Comments (6)
jaymzh
commented on August 28, 2024
I can't see any reason to remove /usr/libexec/* at all from openssh, openssh-clients, and openssh-server.... we should nuke all of those.
Also, why do we remove /usr/bin/ssh-* - that's a terrible idea as well.
from lorax.
bcl
commented on August 28, 2024
I think this is the same as https://bugzilla.redhat.com/show_bug.cgi?id=1331753
from lorax.
jaymzh
commented on August 28, 2024
@bcl that bug seems backwards. Why should anaconda be stripping stuff out of the openssh package?
from lorax.
jaymzh
commented on August 28, 2024
(I'm not asking to be sarcastic... I was gonna send a PR to nuke those lines, but clearly there's a goal/motivation here I don't understand, so I'm trying to understand it).
from lorax.
Jakuje
commented on August 28, 2024
At the moment, I see that you are removing a lot of files files using this file (probably to save some space):
$ rpm -ql openssh | grep /etc/ssh
/etc/ssh
/etc/ssh/moduli
$ rpm -ql openssh | grep libexec
/usr/libexec/openssh
/usr/libexec/openssh/ssh-keysign
$ rpm -ql openssh-client | grep /usr/bin/ssh-
/usr/bin/ssh-add
/usr/bin/ssh-agent
/usr/bin/ssh-copy-id
/usr/bin/ssh-keyscan
$ rpm -ql openssh-client | grep /usr/bin/slogin
/usr/bin/slogin
$ rpm -ql openssh-clients | grep libexec
/usr/libexec/openssh/ssh-pkcs11-helper
$ rpm -ql openssh-clients | grep /etc/ssh
/etc/ssh/ssh_config
/etc/ssh/ssh_config.d
/etc/ssh/ssh_config.d/05-redhat.conf
$ rpm -ql openssh-server | grep libexec
/usr/libexec/openssh/sftp-server
/usr/libexec/openssh/sshd-keygen
$ rpm -ql openssh-server | grep /etc/ssh
/etc/ssh/sshd_config
Basically only sshd-keygen and sshd_config are crucial to start sshd with default configuration. Removing moduli is also not a good idea (falling back to the default list of hardcoded primes).
slogin is also gone in F25 so there is no need to remove it now.
I am also not satisfied with overwriting the default configuration files with your own. You enable ChallengeResponseAuthentication which is disabled in our shipped configuration. Also we plan to use the configuration files for System-wide Crypto Policy, which would get overwritten by your scripts.
As a minimal solution, I would recommend not to remove /usr/libexec/openssh/sshd-keygen (remove /usr/libexec/openssh/sftp-server if you wish) to resolve this issue. Further, we could see what would be other useful files and why wouldn't you need them.
from lorax.
Jakuje
commented on August 28, 2024
See the pull request #160
from lorax.
Related Issues (20)
- aarch64 --virt-uefi isn't working HOT 3
- Keep /usr/share/pixmaps/fedora-logo-sprite.svg in fedora boot.iso HOT 2
- Move packages needed by anaconda out of the template and into anaconda-install-env-deps HOT 1
- treebuilder findkernels() only finds kernels in /boot HOT 2
- The live ISO images generated by livemedia-creator are unbootable if the squashed root filesystem is over 4GB HOT 2
- Installer image build with dnf5 fails if package is present in more than one repo: `Duplicate packages found in _pkgver request`
- [Guide + Question] Using livemedia-creator to create an ISO in Github Actions HOT 4
- RFE: support a feature to read external file for templating HOT 7
- Lorax installpkg no longer uses Provides HOT 1
- aarch64: The rootfs ran out of space with size=2 HOT 1
- Issues with Creating ISOs with Lorax inside a privileged Docker Container HOT 3
- Failed to import the GPG key on f39 HOT 7
- Problem zeroing free blocks on livemedia-creator RHEL/CentOS 8 HOT 2
- mkksiso isn't working with DVD isos HOT 2
- Kernel Panic with rhel 9 HOT 1
- Unable to disable mediacheck / rd.live.check HOT 2
- iso-graft wrong dir workdir vs. outroot HOT 8
- src//ltmpl.py
- mkksiso doesn't support EUFI entries HOT 2
- does livemedia-creator only create live ISOs? HOT 11
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from lorax.