Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[WIP] Update openssh to 7.8p1, disable DSA host keys in client-side config #47312

Closed
wants to merge 2 commits into from
Closed

[WIP] Update openssh to 7.8p1, disable DSA host keys in client-side config #47312

wants to merge 2 commits into from
+40 −61

Conversation

aneeshusa
Copy link
Contributor

@aneeshusa aneeshusa commented Sep 25, 2018
edited
Loading

Motivation for this change

See commit messages.
Release notes: https://www.openssh.com/txt/release-7.8

Things done
  • Tested using sandboxing (nix.useSandbox on NixOS, or option sandbox in nix.conf on non-NixOS)
  • Built on platform(s)
    • NixOS
    • macOS
    • other Linux distributions
  • Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nox --run "nox-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Determined the impact on package closure size (by running nix path-info -S before and after)
  • Fits CONTRIBUTING.md.

I've built all the flavors of openssh locally, but haven't yet run NixOS tests or fully tested the DSA-related bits.
TODOs:

Sorry, something went wrong.

@aneeshusa
ssh: Disable DSA host keys in client
0e482f2
@aneeshusa
openssh: 7.7p1 -> 7.8p1

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode
8502c79
@aneeshusa
Copy link
Contributor Author

Partial replacement of #36937 (cc @yegortimoshenko as author).
cc @edolstra as I know you are interested in a smooth upgrade path re: DSA (see #36937 (comment)) for example.
As this is a client side change, I don't think this would cause an unrecoverable lockout.
Still WIP but would like to get your feedback on the approach.

@aneeshusa
Copy link
Contributor Author

Also, the reason I put these two commits together: the DSA patch no longer cleanly applies with 7.8p1, and I decided I'd rather remove it instead of try to update it.

@GrahamcOfBorg GrahamcOfBorg added 6.topic: nixos Issues or PRs affecting NixOS modules, or package usability issues specific to NixOS 8.has: changelog 8.has: documentation This PR adds or changes documentation 8.has: module (update) This PR changes an existing module in `nixos/` 10.rebuild-darwin: 501+ 10.rebuild-linux: 501+ labels Sep 25, 2018
@aneeshusa aneeshusa mentioned this pull request Oct 8, 2018
Closed
9 tasks
@lukateras
Copy link
Member

lukateras commented Oct 13, 2018
edited
Loading

I think the easiest way to get DSA removal in is to have it depend on system.stateVersion >= "19.03".

@lukateras lukateras mentioned this pull request Oct 16, 2018
Closed
@dtzWill
Copy link
Member

dtzWill commented Oct 19, 2018

Looks like 7.9 is now out: https://www.openssh.com/txt/release-7.9

@JohnAZoidberg
Copy link
Member

I think this can be closed in favor of #48784.

@aneeshusa
Copy link
Contributor Author

Superseded by #48784.

@aneeshusa aneeshusa closed this Nov 12, 2018
@aneeshusa aneeshusa deleted the update-openssh-to-7.8p1 branch January 7, 2022 02:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
6.topic: nixos Issues or PRs affecting NixOS modules, or package usability issues specific to NixOS 8.has: changelog 8.has: documentation This PR adds or changes documentation 8.has: module (update) This PR changes an existing module in `nixos/` 10.rebuild-darwin: 501+ 10.rebuild-linux: 501+
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@aneeshusa @lukateras @dtzWill @JohnAZoidberg @GrahamcOfBorg