diff options
Diffstat (limited to 'debian/openssh-server.preinst')
-rw-r--r-- | debian/openssh-server.preinst | 145 |
1 files changed, 145 insertions, 0 deletions
diff --git a/debian/openssh-server.preinst b/debian/openssh-server.preinst new file mode 100644 index 000000000..510070645 --- /dev/null +++ b/debian/openssh-server.preinst | |||
@@ -0,0 +1,145 @@ | |||
1 | #!/bin/sh -e | ||
2 | |||
3 | ETC_DEFAULT_SSH=@ETC_DEFAULT_SSH@ | ||
4 | |||
5 | ETC_INIT_D_SSH=@ETC_INIT_D_SSH@ | ||
6 | |||
7 | ETC_PAM_D_SSH=@ETC_PAM_D_SSH@ | ||
8 | |||
9 | action=$1 | ||
10 | version=$2 | ||
11 | |||
12 | prepare_transfer_conffile () { | ||
13 | CONFFILE="$1" | ||
14 | TEXT="$2" | ||
15 | MODE="$3" | ||
16 | [ "$CONFFILES" ] || return 0 | ||
17 | [ -e "$CONFFILE" ] || return 0 | ||
18 | |||
19 | md5sum="$(md5sum "$CONFFILE" |sed -e 's/ .*//')" | ||
20 | old_md5sum="$(echo "$CONFFILES" | awk '$1 == "'"$CONFFILE"'" { print $2 }')" | ||
21 | if [ "$md5sum" = "$old_md5sum" ]; then | ||
22 | echo >&2 "Transferring ownership of conffile $CONFFILE ..." | ||
23 | # We have to write out the desired new text of the conffile, | ||
24 | # which is tricky in the preinst, hence the nasty way we | ||
25 | # have to hardcode the text here. Fortunately, this is only | ||
26 | # necessary with sarge's dpkg and older. | ||
27 | if echo "$TEXT" | head -n1 | grep -q '^@.*@$'; then | ||
28 | echo >&2 'Unsubstituted conffile text! Please report this bug.' | ||
29 | exit 1 | ||
30 | fi | ||
31 | printf '%s' "$TEXT" >"$CONFFILE.dpkg-new" | ||
32 | chmod "$MODE" "$CONFFILE.dpkg-new" | ||
33 | mv -f "$CONFFILE" "$CONFFILE.moved-by-preinst" | ||
34 | mv -f "$CONFFILE.dpkg-new" "$CONFFILE" | ||
35 | return 0 | ||
36 | fi | ||
37 | } | ||
38 | |||
39 | prepare_mv_conffile () { | ||
40 | CONFFILE="$1" | ||
41 | [ -e "$CONFFILE" ] || return 0 | ||
42 | |||
43 | md5sum="$(md5sum "$CONFFILE" | sed -e 's/ .*//')" | ||
44 | old_md5sum="$(dpkg-query -W -f '${Conffiles}\n' openssh-server 2>/dev/null | sed 's/^ *//' | awk '$1 == "'"$CONFFILE"'" { print $2 }')" | ||
45 | if [ "$md5sum" = "$old_md5sum" ]; then | ||
46 | mv -f "$CONFFILE" "$CONFFILE.dpkg-old" | ||
47 | else | ||
48 | mv -f "$CONFFILE" "$CONFFILE.moving" | ||
49 | fi | ||
50 | } | ||
51 | |||
52 | if [ -d /etc/ssh-nonfree ] && [ ! -d /etc/ssh ]; then | ||
53 | version=1.2.27 | ||
54 | fi | ||
55 | |||
56 | if [ "$action" = upgrade ] || [ "$action" = install ] | ||
57 | then | ||
58 | # check if debconf is missing | ||
59 | if ! test -f /usr/share/debconf/confmodule | ||
60 | then | ||
61 | cat <<EOF | ||
62 | |||
63 | WARNING: ssh's pre-configuration script relies on debconf to tell you | ||
64 | about some problems that might prevent you from logging in if you are | ||
65 | upgrading from the old, Non-free version of ssh. | ||
66 | |||
67 | If this is a new installation, you don't need to worry about this. | ||
68 | Just go ahead and install ssh (make sure to read .../ssh/README.Debian). | ||
69 | |||
70 | If you are upgrading, but you have alternative ways of logging into | ||
71 | the machine (i.e. you're sitting in front of it, or you have telnetd | ||
72 | running), then you also don't need to worry too much, because you can | ||
73 | fix it up afterwards if there's a problem. | ||
74 | |||
75 | If you're upgrading from an older (non-free) version of ssh, and ssh | ||
76 | is the only way you have to access this machine, then you should | ||
77 | probably abort the installation of ssh, install debconf, and then | ||
78 | retry the installation of ssh. | ||
79 | |||
80 | EOF | ||
81 | echo -n "Do you want to install SSH anyway [yN]: " | ||
82 | read input | ||
83 | expr "$input" : '[Yy]' >/dev/null || exit 1 | ||
84 | |||
85 | # work around for missing debconf | ||
86 | db_get() { : ; } | ||
87 | RET=true | ||
88 | if [ -d /etc/ssh-nonfree ] && [ ! -d /etc/ssh ]; then | ||
89 | cp -a /etc/ssh-nonfree /etc/ssh | ||
90 | fi | ||
91 | else | ||
92 | # Source debconf library. | ||
93 | . /usr/share/debconf/confmodule | ||
94 | db_version 2.0 | ||
95 | fi | ||
96 | |||
97 | db_get ssh/use_old_init_script | ||
98 | if [ "$RET" = "false" ]; then | ||
99 | echo "ssh config: Aborting because ssh/use_old_init_script = false" >&2 | ||
100 | exit 1 | ||
101 | fi | ||
102 | |||
103 | # deal with upgrading from pre-OpenSSH versions | ||
104 | key=/etc/ssh/ssh_host_key | ||
105 | export key | ||
106 | if [ -n "$version" ] && [ -x /usr/bin/ssh-keygen ] && [ -f $key ] && | ||
107 | dpkg --compare-versions "$version" lt 1.2.28 | ||
108 | then | ||
109 | # make sure that keys get updated to get rid of IDEA | ||
110 | # | ||
111 | # N.B. this only works because we've still got the old | ||
112 | # nonfree ssh-keygen at this point | ||
113 | # | ||
114 | # First, check if we need to bother | ||
115 | printf '\0\0' | 3<&0 sh -c \ | ||
116 | 'dd if=$key bs=1 skip=32 count=2 2>/dev/null | cmp -s - /dev/fd/3' || { | ||
117 | # this means that bytes 32&33 of the key were not both zero, in which | ||
118 | # case the key is encrypted, which we need to fix | ||
119 | chmod 600 $key | ||
120 | ssh-keygen -u -f $key >/dev/null | ||
121 | if which restorecon >/dev/null 2>&1; then | ||
122 | restorecon "$key.pub" | ||
123 | fi | ||
124 | } | ||
125 | fi | ||
126 | |||
127 | if dpkg --compare-versions "$version" lt 0; then | ||
128 | CONFFILES="$(dpkg-query -W -f '${Conffiles}\n' ssh 2>/dev/null | sed 's/^ *//')" | ||
129 | prepare_transfer_conffile /etc/default/ssh "$ETC_DEFAULT_SSH" 0644 | ||
130 | prepare_transfer_conffile /etc/init.d/ssh "$ETC_INIT_D_SSH" 0755 | ||
131 | prepare_transfer_conffile /etc/pam.d/ssh "$ETC_PAM_D_SSH" 0644 | ||
132 | fi | ||
133 | |||
134 | if dpkg --compare-versions "$version" lt 1:4.7p1-4; then | ||
135 | prepare_mv_conffile /etc/pam.d/ssh | ||
136 | fi | ||
137 | |||
138 | if dpkg --compare-versions "$version" lt 1:5.5p1-6 && \ | ||
139 | [ -d /var/run/sshd ]; then | ||
140 | # make sure /var/run/sshd is not removed on upgrades | ||
141 | touch /var/run/sshd/.placeholder | ||
142 | fi | ||
143 | fi | ||
144 | |||
145 | #DEBHELPER# | ||