Date: Thu, 30 Oct 2025 20:25:37 +0000 From: Lexi Winter <ivy@freebsd.org> To: pkgbase@freebsd.org Subject: a sad story about /usr/sbin/sshd and pkg triggers Message-ID: <aQPJwdWtN-f5qF_D@amaryllis.le-fay.org>
index | next in thread | raw e-mail
[-- Attachment #1 --] hello, there is a known issue in sshd(8) where, if you replace the sshd binary on disk, but do not restart sshd, it will no longer accept connections until the service is restarted. for freebsd-update, we solve this by restarting the sshd service if the sshd binary is updated. for pkgbase, i wanted to do this with a trigger, but it seems like this doesn't work because pkg only considers directories when evaluating triggers, i.e. you can't say 'path: "/usr/sbin/sshd"' since the trigger will never be matched. this means that future security updates to sshd in 15.0 might lock people out of their system when we don't restart sshd. does anyone have a specific, actionable suggestion on how we can fix this today for 15.0? note, we cannot use a post-install script since pkg kills all subprocesses of the post-install script before exiting. [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- iHUEABYKAB0WIQSyjTg96lp3RifySyn1nT63mIK/YAUCaQPJvgAKCRD1nT63mIK/ YJtzAQCz4NNR2XCni5SKaxgPDpR2lftAqkYHEdExZlTLfkSiFgD/dJMECBNKe4Nx M2dqVwi26arWVMfoTRE5YbPGryPXagk= =Twuc -----END PGP SIGNATURE-----home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?aQPJwdWtN-f5qF_D>