diff options
Diffstat (limited to 'community/safekeep')
| -rw-r--r-- | community/safekeep/0001-ssh.strict_hostkey_checking-configurable.patch | 95 | ||||
| -rw-r--r-- | community/safekeep/APKBUILD | 8 |
2 files changed, 3 insertions, 100 deletions
diff --git a/community/safekeep/0001-ssh.strict_hostkey_checking-configurable.patch b/community/safekeep/0001-ssh.strict_hostkey_checking-configurable.patch deleted file mode 100644 index c0004fcf30..0000000000 --- a/community/safekeep/0001-ssh.strict_hostkey_checking-configurable.patch +++ /dev/null @@ -1,95 +0,0 @@ -From 5d66f5106e77c378e387c9c9159a3fdc150b0818 Mon Sep 17 00:00:00 2001 -From: Henrik Riomar <henrik.riomar@gmail.com> -Date: Sun, 19 Feb 2017 21:10:27 +0100 -Subject: [PATCH] ssh.strict_hostkey_checking configurable - -Make ssh StrictHostKeyChecking configurable in safekeep.conf with -'ask' as default if not configured. ---- - doc/safekeep.conf.txt | 9 +++++++++ - safekeep | 14 +++++++++++--- - 2 files changed, 20 insertions(+), 3 deletions(-) - -diff --git a/doc/safekeep.conf.txt b/doc/safekeep.conf.txt -index 43fff57..11f6876 100644 ---- a/doc/safekeep.conf.txt -+++ b/doc/safekeep.conf.txt -@@ -151,6 +151,15 @@ ssh.keygen.bits:: - option with no corresponding bit size. - This value is optional, it defaults to '4096'. - -+ssh.strict_hostkey_checking:: -+ Specifies if StrictHostKeyChecking should be performed by the ssh -+ client when connecting to the remote host. -+ This value is optional, it defaults to 'ask'. -+ Set to 'yes' if you sign host keys with a CA key or manage host keys -+ by other means (FreeIPA/sssd, Ansible,,,). -+ Setting this to 'no' is a bit unsafe as new hosts are automatically -+ added to known_hosts without any validation. -+ - NOTES - ----- - Safekeep uses `trickle` to implement bandwidth throttling (see -diff --git a/safekeep b/safekeep -index 4cbf374..43b6cd1 100755 ---- a/safekeep -+++ b/safekeep -@@ -79,6 +79,8 @@ ssh_keygen_type = 'rsa' - ssh_keygen_bits = 4096 - SSH_TYPES = ['dsa', 'rsa', 'ed25519', 'ecdsa'] - SSH_KEY_TYPES = ['ssh-dss', 'ssh-rsa', 'ssh-ed25519', 'ecdsa-sha2-nistp256', 'ecdsa-sha2-nistp384', 'ecdsa-sha2-nistp521'] -+ssh_StrictHostKeyChecking = 'ask' -+SSH_STRICT_HOSTKEY_CHECK_OPTS = ['ask', 'yes', 'no' ] - # Default mount options, overridden elsewhere: - # Key is a file system type, or 'snapshot' for default for snapshot mount - # or 'bind' for a bind mount (check mount for details) -@@ -1548,7 +1550,7 @@ def do_server_rdiff(cfg, bdir, nice, ionice, force): - args.extend(['rdiff-backup']) - - if cfg['host']: -- basessh = 'ssh -oStrictHostKeyChecking=no' -+ basessh = 'ssh -oStrictHostKeyChecking=%s' % (ssh_StrictHostKeyChecking) - if cfg['port']: basessh += ' -p %s' % cfg['port'] - schema = '%s %s -i %s %%s rdiff-backup --server' % (basessh, verbosity_ssh, cfg['key_data']) - args.extend(['--remote-schema', schema]) -@@ -1694,6 +1696,7 @@ def do_server(cfgs, ids, nice, ionice, force, cleanup): - cmd.extend(['ssh']) - if verbosity_ssh: cmd.extend([verbosity_ssh]) - if cfg['port']: cmd.extend(['-p', cfg['port']]) -+ cmd.extend(['-oStrictHostKeyChecking=%s' % (ssh_StrictHostKeyChecking)]) - cmd.extend(['-T', '-i', cfg['key_ctrl'], '-l', cfg['user'], cfg['host']]) - cmd.extend(['safekeep', '--client']) - -@@ -1977,7 +1980,7 @@ def do_keys(cfgs, ids, nice_rem, identity, status, dump, deploy): - if dump: - print output - -- basessh = ['ssh', '-oStrictHostKeyChecking=no'] -+ basessh = ['ssh', '-oStrictHostKeyChecking=%s' % (ssh_StrictHostKeyChecking) ] - if cfg['port']: basessh.append('-p %s' % cfg['port']) - if identity: basessh.append('-i %s' % (commands.mkarg(identity))) - -@@ -2306,7 +2309,7 @@ def main(): - default_snapshot += 'FREE' - client_defaults.append('snapshot.size=%s' % default_snapshot) - -- global ssh_keygen_type, ssh_keygen_bits -+ global ssh_keygen_type, ssh_keygen_bits, ssh_StrictHostKeyChecking - if 'ssh.keygen.type' in props: - ssh_keygen_type = props['ssh.keygen.type'] - if ssh_keygen_type not in SSH_TYPES: -@@ -2324,6 +2327,11 @@ def main(): - else: - # For cases where no bit size is required - ssh_keygen_bits = 0 -+ if 'ssh.strict_hostkey_checking' in props: -+ ssh_StrictHostKeyChecking = props['ssh.strict_hostkey_checking'] -+ if ssh_StrictHostKeyChecking not in SSH_STRICT_HOSTKEY_CHECK_OPTS: -+ error('CONFIG ERROR: invalid ssh.strict_hostkey_checking value: %s' % props['ssh.strict_hostkey_checking']) -+ sys.exit(2) - - if len(cfglocs) == 0: - locs = os.path.join(os.path.dirname(cfgfile), 'backup.d') --- -2.1.4 - diff --git a/community/safekeep/APKBUILD b/community/safekeep/APKBUILD index daa629d61c..ec3ef8847f 100644 --- a/community/safekeep/APKBUILD +++ b/community/safekeep/APKBUILD @@ -1,8 +1,8 @@ # Contributor: Henrik Riomar <henrik.riomar@gmail.com> # Maintainer: Henrik Riomar <henrik.riomar@gmail.com> pkgname=safekeep -pkgver=1.4.4 -pkgrel=2 +pkgver=1.4.5 +pkgrel=0 pkgdesc="SafeKeep backup system" url="https://github.com/dimipaun/safekeep" arch="noarch" @@ -12,7 +12,6 @@ makedepends="asciidoc libxml2-utils xmlto" install="$pkgname-server.post-install" subpackages="$pkgname-doc $pkgname-client $pkgname-server" source="$pkgname-$pkgver.tar.gz::https://github.com/dimipaun/$pkgname/archive/$pkgver.tar.gz - 0001-ssh.strict_hostkey_checking-configurable.patch " builddir="$srcdir/$pkgname-$pkgver" @@ -49,5 +48,4 @@ package() { make install DESTDIR="$pkgdir" } -sha512sums="2afdf6784ef2033032978554bc4b8703be86b5dde92795f1b7efe0099fc4cd35d215bc390e9b9ee3b3e396435ab1168a81dad1c7051861fb584a31749e63c68d safekeep-1.4.4.tar.gz -c4576c6aad11b70b3e3fbd43a726dcc9f41e6a607281178f30605ff0812833e09efc97d46dda68c89d6e1586e9dc01a74f38484c625f64d084f11f4d806e1e25 0001-ssh.strict_hostkey_checking-configurable.patch" +sha512sums="d3e69967798035c4f212777069b802d479d9613803a1a68495e761d972ffe2a1b4fdc51da0510e0ebceaf6fbb430305f97ffce8cab5330a4ecbdf68714a35054 safekeep-1.4.5.tar.gz" |