Call restorecon on copied ~/.ssh/authorized_keys if possible, since some

SELinux policies require this (closes: #658675).
author: Colin Watson <cjwatson@debian.org> 2012-08-24 06:51:20 +0100
committer: Colin Watson <cjwatson@debian.org> 2012-08-24 06:51:20 +0100
commit: 01f52391c7edd110be9c00cda1861854921f0f36 (patch)
tree: 462871a6da81c13603508449ae786b807b775f3d /debian/patches
parent: 3ec2c116fbf387c31bd080b9b184339e2b34319d (diff)
2 files changed, 20 insertions, 0 deletions
diff --git a/debian/patches/copy-id-restorecon.patch b/debian/patches/copy-id-restorecon.patch
new file mode 100644
index 000000000..d26680c4a
--- /dev/null
+++ b/debian/patches/copy-id-restorecon.patch
@@ -0,0 +1,19 @@
+Description: Call restorecon on copied ~/.ssh/authorized_keys if possible
+Author: Tomas Mraz <tmraz@fedoraproject.org>
+Bug-Debian: http://bugs.debian.org/658675
+Bug-Fedora: https://bugzilla.redhat.com/show_bug.cgi?id=739989
+Last-Update: 2012-08-24
+Index: b/contrib/ssh-copy-id
+===================================================================
+--- a/contrib/ssh-copy-id
+++ b/contrib/ssh-copy-id
+@@ -41,7 +41,7 @@
+ # strip any trailing colon
+ host=`echo $1 | sed 's/:$//'`
+ 
+-{ eval "$GET_ID" ; } | ssh $host "umask 077; test -d ~/.ssh || mkdir ~/.ssh ; cat >> ~/.ssh/authorized_keys" || exit 1
+{ eval "$GET_ID" ; } | ssh $host "umask 077; test -d ~/.ssh || mkdir ~/.ssh ; cat >> ~/.ssh/authorized_keys && (test -x /sbin/restorecon && /sbin/restorecon ~/.ssh ~/.ssh/authorized_keys >/dev/null 2>&1 || true)" || exit 1
+ 
+ cat <<EOF
+ Now try logging into the machine, with "ssh '$host'", and check in:
diff --git a/debian/patches/series b/debian/patches/series
index d6bae11a0..f51fa2ce5 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -3,6 +3,7 @@ gssapi.patch
 # SELinux
 selinux-role.patch
+copy-id-restorecon.patch
 # Key blacklisting
 ssh-vulnkey.patch
author	Colin Watson <cjwatson@debian.org>	2012-08-24 06:51:20 +0100
committer	Colin Watson <cjwatson@debian.org>	2012-08-24 06:51:20 +0100
commit	01f52391c7edd110be9c00cda1861854921f0f36 (patch)
tree	462871a6da81c13603508449ae786b807b775f3d /debian/patches
parent	3ec2c116fbf387c31bd080b9b184339e2b34319d (diff)

diff --git a/debian/patches/copy-id-restorecon.patch b/debian/patches/copy-id-restorecon.patch new file mode 100644 index 000000000..d26680c4a --- /dev/null +++ b/debian/patches/copy-id-restorecon.patch
@@ -0,0 +1,19 @@
		1	Description: Call restorecon on copied ~/.ssh/authorized_keys if possible
		2	Author: Tomas Mraz <tmraz@fedoraproject.org>
		3	Bug-Debian: http://bugs.debian.org/658675
		4	Bug-Fedora: https://bugzilla.redhat.com/show_bug.cgi?id=739989
		5	Last-Update: 2012-08-24
		6
		7	Index: b/contrib/ssh-copy-id
		8	===================================================================
		9	--- a/contrib/ssh-copy-id
		10	+++ b/contrib/ssh-copy-id
		11	@@ -41,7 +41,7 @@
		12	# strip any trailing colon
		13	host=`echo $1 \| sed 's/:$//'`
		14
		15	-{ eval "$GET_ID" ; } \| ssh $host "umask 077; test -d ~/.ssh \|\| mkdir ~/.ssh ; cat >> ~/.ssh/authorized_keys" \|\| exit 1
		16	+{ eval "$GET_ID" ; } \| ssh $host "umask 077; test -d ~/.ssh \|\| mkdir ~/.ssh ; cat >> ~/.ssh/authorized_keys && (test -x /sbin/restorecon && /sbin/restorecon ~/.ssh ~/.ssh/authorized_keys >/dev/null 2>&1 \|\| true)" \|\| exit 1
		17
		18	cat <<EOF
		19	Now try logging into the machine, with "ssh '$host'", and check in:


diff --git a/debian/patches/series b/debian/patches/series index d6bae11a0..f51fa2ce5 100644 --- a/debian/patches/series +++ b/debian/patches/series
@@ -3,6 +3,7 @@ gssapi.patch
3		3
4	# SELinux	4	# SELinux
5	selinux-role.patch	5	selinux-role.patch
		6	copy-id-restorecon.patch
6		7
7	# Key blacklisting	8	# Key blacklisting
8	ssh-vulnkey.patch	9	ssh-vulnkey.patch