On Tue, 8 Oct 2024 22:25:54 -0700 Josh Triplett <j...@joshtriplett.org> wrote: > On Tue, 08 Oct 2024 22:00:34 +0100 Luca Boccassi <bl...@debian.org> wrote: > > On Sat, 31 Aug 2024 04:32:30 +0200 Christoph Anton Mitterer > > <cales...@scientia.org> wrote: > > > Package: systemd > > > Version: 256.5-1 > > > Severity: important > > > > > > > > > Hey. > > > > > > I think since version 256 there's systemd-ssh-generator and friends > > including > > > /etc/ssh/ssh_config.d/20-systemd-ssh-proxy.conf which is a non- > > conffile that > > > is a symlink to: > > > /usr/lib/systemd/ssh_config.d/20-systemd-ssh-proxy.conf > > > > > > as such, it cannot be modified by the user or removed, as it will be > > re-installed > > > on upgrade (and there even overwriting any manually created > > > 20-systemd-ssh-proxy.conf that is not a symlinks). > > > > > > I don't think this should happen, and wouldn't be too surprised if it > > was a policy > > > violation (though too lazy to check ^^). > > > > It is most certainly not. This is necessary to ensure ssh via > > vsock/afunix works out of the box. You can set up a local dpkg > > diversion if you want to. > > /etc is owned by the sysadmin. It's absolutely reasonable for systemd to > install this configuration file by default, but if the sysadmin removes > it (perhaps because for some reason they don't want to allow SSH access > over vsock or unix sockets), that's a configuration change that > shouldn't be overwritten. dpkg-divert is for modifications to things > that *aren't* configuration files, like files in /usr; it should never > be required for files in /etc.
It's just a symlink in /etc, you can divert the original in /usr so that it points to an empty file. In the end, if openssh supported the usual /etc/ -> /usr/ pattern for config, this would be handled neatly, so if you care about this use case please try and spend time to implement such support in openssh.
