(draft of change request) |
(clean up) |
||
Line 1: | Line 1: | ||
= Change/Obsolete slogin and sshd-keygen | = Change/Obsolete slogin and sshd-keygen = | ||
== Summary == | == Summary == | ||
Line 26: | Line 26: | ||
== Detailed Description == | == Detailed Description == | ||
Slogin symlink to ssh exists for years for compatibility with ancient systems and was recently removed from upstream openssh package. There is no need to hold this symlink. Possible dependent packages need update just in the words of substitution <code>s/slogin/ssh/ | Slogin symlink to ssh exists for years for compatibility with ancient systems and was recently removed from upstream openssh package. There is no need to hold this symlink downstream. Possible dependent packages need update just in the words of substitution <code>s/slogin/ssh/</code>. | ||
Sshd-keygen executable is also years obsolete copy from init scripts and does not make use of systemd features. In F24 new sshd-keygen is used, but for compatibility | Sshd-keygen executable is also years obsolete copy from init scripts and does not make use of any systemd features. In F24 new sshd-keygen is used, but for compatibility reasons (anaconda) the old sshd-keygen is still shipped alongside. Applications/services that needs to make sure that ssh host keys are available, should depend on <code>sshd-keygen.target</code> instead of running sshd-keygen manually. | ||
== Benefit to Fedora == | == Benefit to Fedora == | ||
We will not diverge from upstream and we will lower maintenance time in <code>slogin</code> case. | |||
Using systemd instantiated service adds more flexibility in control of what keys are generated. | Using systemd instantiated service adds more flexibility in control of what keys are generated, instead of troublesome combination of both that was used until Fedora 23. | ||
== Scope == | == Scope == | ||
Line 40: | Line 40: | ||
Remove the symlink from spec file (revert [http://pkgs.fedoraproject.org/cgit/rpms/openssh.git/commit/?id=e762f7265ea47471869b94203a4ded0ad71b9381|slogin commit]) and remove sshd-keygen from dist-git script (revert [http://pkgs.fedoraproject.org/cgit/rpms/openssh.git/commit/?id=0b5300a59c5b88489f9a00f529670fb2723de34e|legacy sshd-keygen commit]). | Remove the symlink from spec file (revert [http://pkgs.fedoraproject.org/cgit/rpms/openssh.git/commit/?id=e762f7265ea47471869b94203a4ded0ad71b9381|slogin commit]) and remove sshd-keygen from dist-git script (revert [http://pkgs.fedoraproject.org/cgit/rpms/openssh.git/commit/?id=0b5300a59c5b88489f9a00f529670fb2723de34e|legacy sshd-keygen commit]). | ||
Package maintainers (anaconda) depending on these files in system should follow | Package maintainers (anaconda) depending on these files in system should follow description above how to work without <code>sshd-keygen</code>. | ||
* Other developers: N/A (not a System Wide Change) <!-- REQUIRED FOR SYSTEM WIDE CHANGES --> | * Other developers: N/A (not a System Wide Change) <!-- REQUIRED FOR SYSTEM WIDE CHANGES --> | ||
Line 62: | Line 62: | ||
== How To Test == | == How To Test == | ||
Check for existence of files | Check for existence of files <code>/usr/bin/slogin</code> and <code>/usr/sbin/sshd-keygen</code> on your system. They should not be there. | ||
1. Open terminal (if not open yet) | 1. Open terminal (if not open yet) | ||
Line 69: | Line 69: | ||
<pre> | <pre> | ||
rpm -q openssh-clients openssh-server | rpm -q openssh-clients openssh-server | ||
openssh-clients-7. | openssh-clients-7.*.fc25.x86_64 | ||
openssh-server-7. | openssh-server-7.*.fc25.x86_64 | ||
</pre> | </pre> | ||
3. Check if you have the files in your system: | 3. Check if you have the files in your system: | ||
Line 107: | Line 107: | ||
* Missed release notes from openssh upstream: http://lists.mindrot.org/pipermail/openssh-unix-dev/2016-March/034933.html | * Missed release notes from openssh upstream: http://lists.mindrot.org/pipermail/openssh-unix-dev/2016-March/034933.html | ||
* sshd-keygen "discussion" bug: https://bugzilla.redhat.com/show_bug.cgi?id=1331077 | * sshd-keygen "discussion" bug about moving to systemd: https://bugzilla.redhat.com/show_bug.cgi?id=1331077 | ||
* anaconda | * anaconda bug: https://bugzilla.redhat.com/show_bug.cgi?id=1331753 | ||
<!-- REQUIRED FOR SYSTEM WIDE CHANGES --> | <!-- REQUIRED FOR SYSTEM WIDE CHANGES --> |
Revision as of 07:42, 12 July 2016
Change/Obsolete slogin and sshd-keygen
Summary
slogin
is symlink to ssh
, recently removed by upstream. sshd-keygen
is old init script which needed replacement. They are not needed anymore.
Owner
- Name: Jakub Jelen
- Email: jjelen@redhat.com
- Release notes owner:
Current status
- Targeted release: Fedora 25
- Last updated: 2016-07-12
- Tracker bug: <will be assigned by the Wrangler>
Detailed Description
Slogin symlink to ssh exists for years for compatibility with ancient systems and was recently removed from upstream openssh package. There is no need to hold this symlink downstream. Possible dependent packages need update just in the words of substitution s/slogin/ssh/
.
Sshd-keygen executable is also years obsolete copy from init scripts and does not make use of any systemd features. In F24 new sshd-keygen is used, but for compatibility reasons (anaconda) the old sshd-keygen is still shipped alongside. Applications/services that needs to make sure that ssh host keys are available, should depend on sshd-keygen.target
instead of running sshd-keygen manually.
Benefit to Fedora
We will not diverge from upstream and we will lower maintenance time in slogin
case.
Using systemd instantiated service adds more flexibility in control of what keys are generated, instead of troublesome combination of both that was used until Fedora 23.
Scope
- Proposal owners:
Remove the symlink from spec file (revert commit) and remove sshd-keygen from dist-git script (revert sshd-keygen commit).
Package maintainers (anaconda) depending on these files in system should follow description above how to work without sshd-keygen
.
- Other developers: N/A (not a System Wide Change)
- Release engineering: N/A (not a System Wide Change)
- List of deliverables: N/A (not a System Wide Change)
- Policies and guidelines: N/A (not a System Wide Change)
- Trademark approval: N/A (not needed for this Change)
Upgrade/compatibility impact
N/A (not a System Wide Change)
How To Test
Check for existence of files /usr/bin/slogin
and /usr/sbin/sshd-keygen
on your system. They should not be there.
1. Open terminal (if not open yet)
2. Make sure you have installed openssh-clients
and openssh-server
packages:
rpm -q openssh-clients openssh-server openssh-clients-7.*.fc25.x86_64 openssh-server-7.*.fc25.x86_64
3. Check if you have the files in your system:
ls /usr/bin/slogin /usr/sbin/sshd-keygen ls: cannot access /usr/bin/slogin: No such file or directory ls: cannot access /usr/sbin/sshd-keygen: No such file or directory
4. The files are not there
N/A (not a System Wide Change)
User Experience
N/A (not a System Wide Change)
Dependencies
N/A (not a System Wide Change)
Contingency Plan
- Contingency mechanism: (What to do? Who will do it?) N/A (not a System Wide Change)
- Contingency deadline: N/A (not a System Wide Change)
- Blocks release? N/A (not a System Wide Change), Yes/No
Documentation
- Missed release notes from openssh upstream: http://lists.mindrot.org/pipermail/openssh-unix-dev/2016-March/034933.html
- sshd-keygen "discussion" bug about moving to systemd: https://bugzilla.redhat.com/show_bug.cgi?id=1331077
- anaconda bug: https://bugzilla.redhat.com/show_bug.cgi?id=1331753
N/A (not a System Wide Change)