Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

manifests/fedora-coreos-base: add systemd override for ssh host key migration #2388

Merged
merged 1 commit into from Apr 20, 2023
Merged

manifests/fedora-coreos-base: add systemd override for ssh host key migration #2388

merged 1 commit into from Apr 20, 2023

Conversation

dustymabe
Copy link
Member

@dustymabe dustymabe commented Apr 19, 2023
edited

In this case we'll override the ConditionPathExists from ssh-host-keys-migration.service [1] to force it to run every boot. We want to do this to handle the case where someone could do an upgrade->rollback->upgrade and end up locked out of their system [2].

[1] https://src.fedoraproject.org/rpms/openssh/blob/6f7c765ed4cf0e8eef664fb93b26f4ea2a14d955/f/ssh-host-keys-migration.service
[2] coreos/fedora-coreos-tracker#1473

@dustymabe
manifests/fedora-coreos-base: add systemd override for ssh host key m…
a4956e8 
…igration

In this case we'll override the ConditionPathExists from
ssh-host-keys-migration.service [1] to force it to run every boot.
We want to do this to handle the case where someone could do an
upgrade->rollback->upgrade and end up locked out of their system [2].

[1] https://src.fedoraproject.org/rpms/openssh/blob/6f7c765ed4cf0e8eef664fb93b26f4ea2a14d955/f/ssh-host-keys-migration.service
[2] coreos/fedora-coreos-tracker#1473
@dustymabe dustymabe changed the title manifests/fedora-coreos-base: add systemd override for ssh host key m… manifests/fedora-coreos-base: add systemd override for ssh host key migration Apr 19, 2023
@dustymabe
Copy link
Member Author

ok local tests of this seem promising

@jlebon
Copy link
Member

jlebon commented Apr 20, 2023

Is there a reason we're not doing this via an overlay instead?

@dustymabe
Copy link
Member Author

Is there a reason we're not doing this via an overlay instead?

I started by just adding it to another overlay but I feel like some of this stuff gets lost in those larger overlays. I felt like it had more visibility here.

I think if I were going to move it to an overlay I'd create a new one (i.e. better visibility) and that felt a bit heavyweight for something we are planning to remove soon.

@travier
Copy link
Member

travier commented Apr 20, 2023

Would have preferred an overlay (harder to make mistakes) but ok

jlebon
jlebon approved these changes Apr 20, 2023
View reviewed changes
Copy link
Member

@jlebon jlebon left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same, but not a strong opinion. It doesn't matter too much since it's short-lived. LGTM!

@dustymabe dustymabe merged commit 5e1efae into coreos:testing-devel Apr 20, 2023
2 checks passed
@dustymabe dustymabe deleted the dusty-ssh-key-migration branch April 20, 2023 18:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jlebon jlebon jlebon approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@dustymabe @jlebon @travier