Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 658044

Summary: >=net-misc/openssh-7.7[ldap] migration
Product: Gentoo Linux Reporter: Thomas Deutschmann (RETIRED) <whissi>
Component: Current packagesAssignee: Gentoo's Team for Core System packages <base-system>
Status: RESOLVED FIXED    
Severity: normal CC: luke, pinkbyte, razamatan, rossi.f
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
See Also: https://bugs.gentoo.org/show_bug.cgi?id=657366
https://github.com/gentoo/gentoo/pull/9400
Whiteboard:
Package list:
Runtime testing required: ---

Description Thomas Deutschmann (RETIRED) gentoo-dev 2018-06-13 15:22:04 UTC 
tl;dr
Previous openssh-lpk patch is dead and doesn't work anymore with >=openssh-7.7. We need to switch implementation. However, the new implementation is using a different schema per default. So we need to test it and we need a migration guide.

New implementation is https://src.fedoraproject.org/rpms/openssh/blob/master/f/openssh-6.7p1-ldap.patch

Migration guide show be created at https://wiki.gentoo.org/wiki/SSH/LDAP_migration

We will add an unkeyworded ebuild for testing very soon.
Comment 1 Larry the Git Cow gentoo-dev 2018-06-13 15:25:51 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=780c17bca1d4ef4b7374f4fd3758e6352e622106

commit 780c17bca1d4ef4b7374f4fd3758e6352e622106
Author:     Thomas Deutschmann <whissi@gentoo.org>
AuthorDate: 2018-06-13 15:23:27 +0000
Commit:     Thomas Deutschmann <whissi@gentoo.org>
CommitDate: 2018-06-13 15:25:44 +0000

    net-misc/openssh: add test ebuild for new LDAP implementation
    
    We switched from dead openssh-lpk patch to Red Hat's rewritten
    LDAP patch which makes use of "AuthorizedKeysCommand".
    
    Warning:
    Default LDAP scheme isn't compatible. Migration is needed.
    
    Bug: https://bugs.gentoo.org/658044
    Package-Manager: Portage-2.3.40, Repoman-2.3.9

 net-misc/openssh/Manifest                   |   1 +
 net-misc/openssh/openssh-7.7_p1-r100.ebuild | 440 ++++++++++++++++++++++++++++
 2 files changed, 441 insertions(+)
Comment 2 Sergey Popov (RETIRED) gentoo-dev 2018-07-02 15:08:01 UTC 
LDAP scheme from LPK is compatible with new implementation. Also, path for ssh-ldap-helper in ssh-ldap-wrapper should be changed
Comment 3 Sergey Popov (RETIRED) gentoo-dev 2018-07-23 07:54:41 UTC 
Ping. What's holding us on this? Only missing migration guide from our side?
Comment 4 Thomas Deutschmann (RETIRED) gentoo-dev 2018-07-23 14:26:53 UTC 
Given that any future solution will use AuthorizedKeysCommand, we don't need to bundle OpenSSH package with ldap anymore. robbat2 wanted to look into packaging https://github.com/jirutka/ssh-ldap-pubkey as separate package I think.
Comment 5 Larry the Git Cow gentoo-dev 2018-08-04 20:21:50 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1a2d49ef9bfb9c155f532a290a05acfe79b9c780

commit 1a2d49ef9bfb9c155f532a290a05acfe79b9c780
Author:     Thomas Deutschmann <whissi@gentoo.org>
AuthorDate: 2018-08-04 20:21:17 +0000
Commit:     Thomas Deutschmann <whissi@gentoo.org>
CommitDate: 2018-08-04 20:21:17 +0000

    sys-auth/ssh-ldap-pubkey: new package
    
    Bug: https://bugs.gentoo.org/658044
    Package-Manager: Portage-2.3.44, Repoman-2.3.10

 sys-auth/ssh-ldap-pubkey/Manifest                  |  1 +
 sys-auth/ssh-ldap-pubkey/metadata.xml              | 12 ++++
 .../ssh-ldap-pubkey/ssh-ldap-pubkey-1.3.0.ebuild   | 64 ++++++++++++++++++++++
 3 files changed, 77 insertions(+)
Comment 6 Larry the Git Cow gentoo-dev 2018-08-07 21:20:17 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/gentoo-news.git/commit/?id=2f3b1798c03729be144d39c1b8d336f077db2e51

commit 2f3b1798c03729be144d39c1b8d336f077db2e51
Author:     Thomas Deutschmann <whissi@gentoo.org>
AuthorDate: 2018-08-07 21:09:22 +0000
Commit:     Thomas Deutschmann <whissi@gentoo.org>
CommitDate: 2018-08-07 21:17:25 +0000

    2018-08-07-openssh-ldap-migration: add
    
    Bug: https://bugs.gentoo.org/658044

 .../2018-08-07-openssh-ldap-migration.en.txt            | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)
Comment 7 Larry the Git Cow gentoo-dev 2018-08-07 21:38:57 UTC 
The bug has been closed via the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=89ffd7e286e781050307fbe62c0cc83d4fbd9b29

commit 89ffd7e286e781050307fbe62c0cc83d4fbd9b29
Author:     Thomas Deutschmann <whissi@gentoo.org>
AuthorDate: 2018-08-07 21:36:56 +0000
Commit:     Thomas Deutschmann <whissi@gentoo.org>
CommitDate: 2018-08-07 21:38:45 +0000

    net-misc/openssh: drop USE=ldap in favor of sys-auth/ssh-ldap-pubkey
    
    We no longer patch net-misc/openssh to include LDAP functionality.
    If you need to authenticate against LDAP, please install
    sys-auth/ssh-ldap-pubkey and use OpenSSH's "AuthorizedKeysCommand"
    option.
    
    See https://wiki.gentoo.org/wiki/SSH/LDAP_migration for more details.
    
    Closes: https://bugs.gentoo.org/658044
    Closes: https://github.com/gentoo/gentoo/pull/9400
    Package-Manager: Portage-2.3.44, Repoman-2.3.10

 net-misc/openssh/openssh-7.7_p1-r7.ebuild | 444 ++++++++++++++++++++++++++++++
 1 file changed, 444 insertions(+)