net-misc/openssh-8.2_p1-r1: Refactor upgrade warnings again

Package-Manager: Portage-2.3.89, Repoman-2.3.20
Signed-off-by: Patrick McLean <chutzpah@gentoo.org>

1 files changed, 44 insertions, 44 deletions

diff --git a/net-misc/openssh/openssh-8.2_p1-r1.ebuild b/net-misc/openssh/openssh-8.2_p1-r1.ebuild
index aa9c926b3f78..23a61c4f6d01 100644
--- a/net-misc/openssh/openssh-8.2_p1-r1.ebuild
+++ b/net-misc/openssh/openssh-8.2_p1-r1.ebuild
@@ -415,47 +415,53 @@ src_install() {
 }
 
 pkg_preinst() {
-	has_version "<${CATEGORY}/${PN}-5.8_p1" && show_ecdsa_warning=1
-	has_version "<${CATEGORY}/${PN}-7.0_p1" && show_tcpd_warning=1
-	has_version "<${CATEGORY}/${PN}-7.1_p1" && show_dss_warning=1
-	has_version "<${CATEGORY}/${PN}-7.6_p1" && show_ssh1_warning=1
-	has_version "<${CATEGORY}/${PN}-7.7_p1" && show_ldap_warning=1
-	has_version "<${CATEGORY}/${PN}-8.2_p1" && show_restart_warning=1
+	if ! use ssl && has_version "${CATEGORY}/${PN}[ssl]"; then
+		show_ssl_warning=1
+	fi
 }
 
 pkg_postinst() {
-	if [[ -n ${show_ecdsa_warning} ]]; then
-		elog "Starting with openssh-5.8p1, the server will default to a newer key"
-		elog "algorithm (ECDSA).  You are encouraged to manually update your stored"
-		elog "keys list as servers update theirs.  See ssh-keyscan(1) for more info."
-	fi
-	if [[ -n ${show_tcpd_warning} ]]; then
-		elog "Starting with openssh-6.7, support for USE=tcpd has been dropped by upstream."
-		elog "Make sure to update any configs that you might have.  Note that xinetd might"
-		elog "be an alternative for you as it supports USE=tcpd."
-	fi
-	if [[ -n ${show_dss_warning} ]]; then #557388 #555518
-		elog "Starting with openssh-7.0, support for ssh-dss keys were disabled due to their"
-		elog "weak sizes.  If you rely on these key types, you can re-enable the key types by"
-		elog "adding to your sshd_config or ~/.ssh/config files:"
-		elog "	PubkeyAcceptedKeyTypes=+ssh-dss"
-		elog "You should however generate new keys using rsa or ed25519."
-
-		elog "Starting with openssh-7.0, the default for PermitRootLogin changed from 'yes'"
-		elog "to 'prohibit-password'.  That means password auth for root users no longer works"
-		elog "out of the box.  If you need this, please update your sshd_config explicitly."
-	fi
-	if [[ -n ${show_ssh1_warning} ]] ; then
-		elog "Starting with openssh-7.6p1, openssh upstream has removed ssh1 support entirely."
-		elog "Furthermore, rsa keys with less than 1024 bits will be refused."
-	fi
-	if [[ -n ${show_ldap_warning} ]]; then
-		elog "Starting with openssh-7.7p1, we no longer patch openssh to provide LDAP functionality."
-		elog "Install sys-auth/ssh-ldap-pubkey and use OpenSSH's \"AuthorizedKeysCommand\" option"
-		elog "if you need to authenticate against LDAP."
-		elog "See https://wiki.gentoo.org/wiki/SSH/LDAP_migration for more details."
-	fi
-	if ! use ssl && has_version "${CATEGORY}/${PN}[ssl]" ; then
+	local old_ver
+	for old_ver in ${REPLACING_VERSIONS}; do
+		if ver_test "${old_ver}" -lt "5.8_p1"; then
+			elog "Starting with openssh-5.8p1, the server will default to a newer key"
+			elog "algorithm (ECDSA).  You are encouraged to manually update your stored"
+			elog "keys list as servers update theirs.  See ssh-keyscan(1) for more info."
+		fi
+		if ver_test "${old_ver}" -lt "7.0_p1"; then
+			elog "Starting with openssh-6.7, support for USE=tcpd has been dropped by upstream."
+			elog "Make sure to update any configs that you might have.  Note that xinetd might"
+			elog "be an alternative for you as it supports USE=tcpd."
+		fi
+		if ver_test "${old_ver}" -lt "7.1_p1"; then #557388 #555518
+			elog "Starting with openssh-7.0, support for ssh-dss keys were disabled due to their"
+			elog "weak sizes.  If you rely on these key types, you can re-enable the key types by"
+			elog "adding to your sshd_config or ~/.ssh/config files:"
+			elog "	PubkeyAcceptedKeyTypes=+ssh-dss"
+			elog "You should however generate new keys using rsa or ed25519."
+
+			elog "Starting with openssh-7.0, the default for PermitRootLogin changed from 'yes'"
+			elog "to 'prohibit-password'.  That means password auth for root users no longer works"
+			elog "out of the box.  If you need this, please update your sshd_config explicitly."
+		fi
+		if ver_test "${old_ver}" -lt "7.6_p1"; then
+			elog "Starting with openssh-7.6p1, openssh upstream has removed ssh1 support entirely."
+			elog "Furthermore, rsa keys with less than 1024 bits will be refused."
+		fi
+		if ver_test "${old_ver}" -lt "7.7_p1"; then
+			elog "Starting with openssh-7.7p1, we no longer patch openssh to provide LDAP functionality."
+			elog "Install sys-auth/ssh-ldap-pubkey and use OpenSSH's \"AuthorizedKeysCommand\" option"
+			elog "if you need to authenticate against LDAP."
+			elog "See https://wiki.gentoo.org/wiki/SSH/LDAP_migration for more details."
+		fi
+		if ver_test "${old_ver}" -lt "8.2_p1"; then
+			ewarn "After upgrading to openssh-8.2p1 please restart sshd, otherwise you"
+			ewarn "will not be able to establish new sessions. Restarting sshd over a ssh"
+			ewarn "connection is generally safe."
+		fi
+	done
+
+	if [[ -n ${show_ssl_warning} ]]; then
 		elog "Be aware that by disabling openssl support in openssh, the server and clients"
 		elog "no longer support dss/rsa/ecdsa keys.  You will need to generate ed25519 keys"
 		elog "and update all clients/servers that utilize them."
@@ -472,10 +478,4 @@ pkg_postinst() {
 		elog "Otherwise you maybe unable to connect to this sshd using any AES CTR cipher."
 		elog ""
 	fi
-
-	if [[ -n ${show_restart_warning} ]]; then
-		ewarn "After upgrading to openssh-8.2p1 please restart sshd, otherwise you"
-		ewarn "will not be able to establish new sessions. Restarting sshd over a ssh"
-		ewarn "connection is generally safe."
-	fi
 }