diff options
| author | Colin Watson <cjwatson@debian.org> | 2004-08-02 17:29:06 +0000 |
|---|---|---|
| committer | Colin Watson <cjwatson@debian.org> | 2004-08-02 17:29:06 +0000 |
| commit | 4e43fff8597edbb2e708ac4df413795f5ca805cb (patch) | |
| tree | 409d281439c493595b3b11e58550a49a97298d41 | |
| parent | 0d718f4a4cf76da2c4de58475a4affba01a7e823 (diff) | |
Add a heuristic to try to make sure the sshd_config upgrade to >= 3.7
happens even though we don't know what version we're upgrading from.
| -rw-r--r-- | debian/changelog | 5 | ||||
| -rw-r--r-- | debian/openssh-server.postinst | 10 |
2 files changed, 10 insertions, 5 deletions
diff --git a/debian/changelog b/debian/changelog index 671e5b495..38a7c67ae 100644 --- a/debian/changelog +++ b/debian/changelog | |||
| @@ -11,9 +11,8 @@ openssh (1:3.8.1p1-9) UNRELEASED; urgency=low | |||
| 11 | without dodgy dpkg hackery. I've therefore taken the opportunity to move | 11 | without dodgy dpkg hackery. I've therefore taken the opportunity to move |
| 12 | a couple of debconf notes into NEWS files, namely ssh/ssh2_keys_merged | 12 | a couple of debconf notes into NEWS files, namely ssh/ssh2_keys_merged |
| 13 | and ssh/user_environment_tell. | 13 | and ssh/user_environment_tell. |
| 14 | * In general, upgrading to this version directly from woody without first | 14 | * Add a heuristic to try to make sure the sshd_config upgrade to >= 3.7 |
| 15 | upgrading to the version in sarge is not currently guaranteed to work | 15 | happens even though we don't know what version we're upgrading from. |
| 16 | very smoothly due to the aforementioned version discovery problems. | ||
| 17 | 16 | ||
| 18 | -- Colin Watson <cjwatson@debian.org> Sat, 31 Jul 2004 03:01:19 +0100 | 17 | -- Colin Watson <cjwatson@debian.org> Sat, 31 Jul 2004 03:01:19 +0100 |
| 19 | 18 | ||
diff --git a/debian/openssh-server.postinst b/debian/openssh-server.postinst index 64f9985a8..28af3f490 100644 --- a/debian/openssh-server.postinst +++ b/debian/openssh-server.postinst | |||
| @@ -90,10 +90,16 @@ create_sshdconfig() { | |||
| 90 | if dpkg --compare-versions "$oldversion" lt-nl 1:1.3 ; then | 90 | if dpkg --compare-versions "$oldversion" lt-nl 1:1.3 ; then |
| 91 | db_get ssh/new_config | 91 | db_get ssh/new_config |
| 92 | if [ "$RET" = "false" ] ; then return 0; fi | 92 | if [ "$RET" = "false" ] ; then return 0; fi |
| 93 | elif dpkg --compare-versions "$oldversion" lt-nl 1:3.8p1-1 && \ | 93 | elif (dpkg --compare-versions "$oldversion" lt-nl 1:3.8p1-1 && \ |
| 94 | ! grep -iq ^UsePAM /etc/ssh/sshd_config ; then | 94 | ! grep -iq ^UsePAM /etc/ssh/sshd_config) || \ |
| 95 | grep -Eiq '^(PAMAuthenticationViaKbdInt|RhostsAuthentication)' \ | ||
| 96 | /etc/ssh/sshd_config ; then | ||
| 95 | # Upgrade from pre-3.7: UsePAM needed to maintain standard | 97 | # Upgrade from pre-3.7: UsePAM needed to maintain standard |
| 96 | # Debian configuration. | 98 | # Debian configuration. |
| 99 | # Note that --compare-versions is sadly not reliable enough | ||
| 100 | # here due to the package split of ssh into openssh-client | ||
| 101 | # and openssh-server. The extra grep for some deprecated | ||
| 102 | # options should with any luck be a good enough heuristic. | ||
| 97 | echo -n 'Upgrading sshd_config (old version in .dpkg-old) ...' | 103 | echo -n 'Upgrading sshd_config (old version in .dpkg-old) ...' |
| 98 | cp -a /etc/ssh/sshd_config /etc/ssh/sshd_config.dpkg-old | 104 | cp -a /etc/ssh/sshd_config /etc/ssh/sshd_config.dpkg-old |
| 99 | perl -pe 's/^(PAMAuthenticationViaKbdInt|RhostsAuthentication)\b/#$1/i' \ | 105 | perl -pe 's/^(PAMAuthenticationViaKbdInt|RhostsAuthentication)\b/#$1/i' \ |