Package: libvirt-clients Version: 6.9.0-1+b2 Severity: wishlist File: /usr/bin/virsh Tags: patch upstream
Dear Maintainer,
Since version 8.4 OpenSSH supports environment variables in several
configuration values [0], thereby allowing using $XDG_RUNTIME_DIR as
ControlPath directory without having to hardcode its value in
~/.ssh/config:
ControlPath ${XDG_RUNTIME_DIR}/ssh-%C
However the above snippet causes the command to fail as virsh runs it in
a sanitized environment:
error: failed to connect to the hypervisor
error: Cannot recv data: vdollar_percent_expand: env var ${XDG_RUNTIME_DIR}
has no value
invalid environment variable expansion: Connection reset by peer
This patch preserves environment variables of the XDG Base Directory
Specification [1] when calling the SSH binary. (Other XDG_* environment
variables are arguably useful as well for ProxyCommand.)
Alternatively, maybe a configuration option to run the SSH binary in the
stock environment would do? After all OpenSSH has its own environment
sanitation logic.
Thanks,
cheers,
--
Guilhem.
[0] https://www.openssh.com/txt/release-8.4
https://bugzilla.mindrot.org/show_bug.cgi?id=3140
[1]
https://specifications.freedesktop.org/basedir-spec/basedir-spec-latest.html#variables
-- System Information:
Debian Release: bullseye/sid
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 5.9.0-3-amd64 (SMP w/8 CPU threads)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8),
LANGUAGE=en_US:en
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages libvirt-clients depends on:
ii libc6 2.31-6
ii libgcc-s1 10.2.1-1
ii libglib2.0-0 2.66.4-1
ii libreadline8 8.1-1
ii libvirt0 6.9.0-1+b2
ii libxml2 2.9.10+dfsg-6.3+b1
ii sensible-utils 0.0.12+nmu1
libvirt-clients recommends no packages.
Versions of packages libvirt-clients suggests:
ii libvirt-daemon 6.9.0-1+b2
-- no debconf information
From: Guilhem Moulin <guil...@debian.org>
Date: Sat, 19 Dec 2020 18:31:01 +0100
Subject: Pass XDG_* environment variables to the SSH binary
Since version 8.4 OpenSSH supports environment variables in several
configuration values, thereby allowing the using $XDG_RUNTIME_DIR as
ControlPath directory without having to hardcode its value in
~/.ssh/config:
ControlPath ${XDG_RUNTIME_DIR}/ssh-%C
However the above snippet causes the command to fail as virsh runs it in
a sanitized environment:
error: failed to connect to the hypervisor
error: Cannot recv data: vdollar_percent_expand: env var ${XDG_RUNTIME_DIR} has no value
invalid environment variable expansion: Connection reset by peer
This patch preserves environment variables of the XDG Base Directory
Specification when calling the SSH binary. (Other XDG_* environment
variables are arguably useful as well for ProxyCommand.)
---
src/rpc/virnetsocket.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/src/rpc/virnetsocket.c b/src/rpc/virnetsocket.c
index eb5a4b2..32ac4b1 100644
--- a/src/rpc/virnetsocket.c
+++ b/src/rpc/virnetsocket.c
@@ -882,6 +882,13 @@ int virNetSocketNewConnectSSH(const char *nodename,
virCommandAddEnvPass(cmd, "TERM");
virCommandAddEnvPass(cmd, "DISPLAY");
virCommandAddEnvPass(cmd, "XAUTHORITY");
+ /* https://specifications.freedesktop.org/basedir-spec/basedir-spec-latest.html#variables */
+ virCommandAddEnvPass(cmd, "XDG_DATA_HOME");
+ virCommandAddEnvPass(cmd, "XDG_CONFIG_HOME");
+ virCommandAddEnvPass(cmd, "XDG_DATA_DIRS");
+ virCommandAddEnvPass(cmd, "XDG_CONFIG_DIRS");
+ virCommandAddEnvPass(cmd, "XDG_CACHE_HOME");
+ virCommandAddEnvPass(cmd, "XDG_RUNTIME_DIR");
virCommandClearCaps(cmd);
if (service)
signature.asc
Description: PGP signature
