7 files changed, 126 insertions, 32 deletions
diff --git a/debian/changelog b/debian/changelog
index a17c7b942..413ddb271 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -8,6 +8,9 @@ openssh (1:4.3p2-7) UNRELEASED; urgency=medium
    (thanks, Jari Aalto; closes: #335259).
  * Fix quoting error in configure.ac and regenerate configure (thanks, Ben
    Pfaff; closes: #391248).
+  * When installing openssh-client or openssh-server from scratch, remove
+    any unchanged conffiles from the pre-split ssh package to work around a
+    bug in sarge's dpkg (thanks, Justin Pryzby and others; closes: #335276).
  [ Russ Allbery ]
  * Create transitional ssh-krb5 package which enables GSSAPI configuration
diff --git a/debian/openssh-client.postinst b/debian/openssh-client.postinst
index 466801057..3e33aeb82 100644
--- a/debian/openssh-client.postinst
+++ b/debian/openssh-client.postinst
@@ -94,6 +94,13 @@ set_ssh_agent_permissions() {
        fi
 }
+commit_transfer_conffile () {
+        CONFFILE="$1"
+        if [ -e "$CONFFILE.moved-by-preinst" ]; then
+                rm -f "$CONFFILE.moved-by-preinst"
+        fi
+}
 fix_rsh_diversion
 create_alternatives
@@ -102,5 +109,7 @@ if [ "$2" = "1:3.5p1-1" ]; then
    fix_ssh_group
 fi
 set_ssh_agent_permissions
+commit_transfer_conffile /etc/ssh/moduli
+commit_transfer_conffile /etc/ssh/ssh_config
 exit 0
diff --git a/debian/openssh-client.postrm b/debian/openssh-client.postrm
index 139fb4d12..4d52a7beb 100644
--- a/debian/openssh-client.postrm
+++ b/debian/openssh-client.postrm
@@ -2,19 +2,31 @@
 #DEBHELPER#
-if [ "$1" = "purge" ]
+abort_transfer_conffile () {
-then
+        CONFFILE="$1"
-    # Remove all non-conffiles that ssh might create, so that we can
+        if [ -e "$CONFFILE.moved-by-preinst" ]; then
-    # smoothly remove /etc/ssh if and only if the user hasn't dropped some
+                echo >&2 "Aborting ownership transfer of conffile $CONFFILE ..."
-    # other files in there. Conffiles have already been removed at this
+                mv -f "$CONFFILE.moved-by-preinst" "$CONFFILE"
-    # point.
+                return 0
-    rm -f /etc/ssh/moduli /etc/ssh/primes
+        fi
-    rm -f /etc/ssh/ssh_known_hosts /etc/ssh/ssh_known_hosts2
+}
-    rmdir --ignore-fail-on-non-empty /etc/ssh
-fi
-if [ "$1" = "purge" ] ; then
+case $1 in
-        delgroup --quiet ssh > /dev/null || true
+        abort-install|abort-upgrade)
-fi
+                abort_transfer_conffile /etc/ssh/moduli
+                abort_transfer_conffile /etc/ssh/ssh_config
+                ;;
+        purge)
+                # Remove all non-conffiles that ssh might create, so that we
+                # can smoothly remove /etc/ssh if and only if the user
+                # hasn't dropped some other files in there. Conffiles have
+                # already been removed at this point.
+                rm -f /etc/ssh/moduli /etc/ssh/primes
+                rm -f /etc/ssh/ssh_known_hosts /etc/ssh/ssh_known_hosts2
+                rmdir --ignore-fail-on-non-empty /etc/ssh
+                delgroup --quiet ssh > /dev/null || true
+                ;;
+esac
 exit 0
diff --git a/debian/openssh-client.preinst b/debian/openssh-client.preinst
new file mode 100644
index 000000000..0e200712e
--- /dev/null
+++ b/debian/openssh-client.preinst
@@ -0,0 +1,30 @@
+#! /bin/sh -e
+action="$1"
+version="$2"
+prepare_transfer_conffile () {
+        CONFFILE="$1"
+        [ -e "$CONFFILE" ] || return 0
+        md5sum="$(md5sum "$CONFFILE" |sed -e 's/ .*//')"
+        old_md5sum="$(sed -n -e "/^Conffiles:/,/^[^ ]/{\\' $CONFFILE'{s/^ [^ ]* //;s/ .*//;p}}" /var/lib/dpkg/status)"
+        if [ "$md5sum" = "$old_md5sum" ]; then
+                echo >&2 "Transferring ownership of conffile $CONFFILE ..."
+                mv -f "$CONFFILE" "$CONFFILE.moved-by-preinst"
+                return 0
+        fi
+}
+case $action in
+        install|upgrade)
+                if dpkg --compare-versions "$version" lt 0; then
+                        prepare_transfer_conffile /etc/ssh/moduli
+                        prepare_transfer_conffile /etc/ssh/ssh_config
+                fi
+                ;;
+esac
+#DEBHELPER#
+exit 0
diff --git a/debian/openssh-server.postinst b/debian/openssh-server.postinst
index 2d7dbc9ea..4e91098df 100644
--- a/debian/openssh-server.postinst
+++ b/debian/openssh-server.postinst
@@ -332,6 +332,13 @@ setup_init() {
        fi
 }
+commit_transfer_conffile () {
+        CONFFILE="$1"
+        if [ -e "$CONFFILE.moved-by-preinst" ]; then
+                rm -f "$CONFFILE.moved-by-preinst"
+        fi
+}
 fix_doc_symlink
 create_sshdconfig
@@ -346,6 +353,9 @@ if dpkg --compare-versions "$2" lt 1:3.6.1p2-2; then
    fix_conffile_permissions
 fi
 setup_init
+commit_transfer_conffile /etc/default/ssh
+commit_transfer_conffile /etc/init.d/ssh
+commit_transfer_conffile /etc/pam.d/ssh
 db_stop
diff --git a/debian/openssh-server.postrm b/debian/openssh-server.postrm
index e7a437260..f63ba4d46 100644
--- a/debian/openssh-server.postrm
+++ b/debian/openssh-server.postrm
@@ -2,26 +2,37 @@
 #DEBHELPER#
-if [ "$1" = "purge" ]
+abort_transfer_conffile () {
-then
+        CONFFILE="$1"
-    # Remove all non-conffiles that ssh might create, so that we can
+        if [ -e "$CONFFILE.moved-by-preinst" ]; then
-    # smoothly remove /etc/ssh if and only if the user hasn't dropped some
+                echo >&2 "Aborting ownership transfer of conffile $CONFFILE ..."
-    # other files in there. Conffiles have already been removed at this
+                mv -f "$CONFFILE.moved-by-preinst" "$CONFFILE"
-    # point.
+                return 0
-    rm -f /etc/ssh/ssh_host_key /etc/ssh/ssh_host_key.pub
+        fi
-    rm -f /etc/ssh/ssh_host_rsa_key /etc/ssh/ssh_host_rsa_key.pub
+}
-    rm -f /etc/ssh/ssh_host_dsa_key /etc/ssh/ssh_host_dsa_key.pub
-    rm -f /etc/ssh/sshd_config
-    rm -f /etc/ssh/sshd_not_to_be_run
-    rmdir --ignore-fail-on-non-empty /etc/ssh
-fi
-if [ "$1" = "purge" ] ; then
+case $1 in
-    update-rc.d ssh remove >/dev/null
+        abort-install|abort-upgrade)
-fi
+                abort_transfer_conffile /etc/default/ssh
+                abort_transfer_conffile /etc/init.d/ssh
+                abort_transfer_conffile /etc/pam.d/ssh
+                ;;
+        purge)
+                # Remove all non-conffiles that ssh might create, so that we
+                # can smoothly remove /etc/ssh if and only if the user
+                # hasn't dropped some other files in there. Conffiles have
+                # already been removed at this point.
+                rm -f /etc/ssh/ssh_host_key /etc/ssh/ssh_host_key.pub
+                rm -f /etc/ssh/ssh_host_rsa_key /etc/ssh/ssh_host_rsa_key.pub
+                rm -f /etc/ssh/ssh_host_dsa_key /etc/ssh/ssh_host_dsa_key.pub
+                rm -f /etc/ssh/sshd_config
+                rm -f /etc/ssh/sshd_not_to_be_run
+                rmdir --ignore-fail-on-non-empty /etc/ssh
-if [ "$1" = "purge" ] ; then
+                update-rc.d ssh remove >/dev/null
-        deluser --quiet sshd > /dev/null || true
-fi
+                deluser --quiet sshd > /dev/null || true
+                ;;
+esac
 exit 0
diff --git a/debian/openssh-server.preinst b/debian/openssh-server.preinst
index 412e51564..a5c507bd4 100644
--- a/debian/openssh-server.preinst
+++ b/debian/openssh-server.preinst
@@ -3,6 +3,19 @@
 action=$1
 version=$2
+prepare_transfer_conffile () {
+        CONFFILE="$1"
+        [ -e "$CONFFILE" ] || return 0
+        md5sum="$(md5sum "$CONFFILE" |sed -e 's/ .*//')"
+        old_md5sum="$(sed -n -e "/^Conffiles:/,/^[^ ]/{\\' $CONFFILE'{s/^ [^ ]* //;s/ .*//;p}}" /var/lib/dpkg/status)"
+        if [ "$md5sum" = "$old_md5sum" ]; then
+                echo >&2 "Transferring ownership of conffile $CONFFILE ..."
+                mv -f "$CONFFILE" "$CONFFILE.moved-by-preinst"
+                return 0
+        fi
+}
 if [ -d /etc/ssh-nonfree ] && [ ! -d /etc/ssh ]; then
  version=1.2.27
 fi
@@ -77,6 +90,12 @@ EOF
      fi
    }
  fi
+  if dpkg --compare-versions "$version" lt 0; then
+    prepare_transfer_conffile /etc/default/ssh
+    prepare_transfer_conffile /etc/init.d/ssh
+    prepare_transfer_conffile /etc/pam.d/ssh
+  fi
 fi
 #DEBHELPER#

diff --git a/debian/changelog b/debian/changelog index a17c7b942..413ddb271 100644 --- a/debian/changelog +++ b/debian/changelog
@@ -8,6 +8,9 @@ openssh (1:4.3p2-7) UNRELEASED; urgency=medium
8	(thanks, Jari Aalto; closes: #335259).	8	(thanks, Jari Aalto; closes: #335259).
9	* Fix quoting error in configure.ac and regenerate configure (thanks, Ben	9	* Fix quoting error in configure.ac and regenerate configure (thanks, Ben
10	Pfaff; closes: #391248).	10	Pfaff; closes: #391248).
		11	* When installing openssh-client or openssh-server from scratch, remove
		12	any unchanged conffiles from the pre-split ssh package to work around a
		13	bug in sarge's dpkg (thanks, Justin Pryzby and others; closes: #335276).
11		14
12	[ Russ Allbery ]	15	[ Russ Allbery ]
13	* Create transitional ssh-krb5 package which enables GSSAPI configuration	16	* Create transitional ssh-krb5 package which enables GSSAPI configuration


diff --git a/debian/openssh-client.postinst b/debian/openssh-client.postinst index 466801057..3e33aeb82 100644 --- a/debian/openssh-client.postinst +++ b/debian/openssh-client.postinst
@@ -94,6 +94,13 @@ set_ssh_agent_permissions() {
94	fi	94	fi
95	}	95	}
96		96
		97	commit_transfer_conffile () {
		98	CONFFILE="$1"
		99	if [ -e "$CONFFILE.moved-by-preinst" ]; then
		100	rm -f "$CONFFILE.moved-by-preinst"
		101	fi
		102	}
		103
97		104
98	fix_rsh_diversion	105	fix_rsh_diversion
99	create_alternatives	106	create_alternatives
@@ -102,5 +109,7 @@ if [ "$2" = "1:3.5p1-1" ]; then
102	fix_ssh_group	109	fix_ssh_group
103	fi	110	fi
104	set_ssh_agent_permissions	111	set_ssh_agent_permissions
		112	commit_transfer_conffile /etc/ssh/moduli
		113	commit_transfer_conffile /etc/ssh/ssh_config
105		114
106	exit 0	115	exit 0


diff --git a/debian/openssh-client.postrm b/debian/openssh-client.postrm index 139fb4d12..4d52a7beb 100644 --- a/debian/openssh-client.postrm +++ b/debian/openssh-client.postrm
@@ -2,19 +2,31 @@
2		2
3	#DEBHELPER#	3	#DEBHELPER#
4		4
5	if [ "$1" = "purge" ]	5	abort_transfer_conffile () {
6	then	6	CONFFILE="$1"
7	# Remove all non-conffiles that ssh might create, so that we can	7	if [ -e "$CONFFILE.moved-by-preinst" ]; then
8	# smoothly remove /etc/ssh if and only if the user hasn't dropped some	8	echo >&2 "Aborting ownership transfer of conffile $CONFFILE ..."
9	# other files in there. Conffiles have already been removed at this	9	mv -f "$CONFFILE.moved-by-preinst" "$CONFFILE"
10	# point.	10	return 0
11	rm -f /etc/ssh/moduli /etc/ssh/primes	11	fi
12	rm -f /etc/ssh/ssh_known_hosts /etc/ssh/ssh_known_hosts2	12	}
13	rmdir --ignore-fail-on-non-empty /etc/ssh
14	fi
15		13
16	if [ "$1" = "purge" ] ; then	14	case $1 in
17	delgroup --quiet ssh > /dev/null \|\| true	15	abort-install\|abort-upgrade)
18	fi	16	abort_transfer_conffile /etc/ssh/moduli
		17	abort_transfer_conffile /etc/ssh/ssh_config
		18	;;
		19	purge)
		20	# Remove all non-conffiles that ssh might create, so that we
		21	# can smoothly remove /etc/ssh if and only if the user
		22	# hasn't dropped some other files in there. Conffiles have
		23	# already been removed at this point.
		24	rm -f /etc/ssh/moduli /etc/ssh/primes
		25	rm -f /etc/ssh/ssh_known_hosts /etc/ssh/ssh_known_hosts2
		26	rmdir --ignore-fail-on-non-empty /etc/ssh
		27
		28	delgroup --quiet ssh > /dev/null \|\| true
		29	;;
		30	esac
19		31
20	exit 0	32	exit 0


diff --git a/debian/openssh-client.preinst b/debian/openssh-client.preinst new file mode 100644 index 000000000..0e200712e --- /dev/null +++ b/debian/openssh-client.preinst
@@ -0,0 +1,30 @@
		1	#! /bin/sh -e
		2
		3	action="$1"
		4	version="$2"
		5
		6	prepare_transfer_conffile () {
		7	CONFFILE="$1"
		8	[ -e "$CONFFILE" ] \|\| return 0
		9
		10	md5sum="$(md5sum "$CONFFILE" \|sed -e 's/ .*//')"
		11	old_md5sum="$(sed -n -e "/^Conffiles:/,/^[^ ]/{\\' $CONFFILE'{s/^ [^ ]* //;s/ .*//;p}}" /var/lib/dpkg/status)"
		12	if [ "$md5sum" = "$old_md5sum" ]; then
		13	echo >&2 "Transferring ownership of conffile $CONFFILE ..."
		14	mv -f "$CONFFILE" "$CONFFILE.moved-by-preinst"
		15	return 0
		16	fi
		17	}
		18
		19	case $action in
		20	install\|upgrade)
		21	if dpkg --compare-versions "$version" lt 0; then
		22	prepare_transfer_conffile /etc/ssh/moduli
		23	prepare_transfer_conffile /etc/ssh/ssh_config
		24	fi
		25	;;
		26	esac
		27
		28	#DEBHELPER#
		29
		30	exit 0


diff --git a/debian/openssh-server.postinst b/debian/openssh-server.postinst index 2d7dbc9ea..4e91098df 100644 --- a/debian/openssh-server.postinst +++ b/debian/openssh-server.postinst
@@ -332,6 +332,13 @@ setup_init() {
332	fi	332	fi
333	}	333	}
334		334
		335	commit_transfer_conffile () {
		336	CONFFILE="$1"
		337	if [ -e "$CONFFILE.moved-by-preinst" ]; then
		338	rm -f "$CONFFILE.moved-by-preinst"
		339	fi
		340	}
		341
335		342
336	fix_doc_symlink	343	fix_doc_symlink
337	create_sshdconfig	344	create_sshdconfig
@@ -346,6 +353,9 @@ if dpkg --compare-versions "$2" lt 1:3.6.1p2-2; then
346	fix_conffile_permissions	353	fix_conffile_permissions
347	fi	354	fi
348	setup_init	355	setup_init
		356	commit_transfer_conffile /etc/default/ssh
		357	commit_transfer_conffile /etc/init.d/ssh
		358	commit_transfer_conffile /etc/pam.d/ssh
349		359
350		360
351	db_stop	361	db_stop


diff --git a/debian/openssh-server.postrm b/debian/openssh-server.postrm index e7a437260..f63ba4d46 100644 --- a/debian/openssh-server.postrm +++ b/debian/openssh-server.postrm
@@ -2,26 +2,37 @@
2		2
3	#DEBHELPER#	3	#DEBHELPER#
4		4
5	if [ "$1" = "purge" ]	5	abort_transfer_conffile () {
6	then	6	CONFFILE="$1"
7	# Remove all non-conffiles that ssh might create, so that we can	7	if [ -e "$CONFFILE.moved-by-preinst" ]; then
8	# smoothly remove /etc/ssh if and only if the user hasn't dropped some	8	echo >&2 "Aborting ownership transfer of conffile $CONFFILE ..."
9	# other files in there. Conffiles have already been removed at this	9	mv -f "$CONFFILE.moved-by-preinst" "$CONFFILE"
10	# point.	10	return 0
11	rm -f /etc/ssh/ssh_host_key /etc/ssh/ssh_host_key.pub	11	fi
12	rm -f /etc/ssh/ssh_host_rsa_key /etc/ssh/ssh_host_rsa_key.pub	12	}
13	rm -f /etc/ssh/ssh_host_dsa_key /etc/ssh/ssh_host_dsa_key.pub
14	rm -f /etc/ssh/sshd_config
15	rm -f /etc/ssh/sshd_not_to_be_run
16	rmdir --ignore-fail-on-non-empty /etc/ssh
17	fi
18		13
19	if [ "$1" = "purge" ] ; then	14	case $1 in
20	update-rc.d ssh remove >/dev/null	15	abort-install\|abort-upgrade)
21	fi	16	abort_transfer_conffile /etc/default/ssh
		17	abort_transfer_conffile /etc/init.d/ssh
		18	abort_transfer_conffile /etc/pam.d/ssh
		19	;;
		20	purge)
		21	# Remove all non-conffiles that ssh might create, so that we
		22	# can smoothly remove /etc/ssh if and only if the user
		23	# hasn't dropped some other files in there. Conffiles have
		24	# already been removed at this point.
		25	rm -f /etc/ssh/ssh_host_key /etc/ssh/ssh_host_key.pub
		26	rm -f /etc/ssh/ssh_host_rsa_key /etc/ssh/ssh_host_rsa_key.pub
		27	rm -f /etc/ssh/ssh_host_dsa_key /etc/ssh/ssh_host_dsa_key.pub
		28	rm -f /etc/ssh/sshd_config
		29	rm -f /etc/ssh/sshd_not_to_be_run
		30	rmdir --ignore-fail-on-non-empty /etc/ssh
22		31
23	if [ "$1" = "purge" ] ; then	32	update-rc.d ssh remove >/dev/null
24	deluser --quiet sshd > /dev/null \|\| true	33
25	fi	34	deluser --quiet sshd > /dev/null \|\| true
		35	;;
		36	esac
26		37
27	exit 0	38	exit 0


diff --git a/debian/openssh-server.preinst b/debian/openssh-server.preinst index 412e51564..a5c507bd4 100644 --- a/debian/openssh-server.preinst +++ b/debian/openssh-server.preinst
@@ -3,6 +3,19 @@
3	action=$1	3	action=$1
4	version=$2	4	version=$2
5		5
		6	prepare_transfer_conffile () {
		7	CONFFILE="$1"
		8	[ -e "$CONFFILE" ] \|\| return 0
		9
		10	md5sum="$(md5sum "$CONFFILE" \|sed -e 's/ .*//')"
		11	old_md5sum="$(sed -n -e "/^Conffiles:/,/^[^ ]/{\\' $CONFFILE'{s/^ [^ ]* //;s/ .*//;p}}" /var/lib/dpkg/status)"
		12	if [ "$md5sum" = "$old_md5sum" ]; then
		13	echo >&2 "Transferring ownership of conffile $CONFFILE ..."
		14	mv -f "$CONFFILE" "$CONFFILE.moved-by-preinst"
		15	return 0
		16	fi
		17	}
		18
6	if [ -d /etc/ssh-nonfree ] && [ ! -d /etc/ssh ]; then	19	if [ -d /etc/ssh-nonfree ] && [ ! -d /etc/ssh ]; then
7	version=1.2.27	20	version=1.2.27
8	fi	21	fi
@@ -77,6 +90,12 @@ EOF
77	fi	90	fi
78	}	91	}
79	fi	92	fi
		93
		94	if dpkg --compare-versions "$version" lt 0; then
		95	prepare_transfer_conffile /etc/default/ssh
		96	prepare_transfer_conffile /etc/init.d/ssh
		97	prepare_transfer_conffile /etc/pam.d/ssh
		98	fi
80	fi	99	fi
81		100
82	#DEBHELPER#	101	#DEBHELPER#