openssh: fix ssh-copy-id (for real this time)

srcpkgs/openssh/patches/ssh-copy-id.patch

@@ -0,0 +1,78 @@
+Accumulated changes to fix ssh-copy-id, pulled from
+https://github.com/openssh/openssh-portable/tree/ce941c75ea9cd6c358508a5b206809846c8d9240
+
+--- contrib/ssh-copy-id
++++ contrib/ssh-copy-id
+@@ -76,7 +76,7 @@
+ }
+ 
+ use_id_file() {
+-  local L_ID_FILE="$1"
++  L_ID_FILE="$1"
+ 
+   if [ -z "$L_ID_FILE" ] ; then
+     printf '%s: ERROR: no ID file found\n' "$0"
+@@ -94,7 +94,7 @@
+   # check that the files are readable
+   for f in "$PUB_ID_FILE" ${PRIV_ID_FILE:+"$PRIV_ID_FILE"} ; do
+     ErrMSG=$( { : < "$f" ; } 2>&1 ) || {
+-      local L_PRIVMSG=""
++      L_PRIVMSG=""
+       [ "$f" = "$PRIV_ID_FILE" ] && L_PRIVMSG="	(to install the contents of '$PUB_ID_FILE' anyway, look at the -f option)"
+       printf "\\n%s: ERROR: failed to open ID file '%s': %s\\n" "$0" "$f" "$(printf '%s\n%s\n' "$ErrMSG" "$L_PRIVMSG" | sed -e 's/.*: *//')"
+       exit 1
+@@ -169,7 +169,7 @@
+ # populate_new_ids() uses several global variables ($USER_HOST, $SSH_OPTS ...)
+ # and has the side effect of setting $NEW_IDS
+ populate_new_ids() {
+-  local L_SUCCESS="$1"
++  L_SUCCESS="$1"
+ 
+   # shellcheck disable=SC2086
+   if [ "$FORCED" ] ; then
+@@ -181,13 +181,12 @@
+   eval set -- "$SSH_OPTS"
+ 
+   umask 0177
+-  local L_TMP_ID_FILE
+   L_TMP_ID_FILE=$(mktemp ~/.ssh/ssh-copy-id_id.XXXXXXXXXX)
+   if test $? -ne 0 || test "x$L_TMP_ID_FILE" = "x" ; then
+     printf '%s: ERROR: mktemp failed\n' "$0" >&2
+     exit 1
+   fi
+-  local L_CLEANUP="rm -f \"$L_TMP_ID_FILE\" \"${L_TMP_ID_FILE}.stderr\""
++  L_CLEANUP="rm -f \"$L_TMP_ID_FILE\" \"${L_TMP_ID_FILE}.stderr\""
+   # shellcheck disable=SC2064
+   trap "$L_CLEANUP" EXIT TERM INT QUIT
+   printf '%s: INFO: attempting to log in with the new key(s), to filter out any that are already installed\n' "$0" >&2
+@@ -237,7 +236,8 @@
+ #    produce a one-liner to add the keys to remote authorized_keys file
+ #    optionally takes an alternative path for authorized_keys
+ installkeys_sh() {
+-  local AUTH_KEY_FILE=${1:-.ssh/authorized_keys}
++  AUTH_KEY_FILE=${1:-.ssh/authorized_keys}
++  AUTH_KEY_DIR=$(dirname "${AUTH_KEY_FILE}")
+ 
+   # In setting INSTALLKEYS_SH:
+   #    the tr puts it all on one line (to placate tcsh)
+@@ -247,10 +247,10 @@
+   #    the -z `tail ...` checks for a trailing newline. The echo adds one if was missing
+   #    the cat adds the keys we're getting via STDIN
+   #    and if available restorecon is used to restore the SELinux context
+-  INSTALLKEYS_SH=$(tr '\t\n' ' ' <<-EOF)
++  INSTALLKEYS_SH=$(tr '\t\n' ' ' <<-EOF
+ 	cd;
+ 	umask 077;
+-	mkdir -p $(dirname "${AUTH_KEY_FILE}") &&
++	mkdir -p "${AUTH_KEY_DIR}" &&
+ 	  { [ -z \`tail -1c ${AUTH_KEY_FILE} 2>/dev/null\` ] || echo >> ${AUTH_KEY_FILE}; } &&
+ 	  cat >> ${AUTH_KEY_FILE} ||
+ 	  exit 1;
+@@ -258,6 +258,7 @@
+ 	  restorecon -F .ssh ${AUTH_KEY_FILE};
+ 	fi
+ EOF
++  )
+ 
+   # to defend against quirky remote shells: use 'exec sh -c' to get POSIX;
+   printf "exec sh -c '%s'" "${INSTALLKEYS_SH}"

srcpkgs/openssh/template

@@ -1,7 +1,7 @@
 # Template file for 'openssh'
 pkgname=openssh
 version=8.4p1
-revision=2
+revision=3
 build_style=gnu-configure
 configure_args="--datadir=/usr/share/openssh
  --sysconfdir=/etc/ssh --without-selinux --with-privsep-user=nobody