From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-commits+bounces-1681540-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits))
	(No client certificate requested)
	by finch.gentoo.org (Postfix) with ESMTPS id CB8D7158042
	for <garchives@archives.gentoo.org>; Fri, 18 Oct 2024 17:54:51 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 09D9FE0871;
	Fri, 18 Oct 2024 17:54:51 +0000 (UTC)
Received: from smtp.gentoo.org (woodpecker.gentoo.org [140.211.166.183])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id E2394E0871
	for <gentoo-commits@lists.gentoo.org>; Fri, 18 Oct 2024 17:54:50 +0000 (UTC)
Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits))
	(No client certificate requested)
	by smtp.gentoo.org (Postfix) with ESMTPS id D5C3E3430C9
	for <gentoo-commits@lists.gentoo.org>; Fri, 18 Oct 2024 17:54:49 +0000 (UTC)
Received: from localhost.localdomain (localhost [IPv6:::1])
	by oystercatcher.gentoo.org (Postfix) with ESMTP id 746561D0A
	for <gentoo-commits@lists.gentoo.org>; Fri, 18 Oct 2024 17:54:48 +0000 (UTC)
From: "Ulrich Müller" <ulm@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Content-Transfer-Encoding: 8bit
Content-type: text/plain; charset=UTF-8
Reply-To: gentoo-dev@lists.gentoo.org, "Ulrich Müller" <ulm@gentoo.org>
Message-ID: <1729274075.d78b4c787bd09872107c367299bd69b5eb2ea28e.ulm@gentoo>
Subject: [gentoo-commits] repo/gentoo:master commit in: eclass/
X-VCS-Repository: repo/gentoo
X-VCS-Files: eclass/cvs.eclass
X-VCS-Directories: eclass/
X-VCS-Committer: ulm
X-VCS-Committer-Name: Ulrich Müller
X-VCS-Revision: d78b4c787bd09872107c367299bd69b5eb2ea28e
X-VCS-Branch: master
Date: Fri, 18 Oct 2024 17:54:48 +0000 (UTC)
Precedence: bulk
List-Post: <mailto:gentoo-commits@lists.gentoo.org>
List-Help: <mailto:gentoo-commits+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-commits+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-commits+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-commits.gentoo.org>
X-BeenThere: gentoo-commits@lists.gentoo.org
X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply
X-Archives-Salt: 563b2b80-ca03-42de-bf98-cc2acdddadaa
X-Archives-Hash: 09bbaf1c54eb552bcca37f2ae45cfda1

commit:     d78b4c787bd09872107c367299bd69b5eb2ea28e
Author:     Ulrich Müller <ulm <AT> gentoo <DOT> org>
AuthorDate: Mon Oct 14 10:33:32 2024 +0000
Commit:     Ulrich Müller <ulm <AT> gentoo <DOT> org>
CommitDate: Fri Oct 18 17:54:35 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d78b4c78

cvs.eclass: Rewrite the ssh wrapper script in bash

OpenSSH version 8.4 and later supports the SSH_ASKPASS_REQUIRE
environment variable which allows to force the use of the SSH_ASKPASS
program. This makes detaching the process from its controlling terminal
(TIOCNOTTY ioctl) and setting the DISPLAY variable unnecessary.

Signed-off-by: Ulrich Müller <ulm <AT> gentoo.org>

 eclass/cvs.eclass | 62 +++++++++++++++----------------------------------------
 1 file changed, 17 insertions(+), 45 deletions(-)

diff --git a/eclass/cvs.eclass b/eclass/cvs.eclass
index ec0ad2ec8f71..1289ee54cc3b 100644
--- a/eclass/cvs.eclass
+++ b/eclass/cvs.eclass
@@ -192,7 +192,7 @@ if [[ ${ECVS_AUTH} == "ext" ]] ; then
 	if [[ ${CVS_RSH} != "ssh" ]] ; then
 		die "Support for ext auth with clients other than ssh has not been implemented yet"
 	fi
-	BDEPEND+=" net-misc/openssh"
+	BDEPEND+=" >=net-misc/openssh-8.4"
 fi
 
 # @FUNCTION: cvs_fetch
@@ -362,40 +362,9 @@ cvs_fetch() {
 		# Hack to support SSH password authentication
 
 		if [[ ${CVS_RSH} == "ssh" ]] ; then
-			# Force SSH to use SSH_ASKPASS by creating python wrapper
-
-			local -x CVS_RSH="${T}/cvs_sshwrapper"
-			cat > "${CVS_RSH}" <<EOF || die
-#!${EPREFIX}/usr/bin/python
-import fcntl
-import os
-import sys
-try:
-	fd = os.open('/dev/tty', 2)
-	TIOCNOTTY=0x5422
-	try:
-		fcntl.ioctl(fd, TIOCNOTTY)
-	except:
-		pass
-	os.close(fd)
-except:
-	pass
-newarglist = sys.argv[:]
-EOF
-
-			# disable X11 forwarding which causes .xauth access violations
-			# - 20041205 Armando Di Cianno <fafhrd@gentoo.org>
-			echo "newarglist.insert(1, '-oClearAllForwardings=yes')" \
-				>> "${CVS_RSH}" || die
-			echo "newarglist.insert(1, '-oForwardX11=no')" \
-				>> "${CVS_RSH}" || die
-
 			# Handle SSH host key checking
 
 			local known_hosts_file="${T}/cvs_ssh_known_hosts"
-			echo "newarglist.insert(1, '-oUserKnownHostsFile=${known_hosts_file}')" \
-				>> "${CVS_RSH}" || die
-
 			local strict_host_key_checking
 			if [[ -z ${ECVS_SSH_HOST_KEY} ]] ; then
 				ewarn "Warning: The SSH host key of the remote server will not be verified."
@@ -407,28 +376,31 @@ EOF
 				echo "${ECVS_SSH_HOST_KEY}" > "${known_hosts_file}" || die
 			fi
 
-			echo -n "newarglist.insert(1, '-oStrictHostKeyChecking=" \
-				>> "${CVS_RSH}" || die
-			echo "${strict_host_key_checking}')" \
-				>> "${CVS_RSH}" || die
-			echo "os.execv('${EPREFIX}/usr/bin/ssh', newarglist)" \
-				>> "${CVS_RSH}" || die
+			# Create a wrapper script to pass additional options to SSH
+			# Disable X11 forwarding which causes .xauth access violations
 
+			local -x CVS_RSH="${T}/cvs_sshwrapper"
+			cat > "${CVS_RSH}" <<-EOF || die
+				#!${BROOT}/bin/bash
+				exec "${BROOT}/usr/bin/ssh" \\
+					-oStrictHostKeyChecking=${strict_host_key_checking} \\
+					-oUserKnownHostsFile="${known_hosts_file}" \\
+					-oForwardX11=no \\
+					-oClearAllForwardings=yes \\
+					"\$@"
+				EOF
 			chmod a+x "${CVS_RSH}" || die
 
-			# Make sure DISPLAY is set (SSH will not use SSH_ASKPASS
-			# if DISPLAY is not set)
-
-			local -x DISPLAY="${DISPLAY:-DISPLAY}"
-
 			# Create a dummy executable to echo ${ECVS_PASS}
 
 			local -x SSH_ASKPASS="${T}/cvs_sshechopass"
+			local -x SSH_ASKPASS_REQUIRE="force"
+
 			if [[ ${ECVS_AUTH} != "no" ]] ; then
-				echo -en "#!/bin/bash\necho \"${ECVS_PASS}\"\n" \
+				echo -en "#!${BROOT}/bin/bash\necho \"${ECVS_PASS}\"\n" \
 					> "${SSH_ASKPASS}" || die
 			else
-				echo -en "#!/bin/bash\nreturn\n" \
+				echo -en "#!${BROOT}/bin/bash\nreturn\n" \
 					> "${SSH_ASKPASS}" || die
 			fi
 			chmod a+x "${SSH_ASKPASS}" || die