From 4241f5bb39ec93fe269dc5983e175ce8aef740a9 Mon Sep 17 00:00:00 2001
From: Achilleas Koutsou <achilleas@koutsou.net>
Date: Thu, 23 May 2024 19:06:43 +0200
Subject: [PATCH] tools/gen-ssh: upgrade openssh before generating key

openssl gets installed as a dependency of the osbuild-composer-tests but
it might not update openssh at the same time, which can cause a version
mismatch when running ssh-keygen:

  OpenSSL version mismatch. Built against 30000000, you have 30200010

This is currently happening in CentOS Stream 9 so let's make sure
openssh is up to date before running ssh-keygen.
---
 tools/gen-ssh.sh | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/tools/gen-ssh.sh b/tools/gen-ssh.sh
index b5109b898..a68e0ae8b 100755
--- a/tools/gen-ssh.sh
+++ b/tools/gen-ssh.sh
@@ -3,6 +3,15 @@
 # Create SSH key
 SSH_DATA_DIR="$(mktemp -d)"
 SSH_KEY=${SSH_DATA_DIR}/id_rsa
+
+# openssl gets installed as a dependency of the osbuild-composer-tests but it
+# might not update openssh at the same time, which can cause a version mismatch
+# when running ssh-keygen:
+#
+#   OpenSSL version mismatch. Built against 30000000, you have 30200010
+#
+# Make sure openssh is up to date before running ssh-keygen
+sudo dnf -y upgrade openssh > /dev/null
 ssh-keygen -f "${SSH_KEY}" -N "" -q -t rsa-sha2-256 -b 2048
 
 # Change cloud-init/user-data ssh key