From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=-0.6 required=5.0 tests=DKIM_ADSP_CUSTOM_MED, DKIM_SIGNED,DKIM_VALID,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,HTML_MESSAGE,MAILING_LIST_MULTI, RCVD_IN_DNSWL_NONE,URIBL_SBL_A autolearn=ham autolearn_force=no version=3.4.4 Received: from tb-ob0.topicbox.com (tb-ob0.topicbox.com [64.147.108.117]) by inbox.vuxu.org (Postfix) with ESMTP id 2461821E7F for ; Wed, 6 Nov 2024 22:40:17 +0100 (CET) Received: from tb-mx0.topicbox.com (tb-mx0.nyi.icgroup.com [10.90.30.73]) by tb-ob0.topicbox.com (Postfix) with ESMTP id 9F8D02F9DB for ; Wed, 6 Nov 2024 16:40:16 -0500 (EST) (envelope-from bounce.mM0693e3de48b55c9690f812e0.r81958daa-7202-11ef-bbf2-18142b2d11b0@illumos.bounce.topicbox.com) Received: by tb-mx0.topicbox.com (Postfix, from userid 1132) id 9BC9F1F977E; Wed, 6 Nov 2024 16:40:16 -0500 (EST) ARC-Authentication-Results: i=2; topicbox.com; arc=pass; dkim=pass (2048-bit rsa key sha256) header.d=gmail.com header.i=@gmail.com header.b=fjQOOBFt header.a=rsa-sha256 header.s=20230601 x-bits=2048; dmarc=pass policy.published-domain-policy=none policy.published-subdomain-policy=quarantine policy.applied-disposition=none policy.evaluated-disposition=none (p=none,sp=quarantine,d=none,d.eval=none) policy.policy-from=p header.from=gmail.com; spf=pass smtp.mailfrom=peter.tribble@gmail.com smtp.helo=mail-oa1-f52.google.com; x-internal-arc=fail (as.1.topicbox.com=pass, ams.1.topicbox.com=fail (message has been altered)) (Message modified while forwarding at Topicbox) ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d= topicbox.com; h=mime-version:references:in-reply-to:from:date :message-id:subject:to:content-type:list-help:list-id:list-post :list-subscribe:reply-to:content-transfer-encoding :list-unsubscribe; s=sysmsg-1; t=1730929216; bh=lbsutrRDKrFV8F8K g9BUe4fDlk692Sp5tUFoZoCFj9I=; b=PQdp3r9oB0T4SSLQX2XUB6bToiSaRKvf 0UaTs5hPutCWtW29oYMANLup4IsJyNnPfP6fQcmADLSvXTcQDMOeGWF2oc7nDdKB sdgAQMOE06rHNg0f8jDzHT/Yxwrc1qRB9dDrVxCec3tDAjL5u/e/rbdW3eKaDIUY rGOjT6WWcfw= ARC-Seal: i=2; a=rsa-sha256; cv=pass; d=topicbox.com; s=sysmsg-1; t= 1730929216; b=t6tbxjtuYnYJQ5++OJZ1sfSPLmtVjp69p0b3ugfuOj1t+beBQb Ae3XPvBA9CVEQXZ1M5re1sLu3bowwSFWKgkCiKcSpXHcIrhYeo6evzzueUcN/FDS TLCuFIj0ssq14eUDMH3JWKJ7yOm0EnpP+DA0N78qYcTUYfRrw2azuIBxA= Authentication-Results: topicbox.com; arc=pass; dkim=pass (2048-bit rsa key sha256) header.d=gmail.com header.i=@gmail.com header.b=fjQOOBFt header.a=rsa-sha256 header.s=20230601 x-bits=2048; dmarc=pass policy.published-domain-policy=none policy.published-subdomain-policy=quarantine policy.applied-disposition=none policy.evaluated-disposition=none (p=none,sp=quarantine,d=none,d.eval=none) policy.policy-from=p header.from=gmail.com; spf=pass smtp.mailfrom=peter.tribble@gmail.com smtp.helo=mail-oa1-f52.google.com; x-internal-arc=fail (as.1.topicbox.com=pass, ams.1.topicbox.com=fail (message has been altered)) (Message modified while forwarding at Topicbox) X-Received-Authentication-Results: tb-mx1.topicbox.com; arc=none (no signatures found); bimi=skipped (DMARC Policy is not at enforcement); dkim=pass (2048-bit rsa key sha256) header.d=gmail.com header.i=@gmail.com header.b=fjQOOBFt header.a=rsa-sha256 header.s=20230601 x-bits=2048; dmarc=pass policy.published-domain-policy=none policy.published-subdomain-policy=quarantine policy.applied-disposition=none policy.evaluated-disposition=none (p=none,sp=quarantine,d=none,d.eval=none) policy.policy-from=p header.from=gmail.com; iprev=pass smtp.remote-ip=209.85.160.52 (mail-oa1-f52.google.com); spf=pass smtp.mailfrom=peter.tribble@gmail.com smtp.helo=mail-oa1-f52.google.com; x-aligned-from=pass (Address match); x-google-dkim=pass (2048-bit rsa key) header.d=1e100.net header.i=@1e100.net header.b=IRDg6pfd; x-me-sender=none; x-ptr=pass smtp.helo=mail-oa1-f52.google.com policy.ptr=mail-oa1-f52.google.com; x-return-mx=pass header.domain=gmail.com policy.is_org=yes (MX Records found: alt3.gmail-smtp-in.l.google.com,alt1.gmail-smtp-in.l.google.com,alt2.gmail-smtp-in.l.google.com,alt4.gmail-smtp-in.l.google.com,gmail-smtp-in.l.google.com); x-return-mx=pass smtp.domain=gmail.com policy.is_org=yes (MX Records found: alt3.gmail-smtp-in.l.google.com,alt1.gmail-smtp-in.l.google.com,alt2.gmail-smtp-in.l.google.com,alt4.gmail-smtp-in.l.google.com,gmail-smtp-in.l.google.com); x-tls=pass smtp.version=TLSv1.2 smtp.cipher=ECDHE-RSA-AES256-GCM-SHA384 smtp.bits=256/256; x-vs=clean score=-51 state=0 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=lists.illumos.org; h= mime-version:references:in-reply-to:from:date:message-id:subject :to:content-type:list-help:list-id:list-post:list-subscribe :reply-to:content-transfer-encoding:list-unsubscribe; s=dkim-1; t=1730929216; x=1731015616; bh=XwAZUsHkCcVjTFzyys8tpkCSick1LnB1 rynzKaan0cA=; b=GypvuM8RhKIzveblnRyy3reSV3DEWohimh62Y2p+DpTr7zwx 6bHS3yYd/7RQ6DEGhgSMwJIbdy6Cm2gRgbOYT25HVq8hCcgP4KH9xMOprXJUV/WV VnvlR/CsaE0ZYSZP2ZjkDcu/4zfSSeaMO1zA6SNo9tUWhw0DGjqMwYPKJ2c= Received: from tb-mx1.topicbox.com (localhost.local [127.0.0.1]) by tb-mx1.topicbox.com (Postfix) with ESMTP id 9BA9418E8D5 for ; Wed, 6 Nov 2024 16:38:13 -0500 (EST) (envelope-from peter.tribble@gmail.com) Received: from tb-mx1.topicbox.com (localhost [127.0.0.1]) by tb-mx1.topicbox.com (Authentication Milter) with ESMTP id BE1254350BF; Wed, 6 Nov 2024 16:38:13 -0500 ARC-Seal: i=1; a=rsa-sha256; cv=none; d=topicbox.com; s=arcseal; t= 1730929093; b=Q8HfLt6huUIIF1ByRu+wBzlujNMbJqRCN4OqXGqThL/CmVWU04 pbs7wtWM4dq1QVoW1l69WjnwpHipVVv0kjYYe2PWyK0Vw9uatdJJaynFqa+CP5qG xD6oGVRBteNJ5lAUFiz0f3VhSF8sVawW11ZA85mxQlylkj7lD7HiPTbLWF03GJJN itB+fXJ8a90j83oNqXZzWjtebe8z6nLBxXpT1pOv2+f+y86ZsjMPdl8CqStHv4k7 6ARYf8oL+kIWsDtDSGrjou7HbEJrr20m0gQqMav9oKZ+bBcfdrvArIBnwVxZnXvR n4uT+bEcv4hA6TQHSNVuXcP1jW2I8d1tszzg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d= topicbox.com; h=mime-version:references:in-reply-to:from:date :message-id:subject:to:content-type; s=arcseal; t=1730929093; bh=gmZ5kQPRmJuI8Wsa7KkrvJLiClptPFN+dUaj/Hi+PPE=; b=OzB0SgMKka1J XAWaUvELYKHuoIv8MjApr/hOl1benOwp8RThEBilTeYVWWq8ahnJpyHKqVtDLzRV Sv0f2T1BMJwA9xYI61r1CNJhK25HuPH7B80K+ydlfXjBnK1ck5v02NJ/4wym69LV yEYPFzVyc+qRSL+uJXbusX4Khugdj2mKcjeVz9+HX6L3yZc25jOfIWIHJ+8LVFRs JOw1KoexxsZ9+CR3hgC8+pIsXKWE1mOVKLSwI7YwHwHVRNJwr2b+xl5GNEZomvBx v3nWcpszNCS1T+STlTroPN9ibuS7Dga1zjyVoBQX/2n++o6A2Kth6r/1stFyhIXa mYMHmNwh2w== ARC-Authentication-Results: i=1; tb-mx1.topicbox.com; arc=none (no signatures found); bimi=skipped (DMARC Policy is not at enforcement); dkim=pass (2048-bit rsa key sha256) header.d=gmail.com header.i=@gmail.com header.b=fjQOOBFt header.a=rsa-sha256 header.s=20230601 x-bits=2048; dmarc=pass policy.published-domain-policy=none policy.published-subdomain-policy=quarantine policy.applied-disposition=none policy.evaluated-disposition=none (p=none,sp=quarantine,d=none,d.eval=none) policy.policy-from=p header.from=gmail.com; iprev=pass smtp.remote-ip=209.85.160.52 (mail-oa1-f52.google.com); spf=pass smtp.mailfrom=peter.tribble@gmail.com smtp.helo=mail-oa1-f52.google.com; x-aligned-from=pass (Address match); x-google-dkim=pass (2048-bit rsa key) header.d=1e100.net header.i=@1e100.net header.b=IRDg6pfd; x-me-sender=none; x-ptr=pass smtp.helo=mail-oa1-f52.google.com policy.ptr=mail-oa1-f52.google.com; x-return-mx=pass header.domain=gmail.com policy.is_org=yes (MX Records found: alt3.gmail-smtp-in.l.google.com,alt1.gmail-smtp-in.l.google.com,alt2.gmail-smtp-in.l.google.com,alt4.gmail-smtp-in.l.google.com,gmail-smtp-in.l.google.com); x-return-mx=pass smtp.domain=gmail.com policy.is_org=yes (MX Records found: alt3.gmail-smtp-in.l.google.com,alt1.gmail-smtp-in.l.google.com,alt2.gmail-smtp-in.l.google.com,alt4.gmail-smtp-in.l.google.com,gmail-smtp-in.l.google.com); x-tls=pass smtp.version=TLSv1.2 smtp.cipher=ECDHE-RSA-AES256-GCM-SHA384 smtp.bits=256/256; x-vs=clean score=-51 state=0 X-ME-VSCause: gggruggvucftvghtrhhoucdtuddrgeefuddrtddvgdduhedtucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdggtfgfnhhsuhgsshgtrhhisggvpdfu rfetoffkrfgpnffqhgenuceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnh htshculddquddttddmnegoufhushhpvggtthffohhmrghinhculdegledmnecujfgurhep gghfjgfhfffkuffvtgesrgdtreertddtjeenucfhrhhomheprfgvthgvrhcuvfhrihgssg hlvgcuoehpvghtvghrrdhtrhhisggslhgvsehgmhgrihhlrdgtohhmqeenucggtffrrght thgvrhhnpefhffejhefggedvudejgfeivddtieffffdtudejfeeluedtveefiefhjefhke etleenucffohhmrghinhepohhmnhhiohhsrdhorhhgpdhpvghtvghrthhrihgssghlvgdr tghordhukhdpsghlohhgshhpohhtrdgtohhmnecukfhppedvtdelrdekhedrudeitddrhe dvnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehinhgvthepvddtledrkeeh rdduiedtrdehvddphhgvlhhopehmrghilhdqohgruddqfhehvddrghhoohhglhgvrdgtoh hmpdhmrghilhhfrhhomhepoehpvghtvghrrdhtrhhisggslhgvsehgmhgrihhlrdgtohhm qedpnhgspghrtghpthhtohepuddprhgtphhtthhopeeouggvvhgvlhhophgvrheslhhish htshdrihhllhhumhhoshdrohhrgheq X-ME-VSScore: -51 X-ME-VSCategory: clean Received-SPF: pass (gmail.com ... _spf.google.com: Sender is authorized to use 'peter.tribble@gmail.com' in 'mfrom' identity (mechanism 'include:_netblocks.google.com' matched)) receiver=tb-mx1.topicbox.com; identity=mailfrom; envelope-from="peter.tribble@gmail.com"; helo=mail-oa1-f52.google.com; client-ip=209.85.160.52 Received: from mail-oa1-f52.google.com (mail-oa1-f52.google.com [209.85.160.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by tb-mx1.topicbox.com (Postfix) with ESMTPS for ; Wed, 6 Nov 2024 16:38:13 -0500 (EST) (envelope-from peter.tribble@gmail.com) Received: by mail-oa1-f52.google.com with SMTP id 586e51a60fabf-290d8d5332cso165073fac.2 for ; Wed, 06 Nov 2024 13:38:12 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1730929092; x=1731533892; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=gmZ5kQPRmJuI8Wsa7KkrvJLiClptPFN+dUaj/Hi+PPE=; b=IRDg6pfdL+8TemiJs8AovE6Mri6elf5Lgsgr8MMs7AavcpHPYIR4mEwEcQsaAsWHEU MJVLm6cynZwKV79eICXMzPFa/GLj6VsMHSEK9NeymWyfcn4+k5yucGm453MGKVKtNHba PM0UfO9RBPCgWnJavZB5HFM6Skt+L31AD1u4X1P6Uq0vdwvnebqY2JHd4hfaMav7hu0z 292eQyeVIxta9B4v7snvpXt4jqOpbTMT1tVT9nRLjE8RaNKUUicSKuH1QkNF6yo2jotV HtfAj39BwWgnyik8ou0oIv5hdhYsh2n9QTC3KCz0mKR/JNwsJsQ0DrL1sEjG8BFPESrH Y2sA== X-Gm-Message-State: AOJu0YwojCQkoyEAp/VMbnFhlMjdrxCQDmSJOiOvC1LqP6xLTG0aXCmC eGPmjGKmmR3ldmEv3CM7iAnjZ0JM97SonlscXroiLG3jEekcXZa6z2Snl5qI9qGT6N8OmQW/2o3 y2wNUg1ZcAYBv3f+Rj54ot3/6jRSkjko2Kplg X-Google-Smtp-Source: AGHT+IEaczhKQrQ4/klfsjSY4QeGpkrrzEJRPq+VEDmvya3+Rx/mNaEn9n0gX5swlvqscjFfC6/0MMyYc+VCOdkL4Qc= X-Received: by 2002:a05:6870:a588:b0:261:1aad:2c03 with SMTP id 586e51a60fabf-2949f07e31fmr13472100fac.43.1730929091951; Wed, 06 Nov 2024 13:38:11 -0800 (PST) MIME-Version: 1.0 References: <44ec143c-27d4-406a-9d10-6335442c4033@gmail.com> In-Reply-To: From: Peter Tribble Date: Wed, 6 Nov 2024 21:38:00 +0000 Message-ID: Subject: Re: [developer] Sshd fails on OS upgrade To: illumos-developer Content-Type: multipart/alternative; boundary=000000000000a8428a0626455593 Topicbox-Policy-Reasoning: allow: sender is a member Topicbox-Message-UUID: 708e6252-9c87-11ef-ad03-d392b33bc9ca Archived-At: =?UTF-8?B?PGh0dHBzOi8vaWxsdW1vcy50b3BpY2JveC5jb20vZ3JvdXBz?= =?UTF-8?B?L2RldmVsb3Blci9UYjAxMTFkOGMyMmIzNzkzOC1NMDY5M2UzZGU0OGI1NWM5?= =?UTF-8?B?NjkwZjgxMmUwPg==?= List-Help: List-Id: "illumos-developer" List-Post: List-Software: Topicbox v0 List-Subscribe: Precedence: list Reply-To: illumos-developer Content-Transfer-Encoding: 7bit List-Unsubscribe: , Topicbox-Delivery-ID: 2:illumos:a901537c-2aea-11e7-965f-d98f9f16e227:81958daa-7202-11ef-bbf2-18142b2d11b0:M0693e3de48b55c9690f812e0:1:6C7o2vp7yJABU3-AvEe7ydv1HfgTb34lKoRrZ5tBy64 --000000000000a8428a0626455593 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On Wed, Nov 6, 2024 at 12:15=E2=80=AFAM Joshua M. Clulow via illumos-develo= per < developer@lists.illumos.org> wrote: > On Tue, 5 Nov 2024 at 12:27, Till Wegm=C3=BCller w= rote: > > This file gets delivered in a working state by the package but as soon > > as you edit it, it will never be touched again by the package system. We > > can only destroy everyones edits by removing preserve=3Dtrue attribute > > from the file or have this situation happen, > > FWIW, there are at least two other options: > > - only deliver new software that is compatible with the existing > configuration file (patch software as needed) > > - deliver an SMF service that "upgrades" the configuration, where > it is mechanically possible to do so, prior to starting the service > > Ultimately this is an OpenIndiana-specific issue, though, as we no > longer deliver SSH in illumos itself. Other distributions are > presumably making different decisions with respect to backwards > compatibility and upgrades, etc. > As those of us who lived through it will remember, the transition from SunSSH to OpenSSH in OmniOS was fun. I remember having to push out a specially fixed sshd_conf that worked (and satisfied our requirements) with the old and new ssh, and then we had to do it again. https://omnios.org/info/sunssh.html In Tribblix, I've traditionally unconditionally overwritten sshd_conf on update, but recently switched over to retaining a modified version. Time will tell whether that causes more problems than it solves. --=20 -Peter Tribble http://www.petertribble.co.uk/ - http://ptribble.blogspot.com/ ------------------------------------------ illumos: illumos-developer Permalink: https://illumos.topicbox.com/groups/developer/Tb0111d8c22b37938-= M0693e3de48b55c9690f812e0 Delivery options: https://illumos.topicbox.com/groups/developer/subscription --000000000000a8428a0626455593 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable


<= div class=3D"gmail_quote">
On Wed, Nov= 6, 2024 at 12:15 AM Joshua M. Clulow via illumos-developer <developer@lists.illumos.org&= gt; wrote:
On = Tue, 5 Nov 2024 at 12:27, Till Wegmüller <toasterson@gmail.com> wrote:
> This file gets delivered in a working state by the package but as soon=
> as you edit it, it will never be touched again by the package system. = We
> can only destroy everyones edits by removing preserve=3Dtrue attribute=
> from the file or have this situation happen,

FWIW, there are at least two other options:

  - only deliver new software that is compatible with the existing
    configuration file (patch software as needed)

  - deliver an SMF service that "upgrades" the configuration= , where
    it is mechanically possible to do so, prior to starting the s= ervice

Ultimately this is an OpenIndiana-specific issue, though, as we no
longer deliver SSH in illumos itself.  Other distributions are
presumably making different decisions with respect to backwards
compatibility and upgrades, etc.

As tho= se of us who lived through it will remember, the transition from SunSSH
to OpenSSH in OmniOS was fun. I remember having to push out a specially f= ixed
sshd_conf that worked (and satisfied our requirements)= with the old and new ssh,
and then we had to do it again.<= br />
https://omnios.o= rg/info/sunssh.html

In Tribblix, I've traditi= onally unconditionally overwritten sshd_conf on update, but
recently s= witched over to retaining a modified version. Time will tell whether that
causes more problems than it solves.
= --000000000000a8428a0626455593--