summaryrefslogtreecommitdiff
path: root/debian/openssh-server.preinst
diff options
context:
space:
mode:
Diffstat (limited to 'debian/openssh-server.preinst')
-rw-r--r--debian/openssh-server.preinst145
1 files changed, 145 insertions, 0 deletions
diff --git a/debian/openssh-server.preinst b/debian/openssh-server.preinst
new file mode 100644
index 000000000..510070645
--- /dev/null
+++ b/debian/openssh-server.preinst
@@ -0,0 +1,145 @@
1#!/bin/sh -e
2
3ETC_DEFAULT_SSH=@ETC_DEFAULT_SSH@
4
5ETC_INIT_D_SSH=@ETC_INIT_D_SSH@
6
7ETC_PAM_D_SSH=@ETC_PAM_D_SSH@
8
9action=$1
10version=$2
11
12prepare_transfer_conffile () {
13 CONFFILE="$1"
14 TEXT="$2"
15 MODE="$3"
16 [ "$CONFFILES" ] || return 0
17 [ -e "$CONFFILE" ] || return 0
18
19 md5sum="$(md5sum "$CONFFILE" |sed -e 's/ .*//')"
20 old_md5sum="$(echo "$CONFFILES" | awk '$1 == "'"$CONFFILE"'" { print $2 }')"
21 if [ "$md5sum" = "$old_md5sum" ]; then
22 echo >&2 "Transferring ownership of conffile $CONFFILE ..."
23 # We have to write out the desired new text of the conffile,
24 # which is tricky in the preinst, hence the nasty way we
25 # have to hardcode the text here. Fortunately, this is only
26 # necessary with sarge's dpkg and older.
27 if echo "$TEXT" | head -n1 | grep -q '^@.*@$'; then
28 echo >&2 'Unsubstituted conffile text! Please report this bug.'
29 exit 1
30 fi
31 printf '%s' "$TEXT" >"$CONFFILE.dpkg-new"
32 chmod "$MODE" "$CONFFILE.dpkg-new"
33 mv -f "$CONFFILE" "$CONFFILE.moved-by-preinst"
34 mv -f "$CONFFILE.dpkg-new" "$CONFFILE"
35 return 0
36 fi
37}
38
39prepare_mv_conffile () {
40 CONFFILE="$1"
41 [ -e "$CONFFILE" ] || return 0
42
43 md5sum="$(md5sum "$CONFFILE" | sed -e 's/ .*//')"
44 old_md5sum="$(dpkg-query -W -f '${Conffiles}\n' openssh-server 2>/dev/null | sed 's/^ *//' | awk '$1 == "'"$CONFFILE"'" { print $2 }')"
45 if [ "$md5sum" = "$old_md5sum" ]; then
46 mv -f "$CONFFILE" "$CONFFILE.dpkg-old"
47 else
48 mv -f "$CONFFILE" "$CONFFILE.moving"
49 fi
50}
51
52if [ -d /etc/ssh-nonfree ] && [ ! -d /etc/ssh ]; then
53 version=1.2.27
54fi
55
56if [ "$action" = upgrade ] || [ "$action" = install ]
57then
58 # check if debconf is missing
59 if ! test -f /usr/share/debconf/confmodule
60 then
61 cat <<EOF
62
63WARNING: ssh's pre-configuration script relies on debconf to tell you
64about some problems that might prevent you from logging in if you are
65upgrading from the old, Non-free version of ssh.
66
67If this is a new installation, you don't need to worry about this.
68Just go ahead and install ssh (make sure to read .../ssh/README.Debian).
69
70If you are upgrading, but you have alternative ways of logging into
71the machine (i.e. you're sitting in front of it, or you have telnetd
72running), then you also don't need to worry too much, because you can
73fix it up afterwards if there's a problem.
74
75If you're upgrading from an older (non-free) version of ssh, and ssh
76is the only way you have to access this machine, then you should
77probably abort the installation of ssh, install debconf, and then
78retry the installation of ssh.
79
80EOF
81 echo -n "Do you want to install SSH anyway [yN]: "
82 read input
83 expr "$input" : '[Yy]' >/dev/null || exit 1
84
85 # work around for missing debconf
86 db_get() { : ; }
87 RET=true
88 if [ -d /etc/ssh-nonfree ] && [ ! -d /etc/ssh ]; then
89 cp -a /etc/ssh-nonfree /etc/ssh
90 fi
91 else
92 # Source debconf library.
93 . /usr/share/debconf/confmodule
94 db_version 2.0
95 fi
96
97 db_get ssh/use_old_init_script
98 if [ "$RET" = "false" ]; then
99 echo "ssh config: Aborting because ssh/use_old_init_script = false" >&2
100 exit 1
101 fi
102
103 # deal with upgrading from pre-OpenSSH versions
104 key=/etc/ssh/ssh_host_key
105 export key
106 if [ -n "$version" ] && [ -x /usr/bin/ssh-keygen ] && [ -f $key ] &&
107 dpkg --compare-versions "$version" lt 1.2.28
108 then
109 # make sure that keys get updated to get rid of IDEA
110 #
111 # N.B. this only works because we've still got the old
112 # nonfree ssh-keygen at this point
113 #
114 # First, check if we need to bother
115 printf '\0\0' | 3<&0 sh -c \
116 'dd if=$key bs=1 skip=32 count=2 2>/dev/null | cmp -s - /dev/fd/3' || {
117 # this means that bytes 32&33 of the key were not both zero, in which
118 # case the key is encrypted, which we need to fix
119 chmod 600 $key
120 ssh-keygen -u -f $key >/dev/null
121 if which restorecon >/dev/null 2>&1; then
122 restorecon "$key.pub"
123 fi
124 }
125 fi
126
127 if dpkg --compare-versions "$version" lt 0; then
128 CONFFILES="$(dpkg-query -W -f '${Conffiles}\n' ssh 2>/dev/null | sed 's/^ *//')"
129 prepare_transfer_conffile /etc/default/ssh "$ETC_DEFAULT_SSH" 0644
130 prepare_transfer_conffile /etc/init.d/ssh "$ETC_INIT_D_SSH" 0755
131 prepare_transfer_conffile /etc/pam.d/ssh "$ETC_PAM_D_SSH" 0644
132 fi
133
134 if dpkg --compare-versions "$version" lt 1:4.7p1-4; then
135 prepare_mv_conffile /etc/pam.d/ssh
136 fi
137
138 if dpkg --compare-versions "$version" lt 1:5.5p1-6 && \
139 [ -d /var/run/sshd ]; then
140 # make sure /var/run/sshd is not removed on upgrades
141 touch /var/run/sshd/.placeholder
142 fi
143fi
144
145#DEBHELPER#