Bug#575582: openssh-server: privsep directory disappeared on upgrade
On Wed, Nov 24, 2010 at 03:07:31PM -0800, Russ Allbery wrote:
> Simon McVittie <smcv@debian.org> writes:
> > On Fri, 19 Nov 2010 at 11:29:05 +0200, Stefano Rivera wrote:
> >> The problem seems to be that /var/run/sshd is removed on unpacking but
> >> only recreated in postinst. One cannot ssh in to the machine
> >> in-between. I consider this to be release-critical and am bumping the
> >> bug appropriately.
>
> > It sounds as though the solution would be to ship the directory in the
> > package again, *and* create it in the init script?
>
> This is just a one-time transition problem because older versions of the
> package included the directory in the package and newer ones use the
> postinst script, right?
>
> If so, how about touching a .placeholder file in /var/run/sshd in the
> preinst script of the current package on upgrades, and then removing that
> file again in the postinst? The presence of the file will prevent dpkg
> from removing the directory, and then we don't have to carry the directory
> in the package forever going forward.
That definitely sounds better than having to keep the directory forever.
If nobody objects I'll go ahead with Russ' plan. Something like this?
=== modified file 'debian/openssh-server.postinst'
--- debian/openssh-server.postinst 2010-04-28 21:09:13 +0000
+++ debian/openssh-server.postinst 2010-11-25 15:51:57 +0000
@@ -473,6 +473,9 @@ commit_mv_conffile /etc/pam.d/ssh /etc/p
if dpkg --compare-versions "$2" lt 1:4.7p1-1; then
rm -f /etc/ssh/primes
fi
+if dpkg --compare-versions "$2" lt 1:5.5p1-6; then
+ rm -f /var/run/sshd/.placeholder
+fi
db_stop
=== modified file 'debian/openssh-server.preinst'
--- debian/openssh-server.preinst 2009-07-31 15:16:19 +0000
+++ debian/openssh-server.preinst 2010-11-25 15:51:29 +0000
@@ -134,6 +134,12 @@ EOF
if dpkg --compare-versions "$version" lt 1:4.7p1-4; then
prepare_mv_conffile /etc/pam.d/ssh
fi
+
+ if dpkg --compare-versions "$version" lt 1:5.5p1-6 && \
+ [ -d /var/run/sshd ]; then
+ # make sure /var/run/sshd is not removed on upgrades
+ touch /var/run/sshd/.placeholder
+ fi
fi
#DEBHELPER#
--
Colin Watson [cjwatson@debian.org]
Reply to: