From e7986cc3553902e64e61e362695b46d13f5709c9 Mon Sep 17 00:00:00 2001
From: Flatcar Buildbot <buildbot@flatcar-linux.org>
Date: Thu, 22 Jun 2023 16:05:17 +0200
Subject: [PATCH] overlay coreos-base/oem-gce: Update oslogin enablement

We will be installing an sshd config snippet instead of replacing the
whole sshd config. In order to pull this off, we need to make sure
that the snippets directory exists and the main sshd config file
actually includes the snippets in the directory.
---
 .../coreos-base/oem-gce/files/bin/enable-oslogin      | 11 ++++++++---
 ...-20180823-r4.ebuild => oem-gce-20180823-r5.ebuild} |  0
 2 files changed, 8 insertions(+), 3 deletions(-)
 rename sdk_container/src/third_party/coreos-overlay/coreos-base/oem-gce/{oem-gce-20180823-r4.ebuild => oem-gce-20180823-r5.ebuild} (100%)

diff --git a/sdk_container/src/third_party/coreos-overlay/coreos-base/oem-gce/files/bin/enable-oslogin b/sdk_container/src/third_party/coreos-overlay/coreos-base/oem-gce/files/bin/enable-oslogin
index abf9899b679..7a8cd816a13 100644
--- a/sdk_container/src/third_party/coreos-overlay/coreos-base/oem-gce/files/bin/enable-oslogin
+++ b/sdk_container/src/third_party/coreos-overlay/coreos-base/oem-gce/files/bin/enable-oslogin
@@ -13,8 +13,13 @@ if [ "$(readlink -f /etc/nsswitch.conf)" != '/usr/share/baselayout/nsswitch.conf
 	exit 0
 fi
 
-if [ "$(readlink -f /etc/ssh/sshd_config)" != '/usr/share/ssh/sshd_config' ]; then
-	echo '/etc/ssh/sshd_config is not a symlink to /usr/share/ssh/sshd_config. Not enabling OS Login'
+if [[ ! -d '/etc/ssh/sshd_config.d' ]]; then
+	echo 'No /etc/ssh/sshd_config.d directory. Not enabling OS Login'
+	exit 0
+fi
+
+if ! grep --fixed-strings --no-messages --silent 'Include "/etc/ssh/sshd_config.d/*.conf"' '/etc/ssh/sshd_config'; then
+	echo '/etc/ssh/sshd_config does not include configuration snippets in /etc/ssh/sshd_config.d. Not enabling OS Login'
 	exit 0
 fi
 
@@ -25,6 +30,6 @@ mkdir -m 0750 -p '/var/lib/google-sudoers.d'
 mkdir -m 0750 -p '/var/lib/google-users.d'
 ln -f -s '/usr/share/google-oslogin/pam_sshd' '/etc/pam.d/sshd'
 ln -f -s '/usr/share/google-oslogin/nsswitch.conf' '/etc/nsswitch.conf'
-ln -f -s '/usr/share/google-oslogin/sshd_config' '/etc/ssh/sshd_config'
+ln -f -s '/usr/share/google-oslogin/60-flatcar-google-oslogin.conf' '/etc/ssh/sshd_config.d/60-flatcar-google-oslogin.conf'
 ln -f -s '/usr/share/google-oslogin/oslogin-sudoers' '/etc/sudoers.d/oslogin-sudoers'
 ln -f -s '/usr/share/google-oslogin/group.conf' '/etc/security/group.conf'
diff --git a/sdk_container/src/third_party/coreos-overlay/coreos-base/oem-gce/oem-gce-20180823-r4.ebuild b/sdk_container/src/third_party/coreos-overlay/coreos-base/oem-gce/oem-gce-20180823-r5.ebuild
similarity index 100%
rename from sdk_container/src/third_party/coreos-overlay/coreos-base/oem-gce/oem-gce-20180823-r4.ebuild
rename to sdk_container/src/third_party/coreos-overlay/coreos-base/oem-gce/oem-gce-20180823-r5.ebuild