Closed alebabai closed 5 years ago
alebabai
commented
5 years ago Compilation still fails for all of these cases:
alebabai
commented
5 years ago The problem is in realpath function.
this patch bsd-compatible-realpath.diff should be updated too
osterman
commented
5 years ago @alebabai should we add a Makefile target to download the current patches the way we did for the helm charts?
osterman
commented
5 years ago @alebabai if it makes it easier to maintain, you can put the patches into vendor folders so we know what's upstream and our own.
E.g. wget —mirror
alebabai
commented
5 years ago should we add a Makefile target to download the current patches the way we did for the helm charts?
I don't think so, because some patches could require to be updated (e.g. bsd-compatible-realpath).
if it makes it easier to maintain, you can put the patches into vendor folders so we know what's upstream and our own.
yeap, it's good idea
osterman
commented
5 years ago Please add a README.md to the patches folder that reads something like this:
OpenSSH will not compile out-of-the-box on alpine. For this reason, we use the official patches found here:
- https://git.alpinelinux.org/cgit/aports/tree/main/openssh
We also add a couple of our own patches.
One patch ensures we have `SSH_ORIGINAL_COMMAND` available during pam auth so we can send slack notifications.
https://github.com/cloudposse/bastion/blob/master/patches/openssh/original-command.diff
The other patch obscures the version of OpenSSH. We use this to hide the SSH version so it's not announced to port-scanners.
https://github.com/cloudposse/bastion/blob/master/patches/openssh/obfuscate-version.diff
When upgrading version of OpenSSH, the patches might need to be regenerated.
This closes #16
osterman
commented
5 years ago Good job!
what
original-command.diffandobfuscate-version.diff)why
closes #19 closes #16
references