Skip to content

Commit

Permalink
[202012][openssh] openssh: Upgrade from 7.9 to 8.4, to match version …
Browse files Browse the repository at this point in the history 
…in buster-backports (#10910)

* Use buster-backports version
* Use dget dsc file instead source repo
* Update make files
* Upgrade openssh-client to 8.4 in base image
* Remove useless installation
* Install openssh-server from buster-backports in build_debian
* Update dev buster package version list

Signed-off-by: Jing Kan jika@microsoft.com
  • Loading branch information
@Blueve
Blueve authored Jun 2, 2022
1 parent 79555c8 commit 14fdcc8
Show file tree
Hide file tree
Showing 5 changed files with 29 additions and 20 deletions.
5 changes: 4 additions & 1 deletion build_debian.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -281,7 +281,6 @@ sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y in
tcpdump \
dbus \
ntpstat \
openssh-server \
python \
python-apt \
traceroute \
Expand Down Expand Up @@ -323,6 +322,10 @@ sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y in
haveged \
jq

## Install openssh-server from buster-backports for required security patches
sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y install -t buster-backports \
openssh-server

if [[ $CONFIGURED_ARCH == amd64 ]]; then
## Pre-install the fundamental packages for amd64 (x86)
sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y install \
Expand Down
6 changes: 3 additions & 3 deletions files/build/versions/host-image/versions-deb-buster
View file
Original file line number Diff line number Diff line change
Expand Up @@ -249,9 +249,9 @@ netfilter-persistent==1.0.11+deb10u1
ntp==1:4.2.8p12+dfsg-4+deb10u2
ntpstat==0.0.0.1-2
opennsl-modules==4.3.0.10-2
openssh-client==1:7.9p1-10+deb10u2
openssh-server==1:7.9p1-10+deb10u2
openssh-sftp-server==1:7.9p1-10+deb10u2
openssh-client==1:8.4p1-2~bpo10+1
openssh-server==1:8.4p1-2~bpo10+1
openssh-sftp-server==1:8.4p1-2~bpo10+1
openssl==1.1.1n-0+deb10u2
patch==2.7.6-3+deb10u1
pciutils==1:3.5.2-1
Expand Down
15 changes: 8 additions & 7 deletions rules/openssh.mk
View file
Original file line number Diff line number Diff line change
@@ -1,14 +1,15 @@
# openssh package

OPENSSH_VERSION = 7.9p1-10+deb10u2
OPENSSH_VERSION = 8.4p1
OPENSSH_VERSION_FULL = ${OPENSSH_VERSION}-2~bpo10+1

export OPENSSH_VERSION
export OPENSSH_VERSION OPENSSH_VERSION_FULL

OPENSSH_SERVER = openssh-server_$(OPENSSH_VERSION)_$(CONFIGURED_ARCH).deb
OPENSSH_SERVER = openssh-server_$(OPENSSH_VERSION_FULL)_$(CONFIGURED_ARCH).deb
$(OPENSSH_SERVER)_SRC_PATH = $(SRC_PATH)/openssh
SONIC_MAKE_DEBS += $(OPENSSH_SERVER)

# The .c, .cpp, .h & .hpp files under src/{$DBG_SRC_ARCHIVE list}
# are archived into debug one image to facilitate debugging.
#
DBG_SRC_ARCHIVE += openssh
OPENSSH_SERVER_DBG = openssh-server-dbgsym_$(OPENSSH_VERSION_FULL)_$(CONFIGURED_ARCH).deb
$(eval $(call add_derived_package,$(OPENSSH_SERVER),$(OPENSSH_SERVER_DBG)))

export OPENSSH_SERVER OPENSSH_SERVER_DBG
5 changes: 4 additions & 1 deletion sonic-slave-buster/Dockerfile.j2
View file
Original file line number Diff line number Diff line change
Expand Up @@ -49,7 +49,6 @@ ENV DEBIAN_FRONTEND=noninteractive
RUN apt-get update && apt-get install -y \
apt-utils \
default-jre-headless \
openssh-server \
curl \
wget \
unzip \
Expand Down Expand Up @@ -333,6 +332,10 @@ RUN apt-get update && apt-get install -y \
libgtest-dev \
libgcc-8-dev

# For openssh-server
RUN apt-get -y install -t buster-backports \
openssh-server \
libfido2-dev
RUN apt-get -y build-dep openssh

# Build fix for ARMHF buster libsairedis
Expand Down
18 changes: 10 additions & 8 deletions src/openssh/Makefile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,17 +2,19 @@
SHELL = /bin/bash
.SHELLFLAGS += -e

MAIN_TARGET = openssh-server_$(OPENSSH_VERSION)_$(CONFIGURED_ARCH).deb
DERIVED_TARGETS = openssh-server-dbgsym_$(OPENSSH_VERSION)_$(CONFIGURED_ARCH).deb
MAIN_TARGET = $(OPENSSH_SERVER)
DERIVED_TARGETS = $(OPENSSH_SERVER_DBG)

$(addprefix $(DEST)/, $(MAIN_TARGET)): $(DEST)/% :
# Obtain openssh: https://salsa.debian.org/ssh-team/openssh/-/tree/debian/1%257.9p1-10+deb10u2
rm -rf ./openssh-server
git clone https://salsa.debian.org/ssh-team/openssh.git openssh-server
pushd ./openssh-server
# Remove stale files
rm -rf ./openssh-$(OPENSSH_VERSION)

# Check out tag: debian/1%7.9p1-10+deb10u2
git checkout -b openssh-src -f 6d9ca74c48d9911342c6ca5aaac8a25974fa2619
dget https://deb.debian.org/debian/pool/main/o/openssh/openssh_$(OPENSSH_VERSION_FULL).dsc
pushd ./openssh-$(OPENSSH_VERSION)

git init
git add -f *
git commit -qm "initial commit"

# Apply patch series
stg init
Expand Down

0 comments on commit 14fdcc8

Please sign in to comment.