Bug#982392: ssh-copy-id: create ~/.ssh with default SELinux context
On Tue, Feb 09, 2021 at 05:55:00PM +0100, Christian Göttsche wrote: > ssh-copy-id(1) does create the directory ~/.ssh if it not already > exists. It also runs later, if available, restorecon(8) on the > directory, to correct the SELinux context of it. > It would however be idiomatic to create the directory already with the > default SELinux context, to prepare for restorecon failures and avoid > potential races. This code is run on the remote system. Therefore, won't this break ssh-copy-id against remote systems that lack mkdir -Z, such as systems with coreutils < 8.22 (released towards the end of 2013, which is certainly a while ago now but there are still systems in extended support that lack it, such as Ubuntu 14.04), or indeed systems with non-GNU versions of mkdir? I think it has to be done this way for portability, even if it's less idiomatic on systems with modern GNU coreutils. -- Colin Watson (he/him) [cjwat...@debian.org]
Bug#982392: ssh-copy-id: create ~/.ssh with default SELinux context
Package: openssh-client Version: 1:8.4p1-3 File: /usr/bin/ssh-copy-id User: selinux-de...@lists.alioth.debian.org Usertags: selinux Dear Maintainer, ssh-copy-id(1) does create the directory ~/.ssh if it not already exists. It also runs later, if available, restorecon(8) on the directory, to correct the SELinux context of it. It would however be idiomatic to create the directory already with the default SELinux context, to prepare for restorecon failures and avoid potential races. Best regards, Christian Göttsche --- /usr/bin/ssh-copy-id2021-02-09 17:19:48.653799557 +0100 +++ ssh-copy-id 2021-02-09 17:45:38.360891272 +0100 @@ -250,7 +250,7 @@ INSTALLKEYS_SH=$(tr '\t\n' ' ' <<-EOF cd; umask 077; - mkdir -p $(dirname "${AUTH_KEY_FILE}") && + mkdir -pZ $(dirname "${AUTH_KEY_FILE}") && { [ -z \`tail -1c ${AUTH_KEY_FILE} 2>/dev/null\` ] || echo >> ${AUTH_KEY_FILE}; } && cat >> ${AUTH_KEY_FILE} || exit 1;