Remove lots of maintainer script support for upgrades from pre-etch

(three releases before current stable).
author: Colin Watson <cjwatson@debian.org> 2013-05-22 00:22:16 +0100
committer: Colin Watson <cjwatson@debian.org> 2013-05-22 00:22:16 +0100
commit: 66226af6929845dbe14a477e87237950a690b918 (patch)
tree: 28aa0c9a8fb168e1e500183945a5a27dc5abd8bc /debian/openssh-server.postinst.in
parent: 8b32ca7b77bf39b2386d5abf0e2c73411c630f63 (diff)
1 files changed, 1 insertions, 122 deletions
diff --git a/debian/openssh-server.postinst.in b/debian/openssh-server.postinst.in
index 7ef270d80..245333234 100644
--- a/debian/openssh-server.postinst.in
+++ b/debian/openssh-server.postinst.in
@@ -14,15 +14,6 @@ if [ "$action" != configure ]
 fi
-fix_doc_symlink() {
-        if [ ! -L /usr/share/doc/openssh-server ] && \
-           dpkg --compare-versions "$oldversion" lt-nl 1:4.1p1-5; then
-                rm -rf /usr/share/doc/openssh-server
-                ln -s openssh-client /usr/share/doc/openssh-server
-        fi
-}
 get_config_option() {
        option="$1"
@@ -58,31 +49,6 @@ set_config_option() {
 }
-disable_config_option() {
-        option="$1"
-        value="$(get_config_option "$option")"
-        [ "$value" ] || return 0
-        perl -le '
-                $option = $ARGV[0];
-                while (<STDIN>) {
-                        chomp;
-                        (my $match = $_) =~ s/\s+/ /g;
-                        # TODO: actually only one "=" allowed after option
-                        if ($match =~ s/^(\s*\Q$option\E[[:space:]=]+.*)/#$1/i) {
-                                $_ = $match;
-                        }
-                        print;
-                }' \
-                "$option" \
-                < /etc/ssh/sshd_config > /etc/ssh/sshd_config.dpkg-new
-        chown --reference /etc/ssh/sshd_config /etc/ssh/sshd_config.dpkg-new
-        chmod --reference /etc/ssh/sshd_config /etc/ssh/sshd_config.dpkg-new
-        mv /etc/ssh/sshd_config.dpkg-new /etc/ssh/sshd_config
-}
 rename_config_option() {
        oldoption="$1"
        newoption="$2"
@@ -109,13 +75,6 @@ rename_config_option() {
 }
-remove_obsolete_gssapi() {
-        disable_config_option GSSAPINoMICAuthentication
-        disable_config_option GSSUseSessionCCache
-        disable_config_option GSSAPIUseSessionCredCache
-}
 host_keys_required() {
        hostkeys="$(get_config_option HostKey)"
        if [ "$hostkeys" ]; then
@@ -201,28 +160,6 @@ vulnerable_host_keys() {
 }
-check_password_auth() {
-        passwordauth="$(get_config_option PasswordAuthentication)"
-        crauth="$(get_config_option ChallengeResponseAuthentication)"
-        if [ "$passwordauth" = no ] && \
-           ([ -z "$crauth" ] || [ "$crauth" = yes ]); then
-                db_get ssh/disable_cr_auth
-                if [ "$RET" = true ]; then
-                        set_config_option ChallengeResponseAuthentication no
-                fi
-        fi
-}
-move_subsystem_sftp() {
-        subsystem_sftp="$(get_config_option 'Subsystem sftp')"
-        if [ "$subsystem_sftp" = /usr/lib/sftp-server ] || \
-           [ "$subsystem_sftp" = /usr/libexec/sftp-server ]; then
-                set_config_option 'Subsystem sftp' /usr/lib/openssh/sftp-server
-        fi
-}
 fix_loglevel_silent() {
        if [ "$(get_config_option LogLevel)" = SILENT ]; then
                set_config_option LogLevel QUIET
@@ -234,46 +171,6 @@ create_sshdconfig() {
        if [ -e /etc/ssh/sshd_config ] ; then
            # Upgrade an existing sshd configuration.
-            if (dpkg --compare-versions "$oldversion" lt-nl 1:3.8p1-1 && \
-                ! grep -iq ^UsePAM /etc/ssh/sshd_config) || \
-               grep -Eiq '^(PAMAuthenticationViaKbdInt|RhostsAuthentication)' \
-                 /etc/ssh/sshd_config ; then
-                # Upgrade from pre-3.7: UsePAM needed to maintain standard
-                # Debian configuration.
-                # Note that --compare-versions is sadly not reliable enough
-                # here due to the package split of ssh into openssh-client
-                # and openssh-server. The extra grep for some deprecated
-                # options should with any luck be a good enough heuristic.
-                echo -n 'Upgrading sshd_config (old version in .dpkg-old) ...'
-                cp -a /etc/ssh/sshd_config /etc/ssh/sshd_config.dpkg-old
-                perl -pe 's/^(PAMAuthenticationViaKbdInt|RhostsAuthentication)\b/#$1/i' \
-                    /etc/ssh/sshd_config > /etc/ssh/sshd_config.dpkg-new
-                echo >> /etc/ssh/sshd_config.dpkg-new
-                echo 'UsePAM yes' >> /etc/ssh/sshd_config.dpkg-new
-                chown --reference /etc/ssh/sshd_config \
-                                  /etc/ssh/sshd_config.dpkg-new
-                chmod --reference /etc/ssh/sshd_config \
-                                  /etc/ssh/sshd_config.dpkg-new
-                mv /etc/ssh/sshd_config.dpkg-new /etc/ssh/sshd_config
-                echo
-            fi
-            # An empty version means we're upgrading from before the
-            # package split, so check.
-            if dpkg --compare-versions "$oldversion" lt 1:3.8.1p1-11; then
-                check_password_auth
-            fi
-            # libexecdir changed, so fix up 'Subsystem sftp'.
-            if dpkg --compare-versions "$oldversion" lt 1:4.1p1-1; then
-                move_subsystem_sftp
-            fi
-            # Remove obsolete GSSAPI options.
-            if dpkg --compare-versions "$oldversion" lt 1:4.3p2-8; then
-                remove_obsolete_gssapi
-            fi
            # This option was renamed in 3.8p1, but we never took care
            # of adjusting the configuration file until now.
            if dpkg --compare-versions "$oldversion" lt 1:4.7p1-8; then
@@ -388,24 +285,12 @@ fix_statoverride() {
        fi
 }
-fix_sshd_shell() {
-        if getent passwd sshd | grep -q ':/bin/false$'; then
-                usermod -s /usr/sbin/nologin sshd || true
-        fi
-}
 setup_sshd_user() {
        if ! getent passwd sshd >/dev/null; then
                adduser --quiet --system --no-create-home --home /var/run/sshd --shell /usr/sbin/nologin sshd
        fi
 }
-fix_conffile_permissions() {
-        # Clean up after executable /etc/default/ssh in 1:3.5p1-5. dpkg
-        # doesn't do this for us; see bug #192981.
-        chmod 644 /etc/default/ssh
-}
 remove_old_init_links() {
        # Yes, this only works with the SysV init script layout. I know.
        # The important thing is that it doesn't actually *break* with
@@ -454,18 +339,11 @@ commit_mv_conffile () {
 }
-fix_doc_symlink
 create_sshdconfig
 create_keys
 vulnerable_host_keys
 fix_statoverride
-if dpkg --compare-versions "$2" lt 1:4.3p2-3; then
-    fix_sshd_shell
-fi
 setup_sshd_user
-if dpkg --compare-versions "$2" lt 1:3.6.1p2-2; then
-    fix_conffile_permissions
-fi
 if dpkg --compare-versions "$2" lt 1:5.2p1-1; then
    remove_old_init_links
 fi
@@ -482,6 +360,7 @@ fi
 # Clean up old debconf templates.
 db_unregister ssh/use_old_init_script
 db_unregister ssh/encrypted_host_key_but_no_keygen
+db_unregister ssh/disable_cr_auth
 db_stop
author	Colin Watson <cjwatson@debian.org>	2013-05-22 00:22:16 +0100
committer	Colin Watson <cjwatson@debian.org>	2013-05-22 00:22:16 +0100
commit	66226af6929845dbe14a477e87237950a690b918 (patch)
tree	28aa0c9a8fb168e1e500183945a5a27dc5abd8bc /debian/openssh-server.postinst.in
parent	8b32ca7b77bf39b2386d5abf0e2c73411c630f63 (diff)

diff --git a/debian/openssh-server.postinst.in b/debian/openssh-server.postinst.in index 7ef270d80..245333234 100644 --- a/debian/openssh-server.postinst.in +++ b/debian/openssh-server.postinst.in
@@ -14,15 +14,6 @@ if [ "$action" != configure ]
14	fi	14	fi
15		15
16		16
17	fix_doc_symlink() {
18	if [ ! -L /usr/share/doc/openssh-server ] && \
19	dpkg --compare-versions "$oldversion" lt-nl 1:4.1p1-5; then
20	rm -rf /usr/share/doc/openssh-server
21	ln -s openssh-client /usr/share/doc/openssh-server
22	fi
23	}
24
25
26	get_config_option() {	17	get_config_option() {
27	option="$1"	18	option="$1"
28		19
@@ -58,31 +49,6 @@ set_config_option() {
58	}	49	}
59		50
60		51
61	disable_config_option() {
62	option="$1"
63
64	value="$(get_config_option "$option")"
65	[ "$value" ] \|\| return 0
66
67	perl -le '
68	$option = $ARGV[0];
69	while (<STDIN>) {
70	chomp;
71	(my $match = $_) =~ s/\s+/ /g;
72	# TODO: actually only one "=" allowed after option
73	if ($match =~ s/^(\s\Q$option\E[[:space:]=]+.)/#$1/i) {
74	$_ = $match;
75	}
76	print;
77	}' \
78	"$option" \
79	< /etc/ssh/sshd_config > /etc/ssh/sshd_config.dpkg-new
80	chown --reference /etc/ssh/sshd_config /etc/ssh/sshd_config.dpkg-new
81	chmod --reference /etc/ssh/sshd_config /etc/ssh/sshd_config.dpkg-new
82	mv /etc/ssh/sshd_config.dpkg-new /etc/ssh/sshd_config
83	}
84
85
86	rename_config_option() {	52	rename_config_option() {
87	oldoption="$1"	53	oldoption="$1"
88	newoption="$2"	54	newoption="$2"
@@ -109,13 +75,6 @@ rename_config_option() {
109	}	75	}
110		76
111		77
112	remove_obsolete_gssapi() {
113	disable_config_option GSSAPINoMICAuthentication
114	disable_config_option GSSUseSessionCCache
115	disable_config_option GSSAPIUseSessionCredCache
116	}
117
118
119	host_keys_required() {	78	host_keys_required() {
120	hostkeys="$(get_config_option HostKey)"	79	hostkeys="$(get_config_option HostKey)"
121	if [ "$hostkeys" ]; then	80	if [ "$hostkeys" ]; then
@@ -201,28 +160,6 @@ vulnerable_host_keys() {
201	}	160	}
202		161
203		162
204	check_password_auth() {
205	passwordauth="$(get_config_option PasswordAuthentication)"
206	crauth="$(get_config_option ChallengeResponseAuthentication)"
207	if [ "$passwordauth" = no ] && \
208	([ -z "$crauth" ] \|\| [ "$crauth" = yes ]); then
209	db_get ssh/disable_cr_auth
210	if [ "$RET" = true ]; then
211	set_config_option ChallengeResponseAuthentication no
212	fi
213	fi
214	}
215
216
217	move_subsystem_sftp() {
218	subsystem_sftp="$(get_config_option 'Subsystem sftp')"
219	if [ "$subsystem_sftp" = /usr/lib/sftp-server ] \|\| \
220	[ "$subsystem_sftp" = /usr/libexec/sftp-server ]; then
221	set_config_option 'Subsystem sftp' /usr/lib/openssh/sftp-server
222	fi
223	}
224
225
226	fix_loglevel_silent() {	163	fix_loglevel_silent() {
227	if [ "$(get_config_option LogLevel)" = SILENT ]; then	164	if [ "$(get_config_option LogLevel)" = SILENT ]; then
228	set_config_option LogLevel QUIET	165	set_config_option LogLevel QUIET
@@ -234,46 +171,6 @@ create_sshdconfig() {
234	if [ -e /etc/ssh/sshd_config ] ; then	171	if [ -e /etc/ssh/sshd_config ] ; then
235	# Upgrade an existing sshd configuration.	172	# Upgrade an existing sshd configuration.
236		173
237	if (dpkg --compare-versions "$oldversion" lt-nl 1:3.8p1-1 && \
238	! grep -iq ^UsePAM /etc/ssh/sshd_config) \|\| \
239	grep -Eiq '^(PAMAuthenticationViaKbdInt\|RhostsAuthentication)' \
240	/etc/ssh/sshd_config ; then
241	# Upgrade from pre-3.7: UsePAM needed to maintain standard
242	# Debian configuration.
243	# Note that --compare-versions is sadly not reliable enough
244	# here due to the package split of ssh into openssh-client
245	# and openssh-server. The extra grep for some deprecated
246	# options should with any luck be a good enough heuristic.
247	echo -n 'Upgrading sshd_config (old version in .dpkg-old) ...'
248	cp -a /etc/ssh/sshd_config /etc/ssh/sshd_config.dpkg-old
249	perl -pe 's/^(PAMAuthenticationViaKbdInt\|RhostsAuthentication)\b/#$1/i' \
250	/etc/ssh/sshd_config > /etc/ssh/sshd_config.dpkg-new
251	echo >> /etc/ssh/sshd_config.dpkg-new
252	echo 'UsePAM yes' >> /etc/ssh/sshd_config.dpkg-new
253	chown --reference /etc/ssh/sshd_config \
254	/etc/ssh/sshd_config.dpkg-new
255	chmod --reference /etc/ssh/sshd_config \
256	/etc/ssh/sshd_config.dpkg-new
257	mv /etc/ssh/sshd_config.dpkg-new /etc/ssh/sshd_config
258	echo
259	fi
260
261	# An empty version means we're upgrading from before the
262	# package split, so check.
263	if dpkg --compare-versions "$oldversion" lt 1:3.8.1p1-11; then
264	check_password_auth
265	fi
266
267	# libexecdir changed, so fix up 'Subsystem sftp'.
268	if dpkg --compare-versions "$oldversion" lt 1:4.1p1-1; then
269	move_subsystem_sftp
270	fi
271
272	# Remove obsolete GSSAPI options.
273	if dpkg --compare-versions "$oldversion" lt 1:4.3p2-8; then
274	remove_obsolete_gssapi
275	fi
276
277	# This option was renamed in 3.8p1, but we never took care	174	# This option was renamed in 3.8p1, but we never took care
278	# of adjusting the configuration file until now.	175	# of adjusting the configuration file until now.
279	if dpkg --compare-versions "$oldversion" lt 1:4.7p1-8; then	176	if dpkg --compare-versions "$oldversion" lt 1:4.7p1-8; then
@@ -388,24 +285,12 @@ fix_statoverride() {
388	fi	285	fi
389	}	286	}
390		287
391	fix_sshd_shell() {
392	if getent passwd sshd \| grep -q ':/bin/false$'; then
393	usermod -s /usr/sbin/nologin sshd \|\| true
394	fi
395	}
396
397	setup_sshd_user() {	288	setup_sshd_user() {
398	if ! getent passwd sshd >/dev/null; then	289	if ! getent passwd sshd >/dev/null; then
399	adduser --quiet --system --no-create-home --home /var/run/sshd --shell /usr/sbin/nologin sshd	290	adduser --quiet --system --no-create-home --home /var/run/sshd --shell /usr/sbin/nologin sshd
400	fi	291	fi
401	}	292	}
402		293
403	fix_conffile_permissions() {
404	# Clean up after executable /etc/default/ssh in 1:3.5p1-5. dpkg
405	# doesn't do this for us; see bug #192981.
406	chmod 644 /etc/default/ssh
407	}
408
409	remove_old_init_links() {	294	remove_old_init_links() {
410	# Yes, this only works with the SysV init script layout. I know.	295	# Yes, this only works with the SysV init script layout. I know.
411	# The important thing is that it doesn't actually break with	296	# The important thing is that it doesn't actually break with
@@ -454,18 +339,11 @@ commit_mv_conffile () {
454	}	339	}
455		340
456		341
457	fix_doc_symlink
458	create_sshdconfig	342	create_sshdconfig
459	create_keys	343	create_keys
460	vulnerable_host_keys	344	vulnerable_host_keys
461	fix_statoverride	345	fix_statoverride
462	if dpkg --compare-versions "$2" lt 1:4.3p2-3; then
463	fix_sshd_shell
464	fi
465	setup_sshd_user	346	setup_sshd_user
466	if dpkg --compare-versions "$2" lt 1:3.6.1p2-2; then
467	fix_conffile_permissions
468	fi
469	if dpkg --compare-versions "$2" lt 1:5.2p1-1; then	347	if dpkg --compare-versions "$2" lt 1:5.2p1-1; then
470	remove_old_init_links	348	remove_old_init_links
471	fi	349	fi
@@ -482,6 +360,7 @@ fi
482	# Clean up old debconf templates.	360	# Clean up old debconf templates.
483	db_unregister ssh/use_old_init_script	361	db_unregister ssh/use_old_init_script
484	db_unregister ssh/encrypted_host_key_but_no_keygen	362	db_unregister ssh/encrypted_host_key_but_no_keygen
		363	db_unregister ssh/disable_cr_auth
485		364
486		365
487	db_stop	366	db_stop