]>
Commit | Line | Data |
---|---|---|
3c0ef626 | 1 | #!/bin/sh |
2 | # | |
700318f3 | 3 | # Fake Root Solaris/SVR4/SVR5 Build System - Prototype |
3c0ef626 | 4 | # |
5 | # The following code has been provide under Public Domain License. I really | |
6 | # don't care what you use it for. Just as long as you don't complain to me | |
7 | # nor my employer if you break it. - Ben Lindstrom (mouring@eviladmin.org) | |
cdd66111 | 8 | # |
3c0ef626 | 9 | umask 022 |
700318f3 | 10 | # |
11 | # Options for building the package | |
12 | # You can create a config.local with your customized options | |
13 | # | |
41b2f314 | 14 | # uncommenting TEST_DIR and using |
15 | # configure --prefix=/var/tmp --with-privsep-path=/var/tmp/empty | |
cdd66111 | 16 | # and |
700318f3 | 17 | # PKGNAME=tOpenSSH should allow testing a package without interfering |
41b2f314 | 18 | # with a real OpenSSH package on a system. This is not needed on systems |
19 | # that support the -R option to pkgadd. | |
700318f3 | 20 | #TEST_DIR=/var/tmp # leave commented out for production build |
3c0ef626 | 21 | PKGNAME=OpenSSH |
700318f3 | 22 | SYSVINIT_NAME=opensshd |
23 | MAKE=${MAKE:="make"} | |
41b2f314 | 24 | SSHDUID=67 # Default privsep uid |
25 | SSHDGID=67 # Default privsep gid | |
cdd66111 | 26 | # uncomment these next three as needed |
700318f3 | 27 | #PERMIT_ROOT_LOGIN=no |
28 | #X11_FORWARDING=yes | |
cdd66111 | 29 | #USR_LOCAL_IS_SYMLINK=yes |
700318f3 | 30 | # list of system directories we do NOT want to change owner/group/perms |
31 | # when installing our package | |
32 | SYSTEM_DIR="/etc \ | |
33 | /etc/init.d \ | |
34 | /etc/rcS.d \ | |
35 | /etc/rc0.d \ | |
36 | /etc/rc1.d \ | |
37 | /etc/rc2.d \ | |
38 | /etc/opt \ | |
39 | /opt \ | |
40 | /opt/bin \ | |
41 | /usr \ | |
42 | /usr/bin \ | |
43 | /usr/lib \ | |
44 | /usr/sbin \ | |
45 | /usr/share \ | |
46 | /usr/share/man \ | |
47 | /usr/share/man/man1 \ | |
48 | /usr/share/man/man8 \ | |
49 | /usr/local \ | |
50 | /usr/local/bin \ | |
51 | /usr/local/etc \ | |
52 | /usr/local/libexec \ | |
53 | /usr/local/man \ | |
54 | /usr/local/man/man1 \ | |
55 | /usr/local/man/man8 \ | |
56 | /usr/local/sbin \ | |
57 | /usr/local/share \ | |
58 | /var \ | |
59 | /var/opt \ | |
60 | /var/run \ | |
61 | /var/tmp \ | |
62 | /tmp" | |
3c0ef626 | 63 | |
41b2f314 | 64 | # We may need to build as root so we make sure PATH is set up |
700318f3 | 65 | # only set the path if it's not set already |
66 | [ -d /usr/local/bin ] && { | |
67 | echo $PATH | grep ":/usr/local/bin" > /dev/null 2>&1 | |
68 | [ $? -ne 0 ] && PATH=$PATH:/usr/local/bin | |
69 | } | |
70 | [ -d /usr/ccs/bin ] && { | |
71 | echo $PATH | grep ":/usr/ccs/bin" > /dev/null 2>&1 | |
72 | [ $? -ne 0 ] && PATH=$PATH:/usr/ccs/bin | |
73 | } | |
74 | export PATH | |
75 | # | |
76 | ||
77 | [ -f Makefile ] || { | |
78 | echo "Please run this script from your build directory" | |
79 | exit 1 | |
80 | } | |
81 | ||
82 | # we will look for config.local to override the above options | |
83 | [ -s ./config.local ] && . ./config.local | |
3c0ef626 | 84 | |
cdd66111 | 85 | ## Start by faking root install |
3c0ef626 | 86 | echo "Faking root install..." |
87 | START=`pwd` | |
700318f3 | 88 | OPENSSHD_IN=`dirname $0`/opensshd.in |
3c0ef626 | 89 | FAKE_ROOT=$START/package |
700318f3 | 90 | [ -d $FAKE_ROOT ] && rm -fr $FAKE_ROOT |
3c0ef626 | 91 | mkdir $FAKE_ROOT |
700318f3 | 92 | ${MAKE} install-nokeys DESTDIR=$FAKE_ROOT |
93 | if [ $? -gt 0 ] | |
94 | then | |
95 | echo "Fake root install failed, stopping." | |
96 | exit 1 | |
97 | fi | |
3c0ef626 | 98 | |
99 | ## Fill in some details, like prefix and sysconfdir | |
700318f3 | 100 | for confvar in prefix exec_prefix bindir sbindir libexecdir datadir mandir sysconfdir piddir |
101 | do | |
cdd66111 | 102 | eval $confvar=`grep "^$confvar=" Makefile | cut -d = -f 2` |
700318f3 | 103 | done |
3c0ef626 | 104 | |
41b2f314 | 105 | |
106 | ## Collect value of privsep user | |
107 | for confvar in SSH_PRIVSEP_USER | |
108 | do | |
cdd66111 | 109 | eval $confvar=`awk '/#define[ \t]'$confvar'/{print $3}' config.h` |
41b2f314 | 110 | done |
111 | ||
112 | ## Set privsep defaults if not defined | |
113 | if [ -z "$SSH_PRIVSEP_USER" ] | |
114 | then | |
cdd66111 | 115 | SSH_PRIVSEP_USER=sshd |
41b2f314 | 116 | fi |
117 | ||
700318f3 | 118 | ## Extract common info requires for the 'info' part of the package. |
119 | VERSION=`./ssh -V 2>&1 | sed -e 's/,.*//'` | |
3c0ef626 | 120 | |
700318f3 | 121 | UNAME_S=`uname -s` |
122 | case ${UNAME_S} in | |
123 | SunOS) UNAME_S=Solaris | |
124 | ARCH=`uname -p` | |
125 | RCS_D=yes | |
126 | DEF_MSG="(default: n)" | |
127 | ;; | |
41b2f314 | 128 | *) ARCH=`uname -m` |
129 | DEF_MSG="\n" ;; | |
700318f3 | 130 | esac |
131 | ||
132 | ## Setup our run level stuff while we are at it. | |
133 | mkdir -p $FAKE_ROOT${TEST_DIR}/etc/init.d | |
3c0ef626 | 134 | |
135 | ## setup our initscript correctly | |
700318f3 | 136 | sed -e "s#%%configDir%%#${sysconfdir}#g" \ |
137 | -e "s#%%openSSHDir%%#$prefix#g" \ | |
138 | -e "s#%%pidDir%%#${piddir}#g" \ | |
139 | ${OPENSSHD_IN} > $FAKE_ROOT${TEST_DIR}/etc/init.d/${SYSVINIT_NAME} | |
140 | chmod 744 $FAKE_ROOT${TEST_DIR}/etc/init.d/${SYSVINIT_NAME} | |
3c0ef626 | 141 | |
700318f3 | 142 | [ "${PERMIT_ROOT_LOGIN}" = no ] && \ |
143 | perl -p -i -e "s/#PermitRootLogin yes/PermitRootLogin no/" \ | |
144 | $FAKE_ROOT/${sysconfdir}/sshd_config | |
145 | [ "${X11_FORWARDING}" = yes ] && \ | |
146 | perl -p -i -e "s/#X11Forwarding no/X11Forwarding yes/" \ | |
147 | $FAKE_ROOT/${sysconfdir}/sshd_config | |
148 | # fix PrintMotd | |
149 | perl -p -i -e "s/#PrintMotd yes/PrintMotd no/" \ | |
150 | $FAKE_ROOT/${sysconfdir}/sshd_config | |
3c0ef626 | 151 | |
700318f3 | 152 | # We don't want to overwrite config files on multiple installs |
153 | mv $FAKE_ROOT/${sysconfdir}/ssh_config $FAKE_ROOT/${sysconfdir}/ssh_config.default | |
154 | mv $FAKE_ROOT/${sysconfdir}/sshd_config $FAKE_ROOT/${sysconfdir}/sshd_config.default | |
155 | [ -f $FAKE_ROOT/${sysconfdir}/ssh_prng_cmds ] && \ | |
156 | mv $FAKE_ROOT/${sysconfdir}/ssh_prng_cmds $FAKE_ROOT/${sysconfdir}/ssh_prng_cmds.default | |
157 | ||
158 | cd $FAKE_ROOT | |
3c0ef626 | 159 | |
160 | ## Ok, this is outright wrong, but it will work. I'm tired of pkgmk | |
161 | ## whining. | |
162 | for i in *; do | |
163 | PROTO_ARGS="$PROTO_ARGS $i=/$i"; | |
164 | done | |
165 | ||
166 | ## Build info file | |
167 | echo "Building pkginfo file..." | |
168 | cat > pkginfo << _EOF | |
169 | PKG=$PKGNAME | |
700318f3 | 170 | NAME="OpenSSH Portable for ${UNAME_S}" |
3c0ef626 | 171 | DESC="Secure Shell remote access utility; replaces telnet and rlogin/rsh." |
172 | VENDOR="OpenSSH Portable Team - http://www.openssh.com/portable.html" | |
3c0ef626 | 173 | ARCH=$ARCH |
174 | VERSION=$VERSION | |
700318f3 | 175 | CATEGORY="Security,application" |
3c0ef626 | 176 | BASEDIR=/ |
700318f3 | 177 | CLASSES="none" |
178 | _EOF | |
179 | ||
180 | ## Build preinstall file | |
181 | echo "Building preinstall file..." | |
182 | cat > preinstall << _EOF | |
183 | #! /sbin/sh | |
184 | # | |
185 | [ "\${PRE_INS_STOP}" = "yes" ] && ${TEST_DIR}/etc/init.d/${SYSVINIT_NAME} stop | |
186 | exit 0 | |
3c0ef626 | 187 | _EOF |
188 | ||
700318f3 | 189 | ## Build postinstall file |
190 | echo "Building postinstall file..." | |
191 | cat > postinstall << _EOF | |
192 | #! /sbin/sh | |
193 | # | |
41b2f314 | 194 | [ -f \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_config ] || \\ |
195 | cp -p \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_config.default \\ | |
196 | \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_config | |
197 | [ -f \${PKG_INSTALL_ROOT}${sysconfdir}/sshd_config ] || \\ | |
198 | cp -p \${PKG_INSTALL_ROOT}${sysconfdir}/sshd_config.default \\ | |
199 | \${PKG_INSTALL_ROOT}${sysconfdir}/sshd_config | |
200 | [ -f \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_prng_cmds.default ] && { | |
201 | [ -f \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_prng_cmds ] || \\ | |
202 | cp -p \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_prng_cmds.default \\ | |
203 | \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_prng_cmds | |
700318f3 | 204 | } |
205 | ||
206 | # make rc?.d dirs only if we are doing a test install | |
207 | [ -n "${TEST_DIR}" ] && { | |
208 | [ "$RCS_D" = yes ] && mkdir -p ${TEST_DIR}/etc/rcS.d | |
209 | mkdir -p ${TEST_DIR}/etc/rc0.d | |
210 | mkdir -p ${TEST_DIR}/etc/rc1.d | |
211 | mkdir -p ${TEST_DIR}/etc/rc2.d | |
212 | } | |
213 | ||
214 | if [ "\${USE_SYM_LINKS}" = yes ] | |
215 | then | |
216 | [ "$RCS_D" = yes ] && \ | |
41b2f314 | 217 | installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rcS.d/K30${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s |
218 | installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc0.d/K30${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s | |
219 | installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc1.d/K30${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s | |
220 | installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc2.d/S98${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s | |
700318f3 | 221 | else |
222 | [ "$RCS_D" = yes ] && \ | |
41b2f314 | 223 | installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rcS.d/K30${SYSVINIT_NAME}=$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l |
224 | installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc0.d/K30${SYSVINIT_NAME}=$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l | |
225 | installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc1.d/K30${SYSVINIT_NAME}=$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l | |
226 | installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc2.d/S98${SYSVINIT_NAME}=$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l | |
700318f3 | 227 | fi |
228 | ||
229 | # If piddir doesn't exist we add it. (Ie. --with-pid-dir=/var/opt/ssh) | |
41b2f314 | 230 | [ -d $piddir ] || installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR$piddir d 755 root sys |
700318f3 | 231 | |
232 | installf -f ${PKGNAME} | |
233 | ||
41b2f314 | 234 | # Use chroot to handle PKG_INSTALL_ROOT |
235 | if [ ! -z "\${PKG_INSTALL_ROOT}" ] | |
236 | then | |
237 | chroot="chroot \${PKG_INSTALL_ROOT}" | |
238 | fi | |
239 | # If this is a test build, we will skip the groupadd/useradd/passwd commands | |
240 | if [ ! -z "${TEST_DIR}" ] | |
241 | then | |
242 | chroot=echo | |
243 | fi | |
244 | ||
245 | if egrep '^[ \t]*UsePrivilegeSeparation[ \t]+no' \${PKG_INSTALL_ROOT}/$sysconfdir/sshd_config >/dev/null | |
246 | then | |
cdd66111 | 247 | echo "UsePrivilegeSeparation disabled in config, not creating PrivSep user" |
248 | echo "or group." | |
41b2f314 | 249 | else |
cdd66111 | 250 | echo "UsePrivilegeSeparation enabled in config (or defaulting to on)." |
41b2f314 | 251 | |
cdd66111 | 252 | # create group if required |
253 | if cut -f1 -d: \${PKG_INSTALL_ROOT}/etc/group | egrep '^'$SSH_PRIVSEP_USER'\$' >/dev/null | |
254 | then | |
255 | echo "PrivSep group $SSH_PRIVSEP_USER already exists." | |
256 | else | |
41b2f314 | 257 | # Use gid of 67 if possible |
258 | if cut -f3 -d: \${PKG_INSTALL_ROOT}/etc/group | egrep '^'$SSHDGID'\$' >/dev/null | |
259 | then | |
260 | : | |
261 | else | |
262 | sshdgid="-g $SSHDGID" | |
263 | fi | |
cdd66111 | 264 | echo "Creating PrivSep group $SSH_PRIVSEP_USER." |
265 | \$chroot /usr/sbin/groupadd \$sshdgid $SSH_PRIVSEP_USER | |
266 | fi | |
267 | ||
268 | # Create user if required | |
269 | if cut -f1 -d: \${PKG_INSTALL_ROOT}/etc/passwd | egrep '^'$SSH_PRIVSEP_USER'\$' >/dev/null | |
270 | then | |
271 | echo "PrivSep user $SSH_PRIVSEP_USER already exists." | |
272 | else | |
41b2f314 | 273 | # Use uid of 67 if possible |
274 | if cut -f3 -d: \${PKG_INSTALL_ROOT}/etc/passwd | egrep '^'$SSHDGID'\$' >/dev/null | |
275 | then | |
276 | : | |
277 | else | |
278 | sshduid="-u $SSHDUID" | |
279 | fi | |
cdd66111 | 280 | echo "Creating PrivSep user $SSH_PRIVSEP_USER." |
41b2f314 | 281 | \$chroot /usr/sbin/useradd -c 'SSHD PrivSep User' -s /bin/false -g $SSH_PRIVSEP_USER \$sshduid $SSH_PRIVSEP_USER |
282 | \$chroot /usr/bin/passwd -l $SSH_PRIVSEP_USER | |
cdd66111 | 283 | fi |
41b2f314 | 284 | fi |
285 | ||
700318f3 | 286 | [ "\${POST_INS_START}" = "yes" ] && ${TEST_DIR}/etc/init.d/${SYSVINIT_NAME} start |
287 | exit 0 | |
288 | _EOF | |
289 | ||
290 | ## Build preremove file | |
291 | echo "Building preremove file..." | |
292 | cat > preremove << _EOF | |
293 | #! /sbin/sh | |
294 | # | |
295 | ${TEST_DIR}/etc/init.d/${SYSVINIT_NAME} stop | |
296 | exit 0 | |
297 | _EOF | |
298 | ||
299 | ## Build request file | |
300 | echo "Building request file..." | |
301 | cat > request << _EOF | |
302 | trap 'exit 3' 15 | |
303 | USE_SYM_LINKS=no | |
304 | PRE_INS_STOP=no | |
305 | POST_INS_START=no | |
306 | # Use symbolic links? | |
307 | ans=\`ckyorn -d n \ | |
308 | -p "Do you want symbolic links for the start/stop scripts? ${DEF_MSG}"\` || exit \$? | |
309 | case \$ans in | |
310 | [y,Y]*) USE_SYM_LINKS=yes ;; | |
311 | esac | |
312 | ||
313 | # determine if should restart the daemon | |
314 | if [ -s ${piddir}/sshd.pid -a -f ${TEST_DIR}/etc/init.d/${SYSVINIT_NAME} ] | |
315 | then | |
316 | ans=\`ckyorn -d n \ | |
317 | -p "Should the running sshd daemon be restarted? ${DEF_MSG}"\` || exit \$? | |
318 | case \$ans in | |
319 | [y,Y]*) PRE_INS_STOP=yes | |
320 | POST_INS_START=yes | |
321 | ;; | |
322 | esac | |
323 | ||
324 | else | |
325 | ||
326 | # determine if we should start sshd | |
327 | ans=\`ckyorn -d n \ | |
328 | -p "Start the sshd daemon after installing this package? ${DEF_MSG}"\` || exit \$? | |
329 | case \$ans in | |
330 | [y,Y]*) POST_INS_START=yes ;; | |
331 | esac | |
332 | fi | |
333 | ||
334 | # make parameters available to installation service, | |
335 | # and so to any other packaging scripts | |
336 | cat >\$1 <<! | |
337 | USE_SYM_LINKS='\$USE_SYM_LINKS' | |
338 | PRE_INS_STOP='\$PRE_INS_STOP' | |
339 | POST_INS_START='\$POST_INS_START' | |
340 | ! | |
341 | exit 0 | |
342 | ||
343 | _EOF | |
344 | ||
345 | ## Build space file | |
346 | echo "Building space file..." | |
347 | cat > space << _EOF | |
348 | # extra space required by start/stop links added by installf in postinstall | |
349 | $TEST_DIR/etc/rc0.d/K30${SYSVINIT_NAME} 0 1 | |
350 | $TEST_DIR/etc/rc1.d/K30${SYSVINIT_NAME} 0 1 | |
351 | $TEST_DIR/etc/rc2.d/S98${SYSVINIT_NAME} 0 1 | |
352 | _EOF | |
353 | [ "$RCS_D" = yes ] && \ | |
354 | echo "$TEST_DIR/etc/rcS.d/K30${SYSVINIT_NAME} 0 1" >> space | |
355 | ||
3c0ef626 | 356 | ## Next Build our prototype |
357 | echo "Building prototype file..." | |
700318f3 | 358 | cat >mk-proto.awk << _EOF |
359 | BEGIN { print "i pkginfo"; print "i preinstall"; \\ | |
360 | print "i postinstall"; print "i preremove"; \\ | |
361 | print "i request"; print "i space"; \\ | |
cdd66111 | 362 | split("$SYSTEM_DIR",sys_files); } |
700318f3 | 363 | { |
364 | for (dir in sys_files) { if ( \$3 != sys_files[dir] ) | |
cdd66111 | 365 | { \$5="root"; \$6="sys"; } |
366 | else | |
367 | { \$4="?"; \$5="?"; \$6="?"; break;} | |
700318f3 | 368 | } } |
369 | { print; } | |
370 | _EOF | |
371 | find . | egrep -v "prototype|pkginfo|mk-proto.awk" | sort | \ | |
372 | pkgproto $PROTO_ARGS | nawk -f mk-proto.awk > prototype | |
3c0ef626 | 373 | |
cdd66111 | 374 | # /usr/local is a symlink on some systems |
375 | [ "${USR_LOCAL_IS_SYMLINK}" = yes ] && { | |
376 | grep -v "^d none /usr/local ? ? ?$" prototype > prototype.new | |
377 | mv prototype.new prototype | |
378 | } | |
379 | ||
3c0ef626 | 380 | ## Step back a directory and now build the package. |
381 | echo "Building package.." | |
382 | cd .. | |
700318f3 | 383 | pkgmk -d ${FAKE_ROOT} -f $FAKE_ROOT/prototype -o |
384 | echo | pkgtrans -os ${FAKE_ROOT} ${START}/$PKGNAME-$UNAME_S-$ARCH-$VERSION.pkg | |
3c0ef626 | 385 | rm -rf $FAKE_ROOT |
700318f3 | 386 |