blob: 83fd22e59a609f060016aae3f97bffb00334d049 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
|
#!/bin/sh -e
action=$1
version=$2
prepare_mv_conffile () {
CONFFILE="$1"
[ -e "$CONFFILE" ] || return 0
md5sum="$(md5sum "$CONFFILE" | sed -e 's/ .*//')"
old_md5sum="$(dpkg-query -W -f '${Conffiles}\n' openssh-server 2>/dev/null | sed 's/^ *//' | awk '$1 == "'"$CONFFILE"'" { print $2 }')"
if [ "$md5sum" = "$old_md5sum" ]; then
mv -f "$CONFFILE" "$CONFFILE.dpkg-old"
else
mv -f "$CONFFILE" "$CONFFILE.moving"
fi
}
if [ -d /etc/ssh-nonfree ] && [ ! -d /etc/ssh ]; then
version=1.2.27
fi
if [ "$action" = upgrade ] || [ "$action" = install ]
then
# deal with upgrading from pre-OpenSSH versions
key=/etc/ssh/ssh_host_key
export key
if [ -n "$version" ] && [ -x /usr/bin/ssh-keygen ] && [ -f $key ] &&
dpkg --compare-versions "$version" lt 1.2.28
then
# make sure that keys get updated to get rid of IDEA
#
# N.B. this only works because we've still got the old
# nonfree ssh-keygen at this point
#
# First, check if we need to bother
printf '\0\0' | 3<&0 sh -c \
'dd if=$key bs=1 skip=32 count=2 2>/dev/null | cmp -s - /dev/fd/3' || {
# this means that bytes 32&33 of the key were not both zero, in which
# case the key is encrypted, which we need to fix
chmod 600 $key
ssh-keygen -u -f $key >/dev/null
if which restorecon >/dev/null 2>&1; then
restorecon "$key.pub"
fi
}
fi
if dpkg --compare-versions "$version" lt 1:4.7p1-4; then
prepare_mv_conffile /etc/pam.d/ssh
fi
if dpkg --compare-versions "$version" lt 1:5.5p1-6 && \
[ -d /var/run/sshd ]; then
# make sure /var/run/sshd is not removed on upgrades
touch /var/run/sshd/.placeholder
fi
fi
#DEBHELPER#
|
