From 68906a1e982adb9785d521c4d3ff21a47dd99d6a Mon Sep 17 00:00:00 2001
From: Alexandre Aubin <alexandre.aubin@cern.ch>
Date: Thu, 25 Oct 2018 22:16:36 +0200
Subject: [PATCH] Improve comments

---
 .../0006_manage_sshd_config.py                | 27 ++++++++++++++-----
 1 file changed, 21 insertions(+), 6 deletions(-)

diff --git a/src/yunohost/data_migrations/0006_manage_sshd_config.py b/src/yunohost/data_migrations/0006_manage_sshd_config.py
index 13b0bbadf..68ee020fd 100644
--- a/src/yunohost/data_migrations/0006_manage_sshd_config.py
+++ b/src/yunohost/data_migrations/0006_manage_sshd_config.py
@@ -20,8 +20,14 @@ SSHD_CONF = '/etc/ssh/sshd_config'
 
 class MyMigration(Migration):
     """
-    Ensure SSH conf is managed by YunoHost, reapply initial change and setup an
-    extension dir
+    This is an automatic migration, that ensure SSH conf is managed by YunoHost
+    (even if the "from_script" flag is present)
+    
+    If the from_script flag exists, then we keep the current SSH conf such that it
+    will appear as "manually modified" to the regenconf.
+    
+    The admin can then choose in the next migration (manual, thi time) wether or 
+    not to actually use the recommended configuration.
     """
 
     def migrate(self):
@@ -40,25 +46,34 @@ class MyMigration(Migration):
         if not os.path.exists(SSHD_CONF + '.d'):
             mkdir(SSHD_CONF + '.d', 0755, uid='root', gid='root')
 
-        # Manage SSHd in all case
+        # Here, we make it so that /etc/ssh/sshd_config is managed
+        # by the regen conf (in particular in the case where the 
+        # from_script flag is present - in which case it was *not* 
+        # managed by the regenconf)
+        # But because we can't be sure the user wants to use the
+        # recommended conf, we backup then restore the /etc/ssh/sshd_config
+        # right after the regenconf, such that it will appear as
+        # "manually modified".
         if os.path.exists('/etc/yunohost/from_script'):
             rm('/etc/yunohost/from_script')
             copyfile(SSHD_CONF, '/etc/ssh/sshd_config.bkp')
             service_regen_conf(names=['ssh'], force=True)
             copyfile('/etc/ssh/sshd_config.bkp', SSHD_CONF)
 
-        # If custom conf, add 'Include' instruction
+        # If we detect the conf as manually modified
         ynh_hash = _get_conf_hashes('ssh')[SSHD_CONF]
         current_hash = _calculate_hash(SSHD_CONF)
-        include_rgx = r'^[ \t]*Include[ \t]+sshd_config\.d/\*[ \t]*(?:#.*)?$'
         if ynh_hash != current_hash:
 
+             # And if there's not already an "Include ssh_config.d/*" directive
+            include_rgx = r'^[ \t]*Include[ \t]+sshd_config\.d/\*[ \t]*(?:#.*)?$'
             add_include = False
             for line in open(SSHD_CONF):
                 if re.match(include_rgx, line) is not None:
                     add_include = True
                     break
 
+            # We add an "Include sshd_config.d/*" directive
             if add_include:
                 with open(SSHD_CONF, "a") as conf:
                     conf.write('Include sshd_config.d/*')
@@ -69,8 +84,8 @@ class MyMigration(Migration):
             raise MoulinetteError(m18n.n("migration_0006_cancel"))
 
     def backward(self):
-        # We don't backward completely but it should be enough
 
+        # We don't backward completely but it should be enough
         copyfile('/etc/ssh/sshd_config.bkp', SSHD_CONF)
         if not _run_service_command('restart', 'ssh'):
             raise MoulinetteError(m18n.n("migration_0006_cannot_restart"))