On Tue, 08 Oct 2024 22:00:34 +0100 Luca Boccassi <bl...@debian.org> wrote: > On Sat, 31 Aug 2024 04:32:30 +0200 Christoph Anton Mitterer > <cales...@scientia.org> wrote: > > Package: systemd > > Version: 256.5-1 > > Severity: important > > > > > > Hey. > > > > I think since version 256 there's systemd-ssh-generator and friends > including > > /etc/ssh/ssh_config.d/20-systemd-ssh-proxy.conf which is a non- > conffile that > > is a symlink to: > > /usr/lib/systemd/ssh_config.d/20-systemd-ssh-proxy.conf > > > > as such, it cannot be modified by the user or removed, as it will be > re-installed > > on upgrade (and there even overwriting any manually created > > 20-systemd-ssh-proxy.conf that is not a symlinks). > > > > I don't think this should happen, and wouldn't be too surprised if it > was a policy > > violation (though too lazy to check ^^). > > It is most certainly not. This is necessary to ensure ssh via > vsock/afunix works out of the box. You can set up a local dpkg > diversion if you want to.
/etc is owned by the sysadmin. It's absolutely reasonable for systemd to install this configuration file by default, but if the sysadmin removes it (perhaps because for some reason they don't want to allow SSH access over vsock or unix sockets), that's a configuration change that shouldn't be overwritten. dpkg-divert is for modifications to things that *aren't* configuration files, like files in /usr; it should never be required for files in /etc. This could be trivially fixed by marking the file as a conffile, so that when the user removes it that change will be preserved, and so that if the user modifies it they'll get prompted if the upstream version changes.
