--- Begin Message ---
|
Subject: |
[PATCH 0/1] Let openssh trust /gnu/store |
|
Date: |
Wed, 20 Apr 2022 10:47:24 +0200 |
This patch allows users to use /gnu/store objects for AuthorizedKeysCommand
and similar options. According to the sshd_config(5):
> The program must be owned by root, not writable by group or others, and
> specified by an absolute path.
However, this is not the case for Guix, even though it is RO. OpenSSH doesn't
check if the location mounted or ended up on the RO mount point.
I think implementing a check for RO location is much harder here, rather
than to trust /gnu/store path. The same way OpenSSH does with users' home
directory.
Let me know what you think.
Alexey Abramov (1):
gnu: openssh: Trust /gnu/store directory
gnu/local.mk | 1 +
.../openssh-trust-gnu-store-directory.patch | 35 +++++++++++++++++++
gnu/packages/ssh.scm | 3 +-
3 files changed, 38 insertions(+), 1 deletion(-)
create mode 100644 gnu/packages/patches/openssh-trust-gnu-store-directory.patch
--
2.34.0
--- End Message ---
--- Begin Message ---
|
Subject: |
Re: bug#55034: [PATCH 0/1] Let openssh trust /gnu/store |
|
Date: |
Fri, 29 Apr 2022 00:07:12 +0200 |
|
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux) |
Hi,
Alexey Abramov <levenson@mmer.org> skribis:
> * gnu/local.mk (dist_patch_DATA): Add the patch
> * gnu/packages/patches/openssh-trust-guix-store-directory.patch: Patch it
> * gnu/packages/ssh.scm (openssh[source]): Use it.
Applied, thanks!
Ludo’.
--- End Message ---