[branched] overrides: fast-track systemd-256.5-1.fc41 #3116
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
systemd v256 added a new userdb functionality where SSH authorized keys can be part of a User Record. To make this transparently work with sshd authentication, an sshd config dropin that sets an `AuthorizedKeysCommand` directive was added. Unfortunately, it was added with a higher priority than intended, which meant that it overrode the `AuthorizedKeysCommand` directive from `ssh-key-dir`, which is how our `~/.ssh/authorized_keys.d/` magic works today with Ignition and Afterburn. So the end result is that this broke SSH which of course broke kola too. This is tracked in upstream systemd at: systemd/systemd#33648 The dropin was recently reverted in Fedora: https://src.fedoraproject.org/rpms/systemd/c/38291e13c1dec15618b7d09e4217d10076897cdf?branch=f41 Fast-track the latest f41 systemd build with that change. We'll need to keep an eye on the conversation there to make sure that the final solution doesn't re-break FCOS, but we would notice it pretty quickly too. Closes: coreos/fedora-coreos-tracker#1775
jlebon
force-pushed
the
pr/systemd-drop-branched
branch
from
d809b73 to
8faac0e
Compare
jlebon
changed the title
travier
approved these changes
Aug 22, 2024
|
Let's merge this one first and then I'll rebase #3109 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
systemd v256 added a new userdb functionality where SSH authorized
keys can be part of a User Record. To make this transparently
work with sshd authentication, an sshd config dropin that sets an
AuthorizedKeysCommanddirective was added.Unfortunately, it was added with a higher priority than intended,
which meant that it overrode the
AuthorizedKeysCommanddirective fromssh-key-dir, which is how our~/.ssh/authorized_keys.d/magic workstoday with Ignition and Afterburn. So the end result is that this broke
SSH which of course broke kola too.
This is tracked in upstream systemd at:
systemd/systemd#33648
The dropin was recently reverted in Fedora:
https://src.fedoraproject.org/rpms/systemd/c/38291e13c1dec15618b7d09e4217d10076897cdf?branch=f41
Fast-track the latest f41 systemd build with that change.
We'll need to keep an eye on the conversation there to make sure that
the final solution doesn't re-break FCOS, but we would notice it pretty
quickly too.
Closes: coreos/fedora-coreos-tracker#1775