELinux policies require this (closes: #658675).
Diffstat
-rw-r--r--contrib/ssh-copy-id2
-rw-r--r--debian/changelog2
-rw-r--r--debian/patches/copy-id-restorecon.patch19
-rw-r--r--debian/patches/series1
4 files changed, 23 insertions, 1 deletions
diff --git a/contrib/ssh-copy-id b/contrib/ssh-copy-id
index 9451aceec..86d037abd 100644
--- a/contrib/ssh-copy-id
+++ b/contrib/ssh-copy-id
@@ -41,7 +41,7 @@ fi
41# strip any trailing colon 41# strip any trailing colon
42host=`echo $1 | sed 's/:$//'` 42host=`echo $1 | sed 's/:$//'`
43 43
44{ eval "$GET_ID" ; } | ssh $host "umask 077; test -d ~/.ssh || mkdir ~/.ssh ; cat >> ~/.ssh/authorized_keys" || exit 1 44{ eval "$GET_ID" ; } | ssh $host "umask 077; test -d ~/.ssh || mkdir ~/.ssh ; cat >> ~/.ssh/authorized_keys && (test -x /sbin/restorecon && /sbin/restorecon ~/.ssh ~/.ssh/authorized_keys >/dev/null 2>&1 || true)" || exit 1
45 45
46cat <<EOF 46cat <<EOF
47Now try logging into the machine, with "ssh '$host'", and check in: 47Now try logging into the machine, with "ssh '$host'", and check in:
diff --git a/debian/changelog b/debian/changelog
index 9a307063f..f5bc6982b 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -2,6 +2,8 @@ openssh (1:6.0p1-3) UNRELEASED; urgency=low
2 2
3 * debconf template translations: 3 * debconf template translations:
4 - Add Indonesian (thanks, Andika Triwidada; closes: #681670). 4 - Add Indonesian (thanks, Andika Triwidada; closes: #681670).
5 * Call restorecon on copied ~/.ssh/authorized_keys if possible, since some
6 SELinux policies require this (closes: #658675).
5 7
6 -- Colin Watson <cjwatson@debian.org> Mon, 16 Jul 2012 11:43:15 +0100 8 -- Colin Watson <cjwatson@debian.org> Mon, 16 Jul 2012 11:43:15 +0100
7 9
diff --git a/debian/patches/copy-id-restorecon.patch b/debian/patches/copy-id-restorecon.patch
new file mode 100644
index 000000000..d26680c4a
--- /dev/null
+++ b/debian/patches/copy-id-restorecon.patch
@@ -0,0 +1,19 @@
1Description: Call restorecon on copied ~/.ssh/authorized_keys if possible
2Author: Tomas Mraz <tmraz@fedoraproject.org>
3Bug-Debian: http://bugs.debian.org/658675
4Bug-Fedora: https://bugzilla.redhat.com/show_bug.cgi?id=739989
5Last-Update: 2012-08-24
6
7Index: b/contrib/ssh-copy-id
8===================================================================
9--- a/contrib/ssh-copy-id
10+++ b/contrib/ssh-copy-id
11@@ -41,7 +41,7 @@
12 # strip any trailing colon
13 host=`echo $1 | sed 's/:$//'`
14
15-{ eval "$GET_ID" ; } | ssh $host "umask 077; test -d ~/.ssh || mkdir ~/.ssh ; cat >> ~/.ssh/authorized_keys" || exit 1
16+{ eval "$GET_ID" ; } | ssh $host "umask 077; test -d ~/.ssh || mkdir ~/.ssh ; cat >> ~/.ssh/authorized_keys && (test -x /sbin/restorecon && /sbin/restorecon ~/.ssh ~/.ssh/authorized_keys >/dev/null 2>&1 || true)" || exit 1
17
18 cat <<EOF
19 Now try logging into the machine, with "ssh '$host'", and check in:
diff --git a/debian/patches/series b/debian/patches/series
index d6bae11a0..f51fa2ce5 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -3,6 +3,7 @@ gssapi.patch
3 3
4# SELinux 4# SELinux
5selinux-role.patch 5selinux-role.patch
6copy-id-restorecon.patch
6 7
7# Key blacklisting 8# Key blacklisting
8ssh-vulnkey.patch 9ssh-vulnkey.patch
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-08 05:20:02 +0000