From 9749ef7f9b382d743b186bf06c7c2aeb0b9bebee Mon Sep 17 00:00:00 2001 From: Colin Watson Date: Sat, 31 Jul 2004 03:22:20 +0000 Subject: * Split the ssh binary package into openssh-client and openssh-server (closes: #39741). openssh-server depends on openssh-client for some common functionality; it didn't seem worth creating yet another package for this. * New transitional ssh package, depending on openssh-client and openssh-server. May be removed once nothing depends on it. * When upgrading from ssh to openssh-{client,server}, it's very difficult for the maintainer scripts to find out what version we're upgrading from without dodgy dpkg hackery. I've therefore taken the opportunity to move a couple of debconf notes into NEWS files, namely ssh/ssh2_keys_merged and ssh/user_environment_tell. * In general, upgrading to this version directly from woody without first upgrading to the version in sarge is not currently guaranteed to work very smoothly due to the aforementioned version discovery problems. --- debian/openssh-server.config | 70 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 70 insertions(+) create mode 100644 debian/openssh-server.config (limited to 'debian/openssh-server.config') diff --git a/debian/openssh-server.config b/debian/openssh-server.config new file mode 100644 index 000000000..b40e8afd7 --- /dev/null +++ b/debian/openssh-server.config @@ -0,0 +1,70 @@ +#!/bin/sh + +action=$1 +version=$2 + +# Source debconf library. +. /usr/share/debconf/confmodule +db_version 2.0 + +if [ -e /etc/init.d/ssh ] && ! grep -q pidfile /etc/init.d/ssh +then + db_fset ssh/use_old_init_script seen false + db_input medium ssh/use_old_init_script || true + db_go + + db_get ssh/use_old_init_script + [ "$RET" = "false" ] && exit 0 +else + db_set ssh/use_old_init_script true + db_fset ssh/use_old_init_script seen true +fi + +if [ -z "$version" ] && [ ! -e /etc/ssh/sshd_config ] +then + db_input medium ssh/protocol2_only || true +fi + +if [ -e /etc/ssh/sshd_config ] +then + if dpkg --compare-versions "$version" lt-nl 1:1.3 ; + then db_input medium ssh/new_config || true + db_go + db_get ssh/new_config + if [ "$RET" = "true" ]; + then db_input medium ssh/protocol2_only ||true + fi + fi +fi + +if [ -x /usr/sbin/in.telnetd ] && grep -q "^telnet\b" /etc/inetd.conf +then + if ! /usr/sbin/in.telnetd -? 2>&1 | grep -q ssl 2>/dev/null + then + db_input low ssh/insecure_telnetd || true + fi +fi + +key=/etc/ssh/ssh_host_key +export key +if [ -n "$version" ] && [ -f $key ] && [ ! -x /usr/bin/ssh-keygen ] && + dpkg --compare-versions "$version" lt 1.2.28 +then + # make sure that keys get updated to get rid of IDEA; preinst + # actually does the work, but if the old ssh-keygen is not found, + # it can't do that -- thus, we tell the user that he must create + # a new host key. + echo -en '\0\0' | 3<&0 sh -c \ + 'dd if=$key bs=1 skip=32 count=2 2>/dev/null | cmp -s - /dev/fd/3' || { + # this means that bytes 32&33 of the key were not both zero, in which + # case the key is encrypted, which we need to fix + db_input high ssh/encrypted_host_key_but_no_keygen || true + } +fi + + +db_input low ssh/forward_warning || true + +db_go + +exit 0 -- cgit v1.2.3