Comment 16 for bug 1993478

+ if dpkg --compare-versions "$2" lt-nl 1:9.0p1-1ubuntu8~ && [ -n "$NO_SOCKET_MIGRATION" ]; then

I'm going to ask that we be ultra-conservative here. It is very difficult in general to un-do in a maintainer script something that we think we did previously, because the admin may have done who-knows-what in between and we may be undoing things that weren't actually ours. So whenever it's possible to detect that it wasn't us that did a thing, we should avoid trying to undo it.

In the case of this particular failure, the state of the system of a user hit by this bug will be:
 - /etc/systemd/system/ssh.service.d/00-socket.conf and /etc/systemd/system/ssh.socket.d/addresses.conf both exist
- $2 argument to postinst will be LESS than 1:9.0p1-1ubuntu8~ because the release version of openssh-server will have failed to configure

So I suggest the following instead:

        if dpkg --compare-versions "$2" lt-nl 1:9.0p1-1ubuntu7~ \
           && [ -e /etc/systemd/system/ssh.socket.d/addresses.conf ] \
           && [ -e /etc/systemd/system/ssh.service.d/00-socket.conf ] \
           && [ -n "$NO_SOCKET_MIGRATION" ]; then

This ensures that if, for any other reason the user has enabled the ssh.socket unit but our script says NO_SOCKET_MIGRATION, we don't mangle the systemd units to disable socket activation that might not have been enabled by us in the first place.

(As a bonus, it will simplify and shorten the de-migration code overall.)