From 9c89b9f1a691e53ab850ef904df7041dcf1f01bf Mon Sep 17 00:00:00 2001
From: Kent Peacock <kentp@fb.com>
Date: Aug 24 2022 22:41:47 +0000
Subject: Revert "Use quilt always to install facebook patches, to fix build breakage."


This reverts commit ef9f50299666a22bb461a1901431e46b4b18b6f9.

---

diff --git a/fbpatches/series b/fbpatches/series
index 177f92c..8fe0e6e 100644
--- a/fbpatches/series
+++ b/fbpatches/series
@@ -1,26 +1,10 @@
-# Add a unique log session identifier to output messages for
-# each sshd process and its children.
 fb87_log_session_id.patch
-# Add structured logging
 fb87_slog.patch
-# Add a log entry when a session is started over a local forward port.
 fb87_log_port_forwards.patch
-# Add a log line when a session is started over a reverse port forward.
 fb87_070_logging_reverse_port_forward.patch
-# Increase ssh cert max principals from 256 to 1024.
 fb87_810_increase_ssh_cert_max_principals.patch
-# Output a line in the logs showing the command run, or shell request
-# and the user
 fb87_090_logging_shell_cmd_pty.patch
-# Output a line in the logs showing which principal was matched when
-# certificate authentication was used.
 fb87_080_logging_certificates.patch
-# Add verbose logging for setting env variables.
 fb87_log_accept_env.patch
-# Set an environment variable SSH_CERT_PRINCIPALS in the child process
-# to be the full principal list of a user's SSH certificate when forced
-# command is present and the user is authenticated by the certificate.
 fb87_pass_principals_to_child.patch
-# Log extra authentication information to the auth_info structured
-# logging field, and add tests for pubkey and cert auth.
 fb87_log_auth_info.patch
diff --git a/openssh.spec b/openssh.spec
index 858f455..1d42e2b 100644
--- a/openssh.spec
+++ b/openssh.spec
@@ -5,6 +5,10 @@
 %global WITH_SELINUX 0
 %endif
 
+# Useful development mode for porting patches from
+# a different release
+%global use_quilt 0
+
 %global _hardened_build 1
 
 # OpenSSH privilege separation requires a user & group ID
@@ -257,6 +261,35 @@ Patch1006: openssh-8.7p1-negotiate-supported-algs.patch
 # c9s specific logic factored out of openssh-7.7p1-fips.patch
 Patch2000: openssh-7.7p1-fips-warning.patch
 
+%if %{facebook} && !%{use_quilt}
+# Add a unique log session identifier to output messages for
+# each sshd process and its children.
+Patch2010: fbpatches/fb87_log_session_id.patch
+# Add structured logging
+Patch2011: fbpatches/fb87_slog.patch
+# Add a log entry when a session is started over a local forward port.
+Patch2012: fbpatches/fb87_log_port_forwards.patch
+# Add a log line when a session is started over a reverse port forward.
+Patch2013: fbpatches/fb87_070_logging_reverse_port_forward.patch
+# Increase ssh cert max principals from 256 to 1024.
+Patch2014: fbpatches/fb87_810_increase_ssh_cert_max_principals.patch
+# Output a line in the logs showing the command run, or shell request
+# and the user.
+Patch2015: fbpatches/fb87_090_logging_shell_cmd_pty.patch
+# Output a line in the logs showing which principal was matched when
+# certificate authentication was used.
+Patch2016: fbpatches/fb87_080_logging_certificates.patch
+# Add verbose logging for setting env variables.
+Patch2017: fbpatches/fb87_log_accept_env.patch
+# Set an environment variable SSH_CERT_PRINCIPALS in the child process
+# to be the full principal list of a user's SSH certificate when forced
+# ommand is present and the user is authenticated by the certificate.
+Patch2018: fbpatches/fb87_pass_principals_to_child.patch
+# Log extra authenticaton informatino to the auth_info structured
+# logging field, and add tests for pubkey and cert auth.
+Patch2019: fbpatches/fb87_log_auth_info.patch
+%endif
+
 License: BSD
 Requires: /sbin/nologin
 
@@ -302,11 +335,6 @@ BuildRequires: xauth
 # for tarball signature verification
 BuildRequires: gnupg2
 
-# Facebook patches are applied using quilt
-%if 0%{?facebook}
-BuildRequires: quilt
-%endif
-
 %package clients
 Summary: An open source SSH client applications
 Requires: openssh = %{version}-%{release}
@@ -467,9 +495,21 @@ popd
 
 %patch100 -p1 -b .coverity
 
-# Apply Facebook patches
-%if 0%{?facebook}
-ln -sf %{_sourcedir}/fbpatches patches
+%if %{facebook} && !%{use_quilt}
+%patch2010 -p1 -b .log_session_id
+%patch2011 -p1 -b .slog
+%patch2012 -p1 -b .log_port_forwards
+%patch2013 -p1 -b .logging_reverse_port_forward
+%patch2014 -p1 -b .increase_ssh_cert_max_principals
+%patch2015 -p1 -b .logging_shell_cmd_pty
+%patch2016 -p1 -b .logging_certificates
+%patch2017 -p1 -b .log_accept_env
+%patch2018 -p1 -b .pass_principals_to_child
+%patch2019 -p1 -b .log_auth_info
+%endif
+
+%if %{facebook} && %{use_quilt}
+ln -sf ../../fbpatches patches
 quilt push -a
 %endif
 
@@ -750,7 +790,7 @@ test -f %{sysconfig_anaconda} && \
 %endif
 
 %changelog
-* Wed Aug 24 2022 Kent Peacock <kentp@fb.com> 8.7p1-19.3 + 0.10.4-5.3
+* Wed Aug 24 2022 Kent Peacock <kentp@fb.com> 8.7p1-19.3 + 0.10.4-5.2
 - Set up local developer strategy using quilt and incorporate Meta patches
 
 * Wed Jul 20 2022 Davide Cavalca <dcavalca@centosproject.org> - 8.7p1-19.2 + 0.10.4-5.2