Switch to new unified layout for Upstart jobs as documented in

https://wiki.ubuntu.com/UpstartCompatibleInitScripts: the init script checks for a running Upstart, and we now let dh_installinit handle most of the heavy lifting in maintainer scripts. Ubuntu users should be essentially unaffected except that sshd may no longer start automatically in chroots if the running Upstart predates 0.9.0; but the main goal is simply not to break when openssh-server is installed in a chroot.
author: Colin Watson <cjwatson@debian.org> 2013-05-22 01:45:40 +0100
committer: Colin Watson <cjwatson@debian.org> 2013-05-22 01:45:40 +0100
commit: 6e950945da7a2acbb48fa4138208018f09d66991 (patch)
tree: 1e99c1fb54755277a8c441cf503b71bb2c5be748 /debian/ssh-krb5.postinst
parent: afd3292952a9f0bb107046785ddcfad446d69b89 (diff)
1 files changed, 61 insertions, 0 deletions
diff --git a/debian/ssh-krb5.postinst b/debian/ssh-krb5.postinst
new file mode 100644
index 000000000..f799accfe
--- /dev/null
+++ b/debian/ssh-krb5.postinst
@@ -0,0 +1,61 @@
+#!/bin/sh
+set -e
+action="$1"
+oldversion="$2"
+if [ "$action" = configure ] ; then
+    # Make sure that GSSAPI is enabled.  If there is no uncommented GSSAPI
+    # configuration, uncomment any commented-out configuration if present
+    # (this will catch the case of a fresh install of openssh-server).
+    # Otherwise, add configuration turning on GSSAPIAuthentication and
+    # GSSAPIKeyExchange.
+    #
+    # If there is some configuration, we may be upgrading from ssh-krb5.  It
+    # enabled GSSAPIKeyExchange without any configuration option.  Therefore,
+    # if it isn't explicitly set, always enable it for compatible behavior
+    # with ssh-krb5.
+    if dpkg --compare-versions "$oldversion" ge 1:4.3p2-9; then
+        :
+    else
+        changed=
+        if grep -qi '^[         ]*GSSAPI' /etc/ssh/sshd_config ; then
+            if grep -qi '^[     ]*GSSAPIKeyExchange' /etc/ssh/sshd_config ; then
+                :
+            else
+                changed=true
+                cat >> /etc/ssh/sshd_config <<EOF
+# GSSAPI key exchange (added by ssh-krb5 transitional package)
+GSSAPIKeyExchange yes
+EOF
+            fi
+        else
+            changed=true
+            if grep -qi '^#GSSAPI' /etc/ssh/sshd_config ; then
+                perl -pe 's/^\#(GSSAPI(Authentication|KeyExchange))\b.*/$1 yes/i' \
+                    < /etc/ssh/sshd_config > /etc/ssh/sshd_config.dpkg-new
+                chown --reference /etc/ssh/sshd_config \
+                    /etc/ssh/sshd_config.dpkg-new
+                chmod --reference /etc/ssh/sshd_config \
+                    /etc/ssh/sshd_config.dpkg-new
+                mv /etc/ssh/sshd_config.dpkg-new /etc/ssh/sshd_config
+            else
+                cat >> /etc/ssh/sshd_config <<EOF
+# GSSAPI authentication (added by ssh-krb5 transitional package)
+GSSAPIAuthentication yes
+GSSAPIKeyExchange yes
+EOF
+            fi
+        fi
+        if [ -n "$changed" ]; then
+            invoke-rc.d ssh restart
+        fi
+    fi
+fi
+#DEBHELPER#
+exit 0
author	Colin Watson <cjwatson@debian.org>	2013-05-22 01:45:40 +0100
committer	Colin Watson <cjwatson@debian.org>	2013-05-22 01:45:40 +0100
commit	6e950945da7a2acbb48fa4138208018f09d66991 (patch)
tree	1e99c1fb54755277a8c441cf503b71bb2c5be748 /debian/ssh-krb5.postinst
parent	afd3292952a9f0bb107046785ddcfad446d69b89 (diff)

diff --git a/debian/ssh-krb5.postinst b/debian/ssh-krb5.postinst new file mode 100644 index 000000000..f799accfe --- /dev/null +++ b/debian/ssh-krb5.postinst
@@ -0,0 +1,61 @@
	1	#!/bin/sh
	2
	3	set -e
	4
	5	action="$1"
	6	oldversion="$2"
	7
	8	if [ "$action" = configure ] ; then
	9	# Make sure that GSSAPI is enabled. If there is no uncommented GSSAPI
	10	# configuration, uncomment any commented-out configuration if present
	11	# (this will catch the case of a fresh install of openssh-server).
	12	# Otherwise, add configuration turning on GSSAPIAuthentication and
	13	# GSSAPIKeyExchange.
	14	#
	15	# If there is some configuration, we may be upgrading from ssh-krb5. It
	16	# enabled GSSAPIKeyExchange without any configuration option. Therefore,
	17	# if it isn't explicitly set, always enable it for compatible behavior
	18	# with ssh-krb5.
	19	if dpkg --compare-versions "$oldversion" ge 1:4.3p2-9; then
	20	:
	21	else
	22	changed=
	23	if grep -qi '^[ ]*GSSAPI' /etc/ssh/sshd_config ; then
	24	if grep -qi '^[ ]*GSSAPIKeyExchange' /etc/ssh/sshd_config ; then
	25	:
	26	else
	27	changed=true
	28	cat >> /etc/ssh/sshd_config <<EOF
	29
	30	# GSSAPI key exchange (added by ssh-krb5 transitional package)
	31	GSSAPIKeyExchange yes
	32	EOF
	33	fi
	34	else
	35	changed=true
	36	if grep -qi '^#GSSAPI' /etc/ssh/sshd_config ; then
	37	perl -pe 's/^\#(GSSAPI(Authentication\|KeyExchange))\b.*/$1 yes/i' \
	38	< /etc/ssh/sshd_config > /etc/ssh/sshd_config.dpkg-new
	39	chown --reference /etc/ssh/sshd_config \
	40	/etc/ssh/sshd_config.dpkg-new
	41	chmod --reference /etc/ssh/sshd_config \
	42	/etc/ssh/sshd_config.dpkg-new
	43	mv /etc/ssh/sshd_config.dpkg-new /etc/ssh/sshd_config
	44	else
	45	cat >> /etc/ssh/sshd_config <<EOF
	46
	47	# GSSAPI authentication (added by ssh-krb5 transitional package)
	48	GSSAPIAuthentication yes
	49	GSSAPIKeyExchange yes
	50	EOF
	51	fi
	52	fi
	53	if [ -n "$changed" ]; then
	54	invoke-rc.d ssh restart
	55	fi
	56	fi
	57	fi
	58
	59	#DEBHELPER#
	60
	61	exit 0