diff options
author | Colin Watson <cjwatson@debian.org> | 2010-01-02 08:58:21 +0000 |
---|---|---|
committer | Colin Watson <cjwatson@debian.org> | 2010-01-02 08:58:21 +0000 |
commit | 02a7a84677de774102045cb054dafbdb5ed5cacb (patch) | |
tree | 8a65e6613d8b2a631668ade71b82fe0117808708 /debian/openssh-server.postinst | |
parent | e919d33a6d6f1ae02d95ef31ab837e98134fdd15 (diff) |
Remove ssh/new_config, only needed for direct upgrades from potato which
are no longer particularly feasible anyway (closes: #420682).
Diffstat (limited to 'debian/openssh-server.postinst')
-rw-r--r-- | debian/openssh-server.postinst | 93 |
1 files changed, 44 insertions, 49 deletions
diff --git a/debian/openssh-server.postinst b/debian/openssh-server.postinst index e3558a8f5..85a9597ed 100644 --- a/debian/openssh-server.postinst +++ b/debian/openssh-server.postinst | |||
@@ -236,60 +236,55 @@ move_subsystem_sftp() { | |||
236 | 236 | ||
237 | create_sshdconfig() { | 237 | create_sshdconfig() { |
238 | if [ -e /etc/ssh/sshd_config ] ; then | 238 | if [ -e /etc/ssh/sshd_config ] ; then |
239 | if dpkg --compare-versions "$oldversion" lt-nl 1:1.3 ; then | 239 | # Upgrade an existing sshd configuration. |
240 | db_get ssh/new_config | 240 | |
241 | if [ "$RET" = "false" ] ; then return 0; fi | 241 | if (dpkg --compare-versions "$oldversion" lt-nl 1:3.8p1-1 && \ |
242 | else | 242 | ! grep -iq ^UsePAM /etc/ssh/sshd_config) || \ |
243 | # Upgrade sshd configuration from a sane version. | 243 | grep -Eiq '^(PAMAuthenticationViaKbdInt|RhostsAuthentication)' \ |
244 | 244 | /etc/ssh/sshd_config ; then | |
245 | if (dpkg --compare-versions "$oldversion" lt-nl 1:3.8p1-1 && \ | 245 | # Upgrade from pre-3.7: UsePAM needed to maintain standard |
246 | ! grep -iq ^UsePAM /etc/ssh/sshd_config) || \ | 246 | # Debian configuration. |
247 | grep -Eiq '^(PAMAuthenticationViaKbdInt|RhostsAuthentication)' \ | 247 | # Note that --compare-versions is sadly not reliable enough |
248 | /etc/ssh/sshd_config ; then | 248 | # here due to the package split of ssh into openssh-client |
249 | # Upgrade from pre-3.7: UsePAM needed to maintain standard | 249 | # and openssh-server. The extra grep for some deprecated |
250 | # Debian configuration. | 250 | # options should with any luck be a good enough heuristic. |
251 | # Note that --compare-versions is sadly not reliable enough | 251 | echo -n 'Upgrading sshd_config (old version in .dpkg-old) ...' |
252 | # here due to the package split of ssh into openssh-client | 252 | cp -a /etc/ssh/sshd_config /etc/ssh/sshd_config.dpkg-old |
253 | # and openssh-server. The extra grep for some deprecated | 253 | perl -pe 's/^(PAMAuthenticationViaKbdInt|RhostsAuthentication)\b/#$1/i' \ |
254 | # options should with any luck be a good enough heuristic. | 254 | /etc/ssh/sshd_config > /etc/ssh/sshd_config.dpkg-new |
255 | echo -n 'Upgrading sshd_config (old version in .dpkg-old) ...' | 255 | echo >> /etc/ssh/sshd_config.dpkg-new |
256 | cp -a /etc/ssh/sshd_config /etc/ssh/sshd_config.dpkg-old | 256 | echo 'UsePAM yes' >> /etc/ssh/sshd_config.dpkg-new |
257 | perl -pe 's/^(PAMAuthenticationViaKbdInt|RhostsAuthentication)\b/#$1/i' \ | 257 | chown --reference /etc/ssh/sshd_config \ |
258 | /etc/ssh/sshd_config > /etc/ssh/sshd_config.dpkg-new | 258 | /etc/ssh/sshd_config.dpkg-new |
259 | echo >> /etc/ssh/sshd_config.dpkg-new | 259 | chmod --reference /etc/ssh/sshd_config \ |
260 | echo 'UsePAM yes' >> /etc/ssh/sshd_config.dpkg-new | 260 | /etc/ssh/sshd_config.dpkg-new |
261 | chown --reference /etc/ssh/sshd_config \ | 261 | mv /etc/ssh/sshd_config.dpkg-new /etc/ssh/sshd_config |
262 | /etc/ssh/sshd_config.dpkg-new | 262 | echo |
263 | chmod --reference /etc/ssh/sshd_config \ | 263 | fi |
264 | /etc/ssh/sshd_config.dpkg-new | ||
265 | mv /etc/ssh/sshd_config.dpkg-new /etc/ssh/sshd_config | ||
266 | echo | ||
267 | fi | ||
268 | |||
269 | # An empty version means we're upgrading from before the | ||
270 | # package split, so check. | ||
271 | if dpkg --compare-versions "$oldversion" lt 1:3.8.1p1-11; then | ||
272 | check_password_auth | ||
273 | fi | ||
274 | 264 | ||
275 | # libexecdir changed, so fix up 'Subsystem sftp'. | 265 | # An empty version means we're upgrading from before the |
276 | if dpkg --compare-versions "$oldversion" lt 1:4.1p1-1; then | 266 | # package split, so check. |
277 | move_subsystem_sftp | 267 | if dpkg --compare-versions "$oldversion" lt 1:3.8.1p1-11; then |
278 | fi | 268 | check_password_auth |
269 | fi | ||
279 | 270 | ||
280 | # Remove obsolete GSSAPI options. | 271 | # libexecdir changed, so fix up 'Subsystem sftp'. |
281 | if dpkg --compare-versions "$oldversion" lt 1:4.3p2-8; then | 272 | if dpkg --compare-versions "$oldversion" lt 1:4.1p1-1; then |
282 | remove_obsolete_gssapi | 273 | move_subsystem_sftp |
283 | fi | 274 | fi |
284 | 275 | ||
285 | # This option was renamed in 3.8p1, but we never took care | 276 | # Remove obsolete GSSAPI options. |
286 | # of adjusting the configuration file until now. | 277 | if dpkg --compare-versions "$oldversion" lt 1:4.3p2-8; then |
287 | if dpkg --compare-versions "$oldversion" lt 1:4.7p1-8; then | 278 | remove_obsolete_gssapi |
288 | rename_config_option KeepAlive TCPKeepAlive | 279 | fi |
289 | fi | ||
290 | 280 | ||
291 | return 0 | 281 | # This option was renamed in 3.8p1, but we never took care |
282 | # of adjusting the configuration file until now. | ||
283 | if dpkg --compare-versions "$oldversion" lt 1:4.7p1-8; then | ||
284 | rename_config_option KeepAlive TCPKeepAlive | ||
292 | fi | 285 | fi |
286 | |||
287 | return 0 | ||
293 | fi | 288 | fi |
294 | 289 | ||
295 | #Preserve old sshd_config before generating a new one | 290 | #Preserve old sshd_config before generating a new one |