[csw-users] Openssh upgrade problem under Solaris 10 for next package

Yann Rouillard yann at pleiades.fr.eu.org
Sat Aug 18 21:53:17 CEST 2007


Hi,

Following smf support in last openssh package, I have some problems with
the openssh upgrade for the next openssh package. 

Because of the process contract stuff, smf right now kills all ssh
processes when the service is disabled. 

This is a bug in itself and leads to two problem when openssh will be upgraded:

	- Problem 1: all the sshd connections will be closed 60s maximum after the
openssh package removal. Administrators may not be aware of this, and
this could close the current ssh connection used to do the upgrade.

	- Problem 2: smf is still trying to shutdown the previous sshd service
(waiting 60s before killing all sshd processes) when the new one is
being installed. And after that the service goes into maintenance mode
so the new sshd service will not be properly started.

Hence you can end up in a situation where you have no more opened ssh
connections and no way to open a new one.


For now, here is what I intend to do or did:

	- for problem 1: I don't see any workaround, so I will warn blastwave users
on -announce and -users before the next package will land in unstable.
	
	- for problem 2: I solved the problem by adding a little hack in
preinstall, it will wait for the service to quit the 'online*' state and
then will clear the service state, if it is in maintenance mode. 
This way, the sshd service will be restarted.

Updated solaris 10 packages are available in /testing:
http://www.blastwave.org/testing/openssh-4.6,REV=2007.08.17_rev=p1-SunOS5.10-i386-CSW.pkg.gz
http://www.blastwave.org/testing/openssh-4.6,REV=2007.08.17_rev=p1-SunOS5.10-sparc-CSW.pkg.gz

Comments and testing are welcome.

These problems will only affect next upgrade, because starting with theses packages, I enabled solaris contract support for Solaris 10 
which avoid the problem 1, and I now use the  "-s" option for "svcadm disable" in preremove so that a service really
is in the disabled state when the package is removed.


Yann





More information about the users mailing list