Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

openssh: fix tunnel forwarding broken in 7.7p1 #48031

Closed
wants to merge 1 commit into from
Closed

openssh: fix tunnel forwarding broken in 7.7p1 #48031

wants to merge 1 commit into from

Conversation

pvgoran
Copy link
Contributor

@pvgoran pvgoran commented Oct 8, 2018

Uses an upstream patch from openssh/openssh-portable@b81b2d1

Fixes #48016.

Motivation for this change

This should un-break NixOps' encrypted links which are currently broken in 18.09.

Things done

I tested the package by installing it with nix-env -i openssh -f <my-nixpkgs-dir>, device tunneling works after this. I could not complete nixos-rebuild switch because it ate all 6GB of my free disk space (probably wanted to rebuild half the world due to git dependency; it would take too long anyway).

  • Tested using sandboxing (nix.useSandbox on NixOS, or option sandbox in nix.conf on non-NixOS)
  • Built on platform(s)
    • NixOS
    • macOS
    • other Linux distributions
  • Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nox --run "nox-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Determined the impact on package closure size (by running nix path-info -S before and after)
  • Fits CONTRIBUTING.md.

@pvgoran
Copy link
Contributor Author

pvgoran commented Oct 8, 2018

@GrahamcOfBorg test openssh

@aneeshusa
Copy link
Contributor

@pvgoran can you test with #47312, which has an update to 7.8p1?
This patch seems pretty focused/reasonable to pull in but I'd still prefer to simply update the package if that works.

@pvgoran
Copy link
Contributor Author

pvgoran commented Oct 8, 2018

@aneeshusa This works. (I cherry-picked two commits from your PR over https://github.com/NixOS/nixpkgs-channels/tree/nixos-18.09, and installed openssh from the resulting nixpkgs tree. This produced the version that is able to do tunnel device forwarding.)

@vcunat vcunat self-assigned this Oct 8, 2018
vcunat added a commit that referenced this pull request Oct 8, 2018
@vcunat
openssh: fix tunnel forwarding (upstream patch)
c2e6ca5 
Close #48031, fixes #48016.  I didn't use the PR commit
because I think it's better to fetch the patch.
vcunat added a commit that referenced this pull request Oct 8, 2018
@vcunat
openssh: fix tunnel forwarding (upstream patch)
3ab942e 
Close #48031, fixes #48016.  I didn't use the PR commit
because I think it's better to fetch the patch.

(cherry picked from commit c2e6ca5)
@vcunat
Copy link
Member

vcunat commented Oct 8, 2018

I only applied the patch for now, as that seems very safe and upgrading openssh probably won't be suitable for 18.09. GitHub should auto-close the tickets on merge to master, but feel free to close earlier if you prefer.

@Mic92
Copy link
Member

Mic92 commented Oct 8, 2018

@vcunat I suppose we can put the openssh update into staging on top to update ssh rightaway?

@pvgoran
Copy link
Contributor Author

pvgoran commented Oct 8, 2018

@Mic92 @vcunat Whatever you do, I hope it won't delay getting a fixed version into 18.09. :)

@Mic92
Copy link
Member

Mic92 commented Oct 8, 2018

The fix for 18.09 is on its way and will include the patch you have added here.

@pvgoran
Copy link
Contributor Author

pvgoran commented Oct 8, 2018

Thanks.

@vcunat
Copy link
Member

vcunat commented Oct 9, 2018

The fix was tested on Hydra and reached both 18.09 channels already.

@pvgoran
Copy link
Contributor Author

pvgoran commented Oct 9, 2018

The fix was tested on Hydra and reached both 18.09 channels already.

Great! I just deployed a NixOps network with 18.09, the encrypted links work again.

@pvgoran pvgoran closed this Oct 9, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Mic92 Mic92 Mic92 left review comments

Assignees

@vcunat vcunat

Labels
10.rebuild-darwin: 501+ 10.rebuild-linux: 501+
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@pvgoran @aneeshusa @vcunat @Mic92 @GrahamcOfBorg