commit: 078a3d169f0af67ef2a7faa3941fdb5702d947a3 Author: Pacho Ramos <pacho <AT> gentoo <DOT> org> AuthorDate: Tue Apr 25 14:42:08 2023 +0000 Commit: Sam James <sam <AT> gentoo <DOT> org> CommitDate: Tue Apr 25 21:24:50 2023 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=078a3d16
net-misc/keychain: Apply multiple fixes from Debian Closes: https://bugs.gentoo.org/904711 Signed-off-by: Pacho Ramos <pacho <AT> gentoo.org> Closes: https://github.com/gentoo/gentoo/pull/30749 Signed-off-by: Sam James <sam <AT> gentoo.org> .../files/keychain-2.8.5-empty-ssh-askpass.patch | 21 ++++++ .../files/keychain-2.8.5-malformed-ssh-key.patch | 28 +++++++ net-misc/keychain/files/keychain-2.8.5-typos.patch | 88 ++++++++++++++++++++++ net-misc/keychain/keychain-2.8.5-r2.ebuild | 27 +++++++ 4 files changed, 164 insertions(+) diff --git a/net-misc/keychain/files/keychain-2.8.5-empty-ssh-askpass.patch b/net-misc/keychain/files/keychain-2.8.5-empty-ssh-askpass.patch new file mode 100644 index 000000000000..00c93c8c07d9 --- /dev/null +++ b/net-misc/keychain/files/keychain-2.8.5-empty-ssh-askpass.patch @@ -0,0 +1,21 @@ +https://salsa.debian.org/debian/keychain/-/blob/debian/master/debian/patches/empty-ssh-askpass.patch + +Description: Handle an empty (or unset) SSH_ASKPASS variable +Bug-Debian: https://bugs.debian.org/325644 +Forwarded: no +Author: Peter Pentchev <r...@debian.org> +Author: Tim Connors <t...@aaocbn.aao.gov.au> +Last-Updated: 2023-01-06 + +--- a/keychain.sh ++++ b/keychain.sh +@@ -1420,6 +1420,9 @@ + IFS="$old_IFS" # restore IFS + set +f # re-enable globbing + ++ if [ -z "$SSH_ASKPASS" ]; then ++ SSH_ASKPASS="$(command -v ssh-askpass || true)" ++ fi + if $noguiopt || [ -z "$SSH_ASKPASS" -o -z "$DISPLAY" ]; then + unset DISPLAY # DISPLAY="" can cause problems + unset SSH_ASKPASS # make sure ssh-add doesn't try SSH_ASKPASS diff --git a/net-misc/keychain/files/keychain-2.8.5-malformed-ssh-key.patch b/net-misc/keychain/files/keychain-2.8.5-malformed-ssh-key.patch new file mode 100644 index 000000000000..ef1ab63898d1 --- /dev/null +++ b/net-misc/keychain/files/keychain-2.8.5-malformed-ssh-key.patch @@ -0,0 +1,28 @@ +https://salsa.debian.org/debian/keychain/-/blob/debian/master/debian/patches/malformed-ssh-key.patch + +Description: Display a more visible warning for a malformed SSH public key. +Bug-Debian: https://bugs.debian.org/673019 +Forwarded: https://github.com/funtoo/keychain/pull/111 +Author: Ryan Kavanagh <r...@debian.org> +Author: Peter Pentchev <r...@debian.org> +Last-Update: 2019-02-18 + +--- a/keychain.sh ++++ b/keychain.sh +@@ -853,7 +853,15 @@ + + for slm_k in "$@"; do + # Fingerprint current user-specified key +- slm_finger=$(ssh_f "$slm_k") || continue ++ if ! slm_finger=$(ssh_f "$slm_k"); then ++ warn "Unable to extract fingerprint from keyfile ${slm_k}.pub, skipping" ++ continue ++ fi ++ slm_wordcount="$(printf -- '%s\n' "$slm_finger" | wc -w)" ++ if [ "$slm_wordcount" -ne 1 ]; then ++ warn "Unable to extract exactly one key fingerprint from keyfile ${slm_k}.pub, got $slm_wordcount instead, skipping" ++ continue ++ fi + + # Check if it needs to be added + case " $sshavail " in diff --git a/net-misc/keychain/files/keychain-2.8.5-typos.patch b/net-misc/keychain/files/keychain-2.8.5-typos.patch new file mode 100644 index 000000000000..6356ae44df9a --- /dev/null +++ b/net-misc/keychain/files/keychain-2.8.5-typos.patch @@ -0,0 +1,88 @@ +https://salsa.debian.org/debian/keychain/-/blob/debian/master/debian/patches/typos.patch + +Description: Correct some typographical and grammatical errors. +Forwarded: https://github.com/funtoo/keychain/pull/112 +Author: Peter Pentchev <r...@ringlet.net> +Last-Update: 2020-05-07 + +--- a/keychain.pod ++++ b/keychain.pod +@@ -43,7 +43,7 @@ + + As an additional feature, if a private key has an extension ".ext", keychain + will look for privkey.ext.pub first, and if not found, will look for +-privkeyname.pub. ++privkey.pub. + + Keychain also supports gpg-agent in the same ways that ssh-agent is + supported. By default keychain attempts to start ssh-agent only. +@@ -227,7 +227,7 @@ + + =item others + +-Kill agent processes other than the one keychain is providing. Prior ++Kill agent processes other than the ones keychain is providing. Prior + to keychain-2.5.0, keychain would do this automatically. The new + behavior requires that you specify it explicitly if you want it. + +--- a/Makefile ++++ b/Makefile +@@ -27,7 +27,7 @@ + keychain.1.gz: keychain.1 + gzip -9 keychain.1 + +-GENKEYCHAINPL = open P, "keychain.txt" or die "cant open keychain.txt"; \ ++GENKEYCHAINPL = open P, "keychain.txt" or die "cannot open keychain.txt"; \ + while (<P>) { \ + $$printing = 0 if /^\w/; \ + $$printing = 1 if /^(SYNOPSIS|OPTIONS)/; \ +@@ -39,7 +39,7 @@ + s/(^|\s)(-+[-\w]+)/$$1\$${GREEN}$$2\$${OFF}/g; \ + $$pod .= $$_; \ + }; \ +- open B, "keychain.sh" or die "cant open keychain.sh"; \ ++ open B, "keychain.sh" or die "cannot open keychain.sh"; \ + $$/ = undef; \ + $$_ = <B>; \ + s/INSERT_POD_OUTPUT_HERE[\r\n]/$$pod/ || die; \ +--- a/README.md ++++ b/README.md +@@ -3,12 +3,12 @@ + + Please apply your patches to `keychain.sh`, *not* the generated `keychain` + script, which we are now including in the git repo to facilitate the +-distribution of release archives direct from GitHub. All development work will +-be done on the 'devel' branch and will only be merged with the master branch when ++distribution of release archives directly from GitHub. All development work will ++be done on the 'devel' branch and will only be merged into the master branch when + a new release is made. This should allow the generated files (keychain, man pages, +-spec file)to remain in sync on the master branch but no guarantees are made except ++spec file) to remain in sync on the master branch but no guarantees are made except + for the tagged release. They will be regenerated for official release archives +-only (those tagged with the release version.). Anyone using or contributing to the ++only (those tagged with the release version). Anyone using or contributing to the + 'devel' branch should assume the generated files are out of date and regenerate + locally if needed. + Thanks! +--- a/keychain ++++ b/keychain +@@ -354,7 +354,7 @@ + # This function originates from Parallels Inc.'s OpenVZ vpsreboot script + + # Description: This function attempts to acquire the lock. If it succeeds, +- # it returns 0. If it fails, it returns 1. This function retuns immediately ++ # it returns 0. If it fails, it returns 1. This function returns immediately + # and only tries to acquire the lock once. + + tmpfile="$lockf.$$" +--- a/keychain.sh ++++ b/keychain.sh +@@ -173,7 +173,7 @@ + # This function originates from Parallels Inc.'s OpenVZ vpsreboot script + + # Description: This function attempts to acquire the lock. If it succeeds, +- # it returns 0. If it fails, it returns 1. This function retuns immediately ++ # it returns 0. If it fails, it returns 1. This function returns immediately + # and only tries to acquire the lock once. + + tmpfile="$lockf.$$" diff --git a/net-misc/keychain/keychain-2.8.5-r2.ebuild b/net-misc/keychain/keychain-2.8.5-r2.ebuild new file mode 100644 index 000000000000..6bb4d3533258 --- /dev/null +++ b/net-misc/keychain/keychain-2.8.5-r2.ebuild @@ -0,0 +1,27 @@ +# Copyright 1999-2023 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +DESCRIPTION="Agent manager for OpenSSH, ssh.com, Sun SSH, and GnuPG" +HOMEPAGE="https://www.funtoo.org/Keychain"; +SRC_URI="https://github.com/funtoo/keychain/archive/${PV}.tar.gz -> ${P}.tar.gz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" + +BDEPEND="dev-lang/perl" + +PATCHES=( + # Patches from Debian + "${FILESDIR}/${P}-malformed-ssh-key.patch" + "${FILESDIR}/${P}-typos.patch" + "${FILESDIR}/${P}-empty-ssh-askpass.patch" +) + +src_install() { + dobin ${PN} + doman ${PN}.1 + dodoc ChangeLog README.md +}
