Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 757678 - net-misc/openssh: allow building Apple's fork for keychain support
Summary: net-misc/openssh: allow building Apple's fork for keychain support
Status: CONFIRMED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All OS X
: Normal normal with 1 vote (vote)
Assignee: Sam James
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2020-11-29 21:46 UTC by Sam James
Modified: 2020-12-03 12:15 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Sam James archtester gentoo-dev Security 2020-11-29 21:46:23 UTC
It looks like Apple make their fork of openssh available here: https://opensource.apple.com/source/OpenSSH/OpenSSH-236.100.2/openssh/.

It includes native system keychain support which is pretty handy. Not sure if the preference would be a separate package or not.
Comment 1 Fabian Groffen gentoo-dev 2020-11-30 07:19:35 UTC
USE-flag ? (if it builds at all?)
Comment 2 Patrick McLean gentoo-dev 2020-12-02 02:45:01 UTC
I would not be opposed to a USE flag, but ideally the minimal code changed to implement this should be separated out in to a patch. A link to an online repo (is it git? is there a clone URL?) isn't very useful.

If you attach a .patch file I can take a look at it, and see how much effort it would be to maintain with future OpenSSH releases.
Comment 3 Fabian Groffen gentoo-dev 2020-12-02 19:42:39 UTC
Sam, Apple isn't known for creating clean patches.  In this case we really need to know a) if it can be built, and b) what it would entail to make this a patch,  and c) if their code is compatible with a clean upstream release.

My sense is that if it builds, you probably want to keep it in an overlay, as it will benefit a very small portion of users.

Homebrew ran into this as well: https://archive.is/hSB6d#10%25
Comment 4 Sam James archtester gentoo-dev Security 2020-12-03 12:15:19 UTC
You're both right, of course. I had a look at this and the dumps on the site aren't particularly new (latest is ~Sept 2019).

What *is* promising is that MacPorts seem to have a patchset they use. 

I'll assign this to myself for now to make clear I'm not expecting anyone to act on this - just as a reminder to look into it more.