[Bug 2059874] Re: on upgrade sshd-socket-generator conversion does not respect administrator intent

Nick Rosbrook 2059874 at bugs.launchpad.net
Tue Apr 2 21:21:23 UTC 2024 

> For me the biggest problem was the socket unit beeing re-enabled when
I had it disabled it but still running sshd.service (ie without socket
activation) - now you're unexpectidly switched back to using socket
activation - something I explicitly opted out of.

Okay. We could probably adjust the check to ignore migration if the user
is upgrading from kinetic or newer and has ssh.socket disabled.

> I could also see this causing problems if you have the socket unit
masked (dont see why you would want that however) but the the service is
enabled, now you are without sshd. Actually I think the postinst would
also fail in that case, as systemctl enable fails enabling masked units.

This is a good point as well.

** Changed in: openssh (Ubuntu)
       Status: Incomplete => Confirmed

** Changed in: openssh (Ubuntu)
   Importance: Low => Medium

** Changed in: openssh (Ubuntu)
     Assignee: (unassigned) => Nick Rosbrook (enr0n)

** Tags added: foundations-todo

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/2059874

Title:
  on upgrade sshd-socket-generator conversion does not respect
  administrator intent

Status in openssh package in Ubuntu:
  Confirmed

Bug description:
  the openssh-server 1:9.6p1-3ubuntu11 postinst contains this code
  snippet:

  if [ "$action" == configure ]; then
    ..snip..
    if dpkg --compare-versions "$2" lt-nl 1:9.6p1-3ubuntu3~; then
      ..snip..
      if [ -d /run/systemd/system ]; then
        # Make sure ssh.service is disabled.
        systemctl unmask ssh.service
        systemctl disable --now ssh.service > /dev/null 2>&1

        # sshd-socket-generator is invoked on daemon-reload.
        systemctl daemon-reload
        systemctl enable ssh.socket
      fi
    fi
  fi

  This does not respect existing service and socket unit configuration,
  it effectively re-enables a disabled ssh.service (and even a masked
  one), and a manually disabled socket unit. I strongly suspect it does
  not respect systemd presets either.

  This is unexpected behaviour.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/2059874/+subscriptions

More information about the foundations-bugs mailing list