spec file

Nigel Metheringham Nigel.Metheringham at VData.co.uk
Tue Mar 7 20:37:13 EST 2000


mw at moni.msci.memphis.edu said:
> So I think, it is better to stop sshd every time the package is
> upgraded. 

I agree - be slightly careful here in that you don't have (effectively) 
a killall sshd here, because thats very embarassing if you are 
upgrading a remote machine over a ssh session (I speak from experience).


> Also, the %post stanza for the server package, starts sshd.  But what
> if the upgrade is done in single user mode?  The sysV initscript does
> not check if networking is up---it just seems to start the service no
> matter what. 

I'm unhappy about this - its a complete pain if you are installing ssh 
as part of your machine build.  You may also happen to be missing 
decent entropy etc under these conditions.  I personally modify the 
spec & init.d files to do the key generation within the start part of 
the init.d file.  I guess if sshd *was* running then starting it again 
is reasonable, otherwise do not start it.

	Nigel.
-- 
[ - Opinions expressed are personal and may not be shared by VData - ]
[ Nigel Metheringham                  Nigel.Metheringham at VData.co.uk ]
[ Phone: +44 1423 850000                         Fax +44 1423 858866 ]







More information about the openssh-unix-dev mailing list