Dan Mahoney wrote in <[email protected]>: > > On Oct 30, 2025, at 13:25, Lexi Winter <[email protected]> wrote: > > > > hello, > > > > there is a known issue in sshd(8) where, if you replace the sshd binary > > on disk, but do not restart sshd, it will no longer accept connections > > until the service is restarted. > > > > for freebsd-update, we solve this by restarting the sshd service if the > > sshd binary is updated. > > > > for pkgbase, i wanted to do this with a trigger, but it seems like this > > doesn't work because pkg only considers directories when evaluating > > triggers, i.e. you can't say 'path: "/usr/sbin/sshd"' since the trigger > > will never be matched. > > > > this means that future security updates to sshd in 15.0 might lock > > people out of their system when we don't restart sshd. > > > > does anyone have a specific, actionable suggestion on how we can fix > > this today for 15.0? > > > > note, we cannot use a post-install script since pkg kills all > > subprocesses of the post-install script before exiting. > > <signature.asc> > Fire off an atrun?
i don't think this will work reliably since cron may not be running, particularly in jails.
signature.asc
Description: PGP signature
