diff options
| author | Stephen Hemminger <stephen.hemminger@vyatta.com> | 2008-10-23 20:46:27 -0700 |
|---|---|---|
| committer | Stephen Hemminger <stephen.hemminger@vyatta.com> | 2008-10-23 20:46:27 -0700 |
| commit | fd872e43a5eb9b135912d6653a9fc4be97556a31 (patch) | |
| tree | 16c6563e18871e2e5e4d2f51c3b66cedd46dd1c2 /debian | |
| parent | 0e1f76414aad46e320ca173c5b5d29faa7f5a87e (diff) | |
| parent | 556580381ed0008c463aa0dd109f839f140f3443 (diff) | |
| download | vyatta-cfg-quagga-fd872e43a5eb9b135912d6653a9fc4be97556a31.tar.gz vyatta-cfg-quagga-fd872e43a5eb9b135912d6653a9fc4be97556a31.zip | |
Merge branch 'islavista' of suva.vyatta.com:/git/vyatta-cfg-system into islavista
Diffstat (limited to 'debian')
| -rw-r--r-- | debian/changelog | 18 | ||||
| -rw-r--r-- | debian/control | 3 | ||||
| -rw-r--r-- | debian/vyatta-cfg-system.postinst.in | 34 |
3 files changed, 54 insertions, 1 deletions
diff --git a/debian/changelog b/debian/changelog index 803fdb87..28c93bf7 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,21 @@ +vyatta-cfg-system (0.14) unstable; urgency=low + + 3.1.4 + [ Mark O'Brien ] + + + [ Robert Bays ] + * fix ssh keygen on startup + + [ An-Cheng Huang ] + * remove unused files + * use epoch in package version number + * add ssh key blacklists + + [ Mark O'Brien ] + + -- Mark O'Brien <mobrien@firebolt.vyatta.com> Tue, 14 Oct 2008 17:30:18 -0700 + vyatta-cfg-system (0.13) unstable; urgency=low 3.1.3 diff --git a/debian/control b/debian/control index 89b55bbe..b8128287 100644 --- a/debian/control +++ b/debian/control @@ -24,7 +24,8 @@ Depends: sed (>= 4.1.5), snmpd, vyatta-keepalived, bridge-utils, - ssh, + ssh (>= 1:5.1p1-3), + openssh-server (>= 1:5.1p1-3), ed, tshark, ifenslave-2.6, diff --git a/debian/vyatta-cfg-system.postinst.in b/debian/vyatta-cfg-system.postinst.in index 6e5fa735..e9541dbe 100644 --- a/debian/vyatta-cfg-system.postinst.in +++ b/debian/vyatta-cfg-system.postinst.in @@ -66,6 +66,20 @@ EOF %users ALL=NOPASSWD: ${bindir}/sudo-users/ ### END VYATTA EOF + + # set up blacklists + for f in blacklist.DSA-1024 blacklist.RSA-2048; do + if [ -r "/etc/ssh/$f" ]; then + l=$(head -1 $sysconfdir/$f) + if ! grep -q "$l" /etc/ssh/$f; then + tmp=$(mktemp /tmp/bl.XXXXXXXXXX) + cat /etc/ssh/$f $sysconfdir/$f | sort >$tmp + mv $tmp /etc/ssh/$f + fi + else + cp $sysconfdir/$f /etc/ssh/$f + fi + done fi # update crontab for logrotate @@ -87,12 +101,32 @@ fi sed -i 's/^set /builtin set /' /etc/bash_completion +/usr/sbin/dpkg-reconfigure -f noninteractive openssh-server +rm -f /etc/ssh/*.broken +update-rc.d -f ssh remove >/dev/null + # Fix up PAM configuration for login so that invalid users are prompted # for password sed -i 's/requisite[ \t][ \t]*pam_securetty.so/required pam_securetty.so/' $rootfsdir/etc/pam.d/login [ grep "blacklist.*snd-pcsp" >&/dev/null ] || echo "blacklist snd-pcsp" >>/etc/modprobe.d/blacklist +# +# Ask mdadm to call our own event handling daemon +# +if [ -e /etc/default/mdadm ]; then + sed -i 's+^DAEMON_OPTIONS=.*$+DAEMON_OPTIONS="--syslog --program /opt/vyatta/sbin/vyatta-raid-event"+' /etc/default/mdadm +fi + +# --following is added to resolve issues related to bug 3567 on upgrade from hollywood to islavista-- +# back-up existing /etc/syslog.conf file in hollywood which might be broken +# and replace it with the default syslog.conf in islavista. when system restarts +# after upgrade, whatever is configured in CLI will be written to syslog.conf +# + +cp -p /etc/syslog.conf /etc/syslog.conf.bak +cp -f /opt/vyatta/etc/syslog.conf /etc/syslog.conf + # Local Variables: # mode: shell-script # sh-indentation: 4 |