[gssapi-openssh.git] / openssh / contrib / solaris / buildpkg.sh

#!/bin/sh
#
# Fake Root Solaris/SVR4/SVR5 Build System - Prototype
#
# The following code has been provide under Public Domain License.  I really
# don't care what you use it for.  Just as long as you don't complain to me
# nor my employer if you break it. - Ben Lindstrom (mouring@eviladmin.org)
#
umask 022
#
# Options for building the package
# You can create a config.local with your customized options
#
# uncommenting TEST_DIR and using
# configure --prefix=/var/tmp --with-privsep-path=/var/tmp/empty
# and
# PKGNAME=tOpenSSH should allow testing a package without interfering
# with a real OpenSSH package on a system. This is not needed on systems
# that support the -R option to pkgadd.
#TEST_DIR=/var/tmp	# leave commented out for production build
PKGNAME=OpenSSH
SYSVINIT_NAME=opensshd
MAKE=${MAKE:="make"}
SSHDUID=67	# Default privsep uid
SSHDGID=67	# Default privsep gid
# uncomment these next three as needed
#PERMIT_ROOT_LOGIN=no
#X11_FORWARDING=yes
#USR_LOCAL_IS_SYMLINK=yes
# list of system directories we do NOT want to change owner/group/perms
# when installing our package
SYSTEM_DIR="/etc	\
/etc/init.d		\
/etc/rcS.d		\
/etc/rc0.d		\
/etc/rc1.d		\
/etc/rc2.d		\
/etc/opt		\
/opt			\
/opt/bin		\
/usr			\
/usr/bin		\
/usr/lib		\
/usr/sbin		\
/usr/share		\
/usr/share/man		\
/usr/share/man/man1	\
/usr/share/man/man8	\
/usr/local		\
/usr/local/bin		\
/usr/local/etc		\
/usr/local/libexec	\
/usr/local/man		\
/usr/local/man/man1	\
/usr/local/man/man8	\
/usr/local/sbin		\
/usr/local/share	\
/var			\
/var/opt		\
/var/run		\
/var/tmp		\
/tmp"

# We may need to build as root so we make sure PATH is set up
# only set the path if it's not set already
[ -d /usr/local/bin ]  &&  {
	echo $PATH | grep ":/usr/local/bin"  > /dev/null 2>&1
	[ $? -ne 0 ] && PATH=$PATH:/usr/local/bin
}
[ -d /usr/ccs/bin ]  &&  {
	echo $PATH | grep ":/usr/ccs/bin"  > /dev/null 2>&1
	[ $? -ne 0 ] && PATH=$PATH:/usr/ccs/bin
}
export PATH
#

[ -f Makefile ]  ||  {
	echo "Please run this script from your build directory"
	exit 1
}

# we will look for config.local to override the above options
[ -s ./config.local ]  &&  . ./config.local

## Start by faking root install
echo "Faking root install..."
START=`pwd`
OPENSSHD_IN=`dirname $0`/opensshd.in
FAKE_ROOT=$START/package
[ -d $FAKE_ROOT ]  &&  rm -fr $FAKE_ROOT
mkdir $FAKE_ROOT
${MAKE} install-nokeys DESTDIR=$FAKE_ROOT
if [ $? -gt 0 ]
then
	echo "Fake root install failed, stopping."
	exit 1
fi

## Fill in some details, like prefix and sysconfdir
for confvar in prefix exec_prefix bindir sbindir libexecdir datadir mandir sysconfdir piddir
do
	eval $confvar=`grep "^$confvar=" Makefile | cut -d = -f 2`
done


## Collect value of privsep user
for confvar in SSH_PRIVSEP_USER
do
	eval $confvar=`awk '/#define[ \t]'$confvar'/{print $3}' config.h`
done

## Set privsep defaults if not defined
if [ -z "$SSH_PRIVSEP_USER" ]
then
	SSH_PRIVSEP_USER=sshd
fi

## Extract common info requires for the 'info' part of the package.
VERSION=`./ssh -V 2>&1 | sed -e 's/,.*//'`

UNAME_S=`uname -s`
case ${UNAME_S} in
	SunOS)	UNAME_S=Solaris
		ARCH=`uname -p`
		RCS_D=yes
		DEF_MSG="(default: n)"
		;;
	*)	ARCH=`uname -m`
		DEF_MSG="\n" ;;
esac

## Setup our run level stuff while we are at it.
mkdir -p $FAKE_ROOT${TEST_DIR}/etc/init.d

## setup our initscript correctly
sed -e "s#%%configDir%%#${sysconfdir}#g" 	\
    -e "s#%%openSSHDir%%#$prefix#g"		\
    -e "s#%%pidDir%%#${piddir}#g"		\
	${OPENSSHD_IN}	> $FAKE_ROOT${TEST_DIR}/etc/init.d/${SYSVINIT_NAME}
chmod 744 $FAKE_ROOT${TEST_DIR}/etc/init.d/${SYSVINIT_NAME}

[ "${PERMIT_ROOT_LOGIN}" = no ]  &&  \
	perl -p -i -e "s/#PermitRootLogin yes/PermitRootLogin no/" \
		$FAKE_ROOT/${sysconfdir}/sshd_config
[ "${X11_FORWARDING}" = yes ]  &&  \
	perl -p -i -e "s/#X11Forwarding no/X11Forwarding yes/" \
		$FAKE_ROOT/${sysconfdir}/sshd_config
# fix PrintMotd
perl -p -i -e "s/#PrintMotd yes/PrintMotd no/" \
	$FAKE_ROOT/${sysconfdir}/sshd_config

# We don't want to overwrite config files on multiple installs
mv $FAKE_ROOT/${sysconfdir}/ssh_config $FAKE_ROOT/${sysconfdir}/ssh_config.default
mv $FAKE_ROOT/${sysconfdir}/sshd_config $FAKE_ROOT/${sysconfdir}/sshd_config.default
[ -f $FAKE_ROOT/${sysconfdir}/ssh_prng_cmds ]  &&  \
mv $FAKE_ROOT/${sysconfdir}/ssh_prng_cmds $FAKE_ROOT/${sysconfdir}/ssh_prng_cmds.default

cd $FAKE_ROOT

## Ok, this is outright wrong, but it will work.  I'm tired of pkgmk
## whining.
for i in *; do
  PROTO_ARGS="$PROTO_ARGS $i=/$i";
done

## Build info file
echo "Building pkginfo file..."
cat > pkginfo << _EOF
PKG=$PKGNAME
NAME="OpenSSH Portable for ${UNAME_S}"
DESC="Secure Shell remote access utility; replaces telnet and rlogin/rsh."
VENDOR="OpenSSH Portable Team - http://www.openssh.com/portable.html"
ARCH=$ARCH
VERSION=$VERSION
CATEGORY="Security,application"
BASEDIR=/
CLASSES="none"
_EOF

## Build preinstall file
echo "Building preinstall file..."
cat > preinstall << _EOF
#! /sbin/sh
#
[ "\${PRE_INS_STOP}" = "yes" ]  &&  ${TEST_DIR}/etc/init.d/${SYSVINIT_NAME} stop
exit 0
_EOF

## Build postinstall file
echo "Building postinstall file..."
cat > postinstall << _EOF
#! /sbin/sh
#
[ -f \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_config ]  ||  \\
	cp -p \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_config.default \\
		\${PKG_INSTALL_ROOT}${sysconfdir}/ssh_config
[ -f \${PKG_INSTALL_ROOT}${sysconfdir}/sshd_config ]  ||  \\
	cp -p \${PKG_INSTALL_ROOT}${sysconfdir}/sshd_config.default \\
		\${PKG_INSTALL_ROOT}${sysconfdir}/sshd_config
[ -f \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_prng_cmds.default ]  &&  {
	[ -f \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_prng_cmds ]  ||  \\
	cp -p \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_prng_cmds.default \\
		\${PKG_INSTALL_ROOT}${sysconfdir}/ssh_prng_cmds
}

# make rc?.d dirs only if we are doing a test install
[ -n "${TEST_DIR}" ]  &&  {
	[ "$RCS_D" = yes ]  &&  mkdir -p ${TEST_DIR}/etc/rcS.d
	mkdir -p ${TEST_DIR}/etc/rc0.d
	mkdir -p ${TEST_DIR}/etc/rc1.d
	mkdir -p ${TEST_DIR}/etc/rc2.d
}

if [ "\${USE_SYM_LINKS}" = yes ]
then
	[ "$RCS_D" = yes ]  &&  \
installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rcS.d/K30${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s
	installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc0.d/K30${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s
	installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc1.d/K30${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s
	installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc2.d/S98${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s
else
	[ "$RCS_D" = yes ]  &&  \
installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rcS.d/K30${SYSVINIT_NAME}=$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l
	installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc0.d/K30${SYSVINIT_NAME}=$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l
	installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc1.d/K30${SYSVINIT_NAME}=$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l
	installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc2.d/S98${SYSVINIT_NAME}=$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l
fi

# If piddir doesn't exist we add it. (Ie. --with-pid-dir=/var/opt/ssh)
[ -d $piddir ]  ||  installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR$piddir d 755 root sys

installf -f ${PKGNAME}

# Use chroot to handle PKG_INSTALL_ROOT
if [ ! -z "\${PKG_INSTALL_ROOT}" ]
then
	chroot="chroot \${PKG_INSTALL_ROOT}"
fi
# If this is a test build, we will skip the groupadd/useradd/passwd commands
if [ ! -z "${TEST_DIR}" ]
then
	chroot=echo
fi

if egrep '^[ \t]*UsePrivilegeSeparation[ \t]+no' \${PKG_INSTALL_ROOT}/$sysconfdir/sshd_config >/dev/null
then
	echo "UsePrivilegeSeparation disabled in config, not creating PrivSep user"
	echo "or group."
else
	echo "UsePrivilegeSeparation enabled in config (or defaulting to on)."

	# create group if required
	if cut -f1 -d: \${PKG_INSTALL_ROOT}/etc/group | egrep '^'$SSH_PRIVSEP_USER'\$' >/dev/null
	then
		echo "PrivSep group $SSH_PRIVSEP_USER already exists."
	else
		# Use gid of 67 if possible
		if cut -f3 -d: \${PKG_INSTALL_ROOT}/etc/group | egrep '^'$SSHDGID'\$' >/dev/null
		then
			:
		else
			sshdgid="-g $SSHDGID"
		fi
		echo "Creating PrivSep group $SSH_PRIVSEP_USER."
		\$chroot /usr/sbin/groupadd \$sshdgid $SSH_PRIVSEP_USER
	fi

	# Create user if required
	if cut -f1 -d: \${PKG_INSTALL_ROOT}/etc/passwd | egrep '^'$SSH_PRIVSEP_USER'\$' >/dev/null
	then
		echo "PrivSep user $SSH_PRIVSEP_USER already exists."
	else
		# Use uid of 67 if possible
		if cut -f3 -d: \${PKG_INSTALL_ROOT}/etc/passwd | egrep '^'$SSHDGID'\$' >/dev/null
		then
			:
		else
			sshduid="-u $SSHDUID"
		fi
		echo "Creating PrivSep user $SSH_PRIVSEP_USER."
		\$chroot /usr/sbin/useradd -c 'SSHD PrivSep User' -s /bin/false -g $SSH_PRIVSEP_USER \$sshduid $SSH_PRIVSEP_USER
		\$chroot /usr/bin/passwd -l $SSH_PRIVSEP_USER
	fi
fi

[ "\${POST_INS_START}" = "yes" ]  &&  ${TEST_DIR}/etc/init.d/${SYSVINIT_NAME} start
exit 0
_EOF

## Build preremove file
echo "Building preremove file..."
cat > preremove << _EOF
#! /sbin/sh
#
${TEST_DIR}/etc/init.d/${SYSVINIT_NAME} stop
exit 0
_EOF

## Build request file
echo "Building request file..."
cat > request << _EOF
trap 'exit 3' 15
USE_SYM_LINKS=no
PRE_INS_STOP=no
POST_INS_START=no
# Use symbolic links?
ans=\`ckyorn -d n \
-p "Do you want symbolic links for the start/stop scripts? ${DEF_MSG}"\` || exit \$?
case \$ans in
	[y,Y]*)	USE_SYM_LINKS=yes ;;
esac

# determine if should restart the daemon
if [ -s ${piddir}/sshd.pid  -a  -f ${TEST_DIR}/etc/init.d/${SYSVINIT_NAME} ]
then
	ans=\`ckyorn -d n \
-p "Should the running sshd daemon be restarted? ${DEF_MSG}"\` || exit \$?
	case \$ans in
		[y,Y]*)	PRE_INS_STOP=yes
			POST_INS_START=yes
			;;
	esac

else

# determine if we should start sshd
	ans=\`ckyorn -d n \
-p "Start the sshd daemon after installing this package? ${DEF_MSG}"\` || exit \$?
	case \$ans in
		[y,Y]*)	POST_INS_START=yes ;;
	esac
fi

# make parameters available to installation service,
# and so to any other packaging scripts
cat >\$1 <<!
USE_SYM_LINKS='\$USE_SYM_LINKS'
PRE_INS_STOP='\$PRE_INS_STOP'
POST_INS_START='\$POST_INS_START'
!
exit 0

_EOF

## Build space file
echo "Building space file..."
cat > space << _EOF
# extra space required by start/stop links added by installf in postinstall
$TEST_DIR/etc/rc0.d/K30${SYSVINIT_NAME} 0 1
$TEST_DIR/etc/rc1.d/K30${SYSVINIT_NAME} 0 1
$TEST_DIR/etc/rc2.d/S98${SYSVINIT_NAME} 0 1
_EOF
[ "$RCS_D" = yes ]  &&  \
echo "$TEST_DIR/etc/rcS.d/K30${SYSVINIT_NAME} 0 1" >> space

## Next Build our prototype
echo "Building prototype file..."
cat >mk-proto.awk << _EOF
	    BEGIN { print "i pkginfo"; print "i preinstall"; \\
		    print "i postinstall"; print "i preremove"; \\
		    print "i request"; print "i space"; \\
		    split("$SYSTEM_DIR",sys_files); }
	    {
	     for (dir in sys_files) { if ( \$3 != sys_files[dir] )
		     { \$5="root"; \$6="sys"; }
		else
		     { \$4="?"; \$5="?"; \$6="?"; break;}
	    } }
	    { print; }
_EOF
find . | egrep -v "prototype|pkginfo|mk-proto.awk" | sort | \
	pkgproto $PROTO_ARGS | nawk -f mk-proto.awk > prototype

# /usr/local is a symlink on some systems
[ "${USR_LOCAL_IS_SYMLINK}" = yes ]  &&  {
	grep -v "^d none /usr/local ? ? ?$" prototype > prototype.new
	mv prototype.new prototype
}

## Step back a directory and now build the package.
echo "Building package.."
cd ..
pkgmk -d ${FAKE_ROOT} -f $FAKE_ROOT/prototype -o
echo | pkgtrans -os ${FAKE_ROOT} ${START}/$PKGNAME-$UNAME_S-$ARCH-$VERSION.pkg
rm -rf $FAKE_ROOT
Commit	Line	Data
3c0ef626	1	#!/bin/sh
3c0ef626	2	#
2980ea68	3	# Fake Root Solaris/SVR4/SVR5 Build System - Prototype
3c0ef626	4	#
	5	# The following code has been provide under Public Domain License. I really
	6	# don't care what you use it for. Just as long as you don't complain to me
	7	# nor my employer if you break it. - Ben Lindstrom (mouring@eviladmin.org)
416fd2a8	8	#
3c0ef626	9	umask 022
2980ea68	10	#
	11	# Options for building the package
	12	# You can create a config.local with your customized options
	13	#
e54b3d7c	14	# uncommenting TEST_DIR and using
e54b3d7c	15	# configure --prefix=/var/tmp --with-privsep-path=/var/tmp/empty
416fd2a8	16	# and
2980ea68	17	# PKGNAME=tOpenSSH should allow testing a package without interfering
e54b3d7c	18	# with a real OpenSSH package on a system. This is not needed on systems
e54b3d7c	19	# that support the -R option to pkgadd.
2980ea68	20	#TEST_DIR=/var/tmp # leave commented out for production build
3c0ef626	21	PKGNAME=OpenSSH
2980ea68	22	SYSVINIT_NAME=opensshd
2980ea68	23	MAKE=${MAKE:="make"}
e54b3d7c	24	SSHDUID=67 # Default privsep uid
e54b3d7c	25	SSHDGID=67 # Default privsep gid
416fd2a8	26	# uncomment these next three as needed
2980ea68	27	#PERMIT_ROOT_LOGIN=no
2980ea68	28	#X11_FORWARDING=yes
416fd2a8	29	#USR_LOCAL_IS_SYMLINK=yes
2980ea68	30	# list of system directories we do NOT want to change owner/group/perms
	31	# when installing our package
	32	SYSTEM_DIR="/etc \
	33	/etc/init.d \
	34	/etc/rcS.d \
	35	/etc/rc0.d \
	36	/etc/rc1.d \
	37	/etc/rc2.d \
	38	/etc/opt \
	39	/opt \
	40	/opt/bin \
	41	/usr \
	42	/usr/bin \
	43	/usr/lib \
	44	/usr/sbin \
	45	/usr/share \
	46	/usr/share/man \
	47	/usr/share/man/man1 \
	48	/usr/share/man/man8 \
	49	/usr/local \
	50	/usr/local/bin \
	51	/usr/local/etc \
	52	/usr/local/libexec \
	53	/usr/local/man \
	54	/usr/local/man/man1 \
	55	/usr/local/man/man8 \
	56	/usr/local/sbin \
	57	/usr/local/share \
	58	/var \
	59	/var/opt \
	60	/var/run \
	61	/var/tmp \
	62	/tmp"
3c0ef626	63
e54b3d7c	64	# We may need to build as root so we make sure PATH is set up
2980ea68	65	# only set the path if it's not set already
	66	[ -d /usr/local/bin ] && {
	67	echo $PATH \| grep ":/usr/local/bin" > /dev/null 2>&1
	68	[ $? -ne 0 ] && PATH=$PATH:/usr/local/bin
	69	}
	70	[ -d /usr/ccs/bin ] && {
	71	echo $PATH \| grep ":/usr/ccs/bin" > /dev/null 2>&1
	72	[ $? -ne 0 ] && PATH=$PATH:/usr/ccs/bin
	73	}
	74	export PATH
	75	#
	76
	77	[ -f Makefile ] \|\| {
	78	echo "Please run this script from your build directory"
	79	exit 1
	80	}
	81
	82	# we will look for config.local to override the above options
	83	[ -s ./config.local ] && . ./config.local
3c0ef626	84
416fd2a8	85	## Start by faking root install
3c0ef626	86	echo "Faking root install..."
3c0ef626	87	START=`pwd`
2980ea68	88	OPENSSHD_IN=`dirname $0`/opensshd.in
3c0ef626	89	FAKE_ROOT=$START/package
2980ea68	90	[ -d $FAKE_ROOT ] && rm -fr $FAKE_ROOT
3c0ef626	91	mkdir $FAKE_ROOT
2980ea68	92	${MAKE} install-nokeys DESTDIR=$FAKE_ROOT
	93	if [ $? -gt 0 ]
	94	then
	95	echo "Fake root install failed, stopping."
	96	exit 1
	97	fi
3c0ef626	98
3c0ef626	99	## Fill in some details, like prefix and sysconfdir
2980ea68	100	for confvar in prefix exec_prefix bindir sbindir libexecdir datadir mandir sysconfdir piddir
2980ea68	101	do
416fd2a8	102	eval $confvar=`grep "^$confvar=" Makefile \| cut -d = -f 2`
2980ea68	103	done
3c0ef626	104
e54b3d7c	105
	106	## Collect value of privsep user
	107	for confvar in SSH_PRIVSEP_USER
	108	do
416fd2a8	109	eval $confvar=`awk '/#define[ \t]'$confvar'/{print $3}' config.h`
e54b3d7c	110	done
	111
	112	## Set privsep defaults if not defined
	113	if [ -z "$SSH_PRIVSEP_USER" ]
	114	then
416fd2a8	115	SSH_PRIVSEP_USER=sshd
e54b3d7c	116	fi
e54b3d7c	117
2980ea68	118	## Extract common info requires for the 'info' part of the package.
2980ea68	119	VERSION=`./ssh -V 2>&1 \| sed -e 's/,.*//'`
3c0ef626	120
2980ea68	121	UNAME_S=`uname -s`
	122	case ${UNAME_S} in
	123	SunOS) UNAME_S=Solaris
	124	ARCH=`uname -p`
	125	RCS_D=yes
	126	DEF_MSG="(default: n)"
	127	;;
e54b3d7c	128	*) ARCH=`uname -m`
e54b3d7c	129	DEF_MSG="\n" ;;
2980ea68	130	esac
	131
	132	## Setup our run level stuff while we are at it.
	133	mkdir -p $FAKE_ROOT${TEST_DIR}/etc/init.d
3c0ef626	134
3c0ef626	135	## setup our initscript correctly
2980ea68	136	sed -e "s#%%configDir%%#${sysconfdir}#g" \
	137	-e "s#%%openSSHDir%%#$prefix#g" \
	138	-e "s#%%pidDir%%#${piddir}#g" \
	139	${OPENSSHD_IN} > $FAKE_ROOT${TEST_DIR}/etc/init.d/${SYSVINIT_NAME}
	140	chmod 744 $FAKE_ROOT${TEST_DIR}/etc/init.d/${SYSVINIT_NAME}
3c0ef626	141
2980ea68	142	[ "${PERMIT_ROOT_LOGIN}" = no ] && \
	143	perl -p -i -e "s/#PermitRootLogin yes/PermitRootLogin no/" \
	144	$FAKE_ROOT/${sysconfdir}/sshd_config
	145	[ "${X11_FORWARDING}" = yes ] && \
	146	perl -p -i -e "s/#X11Forwarding no/X11Forwarding yes/" \
	147	$FAKE_ROOT/${sysconfdir}/sshd_config
	148	# fix PrintMotd
	149	perl -p -i -e "s/#PrintMotd yes/PrintMotd no/" \
	150	$FAKE_ROOT/${sysconfdir}/sshd_config
3c0ef626	151
2980ea68	152	# We don't want to overwrite config files on multiple installs
	153	mv $FAKE_ROOT/${sysconfdir}/ssh_config $FAKE_ROOT/${sysconfdir}/ssh_config.default
	154	mv $FAKE_ROOT/${sysconfdir}/sshd_config $FAKE_ROOT/${sysconfdir}/sshd_config.default
	155	[ -f $FAKE_ROOT/${sysconfdir}/ssh_prng_cmds ] && \
	156	mv $FAKE_ROOT/${sysconfdir}/ssh_prng_cmds $FAKE_ROOT/${sysconfdir}/ssh_prng_cmds.default
	157
	158	cd $FAKE_ROOT
3c0ef626	159
	160	## Ok, this is outright wrong, but it will work. I'm tired of pkgmk
	161	## whining.
	162	for i in *; do
	163	PROTO_ARGS="$PROTO_ARGS $i=/$i";
	164	done
	165
	166	## Build info file
	167	echo "Building pkginfo file..."
	168	cat > pkginfo << _EOF
	169	PKG=$PKGNAME
2980ea68	170	NAME="OpenSSH Portable for ${UNAME_S}"
3c0ef626	171	DESC="Secure Shell remote access utility; replaces telnet and rlogin/rsh."
3c0ef626	172	VENDOR="OpenSSH Portable Team - http://www.openssh.com/portable.html"
3c0ef626	173	ARCH=$ARCH
3c0ef626	174	VERSION=$VERSION
2980ea68	175	CATEGORY="Security,application"
3c0ef626	176	BASEDIR=/
2980ea68	177	CLASSES="none"
	178	_EOF
	179
	180	## Build preinstall file
	181	echo "Building preinstall file..."
	182	cat > preinstall << _EOF
	183	#! /sbin/sh
	184	#
	185	[ "\${PRE_INS_STOP}" = "yes" ] && ${TEST_DIR}/etc/init.d/${SYSVINIT_NAME} stop
	186	exit 0
3c0ef626	187	_EOF
3c0ef626	188
2980ea68	189	## Build postinstall file
	190	echo "Building postinstall file..."
	191	cat > postinstall << _EOF
	192	#! /sbin/sh
	193	#
e54b3d7c	194	[ -f \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_config ] \|\| \\
	195	cp -p \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_config.default \\
	196	\${PKG_INSTALL_ROOT}${sysconfdir}/ssh_config
	197	[ -f \${PKG_INSTALL_ROOT}${sysconfdir}/sshd_config ] \|\| \\
	198	cp -p \${PKG_INSTALL_ROOT}${sysconfdir}/sshd_config.default \\
	199	\${PKG_INSTALL_ROOT}${sysconfdir}/sshd_config
	200	[ -f \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_prng_cmds.default ] && {
	201	[ -f \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_prng_cmds ] \|\| \\
	202	cp -p \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_prng_cmds.default \\
	203	\${PKG_INSTALL_ROOT}${sysconfdir}/ssh_prng_cmds
2980ea68	204	}
	205
	206	# make rc?.d dirs only if we are doing a test install
	207	[ -n "${TEST_DIR}" ] && {
	208	[ "$RCS_D" = yes ] && mkdir -p ${TEST_DIR}/etc/rcS.d
	209	mkdir -p ${TEST_DIR}/etc/rc0.d
	210	mkdir -p ${TEST_DIR}/etc/rc1.d
	211	mkdir -p ${TEST_DIR}/etc/rc2.d
	212	}
	213
	214	if [ "\${USE_SYM_LINKS}" = yes ]
	215	then
	216	[ "$RCS_D" = yes ] && \
e54b3d7c	217	installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rcS.d/K30${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s
	218	installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc0.d/K30${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s
	219	installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc1.d/K30${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s
	220	installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc2.d/S98${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s
2980ea68	221	else
2980ea68	222	[ "$RCS_D" = yes ] && \
e54b3d7c	223	installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rcS.d/K30${SYSVINIT_NAME}=$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l
	224	installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc0.d/K30${SYSVINIT_NAME}=$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l
	225	installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc1.d/K30${SYSVINIT_NAME}=$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l
	226	installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc2.d/S98${SYSVINIT_NAME}=$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l
2980ea68	227	fi
	228
	229	# If piddir doesn't exist we add it. (Ie. --with-pid-dir=/var/opt/ssh)
e54b3d7c	230	[ -d $piddir ] \|\| installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR$piddir d 755 root sys
2980ea68	231
	232	installf -f ${PKGNAME}
	233
e54b3d7c	234	# Use chroot to handle PKG_INSTALL_ROOT
	235	if [ ! -z "\${PKG_INSTALL_ROOT}" ]
	236	then
	237	chroot="chroot \${PKG_INSTALL_ROOT}"
	238	fi
	239	# If this is a test build, we will skip the groupadd/useradd/passwd commands
	240	if [ ! -z "${TEST_DIR}" ]
	241	then
	242	chroot=echo
	243	fi
	244
	245	if egrep '^[ \t]*UsePrivilegeSeparation[ \t]+no' \${PKG_INSTALL_ROOT}/$sysconfdir/sshd_config >/dev/null
	246	then
416fd2a8	247	echo "UsePrivilegeSeparation disabled in config, not creating PrivSep user"
416fd2a8	248	echo "or group."
e54b3d7c	249	else
416fd2a8	250	echo "UsePrivilegeSeparation enabled in config (or defaulting to on)."
e54b3d7c	251
416fd2a8	252	# create group if required
	253	if cut -f1 -d: \${PKG_INSTALL_ROOT}/etc/group \| egrep '^'$SSH_PRIVSEP_USER'\$' >/dev/null
	254	then
	255	echo "PrivSep group $SSH_PRIVSEP_USER already exists."
	256	else
e54b3d7c	257	# Use gid of 67 if possible
	258	if cut -f3 -d: \${PKG_INSTALL_ROOT}/etc/group \| egrep '^'$SSHDGID'\$' >/dev/null
	259	then
	260	:
	261	else
	262	sshdgid="-g $SSHDGID"
	263	fi
416fd2a8	264	echo "Creating PrivSep group $SSH_PRIVSEP_USER."
	265	\$chroot /usr/sbin/groupadd \$sshdgid $SSH_PRIVSEP_USER
	266	fi
	267
	268	# Create user if required
	269	if cut -f1 -d: \${PKG_INSTALL_ROOT}/etc/passwd \| egrep '^'$SSH_PRIVSEP_USER'\$' >/dev/null
	270	then
	271	echo "PrivSep user $SSH_PRIVSEP_USER already exists."
	272	else
e54b3d7c	273	# Use uid of 67 if possible
	274	if cut -f3 -d: \${PKG_INSTALL_ROOT}/etc/passwd \| egrep '^'$SSHDGID'\$' >/dev/null
	275	then
	276	:
	277	else
	278	sshduid="-u $SSHDUID"
	279	fi
416fd2a8	280	echo "Creating PrivSep user $SSH_PRIVSEP_USER."
e54b3d7c	281	\$chroot /usr/sbin/useradd -c 'SSHD PrivSep User' -s /bin/false -g $SSH_PRIVSEP_USER \$sshduid $SSH_PRIVSEP_USER
e54b3d7c	282	\$chroot /usr/bin/passwd -l $SSH_PRIVSEP_USER
416fd2a8	283	fi
e54b3d7c	284	fi
e54b3d7c	285
2980ea68	286	[ "\${POST_INS_START}" = "yes" ] && ${TEST_DIR}/etc/init.d/${SYSVINIT_NAME} start
	287	exit 0
	288	_EOF
	289
	290	## Build preremove file
	291	echo "Building preremove file..."
	292	cat > preremove << _EOF
	293	#! /sbin/sh
	294	#
	295	${TEST_DIR}/etc/init.d/${SYSVINIT_NAME} stop
	296	exit 0
	297	_EOF
	298
	299	## Build request file
	300	echo "Building request file..."
	301	cat > request << _EOF
	302	trap 'exit 3' 15
	303	USE_SYM_LINKS=no
	304	PRE_INS_STOP=no
	305	POST_INS_START=no
	306	# Use symbolic links?
	307	ans=\`ckyorn -d n \
	308	-p "Do you want symbolic links for the start/stop scripts? ${DEF_MSG}"\` \|\| exit \$?
	309	case \$ans in
	310	[y,Y]*) USE_SYM_LINKS=yes ;;
	311	esac
	312
	313	# determine if should restart the daemon
	314	if [ -s ${piddir}/sshd.pid -a -f ${TEST_DIR}/etc/init.d/${SYSVINIT_NAME} ]
	315	then
	316	ans=\`ckyorn -d n \
	317	-p "Should the running sshd daemon be restarted? ${DEF_MSG}"\` \|\| exit \$?
	318	case \$ans in
	319	[y,Y]*) PRE_INS_STOP=yes
	320	POST_INS_START=yes
	321	;;
	322	esac
	323
	324	else
	325
	326	# determine if we should start sshd
	327	ans=\`ckyorn -d n \
	328	-p "Start the sshd daemon after installing this package? ${DEF_MSG}"\` \|\| exit \$?
	329	case \$ans in
	330	[y,Y]*) POST_INS_START=yes ;;
	331	esac
	332	fi
	333
	334	# make parameters available to installation service,
	335	# and so to any other packaging scripts
	336	cat >\$1 <<!
	337	USE_SYM_LINKS='\$USE_SYM_LINKS'
	338	PRE_INS_STOP='\$PRE_INS_STOP'
	339	POST_INS_START='\$POST_INS_START'
	340	!
	341	exit 0
	342
	343	_EOF
	344
	345	## Build space file
	346	echo "Building space file..."
	347	cat > space << _EOF
	348	# extra space required by start/stop links added by installf in postinstall
	349	$TEST_DIR/etc/rc0.d/K30${SYSVINIT_NAME} 0 1
350	$TEST_DIR/etc/rc1.d/K30${SYSVINIT_NAME} 0 1
351	$TEST_DIR/etc/rc2.d/S98${SYSVINIT_NAME} 0 1
352	_EOF
353	[ "$RCS_D" = yes ] && \
354	echo "$TEST_DIR/etc/rcS.d/K30${SYSVINIT_NAME} 0 1" >> space
355
3c0ef626	356	## Next Build our prototype
3c0ef626	357	echo "Building prototype file..."
2980ea68	358	cat >mk-proto.awk << _EOF
	359	BEGIN { print "i pkginfo"; print "i preinstall"; \\
	360	print "i postinstall"; print "i preremove"; \\
	361	print "i request"; print "i space"; \\
416fd2a8	362	split("$SYSTEM_DIR",sys_files); }
2980ea68	363	{
2980ea68	364	for (dir in sys_files) { if ( \$3 != sys_files[dir] )
416fd2a8	365	{ \$5="root"; \$6="sys"; }
	366	else
	367	{ \$4="?"; \$5="?"; \$6="?"; break;}
2980ea68	368	} }
	369	{ print; }
	370	_EOF
	371	find . \| egrep -v "prototype\|pkginfo\|mk-proto.awk" \| sort \| \
	372	pkgproto $PROTO_ARGS \| nawk -f mk-proto.awk > prototype
3c0ef626	373
416fd2a8	374	# /usr/local is a symlink on some systems
	375	[ "${USR_LOCAL_IS_SYMLINK}" = yes ] && {
	376	grep -v "^d none /usr/local ? ? ?$" prototype > prototype.new
	377	mv prototype.new prototype
	378	}
	379
3c0ef626	380	## Step back a directory and now build the package.
	381	echo "Building package.."
	382	cd ..
2980ea68	383	pkgmk -d ${FAKE_ROOT} -f $FAKE_ROOT/prototype -o
2980ea68	384	echo \| pkgtrans -os ${FAKE_ROOT} ${START}/$PKGNAME-$UNAME_S-$ARCH-$VERSION.pkg
3c0ef626	385	rm -rf $FAKE_ROOT
2980ea68	386