1:5.8.1p1-3

[openssh.git] / debian / openssh-client.postinst

#!/bin/sh -e

action="$1"
oldversion="$2"

. /usr/share/debconf/confmodule
db_version 2.0

umask 022

if [ "$action" != configure ]
  then
  exit 0
fi


fix_rsh_diversion() {
# get rid of mistaken rsh diversion (circa 1.2.27-1)

        if [ -L /usr/bin/rsh ] &&
                dpkg-divert --list '/usr/bin/rsh.real/rsh' | grep -q ' ssh$' ; then
                for cmd in rlogin  rsh rcp ; do
                        [ -L /usr/bin/$cmd ] && rm /usr/bin/$cmd
                        dpkg-divert --package ssh --remove --rename \
                                --divert /usr/bin/rsh.real/$cmd /usr/bin/$cmd

                        [ -L /usr/man/man1/$cmd.1.gz ] && rm /usr/man/man1/$$cmd.1.gz
                        dpkg-divert --package ssh --remove --rename \
                                --divert /usr/man/man1/$cmd.real.1.gz /usr/man/man1/$cmd.1.gz
                done

                rmdir /usr/bin/rsh.real
        fi
}

create_alternatives() {
# Create alternatives for the various r* tools.
# Make sure we don't change existing alternatives that a user might have
# changed, but clean up after some old alternatives that mistakenly pointed
# rlogin and rcp to ssh.
        update-alternatives --quiet --remove rlogin /usr/bin/ssh
        update-alternatives --quiet --remove rcp /usr/bin/ssh
        for cmd in rsh rlogin rcp; do
                scmd="s${cmd#r}"
                if ! update-alternatives --display "$cmd" 2>/dev/null | \
                                grep -q "$scmd"; then
                        update-alternatives --quiet --install "/usr/bin/$cmd" "$cmd" "/usr/bin/$scmd" 20 \
                                --slave "/usr/share/man/man1/$cmd.1.gz" "$cmd.1.gz" "/usr/share/man/man1/$scmd.1.gz"
                fi
        done
}

set_ssh_permissions() {
        if dpkg --compare-versions "$oldversion" lt-nl 1:3.4p1-1 ; then
            if [ -x /usr/sbin/dpkg-statoverride ] ; then
                if dpkg-statoverride --list /usr/bin/ssh >/dev/null; then
                    dpkg-statoverride --remove /usr/bin/ssh >/dev/null
                fi 
            fi
        fi

        # libexecdir changed, so migrate old statoverrides.
        if [ -x /usr/sbin/dpkg-statoverride ] &&
            override="$(dpkg-statoverride --list /usr/lib/ssh-keysign)"; then
                override_user="${override%% *}"
                override="${override#* }"
                override_group="${override%% *}"
                override="${override#* }"
                override_mode="${override%% *}"
                if dpkg-statoverride --update --add \
                    "$override_user" "$override_group" "$override_mode" \
                    /usr/lib/openssh/ssh-keysign; then
                        dpkg-statoverride --remove /usr/lib/ssh-keysign || true
                fi
        fi
}

fix_ssh_group() {
        # Try to remove non-system group mistakenly created by 1:3.5p1-1.
        # set_ssh_agent_permissions() below will re-create it properly.
        if getent group ssh >/dev/null; then
                delgroup --quiet ssh || true
        fi
}

set_ssh_agent_permissions() {
        if ! getent group ssh >/dev/null; then
                addgroup --system --quiet ssh
        fi
        if ! [ -x /usr/sbin/dpkg-statoverride ] || \
            ! dpkg-statoverride --list /usr/bin/ssh-agent >/dev/null ; then
                chgrp ssh /usr/bin/ssh-agent
                chmod 2755 /usr/bin/ssh-agent
        fi
}

commit_transfer_conffile () {
        CONFFILE="$1"
        if [ -e "$CONFFILE.moved-by-preinst" ]; then
                rm -f "$CONFFILE.moved-by-preinst"
        fi
}


fix_rsh_diversion
create_alternatives
set_ssh_permissions
if [ "$2" = "1:3.5p1-1" ]; then
    fix_ssh_group
fi
set_ssh_agent_permissions
commit_transfer_conffile /etc/ssh/moduli
commit_transfer_conffile /etc/ssh/ssh_config

exit 0