From 01f52391c7edd110be9c00cda1861854921f0f36 Mon Sep 17 00:00:00 2001
From: Colin Watson <cjwatson@debian.org>
Date: Fri, 24 Aug 2012 06:51:20 +0100
Subject: Call restorecon on copied ~/.ssh/authorized_keys if possible, since
 some SELinux policies require this (closes: #658675).

---
 contrib/ssh-copy-id                     |  2 +-
 debian/changelog                        |  2 ++
 debian/patches/copy-id-restorecon.patch | 19 +++++++++++++++++++
 debian/patches/series                   |  1 +
 4 files changed, 23 insertions(+), 1 deletion(-)
 create mode 100644 debian/patches/copy-id-restorecon.patch

diff --git a/contrib/ssh-copy-id b/contrib/ssh-copy-id
index 9451aceec..86d037abd 100644
--- a/contrib/ssh-copy-id
+++ b/contrib/ssh-copy-id
@@ -41,7 +41,7 @@ fi
 # strip any trailing colon
 host=`echo $1 | sed 's/:$//'`
 
-{ eval "$GET_ID" ; } | ssh $host "umask 077; test -d ~/.ssh || mkdir ~/.ssh ; cat >> ~/.ssh/authorized_keys" || exit 1
+{ eval "$GET_ID" ; } | ssh $host "umask 077; test -d ~/.ssh || mkdir ~/.ssh ; cat >> ~/.ssh/authorized_keys && (test -x /sbin/restorecon && /sbin/restorecon ~/.ssh ~/.ssh/authorized_keys >/dev/null 2>&1 || true)" || exit 1
 
 cat <<EOF
 Now try logging into the machine, with "ssh '$host'", and check in:
diff --git a/debian/changelog b/debian/changelog
index 9a307063f..f5bc6982b 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -2,6 +2,8 @@ openssh (1:6.0p1-3) UNRELEASED; urgency=low
 
   * debconf template translations:
     - Add Indonesian (thanks, Andika Triwidada; closes: #681670).
+  * Call restorecon on copied ~/.ssh/authorized_keys if possible, since some
+    SELinux policies require this (closes: #658675).
 
  -- Colin Watson <cjwatson@debian.org>  Mon, 16 Jul 2012 11:43:15 +0100
 
diff --git a/debian/patches/copy-id-restorecon.patch b/debian/patches/copy-id-restorecon.patch
new file mode 100644
index 000000000..d26680c4a
--- /dev/null
+++ b/debian/patches/copy-id-restorecon.patch
@@ -0,0 +1,19 @@
+Description: Call restorecon on copied ~/.ssh/authorized_keys if possible
+Author: Tomas Mraz <tmraz@fedoraproject.org>
+Bug-Debian: http://bugs.debian.org/658675
+Bug-Fedora: https://bugzilla.redhat.com/show_bug.cgi?id=739989
+Last-Update: 2012-08-24
+
+Index: b/contrib/ssh-copy-id
+===================================================================
+--- a/contrib/ssh-copy-id
++++ b/contrib/ssh-copy-id
+@@ -41,7 +41,7 @@
+ # strip any trailing colon
+ host=`echo $1 | sed 's/:$//'`
+ 
+-{ eval "$GET_ID" ; } | ssh $host "umask 077; test -d ~/.ssh || mkdir ~/.ssh ; cat >> ~/.ssh/authorized_keys" || exit 1
++{ eval "$GET_ID" ; } | ssh $host "umask 077; test -d ~/.ssh || mkdir ~/.ssh ; cat >> ~/.ssh/authorized_keys && (test -x /sbin/restorecon && /sbin/restorecon ~/.ssh ~/.ssh/authorized_keys >/dev/null 2>&1 || true)" || exit 1
+ 
+ cat <<EOF
+ Now try logging into the machine, with "ssh '$host'", and check in:
diff --git a/debian/patches/series b/debian/patches/series
index d6bae11a0..f51fa2ce5 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -3,6 +3,7 @@ gssapi.patch
 
 # SELinux
 selinux-role.patch
+copy-id-restorecon.patch
 
 # Key blacklisting
 ssh-vulnkey.patch
-- 
cgit v1.2.3