From ef9f50299666a22bb461a1901431e46b4b18b6f9 Mon Sep 17 00:00:00 2001
From: Kent Peacock <kentp@fb.com>
Date: Aug 24 2022 22:12:12 +0000
Subject: Use quilt always to install facebook patches, to fix build breakage.


---

diff --git a/fbpatches/series b/fbpatches/series
index 8fe0e6e..177f92c 100644
--- a/fbpatches/series
+++ b/fbpatches/series
@@ -1,10 +1,26 @@
+# Add a unique log session identifier to output messages for
+# each sshd process and its children.
 fb87_log_session_id.patch
+# Add structured logging
 fb87_slog.patch
+# Add a log entry when a session is started over a local forward port.
 fb87_log_port_forwards.patch
+# Add a log line when a session is started over a reverse port forward.
 fb87_070_logging_reverse_port_forward.patch
+# Increase ssh cert max principals from 256 to 1024.
 fb87_810_increase_ssh_cert_max_principals.patch
+# Output a line in the logs showing the command run, or shell request
+# and the user
 fb87_090_logging_shell_cmd_pty.patch
+# Output a line in the logs showing which principal was matched when
+# certificate authentication was used.
 fb87_080_logging_certificates.patch
+# Add verbose logging for setting env variables.
 fb87_log_accept_env.patch
+# Set an environment variable SSH_CERT_PRINCIPALS in the child process
+# to be the full principal list of a user's SSH certificate when forced
+# command is present and the user is authenticated by the certificate.
 fb87_pass_principals_to_child.patch
+# Log extra authentication information to the auth_info structured
+# logging field, and add tests for pubkey and cert auth.
 fb87_log_auth_info.patch
diff --git a/openssh.spec b/openssh.spec
index 1d42e2b..858f455 100644
--- a/openssh.spec
+++ b/openssh.spec
@@ -5,10 +5,6 @@
 %global WITH_SELINUX 0
 %endif
 
-# Useful development mode for porting patches from
-# a different release
-%global use_quilt 0
-
 %global _hardened_build 1
 
 # OpenSSH privilege separation requires a user & group ID
@@ -261,35 +257,6 @@ Patch1006: openssh-8.7p1-negotiate-supported-algs.patch
 # c9s specific logic factored out of openssh-7.7p1-fips.patch
 Patch2000: openssh-7.7p1-fips-warning.patch
 
-%if %{facebook} && !%{use_quilt}
-# Add a unique log session identifier to output messages for
-# each sshd process and its children.
-Patch2010: fbpatches/fb87_log_session_id.patch
-# Add structured logging
-Patch2011: fbpatches/fb87_slog.patch
-# Add a log entry when a session is started over a local forward port.
-Patch2012: fbpatches/fb87_log_port_forwards.patch
-# Add a log line when a session is started over a reverse port forward.
-Patch2013: fbpatches/fb87_070_logging_reverse_port_forward.patch
-# Increase ssh cert max principals from 256 to 1024.
-Patch2014: fbpatches/fb87_810_increase_ssh_cert_max_principals.patch
-# Output a line in the logs showing the command run, or shell request
-# and the user.
-Patch2015: fbpatches/fb87_090_logging_shell_cmd_pty.patch
-# Output a line in the logs showing which principal was matched when
-# certificate authentication was used.
-Patch2016: fbpatches/fb87_080_logging_certificates.patch
-# Add verbose logging for setting env variables.
-Patch2017: fbpatches/fb87_log_accept_env.patch
-# Set an environment variable SSH_CERT_PRINCIPALS in the child process
-# to be the full principal list of a user's SSH certificate when forced
-# ommand is present and the user is authenticated by the certificate.
-Patch2018: fbpatches/fb87_pass_principals_to_child.patch
-# Log extra authenticaton informatino to the auth_info structured
-# logging field, and add tests for pubkey and cert auth.
-Patch2019: fbpatches/fb87_log_auth_info.patch
-%endif
-
 License: BSD
 Requires: /sbin/nologin
 
@@ -335,6 +302,11 @@ BuildRequires: xauth
 # for tarball signature verification
 BuildRequires: gnupg2
 
+# Facebook patches are applied using quilt
+%if 0%{?facebook}
+BuildRequires: quilt
+%endif
+
 %package clients
 Summary: An open source SSH client applications
 Requires: openssh = %{version}-%{release}
@@ -495,21 +467,9 @@ popd
 
 %patch100 -p1 -b .coverity
 
-%if %{facebook} && !%{use_quilt}
-%patch2010 -p1 -b .log_session_id
-%patch2011 -p1 -b .slog
-%patch2012 -p1 -b .log_port_forwards
-%patch2013 -p1 -b .logging_reverse_port_forward
-%patch2014 -p1 -b .increase_ssh_cert_max_principals
-%patch2015 -p1 -b .logging_shell_cmd_pty
-%patch2016 -p1 -b .logging_certificates
-%patch2017 -p1 -b .log_accept_env
-%patch2018 -p1 -b .pass_principals_to_child
-%patch2019 -p1 -b .log_auth_info
-%endif
-
-%if %{facebook} && %{use_quilt}
-ln -sf ../../fbpatches patches
+# Apply Facebook patches
+%if 0%{?facebook}
+ln -sf %{_sourcedir}/fbpatches patches
 quilt push -a
 %endif
 
@@ -790,7 +750,7 @@ test -f %{sysconfig_anaconda} && \
 %endif
 
 %changelog
-* Wed Aug 24 2022 Kent Peacock <kentp@fb.com> 8.7p1-19.3 + 0.10.4-5.2
+* Wed Aug 24 2022 Kent Peacock <kentp@fb.com> 8.7p1-19.3 + 0.10.4-5.3
 - Set up local developer strategy using quilt and incorporate Meta patches
 
 * Wed Jul 20 2022 Davide Cavalca <dcavalca@centosproject.org> - 8.7p1-19.2 + 0.10.4-5.2