Make sshd & sshd@ units want ssh-host-keys-migration.service

Enabling the unit via the presets does not enable it on Silverblue/Kinoite/Sericea & IoT as we don't re-preset all units like it's done in Fedora CoreOS. See: https://pagure.io/workstation-ostree-config/pull-request/246 Instead, have the sshd & sshd@ service unit `Wants` the ssh-host-keys-migration service unit so that it's pulled-in only when sshd is effectively enabled and in all cases. See: https://src.fedoraproject.org/rpms/fedora-release/pull-request/253 See: https://bugzilla.redhat.com/show_bug.cgi?id=2172956 See: https://src.fedoraproject.org/rpms/fedora-release/pull-request/252
2023-03-14 17:14:17 +01:00 · 2023-03-14 17:14:17 +01:00 · e3597c03f1
commit e3597c03f1
parent 3a98e6f607
3 changed files with 12 additions and 2 deletions
--- a/openssh.spec
+++ b/openssh.spec
@ -47,7 +47,7 @@

 # Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1
 %global openssh_ver 9.0p1
-%global openssh_rel 13
+%global openssh_rel 14
 %global pam_ssh_agent_ver 0.10.4
 %global pam_ssh_agent_rel 7

@ -595,7 +595,8 @@ install -p -D -m 0644 %{SOURCE19} %{buildroot}%{_sysusersdir}/openssh-server.con
 # Migration service/script for Fedora 38 change to remove group ownership for standard host keys
 # See https://fedoraproject.org/wiki/Changes/SSHKeySignSuidBit
 install -m744 %{SOURCE20} $RPM_BUILD_ROOT/%{_libexecdir}/openssh/ssh-host-keys-migration.sh
-install -m644 %{SOURCE21} $RPM_BUILD_ROOT/%{_unitdir}/ssh-host-keys-migration.service # enabled in 90-default.preset
+# Pulled-in via a `Wants=` in `sshd.service` & `sshd@.service`
+install -m644 %{SOURCE21} $RPM_BUILD_ROOT/%{_unitdir}/ssh-host-keys-migration.service
 install -d $RPM_BUILD_ROOT/%{_localstatedir}/lib
 touch $RPM_BUILD_ROOT/%{_localstatedir}/lib/.ssh-host-keys-migration

@ -748,6 +749,9 @@ test -f %{sysconfig_anaconda} && \
 %endif

 %changelog
+* Tue Mar 14 2023 Timothée Ravier <tim@siosm.fr> - 9.0p1-14
+- Make sshd & sshd@ units want ssh-host-keys-migration.service
+
 * Mon Mar 13 2023 Zoltan Fridrich <zfridric@redhat.com> - 9.0p1-13
 - Add sk-dummy subpackage for test purposes (rhbz#2176795)

--- a/sshd.service
+++ b/sshd.service
@ -3,6 +3,9 @@ Description=OpenSSH server daemon
 Documentation=man:sshd(8) man:sshd_config(5)
 After=network.target sshd-keygen.target
 Wants=sshd-keygen.target
+# Migration for Fedora 38 change to remove group ownership for standard host keys
+# See https://fedoraproject.org/wiki/Changes/SSHKeySignSuidBit
+Wants=ssh-host-keys-migration.service

 [Service]
 Type=notify
--- a/sshd@.service
+++ b/sshd@.service
@ -3,6 +3,9 @@ Description=OpenSSH per-connection server daemon
 Documentation=man:sshd(8) man:sshd_config(5)
 Wants=sshd-keygen.target
 After=sshd-keygen.target
+# Migration for Fedora 38 change to remove group ownership for standard host keys
+# See https://fedoraproject.org/wiki/Changes/SSHKeySignSuidBit
+Wants=ssh-host-keys-migration.service

 [Service]
 EnvironmentFile=-/etc/sysconfig/sshd