diff options
Diffstat (limited to 'infra/libkookie/nixpkgs/pkgs/tools/networking/openssh')
-rw-r--r-- | infra/libkookie/nixpkgs/pkgs/tools/networking/openssh/default.nix | 13 | ||||
-rw-r--r-- | infra/libkookie/nixpkgs/pkgs/tools/networking/openssh/ssh-copy-id-fix-eof.patch | 21 |
2 files changed, 29 insertions, 5 deletions
diff --git a/infra/libkookie/nixpkgs/pkgs/tools/networking/openssh/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/networking/openssh/default.nix index 64e6757891e3..f8a518ca4dce 100644 --- a/infra/libkookie/nixpkgs/pkgs/tools/networking/openssh/default.nix +++ b/infra/libkookie/nixpkgs/pkgs/tools/networking/openssh/default.nix @@ -19,13 +19,13 @@ let - version = "8.3p1"; + version = "8.4p1"; # **please** update this patch when you update to a new openssh release. gssapiPatch = fetchpatch { name = "openssh-gssapi.patch"; - url = "https://salsa.debian.org/ssh-team/openssh/raw/debian/1%25${version}-1/debian/patches/gssapi.patch"; - sha256 = "0j22ccg6msyi88mpsb6x0il5cg8v2b7qdah57ninbwx5isyld80l"; + url = "https://salsa.debian.org/ssh-team/openssh/raw/debian/1%25${version}-2/debian/patches/gssapi.patch"; + sha256 = "1z1ckzimlkm1dmr9f5fqjnjg28gsqcwx6xka0klak857548d2lp2"; }; in @@ -37,12 +37,12 @@ stdenv.mkDerivation rec { src = if hpnSupport then fetchurl { url = "https://github.com/rapier1/openssh-portable/archive/hpn-KitchenSink-${replaceStrings [ "." "p" ] [ "_" "_P" ] version}.tar.gz"; - sha256 = "1ssdwgdxnvjwigisqi8c053znps5a4jf7bzsi99y0xyfzbw0x55k"; + sha256 = "1x2afjy1isslbg7qlvhhs4zhj2c8q2h1ljz0fc5b4h9pqcm9j540"; } else fetchurl { url = "mirror://openbsd/OpenSSH/portable/${pname}-${version}.tar.gz"; - sha256 = "1cl74ghi9y21dc3f4xa0qamb7dhwacbynh1ks9syprrg8zhgpgpj"; + sha256 = "091b3pxdlj47scxx6kkf4agkx8c8sdacdxx8m1dw1cby80pd40as"; }; patches = @@ -53,6 +53,9 @@ stdenv.mkDerivation rec { ./dont_create_privsep_path.patch ./ssh-keysign.patch + + # See https://github.com/openssh/openssh-portable/pull/206 + ./ssh-copy-id-fix-eof.patch ] ++ optional withGssapiPatches (assert withKerberos; gssapiPatch); diff --git a/infra/libkookie/nixpkgs/pkgs/tools/networking/openssh/ssh-copy-id-fix-eof.patch b/infra/libkookie/nixpkgs/pkgs/tools/networking/openssh/ssh-copy-id-fix-eof.patch new file mode 100644 index 000000000000..4ba2b562f556 --- /dev/null +++ b/infra/libkookie/nixpkgs/pkgs/tools/networking/openssh/ssh-copy-id-fix-eof.patch @@ -0,0 +1,21 @@ +diff --git a/contrib/ssh-copy-id b/contrib/ssh-copy-id +index 392f64f..a769077 100644 +--- a/contrib/ssh-copy-id ++++ b/contrib/ssh-copy-id +@@ -247,7 +247,7 @@ installkeys_sh() { + # the -z `tail ...` checks for a trailing newline. The echo adds one if was missing + # the cat adds the keys we're getting via STDIN + # and if available restorecon is used to restore the SELinux context +- INSTALLKEYS_SH=$(tr '\t\n' ' ' <<-EOF) ++ INSTALLKEYS_SH=$(tr '\t\n' ' ' <<-EOF + cd; + umask 077; + mkdir -p $(dirname "${AUTH_KEY_FILE}") && +@@ -258,6 +258,7 @@ installkeys_sh() { + restorecon -F .ssh ${AUTH_KEY_FILE}; + fi + EOF ++ ) + + # to defend against quirky remote shells: use 'exec sh -c' to get POSIX; + printf "exec sh -c '%s'" "${INSTALLKEYS_SH}" |