On Friday 2021-06-11 17:30, Michael Ströder wrote:
That's the problem with %config files and RPM: depending on who made a change, it could be that our services get's broken or insecure. That's why you should always look for *.rpmsave and *.rpmnew files after an update...
On all my systems (three dozens) I'm maintaining sshd_config with ansible which uses SSH.
The update leaves a non-functional sshd on my test systems:
1. /etc/ssh/sshd_config does not exist 2. /etc/ssh/ssh_config.d/ is empty 3. /usr/etc/ssh/sshd_config contains no authentication information usable on my systems (e.g. specific AuthorizedKeysFile, TrustedUserCAKeys).
So the result of this update is a real hen-and-egg issue involving much manual action. :-(
If it hadn't been tagged %config in the first place, it wouldn't have been moved. Curses to this rpm logic to track what should perhaps not have been tracked.