From f0e7b033d500baf5beb95f433b29968f75f680d49d5d56756a7672df7a7f1a4e Mon Sep 17 00:00:00 2001
From: Hans Petter Jansson <hpj@suse.com>
Date: Thu, 15 Oct 2020 14:25:21 +0000
Subject: [PATCH] Accepting request 840337 from home:hpjansson:sle-14821

- Work around %service_add_post disabling sshd on upgrade with
  package name change (bsc#1177039).

- Use of DISABLE_RESTART_ON_UPDATE is deprecated.
  Replace it with %service_del_postun_without_restart

OBS-URL: https://build.opensuse.org/request/show/840337
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=218
---
 openssh.changes | 13 +++++++++++++
 openssh.spec    | 51 ++++++++++++++++++++++++++++++++++++++++---------
 2 files changed, 55 insertions(+), 9 deletions(-)

diff --git a/openssh.changes b/openssh.changes
index 4511472..cd21072 100644
--- a/openssh.changes
+++ b/openssh.changes
@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Thu Oct  8 21:38:27 UTC 2020 - Hans Petter Jansson <hpj@suse.com>
+
+- Work around %service_add_post disabling sshd on upgrade with
+  package name change (bsc#1177039).
+
 -------------------------------------------------------------------
 Fri Sep 25 13:40:51 UTC 2020 - Dominique Leuenberger <dimstar@opensuse.org>
 
@@ -8,6 +14,13 @@ Fri Sep 25 13:40:51 UTC 2020 - Dominique Leuenberger <dimstar@opensuse.org>
     client-relevant sysconfig file present. The naming of the
     sysconfig file (ssh instead of sshd) is unfortunate.
 
+-------------------------------------------------------------------
+Fri Sep 25 10:59:50 UTC 2020 - Franck Bui <fbui@suse.com>
+
+- Use of DISABLE_RESTART_ON_UPDATE is deprecated.
+
+  Replace it with %service_del_postun_without_restart
+
 -------------------------------------------------------------------
 Thu Sep 17 20:41:39 UTC 2020 - Jan Engelhardt <jengelh@inai.de>
 
diff --git a/openssh.spec b/openssh.spec
index 140a4ca..359ae20 100644
--- a/openssh.spec
+++ b/openssh.spec
@@ -30,6 +30,9 @@
 %define _appdefdir  %( grep "configdirspec=" $( which xmkmf ) | sed -r 's,^[^=]+=.*-I(.*)/config.*$,\\1/app-defaults,' )
 %define CHECKSUM_SUFFIX .hmac
 %define CHECKSUM_HMAC_KEY "HMAC_KEY:OpenSSH-FIPS@SLE"
+%define _tmpenableddir  %{_localstatedir}/lib/sshd
+%define _tmpenabledfile %{_tmpenableddir}/is-enabled.rpmtmp
+
 #Compat macro for new _fillupdir macro introduced in Nov 2017
 %if ! %{defined _fillupdir}
   %define _fillupdir %{_localstatedir}/adm/fillup-templates
@@ -127,7 +130,7 @@ BuildRequires:  krb5-mini-devel
 %description
 SSH (Secure Shell) is a program for logging into and executing commands
 on a remote machine. It replaces rsh (rlogin and rsh) and
-provides a secure encrypted communication between two untrusted
+provides secure encrypted communication between two untrusted
 hosts over an insecure network.
 
 xorg-x11 (X Window System) connections and arbitrary TCP/IP ports can
@@ -146,7 +149,7 @@ Conflicts:      %{name}-fips > %{version}-%{release}
 %description common
 SSH (Secure Shell) is a program for logging into and executing commands
 on a remote machine. It replaces rsh (rlogin and rsh) and
-provides a secure encrypted communication between two untrusted
+provides secure encrypted communication between two untrusted
 hosts over an insecure network.
 
 xorg-x11 (X Window System) connections and arbitrary TCP/IP ports can
@@ -168,7 +171,7 @@ Provides:       openssh:%{_sbindir}/sshd
 %description server
 SSH (Secure Shell) is a program for logging into and executing commands
 on a remote machine. It replaces rsh (rlogin and rsh) and
-provides a secure encrypted communication between two untrusted
+provides secure encrypted communication between two untrusted
 hosts over an insecure network.
 
 xorg-x11 (X Window System) connections and arbitrary TCP/IP ports can
@@ -186,7 +189,7 @@ Provides:       openssh:%{_bindir}/ssh
 %description clients
 SSH (Secure Shell) is a program for logging into and executing commands
 on a remote machine. It replaces rsh (rlogin and rsh) and
-provides a secure encrypted communication between two untrusted
+provides secure encrypted communication between two untrusted
 hosts over an insecure network.
 
 xorg-x11 (X Window System) connections and arbitrary TCP/IP ports can
@@ -203,7 +206,7 @@ Requires:       %{name}-common = %{version}-%{release}
 %description helpers
 SSH (Secure Shell) is a program for logging into and executing commands
 on a remote machine. It replaces rsh (rlogin and rsh) and
-provides a secure encrypted communication between two untrusted
+provides secure encrypted communication between two untrusted
 hosts over an insecure network.
 
 xorg-x11 (X Window System) connections and arbitrary TCP/IP ports can
@@ -230,7 +233,7 @@ Group:          Productivity/Networking/SSH
 Requires:       %{name}-common = %{version}-%{release}
 
 %description cavs
-This package contains the FIPS140 CAVS (Cryptographic Algorithm
+This package contains the FIPS-140 CAVS (Cryptographic Algorithm
 Validation Program/Suite) related tests of OpenSSH.
 
 %prep
@@ -330,9 +333,27 @@ done
 
 }}
 
+%pre
+# Remember whether the sshd service was enabled prior to an upgrade. This
+# is needed when upgrading to a split-off openssh-server package. The
+# %%service_add_post scriptlet (in %%post server) will see it as a new service
+# and apply the preset, disabling it. We need to reenable it afterwards if
+# necessary.
+if [ -x %{_bindir}/systemctl ]; then
+    mkdir -p %{_tmpenableddir} || :
+    %{_bindir}/systemctl is-enabled sshd > %{_tmpenabledfile} || :
+fi
+
 %pre server
 getent group sshd >/dev/null || %{_sbindir}/groupadd -r sshd
 getent passwd sshd >/dev/null || %{_sbindir}/useradd -r -g sshd -d %{_localstatedir}/lib/sshd -s /bin/false -c "SSH daemon" sshd
+
+# See %%pre.
+if [ -x %{_bindir}/systemctl ]; then
+    mkdir -p %{_tmpenableddir} || :
+    %{_bindir}/systemctl is-enabled sshd > %{_tmpenabledfile} || :
+fi
+
 %service_add_pre sshd.service
 
 %post server
@@ -340,15 +361,27 @@ getent passwd sshd >/dev/null || %{_sbindir}/useradd -r -g sshd -d %{_localstate
 %service_add_post sshd.service
 %set_permissions %{_sysconfdir}/ssh/sshd_config
 
+# Work around %%service_add_post disabling the service on upgrades where
+# the package name changed.
+if [ -x %{_bindir}/systemctl ] && [ -f %{_tmpenabledfile} ] \
+    && [ x$(cat %{_tmpenabledfile} || :) == "xenabled" ]; then
+    systemctl enable sshd || :
+fi
+
+rm -f %{_tmpenabledfile}
+
 %preun server
 %service_del_preun sshd.service
 
 %postun server
 # The openssh-fips trigger script for openssh will normally restart sshd once
-# it gets installed, so only restart the service here is openssh-fips is not
-# present
-rpm -q openssh-fips >/dev/null 2>/dev/null && DISABLE_RESTART_ON_UPDATE=yes
+# it gets installed, so only restart the service here if openssh-fips is not
+# present.
+if rpm -q openssh-fips >/dev/null 2>/dev/null; then
+%service_del_postun_without_restart sshd.service
+else
 %service_del_postun sshd.service
+fi
 
 %triggerin -n openssh-fips -- %{name} = %{version}-%{release}
 %restart_on_update sshd