Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[WIP] Update openssh to 7.8p1, disable DSA host keys in client-side config #47312

Closed
wants to merge 2 commits into from
Closed

[WIP] Update openssh to 7.8p1, disable DSA host keys in client-side config #47312

wants to merge 2 commits into from

Conversation

aneeshusa
Copy link
Contributor

@aneeshusa aneeshusa commented Sep 25, 2018
edited

Motivation for this change

See commit messages.
Release notes: https://www.openssh.com/txt/release-7.8

Things done
  • Tested using sandboxing (nix.useSandbox on NixOS, or option sandbox in nix.conf on non-NixOS)
  • Built on platform(s)
    • NixOS
    • macOS
    • other Linux distributions
  • Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nox --run "nox-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Determined the impact on package closure size (by running nix path-info -S before and after)
  • Fits CONTRIBUTING.md.

I've built all the flavors of openssh locally, but haven't yet run NixOS tests or fully tested the DSA-related bits.
TODOs:

@aneeshusa
Copy link
Contributor Author

Partial replacement of #36937 (cc @yegortimoshenko as author).
cc @edolstra as I know you are interested in a smooth upgrade path re: DSA (see #36937 (comment)) for example.
As this is a client side change, I don't think this would cause an unrecoverable lockout.
Still WIP but would like to get your feedback on the approach.

@aneeshusa
Copy link
Contributor Author

Also, the reason I put these two commits together: the DSA patch no longer cleanly applies with 7.8p1, and I decided I'd rather remove it instead of try to update it.

@aneeshusa aneeshusa mentioned this pull request Oct 8, 2018
Closed
9 tasks
@lukateras
Copy link
Member

lukateras commented Oct 13, 2018
edited

I think the easiest way to get DSA removal in is to have it depend on system.stateVersion >= "19.03".

@lukateras lukateras mentioned this pull request Oct 16, 2018
Closed
@dtzWill
Copy link
Member

dtzWill commented Oct 19, 2018

Looks like 7.9 is now out: https://www.openssh.com/txt/release-7.9

@JohnAZoidberg
Copy link
Member

I think this can be closed in favor of #48784.

@aneeshusa
Copy link
Contributor Author

Superseded by #48784.

@aneeshusa aneeshusa closed this Nov 12, 2018
@aneeshusa aneeshusa deleted the update-openssh-to-7.8p1 branch January 7, 2022 02:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
6.topic: nixos 8.has: changelog 8.has: documentation 8.has: module (update) 10.rebuild-darwin: 501+ 10.rebuild-linux: 501+
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@aneeshusa @lukateras @dtzWill @JohnAZoidberg @GrahamcOfBorg