jonathan/openssh
1
0
Fork 0
forked from rpms/openssh
Code Pull Requests Activity

Make sshd & sshd@ units want ssh-host-keys-migration.service

Browse Source 
Enabling the unit via the presets does not enable it on
Silverblue/Kinoite/Sericea & IoT as we don't re-preset all units like
it's done in Fedora CoreOS.

See: https://pagure.io/workstation-ostree-config/pull-request/246

Instead, have the sshd & sshd@ service unit `Wants` the
ssh-host-keys-migration service unit so that it's pulled-in only when
sshd is effectively enabled and in all cases.

See: https://src.fedoraproject.org/rpms/fedora-release/pull-request/253

See: https://bugzilla.redhat.com/show_bug.cgi?id=2172956
See: https://src.fedoraproject.org/rpms/fedora-release/pull-request/252
This commit is contained in:
Timothée Ravier 2023-03-14 17:14:17 +01:00
parent 3a98e6f607
commit e3597c03f1
3 changed files with 12 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
openssh.spec
View File

@ -47,7 +47,7 @@
# Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1 # Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1
%global openssh_ver 9.0p1 %global openssh_ver 9.0p1
%global openssh_rel 13 %global openssh_rel 14
%global pam_ssh_agent_ver 0.10.4 %global pam_ssh_agent_ver 0.10.4
%global pam_ssh_agent_rel 7 %global pam_ssh_agent_rel 7
@ -595,7 +595,8 @@ install -p -D -m 0644 %{SOURCE19} %{buildroot}%{_sysusersdir}/openssh-server.con
# Migration service/script for Fedora 38 change to remove group ownership for standard host keys # Migration service/script for Fedora 38 change to remove group ownership for standard host keys
# See https://fedoraproject.org/wiki/Changes/SSHKeySignSuidBit # See https://fedoraproject.org/wiki/Changes/SSHKeySignSuidBit
install -m744 %{SOURCE20} $RPM_BUILD_ROOT/%{_libexecdir}/openssh/ssh-host-keys-migration.sh install -m744 %{SOURCE20} $RPM_BUILD_ROOT/%{_libexecdir}/openssh/ssh-host-keys-migration.sh
install -m644 %{SOURCE21} $RPM_BUILD_ROOT/%{_unitdir}/ssh-host-keys-migration.service # enabled in 90-default.preset # Pulled-in via a `Wants=` in `sshd.service` & `sshd@.service`
install -m644 %{SOURCE21} $RPM_BUILD_ROOT/%{_unitdir}/ssh-host-keys-migration.service
install -d $RPM_BUILD_ROOT/%{_localstatedir}/lib install -d $RPM_BUILD_ROOT/%{_localstatedir}/lib
touch $RPM_BUILD_ROOT/%{_localstatedir}/lib/.ssh-host-keys-migration touch $RPM_BUILD_ROOT/%{_localstatedir}/lib/.ssh-host-keys-migration
@ -748,6 +749,9 @@ test -f %{sysconfig_anaconda} && \
%endif %endif
%changelog %changelog
* Tue Mar 14 2023 Timothée Ravier <tim@siosm.fr> - 9.0p1-14
- Make sshd & sshd@ units want ssh-host-keys-migration.service
* Mon Mar 13 2023 Zoltan Fridrich <zfridric@redhat.com> - 9.0p1-13 * Mon Mar 13 2023 Zoltan Fridrich <zfridric@redhat.com> - 9.0p1-13
- Add sk-dummy subpackage for test purposes (rhbz#2176795) - Add sk-dummy subpackage for test purposes (rhbz#2176795)

3
sshd.service
View File

@ -3,6 +3,9 @@ Description=OpenSSH server daemon
Documentation=man:sshd(8) man:sshd_config(5) Documentation=man:sshd(8) man:sshd_config(5)
After=network.target sshd-keygen.target After=network.target sshd-keygen.target
Wants=sshd-keygen.target Wants=sshd-keygen.target
# Migration for Fedora 38 change to remove group ownership for standard host keys
# See https://fedoraproject.org/wiki/Changes/SSHKeySignSuidBit
Wants=ssh-host-keys-migration.service
[Service] [Service]
Type=notify Type=notify

3
sshd@.service
View File

@ -3,6 +3,9 @@ Description=OpenSSH per-connection server daemon
Documentation=man:sshd(8) man:sshd_config(5) Documentation=man:sshd(8) man:sshd_config(5)
Wants=sshd-keygen.target Wants=sshd-keygen.target
After=sshd-keygen.target After=sshd-keygen.target
# Migration for Fedora 38 change to remove group ownership for standard host keys
# See https://fedoraproject.org/wiki/Changes/SSHKeySignSuidBit
Wants=ssh-host-keys-migration.service
[Service] [Service]
EnvironmentFile=-/etc/sysconfig/sshd EnvironmentFile=-/etc/sysconfig/sshd