From 245a2587e095a08a61af4e48f7daa57dee3629e6 Mon Sep 17 00:00:00 2001 From: Zbigniew Jędrzejewski-Szmek Date: Dec 08 2023 17:17:39 +0000 Subject: Add /etc/ssh/sshd_config.d to the file list This is a bit of a mess: sshd can only load configuration from /etc/ssh/sshd_config.d, and that directory is declared as non-world-readable. This is in violation of the packaging guidelines which say that packaged files must be world-readable, and also makes very little sense, since those files are part of the package payload. If we create the directory with different permissions, and list it in %files, installation will fail. If we don't list it in %files, and the user doesn't have openssh-server installed, they will have an unowned directory. Another option would be to depend on owner of this directory, i.e. openssh-server, but we don't want to have that dependency. So let's copy the %files line from openssh-server and figure out what to do if it changes in openssh-server again. --- diff --git a/split-files.py b/split-files.py index a025062..4f939ec 100644 --- a/split-files.py +++ b/split-files.py @@ -8,6 +8,7 @@ known_files = ''' %ghost %attr(0444,root,root) /etc/udev/hwdb.bin /etc/inittab /usr/lib/systemd/purge-nobody-user +%dir %attr(0700,root,root) /etc/ssh/sshd_config.d %ghost %config(noreplace) /etc/vconsole.conf %ghost %config(noreplace) /etc/X11/xorg.conf.d/00-keyboard.conf %ghost %attr(0664,root,root) %verify(not group) /run/utmp