Package: openssh-client
Version: 1:6.2p2-3
Severity: normal
Tags: patch
A few patches for robustification of the script.
Seems like running the script with errexit reveals a dash bug.
Dash will ignore ckeck on $? in a subshell and exit with error.
-- System Information:
Debian Release: jessie/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.9-1-amd64 (SMP w/8 CPU cores)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/dash
Versions of packages openssh-client depends on:
ii adduser 3.113+nmu3
ii dpkg 1.16.10
ii libc6 2.17-4
ii libedit2 2.11-20080614-5
ii libgssapi-krb5-2 1.10.1+dfsg-6
ii libselinux1 2.1.13-2
ii libssl1.0.0 1.0.1e-3
ii passwd 1:4.1.5.1-1
ii zlib1g 1:1.2.8.dfsg-1
Versions of packages openssh-client recommends:
ii xauth 1:1.0.7-1
Versions of packages openssh-client suggests:
ii keychain 2.7.1-1
pn libpam-ssh <none>
pn monkeysphere <none>
ii openssh-blacklist 0.4.1+nmu1
ii openssh-blacklist-extra 0.4.1+nmu1
ii ssh-askpass 1:1.2.4.1-9
ii ssh-askpass-gnome [ssh-askpass] 1:6.2p2-3
-- no debconf information
Cheers,
--
Cristian
From 8e9d55e6c980a455c349afcffde1c1ac104a778b Mon Sep 17 00:00:00 2001
From: Cristian Ionescu-Idbohrn <cristian.ionescu-idbo...@axis.com>
Date: Wed, 5 Jun 2013 16:59:30 +0200
Subject: [PATCH 1/4] Cleanup end-of-line whitespace damage.
Signed-off-by: Cristian Ionescu-Idbohrn <cristian.ionescu-idbo...@axis.com>
---
ssh-copy-id | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/ssh-copy-id b/ssh-copy-id
index 9f2817b..4a88c26 100755
--- a/ssh-copy-id
+++ b/ssh-copy-id
@@ -161,7 +161,7 @@ do
usage
;;
esac
-done
+done
eval set -- "$SAVEARGS"
@@ -194,7 +194,7 @@ fi
populate_new_ids() {
local L_SUCCESS="$1"
- # repopulate "$@" inside this function
+ # repopulate "$@" inside this function
eval set -- "$SSH_OPTS"
umask 0177
--
1.7.10.4
From 083e07cd691c4de39c34d9e633cd9ba89b425219 Mon Sep 17 00:00:00 2001
From: Cristian Ionescu-Idbohrn <cristian.ionescu-idbo...@axis.com>
Date: Wed, 5 Jun 2013 17:01:09 +0200
Subject: [PATCH 2/4] Remove bashism.
Signed-off-by: Cristian Ionescu-Idbohrn <cristian.ionescu-idbo...@axis.com>
---
ssh-copy-id | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/ssh-copy-id b/ssh-copy-id
index 4a88c26..6078958 100755
--- a/ssh-copy-id
+++ b/ssh-copy-id
@@ -165,7 +165,7 @@ done
eval set -- "$SAVEARGS"
-if [ $# == 0 ] ; then
+if [ $# -eq 0 ] ; then
usage
fi
if [ $# != 1 ] ; then
--
1.7.10.4
From 931f89f491122b69f56d806fb96cda127c748407 Mon Sep 17 00:00:00 2001
From: Cristian Ionescu-Idbohrn <cristian.ionescu-idbo...@axis.com>
Date: Wed, 5 Jun 2013 17:06:13 +0200
Subject: [PATCH 3/4] Correct some "parameter not set" errors revealed by `set
-u'.
Signed-off-by: Cristian Ionescu-Idbohrn <cristian.ionescu-idbo...@axis.com>
---
ssh-copy-id | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/ssh-copy-id b/ssh-copy-id
index 6078958..49c3842 100755
--- a/ssh-copy-id
+++ b/ssh-copy-id
@@ -95,7 +95,7 @@ fi
while test "$#" -gt 0
do
- [ "${SEEN_OPT_I}" ] && expr "$1" : "[-]i" >/dev/null && {
+ [ "${SEEN_OPT_I:-}" ] && expr "$1" : "[-]i" >/dev/null && {
printf "\n%s: ERROR: -i option must not be specified more than once\n\n" "$0"
usage
}
@@ -162,8 +162,9 @@ do
;;
esac
done
+DRY_RUN=${DRY_RUN:-}
-eval set -- "$SAVEARGS"
+eval set -- "${SAVEARGS:-}"
if [ $# -eq 0 ] ; then
usage
--
1.7.10.4
From 22612bd1367b064b3dda144226bb26bfb1ba94b0 Mon Sep 17 00:00:00 2001
From: Cristian Ionescu-Idbohrn <cristian.ionescu-idbo...@axis.com>
Date: Wed, 5 Jun 2013 17:10:46 +0200
Subject: [PATCH 4/4] Workaround dash bug revealed by running with `set -e'.
The subshell exits with error status, even though '$?' is tested
immediately.
Signed-off-by: Cristian Ionescu-Idbohrn <cristian.ionescu-idbo...@axis.com>
---
ssh-copy-id | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/ssh-copy-id b/ssh-copy-id
index 49c3842..30fe4be 100755
--- a/ssh-copy-id
+++ b/ssh-copy-id
@@ -215,10 +215,11 @@ populate_new_ids() {
# assumption will break if we implement the possibility of multiple -i options.
# The point being that if file based, ssh needs the private key, which it cannot
# find if only given the contents of the .pub file in an unrelated tmpfile
+ err=0
ssh -i "${PRIV_ID_FILE:-$L_TMP_ID_FILE}" \
-o PreferredAuthentications=publickey \
- -o IdentitiesOnly=yes "$@" exit 2>$L_TMP_ID_FILE.stderr </dev/null
- if [ "$?" = "$L_SUCCESS" ] ; then
+ -o IdentitiesOnly=yes "$@" exit 2>$L_TMP_ID_FILE.stderr </dev/null || err=$?
+ if [ $err = "$L_SUCCESS" ] ; then
: > $L_TMP_ID_FILE
else
grep 'Permission denied' $L_TMP_ID_FILE.stderr >/dev/null || {
--
1.7.10.4