From 2057a6fd805dfcbf1e9f2019e049f5e8b0ff7761 Mon Sep 17 00:00:00 2001
From: Jeremy Lecour <jlecour@evolix.fr>
Date: Fri, 25 Sep 2020 14:12:12 +0200
Subject: [PATCH] Restore compatibility with Debian <10

ssh-keygen has "-f prefix_path" in openssh-server version 7.9+
---
 CHANGELOG.md |  2 ++
 lib/includes | 25 +++++++++++++++++++++++--
 2 files changed, 25 insertions(+), 2 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 34c4fbf..bebc416 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -16,6 +16,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ### Fixed
 
+* restore compatibility with Debian <10
+
 ### Security
 
 ## [2.4.1] - 2020-08-28
diff --git a/lib/includes b/lib/includes
index 5650911..f0d21f7 100755
--- a/lib/includes
+++ b/lib/includes
@@ -208,6 +208,19 @@ new_lock_file() {
     mkdir --parents "${lock_dir}" && echo $$ > ${lock_file} || error "Failed to acquire lock file '${lock_file}'"
 }
 
+pkg_version() {
+    # $(command -v ssh) -V 2>&1 | grep -iEo 'OpenSSH_(\S+)' | cut -d '_' -f2
+    dpkg-query -W -f='${Version}\n' $1 \
+    | sed 's/[~+-].\+//' \
+    | sed 's/.\+://' \
+    | sed 's/p.*//' \
+    | cut -d. -f1,2
+}
+ssh_keygen_with_prefix() {
+    # openssh-client 7.9 provides ssh-keygen with "-f prefix_path" option
+    dpkg --compare-versions "$(pkg_version 'openssh-client')" ge "7.9"
+}
+
 setup_jail_chroot() {
     jail_name=${1:?}
 
@@ -261,8 +274,16 @@ setup_jail_chroot() {
 
     info "2 - Copying essential files"
 
-    # Generate SSH host keys is missing
-    ssh-keygen -A -f "${jail_path}"
+    #
+    if ssh_keygen_with_prefix; then
+        # Generate SSH host keys if missing in jail
+        ssh-keygen -A -f "${jail_path}"
+    else
+        # Copy SSH host keys from host if missing in jail
+        for key in /etc/ssh/*_key; do
+            cp --no-clobber ${key} ${jail_path}${key};
+        done
+    fi
 
     touch "./${AUTHORIZED_KEYS}"
     chmod 600 "./${AUTHORIZED_KEYS}"