PR#10: Future update to get rid of environment files mess and use sshd_config include directive - rpms/openssh - src.fedoraproject.org

rpms / openssh

#10 Future update to get rid of environment files mess and use sshd_config include directive

Closed 3 years ago by jjelen. Opened 3 years ago by jjelen.

rpms/ jjelen/openssh master into master

Drop loading of anaconda configuration from sysconfig including scriptlet to migrate to include drop-in directory

Jakub Jelen • 3 years ago

0c61ee4

openssh.spec

file modified

+11

		`@@ -612,6 +612,17 @@`

		`%post server`
		`%systemd_post sshd.service sshd.socket`
		`+ # Migration scriptlet for Fedora 31 and 32 installations to sshd_config`
		`+ # drop-in directory (in F32+).`
		`+ # Do this only if the file generated by anacond exists, contains our config`
		`+ # directive and sshd_config contains include directive as shipped in our package`
		`+ %global sysconfig_anaconda /etc/sysconfig/sshd-permitrootlogin`
		`+ test -f %{sysconfig_anaconda} && \`
		`+ test ! -f /etc/ssh/sshd_config.d/01-permitrootlogin.conf && \`
		`+ grep -q '^PERMITROOTLOGIN="-oPermitRootLogin=yes"' %{sysconfig_anaconda} && \`
		`+ grep -q '^Include /etc/ssh/sshd_config.d/\*.conf' /etc/ssh/sshd_config && \`
		`+ echo "PermitRootLogin yes" >> /etc/ssh/sshd_config.d/01-permitrootlogin.conf && \`
		`+ rm %{sysconfig_anaconda} \|\| :`

		`%preun server`
		`%systemd_preun sshd.service sshd.socket`

sshd.service

file modified

+1 -2

		`@@ -6,9 +6,8 @@`

		`[Service]`
		`Type=notify`
		`- EnvironmentFile=-/etc/sysconfig/sshd-permitrootlogin`
		`EnvironmentFile=-/etc/sysconfig/sshd`
		`- ExecStart=/usr/sbin/sshd -D $OPTIONS $PERMITROOTLOGIN`
		`+ ExecStart=/usr/sbin/sshd -D $OPTIONS`
		`ExecReload=/bin/kill -HUP $MAINPID`
		`KillMode=process`
		`Restart=on-failure`

sshd@.service

file modified

+1 -2

		`@@ -5,7 +5,6 @@`
		`After=sshd-keygen.target`

		`[Service]`
		`- EnvironmentFile=-/etc/sysconfig/sshd-permitrootlogin`
		`EnvironmentFile=-/etc/sysconfig/sshd`
		`- ExecStart=-/usr/sbin/sshd -i $OPTIONS $PERMITROOTLOGIN`
		`+ ExecStart=-/usr/sbin/sshd -i $OPTIONS`
		`StandardInput=socket`

no initial comment

tmraz commented on line 35 of openssh.spec 3 years ago

anaconda

tmraz commented on line 39 of openssh.spec 3 years ago

I'd recommend using 50- or something instead of 01- but it means it should be fixed in anaconda as well.

tmraz commented on line 41 of openssh.spec 3 years ago

I would drop this grep. There is no reason to have it as if the user has custom sshd_config adding the permitrootlogin.conf is harmless.

rebased onto 043547f7ba8ba4032595d13504d42dbf0d66a494

3 years ago

rebased onto 0c61ee4

3 years ago

jjelen commented 3 years ago

This landed as dfeecfb

Pull-Request has been closed by jjelen

3 years ago

Metadata

Assignee

None

Tags

No Tags

Flags

Package tests for 0c61ee41: errored

Build completed for 0c61ee41

Changes Summary 3

file changed

file changed

file changed

Powered by Pagure 5.13.3

Documentation • File an Issue • About this Instance • SSH Hostkey/Fingerprint

© Red Hat, Inc. and others.