Add directory for drop-in configs

Will be used in abf.io/import/sconfigs and may be in sssd/freeipa

ROSA-ssh-config.patch

@@ -33,33 +33,34 @@ How to update this patch:
 +#SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
 +#SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
 +#SendEnv LC_IDENTIFICATION LC_ALL
---- a/sshd_config.orig	2018-10-17 03:01:20.000000000 +0300
-+++ b/sshd_config	2018-11-16 12:24:43.936255054 +0300
+
+--- a/sshd_config.orig	2022-04-27 13:17:15.153377852 +0300
++++ b/sshd_config	2022-04-27 13:18:42.649809586 +0300
 @@ -3,7 +3,7 @@
  # This is the sshd server system-wide configuration file.  See
  # sshd_config(5) for more information.
- 
+
 -# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
 +# This sshd was compiled with PATH=_OPENSSH_PATH_
- 
+
  # The strategy used for options in the default sshd_config shipped with
  # OpenSSH is to specify options with their default value where
 @@ -15,9 +15,9 @@
  #ListenAddress 0.0.0.0
  #ListenAddress ::
- 
+
 -#HostKey /etc/ssh/ssh_host_rsa_key
 -#HostKey /etc/ssh/ssh_host_ecdsa_key
 -#HostKey /etc/ssh/ssh_host_ed25519_key
 +HostKey /etc/ssh/ssh_host_rsa_key
 +HostKey /etc/ssh/ssh_host_ecdsa_key
 +HostKey /etc/ssh/ssh_host_ed25519_key
- 
+
  # Ciphers and keying
  #RekeyLimit default none
 @@ -29,6 +29,7 @@
  # Authentication:
- 
+
  #LoginGraceTime 2m
 +# [ROSA] Edit /etc/ssh/denyusers and remove 'root' to enable PermitRootLogin
  #PermitRootLogin prohibit-password
@@ -70,7 +71,7 @@ How to update this patch:
  # PAM authentication, then enable this but set PasswordAuthentication
  # and ChallengeResponseAuthentication to 'no'.
 -#UsePAM no
-+# Warning: when running under systemd, and PAM usage is disabled, restarting 
++# Warning: when running under systemd, and PAM usage is disabled, restarting
 +# SSH service will likely kill off any ssh connections, including the
 +# current one
 +UsePAM yes
@@ -79,7 +80,7 @@ How to update this patch:
 +AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
 +AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
 +AcceptEnv LC_IDENTIFICATION LC_ALL
- 
+
  #AllowAgentForwarding yes
  #AllowTcpForwarding yes
  #GatewayPorts no
@@ -88,3 +89,10 @@ How to update this patch:
  #X11DisplayOffset 10
  #X11UseLocalhost yes
  #PermitTTY yes
+@@ -114,3 +123,6 @@
+ #	AllowTcpForwarding no
+ #	PermitTTY no
+ #	ForceCommand cvs server
++
++# Include additional files if there are any
++Include /etc/ssh/sshd_config.d/*

openssh.spec

@@ -10,7 +10,7 @@
 Summary:	OpenSSH free Secure Shell (SSH) implementation
 Name:		openssh
 Version:	8.8p1
-Release:	6
+Release:	7
 License:	BSD
 Group:		Networking/Remote access
 Url:		http://www.openssh.com/
@@ -189,6 +189,7 @@ your host.
 %{_mandir}/man5/moduli.5*
 %{_mandir}/man8/sshd.8*
 %{_mandir}/man8/sftp-server.8*
+%dir %attr(0700,root,root) %{_sysconfdir}/ssh/sshd_config.d
 %attr(0600,root,root) %config(noreplace) %{_sysconfdir}/ssh/sshd_config
 %attr(0600,root,root) %config(noreplace) %{_sysconfdir}/ssh/denyusers
 %attr(0600,root,root) %config(noreplace) %{_sysconfdir}/pam.d/sshd
@@ -390,6 +391,8 @@ install -m 644 contrib/ssh-copy-id.1 %{buildroot}/%{_mandir}/man1/
 
 # create pre-authentication directory
 mkdir -p %{buildroot}/var/empty
+# create directory for drop-in configs
+mkdir -p --mode=0700 %{buildroot}%{_sysconfdir}/ssh/sshd_config.d
 
 # remove unwanted files
 rm -f %{buildroot}%{_libexecdir}/ssh-askpass
@@ -422,4 +425,4 @@ EOF
 ( cd %{buildroot}%{_libexecdir} && ln -s %{_libexecdir} openssh )
 # Compatibility with manuals for RHEL that suggest to run it inside a kickstart file
 # RHEL 9 docs -> "12.2. Kickstart file for client installation"
-( cd %{buildroot}%{_libexecdir} && ln -s ../sbin/sshd-keygen sshd-keygen )
+( cd %{buildroot}%{_libexecdir} && ln -s ../sbin/sshd-keygen sshd-keygen )