ssh-generator: create privsep dir via tmpfiles.d/ if we are told to

To make it easy to have a workable ssh-generator on various distros,
let's optionally generate the ssh privsep dir via tmpfiles.d/ drop-in.

This enables the concept with a path of /run/sshd/ as default. This is
the path Debian/Ubuntu uses, and means that we just work on those
distros. Debian/Ubuntu is the only distro (apparently?) that puts the
privsep dir under /run/, hence always needs the dir to be created
manually. Other distros don't need it that much, because they place the
dir in /usr/ (fedora, best choice!) or /var/ (others, not ideal, because
still mutable).

Also adds a longer explanation about this in NEWS, in the hope that
distro maintaines read that and maybe start cleaning this up.

Alternative to: #31543

1 files changed, 2 insertions, 0 deletions

diff --git a/meson_options.txt b/meson_options.txt
index 3a3ab6e7c1..af9a006563 100644
--- a/meson_options.txt
+++ b/meson_options.txt
@@ -215,6 +215,8 @@ option('sshconfdir', type : 'string',
        description : 'directory for SSH client configuration ["no" disables]')
 option('sshdconfdir', type : 'string',
        description : 'directory for SSH server configuration ["no" disables]')
+option('sshdprivsepdir', type : 'string',
+       description : 'directory for SSH privilege separation ["no" disables]', value : '/run/sshd')
 option('libcryptsetup-plugins-dir', type : 'string',
        description : 'directory for libcryptsetup plugins')
 option('docdir', type : 'string',