diff --git a/base/comps/azurelinux-release/50-client-alive-interval.conf b/base/comps/azurelinux-release/50-client-alive-interval.conf new file mode 100644 index 00000000000..ccf5a6ad969 --- /dev/null +++ b/base/comps/azurelinux-release/50-client-alive-interval.conf @@ -0,0 +1,10 @@ + +# This is included only to meet Azure compliance testing, and is +# unnecessary in a AzureLinux 4.0 VM cloud instance, because we set +# the sysctl net.ipv4.tcp_keepalive_time to 120, which serves to keep +# all idle TCP connections (including all TCP ssh connections) from +# being disconnected. This setting does not add or improve any +# security, nor does it cause idle ssh clients to be disconnected (in +# fact, it does the exact opposite - it prevents idle ssh connections +# from being disconnected). +ClientAliveInterval 180 diff --git a/base/comps/azurelinux-release/azurelinux-release.comp.toml b/base/comps/azurelinux-release/azurelinux-release.comp.toml index a4e14e85be9..cb9e6ce7377 100644 --- a/base/comps/azurelinux-release/azurelinux-release.comp.toml +++ b/base/comps/azurelinux-release/azurelinux-release.comp.toml @@ -1,2 +1,3 @@ [components.azurelinux-release] spec = { type = "local", path = "azurelinux-release.spec" } +release = { calculation = "manual" } diff --git a/base/comps/azurelinux-release/azurelinux-release.spec b/base/comps/azurelinux-release/azurelinux-release.spec index b9513ead2fb..622f11bc337 100644 --- a/base/comps/azurelinux-release/azurelinux-release.spec +++ b/base/comps/azurelinux-release/azurelinux-release.spec @@ -39,7 +39,7 @@ Summary: Azure Linux release files Name: azurelinux-release Version: 4.0 # TODO(azl): Review whether we can move back to autorelease (with conditional -p) -Release: 11%{?dist} +Release: 13%{?dist} License: MIT URL: https://aka.ms/azurelinux @@ -56,6 +56,7 @@ Source17: 20-azure.conf Source20: chrony-azure.conf Source21: 50-azure-cloud.conf Source22: 70-azurelinux-hardening.conf +Source23: 50-client-alive-interval.conf BuildArch: noarch @@ -339,6 +340,7 @@ sed -i -e "/^DEFAULT_HOSTNAME=/d" %{buildroot}%{_prefix}/lib/os-release.cloud install -Dm0644 %{SOURCE17} -t %{buildroot}%{_prefix}/lib/sysctl.d/ install -Dm0644 %{SOURCE20} -t %{buildroot}%{_sysconfdir}/chrony.d/ install -Dm0644 %{SOURCE21} -t %{buildroot}%{_prefix}/lib/systemd/networkd.conf.d/ +install -Dm0600 %{SOURCE23} -t %{buildroot}%{_sysconfdir}/ssh/sshd_config.d/ %endif %if %{with container} @@ -350,6 +352,7 @@ echo "VARIANT_ID=container" >> %{buildroot}%{_prefix}/lib/os-release.container sed -i -e "s|(%{release_name}%{?prerelease})|(Container Image%{?prerelease})|g" %{buildroot}%{_prefix}/lib/os-release.container sed -e "s#\$version#%{bug_version}#g" -e 's/$variant/Container/;s///;/^$/d' %{SOURCE15} > %{buildroot}%{_swidtagdir}/com.microsoft.AzureLinux-variant.swidtag.container install -Dm0644 %{SOURCE17} -t %{buildroot}%{_prefix}/lib/sysctl.d/ +install -Dm0600 %{SOURCE23} -t %{buildroot}%{_sysconfdir}/ssh/sshd_config.d/ %endif %if %{with wsl} @@ -448,6 +451,7 @@ install -Dm0644 %{SOURCE22} -t %{buildroot}%{_sysctldir}/ %{_prefix}/lib/sysctl.d/20-azure.conf %{_sysconfdir}/chrony.d/chrony-azure.conf %{_prefix}/lib/systemd/networkd.conf.d/50-azure-cloud.conf +%{_sysconfdir}/ssh/sshd_config.d/50-client-alive-interval.conf %endif @@ -457,6 +461,7 @@ install -Dm0644 %{SOURCE22} -t %{buildroot}%{_sysctldir}/ %{_prefix}/lib/os-release.container %attr(0644,root,root) %{_swidtagdir}/com.microsoft.AzureLinux-variant.swidtag.container %{_prefix}/lib/sysctl.d/20-azure.conf +%{_sysconfdir}/ssh/sshd_config.d/50-client-alive-interval.conf %endif @@ -469,6 +474,12 @@ install -Dm0644 %{SOURCE22} -t %{buildroot}%{_sysctldir}/ %changelog +* Wed May 06 2026 Dan Streetman - 4.0-13 +- add 50-client-alive-interval.conf + +* Wed May 06 2026 Dan Streetman - 4.0-12 +- no-change bump to match "rendered" spec release + * Thu Apr 23 2026 Dan Streetman - 4.0-11 - Revert proc-version-override diff --git a/locks/azurelinux-release.lock b/locks/azurelinux-release.lock index 15555d698e5..1244f4af4c9 100644 --- a/locks/azurelinux-release.lock +++ b/locks/azurelinux-release.lock @@ -1,3 +1,3 @@ # Managed by azldev component update. Do not edit manually. version = 1 -input-fingerprint = 'sha256:6cde34c9e164e490529b903d2e9763f6763be4abba745e5bc09abeec01a0ade9' +input-fingerprint = 'sha256:2558a97576130f511fb4d07eece8aa7969c35fe1257e422843b99dd9d5a000a2' diff --git a/specs/a/azurelinux-release/50-client-alive-interval.conf b/specs/a/azurelinux-release/50-client-alive-interval.conf new file mode 100644 index 00000000000..ccf5a6ad969 --- /dev/null +++ b/specs/a/azurelinux-release/50-client-alive-interval.conf @@ -0,0 +1,10 @@ + +# This is included only to meet Azure compliance testing, and is +# unnecessary in a AzureLinux 4.0 VM cloud instance, because we set +# the sysctl net.ipv4.tcp_keepalive_time to 120, which serves to keep +# all idle TCP connections (including all TCP ssh connections) from +# being disconnected. This setting does not add or improve any +# security, nor does it cause idle ssh clients to be disconnected (in +# fact, it does the exact opposite - it prevents idle ssh connections +# from being disconnected). +ClientAliveInterval 180 diff --git a/specs/a/azurelinux-release/azurelinux-release.spec b/specs/a/azurelinux-release/azurelinux-release.spec index 909ce6ae584..65d55d871e7 100644 --- a/specs/a/azurelinux-release/azurelinux-release.spec +++ b/specs/a/azurelinux-release/azurelinux-release.spec @@ -42,7 +42,7 @@ Summary: Azure Linux release files Name: azurelinux-release Version: 4.0 # TODO(azl): Review whether we can move back to autorelease (with conditional -p) -Release: 12%{?dist} +Release: 13%{?dist} License: MIT URL: https://aka.ms/azurelinux @@ -59,6 +59,7 @@ Source17: 20-azure.conf Source20: chrony-azure.conf Source21: 50-azure-cloud.conf Source22: 70-azurelinux-hardening.conf +Source23: 50-client-alive-interval.conf BuildArch: noarch @@ -342,6 +343,7 @@ sed -i -e "/^DEFAULT_HOSTNAME=/d" %{buildroot}%{_prefix}/lib/os-release.cloud install -Dm0644 %{SOURCE17} -t %{buildroot}%{_prefix}/lib/sysctl.d/ install -Dm0644 %{SOURCE20} -t %{buildroot}%{_sysconfdir}/chrony.d/ install -Dm0644 %{SOURCE21} -t %{buildroot}%{_prefix}/lib/systemd/networkd.conf.d/ +install -Dm0600 %{SOURCE23} -t %{buildroot}%{_sysconfdir}/ssh/sshd_config.d/ %endif %if %{with container} @@ -353,6 +355,7 @@ echo "VARIANT_ID=container" >> %{buildroot}%{_prefix}/lib/os-release.container sed -i -e "s|(%{release_name}%{?prerelease})|(Container Image%{?prerelease})|g" %{buildroot}%{_prefix}/lib/os-release.container sed -e "s#\$version#%{bug_version}#g" -e 's/$variant/Container/;s///;/^$/d' %{SOURCE15} > %{buildroot}%{_swidtagdir}/com.microsoft.AzureLinux-variant.swidtag.container install -Dm0644 %{SOURCE17} -t %{buildroot}%{_prefix}/lib/sysctl.d/ +install -Dm0600 %{SOURCE23} -t %{buildroot}%{_sysconfdir}/ssh/sshd_config.d/ %endif %if %{with wsl} @@ -451,6 +454,7 @@ install -Dm0644 %{SOURCE22} -t %{buildroot}%{_sysctldir}/ %{_prefix}/lib/sysctl.d/20-azure.conf %{_sysconfdir}/chrony.d/chrony-azure.conf %{_prefix}/lib/systemd/networkd.conf.d/50-azure-cloud.conf +%{_sysconfdir}/ssh/sshd_config.d/50-client-alive-interval.conf %endif @@ -460,6 +464,7 @@ install -Dm0644 %{SOURCE22} -t %{buildroot}%{_sysctldir}/ %{_prefix}/lib/os-release.container %attr(0644,root,root) %{_swidtagdir}/com.microsoft.AzureLinux-variant.swidtag.container %{_prefix}/lib/sysctl.d/20-azure.conf +%{_sysconfdir}/ssh/sshd_config.d/50-client-alive-interval.conf %endif @@ -472,6 +477,12 @@ install -Dm0644 %{SOURCE22} -t %{buildroot}%{_sysctldir}/ %changelog +* Wed May 06 2026 Dan Streetman - 4.0-13 +- add 50-client-alive-interval.conf + +* Wed May 06 2026 Dan Streetman - 4.0-12 +- no-change bump to match "rendered" spec release + * Thu Apr 23 2026 Dan Streetman - 4.0-11 - Revert proc-version-override