From 1273ef7b356c95ab376ad8e3e7c9723ac08b242b Mon Sep 17 00:00:00 2001 From: Tomas Hozza Date: Tue, 15 Feb 2022 11:34:13 +0100 Subject: [PATCH] Regenerate all image test cases with the enhanced image-info Signed-off-by: Tomas Hozza --- .../manifests/centos_8-aarch64-ami-boot.json | 142 ++++++++- .../centos_8-aarch64-edge_commit-boot.json | 128 +++++++- .../centos_8-aarch64-openstack-boot.json | 135 ++++++++ .../centos_8-aarch64-qcow2-boot.json | 135 ++++++++ ...centos_8-aarch64-qcow2_customize-boot.json | 135 ++++++++ .../manifests/centos_8-aarch64-tar-boot.json | 107 +++++++ .../centos_8-ppc64le-qcow2-boot.json | 135 ++++++++ ...centos_8-ppc64le-qcow2_customize-boot.json | 135 ++++++++ .../manifests/centos_8-ppc64le-tar-boot.json | 107 +++++++ .../manifests/centos_8-x86_64-ami-boot.json | 136 ++++++++ .../centos_8-x86_64-edge_commit-boot.json | 128 +++++++- .../centos_8-x86_64-edge_commit_rt-boot.json | 128 +++++++- .../centos_8-x86_64-openstack-boot.json | 135 ++++++++ .../manifests/centos_8-x86_64-qcow2-boot.json | 135 ++++++++ .../centos_8-x86_64-qcow2_customize-boot.json | 135 ++++++++ .../manifests/centos_8-x86_64-tar-boot.json | 107 +++++++ .../manifests/centos_8-x86_64-vhd-boot.json | 135 ++++++++ .../manifests/centos_8-x86_64-vmdk-boot.json | 135 ++++++++ .../manifests/fedora_34-aarch64-ami-boot.json | 299 ++++++++++++++++++ .../manifests/fedora_34-aarch64-oci-boot.json | 299 ++++++++++++++++++ .../fedora_34-aarch64-openstack-boot.json | 299 ++++++++++++++++++ .../fedora_34-aarch64-qcow2-boot.json | 299 ++++++++++++++++++ ...edora_34-aarch64-qcow2_customize-boot.json | 299 ++++++++++++++++++ .../manifests/fedora_34-x86_64-ami-boot.json | 299 ++++++++++++++++++ ...dora_34-x86_64-fedora_iot_commit-boot.json | 182 ++++++++++- ...4-x86_64-fedora_iot_commit_debug-boot.json | 182 ++++++++++- .../manifests/fedora_34-x86_64-oci-boot.json | 299 ++++++++++++++++++ .../fedora_34-x86_64-openstack-boot.json | 299 ++++++++++++++++++ .../fedora_34-x86_64-qcow2-boot.json | 299 ++++++++++++++++++ ...fedora_34-x86_64-qcow2_customize-boot.json | 299 ++++++++++++++++++ .../manifests/fedora_34-x86_64-vhd-boot.json | 299 ++++++++++++++++++ .../manifests/fedora_34-x86_64-vmdk-boot.json | 299 ++++++++++++++++++ .../manifests/fedora_35-aarch64-ami-boot.json | 299 ++++++++++++++++++ .../manifests/fedora_35-aarch64-oci-boot.json | 299 ++++++++++++++++++ .../fedora_35-aarch64-openstack-boot.json | 299 ++++++++++++++++++ .../fedora_35-aarch64-qcow2-boot.json | 299 ++++++++++++++++++ ...edora_35-aarch64-qcow2_customize-boot.json | 299 ++++++++++++++++++ .../manifests/fedora_35-x86_64-ami-boot.json | 299 ++++++++++++++++++ ...dora_35-x86_64-fedora_iot_commit-boot.json | 182 ++++++++++- ...5-x86_64-fedora_iot_commit_debug-boot.json | 182 ++++++++++- .../manifests/fedora_35-x86_64-oci-boot.json | 299 ++++++++++++++++++ .../fedora_35-x86_64-openstack-boot.json | 299 ++++++++++++++++++ .../fedora_35-x86_64-qcow2-boot.json | 299 ++++++++++++++++++ ...fedora_35-x86_64-qcow2_customize-boot.json | 299 ++++++++++++++++++ .../manifests/fedora_35-x86_64-vhd-boot.json | 299 ++++++++++++++++++ .../manifests/fedora_35-x86_64-vmdk-boot.json | 299 ++++++++++++++++++ .../manifests/rhel_8-aarch64-ami-boot.json | 76 ++++- .../rhel_8-aarch64-openstack-boot.json | 58 +++- .../manifests/rhel_8-aarch64-qcow2-boot.json | 58 +++- .../rhel_8-aarch64-qcow2_customize-boot.json | 76 ++++- .../rhel_8-aarch64-rhel_edge_commit-boot.json | 43 +++ .../manifests/rhel_8-aarch64-tar-boot.json | 24 ++ .../manifests/rhel_8-ppc64le-qcow2-boot.json | 54 ++++ .../rhel_8-ppc64le-qcow2_customize-boot.json | 54 ++++ .../manifests/rhel_8-ppc64le-tar-boot.json | 24 ++ .../manifests/rhel_8-s390x-qcow2-boot.json | 54 ++++ .../rhel_8-s390x-qcow2_customize-boot.json | 54 ++++ .../data/manifests/rhel_8-s390x-tar-boot.json | 24 ++ .../manifests/rhel_8-x86_64-ami-boot.json | 54 ++++ .../rhel_8-x86_64-openstack-boot.json | 54 ++++ .../manifests/rhel_8-x86_64-qcow2-boot.json | 54 ++++ .../rhel_8-x86_64-qcow2_customize-boot.json | 54 ++++ .../rhel_8-x86_64-rhel_edge_commit-boot.json | 43 +++ ...hel_8-x86_64-rhel_edge_commit_rt-boot.json | 43 +++ .../manifests/rhel_8-x86_64-tar-boot.json | 24 ++ .../manifests/rhel_8-x86_64-vhd-boot.json | 54 ++++ .../manifests/rhel_8-x86_64-vmdk-boot.json | 54 ++++ .../manifests/rhel_84-aarch64-ami-boot.json | 54 ++++ .../rhel_84-aarch64-openstack-boot.json | 54 ++++ .../manifests/rhel_84-aarch64-qcow2-boot.json | 54 ++++ .../rhel_84-aarch64-qcow2_customize-boot.json | 54 ++++ ...rhel_84-aarch64-rhel_edge_commit-boot.json | 43 +++ .../manifests/rhel_84-aarch64-tar-boot.json | 24 ++ .../manifests/rhel_84-ppc64le-qcow2-boot.json | 54 ++++ .../rhel_84-ppc64le-qcow2_customize-boot.json | 54 ++++ .../manifests/rhel_84-ppc64le-tar-boot.json | 24 ++ .../manifests/rhel_84-s390x-qcow2-boot.json | 54 ++++ .../rhel_84-s390x-qcow2_customize-boot.json | 54 ++++ .../manifests/rhel_84-x86_64-ami-boot.json | 54 ++++ .../rhel_84-x86_64-openstack-boot.json | 54 ++++ .../manifests/rhel_84-x86_64-qcow2-boot.json | 54 ++++ .../rhel_84-x86_64-qcow2_customize-boot.json | 54 ++++ .../rhel_84-x86_64-rhel_edge_commit-boot.json | 43 +++ ...el_84-x86_64-rhel_edge_commit_rt-boot.json | 43 +++ .../manifests/rhel_84-x86_64-tar-boot.json | 24 ++ .../manifests/rhel_84-x86_64-vhd-boot.json | 54 ++++ .../manifests/rhel_84-x86_64-vmdk-boot.json | 54 ++++ .../manifests/rhel_85-aarch64-ami-boot.json | 54 ++++ .../manifests/rhel_85-aarch64-ec2-boot.json | 172 ++++++++++ .../rhel_85-aarch64-edge_commit-boot.json | 43 +++ .../rhel_85-aarch64-openstack-boot.json | 54 ++++ .../manifests/rhel_85-aarch64-qcow2-boot.json | 54 ++++ .../rhel_85-aarch64-qcow2_customize-boot.json | 54 ++++ .../manifests/rhel_85-aarch64-tar-boot.json | 24 ++ .../manifests/rhel_85-ppc64le-qcow2-boot.json | 54 ++++ .../rhel_85-ppc64le-qcow2_customize-boot.json | 54 ++++ .../manifests/rhel_85-ppc64le-tar-boot.json | 24 ++ .../manifests/rhel_85-s390x-qcow2-boot.json | 54 ++++ .../rhel_85-s390x-qcow2_customize-boot.json | 54 ++++ .../manifests/rhel_85-s390x-tar-boot.json | 26 +- .../manifests/rhel_85-x86_64-ami-boot.json | 54 ++++ .../manifests/rhel_85-x86_64-ec2-boot.json | 172 ++++++++++ .../manifests/rhel_85-x86_64-ec2_ha-boot.json | 238 ++++++++++++++ .../rhel_85-x86_64-edge_commit-boot.json | 43 +++ .../rhel_85-x86_64-edge_commit_rt-boot.json | 43 +++ .../rhel_85-x86_64-openstack-boot.json | 54 ++++ .../manifests/rhel_85-x86_64-qcow2-boot.json | 54 ++++ .../rhel_85-x86_64-qcow2_customize-boot.json | 54 ++++ .../manifests/rhel_85-x86_64-tar-boot.json | 24 ++ .../manifests/rhel_85-x86_64-vhd-boot.json | 54 ++++ .../manifests/rhel_85-x86_64-vmdk-boot.json | 54 ++++ .../manifests/rhel_86-aarch64-ami-boot.json | 54 ++++ .../manifests/rhel_86-aarch64-ec2-boot.json | 172 ++++++++++ .../rhel_86-aarch64-edge_commit-boot.json | 43 +++ .../rhel_86-aarch64-openstack-boot.json | 54 ++++ .../manifests/rhel_86-aarch64-qcow2-boot.json | 54 ++++ .../rhel_86-aarch64-qcow2_customize-boot.json | 54 ++++ .../manifests/rhel_86-aarch64-tar-boot.json | 24 ++ .../manifests/rhel_86-ppc64le-qcow2-boot.json | 54 ++++ .../rhel_86-ppc64le-qcow2_customize-boot.json | 54 ++++ .../manifests/rhel_86-ppc64le-tar-boot.json | 24 ++ .../manifests/rhel_86-s390x-qcow2-boot.json | 54 ++++ .../rhel_86-s390x-qcow2_customize-boot.json | 54 ++++ .../manifests/rhel_86-s390x-tar-boot.json | 26 +- .../manifests/rhel_86-x86_64-ami-boot.json | 54 ++++ .../manifests/rhel_86-x86_64-ec2-boot.json | 172 ++++++++++ .../manifests/rhel_86-x86_64-ec2_ha-boot.json | 238 ++++++++++++++ .../rhel_86-x86_64-ec2_sap-boot.json | 236 ++++++++++++++ .../rhel_86-x86_64-edge_commit-boot.json | 43 +++ .../rhel_86-x86_64-edge_commit_rt-boot.json | 43 +++ .../rhel_86-x86_64-openstack-boot.json | 54 ++++ .../manifests/rhel_86-x86_64-qcow2-boot.json | 54 ++++ .../rhel_86-x86_64-qcow2_customize-boot.json | 54 ++++ .../manifests/rhel_86-x86_64-tar-boot.json | 24 ++ .../manifests/rhel_86-x86_64-vhd-boot.json | 54 ++++ .../manifests/rhel_86-x86_64-vmdk-boot.json | 54 ++++ .../manifests/rhel_90-aarch64-ami-boot.json | 48 +++ .../manifests/rhel_90-aarch64-ec2-boot.json | 166 ++++++++++ .../rhel_90-aarch64-edge_commit-boot.json | 36 +++ .../rhel_90-aarch64-openstack-boot.json | 47 +++ .../manifests/rhel_90-aarch64-qcow2-boot.json | 47 +++ .../rhel_90-aarch64-qcow2_customize-boot.json | 47 +++ .../manifests/rhel_90-aarch64-tar-boot.json | 21 ++ .../manifests/rhel_90-ppc64le-qcow2-boot.json | 47 +++ .../rhel_90-ppc64le-qcow2_customize-boot.json | 47 +++ .../manifests/rhel_90-ppc64le-tar-boot.json | 21 ++ .../manifests/rhel_90-s390x-qcow2-boot.json | 49 ++- .../rhel_90-s390x-qcow2_customize-boot.json | 51 ++- .../manifests/rhel_90-s390x-tar-boot.json | 21 ++ .../manifests/rhel_90-x86_64-ami-boot.json | 48 +++ .../manifests/rhel_90-x86_64-ec2-boot.json | 166 ++++++++++ .../manifests/rhel_90-x86_64-ec2_ha-boot.json | 48 +++ .../rhel_90-x86_64-ec2_sap-boot.json | 46 +++ .../rhel_90-x86_64-edge_commit-boot.json | 36 +++ .../rhel_90-x86_64-edge_commit_rt-boot.json | 47 +++ .../rhel_90-x86_64-openstack-boot.json | 47 +++ .../manifests/rhel_90-x86_64-qcow2-boot.json | 47 +++ .../rhel_90-x86_64-qcow2_customize-boot.json | 47 +++ .../manifests/rhel_90-x86_64-tar-boot.json | 21 ++ .../manifests/rhel_90-x86_64-vhd-boot.json | 47 +++ .../manifests/rhel_90-x86_64-vmdk-boot.json | 47 +++ .../rhel_90_beta-aarch64-ami-boot.json | 55 ++++ .../rhel_90_beta-aarch64-ec2-boot.json | 173 ++++++++++ ...rhel_90_beta-aarch64-edge_commit-boot.json | 44 +++ .../rhel_90_beta-aarch64-openstack-boot.json | 55 ++++ .../rhel_90_beta-aarch64-qcow2-boot.json | 55 ++++ ..._90_beta-aarch64-qcow2_customize-boot.json | 55 ++++ .../rhel_90_beta-aarch64-tar-boot.json | 25 ++ .../rhel_90_beta-ppc64le-qcow2-boot.json | 55 ++++ ..._90_beta-ppc64le-qcow2_customize-boot.json | 55 ++++ .../rhel_90_beta-ppc64le-tar-boot.json | 25 ++ .../rhel_90_beta-s390x-qcow2-boot.json | 57 +++- ...el_90_beta-s390x-qcow2_customize-boot.json | 59 +++- .../rhel_90_beta-s390x-tar-boot.json | 25 ++ .../rhel_90_beta-x86_64-ami-boot.json | 55 ++++ .../rhel_90_beta-x86_64-ec2-boot.json | 173 ++++++++++ .../rhel_90_beta-x86_64-ec2_ha-boot.json | 55 ++++ .../rhel_90_beta-x86_64-ec2_sap-boot.json | 53 ++++ .../rhel_90_beta-x86_64-edge_commit-boot.json | 44 +++ ...el_90_beta-x86_64-edge_commit_rt-boot.json | 55 ++++ .../rhel_90_beta-x86_64-openstack-boot.json | 55 ++++ .../rhel_90_beta-x86_64-qcow2-boot.json | 55 ++++ ...l_90_beta-x86_64-qcow2_customize-boot.json | 55 ++++ .../rhel_90_beta-x86_64-tar-boot.json | 25 ++ .../rhel_90_beta-x86_64-vhd-boot.json | 55 ++++ .../rhel_90_beta-x86_64-vmdk-boot.json | 55 ++++ 186 files changed, 18317 insertions(+), 44 deletions(-) diff --git a/test/data/manifests/centos_8-aarch64-ami-boot.json b/test/data/manifests/centos_8-aarch64-ami-boot.json index f11fef49f..efaac34ef 100644 --- a/test/data/manifests/centos_8-aarch64-ami-boot.json +++ b/test/data/manifests/centos_8-aarch64-ami-boot.json @@ -10704,6 +10704,15 @@ }, "default-target": "multi-user.target", "dnf": { + "dnf.conf": { + "main": { + "best": "True", + "clean_requirements_on_remove": "True", + "gpgcheck": "1", + "installonly_limit": "3", + "skip_if_unavailable": "False" + } + }, "vars": { "contentdir": "centos", "infra": "stock", @@ -11274,8 +11283,8 @@ "fstype": "xfs", "label": "root", "partuuid": "6264D520-3FB9-423F-8AB8-7A0A8E3D3562", - "size": 9989681152, - "start": 747685888, + "size": 9989732352, + "start": 747634688, "type": "0FC63DAF-8483-4772-8E79-3D69D8477DE4", "uuid": "6e4ff95f-f662-45ee-a82a-bdf44a2d0b75" }, @@ -11294,7 +11303,7 @@ "fstype": "xfs", "label": null, "partuuid": "CB07C243-BC44-4717-853E-28852021225B", - "size": 536922112, + "size": 536870912, "start": 210763776, "type": "0FC63DAF-8483-4772-8E79-3D69D8477DE4", "uuid": "0194fdc2-fa2f-4cc0-81d3-ff12045b73c8" @@ -11341,6 +11350,7 @@ "/etc/pam.d/postlogin": "....L....", "/etc/pam.d/smartcard-auth": "....L....", "/etc/pam.d/system-auth": "....L....", + "/etc/ssh/sshd_config": "S.5....T.", "/proc": ".M.......", "/sys": ".M.......", "/var/log/lastlog": ".M....G..", @@ -11431,6 +11441,49 @@ "udisks2.service", "unbound-anchor.timer" ], + "ssh_config": { + "/etc/ssh": { + "ssh_config": [ + "Include /etc/ssh/ssh_config.d/*.conf" + ] + }, + "/etc/ssh/ssh_config.d": { + "05-redhat.conf": [ + "Match final all", + "Include /etc/crypto-policies/back-ends/openssh.config", + "GSSAPIAuthentication yes", + "ForwardX11Trusted yes", + "SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "SendEnv XMODIFIERS" + ] + } + }, + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "HostKey /etc/ssh/ssh_host_rsa_key", + "HostKey /etc/ssh/ssh_host_ecdsa_key", + "HostKey /etc/ssh/ssh_host_ed25519_key", + "SyslogFacility AUTHPRIV", + "PermitRootLogin yes", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "PasswordAuthentication no", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no", + "AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "AcceptEnv XMODIFIERS", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server" + ] + } + }, "sudoers": { "/etc/sudoers": [ "Defaults !visiblepw", @@ -11663,6 +11716,89 @@ "r! /tmp/.X[0-9]*-lock" ] } + }, + "yum_repos": { + "/etc/yum.repos.d": { + "CentOS-Stream-AppStream.repo": { + "appstream": { + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial", + "mirrorlist": "http://mirrorlist.centos.org/?release=$stream&arch=$basearch&repo=AppStream&infra=$infra", + "name": "CentOS Stream $releasever - AppStream" + } + }, + "CentOS-Stream-BaseOS.repo": { + "baseos": { + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial", + "mirrorlist": "http://mirrorlist.centos.org/?release=$stream&arch=$basearch&repo=BaseOS&infra=$infra", + "name": "CentOS Stream $releasever - BaseOS" + } + }, + "CentOS-Stream-Debuginfo.repo": { + "debuginfo": { + "baseurl": "http://debuginfo.centos.org/$stream/$basearch/", + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial", + "name": "CentOS Stream $releasever - Debuginfo" + } + }, + "CentOS-Stream-Extras.repo": { + "extras": { + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial", + "mirrorlist": "http://mirrorlist.centos.org/?release=$stream&arch=$basearch&repo=extras&infra=$infra", + "name": "CentOS Stream $releasever - Extras" + } + }, + "CentOS-Stream-HighAvailability.repo": { + "ha": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial", + "mirrorlist": "http://mirrorlist.centos.org/?release=$stream&arch=$basearch&repo=HighAvailability&infra=$infra", + "name": "CentOS Stream $releasever - HighAvailability" + } + }, + "CentOS-Stream-Media.repo": { + "media-appstream": { + "baseurl": "file:///media/CentOS/AppStream\nfile:///media/cdrom/AppStream\nfile:///media/cdrecorder/AppStream", + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial", + "name": "CentOS Stream $releasever - Media - AppStream" + }, + "media-baseos": { + "baseurl": "file:///media/CentOS/BaseOS\nfile:///media/cdrom/BaseOS\nfile:///media/cdrecorder/BaseOS", + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial", + "name": "CentOS Stream $releasever - Media - BaseOS" + } + }, + "CentOS-Stream-PowerTools.repo": { + "powertools": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial", + "mirrorlist": "http://mirrorlist.centos.org/?release=$stream&arch=$basearch&repo=PowerTools&infra=$infra", + "name": "CentOS Stream $releasever - PowerTools" + } + }, + "CentOS-Stream-RealTime.repo": { + "rt": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial", + "mirrorlist": "http://mirrorlist.centos.org/?release=$stream&arch=$basearch&repo=RT&infra=$infra", + "name": "CentOS Stream $releasever - RealTime" + } + } + } } } } diff --git a/test/data/manifests/centos_8-aarch64-edge_commit-boot.json b/test/data/manifests/centos_8-aarch64-edge_commit-boot.json index d144285ed..6c3205be6 100644 --- a/test/data/manifests/centos_8-aarch64-edge_commit-boot.json +++ b/test/data/manifests/centos_8-aarch64-edge_commit-boot.json @@ -10609,6 +10609,49 @@ "timedatex.service", "udisks2.service" ], + "ssh_config": { + "/etc/ssh": { + "ssh_config": [ + "Include /etc/ssh/ssh_config.d/*.conf" + ] + }, + "/etc/ssh/ssh_config.d": { + "05-redhat.conf": [ + "Match final all", + "Include /etc/crypto-policies/back-ends/openssh.config", + "GSSAPIAuthentication yes", + "ForwardX11Trusted yes", + "SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "SendEnv XMODIFIERS" + ] + } + }, + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "HostKey /etc/ssh/ssh_host_rsa_key", + "HostKey /etc/ssh/ssh_host_ecdsa_key", + "HostKey /etc/ssh/ssh_host_ed25519_key", + "SyslogFacility AUTHPRIV", + "PermitRootLogin yes", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "PasswordAuthentication yes", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no", + "AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "AcceptEnv XMODIFIERS", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server" + ] + } + }, "sudoers": { "/etc/sudoers": [ "Defaults !visiblepw", @@ -10913,6 +10956,89 @@ ] } }, - "type": "ostree/commit" + "type": "ostree/commit", + "yum_repos": { + "/etc/yum.repos.d": { + "CentOS-Stream-AppStream.repo": { + "appstream": { + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial", + "mirrorlist": "http://mirrorlist.centos.org/?release=$stream&arch=$basearch&repo=AppStream&infra=$infra", + "name": "CentOS Stream $releasever - AppStream" + } + }, + "CentOS-Stream-BaseOS.repo": { + "baseos": { + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial", + "mirrorlist": "http://mirrorlist.centos.org/?release=$stream&arch=$basearch&repo=BaseOS&infra=$infra", + "name": "CentOS Stream $releasever - BaseOS" + } + }, + "CentOS-Stream-Debuginfo.repo": { + "debuginfo": { + "baseurl": "http://debuginfo.centos.org/$stream/$basearch/", + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial", + "name": "CentOS Stream $releasever - Debuginfo" + } + }, + "CentOS-Stream-Extras.repo": { + "extras": { + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial", + "mirrorlist": "http://mirrorlist.centos.org/?release=$stream&arch=$basearch&repo=extras&infra=$infra", + "name": "CentOS Stream $releasever - Extras" + } + }, + "CentOS-Stream-HighAvailability.repo": { + "ha": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial", + "mirrorlist": "http://mirrorlist.centos.org/?release=$stream&arch=$basearch&repo=HighAvailability&infra=$infra", + "name": "CentOS Stream $releasever - HighAvailability" + } + }, + "CentOS-Stream-Media.repo": { + "media-appstream": { + "baseurl": "file:///media/CentOS/AppStream\nfile:///media/cdrom/AppStream\nfile:///media/cdrecorder/AppStream", + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial", + "name": "CentOS Stream $releasever - Media - AppStream" + }, + "media-baseos": { + "baseurl": "file:///media/CentOS/BaseOS\nfile:///media/cdrom/BaseOS\nfile:///media/cdrecorder/BaseOS", + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial", + "name": "CentOS Stream $releasever - Media - BaseOS" + } + }, + "CentOS-Stream-PowerTools.repo": { + "powertools": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial", + "mirrorlist": "http://mirrorlist.centos.org/?release=$stream&arch=$basearch&repo=PowerTools&infra=$infra", + "name": "CentOS Stream $releasever - PowerTools" + } + }, + "CentOS-Stream-RealTime.repo": { + "rt": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial", + "mirrorlist": "http://mirrorlist.centos.org/?release=$stream&arch=$basearch&repo=RT&infra=$infra", + "name": "CentOS Stream $releasever - RealTime" + } + } + } + } } } diff --git a/test/data/manifests/centos_8-aarch64-openstack-boot.json b/test/data/manifests/centos_8-aarch64-openstack-boot.json index 859fc9e77..4030df8c8 100644 --- a/test/data/manifests/centos_8-aarch64-openstack-boot.json +++ b/test/data/manifests/centos_8-aarch64-openstack-boot.json @@ -10975,6 +10975,15 @@ }, "default-target": "graphical.target", "dnf": { + "dnf.conf": { + "main": { + "best": "True", + "clean_requirements_on_remove": "True", + "gpgcheck": "1", + "installonly_limit": "3", + "skip_if_unavailable": "False" + } + }, "vars": { "contentdir": "centos", "infra": "stock", @@ -11694,6 +11703,49 @@ "udisks2.service", "unbound-anchor.timer" ], + "ssh_config": { + "/etc/ssh": { + "ssh_config": [ + "Include /etc/ssh/ssh_config.d/*.conf" + ] + }, + "/etc/ssh/ssh_config.d": { + "05-redhat.conf": [ + "Match final all", + "Include /etc/crypto-policies/back-ends/openssh.config", + "GSSAPIAuthentication yes", + "ForwardX11Trusted yes", + "SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "SendEnv XMODIFIERS" + ] + } + }, + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "HostKey /etc/ssh/ssh_host_rsa_key", + "HostKey /etc/ssh/ssh_host_ecdsa_key", + "HostKey /etc/ssh/ssh_host_ed25519_key", + "SyslogFacility AUTHPRIV", + "PermitRootLogin yes", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "PasswordAuthentication yes", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no", + "AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "AcceptEnv XMODIFIERS", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server" + ] + } + }, "sudoers": { "/etc/sudoers": [ "Defaults !visiblepw", @@ -11906,6 +11958,89 @@ "r! /tmp/.X[0-9]*-lock" ] } + }, + "yum_repos": { + "/etc/yum.repos.d": { + "CentOS-Stream-AppStream.repo": { + "appstream": { + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial", + "mirrorlist": "http://mirrorlist.centos.org/?release=$stream&arch=$basearch&repo=AppStream&infra=$infra", + "name": "CentOS Stream $releasever - AppStream" + } + }, + "CentOS-Stream-BaseOS.repo": { + "baseos": { + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial", + "mirrorlist": "http://mirrorlist.centos.org/?release=$stream&arch=$basearch&repo=BaseOS&infra=$infra", + "name": "CentOS Stream $releasever - BaseOS" + } + }, + "CentOS-Stream-Debuginfo.repo": { + "debuginfo": { + "baseurl": "http://debuginfo.centos.org/$stream/$basearch/", + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial", + "name": "CentOS Stream $releasever - Debuginfo" + } + }, + "CentOS-Stream-Extras.repo": { + "extras": { + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial", + "mirrorlist": "http://mirrorlist.centos.org/?release=$stream&arch=$basearch&repo=extras&infra=$infra", + "name": "CentOS Stream $releasever - Extras" + } + }, + "CentOS-Stream-HighAvailability.repo": { + "ha": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial", + "mirrorlist": "http://mirrorlist.centos.org/?release=$stream&arch=$basearch&repo=HighAvailability&infra=$infra", + "name": "CentOS Stream $releasever - HighAvailability" + } + }, + "CentOS-Stream-Media.repo": { + "media-appstream": { + "baseurl": "file:///media/CentOS/AppStream\nfile:///media/cdrom/AppStream\nfile:///media/cdrecorder/AppStream", + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial", + "name": "CentOS Stream $releasever - Media - AppStream" + }, + "media-baseos": { + "baseurl": "file:///media/CentOS/BaseOS\nfile:///media/cdrom/BaseOS\nfile:///media/cdrecorder/BaseOS", + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial", + "name": "CentOS Stream $releasever - Media - BaseOS" + } + }, + "CentOS-Stream-PowerTools.repo": { + "powertools": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial", + "mirrorlist": "http://mirrorlist.centos.org/?release=$stream&arch=$basearch&repo=PowerTools&infra=$infra", + "name": "CentOS Stream $releasever - PowerTools" + } + }, + "CentOS-Stream-RealTime.repo": { + "rt": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial", + "mirrorlist": "http://mirrorlist.centos.org/?release=$stream&arch=$basearch&repo=RT&infra=$infra", + "name": "CentOS Stream $releasever - RealTime" + } + } + } } } } diff --git a/test/data/manifests/centos_8-aarch64-qcow2-boot.json b/test/data/manifests/centos_8-aarch64-qcow2-boot.json index 7aee60e7f..6f1747d48 100644 --- a/test/data/manifests/centos_8-aarch64-qcow2-boot.json +++ b/test/data/manifests/centos_8-aarch64-qcow2-boot.json @@ -10921,6 +10921,15 @@ }, "default-target": "multi-user.target", "dnf": { + "dnf.conf": { + "main": { + "best": "True", + "clean_requirements_on_remove": "True", + "gpgcheck": "1", + "installonly_limit": "3", + "skip_if_unavailable": "False" + } + }, "vars": { "contentdir": "centos", "infra": "stock", @@ -11643,6 +11652,49 @@ "tuned.service", "unbound-anchor.timer" ], + "ssh_config": { + "/etc/ssh": { + "ssh_config": [ + "Include /etc/ssh/ssh_config.d/*.conf" + ] + }, + "/etc/ssh/ssh_config.d": { + "05-redhat.conf": [ + "Match final all", + "Include /etc/crypto-policies/back-ends/openssh.config", + "GSSAPIAuthentication yes", + "ForwardX11Trusted yes", + "SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "SendEnv XMODIFIERS" + ] + } + }, + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "HostKey /etc/ssh/ssh_host_rsa_key", + "HostKey /etc/ssh/ssh_host_ecdsa_key", + "HostKey /etc/ssh/ssh_host_ed25519_key", + "SyslogFacility AUTHPRIV", + "PermitRootLogin yes", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "PasswordAuthentication yes", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no", + "AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "AcceptEnv XMODIFIERS", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server" + ] + } + }, "sudoers": { "/etc/sudoers": [ "Defaults !visiblepw", @@ -11857,6 +11909,89 @@ "r! /tmp/.X[0-9]*-lock" ] } + }, + "yum_repos": { + "/etc/yum.repos.d": { + "CentOS-Stream-AppStream.repo": { + "appstream": { + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial", + "mirrorlist": "http://mirrorlist.centos.org/?release=$stream&arch=$basearch&repo=AppStream&infra=$infra", + "name": "CentOS Stream $releasever - AppStream" + } + }, + "CentOS-Stream-BaseOS.repo": { + "baseos": { + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial", + "mirrorlist": "http://mirrorlist.centos.org/?release=$stream&arch=$basearch&repo=BaseOS&infra=$infra", + "name": "CentOS Stream $releasever - BaseOS" + } + }, + "CentOS-Stream-Debuginfo.repo": { + "debuginfo": { + "baseurl": "http://debuginfo.centos.org/$stream/$basearch/", + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial", + "name": "CentOS Stream $releasever - Debuginfo" + } + }, + "CentOS-Stream-Extras.repo": { + "extras": { + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial", + "mirrorlist": "http://mirrorlist.centos.org/?release=$stream&arch=$basearch&repo=extras&infra=$infra", + "name": "CentOS Stream $releasever - Extras" + } + }, + "CentOS-Stream-HighAvailability.repo": { + "ha": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial", + "mirrorlist": "http://mirrorlist.centos.org/?release=$stream&arch=$basearch&repo=HighAvailability&infra=$infra", + "name": "CentOS Stream $releasever - HighAvailability" + } + }, + "CentOS-Stream-Media.repo": { + "media-appstream": { + "baseurl": "file:///media/CentOS/AppStream\nfile:///media/cdrom/AppStream\nfile:///media/cdrecorder/AppStream", + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial", + "name": "CentOS Stream $releasever - Media - AppStream" + }, + "media-baseos": { + "baseurl": "file:///media/CentOS/BaseOS\nfile:///media/cdrom/BaseOS\nfile:///media/cdrecorder/BaseOS", + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial", + "name": "CentOS Stream $releasever - Media - BaseOS" + } + }, + "CentOS-Stream-PowerTools.repo": { + "powertools": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial", + "mirrorlist": "http://mirrorlist.centos.org/?release=$stream&arch=$basearch&repo=PowerTools&infra=$infra", + "name": "CentOS Stream $releasever - PowerTools" + } + }, + "CentOS-Stream-RealTime.repo": { + "rt": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial", + "mirrorlist": "http://mirrorlist.centos.org/?release=$stream&arch=$basearch&repo=RT&infra=$infra", + "name": "CentOS Stream $releasever - RealTime" + } + } + } } } } diff --git a/test/data/manifests/centos_8-aarch64-qcow2_customize-boot.json b/test/data/manifests/centos_8-aarch64-qcow2_customize-boot.json index 6dd4db24b..e5b13e795 100644 --- a/test/data/manifests/centos_8-aarch64-qcow2_customize-boot.json +++ b/test/data/manifests/centos_8-aarch64-qcow2_customize-boot.json @@ -13204,6 +13204,15 @@ }, "default-target": "multi-user.target", "dnf": { + "dnf.conf": { + "main": { + "best": "True", + "clean_requirements_on_remove": "True", + "gpgcheck": "1", + "installonly_limit": "3", + "skip_if_unavailable": "False" + } + }, "vars": { "contentdir": "centos", "infra": "stock", @@ -13983,6 +13992,49 @@ "tuned.service", "unbound-anchor.timer" ], + "ssh_config": { + "/etc/ssh": { + "ssh_config": [ + "Include /etc/ssh/ssh_config.d/*.conf" + ] + }, + "/etc/ssh/ssh_config.d": { + "05-redhat.conf": [ + "Match final all", + "Include /etc/crypto-policies/back-ends/openssh.config", + "GSSAPIAuthentication yes", + "ForwardX11Trusted yes", + "SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "SendEnv XMODIFIERS" + ] + } + }, + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "HostKey /etc/ssh/ssh_host_rsa_key", + "HostKey /etc/ssh/ssh_host_ecdsa_key", + "HostKey /etc/ssh/ssh_host_ed25519_key", + "SyslogFacility AUTHPRIV", + "PermitRootLogin yes", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "PasswordAuthentication yes", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no", + "AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "AcceptEnv XMODIFIERS", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server" + ] + } + }, "sudoers": { "/etc/sudoers": [ "Defaults !visiblepw", @@ -14197,6 +14249,89 @@ "r! /tmp/.X[0-9]*-lock" ] } + }, + "yum_repos": { + "/etc/yum.repos.d": { + "CentOS-Stream-AppStream.repo": { + "appstream": { + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial", + "mirrorlist": "http://mirrorlist.centos.org/?release=$stream&arch=$basearch&repo=AppStream&infra=$infra", + "name": "CentOS Stream $releasever - AppStream" + } + }, + "CentOS-Stream-BaseOS.repo": { + "baseos": { + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial", + "mirrorlist": "http://mirrorlist.centos.org/?release=$stream&arch=$basearch&repo=BaseOS&infra=$infra", + "name": "CentOS Stream $releasever - BaseOS" + } + }, + "CentOS-Stream-Debuginfo.repo": { + "debuginfo": { + "baseurl": "http://debuginfo.centos.org/$stream/$basearch/", + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial", + "name": "CentOS Stream $releasever - Debuginfo" + } + }, + "CentOS-Stream-Extras.repo": { + "extras": { + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial", + "mirrorlist": "http://mirrorlist.centos.org/?release=$stream&arch=$basearch&repo=extras&infra=$infra", + "name": "CentOS Stream $releasever - Extras" + } + }, + "CentOS-Stream-HighAvailability.repo": { + "ha": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial", + "mirrorlist": "http://mirrorlist.centos.org/?release=$stream&arch=$basearch&repo=HighAvailability&infra=$infra", + "name": "CentOS Stream $releasever - HighAvailability" + } + }, + "CentOS-Stream-Media.repo": { + "media-appstream": { + "baseurl": "file:///media/CentOS/AppStream\nfile:///media/cdrom/AppStream\nfile:///media/cdrecorder/AppStream", + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial", + "name": "CentOS Stream $releasever - Media - AppStream" + }, + "media-baseos": { + "baseurl": "file:///media/CentOS/BaseOS\nfile:///media/cdrom/BaseOS\nfile:///media/cdrecorder/BaseOS", + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial", + "name": "CentOS Stream $releasever - Media - BaseOS" + } + }, + "CentOS-Stream-PowerTools.repo": { + "powertools": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial", + "mirrorlist": "http://mirrorlist.centos.org/?release=$stream&arch=$basearch&repo=PowerTools&infra=$infra", + "name": "CentOS Stream $releasever - PowerTools" + } + }, + "CentOS-Stream-RealTime.repo": { + "rt": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial", + "mirrorlist": "http://mirrorlist.centos.org/?release=$stream&arch=$basearch&repo=RT&infra=$infra", + "name": "CentOS Stream $releasever - RealTime" + } + } + } } } } diff --git a/test/data/manifests/centos_8-aarch64-tar-boot.json b/test/data/manifests/centos_8-aarch64-tar-boot.json index 03629b812..f11674960 100644 --- a/test/data/manifests/centos_8-aarch64-tar-boot.json +++ b/test/data/manifests/centos_8-aarch64-tar-boot.json @@ -7508,6 +7508,30 @@ "selinux-autorelabel-mark.service", "sshd.service" ], + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "HostKey /etc/ssh/ssh_host_rsa_key", + "HostKey /etc/ssh/ssh_host_ecdsa_key", + "HostKey /etc/ssh/ssh_host_ed25519_key", + "SyslogFacility AUTHPRIV", + "PermitRootLogin yes", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "PasswordAuthentication yes", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no", + "AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "AcceptEnv XMODIFIERS", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server" + ] + } + }, "sysconfig": { "kernel": { "DEFAULTKERNEL": "kernel", @@ -7674,6 +7698,89 @@ "r! /tmp/.X[0-9]*-lock" ] } + }, + "yum_repos": { + "/etc/yum.repos.d": { + "CentOS-Stream-AppStream.repo": { + "appstream": { + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial", + "mirrorlist": "http://mirrorlist.centos.org/?release=$stream&arch=$basearch&repo=AppStream&infra=$infra", + "name": "CentOS Stream $releasever - AppStream" + } + }, + "CentOS-Stream-BaseOS.repo": { + "baseos": { + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial", + "mirrorlist": "http://mirrorlist.centos.org/?release=$stream&arch=$basearch&repo=BaseOS&infra=$infra", + "name": "CentOS Stream $releasever - BaseOS" + } + }, + "CentOS-Stream-Debuginfo.repo": { + "debuginfo": { + "baseurl": "http://debuginfo.centos.org/$stream/$basearch/", + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial", + "name": "CentOS Stream $releasever - Debuginfo" + } + }, + "CentOS-Stream-Extras.repo": { + "extras": { + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial", + "mirrorlist": "http://mirrorlist.centos.org/?release=$stream&arch=$basearch&repo=extras&infra=$infra", + "name": "CentOS Stream $releasever - Extras" + } + }, + "CentOS-Stream-HighAvailability.repo": { + "ha": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial", + "mirrorlist": "http://mirrorlist.centos.org/?release=$stream&arch=$basearch&repo=HighAvailability&infra=$infra", + "name": "CentOS Stream $releasever - HighAvailability" + } + }, + "CentOS-Stream-Media.repo": { + "media-appstream": { + "baseurl": "file:///media/CentOS/AppStream\nfile:///media/cdrom/AppStream\nfile:///media/cdrecorder/AppStream", + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial", + "name": "CentOS Stream $releasever - Media - AppStream" + }, + "media-baseos": { + "baseurl": "file:///media/CentOS/BaseOS\nfile:///media/cdrom/BaseOS\nfile:///media/cdrecorder/BaseOS", + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial", + "name": "CentOS Stream $releasever - Media - BaseOS" + } + }, + "CentOS-Stream-PowerTools.repo": { + "powertools": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial", + "mirrorlist": "http://mirrorlist.centos.org/?release=$stream&arch=$basearch&repo=PowerTools&infra=$infra", + "name": "CentOS Stream $releasever - PowerTools" + } + }, + "CentOS-Stream-RealTime.repo": { + "rt": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial", + "mirrorlist": "http://mirrorlist.centos.org/?release=$stream&arch=$basearch&repo=RT&infra=$infra", + "name": "CentOS Stream $releasever - RealTime" + } + } + } } } } diff --git a/test/data/manifests/centos_8-ppc64le-qcow2-boot.json b/test/data/manifests/centos_8-ppc64le-qcow2-boot.json index 5542f93e3..5236fc4ed 100644 --- a/test/data/manifests/centos_8-ppc64le-qcow2-boot.json +++ b/test/data/manifests/centos_8-ppc64le-qcow2-boot.json @@ -11629,6 +11629,15 @@ }, "default-target": "multi-user.target", "dnf": { + "dnf.conf": { + "main": { + "best": "True", + "clean_requirements_on_remove": "True", + "gpgcheck": "1", + "installonly_limit": "3", + "skip_if_unavailable": "False" + } + }, "vars": { "contentdir": "centos", "infra": "stock", @@ -12388,6 +12397,49 @@ "tuned.service", "unbound-anchor.timer" ], + "ssh_config": { + "/etc/ssh": { + "ssh_config": [ + "Include /etc/ssh/ssh_config.d/*.conf" + ] + }, + "/etc/ssh/ssh_config.d": { + "05-redhat.conf": [ + "Match final all", + "Include /etc/crypto-policies/back-ends/openssh.config", + "GSSAPIAuthentication yes", + "ForwardX11Trusted yes", + "SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "SendEnv XMODIFIERS" + ] + } + }, + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "HostKey /etc/ssh/ssh_host_rsa_key", + "HostKey /etc/ssh/ssh_host_ecdsa_key", + "HostKey /etc/ssh/ssh_host_ed25519_key", + "SyslogFacility AUTHPRIV", + "PermitRootLogin yes", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "PasswordAuthentication yes", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no", + "AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "AcceptEnv XMODIFIERS", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server" + ] + } + }, "sudoers": { "/etc/sudoers": [ "Defaults !visiblepw", @@ -12602,6 +12654,89 @@ "r! /tmp/.X[0-9]*-lock" ] } + }, + "yum_repos": { + "/etc/yum.repos.d": { + "CentOS-Stream-AppStream.repo": { + "appstream": { + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial", + "mirrorlist": "http://mirrorlist.centos.org/?release=$stream&arch=$basearch&repo=AppStream&infra=$infra", + "name": "CentOS Stream $releasever - AppStream" + } + }, + "CentOS-Stream-BaseOS.repo": { + "baseos": { + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial", + "mirrorlist": "http://mirrorlist.centos.org/?release=$stream&arch=$basearch&repo=BaseOS&infra=$infra", + "name": "CentOS Stream $releasever - BaseOS" + } + }, + "CentOS-Stream-Debuginfo.repo": { + "debuginfo": { + "baseurl": "http://debuginfo.centos.org/$stream/$basearch/", + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial", + "name": "CentOS Stream $releasever - Debuginfo" + } + }, + "CentOS-Stream-Extras.repo": { + "extras": { + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial", + "mirrorlist": "http://mirrorlist.centos.org/?release=$stream&arch=$basearch&repo=extras&infra=$infra", + "name": "CentOS Stream $releasever - Extras" + } + }, + "CentOS-Stream-HighAvailability.repo": { + "ha": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial", + "mirrorlist": "http://mirrorlist.centos.org/?release=$stream&arch=$basearch&repo=HighAvailability&infra=$infra", + "name": "CentOS Stream $releasever - HighAvailability" + } + }, + "CentOS-Stream-Media.repo": { + "media-appstream": { + "baseurl": "file:///media/CentOS/AppStream\nfile:///media/cdrom/AppStream\nfile:///media/cdrecorder/AppStream", + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial", + "name": "CentOS Stream $releasever - Media - AppStream" + }, + "media-baseos": { + "baseurl": "file:///media/CentOS/BaseOS\nfile:///media/cdrom/BaseOS\nfile:///media/cdrecorder/BaseOS", + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial", + "name": "CentOS Stream $releasever - Media - BaseOS" + } + }, + "CentOS-Stream-PowerTools.repo": { + "powertools": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial", + "mirrorlist": "http://mirrorlist.centos.org/?release=$stream&arch=$basearch&repo=PowerTools&infra=$infra", + "name": "CentOS Stream $releasever - PowerTools" + } + }, + "CentOS-Stream-RealTime.repo": { + "rt": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial", + "mirrorlist": "http://mirrorlist.centos.org/?release=$stream&arch=$basearch&repo=RT&infra=$infra", + "name": "CentOS Stream $releasever - RealTime" + } + } + } } } } diff --git a/test/data/manifests/centos_8-ppc64le-qcow2_customize-boot.json b/test/data/manifests/centos_8-ppc64le-qcow2_customize-boot.json index f946181cc..db1385627 100644 --- a/test/data/manifests/centos_8-ppc64le-qcow2_customize-boot.json +++ b/test/data/manifests/centos_8-ppc64le-qcow2_customize-boot.json @@ -14462,6 +14462,15 @@ }, "default-target": "multi-user.target", "dnf": { + "dnf.conf": { + "main": { + "best": "True", + "clean_requirements_on_remove": "True", + "gpgcheck": "1", + "installonly_limit": "3", + "skip_if_unavailable": "False" + } + }, "vars": { "contentdir": "centos", "infra": "stock", @@ -15278,6 +15287,49 @@ "tuned.service", "unbound-anchor.timer" ], + "ssh_config": { + "/etc/ssh": { + "ssh_config": [ + "Include /etc/ssh/ssh_config.d/*.conf" + ] + }, + "/etc/ssh/ssh_config.d": { + "05-redhat.conf": [ + "Match final all", + "Include /etc/crypto-policies/back-ends/openssh.config", + "GSSAPIAuthentication yes", + "ForwardX11Trusted yes", + "SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "SendEnv XMODIFIERS" + ] + } + }, + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "HostKey /etc/ssh/ssh_host_rsa_key", + "HostKey /etc/ssh/ssh_host_ecdsa_key", + "HostKey /etc/ssh/ssh_host_ed25519_key", + "SyslogFacility AUTHPRIV", + "PermitRootLogin yes", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "PasswordAuthentication yes", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no", + "AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "AcceptEnv XMODIFIERS", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server" + ] + } + }, "sudoers": { "/etc/sudoers": [ "Defaults !visiblepw", @@ -15492,6 +15544,89 @@ "r! /tmp/.X[0-9]*-lock" ] } + }, + "yum_repos": { + "/etc/yum.repos.d": { + "CentOS-Stream-AppStream.repo": { + "appstream": { + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial", + "mirrorlist": "http://mirrorlist.centos.org/?release=$stream&arch=$basearch&repo=AppStream&infra=$infra", + "name": "CentOS Stream $releasever - AppStream" + } + }, + "CentOS-Stream-BaseOS.repo": { + "baseos": { + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial", + "mirrorlist": "http://mirrorlist.centos.org/?release=$stream&arch=$basearch&repo=BaseOS&infra=$infra", + "name": "CentOS Stream $releasever - BaseOS" + } + }, + "CentOS-Stream-Debuginfo.repo": { + "debuginfo": { + "baseurl": "http://debuginfo.centos.org/$stream/$basearch/", + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial", + "name": "CentOS Stream $releasever - Debuginfo" + } + }, + "CentOS-Stream-Extras.repo": { + "extras": { + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial", + "mirrorlist": "http://mirrorlist.centos.org/?release=$stream&arch=$basearch&repo=extras&infra=$infra", + "name": "CentOS Stream $releasever - Extras" + } + }, + "CentOS-Stream-HighAvailability.repo": { + "ha": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial", + "mirrorlist": "http://mirrorlist.centos.org/?release=$stream&arch=$basearch&repo=HighAvailability&infra=$infra", + "name": "CentOS Stream $releasever - HighAvailability" + } + }, + "CentOS-Stream-Media.repo": { + "media-appstream": { + "baseurl": "file:///media/CentOS/AppStream\nfile:///media/cdrom/AppStream\nfile:///media/cdrecorder/AppStream", + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial", + "name": "CentOS Stream $releasever - Media - AppStream" + }, + "media-baseos": { + "baseurl": "file:///media/CentOS/BaseOS\nfile:///media/cdrom/BaseOS\nfile:///media/cdrecorder/BaseOS", + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial", + "name": "CentOS Stream $releasever - Media - BaseOS" + } + }, + "CentOS-Stream-PowerTools.repo": { + "powertools": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial", + "mirrorlist": "http://mirrorlist.centos.org/?release=$stream&arch=$basearch&repo=PowerTools&infra=$infra", + "name": "CentOS Stream $releasever - PowerTools" + } + }, + "CentOS-Stream-RealTime.repo": { + "rt": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial", + "mirrorlist": "http://mirrorlist.centos.org/?release=$stream&arch=$basearch&repo=RT&infra=$infra", + "name": "CentOS Stream $releasever - RealTime" + } + } + } } } } diff --git a/test/data/manifests/centos_8-ppc64le-tar-boot.json b/test/data/manifests/centos_8-ppc64le-tar-boot.json index 3039d5efd..ff77364e2 100644 --- a/test/data/manifests/centos_8-ppc64le-tar-boot.json +++ b/test/data/manifests/centos_8-ppc64le-tar-boot.json @@ -7615,6 +7615,30 @@ "selinux-autorelabel-mark.service", "sshd.service" ], + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "HostKey /etc/ssh/ssh_host_rsa_key", + "HostKey /etc/ssh/ssh_host_ecdsa_key", + "HostKey /etc/ssh/ssh_host_ed25519_key", + "SyslogFacility AUTHPRIV", + "PermitRootLogin yes", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "PasswordAuthentication yes", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no", + "AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "AcceptEnv XMODIFIERS", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server" + ] + } + }, "sysconfig": { "kernel": { "DEFAULTKERNEL": "kernel", @@ -7781,6 +7805,89 @@ "r! /tmp/.X[0-9]*-lock" ] } + }, + "yum_repos": { + "/etc/yum.repos.d": { + "CentOS-Stream-AppStream.repo": { + "appstream": { + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial", + "mirrorlist": "http://mirrorlist.centos.org/?release=$stream&arch=$basearch&repo=AppStream&infra=$infra", + "name": "CentOS Stream $releasever - AppStream" + } + }, + "CentOS-Stream-BaseOS.repo": { + "baseos": { + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial", + "mirrorlist": "http://mirrorlist.centos.org/?release=$stream&arch=$basearch&repo=BaseOS&infra=$infra", + "name": "CentOS Stream $releasever - BaseOS" + } + }, + "CentOS-Stream-Debuginfo.repo": { + "debuginfo": { + "baseurl": "http://debuginfo.centos.org/$stream/$basearch/", + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial", + "name": "CentOS Stream $releasever - Debuginfo" + } + }, + "CentOS-Stream-Extras.repo": { + "extras": { + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial", + "mirrorlist": "http://mirrorlist.centos.org/?release=$stream&arch=$basearch&repo=extras&infra=$infra", + "name": "CentOS Stream $releasever - Extras" + } + }, + "CentOS-Stream-HighAvailability.repo": { + "ha": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial", + "mirrorlist": "http://mirrorlist.centos.org/?release=$stream&arch=$basearch&repo=HighAvailability&infra=$infra", + "name": "CentOS Stream $releasever - HighAvailability" + } + }, + "CentOS-Stream-Media.repo": { + "media-appstream": { + "baseurl": "file:///media/CentOS/AppStream\nfile:///media/cdrom/AppStream\nfile:///media/cdrecorder/AppStream", + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial", + "name": "CentOS Stream $releasever - Media - AppStream" + }, + "media-baseos": { + "baseurl": "file:///media/CentOS/BaseOS\nfile:///media/cdrom/BaseOS\nfile:///media/cdrecorder/BaseOS", + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial", + "name": "CentOS Stream $releasever - Media - BaseOS" + } + }, + "CentOS-Stream-PowerTools.repo": { + "powertools": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial", + "mirrorlist": "http://mirrorlist.centos.org/?release=$stream&arch=$basearch&repo=PowerTools&infra=$infra", + "name": "CentOS Stream $releasever - PowerTools" + } + }, + "CentOS-Stream-RealTime.repo": { + "rt": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial", + "mirrorlist": "http://mirrorlist.centos.org/?release=$stream&arch=$basearch&repo=RT&infra=$infra", + "name": "CentOS Stream $releasever - RealTime" + } + } + } } } } diff --git a/test/data/manifests/centos_8-x86_64-ami-boot.json b/test/data/manifests/centos_8-x86_64-ami-boot.json index 0a3375e86..1863f46bc 100644 --- a/test/data/manifests/centos_8-x86_64-ami-boot.json +++ b/test/data/manifests/centos_8-x86_64-ami-boot.json @@ -10276,6 +10276,15 @@ }, "default-target": "multi-user.target", "dnf": { + "dnf.conf": { + "main": { + "best": "True", + "clean_requirements_on_remove": "True", + "gpgcheck": "1", + "installonly_limit": "3", + "skip_if_unavailable": "False" + } + }, "vars": { "contentdir": "centos", "infra": "stock", @@ -10849,6 +10858,7 @@ "/etc/pam.d/postlogin": "....L....", "/etc/pam.d/smartcard-auth": "....L....", "/etc/pam.d/system-auth": "....L....", + "/etc/ssh/sshd_config": "S.5....T.", "/proc": ".M.......", "/sys": ".M.......", "/var/log/lastlog": ".M....G..", @@ -10934,6 +10944,49 @@ "tuned.service", "unbound-anchor.timer" ], + "ssh_config": { + "/etc/ssh": { + "ssh_config": [ + "Include /etc/ssh/ssh_config.d/*.conf" + ] + }, + "/etc/ssh/ssh_config.d": { + "05-redhat.conf": [ + "Match final all", + "Include /etc/crypto-policies/back-ends/openssh.config", + "GSSAPIAuthentication yes", + "ForwardX11Trusted yes", + "SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "SendEnv XMODIFIERS" + ] + } + }, + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "HostKey /etc/ssh/ssh_host_rsa_key", + "HostKey /etc/ssh/ssh_host_ecdsa_key", + "HostKey /etc/ssh/ssh_host_ed25519_key", + "SyslogFacility AUTHPRIV", + "PermitRootLogin yes", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "PasswordAuthentication no", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no", + "AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "AcceptEnv XMODIFIERS", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server" + ] + } + }, "sudoers": { "/etc/sudoers": [ "Defaults !visiblepw", @@ -11160,6 +11213,89 @@ "r! /tmp/.X[0-9]*-lock" ] } + }, + "yum_repos": { + "/etc/yum.repos.d": { + "CentOS-Stream-AppStream.repo": { + "appstream": { + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial", + "mirrorlist": "http://mirrorlist.centos.org/?release=$stream&arch=$basearch&repo=AppStream&infra=$infra", + "name": "CentOS Stream $releasever - AppStream" + } + }, + "CentOS-Stream-BaseOS.repo": { + "baseos": { + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial", + "mirrorlist": "http://mirrorlist.centos.org/?release=$stream&arch=$basearch&repo=BaseOS&infra=$infra", + "name": "CentOS Stream $releasever - BaseOS" + } + }, + "CentOS-Stream-Debuginfo.repo": { + "debuginfo": { + "baseurl": "http://debuginfo.centos.org/$stream/$basearch/", + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial", + "name": "CentOS Stream $releasever - Debuginfo" + } + }, + "CentOS-Stream-Extras.repo": { + "extras": { + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial", + "mirrorlist": "http://mirrorlist.centos.org/?release=$stream&arch=$basearch&repo=extras&infra=$infra", + "name": "CentOS Stream $releasever - Extras" + } + }, + "CentOS-Stream-HighAvailability.repo": { + "ha": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial", + "mirrorlist": "http://mirrorlist.centos.org/?release=$stream&arch=$basearch&repo=HighAvailability&infra=$infra", + "name": "CentOS Stream $releasever - HighAvailability" + } + }, + "CentOS-Stream-Media.repo": { + "media-appstream": { + "baseurl": "file:///media/CentOS/AppStream\nfile:///media/cdrom/AppStream\nfile:///media/cdrecorder/AppStream", + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial", + "name": "CentOS Stream $releasever - Media - AppStream" + }, + "media-baseos": { + "baseurl": "file:///media/CentOS/BaseOS\nfile:///media/cdrom/BaseOS\nfile:///media/cdrecorder/BaseOS", + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial", + "name": "CentOS Stream $releasever - Media - BaseOS" + } + }, + "CentOS-Stream-PowerTools.repo": { + "powertools": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial", + "mirrorlist": "http://mirrorlist.centos.org/?release=$stream&arch=$basearch&repo=PowerTools&infra=$infra", + "name": "CentOS Stream $releasever - PowerTools" + } + }, + "CentOS-Stream-RealTime.repo": { + "rt": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial", + "mirrorlist": "http://mirrorlist.centos.org/?release=$stream&arch=$basearch&repo=RT&infra=$infra", + "name": "CentOS Stream $releasever - RealTime" + } + } + } } } } diff --git a/test/data/manifests/centos_8-x86_64-edge_commit-boot.json b/test/data/manifests/centos_8-x86_64-edge_commit-boot.json index 498c33e74..dbf587332 100644 --- a/test/data/manifests/centos_8-x86_64-edge_commit-boot.json +++ b/test/data/manifests/centos_8-x86_64-edge_commit-boot.json @@ -10935,6 +10935,49 @@ "timedatex.service", "udisks2.service" ], + "ssh_config": { + "/etc/ssh": { + "ssh_config": [ + "Include /etc/ssh/ssh_config.d/*.conf" + ] + }, + "/etc/ssh/ssh_config.d": { + "05-redhat.conf": [ + "Match final all", + "Include /etc/crypto-policies/back-ends/openssh.config", + "GSSAPIAuthentication yes", + "ForwardX11Trusted yes", + "SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "SendEnv XMODIFIERS" + ] + } + }, + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "HostKey /etc/ssh/ssh_host_rsa_key", + "HostKey /etc/ssh/ssh_host_ecdsa_key", + "HostKey /etc/ssh/ssh_host_ed25519_key", + "SyslogFacility AUTHPRIV", + "PermitRootLogin yes", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "PasswordAuthentication yes", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no", + "AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "AcceptEnv XMODIFIERS", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server" + ] + } + }, "sudoers": { "/etc/sudoers": [ "Defaults !visiblepw", @@ -11239,6 +11282,89 @@ ] } }, - "type": "ostree/commit" + "type": "ostree/commit", + "yum_repos": { + "/etc/yum.repos.d": { + "CentOS-Stream-AppStream.repo": { + "appstream": { + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial", + "mirrorlist": "http://mirrorlist.centos.org/?release=$stream&arch=$basearch&repo=AppStream&infra=$infra", + "name": "CentOS Stream $releasever - AppStream" + } + }, + "CentOS-Stream-BaseOS.repo": { + "baseos": { + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial", + "mirrorlist": "http://mirrorlist.centos.org/?release=$stream&arch=$basearch&repo=BaseOS&infra=$infra", + "name": "CentOS Stream $releasever - BaseOS" + } + }, + "CentOS-Stream-Debuginfo.repo": { + "debuginfo": { + "baseurl": "http://debuginfo.centos.org/$stream/$basearch/", + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial", + "name": "CentOS Stream $releasever - Debuginfo" + } + }, + "CentOS-Stream-Extras.repo": { + "extras": { + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial", + "mirrorlist": "http://mirrorlist.centos.org/?release=$stream&arch=$basearch&repo=extras&infra=$infra", + "name": "CentOS Stream $releasever - Extras" + } + }, + "CentOS-Stream-HighAvailability.repo": { + "ha": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial", + "mirrorlist": "http://mirrorlist.centos.org/?release=$stream&arch=$basearch&repo=HighAvailability&infra=$infra", + "name": "CentOS Stream $releasever - HighAvailability" + } + }, + "CentOS-Stream-Media.repo": { + "media-appstream": { + "baseurl": "file:///media/CentOS/AppStream\nfile:///media/cdrom/AppStream\nfile:///media/cdrecorder/AppStream", + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial", + "name": "CentOS Stream $releasever - Media - AppStream" + }, + "media-baseos": { + "baseurl": "file:///media/CentOS/BaseOS\nfile:///media/cdrom/BaseOS\nfile:///media/cdrecorder/BaseOS", + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial", + "name": "CentOS Stream $releasever - Media - BaseOS" + } + }, + "CentOS-Stream-PowerTools.repo": { + "powertools": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial", + "mirrorlist": "http://mirrorlist.centos.org/?release=$stream&arch=$basearch&repo=PowerTools&infra=$infra", + "name": "CentOS Stream $releasever - PowerTools" + } + }, + "CentOS-Stream-RealTime.repo": { + "rt": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial", + "mirrorlist": "http://mirrorlist.centos.org/?release=$stream&arch=$basearch&repo=RT&infra=$infra", + "name": "CentOS Stream $releasever - RealTime" + } + } + } + } } } diff --git a/test/data/manifests/centos_8-x86_64-edge_commit_rt-boot.json b/test/data/manifests/centos_8-x86_64-edge_commit_rt-boot.json index a3a87784b..1c7a634eb 100644 --- a/test/data/manifests/centos_8-x86_64-edge_commit_rt-boot.json +++ b/test/data/manifests/centos_8-x86_64-edge_commit_rt-boot.json @@ -10889,6 +10889,49 @@ "timedatex.service", "udisks2.service" ], + "ssh_config": { + "/etc/ssh": { + "ssh_config": [ + "Include /etc/ssh/ssh_config.d/*.conf" + ] + }, + "/etc/ssh/ssh_config.d": { + "05-redhat.conf": [ + "Match final all", + "Include /etc/crypto-policies/back-ends/openssh.config", + "GSSAPIAuthentication yes", + "ForwardX11Trusted yes", + "SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "SendEnv XMODIFIERS" + ] + } + }, + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "HostKey /etc/ssh/ssh_host_rsa_key", + "HostKey /etc/ssh/ssh_host_ecdsa_key", + "HostKey /etc/ssh/ssh_host_ed25519_key", + "SyslogFacility AUTHPRIV", + "PermitRootLogin yes", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "PasswordAuthentication yes", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no", + "AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "AcceptEnv XMODIFIERS", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server" + ] + } + }, "sudoers": { "/etc/sudoers": [ "Defaults !visiblepw", @@ -11193,6 +11236,89 @@ ] } }, - "type": "ostree/commit" + "type": "ostree/commit", + "yum_repos": { + "/etc/yum.repos.d": { + "CentOS-Stream-AppStream.repo": { + "appstream": { + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial", + "mirrorlist": "http://mirrorlist.centos.org/?release=$stream&arch=$basearch&repo=AppStream&infra=$infra", + "name": "CentOS Stream $releasever - AppStream" + } + }, + "CentOS-Stream-BaseOS.repo": { + "baseos": { + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial", + "mirrorlist": "http://mirrorlist.centos.org/?release=$stream&arch=$basearch&repo=BaseOS&infra=$infra", + "name": "CentOS Stream $releasever - BaseOS" + } + }, + "CentOS-Stream-Debuginfo.repo": { + "debuginfo": { + "baseurl": "http://debuginfo.centos.org/$stream/$basearch/", + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial", + "name": "CentOS Stream $releasever - Debuginfo" + } + }, + "CentOS-Stream-Extras.repo": { + "extras": { + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial", + "mirrorlist": "http://mirrorlist.centos.org/?release=$stream&arch=$basearch&repo=extras&infra=$infra", + "name": "CentOS Stream $releasever - Extras" + } + }, + "CentOS-Stream-HighAvailability.repo": { + "ha": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial", + "mirrorlist": "http://mirrorlist.centos.org/?release=$stream&arch=$basearch&repo=HighAvailability&infra=$infra", + "name": "CentOS Stream $releasever - HighAvailability" + } + }, + "CentOS-Stream-Media.repo": { + "media-appstream": { + "baseurl": "file:///media/CentOS/AppStream\nfile:///media/cdrom/AppStream\nfile:///media/cdrecorder/AppStream", + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial", + "name": "CentOS Stream $releasever - Media - AppStream" + }, + "media-baseos": { + "baseurl": "file:///media/CentOS/BaseOS\nfile:///media/cdrom/BaseOS\nfile:///media/cdrecorder/BaseOS", + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial", + "name": "CentOS Stream $releasever - Media - BaseOS" + } + }, + "CentOS-Stream-PowerTools.repo": { + "powertools": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial", + "mirrorlist": "http://mirrorlist.centos.org/?release=$stream&arch=$basearch&repo=PowerTools&infra=$infra", + "name": "CentOS Stream $releasever - PowerTools" + } + }, + "CentOS-Stream-RealTime.repo": { + "rt": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial", + "mirrorlist": "http://mirrorlist.centos.org/?release=$stream&arch=$basearch&repo=RT&infra=$infra", + "name": "CentOS Stream $releasever - RealTime" + } + } + } + } } } diff --git a/test/data/manifests/centos_8-x86_64-openstack-boot.json b/test/data/manifests/centos_8-x86_64-openstack-boot.json index b373eb3ef..a7060a569 100644 --- a/test/data/manifests/centos_8-x86_64-openstack-boot.json +++ b/test/data/manifests/centos_8-x86_64-openstack-boot.json @@ -11169,6 +11169,15 @@ }, "default-target": "graphical.target", "dnf": { + "dnf.conf": { + "main": { + "best": "True", + "clean_requirements_on_remove": "True", + "gpgcheck": "1", + "installonly_limit": "3", + "skip_if_unavailable": "False" + } + }, "vars": { "contentdir": "centos", "infra": "stock", @@ -11901,6 +11910,49 @@ "udisks2.service", "unbound-anchor.timer" ], + "ssh_config": { + "/etc/ssh": { + "ssh_config": [ + "Include /etc/ssh/ssh_config.d/*.conf" + ] + }, + "/etc/ssh/ssh_config.d": { + "05-redhat.conf": [ + "Match final all", + "Include /etc/crypto-policies/back-ends/openssh.config", + "GSSAPIAuthentication yes", + "ForwardX11Trusted yes", + "SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "SendEnv XMODIFIERS" + ] + } + }, + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "HostKey /etc/ssh/ssh_host_rsa_key", + "HostKey /etc/ssh/ssh_host_ecdsa_key", + "HostKey /etc/ssh/ssh_host_ed25519_key", + "SyslogFacility AUTHPRIV", + "PermitRootLogin yes", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "PasswordAuthentication yes", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no", + "AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "AcceptEnv XMODIFIERS", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server" + ] + } + }, "sudoers": { "/etc/sudoers": [ "Defaults !visiblepw", @@ -12113,6 +12165,89 @@ "r! /tmp/.X[0-9]*-lock" ] } + }, + "yum_repos": { + "/etc/yum.repos.d": { + "CentOS-Stream-AppStream.repo": { + "appstream": { + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial", + "mirrorlist": "http://mirrorlist.centos.org/?release=$stream&arch=$basearch&repo=AppStream&infra=$infra", + "name": "CentOS Stream $releasever - AppStream" + } + }, + "CentOS-Stream-BaseOS.repo": { + "baseos": { + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial", + "mirrorlist": "http://mirrorlist.centos.org/?release=$stream&arch=$basearch&repo=BaseOS&infra=$infra", + "name": "CentOS Stream $releasever - BaseOS" + } + }, + "CentOS-Stream-Debuginfo.repo": { + "debuginfo": { + "baseurl": "http://debuginfo.centos.org/$stream/$basearch/", + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial", + "name": "CentOS Stream $releasever - Debuginfo" + } + }, + "CentOS-Stream-Extras.repo": { + "extras": { + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial", + "mirrorlist": "http://mirrorlist.centos.org/?release=$stream&arch=$basearch&repo=extras&infra=$infra", + "name": "CentOS Stream $releasever - Extras" + } + }, + "CentOS-Stream-HighAvailability.repo": { + "ha": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial", + "mirrorlist": "http://mirrorlist.centos.org/?release=$stream&arch=$basearch&repo=HighAvailability&infra=$infra", + "name": "CentOS Stream $releasever - HighAvailability" + } + }, + "CentOS-Stream-Media.repo": { + "media-appstream": { + "baseurl": "file:///media/CentOS/AppStream\nfile:///media/cdrom/AppStream\nfile:///media/cdrecorder/AppStream", + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial", + "name": "CentOS Stream $releasever - Media - AppStream" + }, + "media-baseos": { + "baseurl": "file:///media/CentOS/BaseOS\nfile:///media/cdrom/BaseOS\nfile:///media/cdrecorder/BaseOS", + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial", + "name": "CentOS Stream $releasever - Media - BaseOS" + } + }, + "CentOS-Stream-PowerTools.repo": { + "powertools": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial", + "mirrorlist": "http://mirrorlist.centos.org/?release=$stream&arch=$basearch&repo=PowerTools&infra=$infra", + "name": "CentOS Stream $releasever - PowerTools" + } + }, + "CentOS-Stream-RealTime.repo": { + "rt": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial", + "mirrorlist": "http://mirrorlist.centos.org/?release=$stream&arch=$basearch&repo=RT&infra=$infra", + "name": "CentOS Stream $releasever - RealTime" + } + } + } } } } diff --git a/test/data/manifests/centos_8-x86_64-qcow2-boot.json b/test/data/manifests/centos_8-x86_64-qcow2-boot.json index 16c2bfa83..95bd7d014 100644 --- a/test/data/manifests/centos_8-x86_64-qcow2-boot.json +++ b/test/data/manifests/centos_8-x86_64-qcow2-boot.json @@ -11087,6 +11087,15 @@ }, "default-target": "multi-user.target", "dnf": { + "dnf.conf": { + "main": { + "best": "True", + "clean_requirements_on_remove": "True", + "gpgcheck": "1", + "installonly_limit": "3", + "skip_if_unavailable": "False" + } + }, "vars": { "contentdir": "centos", "infra": "stock", @@ -11820,6 +11829,49 @@ "tuned.service", "unbound-anchor.timer" ], + "ssh_config": { + "/etc/ssh": { + "ssh_config": [ + "Include /etc/ssh/ssh_config.d/*.conf" + ] + }, + "/etc/ssh/ssh_config.d": { + "05-redhat.conf": [ + "Match final all", + "Include /etc/crypto-policies/back-ends/openssh.config", + "GSSAPIAuthentication yes", + "ForwardX11Trusted yes", + "SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "SendEnv XMODIFIERS" + ] + } + }, + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "HostKey /etc/ssh/ssh_host_rsa_key", + "HostKey /etc/ssh/ssh_host_ecdsa_key", + "HostKey /etc/ssh/ssh_host_ed25519_key", + "SyslogFacility AUTHPRIV", + "PermitRootLogin yes", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "PasswordAuthentication yes", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no", + "AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "AcceptEnv XMODIFIERS", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server" + ] + } + }, "sudoers": { "/etc/sudoers": [ "Defaults !visiblepw", @@ -12034,6 +12086,89 @@ "r! /tmp/.X[0-9]*-lock" ] } + }, + "yum_repos": { + "/etc/yum.repos.d": { + "CentOS-Stream-AppStream.repo": { + "appstream": { + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial", + "mirrorlist": "http://mirrorlist.centos.org/?release=$stream&arch=$basearch&repo=AppStream&infra=$infra", + "name": "CentOS Stream $releasever - AppStream" + } + }, + "CentOS-Stream-BaseOS.repo": { + "baseos": { + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial", + "mirrorlist": "http://mirrorlist.centos.org/?release=$stream&arch=$basearch&repo=BaseOS&infra=$infra", + "name": "CentOS Stream $releasever - BaseOS" + } + }, + "CentOS-Stream-Debuginfo.repo": { + "debuginfo": { + "baseurl": "http://debuginfo.centos.org/$stream/$basearch/", + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial", + "name": "CentOS Stream $releasever - Debuginfo" + } + }, + "CentOS-Stream-Extras.repo": { + "extras": { + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial", + "mirrorlist": "http://mirrorlist.centos.org/?release=$stream&arch=$basearch&repo=extras&infra=$infra", + "name": "CentOS Stream $releasever - Extras" + } + }, + "CentOS-Stream-HighAvailability.repo": { + "ha": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial", + "mirrorlist": "http://mirrorlist.centos.org/?release=$stream&arch=$basearch&repo=HighAvailability&infra=$infra", + "name": "CentOS Stream $releasever - HighAvailability" + } + }, + "CentOS-Stream-Media.repo": { + "media-appstream": { + "baseurl": "file:///media/CentOS/AppStream\nfile:///media/cdrom/AppStream\nfile:///media/cdrecorder/AppStream", + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial", + "name": "CentOS Stream $releasever - Media - AppStream" + }, + "media-baseos": { + "baseurl": "file:///media/CentOS/BaseOS\nfile:///media/cdrom/BaseOS\nfile:///media/cdrecorder/BaseOS", + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial", + "name": "CentOS Stream $releasever - Media - BaseOS" + } + }, + "CentOS-Stream-PowerTools.repo": { + "powertools": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial", + "mirrorlist": "http://mirrorlist.centos.org/?release=$stream&arch=$basearch&repo=PowerTools&infra=$infra", + "name": "CentOS Stream $releasever - PowerTools" + } + }, + "CentOS-Stream-RealTime.repo": { + "rt": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial", + "mirrorlist": "http://mirrorlist.centos.org/?release=$stream&arch=$basearch&repo=RT&infra=$infra", + "name": "CentOS Stream $releasever - RealTime" + } + } + } } } } diff --git a/test/data/manifests/centos_8-x86_64-qcow2_customize-boot.json b/test/data/manifests/centos_8-x86_64-qcow2_customize-boot.json index 746432436..9b368566c 100644 --- a/test/data/manifests/centos_8-x86_64-qcow2_customize-boot.json +++ b/test/data/manifests/centos_8-x86_64-qcow2_customize-boot.json @@ -13395,6 +13395,15 @@ }, "default-target": "multi-user.target", "dnf": { + "dnf.conf": { + "main": { + "best": "True", + "clean_requirements_on_remove": "True", + "gpgcheck": "1", + "installonly_limit": "3", + "skip_if_unavailable": "False" + } + }, "vars": { "contentdir": "centos", "infra": "stock", @@ -14186,6 +14195,49 @@ "tuned.service", "unbound-anchor.timer" ], + "ssh_config": { + "/etc/ssh": { + "ssh_config": [ + "Include /etc/ssh/ssh_config.d/*.conf" + ] + }, + "/etc/ssh/ssh_config.d": { + "05-redhat.conf": [ + "Match final all", + "Include /etc/crypto-policies/back-ends/openssh.config", + "GSSAPIAuthentication yes", + "ForwardX11Trusted yes", + "SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "SendEnv XMODIFIERS" + ] + } + }, + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "HostKey /etc/ssh/ssh_host_rsa_key", + "HostKey /etc/ssh/ssh_host_ecdsa_key", + "HostKey /etc/ssh/ssh_host_ed25519_key", + "SyslogFacility AUTHPRIV", + "PermitRootLogin yes", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "PasswordAuthentication yes", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no", + "AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "AcceptEnv XMODIFIERS", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server" + ] + } + }, "sudoers": { "/etc/sudoers": [ "Defaults !visiblepw", @@ -14400,6 +14452,89 @@ "r! /tmp/.X[0-9]*-lock" ] } + }, + "yum_repos": { + "/etc/yum.repos.d": { + "CentOS-Stream-AppStream.repo": { + "appstream": { + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial", + "mirrorlist": "http://mirrorlist.centos.org/?release=$stream&arch=$basearch&repo=AppStream&infra=$infra", + "name": "CentOS Stream $releasever - AppStream" + } + }, + "CentOS-Stream-BaseOS.repo": { + "baseos": { + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial", + "mirrorlist": "http://mirrorlist.centos.org/?release=$stream&arch=$basearch&repo=BaseOS&infra=$infra", + "name": "CentOS Stream $releasever - BaseOS" + } + }, + "CentOS-Stream-Debuginfo.repo": { + "debuginfo": { + "baseurl": "http://debuginfo.centos.org/$stream/$basearch/", + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial", + "name": "CentOS Stream $releasever - Debuginfo" + } + }, + "CentOS-Stream-Extras.repo": { + "extras": { + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial", + "mirrorlist": "http://mirrorlist.centos.org/?release=$stream&arch=$basearch&repo=extras&infra=$infra", + "name": "CentOS Stream $releasever - Extras" + } + }, + "CentOS-Stream-HighAvailability.repo": { + "ha": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial", + "mirrorlist": "http://mirrorlist.centos.org/?release=$stream&arch=$basearch&repo=HighAvailability&infra=$infra", + "name": "CentOS Stream $releasever - HighAvailability" + } + }, + "CentOS-Stream-Media.repo": { + "media-appstream": { + "baseurl": "file:///media/CentOS/AppStream\nfile:///media/cdrom/AppStream\nfile:///media/cdrecorder/AppStream", + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial", + "name": "CentOS Stream $releasever - Media - AppStream" + }, + "media-baseos": { + "baseurl": "file:///media/CentOS/BaseOS\nfile:///media/cdrom/BaseOS\nfile:///media/cdrecorder/BaseOS", + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial", + "name": "CentOS Stream $releasever - Media - BaseOS" + } + }, + "CentOS-Stream-PowerTools.repo": { + "powertools": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial", + "mirrorlist": "http://mirrorlist.centos.org/?release=$stream&arch=$basearch&repo=PowerTools&infra=$infra", + "name": "CentOS Stream $releasever - PowerTools" + } + }, + "CentOS-Stream-RealTime.repo": { + "rt": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial", + "mirrorlist": "http://mirrorlist.centos.org/?release=$stream&arch=$basearch&repo=RT&infra=$infra", + "name": "CentOS Stream $releasever - RealTime" + } + } + } } } } diff --git a/test/data/manifests/centos_8-x86_64-tar-boot.json b/test/data/manifests/centos_8-x86_64-tar-boot.json index e256721fa..b87b93ad9 100644 --- a/test/data/manifests/centos_8-x86_64-tar-boot.json +++ b/test/data/manifests/centos_8-x86_64-tar-boot.json @@ -7620,6 +7620,30 @@ "selinux-autorelabel-mark.service", "sshd.service" ], + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "HostKey /etc/ssh/ssh_host_rsa_key", + "HostKey /etc/ssh/ssh_host_ecdsa_key", + "HostKey /etc/ssh/ssh_host_ed25519_key", + "SyslogFacility AUTHPRIV", + "PermitRootLogin yes", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "PasswordAuthentication yes", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no", + "AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "AcceptEnv XMODIFIERS", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server" + ] + } + }, "sysconfig": { "kernel": { "DEFAULTKERNEL": "kernel", @@ -7786,6 +7810,89 @@ "r! /tmp/.X[0-9]*-lock" ] } + }, + "yum_repos": { + "/etc/yum.repos.d": { + "CentOS-Stream-AppStream.repo": { + "appstream": { + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial", + "mirrorlist": "http://mirrorlist.centos.org/?release=$stream&arch=$basearch&repo=AppStream&infra=$infra", + "name": "CentOS Stream $releasever - AppStream" + } + }, + "CentOS-Stream-BaseOS.repo": { + "baseos": { + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial", + "mirrorlist": "http://mirrorlist.centos.org/?release=$stream&arch=$basearch&repo=BaseOS&infra=$infra", + "name": "CentOS Stream $releasever - BaseOS" + } + }, + "CentOS-Stream-Debuginfo.repo": { + "debuginfo": { + "baseurl": "http://debuginfo.centos.org/$stream/$basearch/", + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial", + "name": "CentOS Stream $releasever - Debuginfo" + } + }, + "CentOS-Stream-Extras.repo": { + "extras": { + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial", + "mirrorlist": "http://mirrorlist.centos.org/?release=$stream&arch=$basearch&repo=extras&infra=$infra", + "name": "CentOS Stream $releasever - Extras" + } + }, + "CentOS-Stream-HighAvailability.repo": { + "ha": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial", + "mirrorlist": "http://mirrorlist.centos.org/?release=$stream&arch=$basearch&repo=HighAvailability&infra=$infra", + "name": "CentOS Stream $releasever - HighAvailability" + } + }, + "CentOS-Stream-Media.repo": { + "media-appstream": { + "baseurl": "file:///media/CentOS/AppStream\nfile:///media/cdrom/AppStream\nfile:///media/cdrecorder/AppStream", + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial", + "name": "CentOS Stream $releasever - Media - AppStream" + }, + "media-baseos": { + "baseurl": "file:///media/CentOS/BaseOS\nfile:///media/cdrom/BaseOS\nfile:///media/cdrecorder/BaseOS", + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial", + "name": "CentOS Stream $releasever - Media - BaseOS" + } + }, + "CentOS-Stream-PowerTools.repo": { + "powertools": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial", + "mirrorlist": "http://mirrorlist.centos.org/?release=$stream&arch=$basearch&repo=PowerTools&infra=$infra", + "name": "CentOS Stream $releasever - PowerTools" + } + }, + "CentOS-Stream-RealTime.repo": { + "rt": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial", + "mirrorlist": "http://mirrorlist.centos.org/?release=$stream&arch=$basearch&repo=RT&infra=$infra", + "name": "CentOS Stream $releasever - RealTime" + } + } + } } } } diff --git a/test/data/manifests/centos_8-x86_64-vhd-boot.json b/test/data/manifests/centos_8-x86_64-vhd-boot.json index 815cf690e..ce4897a51 100644 --- a/test/data/manifests/centos_8-x86_64-vhd-boot.json +++ b/test/data/manifests/centos_8-x86_64-vhd-boot.json @@ -11230,6 +11230,15 @@ }, "default-target": "multi-user.target", "dnf": { + "dnf.conf": { + "main": { + "best": "True", + "clean_requirements_on_remove": "True", + "gpgcheck": "1", + "installonly_limit": "3", + "skip_if_unavailable": "False" + } + }, "vars": { "contentdir": "centos", "infra": "stock", @@ -11973,6 +11982,49 @@ "unbound-anchor.timer", "waagent.service" ], + "ssh_config": { + "/etc/ssh": { + "ssh_config": [ + "Include /etc/ssh/ssh_config.d/*.conf" + ] + }, + "/etc/ssh/ssh_config.d": { + "05-redhat.conf": [ + "Match final all", + "Include /etc/crypto-policies/back-ends/openssh.config", + "GSSAPIAuthentication yes", + "ForwardX11Trusted yes", + "SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "SendEnv XMODIFIERS" + ] + } + }, + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "HostKey /etc/ssh/ssh_host_rsa_key", + "HostKey /etc/ssh/ssh_host_ecdsa_key", + "HostKey /etc/ssh/ssh_host_ed25519_key", + "SyslogFacility AUTHPRIV", + "PermitRootLogin yes", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "PasswordAuthentication yes", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no", + "AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "AcceptEnv XMODIFIERS", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server" + ] + } + }, "sudoers": { "/etc/sudoers": [ "Defaults !visiblepw", @@ -12182,6 +12234,89 @@ "r! /tmp/.X[0-9]*-lock" ] } + }, + "yum_repos": { + "/etc/yum.repos.d": { + "CentOS-Stream-AppStream.repo": { + "appstream": { + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial", + "mirrorlist": "http://mirrorlist.centos.org/?release=$stream&arch=$basearch&repo=AppStream&infra=$infra", + "name": "CentOS Stream $releasever - AppStream" + } + }, + "CentOS-Stream-BaseOS.repo": { + "baseos": { + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial", + "mirrorlist": "http://mirrorlist.centos.org/?release=$stream&arch=$basearch&repo=BaseOS&infra=$infra", + "name": "CentOS Stream $releasever - BaseOS" + } + }, + "CentOS-Stream-Debuginfo.repo": { + "debuginfo": { + "baseurl": "http://debuginfo.centos.org/$stream/$basearch/", + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial", + "name": "CentOS Stream $releasever - Debuginfo" + } + }, + "CentOS-Stream-Extras.repo": { + "extras": { + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial", + "mirrorlist": "http://mirrorlist.centos.org/?release=$stream&arch=$basearch&repo=extras&infra=$infra", + "name": "CentOS Stream $releasever - Extras" + } + }, + "CentOS-Stream-HighAvailability.repo": { + "ha": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial", + "mirrorlist": "http://mirrorlist.centos.org/?release=$stream&arch=$basearch&repo=HighAvailability&infra=$infra", + "name": "CentOS Stream $releasever - HighAvailability" + } + }, + "CentOS-Stream-Media.repo": { + "media-appstream": { + "baseurl": "file:///media/CentOS/AppStream\nfile:///media/cdrom/AppStream\nfile:///media/cdrecorder/AppStream", + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial", + "name": "CentOS Stream $releasever - Media - AppStream" + }, + "media-baseos": { + "baseurl": "file:///media/CentOS/BaseOS\nfile:///media/cdrom/BaseOS\nfile:///media/cdrecorder/BaseOS", + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial", + "name": "CentOS Stream $releasever - Media - BaseOS" + } + }, + "CentOS-Stream-PowerTools.repo": { + "powertools": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial", + "mirrorlist": "http://mirrorlist.centos.org/?release=$stream&arch=$basearch&repo=PowerTools&infra=$infra", + "name": "CentOS Stream $releasever - PowerTools" + } + }, + "CentOS-Stream-RealTime.repo": { + "rt": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial", + "mirrorlist": "http://mirrorlist.centos.org/?release=$stream&arch=$basearch&repo=RT&infra=$infra", + "name": "CentOS Stream $releasever - RealTime" + } + } + } } } } diff --git a/test/data/manifests/centos_8-x86_64-vmdk-boot.json b/test/data/manifests/centos_8-x86_64-vmdk-boot.json index 9a649024f..ebefbf07c 100644 --- a/test/data/manifests/centos_8-x86_64-vmdk-boot.json +++ b/test/data/manifests/centos_8-x86_64-vmdk-boot.json @@ -10688,6 +10688,15 @@ }, "default-target": "graphical.target", "dnf": { + "dnf.conf": { + "main": { + "best": "True", + "clean_requirements_on_remove": "True", + "gpgcheck": "1", + "installonly_limit": "3", + "skip_if_unavailable": "False" + } + }, "vars": { "contentdir": "centos", "infra": "stock", @@ -11396,6 +11405,49 @@ "vgauthd.service", "vmtoolsd.service" ], + "ssh_config": { + "/etc/ssh": { + "ssh_config": [ + "Include /etc/ssh/ssh_config.d/*.conf" + ] + }, + "/etc/ssh/ssh_config.d": { + "05-redhat.conf": [ + "Match final all", + "Include /etc/crypto-policies/back-ends/openssh.config", + "GSSAPIAuthentication yes", + "ForwardX11Trusted yes", + "SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "SendEnv XMODIFIERS" + ] + } + }, + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "HostKey /etc/ssh/ssh_host_rsa_key", + "HostKey /etc/ssh/ssh_host_ecdsa_key", + "HostKey /etc/ssh/ssh_host_ed25519_key", + "SyslogFacility AUTHPRIV", + "PermitRootLogin yes", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "PasswordAuthentication yes", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no", + "AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "AcceptEnv XMODIFIERS", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server" + ] + } + }, "sudoers": { "/etc/sudoers": [ "Defaults !visiblepw", @@ -11602,6 +11654,89 @@ "r! /tmp/.X[0-9]*-lock" ] } + }, + "yum_repos": { + "/etc/yum.repos.d": { + "CentOS-Stream-AppStream.repo": { + "appstream": { + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial", + "mirrorlist": "http://mirrorlist.centos.org/?release=$stream&arch=$basearch&repo=AppStream&infra=$infra", + "name": "CentOS Stream $releasever - AppStream" + } + }, + "CentOS-Stream-BaseOS.repo": { + "baseos": { + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial", + "mirrorlist": "http://mirrorlist.centos.org/?release=$stream&arch=$basearch&repo=BaseOS&infra=$infra", + "name": "CentOS Stream $releasever - BaseOS" + } + }, + "CentOS-Stream-Debuginfo.repo": { + "debuginfo": { + "baseurl": "http://debuginfo.centos.org/$stream/$basearch/", + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial", + "name": "CentOS Stream $releasever - Debuginfo" + } + }, + "CentOS-Stream-Extras.repo": { + "extras": { + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial", + "mirrorlist": "http://mirrorlist.centos.org/?release=$stream&arch=$basearch&repo=extras&infra=$infra", + "name": "CentOS Stream $releasever - Extras" + } + }, + "CentOS-Stream-HighAvailability.repo": { + "ha": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial", + "mirrorlist": "http://mirrorlist.centos.org/?release=$stream&arch=$basearch&repo=HighAvailability&infra=$infra", + "name": "CentOS Stream $releasever - HighAvailability" + } + }, + "CentOS-Stream-Media.repo": { + "media-appstream": { + "baseurl": "file:///media/CentOS/AppStream\nfile:///media/cdrom/AppStream\nfile:///media/cdrecorder/AppStream", + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial", + "name": "CentOS Stream $releasever - Media - AppStream" + }, + "media-baseos": { + "baseurl": "file:///media/CentOS/BaseOS\nfile:///media/cdrom/BaseOS\nfile:///media/cdrecorder/BaseOS", + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial", + "name": "CentOS Stream $releasever - Media - BaseOS" + } + }, + "CentOS-Stream-PowerTools.repo": { + "powertools": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial", + "mirrorlist": "http://mirrorlist.centos.org/?release=$stream&arch=$basearch&repo=PowerTools&infra=$infra", + "name": "CentOS Stream $releasever - PowerTools" + } + }, + "CentOS-Stream-RealTime.repo": { + "rt": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial", + "mirrorlist": "http://mirrorlist.centos.org/?release=$stream&arch=$basearch&repo=RT&infra=$infra", + "name": "CentOS Stream $releasever - RealTime" + } + } + } } } } diff --git a/test/data/manifests/fedora_34-aarch64-ami-boot.json b/test/data/manifests/fedora_34-aarch64-ami-boot.json index b837a4f54..cb71c53bb 100644 --- a/test/data/manifests/fedora_34-aarch64-ami-boot.json +++ b/test/data/manifests/fedora_34-aarch64-ami-boot.json @@ -9443,6 +9443,17 @@ } }, "default-target": "graphical.target", + "dnf": { + "dnf.conf": { + "main": { + "best": "False", + "clean_requirements_on_remove": "True", + "gpgcheck": "1", + "installonly_limit": "3", + "skip_if_unavailable": "True" + } + } + }, "dracut": { "/usr/lib/dracut/dracut.conf.d": { "01-dist.conf": { @@ -10104,6 +10115,50 @@ "systemd-userdbd.socket", "unbound-anchor.timer" ], + "ssh_config": { + "/etc/ssh": { + "ssh_config": [ + "Include /etc/ssh/ssh_config.d/*.conf" + ] + }, + "/etc/ssh/ssh_config.d": { + "50-redhat.conf": [ + "Match final all", + "Include /etc/crypto-policies/back-ends/openssh.config", + "GSSAPIAuthentication yes", + "ForwardX11Trusted yes", + "SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "SendEnv XMODIFIERS" + ] + } + }, + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "Include /etc/ssh/sshd_config.d/*.conf", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server" + ] + }, + "/etc/ssh/sshd_config.d": { + "50-redhat.conf": [ + "Include /etc/crypto-policies/back-ends/opensshserver.config", + "SyslogFacility AUTHPRIV", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no", + "AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "AcceptEnv XMODIFIERS" + ] + } + }, "sudoers": { "/etc/sudoers": [ "Defaults !visiblepw", @@ -10341,6 +10396,250 @@ "r! /tmp/.X[0-9]*-lock" ] } + }, + "yum_repos": { + "/etc/yum.repos.d": { + "fedora-cisco-openh264.repo": { + "fedora-cisco-openh264": { + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "14d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-cisco-openh264-$releasever&arch=$basearch", + "name": "Fedora $releasever openh264 (From Cisco) - $basearch", + "repo_gpgcheck": "0", + "skip_if_unavailable": "True", + "type": "rpm" + }, + "fedora-cisco-openh264-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "14d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-cisco-openh264-debug-$releasever&arch=$basearch", + "name": "Fedora $releasever openh264 (From Cisco) - $basearch - Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "True", + "type": "rpm" + } + }, + "fedora-modular.repo": { + "fedora-modular": { + "countme": "1", + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "7d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-modular-$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - $basearch", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "fedora-modular-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "7d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-modular-debug-$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - $basearch - Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "fedora-modular-source": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "7d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-modular-source-$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - Source", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + } + }, + "fedora-updates-modular.repo": { + "updates-modular": { + "countme": "1", + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-released-modular-f$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - $basearch - Updates", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-modular-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-released-modular-debug-f$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - $basearch - Updates - Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-modular-source": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-released-modular-source-f$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - Updates Source", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + } + }, + "fedora-updates-testing-modular.repo": { + "updates-testing-modular": { + "countme": "1", + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-testing-modular-f$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - $basearch - Test Updates", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-testing-modular-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-testing-modular-debug-f$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - $basearch - Test Updates Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-testing-modular-source": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-testing-modular-source-f$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - Test Updates Source", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + } + }, + "fedora-updates-testing.repo": { + "updates-testing": { + "countme": "1", + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-testing-f$releasever&arch=$basearch", + "name": "Fedora $releasever - $basearch - Test Updates", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-testing-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-testing-debug-f$releasever&arch=$basearch", + "name": "Fedora $releasever - $basearch - Test Updates Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-testing-source": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-testing-source-f$releasever&arch=$basearch", + "name": "Fedora $releasever - Test Updates Source", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + } + }, + "fedora-updates.repo": { + "updates": { + "countme": "1", + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-released-f$releasever&arch=$basearch", + "name": "Fedora $releasever - $basearch - Updates", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-released-debug-f$releasever&arch=$basearch", + "name": "Fedora $releasever - $basearch - Updates - Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-source": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-released-source-f$releasever&arch=$basearch", + "name": "Fedora $releasever - Updates Source", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + } + }, + "fedora.repo": { + "fedora": { + "countme": "1", + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "7d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-$releasever&arch=$basearch", + "name": "Fedora $releasever - $basearch", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "fedora-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "7d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-debug-$releasever&arch=$basearch", + "name": "Fedora $releasever - $basearch - Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "fedora-source": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "7d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-source-$releasever&arch=$basearch", + "name": "Fedora $releasever - Source", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + } + } + } } } } diff --git a/test/data/manifests/fedora_34-aarch64-oci-boot.json b/test/data/manifests/fedora_34-aarch64-oci-boot.json index ac6bf3a4a..ae1baa81f 100644 --- a/test/data/manifests/fedora_34-aarch64-oci-boot.json +++ b/test/data/manifests/fedora_34-aarch64-oci-boot.json @@ -9261,6 +9261,17 @@ } }, "default-target": "graphical.target", + "dnf": { + "dnf.conf": { + "main": { + "best": "False", + "clean_requirements_on_remove": "True", + "gpgcheck": "1", + "installonly_limit": "3", + "skip_if_unavailable": "True" + } + } + }, "dracut": { "/usr/lib/dracut/dracut.conf.d": { "01-dist.conf": { @@ -9908,6 +9919,50 @@ "systemd-userdbd.socket", "unbound-anchor.timer" ], + "ssh_config": { + "/etc/ssh": { + "ssh_config": [ + "Include /etc/ssh/ssh_config.d/*.conf" + ] + }, + "/etc/ssh/ssh_config.d": { + "50-redhat.conf": [ + "Match final all", + "Include /etc/crypto-policies/back-ends/openssh.config", + "GSSAPIAuthentication yes", + "ForwardX11Trusted yes", + "SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "SendEnv XMODIFIERS" + ] + } + }, + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "Include /etc/ssh/sshd_config.d/*.conf", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server" + ] + }, + "/etc/ssh/sshd_config.d": { + "50-redhat.conf": [ + "Include /etc/crypto-policies/back-ends/opensshserver.config", + "SyslogFacility AUTHPRIV", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no", + "AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "AcceptEnv XMODIFIERS" + ] + } + }, "sudoers": { "/etc/sudoers": [ "Defaults !visiblepw", @@ -10157,6 +10212,250 @@ "r! /tmp/.X[0-9]*-lock" ] } + }, + "yum_repos": { + "/etc/yum.repos.d": { + "fedora-cisco-openh264.repo": { + "fedora-cisco-openh264": { + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "14d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-cisco-openh264-$releasever&arch=$basearch", + "name": "Fedora $releasever openh264 (From Cisco) - $basearch", + "repo_gpgcheck": "0", + "skip_if_unavailable": "True", + "type": "rpm" + }, + "fedora-cisco-openh264-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "14d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-cisco-openh264-debug-$releasever&arch=$basearch", + "name": "Fedora $releasever openh264 (From Cisco) - $basearch - Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "True", + "type": "rpm" + } + }, + "fedora-modular.repo": { + "fedora-modular": { + "countme": "1", + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "7d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-modular-$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - $basearch", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "fedora-modular-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "7d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-modular-debug-$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - $basearch - Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "fedora-modular-source": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "7d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-modular-source-$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - Source", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + } + }, + "fedora-updates-modular.repo": { + "updates-modular": { + "countme": "1", + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-released-modular-f$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - $basearch - Updates", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-modular-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-released-modular-debug-f$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - $basearch - Updates - Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-modular-source": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-released-modular-source-f$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - Updates Source", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + } + }, + "fedora-updates-testing-modular.repo": { + "updates-testing-modular": { + "countme": "1", + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-testing-modular-f$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - $basearch - Test Updates", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-testing-modular-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-testing-modular-debug-f$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - $basearch - Test Updates Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-testing-modular-source": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-testing-modular-source-f$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - Test Updates Source", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + } + }, + "fedora-updates-testing.repo": { + "updates-testing": { + "countme": "1", + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-testing-f$releasever&arch=$basearch", + "name": "Fedora $releasever - $basearch - Test Updates", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-testing-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-testing-debug-f$releasever&arch=$basearch", + "name": "Fedora $releasever - $basearch - Test Updates Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-testing-source": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-testing-source-f$releasever&arch=$basearch", + "name": "Fedora $releasever - Test Updates Source", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + } + }, + "fedora-updates.repo": { + "updates": { + "countme": "1", + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-released-f$releasever&arch=$basearch", + "name": "Fedora $releasever - $basearch - Updates", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-released-debug-f$releasever&arch=$basearch", + "name": "Fedora $releasever - $basearch - Updates - Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-source": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-released-source-f$releasever&arch=$basearch", + "name": "Fedora $releasever - Updates Source", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + } + }, + "fedora.repo": { + "fedora": { + "countme": "1", + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "7d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-$releasever&arch=$basearch", + "name": "Fedora $releasever - $basearch", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "fedora-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "7d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-debug-$releasever&arch=$basearch", + "name": "Fedora $releasever - $basearch - Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "fedora-source": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "7d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-source-$releasever&arch=$basearch", + "name": "Fedora $releasever - Source", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + } + } + } } } } diff --git a/test/data/manifests/fedora_34-aarch64-openstack-boot.json b/test/data/manifests/fedora_34-aarch64-openstack-boot.json index 5fa3fd82e..d7c5776dd 100644 --- a/test/data/manifests/fedora_34-aarch64-openstack-boot.json +++ b/test/data/manifests/fedora_34-aarch64-openstack-boot.json @@ -9792,6 +9792,17 @@ } }, "default-target": "graphical.target", + "dnf": { + "dnf.conf": { + "main": { + "best": "False", + "clean_requirements_on_remove": "True", + "gpgcheck": "1", + "installonly_limit": "3", + "skip_if_unavailable": "True" + } + } + }, "dracut": { "/usr/lib/dracut/dracut.conf.d": { "01-dist.conf": { @@ -10485,6 +10496,50 @@ "systemd-userdbd.socket", "unbound-anchor.timer" ], + "ssh_config": { + "/etc/ssh": { + "ssh_config": [ + "Include /etc/ssh/ssh_config.d/*.conf" + ] + }, + "/etc/ssh/ssh_config.d": { + "50-redhat.conf": [ + "Match final all", + "Include /etc/crypto-policies/back-ends/openssh.config", + "GSSAPIAuthentication yes", + "ForwardX11Trusted yes", + "SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "SendEnv XMODIFIERS" + ] + } + }, + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "Include /etc/ssh/sshd_config.d/*.conf", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server" + ] + }, + "/etc/ssh/sshd_config.d": { + "50-redhat.conf": [ + "Include /etc/crypto-policies/back-ends/opensshserver.config", + "SyslogFacility AUTHPRIV", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no", + "AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "AcceptEnv XMODIFIERS" + ] + } + }, "sudoers": { "/etc/sudoers": [ "Defaults !visiblepw", @@ -10725,6 +10780,250 @@ "r! /tmp/.X[0-9]*-lock" ] } + }, + "yum_repos": { + "/etc/yum.repos.d": { + "fedora-cisco-openh264.repo": { + "fedora-cisco-openh264": { + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "14d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-cisco-openh264-$releasever&arch=$basearch", + "name": "Fedora $releasever openh264 (From Cisco) - $basearch", + "repo_gpgcheck": "0", + "skip_if_unavailable": "True", + "type": "rpm" + }, + "fedora-cisco-openh264-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "14d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-cisco-openh264-debug-$releasever&arch=$basearch", + "name": "Fedora $releasever openh264 (From Cisco) - $basearch - Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "True", + "type": "rpm" + } + }, + "fedora-modular.repo": { + "fedora-modular": { + "countme": "1", + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "7d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-modular-$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - $basearch", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "fedora-modular-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "7d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-modular-debug-$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - $basearch - Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "fedora-modular-source": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "7d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-modular-source-$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - Source", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + } + }, + "fedora-updates-modular.repo": { + "updates-modular": { + "countme": "1", + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-released-modular-f$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - $basearch - Updates", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-modular-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-released-modular-debug-f$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - $basearch - Updates - Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-modular-source": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-released-modular-source-f$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - Updates Source", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + } + }, + "fedora-updates-testing-modular.repo": { + "updates-testing-modular": { + "countme": "1", + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-testing-modular-f$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - $basearch - Test Updates", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-testing-modular-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-testing-modular-debug-f$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - $basearch - Test Updates Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-testing-modular-source": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-testing-modular-source-f$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - Test Updates Source", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + } + }, + "fedora-updates-testing.repo": { + "updates-testing": { + "countme": "1", + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-testing-f$releasever&arch=$basearch", + "name": "Fedora $releasever - $basearch - Test Updates", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-testing-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-testing-debug-f$releasever&arch=$basearch", + "name": "Fedora $releasever - $basearch - Test Updates Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-testing-source": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-testing-source-f$releasever&arch=$basearch", + "name": "Fedora $releasever - Test Updates Source", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + } + }, + "fedora-updates.repo": { + "updates": { + "countme": "1", + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-released-f$releasever&arch=$basearch", + "name": "Fedora $releasever - $basearch - Updates", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-released-debug-f$releasever&arch=$basearch", + "name": "Fedora $releasever - $basearch - Updates - Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-source": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-released-source-f$releasever&arch=$basearch", + "name": "Fedora $releasever - Updates Source", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + } + }, + "fedora.repo": { + "fedora": { + "countme": "1", + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "7d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-$releasever&arch=$basearch", + "name": "Fedora $releasever - $basearch", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "fedora-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "7d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-debug-$releasever&arch=$basearch", + "name": "Fedora $releasever - $basearch - Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "fedora-source": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "7d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-source-$releasever&arch=$basearch", + "name": "Fedora $releasever - Source", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + } + } + } } } } diff --git a/test/data/manifests/fedora_34-aarch64-qcow2-boot.json b/test/data/manifests/fedora_34-aarch64-qcow2-boot.json index 7c8d4fb2a..881023a3d 100644 --- a/test/data/manifests/fedora_34-aarch64-qcow2-boot.json +++ b/test/data/manifests/fedora_34-aarch64-qcow2-boot.json @@ -9285,6 +9285,17 @@ } }, "default-target": "graphical.target", + "dnf": { + "dnf.conf": { + "main": { + "best": "False", + "clean_requirements_on_remove": "True", + "gpgcheck": "1", + "installonly_limit": "3", + "skip_if_unavailable": "True" + } + } + }, "dracut": { "/usr/lib/dracut/dracut.conf.d": { "01-dist.conf": { @@ -9934,6 +9945,50 @@ "systemd-userdbd.socket", "unbound-anchor.timer" ], + "ssh_config": { + "/etc/ssh": { + "ssh_config": [ + "Include /etc/ssh/ssh_config.d/*.conf" + ] + }, + "/etc/ssh/ssh_config.d": { + "50-redhat.conf": [ + "Match final all", + "Include /etc/crypto-policies/back-ends/openssh.config", + "GSSAPIAuthentication yes", + "ForwardX11Trusted yes", + "SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "SendEnv XMODIFIERS" + ] + } + }, + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "Include /etc/ssh/sshd_config.d/*.conf", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server" + ] + }, + "/etc/ssh/sshd_config.d": { + "50-redhat.conf": [ + "Include /etc/crypto-policies/back-ends/opensshserver.config", + "SyslogFacility AUTHPRIV", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no", + "AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "AcceptEnv XMODIFIERS" + ] + } + }, "sudoers": { "/etc/sudoers": [ "Defaults !visiblepw", @@ -10183,6 +10238,250 @@ "r! /tmp/.X[0-9]*-lock" ] } + }, + "yum_repos": { + "/etc/yum.repos.d": { + "fedora-cisco-openh264.repo": { + "fedora-cisco-openh264": { + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "14d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-cisco-openh264-$releasever&arch=$basearch", + "name": "Fedora $releasever openh264 (From Cisco) - $basearch", + "repo_gpgcheck": "0", + "skip_if_unavailable": "True", + "type": "rpm" + }, + "fedora-cisco-openh264-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "14d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-cisco-openh264-debug-$releasever&arch=$basearch", + "name": "Fedora $releasever openh264 (From Cisco) - $basearch - Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "True", + "type": "rpm" + } + }, + "fedora-modular.repo": { + "fedora-modular": { + "countme": "1", + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "7d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-modular-$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - $basearch", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "fedora-modular-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "7d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-modular-debug-$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - $basearch - Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "fedora-modular-source": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "7d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-modular-source-$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - Source", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + } + }, + "fedora-updates-modular.repo": { + "updates-modular": { + "countme": "1", + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-released-modular-f$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - $basearch - Updates", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-modular-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-released-modular-debug-f$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - $basearch - Updates - Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-modular-source": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-released-modular-source-f$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - Updates Source", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + } + }, + "fedora-updates-testing-modular.repo": { + "updates-testing-modular": { + "countme": "1", + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-testing-modular-f$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - $basearch - Test Updates", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-testing-modular-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-testing-modular-debug-f$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - $basearch - Test Updates Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-testing-modular-source": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-testing-modular-source-f$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - Test Updates Source", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + } + }, + "fedora-updates-testing.repo": { + "updates-testing": { + "countme": "1", + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-testing-f$releasever&arch=$basearch", + "name": "Fedora $releasever - $basearch - Test Updates", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-testing-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-testing-debug-f$releasever&arch=$basearch", + "name": "Fedora $releasever - $basearch - Test Updates Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-testing-source": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-testing-source-f$releasever&arch=$basearch", + "name": "Fedora $releasever - Test Updates Source", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + } + }, + "fedora-updates.repo": { + "updates": { + "countme": "1", + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-released-f$releasever&arch=$basearch", + "name": "Fedora $releasever - $basearch - Updates", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-released-debug-f$releasever&arch=$basearch", + "name": "Fedora $releasever - $basearch - Updates - Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-source": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-released-source-f$releasever&arch=$basearch", + "name": "Fedora $releasever - Updates Source", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + } + }, + "fedora.repo": { + "fedora": { + "countme": "1", + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "7d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-$releasever&arch=$basearch", + "name": "Fedora $releasever - $basearch", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "fedora-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "7d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-debug-$releasever&arch=$basearch", + "name": "Fedora $releasever - $basearch - Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "fedora-source": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "7d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-source-$releasever&arch=$basearch", + "name": "Fedora $releasever - Source", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + } + } + } } } } diff --git a/test/data/manifests/fedora_34-aarch64-qcow2_customize-boot.json b/test/data/manifests/fedora_34-aarch64-qcow2_customize-boot.json index a642cb803..1a992f2fd 100644 --- a/test/data/manifests/fedora_34-aarch64-qcow2_customize-boot.json +++ b/test/data/manifests/fedora_34-aarch64-qcow2_customize-boot.json @@ -9389,6 +9389,17 @@ } }, "default-target": "graphical.target", + "dnf": { + "dnf.conf": { + "main": { + "best": "False", + "clean_requirements_on_remove": "True", + "gpgcheck": "1", + "installonly_limit": "3", + "skip_if_unavailable": "True" + } + } + }, "dracut": { "/usr/lib/dracut/dracut.conf.d": { "01-dist.conf": { @@ -10047,6 +10058,50 @@ "systemd-userdbd.socket", "unbound-anchor.timer" ], + "ssh_config": { + "/etc/ssh": { + "ssh_config": [ + "Include /etc/ssh/ssh_config.d/*.conf" + ] + }, + "/etc/ssh/ssh_config.d": { + "50-redhat.conf": [ + "Match final all", + "Include /etc/crypto-policies/back-ends/openssh.config", + "GSSAPIAuthentication yes", + "ForwardX11Trusted yes", + "SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "SendEnv XMODIFIERS" + ] + } + }, + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "Include /etc/ssh/sshd_config.d/*.conf", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server" + ] + }, + "/etc/ssh/sshd_config.d": { + "50-redhat.conf": [ + "Include /etc/crypto-policies/back-ends/opensshserver.config", + "SyslogFacility AUTHPRIV", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no", + "AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "AcceptEnv XMODIFIERS" + ] + } + }, "sudoers": { "/etc/sudoers": [ "Defaults !visiblepw", @@ -10296,6 +10351,250 @@ "r! /tmp/.X[0-9]*-lock" ] } + }, + "yum_repos": { + "/etc/yum.repos.d": { + "fedora-cisco-openh264.repo": { + "fedora-cisco-openh264": { + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "14d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-cisco-openh264-$releasever&arch=$basearch", + "name": "Fedora $releasever openh264 (From Cisco) - $basearch", + "repo_gpgcheck": "0", + "skip_if_unavailable": "True", + "type": "rpm" + }, + "fedora-cisco-openh264-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "14d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-cisco-openh264-debug-$releasever&arch=$basearch", + "name": "Fedora $releasever openh264 (From Cisco) - $basearch - Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "True", + "type": "rpm" + } + }, + "fedora-modular.repo": { + "fedora-modular": { + "countme": "1", + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "7d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-modular-$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - $basearch", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "fedora-modular-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "7d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-modular-debug-$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - $basearch - Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "fedora-modular-source": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "7d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-modular-source-$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - Source", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + } + }, + "fedora-updates-modular.repo": { + "updates-modular": { + "countme": "1", + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-released-modular-f$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - $basearch - Updates", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-modular-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-released-modular-debug-f$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - $basearch - Updates - Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-modular-source": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-released-modular-source-f$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - Updates Source", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + } + }, + "fedora-updates-testing-modular.repo": { + "updates-testing-modular": { + "countme": "1", + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-testing-modular-f$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - $basearch - Test Updates", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-testing-modular-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-testing-modular-debug-f$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - $basearch - Test Updates Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-testing-modular-source": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-testing-modular-source-f$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - Test Updates Source", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + } + }, + "fedora-updates-testing.repo": { + "updates-testing": { + "countme": "1", + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-testing-f$releasever&arch=$basearch", + "name": "Fedora $releasever - $basearch - Test Updates", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-testing-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-testing-debug-f$releasever&arch=$basearch", + "name": "Fedora $releasever - $basearch - Test Updates Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-testing-source": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-testing-source-f$releasever&arch=$basearch", + "name": "Fedora $releasever - Test Updates Source", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + } + }, + "fedora-updates.repo": { + "updates": { + "countme": "1", + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-released-f$releasever&arch=$basearch", + "name": "Fedora $releasever - $basearch - Updates", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-released-debug-f$releasever&arch=$basearch", + "name": "Fedora $releasever - $basearch - Updates - Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-source": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-released-source-f$releasever&arch=$basearch", + "name": "Fedora $releasever - Updates Source", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + } + }, + "fedora.repo": { + "fedora": { + "countme": "1", + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "7d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-$releasever&arch=$basearch", + "name": "Fedora $releasever - $basearch", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "fedora-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "7d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-debug-$releasever&arch=$basearch", + "name": "Fedora $releasever - $basearch - Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "fedora-source": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "7d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-source-$releasever&arch=$basearch", + "name": "Fedora $releasever - Source", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + } + } + } } } } diff --git a/test/data/manifests/fedora_34-x86_64-ami-boot.json b/test/data/manifests/fedora_34-x86_64-ami-boot.json index 321482748..8c5096fb4 100644 --- a/test/data/manifests/fedora_34-x86_64-ami-boot.json +++ b/test/data/manifests/fedora_34-x86_64-ami-boot.json @@ -9396,6 +9396,17 @@ } }, "default-target": "graphical.target", + "dnf": { + "dnf.conf": { + "main": { + "best": "False", + "clean_requirements_on_remove": "True", + "gpgcheck": "1", + "installonly_limit": "3", + "skip_if_unavailable": "True" + } + } + }, "dracut": { "/usr/lib/dracut/dracut.conf.d": { "01-dist.conf": { @@ -10033,6 +10044,50 @@ "systemd-userdbd.socket", "unbound-anchor.timer" ], + "ssh_config": { + "/etc/ssh": { + "ssh_config": [ + "Include /etc/ssh/ssh_config.d/*.conf" + ] + }, + "/etc/ssh/ssh_config.d": { + "50-redhat.conf": [ + "Match final all", + "Include /etc/crypto-policies/back-ends/openssh.config", + "GSSAPIAuthentication yes", + "ForwardX11Trusted yes", + "SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "SendEnv XMODIFIERS" + ] + } + }, + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "Include /etc/ssh/sshd_config.d/*.conf", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server" + ] + }, + "/etc/ssh/sshd_config.d": { + "50-redhat.conf": [ + "Include /etc/crypto-policies/back-ends/opensshserver.config", + "SyslogFacility AUTHPRIV", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no", + "AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "AcceptEnv XMODIFIERS" + ] + } + }, "sudoers": { "/etc/sudoers": [ "Defaults !visiblepw", @@ -10270,6 +10325,250 @@ "r! /tmp/.X[0-9]*-lock" ] } + }, + "yum_repos": { + "/etc/yum.repos.d": { + "fedora-cisco-openh264.repo": { + "fedora-cisco-openh264": { + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "14d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-cisco-openh264-$releasever&arch=$basearch", + "name": "Fedora $releasever openh264 (From Cisco) - $basearch", + "repo_gpgcheck": "0", + "skip_if_unavailable": "True", + "type": "rpm" + }, + "fedora-cisco-openh264-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "14d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-cisco-openh264-debug-$releasever&arch=$basearch", + "name": "Fedora $releasever openh264 (From Cisco) - $basearch - Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "True", + "type": "rpm" + } + }, + "fedora-modular.repo": { + "fedora-modular": { + "countme": "1", + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "7d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-modular-$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - $basearch", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "fedora-modular-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "7d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-modular-debug-$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - $basearch - Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "fedora-modular-source": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "7d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-modular-source-$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - Source", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + } + }, + "fedora-updates-modular.repo": { + "updates-modular": { + "countme": "1", + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-released-modular-f$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - $basearch - Updates", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-modular-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-released-modular-debug-f$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - $basearch - Updates - Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-modular-source": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-released-modular-source-f$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - Updates Source", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + } + }, + "fedora-updates-testing-modular.repo": { + "updates-testing-modular": { + "countme": "1", + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-testing-modular-f$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - $basearch - Test Updates", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-testing-modular-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-testing-modular-debug-f$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - $basearch - Test Updates Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-testing-modular-source": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-testing-modular-source-f$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - Test Updates Source", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + } + }, + "fedora-updates-testing.repo": { + "updates-testing": { + "countme": "1", + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-testing-f$releasever&arch=$basearch", + "name": "Fedora $releasever - $basearch - Test Updates", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-testing-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-testing-debug-f$releasever&arch=$basearch", + "name": "Fedora $releasever - $basearch - Test Updates Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-testing-source": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-testing-source-f$releasever&arch=$basearch", + "name": "Fedora $releasever - Test Updates Source", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + } + }, + "fedora-updates.repo": { + "updates": { + "countme": "1", + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-released-f$releasever&arch=$basearch", + "name": "Fedora $releasever - $basearch - Updates", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-released-debug-f$releasever&arch=$basearch", + "name": "Fedora $releasever - $basearch - Updates - Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-source": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-released-source-f$releasever&arch=$basearch", + "name": "Fedora $releasever - Updates Source", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + } + }, + "fedora.repo": { + "fedora": { + "countme": "1", + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "7d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-$releasever&arch=$basearch", + "name": "Fedora $releasever - $basearch", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "fedora-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "7d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-debug-$releasever&arch=$basearch", + "name": "Fedora $releasever - $basearch - Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "fedora-source": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "7d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-source-$releasever&arch=$basearch", + "name": "Fedora $releasever - Source", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + } + } + } } } } diff --git a/test/data/manifests/fedora_34-x86_64-fedora_iot_commit-boot.json b/test/data/manifests/fedora_34-x86_64-fedora_iot_commit-boot.json index 8b5b66a06..035b91fed 100644 --- a/test/data/manifests/fedora_34-x86_64-fedora_iot_commit-boot.json +++ b/test/data/manifests/fedora_34-x86_64-fedora_iot_commit-boot.json @@ -11666,6 +11666,50 @@ "udisks2.service", "zezere_ignition.timer" ], + "ssh_config": { + "/etc/ssh": { + "ssh_config": [ + "Include /etc/ssh/ssh_config.d/*.conf" + ] + }, + "/etc/ssh/ssh_config.d": { + "50-redhat.conf": [ + "Match final all", + "Include /etc/crypto-policies/back-ends/openssh.config", + "GSSAPIAuthentication yes", + "ForwardX11Trusted yes", + "SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "SendEnv XMODIFIERS" + ] + } + }, + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "Include /etc/ssh/sshd_config.d/*.conf", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server" + ] + }, + "/etc/ssh/sshd_config.d": { + "50-redhat.conf": [ + "Include /etc/crypto-policies/back-ends/opensshserver.config", + "SyslogFacility AUTHPRIV", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no", + "AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "AcceptEnv XMODIFIERS" + ] + } + }, "sudoers": { "/etc/sudoers": [ "Defaults !visiblepw", @@ -12009,6 +12053,142 @@ ] } }, - "type": "ostree/commit" + "type": "ostree/commit", + "yum_repos": { + "/etc/yum.repos.d": { + "fedora-cisco-openh264.repo": { + "fedora-cisco-openh264": { + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "14d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-cisco-openh264-$releasever&arch=$basearch", + "name": "Fedora $releasever openh264 (From Cisco) - $basearch", + "repo_gpgcheck": "0", + "skip_if_unavailable": "True", + "type": "rpm" + }, + "fedora-cisco-openh264-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "14d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-cisco-openh264-debug-$releasever&arch=$basearch", + "name": "Fedora $releasever openh264 (From Cisco) - $basearch - Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "True", + "type": "rpm" + } + }, + "fedora-updates-testing.repo": { + "updates-testing": { + "countme": "1", + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-testing-f$releasever&arch=$basearch", + "name": "Fedora $releasever - $basearch - Test Updates", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-testing-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-testing-debug-f$releasever&arch=$basearch", + "name": "Fedora $releasever - $basearch - Test Updates Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-testing-source": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-testing-source-f$releasever&arch=$basearch", + "name": "Fedora $releasever - Test Updates Source", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + } + }, + "fedora-updates.repo": { + "updates": { + "countme": "1", + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-released-f$releasever&arch=$basearch", + "name": "Fedora $releasever - $basearch - Updates", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-released-debug-f$releasever&arch=$basearch", + "name": "Fedora $releasever - $basearch - Updates - Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-source": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-released-source-f$releasever&arch=$basearch", + "name": "Fedora $releasever - Updates Source", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + } + }, + "fedora.repo": { + "fedora": { + "countme": "1", + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "7d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-$releasever&arch=$basearch", + "name": "Fedora $releasever - $basearch", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "fedora-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "7d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-debug-$releasever&arch=$basearch", + "name": "Fedora $releasever - $basearch - Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "fedora-source": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "7d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-source-$releasever&arch=$basearch", + "name": "Fedora $releasever - Source", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + } + } + } + } } } diff --git a/test/data/manifests/fedora_34-x86_64-fedora_iot_commit_debug-boot.json b/test/data/manifests/fedora_34-x86_64-fedora_iot_commit_debug-boot.json index 5174a01a7..412ec45cc 100644 --- a/test/data/manifests/fedora_34-x86_64-fedora_iot_commit_debug-boot.json +++ b/test/data/manifests/fedora_34-x86_64-fedora_iot_commit_debug-boot.json @@ -11672,6 +11672,50 @@ "udisks2.service", "zezere_ignition.timer" ], + "ssh_config": { + "/etc/ssh": { + "ssh_config": [ + "Include /etc/ssh/ssh_config.d/*.conf" + ] + }, + "/etc/ssh/ssh_config.d": { + "50-redhat.conf": [ + "Match final all", + "Include /etc/crypto-policies/back-ends/openssh.config", + "GSSAPIAuthentication yes", + "ForwardX11Trusted yes", + "SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "SendEnv XMODIFIERS" + ] + } + }, + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "Include /etc/ssh/sshd_config.d/*.conf", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server" + ] + }, + "/etc/ssh/sshd_config.d": { + "50-redhat.conf": [ + "Include /etc/crypto-policies/back-ends/opensshserver.config", + "SyslogFacility AUTHPRIV", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no", + "AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "AcceptEnv XMODIFIERS" + ] + } + }, "sudoers": { "/etc/sudoers": [ "Defaults !visiblepw", @@ -12015,6 +12059,142 @@ ] } }, - "type": "ostree/commit" + "type": "ostree/commit", + "yum_repos": { + "/etc/yum.repos.d": { + "fedora-cisco-openh264.repo": { + "fedora-cisco-openh264": { + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "14d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-cisco-openh264-$releasever&arch=$basearch", + "name": "Fedora $releasever openh264 (From Cisco) - $basearch", + "repo_gpgcheck": "0", + "skip_if_unavailable": "True", + "type": "rpm" + }, + "fedora-cisco-openh264-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "14d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-cisco-openh264-debug-$releasever&arch=$basearch", + "name": "Fedora $releasever openh264 (From Cisco) - $basearch - Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "True", + "type": "rpm" + } + }, + "fedora-updates-testing.repo": { + "updates-testing": { + "countme": "1", + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-testing-f$releasever&arch=$basearch", + "name": "Fedora $releasever - $basearch - Test Updates", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-testing-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-testing-debug-f$releasever&arch=$basearch", + "name": "Fedora $releasever - $basearch - Test Updates Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-testing-source": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-testing-source-f$releasever&arch=$basearch", + "name": "Fedora $releasever - Test Updates Source", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + } + }, + "fedora-updates.repo": { + "updates": { + "countme": "1", + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-released-f$releasever&arch=$basearch", + "name": "Fedora $releasever - $basearch - Updates", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-released-debug-f$releasever&arch=$basearch", + "name": "Fedora $releasever - $basearch - Updates - Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-source": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-released-source-f$releasever&arch=$basearch", + "name": "Fedora $releasever - Updates Source", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + } + }, + "fedora.repo": { + "fedora": { + "countme": "1", + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "7d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-$releasever&arch=$basearch", + "name": "Fedora $releasever - $basearch", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "fedora-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "7d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-debug-$releasever&arch=$basearch", + "name": "Fedora $releasever - $basearch - Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "fedora-source": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "7d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-source-$releasever&arch=$basearch", + "name": "Fedora $releasever - Source", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + } + } + } + } } } diff --git a/test/data/manifests/fedora_34-x86_64-oci-boot.json b/test/data/manifests/fedora_34-x86_64-oci-boot.json index 8f9bf6086..f1665c155 100644 --- a/test/data/manifests/fedora_34-x86_64-oci-boot.json +++ b/test/data/manifests/fedora_34-x86_64-oci-boot.json @@ -9316,6 +9316,17 @@ } }, "default-target": "graphical.target", + "dnf": { + "dnf.conf": { + "main": { + "best": "False", + "clean_requirements_on_remove": "True", + "gpgcheck": "1", + "installonly_limit": "3", + "skip_if_unavailable": "True" + } + } + }, "dracut": { "/usr/lib/dracut/dracut.conf.d": { "01-dist.conf": { @@ -9945,6 +9956,50 @@ "systemd-userdbd.socket", "unbound-anchor.timer" ], + "ssh_config": { + "/etc/ssh": { + "ssh_config": [ + "Include /etc/ssh/ssh_config.d/*.conf" + ] + }, + "/etc/ssh/ssh_config.d": { + "50-redhat.conf": [ + "Match final all", + "Include /etc/crypto-policies/back-ends/openssh.config", + "GSSAPIAuthentication yes", + "ForwardX11Trusted yes", + "SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "SendEnv XMODIFIERS" + ] + } + }, + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "Include /etc/ssh/sshd_config.d/*.conf", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server" + ] + }, + "/etc/ssh/sshd_config.d": { + "50-redhat.conf": [ + "Include /etc/crypto-policies/back-ends/opensshserver.config", + "SyslogFacility AUTHPRIV", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no", + "AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "AcceptEnv XMODIFIERS" + ] + } + }, "sudoers": { "/etc/sudoers": [ "Defaults !visiblepw", @@ -10194,6 +10249,250 @@ "r! /tmp/.X[0-9]*-lock" ] } + }, + "yum_repos": { + "/etc/yum.repos.d": { + "fedora-cisco-openh264.repo": { + "fedora-cisco-openh264": { + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "14d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-cisco-openh264-$releasever&arch=$basearch", + "name": "Fedora $releasever openh264 (From Cisco) - $basearch", + "repo_gpgcheck": "0", + "skip_if_unavailable": "True", + "type": "rpm" + }, + "fedora-cisco-openh264-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "14d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-cisco-openh264-debug-$releasever&arch=$basearch", + "name": "Fedora $releasever openh264 (From Cisco) - $basearch - Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "True", + "type": "rpm" + } + }, + "fedora-modular.repo": { + "fedora-modular": { + "countme": "1", + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "7d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-modular-$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - $basearch", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "fedora-modular-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "7d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-modular-debug-$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - $basearch - Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "fedora-modular-source": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "7d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-modular-source-$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - Source", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + } + }, + "fedora-updates-modular.repo": { + "updates-modular": { + "countme": "1", + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-released-modular-f$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - $basearch - Updates", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-modular-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-released-modular-debug-f$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - $basearch - Updates - Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-modular-source": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-released-modular-source-f$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - Updates Source", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + } + }, + "fedora-updates-testing-modular.repo": { + "updates-testing-modular": { + "countme": "1", + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-testing-modular-f$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - $basearch - Test Updates", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-testing-modular-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-testing-modular-debug-f$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - $basearch - Test Updates Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-testing-modular-source": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-testing-modular-source-f$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - Test Updates Source", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + } + }, + "fedora-updates-testing.repo": { + "updates-testing": { + "countme": "1", + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-testing-f$releasever&arch=$basearch", + "name": "Fedora $releasever - $basearch - Test Updates", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-testing-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-testing-debug-f$releasever&arch=$basearch", + "name": "Fedora $releasever - $basearch - Test Updates Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-testing-source": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-testing-source-f$releasever&arch=$basearch", + "name": "Fedora $releasever - Test Updates Source", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + } + }, + "fedora-updates.repo": { + "updates": { + "countme": "1", + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-released-f$releasever&arch=$basearch", + "name": "Fedora $releasever - $basearch - Updates", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-released-debug-f$releasever&arch=$basearch", + "name": "Fedora $releasever - $basearch - Updates - Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-source": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-released-source-f$releasever&arch=$basearch", + "name": "Fedora $releasever - Updates Source", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + } + }, + "fedora.repo": { + "fedora": { + "countme": "1", + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "7d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-$releasever&arch=$basearch", + "name": "Fedora $releasever - $basearch", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "fedora-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "7d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-debug-$releasever&arch=$basearch", + "name": "Fedora $releasever - $basearch - Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "fedora-source": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "7d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-source-$releasever&arch=$basearch", + "name": "Fedora $releasever - Source", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + } + } + } } } } diff --git a/test/data/manifests/fedora_34-x86_64-openstack-boot.json b/test/data/manifests/fedora_34-x86_64-openstack-boot.json index 35f41f411..6b8e37fbe 100644 --- a/test/data/manifests/fedora_34-x86_64-openstack-boot.json +++ b/test/data/manifests/fedora_34-x86_64-openstack-boot.json @@ -9745,6 +9745,17 @@ } }, "default-target": "graphical.target", + "dnf": { + "dnf.conf": { + "main": { + "best": "False", + "clean_requirements_on_remove": "True", + "gpgcheck": "1", + "installonly_limit": "3", + "skip_if_unavailable": "True" + } + } + }, "dracut": { "/usr/lib/dracut/dracut.conf.d": { "01-dist.conf": { @@ -10414,6 +10425,50 @@ "systemd-userdbd.socket", "unbound-anchor.timer" ], + "ssh_config": { + "/etc/ssh": { + "ssh_config": [ + "Include /etc/ssh/ssh_config.d/*.conf" + ] + }, + "/etc/ssh/ssh_config.d": { + "50-redhat.conf": [ + "Match final all", + "Include /etc/crypto-policies/back-ends/openssh.config", + "GSSAPIAuthentication yes", + "ForwardX11Trusted yes", + "SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "SendEnv XMODIFIERS" + ] + } + }, + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "Include /etc/ssh/sshd_config.d/*.conf", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server" + ] + }, + "/etc/ssh/sshd_config.d": { + "50-redhat.conf": [ + "Include /etc/crypto-policies/back-ends/opensshserver.config", + "SyslogFacility AUTHPRIV", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no", + "AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "AcceptEnv XMODIFIERS" + ] + } + }, "sudoers": { "/etc/sudoers": [ "Defaults !visiblepw", @@ -10654,6 +10709,250 @@ "r! /tmp/.X[0-9]*-lock" ] } + }, + "yum_repos": { + "/etc/yum.repos.d": { + "fedora-cisco-openh264.repo": { + "fedora-cisco-openh264": { + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "14d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-cisco-openh264-$releasever&arch=$basearch", + "name": "Fedora $releasever openh264 (From Cisco) - $basearch", + "repo_gpgcheck": "0", + "skip_if_unavailable": "True", + "type": "rpm" + }, + "fedora-cisco-openh264-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "14d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-cisco-openh264-debug-$releasever&arch=$basearch", + "name": "Fedora $releasever openh264 (From Cisco) - $basearch - Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "True", + "type": "rpm" + } + }, + "fedora-modular.repo": { + "fedora-modular": { + "countme": "1", + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "7d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-modular-$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - $basearch", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "fedora-modular-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "7d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-modular-debug-$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - $basearch - Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "fedora-modular-source": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "7d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-modular-source-$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - Source", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + } + }, + "fedora-updates-modular.repo": { + "updates-modular": { + "countme": "1", + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-released-modular-f$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - $basearch - Updates", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-modular-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-released-modular-debug-f$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - $basearch - Updates - Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-modular-source": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-released-modular-source-f$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - Updates Source", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + } + }, + "fedora-updates-testing-modular.repo": { + "updates-testing-modular": { + "countme": "1", + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-testing-modular-f$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - $basearch - Test Updates", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-testing-modular-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-testing-modular-debug-f$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - $basearch - Test Updates Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-testing-modular-source": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-testing-modular-source-f$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - Test Updates Source", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + } + }, + "fedora-updates-testing.repo": { + "updates-testing": { + "countme": "1", + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-testing-f$releasever&arch=$basearch", + "name": "Fedora $releasever - $basearch - Test Updates", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-testing-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-testing-debug-f$releasever&arch=$basearch", + "name": "Fedora $releasever - $basearch - Test Updates Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-testing-source": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-testing-source-f$releasever&arch=$basearch", + "name": "Fedora $releasever - Test Updates Source", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + } + }, + "fedora-updates.repo": { + "updates": { + "countme": "1", + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-released-f$releasever&arch=$basearch", + "name": "Fedora $releasever - $basearch - Updates", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-released-debug-f$releasever&arch=$basearch", + "name": "Fedora $releasever - $basearch - Updates - Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-source": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-released-source-f$releasever&arch=$basearch", + "name": "Fedora $releasever - Updates Source", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + } + }, + "fedora.repo": { + "fedora": { + "countme": "1", + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "7d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-$releasever&arch=$basearch", + "name": "Fedora $releasever - $basearch", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "fedora-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "7d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-debug-$releasever&arch=$basearch", + "name": "Fedora $releasever - $basearch - Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "fedora-source": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "7d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-source-$releasever&arch=$basearch", + "name": "Fedora $releasever - Source", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + } + } + } } } } diff --git a/test/data/manifests/fedora_34-x86_64-qcow2-boot.json b/test/data/manifests/fedora_34-x86_64-qcow2-boot.json index 98238a130..63ea1de73 100644 --- a/test/data/manifests/fedora_34-x86_64-qcow2-boot.json +++ b/test/data/manifests/fedora_34-x86_64-qcow2-boot.json @@ -9340,6 +9340,17 @@ } }, "default-target": "graphical.target", + "dnf": { + "dnf.conf": { + "main": { + "best": "False", + "clean_requirements_on_remove": "True", + "gpgcheck": "1", + "installonly_limit": "3", + "skip_if_unavailable": "True" + } + } + }, "dracut": { "/usr/lib/dracut/dracut.conf.d": { "01-dist.conf": { @@ -9971,6 +9982,50 @@ "systemd-userdbd.socket", "unbound-anchor.timer" ], + "ssh_config": { + "/etc/ssh": { + "ssh_config": [ + "Include /etc/ssh/ssh_config.d/*.conf" + ] + }, + "/etc/ssh/ssh_config.d": { + "50-redhat.conf": [ + "Match final all", + "Include /etc/crypto-policies/back-ends/openssh.config", + "GSSAPIAuthentication yes", + "ForwardX11Trusted yes", + "SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "SendEnv XMODIFIERS" + ] + } + }, + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "Include /etc/ssh/sshd_config.d/*.conf", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server" + ] + }, + "/etc/ssh/sshd_config.d": { + "50-redhat.conf": [ + "Include /etc/crypto-policies/back-ends/opensshserver.config", + "SyslogFacility AUTHPRIV", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no", + "AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "AcceptEnv XMODIFIERS" + ] + } + }, "sudoers": { "/etc/sudoers": [ "Defaults !visiblepw", @@ -10220,6 +10275,250 @@ "r! /tmp/.X[0-9]*-lock" ] } + }, + "yum_repos": { + "/etc/yum.repos.d": { + "fedora-cisco-openh264.repo": { + "fedora-cisco-openh264": { + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "14d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-cisco-openh264-$releasever&arch=$basearch", + "name": "Fedora $releasever openh264 (From Cisco) - $basearch", + "repo_gpgcheck": "0", + "skip_if_unavailable": "True", + "type": "rpm" + }, + "fedora-cisco-openh264-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "14d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-cisco-openh264-debug-$releasever&arch=$basearch", + "name": "Fedora $releasever openh264 (From Cisco) - $basearch - Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "True", + "type": "rpm" + } + }, + "fedora-modular.repo": { + "fedora-modular": { + "countme": "1", + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "7d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-modular-$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - $basearch", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "fedora-modular-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "7d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-modular-debug-$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - $basearch - Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "fedora-modular-source": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "7d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-modular-source-$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - Source", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + } + }, + "fedora-updates-modular.repo": { + "updates-modular": { + "countme": "1", + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-released-modular-f$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - $basearch - Updates", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-modular-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-released-modular-debug-f$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - $basearch - Updates - Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-modular-source": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-released-modular-source-f$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - Updates Source", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + } + }, + "fedora-updates-testing-modular.repo": { + "updates-testing-modular": { + "countme": "1", + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-testing-modular-f$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - $basearch - Test Updates", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-testing-modular-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-testing-modular-debug-f$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - $basearch - Test Updates Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-testing-modular-source": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-testing-modular-source-f$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - Test Updates Source", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + } + }, + "fedora-updates-testing.repo": { + "updates-testing": { + "countme": "1", + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-testing-f$releasever&arch=$basearch", + "name": "Fedora $releasever - $basearch - Test Updates", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-testing-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-testing-debug-f$releasever&arch=$basearch", + "name": "Fedora $releasever - $basearch - Test Updates Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-testing-source": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-testing-source-f$releasever&arch=$basearch", + "name": "Fedora $releasever - Test Updates Source", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + } + }, + "fedora-updates.repo": { + "updates": { + "countme": "1", + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-released-f$releasever&arch=$basearch", + "name": "Fedora $releasever - $basearch - Updates", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-released-debug-f$releasever&arch=$basearch", + "name": "Fedora $releasever - $basearch - Updates - Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-source": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-released-source-f$releasever&arch=$basearch", + "name": "Fedora $releasever - Updates Source", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + } + }, + "fedora.repo": { + "fedora": { + "countme": "1", + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "7d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-$releasever&arch=$basearch", + "name": "Fedora $releasever - $basearch", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "fedora-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "7d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-debug-$releasever&arch=$basearch", + "name": "Fedora $releasever - $basearch - Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "fedora-source": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "7d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-source-$releasever&arch=$basearch", + "name": "Fedora $releasever - Source", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + } + } + } } } } diff --git a/test/data/manifests/fedora_34-x86_64-qcow2_customize-boot.json b/test/data/manifests/fedora_34-x86_64-qcow2_customize-boot.json index 45aeefcd5..8bf65aaa4 100644 --- a/test/data/manifests/fedora_34-x86_64-qcow2_customize-boot.json +++ b/test/data/manifests/fedora_34-x86_64-qcow2_customize-boot.json @@ -9444,6 +9444,17 @@ } }, "default-target": "graphical.target", + "dnf": { + "dnf.conf": { + "main": { + "best": "False", + "clean_requirements_on_remove": "True", + "gpgcheck": "1", + "installonly_limit": "3", + "skip_if_unavailable": "True" + } + } + }, "dracut": { "/usr/lib/dracut/dracut.conf.d": { "01-dist.conf": { @@ -10084,6 +10095,50 @@ "systemd-userdbd.socket", "unbound-anchor.timer" ], + "ssh_config": { + "/etc/ssh": { + "ssh_config": [ + "Include /etc/ssh/ssh_config.d/*.conf" + ] + }, + "/etc/ssh/ssh_config.d": { + "50-redhat.conf": [ + "Match final all", + "Include /etc/crypto-policies/back-ends/openssh.config", + "GSSAPIAuthentication yes", + "ForwardX11Trusted yes", + "SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "SendEnv XMODIFIERS" + ] + } + }, + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "Include /etc/ssh/sshd_config.d/*.conf", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server" + ] + }, + "/etc/ssh/sshd_config.d": { + "50-redhat.conf": [ + "Include /etc/crypto-policies/back-ends/opensshserver.config", + "SyslogFacility AUTHPRIV", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no", + "AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "AcceptEnv XMODIFIERS" + ] + } + }, "sudoers": { "/etc/sudoers": [ "Defaults !visiblepw", @@ -10333,6 +10388,250 @@ "r! /tmp/.X[0-9]*-lock" ] } + }, + "yum_repos": { + "/etc/yum.repos.d": { + "fedora-cisco-openh264.repo": { + "fedora-cisco-openh264": { + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "14d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-cisco-openh264-$releasever&arch=$basearch", + "name": "Fedora $releasever openh264 (From Cisco) - $basearch", + "repo_gpgcheck": "0", + "skip_if_unavailable": "True", + "type": "rpm" + }, + "fedora-cisco-openh264-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "14d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-cisco-openh264-debug-$releasever&arch=$basearch", + "name": "Fedora $releasever openh264 (From Cisco) - $basearch - Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "True", + "type": "rpm" + } + }, + "fedora-modular.repo": { + "fedora-modular": { + "countme": "1", + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "7d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-modular-$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - $basearch", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "fedora-modular-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "7d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-modular-debug-$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - $basearch - Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "fedora-modular-source": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "7d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-modular-source-$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - Source", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + } + }, + "fedora-updates-modular.repo": { + "updates-modular": { + "countme": "1", + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-released-modular-f$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - $basearch - Updates", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-modular-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-released-modular-debug-f$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - $basearch - Updates - Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-modular-source": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-released-modular-source-f$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - Updates Source", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + } + }, + "fedora-updates-testing-modular.repo": { + "updates-testing-modular": { + "countme": "1", + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-testing-modular-f$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - $basearch - Test Updates", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-testing-modular-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-testing-modular-debug-f$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - $basearch - Test Updates Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-testing-modular-source": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-testing-modular-source-f$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - Test Updates Source", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + } + }, + "fedora-updates-testing.repo": { + "updates-testing": { + "countme": "1", + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-testing-f$releasever&arch=$basearch", + "name": "Fedora $releasever - $basearch - Test Updates", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-testing-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-testing-debug-f$releasever&arch=$basearch", + "name": "Fedora $releasever - $basearch - Test Updates Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-testing-source": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-testing-source-f$releasever&arch=$basearch", + "name": "Fedora $releasever - Test Updates Source", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + } + }, + "fedora-updates.repo": { + "updates": { + "countme": "1", + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-released-f$releasever&arch=$basearch", + "name": "Fedora $releasever - $basearch - Updates", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-released-debug-f$releasever&arch=$basearch", + "name": "Fedora $releasever - $basearch - Updates - Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-source": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-released-source-f$releasever&arch=$basearch", + "name": "Fedora $releasever - Updates Source", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + } + }, + "fedora.repo": { + "fedora": { + "countme": "1", + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "7d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-$releasever&arch=$basearch", + "name": "Fedora $releasever - $basearch", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "fedora-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "7d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-debug-$releasever&arch=$basearch", + "name": "Fedora $releasever - $basearch - Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "fedora-source": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "7d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-source-$releasever&arch=$basearch", + "name": "Fedora $releasever - Source", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + } + } + } } } } diff --git a/test/data/manifests/fedora_34-x86_64-vhd-boot.json b/test/data/manifests/fedora_34-x86_64-vhd-boot.json index 5b85aa0fe..c18cc532a 100644 --- a/test/data/manifests/fedora_34-x86_64-vhd-boot.json +++ b/test/data/manifests/fedora_34-x86_64-vhd-boot.json @@ -8857,6 +8857,17 @@ ] }, "default-target": "graphical.target", + "dnf": { + "dnf.conf": { + "main": { + "best": "False", + "clean_requirements_on_remove": "True", + "gpgcheck": "1", + "installonly_limit": "3", + "skip_if_unavailable": "True" + } + } + }, "dracut": { "/usr/lib/dracut/dracut.conf.d": { "01-dist.conf": { @@ -9466,6 +9477,50 @@ "unbound-anchor.timer", "waagent.service" ], + "ssh_config": { + "/etc/ssh": { + "ssh_config": [ + "Include /etc/ssh/ssh_config.d/*.conf" + ] + }, + "/etc/ssh/ssh_config.d": { + "50-redhat.conf": [ + "Match final all", + "Include /etc/crypto-policies/back-ends/openssh.config", + "GSSAPIAuthentication yes", + "ForwardX11Trusted yes", + "SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "SendEnv XMODIFIERS" + ] + } + }, + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "Include /etc/ssh/sshd_config.d/*.conf", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server" + ] + }, + "/etc/ssh/sshd_config.d": { + "50-redhat.conf": [ + "Include /etc/crypto-policies/back-ends/opensshserver.config", + "SyslogFacility AUTHPRIV", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no", + "AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "AcceptEnv XMODIFIERS" + ] + } + }, "sudoers": { "/etc/sudoers": [ "Defaults !visiblepw", @@ -9700,6 +9755,250 @@ "r! /tmp/.X[0-9]*-lock" ] } + }, + "yum_repos": { + "/etc/yum.repos.d": { + "fedora-cisco-openh264.repo": { + "fedora-cisco-openh264": { + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "14d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-cisco-openh264-$releasever&arch=$basearch", + "name": "Fedora $releasever openh264 (From Cisco) - $basearch", + "repo_gpgcheck": "0", + "skip_if_unavailable": "True", + "type": "rpm" + }, + "fedora-cisco-openh264-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "14d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-cisco-openh264-debug-$releasever&arch=$basearch", + "name": "Fedora $releasever openh264 (From Cisco) - $basearch - Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "True", + "type": "rpm" + } + }, + "fedora-modular.repo": { + "fedora-modular": { + "countme": "1", + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "7d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-modular-$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - $basearch", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "fedora-modular-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "7d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-modular-debug-$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - $basearch - Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "fedora-modular-source": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "7d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-modular-source-$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - Source", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + } + }, + "fedora-updates-modular.repo": { + "updates-modular": { + "countme": "1", + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-released-modular-f$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - $basearch - Updates", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-modular-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-released-modular-debug-f$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - $basearch - Updates - Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-modular-source": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-released-modular-source-f$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - Updates Source", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + } + }, + "fedora-updates-testing-modular.repo": { + "updates-testing-modular": { + "countme": "1", + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-testing-modular-f$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - $basearch - Test Updates", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-testing-modular-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-testing-modular-debug-f$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - $basearch - Test Updates Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-testing-modular-source": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-testing-modular-source-f$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - Test Updates Source", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + } + }, + "fedora-updates-testing.repo": { + "updates-testing": { + "countme": "1", + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-testing-f$releasever&arch=$basearch", + "name": "Fedora $releasever - $basearch - Test Updates", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-testing-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-testing-debug-f$releasever&arch=$basearch", + "name": "Fedora $releasever - $basearch - Test Updates Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-testing-source": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-testing-source-f$releasever&arch=$basearch", + "name": "Fedora $releasever - Test Updates Source", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + } + }, + "fedora-updates.repo": { + "updates": { + "countme": "1", + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-released-f$releasever&arch=$basearch", + "name": "Fedora $releasever - $basearch - Updates", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-released-debug-f$releasever&arch=$basearch", + "name": "Fedora $releasever - $basearch - Updates - Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-source": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-released-source-f$releasever&arch=$basearch", + "name": "Fedora $releasever - Updates Source", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + } + }, + "fedora.repo": { + "fedora": { + "countme": "1", + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "7d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-$releasever&arch=$basearch", + "name": "Fedora $releasever - $basearch", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "fedora-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "7d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-debug-$releasever&arch=$basearch", + "name": "Fedora $releasever - $basearch - Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "fedora-source": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "7d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-source-$releasever&arch=$basearch", + "name": "Fedora $releasever - Source", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + } + } + } } } } diff --git a/test/data/manifests/fedora_34-x86_64-vmdk-boot.json b/test/data/manifests/fedora_34-x86_64-vmdk-boot.json index 3832813cd..fbea81cfc 100644 --- a/test/data/manifests/fedora_34-x86_64-vmdk-boot.json +++ b/test/data/manifests/fedora_34-x86_64-vmdk-boot.json @@ -9340,6 +9340,17 @@ } }, "default-target": "graphical.target", + "dnf": { + "dnf.conf": { + "main": { + "best": "False", + "clean_requirements_on_remove": "True", + "gpgcheck": "1", + "installonly_limit": "3", + "skip_if_unavailable": "True" + } + } + }, "dracut": { "/usr/lib/dracut/dracut.conf.d": { "01-dist.conf": { @@ -9970,6 +9981,50 @@ "systemd-userdbd.socket", "unbound-anchor.timer" ], + "ssh_config": { + "/etc/ssh": { + "ssh_config": [ + "Include /etc/ssh/ssh_config.d/*.conf" + ] + }, + "/etc/ssh/ssh_config.d": { + "50-redhat.conf": [ + "Match final all", + "Include /etc/crypto-policies/back-ends/openssh.config", + "GSSAPIAuthentication yes", + "ForwardX11Trusted yes", + "SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "SendEnv XMODIFIERS" + ] + } + }, + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "Include /etc/ssh/sshd_config.d/*.conf", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server" + ] + }, + "/etc/ssh/sshd_config.d": { + "50-redhat.conf": [ + "Include /etc/crypto-policies/back-ends/opensshserver.config", + "SyslogFacility AUTHPRIV", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no", + "AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "AcceptEnv XMODIFIERS" + ] + } + }, "sudoers": { "/etc/sudoers": [ "Defaults !visiblepw", @@ -10219,6 +10274,250 @@ "r! /tmp/.X[0-9]*-lock" ] } + }, + "yum_repos": { + "/etc/yum.repos.d": { + "fedora-cisco-openh264.repo": { + "fedora-cisco-openh264": { + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "14d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-cisco-openh264-$releasever&arch=$basearch", + "name": "Fedora $releasever openh264 (From Cisco) - $basearch", + "repo_gpgcheck": "0", + "skip_if_unavailable": "True", + "type": "rpm" + }, + "fedora-cisco-openh264-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "14d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-cisco-openh264-debug-$releasever&arch=$basearch", + "name": "Fedora $releasever openh264 (From Cisco) - $basearch - Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "True", + "type": "rpm" + } + }, + "fedora-modular.repo": { + "fedora-modular": { + "countme": "1", + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "7d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-modular-$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - $basearch", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "fedora-modular-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "7d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-modular-debug-$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - $basearch - Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "fedora-modular-source": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "7d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-modular-source-$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - Source", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + } + }, + "fedora-updates-modular.repo": { + "updates-modular": { + "countme": "1", + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-released-modular-f$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - $basearch - Updates", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-modular-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-released-modular-debug-f$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - $basearch - Updates - Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-modular-source": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-released-modular-source-f$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - Updates Source", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + } + }, + "fedora-updates-testing-modular.repo": { + "updates-testing-modular": { + "countme": "1", + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-testing-modular-f$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - $basearch - Test Updates", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-testing-modular-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-testing-modular-debug-f$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - $basearch - Test Updates Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-testing-modular-source": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-testing-modular-source-f$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - Test Updates Source", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + } + }, + "fedora-updates-testing.repo": { + "updates-testing": { + "countme": "1", + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-testing-f$releasever&arch=$basearch", + "name": "Fedora $releasever - $basearch - Test Updates", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-testing-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-testing-debug-f$releasever&arch=$basearch", + "name": "Fedora $releasever - $basearch - Test Updates Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-testing-source": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-testing-source-f$releasever&arch=$basearch", + "name": "Fedora $releasever - Test Updates Source", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + } + }, + "fedora-updates.repo": { + "updates": { + "countme": "1", + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-released-f$releasever&arch=$basearch", + "name": "Fedora $releasever - $basearch - Updates", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-released-debug-f$releasever&arch=$basearch", + "name": "Fedora $releasever - $basearch - Updates - Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-source": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-released-source-f$releasever&arch=$basearch", + "name": "Fedora $releasever - Updates Source", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + } + }, + "fedora.repo": { + "fedora": { + "countme": "1", + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "7d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-$releasever&arch=$basearch", + "name": "Fedora $releasever - $basearch", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "fedora-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "7d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-debug-$releasever&arch=$basearch", + "name": "Fedora $releasever - $basearch - Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "fedora-source": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "7d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-source-$releasever&arch=$basearch", + "name": "Fedora $releasever - Source", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + } + } + } } } } diff --git a/test/data/manifests/fedora_35-aarch64-ami-boot.json b/test/data/manifests/fedora_35-aarch64-ami-boot.json index 2e81847da..57dac3f52 100644 --- a/test/data/manifests/fedora_35-aarch64-ami-boot.json +++ b/test/data/manifests/fedora_35-aarch64-ami-boot.json @@ -9734,6 +9734,17 @@ } }, "default-target": "graphical.target", + "dnf": { + "dnf.conf": { + "main": { + "best": "False", + "clean_requirements_on_remove": "True", + "gpgcheck": "1", + "installonly_limit": "3", + "skip_if_unavailable": "True" + } + } + }, "dracut": { "/usr/lib/dracut/dracut.conf.d": { "01-dist.conf": { @@ -10416,6 +10427,50 @@ "systemd-userdbd.socket", "unbound-anchor.timer" ], + "ssh_config": { + "/etc/ssh": { + "ssh_config": [ + "Include /etc/ssh/ssh_config.d/*.conf" + ] + }, + "/etc/ssh/ssh_config.d": { + "50-redhat.conf": [ + "Match final all", + "Include /etc/crypto-policies/back-ends/openssh.config", + "GSSAPIAuthentication yes", + "ForwardX11Trusted yes", + "SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "SendEnv XMODIFIERS" + ] + } + }, + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "Include /etc/ssh/sshd_config.d/*.conf", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server" + ] + }, + "/etc/ssh/sshd_config.d": { + "50-redhat.conf": [ + "Include /etc/crypto-policies/back-ends/opensshserver.config", + "SyslogFacility AUTHPRIV", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no", + "AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "AcceptEnv XMODIFIERS" + ] + } + }, "sudoers": { "/etc/sudoers": [ "Defaults !visiblepw", @@ -10653,6 +10708,250 @@ "r! /tmp/.X[0-9]*-lock" ] } + }, + "yum_repos": { + "/etc/yum.repos.d": { + "fedora-cisco-openh264.repo": { + "fedora-cisco-openh264": { + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "14d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-cisco-openh264-$releasever&arch=$basearch", + "name": "Fedora $releasever openh264 (From Cisco) - $basearch", + "repo_gpgcheck": "0", + "skip_if_unavailable": "True", + "type": "rpm" + }, + "fedora-cisco-openh264-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "14d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-cisco-openh264-debug-$releasever&arch=$basearch", + "name": "Fedora $releasever openh264 (From Cisco) - $basearch - Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "True", + "type": "rpm" + } + }, + "fedora-modular.repo": { + "fedora-modular": { + "countme": "1", + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "7d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-modular-$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - $basearch", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "fedora-modular-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "7d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-modular-debug-$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - $basearch - Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "fedora-modular-source": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "7d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-modular-source-$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - Source", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + } + }, + "fedora-updates-modular.repo": { + "updates-modular": { + "countme": "1", + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-released-modular-f$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - $basearch - Updates", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-modular-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-released-modular-debug-f$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - $basearch - Updates - Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-modular-source": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-released-modular-source-f$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - Updates Source", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + } + }, + "fedora-updates-testing-modular.repo": { + "updates-testing-modular": { + "countme": "1", + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-testing-modular-f$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - $basearch - Test Updates", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-testing-modular-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-testing-modular-debug-f$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - $basearch - Test Updates Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-testing-modular-source": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-testing-modular-source-f$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - Test Updates Source", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + } + }, + "fedora-updates-testing.repo": { + "updates-testing": { + "countme": "1", + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-testing-f$releasever&arch=$basearch", + "name": "Fedora $releasever - $basearch - Test Updates", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-testing-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-testing-debug-f$releasever&arch=$basearch", + "name": "Fedora $releasever - $basearch - Test Updates Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-testing-source": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-testing-source-f$releasever&arch=$basearch", + "name": "Fedora $releasever - Test Updates Source", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + } + }, + "fedora-updates.repo": { + "updates": { + "countme": "1", + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-released-f$releasever&arch=$basearch", + "name": "Fedora $releasever - $basearch - Updates", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-released-debug-f$releasever&arch=$basearch", + "name": "Fedora $releasever - $basearch - Updates - Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-source": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-released-source-f$releasever&arch=$basearch", + "name": "Fedora $releasever - Updates Source", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + } + }, + "fedora.repo": { + "fedora": { + "countme": "1", + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "7d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-$releasever&arch=$basearch", + "name": "Fedora $releasever - $basearch", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "fedora-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "7d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-debug-$releasever&arch=$basearch", + "name": "Fedora $releasever - $basearch - Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "fedora-source": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "7d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-source-$releasever&arch=$basearch", + "name": "Fedora $releasever - Source", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + } + } + } } } } diff --git a/test/data/manifests/fedora_35-aarch64-oci-boot.json b/test/data/manifests/fedora_35-aarch64-oci-boot.json index 14e6dd4fa..f3cbe803a 100644 --- a/test/data/manifests/fedora_35-aarch64-oci-boot.json +++ b/test/data/manifests/fedora_35-aarch64-oci-boot.json @@ -9654,6 +9654,17 @@ } }, "default-target": "graphical.target", + "dnf": { + "dnf.conf": { + "main": { + "best": "False", + "clean_requirements_on_remove": "True", + "gpgcheck": "1", + "installonly_limit": "3", + "skip_if_unavailable": "True" + } + } + }, "dracut": { "/usr/lib/dracut/dracut.conf.d": { "01-dist.conf": { @@ -10328,6 +10339,50 @@ "systemd-userdbd.socket", "unbound-anchor.timer" ], + "ssh_config": { + "/etc/ssh": { + "ssh_config": [ + "Include /etc/ssh/ssh_config.d/*.conf" + ] + }, + "/etc/ssh/ssh_config.d": { + "50-redhat.conf": [ + "Match final all", + "Include /etc/crypto-policies/back-ends/openssh.config", + "GSSAPIAuthentication yes", + "ForwardX11Trusted yes", + "SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "SendEnv XMODIFIERS" + ] + } + }, + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "Include /etc/ssh/sshd_config.d/*.conf", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server" + ] + }, + "/etc/ssh/sshd_config.d": { + "50-redhat.conf": [ + "Include /etc/crypto-policies/back-ends/opensshserver.config", + "SyslogFacility AUTHPRIV", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no", + "AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "AcceptEnv XMODIFIERS" + ] + } + }, "sudoers": { "/etc/sudoers": [ "Defaults !visiblepw", @@ -10577,6 +10632,250 @@ "r! /tmp/.X[0-9]*-lock" ] } + }, + "yum_repos": { + "/etc/yum.repos.d": { + "fedora-cisco-openh264.repo": { + "fedora-cisco-openh264": { + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "14d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-cisco-openh264-$releasever&arch=$basearch", + "name": "Fedora $releasever openh264 (From Cisco) - $basearch", + "repo_gpgcheck": "0", + "skip_if_unavailable": "True", + "type": "rpm" + }, + "fedora-cisco-openh264-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "14d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-cisco-openh264-debug-$releasever&arch=$basearch", + "name": "Fedora $releasever openh264 (From Cisco) - $basearch - Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "True", + "type": "rpm" + } + }, + "fedora-modular.repo": { + "fedora-modular": { + "countme": "1", + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "7d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-modular-$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - $basearch", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "fedora-modular-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "7d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-modular-debug-$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - $basearch - Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "fedora-modular-source": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "7d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-modular-source-$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - Source", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + } + }, + "fedora-updates-modular.repo": { + "updates-modular": { + "countme": "1", + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-released-modular-f$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - $basearch - Updates", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-modular-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-released-modular-debug-f$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - $basearch - Updates - Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-modular-source": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-released-modular-source-f$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - Updates Source", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + } + }, + "fedora-updates-testing-modular.repo": { + "updates-testing-modular": { + "countme": "1", + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-testing-modular-f$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - $basearch - Test Updates", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-testing-modular-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-testing-modular-debug-f$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - $basearch - Test Updates Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-testing-modular-source": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-testing-modular-source-f$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - Test Updates Source", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + } + }, + "fedora-updates-testing.repo": { + "updates-testing": { + "countme": "1", + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-testing-f$releasever&arch=$basearch", + "name": "Fedora $releasever - $basearch - Test Updates", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-testing-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-testing-debug-f$releasever&arch=$basearch", + "name": "Fedora $releasever - $basearch - Test Updates Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-testing-source": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-testing-source-f$releasever&arch=$basearch", + "name": "Fedora $releasever - Test Updates Source", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + } + }, + "fedora-updates.repo": { + "updates": { + "countme": "1", + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-released-f$releasever&arch=$basearch", + "name": "Fedora $releasever - $basearch - Updates", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-released-debug-f$releasever&arch=$basearch", + "name": "Fedora $releasever - $basearch - Updates - Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-source": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-released-source-f$releasever&arch=$basearch", + "name": "Fedora $releasever - Updates Source", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + } + }, + "fedora.repo": { + "fedora": { + "countme": "1", + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "7d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-$releasever&arch=$basearch", + "name": "Fedora $releasever - $basearch", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "fedora-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "7d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-debug-$releasever&arch=$basearch", + "name": "Fedora $releasever - $basearch - Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "fedora-source": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "7d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-source-$releasever&arch=$basearch", + "name": "Fedora $releasever - Source", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + } + } + } } } } diff --git a/test/data/manifests/fedora_35-aarch64-openstack-boot.json b/test/data/manifests/fedora_35-aarch64-openstack-boot.json index e78e05474..fb604f65c 100644 --- a/test/data/manifests/fedora_35-aarch64-openstack-boot.json +++ b/test/data/manifests/fedora_35-aarch64-openstack-boot.json @@ -10083,6 +10083,17 @@ } }, "default-target": "graphical.target", + "dnf": { + "dnf.conf": { + "main": { + "best": "False", + "clean_requirements_on_remove": "True", + "gpgcheck": "1", + "installonly_limit": "3", + "skip_if_unavailable": "True" + } + } + }, "dracut": { "/usr/lib/dracut/dracut.conf.d": { "01-dist.conf": { @@ -10797,6 +10808,50 @@ "systemd-userdbd.socket", "unbound-anchor.timer" ], + "ssh_config": { + "/etc/ssh": { + "ssh_config": [ + "Include /etc/ssh/ssh_config.d/*.conf" + ] + }, + "/etc/ssh/ssh_config.d": { + "50-redhat.conf": [ + "Match final all", + "Include /etc/crypto-policies/back-ends/openssh.config", + "GSSAPIAuthentication yes", + "ForwardX11Trusted yes", + "SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "SendEnv XMODIFIERS" + ] + } + }, + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "Include /etc/ssh/sshd_config.d/*.conf", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server" + ] + }, + "/etc/ssh/sshd_config.d": { + "50-redhat.conf": [ + "Include /etc/crypto-policies/back-ends/opensshserver.config", + "SyslogFacility AUTHPRIV", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no", + "AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "AcceptEnv XMODIFIERS" + ] + } + }, "sudoers": { "/etc/sudoers": [ "Defaults !visiblepw", @@ -11037,6 +11092,250 @@ "r! /tmp/.X[0-9]*-lock" ] } + }, + "yum_repos": { + "/etc/yum.repos.d": { + "fedora-cisco-openh264.repo": { + "fedora-cisco-openh264": { + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "14d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-cisco-openh264-$releasever&arch=$basearch", + "name": "Fedora $releasever openh264 (From Cisco) - $basearch", + "repo_gpgcheck": "0", + "skip_if_unavailable": "True", + "type": "rpm" + }, + "fedora-cisco-openh264-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "14d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-cisco-openh264-debug-$releasever&arch=$basearch", + "name": "Fedora $releasever openh264 (From Cisco) - $basearch - Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "True", + "type": "rpm" + } + }, + "fedora-modular.repo": { + "fedora-modular": { + "countme": "1", + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "7d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-modular-$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - $basearch", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "fedora-modular-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "7d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-modular-debug-$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - $basearch - Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "fedora-modular-source": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "7d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-modular-source-$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - Source", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + } + }, + "fedora-updates-modular.repo": { + "updates-modular": { + "countme": "1", + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-released-modular-f$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - $basearch - Updates", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-modular-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-released-modular-debug-f$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - $basearch - Updates - Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-modular-source": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-released-modular-source-f$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - Updates Source", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + } + }, + "fedora-updates-testing-modular.repo": { + "updates-testing-modular": { + "countme": "1", + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-testing-modular-f$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - $basearch - Test Updates", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-testing-modular-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-testing-modular-debug-f$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - $basearch - Test Updates Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-testing-modular-source": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-testing-modular-source-f$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - Test Updates Source", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + } + }, + "fedora-updates-testing.repo": { + "updates-testing": { + "countme": "1", + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-testing-f$releasever&arch=$basearch", + "name": "Fedora $releasever - $basearch - Test Updates", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-testing-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-testing-debug-f$releasever&arch=$basearch", + "name": "Fedora $releasever - $basearch - Test Updates Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-testing-source": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-testing-source-f$releasever&arch=$basearch", + "name": "Fedora $releasever - Test Updates Source", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + } + }, + "fedora-updates.repo": { + "updates": { + "countme": "1", + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-released-f$releasever&arch=$basearch", + "name": "Fedora $releasever - $basearch - Updates", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-released-debug-f$releasever&arch=$basearch", + "name": "Fedora $releasever - $basearch - Updates - Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-source": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-released-source-f$releasever&arch=$basearch", + "name": "Fedora $releasever - Updates Source", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + } + }, + "fedora.repo": { + "fedora": { + "countme": "1", + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "7d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-$releasever&arch=$basearch", + "name": "Fedora $releasever - $basearch", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "fedora-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "7d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-debug-$releasever&arch=$basearch", + "name": "Fedora $releasever - $basearch - Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "fedora-source": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "7d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-source-$releasever&arch=$basearch", + "name": "Fedora $releasever - Source", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + } + } + } } } } diff --git a/test/data/manifests/fedora_35-aarch64-qcow2-boot.json b/test/data/manifests/fedora_35-aarch64-qcow2-boot.json index 4938f052b..23ac3c5ad 100644 --- a/test/data/manifests/fedora_35-aarch64-qcow2-boot.json +++ b/test/data/manifests/fedora_35-aarch64-qcow2-boot.json @@ -9678,6 +9678,17 @@ } }, "default-target": "graphical.target", + "dnf": { + "dnf.conf": { + "main": { + "best": "False", + "clean_requirements_on_remove": "True", + "gpgcheck": "1", + "installonly_limit": "3", + "skip_if_unavailable": "True" + } + } + }, "dracut": { "/usr/lib/dracut/dracut.conf.d": { "01-dist.conf": { @@ -10354,6 +10365,50 @@ "systemd-userdbd.socket", "unbound-anchor.timer" ], + "ssh_config": { + "/etc/ssh": { + "ssh_config": [ + "Include /etc/ssh/ssh_config.d/*.conf" + ] + }, + "/etc/ssh/ssh_config.d": { + "50-redhat.conf": [ + "Match final all", + "Include /etc/crypto-policies/back-ends/openssh.config", + "GSSAPIAuthentication yes", + "ForwardX11Trusted yes", + "SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "SendEnv XMODIFIERS" + ] + } + }, + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "Include /etc/ssh/sshd_config.d/*.conf", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server" + ] + }, + "/etc/ssh/sshd_config.d": { + "50-redhat.conf": [ + "Include /etc/crypto-policies/back-ends/opensshserver.config", + "SyslogFacility AUTHPRIV", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no", + "AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "AcceptEnv XMODIFIERS" + ] + } + }, "sudoers": { "/etc/sudoers": [ "Defaults !visiblepw", @@ -10603,6 +10658,250 @@ "r! /tmp/.X[0-9]*-lock" ] } + }, + "yum_repos": { + "/etc/yum.repos.d": { + "fedora-cisco-openh264.repo": { + "fedora-cisco-openh264": { + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "14d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-cisco-openh264-$releasever&arch=$basearch", + "name": "Fedora $releasever openh264 (From Cisco) - $basearch", + "repo_gpgcheck": "0", + "skip_if_unavailable": "True", + "type": "rpm" + }, + "fedora-cisco-openh264-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "14d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-cisco-openh264-debug-$releasever&arch=$basearch", + "name": "Fedora $releasever openh264 (From Cisco) - $basearch - Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "True", + "type": "rpm" + } + }, + "fedora-modular.repo": { + "fedora-modular": { + "countme": "1", + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "7d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-modular-$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - $basearch", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "fedora-modular-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "7d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-modular-debug-$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - $basearch - Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "fedora-modular-source": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "7d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-modular-source-$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - Source", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + } + }, + "fedora-updates-modular.repo": { + "updates-modular": { + "countme": "1", + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-released-modular-f$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - $basearch - Updates", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-modular-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-released-modular-debug-f$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - $basearch - Updates - Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-modular-source": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-released-modular-source-f$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - Updates Source", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + } + }, + "fedora-updates-testing-modular.repo": { + "updates-testing-modular": { + "countme": "1", + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-testing-modular-f$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - $basearch - Test Updates", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-testing-modular-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-testing-modular-debug-f$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - $basearch - Test Updates Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-testing-modular-source": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-testing-modular-source-f$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - Test Updates Source", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + } + }, + "fedora-updates-testing.repo": { + "updates-testing": { + "countme": "1", + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-testing-f$releasever&arch=$basearch", + "name": "Fedora $releasever - $basearch - Test Updates", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-testing-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-testing-debug-f$releasever&arch=$basearch", + "name": "Fedora $releasever - $basearch - Test Updates Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-testing-source": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-testing-source-f$releasever&arch=$basearch", + "name": "Fedora $releasever - Test Updates Source", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + } + }, + "fedora-updates.repo": { + "updates": { + "countme": "1", + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-released-f$releasever&arch=$basearch", + "name": "Fedora $releasever - $basearch - Updates", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-released-debug-f$releasever&arch=$basearch", + "name": "Fedora $releasever - $basearch - Updates - Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-source": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-released-source-f$releasever&arch=$basearch", + "name": "Fedora $releasever - Updates Source", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + } + }, + "fedora.repo": { + "fedora": { + "countme": "1", + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "7d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-$releasever&arch=$basearch", + "name": "Fedora $releasever - $basearch", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "fedora-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "7d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-debug-$releasever&arch=$basearch", + "name": "Fedora $releasever - $basearch - Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "fedora-source": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "7d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-source-$releasever&arch=$basearch", + "name": "Fedora $releasever - Source", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + } + } + } } } } diff --git a/test/data/manifests/fedora_35-aarch64-qcow2_customize-boot.json b/test/data/manifests/fedora_35-aarch64-qcow2_customize-boot.json index 215a741bd..445368a02 100644 --- a/test/data/manifests/fedora_35-aarch64-qcow2_customize-boot.json +++ b/test/data/manifests/fedora_35-aarch64-qcow2_customize-boot.json @@ -9782,6 +9782,17 @@ } }, "default-target": "graphical.target", + "dnf": { + "dnf.conf": { + "main": { + "best": "False", + "clean_requirements_on_remove": "True", + "gpgcheck": "1", + "installonly_limit": "3", + "skip_if_unavailable": "True" + } + } + }, "dracut": { "/usr/lib/dracut/dracut.conf.d": { "01-dist.conf": { @@ -10467,6 +10478,50 @@ "systemd-userdbd.socket", "unbound-anchor.timer" ], + "ssh_config": { + "/etc/ssh": { + "ssh_config": [ + "Include /etc/ssh/ssh_config.d/*.conf" + ] + }, + "/etc/ssh/ssh_config.d": { + "50-redhat.conf": [ + "Match final all", + "Include /etc/crypto-policies/back-ends/openssh.config", + "GSSAPIAuthentication yes", + "ForwardX11Trusted yes", + "SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "SendEnv XMODIFIERS" + ] + } + }, + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "Include /etc/ssh/sshd_config.d/*.conf", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server" + ] + }, + "/etc/ssh/sshd_config.d": { + "50-redhat.conf": [ + "Include /etc/crypto-policies/back-ends/opensshserver.config", + "SyslogFacility AUTHPRIV", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no", + "AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "AcceptEnv XMODIFIERS" + ] + } + }, "sudoers": { "/etc/sudoers": [ "Defaults !visiblepw", @@ -10716,6 +10771,250 @@ "r! /tmp/.X[0-9]*-lock" ] } + }, + "yum_repos": { + "/etc/yum.repos.d": { + "fedora-cisco-openh264.repo": { + "fedora-cisco-openh264": { + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "14d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-cisco-openh264-$releasever&arch=$basearch", + "name": "Fedora $releasever openh264 (From Cisco) - $basearch", + "repo_gpgcheck": "0", + "skip_if_unavailable": "True", + "type": "rpm" + }, + "fedora-cisco-openh264-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "14d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-cisco-openh264-debug-$releasever&arch=$basearch", + "name": "Fedora $releasever openh264 (From Cisco) - $basearch - Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "True", + "type": "rpm" + } + }, + "fedora-modular.repo": { + "fedora-modular": { + "countme": "1", + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "7d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-modular-$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - $basearch", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "fedora-modular-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "7d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-modular-debug-$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - $basearch - Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "fedora-modular-source": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "7d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-modular-source-$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - Source", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + } + }, + "fedora-updates-modular.repo": { + "updates-modular": { + "countme": "1", + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-released-modular-f$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - $basearch - Updates", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-modular-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-released-modular-debug-f$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - $basearch - Updates - Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-modular-source": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-released-modular-source-f$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - Updates Source", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + } + }, + "fedora-updates-testing-modular.repo": { + "updates-testing-modular": { + "countme": "1", + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-testing-modular-f$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - $basearch - Test Updates", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-testing-modular-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-testing-modular-debug-f$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - $basearch - Test Updates Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-testing-modular-source": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-testing-modular-source-f$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - Test Updates Source", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + } + }, + "fedora-updates-testing.repo": { + "updates-testing": { + "countme": "1", + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-testing-f$releasever&arch=$basearch", + "name": "Fedora $releasever - $basearch - Test Updates", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-testing-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-testing-debug-f$releasever&arch=$basearch", + "name": "Fedora $releasever - $basearch - Test Updates Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-testing-source": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-testing-source-f$releasever&arch=$basearch", + "name": "Fedora $releasever - Test Updates Source", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + } + }, + "fedora-updates.repo": { + "updates": { + "countme": "1", + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-released-f$releasever&arch=$basearch", + "name": "Fedora $releasever - $basearch - Updates", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-released-debug-f$releasever&arch=$basearch", + "name": "Fedora $releasever - $basearch - Updates - Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-source": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-released-source-f$releasever&arch=$basearch", + "name": "Fedora $releasever - Updates Source", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + } + }, + "fedora.repo": { + "fedora": { + "countme": "1", + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "7d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-$releasever&arch=$basearch", + "name": "Fedora $releasever - $basearch", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "fedora-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "7d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-debug-$releasever&arch=$basearch", + "name": "Fedora $releasever - $basearch - Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "fedora-source": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "7d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-source-$releasever&arch=$basearch", + "name": "Fedora $releasever - Source", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + } + } + } } } } diff --git a/test/data/manifests/fedora_35-x86_64-ami-boot.json b/test/data/manifests/fedora_35-x86_64-ami-boot.json index 335583457..c2b9ec426 100644 --- a/test/data/manifests/fedora_35-x86_64-ami-boot.json +++ b/test/data/manifests/fedora_35-x86_64-ami-boot.json @@ -9687,6 +9687,17 @@ } }, "default-target": "graphical.target", + "dnf": { + "dnf.conf": { + "main": { + "best": "False", + "clean_requirements_on_remove": "True", + "gpgcheck": "1", + "installonly_limit": "3", + "skip_if_unavailable": "True" + } + } + }, "dracut": { "/usr/lib/dracut/dracut.conf.d": { "01-dist.conf": { @@ -10339,6 +10350,50 @@ "systemd-userdbd.socket", "unbound-anchor.timer" ], + "ssh_config": { + "/etc/ssh": { + "ssh_config": [ + "Include /etc/ssh/ssh_config.d/*.conf" + ] + }, + "/etc/ssh/ssh_config.d": { + "50-redhat.conf": [ + "Match final all", + "Include /etc/crypto-policies/back-ends/openssh.config", + "GSSAPIAuthentication yes", + "ForwardX11Trusted yes", + "SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "SendEnv XMODIFIERS" + ] + } + }, + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "Include /etc/ssh/sshd_config.d/*.conf", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server" + ] + }, + "/etc/ssh/sshd_config.d": { + "50-redhat.conf": [ + "Include /etc/crypto-policies/back-ends/opensshserver.config", + "SyslogFacility AUTHPRIV", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no", + "AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "AcceptEnv XMODIFIERS" + ] + } + }, "sudoers": { "/etc/sudoers": [ "Defaults !visiblepw", @@ -10576,6 +10631,250 @@ "r! /tmp/.X[0-9]*-lock" ] } + }, + "yum_repos": { + "/etc/yum.repos.d": { + "fedora-cisco-openh264.repo": { + "fedora-cisco-openh264": { + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "14d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-cisco-openh264-$releasever&arch=$basearch", + "name": "Fedora $releasever openh264 (From Cisco) - $basearch", + "repo_gpgcheck": "0", + "skip_if_unavailable": "True", + "type": "rpm" + }, + "fedora-cisco-openh264-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "14d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-cisco-openh264-debug-$releasever&arch=$basearch", + "name": "Fedora $releasever openh264 (From Cisco) - $basearch - Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "True", + "type": "rpm" + } + }, + "fedora-modular.repo": { + "fedora-modular": { + "countme": "1", + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "7d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-modular-$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - $basearch", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "fedora-modular-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "7d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-modular-debug-$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - $basearch - Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "fedora-modular-source": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "7d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-modular-source-$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - Source", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + } + }, + "fedora-updates-modular.repo": { + "updates-modular": { + "countme": "1", + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-released-modular-f$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - $basearch - Updates", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-modular-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-released-modular-debug-f$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - $basearch - Updates - Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-modular-source": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-released-modular-source-f$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - Updates Source", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + } + }, + "fedora-updates-testing-modular.repo": { + "updates-testing-modular": { + "countme": "1", + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-testing-modular-f$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - $basearch - Test Updates", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-testing-modular-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-testing-modular-debug-f$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - $basearch - Test Updates Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-testing-modular-source": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-testing-modular-source-f$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - Test Updates Source", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + } + }, + "fedora-updates-testing.repo": { + "updates-testing": { + "countme": "1", + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-testing-f$releasever&arch=$basearch", + "name": "Fedora $releasever - $basearch - Test Updates", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-testing-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-testing-debug-f$releasever&arch=$basearch", + "name": "Fedora $releasever - $basearch - Test Updates Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-testing-source": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-testing-source-f$releasever&arch=$basearch", + "name": "Fedora $releasever - Test Updates Source", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + } + }, + "fedora-updates.repo": { + "updates": { + "countme": "1", + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-released-f$releasever&arch=$basearch", + "name": "Fedora $releasever - $basearch - Updates", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-released-debug-f$releasever&arch=$basearch", + "name": "Fedora $releasever - $basearch - Updates - Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-source": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-released-source-f$releasever&arch=$basearch", + "name": "Fedora $releasever - Updates Source", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + } + }, + "fedora.repo": { + "fedora": { + "countme": "1", + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "7d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-$releasever&arch=$basearch", + "name": "Fedora $releasever - $basearch", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "fedora-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "7d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-debug-$releasever&arch=$basearch", + "name": "Fedora $releasever - $basearch - Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "fedora-source": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "7d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-source-$releasever&arch=$basearch", + "name": "Fedora $releasever - Source", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + } + } + } } } } diff --git a/test/data/manifests/fedora_35-x86_64-fedora_iot_commit-boot.json b/test/data/manifests/fedora_35-x86_64-fedora_iot_commit-boot.json index ecaaa1d49..864cff0cd 100644 --- a/test/data/manifests/fedora_35-x86_64-fedora_iot_commit-boot.json +++ b/test/data/manifests/fedora_35-x86_64-fedora_iot_commit-boot.json @@ -11708,6 +11708,50 @@ "udisks2.service", "zezere_ignition.timer" ], + "ssh_config": { + "/etc/ssh": { + "ssh_config": [ + "Include /etc/ssh/ssh_config.d/*.conf" + ] + }, + "/etc/ssh/ssh_config.d": { + "50-redhat.conf": [ + "Match final all", + "Include /etc/crypto-policies/back-ends/openssh.config", + "GSSAPIAuthentication yes", + "ForwardX11Trusted yes", + "SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "SendEnv XMODIFIERS" + ] + } + }, + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "Include /etc/ssh/sshd_config.d/*.conf", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server" + ] + }, + "/etc/ssh/sshd_config.d": { + "50-redhat.conf": [ + "Include /etc/crypto-policies/back-ends/opensshserver.config", + "SyslogFacility AUTHPRIV", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no", + "AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "AcceptEnv XMODIFIERS" + ] + } + }, "sudoers": { "/etc/sudoers": [ "Defaults !visiblepw", @@ -12051,6 +12095,142 @@ ] } }, - "type": "ostree/commit" + "type": "ostree/commit", + "yum_repos": { + "/etc/yum.repos.d": { + "fedora-cisco-openh264.repo": { + "fedora-cisco-openh264": { + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "14d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-cisco-openh264-$releasever&arch=$basearch", + "name": "Fedora $releasever openh264 (From Cisco) - $basearch", + "repo_gpgcheck": "0", + "skip_if_unavailable": "True", + "type": "rpm" + }, + "fedora-cisco-openh264-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "14d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-cisco-openh264-debug-$releasever&arch=$basearch", + "name": "Fedora $releasever openh264 (From Cisco) - $basearch - Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "True", + "type": "rpm" + } + }, + "fedora-updates-testing.repo": { + "updates-testing": { + "countme": "1", + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-testing-f$releasever&arch=$basearch", + "name": "Fedora $releasever - $basearch - Test Updates", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-testing-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-testing-debug-f$releasever&arch=$basearch", + "name": "Fedora $releasever - $basearch - Test Updates Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-testing-source": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-testing-source-f$releasever&arch=$basearch", + "name": "Fedora $releasever - Test Updates Source", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + } + }, + "fedora-updates.repo": { + "updates": { + "countme": "1", + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-released-f$releasever&arch=$basearch", + "name": "Fedora $releasever - $basearch - Updates", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-released-debug-f$releasever&arch=$basearch", + "name": "Fedora $releasever - $basearch - Updates - Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-source": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-released-source-f$releasever&arch=$basearch", + "name": "Fedora $releasever - Updates Source", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + } + }, + "fedora.repo": { + "fedora": { + "countme": "1", + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "7d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-$releasever&arch=$basearch", + "name": "Fedora $releasever - $basearch", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "fedora-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "7d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-debug-$releasever&arch=$basearch", + "name": "Fedora $releasever - $basearch - Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "fedora-source": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "7d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-source-$releasever&arch=$basearch", + "name": "Fedora $releasever - Source", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + } + } + } + } } } diff --git a/test/data/manifests/fedora_35-x86_64-fedora_iot_commit_debug-boot.json b/test/data/manifests/fedora_35-x86_64-fedora_iot_commit_debug-boot.json index 938e29572..7fbe31d95 100644 --- a/test/data/manifests/fedora_35-x86_64-fedora_iot_commit_debug-boot.json +++ b/test/data/manifests/fedora_35-x86_64-fedora_iot_commit_debug-boot.json @@ -11714,6 +11714,50 @@ "udisks2.service", "zezere_ignition.timer" ], + "ssh_config": { + "/etc/ssh": { + "ssh_config": [ + "Include /etc/ssh/ssh_config.d/*.conf" + ] + }, + "/etc/ssh/ssh_config.d": { + "50-redhat.conf": [ + "Match final all", + "Include /etc/crypto-policies/back-ends/openssh.config", + "GSSAPIAuthentication yes", + "ForwardX11Trusted yes", + "SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "SendEnv XMODIFIERS" + ] + } + }, + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "Include /etc/ssh/sshd_config.d/*.conf", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server" + ] + }, + "/etc/ssh/sshd_config.d": { + "50-redhat.conf": [ + "Include /etc/crypto-policies/back-ends/opensshserver.config", + "SyslogFacility AUTHPRIV", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no", + "AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "AcceptEnv XMODIFIERS" + ] + } + }, "sudoers": { "/etc/sudoers": [ "Defaults !visiblepw", @@ -12057,6 +12101,142 @@ ] } }, - "type": "ostree/commit" + "type": "ostree/commit", + "yum_repos": { + "/etc/yum.repos.d": { + "fedora-cisco-openh264.repo": { + "fedora-cisco-openh264": { + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "14d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-cisco-openh264-$releasever&arch=$basearch", + "name": "Fedora $releasever openh264 (From Cisco) - $basearch", + "repo_gpgcheck": "0", + "skip_if_unavailable": "True", + "type": "rpm" + }, + "fedora-cisco-openh264-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "14d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-cisco-openh264-debug-$releasever&arch=$basearch", + "name": "Fedora $releasever openh264 (From Cisco) - $basearch - Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "True", + "type": "rpm" + } + }, + "fedora-updates-testing.repo": { + "updates-testing": { + "countme": "1", + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-testing-f$releasever&arch=$basearch", + "name": "Fedora $releasever - $basearch - Test Updates", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-testing-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-testing-debug-f$releasever&arch=$basearch", + "name": "Fedora $releasever - $basearch - Test Updates Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-testing-source": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-testing-source-f$releasever&arch=$basearch", + "name": "Fedora $releasever - Test Updates Source", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + } + }, + "fedora-updates.repo": { + "updates": { + "countme": "1", + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-released-f$releasever&arch=$basearch", + "name": "Fedora $releasever - $basearch - Updates", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-released-debug-f$releasever&arch=$basearch", + "name": "Fedora $releasever - $basearch - Updates - Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-source": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-released-source-f$releasever&arch=$basearch", + "name": "Fedora $releasever - Updates Source", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + } + }, + "fedora.repo": { + "fedora": { + "countme": "1", + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "7d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-$releasever&arch=$basearch", + "name": "Fedora $releasever - $basearch", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "fedora-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "7d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-debug-$releasever&arch=$basearch", + "name": "Fedora $releasever - $basearch - Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "fedora-source": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "7d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-source-$releasever&arch=$basearch", + "name": "Fedora $releasever - Source", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + } + } + } + } } } diff --git a/test/data/manifests/fedora_35-x86_64-oci-boot.json b/test/data/manifests/fedora_35-x86_64-oci-boot.json index 53de37333..e9f19f7bd 100644 --- a/test/data/manifests/fedora_35-x86_64-oci-boot.json +++ b/test/data/manifests/fedora_35-x86_64-oci-boot.json @@ -9862,6 +9862,17 @@ } }, "default-target": "graphical.target", + "dnf": { + "dnf.conf": { + "main": { + "best": "False", + "clean_requirements_on_remove": "True", + "gpgcheck": "1", + "installonly_limit": "3", + "skip_if_unavailable": "True" + } + } + }, "dracut": { "/usr/lib/dracut/dracut.conf.d": { "01-dist.conf": { @@ -10522,6 +10533,50 @@ "systemd-userdbd.socket", "unbound-anchor.timer" ], + "ssh_config": { + "/etc/ssh": { + "ssh_config": [ + "Include /etc/ssh/ssh_config.d/*.conf" + ] + }, + "/etc/ssh/ssh_config.d": { + "50-redhat.conf": [ + "Match final all", + "Include /etc/crypto-policies/back-ends/openssh.config", + "GSSAPIAuthentication yes", + "ForwardX11Trusted yes", + "SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "SendEnv XMODIFIERS" + ] + } + }, + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "Include /etc/ssh/sshd_config.d/*.conf", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server" + ] + }, + "/etc/ssh/sshd_config.d": { + "50-redhat.conf": [ + "Include /etc/crypto-policies/back-ends/opensshserver.config", + "SyslogFacility AUTHPRIV", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no", + "AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "AcceptEnv XMODIFIERS" + ] + } + }, "sudoers": { "/etc/sudoers": [ "Defaults !visiblepw", @@ -10771,6 +10826,250 @@ "r! /tmp/.X[0-9]*-lock" ] } + }, + "yum_repos": { + "/etc/yum.repos.d": { + "fedora-cisco-openh264.repo": { + "fedora-cisco-openh264": { + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "14d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-cisco-openh264-$releasever&arch=$basearch", + "name": "Fedora $releasever openh264 (From Cisco) - $basearch", + "repo_gpgcheck": "0", + "skip_if_unavailable": "True", + "type": "rpm" + }, + "fedora-cisco-openh264-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "14d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-cisco-openh264-debug-$releasever&arch=$basearch", + "name": "Fedora $releasever openh264 (From Cisco) - $basearch - Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "True", + "type": "rpm" + } + }, + "fedora-modular.repo": { + "fedora-modular": { + "countme": "1", + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "7d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-modular-$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - $basearch", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "fedora-modular-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "7d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-modular-debug-$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - $basearch - Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "fedora-modular-source": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "7d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-modular-source-$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - Source", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + } + }, + "fedora-updates-modular.repo": { + "updates-modular": { + "countme": "1", + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-released-modular-f$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - $basearch - Updates", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-modular-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-released-modular-debug-f$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - $basearch - Updates - Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-modular-source": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-released-modular-source-f$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - Updates Source", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + } + }, + "fedora-updates-testing-modular.repo": { + "updates-testing-modular": { + "countme": "1", + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-testing-modular-f$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - $basearch - Test Updates", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-testing-modular-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-testing-modular-debug-f$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - $basearch - Test Updates Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-testing-modular-source": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-testing-modular-source-f$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - Test Updates Source", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + } + }, + "fedora-updates-testing.repo": { + "updates-testing": { + "countme": "1", + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-testing-f$releasever&arch=$basearch", + "name": "Fedora $releasever - $basearch - Test Updates", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-testing-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-testing-debug-f$releasever&arch=$basearch", + "name": "Fedora $releasever - $basearch - Test Updates Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-testing-source": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-testing-source-f$releasever&arch=$basearch", + "name": "Fedora $releasever - Test Updates Source", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + } + }, + "fedora-updates.repo": { + "updates": { + "countme": "1", + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-released-f$releasever&arch=$basearch", + "name": "Fedora $releasever - $basearch - Updates", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-released-debug-f$releasever&arch=$basearch", + "name": "Fedora $releasever - $basearch - Updates - Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-source": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-released-source-f$releasever&arch=$basearch", + "name": "Fedora $releasever - Updates Source", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + } + }, + "fedora.repo": { + "fedora": { + "countme": "1", + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "7d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-$releasever&arch=$basearch", + "name": "Fedora $releasever - $basearch", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "fedora-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "7d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-debug-$releasever&arch=$basearch", + "name": "Fedora $releasever - $basearch - Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "fedora-source": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "7d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-source-$releasever&arch=$basearch", + "name": "Fedora $releasever - Source", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + } + } + } } } } diff --git a/test/data/manifests/fedora_35-x86_64-openstack-boot.json b/test/data/manifests/fedora_35-x86_64-openstack-boot.json index f73a93a47..6bdc05da8 100644 --- a/test/data/manifests/fedora_35-x86_64-openstack-boot.json +++ b/test/data/manifests/fedora_35-x86_64-openstack-boot.json @@ -10036,6 +10036,17 @@ } }, "default-target": "graphical.target", + "dnf": { + "dnf.conf": { + "main": { + "best": "False", + "clean_requirements_on_remove": "True", + "gpgcheck": "1", + "installonly_limit": "3", + "skip_if_unavailable": "True" + } + } + }, "dracut": { "/usr/lib/dracut/dracut.conf.d": { "01-dist.conf": { @@ -10720,6 +10731,50 @@ "systemd-userdbd.socket", "unbound-anchor.timer" ], + "ssh_config": { + "/etc/ssh": { + "ssh_config": [ + "Include /etc/ssh/ssh_config.d/*.conf" + ] + }, + "/etc/ssh/ssh_config.d": { + "50-redhat.conf": [ + "Match final all", + "Include /etc/crypto-policies/back-ends/openssh.config", + "GSSAPIAuthentication yes", + "ForwardX11Trusted yes", + "SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "SendEnv XMODIFIERS" + ] + } + }, + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "Include /etc/ssh/sshd_config.d/*.conf", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server" + ] + }, + "/etc/ssh/sshd_config.d": { + "50-redhat.conf": [ + "Include /etc/crypto-policies/back-ends/opensshserver.config", + "SyslogFacility AUTHPRIV", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no", + "AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "AcceptEnv XMODIFIERS" + ] + } + }, "sudoers": { "/etc/sudoers": [ "Defaults !visiblepw", @@ -10960,6 +11015,250 @@ "r! /tmp/.X[0-9]*-lock" ] } + }, + "yum_repos": { + "/etc/yum.repos.d": { + "fedora-cisco-openh264.repo": { + "fedora-cisco-openh264": { + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "14d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-cisco-openh264-$releasever&arch=$basearch", + "name": "Fedora $releasever openh264 (From Cisco) - $basearch", + "repo_gpgcheck": "0", + "skip_if_unavailable": "True", + "type": "rpm" + }, + "fedora-cisco-openh264-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "14d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-cisco-openh264-debug-$releasever&arch=$basearch", + "name": "Fedora $releasever openh264 (From Cisco) - $basearch - Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "True", + "type": "rpm" + } + }, + "fedora-modular.repo": { + "fedora-modular": { + "countme": "1", + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "7d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-modular-$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - $basearch", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "fedora-modular-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "7d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-modular-debug-$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - $basearch - Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "fedora-modular-source": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "7d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-modular-source-$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - Source", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + } + }, + "fedora-updates-modular.repo": { + "updates-modular": { + "countme": "1", + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-released-modular-f$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - $basearch - Updates", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-modular-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-released-modular-debug-f$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - $basearch - Updates - Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-modular-source": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-released-modular-source-f$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - Updates Source", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + } + }, + "fedora-updates-testing-modular.repo": { + "updates-testing-modular": { + "countme": "1", + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-testing-modular-f$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - $basearch - Test Updates", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-testing-modular-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-testing-modular-debug-f$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - $basearch - Test Updates Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-testing-modular-source": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-testing-modular-source-f$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - Test Updates Source", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + } + }, + "fedora-updates-testing.repo": { + "updates-testing": { + "countme": "1", + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-testing-f$releasever&arch=$basearch", + "name": "Fedora $releasever - $basearch - Test Updates", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-testing-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-testing-debug-f$releasever&arch=$basearch", + "name": "Fedora $releasever - $basearch - Test Updates Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-testing-source": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-testing-source-f$releasever&arch=$basearch", + "name": "Fedora $releasever - Test Updates Source", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + } + }, + "fedora-updates.repo": { + "updates": { + "countme": "1", + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-released-f$releasever&arch=$basearch", + "name": "Fedora $releasever - $basearch - Updates", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-released-debug-f$releasever&arch=$basearch", + "name": "Fedora $releasever - $basearch - Updates - Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-source": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-released-source-f$releasever&arch=$basearch", + "name": "Fedora $releasever - Updates Source", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + } + }, + "fedora.repo": { + "fedora": { + "countme": "1", + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "7d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-$releasever&arch=$basearch", + "name": "Fedora $releasever - $basearch", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "fedora-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "7d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-debug-$releasever&arch=$basearch", + "name": "Fedora $releasever - $basearch - Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "fedora-source": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "7d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-source-$releasever&arch=$basearch", + "name": "Fedora $releasever - Source", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + } + } + } } } } diff --git a/test/data/manifests/fedora_35-x86_64-qcow2-boot.json b/test/data/manifests/fedora_35-x86_64-qcow2-boot.json index 3f3a081c7..dae976afe 100644 --- a/test/data/manifests/fedora_35-x86_64-qcow2-boot.json +++ b/test/data/manifests/fedora_35-x86_64-qcow2-boot.json @@ -9886,6 +9886,17 @@ } }, "default-target": "graphical.target", + "dnf": { + "dnf.conf": { + "main": { + "best": "False", + "clean_requirements_on_remove": "True", + "gpgcheck": "1", + "installonly_limit": "3", + "skip_if_unavailable": "True" + } + } + }, "dracut": { "/usr/lib/dracut/dracut.conf.d": { "01-dist.conf": { @@ -10548,6 +10559,50 @@ "systemd-userdbd.socket", "unbound-anchor.timer" ], + "ssh_config": { + "/etc/ssh": { + "ssh_config": [ + "Include /etc/ssh/ssh_config.d/*.conf" + ] + }, + "/etc/ssh/ssh_config.d": { + "50-redhat.conf": [ + "Match final all", + "Include /etc/crypto-policies/back-ends/openssh.config", + "GSSAPIAuthentication yes", + "ForwardX11Trusted yes", + "SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "SendEnv XMODIFIERS" + ] + } + }, + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "Include /etc/ssh/sshd_config.d/*.conf", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server" + ] + }, + "/etc/ssh/sshd_config.d": { + "50-redhat.conf": [ + "Include /etc/crypto-policies/back-ends/opensshserver.config", + "SyslogFacility AUTHPRIV", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no", + "AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "AcceptEnv XMODIFIERS" + ] + } + }, "sudoers": { "/etc/sudoers": [ "Defaults !visiblepw", @@ -10797,6 +10852,250 @@ "r! /tmp/.X[0-9]*-lock" ] } + }, + "yum_repos": { + "/etc/yum.repos.d": { + "fedora-cisco-openh264.repo": { + "fedora-cisco-openh264": { + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "14d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-cisco-openh264-$releasever&arch=$basearch", + "name": "Fedora $releasever openh264 (From Cisco) - $basearch", + "repo_gpgcheck": "0", + "skip_if_unavailable": "True", + "type": "rpm" + }, + "fedora-cisco-openh264-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "14d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-cisco-openh264-debug-$releasever&arch=$basearch", + "name": "Fedora $releasever openh264 (From Cisco) - $basearch - Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "True", + "type": "rpm" + } + }, + "fedora-modular.repo": { + "fedora-modular": { + "countme": "1", + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "7d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-modular-$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - $basearch", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "fedora-modular-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "7d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-modular-debug-$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - $basearch - Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "fedora-modular-source": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "7d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-modular-source-$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - Source", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + } + }, + "fedora-updates-modular.repo": { + "updates-modular": { + "countme": "1", + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-released-modular-f$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - $basearch - Updates", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-modular-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-released-modular-debug-f$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - $basearch - Updates - Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-modular-source": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-released-modular-source-f$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - Updates Source", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + } + }, + "fedora-updates-testing-modular.repo": { + "updates-testing-modular": { + "countme": "1", + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-testing-modular-f$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - $basearch - Test Updates", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-testing-modular-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-testing-modular-debug-f$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - $basearch - Test Updates Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-testing-modular-source": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-testing-modular-source-f$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - Test Updates Source", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + } + }, + "fedora-updates-testing.repo": { + "updates-testing": { + "countme": "1", + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-testing-f$releasever&arch=$basearch", + "name": "Fedora $releasever - $basearch - Test Updates", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-testing-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-testing-debug-f$releasever&arch=$basearch", + "name": "Fedora $releasever - $basearch - Test Updates Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-testing-source": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-testing-source-f$releasever&arch=$basearch", + "name": "Fedora $releasever - Test Updates Source", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + } + }, + "fedora-updates.repo": { + "updates": { + "countme": "1", + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-released-f$releasever&arch=$basearch", + "name": "Fedora $releasever - $basearch - Updates", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-released-debug-f$releasever&arch=$basearch", + "name": "Fedora $releasever - $basearch - Updates - Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-source": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-released-source-f$releasever&arch=$basearch", + "name": "Fedora $releasever - Updates Source", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + } + }, + "fedora.repo": { + "fedora": { + "countme": "1", + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "7d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-$releasever&arch=$basearch", + "name": "Fedora $releasever - $basearch", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "fedora-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "7d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-debug-$releasever&arch=$basearch", + "name": "Fedora $releasever - $basearch - Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "fedora-source": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "7d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-source-$releasever&arch=$basearch", + "name": "Fedora $releasever - Source", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + } + } + } } } } diff --git a/test/data/manifests/fedora_35-x86_64-qcow2_customize-boot.json b/test/data/manifests/fedora_35-x86_64-qcow2_customize-boot.json index 463bcf6b2..b94cf4e81 100644 --- a/test/data/manifests/fedora_35-x86_64-qcow2_customize-boot.json +++ b/test/data/manifests/fedora_35-x86_64-qcow2_customize-boot.json @@ -9990,6 +9990,17 @@ } }, "default-target": "graphical.target", + "dnf": { + "dnf.conf": { + "main": { + "best": "False", + "clean_requirements_on_remove": "True", + "gpgcheck": "1", + "installonly_limit": "3", + "skip_if_unavailable": "True" + } + } + }, "dracut": { "/usr/lib/dracut/dracut.conf.d": { "01-dist.conf": { @@ -10661,6 +10672,50 @@ "systemd-userdbd.socket", "unbound-anchor.timer" ], + "ssh_config": { + "/etc/ssh": { + "ssh_config": [ + "Include /etc/ssh/ssh_config.d/*.conf" + ] + }, + "/etc/ssh/ssh_config.d": { + "50-redhat.conf": [ + "Match final all", + "Include /etc/crypto-policies/back-ends/openssh.config", + "GSSAPIAuthentication yes", + "ForwardX11Trusted yes", + "SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "SendEnv XMODIFIERS" + ] + } + }, + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "Include /etc/ssh/sshd_config.d/*.conf", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server" + ] + }, + "/etc/ssh/sshd_config.d": { + "50-redhat.conf": [ + "Include /etc/crypto-policies/back-ends/opensshserver.config", + "SyslogFacility AUTHPRIV", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no", + "AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "AcceptEnv XMODIFIERS" + ] + } + }, "sudoers": { "/etc/sudoers": [ "Defaults !visiblepw", @@ -10910,6 +10965,250 @@ "r! /tmp/.X[0-9]*-lock" ] } + }, + "yum_repos": { + "/etc/yum.repos.d": { + "fedora-cisco-openh264.repo": { + "fedora-cisco-openh264": { + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "14d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-cisco-openh264-$releasever&arch=$basearch", + "name": "Fedora $releasever openh264 (From Cisco) - $basearch", + "repo_gpgcheck": "0", + "skip_if_unavailable": "True", + "type": "rpm" + }, + "fedora-cisco-openh264-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "14d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-cisco-openh264-debug-$releasever&arch=$basearch", + "name": "Fedora $releasever openh264 (From Cisco) - $basearch - Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "True", + "type": "rpm" + } + }, + "fedora-modular.repo": { + "fedora-modular": { + "countme": "1", + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "7d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-modular-$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - $basearch", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "fedora-modular-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "7d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-modular-debug-$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - $basearch - Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "fedora-modular-source": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "7d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-modular-source-$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - Source", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + } + }, + "fedora-updates-modular.repo": { + "updates-modular": { + "countme": "1", + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-released-modular-f$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - $basearch - Updates", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-modular-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-released-modular-debug-f$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - $basearch - Updates - Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-modular-source": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-released-modular-source-f$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - Updates Source", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + } + }, + "fedora-updates-testing-modular.repo": { + "updates-testing-modular": { + "countme": "1", + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-testing-modular-f$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - $basearch - Test Updates", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-testing-modular-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-testing-modular-debug-f$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - $basearch - Test Updates Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-testing-modular-source": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-testing-modular-source-f$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - Test Updates Source", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + } + }, + "fedora-updates-testing.repo": { + "updates-testing": { + "countme": "1", + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-testing-f$releasever&arch=$basearch", + "name": "Fedora $releasever - $basearch - Test Updates", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-testing-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-testing-debug-f$releasever&arch=$basearch", + "name": "Fedora $releasever - $basearch - Test Updates Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-testing-source": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-testing-source-f$releasever&arch=$basearch", + "name": "Fedora $releasever - Test Updates Source", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + } + }, + "fedora-updates.repo": { + "updates": { + "countme": "1", + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-released-f$releasever&arch=$basearch", + "name": "Fedora $releasever - $basearch - Updates", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-released-debug-f$releasever&arch=$basearch", + "name": "Fedora $releasever - $basearch - Updates - Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-source": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-released-source-f$releasever&arch=$basearch", + "name": "Fedora $releasever - Updates Source", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + } + }, + "fedora.repo": { + "fedora": { + "countme": "1", + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "7d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-$releasever&arch=$basearch", + "name": "Fedora $releasever - $basearch", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "fedora-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "7d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-debug-$releasever&arch=$basearch", + "name": "Fedora $releasever - $basearch - Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "fedora-source": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "7d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-source-$releasever&arch=$basearch", + "name": "Fedora $releasever - Source", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + } + } + } } } } diff --git a/test/data/manifests/fedora_35-x86_64-vhd-boot.json b/test/data/manifests/fedora_35-x86_64-vhd-boot.json index 80f7fd670..4652b15f4 100644 --- a/test/data/manifests/fedora_35-x86_64-vhd-boot.json +++ b/test/data/manifests/fedora_35-x86_64-vhd-boot.json @@ -9114,6 +9114,17 @@ ] }, "default-target": "graphical.target", + "dnf": { + "dnf.conf": { + "main": { + "best": "False", + "clean_requirements_on_remove": "True", + "gpgcheck": "1", + "installonly_limit": "3", + "skip_if_unavailable": "True" + } + } + }, "dracut": { "/usr/lib/dracut/dracut.conf.d": { "01-dist.conf": { @@ -9736,6 +9747,50 @@ "unbound-anchor.timer", "waagent.service" ], + "ssh_config": { + "/etc/ssh": { + "ssh_config": [ + "Include /etc/ssh/ssh_config.d/*.conf" + ] + }, + "/etc/ssh/ssh_config.d": { + "50-redhat.conf": [ + "Match final all", + "Include /etc/crypto-policies/back-ends/openssh.config", + "GSSAPIAuthentication yes", + "ForwardX11Trusted yes", + "SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "SendEnv XMODIFIERS" + ] + } + }, + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "Include /etc/ssh/sshd_config.d/*.conf", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server" + ] + }, + "/etc/ssh/sshd_config.d": { + "50-redhat.conf": [ + "Include /etc/crypto-policies/back-ends/opensshserver.config", + "SyslogFacility AUTHPRIV", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no", + "AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "AcceptEnv XMODIFIERS" + ] + } + }, "sudoers": { "/etc/sudoers": [ "Defaults !visiblepw", @@ -9970,6 +10025,250 @@ "r! /tmp/.X[0-9]*-lock" ] } + }, + "yum_repos": { + "/etc/yum.repos.d": { + "fedora-cisco-openh264.repo": { + "fedora-cisco-openh264": { + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "14d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-cisco-openh264-$releasever&arch=$basearch", + "name": "Fedora $releasever openh264 (From Cisco) - $basearch", + "repo_gpgcheck": "0", + "skip_if_unavailable": "True", + "type": "rpm" + }, + "fedora-cisco-openh264-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "14d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-cisco-openh264-debug-$releasever&arch=$basearch", + "name": "Fedora $releasever openh264 (From Cisco) - $basearch - Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "True", + "type": "rpm" + } + }, + "fedora-modular.repo": { + "fedora-modular": { + "countme": "1", + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "7d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-modular-$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - $basearch", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "fedora-modular-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "7d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-modular-debug-$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - $basearch - Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "fedora-modular-source": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "7d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-modular-source-$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - Source", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + } + }, + "fedora-updates-modular.repo": { + "updates-modular": { + "countme": "1", + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-released-modular-f$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - $basearch - Updates", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-modular-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-released-modular-debug-f$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - $basearch - Updates - Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-modular-source": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-released-modular-source-f$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - Updates Source", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + } + }, + "fedora-updates-testing-modular.repo": { + "updates-testing-modular": { + "countme": "1", + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-testing-modular-f$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - $basearch - Test Updates", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-testing-modular-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-testing-modular-debug-f$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - $basearch - Test Updates Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-testing-modular-source": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-testing-modular-source-f$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - Test Updates Source", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + } + }, + "fedora-updates-testing.repo": { + "updates-testing": { + "countme": "1", + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-testing-f$releasever&arch=$basearch", + "name": "Fedora $releasever - $basearch - Test Updates", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-testing-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-testing-debug-f$releasever&arch=$basearch", + "name": "Fedora $releasever - $basearch - Test Updates Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-testing-source": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-testing-source-f$releasever&arch=$basearch", + "name": "Fedora $releasever - Test Updates Source", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + } + }, + "fedora-updates.repo": { + "updates": { + "countme": "1", + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-released-f$releasever&arch=$basearch", + "name": "Fedora $releasever - $basearch - Updates", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-released-debug-f$releasever&arch=$basearch", + "name": "Fedora $releasever - $basearch - Updates - Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-source": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-released-source-f$releasever&arch=$basearch", + "name": "Fedora $releasever - Updates Source", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + } + }, + "fedora.repo": { + "fedora": { + "countme": "1", + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "7d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-$releasever&arch=$basearch", + "name": "Fedora $releasever - $basearch", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "fedora-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "7d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-debug-$releasever&arch=$basearch", + "name": "Fedora $releasever - $basearch - Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "fedora-source": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "7d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-source-$releasever&arch=$basearch", + "name": "Fedora $releasever - Source", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + } + } + } } } } diff --git a/test/data/manifests/fedora_35-x86_64-vmdk-boot.json b/test/data/manifests/fedora_35-x86_64-vmdk-boot.json index 8d94cb0e9..cc2d1e77c 100644 --- a/test/data/manifests/fedora_35-x86_64-vmdk-boot.json +++ b/test/data/manifests/fedora_35-x86_64-vmdk-boot.json @@ -9886,6 +9886,17 @@ } }, "default-target": "graphical.target", + "dnf": { + "dnf.conf": { + "main": { + "best": "False", + "clean_requirements_on_remove": "True", + "gpgcheck": "1", + "installonly_limit": "3", + "skip_if_unavailable": "True" + } + } + }, "dracut": { "/usr/lib/dracut/dracut.conf.d": { "01-dist.conf": { @@ -10547,6 +10558,50 @@ "systemd-userdbd.socket", "unbound-anchor.timer" ], + "ssh_config": { + "/etc/ssh": { + "ssh_config": [ + "Include /etc/ssh/ssh_config.d/*.conf" + ] + }, + "/etc/ssh/ssh_config.d": { + "50-redhat.conf": [ + "Match final all", + "Include /etc/crypto-policies/back-ends/openssh.config", + "GSSAPIAuthentication yes", + "ForwardX11Trusted yes", + "SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "SendEnv XMODIFIERS" + ] + } + }, + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "Include /etc/ssh/sshd_config.d/*.conf", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server" + ] + }, + "/etc/ssh/sshd_config.d": { + "50-redhat.conf": [ + "Include /etc/crypto-policies/back-ends/opensshserver.config", + "SyslogFacility AUTHPRIV", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no", + "AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "AcceptEnv XMODIFIERS" + ] + } + }, "sudoers": { "/etc/sudoers": [ "Defaults !visiblepw", @@ -10796,6 +10851,250 @@ "r! /tmp/.X[0-9]*-lock" ] } + }, + "yum_repos": { + "/etc/yum.repos.d": { + "fedora-cisco-openh264.repo": { + "fedora-cisco-openh264": { + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "14d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-cisco-openh264-$releasever&arch=$basearch", + "name": "Fedora $releasever openh264 (From Cisco) - $basearch", + "repo_gpgcheck": "0", + "skip_if_unavailable": "True", + "type": "rpm" + }, + "fedora-cisco-openh264-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "14d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-cisco-openh264-debug-$releasever&arch=$basearch", + "name": "Fedora $releasever openh264 (From Cisco) - $basearch - Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "True", + "type": "rpm" + } + }, + "fedora-modular.repo": { + "fedora-modular": { + "countme": "1", + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "7d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-modular-$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - $basearch", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "fedora-modular-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "7d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-modular-debug-$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - $basearch - Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "fedora-modular-source": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "7d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-modular-source-$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - Source", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + } + }, + "fedora-updates-modular.repo": { + "updates-modular": { + "countme": "1", + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-released-modular-f$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - $basearch - Updates", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-modular-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-released-modular-debug-f$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - $basearch - Updates - Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-modular-source": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-released-modular-source-f$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - Updates Source", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + } + }, + "fedora-updates-testing-modular.repo": { + "updates-testing-modular": { + "countme": "1", + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-testing-modular-f$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - $basearch - Test Updates", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-testing-modular-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-testing-modular-debug-f$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - $basearch - Test Updates Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-testing-modular-source": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-testing-modular-source-f$releasever&arch=$basearch", + "name": "Fedora Modular $releasever - Test Updates Source", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + } + }, + "fedora-updates-testing.repo": { + "updates-testing": { + "countme": "1", + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-testing-f$releasever&arch=$basearch", + "name": "Fedora $releasever - $basearch - Test Updates", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-testing-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-testing-debug-f$releasever&arch=$basearch", + "name": "Fedora $releasever - $basearch - Test Updates Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-testing-source": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-testing-source-f$releasever&arch=$basearch", + "name": "Fedora $releasever - Test Updates Source", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + } + }, + "fedora-updates.repo": { + "updates": { + "countme": "1", + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-released-f$releasever&arch=$basearch", + "name": "Fedora $releasever - $basearch - Updates", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-released-debug-f$releasever&arch=$basearch", + "name": "Fedora $releasever - $basearch - Updates - Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "updates-source": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "6h", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=updates-released-source-f$releasever&arch=$basearch", + "name": "Fedora $releasever - Updates Source", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + } + }, + "fedora.repo": { + "fedora": { + "countme": "1", + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "7d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-$releasever&arch=$basearch", + "name": "Fedora $releasever - $basearch", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "fedora-debuginfo": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "7d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-debug-$releasever&arch=$basearch", + "name": "Fedora $releasever - $basearch - Debug", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + }, + "fedora-source": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch", + "metadata_expire": "7d", + "metalink": "https://mirrors.fedoraproject.org/metalink?repo=fedora-source-$releasever&arch=$basearch", + "name": "Fedora $releasever - Source", + "repo_gpgcheck": "0", + "skip_if_unavailable": "False", + "type": "rpm" + } + } + } } } } diff --git a/test/data/manifests/rhel_8-aarch64-ami-boot.json b/test/data/manifests/rhel_8-aarch64-ami-boot.json index 7c657c1f7..25635e403 100644 --- a/test/data/manifests/rhel_8-aarch64-ami-boot.json +++ b/test/data/manifests/rhel_8-aarch64-ami-boot.json @@ -8621,6 +8621,17 @@ } }, "default-target": "multi-user.target", + "dnf": { + "dnf.conf": { + "main": { + "best": "True", + "clean_requirements_on_remove": "True", + "gpgcheck": "1", + "installonly_limit": "3", + "skip_if_unavailable": "False" + } + } + }, "dracut": { "/usr/lib/dracut/dracut.conf.d": { "01-dist.conf": { @@ -9134,25 +9145,25 @@ "partition-table": "gpt", "partition-table-id": "8DFDFF87-C96E-EA48-A3A6-9408F1F6B1EF", "partitions": [ - { - "bootable": false, - "fstype": "vfat", - "label": "EFI\\ System", - "partuuid": "1DE333BA-33A7-D147-9B27-C87268BA36B9", - "size": 498073600, - "start": 1048576, - "type": "C12A7328-F81F-11D2-BA4B-00A0C93EC93B", - "uuid": "46BB-8120" - }, { "bootable": false, "fstype": "xfs", "label": null, - "partuuid": "61F6795F-CFE6-0A4A-8F75-4F48244B5E38", + "partuuid": "7CEC5879-020E-9F4B-A44D-928D0A8BAAEE", "size": 5942263296, "start": 500170752, "type": "0FC63DAF-8483-4772-8E79-3D69D8477DE4", "uuid": "0bd700f8-090f-4556-b797-b340297ea1bd" + }, + { + "bootable": false, + "fstype": "vfat", + "label": "EFI\\ System", + "partuuid": "EB0B4FC0-0920-FB49-94B1-8D41B171E1CA", + "size": 498073600, + "start": 1048576, + "type": "C12A7328-F81F-11D2-BA4B-00A0C93EC93B", + "uuid": "46BB-8120" } ], "passwd": [ @@ -9320,6 +9331,49 @@ "tuned.service", "unbound-anchor.timer" ], + "ssh_config": { + "/etc/ssh": { + "ssh_config": [ + "Include /etc/ssh/ssh_config.d/*.conf" + ] + }, + "/etc/ssh/ssh_config.d": { + "05-redhat.conf": [ + "Match final all", + "Include /etc/crypto-policies/back-ends/openssh.config", + "GSSAPIAuthentication yes", + "ForwardX11Trusted yes", + "SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "SendEnv XMODIFIERS" + ] + } + }, + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "HostKey /etc/ssh/ssh_host_rsa_key", + "HostKey /etc/ssh/ssh_host_ecdsa_key", + "HostKey /etc/ssh/ssh_host_ed25519_key", + "SyslogFacility AUTHPRIV", + "PermitRootLogin yes", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "PasswordAuthentication yes", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no", + "AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "AcceptEnv XMODIFIERS", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server" + ] + } + }, "sudoers": { "/etc/sudoers": [ "Defaults !visiblepw", diff --git a/test/data/manifests/rhel_8-aarch64-openstack-boot.json b/test/data/manifests/rhel_8-aarch64-openstack-boot.json index c3b112477..c0b9c4399 100644 --- a/test/data/manifests/rhel_8-aarch64-openstack-boot.json +++ b/test/data/manifests/rhel_8-aarch64-openstack-boot.json @@ -9177,6 +9177,17 @@ } }, "default-target": "graphical.target", + "dnf": { + "dnf.conf": { + "main": { + "best": "True", + "clean_requirements_on_remove": "True", + "gpgcheck": "1", + "installonly_limit": "3", + "skip_if_unavailable": "False" + } + } + }, "dracut": { "/usr/lib/dracut/dracut.conf.d": { "01-dist.conf": { @@ -9736,7 +9747,7 @@ "bootable": false, "fstype": "xfs", "label": null, - "partuuid": "05A59C6D-FC02-AC42-A5C8-D3E64E563E4E", + "partuuid": "A6240362-CE77-EB45-8F4E-9280C6357EE1", "size": 3794779648, "start": 500170752, "type": "0FC63DAF-8483-4772-8E79-3D69D8477DE4", @@ -9746,7 +9757,7 @@ "bootable": false, "fstype": "vfat", "label": "EFI\\ System", - "partuuid": "EC12F3B2-5136-3043-8AF1-A5E0AF10E33B", + "partuuid": "E983D456-8F48-964F-9AEC-E51120DE1F70", "size": 498073600, "start": 1048576, "type": "C12A7328-F81F-11D2-BA4B-00A0C93EC93B", @@ -9922,6 +9933,49 @@ "tuned.service", "unbound-anchor.timer" ], + "ssh_config": { + "/etc/ssh": { + "ssh_config": [ + "Include /etc/ssh/ssh_config.d/*.conf" + ] + }, + "/etc/ssh/ssh_config.d": { + "05-redhat.conf": [ + "Match final all", + "Include /etc/crypto-policies/back-ends/openssh.config", + "GSSAPIAuthentication yes", + "ForwardX11Trusted yes", + "SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "SendEnv XMODIFIERS" + ] + } + }, + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "HostKey /etc/ssh/ssh_host_rsa_key", + "HostKey /etc/ssh/ssh_host_ecdsa_key", + "HostKey /etc/ssh/ssh_host_ed25519_key", + "SyslogFacility AUTHPRIV", + "PermitRootLogin yes", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "PasswordAuthentication yes", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no", + "AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "AcceptEnv XMODIFIERS", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server" + ] + } + }, "sudoers": { "/etc/sudoers": [ "Defaults !visiblepw", diff --git a/test/data/manifests/rhel_8-aarch64-qcow2-boot.json b/test/data/manifests/rhel_8-aarch64-qcow2-boot.json index e81536cb4..ac43cb9b2 100644 --- a/test/data/manifests/rhel_8-aarch64-qcow2-boot.json +++ b/test/data/manifests/rhel_8-aarch64-qcow2-boot.json @@ -9639,6 +9639,17 @@ } }, "default-target": "graphical.target", + "dnf": { + "dnf.conf": { + "main": { + "best": "True", + "clean_requirements_on_remove": "True", + "gpgcheck": "1", + "installonly_limit": "3", + "skip_if_unavailable": "False" + } + } + }, "dracut": { "/usr/lib/dracut/dracut.conf.d": { "01-dist.conf": { @@ -10230,7 +10241,7 @@ "bootable": false, "fstype": "vfat", "label": "EFI\\ System", - "partuuid": "24057256-3BD7-2746-98C8-C1DACD7D1E7A", + "partuuid": "26279506-8D85-534C-B2D3-051E3FE19E1A", "size": 498073600, "start": 1048576, "type": "C12A7328-F81F-11D2-BA4B-00A0C93EC93B", @@ -10240,7 +10251,7 @@ "bootable": false, "fstype": "xfs", "label": null, - "partuuid": "D7E7C8A2-E6A5-D246-A4F9-643ED968F48C", + "partuuid": "468A705D-7634-B040-9F79-1A976E043FEF", "size": 3794779648, "start": 500170752, "type": "0FC63DAF-8483-4772-8E79-3D69D8477DE4", @@ -10431,6 +10442,49 @@ "tuned.service", "unbound-anchor.timer" ], + "ssh_config": { + "/etc/ssh": { + "ssh_config": [ + "Include /etc/ssh/ssh_config.d/*.conf" + ] + }, + "/etc/ssh/ssh_config.d": { + "05-redhat.conf": [ + "Match final all", + "Include /etc/crypto-policies/back-ends/openssh.config", + "GSSAPIAuthentication yes", + "ForwardX11Trusted yes", + "SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "SendEnv XMODIFIERS" + ] + } + }, + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "HostKey /etc/ssh/ssh_host_rsa_key", + "HostKey /etc/ssh/ssh_host_ecdsa_key", + "HostKey /etc/ssh/ssh_host_ed25519_key", + "SyslogFacility AUTHPRIV", + "PermitRootLogin yes", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "PasswordAuthentication yes", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no", + "AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "AcceptEnv XMODIFIERS", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server" + ] + } + }, "sudoers": { "/etc/sudoers": [ "Defaults !visiblepw", diff --git a/test/data/manifests/rhel_8-aarch64-qcow2_customize-boot.json b/test/data/manifests/rhel_8-aarch64-qcow2_customize-boot.json index 4df0b8e10..509cfbd11 100644 --- a/test/data/manifests/rhel_8-aarch64-qcow2_customize-boot.json +++ b/test/data/manifests/rhel_8-aarch64-qcow2_customize-boot.json @@ -9761,6 +9761,17 @@ } }, "default-target": "graphical.target", + "dnf": { + "dnf.conf": { + "main": { + "best": "True", + "clean_requirements_on_remove": "True", + "gpgcheck": "1", + "installonly_limit": "3", + "skip_if_unavailable": "False" + } + } + }, "dracut": { "/usr/lib/dracut/dracut.conf.d": { "01-dist.conf": { @@ -10356,25 +10367,25 @@ "partition-table": "gpt", "partition-table-id": "8DFDFF87-C96E-EA48-A3A6-9408F1F6B1EF", "partitions": [ - { - "bootable": false, - "fstype": "xfs", - "label": null, - "partuuid": "37B1B6A9-7E1E-6F47-BDE9-B4D13190CC43", - "size": 3794779648, - "start": 500170752, - "type": "0FC63DAF-8483-4772-8E79-3D69D8477DE4", - "uuid": "0bd700f8-090f-4556-b797-b340297ea1bd" - }, { "bootable": false, "fstype": "vfat", "label": "EFI\\ System", - "partuuid": "F1BDCC59-A510-D545-B801-F97EA792CF16", + "partuuid": "0566FDB8-5C6B-4D4E-B9AD-354D05CE1A95", "size": 498073600, "start": 1048576, "type": "C12A7328-F81F-11D2-BA4B-00A0C93EC93B", "uuid": "46BB-8120" + }, + { + "bootable": false, + "fstype": "xfs", + "label": null, + "partuuid": "D2795D04-7480-AA46-8A32-26B11C45BE39", + "size": 3794779648, + "start": 500170752, + "type": "0FC63DAF-8483-4772-8E79-3D69D8477DE4", + "uuid": "0bd700f8-090f-4556-b797-b340297ea1bd" } ], "passwd": [ @@ -10563,6 +10574,49 @@ "tuned.service", "unbound-anchor.timer" ], + "ssh_config": { + "/etc/ssh": { + "ssh_config": [ + "Include /etc/ssh/ssh_config.d/*.conf" + ] + }, + "/etc/ssh/ssh_config.d": { + "05-redhat.conf": [ + "Match final all", + "Include /etc/crypto-policies/back-ends/openssh.config", + "GSSAPIAuthentication yes", + "ForwardX11Trusted yes", + "SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "SendEnv XMODIFIERS" + ] + } + }, + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "HostKey /etc/ssh/ssh_host_rsa_key", + "HostKey /etc/ssh/ssh_host_ecdsa_key", + "HostKey /etc/ssh/ssh_host_ed25519_key", + "SyslogFacility AUTHPRIV", + "PermitRootLogin yes", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "PasswordAuthentication yes", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no", + "AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "AcceptEnv XMODIFIERS", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server" + ] + } + }, "sudoers": { "/etc/sudoers": [ "Defaults !visiblepw", diff --git a/test/data/manifests/rhel_8-aarch64-rhel_edge_commit-boot.json b/test/data/manifests/rhel_8-aarch64-rhel_edge_commit-boot.json index 3e08db5ef..d6fd233b2 100644 --- a/test/data/manifests/rhel_8-aarch64-rhel_edge_commit-boot.json +++ b/test/data/manifests/rhel_8-aarch64-rhel_edge_commit-boot.json @@ -8824,6 +8824,49 @@ "sshd.service", "timedatex.service" ], + "ssh_config": { + "/etc/ssh": { + "ssh_config": [ + "Include /etc/ssh/ssh_config.d/*.conf" + ] + }, + "/etc/ssh/ssh_config.d": { + "05-redhat.conf": [ + "Match final all", + "Include /etc/crypto-policies/back-ends/openssh.config", + "GSSAPIAuthentication yes", + "ForwardX11Trusted yes", + "SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "SendEnv XMODIFIERS" + ] + } + }, + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "HostKey /etc/ssh/ssh_host_rsa_key", + "HostKey /etc/ssh/ssh_host_ecdsa_key", + "HostKey /etc/ssh/ssh_host_ed25519_key", + "SyslogFacility AUTHPRIV", + "PermitRootLogin yes", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "PasswordAuthentication yes", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no", + "AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "AcceptEnv XMODIFIERS", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server" + ] + } + }, "sudoers": { "/etc/sudoers": [ "Defaults !visiblepw", diff --git a/test/data/manifests/rhel_8-aarch64-tar-boot.json b/test/data/manifests/rhel_8-aarch64-tar-boot.json index 3ef797e95..564b3c213 100644 --- a/test/data/manifests/rhel_8-aarch64-tar-boot.json +++ b/test/data/manifests/rhel_8-aarch64-tar-boot.json @@ -5757,6 +5757,30 @@ "selinux-autorelabel-mark.service", "sshd.service" ], + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "HostKey /etc/ssh/ssh_host_rsa_key", + "HostKey /etc/ssh/ssh_host_ecdsa_key", + "HostKey /etc/ssh/ssh_host_ed25519_key", + "SyslogFacility AUTHPRIV", + "PermitRootLogin yes", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "PasswordAuthentication yes", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no", + "AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "AcceptEnv XMODIFIERS", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server" + ] + } + }, "sysctl.d": { "/usr/lib/sysctl.d": { "10-default-yama-scope.conf": [ diff --git a/test/data/manifests/rhel_8-ppc64le-qcow2-boot.json b/test/data/manifests/rhel_8-ppc64le-qcow2-boot.json index ac62c8448..71c7336c4 100644 --- a/test/data/manifests/rhel_8-ppc64le-qcow2-boot.json +++ b/test/data/manifests/rhel_8-ppc64le-qcow2-boot.json @@ -10402,6 +10402,17 @@ } }, "default-target": "graphical.target", + "dnf": { + "dnf.conf": { + "main": { + "best": "True", + "clean_requirements_on_remove": "True", + "gpgcheck": "1", + "installonly_limit": "3", + "skip_if_unavailable": "False" + } + } + }, "dracut": { "/usr/lib/dracut/dracut.conf.d": { "01-dist.conf": { @@ -11233,6 +11244,49 @@ "tuned.service", "unbound-anchor.timer" ], + "ssh_config": { + "/etc/ssh": { + "ssh_config": [ + "Include /etc/ssh/ssh_config.d/*.conf" + ] + }, + "/etc/ssh/ssh_config.d": { + "05-redhat.conf": [ + "Match final all", + "Include /etc/crypto-policies/back-ends/openssh.config", + "GSSAPIAuthentication yes", + "ForwardX11Trusted yes", + "SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "SendEnv XMODIFIERS" + ] + } + }, + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "HostKey /etc/ssh/ssh_host_rsa_key", + "HostKey /etc/ssh/ssh_host_ecdsa_key", + "HostKey /etc/ssh/ssh_host_ed25519_key", + "SyslogFacility AUTHPRIV", + "PermitRootLogin yes", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "PasswordAuthentication yes", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no", + "AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "AcceptEnv XMODIFIERS", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server" + ] + } + }, "sudoers": { "/etc/sudoers": [ "Defaults !visiblepw", diff --git a/test/data/manifests/rhel_8-ppc64le-qcow2_customize-boot.json b/test/data/manifests/rhel_8-ppc64le-qcow2_customize-boot.json index 512dfc110..aced277ce 100644 --- a/test/data/manifests/rhel_8-ppc64le-qcow2_customize-boot.json +++ b/test/data/manifests/rhel_8-ppc64le-qcow2_customize-boot.json @@ -10524,6 +10524,17 @@ } }, "default-target": "graphical.target", + "dnf": { + "dnf.conf": { + "main": { + "best": "True", + "clean_requirements_on_remove": "True", + "gpgcheck": "1", + "installonly_limit": "3", + "skip_if_unavailable": "False" + } + } + }, "dracut": { "/usr/lib/dracut/dracut.conf.d": { "01-dist.conf": { @@ -11365,6 +11376,49 @@ "tuned.service", "unbound-anchor.timer" ], + "ssh_config": { + "/etc/ssh": { + "ssh_config": [ + "Include /etc/ssh/ssh_config.d/*.conf" + ] + }, + "/etc/ssh/ssh_config.d": { + "05-redhat.conf": [ + "Match final all", + "Include /etc/crypto-policies/back-ends/openssh.config", + "GSSAPIAuthentication yes", + "ForwardX11Trusted yes", + "SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "SendEnv XMODIFIERS" + ] + } + }, + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "HostKey /etc/ssh/ssh_host_rsa_key", + "HostKey /etc/ssh/ssh_host_ecdsa_key", + "HostKey /etc/ssh/ssh_host_ed25519_key", + "SyslogFacility AUTHPRIV", + "PermitRootLogin yes", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "PasswordAuthentication yes", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no", + "AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "AcceptEnv XMODIFIERS", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server" + ] + } + }, "sudoers": { "/etc/sudoers": [ "Defaults !visiblepw", diff --git a/test/data/manifests/rhel_8-ppc64le-tar-boot.json b/test/data/manifests/rhel_8-ppc64le-tar-boot.json index 825b85076..1b8bb87c0 100644 --- a/test/data/manifests/rhel_8-ppc64le-tar-boot.json +++ b/test/data/manifests/rhel_8-ppc64le-tar-boot.json @@ -5860,6 +5860,30 @@ "selinux-autorelabel-mark.service", "sshd.service" ], + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "HostKey /etc/ssh/ssh_host_rsa_key", + "HostKey /etc/ssh/ssh_host_ecdsa_key", + "HostKey /etc/ssh/ssh_host_ed25519_key", + "SyslogFacility AUTHPRIV", + "PermitRootLogin yes", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "PasswordAuthentication yes", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no", + "AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "AcceptEnv XMODIFIERS", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server" + ] + } + }, "sysctl.d": { "/usr/lib/sysctl.d": { "10-default-yama-scope.conf": [ diff --git a/test/data/manifests/rhel_8-s390x-qcow2-boot.json b/test/data/manifests/rhel_8-s390x-qcow2-boot.json index 43b24711c..0a2361a46 100644 --- a/test/data/manifests/rhel_8-s390x-qcow2-boot.json +++ b/test/data/manifests/rhel_8-s390x-qcow2-boot.json @@ -10256,6 +10256,17 @@ } }, "default-target": "graphical.target", + "dnf": { + "dnf.conf": { + "main": { + "best": "True", + "clean_requirements_on_remove": "True", + "gpgcheck": "1", + "installonly_limit": "3", + "skip_if_unavailable": "False" + } + } + }, "dracut": { "/usr/lib/dracut/dracut.conf.d": { "01-dist.conf": { @@ -11060,6 +11071,49 @@ "tuned.service", "unbound-anchor.timer" ], + "ssh_config": { + "/etc/ssh": { + "ssh_config": [ + "Include /etc/ssh/ssh_config.d/*.conf" + ] + }, + "/etc/ssh/ssh_config.d": { + "05-redhat.conf": [ + "Match final all", + "Include /etc/crypto-policies/back-ends/openssh.config", + "GSSAPIAuthentication yes", + "ForwardX11Trusted yes", + "SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "SendEnv XMODIFIERS" + ] + } + }, + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "HostKey /etc/ssh/ssh_host_rsa_key", + "HostKey /etc/ssh/ssh_host_ecdsa_key", + "HostKey /etc/ssh/ssh_host_ed25519_key", + "SyslogFacility AUTHPRIV", + "PermitRootLogin yes", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "PasswordAuthentication yes", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no", + "AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "AcceptEnv XMODIFIERS", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server" + ] + } + }, "sudoers": { "/etc/sudoers": [ "Defaults !visiblepw", diff --git a/test/data/manifests/rhel_8-s390x-qcow2_customize-boot.json b/test/data/manifests/rhel_8-s390x-qcow2_customize-boot.json index 1841dbfdd..a89e4b96b 100644 --- a/test/data/manifests/rhel_8-s390x-qcow2_customize-boot.json +++ b/test/data/manifests/rhel_8-s390x-qcow2_customize-boot.json @@ -10378,6 +10378,17 @@ } }, "default-target": "graphical.target", + "dnf": { + "dnf.conf": { + "main": { + "best": "True", + "clean_requirements_on_remove": "True", + "gpgcheck": "1", + "installonly_limit": "3", + "skip_if_unavailable": "False" + } + } + }, "dracut": { "/usr/lib/dracut/dracut.conf.d": { "01-dist.conf": { @@ -11192,6 +11203,49 @@ "tuned.service", "unbound-anchor.timer" ], + "ssh_config": { + "/etc/ssh": { + "ssh_config": [ + "Include /etc/ssh/ssh_config.d/*.conf" + ] + }, + "/etc/ssh/ssh_config.d": { + "05-redhat.conf": [ + "Match final all", + "Include /etc/crypto-policies/back-ends/openssh.config", + "GSSAPIAuthentication yes", + "ForwardX11Trusted yes", + "SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "SendEnv XMODIFIERS" + ] + } + }, + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "HostKey /etc/ssh/ssh_host_rsa_key", + "HostKey /etc/ssh/ssh_host_ecdsa_key", + "HostKey /etc/ssh/ssh_host_ed25519_key", + "SyslogFacility AUTHPRIV", + "PermitRootLogin yes", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "PasswordAuthentication yes", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no", + "AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "AcceptEnv XMODIFIERS", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server" + ] + } + }, "sudoers": { "/etc/sudoers": [ "Defaults !visiblepw", diff --git a/test/data/manifests/rhel_8-s390x-tar-boot.json b/test/data/manifests/rhel_8-s390x-tar-boot.json index 0c1e2af16..1c9e5af09 100644 --- a/test/data/manifests/rhel_8-s390x-tar-boot.json +++ b/test/data/manifests/rhel_8-s390x-tar-boot.json @@ -6670,6 +6670,30 @@ "selinux-autorelabel-mark.service", "sshd.service" ], + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "HostKey /etc/ssh/ssh_host_rsa_key", + "HostKey /etc/ssh/ssh_host_ecdsa_key", + "HostKey /etc/ssh/ssh_host_ed25519_key", + "SyslogFacility AUTHPRIV", + "PermitRootLogin yes", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "PasswordAuthentication yes", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no", + "AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "AcceptEnv XMODIFIERS", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server" + ] + } + }, "sysctl.d": { "/usr/lib/sysctl.d": { "10-default-yama-scope.conf": [ diff --git a/test/data/manifests/rhel_8-x86_64-ami-boot.json b/test/data/manifests/rhel_8-x86_64-ami-boot.json index baa9fbaf5..c6d2d59c8 100644 --- a/test/data/manifests/rhel_8-x86_64-ami-boot.json +++ b/test/data/manifests/rhel_8-x86_64-ami-boot.json @@ -8617,6 +8617,17 @@ } }, "default-target": "multi-user.target", + "dnf": { + "dnf.conf": { + "main": { + "best": "True", + "clean_requirements_on_remove": "True", + "gpgcheck": "1", + "installonly_limit": "3", + "skip_if_unavailable": "False" + } + } + }, "dracut": { "/usr/lib/dracut/dracut.conf.d": { "01-dist.conf": { @@ -9297,6 +9308,49 @@ "tuned.service", "unbound-anchor.timer" ], + "ssh_config": { + "/etc/ssh": { + "ssh_config": [ + "Include /etc/ssh/ssh_config.d/*.conf" + ] + }, + "/etc/ssh/ssh_config.d": { + "05-redhat.conf": [ + "Match final all", + "Include /etc/crypto-policies/back-ends/openssh.config", + "GSSAPIAuthentication yes", + "ForwardX11Trusted yes", + "SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "SendEnv XMODIFIERS" + ] + } + }, + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "HostKey /etc/ssh/ssh_host_rsa_key", + "HostKey /etc/ssh/ssh_host_ecdsa_key", + "HostKey /etc/ssh/ssh_host_ed25519_key", + "SyslogFacility AUTHPRIV", + "PermitRootLogin yes", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "PasswordAuthentication yes", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no", + "AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "AcceptEnv XMODIFIERS", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server" + ] + } + }, "sudoers": { "/etc/sudoers": [ "Defaults !visiblepw", diff --git a/test/data/manifests/rhel_8-x86_64-openstack-boot.json b/test/data/manifests/rhel_8-x86_64-openstack-boot.json index f35058617..8482a0aaf 100644 --- a/test/data/manifests/rhel_8-x86_64-openstack-boot.json +++ b/test/data/manifests/rhel_8-x86_64-openstack-boot.json @@ -9188,6 +9188,17 @@ } }, "default-target": "graphical.target", + "dnf": { + "dnf.conf": { + "main": { + "best": "True", + "clean_requirements_on_remove": "True", + "gpgcheck": "1", + "installonly_limit": "3", + "skip_if_unavailable": "False" + } + } + }, "dracut": { "/usr/lib/dracut/dracut.conf.d": { "01-dist.conf": { @@ -9915,6 +9926,49 @@ "tuned.service", "unbound-anchor.timer" ], + "ssh_config": { + "/etc/ssh": { + "ssh_config": [ + "Include /etc/ssh/ssh_config.d/*.conf" + ] + }, + "/etc/ssh/ssh_config.d": { + "05-redhat.conf": [ + "Match final all", + "Include /etc/crypto-policies/back-ends/openssh.config", + "GSSAPIAuthentication yes", + "ForwardX11Trusted yes", + "SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "SendEnv XMODIFIERS" + ] + } + }, + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "HostKey /etc/ssh/ssh_host_rsa_key", + "HostKey /etc/ssh/ssh_host_ecdsa_key", + "HostKey /etc/ssh/ssh_host_ed25519_key", + "SyslogFacility AUTHPRIV", + "PermitRootLogin yes", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "PasswordAuthentication yes", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no", + "AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "AcceptEnv XMODIFIERS", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server" + ] + } + }, "sudoers": { "/etc/sudoers": [ "Defaults !visiblepw", diff --git a/test/data/manifests/rhel_8-x86_64-qcow2-boot.json b/test/data/manifests/rhel_8-x86_64-qcow2-boot.json index 928ca9137..ccf2b1760 100644 --- a/test/data/manifests/rhel_8-x86_64-qcow2-boot.json +++ b/test/data/manifests/rhel_8-x86_64-qcow2-boot.json @@ -9620,6 +9620,17 @@ } }, "default-target": "graphical.target", + "dnf": { + "dnf.conf": { + "main": { + "best": "True", + "clean_requirements_on_remove": "True", + "gpgcheck": "1", + "installonly_limit": "3", + "skip_if_unavailable": "False" + } + } + }, "dracut": { "/usr/lib/dracut/dracut.conf.d": { "01-dist.conf": { @@ -10392,6 +10403,49 @@ "tuned.service", "unbound-anchor.timer" ], + "ssh_config": { + "/etc/ssh": { + "ssh_config": [ + "Include /etc/ssh/ssh_config.d/*.conf" + ] + }, + "/etc/ssh/ssh_config.d": { + "05-redhat.conf": [ + "Match final all", + "Include /etc/crypto-policies/back-ends/openssh.config", + "GSSAPIAuthentication yes", + "ForwardX11Trusted yes", + "SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "SendEnv XMODIFIERS" + ] + } + }, + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "HostKey /etc/ssh/ssh_host_rsa_key", + "HostKey /etc/ssh/ssh_host_ecdsa_key", + "HostKey /etc/ssh/ssh_host_ed25519_key", + "SyslogFacility AUTHPRIV", + "PermitRootLogin yes", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "PasswordAuthentication yes", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no", + "AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "AcceptEnv XMODIFIERS", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server" + ] + } + }, "sudoers": { "/etc/sudoers": [ "Defaults !visiblepw", diff --git a/test/data/manifests/rhel_8-x86_64-qcow2_customize-boot.json b/test/data/manifests/rhel_8-x86_64-qcow2_customize-boot.json index 645a2ed22..791cebaf4 100644 --- a/test/data/manifests/rhel_8-x86_64-qcow2_customize-boot.json +++ b/test/data/manifests/rhel_8-x86_64-qcow2_customize-boot.json @@ -9742,6 +9742,17 @@ } }, "default-target": "graphical.target", + "dnf": { + "dnf.conf": { + "main": { + "best": "True", + "clean_requirements_on_remove": "True", + "gpgcheck": "1", + "installonly_limit": "3", + "skip_if_unavailable": "False" + } + } + }, "dracut": { "/usr/lib/dracut/dracut.conf.d": { "01-dist.conf": { @@ -10524,6 +10535,49 @@ "tuned.service", "unbound-anchor.timer" ], + "ssh_config": { + "/etc/ssh": { + "ssh_config": [ + "Include /etc/ssh/ssh_config.d/*.conf" + ] + }, + "/etc/ssh/ssh_config.d": { + "05-redhat.conf": [ + "Match final all", + "Include /etc/crypto-policies/back-ends/openssh.config", + "GSSAPIAuthentication yes", + "ForwardX11Trusted yes", + "SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "SendEnv XMODIFIERS" + ] + } + }, + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "HostKey /etc/ssh/ssh_host_rsa_key", + "HostKey /etc/ssh/ssh_host_ecdsa_key", + "HostKey /etc/ssh/ssh_host_ed25519_key", + "SyslogFacility AUTHPRIV", + "PermitRootLogin yes", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "PasswordAuthentication yes", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no", + "AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "AcceptEnv XMODIFIERS", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server" + ] + } + }, "sudoers": { "/etc/sudoers": [ "Defaults !visiblepw", diff --git a/test/data/manifests/rhel_8-x86_64-rhel_edge_commit-boot.json b/test/data/manifests/rhel_8-x86_64-rhel_edge_commit-boot.json index 7cdf6c953..4cb7f188d 100644 --- a/test/data/manifests/rhel_8-x86_64-rhel_edge_commit-boot.json +++ b/test/data/manifests/rhel_8-x86_64-rhel_edge_commit-boot.json @@ -9138,6 +9138,49 @@ "sshd.service", "timedatex.service" ], + "ssh_config": { + "/etc/ssh": { + "ssh_config": [ + "Include /etc/ssh/ssh_config.d/*.conf" + ] + }, + "/etc/ssh/ssh_config.d": { + "05-redhat.conf": [ + "Match final all", + "Include /etc/crypto-policies/back-ends/openssh.config", + "GSSAPIAuthentication yes", + "ForwardX11Trusted yes", + "SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "SendEnv XMODIFIERS" + ] + } + }, + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "HostKey /etc/ssh/ssh_host_rsa_key", + "HostKey /etc/ssh/ssh_host_ecdsa_key", + "HostKey /etc/ssh/ssh_host_ed25519_key", + "SyslogFacility AUTHPRIV", + "PermitRootLogin yes", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "PasswordAuthentication yes", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no", + "AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "AcceptEnv XMODIFIERS", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server" + ] + } + }, "sudoers": { "/etc/sudoers": [ "Defaults !visiblepw", diff --git a/test/data/manifests/rhel_8-x86_64-rhel_edge_commit_rt-boot.json b/test/data/manifests/rhel_8-x86_64-rhel_edge_commit_rt-boot.json index 7212da900..aff7ae455 100644 --- a/test/data/manifests/rhel_8-x86_64-rhel_edge_commit_rt-boot.json +++ b/test/data/manifests/rhel_8-x86_64-rhel_edge_commit_rt-boot.json @@ -9584,6 +9584,49 @@ "timedatex.service", "tuned.service" ], + "ssh_config": { + "/etc/ssh": { + "ssh_config": [ + "Include /etc/ssh/ssh_config.d/*.conf" + ] + }, + "/etc/ssh/ssh_config.d": { + "05-redhat.conf": [ + "Match final all", + "Include /etc/crypto-policies/back-ends/openssh.config", + "GSSAPIAuthentication yes", + "ForwardX11Trusted yes", + "SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "SendEnv XMODIFIERS" + ] + } + }, + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "HostKey /etc/ssh/ssh_host_rsa_key", + "HostKey /etc/ssh/ssh_host_ecdsa_key", + "HostKey /etc/ssh/ssh_host_ed25519_key", + "SyslogFacility AUTHPRIV", + "PermitRootLogin yes", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "PasswordAuthentication yes", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no", + "AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "AcceptEnv XMODIFIERS", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server" + ] + } + }, "sudoers": { "/etc/sudoers": [ "Defaults !visiblepw", diff --git a/test/data/manifests/rhel_8-x86_64-tar-boot.json b/test/data/manifests/rhel_8-x86_64-tar-boot.json index a5bc1ab2d..3aff57100 100644 --- a/test/data/manifests/rhel_8-x86_64-tar-boot.json +++ b/test/data/manifests/rhel_8-x86_64-tar-boot.json @@ -5832,6 +5832,30 @@ "selinux-autorelabel-mark.service", "sshd.service" ], + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "HostKey /etc/ssh/ssh_host_rsa_key", + "HostKey /etc/ssh/ssh_host_ecdsa_key", + "HostKey /etc/ssh/ssh_host_ed25519_key", + "SyslogFacility AUTHPRIV", + "PermitRootLogin yes", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "PasswordAuthentication yes", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no", + "AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "AcceptEnv XMODIFIERS", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server" + ] + } + }, "sysctl.d": { "/usr/lib/sysctl.d": { "10-default-yama-scope.conf": [ diff --git a/test/data/manifests/rhel_8-x86_64-vhd-boot.json b/test/data/manifests/rhel_8-x86_64-vhd-boot.json index e4dcd817f..d6ed81e43 100644 --- a/test/data/manifests/rhel_8-x86_64-vhd-boot.json +++ b/test/data/manifests/rhel_8-x86_64-vhd-boot.json @@ -9137,6 +9137,17 @@ } }, "default-target": "multi-user.target", + "dnf": { + "dnf.conf": { + "main": { + "best": "True", + "clean_requirements_on_remove": "True", + "gpgcheck": "1", + "installonly_limit": "3", + "skip_if_unavailable": "False" + } + } + }, "dracut": { "/usr/lib/dracut/dracut.conf.d": { "01-dist.conf": { @@ -9862,6 +9873,49 @@ "unbound-anchor.timer", "waagent.service" ], + "ssh_config": { + "/etc/ssh": { + "ssh_config": [ + "Include /etc/ssh/ssh_config.d/*.conf" + ] + }, + "/etc/ssh/ssh_config.d": { + "05-redhat.conf": [ + "Match final all", + "Include /etc/crypto-policies/back-ends/openssh.config", + "GSSAPIAuthentication yes", + "ForwardX11Trusted yes", + "SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "SendEnv XMODIFIERS" + ] + } + }, + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "HostKey /etc/ssh/ssh_host_rsa_key", + "HostKey /etc/ssh/ssh_host_ecdsa_key", + "HostKey /etc/ssh/ssh_host_ed25519_key", + "SyslogFacility AUTHPRIV", + "PermitRootLogin yes", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "PasswordAuthentication yes", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no", + "AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "AcceptEnv XMODIFIERS", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server" + ] + } + }, "sudoers": { "/etc/sudoers": [ "Defaults !visiblepw", diff --git a/test/data/manifests/rhel_8-x86_64-vmdk-boot.json b/test/data/manifests/rhel_8-x86_64-vmdk-boot.json index 73485a2a7..f091125d9 100644 --- a/test/data/manifests/rhel_8-x86_64-vmdk-boot.json +++ b/test/data/manifests/rhel_8-x86_64-vmdk-boot.json @@ -8636,6 +8636,17 @@ ] }, "default-target": "graphical.target", + "dnf": { + "dnf.conf": { + "main": { + "best": "True", + "clean_requirements_on_remove": "True", + "gpgcheck": "1", + "installonly_limit": "3", + "skip_if_unavailable": "False" + } + } + }, "dracut": { "/usr/lib/dracut/dracut.conf.d": { "01-dist.conf": { @@ -9334,6 +9345,49 @@ "vgauthd.service", "vmtoolsd.service" ], + "ssh_config": { + "/etc/ssh": { + "ssh_config": [ + "Include /etc/ssh/ssh_config.d/*.conf" + ] + }, + "/etc/ssh/ssh_config.d": { + "05-redhat.conf": [ + "Match final all", + "Include /etc/crypto-policies/back-ends/openssh.config", + "GSSAPIAuthentication yes", + "ForwardX11Trusted yes", + "SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "SendEnv XMODIFIERS" + ] + } + }, + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "HostKey /etc/ssh/ssh_host_rsa_key", + "HostKey /etc/ssh/ssh_host_ecdsa_key", + "HostKey /etc/ssh/ssh_host_ed25519_key", + "SyslogFacility AUTHPRIV", + "PermitRootLogin yes", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "PasswordAuthentication yes", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no", + "AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "AcceptEnv XMODIFIERS", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server" + ] + } + }, "sudoers": { "/etc/sudoers": [ "Defaults !visiblepw", diff --git a/test/data/manifests/rhel_84-aarch64-ami-boot.json b/test/data/manifests/rhel_84-aarch64-ami-boot.json index 76a0432f1..bc51bddcb 100644 --- a/test/data/manifests/rhel_84-aarch64-ami-boot.json +++ b/test/data/manifests/rhel_84-aarch64-ami-boot.json @@ -9241,6 +9241,17 @@ } }, "default-target": "multi-user.target", + "dnf": { + "dnf.conf": { + "main": { + "best": "True", + "clean_requirements_on_remove": "True", + "gpgcheck": "1", + "installonly_limit": "3", + "skip_if_unavailable": "False" + } + } + }, "dracut": { "/usr/lib/dracut/dracut.conf.d": { "01-dist.conf": { @@ -9996,6 +10007,49 @@ "udisks2.service", "unbound-anchor.timer" ], + "ssh_config": { + "/etc/ssh": { + "ssh_config": [ + "Include /etc/ssh/ssh_config.d/*.conf" + ] + }, + "/etc/ssh/ssh_config.d": { + "05-redhat.conf": [ + "Match final all", + "Include /etc/crypto-policies/back-ends/openssh.config", + "GSSAPIAuthentication yes", + "ForwardX11Trusted yes", + "SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "SendEnv XMODIFIERS" + ] + } + }, + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "HostKey /etc/ssh/ssh_host_rsa_key", + "HostKey /etc/ssh/ssh_host_ecdsa_key", + "HostKey /etc/ssh/ssh_host_ed25519_key", + "SyslogFacility AUTHPRIV", + "PermitRootLogin yes", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "PasswordAuthentication yes", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no", + "AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "AcceptEnv XMODIFIERS", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server" + ] + } + }, "sudoers": { "/etc/sudoers": [ "Defaults !visiblepw", diff --git a/test/data/manifests/rhel_84-aarch64-openstack-boot.json b/test/data/manifests/rhel_84-aarch64-openstack-boot.json index 6c602a26b..47c9a8821 100644 --- a/test/data/manifests/rhel_84-aarch64-openstack-boot.json +++ b/test/data/manifests/rhel_84-aarch64-openstack-boot.json @@ -9692,6 +9692,17 @@ } }, "default-target": "graphical.target", + "dnf": { + "dnf.conf": { + "main": { + "best": "True", + "clean_requirements_on_remove": "True", + "gpgcheck": "1", + "installonly_limit": "3", + "skip_if_unavailable": "False" + } + } + }, "dracut": { "/usr/lib/dracut/dracut.conf.d": { "01-dist.conf": { @@ -10485,6 +10496,49 @@ "udisks2.service", "unbound-anchor.timer" ], + "ssh_config": { + "/etc/ssh": { + "ssh_config": [ + "Include /etc/ssh/ssh_config.d/*.conf" + ] + }, + "/etc/ssh/ssh_config.d": { + "05-redhat.conf": [ + "Match final all", + "Include /etc/crypto-policies/back-ends/openssh.config", + "GSSAPIAuthentication yes", + "ForwardX11Trusted yes", + "SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "SendEnv XMODIFIERS" + ] + } + }, + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "HostKey /etc/ssh/ssh_host_rsa_key", + "HostKey /etc/ssh/ssh_host_ecdsa_key", + "HostKey /etc/ssh/ssh_host_ed25519_key", + "SyslogFacility AUTHPRIV", + "PermitRootLogin yes", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "PasswordAuthentication yes", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no", + "AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "AcceptEnv XMODIFIERS", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server" + ] + } + }, "sudoers": { "/etc/sudoers": [ "Defaults !visiblepw", diff --git a/test/data/manifests/rhel_84-aarch64-qcow2-boot.json b/test/data/manifests/rhel_84-aarch64-qcow2-boot.json index 80fa31c47..6d6010bf7 100644 --- a/test/data/manifests/rhel_84-aarch64-qcow2-boot.json +++ b/test/data/manifests/rhel_84-aarch64-qcow2-boot.json @@ -9726,6 +9726,17 @@ } }, "default-target": "multi-user.target", + "dnf": { + "dnf.conf": { + "main": { + "best": "True", + "clean_requirements_on_remove": "True", + "gpgcheck": "1", + "installonly_limit": "3", + "skip_if_unavailable": "False" + } + } + }, "dracut": { "/usr/lib/dracut/dracut.conf.d": { "01-dist.conf": { @@ -10532,6 +10543,49 @@ "tuned.service", "unbound-anchor.timer" ], + "ssh_config": { + "/etc/ssh": { + "ssh_config": [ + "Include /etc/ssh/ssh_config.d/*.conf" + ] + }, + "/etc/ssh/ssh_config.d": { + "05-redhat.conf": [ + "Match final all", + "Include /etc/crypto-policies/back-ends/openssh.config", + "GSSAPIAuthentication yes", + "ForwardX11Trusted yes", + "SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "SendEnv XMODIFIERS" + ] + } + }, + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "HostKey /etc/ssh/ssh_host_rsa_key", + "HostKey /etc/ssh/ssh_host_ecdsa_key", + "HostKey /etc/ssh/ssh_host_ed25519_key", + "SyslogFacility AUTHPRIV", + "PermitRootLogin yes", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "PasswordAuthentication yes", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no", + "AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "AcceptEnv XMODIFIERS", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server" + ] + } + }, "sudoers": { "/etc/sudoers": [ "Defaults !visiblepw", diff --git a/test/data/manifests/rhel_84-aarch64-qcow2_customize-boot.json b/test/data/manifests/rhel_84-aarch64-qcow2_customize-boot.json index 28c8f68c7..3bee85289 100644 --- a/test/data/manifests/rhel_84-aarch64-qcow2_customize-boot.json +++ b/test/data/manifests/rhel_84-aarch64-qcow2_customize-boot.json @@ -9837,6 +9837,17 @@ } }, "default-target": "multi-user.target", + "dnf": { + "dnf.conf": { + "main": { + "best": "True", + "clean_requirements_on_remove": "True", + "gpgcheck": "1", + "installonly_limit": "3", + "skip_if_unavailable": "False" + } + } + }, "dracut": { "/usr/lib/dracut/dracut.conf.d": { "01-dist.conf": { @@ -10653,6 +10664,49 @@ "tuned.service", "unbound-anchor.timer" ], + "ssh_config": { + "/etc/ssh": { + "ssh_config": [ + "Include /etc/ssh/ssh_config.d/*.conf" + ] + }, + "/etc/ssh/ssh_config.d": { + "05-redhat.conf": [ + "Match final all", + "Include /etc/crypto-policies/back-ends/openssh.config", + "GSSAPIAuthentication yes", + "ForwardX11Trusted yes", + "SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "SendEnv XMODIFIERS" + ] + } + }, + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "HostKey /etc/ssh/ssh_host_rsa_key", + "HostKey /etc/ssh/ssh_host_ecdsa_key", + "HostKey /etc/ssh/ssh_host_ed25519_key", + "SyslogFacility AUTHPRIV", + "PermitRootLogin yes", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "PasswordAuthentication yes", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no", + "AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "AcceptEnv XMODIFIERS", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server" + ] + } + }, "sudoers": { "/etc/sudoers": [ "Defaults !visiblepw", diff --git a/test/data/manifests/rhel_84-aarch64-rhel_edge_commit-boot.json b/test/data/manifests/rhel_84-aarch64-rhel_edge_commit-boot.json index f7bf981ff..91b7c4862 100644 --- a/test/data/manifests/rhel_84-aarch64-rhel_edge_commit-boot.json +++ b/test/data/manifests/rhel_84-aarch64-rhel_edge_commit-boot.json @@ -9226,6 +9226,49 @@ "timedatex.service", "udisks2.service" ], + "ssh_config": { + "/etc/ssh": { + "ssh_config": [ + "Include /etc/ssh/ssh_config.d/*.conf" + ] + }, + "/etc/ssh/ssh_config.d": { + "05-redhat.conf": [ + "Match final all", + "Include /etc/crypto-policies/back-ends/openssh.config", + "GSSAPIAuthentication yes", + "ForwardX11Trusted yes", + "SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "SendEnv XMODIFIERS" + ] + } + }, + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "HostKey /etc/ssh/ssh_host_rsa_key", + "HostKey /etc/ssh/ssh_host_ecdsa_key", + "HostKey /etc/ssh/ssh_host_ed25519_key", + "SyslogFacility AUTHPRIV", + "PermitRootLogin yes", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "PasswordAuthentication yes", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no", + "AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "AcceptEnv XMODIFIERS", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server" + ] + } + }, "sudoers": { "/etc/sudoers": [ "Defaults !visiblepw", diff --git a/test/data/manifests/rhel_84-aarch64-tar-boot.json b/test/data/manifests/rhel_84-aarch64-tar-boot.json index 061520ddb..9f488882e 100644 --- a/test/data/manifests/rhel_84-aarch64-tar-boot.json +++ b/test/data/manifests/rhel_84-aarch64-tar-boot.json @@ -5986,6 +5986,30 @@ "selinux-autorelabel-mark.service", "sshd.service" ], + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "HostKey /etc/ssh/ssh_host_rsa_key", + "HostKey /etc/ssh/ssh_host_ecdsa_key", + "HostKey /etc/ssh/ssh_host_ed25519_key", + "SyslogFacility AUTHPRIV", + "PermitRootLogin yes", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "PasswordAuthentication yes", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no", + "AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "AcceptEnv XMODIFIERS", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server" + ] + } + }, "sysconfig": { "kernel": { "DEFAULTKERNEL": "kernel", diff --git a/test/data/manifests/rhel_84-ppc64le-qcow2-boot.json b/test/data/manifests/rhel_84-ppc64le-qcow2-boot.json index c2dd982fb..0ef0c53b5 100644 --- a/test/data/manifests/rhel_84-ppc64le-qcow2-boot.json +++ b/test/data/manifests/rhel_84-ppc64le-qcow2-boot.json @@ -10484,6 +10484,17 @@ } }, "default-target": "multi-user.target", + "dnf": { + "dnf.conf": { + "main": { + "best": "True", + "clean_requirements_on_remove": "True", + "gpgcheck": "1", + "installonly_limit": "3", + "skip_if_unavailable": "False" + } + } + }, "dracut": { "/usr/lib/dracut/dracut.conf.d": { "01-dist.conf": { @@ -11333,6 +11344,49 @@ "tuned.service", "unbound-anchor.timer" ], + "ssh_config": { + "/etc/ssh": { + "ssh_config": [ + "Include /etc/ssh/ssh_config.d/*.conf" + ] + }, + "/etc/ssh/ssh_config.d": { + "05-redhat.conf": [ + "Match final all", + "Include /etc/crypto-policies/back-ends/openssh.config", + "GSSAPIAuthentication yes", + "ForwardX11Trusted yes", + "SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "SendEnv XMODIFIERS" + ] + } + }, + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "HostKey /etc/ssh/ssh_host_rsa_key", + "HostKey /etc/ssh/ssh_host_ecdsa_key", + "HostKey /etc/ssh/ssh_host_ed25519_key", + "SyslogFacility AUTHPRIV", + "PermitRootLogin yes", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "PasswordAuthentication yes", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no", + "AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "AcceptEnv XMODIFIERS", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server" + ] + } + }, "sudoers": { "/etc/sudoers": [ "Defaults !visiblepw", diff --git a/test/data/manifests/rhel_84-ppc64le-qcow2_customize-boot.json b/test/data/manifests/rhel_84-ppc64le-qcow2_customize-boot.json index bb3bee24c..6b53eba9b 100644 --- a/test/data/manifests/rhel_84-ppc64le-qcow2_customize-boot.json +++ b/test/data/manifests/rhel_84-ppc64le-qcow2_customize-boot.json @@ -10595,6 +10595,17 @@ } }, "default-target": "multi-user.target", + "dnf": { + "dnf.conf": { + "main": { + "best": "True", + "clean_requirements_on_remove": "True", + "gpgcheck": "1", + "installonly_limit": "3", + "skip_if_unavailable": "False" + } + } + }, "dracut": { "/usr/lib/dracut/dracut.conf.d": { "01-dist.conf": { @@ -11454,6 +11465,49 @@ "tuned.service", "unbound-anchor.timer" ], + "ssh_config": { + "/etc/ssh": { + "ssh_config": [ + "Include /etc/ssh/ssh_config.d/*.conf" + ] + }, + "/etc/ssh/ssh_config.d": { + "05-redhat.conf": [ + "Match final all", + "Include /etc/crypto-policies/back-ends/openssh.config", + "GSSAPIAuthentication yes", + "ForwardX11Trusted yes", + "SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "SendEnv XMODIFIERS" + ] + } + }, + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "HostKey /etc/ssh/ssh_host_rsa_key", + "HostKey /etc/ssh/ssh_host_ecdsa_key", + "HostKey /etc/ssh/ssh_host_ed25519_key", + "SyslogFacility AUTHPRIV", + "PermitRootLogin yes", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "PasswordAuthentication yes", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no", + "AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "AcceptEnv XMODIFIERS", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server" + ] + } + }, "sudoers": { "/etc/sudoers": [ "Defaults !visiblepw", diff --git a/test/data/manifests/rhel_84-ppc64le-tar-boot.json b/test/data/manifests/rhel_84-ppc64le-tar-boot.json index 3014a8d71..4688c7098 100644 --- a/test/data/manifests/rhel_84-ppc64le-tar-boot.json +++ b/test/data/manifests/rhel_84-ppc64le-tar-boot.json @@ -6089,6 +6089,30 @@ "selinux-autorelabel-mark.service", "sshd.service" ], + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "HostKey /etc/ssh/ssh_host_rsa_key", + "HostKey /etc/ssh/ssh_host_ecdsa_key", + "HostKey /etc/ssh/ssh_host_ed25519_key", + "SyslogFacility AUTHPRIV", + "PermitRootLogin yes", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "PasswordAuthentication yes", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no", + "AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "AcceptEnv XMODIFIERS", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server" + ] + } + }, "sysconfig": { "kernel": { "DEFAULTKERNEL": "kernel", diff --git a/test/data/manifests/rhel_84-s390x-qcow2-boot.json b/test/data/manifests/rhel_84-s390x-qcow2-boot.json index a886fac38..251da20c8 100644 --- a/test/data/manifests/rhel_84-s390x-qcow2-boot.json +++ b/test/data/manifests/rhel_84-s390x-qcow2-boot.json @@ -10392,6 +10392,17 @@ } }, "default-target": "multi-user.target", + "dnf": { + "dnf.conf": { + "main": { + "best": "True", + "clean_requirements_on_remove": "True", + "gpgcheck": "1", + "installonly_limit": "3", + "skip_if_unavailable": "False" + } + } + }, "dracut": { "/usr/lib/dracut/dracut.conf.d": { "01-dist.conf": { @@ -11210,6 +11221,49 @@ "tuned.service", "unbound-anchor.timer" ], + "ssh_config": { + "/etc/ssh": { + "ssh_config": [ + "Include /etc/ssh/ssh_config.d/*.conf" + ] + }, + "/etc/ssh/ssh_config.d": { + "05-redhat.conf": [ + "Match final all", + "Include /etc/crypto-policies/back-ends/openssh.config", + "GSSAPIAuthentication yes", + "ForwardX11Trusted yes", + "SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "SendEnv XMODIFIERS" + ] + } + }, + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "HostKey /etc/ssh/ssh_host_rsa_key", + "HostKey /etc/ssh/ssh_host_ecdsa_key", + "HostKey /etc/ssh/ssh_host_ed25519_key", + "SyslogFacility AUTHPRIV", + "PermitRootLogin yes", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "PasswordAuthentication yes", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no", + "AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "AcceptEnv XMODIFIERS", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server" + ] + } + }, "sudoers": { "/etc/sudoers": [ "Defaults !visiblepw", diff --git a/test/data/manifests/rhel_84-s390x-qcow2_customize-boot.json b/test/data/manifests/rhel_84-s390x-qcow2_customize-boot.json index 092b9ab0a..92bce03b4 100644 --- a/test/data/manifests/rhel_84-s390x-qcow2_customize-boot.json +++ b/test/data/manifests/rhel_84-s390x-qcow2_customize-boot.json @@ -10503,6 +10503,17 @@ } }, "default-target": "multi-user.target", + "dnf": { + "dnf.conf": { + "main": { + "best": "True", + "clean_requirements_on_remove": "True", + "gpgcheck": "1", + "installonly_limit": "3", + "skip_if_unavailable": "False" + } + } + }, "dracut": { "/usr/lib/dracut/dracut.conf.d": { "01-dist.conf": { @@ -11331,6 +11342,49 @@ "tuned.service", "unbound-anchor.timer" ], + "ssh_config": { + "/etc/ssh": { + "ssh_config": [ + "Include /etc/ssh/ssh_config.d/*.conf" + ] + }, + "/etc/ssh/ssh_config.d": { + "05-redhat.conf": [ + "Match final all", + "Include /etc/crypto-policies/back-ends/openssh.config", + "GSSAPIAuthentication yes", + "ForwardX11Trusted yes", + "SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "SendEnv XMODIFIERS" + ] + } + }, + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "HostKey /etc/ssh/ssh_host_rsa_key", + "HostKey /etc/ssh/ssh_host_ecdsa_key", + "HostKey /etc/ssh/ssh_host_ed25519_key", + "SyslogFacility AUTHPRIV", + "PermitRootLogin yes", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "PasswordAuthentication yes", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no", + "AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "AcceptEnv XMODIFIERS", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server" + ] + } + }, "sudoers": { "/etc/sudoers": [ "Defaults !visiblepw", diff --git a/test/data/manifests/rhel_84-x86_64-ami-boot.json b/test/data/manifests/rhel_84-x86_64-ami-boot.json index b78c02239..e7ca21f98 100644 --- a/test/data/manifests/rhel_84-x86_64-ami-boot.json +++ b/test/data/manifests/rhel_84-x86_64-ami-boot.json @@ -9402,6 +9402,17 @@ } }, "default-target": "multi-user.target", + "dnf": { + "dnf.conf": { + "main": { + "best": "True", + "clean_requirements_on_remove": "True", + "gpgcheck": "1", + "installonly_limit": "3", + "skip_if_unavailable": "False" + } + } + }, "dracut": { "/usr/lib/dracut/dracut.conf.d": { "01-dist.conf": { @@ -10182,6 +10193,49 @@ "udisks2.service", "unbound-anchor.timer" ], + "ssh_config": { + "/etc/ssh": { + "ssh_config": [ + "Include /etc/ssh/ssh_config.d/*.conf" + ] + }, + "/etc/ssh/ssh_config.d": { + "05-redhat.conf": [ + "Match final all", + "Include /etc/crypto-policies/back-ends/openssh.config", + "GSSAPIAuthentication yes", + "ForwardX11Trusted yes", + "SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "SendEnv XMODIFIERS" + ] + } + }, + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "HostKey /etc/ssh/ssh_host_rsa_key", + "HostKey /etc/ssh/ssh_host_ecdsa_key", + "HostKey /etc/ssh/ssh_host_ed25519_key", + "SyslogFacility AUTHPRIV", + "PermitRootLogin yes", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "PasswordAuthentication yes", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no", + "AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "AcceptEnv XMODIFIERS", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server" + ] + } + }, "sudoers": { "/etc/sudoers": [ "Defaults !visiblepw", diff --git a/test/data/manifests/rhel_84-x86_64-openstack-boot.json b/test/data/manifests/rhel_84-x86_64-openstack-boot.json index a728694f7..158a94d6a 100644 --- a/test/data/manifests/rhel_84-x86_64-openstack-boot.json +++ b/test/data/manifests/rhel_84-x86_64-openstack-boot.json @@ -9868,6 +9868,17 @@ } }, "default-target": "graphical.target", + "dnf": { + "dnf.conf": { + "main": { + "best": "True", + "clean_requirements_on_remove": "True", + "gpgcheck": "1", + "installonly_limit": "3", + "skip_if_unavailable": "False" + } + } + }, "dracut": { "/usr/lib/dracut/dracut.conf.d": { "01-dist.conf": { @@ -10687,6 +10698,49 @@ "udisks2.service", "unbound-anchor.timer" ], + "ssh_config": { + "/etc/ssh": { + "ssh_config": [ + "Include /etc/ssh/ssh_config.d/*.conf" + ] + }, + "/etc/ssh/ssh_config.d": { + "05-redhat.conf": [ + "Match final all", + "Include /etc/crypto-policies/back-ends/openssh.config", + "GSSAPIAuthentication yes", + "ForwardX11Trusted yes", + "SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "SendEnv XMODIFIERS" + ] + } + }, + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "HostKey /etc/ssh/ssh_host_rsa_key", + "HostKey /etc/ssh/ssh_host_ecdsa_key", + "HostKey /etc/ssh/ssh_host_ed25519_key", + "SyslogFacility AUTHPRIV", + "PermitRootLogin yes", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "PasswordAuthentication yes", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no", + "AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "AcceptEnv XMODIFIERS", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server" + ] + } + }, "sudoers": { "/etc/sudoers": [ "Defaults !visiblepw", diff --git a/test/data/manifests/rhel_84-x86_64-qcow2-boot.json b/test/data/manifests/rhel_84-x86_64-qcow2-boot.json index a6768b311..261c98067 100644 --- a/test/data/manifests/rhel_84-x86_64-qcow2-boot.json +++ b/test/data/manifests/rhel_84-x86_64-qcow2-boot.json @@ -9857,6 +9857,17 @@ } }, "default-target": "multi-user.target", + "dnf": { + "dnf.conf": { + "main": { + "best": "True", + "clean_requirements_on_remove": "True", + "gpgcheck": "1", + "installonly_limit": "3", + "skip_if_unavailable": "False" + } + } + }, "dracut": { "/usr/lib/dracut/dracut.conf.d": { "01-dist.conf": { @@ -10686,6 +10697,49 @@ "tuned.service", "unbound-anchor.timer" ], + "ssh_config": { + "/etc/ssh": { + "ssh_config": [ + "Include /etc/ssh/ssh_config.d/*.conf" + ] + }, + "/etc/ssh/ssh_config.d": { + "05-redhat.conf": [ + "Match final all", + "Include /etc/crypto-policies/back-ends/openssh.config", + "GSSAPIAuthentication yes", + "ForwardX11Trusted yes", + "SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "SendEnv XMODIFIERS" + ] + } + }, + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "HostKey /etc/ssh/ssh_host_rsa_key", + "HostKey /etc/ssh/ssh_host_ecdsa_key", + "HostKey /etc/ssh/ssh_host_ed25519_key", + "SyslogFacility AUTHPRIV", + "PermitRootLogin yes", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "PasswordAuthentication yes", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no", + "AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "AcceptEnv XMODIFIERS", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server" + ] + } + }, "sudoers": { "/etc/sudoers": [ "Defaults !visiblepw", diff --git a/test/data/manifests/rhel_84-x86_64-qcow2_customize-boot.json b/test/data/manifests/rhel_84-x86_64-qcow2_customize-boot.json index 1bd4e3ab9..6f3dd7c95 100644 --- a/test/data/manifests/rhel_84-x86_64-qcow2_customize-boot.json +++ b/test/data/manifests/rhel_84-x86_64-qcow2_customize-boot.json @@ -9968,6 +9968,17 @@ } }, "default-target": "multi-user.target", + "dnf": { + "dnf.conf": { + "main": { + "best": "True", + "clean_requirements_on_remove": "True", + "gpgcheck": "1", + "installonly_limit": "3", + "skip_if_unavailable": "False" + } + } + }, "dracut": { "/usr/lib/dracut/dracut.conf.d": { "01-dist.conf": { @@ -10807,6 +10818,49 @@ "tuned.service", "unbound-anchor.timer" ], + "ssh_config": { + "/etc/ssh": { + "ssh_config": [ + "Include /etc/ssh/ssh_config.d/*.conf" + ] + }, + "/etc/ssh/ssh_config.d": { + "05-redhat.conf": [ + "Match final all", + "Include /etc/crypto-policies/back-ends/openssh.config", + "GSSAPIAuthentication yes", + "ForwardX11Trusted yes", + "SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "SendEnv XMODIFIERS" + ] + } + }, + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "HostKey /etc/ssh/ssh_host_rsa_key", + "HostKey /etc/ssh/ssh_host_ecdsa_key", + "HostKey /etc/ssh/ssh_host_ed25519_key", + "SyslogFacility AUTHPRIV", + "PermitRootLogin yes", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "PasswordAuthentication yes", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no", + "AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "AcceptEnv XMODIFIERS", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server" + ] + } + }, "sudoers": { "/etc/sudoers": [ "Defaults !visiblepw", diff --git a/test/data/manifests/rhel_84-x86_64-rhel_edge_commit-boot.json b/test/data/manifests/rhel_84-x86_64-rhel_edge_commit-boot.json index fc1e2512b..72d38ddd0 100644 --- a/test/data/manifests/rhel_84-x86_64-rhel_edge_commit-boot.json +++ b/test/data/manifests/rhel_84-x86_64-rhel_edge_commit-boot.json @@ -9540,6 +9540,49 @@ "timedatex.service", "udisks2.service" ], + "ssh_config": { + "/etc/ssh": { + "ssh_config": [ + "Include /etc/ssh/ssh_config.d/*.conf" + ] + }, + "/etc/ssh/ssh_config.d": { + "05-redhat.conf": [ + "Match final all", + "Include /etc/crypto-policies/back-ends/openssh.config", + "GSSAPIAuthentication yes", + "ForwardX11Trusted yes", + "SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "SendEnv XMODIFIERS" + ] + } + }, + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "HostKey /etc/ssh/ssh_host_rsa_key", + "HostKey /etc/ssh/ssh_host_ecdsa_key", + "HostKey /etc/ssh/ssh_host_ed25519_key", + "SyslogFacility AUTHPRIV", + "PermitRootLogin yes", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "PasswordAuthentication yes", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no", + "AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "AcceptEnv XMODIFIERS", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server" + ] + } + }, "sudoers": { "/etc/sudoers": [ "Defaults !visiblepw", diff --git a/test/data/manifests/rhel_84-x86_64-rhel_edge_commit_rt-boot.json b/test/data/manifests/rhel_84-x86_64-rhel_edge_commit_rt-boot.json index 3f47ead9e..b9d22f782 100644 --- a/test/data/manifests/rhel_84-x86_64-rhel_edge_commit_rt-boot.json +++ b/test/data/manifests/rhel_84-x86_64-rhel_edge_commit_rt-boot.json @@ -9937,6 +9937,49 @@ "tuned.service", "udisks2.service" ], + "ssh_config": { + "/etc/ssh": { + "ssh_config": [ + "Include /etc/ssh/ssh_config.d/*.conf" + ] + }, + "/etc/ssh/ssh_config.d": { + "05-redhat.conf": [ + "Match final all", + "Include /etc/crypto-policies/back-ends/openssh.config", + "GSSAPIAuthentication yes", + "ForwardX11Trusted yes", + "SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "SendEnv XMODIFIERS" + ] + } + }, + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "HostKey /etc/ssh/ssh_host_rsa_key", + "HostKey /etc/ssh/ssh_host_ecdsa_key", + "HostKey /etc/ssh/ssh_host_ed25519_key", + "SyslogFacility AUTHPRIV", + "PermitRootLogin yes", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "PasswordAuthentication yes", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no", + "AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "AcceptEnv XMODIFIERS", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server" + ] + } + }, "sudoers": { "/etc/sudoers": [ "Defaults !visiblepw", diff --git a/test/data/manifests/rhel_84-x86_64-tar-boot.json b/test/data/manifests/rhel_84-x86_64-tar-boot.json index aaf3fd1c1..9d438218d 100644 --- a/test/data/manifests/rhel_84-x86_64-tar-boot.json +++ b/test/data/manifests/rhel_84-x86_64-tar-boot.json @@ -6061,6 +6061,30 @@ "selinux-autorelabel-mark.service", "sshd.service" ], + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "HostKey /etc/ssh/ssh_host_rsa_key", + "HostKey /etc/ssh/ssh_host_ecdsa_key", + "HostKey /etc/ssh/ssh_host_ed25519_key", + "SyslogFacility AUTHPRIV", + "PermitRootLogin yes", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "PasswordAuthentication yes", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no", + "AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "AcceptEnv XMODIFIERS", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server" + ] + } + }, "sysconfig": { "kernel": { "DEFAULTKERNEL": "kernel", diff --git a/test/data/manifests/rhel_84-x86_64-vhd-boot.json b/test/data/manifests/rhel_84-x86_64-vhd-boot.json index 010a6a55c..13e94486b 100644 --- a/test/data/manifests/rhel_84-x86_64-vhd-boot.json +++ b/test/data/manifests/rhel_84-x86_64-vhd-boot.json @@ -9919,6 +9919,17 @@ } }, "default-target": "multi-user.target", + "dnf": { + "dnf.conf": { + "main": { + "best": "True", + "clean_requirements_on_remove": "True", + "gpgcheck": "1", + "installonly_limit": "3", + "skip_if_unavailable": "False" + } + } + }, "dracut": { "/usr/lib/dracut/dracut.conf.d": { "01-dist.conf": { @@ -10746,6 +10757,49 @@ "unbound-anchor.timer", "waagent.service" ], + "ssh_config": { + "/etc/ssh": { + "ssh_config": [ + "Include /etc/ssh/ssh_config.d/*.conf" + ] + }, + "/etc/ssh/ssh_config.d": { + "05-redhat.conf": [ + "Match final all", + "Include /etc/crypto-policies/back-ends/openssh.config", + "GSSAPIAuthentication yes", + "ForwardX11Trusted yes", + "SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "SendEnv XMODIFIERS" + ] + } + }, + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "HostKey /etc/ssh/ssh_host_rsa_key", + "HostKey /etc/ssh/ssh_host_ecdsa_key", + "HostKey /etc/ssh/ssh_host_ed25519_key", + "SyslogFacility AUTHPRIV", + "PermitRootLogin yes", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "PasswordAuthentication yes", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no", + "AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "AcceptEnv XMODIFIERS", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server" + ] + } + }, "sudoers": { "/etc/sudoers": [ "Defaults !visiblepw", diff --git a/test/data/manifests/rhel_84-x86_64-vmdk-boot.json b/test/data/manifests/rhel_84-x86_64-vmdk-boot.json index 38a239348..db3ddcaab 100644 --- a/test/data/manifests/rhel_84-x86_64-vmdk-boot.json +++ b/test/data/manifests/rhel_84-x86_64-vmdk-boot.json @@ -9526,6 +9526,17 @@ ] }, "default-target": "graphical.target", + "dnf": { + "dnf.conf": { + "main": { + "best": "True", + "clean_requirements_on_remove": "True", + "gpgcheck": "1", + "installonly_limit": "3", + "skip_if_unavailable": "False" + } + } + }, "dracut": { "/usr/lib/dracut/dracut.conf.d": { "01-dist.conf": { @@ -10331,6 +10342,49 @@ "vgauthd.service", "vmtoolsd.service" ], + "ssh_config": { + "/etc/ssh": { + "ssh_config": [ + "Include /etc/ssh/ssh_config.d/*.conf" + ] + }, + "/etc/ssh/ssh_config.d": { + "05-redhat.conf": [ + "Match final all", + "Include /etc/crypto-policies/back-ends/openssh.config", + "GSSAPIAuthentication yes", + "ForwardX11Trusted yes", + "SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "SendEnv XMODIFIERS" + ] + } + }, + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "HostKey /etc/ssh/ssh_host_rsa_key", + "HostKey /etc/ssh/ssh_host_ecdsa_key", + "HostKey /etc/ssh/ssh_host_ed25519_key", + "SyslogFacility AUTHPRIV", + "PermitRootLogin yes", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "PasswordAuthentication yes", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no", + "AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "AcceptEnv XMODIFIERS", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server" + ] + } + }, "sudoers": { "/etc/sudoers": [ "Defaults !visiblepw", diff --git a/test/data/manifests/rhel_85-aarch64-ami-boot.json b/test/data/manifests/rhel_85-aarch64-ami-boot.json index 4e04ea3e8..9083af9e2 100644 --- a/test/data/manifests/rhel_85-aarch64-ami-boot.json +++ b/test/data/manifests/rhel_85-aarch64-ami-boot.json @@ -10170,6 +10170,17 @@ } }, "default-target": "multi-user.target", + "dnf": { + "dnf.conf": { + "main": { + "best": "True", + "clean_requirements_on_remove": "True", + "gpgcheck": "1", + "installonly_limit": "3", + "skip_if_unavailable": "False" + } + } + }, "dracut": { "/usr/lib/dracut/dracut.conf.d": { "01-dist.conf": { @@ -10969,6 +10980,49 @@ "udisks2.service", "unbound-anchor.timer" ], + "ssh_config": { + "/etc/ssh": { + "ssh_config": [ + "Include /etc/ssh/ssh_config.d/*.conf" + ] + }, + "/etc/ssh/ssh_config.d": { + "05-redhat.conf": [ + "Match final all", + "Include /etc/crypto-policies/back-ends/openssh.config", + "GSSAPIAuthentication yes", + "ForwardX11Trusted yes", + "SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "SendEnv XMODIFIERS" + ] + } + }, + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "HostKey /etc/ssh/ssh_host_rsa_key", + "HostKey /etc/ssh/ssh_host_ecdsa_key", + "HostKey /etc/ssh/ssh_host_ed25519_key", + "SyslogFacility AUTHPRIV", + "PermitRootLogin yes", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "PasswordAuthentication no", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no", + "AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "AcceptEnv XMODIFIERS", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server" + ] + } + }, "sudoers": { "/etc/sudoers": [ "Defaults !visiblepw", diff --git a/test/data/manifests/rhel_85-aarch64-ec2-boot.json b/test/data/manifests/rhel_85-aarch64-ec2-boot.json index 0ac815aac..9349c8bda 100644 --- a/test/data/manifests/rhel_85-aarch64-ec2-boot.json +++ b/test/data/manifests/rhel_85-aarch64-ec2-boot.json @@ -10219,6 +10219,17 @@ } }, "default-target": "multi-user.target", + "dnf": { + "dnf.conf": { + "main": { + "best": "True", + "clean_requirements_on_remove": "True", + "gpgcheck": "1", + "installonly_limit": "3", + "skip_if_unavailable": "False" + } + } + }, "dracut": { "/usr/lib/dracut/dracut.conf.d": { "01-dist.conf": { @@ -11023,6 +11034,49 @@ "udisks2.service", "unbound-anchor.timer" ], + "ssh_config": { + "/etc/ssh": { + "ssh_config": [ + "Include /etc/ssh/ssh_config.d/*.conf" + ] + }, + "/etc/ssh/ssh_config.d": { + "05-redhat.conf": [ + "Match final all", + "Include /etc/crypto-policies/back-ends/openssh.config", + "GSSAPIAuthentication yes", + "ForwardX11Trusted yes", + "SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "SendEnv XMODIFIERS" + ] + } + }, + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "HostKey /etc/ssh/ssh_host_rsa_key", + "HostKey /etc/ssh/ssh_host_ecdsa_key", + "HostKey /etc/ssh/ssh_host_ed25519_key", + "SyslogFacility AUTHPRIV", + "PermitRootLogin yes", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "PasswordAuthentication no", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no", + "AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "AcceptEnv XMODIFIERS", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server" + ] + } + }, "sudoers": { "/etc/sudoers": [ "Defaults !visiblepw", @@ -11258,6 +11312,124 @@ "r! /tmp/.X[0-9]*-lock" ] } + }, + "yum_repos": { + "/etc/yum.repos.d": { + "redhat-rhui-beta.repo": { + "rhel-8-appstream-beta-rhui-debug-rpms": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta", + "mirrorlist": "https://rhui3.REGION.aws.ce.redhat.com/pulp/mirror/content/beta/rhel8/rhui/8/$basearch/appstream/debug", + "name": "Red Hat Enterprise Linux 8 for $basearch - AppStream Beta from RHUI (Debug RPMs)", + "sslcacert": "/etc/pki/rhui/cdn.redhat.com-chain.crt", + "sslclientcert": "/etc/pki/rhui/product/content-rhel8.crt", + "sslclientkey": "/etc/pki/rhui/content-rhel8.key", + "sslverify": "1" + }, + "rhel-8-appstream-beta-rhui-rpms": { + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta", + "mirrorlist": "https://rhui3.REGION.aws.ce.redhat.com/pulp/mirror/content/beta/rhel8/rhui/8/$basearch/appstream/os", + "name": "Red Hat Enterprise Linux 8 for $basearch - AppStream Beta from RHUI (RPMs)", + "sslcacert": "/etc/pki/rhui/cdn.redhat.com-chain.crt", + "sslclientcert": "/etc/pki/rhui/product/content-rhel8.crt", + "sslclientkey": "/etc/pki/rhui/content-rhel8.key", + "sslverify": "1" + }, + "rhel-8-appstream-beta-rhui-source-rpms": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta", + "mirrorlist": "https://rhui3.REGION.aws.ce.redhat.com/pulp/mirror/content/beta/rhel8/rhui/8/$basearch/appstream/source/SRPMS", + "name": "Red Hat Enterprise Linux 8 for $basearch - AppStream Beta from RHUI (Source RPMs)", + "sslcacert": "/etc/pki/rhui/cdn.redhat.com-chain.crt", + "sslclientcert": "/etc/pki/rhui/product/content-rhel8.crt", + "sslclientkey": "/etc/pki/rhui/content-rhel8.key", + "sslverify": "1" + }, + "rhel-8-baseos-beta-rhui-debug-rpms": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta", + "mirrorlist": "https://rhui3.REGION.aws.ce.redhat.com/pulp/mirror/content/beta/rhel8/rhui/8/$basearch/baseos/debug", + "name": "Red Hat Enterprise Linux 8 for $basearch - BaseOS Beta from RHUI (Debug RPMs)", + "sslcacert": "/etc/pki/rhui/cdn.redhat.com-chain.crt", + "sslclientcert": "/etc/pki/rhui/product/content-rhel8.crt", + "sslclientkey": "/etc/pki/rhui/content-rhel8.key", + "sslverify": "1" + }, + "rhel-8-baseos-beta-rhui-rpms": { + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta", + "mirrorlist": "https://rhui3.REGION.aws.ce.redhat.com/pulp/mirror/content/beta/rhel8/rhui/8/$basearch/baseos/os", + "name": "Red Hat Enterprise Linux 8 for $basearch - BaseOS Beta from RHUI (RPMs)", + "sslcacert": "/etc/pki/rhui/cdn.redhat.com-chain.crt", + "sslclientcert": "/etc/pki/rhui/product/content-rhel8.crt", + "sslclientkey": "/etc/pki/rhui/content-rhel8.key", + "sslverify": "1" + }, + "rhel-8-baseos-beta-rhui-source-rpms": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta", + "mirrorlist": "https://rhui3.REGION.aws.ce.redhat.com/pulp/mirror/content/beta/rhel8/rhui/8/$basearch/baseos/source/SRPMS", + "name": "Red Hat Enterprise Linux 8 for $basearch - BaseOS Beta from RHUI (Source RPMs)", + "sslcacert": "/etc/pki/rhui/cdn.redhat.com-chain.crt", + "sslclientcert": "/etc/pki/rhui/product/content-rhel8.crt", + "sslclientkey": "/etc/pki/rhui/content-rhel8.key", + "sslverify": "1" + }, + "rhel-8-supplementary-beta-debug-rhui-rpms": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta", + "mirrorlist": "https://rhui3.REGION.aws.ce.redhat.com/pulp/mirror//content/beta/rhel8/rhui/8/$basearch/supplementary/debug", + "name": "Red Hat Enterprise Linux 8 for $basearch - Supplementary Beta from RHUI (Debug RPMs)", + "sslcacert": "/etc/pki/rhui/cdn.redhat.com-chain.crt", + "sslclientcert": "/etc/pki/rhui/product/content-rhel8.crt", + "sslclientkey": "/etc/pki/rhui/content-rhel8.key", + "sslverify": "1" + }, + "rhel-8-supplementary-beta-rhui-rpms": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta", + "mirrorlist": "https://rhui3.REGION.aws.ce.redhat.com/pulp/mirror//content/beta/rhel8/rhui/8/$basearch/supplementary/os", + "name": "Red Hat Enterprise Linux 8 for $basearch - Supplementary Beta from RHUI (RPMs)", + "sslcacert": "/etc/pki/rhui/cdn.redhat.com-chain.crt", + "sslclientcert": "/etc/pki/rhui/product/content-rhel8.crt", + "sslclientkey": "/etc/pki/rhui/content-rhel8.key", + "sslverify": "1" + }, + "rhel-8-supplementary-beta-source-rhui-rpms": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta", + "mirrorlist": "https://rhui3.REGION.aws.ce.redhat.com/pulp/mirror//content/beta/rhel8/rhui/8/$basearch/supplementary/source/SRPMS", + "name": "Red Hat Enterprise Linux 8 for $basearch - Supplementary Beta from RHUI (Source RPMs)", + "sslcacert": "/etc/pki/rhui/cdn.redhat.com-chain.crt", + "sslclientcert": "/etc/pki/rhui/product/content-rhel8.crt", + "sslclientkey": "/etc/pki/rhui/content-rhel8.key", + "sslverify": "1" + } + }, + "redhat-rhui-client-config.repo": { + "rhui-client-config-server-8": { + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release", + "mirrorlist": "https://rhui3.REGION.aws.ce.redhat.com/pulp/mirror/protected/rhui-client-config/rhel/server/8/$basearch/os", + "name": "Red Hat Update Infrastructure 3 Client Configuration Server 8", + "sslcacert": "/etc/pki/rhui/cdn.redhat.com-chain.crt", + "sslclientcert": "/etc/pki/rhui/product/rhui-client-config-server-8.crt", + "sslclientkey": "/etc/pki/rhui/rhui-client-config-server-8.key", + "sslverify": "1" + } + } + } } } } diff --git a/test/data/manifests/rhel_85-aarch64-edge_commit-boot.json b/test/data/manifests/rhel_85-aarch64-edge_commit-boot.json index f86d34670..e692a4fa3 100644 --- a/test/data/manifests/rhel_85-aarch64-edge_commit-boot.json +++ b/test/data/manifests/rhel_85-aarch64-edge_commit-boot.json @@ -9812,6 +9812,49 @@ "timedatex.service", "udisks2.service" ], + "ssh_config": { + "/etc/ssh": { + "ssh_config": [ + "Include /etc/ssh/ssh_config.d/*.conf" + ] + }, + "/etc/ssh/ssh_config.d": { + "05-redhat.conf": [ + "Match final all", + "Include /etc/crypto-policies/back-ends/openssh.config", + "GSSAPIAuthentication yes", + "ForwardX11Trusted yes", + "SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "SendEnv XMODIFIERS" + ] + } + }, + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "HostKey /etc/ssh/ssh_host_rsa_key", + "HostKey /etc/ssh/ssh_host_ecdsa_key", + "HostKey /etc/ssh/ssh_host_ed25519_key", + "SyslogFacility AUTHPRIV", + "PermitRootLogin yes", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "PasswordAuthentication yes", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no", + "AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "AcceptEnv XMODIFIERS", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server" + ] + } + }, "sudoers": { "/etc/sudoers": [ "Defaults !visiblepw", diff --git a/test/data/manifests/rhel_85-aarch64-openstack-boot.json b/test/data/manifests/rhel_85-aarch64-openstack-boot.json index abcbc23cd..f738f7718 100644 --- a/test/data/manifests/rhel_85-aarch64-openstack-boot.json +++ b/test/data/manifests/rhel_85-aarch64-openstack-boot.json @@ -10350,6 +10350,17 @@ } }, "default-target": "graphical.target", + "dnf": { + "dnf.conf": { + "main": { + "best": "True", + "clean_requirements_on_remove": "True", + "gpgcheck": "1", + "installonly_limit": "3", + "skip_if_unavailable": "False" + } + } + }, "dracut": { "/usr/lib/dracut/dracut.conf.d": { "01-dist.conf": { @@ -11132,6 +11143,49 @@ "udisks2.service", "unbound-anchor.timer" ], + "ssh_config": { + "/etc/ssh": { + "ssh_config": [ + "Include /etc/ssh/ssh_config.d/*.conf" + ] + }, + "/etc/ssh/ssh_config.d": { + "05-redhat.conf": [ + "Match final all", + "Include /etc/crypto-policies/back-ends/openssh.config", + "GSSAPIAuthentication yes", + "ForwardX11Trusted yes", + "SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "SendEnv XMODIFIERS" + ] + } + }, + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "HostKey /etc/ssh/ssh_host_rsa_key", + "HostKey /etc/ssh/ssh_host_ecdsa_key", + "HostKey /etc/ssh/ssh_host_ed25519_key", + "SyslogFacility AUTHPRIV", + "PermitRootLogin yes", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "PasswordAuthentication yes", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no", + "AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "AcceptEnv XMODIFIERS", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server" + ] + } + }, "sudoers": { "/etc/sudoers": [ "Defaults !visiblepw", diff --git a/test/data/manifests/rhel_85-aarch64-qcow2-boot.json b/test/data/manifests/rhel_85-aarch64-qcow2-boot.json index 8a40cf474..9716f5ff2 100644 --- a/test/data/manifests/rhel_85-aarch64-qcow2-boot.json +++ b/test/data/manifests/rhel_85-aarch64-qcow2-boot.json @@ -10365,6 +10365,17 @@ } }, "default-target": "multi-user.target", + "dnf": { + "dnf.conf": { + "main": { + "best": "True", + "clean_requirements_on_remove": "True", + "gpgcheck": "1", + "installonly_limit": "3", + "skip_if_unavailable": "False" + } + } + }, "dracut": { "/usr/lib/dracut/dracut.conf.d": { "01-dist.conf": { @@ -11159,6 +11170,49 @@ "tuned.service", "unbound-anchor.timer" ], + "ssh_config": { + "/etc/ssh": { + "ssh_config": [ + "Include /etc/ssh/ssh_config.d/*.conf" + ] + }, + "/etc/ssh/ssh_config.d": { + "05-redhat.conf": [ + "Match final all", + "Include /etc/crypto-policies/back-ends/openssh.config", + "GSSAPIAuthentication yes", + "ForwardX11Trusted yes", + "SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "SendEnv XMODIFIERS" + ] + } + }, + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "HostKey /etc/ssh/ssh_host_rsa_key", + "HostKey /etc/ssh/ssh_host_ecdsa_key", + "HostKey /etc/ssh/ssh_host_ed25519_key", + "SyslogFacility AUTHPRIV", + "PermitRootLogin yes", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "PasswordAuthentication yes", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no", + "AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "AcceptEnv XMODIFIERS", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server" + ] + } + }, "sudoers": { "/etc/sudoers": [ "Defaults !visiblepw", diff --git a/test/data/manifests/rhel_85-aarch64-qcow2_customize-boot.json b/test/data/manifests/rhel_85-aarch64-qcow2_customize-boot.json index 7f6d3d586..aec55b216 100644 --- a/test/data/manifests/rhel_85-aarch64-qcow2_customize-boot.json +++ b/test/data/manifests/rhel_85-aarch64-qcow2_customize-boot.json @@ -12768,6 +12768,17 @@ } }, "default-target": "multi-user.target", + "dnf": { + "dnf.conf": { + "main": { + "best": "True", + "clean_requirements_on_remove": "True", + "gpgcheck": "1", + "installonly_limit": "3", + "skip_if_unavailable": "False" + } + } + }, "dracut": { "/usr/lib/dracut/dracut.conf.d": { "01-dist.conf": { @@ -13655,6 +13666,49 @@ "tuned.service", "unbound-anchor.timer" ], + "ssh_config": { + "/etc/ssh": { + "ssh_config": [ + "Include /etc/ssh/ssh_config.d/*.conf" + ] + }, + "/etc/ssh/ssh_config.d": { + "05-redhat.conf": [ + "Match final all", + "Include /etc/crypto-policies/back-ends/openssh.config", + "GSSAPIAuthentication yes", + "ForwardX11Trusted yes", + "SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "SendEnv XMODIFIERS" + ] + } + }, + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "HostKey /etc/ssh/ssh_host_rsa_key", + "HostKey /etc/ssh/ssh_host_ecdsa_key", + "HostKey /etc/ssh/ssh_host_ed25519_key", + "SyslogFacility AUTHPRIV", + "PermitRootLogin yes", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "PasswordAuthentication yes", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no", + "AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "AcceptEnv XMODIFIERS", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server" + ] + } + }, "sudoers": { "/etc/sudoers": [ "Defaults !visiblepw", diff --git a/test/data/manifests/rhel_85-aarch64-tar-boot.json b/test/data/manifests/rhel_85-aarch64-tar-boot.json index 86063b92d..be2175c9c 100644 --- a/test/data/manifests/rhel_85-aarch64-tar-boot.json +++ b/test/data/manifests/rhel_85-aarch64-tar-boot.json @@ -6960,6 +6960,30 @@ "selinux-autorelabel-mark.service", "sshd.service" ], + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "HostKey /etc/ssh/ssh_host_rsa_key", + "HostKey /etc/ssh/ssh_host_ecdsa_key", + "HostKey /etc/ssh/ssh_host_ed25519_key", + "SyslogFacility AUTHPRIV", + "PermitRootLogin yes", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "PasswordAuthentication yes", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no", + "AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "AcceptEnv XMODIFIERS", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server" + ] + } + }, "sysconfig": { "kernel": { "DEFAULTKERNEL": "kernel", diff --git a/test/data/manifests/rhel_85-ppc64le-qcow2-boot.json b/test/data/manifests/rhel_85-ppc64le-qcow2-boot.json index 3861b29fa..e35a6161f 100644 --- a/test/data/manifests/rhel_85-ppc64le-qcow2-boot.json +++ b/test/data/manifests/rhel_85-ppc64le-qcow2-boot.json @@ -11112,6 +11112,17 @@ } }, "default-target": "multi-user.target", + "dnf": { + "dnf.conf": { + "main": { + "best": "True", + "clean_requirements_on_remove": "True", + "gpgcheck": "1", + "installonly_limit": "3", + "skip_if_unavailable": "False" + } + } + }, "dracut": { "/usr/lib/dracut/dracut.conf.d": { "01-dist.conf": { @@ -11943,6 +11954,49 @@ "tuned.service", "unbound-anchor.timer" ], + "ssh_config": { + "/etc/ssh": { + "ssh_config": [ + "Include /etc/ssh/ssh_config.d/*.conf" + ] + }, + "/etc/ssh/ssh_config.d": { + "05-redhat.conf": [ + "Match final all", + "Include /etc/crypto-policies/back-ends/openssh.config", + "GSSAPIAuthentication yes", + "ForwardX11Trusted yes", + "SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "SendEnv XMODIFIERS" + ] + } + }, + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "HostKey /etc/ssh/ssh_host_rsa_key", + "HostKey /etc/ssh/ssh_host_ecdsa_key", + "HostKey /etc/ssh/ssh_host_ed25519_key", + "SyslogFacility AUTHPRIV", + "PermitRootLogin yes", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "PasswordAuthentication yes", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no", + "AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "AcceptEnv XMODIFIERS", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server" + ] + } + }, "sudoers": { "/etc/sudoers": [ "Defaults !visiblepw", diff --git a/test/data/manifests/rhel_85-ppc64le-qcow2_customize-boot.json b/test/data/manifests/rhel_85-ppc64le-qcow2_customize-boot.json index 46bc70b2b..3e4b646b2 100644 --- a/test/data/manifests/rhel_85-ppc64le-qcow2_customize-boot.json +++ b/test/data/manifests/rhel_85-ppc64le-qcow2_customize-boot.json @@ -13948,6 +13948,17 @@ } }, "default-target": "multi-user.target", + "dnf": { + "dnf.conf": { + "main": { + "best": "True", + "clean_requirements_on_remove": "True", + "gpgcheck": "1", + "installonly_limit": "3", + "skip_if_unavailable": "False" + } + } + }, "dracut": { "/usr/lib/dracut/dracut.conf.d": { "01-dist.conf": { @@ -14871,6 +14882,49 @@ "tuned.service", "unbound-anchor.timer" ], + "ssh_config": { + "/etc/ssh": { + "ssh_config": [ + "Include /etc/ssh/ssh_config.d/*.conf" + ] + }, + "/etc/ssh/ssh_config.d": { + "05-redhat.conf": [ + "Match final all", + "Include /etc/crypto-policies/back-ends/openssh.config", + "GSSAPIAuthentication yes", + "ForwardX11Trusted yes", + "SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "SendEnv XMODIFIERS" + ] + } + }, + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "HostKey /etc/ssh/ssh_host_rsa_key", + "HostKey /etc/ssh/ssh_host_ecdsa_key", + "HostKey /etc/ssh/ssh_host_ed25519_key", + "SyslogFacility AUTHPRIV", + "PermitRootLogin yes", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "PasswordAuthentication yes", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no", + "AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "AcceptEnv XMODIFIERS", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server" + ] + } + }, "sudoers": { "/etc/sudoers": [ "Defaults !visiblepw", diff --git a/test/data/manifests/rhel_85-ppc64le-tar-boot.json b/test/data/manifests/rhel_85-ppc64le-tar-boot.json index f7c480c5b..e0c1f9185 100644 --- a/test/data/manifests/rhel_85-ppc64le-tar-boot.json +++ b/test/data/manifests/rhel_85-ppc64le-tar-boot.json @@ -7343,6 +7343,30 @@ "selinux-autorelabel-mark.service", "sshd.service" ], + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "HostKey /etc/ssh/ssh_host_rsa_key", + "HostKey /etc/ssh/ssh_host_ecdsa_key", + "HostKey /etc/ssh/ssh_host_ed25519_key", + "SyslogFacility AUTHPRIV", + "PermitRootLogin yes", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "PasswordAuthentication yes", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no", + "AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "AcceptEnv XMODIFIERS", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server" + ] + } + }, "sysconfig": { "kernel": { "DEFAULTKERNEL": "kernel", diff --git a/test/data/manifests/rhel_85-s390x-qcow2-boot.json b/test/data/manifests/rhel_85-s390x-qcow2-boot.json index 825ffa791..cdb45291a 100644 --- a/test/data/manifests/rhel_85-s390x-qcow2-boot.json +++ b/test/data/manifests/rhel_85-s390x-qcow2-boot.json @@ -11817,6 +11817,17 @@ } }, "default-target": "multi-user.target", + "dnf": { + "dnf.conf": { + "main": { + "best": "True", + "clean_requirements_on_remove": "True", + "gpgcheck": "1", + "installonly_limit": "3", + "skip_if_unavailable": "False" + } + } + }, "dracut": { "/usr/lib/dracut/dracut.conf.d": { "01-dist.conf": { @@ -12619,6 +12630,49 @@ "tuned.service", "unbound-anchor.timer" ], + "ssh_config": { + "/etc/ssh": { + "ssh_config": [ + "Include /etc/ssh/ssh_config.d/*.conf" + ] + }, + "/etc/ssh/ssh_config.d": { + "05-redhat.conf": [ + "Match final all", + "Include /etc/crypto-policies/back-ends/openssh.config", + "GSSAPIAuthentication yes", + "ForwardX11Trusted yes", + "SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "SendEnv XMODIFIERS" + ] + } + }, + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "HostKey /etc/ssh/ssh_host_rsa_key", + "HostKey /etc/ssh/ssh_host_ecdsa_key", + "HostKey /etc/ssh/ssh_host_ed25519_key", + "SyslogFacility AUTHPRIV", + "PermitRootLogin yes", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "PasswordAuthentication yes", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no", + "AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "AcceptEnv XMODIFIERS", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server" + ] + } + }, "sudoers": { "/etc/sudoers": [ "Defaults !visiblepw", diff --git a/test/data/manifests/rhel_85-s390x-qcow2_customize-boot.json b/test/data/manifests/rhel_85-s390x-qcow2_customize-boot.json index 06f35bcb7..0b3fd2742 100644 --- a/test/data/manifests/rhel_85-s390x-qcow2_customize-boot.json +++ b/test/data/manifests/rhel_85-s390x-qcow2_customize-boot.json @@ -14111,6 +14111,17 @@ } }, "default-target": "multi-user.target", + "dnf": { + "dnf.conf": { + "main": { + "best": "True", + "clean_requirements_on_remove": "True", + "gpgcheck": "1", + "installonly_limit": "3", + "skip_if_unavailable": "False" + } + } + }, "dracut": { "/usr/lib/dracut/dracut.conf.d": { "01-dist.conf": { @@ -15005,6 +15016,49 @@ "tuned.service", "unbound-anchor.timer" ], + "ssh_config": { + "/etc/ssh": { + "ssh_config": [ + "Include /etc/ssh/ssh_config.d/*.conf" + ] + }, + "/etc/ssh/ssh_config.d": { + "05-redhat.conf": [ + "Match final all", + "Include /etc/crypto-policies/back-ends/openssh.config", + "GSSAPIAuthentication yes", + "ForwardX11Trusted yes", + "SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "SendEnv XMODIFIERS" + ] + } + }, + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "HostKey /etc/ssh/ssh_host_rsa_key", + "HostKey /etc/ssh/ssh_host_ecdsa_key", + "HostKey /etc/ssh/ssh_host_ed25519_key", + "SyslogFacility AUTHPRIV", + "PermitRootLogin yes", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "PasswordAuthentication yes", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no", + "AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "AcceptEnv XMODIFIERS", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server" + ] + } + }, "sudoers": { "/etc/sudoers": [ "Defaults !visiblepw", diff --git a/test/data/manifests/rhel_85-s390x-tar-boot.json b/test/data/manifests/rhel_85-s390x-tar-boot.json index 53cacf38d..749d0f0ad 100644 --- a/test/data/manifests/rhel_85-s390x-tar-boot.json +++ b/test/data/manifests/rhel_85-s390x-tar-boot.json @@ -8478,7 +8478,7 @@ "id": "rhel-20210322163432-4.18.0-299.1.el8.s390x", "initrd": "/boot/initramfs-4.18.0-299.1.el8.s390x.img", "linux": "/boot/vmlinuz-4.18.0-299.1.el8.s390x", - "options": "root=UUID=c15851aa-1615-4898-8051-fff0e8518320 rootflags=subvol=root", + "options": "root=UUID=b9867d4e-38c1-4bed-a75d-57debfed3565 rootflags=subvol=root", "title": "Red Hat Enterprise Linux (4.18.0-299.1.el8.s390x) 8.5 (Ootpa)", "version": "4.18.0-299.1.el8.s390x" } @@ -8876,6 +8876,30 @@ "selinux-autorelabel-mark.service", "sshd.service" ], + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "HostKey /etc/ssh/ssh_host_rsa_key", + "HostKey /etc/ssh/ssh_host_ecdsa_key", + "HostKey /etc/ssh/ssh_host_ed25519_key", + "SyslogFacility AUTHPRIV", + "PermitRootLogin yes", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "PasswordAuthentication yes", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no", + "AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "AcceptEnv XMODIFIERS", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server" + ] + } + }, "sysconfig": { "kernel": { "DEFAULTKERNEL": "kernel", diff --git a/test/data/manifests/rhel_85-x86_64-ami-boot.json b/test/data/manifests/rhel_85-x86_64-ami-boot.json index accae8d37..878c63210 100644 --- a/test/data/manifests/rhel_85-x86_64-ami-boot.json +++ b/test/data/manifests/rhel_85-x86_64-ami-boot.json @@ -9807,6 +9807,17 @@ } }, "default-target": "multi-user.target", + "dnf": { + "dnf.conf": { + "main": { + "best": "True", + "clean_requirements_on_remove": "True", + "gpgcheck": "1", + "installonly_limit": "3", + "skip_if_unavailable": "False" + } + } + }, "dracut": { "/usr/lib/dracut/dracut.conf.d": { "01-dist.conf": { @@ -10547,6 +10558,49 @@ "tuned.service", "unbound-anchor.timer" ], + "ssh_config": { + "/etc/ssh": { + "ssh_config": [ + "Include /etc/ssh/ssh_config.d/*.conf" + ] + }, + "/etc/ssh/ssh_config.d": { + "05-redhat.conf": [ + "Match final all", + "Include /etc/crypto-policies/back-ends/openssh.config", + "GSSAPIAuthentication yes", + "ForwardX11Trusted yes", + "SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "SendEnv XMODIFIERS" + ] + } + }, + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "HostKey /etc/ssh/ssh_host_rsa_key", + "HostKey /etc/ssh/ssh_host_ecdsa_key", + "HostKey /etc/ssh/ssh_host_ed25519_key", + "SyslogFacility AUTHPRIV", + "PermitRootLogin yes", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "PasswordAuthentication no", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no", + "AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "AcceptEnv XMODIFIERS", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server" + ] + } + }, "sudoers": { "/etc/sudoers": [ "Defaults !visiblepw", diff --git a/test/data/manifests/rhel_85-x86_64-ec2-boot.json b/test/data/manifests/rhel_85-x86_64-ec2-boot.json index 92f78858c..2b6df2e16 100644 --- a/test/data/manifests/rhel_85-x86_64-ec2-boot.json +++ b/test/data/manifests/rhel_85-x86_64-ec2-boot.json @@ -9857,6 +9857,17 @@ } }, "default-target": "multi-user.target", + "dnf": { + "dnf.conf": { + "main": { + "best": "True", + "clean_requirements_on_remove": "True", + "gpgcheck": "1", + "installonly_limit": "3", + "skip_if_unavailable": "False" + } + } + }, "dracut": { "/usr/lib/dracut/dracut.conf.d": { "01-dist.conf": { @@ -10602,6 +10613,49 @@ "tuned.service", "unbound-anchor.timer" ], + "ssh_config": { + "/etc/ssh": { + "ssh_config": [ + "Include /etc/ssh/ssh_config.d/*.conf" + ] + }, + "/etc/ssh/ssh_config.d": { + "05-redhat.conf": [ + "Match final all", + "Include /etc/crypto-policies/back-ends/openssh.config", + "GSSAPIAuthentication yes", + "ForwardX11Trusted yes", + "SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "SendEnv XMODIFIERS" + ] + } + }, + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "HostKey /etc/ssh/ssh_host_rsa_key", + "HostKey /etc/ssh/ssh_host_ecdsa_key", + "HostKey /etc/ssh/ssh_host_ed25519_key", + "SyslogFacility AUTHPRIV", + "PermitRootLogin yes", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "PasswordAuthentication no", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no", + "AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "AcceptEnv XMODIFIERS", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server" + ] + } + }, "sudoers": { "/etc/sudoers": [ "Defaults !visiblepw", @@ -10831,6 +10885,124 @@ "r! /tmp/.X[0-9]*-lock" ] } + }, + "yum_repos": { + "/etc/yum.repos.d": { + "redhat-rhui-beta.repo": { + "rhel-8-appstream-beta-rhui-debug-rpms": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta", + "mirrorlist": "https://rhui3.REGION.aws.ce.redhat.com/pulp/mirror/content/beta/rhel8/rhui/8/$basearch/appstream/debug", + "name": "Red Hat Enterprise Linux 8 for $basearch - AppStream Beta from RHUI (Debug RPMs)", + "sslcacert": "/etc/pki/rhui/cdn.redhat.com-chain.crt", + "sslclientcert": "/etc/pki/rhui/product/content-rhel8.crt", + "sslclientkey": "/etc/pki/rhui/content-rhel8.key", + "sslverify": "1" + }, + "rhel-8-appstream-beta-rhui-rpms": { + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta", + "mirrorlist": "https://rhui3.REGION.aws.ce.redhat.com/pulp/mirror/content/beta/rhel8/rhui/8/$basearch/appstream/os", + "name": "Red Hat Enterprise Linux 8 for $basearch - AppStream Beta from RHUI (RPMs)", + "sslcacert": "/etc/pki/rhui/cdn.redhat.com-chain.crt", + "sslclientcert": "/etc/pki/rhui/product/content-rhel8.crt", + "sslclientkey": "/etc/pki/rhui/content-rhel8.key", + "sslverify": "1" + }, + "rhel-8-appstream-beta-rhui-source-rpms": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta", + "mirrorlist": "https://rhui3.REGION.aws.ce.redhat.com/pulp/mirror/content/beta/rhel8/rhui/8/$basearch/appstream/source/SRPMS", + "name": "Red Hat Enterprise Linux 8 for $basearch - AppStream Beta from RHUI (Source RPMs)", + "sslcacert": "/etc/pki/rhui/cdn.redhat.com-chain.crt", + "sslclientcert": "/etc/pki/rhui/product/content-rhel8.crt", + "sslclientkey": "/etc/pki/rhui/content-rhel8.key", + "sslverify": "1" + }, + "rhel-8-baseos-beta-rhui-debug-rpms": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta", + "mirrorlist": "https://rhui3.REGION.aws.ce.redhat.com/pulp/mirror/content/beta/rhel8/rhui/8/$basearch/baseos/debug", + "name": "Red Hat Enterprise Linux 8 for $basearch - BaseOS Beta from RHUI (Debug RPMs)", + "sslcacert": "/etc/pki/rhui/cdn.redhat.com-chain.crt", + "sslclientcert": "/etc/pki/rhui/product/content-rhel8.crt", + "sslclientkey": "/etc/pki/rhui/content-rhel8.key", + "sslverify": "1" + }, + "rhel-8-baseos-beta-rhui-rpms": { + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta", + "mirrorlist": "https://rhui3.REGION.aws.ce.redhat.com/pulp/mirror/content/beta/rhel8/rhui/8/$basearch/baseos/os", + "name": "Red Hat Enterprise Linux 8 for $basearch - BaseOS Beta from RHUI (RPMs)", + "sslcacert": "/etc/pki/rhui/cdn.redhat.com-chain.crt", + "sslclientcert": "/etc/pki/rhui/product/content-rhel8.crt", + "sslclientkey": "/etc/pki/rhui/content-rhel8.key", + "sslverify": "1" + }, + "rhel-8-baseos-beta-rhui-source-rpms": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta", + "mirrorlist": "https://rhui3.REGION.aws.ce.redhat.com/pulp/mirror/content/beta/rhel8/rhui/8/$basearch/baseos/source/SRPMS", + "name": "Red Hat Enterprise Linux 8 for $basearch - BaseOS Beta from RHUI (Source RPMs)", + "sslcacert": "/etc/pki/rhui/cdn.redhat.com-chain.crt", + "sslclientcert": "/etc/pki/rhui/product/content-rhel8.crt", + "sslclientkey": "/etc/pki/rhui/content-rhel8.key", + "sslverify": "1" + }, + "rhel-8-supplementary-beta-debug-rhui-rpms": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta", + "mirrorlist": "https://rhui3.REGION.aws.ce.redhat.com/pulp/mirror//content/beta/rhel8/rhui/8/$basearch/supplementary/debug", + "name": "Red Hat Enterprise Linux 8 for $basearch - Supplementary Beta from RHUI (Debug RPMs)", + "sslcacert": "/etc/pki/rhui/cdn.redhat.com-chain.crt", + "sslclientcert": "/etc/pki/rhui/product/content-rhel8.crt", + "sslclientkey": "/etc/pki/rhui/content-rhel8.key", + "sslverify": "1" + }, + "rhel-8-supplementary-beta-rhui-rpms": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta", + "mirrorlist": "https://rhui3.REGION.aws.ce.redhat.com/pulp/mirror//content/beta/rhel8/rhui/8/$basearch/supplementary/os", + "name": "Red Hat Enterprise Linux 8 for $basearch - Supplementary Beta from RHUI (RPMs)", + "sslcacert": "/etc/pki/rhui/cdn.redhat.com-chain.crt", + "sslclientcert": "/etc/pki/rhui/product/content-rhel8.crt", + "sslclientkey": "/etc/pki/rhui/content-rhel8.key", + "sslverify": "1" + }, + "rhel-8-supplementary-beta-source-rhui-rpms": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta", + "mirrorlist": "https://rhui3.REGION.aws.ce.redhat.com/pulp/mirror//content/beta/rhel8/rhui/8/$basearch/supplementary/source/SRPMS", + "name": "Red Hat Enterprise Linux 8 for $basearch - Supplementary Beta from RHUI (Source RPMs)", + "sslcacert": "/etc/pki/rhui/cdn.redhat.com-chain.crt", + "sslclientcert": "/etc/pki/rhui/product/content-rhel8.crt", + "sslclientkey": "/etc/pki/rhui/content-rhel8.key", + "sslverify": "1" + } + }, + "redhat-rhui-client-config.repo": { + "rhui-client-config-server-8": { + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release", + "mirrorlist": "https://rhui3.REGION.aws.ce.redhat.com/pulp/mirror/protected/rhui-client-config/rhel/server/8/$basearch/os", + "name": "Red Hat Update Infrastructure 3 Client Configuration Server 8", + "sslcacert": "/etc/pki/rhui/cdn.redhat.com-chain.crt", + "sslclientcert": "/etc/pki/rhui/product/rhui-client-config-server-8.crt", + "sslclientkey": "/etc/pki/rhui/rhui-client-config-server-8.key", + "sslverify": "1" + } + } + } } } } diff --git a/test/data/manifests/rhel_85-x86_64-ec2_ha-boot.json b/test/data/manifests/rhel_85-x86_64-ec2_ha-boot.json index 887c0f847..4f614a525 100644 --- a/test/data/manifests/rhel_85-x86_64-ec2_ha-boot.json +++ b/test/data/manifests/rhel_85-x86_64-ec2_ha-boot.json @@ -12117,6 +12117,17 @@ } }, "default-target": "multi-user.target", + "dnf": { + "dnf.conf": { + "main": { + "best": "True", + "clean_requirements_on_remove": "True", + "gpgcheck": "1", + "installonly_limit": "3", + "skip_if_unavailable": "False" + } + } + }, "dracut": { "/usr/lib/dracut/dracut.conf.d": { "01-dist.conf": { @@ -13066,6 +13077,49 @@ "tuned.service", "unbound-anchor.timer" ], + "ssh_config": { + "/etc/ssh": { + "ssh_config": [ + "Include /etc/ssh/ssh_config.d/*.conf" + ] + }, + "/etc/ssh/ssh_config.d": { + "05-redhat.conf": [ + "Match final all", + "Include /etc/crypto-policies/back-ends/openssh.config", + "GSSAPIAuthentication yes", + "ForwardX11Trusted yes", + "SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "SendEnv XMODIFIERS" + ] + } + }, + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "HostKey /etc/ssh/ssh_host_rsa_key", + "HostKey /etc/ssh/ssh_host_ecdsa_key", + "HostKey /etc/ssh/ssh_host_ed25519_key", + "SyslogFacility AUTHPRIV", + "PermitRootLogin yes", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "PasswordAuthentication no", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no", + "AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "AcceptEnv XMODIFIERS", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server" + ] + } + }, "sudoers": { "/etc/sudoers": [ "Defaults !visiblepw", @@ -13308,6 +13362,190 @@ "r! /tmp/.X[0-9]*-lock" ] } + }, + "yum_repos": { + "/etc/yum.repos.d": { + "redhat-rhui-client-config-ha.repo": { + "rhui-client-config-server-8-ha": { + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release", + "mirrorlist": "https://rhui3.REGION.aws.ce.redhat.com/pulp/mirror/protected/rhui-client-config/rhel/server/8/$basearch/ha", + "name": "Red Hat Update Infrastructure 3 Client Configuration Server 8 HA", + "sslcacert": "/etc/pki/rhui/cdn.redhat.com-chain.crt", + "sslclientcert": "/etc/pki/rhui/product/rhui-client-config-server-8-ha.crt", + "sslclientkey": "/etc/pki/rhui/rhui-client-config-server-8-ha.key", + "sslverify": "1" + } + }, + "redhat-rhui-ha.repo": { + "codeready-builder-for-rhel-8-rhui-debug-rpms": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release", + "mirrorlist": "https://rhui3.REGION.aws.ce.redhat.com/pulp/mirror/content/dist/rhel8/rhui/$releasever/$basearch/codeready-builder/debug", + "name": "Red Hat CodeReady Linux Builder for RHEL 8 $basearch (Debug RPMs) from RHUI", + "sslcacert": "/etc/pki/rhui/cdn.redhat.com-chain.crt", + "sslclientcert": "/etc/pki/rhui/product/content-rhel8-ha.crt", + "sslclientkey": "/etc/pki/rhui/content-rhel8-ha.key", + "sslverify": "1" + }, + "codeready-builder-for-rhel-8-rhui-rpms": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release", + "mirrorlist": "https://rhui3.REGION.aws.ce.redhat.com/pulp/mirror/content/dist/rhel8/rhui/$releasever/$basearch/codeready-builder/os", + "name": "Red Hat CodeReady Linux Builder for RHEL 8 $basearch (RPMs) from RHUI", + "sslcacert": "/etc/pki/rhui/cdn.redhat.com-chain.crt", + "sslclientcert": "/etc/pki/rhui/product/content-rhel8-ha.crt", + "sslclientkey": "/etc/pki/rhui/content-rhel8-ha.key", + "sslverify": "1" + }, + "codeready-builder-for-rhel-8-rhui-source-rpms": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release", + "mirrorlist": "https://rhui3.REGION.aws.ce.redhat.com/pulp/mirror/content/dist/rhel8/rhui/$releasever/$basearch/codeready-builder/source/SRPMS", + "name": "Red Hat CodeReady Linux Builder for RHEL 8 $basearch (Source RPMs) from RHUI", + "sslcacert": "/etc/pki/rhui/cdn.redhat.com-chain.crt", + "sslclientcert": "/etc/pki/rhui/product/content-rhel8-ha.crt", + "sslclientkey": "/etc/pki/rhui/content-rhel8-ha.key", + "sslverify": "1" + }, + "rhel-8-appstream-rhui-debug-rpms": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release", + "mirrorlist": "https://rhui3.REGION.aws.ce.redhat.com/pulp/mirror/content/dist/rhel8/rhui/$releasever/$basearch/appstream/debug", + "name": "Red Hat Enterprise Linux 8 for $basearch - AppStream from RHUI (Debug RPMs)", + "sslcacert": "/etc/pki/rhui/cdn.redhat.com-chain.crt", + "sslclientcert": "/etc/pki/rhui/product/content-rhel8-ha.crt", + "sslclientkey": "/etc/pki/rhui/content-rhel8-ha.key", + "sslverify": "1" + }, + "rhel-8-appstream-rhui-rpms": { + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release", + "mirrorlist": "https://rhui3.REGION.aws.ce.redhat.com/pulp/mirror/content/dist/rhel8/rhui/$releasever/$basearch/appstream/os", + "name": "Red Hat Enterprise Linux 8 for $basearch - AppStream from RHUI (RPMs)", + "sslcacert": "/etc/pki/rhui/cdn.redhat.com-chain.crt", + "sslclientcert": "/etc/pki/rhui/product/content-rhel8-ha.crt", + "sslclientkey": "/etc/pki/rhui/content-rhel8-ha.key", + "sslverify": "1" + }, + "rhel-8-appstream-rhui-source-rpms": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release", + "mirrorlist": "https://rhui3.REGION.aws.ce.redhat.com/pulp/mirror/content/dist/rhel8/rhui/$releasever/$basearch/appstream/source/SRPMS", + "name": "Red Hat Enterprise Linux 8 for $basearch - AppStream from RHUI (Source RPMs)", + "sslcacert": "/etc/pki/rhui/cdn.redhat.com-chain.crt", + "sslclientcert": "/etc/pki/rhui/product/content-rhel8-ha.crt", + "sslclientkey": "/etc/pki/rhui/content-rhel8-ha.key", + "sslverify": "1" + }, + "rhel-8-baseos-rhui-debug-rpms": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release", + "mirrorlist": "https://rhui3.REGION.aws.ce.redhat.com/pulp/mirror/content/dist/rhel8/rhui/$releasever/$basearch/baseos/debug", + "name": "Red Hat Enterprise Linux 8 for $basearch - BaseOS from RHUI (Debug RPMs)", + "sslcacert": "/etc/pki/rhui/cdn.redhat.com-chain.crt", + "sslclientcert": "/etc/pki/rhui/product/content-rhel8-ha.crt", + "sslclientkey": "/etc/pki/rhui/content-rhel8-ha.key", + "sslverify": "1" + }, + "rhel-8-baseos-rhui-rpms": { + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release", + "mirrorlist": "https://rhui3.REGION.aws.ce.redhat.com/pulp/mirror/content/dist/rhel8/rhui/$releasever/$basearch/baseos/os", + "name": "Red Hat Enterprise Linux 8 for $basearch - BaseOS from RHUI (RPMs)", + "sslcacert": "/etc/pki/rhui/cdn.redhat.com-chain.crt", + "sslclientcert": "/etc/pki/rhui/product/content-rhel8-ha.crt", + "sslclientkey": "/etc/pki/rhui/content-rhel8-ha.key", + "sslverify": "1" + }, + "rhel-8-baseos-rhui-source-rpms": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release", + "mirrorlist": "https://rhui3.REGION.aws.ce.redhat.com/pulp/mirror/content/dist/rhel8/rhui/$releasever/$basearch/baseos/source/SRPMS", + "name": "Red Hat Enterprise Linux 8 for $basearch - BaseOS from RHUI (Source RPMs)", + "sslcacert": "/etc/pki/rhui/cdn.redhat.com-chain.crt", + "sslclientcert": "/etc/pki/rhui/product/content-rhel8-ha.crt", + "sslclientkey": "/etc/pki/rhui/content-rhel8-ha.key", + "sslverify": "1" + }, + "rhel-8-supplementary-rhui-debug-rpms": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release", + "mirrorlist": "https://rhui3.REGION.aws.ce.redhat.com/pulp/mirror/content/dist/rhel8/rhui/$releasever/$basearch/supplementary/debug", + "name": "Red Hat Enterprise Linux 8 - Supplementary (Debug RPMs) from RHUI", + "sslcacert": "/etc/pki/rhui/cdn.redhat.com-chain.crt", + "sslclientcert": "/etc/pki/rhui/product/content-rhel8-ha.crt", + "sslclientkey": "/etc/pki/rhui/content-rhel8-ha.key", + "sslverify": "1" + }, + "rhel-8-supplementary-rhui-rpms": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release", + "mirrorlist": "https://rhui3.REGION.aws.ce.redhat.com/pulp/mirror/content/dist/rhel8/rhui/$releasever/$basearch/supplementary/os", + "name": "Red Hat Enterprise Linux 8 - Supplementary (RPMs) from RHUI", + "sslcacert": "/etc/pki/rhui/cdn.redhat.com-chain.crt", + "sslclientcert": "/etc/pki/rhui/product/content-rhel8-ha.crt", + "sslclientkey": "/etc/pki/rhui/content-rhel8-ha.key", + "sslverify": "1" + }, + "rhel-8-supplementary-rhui-source-rpms": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release", + "mirrorlist": "https://rhui3.REGION.aws.ce.redhat.com/pulp/mirror/content/dist/rhel8/rhui/$releasever/$basearch/supplementary/source/SRPMS", + "name": "Red Hat Enterprise Linux 8 - Supplementary (Source RPMs) from RHUI", + "sslcacert": "/etc/pki/rhui/cdn.redhat.com-chain.crt", + "sslclientcert": "/etc/pki/rhui/product/content-rhel8-ha.crt", + "sslclientkey": "/etc/pki/rhui/content-rhel8-ha.key", + "sslverify": "1" + }, + "rhui-rhel-8-for-x86_64-highavailability-debug-rhui-rpms": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release", + "mirrorlist": "https://rhui3.REGION.aws.ce.redhat.com/pulp/mirror/content/dist/rhel8/rhui/$releasever/x86_64/highavailability/debug", + "name": "Red Hat Enterprise Linux 8 for x86_64 - High Availability (Debug RPMs) from RHUI", + "sslcacert": "/etc/pki/rhui/cdn.redhat.com-chain.crt", + "sslclientcert": "/etc/pki/rhui/product/content-rhel8-ha.crt", + "sslclientkey": "/etc/pki/rhui/content-rhel8-ha.key", + "sslverify": "1" + }, + "rhui-rhel-8-for-x86_64-highavailability-rhui-rpms": { + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release", + "mirrorlist": "https://rhui3.REGION.aws.ce.redhat.com/pulp/mirror/content/dist/rhel8/rhui/$releasever/x86_64/highavailability/os", + "name": "Red Hat Enterprise Linux 8 for x86_64 - High Availability (RPMs) from RHUI", + "sslcacert": "/etc/pki/rhui/cdn.redhat.com-chain.crt", + "sslclientcert": "/etc/pki/rhui/product/content-rhel8-ha.crt", + "sslclientkey": "/etc/pki/rhui/content-rhel8-ha.key", + "sslverify": "1" + }, + "rhui-rhel-8-for-x86_64-highavailability-source-rhui-rpms": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release", + "mirrorlist": "https://rhui3.REGION.aws.ce.redhat.com/pulp/mirror/content/dist/rhel8/rhui/$releasever/x86_64/highavailability/source/SRPMS", + "name": "Red Hat Enterprise Linux 8 for x86_64 - High Availability (Source RPMs) from RHUI", + "sslcacert": "/etc/pki/rhui/cdn.redhat.com-chain.crt", + "sslclientcert": "/etc/pki/rhui/product/content-rhel8-ha.crt", + "sslclientkey": "/etc/pki/rhui/content-rhel8-ha.key", + "sslverify": "1" + } + } + } } } } diff --git a/test/data/manifests/rhel_85-x86_64-edge_commit-boot.json b/test/data/manifests/rhel_85-x86_64-edge_commit-boot.json index 04bb18174..35c65020b 100644 --- a/test/data/manifests/rhel_85-x86_64-edge_commit-boot.json +++ b/test/data/manifests/rhel_85-x86_64-edge_commit-boot.json @@ -10125,6 +10125,49 @@ "timedatex.service", "udisks2.service" ], + "ssh_config": { + "/etc/ssh": { + "ssh_config": [ + "Include /etc/ssh/ssh_config.d/*.conf" + ] + }, + "/etc/ssh/ssh_config.d": { + "05-redhat.conf": [ + "Match final all", + "Include /etc/crypto-policies/back-ends/openssh.config", + "GSSAPIAuthentication yes", + "ForwardX11Trusted yes", + "SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "SendEnv XMODIFIERS" + ] + } + }, + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "HostKey /etc/ssh/ssh_host_rsa_key", + "HostKey /etc/ssh/ssh_host_ecdsa_key", + "HostKey /etc/ssh/ssh_host_ed25519_key", + "SyslogFacility AUTHPRIV", + "PermitRootLogin yes", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "PasswordAuthentication yes", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no", + "AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "AcceptEnv XMODIFIERS", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server" + ] + } + }, "sudoers": { "/etc/sudoers": [ "Defaults !visiblepw", diff --git a/test/data/manifests/rhel_85-x86_64-edge_commit_rt-boot.json b/test/data/manifests/rhel_85-x86_64-edge_commit_rt-boot.json index 2bc531c85..9b06077b6 100644 --- a/test/data/manifests/rhel_85-x86_64-edge_commit_rt-boot.json +++ b/test/data/manifests/rhel_85-x86_64-edge_commit_rt-boot.json @@ -10856,6 +10856,49 @@ "tuned.service", "udisks2.service" ], + "ssh_config": { + "/etc/ssh": { + "ssh_config": [ + "Include /etc/ssh/ssh_config.d/*.conf" + ] + }, + "/etc/ssh/ssh_config.d": { + "05-redhat.conf": [ + "Match final all", + "Include /etc/crypto-policies/back-ends/openssh.config", + "GSSAPIAuthentication yes", + "ForwardX11Trusted yes", + "SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "SendEnv XMODIFIERS" + ] + } + }, + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "HostKey /etc/ssh/ssh_host_rsa_key", + "HostKey /etc/ssh/ssh_host_ecdsa_key", + "HostKey /etc/ssh/ssh_host_ed25519_key", + "SyslogFacility AUTHPRIV", + "PermitRootLogin yes", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "PasswordAuthentication yes", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no", + "AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "AcceptEnv XMODIFIERS", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server" + ] + } + }, "sudoers": { "/etc/sudoers": [ "Defaults !visiblepw", diff --git a/test/data/manifests/rhel_85-x86_64-openstack-boot.json b/test/data/manifests/rhel_85-x86_64-openstack-boot.json index 8484b88e5..cc3d9277c 100644 --- a/test/data/manifests/rhel_85-x86_64-openstack-boot.json +++ b/test/data/manifests/rhel_85-x86_64-openstack-boot.json @@ -10557,6 +10557,17 @@ } }, "default-target": "graphical.target", + "dnf": { + "dnf.conf": { + "main": { + "best": "True", + "clean_requirements_on_remove": "True", + "gpgcheck": "1", + "installonly_limit": "3", + "skip_if_unavailable": "False" + } + } + }, "dracut": { "/usr/lib/dracut/dracut.conf.d": { "01-dist.conf": { @@ -11367,6 +11378,49 @@ "udisks2.service", "unbound-anchor.timer" ], + "ssh_config": { + "/etc/ssh": { + "ssh_config": [ + "Include /etc/ssh/ssh_config.d/*.conf" + ] + }, + "/etc/ssh/ssh_config.d": { + "05-redhat.conf": [ + "Match final all", + "Include /etc/crypto-policies/back-ends/openssh.config", + "GSSAPIAuthentication yes", + "ForwardX11Trusted yes", + "SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "SendEnv XMODIFIERS" + ] + } + }, + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "HostKey /etc/ssh/ssh_host_rsa_key", + "HostKey /etc/ssh/ssh_host_ecdsa_key", + "HostKey /etc/ssh/ssh_host_ed25519_key", + "SyslogFacility AUTHPRIV", + "PermitRootLogin yes", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "PasswordAuthentication yes", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no", + "AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "AcceptEnv XMODIFIERS", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server" + ] + } + }, "sudoers": { "/etc/sudoers": [ "Defaults !visiblepw", diff --git a/test/data/manifests/rhel_85-x86_64-qcow2-boot.json b/test/data/manifests/rhel_85-x86_64-qcow2-boot.json index 427a40c30..45d87e501 100644 --- a/test/data/manifests/rhel_85-x86_64-qcow2-boot.json +++ b/test/data/manifests/rhel_85-x86_64-qcow2-boot.json @@ -10533,6 +10533,17 @@ } }, "default-target": "multi-user.target", + "dnf": { + "dnf.conf": { + "main": { + "best": "True", + "clean_requirements_on_remove": "True", + "gpgcheck": "1", + "installonly_limit": "3", + "skip_if_unavailable": "False" + } + } + }, "dracut": { "/usr/lib/dracut/dracut.conf.d": { "01-dist.conf": { @@ -11352,6 +11363,49 @@ "tuned.service", "unbound-anchor.timer" ], + "ssh_config": { + "/etc/ssh": { + "ssh_config": [ + "Include /etc/ssh/ssh_config.d/*.conf" + ] + }, + "/etc/ssh/ssh_config.d": { + "05-redhat.conf": [ + "Match final all", + "Include /etc/crypto-policies/back-ends/openssh.config", + "GSSAPIAuthentication yes", + "ForwardX11Trusted yes", + "SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "SendEnv XMODIFIERS" + ] + } + }, + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "HostKey /etc/ssh/ssh_host_rsa_key", + "HostKey /etc/ssh/ssh_host_ecdsa_key", + "HostKey /etc/ssh/ssh_host_ed25519_key", + "SyslogFacility AUTHPRIV", + "PermitRootLogin yes", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "PasswordAuthentication yes", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no", + "AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "AcceptEnv XMODIFIERS", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server" + ] + } + }, "sudoers": { "/etc/sudoers": [ "Defaults !visiblepw", diff --git a/test/data/manifests/rhel_85-x86_64-qcow2_customize-boot.json b/test/data/manifests/rhel_85-x86_64-qcow2_customize-boot.json index 7e42c39d9..ba4198859 100644 --- a/test/data/manifests/rhel_85-x86_64-qcow2_customize-boot.json +++ b/test/data/manifests/rhel_85-x86_64-qcow2_customize-boot.json @@ -12979,6 +12979,17 @@ } }, "default-target": "multi-user.target", + "dnf": { + "dnf.conf": { + "main": { + "best": "True", + "clean_requirements_on_remove": "True", + "gpgcheck": "1", + "installonly_limit": "3", + "skip_if_unavailable": "False" + } + } + }, "dracut": { "/usr/lib/dracut/dracut.conf.d": { "01-dist.conf": { @@ -13892,6 +13903,49 @@ "tuned.service", "unbound-anchor.timer" ], + "ssh_config": { + "/etc/ssh": { + "ssh_config": [ + "Include /etc/ssh/ssh_config.d/*.conf" + ] + }, + "/etc/ssh/ssh_config.d": { + "05-redhat.conf": [ + "Match final all", + "Include /etc/crypto-policies/back-ends/openssh.config", + "GSSAPIAuthentication yes", + "ForwardX11Trusted yes", + "SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "SendEnv XMODIFIERS" + ] + } + }, + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "HostKey /etc/ssh/ssh_host_rsa_key", + "HostKey /etc/ssh/ssh_host_ecdsa_key", + "HostKey /etc/ssh/ssh_host_ed25519_key", + "SyslogFacility AUTHPRIV", + "PermitRootLogin yes", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "PasswordAuthentication yes", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no", + "AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "AcceptEnv XMODIFIERS", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server" + ] + } + }, "sudoers": { "/etc/sudoers": [ "Defaults !visiblepw", diff --git a/test/data/manifests/rhel_85-x86_64-tar-boot.json b/test/data/manifests/rhel_85-x86_64-tar-boot.json index 0c58fc4c2..3dc93fd98 100644 --- a/test/data/manifests/rhel_85-x86_64-tar-boot.json +++ b/test/data/manifests/rhel_85-x86_64-tar-boot.json @@ -7064,6 +7064,30 @@ "selinux-autorelabel-mark.service", "sshd.service" ], + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "HostKey /etc/ssh/ssh_host_rsa_key", + "HostKey /etc/ssh/ssh_host_ecdsa_key", + "HostKey /etc/ssh/ssh_host_ed25519_key", + "SyslogFacility AUTHPRIV", + "PermitRootLogin yes", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "PasswordAuthentication yes", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no", + "AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "AcceptEnv XMODIFIERS", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server" + ] + } + }, "sysconfig": { "kernel": { "DEFAULTKERNEL": "kernel", diff --git a/test/data/manifests/rhel_85-x86_64-vhd-boot.json b/test/data/manifests/rhel_85-x86_64-vhd-boot.json index 15d32e072..d66484694 100644 --- a/test/data/manifests/rhel_85-x86_64-vhd-boot.json +++ b/test/data/manifests/rhel_85-x86_64-vhd-boot.json @@ -10614,6 +10614,17 @@ } }, "default-target": "multi-user.target", + "dnf": { + "dnf.conf": { + "main": { + "best": "True", + "clean_requirements_on_remove": "True", + "gpgcheck": "1", + "installonly_limit": "3", + "skip_if_unavailable": "False" + } + } + }, "dracut": { "/usr/lib/dracut/dracut.conf.d": { "01-dist.conf": { @@ -11435,6 +11446,49 @@ "unbound-anchor.timer", "waagent.service" ], + "ssh_config": { + "/etc/ssh": { + "ssh_config": [ + "Include /etc/ssh/ssh_config.d/*.conf" + ] + }, + "/etc/ssh/ssh_config.d": { + "05-redhat.conf": [ + "Match final all", + "Include /etc/crypto-policies/back-ends/openssh.config", + "GSSAPIAuthentication yes", + "ForwardX11Trusted yes", + "SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "SendEnv XMODIFIERS" + ] + } + }, + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "HostKey /etc/ssh/ssh_host_rsa_key", + "HostKey /etc/ssh/ssh_host_ecdsa_key", + "HostKey /etc/ssh/ssh_host_ed25519_key", + "SyslogFacility AUTHPRIV", + "PermitRootLogin yes", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "PasswordAuthentication yes", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no", + "AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "AcceptEnv XMODIFIERS", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server" + ] + } + }, "sudoers": { "/etc/sudoers": [ "Defaults !visiblepw", diff --git a/test/data/manifests/rhel_85-x86_64-vmdk-boot.json b/test/data/manifests/rhel_85-x86_64-vmdk-boot.json index 697c277c2..ae46003c5 100644 --- a/test/data/manifests/rhel_85-x86_64-vmdk-boot.json +++ b/test/data/manifests/rhel_85-x86_64-vmdk-boot.json @@ -10154,6 +10154,17 @@ ] }, "default-target": "graphical.target", + "dnf": { + "dnf.conf": { + "main": { + "best": "True", + "clean_requirements_on_remove": "True", + "gpgcheck": "1", + "installonly_limit": "3", + "skip_if_unavailable": "False" + } + } + }, "dracut": { "/usr/lib/dracut/dracut.conf.d": { "01-dist.conf": { @@ -10945,6 +10956,49 @@ "vgauthd.service", "vmtoolsd.service" ], + "ssh_config": { + "/etc/ssh": { + "ssh_config": [ + "Include /etc/ssh/ssh_config.d/*.conf" + ] + }, + "/etc/ssh/ssh_config.d": { + "05-redhat.conf": [ + "Match final all", + "Include /etc/crypto-policies/back-ends/openssh.config", + "GSSAPIAuthentication yes", + "ForwardX11Trusted yes", + "SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "SendEnv XMODIFIERS" + ] + } + }, + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "HostKey /etc/ssh/ssh_host_rsa_key", + "HostKey /etc/ssh/ssh_host_ecdsa_key", + "HostKey /etc/ssh/ssh_host_ed25519_key", + "SyslogFacility AUTHPRIV", + "PermitRootLogin yes", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "PasswordAuthentication yes", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no", + "AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "AcceptEnv XMODIFIERS", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server" + ] + } + }, "sudoers": { "/etc/sudoers": [ "Defaults !visiblepw", diff --git a/test/data/manifests/rhel_86-aarch64-ami-boot.json b/test/data/manifests/rhel_86-aarch64-ami-boot.json index 79b465311..4246bbb78 100644 --- a/test/data/manifests/rhel_86-aarch64-ami-boot.json +++ b/test/data/manifests/rhel_86-aarch64-ami-boot.json @@ -10150,6 +10150,17 @@ } }, "default-target": "multi-user.target", + "dnf": { + "dnf.conf": { + "main": { + "best": "True", + "clean_requirements_on_remove": "True", + "gpgcheck": "1", + "installonly_limit": "3", + "skip_if_unavailable": "False" + } + } + }, "dracut": { "/usr/lib/dracut/dracut.conf.d": { "01-dist.conf": { @@ -10950,6 +10961,49 @@ "udisks2.service", "unbound-anchor.timer" ], + "ssh_config": { + "/etc/ssh": { + "ssh_config": [ + "Include /etc/ssh/ssh_config.d/*.conf" + ] + }, + "/etc/ssh/ssh_config.d": { + "05-redhat.conf": [ + "Match final all", + "Include /etc/crypto-policies/back-ends/openssh.config", + "GSSAPIAuthentication yes", + "ForwardX11Trusted yes", + "SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "SendEnv XMODIFIERS" + ] + } + }, + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "HostKey /etc/ssh/ssh_host_rsa_key", + "HostKey /etc/ssh/ssh_host_ecdsa_key", + "HostKey /etc/ssh/ssh_host_ed25519_key", + "SyslogFacility AUTHPRIV", + "PermitRootLogin yes", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "PasswordAuthentication no", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no", + "AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "AcceptEnv XMODIFIERS", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server" + ] + } + }, "sudoers": { "/etc/sudoers": [ "Defaults !visiblepw", diff --git a/test/data/manifests/rhel_86-aarch64-ec2-boot.json b/test/data/manifests/rhel_86-aarch64-ec2-boot.json index f5486ae19..58f4ef010 100644 --- a/test/data/manifests/rhel_86-aarch64-ec2-boot.json +++ b/test/data/manifests/rhel_86-aarch64-ec2-boot.json @@ -10199,6 +10199,17 @@ } }, "default-target": "multi-user.target", + "dnf": { + "dnf.conf": { + "main": { + "best": "True", + "clean_requirements_on_remove": "True", + "gpgcheck": "1", + "installonly_limit": "3", + "skip_if_unavailable": "False" + } + } + }, "dracut": { "/usr/lib/dracut/dracut.conf.d": { "01-dist.conf": { @@ -11004,6 +11015,49 @@ "udisks2.service", "unbound-anchor.timer" ], + "ssh_config": { + "/etc/ssh": { + "ssh_config": [ + "Include /etc/ssh/ssh_config.d/*.conf" + ] + }, + "/etc/ssh/ssh_config.d": { + "05-redhat.conf": [ + "Match final all", + "Include /etc/crypto-policies/back-ends/openssh.config", + "GSSAPIAuthentication yes", + "ForwardX11Trusted yes", + "SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "SendEnv XMODIFIERS" + ] + } + }, + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "HostKey /etc/ssh/ssh_host_rsa_key", + "HostKey /etc/ssh/ssh_host_ecdsa_key", + "HostKey /etc/ssh/ssh_host_ed25519_key", + "SyslogFacility AUTHPRIV", + "PermitRootLogin yes", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "PasswordAuthentication no", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no", + "AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "AcceptEnv XMODIFIERS", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server" + ] + } + }, "sudoers": { "/etc/sudoers": [ "Defaults !visiblepw", @@ -11239,6 +11293,124 @@ "r! /tmp/.X[0-9]*-lock" ] } + }, + "yum_repos": { + "/etc/yum.repos.d": { + "redhat-rhui-beta.repo": { + "rhel-8-appstream-beta-rhui-debug-rpms": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta", + "mirrorlist": "https://rhui3.REGION.aws.ce.redhat.com/pulp/mirror/content/beta/rhel8/rhui/8/$basearch/appstream/debug", + "name": "Red Hat Enterprise Linux 8 for $basearch - AppStream Beta from RHUI (Debug RPMs)", + "sslcacert": "/etc/pki/rhui/cdn.redhat.com-chain.crt", + "sslclientcert": "/etc/pki/rhui/product/content-rhel8.crt", + "sslclientkey": "/etc/pki/rhui/content-rhel8.key", + "sslverify": "1" + }, + "rhel-8-appstream-beta-rhui-rpms": { + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta", + "mirrorlist": "https://rhui3.REGION.aws.ce.redhat.com/pulp/mirror/content/beta/rhel8/rhui/8/$basearch/appstream/os", + "name": "Red Hat Enterprise Linux 8 for $basearch - AppStream Beta from RHUI (RPMs)", + "sslcacert": "/etc/pki/rhui/cdn.redhat.com-chain.crt", + "sslclientcert": "/etc/pki/rhui/product/content-rhel8.crt", + "sslclientkey": "/etc/pki/rhui/content-rhel8.key", + "sslverify": "1" + }, + "rhel-8-appstream-beta-rhui-source-rpms": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta", + "mirrorlist": "https://rhui3.REGION.aws.ce.redhat.com/pulp/mirror/content/beta/rhel8/rhui/8/$basearch/appstream/source/SRPMS", + "name": "Red Hat Enterprise Linux 8 for $basearch - AppStream Beta from RHUI (Source RPMs)", + "sslcacert": "/etc/pki/rhui/cdn.redhat.com-chain.crt", + "sslclientcert": "/etc/pki/rhui/product/content-rhel8.crt", + "sslclientkey": "/etc/pki/rhui/content-rhel8.key", + "sslverify": "1" + }, + "rhel-8-baseos-beta-rhui-debug-rpms": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta", + "mirrorlist": "https://rhui3.REGION.aws.ce.redhat.com/pulp/mirror/content/beta/rhel8/rhui/8/$basearch/baseos/debug", + "name": "Red Hat Enterprise Linux 8 for $basearch - BaseOS Beta from RHUI (Debug RPMs)", + "sslcacert": "/etc/pki/rhui/cdn.redhat.com-chain.crt", + "sslclientcert": "/etc/pki/rhui/product/content-rhel8.crt", + "sslclientkey": "/etc/pki/rhui/content-rhel8.key", + "sslverify": "1" + }, + "rhel-8-baseos-beta-rhui-rpms": { + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta", + "mirrorlist": "https://rhui3.REGION.aws.ce.redhat.com/pulp/mirror/content/beta/rhel8/rhui/8/$basearch/baseos/os", + "name": "Red Hat Enterprise Linux 8 for $basearch - BaseOS Beta from RHUI (RPMs)", + "sslcacert": "/etc/pki/rhui/cdn.redhat.com-chain.crt", + "sslclientcert": "/etc/pki/rhui/product/content-rhel8.crt", + "sslclientkey": "/etc/pki/rhui/content-rhel8.key", + "sslverify": "1" + }, + "rhel-8-baseos-beta-rhui-source-rpms": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta", + "mirrorlist": "https://rhui3.REGION.aws.ce.redhat.com/pulp/mirror/content/beta/rhel8/rhui/8/$basearch/baseos/source/SRPMS", + "name": "Red Hat Enterprise Linux 8 for $basearch - BaseOS Beta from RHUI (Source RPMs)", + "sslcacert": "/etc/pki/rhui/cdn.redhat.com-chain.crt", + "sslclientcert": "/etc/pki/rhui/product/content-rhel8.crt", + "sslclientkey": "/etc/pki/rhui/content-rhel8.key", + "sslverify": "1" + }, + "rhel-8-supplementary-beta-debug-rhui-rpms": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta", + "mirrorlist": "https://rhui3.REGION.aws.ce.redhat.com/pulp/mirror//content/beta/rhel8/rhui/8/$basearch/supplementary/debug", + "name": "Red Hat Enterprise Linux 8 for $basearch - Supplementary Beta from RHUI (Debug RPMs)", + "sslcacert": "/etc/pki/rhui/cdn.redhat.com-chain.crt", + "sslclientcert": "/etc/pki/rhui/product/content-rhel8.crt", + "sslclientkey": "/etc/pki/rhui/content-rhel8.key", + "sslverify": "1" + }, + "rhel-8-supplementary-beta-rhui-rpms": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta", + "mirrorlist": "https://rhui3.REGION.aws.ce.redhat.com/pulp/mirror//content/beta/rhel8/rhui/8/$basearch/supplementary/os", + "name": "Red Hat Enterprise Linux 8 for $basearch - Supplementary Beta from RHUI (RPMs)", + "sslcacert": "/etc/pki/rhui/cdn.redhat.com-chain.crt", + "sslclientcert": "/etc/pki/rhui/product/content-rhel8.crt", + "sslclientkey": "/etc/pki/rhui/content-rhel8.key", + "sslverify": "1" + }, + "rhel-8-supplementary-beta-source-rhui-rpms": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta", + "mirrorlist": "https://rhui3.REGION.aws.ce.redhat.com/pulp/mirror//content/beta/rhel8/rhui/8/$basearch/supplementary/source/SRPMS", + "name": "Red Hat Enterprise Linux 8 for $basearch - Supplementary Beta from RHUI (Source RPMs)", + "sslcacert": "/etc/pki/rhui/cdn.redhat.com-chain.crt", + "sslclientcert": "/etc/pki/rhui/product/content-rhel8.crt", + "sslclientkey": "/etc/pki/rhui/content-rhel8.key", + "sslverify": "1" + } + }, + "redhat-rhui-client-config.repo": { + "rhui-client-config-server-8": { + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release", + "mirrorlist": "https://rhui3.REGION.aws.ce.redhat.com/pulp/mirror/protected/rhui-client-config/rhel/server/8/$basearch/os", + "name": "Red Hat Update Infrastructure 3 Client Configuration Server 8", + "sslcacert": "/etc/pki/rhui/cdn.redhat.com-chain.crt", + "sslclientcert": "/etc/pki/rhui/product/rhui-client-config-server-8.crt", + "sslclientkey": "/etc/pki/rhui/rhui-client-config-server-8.key", + "sslverify": "1" + } + } + } } } } diff --git a/test/data/manifests/rhel_86-aarch64-edge_commit-boot.json b/test/data/manifests/rhel_86-aarch64-edge_commit-boot.json index b991d0630..59f384fee 100644 --- a/test/data/manifests/rhel_86-aarch64-edge_commit-boot.json +++ b/test/data/manifests/rhel_86-aarch64-edge_commit-boot.json @@ -9793,6 +9793,49 @@ "timedatex.service", "udisks2.service" ], + "ssh_config": { + "/etc/ssh": { + "ssh_config": [ + "Include /etc/ssh/ssh_config.d/*.conf" + ] + }, + "/etc/ssh/ssh_config.d": { + "05-redhat.conf": [ + "Match final all", + "Include /etc/crypto-policies/back-ends/openssh.config", + "GSSAPIAuthentication yes", + "ForwardX11Trusted yes", + "SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "SendEnv XMODIFIERS" + ] + } + }, + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "HostKey /etc/ssh/ssh_host_rsa_key", + "HostKey /etc/ssh/ssh_host_ecdsa_key", + "HostKey /etc/ssh/ssh_host_ed25519_key", + "SyslogFacility AUTHPRIV", + "PermitRootLogin yes", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "PasswordAuthentication yes", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no", + "AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "AcceptEnv XMODIFIERS", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server" + ] + } + }, "sudoers": { "/etc/sudoers": [ "Defaults !visiblepw", diff --git a/test/data/manifests/rhel_86-aarch64-openstack-boot.json b/test/data/manifests/rhel_86-aarch64-openstack-boot.json index b78acab1b..d93c951df 100644 --- a/test/data/manifests/rhel_86-aarch64-openstack-boot.json +++ b/test/data/manifests/rhel_86-aarch64-openstack-boot.json @@ -10434,6 +10434,17 @@ } }, "default-target": "graphical.target", + "dnf": { + "dnf.conf": { + "main": { + "best": "True", + "clean_requirements_on_remove": "True", + "gpgcheck": "1", + "installonly_limit": "3", + "skip_if_unavailable": "False" + } + } + }, "dracut": { "/usr/lib/dracut/dracut.conf.d": { "01-dist.conf": { @@ -11225,6 +11236,49 @@ "udisks2.service", "unbound-anchor.timer" ], + "ssh_config": { + "/etc/ssh": { + "ssh_config": [ + "Include /etc/ssh/ssh_config.d/*.conf" + ] + }, + "/etc/ssh/ssh_config.d": { + "05-redhat.conf": [ + "Match final all", + "Include /etc/crypto-policies/back-ends/openssh.config", + "GSSAPIAuthentication yes", + "ForwardX11Trusted yes", + "SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "SendEnv XMODIFIERS" + ] + } + }, + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "HostKey /etc/ssh/ssh_host_rsa_key", + "HostKey /etc/ssh/ssh_host_ecdsa_key", + "HostKey /etc/ssh/ssh_host_ed25519_key", + "SyslogFacility AUTHPRIV", + "PermitRootLogin yes", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "PasswordAuthentication yes", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no", + "AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "AcceptEnv XMODIFIERS", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server" + ] + } + }, "sudoers": { "/etc/sudoers": [ "Defaults !visiblepw", diff --git a/test/data/manifests/rhel_86-aarch64-qcow2-boot.json b/test/data/manifests/rhel_86-aarch64-qcow2-boot.json index b1a9996cc..24fea582e 100644 --- a/test/data/manifests/rhel_86-aarch64-qcow2-boot.json +++ b/test/data/manifests/rhel_86-aarch64-qcow2-boot.json @@ -10345,6 +10345,17 @@ } }, "default-target": "multi-user.target", + "dnf": { + "dnf.conf": { + "main": { + "best": "True", + "clean_requirements_on_remove": "True", + "gpgcheck": "1", + "installonly_limit": "3", + "skip_if_unavailable": "False" + } + } + }, "dracut": { "/usr/lib/dracut/dracut.conf.d": { "01-dist.conf": { @@ -11140,6 +11151,49 @@ "tuned.service", "unbound-anchor.timer" ], + "ssh_config": { + "/etc/ssh": { + "ssh_config": [ + "Include /etc/ssh/ssh_config.d/*.conf" + ] + }, + "/etc/ssh/ssh_config.d": { + "05-redhat.conf": [ + "Match final all", + "Include /etc/crypto-policies/back-ends/openssh.config", + "GSSAPIAuthentication yes", + "ForwardX11Trusted yes", + "SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "SendEnv XMODIFIERS" + ] + } + }, + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "HostKey /etc/ssh/ssh_host_rsa_key", + "HostKey /etc/ssh/ssh_host_ecdsa_key", + "HostKey /etc/ssh/ssh_host_ed25519_key", + "SyslogFacility AUTHPRIV", + "PermitRootLogin yes", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "PasswordAuthentication yes", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no", + "AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "AcceptEnv XMODIFIERS", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server" + ] + } + }, "sudoers": { "/etc/sudoers": [ "Defaults !visiblepw", diff --git a/test/data/manifests/rhel_86-aarch64-qcow2_customize-boot.json b/test/data/manifests/rhel_86-aarch64-qcow2_customize-boot.json index 0da0a577b..0f3d9d6c8 100644 --- a/test/data/manifests/rhel_86-aarch64-qcow2_customize-boot.json +++ b/test/data/manifests/rhel_86-aarch64-qcow2_customize-boot.json @@ -12660,6 +12660,17 @@ } }, "default-target": "multi-user.target", + "dnf": { + "dnf.conf": { + "main": { + "best": "True", + "clean_requirements_on_remove": "True", + "gpgcheck": "1", + "installonly_limit": "3", + "skip_if_unavailable": "False" + } + } + }, "dracut": { "/usr/lib/dracut/dracut.conf.d": { "01-dist.conf": { @@ -13512,6 +13523,49 @@ "tuned.service", "unbound-anchor.timer" ], + "ssh_config": { + "/etc/ssh": { + "ssh_config": [ + "Include /etc/ssh/ssh_config.d/*.conf" + ] + }, + "/etc/ssh/ssh_config.d": { + "05-redhat.conf": [ + "Match final all", + "Include /etc/crypto-policies/back-ends/openssh.config", + "GSSAPIAuthentication yes", + "ForwardX11Trusted yes", + "SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "SendEnv XMODIFIERS" + ] + } + }, + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "HostKey /etc/ssh/ssh_host_rsa_key", + "HostKey /etc/ssh/ssh_host_ecdsa_key", + "HostKey /etc/ssh/ssh_host_ed25519_key", + "SyslogFacility AUTHPRIV", + "PermitRootLogin yes", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "PasswordAuthentication yes", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no", + "AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "AcceptEnv XMODIFIERS", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server" + ] + } + }, "sudoers": { "/etc/sudoers": [ "Defaults !visiblepw", diff --git a/test/data/manifests/rhel_86-aarch64-tar-boot.json b/test/data/manifests/rhel_86-aarch64-tar-boot.json index d49f19102..70ecfab1c 100644 --- a/test/data/manifests/rhel_86-aarch64-tar-boot.json +++ b/test/data/manifests/rhel_86-aarch64-tar-boot.json @@ -6926,6 +6926,30 @@ "selinux-autorelabel-mark.service", "sshd.service" ], + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "HostKey /etc/ssh/ssh_host_rsa_key", + "HostKey /etc/ssh/ssh_host_ecdsa_key", + "HostKey /etc/ssh/ssh_host_ed25519_key", + "SyslogFacility AUTHPRIV", + "PermitRootLogin yes", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "PasswordAuthentication yes", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no", + "AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "AcceptEnv XMODIFIERS", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server" + ] + } + }, "sysconfig": { "kernel": { "DEFAULTKERNEL": "kernel", diff --git a/test/data/manifests/rhel_86-ppc64le-qcow2-boot.json b/test/data/manifests/rhel_86-ppc64le-qcow2-boot.json index be5d87c40..feacbc20b 100644 --- a/test/data/manifests/rhel_86-ppc64le-qcow2-boot.json +++ b/test/data/manifests/rhel_86-ppc64le-qcow2-boot.json @@ -11001,6 +11001,17 @@ } }, "default-target": "multi-user.target", + "dnf": { + "dnf.conf": { + "main": { + "best": "True", + "clean_requirements_on_remove": "True", + "gpgcheck": "1", + "installonly_limit": "3", + "skip_if_unavailable": "False" + } + } + }, "dracut": { "/usr/lib/dracut/dracut.conf.d": { "01-dist.conf": { @@ -11840,6 +11851,49 @@ "tuned.service", "unbound-anchor.timer" ], + "ssh_config": { + "/etc/ssh": { + "ssh_config": [ + "Include /etc/ssh/ssh_config.d/*.conf" + ] + }, + "/etc/ssh/ssh_config.d": { + "05-redhat.conf": [ + "Match final all", + "Include /etc/crypto-policies/back-ends/openssh.config", + "GSSAPIAuthentication yes", + "ForwardX11Trusted yes", + "SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "SendEnv XMODIFIERS" + ] + } + }, + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "HostKey /etc/ssh/ssh_host_rsa_key", + "HostKey /etc/ssh/ssh_host_ecdsa_key", + "HostKey /etc/ssh/ssh_host_ed25519_key", + "SyslogFacility AUTHPRIV", + "PermitRootLogin yes", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "PasswordAuthentication yes", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no", + "AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "AcceptEnv XMODIFIERS", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server" + ] + } + }, "sudoers": { "/etc/sudoers": [ "Defaults !visiblepw", diff --git a/test/data/manifests/rhel_86-ppc64le-qcow2_customize-boot.json b/test/data/manifests/rhel_86-ppc64le-qcow2_customize-boot.json index d94e17464..946735903 100644 --- a/test/data/manifests/rhel_86-ppc64le-qcow2_customize-boot.json +++ b/test/data/manifests/rhel_86-ppc64le-qcow2_customize-boot.json @@ -13816,6 +13816,17 @@ } }, "default-target": "multi-user.target", + "dnf": { + "dnf.conf": { + "main": { + "best": "True", + "clean_requirements_on_remove": "True", + "gpgcheck": "1", + "installonly_limit": "3", + "skip_if_unavailable": "False" + } + } + }, "dracut": { "/usr/lib/dracut/dracut.conf.d": { "01-dist.conf": { @@ -14712,6 +14723,49 @@ "tuned.service", "unbound-anchor.timer" ], + "ssh_config": { + "/etc/ssh": { + "ssh_config": [ + "Include /etc/ssh/ssh_config.d/*.conf" + ] + }, + "/etc/ssh/ssh_config.d": { + "05-redhat.conf": [ + "Match final all", + "Include /etc/crypto-policies/back-ends/openssh.config", + "GSSAPIAuthentication yes", + "ForwardX11Trusted yes", + "SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "SendEnv XMODIFIERS" + ] + } + }, + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "HostKey /etc/ssh/ssh_host_rsa_key", + "HostKey /etc/ssh/ssh_host_ecdsa_key", + "HostKey /etc/ssh/ssh_host_ed25519_key", + "SyslogFacility AUTHPRIV", + "PermitRootLogin yes", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "PasswordAuthentication yes", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no", + "AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "AcceptEnv XMODIFIERS", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server" + ] + } + }, "sudoers": { "/etc/sudoers": [ "Defaults !visiblepw", diff --git a/test/data/manifests/rhel_86-ppc64le-tar-boot.json b/test/data/manifests/rhel_86-ppc64le-tar-boot.json index 015a61bf2..fb6f5fb47 100644 --- a/test/data/manifests/rhel_86-ppc64le-tar-boot.json +++ b/test/data/manifests/rhel_86-ppc64le-tar-boot.json @@ -7025,6 +7025,30 @@ "selinux-autorelabel-mark.service", "sshd.service" ], + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "HostKey /etc/ssh/ssh_host_rsa_key", + "HostKey /etc/ssh/ssh_host_ecdsa_key", + "HostKey /etc/ssh/ssh_host_ed25519_key", + "SyslogFacility AUTHPRIV", + "PermitRootLogin yes", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "PasswordAuthentication yes", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no", + "AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "AcceptEnv XMODIFIERS", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server" + ] + } + }, "sysconfig": { "kernel": { "DEFAULTKERNEL": "kernel", diff --git a/test/data/manifests/rhel_86-s390x-qcow2-boot.json b/test/data/manifests/rhel_86-s390x-qcow2-boot.json index 0fabb9d66..4a7ee0e71 100644 --- a/test/data/manifests/rhel_86-s390x-qcow2-boot.json +++ b/test/data/manifests/rhel_86-s390x-qcow2-boot.json @@ -11670,6 +11670,17 @@ } }, "default-target": "multi-user.target", + "dnf": { + "dnf.conf": { + "main": { + "best": "True", + "clean_requirements_on_remove": "True", + "gpgcheck": "1", + "installonly_limit": "3", + "skip_if_unavailable": "False" + } + } + }, "dracut": { "/usr/lib/dracut/dracut.conf.d": { "01-dist.conf": { @@ -12478,6 +12489,49 @@ "tuned.service", "unbound-anchor.timer" ], + "ssh_config": { + "/etc/ssh": { + "ssh_config": [ + "Include /etc/ssh/ssh_config.d/*.conf" + ] + }, + "/etc/ssh/ssh_config.d": { + "05-redhat.conf": [ + "Match final all", + "Include /etc/crypto-policies/back-ends/openssh.config", + "GSSAPIAuthentication yes", + "ForwardX11Trusted yes", + "SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "SendEnv XMODIFIERS" + ] + } + }, + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "HostKey /etc/ssh/ssh_host_rsa_key", + "HostKey /etc/ssh/ssh_host_ecdsa_key", + "HostKey /etc/ssh/ssh_host_ed25519_key", + "SyslogFacility AUTHPRIV", + "PermitRootLogin yes", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "PasswordAuthentication yes", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no", + "AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "AcceptEnv XMODIFIERS", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server" + ] + } + }, "sudoers": { "/etc/sudoers": [ "Defaults !visiblepw", diff --git a/test/data/manifests/rhel_86-s390x-qcow2_customize-boot.json b/test/data/manifests/rhel_86-s390x-qcow2_customize-boot.json index c1b0e4c88..13d2963b1 100644 --- a/test/data/manifests/rhel_86-s390x-qcow2_customize-boot.json +++ b/test/data/manifests/rhel_86-s390x-qcow2_customize-boot.json @@ -13905,6 +13905,17 @@ } }, "default-target": "multi-user.target", + "dnf": { + "dnf.conf": { + "main": { + "best": "True", + "clean_requirements_on_remove": "True", + "gpgcheck": "1", + "installonly_limit": "3", + "skip_if_unavailable": "False" + } + } + }, "dracut": { "/usr/lib/dracut/dracut.conf.d": { "01-dist.conf": { @@ -14770,6 +14781,49 @@ "tuned.service", "unbound-anchor.timer" ], + "ssh_config": { + "/etc/ssh": { + "ssh_config": [ + "Include /etc/ssh/ssh_config.d/*.conf" + ] + }, + "/etc/ssh/ssh_config.d": { + "05-redhat.conf": [ + "Match final all", + "Include /etc/crypto-policies/back-ends/openssh.config", + "GSSAPIAuthentication yes", + "ForwardX11Trusted yes", + "SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "SendEnv XMODIFIERS" + ] + } + }, + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "HostKey /etc/ssh/ssh_host_rsa_key", + "HostKey /etc/ssh/ssh_host_ecdsa_key", + "HostKey /etc/ssh/ssh_host_ed25519_key", + "SyslogFacility AUTHPRIV", + "PermitRootLogin yes", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "PasswordAuthentication yes", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no", + "AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "AcceptEnv XMODIFIERS", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server" + ] + } + }, "sudoers": { "/etc/sudoers": [ "Defaults !visiblepw", diff --git a/test/data/manifests/rhel_86-s390x-tar-boot.json b/test/data/manifests/rhel_86-s390x-tar-boot.json index 6dd961826..6f00f5e47 100644 --- a/test/data/manifests/rhel_86-s390x-tar-boot.json +++ b/test/data/manifests/rhel_86-s390x-tar-boot.json @@ -8165,7 +8165,7 @@ "id": "rhel-20210927213626-4.18.0-345.1.el8.s390x", "initrd": "/boot/initramfs-4.18.0-345.1.el8.s390x.img", "linux": "/boot/vmlinuz-4.18.0-345.1.el8.s390x", - "options": "root=UUID=03ae1441-3a92-4f66-bd03-a222de005b19 rootflags=subvol=root", + "options": "root=UUID=b9867d4e-38c1-4bed-a75d-57debfed3565 rootflags=subvol=root", "title": "Red Hat Enterprise Linux (4.18.0-345.1.el8.s390x) 8.6 (Ootpa)", "version": "4.18.0-345.1.el8.s390x" } @@ -8545,6 +8545,30 @@ "selinux-autorelabel-mark.service", "sshd.service" ], + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "HostKey /etc/ssh/ssh_host_rsa_key", + "HostKey /etc/ssh/ssh_host_ecdsa_key", + "HostKey /etc/ssh/ssh_host_ed25519_key", + "SyslogFacility AUTHPRIV", + "PermitRootLogin yes", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "PasswordAuthentication yes", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no", + "AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "AcceptEnv XMODIFIERS", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server" + ] + } + }, "sysconfig": { "kernel": { "DEFAULTKERNEL": "kernel", diff --git a/test/data/manifests/rhel_86-x86_64-ami-boot.json b/test/data/manifests/rhel_86-x86_64-ami-boot.json index e3b4aa83e..98a6d2ea4 100644 --- a/test/data/manifests/rhel_86-x86_64-ami-boot.json +++ b/test/data/manifests/rhel_86-x86_64-ami-boot.json @@ -9787,6 +9787,17 @@ } }, "default-target": "multi-user.target", + "dnf": { + "dnf.conf": { + "main": { + "best": "True", + "clean_requirements_on_remove": "True", + "gpgcheck": "1", + "installonly_limit": "3", + "skip_if_unavailable": "False" + } + } + }, "dracut": { "/usr/lib/dracut/dracut.conf.d": { "01-dist.conf": { @@ -10528,6 +10539,49 @@ "tuned.service", "unbound-anchor.timer" ], + "ssh_config": { + "/etc/ssh": { + "ssh_config": [ + "Include /etc/ssh/ssh_config.d/*.conf" + ] + }, + "/etc/ssh/ssh_config.d": { + "05-redhat.conf": [ + "Match final all", + "Include /etc/crypto-policies/back-ends/openssh.config", + "GSSAPIAuthentication yes", + "ForwardX11Trusted yes", + "SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "SendEnv XMODIFIERS" + ] + } + }, + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "HostKey /etc/ssh/ssh_host_rsa_key", + "HostKey /etc/ssh/ssh_host_ecdsa_key", + "HostKey /etc/ssh/ssh_host_ed25519_key", + "SyslogFacility AUTHPRIV", + "PermitRootLogin yes", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "PasswordAuthentication no", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no", + "AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "AcceptEnv XMODIFIERS", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server" + ] + } + }, "sudoers": { "/etc/sudoers": [ "Defaults !visiblepw", diff --git a/test/data/manifests/rhel_86-x86_64-ec2-boot.json b/test/data/manifests/rhel_86-x86_64-ec2-boot.json index 5e4b56b81..2f67faedf 100644 --- a/test/data/manifests/rhel_86-x86_64-ec2-boot.json +++ b/test/data/manifests/rhel_86-x86_64-ec2-boot.json @@ -9838,6 +9838,17 @@ } }, "default-target": "multi-user.target", + "dnf": { + "dnf.conf": { + "main": { + "best": "True", + "clean_requirements_on_remove": "True", + "gpgcheck": "1", + "installonly_limit": "3", + "skip_if_unavailable": "False" + } + } + }, "dracut": { "/usr/lib/dracut/dracut.conf.d": { "01-dist.conf": { @@ -10584,6 +10595,49 @@ "tuned.service", "unbound-anchor.timer" ], + "ssh_config": { + "/etc/ssh": { + "ssh_config": [ + "Include /etc/ssh/ssh_config.d/*.conf" + ] + }, + "/etc/ssh/ssh_config.d": { + "05-redhat.conf": [ + "Match final all", + "Include /etc/crypto-policies/back-ends/openssh.config", + "GSSAPIAuthentication yes", + "ForwardX11Trusted yes", + "SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "SendEnv XMODIFIERS" + ] + } + }, + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "HostKey /etc/ssh/ssh_host_rsa_key", + "HostKey /etc/ssh/ssh_host_ecdsa_key", + "HostKey /etc/ssh/ssh_host_ed25519_key", + "SyslogFacility AUTHPRIV", + "PermitRootLogin yes", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "PasswordAuthentication no", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no", + "AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "AcceptEnv XMODIFIERS", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server" + ] + } + }, "sudoers": { "/etc/sudoers": [ "Defaults !visiblepw", @@ -10813,6 +10867,124 @@ "r! /tmp/.X[0-9]*-lock" ] } + }, + "yum_repos": { + "/etc/yum.repos.d": { + "redhat-rhui-beta.repo": { + "rhel-8-appstream-beta-rhui-debug-rpms": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta", + "mirrorlist": "https://rhui3.REGION.aws.ce.redhat.com/pulp/mirror/content/beta/rhel8/rhui/8/$basearch/appstream/debug", + "name": "Red Hat Enterprise Linux 8 for $basearch - AppStream Beta from RHUI (Debug RPMs)", + "sslcacert": "/etc/pki/rhui/cdn.redhat.com-chain.crt", + "sslclientcert": "/etc/pki/rhui/product/content-rhel8.crt", + "sslclientkey": "/etc/pki/rhui/content-rhel8.key", + "sslverify": "1" + }, + "rhel-8-appstream-beta-rhui-rpms": { + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta", + "mirrorlist": "https://rhui3.REGION.aws.ce.redhat.com/pulp/mirror/content/beta/rhel8/rhui/8/$basearch/appstream/os", + "name": "Red Hat Enterprise Linux 8 for $basearch - AppStream Beta from RHUI (RPMs)", + "sslcacert": "/etc/pki/rhui/cdn.redhat.com-chain.crt", + "sslclientcert": "/etc/pki/rhui/product/content-rhel8.crt", + "sslclientkey": "/etc/pki/rhui/content-rhel8.key", + "sslverify": "1" + }, + "rhel-8-appstream-beta-rhui-source-rpms": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta", + "mirrorlist": "https://rhui3.REGION.aws.ce.redhat.com/pulp/mirror/content/beta/rhel8/rhui/8/$basearch/appstream/source/SRPMS", + "name": "Red Hat Enterprise Linux 8 for $basearch - AppStream Beta from RHUI (Source RPMs)", + "sslcacert": "/etc/pki/rhui/cdn.redhat.com-chain.crt", + "sslclientcert": "/etc/pki/rhui/product/content-rhel8.crt", + "sslclientkey": "/etc/pki/rhui/content-rhel8.key", + "sslverify": "1" + }, + "rhel-8-baseos-beta-rhui-debug-rpms": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta", + "mirrorlist": "https://rhui3.REGION.aws.ce.redhat.com/pulp/mirror/content/beta/rhel8/rhui/8/$basearch/baseos/debug", + "name": "Red Hat Enterprise Linux 8 for $basearch - BaseOS Beta from RHUI (Debug RPMs)", + "sslcacert": "/etc/pki/rhui/cdn.redhat.com-chain.crt", + "sslclientcert": "/etc/pki/rhui/product/content-rhel8.crt", + "sslclientkey": "/etc/pki/rhui/content-rhel8.key", + "sslverify": "1" + }, + "rhel-8-baseos-beta-rhui-rpms": { + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta", + "mirrorlist": "https://rhui3.REGION.aws.ce.redhat.com/pulp/mirror/content/beta/rhel8/rhui/8/$basearch/baseos/os", + "name": "Red Hat Enterprise Linux 8 for $basearch - BaseOS Beta from RHUI (RPMs)", + "sslcacert": "/etc/pki/rhui/cdn.redhat.com-chain.crt", + "sslclientcert": "/etc/pki/rhui/product/content-rhel8.crt", + "sslclientkey": "/etc/pki/rhui/content-rhel8.key", + "sslverify": "1" + }, + "rhel-8-baseos-beta-rhui-source-rpms": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta", + "mirrorlist": "https://rhui3.REGION.aws.ce.redhat.com/pulp/mirror/content/beta/rhel8/rhui/8/$basearch/baseos/source/SRPMS", + "name": "Red Hat Enterprise Linux 8 for $basearch - BaseOS Beta from RHUI (Source RPMs)", + "sslcacert": "/etc/pki/rhui/cdn.redhat.com-chain.crt", + "sslclientcert": "/etc/pki/rhui/product/content-rhel8.crt", + "sslclientkey": "/etc/pki/rhui/content-rhel8.key", + "sslverify": "1" + }, + "rhel-8-supplementary-beta-debug-rhui-rpms": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta", + "mirrorlist": "https://rhui3.REGION.aws.ce.redhat.com/pulp/mirror//content/beta/rhel8/rhui/8/$basearch/supplementary/debug", + "name": "Red Hat Enterprise Linux 8 for $basearch - Supplementary Beta from RHUI (Debug RPMs)", + "sslcacert": "/etc/pki/rhui/cdn.redhat.com-chain.crt", + "sslclientcert": "/etc/pki/rhui/product/content-rhel8.crt", + "sslclientkey": "/etc/pki/rhui/content-rhel8.key", + "sslverify": "1" + }, + "rhel-8-supplementary-beta-rhui-rpms": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta", + "mirrorlist": "https://rhui3.REGION.aws.ce.redhat.com/pulp/mirror//content/beta/rhel8/rhui/8/$basearch/supplementary/os", + "name": "Red Hat Enterprise Linux 8 for $basearch - Supplementary Beta from RHUI (RPMs)", + "sslcacert": "/etc/pki/rhui/cdn.redhat.com-chain.crt", + "sslclientcert": "/etc/pki/rhui/product/content-rhel8.crt", + "sslclientkey": "/etc/pki/rhui/content-rhel8.key", + "sslverify": "1" + }, + "rhel-8-supplementary-beta-source-rhui-rpms": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta", + "mirrorlist": "https://rhui3.REGION.aws.ce.redhat.com/pulp/mirror//content/beta/rhel8/rhui/8/$basearch/supplementary/source/SRPMS", + "name": "Red Hat Enterprise Linux 8 for $basearch - Supplementary Beta from RHUI (Source RPMs)", + "sslcacert": "/etc/pki/rhui/cdn.redhat.com-chain.crt", + "sslclientcert": "/etc/pki/rhui/product/content-rhel8.crt", + "sslclientkey": "/etc/pki/rhui/content-rhel8.key", + "sslverify": "1" + } + }, + "redhat-rhui-client-config.repo": { + "rhui-client-config-server-8": { + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release", + "mirrorlist": "https://rhui3.REGION.aws.ce.redhat.com/pulp/mirror/protected/rhui-client-config/rhel/server/8/$basearch/os", + "name": "Red Hat Update Infrastructure 3 Client Configuration Server 8", + "sslcacert": "/etc/pki/rhui/cdn.redhat.com-chain.crt", + "sslclientcert": "/etc/pki/rhui/product/rhui-client-config-server-8.crt", + "sslclientkey": "/etc/pki/rhui/rhui-client-config-server-8.key", + "sslverify": "1" + } + } + } } } } diff --git a/test/data/manifests/rhel_86-x86_64-ec2_ha-boot.json b/test/data/manifests/rhel_86-x86_64-ec2_ha-boot.json index bdc1d44db..68c52ae18 100644 --- a/test/data/manifests/rhel_86-x86_64-ec2_ha-boot.json +++ b/test/data/manifests/rhel_86-x86_64-ec2_ha-boot.json @@ -12125,6 +12125,17 @@ } }, "default-target": "multi-user.target", + "dnf": { + "dnf.conf": { + "main": { + "best": "True", + "clean_requirements_on_remove": "True", + "gpgcheck": "1", + "installonly_limit": "3", + "skip_if_unavailable": "False" + } + } + }, "dracut": { "/usr/lib/dracut/dracut.conf.d": { "01-dist.conf": { @@ -13077,6 +13088,49 @@ "tuned.service", "unbound-anchor.timer" ], + "ssh_config": { + "/etc/ssh": { + "ssh_config": [ + "Include /etc/ssh/ssh_config.d/*.conf" + ] + }, + "/etc/ssh/ssh_config.d": { + "05-redhat.conf": [ + "Match final all", + "Include /etc/crypto-policies/back-ends/openssh.config", + "GSSAPIAuthentication yes", + "ForwardX11Trusted yes", + "SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "SendEnv XMODIFIERS" + ] + } + }, + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "HostKey /etc/ssh/ssh_host_rsa_key", + "HostKey /etc/ssh/ssh_host_ecdsa_key", + "HostKey /etc/ssh/ssh_host_ed25519_key", + "SyslogFacility AUTHPRIV", + "PermitRootLogin yes", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "PasswordAuthentication no", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no", + "AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "AcceptEnv XMODIFIERS", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server" + ] + } + }, "sudoers": { "/etc/sudoers": [ "Defaults !visiblepw", @@ -13319,6 +13373,190 @@ "r! /tmp/.X[0-9]*-lock" ] } + }, + "yum_repos": { + "/etc/yum.repos.d": { + "redhat-rhui-client-config-ha.repo": { + "rhui-client-config-server-8-ha": { + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release", + "mirrorlist": "https://rhui3.REGION.aws.ce.redhat.com/pulp/mirror/protected/rhui-client-config/rhel/server/8/$basearch/ha", + "name": "Red Hat Update Infrastructure 3 Client Configuration Server 8 HA", + "sslcacert": "/etc/pki/rhui/cdn.redhat.com-chain.crt", + "sslclientcert": "/etc/pki/rhui/product/rhui-client-config-server-8-ha.crt", + "sslclientkey": "/etc/pki/rhui/rhui-client-config-server-8-ha.key", + "sslverify": "1" + } + }, + "redhat-rhui-ha.repo": { + "codeready-builder-for-rhel-8-rhui-debug-rpms": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release", + "mirrorlist": "https://rhui3.REGION.aws.ce.redhat.com/pulp/mirror/content/dist/rhel8/rhui/$releasever/$basearch/codeready-builder/debug", + "name": "Red Hat CodeReady Linux Builder for RHEL 8 $basearch (Debug RPMs) from RHUI", + "sslcacert": "/etc/pki/rhui/cdn.redhat.com-chain.crt", + "sslclientcert": "/etc/pki/rhui/product/content-rhel8-ha.crt", + "sslclientkey": "/etc/pki/rhui/content-rhel8-ha.key", + "sslverify": "1" + }, + "codeready-builder-for-rhel-8-rhui-rpms": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release", + "mirrorlist": "https://rhui3.REGION.aws.ce.redhat.com/pulp/mirror/content/dist/rhel8/rhui/$releasever/$basearch/codeready-builder/os", + "name": "Red Hat CodeReady Linux Builder for RHEL 8 $basearch (RPMs) from RHUI", + "sslcacert": "/etc/pki/rhui/cdn.redhat.com-chain.crt", + "sslclientcert": "/etc/pki/rhui/product/content-rhel8-ha.crt", + "sslclientkey": "/etc/pki/rhui/content-rhel8-ha.key", + "sslverify": "1" + }, + "codeready-builder-for-rhel-8-rhui-source-rpms": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release", + "mirrorlist": "https://rhui3.REGION.aws.ce.redhat.com/pulp/mirror/content/dist/rhel8/rhui/$releasever/$basearch/codeready-builder/source/SRPMS", + "name": "Red Hat CodeReady Linux Builder for RHEL 8 $basearch (Source RPMs) from RHUI", + "sslcacert": "/etc/pki/rhui/cdn.redhat.com-chain.crt", + "sslclientcert": "/etc/pki/rhui/product/content-rhel8-ha.crt", + "sslclientkey": "/etc/pki/rhui/content-rhel8-ha.key", + "sslverify": "1" + }, + "rhel-8-appstream-rhui-debug-rpms": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release", + "mirrorlist": "https://rhui3.REGION.aws.ce.redhat.com/pulp/mirror/content/dist/rhel8/rhui/$releasever/$basearch/appstream/debug", + "name": "Red Hat Enterprise Linux 8 for $basearch - AppStream from RHUI (Debug RPMs)", + "sslcacert": "/etc/pki/rhui/cdn.redhat.com-chain.crt", + "sslclientcert": "/etc/pki/rhui/product/content-rhel8-ha.crt", + "sslclientkey": "/etc/pki/rhui/content-rhel8-ha.key", + "sslverify": "1" + }, + "rhel-8-appstream-rhui-rpms": { + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release", + "mirrorlist": "https://rhui3.REGION.aws.ce.redhat.com/pulp/mirror/content/dist/rhel8/rhui/$releasever/$basearch/appstream/os", + "name": "Red Hat Enterprise Linux 8 for $basearch - AppStream from RHUI (RPMs)", + "sslcacert": "/etc/pki/rhui/cdn.redhat.com-chain.crt", + "sslclientcert": "/etc/pki/rhui/product/content-rhel8-ha.crt", + "sslclientkey": "/etc/pki/rhui/content-rhel8-ha.key", + "sslverify": "1" + }, + "rhel-8-appstream-rhui-source-rpms": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release", + "mirrorlist": "https://rhui3.REGION.aws.ce.redhat.com/pulp/mirror/content/dist/rhel8/rhui/$releasever/$basearch/appstream/source/SRPMS", + "name": "Red Hat Enterprise Linux 8 for $basearch - AppStream from RHUI (Source RPMs)", + "sslcacert": "/etc/pki/rhui/cdn.redhat.com-chain.crt", + "sslclientcert": "/etc/pki/rhui/product/content-rhel8-ha.crt", + "sslclientkey": "/etc/pki/rhui/content-rhel8-ha.key", + "sslverify": "1" + }, + "rhel-8-baseos-rhui-debug-rpms": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release", + "mirrorlist": "https://rhui3.REGION.aws.ce.redhat.com/pulp/mirror/content/dist/rhel8/rhui/$releasever/$basearch/baseos/debug", + "name": "Red Hat Enterprise Linux 8 for $basearch - BaseOS from RHUI (Debug RPMs)", + "sslcacert": "/etc/pki/rhui/cdn.redhat.com-chain.crt", + "sslclientcert": "/etc/pki/rhui/product/content-rhel8-ha.crt", + "sslclientkey": "/etc/pki/rhui/content-rhel8-ha.key", + "sslverify": "1" + }, + "rhel-8-baseos-rhui-rpms": { + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release", + "mirrorlist": "https://rhui3.REGION.aws.ce.redhat.com/pulp/mirror/content/dist/rhel8/rhui/$releasever/$basearch/baseos/os", + "name": "Red Hat Enterprise Linux 8 for $basearch - BaseOS from RHUI (RPMs)", + "sslcacert": "/etc/pki/rhui/cdn.redhat.com-chain.crt", + "sslclientcert": "/etc/pki/rhui/product/content-rhel8-ha.crt", + "sslclientkey": "/etc/pki/rhui/content-rhel8-ha.key", + "sslverify": "1" + }, + "rhel-8-baseos-rhui-source-rpms": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release", + "mirrorlist": "https://rhui3.REGION.aws.ce.redhat.com/pulp/mirror/content/dist/rhel8/rhui/$releasever/$basearch/baseos/source/SRPMS", + "name": "Red Hat Enterprise Linux 8 for $basearch - BaseOS from RHUI (Source RPMs)", + "sslcacert": "/etc/pki/rhui/cdn.redhat.com-chain.crt", + "sslclientcert": "/etc/pki/rhui/product/content-rhel8-ha.crt", + "sslclientkey": "/etc/pki/rhui/content-rhel8-ha.key", + "sslverify": "1" + }, + "rhel-8-supplementary-rhui-debug-rpms": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release", + "mirrorlist": "https://rhui3.REGION.aws.ce.redhat.com/pulp/mirror/content/dist/rhel8/rhui/$releasever/$basearch/supplementary/debug", + "name": "Red Hat Enterprise Linux 8 - Supplementary (Debug RPMs) from RHUI", + "sslcacert": "/etc/pki/rhui/cdn.redhat.com-chain.crt", + "sslclientcert": "/etc/pki/rhui/product/content-rhel8-ha.crt", + "sslclientkey": "/etc/pki/rhui/content-rhel8-ha.key", + "sslverify": "1" + }, + "rhel-8-supplementary-rhui-rpms": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release", + "mirrorlist": "https://rhui3.REGION.aws.ce.redhat.com/pulp/mirror/content/dist/rhel8/rhui/$releasever/$basearch/supplementary/os", + "name": "Red Hat Enterprise Linux 8 - Supplementary (RPMs) from RHUI", + "sslcacert": "/etc/pki/rhui/cdn.redhat.com-chain.crt", + "sslclientcert": "/etc/pki/rhui/product/content-rhel8-ha.crt", + "sslclientkey": "/etc/pki/rhui/content-rhel8-ha.key", + "sslverify": "1" + }, + "rhel-8-supplementary-rhui-source-rpms": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release", + "mirrorlist": "https://rhui3.REGION.aws.ce.redhat.com/pulp/mirror/content/dist/rhel8/rhui/$releasever/$basearch/supplementary/source/SRPMS", + "name": "Red Hat Enterprise Linux 8 - Supplementary (Source RPMs) from RHUI", + "sslcacert": "/etc/pki/rhui/cdn.redhat.com-chain.crt", + "sslclientcert": "/etc/pki/rhui/product/content-rhel8-ha.crt", + "sslclientkey": "/etc/pki/rhui/content-rhel8-ha.key", + "sslverify": "1" + }, + "rhui-rhel-8-for-x86_64-highavailability-debug-rhui-rpms": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release", + "mirrorlist": "https://rhui3.REGION.aws.ce.redhat.com/pulp/mirror/content/dist/rhel8/rhui/$releasever/x86_64/highavailability/debug", + "name": "Red Hat Enterprise Linux 8 for x86_64 - High Availability (Debug RPMs) from RHUI", + "sslcacert": "/etc/pki/rhui/cdn.redhat.com-chain.crt", + "sslclientcert": "/etc/pki/rhui/product/content-rhel8-ha.crt", + "sslclientkey": "/etc/pki/rhui/content-rhel8-ha.key", + "sslverify": "1" + }, + "rhui-rhel-8-for-x86_64-highavailability-rhui-rpms": { + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release", + "mirrorlist": "https://rhui3.REGION.aws.ce.redhat.com/pulp/mirror/content/dist/rhel8/rhui/$releasever/x86_64/highavailability/os", + "name": "Red Hat Enterprise Linux 8 for x86_64 - High Availability (RPMs) from RHUI", + "sslcacert": "/etc/pki/rhui/cdn.redhat.com-chain.crt", + "sslclientcert": "/etc/pki/rhui/product/content-rhel8-ha.crt", + "sslclientkey": "/etc/pki/rhui/content-rhel8-ha.key", + "sslverify": "1" + }, + "rhui-rhel-8-for-x86_64-highavailability-source-rhui-rpms": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release", + "mirrorlist": "https://rhui3.REGION.aws.ce.redhat.com/pulp/mirror/content/dist/rhel8/rhui/$releasever/x86_64/highavailability/source/SRPMS", + "name": "Red Hat Enterprise Linux 8 for x86_64 - High Availability (Source RPMs) from RHUI", + "sslcacert": "/etc/pki/rhui/cdn.redhat.com-chain.crt", + "sslclientcert": "/etc/pki/rhui/product/content-rhel8-ha.crt", + "sslclientkey": "/etc/pki/rhui/content-rhel8-ha.key", + "sslverify": "1" + } + } + } } } } diff --git a/test/data/manifests/rhel_86-x86_64-ec2_sap-boot.json b/test/data/manifests/rhel_86-x86_64-ec2_sap-boot.json index fd507d44e..c3f1f6ad7 100644 --- a/test/data/manifests/rhel_86-x86_64-ec2_sap-boot.json +++ b/test/data/manifests/rhel_86-x86_64-ec2_sap-boot.json @@ -12555,6 +12555,15 @@ }, "default-target": "multi-user.target", "dnf": { + "dnf.conf": { + "main": { + "best": "True", + "clean_requirements_on_remove": "True", + "gpgcheck": "1", + "installonly_limit": "3", + "skip_if_unavailable": "False" + } + }, "vars": { "releasever": "8.6" } @@ -13534,6 +13543,49 @@ "unbound-anchor.timer", "uuidd.socket" ], + "ssh_config": { + "/etc/ssh": { + "ssh_config": [ + "Include /etc/ssh/ssh_config.d/*.conf" + ] + }, + "/etc/ssh/ssh_config.d": { + "05-redhat.conf": [ + "Match final all", + "Include /etc/crypto-policies/back-ends/openssh.config", + "GSSAPIAuthentication yes", + "ForwardX11Trusted yes", + "SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "SendEnv XMODIFIERS" + ] + } + }, + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "HostKey /etc/ssh/ssh_host_rsa_key", + "HostKey /etc/ssh/ssh_host_ecdsa_key", + "HostKey /etc/ssh/ssh_host_ed25519_key", + "SyslogFacility AUTHPRIV", + "PermitRootLogin yes", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "PasswordAuthentication no", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no", + "AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "AcceptEnv XMODIFIERS", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server" + ] + } + }, "sudoers": { "/etc/sudoers": [ "Defaults !visiblepw", @@ -13782,6 +13834,190 @@ "tuned": { "active_profile": "sap-hana", "profile_mode": "manual" + }, + "yum_repos": { + "/etc/yum.repos.d": { + "redhat-rhui-client-config-sap-bundle.repo": { + "rhui-client-config-server-8-sap-bundle": { + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release", + "mirrorlist": "https://rhui3.REGION.aws.ce.redhat.com/pulp/mirror/protected/rhui-client-config/rhel/server/8/$basearch/sap-bundle", + "name": "Red Hat Update Infrastructure 3 Client Configuration for SAP Bundle", + "sslcacert": "/etc/pki/rhui/cdn.redhat.com-chain.crt", + "sslclientcert": "/etc/pki/rhui/product/rhui-client-config-server-8-sap-bundle.crt", + "sslclientkey": "/etc/pki/rhui/rhui-client-config-server-8-sap-bundle.key", + "sslverify": "1" + } + }, + "redhat-rhui-sap-bundle-e4s.repo": { + "rhel-8-for-x86_64-appstream-e4s-rhui-debug-rpms": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release", + "mirrorlist": "https://rhui3.REGION.aws.ce.redhat.com/pulp/mirror/content/e4s/rhel8/rhui/$releasever/$basearch/appstream/debug", + "name": "Red Hat Enterprise Linux 8 for x86_64 - AppStream - Update Services for SAP Solutions from RHUI (Debug RPMs)", + "sslcacert": "/etc/pki/rhui/cdn.redhat.com-chain.crt", + "sslclientcert": "/etc/pki/rhui/product/content-rhel8-sap-bundle-e4s.crt", + "sslclientkey": "/etc/pki/rhui/content-rhel8-sap-bundle-e4s.key", + "sslverify": "1" + }, + "rhel-8-for-x86_64-appstream-e4s-rhui-rpms": { + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release", + "mirrorlist": "https://rhui3.REGION.aws.ce.redhat.com/pulp/mirror/content/e4s/rhel8/rhui/$releasever/$basearch/appstream/os", + "name": "Red Hat Enterprise Linux 8 for x86_64 - AppStream - Update Services for SAP Solutions from RHUI (RPMs)", + "sslcacert": "/etc/pki/rhui/cdn.redhat.com-chain.crt", + "sslclientcert": "/etc/pki/rhui/product/content-rhel8-sap-bundle-e4s.crt", + "sslclientkey": "/etc/pki/rhui/content-rhel8-sap-bundle-e4s.key", + "sslverify": "1" + }, + "rhel-8-for-x86_64-appstream-e4s-rhui-source-rpms": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release", + "mirrorlist": "https://rhui3.REGION.aws.ce.redhat.com/pulp/mirror/content/e4s/rhel8/rhui/$releasever/$basearch/appstream/source/SRPMS", + "name": "Red Hat Enterprise Linux 8 for x86_64 - AppStream - Update Services for SAP Solutions from RHUI (Source RPMs)", + "sslcacert": "/etc/pki/rhui/cdn.redhat.com-chain.crt", + "sslclientcert": "/etc/pki/rhui/product/content-rhel8-sap-bundle-e4s.crt", + "sslclientkey": "/etc/pki/rhui/content-rhel8-sap-bundle-e4s.key", + "sslverify": "1" + }, + "rhel-8-for-x86_64-baseos-e4s-rhui-debug-rpms": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release", + "mirrorlist": "https://rhui3.REGION.aws.ce.redhat.com/pulp/mirror/content/e4s/rhel8/rhui/$releasever/$basearch/baseos/debug", + "name": "Red Hat Enterprise Linux 8 for x86_64 - BaseOS - Update Services for SAP Solutions from RHUI (Debug RPMs)", + "sslcacert": "/etc/pki/rhui/cdn.redhat.com-chain.crt", + "sslclientcert": "/etc/pki/rhui/product/content-rhel8-sap-bundle-e4s.crt", + "sslclientkey": "/etc/pki/rhui/content-rhel8-sap-bundle-e4s.key", + "sslverify": "1" + }, + "rhel-8-for-x86_64-baseos-e4s-rhui-rpms": { + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release", + "mirrorlist": "https://rhui3.REGION.aws.ce.redhat.com/pulp/mirror/content/e4s/rhel8/rhui/$releasever/$basearch/baseos/os", + "name": "Red Hat Enterprise Linux 8 for x86_64 - BaseOS - Update Services for SAP Solutions from RHUI (RPMs)", + "sslcacert": "/etc/pki/rhui/cdn.redhat.com-chain.crt", + "sslclientcert": "/etc/pki/rhui/product/content-rhel8-sap-bundle-e4s.crt", + "sslclientkey": "/etc/pki/rhui/content-rhel8-sap-bundle-e4s.key", + "sslverify": "1" + }, + "rhel-8-for-x86_64-baseos-e4s-rhui-source-rpms": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release", + "mirrorlist": "https://rhui3.REGION.aws.ce.redhat.com/pulp/mirror/content/e4s/rhel8/rhui/$releasever/$basearch/baseos/source/SRPMS", + "name": "Red Hat Enterprise Linux 8 for x86_64 - BaseOS - Update Services for SAP Solutions from RHUI (Source RPMs)", + "sslcacert": "/etc/pki/rhui/cdn.redhat.com-chain.crt", + "sslclientcert": "/etc/pki/rhui/product/content-rhel8-sap-bundle-e4s.crt", + "sslclientkey": "/etc/pki/rhui/content-rhel8-sap-bundle-e4s.key", + "sslverify": "1" + }, + "rhel-8-for-x86_64-highavailability-e4s-rhui-debug-rpms": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release", + "mirrorlist": "https://rhui3.REGION.aws.ce.redhat.com/pulp/mirror/content/e4s/rhel8/rhui/$releasever/$basearch/highavailability/debug", + "name": "Red Hat Enterprise Linux 8 for x86_64 - High Availability - Update Services for SAP Solutions from RHUI (Debug RPMs)", + "sslcacert": "/etc/pki/rhui/cdn.redhat.com-chain.crt", + "sslclientcert": "/etc/pki/rhui/product/content-rhel8-sap-bundle-e4s.crt", + "sslclientkey": "/etc/pki/rhui/content-rhel8-sap-bundle-e4s.key", + "sslverify": "1" + }, + "rhel-8-for-x86_64-highavailability-e4s-rhui-rpms": { + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release", + "mirrorlist": "https://rhui3.REGION.aws.ce.redhat.com/pulp/mirror/content/e4s/rhel8/rhui/$releasever/$basearch/highavailability/os", + "name": "Red Hat Enterprise Linux 8 for x86_64 - High Availability - Update Services for SAP Solutions from RHUI (RPMs)", + "sslcacert": "/etc/pki/rhui/cdn.redhat.com-chain.crt", + "sslclientcert": "/etc/pki/rhui/product/content-rhel8-sap-bundle-e4s.crt", + "sslclientkey": "/etc/pki/rhui/content-rhel8-sap-bundle-e4s.key", + "sslverify": "1" + }, + "rhel-8-for-x86_64-highavailability-e4s-rhui-source-rpms": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release", + "mirrorlist": "https://rhui3.REGION.aws.ce.redhat.com/pulp/mirror/content/e4s/rhel8/rhui/$releasever/$basearch/highavailability/source/SRPMS", + "name": "Red Hat Enterprise Linux 8 for x86_64 - High Availability - Update Services for SAP Solutions from RHUI (Source RPMs)", + "sslcacert": "/etc/pki/rhui/cdn.redhat.com-chain.crt", + "sslclientcert": "/etc/pki/rhui/product/content-rhel8-sap-bundle-e4s.crt", + "sslclientkey": "/etc/pki/rhui/content-rhel8-sap-bundle-e4s.key", + "sslverify": "1" + }, + "rhel-8-for-x86_64-sap-netweaver-e4s-rhui-debug-rpms": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release", + "mirrorlist": "https://rhui3.REGION.aws.ce.redhat.com/pulp/mirror/content/e4s/rhel8/rhui/$releasever/$basearch/sap/debug", + "name": "Red Hat Enterprise Linux 8 for x86_64 - SAP NetWeaver - Update Services for SAP Solutions from RHUI (Debug RPMs)", + "sslcacert": "/etc/pki/rhui/cdn.redhat.com-chain.crt", + "sslclientcert": "/etc/pki/rhui/product/content-rhel8-sap-bundle-e4s.crt", + "sslclientkey": "/etc/pki/rhui/content-rhel8-sap-bundle-e4s.key", + "sslverify": "1" + }, + "rhel-8-for-x86_64-sap-netweaver-e4s-rhui-rpms": { + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release", + "mirrorlist": "https://rhui3.REGION.aws.ce.redhat.com/pulp/mirror/content/e4s/rhel8/rhui/$releasever/$basearch/sap/os", + "name": "Red Hat Enterprise Linux 8 for x86_64 - SAP NetWeaver - Update Services for SAP Solutions from RHUI (RPMs)", + "sslcacert": "/etc/pki/rhui/cdn.redhat.com-chain.crt", + "sslclientcert": "/etc/pki/rhui/product/content-rhel8-sap-bundle-e4s.crt", + "sslclientkey": "/etc/pki/rhui/content-rhel8-sap-bundle-e4s.key", + "sslverify": "1" + }, + "rhel-8-for-x86_64-sap-netweaver-e4s-rhui-source-rpms": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release", + "mirrorlist": "https://rhui3.REGION.aws.ce.redhat.com/pulp/mirror/content/e4s/rhel8/rhui/$releasever/$basearch/sap/source/SRPMS", + "name": "Red Hat Enterprise Linux 8 for x86_64 - SAP NetWeaver - Update Services for SAP Solutions from RHUI (Source RPMs)", + "sslcacert": "/etc/pki/rhui/cdn.redhat.com-chain.crt", + "sslclientcert": "/etc/pki/rhui/product/content-rhel8-sap-bundle-e4s.crt", + "sslclientkey": "/etc/pki/rhui/content-rhel8-sap-bundle-e4s.key", + "sslverify": "1" + }, + "rhel-8-for-x86_64-sap-solutions-e4s-rhui-debug-rpms": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release", + "mirrorlist": "https://rhui3.REGION.aws.ce.redhat.com/pulp/mirror/content/e4s/rhel8/rhui/$releasever/$basearch/sap-solutions/debug", + "name": "Red Hat Enterprise Linux 8 for x86_64 - SAP Solutions - Update Services for SAP Solutions from RHUI (Debug RPMs)", + "sslcacert": "/etc/pki/rhui/cdn.redhat.com-chain.crt", + "sslclientcert": "/etc/pki/rhui/product/content-rhel8-sap-bundle-e4s.crt", + "sslclientkey": "/etc/pki/rhui/content-rhel8-sap-bundle-e4s.key", + "sslverify": "1" + }, + "rhel-8-for-x86_64-sap-solutions-e4s-rhui-rpms": { + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release", + "mirrorlist": "https://rhui3.REGION.aws.ce.redhat.com/pulp/mirror/content/e4s/rhel8/rhui/$releasever/$basearch/sap-solutions/os", + "name": "Red Hat Enterprise Linux 8 for x86_64 - SAP Solutions - Update Services for SAP Solutions from RHUI (RPMs)", + "sslcacert": "/etc/pki/rhui/cdn.redhat.com-chain.crt", + "sslclientcert": "/etc/pki/rhui/product/content-rhel8-sap-bundle-e4s.crt", + "sslclientkey": "/etc/pki/rhui/content-rhel8-sap-bundle-e4s.key", + "sslverify": "1" + }, + "rhel-8-for-x86_64-sap-solutions-e4s-rhui-source-rpms": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release", + "mirrorlist": "https://rhui3.REGION.aws.ce.redhat.com/pulp/mirror/content/e4s/rhel8/rhui/$releasever/$basearch/sap-solutions/source/SRPMS", + "name": "Red Hat Enterprise Linux 8 for x86_64 - SAP Solutions - Update Services for SAP Solutions from RHUI (Source RPMs)", + "sslcacert": "/etc/pki/rhui/cdn.redhat.com-chain.crt", + "sslclientcert": "/etc/pki/rhui/product/content-rhel8-sap-bundle-e4s.crt", + "sslclientkey": "/etc/pki/rhui/content-rhel8-sap-bundle-e4s.key", + "sslverify": "1" + } + } + } } } } diff --git a/test/data/manifests/rhel_86-x86_64-edge_commit-boot.json b/test/data/manifests/rhel_86-x86_64-edge_commit-boot.json index ae430d7da..67a8731ad 100644 --- a/test/data/manifests/rhel_86-x86_64-edge_commit-boot.json +++ b/test/data/manifests/rhel_86-x86_64-edge_commit-boot.json @@ -10106,6 +10106,49 @@ "timedatex.service", "udisks2.service" ], + "ssh_config": { + "/etc/ssh": { + "ssh_config": [ + "Include /etc/ssh/ssh_config.d/*.conf" + ] + }, + "/etc/ssh/ssh_config.d": { + "05-redhat.conf": [ + "Match final all", + "Include /etc/crypto-policies/back-ends/openssh.config", + "GSSAPIAuthentication yes", + "ForwardX11Trusted yes", + "SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "SendEnv XMODIFIERS" + ] + } + }, + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "HostKey /etc/ssh/ssh_host_rsa_key", + "HostKey /etc/ssh/ssh_host_ecdsa_key", + "HostKey /etc/ssh/ssh_host_ed25519_key", + "SyslogFacility AUTHPRIV", + "PermitRootLogin yes", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "PasswordAuthentication yes", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no", + "AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "AcceptEnv XMODIFIERS", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server" + ] + } + }, "sudoers": { "/etc/sudoers": [ "Defaults !visiblepw", diff --git a/test/data/manifests/rhel_86-x86_64-edge_commit_rt-boot.json b/test/data/manifests/rhel_86-x86_64-edge_commit_rt-boot.json index 49f386db7..e2e858df0 100644 --- a/test/data/manifests/rhel_86-x86_64-edge_commit_rt-boot.json +++ b/test/data/manifests/rhel_86-x86_64-edge_commit_rt-boot.json @@ -10847,6 +10847,49 @@ "tuned.service", "udisks2.service" ], + "ssh_config": { + "/etc/ssh": { + "ssh_config": [ + "Include /etc/ssh/ssh_config.d/*.conf" + ] + }, + "/etc/ssh/ssh_config.d": { + "05-redhat.conf": [ + "Match final all", + "Include /etc/crypto-policies/back-ends/openssh.config", + "GSSAPIAuthentication yes", + "ForwardX11Trusted yes", + "SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "SendEnv XMODIFIERS" + ] + } + }, + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "HostKey /etc/ssh/ssh_host_rsa_key", + "HostKey /etc/ssh/ssh_host_ecdsa_key", + "HostKey /etc/ssh/ssh_host_ed25519_key", + "SyslogFacility AUTHPRIV", + "PermitRootLogin yes", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "PasswordAuthentication yes", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no", + "AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "AcceptEnv XMODIFIERS", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server" + ] + } + }, "sudoers": { "/etc/sudoers": [ "Defaults !visiblepw", diff --git a/test/data/manifests/rhel_86-x86_64-openstack-boot.json b/test/data/manifests/rhel_86-x86_64-openstack-boot.json index 1d355cca8..fb0bb159c 100644 --- a/test/data/manifests/rhel_86-x86_64-openstack-boot.json +++ b/test/data/manifests/rhel_86-x86_64-openstack-boot.json @@ -10641,6 +10641,17 @@ } }, "default-target": "graphical.target", + "dnf": { + "dnf.conf": { + "main": { + "best": "True", + "clean_requirements_on_remove": "True", + "gpgcheck": "1", + "installonly_limit": "3", + "skip_if_unavailable": "False" + } + } + }, "dracut": { "/usr/lib/dracut/dracut.conf.d": { "01-dist.conf": { @@ -11459,6 +11470,49 @@ "udisks2.service", "unbound-anchor.timer" ], + "ssh_config": { + "/etc/ssh": { + "ssh_config": [ + "Include /etc/ssh/ssh_config.d/*.conf" + ] + }, + "/etc/ssh/ssh_config.d": { + "05-redhat.conf": [ + "Match final all", + "Include /etc/crypto-policies/back-ends/openssh.config", + "GSSAPIAuthentication yes", + "ForwardX11Trusted yes", + "SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "SendEnv XMODIFIERS" + ] + } + }, + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "HostKey /etc/ssh/ssh_host_rsa_key", + "HostKey /etc/ssh/ssh_host_ecdsa_key", + "HostKey /etc/ssh/ssh_host_ed25519_key", + "SyslogFacility AUTHPRIV", + "PermitRootLogin yes", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "PasswordAuthentication yes", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no", + "AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "AcceptEnv XMODIFIERS", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server" + ] + } + }, "sudoers": { "/etc/sudoers": [ "Defaults !visiblepw", diff --git a/test/data/manifests/rhel_86-x86_64-qcow2-boot.json b/test/data/manifests/rhel_86-x86_64-qcow2-boot.json index aaaf470fd..531fea10d 100644 --- a/test/data/manifests/rhel_86-x86_64-qcow2-boot.json +++ b/test/data/manifests/rhel_86-x86_64-qcow2-boot.json @@ -10513,6 +10513,17 @@ } }, "default-target": "multi-user.target", + "dnf": { + "dnf.conf": { + "main": { + "best": "True", + "clean_requirements_on_remove": "True", + "gpgcheck": "1", + "installonly_limit": "3", + "skip_if_unavailable": "False" + } + } + }, "dracut": { "/usr/lib/dracut/dracut.conf.d": { "01-dist.conf": { @@ -11332,6 +11343,49 @@ "tuned.service", "unbound-anchor.timer" ], + "ssh_config": { + "/etc/ssh": { + "ssh_config": [ + "Include /etc/ssh/ssh_config.d/*.conf" + ] + }, + "/etc/ssh/ssh_config.d": { + "05-redhat.conf": [ + "Match final all", + "Include /etc/crypto-policies/back-ends/openssh.config", + "GSSAPIAuthentication yes", + "ForwardX11Trusted yes", + "SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "SendEnv XMODIFIERS" + ] + } + }, + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "HostKey /etc/ssh/ssh_host_rsa_key", + "HostKey /etc/ssh/ssh_host_ecdsa_key", + "HostKey /etc/ssh/ssh_host_ed25519_key", + "SyslogFacility AUTHPRIV", + "PermitRootLogin yes", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "PasswordAuthentication yes", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no", + "AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "AcceptEnv XMODIFIERS", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server" + ] + } + }, "sudoers": { "/etc/sudoers": [ "Defaults !visiblepw", diff --git a/test/data/manifests/rhel_86-x86_64-qcow2_customize-boot.json b/test/data/manifests/rhel_86-x86_64-qcow2_customize-boot.json index d3326f308..7851cf123 100644 --- a/test/data/manifests/rhel_86-x86_64-qcow2_customize-boot.json +++ b/test/data/manifests/rhel_86-x86_64-qcow2_customize-boot.json @@ -12871,6 +12871,17 @@ } }, "default-target": "multi-user.target", + "dnf": { + "dnf.conf": { + "main": { + "best": "True", + "clean_requirements_on_remove": "True", + "gpgcheck": "1", + "installonly_limit": "3", + "skip_if_unavailable": "False" + } + } + }, "dracut": { "/usr/lib/dracut/dracut.conf.d": { "01-dist.conf": { @@ -13748,6 +13759,49 @@ "tuned.service", "unbound-anchor.timer" ], + "ssh_config": { + "/etc/ssh": { + "ssh_config": [ + "Include /etc/ssh/ssh_config.d/*.conf" + ] + }, + "/etc/ssh/ssh_config.d": { + "05-redhat.conf": [ + "Match final all", + "Include /etc/crypto-policies/back-ends/openssh.config", + "GSSAPIAuthentication yes", + "ForwardX11Trusted yes", + "SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "SendEnv XMODIFIERS" + ] + } + }, + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "HostKey /etc/ssh/ssh_host_rsa_key", + "HostKey /etc/ssh/ssh_host_ecdsa_key", + "HostKey /etc/ssh/ssh_host_ed25519_key", + "SyslogFacility AUTHPRIV", + "PermitRootLogin yes", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "PasswordAuthentication yes", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no", + "AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "AcceptEnv XMODIFIERS", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server" + ] + } + }, "sudoers": { "/etc/sudoers": [ "Defaults !visiblepw", diff --git a/test/data/manifests/rhel_86-x86_64-tar-boot.json b/test/data/manifests/rhel_86-x86_64-tar-boot.json index 7309e0bc9..5e00ddf10 100644 --- a/test/data/manifests/rhel_86-x86_64-tar-boot.json +++ b/test/data/manifests/rhel_86-x86_64-tar-boot.json @@ -7030,6 +7030,30 @@ "selinux-autorelabel-mark.service", "sshd.service" ], + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "HostKey /etc/ssh/ssh_host_rsa_key", + "HostKey /etc/ssh/ssh_host_ecdsa_key", + "HostKey /etc/ssh/ssh_host_ed25519_key", + "SyslogFacility AUTHPRIV", + "PermitRootLogin yes", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "PasswordAuthentication yes", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no", + "AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "AcceptEnv XMODIFIERS", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server" + ] + } + }, "sysconfig": { "kernel": { "DEFAULTKERNEL": "kernel", diff --git a/test/data/manifests/rhel_86-x86_64-vhd-boot.json b/test/data/manifests/rhel_86-x86_64-vhd-boot.json index 402ec6d47..abc82d875 100644 --- a/test/data/manifests/rhel_86-x86_64-vhd-boot.json +++ b/test/data/manifests/rhel_86-x86_64-vhd-boot.json @@ -10594,6 +10594,17 @@ } }, "default-target": "multi-user.target", + "dnf": { + "dnf.conf": { + "main": { + "best": "True", + "clean_requirements_on_remove": "True", + "gpgcheck": "1", + "installonly_limit": "3", + "skip_if_unavailable": "False" + } + } + }, "dracut": { "/usr/lib/dracut/dracut.conf.d": { "01-dist.conf": { @@ -11415,6 +11426,49 @@ "unbound-anchor.timer", "waagent.service" ], + "ssh_config": { + "/etc/ssh": { + "ssh_config": [ + "Include /etc/ssh/ssh_config.d/*.conf" + ] + }, + "/etc/ssh/ssh_config.d": { + "05-redhat.conf": [ + "Match final all", + "Include /etc/crypto-policies/back-ends/openssh.config", + "GSSAPIAuthentication yes", + "ForwardX11Trusted yes", + "SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "SendEnv XMODIFIERS" + ] + } + }, + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "HostKey /etc/ssh/ssh_host_rsa_key", + "HostKey /etc/ssh/ssh_host_ecdsa_key", + "HostKey /etc/ssh/ssh_host_ed25519_key", + "SyslogFacility AUTHPRIV", + "PermitRootLogin yes", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "PasswordAuthentication yes", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no", + "AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "AcceptEnv XMODIFIERS", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server" + ] + } + }, "sudoers": { "/etc/sudoers": [ "Defaults !visiblepw", diff --git a/test/data/manifests/rhel_86-x86_64-vmdk-boot.json b/test/data/manifests/rhel_86-x86_64-vmdk-boot.json index 928ff8b38..bf6400b77 100644 --- a/test/data/manifests/rhel_86-x86_64-vmdk-boot.json +++ b/test/data/manifests/rhel_86-x86_64-vmdk-boot.json @@ -10134,6 +10134,17 @@ ] }, "default-target": "graphical.target", + "dnf": { + "dnf.conf": { + "main": { + "best": "True", + "clean_requirements_on_remove": "True", + "gpgcheck": "1", + "installonly_limit": "3", + "skip_if_unavailable": "False" + } + } + }, "dracut": { "/usr/lib/dracut/dracut.conf.d": { "01-dist.conf": { @@ -10924,6 +10935,49 @@ "vgauthd.service", "vmtoolsd.service" ], + "ssh_config": { + "/etc/ssh": { + "ssh_config": [ + "Include /etc/ssh/ssh_config.d/*.conf" + ] + }, + "/etc/ssh/ssh_config.d": { + "05-redhat.conf": [ + "Match final all", + "Include /etc/crypto-policies/back-ends/openssh.config", + "GSSAPIAuthentication yes", + "ForwardX11Trusted yes", + "SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "SendEnv XMODIFIERS" + ] + } + }, + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "HostKey /etc/ssh/ssh_host_rsa_key", + "HostKey /etc/ssh/ssh_host_ecdsa_key", + "HostKey /etc/ssh/ssh_host_ed25519_key", + "SyslogFacility AUTHPRIV", + "PermitRootLogin yes", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "PasswordAuthentication yes", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no", + "AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "AcceptEnv XMODIFIERS", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server" + ] + } + }, "sudoers": { "/etc/sudoers": [ "Defaults !visiblepw", diff --git a/test/data/manifests/rhel_90-aarch64-ami-boot.json b/test/data/manifests/rhel_90-aarch64-ami-boot.json index 0d74f0400..9ff621ac0 100644 --- a/test/data/manifests/rhel_90-aarch64-ami-boot.json +++ b/test/data/manifests/rhel_90-aarch64-ami-boot.json @@ -9113,6 +9113,17 @@ } }, "default-target": "multi-user.target", + "dnf": { + "dnf.conf": { + "main": { + "best": "True", + "clean_requirements_on_remove": "True", + "gpgcheck": "1", + "installonly_limit": "3", + "skip_if_unavailable": "False" + } + } + }, "dracut": { "/usr/lib/dracut/dracut.conf.d": { "01-dist.conf": { @@ -9922,6 +9933,43 @@ "tuned.service", "udisks2.service" ], + "ssh_config": { + "/etc/ssh": { + "ssh_config": [ + "Include /etc/ssh/ssh_config.d/*.conf" + ] + }, + "/etc/ssh/ssh_config.d": { + "50-redhat.conf": [ + "Match final all", + "Include /etc/crypto-policies/back-ends/openssh.config", + "GSSAPIAuthentication yes", + "ForwardX11Trusted yes" + ] + } + }, + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "Include /etc/ssh/sshd_config.d/*.conf", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server", + "PasswordAuthentication no" + ] + }, + "/etc/ssh/sshd_config.d": { + "50-redhat.conf": [ + "Include /etc/crypto-policies/back-ends/opensshserver.config", + "SyslogFacility AUTHPRIV", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no" + ] + } + }, "sudoers": { "/etc/sudoers": [ "Defaults !visiblepw", diff --git a/test/data/manifests/rhel_90-aarch64-ec2-boot.json b/test/data/manifests/rhel_90-aarch64-ec2-boot.json index 7dd7870e5..35ba69246 100644 --- a/test/data/manifests/rhel_90-aarch64-ec2-boot.json +++ b/test/data/manifests/rhel_90-aarch64-ec2-boot.json @@ -9175,6 +9175,17 @@ } }, "default-target": "multi-user.target", + "dnf": { + "dnf.conf": { + "main": { + "best": "True", + "clean_requirements_on_remove": "True", + "gpgcheck": "1", + "installonly_limit": "3", + "skip_if_unavailable": "False" + } + } + }, "dracut": { "/usr/lib/dracut/dracut.conf.d": { "01-dist.conf": { @@ -9990,6 +10001,43 @@ "tuned.service", "udisks2.service" ], + "ssh_config": { + "/etc/ssh": { + "ssh_config": [ + "Include /etc/ssh/ssh_config.d/*.conf" + ] + }, + "/etc/ssh/ssh_config.d": { + "50-redhat.conf": [ + "Match final all", + "Include /etc/crypto-policies/back-ends/openssh.config", + "GSSAPIAuthentication yes", + "ForwardX11Trusted yes" + ] + } + }, + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "Include /etc/ssh/sshd_config.d/*.conf", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server", + "PasswordAuthentication no" + ] + }, + "/etc/ssh/sshd_config.d": { + "50-redhat.conf": [ + "Include /etc/crypto-policies/back-ends/opensshserver.config", + "SyslogFacility AUTHPRIV", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no" + ] + } + }, "sudoers": { "/etc/sudoers": [ "Defaults !visiblepw", @@ -10271,6 +10319,124 @@ "r! /tmp/.X[0-9]*-lock" ] } + }, + "yum_repos": { + "/etc/yum.repos.d": { + "redhat-rhui-beta.repo": { + "rhui-rhel-9-appstream-beta-rhui-debug-rpms": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta", + "mirrorlist": "https://rhui.REGION.aws.ce.redhat.com/pulp/mirror/content/beta/rhel9/rhui/9/$basearch/appstream/debug", + "name": "Red Hat Enterprise Linux 9 - AppStream Beta from RHUI (Debug RPMs)", + "sslcacert": "/etc/pki/rhui/cdn.redhat.com-chain.crt", + "sslclientcert": "/etc/pki/rhui/product/content-rhel9.crt", + "sslclientkey": "/etc/pki/rhui/content-rhel9.key", + "sslverify": "1" + }, + "rhui-rhel-9-appstream-beta-rhui-rpms": { + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta", + "mirrorlist": "https://rhui.REGION.aws.ce.redhat.com/pulp/mirror/content/beta/rhel9/rhui/9/$basearch/appstream/os", + "name": "Red Hat Enterprise Linux 9 - AppStream Beta from RHUI (RPMs)", + "sslcacert": "/etc/pki/rhui/cdn.redhat.com-chain.crt", + "sslclientcert": "/etc/pki/rhui/product/content-rhel9.crt", + "sslclientkey": "/etc/pki/rhui/content-rhel9.key", + "sslverify": "1" + }, + "rhui-rhel-9-appstream-beta-rhui-source-rpms": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta", + "mirrorlist": "https://rhui.REGION.aws.ce.redhat.com/pulp/mirror/content/beta/rhel9/rhui/9/$basearch/appstream/source/SRPMS", + "name": "Red Hat Enterprise Linux 9 - AppStream Beta from RHUI (Source RPMs)", + "sslcacert": "/etc/pki/rhui/cdn.redhat.com-chain.crt", + "sslclientcert": "/etc/pki/rhui/product/content-rhel9.crt", + "sslclientkey": "/etc/pki/rhui/content-rhel9.key", + "sslverify": "1" + }, + "rhui-rhel-9-baseos-beta-rhui-debug-rpms": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta", + "mirrorlist": "https://rhui.REGION.aws.ce.redhat.com/pulp/mirror/content/beta/rhel9/rhui/9/$basearch/baseos/debug", + "name": "Red Hat Enterprise Linux 9 - BaseOS Beta from RHUI (Debug RPMs)", + "sslcacert": "/etc/pki/rhui/cdn.redhat.com-chain.crt", + "sslclientcert": "/etc/pki/rhui/product/content-rhel9.crt", + "sslclientkey": "/etc/pki/rhui/content-rhel9.key", + "sslverify": "1" + }, + "rhui-rhel-9-baseos-beta-rhui-rpms": { + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta", + "mirrorlist": "https://rhui.REGION.aws.ce.redhat.com/pulp/mirror/content/beta/rhel9/rhui/9/$basearch/baseos/os", + "name": "Red Hat Enterprise Linux 9 - BaseOS Beta from RHUI (RPMs)", + "sslcacert": "/etc/pki/rhui/cdn.redhat.com-chain.crt", + "sslclientcert": "/etc/pki/rhui/product/content-rhel9.crt", + "sslclientkey": "/etc/pki/rhui/content-rhel9.key", + "sslverify": "1" + }, + "rhui-rhel-9-baseos-beta-rhui-source-rpms": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta", + "mirrorlist": "https://rhui.REGION.aws.ce.redhat.com/pulp/mirror/content/beta/rhel9/rhui/9/$basearch/baseos/source/SRPMS", + "name": "Red Hat Enterprise Linux 9 - BaseOS Beta from RHUI (Source RPMs)", + "sslcacert": "/etc/pki/rhui/cdn.redhat.com-chain.crt", + "sslclientcert": "/etc/pki/rhui/product/content-rhel9.crt", + "sslclientkey": "/etc/pki/rhui/content-rhel9.key", + "sslverify": "1" + }, + "rhui-rhel-9-supplementary-beta-debug-rhui-rpms": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta", + "mirrorlist": "https://rhui.REGION.aws.ce.redhat.com/pulp/mirror/content/beta/rhel9/rhui/9/$basearch/supplementary/debug", + "name": "Red Hat Enterprise Linux 9 - Supplementary Beta (Debug RPMs) from RHUI", + "sslcacert": "/etc/pki/rhui/cdn.redhat.com-chain.crt", + "sslclientcert": "/etc/pki/rhui/product/content-rhel9.crt", + "sslclientkey": "/etc/pki/rhui/content-rhel9.key", + "sslverify": "1" + }, + "rhui-rhel-9-supplementary-beta-rhui-rpms": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta", + "mirrorlist": "https://rhui.REGION.aws.ce.redhat.com/pulp/mirror/content/beta/rhel9/rhui/9/$basearch/supplementary/os", + "name": "Red Hat Enterprise Linux 9 - Supplementary Beta (RPMs) from RHUI", + "sslcacert": "/etc/pki/rhui/cdn.redhat.com-chain.crt", + "sslclientcert": "/etc/pki/rhui/product/content-rhel9.crt", + "sslclientkey": "/etc/pki/rhui/content-rhel9.key", + "sslverify": "1" + }, + "rhui-rhel-9-supplementary-beta-source-rhui-rpms": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta", + "mirrorlist": "https://rhui.REGION.aws.ce.redhat.com/pulp/mirror/content/beta/rhel9/rhui/9/$basearch/supplementary/source/SRPMS", + "name": "Red Hat Enterprise Linux 9 - Supplementary Beta (Source RPMs) from RHUI", + "sslcacert": "/etc/pki/rhui/cdn.redhat.com-chain.crt", + "sslclientcert": "/etc/pki/rhui/product/content-rhel9.crt", + "sslclientkey": "/etc/pki/rhui/content-rhel9.key", + "sslverify": "1" + } + }, + "redhat-rhui-client-config.repo": { + "rhui-client-config-server-9": { + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release", + "mirrorlist": "https://rhui.REGION.aws.ce.redhat.com/pulp/mirror/protected/rhui-client-config/rhel/server/9/$basearch/os", + "name": "Red Hat Enterprise Linux 9 Client Configuration", + "sslcacert": "/etc/pki/rhui/cdn.redhat.com-chain.crt", + "sslclientcert": "/etc/pki/rhui/product/rhui-client-config-server-9.crt", + "sslclientkey": "/etc/pki/rhui/rhui-client-config-server-9.key", + "sslverify": "1" + } + } + } } } } diff --git a/test/data/manifests/rhel_90-aarch64-edge_commit-boot.json b/test/data/manifests/rhel_90-aarch64-edge_commit-boot.json index 4f726d6cb..ecaf86957 100644 --- a/test/data/manifests/rhel_90-aarch64-edge_commit-boot.json +++ b/test/data/manifests/rhel_90-aarch64-edge_commit-boot.json @@ -8791,6 +8791,42 @@ "sshd.service", "udisks2.service" ], + "ssh_config": { + "/etc/ssh": { + "ssh_config": [ + "Include /etc/ssh/ssh_config.d/*.conf" + ] + }, + "/etc/ssh/ssh_config.d": { + "50-redhat.conf": [ + "Match final all", + "Include /etc/crypto-policies/back-ends/openssh.config", + "GSSAPIAuthentication yes", + "ForwardX11Trusted yes" + ] + } + }, + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "Include /etc/ssh/sshd_config.d/*.conf", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server" + ] + }, + "/etc/ssh/sshd_config.d": { + "50-redhat.conf": [ + "Include /etc/crypto-policies/back-ends/opensshserver.config", + "SyslogFacility AUTHPRIV", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no" + ] + } + }, "sudoers": { "/etc/sudoers": [ "Defaults !visiblepw", diff --git a/test/data/manifests/rhel_90-aarch64-openstack-boot.json b/test/data/manifests/rhel_90-aarch64-openstack-boot.json index 85d86e17f..19efac3de 100644 --- a/test/data/manifests/rhel_90-aarch64-openstack-boot.json +++ b/test/data/manifests/rhel_90-aarch64-openstack-boot.json @@ -9098,6 +9098,17 @@ } }, "default-target": "graphical.target", + "dnf": { + "dnf.conf": { + "main": { + "best": "True", + "clean_requirements_on_remove": "True", + "gpgcheck": "1", + "installonly_limit": "3", + "skip_if_unavailable": "False" + } + } + }, "dracut": { "/usr/lib/dracut/dracut.conf.d": { "01-dist.conf": { @@ -9888,6 +9899,42 @@ "tuned.service", "udisks2.service" ], + "ssh_config": { + "/etc/ssh": { + "ssh_config": [ + "Include /etc/ssh/ssh_config.d/*.conf" + ] + }, + "/etc/ssh/ssh_config.d": { + "50-redhat.conf": [ + "Match final all", + "Include /etc/crypto-policies/back-ends/openssh.config", + "GSSAPIAuthentication yes", + "ForwardX11Trusted yes" + ] + } + }, + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "Include /etc/ssh/sshd_config.d/*.conf", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server" + ] + }, + "/etc/ssh/sshd_config.d": { + "50-redhat.conf": [ + "Include /etc/crypto-policies/back-ends/opensshserver.config", + "SyslogFacility AUTHPRIV", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no" + ] + } + }, "sudoers": { "/etc/sudoers": [ "Defaults !visiblepw", diff --git a/test/data/manifests/rhel_90-aarch64-qcow2-boot.json b/test/data/manifests/rhel_90-aarch64-qcow2-boot.json index 8e3c4078d..6bf482836 100644 --- a/test/data/manifests/rhel_90-aarch64-qcow2-boot.json +++ b/test/data/manifests/rhel_90-aarch64-qcow2-boot.json @@ -9246,6 +9246,17 @@ } }, "default-target": "multi-user.target", + "dnf": { + "dnf.conf": { + "main": { + "best": "True", + "clean_requirements_on_remove": "True", + "gpgcheck": "1", + "installonly_limit": "3", + "skip_if_unavailable": "False" + } + } + }, "dracut": { "/usr/lib/dracut/dracut.conf.d": { "01-dist.conf": { @@ -10057,6 +10068,42 @@ "sssd.service", "tuned.service" ], + "ssh_config": { + "/etc/ssh": { + "ssh_config": [ + "Include /etc/ssh/ssh_config.d/*.conf" + ] + }, + "/etc/ssh/ssh_config.d": { + "50-redhat.conf": [ + "Match final all", + "Include /etc/crypto-policies/back-ends/openssh.config", + "GSSAPIAuthentication yes", + "ForwardX11Trusted yes" + ] + } + }, + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "Include /etc/ssh/sshd_config.d/*.conf", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server" + ] + }, + "/etc/ssh/sshd_config.d": { + "50-redhat.conf": [ + "Include /etc/crypto-policies/back-ends/opensshserver.config", + "SyslogFacility AUTHPRIV", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no" + ] + } + }, "sudoers": { "/etc/sudoers": [ "Defaults !visiblepw", diff --git a/test/data/manifests/rhel_90-aarch64-qcow2_customize-boot.json b/test/data/manifests/rhel_90-aarch64-qcow2_customize-boot.json index 9c3ef51f4..675d69c8c 100644 --- a/test/data/manifests/rhel_90-aarch64-qcow2_customize-boot.json +++ b/test/data/manifests/rhel_90-aarch64-qcow2_customize-boot.json @@ -11620,6 +11620,17 @@ } }, "default-target": "multi-user.target", + "dnf": { + "dnf.conf": { + "main": { + "best": "True", + "clean_requirements_on_remove": "True", + "gpgcheck": "1", + "installonly_limit": "3", + "skip_if_unavailable": "False" + } + } + }, "dracut": { "/usr/lib/dracut/dracut.conf.d": { "01-dist.conf": { @@ -12463,6 +12474,42 @@ "sssd.service", "tuned.service" ], + "ssh_config": { + "/etc/ssh": { + "ssh_config": [ + "Include /etc/ssh/ssh_config.d/*.conf" + ] + }, + "/etc/ssh/ssh_config.d": { + "50-redhat.conf": [ + "Match final all", + "Include /etc/crypto-policies/back-ends/openssh.config", + "GSSAPIAuthentication yes", + "ForwardX11Trusted yes" + ] + } + }, + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "Include /etc/ssh/sshd_config.d/*.conf", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server" + ] + }, + "/etc/ssh/sshd_config.d": { + "50-redhat.conf": [ + "Include /etc/crypto-policies/back-ends/opensshserver.config", + "SyslogFacility AUTHPRIV", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no" + ] + } + }, "sudoers": { "/etc/sudoers": [ "Defaults !visiblepw", diff --git a/test/data/manifests/rhel_90-aarch64-tar-boot.json b/test/data/manifests/rhel_90-aarch64-tar-boot.json index 0da61c220..e2d04fd28 100644 --- a/test/data/manifests/rhel_90-aarch64-tar-boot.json +++ b/test/data/manifests/rhel_90-aarch64-tar-boot.json @@ -5740,6 +5740,27 @@ "selinux-autorelabel-mark.service", "sshd.service" ], + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "Include /etc/ssh/sshd_config.d/*.conf", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server" + ] + }, + "/etc/ssh/sshd_config.d": { + "50-redhat.conf": [ + "Include /etc/crypto-policies/back-ends/opensshserver.config", + "SyslogFacility AUTHPRIV", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no" + ] + } + }, "sysconfig": { "kernel": { "DEFAULTKERNEL": "kernel", diff --git a/test/data/manifests/rhel_90-ppc64le-qcow2-boot.json b/test/data/manifests/rhel_90-ppc64le-qcow2-boot.json index d93cb194a..2a7fb1b0e 100644 --- a/test/data/manifests/rhel_90-ppc64le-qcow2-boot.json +++ b/test/data/manifests/rhel_90-ppc64le-qcow2-boot.json @@ -10042,6 +10042,17 @@ } }, "default-target": "multi-user.target", + "dnf": { + "dnf.conf": { + "main": { + "best": "True", + "clean_requirements_on_remove": "True", + "gpgcheck": "1", + "installonly_limit": "3", + "skip_if_unavailable": "False" + } + } + }, "dracut": { "/usr/lib/dracut/dracut.conf.d": { "01-dist.conf": { @@ -10901,6 +10912,42 @@ "sssd.service", "tuned.service" ], + "ssh_config": { + "/etc/ssh": { + "ssh_config": [ + "Include /etc/ssh/ssh_config.d/*.conf" + ] + }, + "/etc/ssh/ssh_config.d": { + "50-redhat.conf": [ + "Match final all", + "Include /etc/crypto-policies/back-ends/openssh.config", + "GSSAPIAuthentication yes", + "ForwardX11Trusted yes" + ] + } + }, + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "Include /etc/ssh/sshd_config.d/*.conf", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server" + ] + }, + "/etc/ssh/sshd_config.d": { + "50-redhat.conf": [ + "Include /etc/crypto-policies/back-ends/opensshserver.config", + "SyslogFacility AUTHPRIV", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no" + ] + } + }, "sudoers": { "/etc/sudoers": [ "Defaults !visiblepw", diff --git a/test/data/manifests/rhel_90-ppc64le-qcow2_customize-boot.json b/test/data/manifests/rhel_90-ppc64le-qcow2_customize-boot.json index dbbab9887..0a377fd40 100644 --- a/test/data/manifests/rhel_90-ppc64le-qcow2_customize-boot.json +++ b/test/data/manifests/rhel_90-ppc64le-qcow2_customize-boot.json @@ -12496,6 +12496,17 @@ } }, "default-target": "multi-user.target", + "dnf": { + "dnf.conf": { + "main": { + "best": "True", + "clean_requirements_on_remove": "True", + "gpgcheck": "1", + "installonly_limit": "3", + "skip_if_unavailable": "False" + } + } + }, "dracut": { "/usr/lib/dracut/dracut.conf.d": { "01-dist.conf": { @@ -13387,6 +13398,42 @@ "sssd.service", "tuned.service" ], + "ssh_config": { + "/etc/ssh": { + "ssh_config": [ + "Include /etc/ssh/ssh_config.d/*.conf" + ] + }, + "/etc/ssh/ssh_config.d": { + "50-redhat.conf": [ + "Match final all", + "Include /etc/crypto-policies/back-ends/openssh.config", + "GSSAPIAuthentication yes", + "ForwardX11Trusted yes" + ] + } + }, + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "Include /etc/ssh/sshd_config.d/*.conf", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server" + ] + }, + "/etc/ssh/sshd_config.d": { + "50-redhat.conf": [ + "Include /etc/crypto-policies/back-ends/opensshserver.config", + "SyslogFacility AUTHPRIV", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no" + ] + } + }, "sudoers": { "/etc/sudoers": [ "Defaults !visiblepw", diff --git a/test/data/manifests/rhel_90-ppc64le-tar-boot.json b/test/data/manifests/rhel_90-ppc64le-tar-boot.json index 03ca22965..c78f52fc6 100644 --- a/test/data/manifests/rhel_90-ppc64le-tar-boot.json +++ b/test/data/manifests/rhel_90-ppc64le-tar-boot.json @@ -5904,6 +5904,27 @@ "selinux-autorelabel-mark.service", "sshd.service" ], + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "Include /etc/ssh/sshd_config.d/*.conf", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server" + ] + }, + "/etc/ssh/sshd_config.d": { + "50-redhat.conf": [ + "Include /etc/crypto-policies/back-ends/opensshserver.config", + "SyslogFacility AUTHPRIV", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no" + ] + } + }, "sysconfig": { "kernel": { "DEFAULTKERNEL": "kernel", diff --git a/test/data/manifests/rhel_90-s390x-qcow2-boot.json b/test/data/manifests/rhel_90-s390x-qcow2-boot.json index 36225391e..ab7fa5cd1 100644 --- a/test/data/manifests/rhel_90-s390x-qcow2-boot.json +++ b/test/data/manifests/rhel_90-s390x-qcow2-boot.json @@ -10825,7 +10825,7 @@ "grub_arg": "--unrestricted", "grub_class": "kernel", "grub_users": "$grub_users", - "id": "-20220209130747-5.14.0-55.el9.s390x", + "id": "-20220214183313-5.14.0-55.el9.s390x", "initrd": "/boot/initramfs-5.14.0-55.el9.s390x.img", "linux": "/boot/vmlinuz-5.14.0-55.el9.s390x", "options": "root=UUID=6e4ff95f-f662-45ee-a82a-bdf44a2d0b75 console=tty0 console=ttyS0,115200n8 no_timer_check net.ifnames=0", @@ -10950,6 +10950,17 @@ } }, "default-target": "multi-user.target", + "dnf": { + "dnf.conf": { + "main": { + "best": "True", + "clean_requirements_on_remove": "True", + "gpgcheck": "1", + "installonly_limit": "3", + "skip_if_unavailable": "False" + } + } + }, "dracut": { "/usr/lib/dracut/dracut.conf.d": { "01-dist.conf": { @@ -11778,6 +11789,42 @@ "sssd.service", "tuned.service" ], + "ssh_config": { + "/etc/ssh": { + "ssh_config": [ + "Include /etc/ssh/ssh_config.d/*.conf" + ] + }, + "/etc/ssh/ssh_config.d": { + "50-redhat.conf": [ + "Match final all", + "Include /etc/crypto-policies/back-ends/openssh.config", + "GSSAPIAuthentication yes", + "ForwardX11Trusted yes" + ] + } + }, + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "Include /etc/ssh/sshd_config.d/*.conf", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server" + ] + }, + "/etc/ssh/sshd_config.d": { + "50-redhat.conf": [ + "Include /etc/crypto-policies/back-ends/opensshserver.config", + "SyslogFacility AUTHPRIV", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no" + ] + } + }, "sudoers": { "/etc/sudoers": [ "Defaults !visiblepw", diff --git a/test/data/manifests/rhel_90-s390x-qcow2_customize-boot.json b/test/data/manifests/rhel_90-s390x-qcow2_customize-boot.json index d70cedc61..411018a16 100644 --- a/test/data/manifests/rhel_90-s390x-qcow2_customize-boot.json +++ b/test/data/manifests/rhel_90-s390x-qcow2_customize-boot.json @@ -13089,7 +13089,7 @@ "grub_arg": "--unrestricted", "grub_class": "kernel", "grub_users": "$grub_users", - "id": "-20220209131029-0-rescue-ffffffffffffffffffffffffffffffff", + "id": "-20220214183523-0-rescue-ffffffffffffffffffffffffffffffff", "initrd": "/boot/initramfs-0-rescue-ffffffffffffffffffffffffffffffff.img", "linux": "/boot/vmlinuz-0-rescue-ffffffffffffffffffffffffffffffff", "options": "root=UUID=6e4ff95f-f662-45ee-a82a-bdf44a2d0b75 console=tty0 console=ttyS0,115200n8 no_timer_check net.ifnames=0", @@ -13100,7 +13100,7 @@ "grub_arg": "--unrestricted", "grub_class": "kernel", "grub_users": "$grub_users", - "id": "-20220209131029-5.14.0-55.el9.s390x", + "id": "-20220214183523-5.14.0-55.el9.s390x", "initrd": "/boot/initramfs-5.14.0-55.el9.s390x.img", "linux": "/boot/vmlinuz-5.14.0-55.el9.s390x", "options": "root=UUID=6e4ff95f-f662-45ee-a82a-bdf44a2d0b75 console=tty0 console=ttyS0,115200n8 no_timer_check net.ifnames=0", @@ -13225,6 +13225,17 @@ } }, "default-target": "multi-user.target", + "dnf": { + "dnf.conf": { + "main": { + "best": "True", + "clean_requirements_on_remove": "True", + "gpgcheck": "1", + "installonly_limit": "3", + "skip_if_unavailable": "False" + } + } + }, "dracut": { "/usr/lib/dracut/dracut.conf.d": { "01-dist.conf": { @@ -14085,6 +14096,42 @@ "sssd.service", "tuned.service" ], + "ssh_config": { + "/etc/ssh": { + "ssh_config": [ + "Include /etc/ssh/ssh_config.d/*.conf" + ] + }, + "/etc/ssh/ssh_config.d": { + "50-redhat.conf": [ + "Match final all", + "Include /etc/crypto-policies/back-ends/openssh.config", + "GSSAPIAuthentication yes", + "ForwardX11Trusted yes" + ] + } + }, + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "Include /etc/ssh/sshd_config.d/*.conf", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server" + ] + }, + "/etc/ssh/sshd_config.d": { + "50-redhat.conf": [ + "Include /etc/crypto-policies/back-ends/opensshserver.config", + "SyslogFacility AUTHPRIV", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no" + ] + } + }, "sudoers": { "/etc/sudoers": [ "Defaults !visiblepw", diff --git a/test/data/manifests/rhel_90-s390x-tar-boot.json b/test/data/manifests/rhel_90-s390x-tar-boot.json index 36d1d6517..803068c96 100644 --- a/test/data/manifests/rhel_90-s390x-tar-boot.json +++ b/test/data/manifests/rhel_90-s390x-tar-boot.json @@ -7219,6 +7219,27 @@ "selinux-autorelabel-mark.service", "sshd.service" ], + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "Include /etc/ssh/sshd_config.d/*.conf", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server" + ] + }, + "/etc/ssh/sshd_config.d": { + "50-redhat.conf": [ + "Include /etc/crypto-policies/back-ends/opensshserver.config", + "SyslogFacility AUTHPRIV", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no" + ] + } + }, "sysconfig": { "kernel": { "DEFAULTKERNEL": "kernel", diff --git a/test/data/manifests/rhel_90-x86_64-ami-boot.json b/test/data/manifests/rhel_90-x86_64-ami-boot.json index 3865a3c59..41c634157 100644 --- a/test/data/manifests/rhel_90-x86_64-ami-boot.json +++ b/test/data/manifests/rhel_90-x86_64-ami-boot.json @@ -8884,6 +8884,17 @@ } }, "default-target": "multi-user.target", + "dnf": { + "dnf.conf": { + "main": { + "best": "True", + "clean_requirements_on_remove": "True", + "gpgcheck": "1", + "installonly_limit": "3", + "skip_if_unavailable": "False" + } + } + }, "dracut": { "/usr/lib/dracut/dracut.conf.d": { "01-dist.conf": { @@ -9667,6 +9678,43 @@ "sssd.service", "tuned.service" ], + "ssh_config": { + "/etc/ssh": { + "ssh_config": [ + "Include /etc/ssh/ssh_config.d/*.conf" + ] + }, + "/etc/ssh/ssh_config.d": { + "50-redhat.conf": [ + "Match final all", + "Include /etc/crypto-policies/back-ends/openssh.config", + "GSSAPIAuthentication yes", + "ForwardX11Trusted yes" + ] + } + }, + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "Include /etc/ssh/sshd_config.d/*.conf", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server", + "PasswordAuthentication no" + ] + }, + "/etc/ssh/sshd_config.d": { + "50-redhat.conf": [ + "Include /etc/crypto-policies/back-ends/opensshserver.config", + "SyslogFacility AUTHPRIV", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no" + ] + } + }, "sudoers": { "/etc/sudoers": [ "Defaults !visiblepw", diff --git a/test/data/manifests/rhel_90-x86_64-ec2-boot.json b/test/data/manifests/rhel_90-x86_64-ec2-boot.json index c8b76ff55..d75cfa433 100644 --- a/test/data/manifests/rhel_90-x86_64-ec2-boot.json +++ b/test/data/manifests/rhel_90-x86_64-ec2-boot.json @@ -8948,6 +8948,17 @@ } }, "default-target": "multi-user.target", + "dnf": { + "dnf.conf": { + "main": { + "best": "True", + "clean_requirements_on_remove": "True", + "gpgcheck": "1", + "installonly_limit": "3", + "skip_if_unavailable": "False" + } + } + }, "dracut": { "/usr/lib/dracut/dracut.conf.d": { "01-dist.conf": { @@ -9737,6 +9748,43 @@ "sssd.service", "tuned.service" ], + "ssh_config": { + "/etc/ssh": { + "ssh_config": [ + "Include /etc/ssh/ssh_config.d/*.conf" + ] + }, + "/etc/ssh/ssh_config.d": { + "50-redhat.conf": [ + "Match final all", + "Include /etc/crypto-policies/back-ends/openssh.config", + "GSSAPIAuthentication yes", + "ForwardX11Trusted yes" + ] + } + }, + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "Include /etc/ssh/sshd_config.d/*.conf", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server", + "PasswordAuthentication no" + ] + }, + "/etc/ssh/sshd_config.d": { + "50-redhat.conf": [ + "Include /etc/crypto-policies/back-ends/opensshserver.config", + "SyslogFacility AUTHPRIV", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no" + ] + } + }, "sudoers": { "/etc/sudoers": [ "Defaults !visiblepw", @@ -10012,6 +10060,124 @@ "r! /tmp/.X[0-9]*-lock" ] } + }, + "yum_repos": { + "/etc/yum.repos.d": { + "redhat-rhui-beta.repo": { + "rhui-rhel-9-appstream-beta-rhui-debug-rpms": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta", + "mirrorlist": "https://rhui.REGION.aws.ce.redhat.com/pulp/mirror/content/beta/rhel9/rhui/9/$basearch/appstream/debug", + "name": "Red Hat Enterprise Linux 9 - AppStream Beta from RHUI (Debug RPMs)", + "sslcacert": "/etc/pki/rhui/cdn.redhat.com-chain.crt", + "sslclientcert": "/etc/pki/rhui/product/content-rhel9.crt", + "sslclientkey": "/etc/pki/rhui/content-rhel9.key", + "sslverify": "1" + }, + "rhui-rhel-9-appstream-beta-rhui-rpms": { + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta", + "mirrorlist": "https://rhui.REGION.aws.ce.redhat.com/pulp/mirror/content/beta/rhel9/rhui/9/$basearch/appstream/os", + "name": "Red Hat Enterprise Linux 9 - AppStream Beta from RHUI (RPMs)", + "sslcacert": "/etc/pki/rhui/cdn.redhat.com-chain.crt", + "sslclientcert": "/etc/pki/rhui/product/content-rhel9.crt", + "sslclientkey": "/etc/pki/rhui/content-rhel9.key", + "sslverify": "1" + }, + "rhui-rhel-9-appstream-beta-rhui-source-rpms": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta", + "mirrorlist": "https://rhui.REGION.aws.ce.redhat.com/pulp/mirror/content/beta/rhel9/rhui/9/$basearch/appstream/source/SRPMS", + "name": "Red Hat Enterprise Linux 9 - AppStream Beta from RHUI (Source RPMs)", + "sslcacert": "/etc/pki/rhui/cdn.redhat.com-chain.crt", + "sslclientcert": "/etc/pki/rhui/product/content-rhel9.crt", + "sslclientkey": "/etc/pki/rhui/content-rhel9.key", + "sslverify": "1" + }, + "rhui-rhel-9-baseos-beta-rhui-debug-rpms": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta", + "mirrorlist": "https://rhui.REGION.aws.ce.redhat.com/pulp/mirror/content/beta/rhel9/rhui/9/$basearch/baseos/debug", + "name": "Red Hat Enterprise Linux 9 - BaseOS Beta from RHUI (Debug RPMs)", + "sslcacert": "/etc/pki/rhui/cdn.redhat.com-chain.crt", + "sslclientcert": "/etc/pki/rhui/product/content-rhel9.crt", + "sslclientkey": "/etc/pki/rhui/content-rhel9.key", + "sslverify": "1" + }, + "rhui-rhel-9-baseos-beta-rhui-rpms": { + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta", + "mirrorlist": "https://rhui.REGION.aws.ce.redhat.com/pulp/mirror/content/beta/rhel9/rhui/9/$basearch/baseos/os", + "name": "Red Hat Enterprise Linux 9 - BaseOS Beta from RHUI (RPMs)", + "sslcacert": "/etc/pki/rhui/cdn.redhat.com-chain.crt", + "sslclientcert": "/etc/pki/rhui/product/content-rhel9.crt", + "sslclientkey": "/etc/pki/rhui/content-rhel9.key", + "sslverify": "1" + }, + "rhui-rhel-9-baseos-beta-rhui-source-rpms": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta", + "mirrorlist": "https://rhui.REGION.aws.ce.redhat.com/pulp/mirror/content/beta/rhel9/rhui/9/$basearch/baseos/source/SRPMS", + "name": "Red Hat Enterprise Linux 9 - BaseOS Beta from RHUI (Source RPMs)", + "sslcacert": "/etc/pki/rhui/cdn.redhat.com-chain.crt", + "sslclientcert": "/etc/pki/rhui/product/content-rhel9.crt", + "sslclientkey": "/etc/pki/rhui/content-rhel9.key", + "sslverify": "1" + }, + "rhui-rhel-9-supplementary-beta-debug-rhui-rpms": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta", + "mirrorlist": "https://rhui.REGION.aws.ce.redhat.com/pulp/mirror/content/beta/rhel9/rhui/9/$basearch/supplementary/debug", + "name": "Red Hat Enterprise Linux 9 - Supplementary Beta (Debug RPMs) from RHUI", + "sslcacert": "/etc/pki/rhui/cdn.redhat.com-chain.crt", + "sslclientcert": "/etc/pki/rhui/product/content-rhel9.crt", + "sslclientkey": "/etc/pki/rhui/content-rhel9.key", + "sslverify": "1" + }, + "rhui-rhel-9-supplementary-beta-rhui-rpms": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta", + "mirrorlist": "https://rhui.REGION.aws.ce.redhat.com/pulp/mirror/content/beta/rhel9/rhui/9/$basearch/supplementary/os", + "name": "Red Hat Enterprise Linux 9 - Supplementary Beta (RPMs) from RHUI", + "sslcacert": "/etc/pki/rhui/cdn.redhat.com-chain.crt", + "sslclientcert": "/etc/pki/rhui/product/content-rhel9.crt", + "sslclientkey": "/etc/pki/rhui/content-rhel9.key", + "sslverify": "1" + }, + "rhui-rhel-9-supplementary-beta-source-rhui-rpms": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta", + "mirrorlist": "https://rhui.REGION.aws.ce.redhat.com/pulp/mirror/content/beta/rhel9/rhui/9/$basearch/supplementary/source/SRPMS", + "name": "Red Hat Enterprise Linux 9 - Supplementary Beta (Source RPMs) from RHUI", + "sslcacert": "/etc/pki/rhui/cdn.redhat.com-chain.crt", + "sslclientcert": "/etc/pki/rhui/product/content-rhel9.crt", + "sslclientkey": "/etc/pki/rhui/content-rhel9.key", + "sslverify": "1" + } + }, + "redhat-rhui-client-config.repo": { + "rhui-client-config-server-9": { + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release", + "mirrorlist": "https://rhui.REGION.aws.ce.redhat.com/pulp/mirror/protected/rhui-client-config/rhel/server/9/$basearch/os", + "name": "Red Hat Enterprise Linux 9 Client Configuration", + "sslcacert": "/etc/pki/rhui/cdn.redhat.com-chain.crt", + "sslclientcert": "/etc/pki/rhui/product/rhui-client-config-server-9.crt", + "sslclientkey": "/etc/pki/rhui/rhui-client-config-server-9.key", + "sslverify": "1" + } + } + } } } } diff --git a/test/data/manifests/rhel_90-x86_64-ec2_ha-boot.json b/test/data/manifests/rhel_90-x86_64-ec2_ha-boot.json index 8195debba..bfd2541ea 100644 --- a/test/data/manifests/rhel_90-x86_64-ec2_ha-boot.json +++ b/test/data/manifests/rhel_90-x86_64-ec2_ha-boot.json @@ -11387,6 +11387,17 @@ } }, "default-target": "multi-user.target", + "dnf": { + "dnf.conf": { + "main": { + "best": "True", + "clean_requirements_on_remove": "True", + "gpgcheck": "1", + "installonly_limit": "3", + "skip_if_unavailable": "False" + } + } + }, "dracut": { "/usr/lib/dracut/dracut.conf.d": { "01-dist.conf": { @@ -12393,6 +12404,43 @@ "tuned.service", "unbound-anchor.timer" ], + "ssh_config": { + "/etc/ssh": { + "ssh_config": [ + "Include /etc/ssh/ssh_config.d/*.conf" + ] + }, + "/etc/ssh/ssh_config.d": { + "50-redhat.conf": [ + "Match final all", + "Include /etc/crypto-policies/back-ends/openssh.config", + "GSSAPIAuthentication yes", + "ForwardX11Trusted yes" + ] + } + }, + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "Include /etc/ssh/sshd_config.d/*.conf", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server", + "PasswordAuthentication no" + ] + }, + "/etc/ssh/sshd_config.d": { + "50-redhat.conf": [ + "Include /etc/crypto-policies/back-ends/opensshserver.config", + "SyslogFacility AUTHPRIV", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no" + ] + } + }, "sudoers": { "/etc/sudoers": [ "Defaults !visiblepw", diff --git a/test/data/manifests/rhel_90-x86_64-ec2_sap-boot.json b/test/data/manifests/rhel_90-x86_64-ec2_sap-boot.json index c94458a60..7e171e6e4 100644 --- a/test/data/manifests/rhel_90-x86_64-ec2_sap-boot.json +++ b/test/data/manifests/rhel_90-x86_64-ec2_sap-boot.json @@ -12669,6 +12669,15 @@ }, "default-target": "multi-user.target", "dnf": { + "dnf.conf": { + "main": { + "best": "True", + "clean_requirements_on_remove": "True", + "gpgcheck": "1", + "installonly_limit": "3", + "skip_if_unavailable": "False" + } + }, "vars": { "releasever": "9.0" } @@ -13770,6 +13779,43 @@ "upower.service", "uuidd.socket" ], + "ssh_config": { + "/etc/ssh": { + "ssh_config": [ + "Include /etc/ssh/ssh_config.d/*.conf" + ] + }, + "/etc/ssh/ssh_config.d": { + "50-redhat.conf": [ + "Match final all", + "Include /etc/crypto-policies/back-ends/openssh.config", + "GSSAPIAuthentication yes", + "ForwardX11Trusted yes" + ] + } + }, + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "Include /etc/ssh/sshd_config.d/*.conf", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server", + "PasswordAuthentication no" + ] + }, + "/etc/ssh/sshd_config.d": { + "50-redhat.conf": [ + "Include /etc/crypto-policies/back-ends/opensshserver.config", + "SyslogFacility AUTHPRIV", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no" + ] + } + }, "sudoers": { "/etc/sudoers": [ "Defaults !visiblepw", diff --git a/test/data/manifests/rhel_90-x86_64-edge_commit-boot.json b/test/data/manifests/rhel_90-x86_64-edge_commit-boot.json index b2707bddf..384f5af15 100644 --- a/test/data/manifests/rhel_90-x86_64-edge_commit-boot.json +++ b/test/data/manifests/rhel_90-x86_64-edge_commit-boot.json @@ -9154,6 +9154,42 @@ "sshd.service", "udisks2.service" ], + "ssh_config": { + "/etc/ssh": { + "ssh_config": [ + "Include /etc/ssh/ssh_config.d/*.conf" + ] + }, + "/etc/ssh/ssh_config.d": { + "50-redhat.conf": [ + "Match final all", + "Include /etc/crypto-policies/back-ends/openssh.config", + "GSSAPIAuthentication yes", + "ForwardX11Trusted yes" + ] + } + }, + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "Include /etc/ssh/sshd_config.d/*.conf", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server" + ] + }, + "/etc/ssh/sshd_config.d": { + "50-redhat.conf": [ + "Include /etc/crypto-policies/back-ends/opensshserver.config", + "SyslogFacility AUTHPRIV", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no" + ] + } + }, "sudoers": { "/etc/sudoers": [ "Defaults !visiblepw", diff --git a/test/data/manifests/rhel_90-x86_64-edge_commit_rt-boot.json b/test/data/manifests/rhel_90-x86_64-edge_commit_rt-boot.json index 8e2e4ac60..3e00b432f 100644 --- a/test/data/manifests/rhel_90-x86_64-edge_commit_rt-boot.json +++ b/test/data/manifests/rhel_90-x86_64-edge_commit_rt-boot.json @@ -10550,6 +10550,17 @@ ] }, "default-target": "graphical.target", + "dnf": { + "dnf.conf": { + "main": { + "best": "True", + "clean_requirements_on_remove": "True", + "gpgcheck": "1", + "installonly_limit": "3", + "skip_if_unavailable": "False" + } + } + }, "dracut": { "/usr/lib/dracut/dracut.conf.d": { "01-dist.conf": { @@ -11315,6 +11326,42 @@ "tuned.service", "udisks2.service" ], + "ssh_config": { + "/etc/ssh": { + "ssh_config": [ + "Include /etc/ssh/ssh_config.d/*.conf" + ] + }, + "/etc/ssh/ssh_config.d": { + "50-redhat.conf": [ + "Match final all", + "Include /etc/crypto-policies/back-ends/openssh.config", + "GSSAPIAuthentication yes", + "ForwardX11Trusted yes" + ] + } + }, + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "Include /etc/ssh/sshd_config.d/*.conf", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server" + ] + }, + "/etc/ssh/sshd_config.d": { + "50-redhat.conf": [ + "Include /etc/crypto-policies/back-ends/opensshserver.config", + "SyslogFacility AUTHPRIV", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no" + ] + } + }, "sudoers": { "/etc/sudoers": [ "Defaults !visiblepw", diff --git a/test/data/manifests/rhel_90-x86_64-openstack-boot.json b/test/data/manifests/rhel_90-x86_64-openstack-boot.json index d53294908..33923035c 100644 --- a/test/data/manifests/rhel_90-x86_64-openstack-boot.json +++ b/test/data/manifests/rhel_90-x86_64-openstack-boot.json @@ -9533,6 +9533,17 @@ } }, "default-target": "graphical.target", + "dnf": { + "dnf.conf": { + "main": { + "best": "True", + "clean_requirements_on_remove": "True", + "gpgcheck": "1", + "installonly_limit": "3", + "skip_if_unavailable": "False" + } + } + }, "dracut": { "/usr/lib/dracut/dracut.conf.d": { "01-dist.conf": { @@ -10358,6 +10369,42 @@ "tuned.service", "udisks2.service" ], + "ssh_config": { + "/etc/ssh": { + "ssh_config": [ + "Include /etc/ssh/ssh_config.d/*.conf" + ] + }, + "/etc/ssh/ssh_config.d": { + "50-redhat.conf": [ + "Match final all", + "Include /etc/crypto-policies/back-ends/openssh.config", + "GSSAPIAuthentication yes", + "ForwardX11Trusted yes" + ] + } + }, + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "Include /etc/ssh/sshd_config.d/*.conf", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server" + ] + }, + "/etc/ssh/sshd_config.d": { + "50-redhat.conf": [ + "Include /etc/crypto-policies/back-ends/opensshserver.config", + "SyslogFacility AUTHPRIV", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no" + ] + } + }, "sudoers": { "/etc/sudoers": [ "Defaults !visiblepw", diff --git a/test/data/manifests/rhel_90-x86_64-qcow2-boot.json b/test/data/manifests/rhel_90-x86_64-qcow2-boot.json index 1a081a1f5..090899a0c 100644 --- a/test/data/manifests/rhel_90-x86_64-qcow2-boot.json +++ b/test/data/manifests/rhel_90-x86_64-qcow2-boot.json @@ -9499,6 +9499,17 @@ } }, "default-target": "multi-user.target", + "dnf": { + "dnf.conf": { + "main": { + "best": "True", + "clean_requirements_on_remove": "True", + "gpgcheck": "1", + "installonly_limit": "3", + "skip_if_unavailable": "False" + } + } + }, "dracut": { "/usr/lib/dracut/dracut.conf.d": { "01-dist.conf": { @@ -10331,6 +10342,42 @@ "sssd.service", "tuned.service" ], + "ssh_config": { + "/etc/ssh": { + "ssh_config": [ + "Include /etc/ssh/ssh_config.d/*.conf" + ] + }, + "/etc/ssh/ssh_config.d": { + "50-redhat.conf": [ + "Match final all", + "Include /etc/crypto-policies/back-ends/openssh.config", + "GSSAPIAuthentication yes", + "ForwardX11Trusted yes" + ] + } + }, + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "Include /etc/ssh/sshd_config.d/*.conf", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server" + ] + }, + "/etc/ssh/sshd_config.d": { + "50-redhat.conf": [ + "Include /etc/crypto-policies/back-ends/opensshserver.config", + "SyslogFacility AUTHPRIV", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no" + ] + } + }, "sudoers": { "/etc/sudoers": [ "Defaults !visiblepw", diff --git a/test/data/manifests/rhel_90-x86_64-qcow2_customize-boot.json b/test/data/manifests/rhel_90-x86_64-qcow2_customize-boot.json index 2d171edde..b0842cdf6 100644 --- a/test/data/manifests/rhel_90-x86_64-qcow2_customize-boot.json +++ b/test/data/manifests/rhel_90-x86_64-qcow2_customize-boot.json @@ -12079,6 +12079,17 @@ } }, "default-target": "multi-user.target", + "dnf": { + "dnf.conf": { + "main": { + "best": "True", + "clean_requirements_on_remove": "True", + "gpgcheck": "1", + "installonly_limit": "3", + "skip_if_unavailable": "False" + } + } + }, "dracut": { "/usr/lib/dracut/dracut.conf.d": { "01-dist.conf": { @@ -12955,6 +12966,42 @@ "sssd.service", "tuned.service" ], + "ssh_config": { + "/etc/ssh": { + "ssh_config": [ + "Include /etc/ssh/ssh_config.d/*.conf" + ] + }, + "/etc/ssh/ssh_config.d": { + "50-redhat.conf": [ + "Match final all", + "Include /etc/crypto-policies/back-ends/openssh.config", + "GSSAPIAuthentication yes", + "ForwardX11Trusted yes" + ] + } + }, + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "Include /etc/ssh/sshd_config.d/*.conf", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server" + ] + }, + "/etc/ssh/sshd_config.d": { + "50-redhat.conf": [ + "Include /etc/crypto-policies/back-ends/opensshserver.config", + "SyslogFacility AUTHPRIV", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no" + ] + } + }, "sudoers": { "/etc/sudoers": [ "Defaults !visiblepw", diff --git a/test/data/manifests/rhel_90-x86_64-tar-boot.json b/test/data/manifests/rhel_90-x86_64-tar-boot.json index 95406dc71..103352065 100644 --- a/test/data/manifests/rhel_90-x86_64-tar-boot.json +++ b/test/data/manifests/rhel_90-x86_64-tar-boot.json @@ -5922,6 +5922,27 @@ "selinux-autorelabel-mark.service", "sshd.service" ], + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "Include /etc/ssh/sshd_config.d/*.conf", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server" + ] + }, + "/etc/ssh/sshd_config.d": { + "50-redhat.conf": [ + "Include /etc/crypto-policies/back-ends/opensshserver.config", + "SyslogFacility AUTHPRIV", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no" + ] + } + }, "sysconfig": { "kernel": { "DEFAULTKERNEL": "kernel", diff --git a/test/data/manifests/rhel_90-x86_64-vhd-boot.json b/test/data/manifests/rhel_90-x86_64-vhd-boot.json index a613e4dde..c44ca6187 100644 --- a/test/data/manifests/rhel_90-x86_64-vhd-boot.json +++ b/test/data/manifests/rhel_90-x86_64-vhd-boot.json @@ -9443,6 +9443,17 @@ } }, "default-target": "multi-user.target", + "dnf": { + "dnf.conf": { + "main": { + "best": "True", + "clean_requirements_on_remove": "True", + "gpgcheck": "1", + "installonly_limit": "3", + "skip_if_unavailable": "False" + } + } + }, "dracut": { "/usr/lib/dracut/dracut.conf.d": { "01-dist.conf": { @@ -10264,6 +10275,42 @@ "udisks2.service", "waagent.service" ], + "ssh_config": { + "/etc/ssh": { + "ssh_config": [ + "Include /etc/ssh/ssh_config.d/*.conf" + ] + }, + "/etc/ssh/ssh_config.d": { + "50-redhat.conf": [ + "Match final all", + "Include /etc/crypto-policies/back-ends/openssh.config", + "GSSAPIAuthentication yes", + "ForwardX11Trusted yes" + ] + } + }, + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "Include /etc/ssh/sshd_config.d/*.conf", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server" + ] + }, + "/etc/ssh/sshd_config.d": { + "50-redhat.conf": [ + "Include /etc/crypto-policies/back-ends/opensshserver.config", + "SyslogFacility AUTHPRIV", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no" + ] + } + }, "sudoers": { "/etc/sudoers": [ "Defaults !visiblepw", diff --git a/test/data/manifests/rhel_90-x86_64-vmdk-boot.json b/test/data/manifests/rhel_90-x86_64-vmdk-boot.json index b2665c1d6..2c5914b75 100644 --- a/test/data/manifests/rhel_90-x86_64-vmdk-boot.json +++ b/test/data/manifests/rhel_90-x86_64-vmdk-boot.json @@ -9104,6 +9104,17 @@ ] }, "default-target": "graphical.target", + "dnf": { + "dnf.conf": { + "main": { + "best": "True", + "clean_requirements_on_remove": "True", + "gpgcheck": "1", + "installonly_limit": "3", + "skip_if_unavailable": "False" + } + } + }, "dracut": { "/usr/lib/dracut/dracut.conf.d": { "01-dist.conf": { @@ -9904,6 +9915,42 @@ "vgauthd.service", "vmtoolsd.service" ], + "ssh_config": { + "/etc/ssh": { + "ssh_config": [ + "Include /etc/ssh/ssh_config.d/*.conf" + ] + }, + "/etc/ssh/ssh_config.d": { + "50-redhat.conf": [ + "Match final all", + "Include /etc/crypto-policies/back-ends/openssh.config", + "GSSAPIAuthentication yes", + "ForwardX11Trusted yes" + ] + } + }, + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "Include /etc/ssh/sshd_config.d/*.conf", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server" + ] + }, + "/etc/ssh/sshd_config.d": { + "50-redhat.conf": [ + "Include /etc/crypto-policies/back-ends/opensshserver.config", + "SyslogFacility AUTHPRIV", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no" + ] + } + }, "sudoers": { "/etc/sudoers": [ "Defaults !visiblepw", diff --git a/test/data/manifests/rhel_90_beta-aarch64-ami-boot.json b/test/data/manifests/rhel_90_beta-aarch64-ami-boot.json index a69282e9f..4089f83d4 100644 --- a/test/data/manifests/rhel_90_beta-aarch64-ami-boot.json +++ b/test/data/manifests/rhel_90_beta-aarch64-ami-boot.json @@ -9166,6 +9166,17 @@ } }, "default-target": "multi-user.target", + "dnf": { + "dnf.conf": { + "main": { + "best": "True", + "clean_requirements_on_remove": "True", + "gpgcheck": "1", + "installonly_limit": "3", + "skip_if_unavailable": "False" + } + } + }, "dracut": { "/usr/lib/dracut/dracut.conf.d": { "01-dist.conf": { @@ -9979,6 +9990,50 @@ "udisks2.service", "unbound-anchor.timer" ], + "ssh_config": { + "/etc/ssh": { + "ssh_config": [ + "Include /etc/ssh/ssh_config.d/*.conf" + ] + }, + "/etc/ssh/ssh_config.d": { + "50-redhat.conf": [ + "Match final all", + "Include /etc/crypto-policies/back-ends/openssh.config", + "GSSAPIAuthentication yes", + "ForwardX11Trusted yes", + "SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "SendEnv XMODIFIERS" + ] + } + }, + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "Include /etc/ssh/sshd_config.d/*.conf", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server" + ] + }, + "/etc/ssh/sshd_config.d": { + "50-redhat.conf": [ + "Include /etc/crypto-policies/back-ends/opensshserver.config", + "SyslogFacility AUTHPRIV", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no", + "AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "AcceptEnv XMODIFIERS" + ] + } + }, "sudoers": { "/etc/sudoers": [ "Defaults !visiblepw", diff --git a/test/data/manifests/rhel_90_beta-aarch64-ec2-boot.json b/test/data/manifests/rhel_90_beta-aarch64-ec2-boot.json index d773a34ae..bd51ff71e 100644 --- a/test/data/manifests/rhel_90_beta-aarch64-ec2-boot.json +++ b/test/data/manifests/rhel_90_beta-aarch64-ec2-boot.json @@ -9215,6 +9215,17 @@ } }, "default-target": "multi-user.target", + "dnf": { + "dnf.conf": { + "main": { + "best": "True", + "clean_requirements_on_remove": "True", + "gpgcheck": "1", + "installonly_limit": "3", + "skip_if_unavailable": "False" + } + } + }, "dracut": { "/usr/lib/dracut/dracut.conf.d": { "01-dist.conf": { @@ -10033,6 +10044,50 @@ "udisks2.service", "unbound-anchor.timer" ], + "ssh_config": { + "/etc/ssh": { + "ssh_config": [ + "Include /etc/ssh/ssh_config.d/*.conf" + ] + }, + "/etc/ssh/ssh_config.d": { + "50-redhat.conf": [ + "Match final all", + "Include /etc/crypto-policies/back-ends/openssh.config", + "GSSAPIAuthentication yes", + "ForwardX11Trusted yes", + "SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "SendEnv XMODIFIERS" + ] + } + }, + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "Include /etc/ssh/sshd_config.d/*.conf", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server" + ] + }, + "/etc/ssh/sshd_config.d": { + "50-redhat.conf": [ + "Include /etc/crypto-policies/back-ends/opensshserver.config", + "SyslogFacility AUTHPRIV", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no", + "AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "AcceptEnv XMODIFIERS" + ] + } + }, "sudoers": { "/etc/sudoers": [ "Defaults !visiblepw", @@ -10304,6 +10359,124 @@ "r! /tmp/.X[0-9]*-lock" ] } + }, + "yum_repos": { + "/etc/yum.repos.d": { + "redhat-rhui-beta.repo": { + "rhui-rhel-9-appstream-beta-rhui-debug-rpms": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta", + "mirrorlist": "https://rhui.REGION.aws.ce.redhat.com/pulp/mirror/content/beta/rhel9/rhui/9/$basearch/appstream/debug", + "name": "Red Hat Enterprise Linux 9 - AppStream Beta from RHUI (Debug RPMs)", + "sslcacert": "/etc/pki/rhui/cdn.redhat.com-chain.crt", + "sslclientcert": "/etc/pki/rhui/product/content-rhel9.crt", + "sslclientkey": "/etc/pki/rhui/content-rhel9.key", + "sslverify": "1" + }, + "rhui-rhel-9-appstream-beta-rhui-rpms": { + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta", + "mirrorlist": "https://rhui.REGION.aws.ce.redhat.com/pulp/mirror/content/beta/rhel9/rhui/9/$basearch/appstream/os", + "name": "Red Hat Enterprise Linux 9 - AppStream Beta from RHUI (RPMs)", + "sslcacert": "/etc/pki/rhui/cdn.redhat.com-chain.crt", + "sslclientcert": "/etc/pki/rhui/product/content-rhel9.crt", + "sslclientkey": "/etc/pki/rhui/content-rhel9.key", + "sslverify": "1" + }, + "rhui-rhel-9-appstream-beta-rhui-source-rpms": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta", + "mirrorlist": "https://rhui.REGION.aws.ce.redhat.com/pulp/mirror/content/beta/rhel9/rhui/9/$basearch/appstream/source/SRPMS", + "name": "Red Hat Enterprise Linux 9 - AppStream Beta from RHUI (Source RPMs)", + "sslcacert": "/etc/pki/rhui/cdn.redhat.com-chain.crt", + "sslclientcert": "/etc/pki/rhui/product/content-rhel9.crt", + "sslclientkey": "/etc/pki/rhui/content-rhel9.key", + "sslverify": "1" + }, + "rhui-rhel-9-baseos-beta-rhui-debug-rpms": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta", + "mirrorlist": "https://rhui.REGION.aws.ce.redhat.com/pulp/mirror/content/beta/rhel9/rhui/9/$basearch/baseos/debug", + "name": "Red Hat Enterprise Linux 9 - BaseOS Beta from RHUI (Debug RPMs)", + "sslcacert": "/etc/pki/rhui/cdn.redhat.com-chain.crt", + "sslclientcert": "/etc/pki/rhui/product/content-rhel9.crt", + "sslclientkey": "/etc/pki/rhui/content-rhel9.key", + "sslverify": "1" + }, + "rhui-rhel-9-baseos-beta-rhui-rpms": { + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta", + "mirrorlist": "https://rhui.REGION.aws.ce.redhat.com/pulp/mirror/content/beta/rhel9/rhui/9/$basearch/baseos/os", + "name": "Red Hat Enterprise Linux 9 - BaseOS Beta from RHUI (RPMs)", + "sslcacert": "/etc/pki/rhui/cdn.redhat.com-chain.crt", + "sslclientcert": "/etc/pki/rhui/product/content-rhel9.crt", + "sslclientkey": "/etc/pki/rhui/content-rhel9.key", + "sslverify": "1" + }, + "rhui-rhel-9-baseos-beta-rhui-source-rpms": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta", + "mirrorlist": "https://rhui.REGION.aws.ce.redhat.com/pulp/mirror/content/beta/rhel9/rhui/9/$basearch/baseos/source/SRPMS", + "name": "Red Hat Enterprise Linux 9 - BaseOS Beta from RHUI (Source RPMs)", + "sslcacert": "/etc/pki/rhui/cdn.redhat.com-chain.crt", + "sslclientcert": "/etc/pki/rhui/product/content-rhel9.crt", + "sslclientkey": "/etc/pki/rhui/content-rhel9.key", + "sslverify": "1" + }, + "rhui-rhel-9-supplementary-beta-debug-rhui-rpms": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta", + "mirrorlist": "https://rhui.REGION.aws.ce.redhat.com/pulp/mirror/content/beta/rhel9/rhui/9/$basearch/supplementary/debug", + "name": "Red Hat Enterprise Linux 9 - Supplementary Beta (Debug RPMs) from RHUI", + "sslcacert": "/etc/pki/rhui/cdn.redhat.com-chain.crt", + "sslclientcert": "/etc/pki/rhui/product/content-rhel9.crt", + "sslclientkey": "/etc/pki/rhui/content-rhel9.key", + "sslverify": "1" + }, + "rhui-rhel-9-supplementary-beta-rhui-rpms": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta", + "mirrorlist": "https://rhui.REGION.aws.ce.redhat.com/pulp/mirror/content/beta/rhel9/rhui/9/$basearch/supplementary/os", + "name": "Red Hat Enterprise Linux 9 - Supplementary Beta (RPMs) from RHUI", + "sslcacert": "/etc/pki/rhui/cdn.redhat.com-chain.crt", + "sslclientcert": "/etc/pki/rhui/product/content-rhel9.crt", + "sslclientkey": "/etc/pki/rhui/content-rhel9.key", + "sslverify": "1" + }, + "rhui-rhel-9-supplementary-beta-source-rhui-rpms": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta", + "mirrorlist": "https://rhui.REGION.aws.ce.redhat.com/pulp/mirror/content/beta/rhel9/rhui/9/$basearch/supplementary/source/SRPMS", + "name": "Red Hat Enterprise Linux 9 - Supplementary Beta (Source RPMs) from RHUI", + "sslcacert": "/etc/pki/rhui/cdn.redhat.com-chain.crt", + "sslclientcert": "/etc/pki/rhui/product/content-rhel9.crt", + "sslclientkey": "/etc/pki/rhui/content-rhel9.key", + "sslverify": "1" + } + }, + "redhat-rhui-client-config.repo": { + "rhui-client-config-server-9": { + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release", + "mirrorlist": "https://rhui.REGION.aws.ce.redhat.com/pulp/mirror/protected/rhui-client-config/rhel/server/9/$basearch/os", + "name": "Red Hat Enterprise Linux 9 Client Configuration", + "sslcacert": "/etc/pki/rhui/cdn.redhat.com-chain.crt", + "sslclientcert": "/etc/pki/rhui/product/rhui-client-config-server-9.crt", + "sslclientkey": "/etc/pki/rhui/rhui-client-config-server-9.key", + "sslverify": "1" + } + } + } } } } diff --git a/test/data/manifests/rhel_90_beta-aarch64-edge_commit-boot.json b/test/data/manifests/rhel_90_beta-aarch64-edge_commit-boot.json index f9936bb5d..8dc4d441e 100644 --- a/test/data/manifests/rhel_90_beta-aarch64-edge_commit-boot.json +++ b/test/data/manifests/rhel_90_beta-aarch64-edge_commit-boot.json @@ -8908,6 +8908,50 @@ "sshd.service", "udisks2.service" ], + "ssh_config": { + "/etc/ssh": { + "ssh_config": [ + "Include /etc/ssh/ssh_config.d/*.conf" + ] + }, + "/etc/ssh/ssh_config.d": { + "50-redhat.conf": [ + "Match final all", + "Include /etc/crypto-policies/back-ends/openssh.config", + "GSSAPIAuthentication yes", + "ForwardX11Trusted yes", + "SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "SendEnv XMODIFIERS" + ] + } + }, + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "Include /etc/ssh/sshd_config.d/*.conf", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server" + ] + }, + "/etc/ssh/sshd_config.d": { + "50-redhat.conf": [ + "Include /etc/crypto-policies/back-ends/opensshserver.config", + "SyslogFacility AUTHPRIV", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no", + "AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "AcceptEnv XMODIFIERS" + ] + } + }, "sudoers": { "/etc/sudoers": [ "Defaults !visiblepw", diff --git a/test/data/manifests/rhel_90_beta-aarch64-openstack-boot.json b/test/data/manifests/rhel_90_beta-aarch64-openstack-boot.json index acc0ef5de..71808f88f 100644 --- a/test/data/manifests/rhel_90_beta-aarch64-openstack-boot.json +++ b/test/data/manifests/rhel_90_beta-aarch64-openstack-boot.json @@ -9115,6 +9115,17 @@ } }, "default-target": "graphical.target", + "dnf": { + "dnf.conf": { + "main": { + "best": "True", + "clean_requirements_on_remove": "True", + "gpgcheck": "1", + "installonly_limit": "3", + "skip_if_unavailable": "False" + } + } + }, "dracut": { "/usr/lib/dracut/dracut.conf.d": { "01-dist.conf": { @@ -9892,6 +9903,50 @@ "udisks2.service", "unbound-anchor.timer" ], + "ssh_config": { + "/etc/ssh": { + "ssh_config": [ + "Include /etc/ssh/ssh_config.d/*.conf" + ] + }, + "/etc/ssh/ssh_config.d": { + "50-redhat.conf": [ + "Match final all", + "Include /etc/crypto-policies/back-ends/openssh.config", + "GSSAPIAuthentication yes", + "ForwardX11Trusted yes", + "SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "SendEnv XMODIFIERS" + ] + } + }, + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "Include /etc/ssh/sshd_config.d/*.conf", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server" + ] + }, + "/etc/ssh/sshd_config.d": { + "50-redhat.conf": [ + "Include /etc/crypto-policies/back-ends/opensshserver.config", + "SyslogFacility AUTHPRIV", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no", + "AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "AcceptEnv XMODIFIERS" + ] + } + }, "sudoers": { "/etc/sudoers": [ "Defaults !visiblepw", diff --git a/test/data/manifests/rhel_90_beta-aarch64-qcow2-boot.json b/test/data/manifests/rhel_90_beta-aarch64-qcow2-boot.json index 84ce328c7..2716f370f 100644 --- a/test/data/manifests/rhel_90_beta-aarch64-qcow2-boot.json +++ b/test/data/manifests/rhel_90_beta-aarch64-qcow2-boot.json @@ -9211,6 +9211,17 @@ } }, "default-target": "multi-user.target", + "dnf": { + "dnf.conf": { + "main": { + "best": "True", + "clean_requirements_on_remove": "True", + "gpgcheck": "1", + "installonly_limit": "3", + "skip_if_unavailable": "False" + } + } + }, "dracut": { "/usr/lib/dracut/dracut.conf.d": { "01-dist.conf": { @@ -10005,6 +10016,50 @@ "sssd.service", "unbound-anchor.timer" ], + "ssh_config": { + "/etc/ssh": { + "ssh_config": [ + "Include /etc/ssh/ssh_config.d/*.conf" + ] + }, + "/etc/ssh/ssh_config.d": { + "50-redhat.conf": [ + "Match final all", + "Include /etc/crypto-policies/back-ends/openssh.config", + "GSSAPIAuthentication yes", + "ForwardX11Trusted yes", + "SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "SendEnv XMODIFIERS" + ] + } + }, + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "Include /etc/ssh/sshd_config.d/*.conf", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server" + ] + }, + "/etc/ssh/sshd_config.d": { + "50-redhat.conf": [ + "Include /etc/crypto-policies/back-ends/opensshserver.config", + "SyslogFacility AUTHPRIV", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no", + "AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "AcceptEnv XMODIFIERS" + ] + } + }, "sudoers": { "/etc/sudoers": [ "Defaults !visiblepw", diff --git a/test/data/manifests/rhel_90_beta-aarch64-qcow2_customize-boot.json b/test/data/manifests/rhel_90_beta-aarch64-qcow2_customize-boot.json index f320fce74..58ed24b03 100644 --- a/test/data/manifests/rhel_90_beta-aarch64-qcow2_customize-boot.json +++ b/test/data/manifests/rhel_90_beta-aarch64-qcow2_customize-boot.json @@ -11655,6 +11655,17 @@ } }, "default-target": "multi-user.target", + "dnf": { + "dnf.conf": { + "main": { + "best": "True", + "clean_requirements_on_remove": "True", + "gpgcheck": "1", + "installonly_limit": "3", + "skip_if_unavailable": "False" + } + } + }, "dracut": { "/usr/lib/dracut/dracut.conf.d": { "01-dist.conf": { @@ -12481,6 +12492,50 @@ "sssd.service", "unbound-anchor.timer" ], + "ssh_config": { + "/etc/ssh": { + "ssh_config": [ + "Include /etc/ssh/ssh_config.d/*.conf" + ] + }, + "/etc/ssh/ssh_config.d": { + "50-redhat.conf": [ + "Match final all", + "Include /etc/crypto-policies/back-ends/openssh.config", + "GSSAPIAuthentication yes", + "ForwardX11Trusted yes", + "SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "SendEnv XMODIFIERS" + ] + } + }, + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "Include /etc/ssh/sshd_config.d/*.conf", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server" + ] + }, + "/etc/ssh/sshd_config.d": { + "50-redhat.conf": [ + "Include /etc/crypto-policies/back-ends/opensshserver.config", + "SyslogFacility AUTHPRIV", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no", + "AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "AcceptEnv XMODIFIERS" + ] + } + }, "sudoers": { "/etc/sudoers": [ "Defaults !visiblepw", diff --git a/test/data/manifests/rhel_90_beta-aarch64-tar-boot.json b/test/data/manifests/rhel_90_beta-aarch64-tar-boot.json index 9e61d10a5..681eb8f4a 100644 --- a/test/data/manifests/rhel_90_beta-aarch64-tar-boot.json +++ b/test/data/manifests/rhel_90_beta-aarch64-tar-boot.json @@ -5804,6 +5804,31 @@ "selinux-autorelabel-mark.service", "sshd.service" ], + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "Include /etc/ssh/sshd_config.d/*.conf", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server" + ] + }, + "/etc/ssh/sshd_config.d": { + "50-redhat.conf": [ + "Include /etc/crypto-policies/back-ends/opensshserver.config", + "SyslogFacility AUTHPRIV", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no", + "AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "AcceptEnv XMODIFIERS" + ] + } + }, "sysconfig": { "kernel": { "DEFAULTKERNEL": "kernel", diff --git a/test/data/manifests/rhel_90_beta-ppc64le-qcow2-boot.json b/test/data/manifests/rhel_90_beta-ppc64le-qcow2-boot.json index 838754c18..6ce415646 100644 --- a/test/data/manifests/rhel_90_beta-ppc64le-qcow2-boot.json +++ b/test/data/manifests/rhel_90_beta-ppc64le-qcow2-boot.json @@ -10009,6 +10009,17 @@ } }, "default-target": "multi-user.target", + "dnf": { + "dnf.conf": { + "main": { + "best": "True", + "clean_requirements_on_remove": "True", + "gpgcheck": "1", + "installonly_limit": "3", + "skip_if_unavailable": "False" + } + } + }, "dracut": { "/usr/lib/dracut/dracut.conf.d": { "01-dist.conf": { @@ -10851,6 +10862,50 @@ "sssd.service", "unbound-anchor.timer" ], + "ssh_config": { + "/etc/ssh": { + "ssh_config": [ + "Include /etc/ssh/ssh_config.d/*.conf" + ] + }, + "/etc/ssh/ssh_config.d": { + "50-redhat.conf": [ + "Match final all", + "Include /etc/crypto-policies/back-ends/openssh.config", + "GSSAPIAuthentication yes", + "ForwardX11Trusted yes", + "SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "SendEnv XMODIFIERS" + ] + } + }, + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "Include /etc/ssh/sshd_config.d/*.conf", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server" + ] + }, + "/etc/ssh/sshd_config.d": { + "50-redhat.conf": [ + "Include /etc/crypto-policies/back-ends/opensshserver.config", + "SyslogFacility AUTHPRIV", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no", + "AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "AcceptEnv XMODIFIERS" + ] + } + }, "sudoers": { "/etc/sudoers": [ "Defaults !visiblepw", diff --git a/test/data/manifests/rhel_90_beta-ppc64le-qcow2_customize-boot.json b/test/data/manifests/rhel_90_beta-ppc64le-qcow2_customize-boot.json index 67514cc3d..92dee4a79 100644 --- a/test/data/manifests/rhel_90_beta-ppc64le-qcow2_customize-boot.json +++ b/test/data/manifests/rhel_90_beta-ppc64le-qcow2_customize-boot.json @@ -12513,6 +12513,17 @@ } }, "default-target": "multi-user.target", + "dnf": { + "dnf.conf": { + "main": { + "best": "True", + "clean_requirements_on_remove": "True", + "gpgcheck": "1", + "installonly_limit": "3", + "skip_if_unavailable": "False" + } + } + }, "dracut": { "/usr/lib/dracut/dracut.conf.d": { "01-dist.conf": { @@ -13387,6 +13398,50 @@ "sssd.service", "unbound-anchor.timer" ], + "ssh_config": { + "/etc/ssh": { + "ssh_config": [ + "Include /etc/ssh/ssh_config.d/*.conf" + ] + }, + "/etc/ssh/ssh_config.d": { + "50-redhat.conf": [ + "Match final all", + "Include /etc/crypto-policies/back-ends/openssh.config", + "GSSAPIAuthentication yes", + "ForwardX11Trusted yes", + "SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "SendEnv XMODIFIERS" + ] + } + }, + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "Include /etc/ssh/sshd_config.d/*.conf", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server" + ] + }, + "/etc/ssh/sshd_config.d": { + "50-redhat.conf": [ + "Include /etc/crypto-policies/back-ends/opensshserver.config", + "SyslogFacility AUTHPRIV", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no", + "AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "AcceptEnv XMODIFIERS" + ] + } + }, "sudoers": { "/etc/sudoers": [ "Defaults !visiblepw", diff --git a/test/data/manifests/rhel_90_beta-ppc64le-tar-boot.json b/test/data/manifests/rhel_90_beta-ppc64le-tar-boot.json index 1b85c142d..54f29f1a4 100644 --- a/test/data/manifests/rhel_90_beta-ppc64le-tar-boot.json +++ b/test/data/manifests/rhel_90_beta-ppc64le-tar-boot.json @@ -5968,6 +5968,31 @@ "selinux-autorelabel-mark.service", "sshd.service" ], + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "Include /etc/ssh/sshd_config.d/*.conf", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server" + ] + }, + "/etc/ssh/sshd_config.d": { + "50-redhat.conf": [ + "Include /etc/crypto-policies/back-ends/opensshserver.config", + "SyslogFacility AUTHPRIV", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no", + "AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "AcceptEnv XMODIFIERS" + ] + } + }, "sysconfig": { "kernel": { "DEFAULTKERNEL": "kernel", diff --git a/test/data/manifests/rhel_90_beta-s390x-qcow2-boot.json b/test/data/manifests/rhel_90_beta-s390x-qcow2-boot.json index 4c516b5ba..46be2326a 100644 --- a/test/data/manifests/rhel_90_beta-s390x-qcow2-boot.json +++ b/test/data/manifests/rhel_90_beta-s390x-qcow2-boot.json @@ -10792,7 +10792,7 @@ "grub_arg": "--unrestricted", "grub_class": "kernel", "grub_users": "$grub_users", - "id": "-20211007122507-5.14.0-4.el9.s390x", + "id": "-20220214182505-5.14.0-4.el9.s390x", "initrd": "/boot/initramfs-5.14.0-4.el9.s390x.img", "linux": "/boot/vmlinuz-5.14.0-4.el9.s390x", "options": "root=UUID=0194fdc2-fa2f-4cc0-81d3-ff12045b73c8 console=tty0 console=ttyS0,115200n8 no_timer_check net.ifnames=0 crashkernel=auto", @@ -10917,6 +10917,17 @@ } }, "default-target": "multi-user.target", + "dnf": { + "dnf.conf": { + "main": { + "best": "True", + "clean_requirements_on_remove": "True", + "gpgcheck": "1", + "installonly_limit": "3", + "skip_if_unavailable": "False" + } + } + }, "dracut": { "/usr/lib/dracut/dracut.conf.d": { "01-dist.conf": { @@ -11734,6 +11745,50 @@ "sssd.service", "unbound-anchor.timer" ], + "ssh_config": { + "/etc/ssh": { + "ssh_config": [ + "Include /etc/ssh/ssh_config.d/*.conf" + ] + }, + "/etc/ssh/ssh_config.d": { + "50-redhat.conf": [ + "Match final all", + "Include /etc/crypto-policies/back-ends/openssh.config", + "GSSAPIAuthentication yes", + "ForwardX11Trusted yes", + "SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "SendEnv XMODIFIERS" + ] + } + }, + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "Include /etc/ssh/sshd_config.d/*.conf", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server" + ] + }, + "/etc/ssh/sshd_config.d": { + "50-redhat.conf": [ + "Include /etc/crypto-policies/back-ends/opensshserver.config", + "SyslogFacility AUTHPRIV", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no", + "AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "AcceptEnv XMODIFIERS" + ] + } + }, "sudoers": { "/etc/sudoers": [ "Defaults !visiblepw", diff --git a/test/data/manifests/rhel_90_beta-s390x-qcow2_customize-boot.json b/test/data/manifests/rhel_90_beta-s390x-qcow2_customize-boot.json index f350c4642..c191fc1d4 100644 --- a/test/data/manifests/rhel_90_beta-s390x-qcow2_customize-boot.json +++ b/test/data/manifests/rhel_90_beta-s390x-qcow2_customize-boot.json @@ -13126,7 +13126,7 @@ "grub_arg": "--unrestricted", "grub_class": "kernel", "grub_users": "$grub_users", - "id": "-20211007122711-0-rescue-ffffffffffffffffffffffffffffffff", + "id": "-20220214182709-0-rescue-ffffffffffffffffffffffffffffffff", "initrd": "/boot/initramfs-0-rescue-ffffffffffffffffffffffffffffffff.img", "linux": "/boot/vmlinuz-0-rescue-ffffffffffffffffffffffffffffffff", "options": "root=UUID=0194fdc2-fa2f-4cc0-81d3-ff12045b73c8 console=tty0 console=ttyS0,115200n8 no_timer_check net.ifnames=0 crashkernel=auto", @@ -13137,7 +13137,7 @@ "grub_arg": "--unrestricted", "grub_class": "kernel", "grub_users": "$grub_users", - "id": "-20211007122711-5.14.0-4.el9.s390x", + "id": "-20220214182709-5.14.0-4.el9.s390x", "initrd": "/boot/initramfs-5.14.0-4.el9.s390x.img", "linux": "/boot/vmlinuz-5.14.0-4.el9.s390x", "options": "root=UUID=0194fdc2-fa2f-4cc0-81d3-ff12045b73c8 console=tty0 console=ttyS0,115200n8 no_timer_check net.ifnames=0 crashkernel=auto", @@ -13262,6 +13262,17 @@ } }, "default-target": "multi-user.target", + "dnf": { + "dnf.conf": { + "main": { + "best": "True", + "clean_requirements_on_remove": "True", + "gpgcheck": "1", + "installonly_limit": "3", + "skip_if_unavailable": "False" + } + } + }, "dracut": { "/usr/lib/dracut/dracut.conf.d": { "01-dist.conf": { @@ -14111,6 +14122,50 @@ "sssd.service", "unbound-anchor.timer" ], + "ssh_config": { + "/etc/ssh": { + "ssh_config": [ + "Include /etc/ssh/ssh_config.d/*.conf" + ] + }, + "/etc/ssh/ssh_config.d": { + "50-redhat.conf": [ + "Match final all", + "Include /etc/crypto-policies/back-ends/openssh.config", + "GSSAPIAuthentication yes", + "ForwardX11Trusted yes", + "SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "SendEnv XMODIFIERS" + ] + } + }, + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "Include /etc/ssh/sshd_config.d/*.conf", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server" + ] + }, + "/etc/ssh/sshd_config.d": { + "50-redhat.conf": [ + "Include /etc/crypto-policies/back-ends/opensshserver.config", + "SyslogFacility AUTHPRIV", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no", + "AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "AcceptEnv XMODIFIERS" + ] + } + }, "sudoers": { "/etc/sudoers": [ "Defaults !visiblepw", diff --git a/test/data/manifests/rhel_90_beta-s390x-tar-boot.json b/test/data/manifests/rhel_90_beta-s390x-tar-boot.json index 0a430ea19..5f3e297c1 100644 --- a/test/data/manifests/rhel_90_beta-s390x-tar-boot.json +++ b/test/data/manifests/rhel_90_beta-s390x-tar-boot.json @@ -7296,6 +7296,31 @@ "selinux-autorelabel-mark.service", "sshd.service" ], + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "Include /etc/ssh/sshd_config.d/*.conf", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server" + ] + }, + "/etc/ssh/sshd_config.d": { + "50-redhat.conf": [ + "Include /etc/crypto-policies/back-ends/opensshserver.config", + "SyslogFacility AUTHPRIV", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no", + "AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "AcceptEnv XMODIFIERS" + ] + } + }, "sysconfig": { "kernel": { "DEFAULTKERNEL": "kernel", diff --git a/test/data/manifests/rhel_90_beta-x86_64-ami-boot.json b/test/data/manifests/rhel_90_beta-x86_64-ami-boot.json index 8aa9d9dc8..934934770 100644 --- a/test/data/manifests/rhel_90_beta-x86_64-ami-boot.json +++ b/test/data/manifests/rhel_90_beta-x86_64-ami-boot.json @@ -8823,6 +8823,17 @@ } }, "default-target": "multi-user.target", + "dnf": { + "dnf.conf": { + "main": { + "best": "True", + "clean_requirements_on_remove": "True", + "gpgcheck": "1", + "installonly_limit": "3", + "skip_if_unavailable": "False" + } + } + }, "dracut": { "/usr/lib/dracut/dracut.conf.d": { "01-dist.conf": { @@ -9569,6 +9580,50 @@ "sssd.service", "unbound-anchor.timer" ], + "ssh_config": { + "/etc/ssh": { + "ssh_config": [ + "Include /etc/ssh/ssh_config.d/*.conf" + ] + }, + "/etc/ssh/ssh_config.d": { + "50-redhat.conf": [ + "Match final all", + "Include /etc/crypto-policies/back-ends/openssh.config", + "GSSAPIAuthentication yes", + "ForwardX11Trusted yes", + "SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "SendEnv XMODIFIERS" + ] + } + }, + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "Include /etc/ssh/sshd_config.d/*.conf", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server" + ] + }, + "/etc/ssh/sshd_config.d": { + "50-redhat.conf": [ + "Include /etc/crypto-policies/back-ends/opensshserver.config", + "SyslogFacility AUTHPRIV", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no", + "AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "AcceptEnv XMODIFIERS" + ] + } + }, "sudoers": { "/etc/sudoers": [ "Defaults !visiblepw", diff --git a/test/data/manifests/rhel_90_beta-x86_64-ec2-boot.json b/test/data/manifests/rhel_90_beta-x86_64-ec2-boot.json index e0318b500..af41c6d75 100644 --- a/test/data/manifests/rhel_90_beta-x86_64-ec2-boot.json +++ b/test/data/manifests/rhel_90_beta-x86_64-ec2-boot.json @@ -8874,6 +8874,17 @@ } }, "default-target": "multi-user.target", + "dnf": { + "dnf.conf": { + "main": { + "best": "True", + "clean_requirements_on_remove": "True", + "gpgcheck": "1", + "installonly_limit": "3", + "skip_if_unavailable": "False" + } + } + }, "dracut": { "/usr/lib/dracut/dracut.conf.d": { "01-dist.conf": { @@ -9625,6 +9636,50 @@ "sssd.service", "unbound-anchor.timer" ], + "ssh_config": { + "/etc/ssh": { + "ssh_config": [ + "Include /etc/ssh/ssh_config.d/*.conf" + ] + }, + "/etc/ssh/ssh_config.d": { + "50-redhat.conf": [ + "Match final all", + "Include /etc/crypto-policies/back-ends/openssh.config", + "GSSAPIAuthentication yes", + "ForwardX11Trusted yes", + "SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "SendEnv XMODIFIERS" + ] + } + }, + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "Include /etc/ssh/sshd_config.d/*.conf", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server" + ] + }, + "/etc/ssh/sshd_config.d": { + "50-redhat.conf": [ + "Include /etc/crypto-policies/back-ends/opensshserver.config", + "SyslogFacility AUTHPRIV", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no", + "AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "AcceptEnv XMODIFIERS" + ] + } + }, "sudoers": { "/etc/sudoers": [ "Defaults !visiblepw", @@ -9890,6 +9945,124 @@ "r! /tmp/.X[0-9]*-lock" ] } + }, + "yum_repos": { + "/etc/yum.repos.d": { + "redhat-rhui-beta.repo": { + "rhui-rhel-9-appstream-beta-rhui-debug-rpms": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta", + "mirrorlist": "https://rhui.REGION.aws.ce.redhat.com/pulp/mirror/content/beta/rhel9/rhui/9/$basearch/appstream/debug", + "name": "Red Hat Enterprise Linux 9 - AppStream Beta from RHUI (Debug RPMs)", + "sslcacert": "/etc/pki/rhui/cdn.redhat.com-chain.crt", + "sslclientcert": "/etc/pki/rhui/product/content-rhel9.crt", + "sslclientkey": "/etc/pki/rhui/content-rhel9.key", + "sslverify": "1" + }, + "rhui-rhel-9-appstream-beta-rhui-rpms": { + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta", + "mirrorlist": "https://rhui.REGION.aws.ce.redhat.com/pulp/mirror/content/beta/rhel9/rhui/9/$basearch/appstream/os", + "name": "Red Hat Enterprise Linux 9 - AppStream Beta from RHUI (RPMs)", + "sslcacert": "/etc/pki/rhui/cdn.redhat.com-chain.crt", + "sslclientcert": "/etc/pki/rhui/product/content-rhel9.crt", + "sslclientkey": "/etc/pki/rhui/content-rhel9.key", + "sslverify": "1" + }, + "rhui-rhel-9-appstream-beta-rhui-source-rpms": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta", + "mirrorlist": "https://rhui.REGION.aws.ce.redhat.com/pulp/mirror/content/beta/rhel9/rhui/9/$basearch/appstream/source/SRPMS", + "name": "Red Hat Enterprise Linux 9 - AppStream Beta from RHUI (Source RPMs)", + "sslcacert": "/etc/pki/rhui/cdn.redhat.com-chain.crt", + "sslclientcert": "/etc/pki/rhui/product/content-rhel9.crt", + "sslclientkey": "/etc/pki/rhui/content-rhel9.key", + "sslverify": "1" + }, + "rhui-rhel-9-baseos-beta-rhui-debug-rpms": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta", + "mirrorlist": "https://rhui.REGION.aws.ce.redhat.com/pulp/mirror/content/beta/rhel9/rhui/9/$basearch/baseos/debug", + "name": "Red Hat Enterprise Linux 9 - BaseOS Beta from RHUI (Debug RPMs)", + "sslcacert": "/etc/pki/rhui/cdn.redhat.com-chain.crt", + "sslclientcert": "/etc/pki/rhui/product/content-rhel9.crt", + "sslclientkey": "/etc/pki/rhui/content-rhel9.key", + "sslverify": "1" + }, + "rhui-rhel-9-baseos-beta-rhui-rpms": { + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta", + "mirrorlist": "https://rhui.REGION.aws.ce.redhat.com/pulp/mirror/content/beta/rhel9/rhui/9/$basearch/baseos/os", + "name": "Red Hat Enterprise Linux 9 - BaseOS Beta from RHUI (RPMs)", + "sslcacert": "/etc/pki/rhui/cdn.redhat.com-chain.crt", + "sslclientcert": "/etc/pki/rhui/product/content-rhel9.crt", + "sslclientkey": "/etc/pki/rhui/content-rhel9.key", + "sslverify": "1" + }, + "rhui-rhel-9-baseos-beta-rhui-source-rpms": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta", + "mirrorlist": "https://rhui.REGION.aws.ce.redhat.com/pulp/mirror/content/beta/rhel9/rhui/9/$basearch/baseos/source/SRPMS", + "name": "Red Hat Enterprise Linux 9 - BaseOS Beta from RHUI (Source RPMs)", + "sslcacert": "/etc/pki/rhui/cdn.redhat.com-chain.crt", + "sslclientcert": "/etc/pki/rhui/product/content-rhel9.crt", + "sslclientkey": "/etc/pki/rhui/content-rhel9.key", + "sslverify": "1" + }, + "rhui-rhel-9-supplementary-beta-debug-rhui-rpms": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta", + "mirrorlist": "https://rhui.REGION.aws.ce.redhat.com/pulp/mirror/content/beta/rhel9/rhui/9/$basearch/supplementary/debug", + "name": "Red Hat Enterprise Linux 9 - Supplementary Beta (Debug RPMs) from RHUI", + "sslcacert": "/etc/pki/rhui/cdn.redhat.com-chain.crt", + "sslclientcert": "/etc/pki/rhui/product/content-rhel9.crt", + "sslclientkey": "/etc/pki/rhui/content-rhel9.key", + "sslverify": "1" + }, + "rhui-rhel-9-supplementary-beta-rhui-rpms": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta", + "mirrorlist": "https://rhui.REGION.aws.ce.redhat.com/pulp/mirror/content/beta/rhel9/rhui/9/$basearch/supplementary/os", + "name": "Red Hat Enterprise Linux 9 - Supplementary Beta (RPMs) from RHUI", + "sslcacert": "/etc/pki/rhui/cdn.redhat.com-chain.crt", + "sslclientcert": "/etc/pki/rhui/product/content-rhel9.crt", + "sslclientkey": "/etc/pki/rhui/content-rhel9.key", + "sslverify": "1" + }, + "rhui-rhel-9-supplementary-beta-source-rhui-rpms": { + "enabled": "0", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta", + "mirrorlist": "https://rhui.REGION.aws.ce.redhat.com/pulp/mirror/content/beta/rhel9/rhui/9/$basearch/supplementary/source/SRPMS", + "name": "Red Hat Enterprise Linux 9 - Supplementary Beta (Source RPMs) from RHUI", + "sslcacert": "/etc/pki/rhui/cdn.redhat.com-chain.crt", + "sslclientcert": "/etc/pki/rhui/product/content-rhel9.crt", + "sslclientkey": "/etc/pki/rhui/content-rhel9.key", + "sslverify": "1" + } + }, + "redhat-rhui-client-config.repo": { + "rhui-client-config-server-9": { + "enabled": "1", + "gpgcheck": "1", + "gpgkey": "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release", + "mirrorlist": "https://rhui.REGION.aws.ce.redhat.com/pulp/mirror/protected/rhui-client-config/rhel/server/9/$basearch/os", + "name": "Red Hat Enterprise Linux 9 Client Configuration", + "sslcacert": "/etc/pki/rhui/cdn.redhat.com-chain.crt", + "sslclientcert": "/etc/pki/rhui/product/rhui-client-config-server-9.crt", + "sslclientkey": "/etc/pki/rhui/rhui-client-config-server-9.key", + "sslverify": "1" + } + } + } } } } diff --git a/test/data/manifests/rhel_90_beta-x86_64-ec2_ha-boot.json b/test/data/manifests/rhel_90_beta-x86_64-ec2_ha-boot.json index 32791ee89..fd84ee8bf 100644 --- a/test/data/manifests/rhel_90_beta-x86_64-ec2_ha-boot.json +++ b/test/data/manifests/rhel_90_beta-x86_64-ec2_ha-boot.json @@ -11261,6 +11261,17 @@ } }, "default-target": "multi-user.target", + "dnf": { + "dnf.conf": { + "main": { + "best": "True", + "clean_requirements_on_remove": "True", + "gpgcheck": "1", + "installonly_limit": "3", + "skip_if_unavailable": "False" + } + } + }, "dracut": { "/usr/lib/dracut/dracut.conf.d": { "01-dist.conf": { @@ -12222,6 +12233,50 @@ "sssd.service", "unbound-anchor.timer" ], + "ssh_config": { + "/etc/ssh": { + "ssh_config": [ + "Include /etc/ssh/ssh_config.d/*.conf" + ] + }, + "/etc/ssh/ssh_config.d": { + "50-redhat.conf": [ + "Match final all", + "Include /etc/crypto-policies/back-ends/openssh.config", + "GSSAPIAuthentication yes", + "ForwardX11Trusted yes", + "SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "SendEnv XMODIFIERS" + ] + } + }, + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "Include /etc/ssh/sshd_config.d/*.conf", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server" + ] + }, + "/etc/ssh/sshd_config.d": { + "50-redhat.conf": [ + "Include /etc/crypto-policies/back-ends/opensshserver.config", + "SyslogFacility AUTHPRIV", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no", + "AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "AcceptEnv XMODIFIERS" + ] + } + }, "sudoers": { "/etc/sudoers": [ "Defaults !visiblepw", diff --git a/test/data/manifests/rhel_90_beta-x86_64-ec2_sap-boot.json b/test/data/manifests/rhel_90_beta-x86_64-ec2_sap-boot.json index a082540d7..f2c9dfcd4 100644 --- a/test/data/manifests/rhel_90_beta-x86_64-ec2_sap-boot.json +++ b/test/data/manifests/rhel_90_beta-x86_64-ec2_sap-boot.json @@ -11945,6 +11945,15 @@ }, "default-target": "multi-user.target", "dnf": { + "dnf.conf": { + "main": { + "best": "True", + "clean_requirements_on_remove": "True", + "gpgcheck": "1", + "installonly_limit": "3", + "skip_if_unavailable": "False" + } + }, "vars": { "releasever": "9.0" } @@ -12957,6 +12966,50 @@ "unbound-anchor.timer", "uuidd.socket" ], + "ssh_config": { + "/etc/ssh": { + "ssh_config": [ + "Include /etc/ssh/ssh_config.d/*.conf" + ] + }, + "/etc/ssh/ssh_config.d": { + "50-redhat.conf": [ + "Match final all", + "Include /etc/crypto-policies/back-ends/openssh.config", + "GSSAPIAuthentication yes", + "ForwardX11Trusted yes", + "SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "SendEnv XMODIFIERS" + ] + } + }, + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "Include /etc/ssh/sshd_config.d/*.conf", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server" + ] + }, + "/etc/ssh/sshd_config.d": { + "50-redhat.conf": [ + "Include /etc/crypto-policies/back-ends/opensshserver.config", + "SyslogFacility AUTHPRIV", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no", + "AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "AcceptEnv XMODIFIERS" + ] + } + }, "sudoers": { "/etc/sudoers": [ "Defaults !visiblepw", diff --git a/test/data/manifests/rhel_90_beta-x86_64-edge_commit-boot.json b/test/data/manifests/rhel_90_beta-x86_64-edge_commit-boot.json index 584546525..17302c103 100644 --- a/test/data/manifests/rhel_90_beta-x86_64-edge_commit-boot.json +++ b/test/data/manifests/rhel_90_beta-x86_64-edge_commit-boot.json @@ -9271,6 +9271,50 @@ "sshd.service", "udisks2.service" ], + "ssh_config": { + "/etc/ssh": { + "ssh_config": [ + "Include /etc/ssh/ssh_config.d/*.conf" + ] + }, + "/etc/ssh/ssh_config.d": { + "50-redhat.conf": [ + "Match final all", + "Include /etc/crypto-policies/back-ends/openssh.config", + "GSSAPIAuthentication yes", + "ForwardX11Trusted yes", + "SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "SendEnv XMODIFIERS" + ] + } + }, + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "Include /etc/ssh/sshd_config.d/*.conf", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server" + ] + }, + "/etc/ssh/sshd_config.d": { + "50-redhat.conf": [ + "Include /etc/crypto-policies/back-ends/opensshserver.config", + "SyslogFacility AUTHPRIV", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no", + "AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "AcceptEnv XMODIFIERS" + ] + } + }, "sudoers": { "/etc/sudoers": [ "Defaults !visiblepw", diff --git a/test/data/manifests/rhel_90_beta-x86_64-edge_commit_rt-boot.json b/test/data/manifests/rhel_90_beta-x86_64-edge_commit_rt-boot.json index 63c8f8331..d0e45c81a 100644 --- a/test/data/manifests/rhel_90_beta-x86_64-edge_commit_rt-boot.json +++ b/test/data/manifests/rhel_90_beta-x86_64-edge_commit_rt-boot.json @@ -10726,6 +10726,17 @@ ] }, "default-target": "graphical.target", + "dnf": { + "dnf.conf": { + "main": { + "best": "True", + "clean_requirements_on_remove": "True", + "gpgcheck": "1", + "installonly_limit": "3", + "skip_if_unavailable": "False" + } + } + }, "dracut": { "/usr/lib/dracut/dracut.conf.d": { "01-dist.conf": { @@ -11498,6 +11509,50 @@ "udisks2.service", "unbound-anchor.timer" ], + "ssh_config": { + "/etc/ssh": { + "ssh_config": [ + "Include /etc/ssh/ssh_config.d/*.conf" + ] + }, + "/etc/ssh/ssh_config.d": { + "50-redhat.conf": [ + "Match final all", + "Include /etc/crypto-policies/back-ends/openssh.config", + "GSSAPIAuthentication yes", + "ForwardX11Trusted yes", + "SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "SendEnv XMODIFIERS" + ] + } + }, + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "Include /etc/ssh/sshd_config.d/*.conf", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server" + ] + }, + "/etc/ssh/sshd_config.d": { + "50-redhat.conf": [ + "Include /etc/crypto-policies/back-ends/opensshserver.config", + "SyslogFacility AUTHPRIV", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no", + "AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "AcceptEnv XMODIFIERS" + ] + } + }, "sudoers": { "/etc/sudoers": [ "Defaults !visiblepw", diff --git a/test/data/manifests/rhel_90_beta-x86_64-openstack-boot.json b/test/data/manifests/rhel_90_beta-x86_64-openstack-boot.json index a58be06fb..8cd104d7a 100644 --- a/test/data/manifests/rhel_90_beta-x86_64-openstack-boot.json +++ b/test/data/manifests/rhel_90_beta-x86_64-openstack-boot.json @@ -9537,6 +9537,17 @@ } }, "default-target": "graphical.target", + "dnf": { + "dnf.conf": { + "main": { + "best": "True", + "clean_requirements_on_remove": "True", + "gpgcheck": "1", + "installonly_limit": "3", + "skip_if_unavailable": "False" + } + } + }, "dracut": { "/usr/lib/dracut/dracut.conf.d": { "01-dist.conf": { @@ -10347,6 +10358,50 @@ "udisks2.service", "unbound-anchor.timer" ], + "ssh_config": { + "/etc/ssh": { + "ssh_config": [ + "Include /etc/ssh/ssh_config.d/*.conf" + ] + }, + "/etc/ssh/ssh_config.d": { + "50-redhat.conf": [ + "Match final all", + "Include /etc/crypto-policies/back-ends/openssh.config", + "GSSAPIAuthentication yes", + "ForwardX11Trusted yes", + "SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "SendEnv XMODIFIERS" + ] + } + }, + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "Include /etc/ssh/sshd_config.d/*.conf", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server" + ] + }, + "/etc/ssh/sshd_config.d": { + "50-redhat.conf": [ + "Include /etc/crypto-policies/back-ends/opensshserver.config", + "SyslogFacility AUTHPRIV", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no", + "AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "AcceptEnv XMODIFIERS" + ] + } + }, "sudoers": { "/etc/sudoers": [ "Defaults !visiblepw", diff --git a/test/data/manifests/rhel_90_beta-x86_64-qcow2-boot.json b/test/data/manifests/rhel_90_beta-x86_64-qcow2-boot.json index 5c9e044bf..7638ff7d4 100644 --- a/test/data/manifests/rhel_90_beta-x86_64-qcow2-boot.json +++ b/test/data/manifests/rhel_90_beta-x86_64-qcow2-boot.json @@ -9451,6 +9451,17 @@ } }, "default-target": "multi-user.target", + "dnf": { + "dnf.conf": { + "main": { + "best": "True", + "clean_requirements_on_remove": "True", + "gpgcheck": "1", + "installonly_limit": "3", + "skip_if_unavailable": "False" + } + } + }, "dracut": { "/usr/lib/dracut/dracut.conf.d": { "01-dist.conf": { @@ -10264,6 +10275,50 @@ "sssd.service", "unbound-anchor.timer" ], + "ssh_config": { + "/etc/ssh": { + "ssh_config": [ + "Include /etc/ssh/ssh_config.d/*.conf" + ] + }, + "/etc/ssh/ssh_config.d": { + "50-redhat.conf": [ + "Match final all", + "Include /etc/crypto-policies/back-ends/openssh.config", + "GSSAPIAuthentication yes", + "ForwardX11Trusted yes", + "SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "SendEnv XMODIFIERS" + ] + } + }, + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "Include /etc/ssh/sshd_config.d/*.conf", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server" + ] + }, + "/etc/ssh/sshd_config.d": { + "50-redhat.conf": [ + "Include /etc/crypto-policies/back-ends/opensshserver.config", + "SyslogFacility AUTHPRIV", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no", + "AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "AcceptEnv XMODIFIERS" + ] + } + }, "sudoers": { "/etc/sudoers": [ "Defaults !visiblepw", diff --git a/test/data/manifests/rhel_90_beta-x86_64-qcow2_customize-boot.json b/test/data/manifests/rhel_90_beta-x86_64-qcow2_customize-boot.json index f115ae0b6..5c1d123c9 100644 --- a/test/data/manifests/rhel_90_beta-x86_64-qcow2_customize-boot.json +++ b/test/data/manifests/rhel_90_beta-x86_64-qcow2_customize-boot.json @@ -12101,6 +12101,17 @@ } }, "default-target": "multi-user.target", + "dnf": { + "dnf.conf": { + "main": { + "best": "True", + "clean_requirements_on_remove": "True", + "gpgcheck": "1", + "installonly_limit": "3", + "skip_if_unavailable": "False" + } + } + }, "dracut": { "/usr/lib/dracut/dracut.conf.d": { "01-dist.conf": { @@ -12958,6 +12969,50 @@ "sssd.service", "unbound-anchor.timer" ], + "ssh_config": { + "/etc/ssh": { + "ssh_config": [ + "Include /etc/ssh/ssh_config.d/*.conf" + ] + }, + "/etc/ssh/ssh_config.d": { + "50-redhat.conf": [ + "Match final all", + "Include /etc/crypto-policies/back-ends/openssh.config", + "GSSAPIAuthentication yes", + "ForwardX11Trusted yes", + "SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "SendEnv XMODIFIERS" + ] + } + }, + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "Include /etc/ssh/sshd_config.d/*.conf", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server" + ] + }, + "/etc/ssh/sshd_config.d": { + "50-redhat.conf": [ + "Include /etc/crypto-policies/back-ends/opensshserver.config", + "SyslogFacility AUTHPRIV", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no", + "AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "AcceptEnv XMODIFIERS" + ] + } + }, "sudoers": { "/etc/sudoers": [ "Defaults !visiblepw", diff --git a/test/data/manifests/rhel_90_beta-x86_64-tar-boot.json b/test/data/manifests/rhel_90_beta-x86_64-tar-boot.json index 57a23ff55..51e0dbf43 100644 --- a/test/data/manifests/rhel_90_beta-x86_64-tar-boot.json +++ b/test/data/manifests/rhel_90_beta-x86_64-tar-boot.json @@ -5986,6 +5986,31 @@ "selinux-autorelabel-mark.service", "sshd.service" ], + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "Include /etc/ssh/sshd_config.d/*.conf", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server" + ] + }, + "/etc/ssh/sshd_config.d": { + "50-redhat.conf": [ + "Include /etc/crypto-policies/back-ends/opensshserver.config", + "SyslogFacility AUTHPRIV", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no", + "AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "AcceptEnv XMODIFIERS" + ] + } + }, "sysconfig": { "kernel": { "DEFAULTKERNEL": "kernel", diff --git a/test/data/manifests/rhel_90_beta-x86_64-vhd-boot.json b/test/data/manifests/rhel_90_beta-x86_64-vhd-boot.json index 3be96002c..b8108a25c 100644 --- a/test/data/manifests/rhel_90_beta-x86_64-vhd-boot.json +++ b/test/data/manifests/rhel_90_beta-x86_64-vhd-boot.json @@ -9447,6 +9447,17 @@ } }, "default-target": "multi-user.target", + "dnf": { + "dnf.conf": { + "main": { + "best": "True", + "clean_requirements_on_remove": "True", + "gpgcheck": "1", + "installonly_limit": "3", + "skip_if_unavailable": "False" + } + } + }, "dracut": { "/usr/lib/dracut/dracut.conf.d": { "01-dist.conf": { @@ -10253,6 +10264,50 @@ "unbound-anchor.timer", "waagent.service" ], + "ssh_config": { + "/etc/ssh": { + "ssh_config": [ + "Include /etc/ssh/ssh_config.d/*.conf" + ] + }, + "/etc/ssh/ssh_config.d": { + "50-redhat.conf": [ + "Match final all", + "Include /etc/crypto-policies/back-ends/openssh.config", + "GSSAPIAuthentication yes", + "ForwardX11Trusted yes", + "SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "SendEnv XMODIFIERS" + ] + } + }, + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "Include /etc/ssh/sshd_config.d/*.conf", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server" + ] + }, + "/etc/ssh/sshd_config.d": { + "50-redhat.conf": [ + "Include /etc/crypto-policies/back-ends/opensshserver.config", + "SyslogFacility AUTHPRIV", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no", + "AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "AcceptEnv XMODIFIERS" + ] + } + }, "sudoers": { "/etc/sudoers": [ "Defaults !visiblepw", diff --git a/test/data/manifests/rhel_90_beta-x86_64-vmdk-boot.json b/test/data/manifests/rhel_90_beta-x86_64-vmdk-boot.json index 17444942c..c3d092bbc 100644 --- a/test/data/manifests/rhel_90_beta-x86_64-vmdk-boot.json +++ b/test/data/manifests/rhel_90_beta-x86_64-vmdk-boot.json @@ -9111,6 +9111,17 @@ ] }, "default-target": "graphical.target", + "dnf": { + "dnf.conf": { + "main": { + "best": "True", + "clean_requirements_on_remove": "True", + "gpgcheck": "1", + "installonly_limit": "3", + "skip_if_unavailable": "False" + } + } + }, "dracut": { "/usr/lib/dracut/dracut.conf.d": { "01-dist.conf": { @@ -9896,6 +9907,50 @@ "vgauthd.service", "vmtoolsd.service" ], + "ssh_config": { + "/etc/ssh": { + "ssh_config": [ + "Include /etc/ssh/ssh_config.d/*.conf" + ] + }, + "/etc/ssh/ssh_config.d": { + "50-redhat.conf": [ + "Match final all", + "Include /etc/crypto-policies/back-ends/openssh.config", + "GSSAPIAuthentication yes", + "ForwardX11Trusted yes", + "SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "SendEnv XMODIFIERS" + ] + } + }, + "sshd_config": { + "/etc/ssh": { + "sshd_config": [ + "Include /etc/ssh/sshd_config.d/*.conf", + "AuthorizedKeysFile\t.ssh/authorized_keys", + "Subsystem\tsftp\t/usr/libexec/openssh/sftp-server" + ] + }, + "/etc/ssh/sshd_config.d": { + "50-redhat.conf": [ + "Include /etc/crypto-policies/back-ends/opensshserver.config", + "SyslogFacility AUTHPRIV", + "ChallengeResponseAuthentication no", + "GSSAPIAuthentication yes", + "GSSAPICleanupCredentials no", + "UsePAM yes", + "X11Forwarding yes", + "PrintMotd no", + "AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES", + "AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT", + "AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE", + "AcceptEnv XMODIFIERS" + ] + } + }, "sudoers": { "/etc/sudoers": [ "Defaults !visiblepw",