Bug#982392: ssh-copy-id: create ~/.ssh with default SELinux context
On Tue, Feb 09, 2021 at 05:55:00PM +0100, Christian Göttsche wrote: > ssh-copy-id(1) does create the directory ~/.ssh if it not already > exists. It also runs later, if available, restorecon(8) on the > directory, to correct the SELinux context of it. > It would however be idiomatic to create the directory already with the > default SELinux context, to prepare for restorecon failures and avoid > potential races. This code is run on the remote system. Therefore, won't this break ssh-copy-id against remote systems that lack mkdir -Z, such as systems with coreutils < 8.22 (released towards the end of 2013, which is certainly a while ago now but there are still systems in extended support that lack it, such as Ubuntu 14.04), or indeed systems with non-GNU versions of mkdir? I think it has to be done this way for portability, even if it's less idiomatic on systems with modern GNU coreutils. -- Colin Watson (he/him) [cjwat...@debian.org]
Bug#982392: ssh-copy-id: create ~/.ssh with default SELinux context
Package: openssh-client
Version: 1:8.4p1-3
File: /usr/bin/ssh-copy-id
User: selinux-de...@lists.alioth.debian.org
Usertags: selinux
Dear Maintainer,
ssh-copy-id(1) does create the directory ~/.ssh if it not already
exists. It also runs later, if available, restorecon(8) on the
directory, to correct the SELinux context of it.
It would however be idiomatic to create the directory already with the
default SELinux context, to prepare for restorecon failures and avoid
potential races.
Best regards,
Christian Göttsche
--- /usr/bin/ssh-copy-id2021-02-09 17:19:48.653799557 +0100
+++ ssh-copy-id 2021-02-09 17:45:38.360891272 +0100
@@ -250,7 +250,7 @@
INSTALLKEYS_SH=$(tr '\t\n' ' ' <<-EOF
cd;
umask 077;
- mkdir -p $(dirname "${AUTH_KEY_FILE}") &&
+ mkdir -pZ $(dirname "${AUTH_KEY_FILE}") &&
{ [ -z \`tail -1c ${AUTH_KEY_FILE} 2>/dev/null\` ] || echo >>
${AUTH_KEY_FILE}; } &&
cat >> ${AUTH_KEY_FILE} ||
exit 1;
