Start handling /etc/ssh/sshd_config using ucf.

* Start handling /etc/ssh/sshd_config using ucf.  The immediate motivation
  for this is to deal with deprecations of options related to protocol 1,
  but something like this has been needed for a long time (closes:
  #419574, #848089):
  - sshd_config is now a slightly-patched version of upstream's, and only
    contains non-default settings (closes: #147201).
  - I've included as many historical md5sums of default versions of
    sshd_config as I could reconstruct from version control, but I'm sure
    I've missed some.
  - Explicitly synchronise the debconf database with the current
    configuration file state in openssh-server.config, to ensure that the
    PermitRootLogin setting is properly preserved.
  - UsePrivilegeSeparation now defaults to the stronger "sandbox" rather
    than "yes", per upstream.

1 files changed, 9 insertions, 1 deletions

diff --git a/debian/openssh-server.postrm b/debian/openssh-server.postrm
index 88e28a91e..ff16e5619 100644
--- a/debian/openssh-server.postrm
+++ b/debian/openssh-server.postrm
@@ -14,7 +14,15 @@ case $1 in
                 rm -f /etc/ssh/ssh_host_dsa_key /etc/ssh/ssh_host_dsa_key.pub
                 rm -f /etc/ssh/ssh_host_ecdsa_key /etc/ssh/ssh_host_ecdsa_key.pub
                 rm -f /etc/ssh/ssh_host_ed25519_key /etc/ssh/ssh_host_ed25519_key.pub
-                rm -f /etc/ssh/sshd_config
+                for ext in .ucf-new .ucf-old .ucf-dist ""; do
+                        rm -f "/etc/ssh/sshd_config$ext"
+                done
+                if which ucf >/dev/null 2>&1; then
+                        ucf --purge /etc/ssh/sshd_config
+                fi
+                if which ucfr >/dev/null 2>&1; then
+                        ucfr --purge openssh-server /etc/ssh/sshd_config
+                fi
                 rm -f /etc/ssh/sshd_not_to_be_run
                 rmdir --ignore-fail-on-non-empty /etc/ssh