Bug#402804: openssh-client: Needs to conflict with old ssh-krb5; conffile ownership transfer failure
On Tue, 2006-12-12 at 13:10 -0800, Russ Allbery wrote:
> Adam C Powell IV <email@example.com> writes:
> > Package: openssh-client
> > Version: 1:4.3p2-7
> > Severity: important
> > Greetings,
> > First, this needs to conflict with old versions of ssh-krb5, otherwise
> > if this tries to install before that updates, the upgrade stalls.
> It does.
> Conflicts: ssh (<< 1:3.8.1p1-9), ssh-nonfree (<< 2), ssh-socks, ssh2, sftp, rsh-client (<< 0.16.1-1), ssh-krb5 (<< 1:4.3p2-7)
> Why isn't that working?
You're right, I should have checked that. I don't know why that didn't
work... But it doesn't seem there's much more you can do with the
> > Second, even with ssh-krb5 updated to the new dummy version, the
> > conffile ownership transfer doesn't work. Then because this fails,
> > openssh-client and -server never install, and ssh-krb5 can't configure.
> > See attached log for details (but ignore the samba stuff).
> Similarly, I don't understand this either. There is a Replaces that
> should make dpkg accept this without any issues.
> Replaces: ssh (<< 1:3.8.1p1-9), openssh-client (<< 1:3.8.1p1-11), ssh-krb5 (<< 1:4.3p2-7)
> I didn't run into this problem in my upgrade testing, but maybe somehow I
> did something on a different sequence than you did? But on a theoretical
> level, I don't understand at all how this could be happening when the
> Conflicts and Replaces are already in place.
I just used dselect/apt and saw the problem in the log. Apt clearly
tried to transfer ownership, but dpkg gagged anyway. Unfortunately, I
did dpkg --purge ssh-krb5; apt-get install openssh-client openssh-server
(so I'd have a working ssh), and can no longer really test this...
I know that dselect is somewhat deprecated (though I still prefer it
over aptitude for its package layout and interactive dependency
resolution), but apt/dpkg are not, and they are causing the problems
here. Reassign to apt?
This was during an upgrade from etch 12/7 to etch 12/12, not sarge to
One more thing: Kerberos options seem unsupported in openssh-server.
See attached. And this is after dpkg --purge ssh-krb5 so I don't think
it's a leftover conffile.
Thanks for the quick response,
GPG fingerprint: D54D 1AEE B11C CE9B A02B C5DD 526F 01E8 564E E4B6
Welcome to the best software in the world today cafe!
Setting up openssh-server (4.3p2-7) ...
/etc/ssh/sshd_config line 65: Unsupported option KerberosTgtPassing
/etc/ssh/sshd_config: line 70: Bad configuration option: GSSAPIUseSessionCredCache
/etc/ssh/sshd_config: terminating, 1 bad configuration options
invoke-rc.d: initscript ssh, action "restart" failed.
dpkg: error processing openssh-server (--configure):
subprocess post-installation script returned error exit status 1