[csw-maintainers] [csw-users] WARNING: upgrade problem with last openssh package under Solaris 10

[Mike Watters]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

the problem lies in the pre-remove although I don't have a copy for
solaris 8 I can look at.

The workaround I have used in the past for this problem is as follows:

first, ssh into the system, sudo root
cd /var/sadm/pkgs/CSWossh/install
cp preremove ~/  # to keep a copy for cleanup
edit the preremove script in install and before any other code
put exit 0  this will cause the package to skip the pre-remove as
successful. then you can pkgrm the new package without losing your ssh
connections.  before adding the "new" package, walk yourself through the
original pre-remove and cleanup the same things it did.  i.e.
/var/run/sshd.pid et.al.
then you can pkg-add your new version and as people disconnect and
re-connect their ssh version will be upgraded.

- -- Mike


Yann Rouillard wrote:
> Hi,
> 
> The previous openssh packages were incorrectly pushed in the csw
> repository tree: the solaris 8 package was pushed in the solaris 10 tree
> instead of the solaris 10 one.
> 
> As a side effect, with the current package, stopping openssh under
> Solaris 10 kills all ssh connections.
> 
> The problem will be solved with the next package release, which will
> soon land in the repository, but the upgrade will not go smoothly as the
> previous ssh processes will be stopped during the operation, hence 
> killing all ssh connections.
> 
> So if you perform the upgrade from an ssh connection, this connection
> will be killed, the ssh package will be left in a uninstalled state and
> you will not be able to log again on your server using ssh.
> 
> To avoid this problem:
> 
>   - either perform the upgrade from the console or using another remote
> shell
> 
>   - or follow this procedure:
> 
>     * launch manually the openssh daemon on a non-standard port:
>         /opt/csw/sbin/sshd -p 2022
> 
>     * connect to your server by ssh on this port:
>         ssh -p 2022 yourserver
> 
>     * perform the upgrade from this connection
> 
>     The openssh daemon manually launched will not be killed allowing you
> to perform the upgrade safely.
> 
> 
> I apologize for any inconvenience caused by this bug.
> 
> Yann
> 
> 
> 
> _______________________________________________
> users mailing list
> users at lists.opencsw.org
> https://lists.opencsw.org/mailman/listinfo/users

- --
Thanks,
Mike

"Any intelligent fool can make things bigger, more complex,
and more violent.  It takes a touch of genius -- and a lot of courage --
to move in the opposite direction."

* Albert Einstein 1879 - 1955
    US German-born Theoretical Physicist
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkmZlk0ACgkQLrhmsXMSLxez1QCfZN+jkMuDPTG1420NMcqM64Dy
wPwAoNLtbi9fGL8BjhQ6EDqyODbD5CdQ
=5PNk
-----END PGP SIGNATURE-----