From nobody Thu Oct 19 21:26:18 2023 X-Original-To: stable@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4SBLPh2lfsz4xtL5 for ; Thu, 19 Oct 2023 21:26:32 +0000 (UTC) (envelope-from junchoon@dec.sakura.ne.jp) Received: from www121.sakura.ne.jp (www121.sakura.ne.jp [153.125.133.21]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4SBLPf5Qn8z4NF9 for ; Thu, 19 Oct 2023 21:26:30 +0000 (UTC) (envelope-from junchoon@dec.sakura.ne.jp) Authentication-Results: mx1.freebsd.org; dkim=none; spf=none (mx1.freebsd.org: domain of junchoon@dec.sakura.ne.jp has no SPF policy when checking 153.125.133.21) smtp.mailfrom=junchoon@dec.sakura.ne.jp; dmarc=none Received: from kalamity.joker.local (123-1-80-101.area1b.commufa.jp [123.1.80.101]) (authenticated bits=0) by www121.sakura.ne.jp (8.16.1/8.16.1/[SAKURA-WEB]/20201212) with ESMTPA id 39JLQJZD032695 for ; Fri, 20 Oct 2023 06:26:19 +0900 (JST) (envelope-from junchoon@dec.sakura.ne.jp) Date: Fri, 20 Oct 2023 06:26:18 +0900 From: Tomoaki AOKI To: stable@freebsd.org Subject: Re: FreeBSD Errata Notice FreeBSD-EN-23:09.freebsd-update [REVISED] Message-Id: <20231020062618.9618dcfd42b083720d5dbd12@dec.sakura.ne.jp> In-Reply-To: References: <20231003230335.0B92113333@freefall.freebsd.org> <765ea31d-8f07-4916-b6fd-ba220dec80dc@inoc.net> Organization: Junchoon corps X-Mailer: Sylpheed 3.7.0 (GTK+ 2.24.33; amd64-portbld-freebsd14.0) List-Id: Production branch of FreeBSD source code List-Archive: https://lists.freebsd.org/archives/freebsd-stable List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-stable@freebsd.org X-BeenThere: freebsd-stable@freebsd.org Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Spamd-Bar: - X-Spamd-Result: default: False [-1.50 / 15.00]; AUTH_NA(1.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; NEURAL_HAM_SHORT(-1.00)[-0.996]; MV_CASE(0.50)[]; MIME_GOOD(-0.10)[text/plain]; ONCE_RECEIVED(0.10)[]; PREVIOUSLY_DELIVERED(0.00)[stable@freebsd.org]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; TO_MATCH_ENVRCPT_ALL(0.00)[]; DMARC_NA(0.00)[sakura.ne.jp]; BLOCKLISTDE_FAIL(0.00)[123.1.80.101:server fail,153.125.133.21:server fail]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_COUNT_ONE(0.00)[1]; HAS_ORG_HEADER(0.00)[]; TO_DN_NONE(0.00)[]; R_SPF_NA(0.00)[no SPF record]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; R_DKIM_NA(0.00)[]; RCVD_TLS_LAST(0.00)[]; ASN(0.00)[asn:7684, ipnet:153.125.128.0/18, country:JP]; MLMMJ_DEST(0.00)[stable@freebsd.org] X-Rspamd-Queue-Id: 4SBLPf5Qn8z4NF9 On Thu, 19 Oct 2023 19:53:08 +0000 Miroslav Lachman <000.fbsd@quip.cz> wrote: > On 19/10/2023 16:19, Robert Blayzor wrote: > > On 10/4/23 00:45, Peter Libassi wrote: > >> Me too! My sshd_config is also customized and everytime there is a new > >> patch I need to run freebsd-update manually and get rid of the attempt > >> to trash the sshd config that could make my server unreachable over > >> the network. > >> > >> Why does the freebsd-update need a vanilla sshd_config? > > > > > > Or put your custom sshd config in another location and just update rc.conf: > > > > sshd_flags="-f /path/to/my/sshd_config" > > It is hackery workaround. freebsd-update must not overwrite user > modified files without safe merge of conflicts. yet it did it in the > past, for example pf.conf and some other vital files. > > Kind regards > Miroslav Lachman I don't think it hackery. What should have been is that default sshf_config to be in /etc/defaults and /etc/defaults/rc.conf points to it, and anyone needs custom settings to create sshd_config in /etc/ssh (or in somewhere else), like rc.conf case. -- Tomoaki AOKI