[MacPorts] #27250: Add OpenSSH GSSAPI key exchange patch
#27250: Add OpenSSH GSSAPI key exchange patch ---------------------------------+------------------------------------------ Reporter: lassi.tuura@… | Owner: macports-tickets@… Type: enhancement | Status: new Priority: Normal | Milestone: Component: ports | Version: 1.9.2 Keywords: | Port: openssh ---------------------------------+------------------------------------------ Would it be possible to build openssh with patches from http://www.sxw.org.uk/computing/patches/ or at least provide a variant which includes the patch? In particular it adds support for GSSAPITrustDNS option, which OS X system SSH appears to be built with and which is very useful for working in Kerberos V5 environment. Or more accurately put ssh without that option isn't really very useful in Kerberos V5 environment where DNS aliased host names are common, e.g. for load balanced ones. From http://paste.lisp.org/display/64135 it looks like the predecessor patch might have been included before, but I can't find any corresponding section in revision log of openssh port file. I took the patch for 5.3p1 from http://www.sxw.org.uk/computing/patches/openssh-5.3p1-gsskex- all-20100124.patch, adapted it to OpenSSH 5.6p1 code (Makefile.in, key.h and key.c need trivial patch updates), and attached it to this ticket. -- Ticket URL: <https://trac.macports.org/ticket/27250> MacPorts <http://www.macports.org/> Ports system for Mac OS
#27250: Add OpenSSH GSSAPI key exchange patch ---------------------------------+------------------------------------------ Reporter: lassi.tuura@… | Owner: jwa@… Type: enhancement | Status: new Priority: Normal | Milestone: Component: ports | Version: Keywords: haspatch | Port: openssh ---------------------------------+------------------------------------------ Changes (by macsforever2000@…): * keywords: => haspatch * owner: macports-tickets@… => jwa@… * version: 1.9.2 => -- Ticket URL: <https://trac.macports.org/ticket/27250#comment:1> MacPorts <http://www.macports.org/> Ports system for Mac OS
#27250: Add OpenSSH GSSAPI key exchange patch ---------------------------------+------------------------------------------ Reporter: lassi.tuura@… | Owner: jwa@… Type: enhancement | Status: new Priority: Normal | Milestone: Component: ports | Version: Keywords: haspatch | Port: openssh ---------------------------------+------------------------------------------ Comment(by lassi.tuura@…): I've added patches to portfile and to add to 'files' directory, for openssh currently in use in macports (5.9p1). The gsskex patch is just a refreshed version of swx.org.uk one (there is no patch for 5.9p1 there). The second apple-keychain.patch contains selected subset of differences between standard openssh and Apple's version, most notably the automatic integration with keychain, as per running diff against the version available from www.opensource.apple.com/source/OpenSSH. As far as I understand the license in the additional source files, they are ok for distribution in macports (= Apple BSD license). I didn't include quite all the differences, as some seemed deprecated (SACL), others can't be compiled without apparently internal private sources (__APPLE_CROSS_REALM__ requires OpenDirectoryPriv.h), others are effectively already in openssh (sandboxing). I can't really vouch for some of the additional configury options, but that's what the opensource version used. The second patch only applies after the gsskex one. I'd really appreciate if these patches, or some derivative of them, could be applied to the macports version. -- Ticket URL: <https://trac.macports.org/ticket/27250#comment:2> MacPorts <http://www.macports.org/> Ports system for Mac OS
#27250: Add OpenSSH GSSAPI key exchange patch ---------------------------------+------------------------------------------ Reporter: lassi.tuura@… | Owner: jwa@… Type: enhancement | Status: new Priority: Normal | Milestone: Component: ports | Version: Keywords: haspatch | Port: openssh ---------------------------------+------------------------------------------ Comment(by vkuznet@…): Please include those patches into next macport upgrade. -- Ticket URL: <https://trac.macports.org/ticket/27250#comment:8> MacPorts <http://www.macports.org/> Ports system for Mac OS
#27250: Add OpenSSH GSSAPI key exchange patch ---------------------------------+------------------------------------------ Reporter: lassi.tuura@… | Owner: jwa@… Type: enhancement | Status: new Priority: Normal | Milestone: Component: ports | Version: Keywords: haspatch | Port: openssh ---------------------------------+------------------------------------------ Comment(by matty2fatty@…): Would it be possible to spell out how to include the provided patches so that they are automatically applied by macports? I've looked over the official docs and tried editing the portfile in seemingly reasonable ways, but things don't seem to be working. I'm particularly interested in getting the GSSAPIKeyExchange business working. -- Ticket URL: <https://trac.macports.org/ticket/27250#comment:12> MacPorts <http://www.macports.org/> Ports system for Mac OS
#27250: Add OpenSSH GSSAPI key exchange patch ---------------------------------+------------------------------------------ Reporter: lassi.tuura@… | Owner: jwa@… Type: enhancement | Status: new Priority: Normal | Milestone: Component: ports | Version: Keywords: haspatch | Port: openssh ---------------------------------+------------------------------------------ Comment(by lassi.tuura@…): Say you want to keep your private port modifications in ~/Dev/MacPorts, and openssh would be in ~/Dev/MacPorts/openssh, something like this should work assuming you've downloaded into ~/Downloads [attachment:ticket:27250:Portfile2.patch Portfile2.patch], [attachment:ticket:27250:0001-GSS-key-exchange-patch.patch 0001-GSS-key- exchange-patch.patch] and [attachment:ticket:27250:0002-Apple-keychain- integration-other-changes.patch 0002-Apple-keychain-integration-other- changes.patch]: {{{ #!sh mkdir -p ~/Dev/MacPorts/openssh rsync -av /opt/local/var/macports/sources/rsync.macports.org/release/ports/net/openssh/ ~/Dev/MacPorts/openssh/ cd ~/Dev/MacPorts/openssh patch < ~/Downloads/Portfile2.patch mv ~/Downloads/0001-GSS-key-exchange-patch.patch files/openssh-5.9p1 -gsskex-all-20110920.patch mv ~/Downloads/0002-Apple-keychain-integration-other-changes.patch files /apple-keychain.patch sudo port -f uninstall sudo port install +gsskex }}} I didn't try rebuilding it just now with that recipe, but I did rebuild my openssh using something very much like that about a month ago. -- Ticket URL: <https://trac.macports.org/ticket/27250#comment:13> MacPorts <http://www.macports.org/> Ports system for Mac OS
#27250: Add OpenSSH GSSAPI key exchange patch ---------------------------------+------------------------------------------ Reporter: lassi.tuura@… | Owner: jwa@… Type: enhancement | Status: new Priority: Normal | Milestone: Component: ports | Version: Keywords: haspatch | Port: openssh ---------------------------------+------------------------------------------ Comment(by matty2fatty@…): Thanks! That is really helpful; it's exactly what I needed to get everything working. (And thanks for all your other contributions to this port as well!) -- Ticket URL: <https://trac.macports.org/ticket/27250#comment:14> MacPorts <http://www.macports.org/> Ports system for Mac OS
#27250: Add OpenSSH GSSAPI key exchange patch ----------------------------------+----------------------------------------- Reporter: lassi.tuura@… | Owner: jwa@… Type: enhancement | Status: closed Priority: Normal | Milestone: Component: ports | Version: Resolution: fixed | Keywords: haspatch Port: openssh | ----------------------------------+----------------------------------------- Changes (by jwa@…): * status: new => closed * resolution: => fixed Comment: done in r91536, thanks Lassi -- Ticket URL: <https://trac.macports.org/ticket/27250#comment:15> MacPorts <http://www.macports.org/> Ports system for Mac OS
participants (1)
-
MacPorts