summaryrefslogtreecommitdiffstats
path: root/debian/openssh-client.postinst
blob: b5fbe51ba0d532d4fd75326c1c0cd9fae077aed7 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
#!/bin/sh
set -e

action="$1"
oldversion="$2"

umask 022


create_alternatives() {
# Create alternatives for the various r* tools.
# Make sure we don't change existing alternatives that a user might have
# changed, but clean up after some old alternatives that mistakenly pointed
# rlogin and rcp to ssh.
	update-alternatives --quiet --remove rlogin /usr/bin/ssh
	update-alternatives --quiet --remove rcp /usr/bin/ssh
	for cmd in rsh rlogin rcp; do
		scmd="s${cmd#r}"
		if ! update-alternatives --display "$cmd" 2>/dev/null | \
				grep -q "$scmd"; then
			update-alternatives --quiet --install "/usr/bin/$cmd" "$cmd" "/usr/bin/$scmd" 20 \
				--slave "/usr/share/man/man1/$cmd.1.gz" "$cmd.1.gz" "/usr/share/man/man1/$scmd.1.gz"
		fi
	done
}

update_ssh_group_name() {
	# The _ssh group used to be called ssh, but that could clash with
	# locally-created user accounts.  Since this only exists as an
	# otherwise-empty group to which ssh-agent is installed setgid, it's
	# easy to rename.
	if getent group ssh >/dev/null && ! getent group _ssh >/dev/null; then
		groupmod -n _ssh ssh
	fi
}

set_ssh_agent_permissions() {
	if ! getent group _ssh >/dev/null; then
		addgroup --system --quiet --force-badname _ssh
	fi
	if ! dpkg-statoverride --list /usr/bin/ssh-agent >/dev/null; then
		chgrp _ssh /usr/bin/ssh-agent
		chmod 2755 /usr/bin/ssh-agent
	fi
}


if [ "$action" = configure ]; then
	create_alternatives
	if dpkg --compare-versions "$2" lt-nl 1:8.4p1-6~; then
		update_ssh_group_name
	fi
	set_ssh_agent_permissions
fi

#DEBHELPER#

exit 0