diff options
| author | Colin Watson <cjwatson@debian.org> | 2010-01-02 08:58:21 +0000 |
|---|---|---|
| committer | Colin Watson <cjwatson@debian.org> | 2010-01-02 08:58:21 +0000 |
| commit | 02a7a84677de774102045cb054dafbdb5ed5cacb (patch) | |
| tree | 8a65e6613d8b2a631668ade71b82fe0117808708 /debian/openssh-server.postinst | |
| parent | e919d33a6d6f1ae02d95ef31ab837e98134fdd15 (diff) | |
Remove ssh/new_config, only needed for direct upgrades from potato which
are no longer particularly feasible anyway (closes: #420682).
Diffstat (limited to 'debian/openssh-server.postinst')
| -rw-r--r-- | debian/openssh-server.postinst | 93 |
1 files changed, 44 insertions, 49 deletions
diff --git a/debian/openssh-server.postinst b/debian/openssh-server.postinst index e3558a8f5..85a9597ed 100644 --- a/debian/openssh-server.postinst +++ b/debian/openssh-server.postinst | |||
| @@ -236,60 +236,55 @@ move_subsystem_sftp() { | |||
| 236 | 236 | ||
| 237 | create_sshdconfig() { | 237 | create_sshdconfig() { |
| 238 | if [ -e /etc/ssh/sshd_config ] ; then | 238 | if [ -e /etc/ssh/sshd_config ] ; then |
| 239 | if dpkg --compare-versions "$oldversion" lt-nl 1:1.3 ; then | 239 | # Upgrade an existing sshd configuration. |
| 240 | db_get ssh/new_config | 240 | |
| 241 | if [ "$RET" = "false" ] ; then return 0; fi | 241 | if (dpkg --compare-versions "$oldversion" lt-nl 1:3.8p1-1 && \ |
| 242 | else | 242 | ! grep -iq ^UsePAM /etc/ssh/sshd_config) || \ |
| 243 | # Upgrade sshd configuration from a sane version. | 243 | grep -Eiq '^(PAMAuthenticationViaKbdInt|RhostsAuthentication)' \ |
| 244 | 244 | /etc/ssh/sshd_config ; then | |
| 245 | if (dpkg --compare-versions "$oldversion" lt-nl 1:3.8p1-1 && \ | 245 | # Upgrade from pre-3.7: UsePAM needed to maintain standard |
| 246 | ! grep -iq ^UsePAM /etc/ssh/sshd_config) || \ | 246 | # Debian configuration. |
| 247 | grep -Eiq '^(PAMAuthenticationViaKbdInt|RhostsAuthentication)' \ | 247 | # Note that --compare-versions is sadly not reliable enough |
| 248 | /etc/ssh/sshd_config ; then | 248 | # here due to the package split of ssh into openssh-client |
| 249 | # Upgrade from pre-3.7: UsePAM needed to maintain standard | 249 | # and openssh-server. The extra grep for some deprecated |
| 250 | # Debian configuration. | 250 | # options should with any luck be a good enough heuristic. |
| 251 | # Note that --compare-versions is sadly not reliable enough | 251 | echo -n 'Upgrading sshd_config (old version in .dpkg-old) ...' |
| 252 | # here due to the package split of ssh into openssh-client | 252 | cp -a /etc/ssh/sshd_config /etc/ssh/sshd_config.dpkg-old |
| 253 | # and openssh-server. The extra grep for some deprecated | 253 | perl -pe 's/^(PAMAuthenticationViaKbdInt|RhostsAuthentication)\b/#$1/i' \ |
| 254 | # options should with any luck be a good enough heuristic. | 254 | /etc/ssh/sshd_config > /etc/ssh/sshd_config.dpkg-new |
| 255 | echo -n 'Upgrading sshd_config (old version in .dpkg-old) ...' | 255 | echo >> /etc/ssh/sshd_config.dpkg-new |
| 256 | cp -a /etc/ssh/sshd_config /etc/ssh/sshd_config.dpkg-old | 256 | echo 'UsePAM yes' >> /etc/ssh/sshd_config.dpkg-new |
| 257 | perl -pe 's/^(PAMAuthenticationViaKbdInt|RhostsAuthentication)\b/#$1/i' \ | 257 | chown --reference /etc/ssh/sshd_config \ |
| 258 | /etc/ssh/sshd_config > /etc/ssh/sshd_config.dpkg-new | 258 | /etc/ssh/sshd_config.dpkg-new |
| 259 | echo >> /etc/ssh/sshd_config.dpkg-new | 259 | chmod --reference /etc/ssh/sshd_config \ |
| 260 | echo 'UsePAM yes' >> /etc/ssh/sshd_config.dpkg-new | 260 | /etc/ssh/sshd_config.dpkg-new |
| 261 | chown --reference /etc/ssh/sshd_config \ | 261 | mv /etc/ssh/sshd_config.dpkg-new /etc/ssh/sshd_config |
| 262 | /etc/ssh/sshd_config.dpkg-new | 262 | echo |
| 263 | chmod --reference /etc/ssh/sshd_config \ | 263 | fi |
| 264 | /etc/ssh/sshd_config.dpkg-new | ||
| 265 | mv /etc/ssh/sshd_config.dpkg-new /etc/ssh/sshd_config | ||
| 266 | echo | ||
| 267 | fi | ||
| 268 | |||
| 269 | # An empty version means we're upgrading from before the | ||
| 270 | # package split, so check. | ||
| 271 | if dpkg --compare-versions "$oldversion" lt 1:3.8.1p1-11; then | ||
| 272 | check_password_auth | ||
| 273 | fi | ||
| 274 | 264 | ||
| 275 | # libexecdir changed, so fix up 'Subsystem sftp'. | 265 | # An empty version means we're upgrading from before the |
| 276 | if dpkg --compare-versions "$oldversion" lt 1:4.1p1-1; then | 266 | # package split, so check. |
| 277 | move_subsystem_sftp | 267 | if dpkg --compare-versions "$oldversion" lt 1:3.8.1p1-11; then |
| 278 | fi | 268 | check_password_auth |
| 269 | fi | ||
| 279 | 270 | ||
| 280 | # Remove obsolete GSSAPI options. | 271 | # libexecdir changed, so fix up 'Subsystem sftp'. |
| 281 | if dpkg --compare-versions "$oldversion" lt 1:4.3p2-8; then | 272 | if dpkg --compare-versions "$oldversion" lt 1:4.1p1-1; then |
| 282 | remove_obsolete_gssapi | 273 | move_subsystem_sftp |
| 283 | fi | 274 | fi |
| 284 | 275 | ||
| 285 | # This option was renamed in 3.8p1, but we never took care | 276 | # Remove obsolete GSSAPI options. |
| 286 | # of adjusting the configuration file until now. | 277 | if dpkg --compare-versions "$oldversion" lt 1:4.3p2-8; then |
| 287 | if dpkg --compare-versions "$oldversion" lt 1:4.7p1-8; then | 278 | remove_obsolete_gssapi |
| 288 | rename_config_option KeepAlive TCPKeepAlive | 279 | fi |
| 289 | fi | ||
| 290 | 280 | ||
| 291 | return 0 | 281 | # This option was renamed in 3.8p1, but we never took care |
| 282 | # of adjusting the configuration file until now. | ||
| 283 | if dpkg --compare-versions "$oldversion" lt 1:4.7p1-8; then | ||
| 284 | rename_config_option KeepAlive TCPKeepAlive | ||
| 292 | fi | 285 | fi |
| 286 | |||
| 287 | return 0 | ||
| 293 | fi | 288 | fi |
| 294 | 289 | ||
| 295 | #Preserve old sshd_config before generating a new one | 290 | #Preserve old sshd_config before generating a new one |