[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#982392: marked as done (ssh-copy-id: create ~/.ssh with default SELinux context)



Your message dated Tue, 16 Feb 2021 22:49:50 +0100
with message-id <CAJ2a_Dc7peQoT9s_L-_O7nRTOYmsT8cuN2YQbLwjCLPOCmuYqg@mail.gmail.com>
and subject line Re: Bug#982392: ssh-copy-id: create ~/.ssh with default SELinux context
has caused the Debian Bug report #982392,
regarding ssh-copy-id: create ~/.ssh with default SELinux context
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
982392: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982392
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
Package: openssh-client
Version: 1:8.4p1-3
File: /usr/bin/ssh-copy-id
User: selinux-devel@lists.alioth.debian.org
Usertags: selinux

Dear Maintainer,

ssh-copy-id(1) does create the directory ~/.ssh if it not already
exists. It also runs later, if available, restorecon(8) on the
directory, to correct the SELinux context of it.
It would however be idiomatic to create the directory already with the
default SELinux context, to prepare for restorecon failures and avoid
potential races.

Best regards,
    Christian Göttsche

--- /usr/bin/ssh-copy-id        2021-02-09 17:19:48.653799557 +0100
+++ ssh-copy-id 2021-02-09 17:45:38.360891272 +0100
@@ -250,7 +250,7 @@
  INSTALLKEYS_SH=$(tr '\t\n' ' ' <<-EOF
       cd;
       umask 077;
-       mkdir -p $(dirname "${AUTH_KEY_FILE}") &&
+       mkdir -pZ $(dirname "${AUTH_KEY_FILE}") &&
         { [ -z \`tail -1c ${AUTH_KEY_FILE} 2>/dev/null\` ] || echo >>
${AUTH_KEY_FILE}; } &&
         cat >> ${AUTH_KEY_FILE} ||
         exit 1;

--- End Message ---
--- Begin Message ---
> This code is run on the remote system.  Therefore, won't this break
> ssh-copy-id against remote systems that lack mkdir -Z, such as systems
> with coreutils < 8.22 (released towards the end of 2013, which is
> certainly a while ago now but there are still systems in extended
> support that lack it, such as Ubuntu 14.04), or indeed systems with
> non-GNU versions of mkdir?

True, this script needs to be portable with non-Linux systems.
It's probably not worth adding extra logic to detect support of the
'-Z' option of mkdir.

--- End Message ---

Reply to: