Bug#711215: openssh-client: ssh-copy-id improved

[Cristian Ionescu-Idbohrn <cristian.ionescu-idbohrn@axis.com>]

Package: openssh-client
Version: 1:6.2p2-3
Severity: normal
Tags: patch

A few patches for robustification of the script.
Seems like running the script with errexit reveals a dash bug.
Dash will ignore ckeck on $? in a subshell and exit with error.


-- System Information:
Debian Release: jessie/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.9-1-amd64 (SMP w/8 CPU cores)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/dash

Versions of packages openssh-client depends on:
ii  adduser           3.113+nmu3
ii  dpkg              1.16.10
ii  libc6             2.17-4
ii  libedit2          2.11-20080614-5
ii  libgssapi-krb5-2  1.10.1+dfsg-6
ii  libselinux1       2.1.13-2
ii  libssl1.0.0       1.0.1e-3
ii  passwd            1:4.1.5.1-1
ii  zlib1g            1:1.2.8.dfsg-1

Versions of packages openssh-client recommends:
ii  xauth  1:1.0.7-1

Versions of packages openssh-client suggests:
ii  keychain                         2.7.1-1
pn  libpam-ssh                       <none>
pn  monkeysphere                     <none>
ii  openssh-blacklist                0.4.1+nmu1
ii  openssh-blacklist-extra          0.4.1+nmu1
ii  ssh-askpass                      1:1.2.4.1-9
ii  ssh-askpass-gnome [ssh-askpass]  1:6.2p2-3

-- no debconf information


Cheers,

-- 
Cristian

From 8e9d55e6c980a455c349afcffde1c1ac104a778b Mon Sep 17 00:00:00 2001
From: Cristian Ionescu-Idbohrn <cristian.ionescu-idbohrn@axis.com>
Date: Wed, 5 Jun 2013 16:59:30 +0200
Subject: [PATCH 1/4] Cleanup end-of-line whitespace damage.

Signed-off-by: Cristian Ionescu-Idbohrn <cristian.ionescu-idbohrn@axis.com>
---
 ssh-copy-id |    4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/ssh-copy-id b/ssh-copy-id
index 9f2817b..4a88c26 100755
--- a/ssh-copy-id
+++ b/ssh-copy-id
@@ -161,7 +161,7 @@ do
       usage
       ;;
   esac
-done 
+done
 
 eval set -- "$SAVEARGS"
 
@@ -194,7 +194,7 @@ fi
 populate_new_ids() {
   local L_SUCCESS="$1"
 
-  # repopulate "$@" inside this function 
+  # repopulate "$@" inside this function
   eval set -- "$SSH_OPTS"
 
   umask 0177
-- 
1.7.10.4

From 083e07cd691c4de39c34d9e633cd9ba89b425219 Mon Sep 17 00:00:00 2001
From: Cristian Ionescu-Idbohrn <cristian.ionescu-idbohrn@axis.com>
Date: Wed, 5 Jun 2013 17:01:09 +0200
Subject: [PATCH 2/4] Remove bashism.

Signed-off-by: Cristian Ionescu-Idbohrn <cristian.ionescu-idbohrn@axis.com>
---
 ssh-copy-id |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ssh-copy-id b/ssh-copy-id
index 4a88c26..6078958 100755
--- a/ssh-copy-id
+++ b/ssh-copy-id
@@ -165,7 +165,7 @@ done
 
 eval set -- "$SAVEARGS"
 
-if [ $# == 0 ] ; then
+if [ $# -eq 0 ] ; then
   usage
 fi
 if [ $# != 1 ] ; then
-- 
1.7.10.4

From 931f89f491122b69f56d806fb96cda127c748407 Mon Sep 17 00:00:00 2001
From: Cristian Ionescu-Idbohrn <cristian.ionescu-idbohrn@axis.com>
Date: Wed, 5 Jun 2013 17:06:13 +0200
Subject: [PATCH 3/4] Correct some "parameter not set" errors revealed by `set
 -u'.

Signed-off-by: Cristian Ionescu-Idbohrn <cristian.ionescu-idbohrn@axis.com>
---
 ssh-copy-id |    5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/ssh-copy-id b/ssh-copy-id
index 6078958..49c3842 100755
--- a/ssh-copy-id
+++ b/ssh-copy-id
@@ -95,7 +95,7 @@ fi
 
 while test "$#" -gt 0
 do
-  [ "${SEEN_OPT_I}" ] && expr "$1" : "[-]i" >/dev/null && {
+  [ "${SEEN_OPT_I:-}" ] && expr "$1" : "[-]i" >/dev/null && {
         printf "\n%s: ERROR: -i option must not be specified more than once\n\n" "$0"
         usage
   }
@@ -162,8 +162,9 @@ do
       ;;
   esac
 done
+DRY_RUN=${DRY_RUN:-}
 
-eval set -- "$SAVEARGS"
+eval set -- "${SAVEARGS:-}"
 
 if [ $# -eq 0 ] ; then
   usage
-- 
1.7.10.4

From 22612bd1367b064b3dda144226bb26bfb1ba94b0 Mon Sep 17 00:00:00 2001
From: Cristian Ionescu-Idbohrn <cristian.ionescu-idbohrn@axis.com>
Date: Wed, 5 Jun 2013 17:10:46 +0200
Subject: [PATCH 4/4] Workaround dash bug revealed by running with `set -e'.

The subshell exits with error status, even though '$?' is tested
immediately.

Signed-off-by: Cristian Ionescu-Idbohrn <cristian.ionescu-idbohrn@axis.com>
---
 ssh-copy-id |    5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/ssh-copy-id b/ssh-copy-id
index 49c3842..30fe4be 100755
--- a/ssh-copy-id
+++ b/ssh-copy-id
@@ -215,10 +215,11 @@ populate_new_ids() {
         # assumption will break if we implement the possibility of multiple -i options.
         # The point being that if file based, ssh needs the private key, which it cannot
         # find if only given the contents of the .pub file in an unrelated tmpfile
+	err=0
         ssh -i "${PRIV_ID_FILE:-$L_TMP_ID_FILE}" \
             -o PreferredAuthentications=publickey \
-            -o IdentitiesOnly=yes "$@" exit 2>$L_TMP_ID_FILE.stderr </dev/null
-        if [ "$?" = "$L_SUCCESS" ] ; then
+            -o IdentitiesOnly=yes "$@" exit 2>$L_TMP_ID_FILE.stderr </dev/null || err=$?
+        if [ $err = "$L_SUCCESS" ] ; then
           : > $L_TMP_ID_FILE
         else
           grep 'Permission denied' $L_TMP_ID_FILE.stderr >/dev/null || {
-- 
1.7.10.4