OS-8412: Bump OpenSSH to 9.1p1

Details

Issue Type:Improvement
Priority:4 - Normal
Status:Resolved
Created at:2022-10-04T20:42:45.213Z
Updated at:2022-10-18T14:24:49.317Z

People

Created by:Dan McDonald
Reported by:Dan McDonald
Assigned to:Dan McDonald

Fix Versions

2022-10-20 Clicker (Release Date: 2022-10-20)

Related Links

Description

Subject says it all.

Comments

Comment by Dan McDonald
Created at 2022-10-04T20:44:08.044Z

One decision happening for this is to remove the 0027-Compatibility-for-SunSSH_1.5… patch. This will affect very old illumos ssh clients, as well as Solaris-before-11 ones, but that’s about it.


Comment by Dan McDonald
Created at 2022-10-17T20:26:57.440Z

Additionally, there will be a new smartos-live “0-preflight-stamp” check because OpenSSH’s autoconf has made it difficult to not use -R LIBPATH in its compilation, and we should reduce our -R usages wherever possible.


Comment by Dan McDonald
Created at 2022-10-17T20:27:40.661Z

OpenSSH 9.1p1 has been used on several Kebecloud CNs, plus others. The 0-preflight-stamp has also been tested locally, and will get a pre-integration run on Jenkins as well.


Comment by Jira Bot
Created at 2022-10-17T23:16:33.194Z

illumos-extra commit 621d5be0fe50fc1e60820ec5641ba0718f28f5c4 (branch master, by Dan McDonald)

OS-8412 Bump OpenSSH to 9.1p1

Reviewed by: Travis Paul <travis.paul@mnx.io>
Reviewed by: Brian Bennett <brian.bennett@mnx.io>


Comment by Brian Bennett
Created at 2022-10-18T14:23:57.310Z
Updated at 2022-10-18T14:24:38.343Z

Preflight stamp tests

Success (with xtrace):

[root@relm (barovia) ~]# ./preflight 
[root@relm (barovia) ~]# TRACE=1 ./preflight 
[2022-10-17T19:53:15Z] ./preflight:26: main(): errors=0
[2022-10-17T19:53:15Z] ./preflight:29: main(): mapfile -t openssl_version
[[2022-10-17T19:53:15Z] ./preflight:29: main(): openssl version
[[2022-10-17T19:53:15Z] ./preflight:29: main(): awk -v 'OFS=\n' '-F[ .]' '{print $2,$3,$4}'
[2022-10-17T19:53:15Z] ./preflight:30: main(): openssl_maj=3
[2022-10-17T19:53:15Z] ./preflight:31: main(): ((  openssl_maj < 3  ))
[2022-10-17T19:53:15Z] ./preflight:37: main(): ((  errors > 0  ))

Simulated failure (with xtrace):

[root@relm (barovia) ~]# ./preflight 
Platform image must include OpenSSL 3.0.0 or later.
Release 20211216T012707Z and later is required.
[root@relm (barovia) ~]# TRACE=1 ./preflight 
[2022-10-17T19:53:41Z] ./preflight:26: main(): errors=0
[2022-10-17T19:53:41Z] ./preflight:29: main(): mapfile -t openssl_version
[[2022-10-17T19:53:41Z] ./preflight:29: main(): openssl version
[[2022-10-17T19:53:41Z] ./preflight:29: main(): awk -v 'OFS=\n' '-F[ .]' '{print $2,$3,$4}'
[2022-10-17T19:53:41Z] ./preflight:30: main(): openssl_maj=3
[2022-10-17T19:53:41Z] ./preflight:31: main(): ((  openssl_maj < 4  ))
[2022-10-17T19:53:41Z] ./preflight:32: main(): printf 'Platform image must include OpenSSL 3.0.0 or later.\n'
Platform image must include OpenSSL 3.0.0 or later.
[2022-10-17T19:53:41Z] ./preflight:33: main(): printf 'Release 20211216T012707Z and later is required.\n'
Release 20211216T012707Z and later is required.
[2022-10-17T19:53:41Z] ./preflight:34: main(): errors=1
[2022-10-17T19:53:41Z] ./preflight:37: main(): ((  errors > 0  ))
[2022-10-17T19:53:41Z] ./preflight:38: main(): exit 1

Real failure (from make):

smartos-build-2(~/smartos-live)[2]% uname -a
SunOS smartos-build-2 5.11 joyent_20211202T020723Z i86pc i386 i86pc
smartos-build-2(~/smartos-live)[0]% gmake live
/export/home/danmcd/smartos-live/proto/buildstamp: No such file or directory
/export/home/danmcd/smartos-live/proto/buildstamp: No such file or directory
/export/home/danmcd/smartos-live/proto/buildstamp: No such file or directory
/export/home/danmcd/smartos-live/tools/preflight
Platform image must include OpenSSL 3.0.0 or later.
Release 20211216T012707Z or later will satisfy this requirement.
gmake: *** [Makefile:356: 0-preflight-stamp] Error 1
smartos-build-2(~/smartos-live)[2]%