git: 3cc5f55ab1e5 - stable/12 - openssh: sync update document with main
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Thu, 10 Feb 2022 18:13:39 UTC
The branch stable/12 has been updated by emaste: URL: https://cgit.FreeBSD.org/src/commit/?id=3cc5f55ab1e5eda8e863115ec9afe33271ae1271 commit 3cc5f55ab1e5eda8e863115ec9afe33271ae1271 Author: Ed Maste <emaste@FreeBSD.org> AuthorDate: 2020-02-14 17:05:35 +0000 Commit: Ed Maste <emaste@FreeBSD.org> CommitDate: 2022-02-10 18:13:22 +0000 openssh: sync update document with main (cherry picked from commit 4c3ccd967e6b9a6c157bd38410bdccd098bdb9e1) (cherry picked from commit e491358c94b67d10df1dc31929661e5948162de0) (cherry picked from commit 9fcda2f48d1c362e097f553e97d3739c484b09a9) (cherry picked from commit 99b201c331fb1def2df61a4e1aa6162f5b94453a) (cherry picked from commit 74c59ab790db0062b768bb9742e4d1ad036501ad) (cherry picked from commit 14da1cc7ad76d7ff21e38dfd7ea288d0fea62410) (cherry picked from commit 519496a5985549d2935cf296a709b1e726b1b5e5) (cherry picked from commit 576b477ba41c9916fae3a83e6b4dd98c682a0c2f) (cherry picked from commit 35a034250896584a63204f60fa57e6eddca049ac) (cherry picked from commit f3fd88507489f6b80402ab7a0fb195ca9c708334) (cherry picked from commit b645ee1815daf96ee9512633b55c423bc897b244) (cherry picked from commit 438fd19dc327400e5fbcebfcb9fe9361b317e791) (cherry picked from commit e3c87ef0194d82a22af69cebdc24771ffc3b366b) --- crypto/openssh/FREEBSD-upgrade | 68 ++++++++++++++++++++++++++----------- crypto/openssh/freebsd-pre-merge.sh | 3 +- 2 files changed, 50 insertions(+), 21 deletions(-) diff --git a/crypto/openssh/FREEBSD-upgrade b/crypto/openssh/FREEBSD-upgrade index 244042ec83e4..c12ee75d46aa 100644 --- a/crypto/openssh/FREEBSD-upgrade +++ b/crypto/openssh/FREEBSD-upgrade @@ -1,11 +1,16 @@ FreeBSD maintainer's guide to OpenSSH-portable ============================================== + These instructions assume you have a clone of the FreeBSD git repo + main branch in src/freebsd/main, and will store vendor trees under + src/freebsd/vendor/. In addition, this assumes there is a "freebsd" + origin pointing to git(repo).freebsd.org/src.git. + 00) Make sure your mail spool has plenty of free space. It'll fill up pretty fast once you're done with this checklist. 01) Download the latest OpenSSH-portable tarball and signature from - OpenBSD (ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/). + OpenBSD (https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/). 02) Verify the signature: @@ -15,36 +20,46 @@ $ tar xf openssh-X.YpZ.tar.gz -04) Copy to the vendor directory: +04) Copy to a vendor branch: - $ svn co svn+ssh://repo.freebsd.org/base/vendor-crypto/openssh/dist - $ rsync --archive --delete openssh-X.YpZ/ dist/ + $ cd src/freebsd/main + $ git worktree add ../vendor/openssh freebsd/vendor/openssh + $ cd ../vendor/openssh + $ rsync --archive --delete --exclude=.git /path/to/openssh-X.YpZ/ ./ 05) Take care of added / deleted files: - $ svn rm $(svn stat dist | awk '$1 == "!" { print $2 }') - $ svn add --no-auto-props $(svn stat dist | awk '$1 == "?" { print $2 }') + $ git add -A 06) Commit: - $ svn commit -m "Vendor import of OpenSSH X.YpZ." dist + $ git commit -m "Vendor import of OpenSSH X.YpZ" 07) Tag: - $ svn copy -m "Tag OpenSSH X.YpZ." \ - svn+ssh://repo.freebsd.org/base/vendor-crypto/openssh/dist \ - svn+ssh://repo.freebsd.org/base/vendor-crypto/openssh/X.YpZ + $ git tag -a -m "Tag OpenSSH X.YpZ" vendor/openssh/X.YpZ + + At this point the vendor branch can be pushed to the FreeBSD repo via: + + $ git push freebsd vendor/openssh + + (It could also be pushed later on, along with the merge to main, but + pushing now allows others to collaborate.) 08) Check out head and run the pre-merge script, which strips our RCS tags from files that have them: - $ svn co svn+ssh://repo.freebsd.org/base/head - $ cd head/crypto/openssh + $ cd src/freebsd/main/crypto/openssh $ sh freebsd-pre-merge.sh 09) Merge from the vendor branch: - $ svn merge -cNNNNNN \^/vendor-crypto/openssh/dist . + $ git subtree merge -P crypto/openssh vendor/openssh + + A number of files have been deleted from FreeBSD's copy of ssh, + including rendered man pages (which have a .0 extension). When + git prompts for these deleted files during the merge, choose 'd' + (leaving them deleted). 0A) Resolve conflicts. Remember to bump the version addendum in version.h, and update the default value in ssh{,d}_config and @@ -52,8 +67,7 @@ 0B) Diff against the vendor branch: - $ svn diff --no-diff-deleted --no-diff-added \ - --ignore-properties \^/vendor-crypto/openssh/X.YpZ . + $ git diff --diff-filter=M vendor/openssh/X.YpZ HEAD:crypto/openssh Files that have modifications relative to the vendor code, and only those files, must have the svn:keywords property set to @@ -65,12 +79,18 @@ $ sh freebsd-post-merge.sh + These tags are not used with git, but we will leave them in place as + long as svn-based FreeBSD 11.x and 12.x are supported. + 0D) Run the configure script: $ sh freebsd-configure.sh 0E) Review changes to config.h very carefully. + Note that libwrap should not be defined in config.h; as of + r311585 (233932cc2a60) it is conditional on MK_TCP_WRAPPERS. + 0F) If source files have been added or removed, update the appropriate makefiles to reflect changes in the vendor's Makefile.in. @@ -83,7 +103,12 @@ something significant changes or if ssh_namespace.h is out of whack. -12) Commit, and hunker down for the inevitable storm of complaints. +12) Update nanobsd's copies of the ssh config files: + + tools/tools/nanobsd/rescue/Files/etc/ssh/ssh_config + tools/tools/nanobsd/rescue/Files/etc/ssh/sshd_config + +13) Commit, and hunker down for the inevitable storm of complaints. @@ -139,16 +164,21 @@ Support for TCP wrappers was removed in upstream 6.7p1. We've added it back by porting the 6.6p1 code forward. + TCP wrappers support in sshd will be disabled in HEAD and will + be removed from FreeBSD in the future. + 6) Agent client reference counting We've added code to ssh-agent.c to implement client reference counting; the agent will automatically exit when the last client disconnects. -7) Class-based login restrictions +7) Class-based login restrictions (27ceebbc2402) - We've added code to auth2.c to enforce the host.allow, host.deny, - times.allow and times.deny login class capabilities. + We've added code to auth.c to enforce the host.allow, host.deny, + times.allow and times.deny login class capabilities, based on an + upstream submission from + https://github.com/openssh/openssh-portable/pull/262. 8) HPN diff --git a/crypto/openssh/freebsd-pre-merge.sh b/crypto/openssh/freebsd-pre-merge.sh index 473474c2c4da..f98e71822a0c 100755 --- a/crypto/openssh/freebsd-pre-merge.sh +++ b/crypto/openssh/freebsd-pre-merge.sh @@ -5,9 +5,8 @@ :>keywords :>rcsid -svn list -R | grep -v '/$' | \ +git ls-files | \ while read f ; do - svn proplist -v $f | grep -q 'FreeBSD=%H' || continue egrep -l '^(#|\.\\"|/\*)[[:space:]]+\$FreeBSD[:\$]' $f >>keywords egrep -l '__RCSID\("\$FreeBSD[:\$]' $f >>rcsid done