infra/kickstart/pipeline/head This commit looks goodDetails
Anaconda seems to want to install this by default now. This is a
useless package with a bunch of security vulnerabilities and a hard
dependency on Polkit.
When the SSH daemon is already configured to use an SSH host
certificate but the specified certificate file does not exist, then the
server will not try to use it later once it is created. This
essentially means that the certificate obtained during first boot will
not be used untile the SSH daemon is restarted.
Rather than try to set all of this up in the kickstart, it's probably
better to just let Ansible do it. Then, the SSH daemon can be restarted
as needed automatically (by the host provisioner).
Apparently something is populating `/etc/machine-id` at install time
now, which prevents units scheduled to run on first boot (with
`ConditionFirstBoot=true`) from starting.
Dustin