From 7f938d462a27173a20daad0f4b1b391923ae0cb7 Mon Sep 17 00:00:00 2001
From: Dan Streetman <ddstreet@ieee.org>
Date: Tue, 5 May 2026 15:06:18 -0400
Subject: [PATCH 1/4] feat(azurelinux-release): set component to manual release
 mode

---
 base/comps/azurelinux-release/azurelinux-release.comp.toml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/base/comps/azurelinux-release/azurelinux-release.comp.toml b/base/comps/azurelinux-release/azurelinux-release.comp.toml
index a4e14e85be9..cb9e6ce7377 100644
--- a/base/comps/azurelinux-release/azurelinux-release.comp.toml
+++ b/base/comps/azurelinux-release/azurelinux-release.comp.toml
@@ -1,2 +1,3 @@
 [components.azurelinux-release]
 spec = { type = "local", path = "azurelinux-release.spec" }
+release = { calculation = "manual" }

From 2d7743155d8fbe72ad32ad82b7957e2439b16a60 Mon Sep 17 00:00:00 2001
From: Dan Streetman <ddstreet@ieee.org>
Date: Wed, 6 May 2026 10:56:05 -0400
Subject: [PATCH 2/4] chore(azurelinux-release): no-change release bump to
 match "rendered" spec release

---
 base/comps/azurelinux-release/azurelinux-release.spec | 5 ++++-
 specs/a/azurelinux-release/azurelinux-release.spec    | 5 ++++-
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/base/comps/azurelinux-release/azurelinux-release.spec b/base/comps/azurelinux-release/azurelinux-release.spec
index b9513ead2fb..7d51603566d 100644
--- a/base/comps/azurelinux-release/azurelinux-release.spec
+++ b/base/comps/azurelinux-release/azurelinux-release.spec
@@ -39,7 +39,7 @@ Summary:        Azure Linux release files
 Name:           azurelinux-release
 Version:        4.0
 # TODO(azl): Review whether we can move back to autorelease (with conditional -p)
-Release:        11%{?dist}
+Release:        12%{?dist}
 License:        MIT
 URL:            https://aka.ms/azurelinux
 
@@ -469,6 +469,9 @@ install -Dm0644 %{SOURCE22} -t %{buildroot}%{_sysctldir}/
 
 
 %changelog
+* Wed May 06 2026 Dan Streetman <ddstreet@ieee.org> - 4.0-12
+- no-change bump to match "rendered" spec release
+
 * Thu Apr 23 2026 Dan Streetman <ddstreet@ieee.org> - 4.0-11
 - Revert proc-version-override
 
diff --git a/specs/a/azurelinux-release/azurelinux-release.spec b/specs/a/azurelinux-release/azurelinux-release.spec
index 909ce6ae584..74126c7c70f 100644
--- a/specs/a/azurelinux-release/azurelinux-release.spec
+++ b/specs/a/azurelinux-release/azurelinux-release.spec
@@ -42,7 +42,7 @@ Summary:        Azure Linux release files
 Name:           azurelinux-release
 Version:        4.0
 # TODO(azl): Review whether we can move back to autorelease (with conditional -p)
-Release: 12%{?dist}
+Release:        12%{?dist}
 License:        MIT
 URL:            https://aka.ms/azurelinux
 
@@ -472,6 +472,9 @@ install -Dm0644 %{SOURCE22} -t %{buildroot}%{_sysctldir}/
 
 
 %changelog
+* Wed May 06 2026 Dan Streetman <ddstreet@ieee.org> - 4.0-12
+- no-change bump to match "rendered" spec release
+
 * Thu Apr 23 2026 Dan Streetman <ddstreet@ieee.org> - 4.0-11
 - Revert proc-version-override
 

From dc5de47a38fa7be7d72c46028d9aa56bcda9a631 Mon Sep 17 00:00:00 2001
From: Dan Streetman <ddstreet@ieee.org>
Date: Tue, 5 May 2026 15:06:18 -0400
Subject: [PATCH 3/4] feat: add config file for openssh ClientAliveInterval

Add a config file with the ClientAliveInterval setting to 180.
---
 .../azurelinux-release/50-client-alive-interval.conf   | 10 ++++++++++
 base/comps/azurelinux-release/azurelinux-release.spec  | 10 +++++++++-
 .../a/azurelinux-release/50-client-alive-interval.conf | 10 ++++++++++
 specs/a/azurelinux-release/azurelinux-release.spec     | 10 +++++++++-
 4 files changed, 38 insertions(+), 2 deletions(-)
 create mode 100644 base/comps/azurelinux-release/50-client-alive-interval.conf
 create mode 100644 specs/a/azurelinux-release/50-client-alive-interval.conf

diff --git a/base/comps/azurelinux-release/50-client-alive-interval.conf b/base/comps/azurelinux-release/50-client-alive-interval.conf
new file mode 100644
index 00000000000..ccf5a6ad969
--- /dev/null
+++ b/base/comps/azurelinux-release/50-client-alive-interval.conf
@@ -0,0 +1,10 @@
+
+# This is included only to meet Azure compliance testing, and is
+# unnecessary in a AzureLinux 4.0 VM cloud instance, because we set
+# the sysctl net.ipv4.tcp_keepalive_time to 120, which serves to keep
+# all idle TCP connections (including all TCP ssh connections) from
+# being disconnected. This setting does not add or improve any
+# security, nor does it cause idle ssh clients to be disconnected (in
+# fact, it does the exact opposite - it prevents idle ssh connections
+# from being disconnected).
+ClientAliveInterval 180
diff --git a/base/comps/azurelinux-release/azurelinux-release.spec b/base/comps/azurelinux-release/azurelinux-release.spec
index 7d51603566d..622f11bc337 100644
--- a/base/comps/azurelinux-release/azurelinux-release.spec
+++ b/base/comps/azurelinux-release/azurelinux-release.spec
@@ -39,7 +39,7 @@ Summary:        Azure Linux release files
 Name:           azurelinux-release
 Version:        4.0
 # TODO(azl): Review whether we can move back to autorelease (with conditional -p)
-Release:        12%{?dist}
+Release:        13%{?dist}
 License:        MIT
 URL:            https://aka.ms/azurelinux
 
@@ -56,6 +56,7 @@ Source17:       20-azure.conf
 Source20:       chrony-azure.conf
 Source21:       50-azure-cloud.conf
 Source22:       70-azurelinux-hardening.conf
+Source23:       50-client-alive-interval.conf
 
 BuildArch:      noarch
 
@@ -339,6 +340,7 @@ sed -i -e "/^DEFAULT_HOSTNAME=/d" %{buildroot}%{_prefix}/lib/os-release.cloud
 install -Dm0644 %{SOURCE17} -t %{buildroot}%{_prefix}/lib/sysctl.d/
 install -Dm0644 %{SOURCE20} -t %{buildroot}%{_sysconfdir}/chrony.d/
 install -Dm0644 %{SOURCE21} -t %{buildroot}%{_prefix}/lib/systemd/networkd.conf.d/
+install -Dm0600 %{SOURCE23} -t %{buildroot}%{_sysconfdir}/ssh/sshd_config.d/
 %endif
 
 %if %{with container}
@@ -350,6 +352,7 @@ echo "VARIANT_ID=container" >> %{buildroot}%{_prefix}/lib/os-release.container
 sed -i -e "s|(%{release_name}%{?prerelease})|(Container Image%{?prerelease})|g" %{buildroot}%{_prefix}/lib/os-release.container
 sed -e "s#\$version#%{bug_version}#g" -e 's/$variant/Container/;s/<!--.*-->//;/^$/d' %{SOURCE15} > %{buildroot}%{_swidtagdir}/com.microsoft.AzureLinux-variant.swidtag.container
 install -Dm0644 %{SOURCE17} -t %{buildroot}%{_prefix}/lib/sysctl.d/
+install -Dm0600 %{SOURCE23} -t %{buildroot}%{_sysconfdir}/ssh/sshd_config.d/
 %endif
 
 %if %{with wsl}
@@ -448,6 +451,7 @@ install -Dm0644 %{SOURCE22} -t %{buildroot}%{_sysctldir}/
 %{_prefix}/lib/sysctl.d/20-azure.conf
 %{_sysconfdir}/chrony.d/chrony-azure.conf
 %{_prefix}/lib/systemd/networkd.conf.d/50-azure-cloud.conf
+%{_sysconfdir}/ssh/sshd_config.d/50-client-alive-interval.conf
 %endif
 
 
@@ -457,6 +461,7 @@ install -Dm0644 %{SOURCE22} -t %{buildroot}%{_sysctldir}/
 %{_prefix}/lib/os-release.container
 %attr(0644,root,root) %{_swidtagdir}/com.microsoft.AzureLinux-variant.swidtag.container
 %{_prefix}/lib/sysctl.d/20-azure.conf
+%{_sysconfdir}/ssh/sshd_config.d/50-client-alive-interval.conf
 %endif
 
 
@@ -469,6 +474,9 @@ install -Dm0644 %{SOURCE22} -t %{buildroot}%{_sysctldir}/
 
 
 %changelog
+* Wed May 06 2026 Dan Streetman <ddstreet@ieee.org> - 4.0-13
+- add 50-client-alive-interval.conf
+
 * Wed May 06 2026 Dan Streetman <ddstreet@ieee.org> - 4.0-12
 - no-change bump to match "rendered" spec release
 
diff --git a/specs/a/azurelinux-release/50-client-alive-interval.conf b/specs/a/azurelinux-release/50-client-alive-interval.conf
new file mode 100644
index 00000000000..ccf5a6ad969
--- /dev/null
+++ b/specs/a/azurelinux-release/50-client-alive-interval.conf
@@ -0,0 +1,10 @@
+
+# This is included only to meet Azure compliance testing, and is
+# unnecessary in a AzureLinux 4.0 VM cloud instance, because we set
+# the sysctl net.ipv4.tcp_keepalive_time to 120, which serves to keep
+# all idle TCP connections (including all TCP ssh connections) from
+# being disconnected. This setting does not add or improve any
+# security, nor does it cause idle ssh clients to be disconnected (in
+# fact, it does the exact opposite - it prevents idle ssh connections
+# from being disconnected).
+ClientAliveInterval 180
diff --git a/specs/a/azurelinux-release/azurelinux-release.spec b/specs/a/azurelinux-release/azurelinux-release.spec
index 74126c7c70f..65d55d871e7 100644
--- a/specs/a/azurelinux-release/azurelinux-release.spec
+++ b/specs/a/azurelinux-release/azurelinux-release.spec
@@ -42,7 +42,7 @@ Summary:        Azure Linux release files
 Name:           azurelinux-release
 Version:        4.0
 # TODO(azl): Review whether we can move back to autorelease (with conditional -p)
-Release:        12%{?dist}
+Release:        13%{?dist}
 License:        MIT
 URL:            https://aka.ms/azurelinux
 
@@ -59,6 +59,7 @@ Source17:       20-azure.conf
 Source20:       chrony-azure.conf
 Source21:       50-azure-cloud.conf
 Source22:       70-azurelinux-hardening.conf
+Source23:       50-client-alive-interval.conf
 
 BuildArch:      noarch
 
@@ -342,6 +343,7 @@ sed -i -e "/^DEFAULT_HOSTNAME=/d" %{buildroot}%{_prefix}/lib/os-release.cloud
 install -Dm0644 %{SOURCE17} -t %{buildroot}%{_prefix}/lib/sysctl.d/
 install -Dm0644 %{SOURCE20} -t %{buildroot}%{_sysconfdir}/chrony.d/
 install -Dm0644 %{SOURCE21} -t %{buildroot}%{_prefix}/lib/systemd/networkd.conf.d/
+install -Dm0600 %{SOURCE23} -t %{buildroot}%{_sysconfdir}/ssh/sshd_config.d/
 %endif
 
 %if %{with container}
@@ -353,6 +355,7 @@ echo "VARIANT_ID=container" >> %{buildroot}%{_prefix}/lib/os-release.container
 sed -i -e "s|(%{release_name}%{?prerelease})|(Container Image%{?prerelease})|g" %{buildroot}%{_prefix}/lib/os-release.container
 sed -e "s#\$version#%{bug_version}#g" -e 's/$variant/Container/;s/<!--.*-->//;/^$/d' %{SOURCE15} > %{buildroot}%{_swidtagdir}/com.microsoft.AzureLinux-variant.swidtag.container
 install -Dm0644 %{SOURCE17} -t %{buildroot}%{_prefix}/lib/sysctl.d/
+install -Dm0600 %{SOURCE23} -t %{buildroot}%{_sysconfdir}/ssh/sshd_config.d/
 %endif
 
 %if %{with wsl}
@@ -451,6 +454,7 @@ install -Dm0644 %{SOURCE22} -t %{buildroot}%{_sysctldir}/
 %{_prefix}/lib/sysctl.d/20-azure.conf
 %{_sysconfdir}/chrony.d/chrony-azure.conf
 %{_prefix}/lib/systemd/networkd.conf.d/50-azure-cloud.conf
+%{_sysconfdir}/ssh/sshd_config.d/50-client-alive-interval.conf
 %endif
 
 
@@ -460,6 +464,7 @@ install -Dm0644 %{SOURCE22} -t %{buildroot}%{_sysctldir}/
 %{_prefix}/lib/os-release.container
 %attr(0644,root,root) %{_swidtagdir}/com.microsoft.AzureLinux-variant.swidtag.container
 %{_prefix}/lib/sysctl.d/20-azure.conf
+%{_sysconfdir}/ssh/sshd_config.d/50-client-alive-interval.conf
 %endif
 
 
@@ -472,6 +477,9 @@ install -Dm0644 %{SOURCE22} -t %{buildroot}%{_sysctldir}/
 
 
 %changelog
+* Wed May 06 2026 Dan Streetman <ddstreet@ieee.org> - 4.0-13
+- add 50-client-alive-interval.conf
+
 * Wed May 06 2026 Dan Streetman <ddstreet@ieee.org> - 4.0-12
 - no-change bump to match "rendered" spec release
 

From 26ef8d46eedbaf5f1057102875e888cddb7ce9f6 Mon Sep 17 00:00:00 2001
From: Dan Streetman <ddstreet@ieee.org>
Date: Wed, 6 May 2026 11:15:39 -0400
Subject: [PATCH 4/4] chore(azurelinux-release): update 'lock' file

---
 locks/azurelinux-release.lock | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/locks/azurelinux-release.lock b/locks/azurelinux-release.lock
index 15555d698e5..1244f4af4c9 100644
--- a/locks/azurelinux-release.lock
+++ b/locks/azurelinux-release.lock
@@ -1,3 +1,3 @@
 # Managed by azldev component update. Do not edit manually.
 version = 1
-input-fingerprint = 'sha256:6cde34c9e164e490529b903d2e9763f6763be4abba745e5bc09abeec01a0ade9'
+input-fingerprint = 'sha256:2558a97576130f511fb4d07eece8aa7969c35fe1257e422843b99dd9d5a000a2'