From nobody Thu Feb 10 18:13:39 2022 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 5EE5D19BB039; Thu, 10 Feb 2022 18:13:41 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4JvlHS4tNFz3wSh; Thu, 10 Feb 2022 18:13:40 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1644516821; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=/OeSyM/xvvrdihmqTSvaFv9HN7SpDfNm2pTxjHrKY8Q=; b=BpdWmqXGHwYH7p4rYq2lLtO4ej6hk/Ep3OodnZ4PbOIcarl0a0e4Y/oKZI+3ZvaPO0xVfy r7XCXre4GXdQ936OZnMARuOu2AhKuxm9mC9ZU5hOYsZ1uLf/2G8/8IkHIFk9vI55XNtkEe N0aJOrvu5WHChhWCuv+hCGeFVmy30m/z5eAqFkbN1tRwzCCMQSjo+yCdhxNZzwn+YegGw6 PMmX7jmMveh70R2rlnn7sMZDNRGIiNkNXvr6MEeMJS2nElxCIqxLTxDzHrwLk8LTWA4HKf P2AdyIvV4/yF7FAzNSlYNI7oriYqf1yt3jL87MgVWrfkBjcJhb62BAPQHeGYEg== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 1506B254B4; Thu, 10 Feb 2022 18:13:40 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 21AIDdKi014784; Thu, 10 Feb 2022 18:13:39 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 21AIDdrg014783; Thu, 10 Feb 2022 18:13:39 GMT (envelope-from git) Date: Thu, 10 Feb 2022 18:13:39 GMT Message-Id: <202202101813.21AIDdrg014783@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Ed Maste Subject: git: 3cc5f55ab1e5 - stable/12 - openssh: sync update document with main List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-branches@freebsd.org X-BeenThere: dev-commits-src-branches@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: emaste X-Git-Repository: src X-Git-Refname: refs/heads/stable/12 X-Git-Reftype: branch X-Git-Commit: 3cc5f55ab1e5eda8e863115ec9afe33271ae1271 Auto-Submitted: auto-generated ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1644516821; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=/OeSyM/xvvrdihmqTSvaFv9HN7SpDfNm2pTxjHrKY8Q=; b=x1mRD8krW45Gw087+Rd/MK13trB9YNlJNSyFPg7b7PkmRaNTK9q4wNYDS6odYnrW6Wijon j0cJVZXy7yAu1hN+9Ux+djuNlFmkyvRfnsAwNjkmMUA+XN2vGoDbX32SOyefUUIma6Pvgx ty6alFkq99MzicEdNJf/q5hdhw1HYYsynNtRydLpGyqSuueZp6DyX7o0zgg3PEFbOtfmPG g1R1pWRUAgGe411Bh5w+haf43SIfAc1X6jYSYb8OSLbvpdufTnVcxgX3HG8TPkrE9J7oLK ZvyGs4xOjE9MhDg5EzMJgTXdUpYvBdMGIrGXFnKylnYDh8z53fjL30stsYZ2cw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1644516821; a=rsa-sha256; cv=none; b=JL1XNlJMpD0MlcYbXZWZl5nAoXsyiaYzNxffwYIyu81LHJVrt+P4C6tEJfUSbPwsq9RqUM rYw55ZUl56+bw6poFotxK50sdrhblKcB3h5u9iZlC9xipd+mDoo3pW/+oZ0OVq8j9pkQ1m 4UUJCHtUoxtQN9eMFBCgc4DNCOEQqrFMnwnt15m+9/AL/Osyq2vSotYJDgrT3lDuF/PyWl l+B9rZizuMvlGL+EbI0+uI1gQhCzLpZ6e8ZwR26K0VKy+rcFNMBVt61Z4ACQjp995nxfcT jYYCRivnLzYTuTNs02RoRg2+PH+96CJ3Yd6AykyRFBjLbBoBn4Lv9oWMHJde8g== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N The branch stable/12 has been updated by emaste: URL: https://cgit.FreeBSD.org/src/commit/?id=3cc5f55ab1e5eda8e863115ec9afe33271ae1271 commit 3cc5f55ab1e5eda8e863115ec9afe33271ae1271 Author: Ed Maste AuthorDate: 2020-02-14 17:05:35 +0000 Commit: Ed Maste CommitDate: 2022-02-10 18:13:22 +0000 openssh: sync update document with main (cherry picked from commit 4c3ccd967e6b9a6c157bd38410bdccd098bdb9e1) (cherry picked from commit e491358c94b67d10df1dc31929661e5948162de0) (cherry picked from commit 9fcda2f48d1c362e097f553e97d3739c484b09a9) (cherry picked from commit 99b201c331fb1def2df61a4e1aa6162f5b94453a) (cherry picked from commit 74c59ab790db0062b768bb9742e4d1ad036501ad) (cherry picked from commit 14da1cc7ad76d7ff21e38dfd7ea288d0fea62410) (cherry picked from commit 519496a5985549d2935cf296a709b1e726b1b5e5) (cherry picked from commit 576b477ba41c9916fae3a83e6b4dd98c682a0c2f) (cherry picked from commit 35a034250896584a63204f60fa57e6eddca049ac) (cherry picked from commit f3fd88507489f6b80402ab7a0fb195ca9c708334) (cherry picked from commit b645ee1815daf96ee9512633b55c423bc897b244) (cherry picked from commit 438fd19dc327400e5fbcebfcb9fe9361b317e791) (cherry picked from commit e3c87ef0194d82a22af69cebdc24771ffc3b366b) --- crypto/openssh/FREEBSD-upgrade | 68 ++++++++++++++++++++++++++----------- crypto/openssh/freebsd-pre-merge.sh | 3 +- 2 files changed, 50 insertions(+), 21 deletions(-) diff --git a/crypto/openssh/FREEBSD-upgrade b/crypto/openssh/FREEBSD-upgrade index 244042ec83e4..c12ee75d46aa 100644 --- a/crypto/openssh/FREEBSD-upgrade +++ b/crypto/openssh/FREEBSD-upgrade @@ -1,11 +1,16 @@ FreeBSD maintainer's guide to OpenSSH-portable ============================================== + These instructions assume you have a clone of the FreeBSD git repo + main branch in src/freebsd/main, and will store vendor trees under + src/freebsd/vendor/. In addition, this assumes there is a "freebsd" + origin pointing to git(repo).freebsd.org/src.git. + 00) Make sure your mail spool has plenty of free space. It'll fill up pretty fast once you're done with this checklist. 01) Download the latest OpenSSH-portable tarball and signature from - OpenBSD (ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/). + OpenBSD (https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/). 02) Verify the signature: @@ -15,36 +20,46 @@ $ tar xf openssh-X.YpZ.tar.gz -04) Copy to the vendor directory: +04) Copy to a vendor branch: - $ svn co svn+ssh://repo.freebsd.org/base/vendor-crypto/openssh/dist - $ rsync --archive --delete openssh-X.YpZ/ dist/ + $ cd src/freebsd/main + $ git worktree add ../vendor/openssh freebsd/vendor/openssh + $ cd ../vendor/openssh + $ rsync --archive --delete --exclude=.git /path/to/openssh-X.YpZ/ ./ 05) Take care of added / deleted files: - $ svn rm $(svn stat dist | awk '$1 == "!" { print $2 }') - $ svn add --no-auto-props $(svn stat dist | awk '$1 == "?" { print $2 }') + $ git add -A 06) Commit: - $ svn commit -m "Vendor import of OpenSSH X.YpZ." dist + $ git commit -m "Vendor import of OpenSSH X.YpZ" 07) Tag: - $ svn copy -m "Tag OpenSSH X.YpZ." \ - svn+ssh://repo.freebsd.org/base/vendor-crypto/openssh/dist \ - svn+ssh://repo.freebsd.org/base/vendor-crypto/openssh/X.YpZ + $ git tag -a -m "Tag OpenSSH X.YpZ" vendor/openssh/X.YpZ + + At this point the vendor branch can be pushed to the FreeBSD repo via: + + $ git push freebsd vendor/openssh + + (It could also be pushed later on, along with the merge to main, but + pushing now allows others to collaborate.) 08) Check out head and run the pre-merge script, which strips our RCS tags from files that have them: - $ svn co svn+ssh://repo.freebsd.org/base/head - $ cd head/crypto/openssh + $ cd src/freebsd/main/crypto/openssh $ sh freebsd-pre-merge.sh 09) Merge from the vendor branch: - $ svn merge -cNNNNNN \^/vendor-crypto/openssh/dist . + $ git subtree merge -P crypto/openssh vendor/openssh + + A number of files have been deleted from FreeBSD's copy of ssh, + including rendered man pages (which have a .0 extension). When + git prompts for these deleted files during the merge, choose 'd' + (leaving them deleted). 0A) Resolve conflicts. Remember to bump the version addendum in version.h, and update the default value in ssh{,d}_config and @@ -52,8 +67,7 @@ 0B) Diff against the vendor branch: - $ svn diff --no-diff-deleted --no-diff-added \ - --ignore-properties \^/vendor-crypto/openssh/X.YpZ . + $ git diff --diff-filter=M vendor/openssh/X.YpZ HEAD:crypto/openssh Files that have modifications relative to the vendor code, and only those files, must have the svn:keywords property set to @@ -65,12 +79,18 @@ $ sh freebsd-post-merge.sh + These tags are not used with git, but we will leave them in place as + long as svn-based FreeBSD 11.x and 12.x are supported. + 0D) Run the configure script: $ sh freebsd-configure.sh 0E) Review changes to config.h very carefully. + Note that libwrap should not be defined in config.h; as of + r311585 (233932cc2a60) it is conditional on MK_TCP_WRAPPERS. + 0F) If source files have been added or removed, update the appropriate makefiles to reflect changes in the vendor's Makefile.in. @@ -83,7 +103,12 @@ something significant changes or if ssh_namespace.h is out of whack. -12) Commit, and hunker down for the inevitable storm of complaints. +12) Update nanobsd's copies of the ssh config files: + + tools/tools/nanobsd/rescue/Files/etc/ssh/ssh_config + tools/tools/nanobsd/rescue/Files/etc/ssh/sshd_config + +13) Commit, and hunker down for the inevitable storm of complaints. @@ -139,16 +164,21 @@ Support for TCP wrappers was removed in upstream 6.7p1. We've added it back by porting the 6.6p1 code forward. + TCP wrappers support in sshd will be disabled in HEAD and will + be removed from FreeBSD in the future. + 6) Agent client reference counting We've added code to ssh-agent.c to implement client reference counting; the agent will automatically exit when the last client disconnects. -7) Class-based login restrictions +7) Class-based login restrictions (27ceebbc2402) - We've added code to auth2.c to enforce the host.allow, host.deny, - times.allow and times.deny login class capabilities. + We've added code to auth.c to enforce the host.allow, host.deny, + times.allow and times.deny login class capabilities, based on an + upstream submission from + https://github.com/openssh/openssh-portable/pull/262. 8) HPN diff --git a/crypto/openssh/freebsd-pre-merge.sh b/crypto/openssh/freebsd-pre-merge.sh index 473474c2c4da..f98e71822a0c 100755 --- a/crypto/openssh/freebsd-pre-merge.sh +++ b/crypto/openssh/freebsd-pre-merge.sh @@ -5,9 +5,8 @@ :>keywords :>rcsid -svn list -R | grep -v '/$' | \ +git ls-files | \ while read f ; do - svn proplist -v $f | grep -q 'FreeBSD=%H' || continue egrep -l '^(#|\.\\"|/\*)[[:space:]]+\$FreeBSD[:\$]' $f >>keywords egrep -l '__RCSID\("\$FreeBSD[:\$]' $f >>rcsid done