I upgraded my openssh installation from openssh-3.4_p1 to openssh-3.4_p1-r1 ("emerge --update openssh"). The installation went fine, but doing "emerge clean openssh" afterwards removed the "/var/empty" directory, which is needed for the default-enabled privilege separation. The absence of this directory makes the sshd fail to start if privilege separation is enabled. This was easily fixed by manually creating the directory with ownership and permissions as seen in the build (root.root, 0755). The solution would be to make the ebuild somehow mark the directory as needed so that clean doesn't take it out even if it's empty (as it should be).
new revision hitting portage shortly should fix this issue for you. Enjoy.
This looks to be broken again in 3.7.1_p2-r1. I just upgraded and all new connections didn't work (this is without even restarting sshd) because /var/empty went away.
Confirmed what Max said. Very annoying it was too, having to get physical access to the machine after upgrading. Is this one of those directories which needs a .keep file?
is this still a problem?
It was still a problem with the latest ebuild i think since my server lost its /var/empty and i could not get in via ssh anymore
Yes this is definitely a problem - i wasn't able to login into my housed-elsewhere-server after updating to net-misc/openssh-3.7.1_p2-r1 by running `emerge -U world`. It's strange though that the very same -U world procedure done on my client-box (i do this always _before_ i update the far away housed server, to check for errors in advance) didn't have that problem. The contents of /var/empty on my client machine (much older gentoo setup than the server has) is # ls -a /var/empty/ . .. .keep .keep.backup if that's of any help chasing the bug.
Have you had this problem with -r2? I'm closing this bug pending further comments, it looks like install was not doing it's job, but on 1/10/2004 brad_mssw fixed it.
