From 71ab9b10644909769b0aac126d1fdcb45275791c Mon Sep 17 00:00:00 2001
From: Flatcar Buildbot <buildbot@flatcar-linux.org>
Date: Thu, 22 Jun 2023 16:05:53 +0200
Subject: [PATCH] overlay coreos/config: Start installing default openssh
 configs

The configs provided by the openssh and Gentoo projects usually keep
everything commented out, meaning that the default values will be
used. On top of that, they will also include snippets in the snippet
directory. As such, start installing the default configs. We only mask
a snippet that defines sftp subsystem, because we provide our own
config snippet from coreos-base/misc-files that defines it.
---
 .../coreos/config/env/net-misc/openssh              | 13 +++++--------
 1 file changed, 5 insertions(+), 8 deletions(-)

diff --git a/sdk_container/src/third_party/coreos-overlay/coreos/config/env/net-misc/openssh b/sdk_container/src/third_party/coreos-overlay/coreos/config/env/net-misc/openssh
index 75f2a0f81c..879f94faee 100644
--- a/sdk_container/src/third_party/coreos-overlay/coreos/config/env/net-misc/openssh
+++ b/sdk_container/src/third_party/coreos-overlay/coreos/config/env/net-misc/openssh
@@ -1,12 +1,9 @@
-# We install these with our chromeos-base package.
+# Do not install the setuid file in production images.
+#
+# Do not install the config snippet that defines a subsystem. We have
+# our own definition in coreos-init.
 if [[ $(cros_target) != "cros_host" ]] ; then
-	openssh_mask="
-		/etc/ssh/ssh_config
-		/etc/ssh/sshd_config
-		/etc/ssh/ssh_config.d
-		/etc/ssh/sshd_config.d
-		/usr/lib*/misc/ssh-keysign
-	"
+	openssh_mask="/usr/lib*/misc/ssh-keysign /etc/ssh/sshd_config.d/*gentoo-subsystem.conf"
 	PKG_INSTALL_MASK+=" ${openssh_mask}"
 	INSTALL_MASK+=" ${openssh_mask}"
 	unset openssh_mask