diff options
Diffstat (limited to 'debian/patches/conch-old-privkey-format.patch')
| -rw-r--r-- | debian/patches/conch-old-privkey-format.patch | 71 |
1 files changed, 71 insertions, 0 deletions
diff --git a/debian/patches/conch-old-privkey-format.patch b/debian/patches/conch-old-privkey-format.patch new file mode 100644 index 000000000..90bb3e995 --- /dev/null +++ b/debian/patches/conch-old-privkey-format.patch | |||
| @@ -0,0 +1,71 @@ | |||
| 1 | From 1d2a55436d4b556269f42ad5f7e16608b5a8ed74 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Colin Watson <cjwatson@debian.org> | ||
| 3 | Date: Thu, 30 Aug 2018 00:58:56 +0100 | ||
| 4 | Subject: Work around conch interoperability failure | ||
| 5 | |||
| 6 | Twisted Conch fails to read private keys in the new format | ||
| 7 | (https://twistedmatrix.com/trac/ticket/9515). Work around this until it | ||
| 8 | can be fixed in Twisted. | ||
| 9 | |||
| 10 | Forwarded: not-needed | ||
| 11 | Last-Update: 2018-08-30 | ||
| 12 | |||
| 13 | Patch-Name: conch-old-privkey-format.patch | ||
| 14 | --- | ||
| 15 | regress/Makefile | 5 +++-- | ||
| 16 | regress/conch-ciphers.sh | 2 +- | ||
| 17 | regress/test-exec.sh | 12 ++++++++++++ | ||
| 18 | 3 files changed, 16 insertions(+), 3 deletions(-) | ||
| 19 | |||
| 20 | diff --git a/regress/Makefile b/regress/Makefile | ||
| 21 | index 647b4a049..6e462a4f6 100644 | ||
| 22 | --- a/regress/Makefile | ||
| 23 | +++ b/regress/Makefile | ||
| 24 | @@ -110,8 +110,9 @@ CLEANFILES= *.core actual agent-key.* authorized_keys_${USERNAME} \ | ||
| 25 | modpipe netcat no_identity_config \ | ||
| 26 | pidfile putty.rsa2 ready regress.log \ | ||
| 27 | remote_pid revoked-* rsa rsa-agent rsa-agent.pub rsa.pub \ | ||
| 28 | - rsa1 rsa1-agent rsa1-agent.pub rsa1.pub rsa_ssh2_cr.prv \ | ||
| 29 | - rsa_ssh2_crnl.prv scp-ssh-wrapper.exe \ | ||
| 30 | + rsa1 rsa1-agent rsa1-agent.pub rsa1.pub \ | ||
| 31 | + rsa_oldfmt rsa_oldfmt.pub \ | ||
| 32 | + rsa_ssh2_cr.prv rsa_ssh2_crnl.prv scp-ssh-wrapper.exe \ | ||
| 33 | scp-ssh-wrapper.scp setuid-allowed sftp-server.log \ | ||
| 34 | sftp-server.sh sftp.log ssh-log-wrapper.sh ssh.log \ | ||
| 35 | ssh_config ssh_config.* ssh_proxy ssh_proxy_bak \ | ||
| 36 | diff --git a/regress/conch-ciphers.sh b/regress/conch-ciphers.sh | ||
| 37 | index 199d863a0..c7df19fd4 100644 | ||
| 38 | --- a/regress/conch-ciphers.sh | ||
| 39 | +++ b/regress/conch-ciphers.sh | ||
| 40 | @@ -16,7 +16,7 @@ for c in aes256-ctr aes256-cbc aes192-ctr aes192-cbc aes128-ctr aes128-cbc \ | ||
| 41 | rm -f ${COPY} | ||
| 42 | # XXX the 2nd "cat" seems to be needed because of buggy FD handling | ||
| 43 | # in conch | ||
| 44 | - ${CONCH} --identity $OBJ/rsa --port $PORT --user $USER -e none \ | ||
| 45 | + ${CONCH} --identity $OBJ/rsa_oldfmt --port $PORT --user $USER -e none \ | ||
| 46 | --known-hosts $OBJ/known_hosts --notty --noagent --nox11 -n \ | ||
| 47 | 127.0.0.1 "cat ${DATA}" 2>/dev/null | cat > ${COPY} | ||
| 48 | if [ $? -ne 0 ]; then | ||
| 49 | diff --git a/regress/test-exec.sh b/regress/test-exec.sh | ||
| 50 | index 40d46e3cd..1bbd47f25 100644 | ||
| 51 | --- a/regress/test-exec.sh | ||
| 52 | +++ b/regress/test-exec.sh | ||
| 53 | @@ -504,6 +504,18 @@ REGRESS_INTEROP_CONCH=no | ||
| 54 | if test -x "$CONCH" ; then | ||
| 55 | REGRESS_INTEROP_CONCH=yes | ||
| 56 | fi | ||
| 57 | +case "$SCRIPT" in | ||
| 58 | +*conch*) ;; | ||
| 59 | +*) REGRESS_INTEROP_CONCH=no | ||
| 60 | +esac | ||
| 61 | + | ||
| 62 | +if test "$REGRESS_INTEROP_CONCH" = "yes" ; then | ||
| 63 | + # Convert rsa key to old format to work around | ||
| 64 | + # https://twistedmatrix.com/trac/ticket/9515 | ||
| 65 | + cp $OBJ/rsa $OBJ/rsa_oldfmt | ||
| 66 | + cp $OBJ/rsa.pub $OBJ/rsa_oldfmt.pub | ||
| 67 | + ${SSHKEYGEN} -p -N '' -m PEM -f $OBJ/rsa_oldfmt >/dev/null | ||
| 68 | +fi | ||
| 69 | |||
| 70 | # If PuTTY is present and we are running a PuTTY test, prepare keys and | ||
| 71 | # configuration | ||