diff options
| author |   Ulrich Müller <ulm@gentoo.org> | 2024-10-14 12:33:32 +0200 |
|---|---|---|
| committer | Ulrich Müller <ulm@gentoo.org> | 2024-10-18 19:54:35 +0200 |
| commit | d78b4c787bd09872107c367299bd69b5eb2ea28e (patch) | |
| tree | 13544a7706c378e5447065ca20d6c1d5ff48d9e9 /eclass | |
| parent | cvs.eclass: Add local declarations and die statements throughout (diff) | |
| download | gentoo-d78b4c787bd09872107c367299bd69b5eb2ea28e.tar.gz gentoo-d78b4c787bd09872107c367299bd69b5eb2ea28e.tar.bz2 gentoo-d78b4c787bd09872107c367299bd69b5eb2ea28e.zip | |
cvs.eclass: Rewrite the ssh wrapper script in bash
OpenSSH version 8.4 and later supports the SSH_ASKPASS_REQUIRE
environment variable which allows to force the use of the SSH_ASKPASS
program. This makes detaching the process from its controlling terminal
(TIOCNOTTY ioctl) and setting the DISPLAY variable unnecessary.
Signed-off-by: Ulrich Müller <ulm@gentoo.org>
Diffstat (limited to 'eclass')
| -rw-r--r-- | eclass/cvs.eclass | 62 |
1 files changed, 17 insertions, 45 deletions
diff --git a/eclass/cvs.eclass b/eclass/cvs.eclass index ec0ad2ec8f71..1289ee54cc3b 100644 --- a/eclass/cvs.eclass +++ b/eclass/cvs.eclass @@ -192,7 +192,7 @@ if [[ ${ECVS_AUTH} == "ext" ]] ; then if [[ ${CVS_RSH} != "ssh" ]] ; then die "Support for ext auth with clients other than ssh has not been implemented yet" fi - BDEPEND+=" net-misc/openssh" + BDEPEND+=" >=net-misc/openssh-8.4" fi # @FUNCTION: cvs_fetch @@ -362,40 +362,9 @@ cvs_fetch() { # Hack to support SSH password authentication if [[ ${CVS_RSH} == "ssh" ]] ; then - # Force SSH to use SSH_ASKPASS by creating python wrapper - - local -x CVS_RSH="${T}/cvs_sshwrapper" - cat > "${CVS_RSH}" <<EOF || die -#!${EPREFIX}/usr/bin/python -import fcntl -import os -import sys -try: - fd = os.open('/dev/tty', 2) - TIOCNOTTY=0x5422 - try: - fcntl.ioctl(fd, TIOCNOTTY) - except: - pass - os.close(fd) -except: - pass -newarglist = sys.argv[:] -EOF - - # disable X11 forwarding which causes .xauth access violations - # - 20041205 Armando Di Cianno <fafhrd@gentoo.org> - echo "newarglist.insert(1, '-oClearAllForwardings=yes')" \ - >> "${CVS_RSH}" || die - echo "newarglist.insert(1, '-oForwardX11=no')" \ - >> "${CVS_RSH}" || die - # Handle SSH host key checking local known_hosts_file="${T}/cvs_ssh_known_hosts" - echo "newarglist.insert(1, '-oUserKnownHostsFile=${known_hosts_file}')" \ - >> "${CVS_RSH}" || die - local strict_host_key_checking if [[ -z ${ECVS_SSH_HOST_KEY} ]] ; then ewarn "Warning: The SSH host key of the remote server will not be verified." @@ -407,28 +376,31 @@ EOF echo "${ECVS_SSH_HOST_KEY}" > "${known_hosts_file}" || die fi - echo -n "newarglist.insert(1, '-oStrictHostKeyChecking=" \ - >> "${CVS_RSH}" || die - echo "${strict_host_key_checking}')" \ - >> "${CVS_RSH}" || die - echo "os.execv('${EPREFIX}/usr/bin/ssh', newarglist)" \ - >> "${CVS_RSH}" || die + # Create a wrapper script to pass additional options to SSH + # Disable X11 forwarding which causes .xauth access violations + local -x CVS_RSH="${T}/cvs_sshwrapper" + cat > "${CVS_RSH}" <<-EOF || die + #!${BROOT}/bin/bash + exec "${BROOT}/usr/bin/ssh" \\ + -oStrictHostKeyChecking=${strict_host_key_checking} \\ + -oUserKnownHostsFile="${known_hosts_file}" \\ + -oForwardX11=no \\ + -oClearAllForwardings=yes \\ + "\$@" + EOF chmod a+x "${CVS_RSH}" || die - # Make sure DISPLAY is set (SSH will not use SSH_ASKPASS - # if DISPLAY is not set) - - local -x DISPLAY="${DISPLAY:-DISPLAY}" - # Create a dummy executable to echo ${ECVS_PASS} local -x SSH_ASKPASS="${T}/cvs_sshechopass" + local -x SSH_ASKPASS_REQUIRE="force" + if [[ ${ECVS_AUTH} != "no" ]] ; then - echo -en "#!/bin/bash\necho \"${ECVS_PASS}\"\n" \ + echo -en "#!${BROOT}/bin/bash\necho \"${ECVS_PASS}\"\n" \ > "${SSH_ASKPASS}" || die else - echo -en "#!/bin/bash\nreturn\n" \ + echo -en "#!${BROOT}/bin/bash\nreturn\n" \ > "${SSH_ASKPASS}" || die fi chmod a+x "${SSH_ASKPASS}" || die |