search

archlinuxhardened / selinux

PKGBUILDs to build SELinux enabled packages for Arch Linux
146 stars 25 forks source link

openssh-selinux 8.1p1-4 update #27

Closed fishilico closed 4 years ago

fishilico commented 4 years ago

Since glibc 2.31, openssh-selinux is broken and needs a backported patch that is included in this PR, but as one of OpenSSH's tests fails, I do not want to update the package as it is.

The failed test is:

certified host keys: host rsa revoked cert
certified host keys: host dsa revoked cert
certified host keys: host ecdsa-sha2-nistp256 revoked cert
certified host keys: host ecdsa-sha2-nistp384 revoked cert
certified host keys: host ecdsa-sha2-nistp521 revoked cert
certified host keys: host rsa-sha2-256 revoked cert
certified host keys: host rsa-sha2-512 revoked cert
ssh cert connect cert not yet valid succeeded unexpectedly
ssh cert connect cert not yet valid succeeded unexpectedly
ssh cert connect cert not yet valid succeeded unexpectedly
ssh cert connect cert not yet valid succeeded unexpectedly
ssh cert connect cert not yet valid succeeded unexpectedly
ssh cert connect cert not yet valid succeeded unexpectedly
ssh cert connect cert not yet valid succeeded unexpectedly
ssh cert connect cert not yet valid succeeded unexpectedly
certified host keys: host ed25519  cert downgrade to raw key
certified host keys: host rsa  cert downgrade to raw key
certified host keys: host dsa  cert downgrade to raw key
certified host keys: host ecdsa-sha2-nistp256  cert downgrade to raw key
certified host keys: host ecdsa-sha2-nistp384  cert downgrade to raw key
certified host keys: host ecdsa-sha2-nistp521  cert downgrade to raw key
certified host keys: host rsa-sha2-256  cert downgrade to raw key
certified host keys: host rsa-sha2-512  cert downgrade to raw key
certified host keys: host ed25519 connect wrong cert
certified host keys: host rsa connect wrong cert
certified host keys: host dsa connect wrong cert
certified host keys: host ecdsa-sha2-nistp256 connect wrong cert
certified host keys: host ecdsa-sha2-nistp384 connect wrong cert
certified host keys: host ecdsa-sha2-nistp521 connect wrong cert
certified host keys: host rsa-sha2-256 connect wrong cert
certified host keys: host rsa-sha2-512 connect wrong cert
failed certified host keys
make[1]: *** [Makefile:211: t-exec] Error 1
make[1]: Leaving directory 'openssh-selinux/src/openssh-8.1p1/regress'
make: *** [Makefile:610: t-exec] Error 2

If anyone wants to help finding out what is going wrong, it would be very helpful :)

fishilico commented 4 years ago

This issue was fixed in openssh 8.2p1-1 (currently in testing repository). As updating openssh-selinux is required to fix major breakage caused by updates to glibc (on systems that update glibc to 2.31 without updating openssh-selinux, OpenSSH server will not work anymore), I pushed an update to openssh-selinux without waiting for Arch Linux maintainers to stabilize package openssh.

If you encounter issues with openssh-selinux 8.2p1-1, please let me know and re-open this issue.