From 01f52391c7edd110be9c00cda1861854921f0f36 Mon Sep 17 00:00:00 2001 From: Colin Watson Date: Fri, 24 Aug 2012 06:51:20 +0100 Subject: Call restorecon on copied ~/.ssh/authorized_keys if possible, since some SELinux policies require this (closes: #658675). --- debian/changelog | 2 ++ debian/patches/copy-id-restorecon.patch | 19 +++++++++++++++++++ debian/patches/series | 1 + 3 files changed, 22 insertions(+) create mode 100644 debian/patches/copy-id-restorecon.patch (limited to 'debian') diff --git a/debian/changelog b/debian/changelog index 9a307063f..f5bc6982b 100644 --- a/debian/changelog +++ b/debian/changelog @@ -2,6 +2,8 @@ openssh (1:6.0p1-3) UNRELEASED; urgency=low * debconf template translations: - Add Indonesian (thanks, Andika Triwidada; closes: #681670). + * Call restorecon on copied ~/.ssh/authorized_keys if possible, since some + SELinux policies require this (closes: #658675). -- Colin Watson Mon, 16 Jul 2012 11:43:15 +0100 diff --git a/debian/patches/copy-id-restorecon.patch b/debian/patches/copy-id-restorecon.patch new file mode 100644 index 000000000..d26680c4a --- /dev/null +++ b/debian/patches/copy-id-restorecon.patch @@ -0,0 +1,19 @@ +Description: Call restorecon on copied ~/.ssh/authorized_keys if possible +Author: Tomas Mraz +Bug-Debian: http://bugs.debian.org/658675 +Bug-Fedora: https://bugzilla.redhat.com/show_bug.cgi?id=739989 +Last-Update: 2012-08-24 + +Index: b/contrib/ssh-copy-id +=================================================================== +--- a/contrib/ssh-copy-id ++++ b/contrib/ssh-copy-id +@@ -41,7 +41,7 @@ + # strip any trailing colon + host=`echo $1 | sed 's/:$//'` + +-{ eval "$GET_ID" ; } | ssh $host "umask 077; test -d ~/.ssh || mkdir ~/.ssh ; cat >> ~/.ssh/authorized_keys" || exit 1 ++{ eval "$GET_ID" ; } | ssh $host "umask 077; test -d ~/.ssh || mkdir ~/.ssh ; cat >> ~/.ssh/authorized_keys && (test -x /sbin/restorecon && /sbin/restorecon ~/.ssh ~/.ssh/authorized_keys >/dev/null 2>&1 || true)" || exit 1 + + cat <