]>
Commit | Line | Data |
---|---|---|
3c0ef626 | 1 | #!/bin/sh |
2 | # | |
700318f3 | 3 | # Fake Root Solaris/SVR4/SVR5 Build System - Prototype |
3c0ef626 | 4 | # |
5 | # The following code has been provide under Public Domain License. I really | |
6 | # don't care what you use it for. Just as long as you don't complain to me | |
7 | # nor my employer if you break it. - Ben Lindstrom (mouring@eviladmin.org) | |
12408a1b | 8 | # |
3c0ef626 | 9 | umask 022 |
700318f3 | 10 | # |
11 | # Options for building the package | |
12 | # You can create a config.local with your customized options | |
13 | # | |
41b2f314 | 14 | # uncommenting TEST_DIR and using |
15 | # configure --prefix=/var/tmp --with-privsep-path=/var/tmp/empty | |
12408a1b | 16 | # and |
700318f3 | 17 | # PKGNAME=tOpenSSH should allow testing a package without interfering |
41b2f314 | 18 | # with a real OpenSSH package on a system. This is not needed on systems |
19 | # that support the -R option to pkgadd. | |
700318f3 | 20 | #TEST_DIR=/var/tmp # leave commented out for production build |
3c0ef626 | 21 | PKGNAME=OpenSSH |
700318f3 | 22 | SYSVINIT_NAME=opensshd |
23 | MAKE=${MAKE:="make"} | |
41b2f314 | 24 | SSHDUID=67 # Default privsep uid |
25 | SSHDGID=67 # Default privsep gid | |
700318f3 | 26 | # uncomment these next two as needed |
27 | #PERMIT_ROOT_LOGIN=no | |
28 | #X11_FORWARDING=yes | |
29 | # list of system directories we do NOT want to change owner/group/perms | |
30 | # when installing our package | |
31 | SYSTEM_DIR="/etc \ | |
32 | /etc/init.d \ | |
33 | /etc/rcS.d \ | |
34 | /etc/rc0.d \ | |
35 | /etc/rc1.d \ | |
36 | /etc/rc2.d \ | |
37 | /etc/opt \ | |
38 | /opt \ | |
39 | /opt/bin \ | |
40 | /usr \ | |
41 | /usr/bin \ | |
42 | /usr/lib \ | |
43 | /usr/sbin \ | |
44 | /usr/share \ | |
45 | /usr/share/man \ | |
46 | /usr/share/man/man1 \ | |
47 | /usr/share/man/man8 \ | |
48 | /usr/local \ | |
49 | /usr/local/bin \ | |
50 | /usr/local/etc \ | |
51 | /usr/local/libexec \ | |
52 | /usr/local/man \ | |
53 | /usr/local/man/man1 \ | |
54 | /usr/local/man/man8 \ | |
55 | /usr/local/sbin \ | |
56 | /usr/local/share \ | |
57 | /var \ | |
58 | /var/opt \ | |
59 | /var/run \ | |
60 | /var/tmp \ | |
61 | /tmp" | |
3c0ef626 | 62 | |
41b2f314 | 63 | # We may need to build as root so we make sure PATH is set up |
700318f3 | 64 | # only set the path if it's not set already |
65 | [ -d /usr/local/bin ] && { | |
66 | echo $PATH | grep ":/usr/local/bin" > /dev/null 2>&1 | |
67 | [ $? -ne 0 ] && PATH=$PATH:/usr/local/bin | |
68 | } | |
69 | [ -d /usr/ccs/bin ] && { | |
70 | echo $PATH | grep ":/usr/ccs/bin" > /dev/null 2>&1 | |
71 | [ $? -ne 0 ] && PATH=$PATH:/usr/ccs/bin | |
72 | } | |
73 | export PATH | |
74 | # | |
75 | ||
76 | [ -f Makefile ] || { | |
77 | echo "Please run this script from your build directory" | |
78 | exit 1 | |
79 | } | |
80 | ||
81 | # we will look for config.local to override the above options | |
82 | [ -s ./config.local ] && . ./config.local | |
3c0ef626 | 83 | |
12408a1b | 84 | ## Start by faking root install |
3c0ef626 | 85 | echo "Faking root install..." |
86 | START=`pwd` | |
700318f3 | 87 | OPENSSHD_IN=`dirname $0`/opensshd.in |
3c0ef626 | 88 | FAKE_ROOT=$START/package |
700318f3 | 89 | [ -d $FAKE_ROOT ] && rm -fr $FAKE_ROOT |
3c0ef626 | 90 | mkdir $FAKE_ROOT |
700318f3 | 91 | ${MAKE} install-nokeys DESTDIR=$FAKE_ROOT |
92 | if [ $? -gt 0 ] | |
93 | then | |
94 | echo "Fake root install failed, stopping." | |
95 | exit 1 | |
96 | fi | |
3c0ef626 | 97 | |
98 | ## Fill in some details, like prefix and sysconfdir | |
700318f3 | 99 | for confvar in prefix exec_prefix bindir sbindir libexecdir datadir mandir sysconfdir piddir |
100 | do | |
12408a1b | 101 | eval $confvar=`grep "^$confvar=" Makefile | cut -d = -f 2` |
700318f3 | 102 | done |
3c0ef626 | 103 | |
41b2f314 | 104 | |
105 | ## Collect value of privsep user | |
106 | for confvar in SSH_PRIVSEP_USER | |
107 | do | |
12408a1b | 108 | eval $confvar=`awk '/#define[ \t]'$confvar'/{print $3}' config.h` |
41b2f314 | 109 | done |
110 | ||
111 | ## Set privsep defaults if not defined | |
112 | if [ -z "$SSH_PRIVSEP_USER" ] | |
113 | then | |
12408a1b | 114 | SSH_PRIVSEP_USER=sshd |
41b2f314 | 115 | fi |
116 | ||
700318f3 | 117 | ## Extract common info requires for the 'info' part of the package. |
118 | VERSION=`./ssh -V 2>&1 | sed -e 's/,.*//'` | |
3c0ef626 | 119 | |
700318f3 | 120 | UNAME_S=`uname -s` |
121 | case ${UNAME_S} in | |
122 | SunOS) UNAME_S=Solaris | |
123 | ARCH=`uname -p` | |
124 | RCS_D=yes | |
125 | DEF_MSG="(default: n)" | |
126 | ;; | |
41b2f314 | 127 | *) ARCH=`uname -m` |
128 | DEF_MSG="\n" ;; | |
700318f3 | 129 | esac |
130 | ||
131 | ## Setup our run level stuff while we are at it. | |
132 | mkdir -p $FAKE_ROOT${TEST_DIR}/etc/init.d | |
3c0ef626 | 133 | |
134 | ## setup our initscript correctly | |
700318f3 | 135 | sed -e "s#%%configDir%%#${sysconfdir}#g" \ |
136 | -e "s#%%openSSHDir%%#$prefix#g" \ | |
137 | -e "s#%%pidDir%%#${piddir}#g" \ | |
138 | ${OPENSSHD_IN} > $FAKE_ROOT${TEST_DIR}/etc/init.d/${SYSVINIT_NAME} | |
139 | chmod 744 $FAKE_ROOT${TEST_DIR}/etc/init.d/${SYSVINIT_NAME} | |
3c0ef626 | 140 | |
700318f3 | 141 | [ "${PERMIT_ROOT_LOGIN}" = no ] && \ |
142 | perl -p -i -e "s/#PermitRootLogin yes/PermitRootLogin no/" \ | |
143 | $FAKE_ROOT/${sysconfdir}/sshd_config | |
144 | [ "${X11_FORWARDING}" = yes ] && \ | |
145 | perl -p -i -e "s/#X11Forwarding no/X11Forwarding yes/" \ | |
146 | $FAKE_ROOT/${sysconfdir}/sshd_config | |
147 | # fix PrintMotd | |
148 | perl -p -i -e "s/#PrintMotd yes/PrintMotd no/" \ | |
149 | $FAKE_ROOT/${sysconfdir}/sshd_config | |
3c0ef626 | 150 | |
700318f3 | 151 | # We don't want to overwrite config files on multiple installs |
152 | mv $FAKE_ROOT/${sysconfdir}/ssh_config $FAKE_ROOT/${sysconfdir}/ssh_config.default | |
153 | mv $FAKE_ROOT/${sysconfdir}/sshd_config $FAKE_ROOT/${sysconfdir}/sshd_config.default | |
154 | [ -f $FAKE_ROOT/${sysconfdir}/ssh_prng_cmds ] && \ | |
155 | mv $FAKE_ROOT/${sysconfdir}/ssh_prng_cmds $FAKE_ROOT/${sysconfdir}/ssh_prng_cmds.default | |
156 | ||
157 | cd $FAKE_ROOT | |
3c0ef626 | 158 | |
159 | ## Ok, this is outright wrong, but it will work. I'm tired of pkgmk | |
160 | ## whining. | |
161 | for i in *; do | |
162 | PROTO_ARGS="$PROTO_ARGS $i=/$i"; | |
163 | done | |
164 | ||
165 | ## Build info file | |
166 | echo "Building pkginfo file..." | |
167 | cat > pkginfo << _EOF | |
168 | PKG=$PKGNAME | |
700318f3 | 169 | NAME="OpenSSH Portable for ${UNAME_S}" |
3c0ef626 | 170 | DESC="Secure Shell remote access utility; replaces telnet and rlogin/rsh." |
171 | VENDOR="OpenSSH Portable Team - http://www.openssh.com/portable.html" | |
3c0ef626 | 172 | ARCH=$ARCH |
173 | VERSION=$VERSION | |
700318f3 | 174 | CATEGORY="Security,application" |
3c0ef626 | 175 | BASEDIR=/ |
700318f3 | 176 | CLASSES="none" |
177 | _EOF | |
178 | ||
179 | ## Build preinstall file | |
180 | echo "Building preinstall file..." | |
181 | cat > preinstall << _EOF | |
182 | #! /sbin/sh | |
183 | # | |
184 | [ "\${PRE_INS_STOP}" = "yes" ] && ${TEST_DIR}/etc/init.d/${SYSVINIT_NAME} stop | |
185 | exit 0 | |
3c0ef626 | 186 | _EOF |
187 | ||
700318f3 | 188 | ## Build postinstall file |
189 | echo "Building postinstall file..." | |
190 | cat > postinstall << _EOF | |
191 | #! /sbin/sh | |
192 | # | |
41b2f314 | 193 | [ -f \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_config ] || \\ |
194 | cp -p \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_config.default \\ | |
195 | \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_config | |
196 | [ -f \${PKG_INSTALL_ROOT}${sysconfdir}/sshd_config ] || \\ | |
197 | cp -p \${PKG_INSTALL_ROOT}${sysconfdir}/sshd_config.default \\ | |
198 | \${PKG_INSTALL_ROOT}${sysconfdir}/sshd_config | |
199 | [ -f \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_prng_cmds.default ] && { | |
200 | [ -f \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_prng_cmds ] || \\ | |
201 | cp -p \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_prng_cmds.default \\ | |
202 | \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_prng_cmds | |
700318f3 | 203 | } |
204 | ||
205 | # make rc?.d dirs only if we are doing a test install | |
206 | [ -n "${TEST_DIR}" ] && { | |
207 | [ "$RCS_D" = yes ] && mkdir -p ${TEST_DIR}/etc/rcS.d | |
208 | mkdir -p ${TEST_DIR}/etc/rc0.d | |
209 | mkdir -p ${TEST_DIR}/etc/rc1.d | |
210 | mkdir -p ${TEST_DIR}/etc/rc2.d | |
211 | } | |
212 | ||
213 | if [ "\${USE_SYM_LINKS}" = yes ] | |
214 | then | |
215 | [ "$RCS_D" = yes ] && \ | |
41b2f314 | 216 | installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rcS.d/K30${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s |
217 | installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc0.d/K30${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s | |
218 | installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc1.d/K30${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s | |
219 | installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc2.d/S98${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s | |
700318f3 | 220 | else |
221 | [ "$RCS_D" = yes ] && \ | |
41b2f314 | 222 | installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rcS.d/K30${SYSVINIT_NAME}=$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l |
223 | installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc0.d/K30${SYSVINIT_NAME}=$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l | |
224 | installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc1.d/K30${SYSVINIT_NAME}=$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l | |
225 | installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc2.d/S98${SYSVINIT_NAME}=$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l | |
700318f3 | 226 | fi |
227 | ||
228 | # If piddir doesn't exist we add it. (Ie. --with-pid-dir=/var/opt/ssh) | |
41b2f314 | 229 | [ -d $piddir ] || installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR$piddir d 755 root sys |
700318f3 | 230 | |
231 | installf -f ${PKGNAME} | |
232 | ||
41b2f314 | 233 | # Use chroot to handle PKG_INSTALL_ROOT |
234 | if [ ! -z "\${PKG_INSTALL_ROOT}" ] | |
235 | then | |
236 | chroot="chroot \${PKG_INSTALL_ROOT}" | |
237 | fi | |
238 | # If this is a test build, we will skip the groupadd/useradd/passwd commands | |
239 | if [ ! -z "${TEST_DIR}" ] | |
240 | then | |
241 | chroot=echo | |
242 | fi | |
243 | ||
244 | if egrep '^[ \t]*UsePrivilegeSeparation[ \t]+no' \${PKG_INSTALL_ROOT}/$sysconfdir/sshd_config >/dev/null | |
245 | then | |
12408a1b | 246 | echo "UsePrivilegeSeparation disabled in config, not creating PrivSep user" |
247 | echo "or group." | |
41b2f314 | 248 | else |
12408a1b | 249 | echo "UsePrivilegeSeparation enabled in config (or defaulting to on)." |
41b2f314 | 250 | |
12408a1b | 251 | # create group if required |
252 | if cut -f1 -d: \${PKG_INSTALL_ROOT}/etc/group | egrep '^'$SSH_PRIVSEP_USER'\$' >/dev/null | |
253 | then | |
254 | echo "PrivSep group $SSH_PRIVSEP_USER already exists." | |
255 | else | |
41b2f314 | 256 | # Use gid of 67 if possible |
257 | if cut -f3 -d: \${PKG_INSTALL_ROOT}/etc/group | egrep '^'$SSHDGID'\$' >/dev/null | |
258 | then | |
259 | : | |
260 | else | |
261 | sshdgid="-g $SSHDGID" | |
262 | fi | |
12408a1b | 263 | echo "Creating PrivSep group $SSH_PRIVSEP_USER." |
264 | \$chroot /usr/sbin/groupadd \$sshdgid $SSH_PRIVSEP_USER | |
265 | fi | |
266 | ||
267 | # Create user if required | |
268 | if cut -f1 -d: \${PKG_INSTALL_ROOT}/etc/passwd | egrep '^'$SSH_PRIVSEP_USER'\$' >/dev/null | |
269 | then | |
270 | echo "PrivSep user $SSH_PRIVSEP_USER already exists." | |
271 | else | |
41b2f314 | 272 | # Use uid of 67 if possible |
273 | if cut -f3 -d: \${PKG_INSTALL_ROOT}/etc/passwd | egrep '^'$SSHDGID'\$' >/dev/null | |
274 | then | |
275 | : | |
276 | else | |
277 | sshduid="-u $SSHDUID" | |
278 | fi | |
12408a1b | 279 | echo "Creating PrivSep user $SSH_PRIVSEP_USER." |
41b2f314 | 280 | \$chroot /usr/sbin/useradd -c 'SSHD PrivSep User' -s /bin/false -g $SSH_PRIVSEP_USER \$sshduid $SSH_PRIVSEP_USER |
281 | \$chroot /usr/bin/passwd -l $SSH_PRIVSEP_USER | |
12408a1b | 282 | fi |
41b2f314 | 283 | fi |
284 | ||
700318f3 | 285 | [ "\${POST_INS_START}" = "yes" ] && ${TEST_DIR}/etc/init.d/${SYSVINIT_NAME} start |
286 | exit 0 | |
287 | _EOF | |
288 | ||
289 | ## Build preremove file | |
290 | echo "Building preremove file..." | |
291 | cat > preremove << _EOF | |
292 | #! /sbin/sh | |
293 | # | |
294 | ${TEST_DIR}/etc/init.d/${SYSVINIT_NAME} stop | |
295 | exit 0 | |
296 | _EOF | |
297 | ||
298 | ## Build request file | |
299 | echo "Building request file..." | |
300 | cat > request << _EOF | |
301 | trap 'exit 3' 15 | |
302 | USE_SYM_LINKS=no | |
303 | PRE_INS_STOP=no | |
304 | POST_INS_START=no | |
305 | # Use symbolic links? | |
306 | ans=\`ckyorn -d n \ | |
307 | -p "Do you want symbolic links for the start/stop scripts? ${DEF_MSG}"\` || exit \$? | |
308 | case \$ans in | |
309 | [y,Y]*) USE_SYM_LINKS=yes ;; | |
310 | esac | |
311 | ||
312 | # determine if should restart the daemon | |
313 | if [ -s ${piddir}/sshd.pid -a -f ${TEST_DIR}/etc/init.d/${SYSVINIT_NAME} ] | |
314 | then | |
315 | ans=\`ckyorn -d n \ | |
316 | -p "Should the running sshd daemon be restarted? ${DEF_MSG}"\` || exit \$? | |
317 | case \$ans in | |
318 | [y,Y]*) PRE_INS_STOP=yes | |
319 | POST_INS_START=yes | |
320 | ;; | |
321 | esac | |
322 | ||
323 | else | |
324 | ||
325 | # determine if we should start sshd | |
326 | ans=\`ckyorn -d n \ | |
327 | -p "Start the sshd daemon after installing this package? ${DEF_MSG}"\` || exit \$? | |
328 | case \$ans in | |
329 | [y,Y]*) POST_INS_START=yes ;; | |
330 | esac | |
331 | fi | |
332 | ||
333 | # make parameters available to installation service, | |
334 | # and so to any other packaging scripts | |
335 | cat >\$1 <<! | |
336 | USE_SYM_LINKS='\$USE_SYM_LINKS' | |
337 | PRE_INS_STOP='\$PRE_INS_STOP' | |
338 | POST_INS_START='\$POST_INS_START' | |
339 | ! | |
340 | exit 0 | |
341 | ||
342 | _EOF | |
343 | ||
344 | ## Build space file | |
345 | echo "Building space file..." | |
346 | cat > space << _EOF | |
347 | # extra space required by start/stop links added by installf in postinstall | |
348 | $TEST_DIR/etc/rc0.d/K30${SYSVINIT_NAME} 0 1 | |
349 | $TEST_DIR/etc/rc1.d/K30${SYSVINIT_NAME} 0 1 | |
350 | $TEST_DIR/etc/rc2.d/S98${SYSVINIT_NAME} 0 1 | |
351 | _EOF | |
352 | [ "$RCS_D" = yes ] && \ | |
353 | echo "$TEST_DIR/etc/rcS.d/K30${SYSVINIT_NAME} 0 1" >> space | |
354 | ||
3c0ef626 | 355 | ## Next Build our prototype |
356 | echo "Building prototype file..." | |
700318f3 | 357 | cat >mk-proto.awk << _EOF |
358 | BEGIN { print "i pkginfo"; print "i preinstall"; \\ | |
359 | print "i postinstall"; print "i preremove"; \\ | |
360 | print "i request"; print "i space"; \\ | |
12408a1b | 361 | split("$SYSTEM_DIR",sys_files); } |
700318f3 | 362 | { |
363 | for (dir in sys_files) { if ( \$3 != sys_files[dir] ) | |
12408a1b | 364 | { \$5="root"; \$6="sys"; } |
365 | else | |
366 | { \$4="?"; \$5="?"; \$6="?"; break;} | |
700318f3 | 367 | } } |
368 | { print; } | |
369 | _EOF | |
370 | find . | egrep -v "prototype|pkginfo|mk-proto.awk" | sort | \ | |
371 | pkgproto $PROTO_ARGS | nawk -f mk-proto.awk > prototype | |
3c0ef626 | 372 | |
373 | ## Step back a directory and now build the package. | |
374 | echo "Building package.." | |
375 | cd .. | |
700318f3 | 376 | pkgmk -d ${FAKE_ROOT} -f $FAKE_ROOT/prototype -o |
377 | echo | pkgtrans -os ${FAKE_ROOT} ${START}/$PKGNAME-$UNAME_S-$ARCH-$VERSION.pkg | |
3c0ef626 | 378 | rm -rf $FAKE_ROOT |
700318f3 | 379 |