Merge pull request 'fix(oslib): install_openssh must not report failure on non-Alpine' (#2) from fix/alma-harden-resilience into main

Reviewed-on: #2
This commit is contained in:
2026-06-14 22:00:53 +00:00
+10 -3
View File
@@ -397,9 +397,16 @@ install_openssh() {
fi
local sftp_pkg; sftp_pkg="$(pkg_name sftp-server)"
# shellcheck disable=SC2046
pkg_install $(pkg_name openssh-server) $(pkg_name openssh-client) ${sftp_pkg:+$sftp_pkg}
# Alpine needs linux-pam present for the PAM server build.
[[ "$OS_FAMILY" == alpine ]] && pkg_install linux-pam openrc
pkg_install $(pkg_name openssh-server) $(pkg_name openssh-client) ${sftp_pkg:+$sftp_pkg} || return 1
# Alpine needs linux-pam present for the PAM server build. Use an if-block,
# NOT `[[ ... ]] && ...`: as the LAST statement, that trailing test makes the
# whole function exit 1 on every non-Alpine OS (a false `[[ ]]` returns 1) --
# harmless to a bare call under `set -e`, but a caller guarding with `|| die`
# reads it as an OpenSSH install failure. The `|| return 1` above still
# surfaces a real package failure.
if [[ "$OS_FAMILY" == alpine ]]; then
pkg_install linux-pam openrc
fi
}
# Install sshguard + an iptables firewall backend. On RHEL/Alma sshguard lives