Bug#575582: openssh-server: privsep directory disappeared on upgrade

To: Russ Allbery <rra@debian.org>, 575582@bugs.debian.org
Cc: Simon McVittie <smcv@debian.org>, Stefano Rivera <stefano@rivera.za.net>
Subject: Bug#575582: openssh-server: privsep directory disappeared on upgrade
From: Colin Watson <cjwatson@debian.org>
Date: Thu, 25 Nov 2010 15:53:22 +0000
Message-id: <[🔎] 20101125155321.GZ12396@riva.ucam.org>
Reply-to: Colin Watson <cjwatson@debian.org>, 575582@bugs.debian.org
In-reply-to: <[🔎] 87k4k2nwwc.fsf@windlord.stanford.edu>
References: <[🔎] 20101119092905.GY6785@bach.rivera.co.za> <[🔎] 20101124225657.GA15083@reptile.pseudorandom.co.uk> <[🔎] 87k4k2nwwc.fsf@windlord.stanford.edu>

On Wed, Nov 24, 2010 at 03:07:31PM -0800, Russ Allbery wrote:
> Simon McVittie <smcv@debian.org> writes:
> > On Fri, 19 Nov 2010 at 11:29:05 +0200, Stefano Rivera wrote:
> >> The problem seems to be that /var/run/sshd is removed on unpacking but
> >> only recreated in postinst. One cannot ssh in to the machine
> >> in-between.  I consider this to be release-critical and am bumping the
> >> bug appropriately.
> 
> > It sounds as though the solution would be to ship the directory in the
> > package again, *and* create it in the init script?
> 
> This is just a one-time transition problem because older versions of the
> package included the directory in the package and newer ones use the
> postinst script, right?
> 
> If so, how about touching a .placeholder file in /var/run/sshd in the
> preinst script of the current package on upgrades, and then removing that
> file again in the postinst?  The presence of the file will prevent dpkg
> from removing the directory, and then we don't have to carry the directory
> in the package forever going forward.

That definitely sounds better than having to keep the directory forever.
If nobody objects I'll go ahead with Russ' plan.  Something like this?

=== modified file 'debian/openssh-server.postinst'
--- debian/openssh-server.postinst	2010-04-28 21:09:13 +0000
+++ debian/openssh-server.postinst	2010-11-25 15:51:57 +0000
@@ -473,6 +473,9 @@ commit_mv_conffile /etc/pam.d/ssh /etc/p
 if dpkg --compare-versions "$2" lt 1:4.7p1-1; then
     rm -f /etc/ssh/primes
 fi
+if dpkg --compare-versions "$2" lt 1:5.5p1-6; then
+    rm -f /var/run/sshd/.placeholder
+fi
 
 
 db_stop

=== modified file 'debian/openssh-server.preinst'
--- debian/openssh-server.preinst	2009-07-31 15:16:19 +0000
+++ debian/openssh-server.preinst	2010-11-25 15:51:29 +0000
@@ -134,6 +134,12 @@ EOF
   if dpkg --compare-versions "$version" lt 1:4.7p1-4; then
     prepare_mv_conffile /etc/pam.d/ssh
   fi
+
+  if dpkg --compare-versions "$version" lt 1:5.5p1-6 && \
+     [ -d /var/run/sshd ]; then
+    # make sure /var/run/sshd is not removed on upgrades
+    touch /var/run/sshd/.placeholder
+  fi
 fi
 
 #DEBHELPER#

-- 
Colin Watson                                       [cjwatson@debian.org]

Reply to:

References:
- Bug#575582: openssh-server: privsep directory disappeared on upgrade
  - From: Stefano Rivera <stefano@rivera.za.net>
- Bug#575582: openssh-server: privsep directory disappeared on upgrade
  - From: Simon McVittie <smcv@debian.org>
- Bug#575582: openssh-server: privsep directory disappeared on upgrade
  - From: Russ Allbery <rra@debian.org>

Prev by Date: Bug#575582: openssh-server: privsep directory disappeared on upgrade
Previous by thread: Bug#575582: openssh-server: privsep directory disappeared on upgrade
Index(es):
- Date
- Thread