Disclaimer: I am NOT the author of the patch mentioned in this feature request. I need its features and run a Gentoo shop. I can manually apply the patch and survive, but would really appreciate having it part of the normal ebuild. I really try to avoid manually patching packages or installing software components not tracked by the default OS package tracking system (in this case, portage). The patch adds additional options to sshd via the /etc/ssh/sshd_config file. These options allow the system to force a specific umask on files created via ssh upload, overriding the umask specified (or omitted in my case) by the ssh client. At this time the latest "openssh" for Gentoo Linux is "openssh-5.3_p1-r1" (2009-10-11). The patch is for openssh-5.3p1, 2010-01-29. What can I do to help the process (of getting this patch integrated into an ebuild)? http://sftpfilecontrol.sourceforge.net/ http://sftpfilecontrol.sourceforge.net/download/v1.3/openssh-5.3p1.sftpfilecontrol-v1.3.patch
we dont really take patches for openssh anymore as there are too many conflicting ones as it is, but this one seems to be pretty small if it's kept up-to-date and it applies conflict free with a combo of the other USE flags currently in the ebuild, i'm OK with adding it so test it to see what (if any) conflicts there are
oh, and upstream keeps up-to-date. i'm not maintaining patches anymore for people. if upstream falls behind, then the patch gets dropped.
(In reply to comment #2) > oh, and upstream keeps up-to-date. i'm not maintaining patches anymore for > people. if upstream falls behind, then the patch gets dropped. > Should I pursue the openssh team directly? This patch has been around for a few years and they haven't accepted it yet. I can certainly ask them though. Now that I think of it, I should have asked them first. I apologize for taking up your time. If the openssh team won't integrate this patch into their main-line, are you still willing to try it as a Gentoo patch against the ebuild (including the limitations that you mentioned about dropping it if it conflicts)? I very much appreciate your time. Thank you for reviewing the patch.
getting patches merged with upstream openssh is always the preferred route
Ok. I'll see what I can do. Should we close this ticket for now? If we close it and the openssh team won't integrate the patch, should I re-open this ticket, or open a new one?
you can open a tracker item in the openssh bugzilla and post the URL here. based on their response, we can decide the next step to take wrt Gentoo.
(In reply to comment #6) > you can open a tracker item in the openssh bugzilla and post the URL here. > based on their response, we can decide the next step to take wrt Gentoo. > I have been unsuccessful in contacting the patch's author, Michael Martinez. I had intended to ask his permission to request that openssh directly integrate his patch. So at this point I've decided to move forward and I posted the following feature request just a few minutes ago: https://bugzilla.mindrot.org/show_bug.cgi?id=1715
(In reply to comment #7) > (In reply to comment #6) > > you can open a tracker item in the openssh bugzilla and post the URL here. > > based on their response, we can decide the next step to take wrt Gentoo. > > > > I have been unsuccessful in contacting the patch's author, Michael Martinez. I > had intended to ask his permission to request that openssh directly integrate > his patch. So at this point I've decided to move forward and I posted the > following feature request just a few minutes ago: > > https://bugzilla.mindrot.org/show_bug.cgi?id=1715 > The openssh team closed the ticket as a duplicate of their ticket #1229. They have addressed my need in their development of openssh-5.4. However, there are no source tarballs for this packet yet (that I can find anyway). I have spent a bit of time (unsuccessfully) searching for any information about when openssh 5.4 will be available. In the mean time, can you please consider integrating the openssh team's patch [1] or [2] directly into Gentoo? This patch is not the same as Martinez's patch, but would satisfy my need. I also researched modifying "start-stop-daemon" to set the umask via a command line option. However that would be moot, as "sshd.c" resets umask to 0022. Again, thank you for your time. [1] https://bugzilla.mindrot.org/attachment.cgi?id=1673&action=edit [2] http://marc.info/?l=openssh-unix-dev&m=123147372931220&w=2
does said patch apply cleanly to openssh-5.3 ? if so, i dont have a problem adding it since it came from upstream.
Neither patch cited in my previous ticket update (comment #8) applies cleanly against openssh-5.3-p1 (the most recent version in net-misc/openssh). The patch from my original request applies cleanly, but its functionality (at least the part that I need) will be superseded by a formal functionality in openssh 5.4. However, I think that I can close this request. I found the source to openssh 5.4 and tested a manual install of it. Since this package will only be installed on one server I am willing to manage it manually until 5.4 is formally available via portage. Since 5.4 will include the requested umask support and I have a work-around, I will close this ticket. Since my original request was to integrate a non-main-line patch, I assume that we should close this ticket as "WONTFIX". I'm not sure if UPSTREAM is more appropriate though. I wish to thank you for your time researching this with me. I really do appreciate it.
