Merge pull request 'fix(oslib): install_openssh must not report failure on non-Alpine' (#2) from fix/alma-harden-resilience into main
Reviewed-on: #2
This commit is contained in:
+10
-3
@@ -397,9 +397,16 @@ install_openssh() {
|
||||
fi
|
||||
local sftp_pkg; sftp_pkg="$(pkg_name sftp-server)"
|
||||
# shellcheck disable=SC2046
|
||||
pkg_install $(pkg_name openssh-server) $(pkg_name openssh-client) ${sftp_pkg:+$sftp_pkg}
|
||||
# Alpine needs linux-pam present for the PAM server build.
|
||||
[[ "$OS_FAMILY" == alpine ]] && pkg_install linux-pam openrc
|
||||
pkg_install $(pkg_name openssh-server) $(pkg_name openssh-client) ${sftp_pkg:+$sftp_pkg} || return 1
|
||||
# Alpine needs linux-pam present for the PAM server build. Use an if-block,
|
||||
# NOT `[[ ... ]] && ...`: as the LAST statement, that trailing test makes the
|
||||
# whole function exit 1 on every non-Alpine OS (a false `[[ ]]` returns 1) --
|
||||
# harmless to a bare call under `set -e`, but a caller guarding with `|| die`
|
||||
# reads it as an OpenSSH install failure. The `|| return 1` above still
|
||||
# surfaces a real package failure.
|
||||
if [[ "$OS_FAMILY" == alpine ]]; then
|
||||
pkg_install linux-pam openrc
|
||||
fi
|
||||
}
|
||||
|
||||
# Install sshguard + an iptables firewall backend. On RHEL/Alma sshguard lives
|
||||
|
||||
Reference in New Issue
Block a user