From dfeecfb1e8ec0712cfb999757848dd4abb066bf0 Mon Sep 17 00:00:00 2001 From: Jakub Jelen Date: Mon, 8 Jun 2020 21:47:34 +0200 Subject: [PATCH] Drop loading of anaconda configuration from sysconfig including scriptlet to migrate to include drop-in directory --- openssh.spec | 11 +++++++++++ sshd.service | 3 +-- sshd@.service | 3 +-- 3 files changed, 13 insertions(+), 4 deletions(-) diff --git a/openssh.spec b/openssh.spec index 840542a..8305940 100644 --- a/openssh.spec +++ b/openssh.spec @@ -612,6 +612,17 @@ getent passwd sshd >/dev/null || \ %post server %systemd_post sshd.service sshd.socket +# Migration scriptlet for Fedora 31 and 32 installations to sshd_config +# drop-in directory (in F32+). +# Do this only if the file generated by anaconda exists, contains our config +# directive and sshd_config contains include directive as shipped in our package +%global sysconfig_anaconda /etc/sysconfig/sshd-permitrootlogin +test -f %{sysconfig_anaconda} && \ + test ! -f /etc/ssh/sshd_config.d/01-permitrootlogin.conf && \ + grep -q '^PERMITROOTLOGIN="-oPermitRootLogin=yes"' %{sysconfig_anaconda} && \ + grep -q '^Include /etc/ssh/sshd_config.d/\*.conf' /etc/ssh/sshd_config && \ + echo "PermitRootLogin yes" >> /etc/ssh/sshd_config.d/25-permitrootlogin.conf && \ + rm %{sysconfig_anaconda} || : %preun server %systemd_preun sshd.service sshd.socket diff --git a/sshd.service b/sshd.service index 336025b..e8afb86 100644 --- a/sshd.service +++ b/sshd.service @@ -6,9 +6,8 @@ Wants=sshd-keygen.target [Service] Type=notify -EnvironmentFile=-/etc/sysconfig/sshd-permitrootlogin EnvironmentFile=-/etc/sysconfig/sshd -ExecStart=/usr/sbin/sshd -D $OPTIONS $PERMITROOTLOGIN +ExecStart=/usr/sbin/sshd -D $OPTIONS ExecReload=/bin/kill -HUP $MAINPID KillMode=process Restart=on-failure diff --git a/sshd@.service b/sshd@.service index 4a51b7b..196c555 100644 --- a/sshd@.service +++ b/sshd@.service @@ -5,7 +5,6 @@ Wants=sshd-keygen.target After=sshd-keygen.target [Service] -EnvironmentFile=-/etc/sysconfig/sshd-permitrootlogin EnvironmentFile=-/etc/sysconfig/sshd -ExecStart=-/usr/sbin/sshd -i $OPTIONS $PERMITROOTLOGIN +ExecStart=-/usr/sbin/sshd -i $OPTIONS StandardInput=socket