spec file: do not create /etc/ssh/ssh_config.orig if unchanged

The upgrade removes the line HostKeyAlgorithms ssh-rsa,ssh-dss if present in /etc/ssh/ssh_config and creates a backup in /etc/ssh/ssh_config.orig, even if no change was applied. Create the backup file only if the file was changed. Fixes: https://pagure.io/freeipa/issue/9610 Signed-off-by: Florence Blanc-Renaud <flo@redhat.com> Reviewed-By: Michal Polovka <mpolovka@redhat.com>
2025-02-25 18:55:28 -06:00 · 2024-06-19 15:38:36 +02:00 · 2024-06-19 15:38:36 +02:00 · 09e66dc936
commit 09e66dc936
parent 9de053ef02
1 changed files with 3 additions and 1 deletions
--- a/freeipa.spec.in
+++ b/freeipa.spec.in
@ -1320,7 +1320,9 @@ if [ $1 -gt 1 ] ; then
        chmod 0600 /var/log/ipaupgrade.log
        SSH_CLIENT_SYSTEM_CONF="/etc/ssh/ssh_config"
        if [ -f "$SSH_CLIENT_SYSTEM_CONF" ]; then
+            if grep -E -q '^HostKeyAlgorithms ssh-rsa,ssh-dss' $SSH_CLIENT_SYSTEM_CONF 2>/dev/null; then
                sed -E --in-place=.orig 's/^(HostKeyAlgorithms ssh-rsa,ssh-dss)$/# disabled by ipa-client update\n# \1/' "$SSH_CLIENT_SYSTEM_CONF"
+            fi
            # https://pagure.io/freeipa/issue/9536
            # replace sss_ssh_knownhostsproxy with sss_ssh_knownhosts
            if [ -f '/usr/bin/sss_ssh_knownhosts' ]; then