Closed alebabai closed 5 years ago
Compilation still fails for all of these cases:
The problem is in realpath
function.
this patch bsd-compatible-realpath.diff
should be updated too
@alebabai should we add a Makefile
target to download the current patches the way we did for the helm charts?
@alebabai if it makes it easier to maintain, you can put the patches into vendor folders so we know what's upstream and our own.
E.g. wget —mirror
should we add a Makefile target to download the current patches the way we did for the helm charts?
I don't think so, because some patches could require to be updated (e.g. bsd-compatible-realpath).
if it makes it easier to maintain, you can put the patches into vendor folders so we know what's upstream and our own.
yeap, it's good idea
Please add a README.md
to the patches
folder that reads something like this:
OpenSSH will not compile out-of-the-box on alpine. For this reason, we use the official patches found here:
- https://git.alpinelinux.org/cgit/aports/tree/main/openssh
We also add a couple of our own patches.
One patch ensures we have `SSH_ORIGINAL_COMMAND` available during pam auth so we can send slack notifications.
https://github.com/cloudposse/bastion/blob/master/patches/openssh/original-command.diff
The other patch obscures the version of OpenSSH. We use this to hide the SSH version so it's not announced to port-scanners.
https://github.com/cloudposse/bastion/blob/master/patches/openssh/obfuscate-version.diff
When upgrading version of OpenSSH, the patches might need to be regenerated.
This closes #16
Good job!
what
original-command.diff
andobfuscate-version.diff
)why
closes #19 closes #16
references