Fire off an atrun? -Dan
Sent from my iPhone > On Oct 30, 2025, at 13:25, Lexi Winter <[email protected]> wrote: > > hello, > > there is a known issue in sshd(8) where, if you replace the sshd binary > on disk, but do not restart sshd, it will no longer accept connections > until the service is restarted. > > for freebsd-update, we solve this by restarting the sshd service if the > sshd binary is updated. > > for pkgbase, i wanted to do this with a trigger, but it seems like this > doesn't work because pkg only considers directories when evaluating > triggers, i.e. you can't say 'path: "/usr/sbin/sshd"' since the trigger > will never be matched. > > this means that future security updates to sshd in 15.0 might lock > people out of their system when we don't restart sshd. > > does anyone have a specific, actionable suggestion on how we can fix > this today for 15.0? > > note, we cannot use a post-install script since pkg kills all > subprocesses of the post-install script before exiting. > <signature.asc>
