summaryrefslogtreecommitdiff
path: root/debian/patches/conch-old-privkey-format.patch
blob: e018ac6393be1be9b02ec3f3f7083ea4800424d7 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
From bbce4380e516e8bfed1ae09af0bc3661e427794a Mon Sep 17 00:00:00 2001
From: Colin Watson <cjwatson@debian.org>
Date: Thu, 30 Aug 2018 00:58:56 +0100
Subject: Work around conch interoperability failure

Twisted Conch fails to read private keys in the new format
(https://twistedmatrix.com/trac/ticket/9515).  Work around this until it
can be fixed in Twisted.

Forwarded: not-needed
Last-Update: 2019-10-09

Patch-Name: conch-old-privkey-format.patch
---
 regress/Makefile         |  2 +-
 regress/conch-ciphers.sh |  2 +-
 regress/test-exec.sh     | 12 ++++++++++++
 3 files changed, 14 insertions(+), 2 deletions(-)

diff --git a/regress/Makefile b/regress/Makefile
index 34c47e8cb..17e0a06e8 100644
--- a/regress/Makefile
+++ b/regress/Makefile
@@ -119,7 +119,7 @@ CLEANFILES=	*.core actual agent-key.* authorized_keys_${USERNAME} \
 		rsa_ssh2_crnl.prv scp-ssh-wrapper.exe \
 		scp-ssh-wrapper.scp setuid-allowed sftp-server.log \
 		sftp-server.sh sftp.log ssh-log-wrapper.sh ssh.log \
-		ssh-rsa_oldfmt \
+		ssh-rsa_oldfmt ssh-rsa_oldfmt.pub \
 		ssh_config ssh_config.* ssh_proxy ssh_proxy_bak \
 		ssh_proxy_envpass sshd.log sshd_config sshd_config_minimal \
 		sshd_config.orig sshd_proxy sshd_proxy.* sshd_proxy_bak \
diff --git a/regress/conch-ciphers.sh b/regress/conch-ciphers.sh
index 6678813a2..6ff5da20b 100644
--- a/regress/conch-ciphers.sh
+++ b/regress/conch-ciphers.sh
@@ -16,7 +16,7 @@ for c in aes256-ctr aes256-cbc aes192-ctr aes192-cbc aes128-ctr aes128-cbc \
 	rm -f ${COPY}
 	# XXX the 2nd "cat" seems to be needed because of buggy FD handling
 	# in conch
-	${CONCH} --identity $OBJ/ssh-rsa --port $PORT --user $USER -e none \
+	${CONCH} --identity $OBJ/ssh-rsa_oldfmt --port $PORT --user $USER -e none \
 	    --known-hosts $OBJ/known_hosts --notty --noagent --nox11 -n \
 	    127.0.0.1 "cat ${DATA}" 2>/dev/null | cat > ${COPY}
 	if [ $? -ne 0 ]; then
diff --git a/regress/test-exec.sh b/regress/test-exec.sh
index 508b93284..5e48bfbe3 100644
--- a/regress/test-exec.sh
+++ b/regress/test-exec.sh
@@ -510,6 +510,18 @@ REGRESS_INTEROP_CONCH=no
 if test -x "$CONCH" ; then
 	REGRESS_INTEROP_CONCH=yes
 fi
+case "$SCRIPT" in
+*conch*)	;;
+*)		REGRESS_INTEROP_CONCH=no
+esac
+
+if test "$REGRESS_INTEROP_CONCH" = "yes" ; then
+	# Convert rsa key to old format to work around
+	# https://twistedmatrix.com/trac/ticket/9515
+	cp $OBJ/ssh-rsa $OBJ/ssh-rsa_oldfmt
+	cp $OBJ/ssh-rsa.pub $OBJ/ssh-rsa_oldfmt.pub
+	${SSHKEYGEN} -p -N '' -m PEM -f $OBJ/ssh-rsa_oldfmt >/dev/null
+fi
 
 # If PuTTY is present and we are running a PuTTY test, prepare keys and
 # configuration