[gssapi-openssh.git] / openssh / contrib / aix / buildbff.sh

#!/bin/sh
#
# buildbff.sh: Create AIX SMIT-installable OpenSSH packages
#
# Author: Darren Tucker (dtucker at zip dot com dot au)
# This file is placed in the public domain and comes with absolutely
# no warranty.
# 
# Based originally on Ben Lindstrom's buildpkg.sh for Solaris
#

#
# Tunable configuration settings
# 	create a "config.local" in your build directory to override these.
#
PERMIT_ROOT_LOGIN=no
X11_FORWARDING=no

umask 022

startdir=`pwd`

# Path to inventory.sh: same place as buildbff.sh
if  echo $0 | egrep '^/'
then
	inventory=`dirname $0`/inventory.sh		# absolute path
else
	inventory=`pwd`/`dirname $0`/inventory.sh	# relative path
fi

#
# We still support running from contrib/aix, but this is depreciated
#
if pwd | egrep 'contrib/aix$'
then
	echo "Changing directory to `pwd`/../.."
	echo "Please run buildbff.sh from your build directory in future."
	cd ../..
	contribaix=1
fi

if [ ! -f Makefile ]
then
	echo "Makefile not found (did you run configure?)"
	exit 1 
fi

#
# Directories used during build:
# current dir = $objdir		directory you ran ./configure in.
# $objdir/$PKGDIR/ 		directory package files are constructed in
# $objdir/$PKGDIR/root/		package root ($FAKE_ROOT)
#
objdir=`pwd`
PKGNAME=openssh
PKGDIR=package

#
# Collect local configuration settings to override defaults
#
if [ -s ./config.local ]
then
	echo Reading local settings from config.local
	. ./config.local
fi

#
# Fill in some details from Makefile, like prefix and sysconfdir
#	the eval also expands variables like sysconfdir=${prefix}/etc
#	provided they are eval'ed in the correct order
#
for confvar in prefix exec_prefix bindir sbindir libexecdir datadir mandir mansubdir sysconfdir piddir srcdir
do
	eval $confvar=`grep "^$confvar=" $objdir/Makefile | cut -d = -f 2`
done

#
# Collect values of privsep user and privsep path
#	currently only found in config.h
#
for confvar in SSH_PRIVSEP_USER PRIVSEP_PATH
do
	eval $confvar=`awk '/#define[ \t]'$confvar'/{print $3}' $objdir/config.h`
done

# Set privsep defaults if not defined
if [ -z "$SSH_PRIVSEP_USER" ]
then
	SSH_PRIVSEP_USER=sshd
fi
if [ -z "$PRIVSEP_PATH" ]
then
	PRIVSEP_PATH=/var/empty
fi

# Clean package build directory 
rm -rf $objdir/$PKGDIR
FAKE_ROOT=$objdir/$PKGDIR/root
mkdir -p $FAKE_ROOT

# Start by faking root install 
echo "Faking root install..."
cd $objdir
make install-nokeys DESTDIR=$FAKE_ROOT

if [ $? -gt 0 ]
then
	echo "Fake root install failed, stopping."
	exit 1
fi

#
# Copy informational files to include in package
#
cp $srcdir/LICENCE $objdir/$PKGDIR/
cp $srcdir/README* $objdir/$PKGDIR/

#
# Extract common info requires for the 'info' part of the package.
#	AIX requires 4-part version numbers
#
VERSION=`./ssh -V 2>&1 | sed -e 's/,.*//' | cut -f 2 -d _`
MAJOR=`echo $VERSION | cut -f 1 -d p | cut -f 1 -d .`
MINOR=`echo $VERSION | cut -f 1 -d p | cut -f 2 -d .`
PATCH=`echo $VERSION | cut -f 1 -d p | cut -f 3 -d .`
PORTABLE=`echo $VERSION | awk 'BEGIN{FS="p"}{print $2}'`
[ "$PATCH" = "" ] && PATCH=0
[ "$PORTABLE" = "" ] && PORTABLE=0
BFFVERSION=`printf "%d.%d.%d.%d" $MAJOR $MINOR $PATCH $PORTABLE`

echo "Building BFF for $PKGNAME $VERSION (package version $BFFVERSION)"

#
# Set ssh and sshd parameters as per config.local
#
if [ "${PERMIT_ROOT_LOGIN}" = no ] 
then
        perl -p -i -e "s/#PermitRootLogin yes/PermitRootLogin no/" \
                $FAKE_ROOT/${sysconfdir}/sshd_config
fi
if [ "${X11_FORWARDING}" = yes ]
then
        perl -p -i -e "s/#X11Forwarding no/X11Forwarding yes/" \
                $FAKE_ROOT/${sysconfdir}/sshd_config
fi


# Rename config files; postinstall script will copy them if necessary
for cfgfile in ssh_config sshd_config ssh_prng_cmds
do
	mv $FAKE_ROOT/$sysconfdir/$cfgfile $FAKE_ROOT/$sysconfdir/$cfgfile.default
done

#
# Generate lpp control files.
#	working dir is $FAKE_ROOT but files are generated in dir above
#	and moved into place just before creation of .bff
#
cd $FAKE_ROOT
echo Generating LPP control files
find . ! -name . -print >../openssh.al
$inventory >../openssh.inventory

cat <<EOD >../openssh.copyright
This software is distributed under a BSD-style license.
For the full text of the license, see /usr/lpp/openssh/LICENCE
EOD

#
# Create postinstall script
#
cat <<EOF >>../openssh.post_i
#!/bin/sh

echo Creating configs from defaults if necessary.
for cfgfile in ssh_config sshd_config ssh_prng_cmds
do
        if [ ! -f $sysconfdir/\$cfgfile ]
        then
                echo "Creating \$cfgfile from default"
                cp $sysconfdir/\$cfgfile.default $sysconfdir/\$cfgfile
        else
                echo "\$cfgfile already exists."
        fi
done
echo

# Create PrivSep user if PrivSep not disabled in config
echo Creating PrivSep prereqs if required.
if egrep '^[ \t]*UsePrivilegeSeparation[ \t]+no' $sysconfdir/sshd_config >/dev/null
then
	echo "UsePrivilegeSeparation disabled in config, not creating PrivSep user,"
	echo "group or chroot directory."
else
	echo "UsePrivilegeSeparation enabled in config (or defaulting to on)."

	# create group if required
	if cut -f1 -d: /etc/group | egrep '^'$SSH_PRIVSEP_USER'\$' >/dev/null
	then
		echo "PrivSep group $SSH_PRIVSEP_USER already exists."
	else
		echo "Creating PrivSep group $SSH_PRIVSEP_USER."
		mkgroup -A $SSH_PRIVSEP_USER
	fi

	# Create user if required
	if cut -f1 -d: /etc/passwd | egrep '^'$SSH_PRIVSEP_USER'\$' >/dev/null
	then
		echo "PrivSep user $SSH_PRIVSEP_USER already exists."
	else
		echo "Creating PrivSep user $SSH_PRIVSEP_USER."
		mkuser gecos='SSHD PrivSep User' login=false rlogin=false account_locked=true pgrp=$SSH_PRIVSEP_USER $SSH_PRIVSEP_USER
	fi

	# create chroot directory if required
	if [ -d $PRIVSEP_PATH ]
	then
		echo "PrivSep chroot directory $PRIVSEP_PATH already exists."
	else
		echo "Creating PrivSep chroot directory $PRIVSEP_PATH."
		mkdir $PRIVSEP_PATH
		chown 0 $PRIVSEP_PATH
		chgrp 0 $PRIVSEP_PATH
		chmod 755 $PRIVSEP_PATH
	fi
fi
echo

# Generate keys unless they already exist
echo Creating host keys if required.
if [ -f "$sysconfdir/ssh_host_key" ] ; then
        echo "$sysconfdir/ssh_host_key already exists, skipping."
else
        $bindir/ssh-keygen -t rsa1 -f $sysconfdir/ssh_host_key -N ""
fi
if [ -f $sysconfdir/ssh_host_dsa_key ] ; then
        echo "$sysconfdir/ssh_host_dsa_key already exists, skipping."
else
        $bindir/ssh-keygen -t dsa -f $sysconfdir/ssh_host_dsa_key -N ""
fi
if [ -f $sysconfdir/ssh_host_rsa_key ] ; then
        echo "$sysconfdir/ssh_host_rsa_key already exists, skipping."
else 
        $bindir/ssh-keygen -t rsa -f $sysconfdir/ssh_host_rsa_key -N ""
fi
echo

# Add to system startup if required
if grep $sbindir/sshd /etc/rc.tcpip >/dev/null
then
        echo "sshd found in rc.tcpip, not adding."
else
        echo >>/etc/rc.tcpip
        echo "echo Starting sshd" >>/etc/rc.tcpip
        echo "$sbindir/sshd" >>/etc/rc.tcpip
fi
EOF

#
# Create liblpp.a and move control files into it
#
echo Creating liblpp.a
(
	cd ..
	for i in openssh.al openssh.copyright openssh.inventory openssh.post_i LICENCE README*
	do
		ar -r liblpp.a $i
		rm $i
	done
)

#
# Create lpp_name
#
# This will end up looking something like:
# 4 R I OpenSSH {
# OpenSSH 3.0.2.1 1 N U en_US OpenSSH 3.0.2p1 Portable for AIX
# [
# %
# /usr/local/bin 8073
# /usr/local/etc 189
# /usr/local/libexec 185
# /usr/local/man/man1 145
# /usr/local/man/man8 83
# /usr/local/sbin 2105
# /usr/local/share 3
# %
# ]
# }

echo Creating lpp_name
cat <<EOF >../lpp_name
4 R I $PKGNAME {
$PKGNAME $BFFVERSION 1 N U en_US OpenSSH $VERSION Portable for AIX
[
%
EOF

for i in $bindir $sysconfdir $libexecdir $mandir/${mansubdir}1 $mandir/${mansubdir}8 $sbindir $datadir /usr/lpp/openssh
do
	# get size in 512 byte blocks
	if [ -d $FAKE_ROOT/$i ]
	then
		size=`du $FAKE_ROOT/$i | awk '{print $1}'`
		echo "$i $size" >>../lpp_name
	fi
done

echo '%' >>../lpp_name
echo ']' >>../lpp_name
echo '}' >>../lpp_name

#
# Move pieces into place
#
mkdir -p usr/lpp/openssh
mv ../liblpp.a usr/lpp/openssh
mv ../lpp_name .

#
# Now invoke backup to create .bff file
#	note: lpp_name needs to be the first file so we generate the
#	file list on the fly and feed it to backup using -i
#
echo Creating $PKGNAME-$VERSION.bff with backup...
rm -f $PKGNAME-$VERSION.bff
(
	echo "./lpp_name"
	find . ! -name lpp_name -a ! -name . -print 
) | backup  -i -q -f ../$PKGNAME-$VERSION.bff $filelist

#
# Move package into final location and clean up
#
mv ../$PKGNAME-$VERSION.bff $startdir
cd $startdir
rm -rf $objdir/$PKGDIR

echo $0: done.
Commit	Line	Data
e9a17296	1	#!/bin/sh
	2	#
	3	# buildbff.sh: Create AIX SMIT-installable OpenSSH packages
	4	#
	5	# Author: Darren Tucker (dtucker at zip dot com dot au)
	6	# This file is placed in the public domain and comes with absolutely
	7	# no warranty.
	8	#
	9	# Based originally on Ben Lindstrom's buildpkg.sh for Solaris
	10	#
	11
680cee3b	12	#
	13	# Tunable configuration settings
	14	# create a "config.local" in your build directory to override these.
	15	#
	16	PERMIT_ROOT_LOGIN=no
	17	X11_FORWARDING=no
	18
e9a17296	19	umask 022
680cee3b	20
41b2f314	21	startdir=`pwd`
	22
	23	# Path to inventory.sh: same place as buildbff.sh
	24	if echo $0 \| egrep '^/'
	25	then
	26	inventory=`dirname $0`/inventory.sh # absolute path
	27	else
	28	inventory=`pwd`/`dirname $0`/inventory.sh # relative path
	29	fi
	30
680cee3b	31	#
	32	# We still support running from contrib/aix, but this is depreciated
	33	#
	34	if pwd \| egrep 'contrib/aix$'
	35	then
	36	echo "Changing directory to `pwd`/../.."
	37	echo "Please run buildbff.sh from your build directory in future."
	38	cd ../..
	39	contribaix=1
	40	fi
	41
	42	if [ ! -f Makefile ]
	43	then
	44	echo "Makefile not found (did you run configure?)"
	45	exit 1
	46	fi
	47
	48	#
	49	# Directories used during build:
	50	# current dir = $objdir directory you ran ./configure in.
	51	# $objdir/$PKGDIR/ directory package files are constructed in
	52	# $objdir/$PKGDIR/root/ package root ($FAKE_ROOT)
	53	#
	54	objdir=`pwd`
e9a17296	55	PKGNAME=openssh
700318f3	56	PKGDIR=package
e9a17296	57
680cee3b	58	#
	59	# Collect local configuration settings to override defaults
	60	#
	61	if [ -s ./config.local ]
	62	then
	63	echo Reading local settings from config.local
	64	. ./config.local
	65	fi
	66
	67	#
	68	# Fill in some details from Makefile, like prefix and sysconfdir
	69	# the eval also expands variables like sysconfdir=${prefix}/etc
	70	# provided they are eval'ed in the correct order
	71	#
	72	for confvar in prefix exec_prefix bindir sbindir libexecdir datadir mandir mansubdir sysconfdir piddir srcdir
	73	do
	74	eval $confvar=`grep "^$confvar=" $objdir/Makefile \| cut -d = -f 2`
	75	done
	76
	77	#
	78	# Collect values of privsep user and privsep path
	79	# currently only found in config.h
	80	#
	81	for confvar in SSH_PRIVSEP_USER PRIVSEP_PATH
	82	do
	83	eval $confvar=`awk '/#define[ \t]'$confvar'/{print $3}' $objdir/config.h`
	84	done
e9a17296	85
680cee3b	86	# Set privsep defaults if not defined
680cee3b	87	if [ -z "$SSH_PRIVSEP_USER" ]
e9a17296	88	then
680cee3b	89	SSH_PRIVSEP_USER=sshd
	90	fi
	91	if [ -z "$PRIVSEP_PATH" ]
	92	then
	93	PRIVSEP_PATH=/var/empty
e9a17296	94	fi
e9a17296	95
680cee3b	96	# Clean package build directory
	97	rm -rf $objdir/$PKGDIR
	98	FAKE_ROOT=$objdir/$PKGDIR/root
	99	mkdir -p $FAKE_ROOT
	100
	101	# Start by faking root install
e9a17296	102	echo "Faking root install..."
680cee3b	103	cd $objdir
e9a17296	104	make install-nokeys DESTDIR=$FAKE_ROOT
e9a17296	105
700318f3	106	if [ $? -gt 0 ]
	107	then
	108	echo "Fake root install failed, stopping."
	109	exit 1
	110	fi
	111
680cee3b	112	#
	113	# Copy informational files to include in package
	114	#
	115	cp $srcdir/LICENCE $objdir/$PKGDIR/
	116	cp $srcdir/README* $objdir/$PKGDIR/
	117
700318f3	118	#
	119	# Extract common info requires for the 'info' part of the package.
	120	# AIX requires 4-part version numbers
	121	#
	122	VERSION=`./ssh -V 2>&1 \| sed -e 's/,.*//' \| cut -f 2 -d _`
	123	MAJOR=`echo $VERSION \| cut -f 1 -d p \| cut -f 1 -d .`
	124	MINOR=`echo $VERSION \| cut -f 1 -d p \| cut -f 2 -d .`
	125	PATCH=`echo $VERSION \| cut -f 1 -d p \| cut -f 3 -d .`
680cee3b	126	PORTABLE=`echo $VERSION \| awk 'BEGIN{FS="p"}{print $2}'`
	127	[ "$PATCH" = "" ] && PATCH=0
	128	[ "$PORTABLE" = "" ] && PORTABLE=0
700318f3	129	BFFVERSION=`printf "%d.%d.%d.%d" $MAJOR $MINOR $PATCH $PORTABLE`
	130
	131	echo "Building BFF for $PKGNAME $VERSION (package version $BFFVERSION)"
	132
e9a17296	133	#
680cee3b	134	# Set ssh and sshd parameters as per config.local
e9a17296	135	#
680cee3b	136	if [ "${PERMIT_ROOT_LOGIN}" = no ]
	137	then
	138	perl -p -i -e "s/#PermitRootLogin yes/PermitRootLogin no/" \
	139	$FAKE_ROOT/${sysconfdir}/sshd_config
	140	fi
	141	if [ "${X11_FORWARDING}" = yes ]
	142	then
	143	perl -p -i -e "s/#X11Forwarding no/X11Forwarding yes/" \
	144	$FAKE_ROOT/${sysconfdir}/sshd_config
	145	fi
	146
e9a17296	147
	148	# Rename config files; postinstall script will copy them if necessary
	149	for cfgfile in ssh_config sshd_config ssh_prng_cmds
	150	do
	151	mv $FAKE_ROOT/$sysconfdir/$cfgfile $FAKE_ROOT/$sysconfdir/$cfgfile.default
	152	done
	153
	154	#
	155	# Generate lpp control files.
680cee3b	156	# working dir is $FAKE_ROOT but files are generated in dir above
e9a17296	157	# and moved into place just before creation of .bff
	158	#
	159	cd $FAKE_ROOT
	160	echo Generating LPP control files
	161	find . ! -name . -print >../openssh.al
680cee3b	162	$inventory >../openssh.inventory
	163
	164	cat <<EOD >../openssh.copyright
	165	This software is distributed under a BSD-style license.
	166	For the full text of the license, see /usr/lpp/openssh/LICENCE
	167	EOD
e9a17296	168
	169	#
	170	# Create postinstall script
	171	#
	172	cat <<EOF >>../openssh.post_i
	173	#!/bin/sh
	174
680cee3b	175	echo Creating configs from defaults if necessary.
e9a17296	176	for cfgfile in ssh_config sshd_config ssh_prng_cmds
	177	do
	178	if [ ! -f $sysconfdir/\$cfgfile ]
	179	then
	180	echo "Creating \$cfgfile from default"
	181	cp $sysconfdir/\$cfgfile.default $sysconfdir/\$cfgfile
	182	else
	183	echo "\$cfgfile already exists."
	184	fi
	185	done
680cee3b	186	echo
	187
	188	# Create PrivSep user if PrivSep not disabled in config
	189	echo Creating PrivSep prereqs if required.
	190	if egrep '^[ \t]*UsePrivilegeSeparation[ \t]+no' $sysconfdir/sshd_config >/dev/null
	191	then
	192	echo "UsePrivilegeSeparation disabled in config, not creating PrivSep user,"
	193	echo "group or chroot directory."
	194	else
	195	echo "UsePrivilegeSeparation enabled in config (or defaulting to on)."
	196
	197	# create group if required
	198	if cut -f1 -d: /etc/group \| egrep '^'$SSH_PRIVSEP_USER'\$' >/dev/null
	199	then
	200	echo "PrivSep group $SSH_PRIVSEP_USER already exists."
	201	else
	202	echo "Creating PrivSep group $SSH_PRIVSEP_USER."
	203	mkgroup -A $SSH_PRIVSEP_USER
	204	fi
	205
	206	# Create user if required
	207	if cut -f1 -d: /etc/passwd \| egrep '^'$SSH_PRIVSEP_USER'\$' >/dev/null
	208	then
	209	echo "PrivSep user $SSH_PRIVSEP_USER already exists."
	210	else
	211	echo "Creating PrivSep user $SSH_PRIVSEP_USER."
	212	mkuser gecos='SSHD PrivSep User' login=false rlogin=false account_locked=true pgrp=$SSH_PRIVSEP_USER $SSH_PRIVSEP_USER
	213	fi
	214
	215	# create chroot directory if required
	216	if [ -d $PRIVSEP_PATH ]
	217	then
	218	echo "PrivSep chroot directory $PRIVSEP_PATH already exists."
	219	else
	220	echo "Creating PrivSep chroot directory $PRIVSEP_PATH."
	221	mkdir $PRIVSEP_PATH
	222	chown 0 $PRIVSEP_PATH
	223	chgrp 0 $PRIVSEP_PATH
	224	chmod 755 $PRIVSEP_PATH
	225	fi
	226	fi
	227	echo
e9a17296	228
e9a17296	229	# Generate keys unless they already exist
680cee3b	230	echo Creating host keys if required.
e9a17296	231	if [ -f "$sysconfdir/ssh_host_key" ] ; then
	232	echo "$sysconfdir/ssh_host_key already exists, skipping."
	233	else
	234	$bindir/ssh-keygen -t rsa1 -f $sysconfdir/ssh_host_key -N ""
	235	fi
	236	if [ -f $sysconfdir/ssh_host_dsa_key ] ; then
	237	echo "$sysconfdir/ssh_host_dsa_key already exists, skipping."
	238	else
	239	$bindir/ssh-keygen -t dsa -f $sysconfdir/ssh_host_dsa_key -N ""
	240	fi
	241	if [ -f $sysconfdir/ssh_host_rsa_key ] ; then
	242	echo "$sysconfdir/ssh_host_rsa_key already exists, skipping."
	243	else
	244	$bindir/ssh-keygen -t rsa -f $sysconfdir/ssh_host_rsa_key -N ""
	245	fi
680cee3b	246	echo
e9a17296	247
	248	# Add to system startup if required
	249	if grep $sbindir/sshd /etc/rc.tcpip >/dev/null
	250	then
	251	echo "sshd found in rc.tcpip, not adding."
	252	else
	253	echo >>/etc/rc.tcpip
	254	echo "echo Starting sshd" >>/etc/rc.tcpip
	255	echo "$sbindir/sshd" >>/etc/rc.tcpip
	256	fi
	257	EOF
	258
	259	#
	260	# Create liblpp.a and move control files into it
	261	#
	262	echo Creating liblpp.a
	263	(
	264	cd ..
680cee3b	265	for i in openssh.al openssh.copyright openssh.inventory openssh.post_i LICENCE README*
e9a17296	266	do
680cee3b	267	ar -r liblpp.a $i
680cee3b	268	rm $i
e9a17296	269	done
	270	)
	271
	272	#
	273	# Create lpp_name
	274	#
	275	# This will end up looking something like:
	276	# 4 R I OpenSSH {
	277	# OpenSSH 3.0.2.1 1 N U en_US OpenSSH 3.0.2p1 Portable for AIX
	278	# [
	279	# %
	280	# /usr/local/bin 8073
	281	# /usr/local/etc 189
	282	# /usr/local/libexec 185
	283	# /usr/local/man/man1 145
	284	# /usr/local/man/man8 83
	285	# /usr/local/sbin 2105
	286	# /usr/local/share 3
	287	# %
	288	# ]
680cee3b	289	# }
680cee3b	290
e9a17296	291	echo Creating lpp_name
	292	cat <<EOF >../lpp_name
	293	4 R I $PKGNAME {
	294	$PKGNAME $BFFVERSION 1 N U en_US OpenSSH $VERSION Portable for AIX
	295	[
	296	%
	297	EOF
	298
680cee3b	299	for i in $bindir $sysconfdir $libexecdir $mandir/${mansubdir}1 $mandir/${mansubdir}8 $sbindir $datadir /usr/lpp/openssh
e9a17296	300	do
e9a17296	301	# get size in 512 byte blocks
680cee3b	302	if [ -d $FAKE_ROOT/$i ]
	303	then
	304	size=`du $FAKE_ROOT/$i \| awk '{print $1}'`
	305	echo "$i $size" >>../lpp_name
	306	fi
e9a17296	307	done
	308
	309	echo '%' >>../lpp_name
	310	echo ']' >>../lpp_name
	311	echo '}' >>../lpp_name
	312
	313	#
	314	# Move pieces into place
	315	#
	316	mkdir -p usr/lpp/openssh
	317	mv ../liblpp.a usr/lpp/openssh
	318	mv ../lpp_name .
	319
	320	#
	321	# Now invoke backup to create .bff file
680cee3b	322	# note: lpp_name needs to be the first file so we generate the
e9a17296	323	# file list on the fly and feed it to backup using -i
	324	#
	325	echo Creating $PKGNAME-$VERSION.bff with backup...
700318f3	326	rm -f $PKGNAME-$VERSION.bff
e9a17296	327	(
	328	echo "./lpp_name"
	329	find . ! -name lpp_name -a ! -name . -print
	330	) \| backup -i -q -f ../$PKGNAME-$VERSION.bff $filelist
	331
680cee3b	332	#
41b2f314	333	# Move package into final location and clean up
680cee3b	334	#
41b2f314	335	mv ../$PKGNAME-$VERSION.bff $startdir
41b2f314	336	cd $startdir
680cee3b	337	rm -rf $objdir/$PKGDIR
e9a17296	338
e9a17296	339	echo $0: done.
e9a17296	340