From 4e43fff8597edbb2e708ac4df413795f5ca805cb Mon Sep 17 00:00:00 2001 From: Colin Watson Date: Mon, 2 Aug 2004 17:29:06 +0000 Subject: Add a heuristic to try to make sure the sshd_config upgrade to >= 3.7 happens even though we don't know what version we're upgrading from. --- debian/changelog | 5 ++--- debian/openssh-server.postinst | 10 ++++++++-- 2 files changed, 10 insertions(+), 5 deletions(-) diff --git a/debian/changelog b/debian/changelog index 671e5b495..38a7c67ae 100644 --- a/debian/changelog +++ b/debian/changelog @@ -11,9 +11,8 @@ openssh (1:3.8.1p1-9) UNRELEASED; urgency=low without dodgy dpkg hackery. I've therefore taken the opportunity to move a couple of debconf notes into NEWS files, namely ssh/ssh2_keys_merged and ssh/user_environment_tell. - * In general, upgrading to this version directly from woody without first - upgrading to the version in sarge is not currently guaranteed to work - very smoothly due to the aforementioned version discovery problems. + * Add a heuristic to try to make sure the sshd_config upgrade to >= 3.7 + happens even though we don't know what version we're upgrading from. -- Colin Watson Sat, 31 Jul 2004 03:01:19 +0100 diff --git a/debian/openssh-server.postinst b/debian/openssh-server.postinst index 64f9985a8..28af3f490 100644 --- a/debian/openssh-server.postinst +++ b/debian/openssh-server.postinst @@ -90,10 +90,16 @@ create_sshdconfig() { if dpkg --compare-versions "$oldversion" lt-nl 1:1.3 ; then db_get ssh/new_config if [ "$RET" = "false" ] ; then return 0; fi - elif dpkg --compare-versions "$oldversion" lt-nl 1:3.8p1-1 && \ - ! grep -iq ^UsePAM /etc/ssh/sshd_config ; then + elif (dpkg --compare-versions "$oldversion" lt-nl 1:3.8p1-1 && \ + ! grep -iq ^UsePAM /etc/ssh/sshd_config) || \ + grep -Eiq '^(PAMAuthenticationViaKbdInt|RhostsAuthentication)' \ + /etc/ssh/sshd_config ; then # Upgrade from pre-3.7: UsePAM needed to maintain standard # Debian configuration. + # Note that --compare-versions is sadly not reliable enough + # here due to the package split of ssh into openssh-client + # and openssh-server. The extra grep for some deprecated + # options should with any luck be a good enough heuristic. echo -n 'Upgrading sshd_config (old version in .dpkg-old) ...' cp -a /etc/ssh/sshd_config /etc/ssh/sshd_config.dpkg-old perl -pe 's/^(PAMAuthenticationViaKbdInt|RhostsAuthentication)\b/#$1/i' \ -- cgit v1.2.3