diff options
Diffstat (limited to 'debian/patches/conch-old-privkey-format.patch')
-rw-r--r-- | debian/patches/conch-old-privkey-format.patch | 43 |
1 files changed, 20 insertions, 23 deletions
diff --git a/debian/patches/conch-old-privkey-format.patch b/debian/patches/conch-old-privkey-format.patch index 40fe32898..6de8d391b 100644 --- a/debian/patches/conch-old-privkey-format.patch +++ b/debian/patches/conch-old-privkey-format.patch | |||
@@ -1,4 +1,4 @@ | |||
1 | From 9c01e0ae9889c05bfe68b2f1f1c5e5019e63ff0b Mon Sep 17 00:00:00 2001 | 1 | From 715b72009450c3448de10729817687c53554efb2 Mon Sep 17 00:00:00 2001 |
2 | From: Colin Watson <cjwatson@debian.org> | 2 | From: Colin Watson <cjwatson@debian.org> |
3 | Date: Thu, 30 Aug 2018 00:58:56 +0100 | 3 | Date: Thu, 30 Aug 2018 00:58:56 +0100 |
4 | Subject: Work around conch interoperability failure | 4 | Subject: Work around conch interoperability failure |
@@ -8,46 +8,43 @@ Twisted Conch fails to read private keys in the new format | |||
8 | can be fixed in Twisted. | 8 | can be fixed in Twisted. |
9 | 9 | ||
10 | Forwarded: not-needed | 10 | Forwarded: not-needed |
11 | Last-Update: 2018-08-30 | 11 | Last-Update: 2019-06-14 |
12 | 12 | ||
13 | Patch-Name: conch-old-privkey-format.patch | 13 | Patch-Name: conch-old-privkey-format.patch |
14 | --- | 14 | --- |
15 | regress/Makefile | 5 +++-- | 15 | regress/Makefile | 2 +- |
16 | regress/conch-ciphers.sh | 2 +- | 16 | regress/conch-ciphers.sh | 2 +- |
17 | regress/test-exec.sh | 12 ++++++++++++ | 17 | regress/test-exec.sh | 12 ++++++++++++ |
18 | 3 files changed, 16 insertions(+), 3 deletions(-) | 18 | 3 files changed, 14 insertions(+), 2 deletions(-) |
19 | 19 | ||
20 | diff --git a/regress/Makefile b/regress/Makefile | 20 | diff --git a/regress/Makefile b/regress/Makefile |
21 | index 925edf71a..6fdfcc8ca 100644 | 21 | index 781400fd0..491a3a46a 100644 |
22 | --- a/regress/Makefile | 22 | --- a/regress/Makefile |
23 | +++ b/regress/Makefile | 23 | +++ b/regress/Makefile |
24 | @@ -110,8 +110,9 @@ CLEANFILES= *.core actual agent-key.* authorized_keys_${USERNAME} \ | 24 | @@ -114,7 +114,7 @@ CLEANFILES= *.core actual agent-key.* authorized_keys_${USERNAME} \ |
25 | modpipe netcat no_identity_config \ | 25 | rsa_ssh2_crnl.prv scp-ssh-wrapper.exe \ |
26 | pidfile putty.rsa2 ready regress.log \ | ||
27 | remote_pid revoked-* rsa rsa-agent rsa-agent.pub rsa.pub \ | ||
28 | - rsa1 rsa1-agent rsa1-agent.pub rsa1.pub rsa_ssh2_cr.prv \ | ||
29 | - rsa_ssh2_crnl.prv scp-ssh-wrapper.exe \ | ||
30 | + rsa1 rsa1-agent rsa1-agent.pub rsa1.pub \ | ||
31 | + rsa_oldfmt rsa_oldfmt.pub \ | ||
32 | + rsa_ssh2_cr.prv rsa_ssh2_crnl.prv scp-ssh-wrapper.exe \ | ||
33 | scp-ssh-wrapper.scp setuid-allowed sftp-server.log \ | 26 | scp-ssh-wrapper.scp setuid-allowed sftp-server.log \ |
34 | sftp-server.sh sftp.log ssh-log-wrapper.sh ssh.log \ | 27 | sftp-server.sh sftp.log ssh-log-wrapper.sh \ |
35 | ssh_config ssh_config.* ssh_proxy ssh_proxy_bak \ | 28 | - ssh-rsa_oldfmt \ |
29 | + ssh-rsa_oldfmt ssh-rsa_oldfmt.pub \ | ||
30 | ssh.log ssh_config ssh_config.* ssh_proxy ssh_proxy_bak \ | ||
31 | ssh_proxy_envpass sshd.log sshd_config sshd_config_minimal \ | ||
32 | sshd_config.orig sshd_proxy sshd_proxy.* sshd_proxy_bak \ | ||
36 | diff --git a/regress/conch-ciphers.sh b/regress/conch-ciphers.sh | 33 | diff --git a/regress/conch-ciphers.sh b/regress/conch-ciphers.sh |
37 | index 199d863a0..c7df19fd4 100644 | 34 | index 51e3b705f..fa24552b0 100644 |
38 | --- a/regress/conch-ciphers.sh | 35 | --- a/regress/conch-ciphers.sh |
39 | +++ b/regress/conch-ciphers.sh | 36 | +++ b/regress/conch-ciphers.sh |
40 | @@ -16,7 +16,7 @@ for c in aes256-ctr aes256-cbc aes192-ctr aes192-cbc aes128-ctr aes128-cbc \ | 37 | @@ -16,7 +16,7 @@ for c in aes256-ctr aes256-cbc aes192-ctr aes192-cbc aes128-ctr aes128-cbc \ |
41 | rm -f ${COPY} | 38 | rm -f ${COPY} |
42 | # XXX the 2nd "cat" seems to be needed because of buggy FD handling | 39 | # XXX the 2nd "cat" seems to be needed because of buggy FD handling |
43 | # in conch | 40 | # in conch |
44 | - ${CONCH} --identity $OBJ/rsa --port $PORT --user $USER -e none \ | 41 | - ${CONCH} --identity $OBJ/ssh-rsa --port $PORT --user $USER -e none \ |
45 | + ${CONCH} --identity $OBJ/rsa_oldfmt --port $PORT --user $USER -e none \ | 42 | + ${CONCH} --identity $OBJ/ssh-rsa_oldfmt --port $PORT --user $USER -e none \ |
46 | --known-hosts $OBJ/known_hosts --notty --noagent --nox11 -n \ | 43 | --known-hosts $OBJ/known_hosts --notty --noagent --nox11 -n \ |
47 | 127.0.0.1 "cat ${DATA}" 2>/dev/null | cat > ${COPY} | 44 | 127.0.0.1 "cat ${DATA}" 2>/dev/null | cat > ${COPY} |
48 | if [ $? -ne 0 ]; then | 45 | if [ $? -ne 0 ]; then |
49 | diff --git a/regress/test-exec.sh b/regress/test-exec.sh | 46 | diff --git a/regress/test-exec.sh b/regress/test-exec.sh |
50 | index b8e2009de..08338121b 100644 | 47 | index efde6a173..83c7d02e6 100644 |
51 | --- a/regress/test-exec.sh | 48 | --- a/regress/test-exec.sh |
52 | +++ b/regress/test-exec.sh | 49 | +++ b/regress/test-exec.sh |
53 | @@ -500,6 +500,18 @@ REGRESS_INTEROP_CONCH=no | 50 | @@ -500,6 +500,18 @@ REGRESS_INTEROP_CONCH=no |
@@ -62,9 +59,9 @@ index b8e2009de..08338121b 100644 | |||
62 | +if test "$REGRESS_INTEROP_CONCH" = "yes" ; then | 59 | +if test "$REGRESS_INTEROP_CONCH" = "yes" ; then |
63 | + # Convert rsa key to old format to work around | 60 | + # Convert rsa key to old format to work around |
64 | + # https://twistedmatrix.com/trac/ticket/9515 | 61 | + # https://twistedmatrix.com/trac/ticket/9515 |
65 | + cp $OBJ/rsa $OBJ/rsa_oldfmt | 62 | + cp $OBJ/ssh-rsa $OBJ/ssh-rsa_oldfmt |
66 | + cp $OBJ/rsa.pub $OBJ/rsa_oldfmt.pub | 63 | + cp $OBJ/ssh-rsa.pub $OBJ/ssh-rsa_oldfmt.pub |
67 | + ${SSHKEYGEN} -p -N '' -m PEM -f $OBJ/rsa_oldfmt >/dev/null | 64 | + ${SSHKEYGEN} -p -N '' -m PEM -f $OBJ/ssh-rsa_oldfmt >/dev/null |
68 | +fi | 65 | +fi |
69 | 66 | ||
70 | # If PuTTY is present and we are running a PuTTY test, prepare keys and | 67 | # If PuTTY is present and we are running a PuTTY test, prepare keys and |