From e3597c03f1281198449ac70ef90fefe1bafb05f3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Timoth=C3=A9e=20Ravier?= <tim@siosm.fr>
Date: Tue, 14 Mar 2023 17:14:17 +0100
Subject: [PATCH] Make sshd & sshd@ units want ssh-host-keys-migration.service

Enabling the unit via the presets does not enable it on
Silverblue/Kinoite/Sericea & IoT as we don't re-preset all units like
it's done in Fedora CoreOS.

See: https://pagure.io/workstation-ostree-config/pull-request/246

Instead, have the sshd & sshd@ service unit `Wants` the
ssh-host-keys-migration service unit so that it's pulled-in only when
sshd is effectively enabled and in all cases.

See: https://src.fedoraproject.org/rpms/fedora-release/pull-request/253

See: https://bugzilla.redhat.com/show_bug.cgi?id=2172956
See: https://src.fedoraproject.org/rpms/fedora-release/pull-request/252
---
 openssh.spec  | 8 ++++++--
 sshd.service  | 3 +++
 sshd@.service | 3 +++
 3 files changed, 12 insertions(+), 2 deletions(-)

diff --git a/openssh.spec b/openssh.spec
index 56ee91a..e64875d 100644
--- a/openssh.spec
+++ b/openssh.spec
@@ -47,7 +47,7 @@
 
 # Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1
 %global openssh_ver 9.0p1
-%global openssh_rel 13
+%global openssh_rel 14
 %global pam_ssh_agent_ver 0.10.4
 %global pam_ssh_agent_rel 7
 
@@ -595,7 +595,8 @@ install -p -D -m 0644 %{SOURCE19} %{buildroot}%{_sysusersdir}/openssh-server.con
 # Migration service/script for Fedora 38 change to remove group ownership for standard host keys
 # See https://fedoraproject.org/wiki/Changes/SSHKeySignSuidBit
 install -m744 %{SOURCE20} $RPM_BUILD_ROOT/%{_libexecdir}/openssh/ssh-host-keys-migration.sh
-install -m644 %{SOURCE21} $RPM_BUILD_ROOT/%{_unitdir}/ssh-host-keys-migration.service # enabled in 90-default.preset
+# Pulled-in via a `Wants=` in `sshd.service` & `sshd@.service`
+install -m644 %{SOURCE21} $RPM_BUILD_ROOT/%{_unitdir}/ssh-host-keys-migration.service
 install -d $RPM_BUILD_ROOT/%{_localstatedir}/lib
 touch $RPM_BUILD_ROOT/%{_localstatedir}/lib/.ssh-host-keys-migration
 
@@ -748,6 +749,9 @@ test -f %{sysconfig_anaconda} && \
 %endif
 
 %changelog
+* Tue Mar 14 2023 Timothée Ravier <tim@siosm.fr> - 9.0p1-14
+- Make sshd & sshd@ units want ssh-host-keys-migration.service
+
 * Mon Mar 13 2023 Zoltan Fridrich <zfridric@redhat.com> - 9.0p1-13
 - Add sk-dummy subpackage for test purposes (rhbz#2176795)
 
diff --git a/sshd.service b/sshd.service
index e8afb86..0cb2a26 100644
--- a/sshd.service
+++ b/sshd.service
@@ -3,6 +3,9 @@ Description=OpenSSH server daemon
 Documentation=man:sshd(8) man:sshd_config(5)
 After=network.target sshd-keygen.target
 Wants=sshd-keygen.target
+# Migration for Fedora 38 change to remove group ownership for standard host keys
+# See https://fedoraproject.org/wiki/Changes/SSHKeySignSuidBit
+Wants=ssh-host-keys-migration.service
 
 [Service]
 Type=notify
diff --git a/sshd@.service b/sshd@.service
index 196c555..be6d3b9 100644
--- a/sshd@.service
+++ b/sshd@.service
@@ -3,6 +3,9 @@ Description=OpenSSH per-connection server daemon
 Documentation=man:sshd(8) man:sshd_config(5)
 Wants=sshd-keygen.target
 After=sshd-keygen.target
+# Migration for Fedora 38 change to remove group ownership for standard host keys
+# See https://fedoraproject.org/wiki/Changes/SSHKeySignSuidBit
+Wants=ssh-host-keys-migration.service
 
 [Service]
 EnvironmentFile=-/etc/sysconfig/sshd