Message ID | 20240716092955.2463-2-jose.quaresma@foundries.io |
---|---|
State | Accepted, archived |
Commit | c3403bb6254d027356b25ce3f00786e2c4545207 |
Headers | show |
Series | [v4,1/3] openssh: drop rejected patch fixed in 8.6p1 release | expand |
On Tue, 2024-07-16 at 10:29 +0100, Jose Quaresma via lists.openembedded.org wrote: > Still side effects of the XZ backdoor. > > Racional [1]: > > License incompatibility and library bloatedness were the reasons. > Given recent events we're never going to take a dependency on > libsystemd, > though we might implement the notification protocol ourselves if it > isn't too much work. > > [1] > https://github.com/openssh/openssh-portable/pull/375#issuecomment-2027749729 > > Signed-off-by: Jose Quaresma <jose.quaresma@foundries.io> I was reading about this in your previous patch and was planning to make a comment about it. Thanks for splitting it out! I remember when I was asked to originally merge this patch to OE-Core and I had reservations at the time. I tried to push back and was told all the other distros were doing it and it was essential we did as well :/. This does raise the question of whether we should be carrying it. Did the other distros do anything with it after the XZ issue? Cheers, Richard
On 16 Jul 2024, at 10:37, Richard Purdie via lists.openembedded.org <richard.purdie=linuxfoundation.org@lists.openembedded.org> wrote: > I was reading about this in your previous patch and was planning to > make a comment about it. Thanks for splitting it out! > > I remember when I was asked to originally merge this patch to OE-Core > and I had reservations at the time. I tried to push back and was told > all the other distros were doing it and it was essential we did as well > :/. > > This does raise the question of whether we should be carrying it. Did > the other distros do anything with it after the XZ issue? Red Hat have already rewritten the systemd integration piece to write directly to the pipe instead of using libsystemd: https://src.fedoraproject.org/rpms/openssh/blob/rawhide/f/openssh-9.8p1-systemd.patch Ross
On Tue, 16 Jul 2024 at 12:31, Ross Burton via lists.openembedded.org <ross.burton=arm.com@lists.openembedded.org> wrote: > > I was reading about this in your previous patch and was planning to > > make a comment about it. Thanks for splitting it out! > > > > I remember when I was asked to originally merge this patch to OE-Core > > and I had reservations at the time. I tried to push back and was told > > all the other distros were doing it and it was essential we did as well > > :/. > > > > This does raise the question of whether we should be carrying it. Did > > the other distros do anything with it after the XZ issue? > > Red Hat have already rewritten the systemd integration piece to write directly to the pipe instead of using libsystemd: > > https://src.fedoraproject.org/rpms/openssh/blob/rawhide/f/openssh-9.8p1-systemd.patch So does Debian: https://salsa.debian.org/ssh-team/openssh/-/commit/cc5f37cb8405cba624a133f4b8f464fbe381c5c8 Alex
Alexander Kanavin <alex.kanavin@gmail.com> escreveu (terça, 16/07/2024 à(s) 11:37): > On Tue, 16 Jul 2024 at 12:31, Ross Burton via lists.openembedded.org > <ross.burton=arm.com@lists.openembedded.org> wrote: > > > I was reading about this in your previous patch and was planning to > > > make a comment about it. Thanks for splitting it out! > > > > > > I remember when I was asked to originally merge this patch to OE-Core > > > and I had reservations at the time. I tried to push back and was told > > > all the other distros were doing it and it was essential we did as well > > > :/. > > > > > > This does raise the question of whether we should be carrying it. Did > > > the other distros do anything with it after the XZ issue? > > > > Red Hat have already rewritten the systemd integration piece to write > directly to the pipe instead of using libsystemd: > > > > > https://src.fedoraproject.org/rpms/openssh/blob/rawhide/f/openssh-9.8p1-systemd.patch > > So does Debian: > > https://salsa.debian.org/ssh-team/openssh/-/commit/cc5f37cb8405cba624a133f4b8f464fbe381c5c8 > > Alex > After some research I checked that openssh can notify systemd without depending on libsystemd. https://github.com/openssh/openssh-portable/commit/08f579231cd38a1c657aaa6ddeb8ab57a1fd4f5c Gentoo and Arch are already using this and what we need to change are small modifications to the sshd service, mostly changing Type=notify-reload I will send a v5 dropping this patch. Jose
diff --git a/meta/recipes-connectivity/openssh/openssh/0001-systemd-Add-optional-support-for-systemd-sd_notify.patch b/meta/recipes-connectivity/openssh/openssh/0001-systemd-Add-optional-support-for-systemd-sd_notify.patch index f079d936a4..a0fe5a2773 100644 --- a/meta/recipes-connectivity/openssh/openssh/0001-systemd-Add-optional-support-for-systemd-sd_notify.patch +++ b/meta/recipes-connectivity/openssh/openssh/0001-systemd-Add-optional-support-for-systemd-sd_notify.patch @@ -6,7 +6,7 @@ Subject: [PATCH] systemd: Add optional support for systemd `sd_notify` This is a rebase of Dennis Lamm's <expeditioneer@gentoo.org> patch based on Jakub Jelen's <jjelen@redhat.com> original patch -Upstream-Status: Submitted [https://github.com/openssh/openssh-portable/pull/375/commits/be187435911cde6cc3cef6982a508261074f1e56] +Upstream-Status: Denied [https://github.com/openssh/openssh-portable/pull/375/commits/be187435911cde6cc3cef6982a508261074f1e56] Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com> ---
Still side effects of the XZ backdoor. Racional [1]: License incompatibility and library bloatedness were the reasons. Given recent events we're never going to take a dependency on libsystemd, though we might implement the notification protocol ourselves if it isn't too much work. [1] https://github.com/openssh/openssh-portable/pull/375#issuecomment-2027749729 Signed-off-by: Jose Quaresma <jose.quaresma@foundries.io> --- ...001-systemd-Add-optional-support-for-systemd-sd_notify.patch | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)