tools/gen-ssh: upgrade openssh before generating key

openssl gets installed as a dependency of the osbuild-composer-tests but it might not update openssh at the same time, which can cause a version mismatch when running ssh-keygen: OpenSSL version mismatch. Built against 30000000, you have 30200010 This is currently happening in CentOS Stream 9 so let's make sure openssh is up to date before running ssh-keygen.
osbuild · May 23, 2024 · 7551bb8 · 7551bb8
1 parent d9f510d
commit 7551bb8
Showing 1 changed file with 9 additions and 0 deletions.
diff --git a/tools/gen-ssh.sh b/tools/gen-ssh.sh
@@ -3,6 +3,15 @@
 # Create SSH key
 SSH_DATA_DIR="$(mktemp -d)"
 SSH_KEY=${SSH_DATA_DIR}/id_rsa
+
+# openssl gets installed as a dependency of the osbuild-composer-tests but it
+# might not update openssh at the same time, which can cause a version mismatch
+# when running ssh-keygen:
+#
+#   OpenSSL version mismatch. Built against 30000000, you have 30200010
+#
+# Make sure openssh is up to date before running ssh-keygen
+sudo dnf -y upgrade openssh > /dev/null
 ssh-keygen -f "${SSH_KEY}" -N "" -q -t rsa-sha2-256 -b 2048
 
 # Change cloud-init/user-data ssh key