[gssapi-openssh.git] / openssh / contrib / solaris / buildpkg.sh

#!/bin/sh
#
# Fake Root Solaris/SVR4/SVR5 Build System - Prototype
#
# The following code has been provide under Public Domain License.  I really
# don't care what you use it for.  Just as long as you don't complain to me
# nor my employer if you break it. - Ben Lindstrom (mouring@eviladmin.org)
#
umask 022
#
# Options for building the package
# You can create a config.local with your customized options
#
# uncommenting TEST_DIR and using
# configure --prefix=/var/tmp --with-privsep-path=/var/tmp/empty
# and
# PKGNAME=tOpenSSH should allow testing a package without interfering
# with a real OpenSSH package on a system. This is not needed on systems
# that support the -R option to pkgadd.
#TEST_DIR=/var/tmp	# leave commented out for production build
PKGNAME=OpenSSH
SYSVINIT_NAME=opensshd
MAKE=${MAKE:="make"}
SSHDUID=67	# Default privsep uid
SSHDGID=67	# Default privsep gid
# uncomment these next three as needed
#PERMIT_ROOT_LOGIN=no
#X11_FORWARDING=yes
#USR_LOCAL_IS_SYMLINK=yes
# list of system directories we do NOT want to change owner/group/perms
# when installing our package
SYSTEM_DIR="/etc	\
/etc/init.d		\
/etc/rcS.d		\
/etc/rc0.d		\
/etc/rc1.d		\
/etc/rc2.d		\
/etc/opt		\
/opt			\
/opt/bin		\
/usr			\
/usr/bin		\
/usr/lib		\
/usr/sbin		\
/usr/share		\
/usr/share/man		\
/usr/share/man/man1	\
/usr/share/man/man8	\
/usr/local		\
/usr/local/bin		\
/usr/local/etc		\
/usr/local/libexec	\
/usr/local/man		\
/usr/local/man/man1	\
/usr/local/man/man8	\
/usr/local/sbin		\
/usr/local/share	\
/var			\
/var/opt		\
/var/run		\
/var/tmp		\
/tmp"

# We may need to build as root so we make sure PATH is set up
# only set the path if it's not set already
[ -d /usr/local/bin ]  &&  {
	echo $PATH | grep ":/usr/local/bin"  > /dev/null 2>&1
	[ $? -ne 0 ] && PATH=$PATH:/usr/local/bin
}
[ -d /usr/ccs/bin ]  &&  {
	echo $PATH | grep ":/usr/ccs/bin"  > /dev/null 2>&1
	[ $? -ne 0 ] && PATH=$PATH:/usr/ccs/bin
}
export PATH
#

[ -f Makefile ]  ||  {
	echo "Please run this script from your build directory"
	exit 1
}

# we will look for config.local to override the above options
[ -s ./config.local ]  &&  . ./config.local

## Start by faking root install
echo "Faking root install..."
START=`pwd`
OPENSSHD_IN=`dirname $0`/opensshd.in
FAKE_ROOT=$START/package
[ -d $FAKE_ROOT ]  &&  rm -fr $FAKE_ROOT
mkdir $FAKE_ROOT
${MAKE} install-nokeys DESTDIR=$FAKE_ROOT
if [ $? -gt 0 ]
then
	echo "Fake root install failed, stopping."
	exit 1
fi

## Fill in some details, like prefix and sysconfdir
for confvar in prefix exec_prefix bindir sbindir libexecdir datadir mandir sysconfdir piddir
do
	eval $confvar=`grep "^$confvar=" Makefile | cut -d = -f 2`
done


## Collect value of privsep user
for confvar in SSH_PRIVSEP_USER
do
	eval $confvar=`awk '/#define[ \t]'$confvar'/{print $3}' config.h`
done

## Set privsep defaults if not defined
if [ -z "$SSH_PRIVSEP_USER" ]
then
	SSH_PRIVSEP_USER=sshd
fi

## Extract common info requires for the 'info' part of the package.
VERSION=`./ssh -V 2>&1 | sed -e 's/,.*//'`

UNAME_S=`uname -s`
case ${UNAME_S} in
	SunOS)	UNAME_S=Solaris
		ARCH=`uname -p`
		RCS_D=yes
		DEF_MSG="(default: n)"
		;;
	*)	ARCH=`uname -m`
		DEF_MSG="\n" ;;
esac

## Setup our run level stuff while we are at it.
mkdir -p $FAKE_ROOT${TEST_DIR}/etc/init.d

## setup our initscript correctly
sed -e "s#%%configDir%%#${sysconfdir}#g" 	\
    -e "s#%%openSSHDir%%#$prefix#g"		\
    -e "s#%%pidDir%%#${piddir}#g"		\
	${OPENSSHD_IN}	> $FAKE_ROOT${TEST_DIR}/etc/init.d/${SYSVINIT_NAME}
chmod 744 $FAKE_ROOT${TEST_DIR}/etc/init.d/${SYSVINIT_NAME}

[ "${PERMIT_ROOT_LOGIN}" = no ]  &&  \
	perl -p -i -e "s/#PermitRootLogin yes/PermitRootLogin no/" \
		$FAKE_ROOT/${sysconfdir}/sshd_config
[ "${X11_FORWARDING}" = yes ]  &&  \
	perl -p -i -e "s/#X11Forwarding no/X11Forwarding yes/" \
		$FAKE_ROOT/${sysconfdir}/sshd_config
# fix PrintMotd
perl -p -i -e "s/#PrintMotd yes/PrintMotd no/" \
	$FAKE_ROOT/${sysconfdir}/sshd_config

# We don't want to overwrite config files on multiple installs
mv $FAKE_ROOT/${sysconfdir}/ssh_config $FAKE_ROOT/${sysconfdir}/ssh_config.default
mv $FAKE_ROOT/${sysconfdir}/sshd_config $FAKE_ROOT/${sysconfdir}/sshd_config.default
[ -f $FAKE_ROOT/${sysconfdir}/ssh_prng_cmds ]  &&  \
mv $FAKE_ROOT/${sysconfdir}/ssh_prng_cmds $FAKE_ROOT/${sysconfdir}/ssh_prng_cmds.default

cd $FAKE_ROOT

## Ok, this is outright wrong, but it will work.  I'm tired of pkgmk
## whining.
for i in *; do
  PROTO_ARGS="$PROTO_ARGS $i=/$i";
done

## Build info file
echo "Building pkginfo file..."
cat > pkginfo << _EOF
PKG=$PKGNAME
NAME="OpenSSH Portable for ${UNAME_S}"
DESC="Secure Shell remote access utility; replaces telnet and rlogin/rsh."
VENDOR="OpenSSH Portable Team - http://www.openssh.com/portable.html"
ARCH=$ARCH
VERSION=$VERSION
CATEGORY="Security,application"
BASEDIR=/
CLASSES="none"
_EOF

## Build preinstall file
echo "Building preinstall file..."
cat > preinstall << _EOF
#! /sbin/sh
#
[ "\${PRE_INS_STOP}" = "yes" ]  &&  ${TEST_DIR}/etc/init.d/${SYSVINIT_NAME} stop
exit 0
_EOF

## Build postinstall file
echo "Building postinstall file..."
cat > postinstall << _EOF
#! /sbin/sh
#
[ -f \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_config ]  ||  \\
	cp -p \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_config.default \\
		\${PKG_INSTALL_ROOT}${sysconfdir}/ssh_config
[ -f \${PKG_INSTALL_ROOT}${sysconfdir}/sshd_config ]  ||  \\
	cp -p \${PKG_INSTALL_ROOT}${sysconfdir}/sshd_config.default \\
		\${PKG_INSTALL_ROOT}${sysconfdir}/sshd_config
[ -f \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_prng_cmds.default ]  &&  {
	[ -f \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_prng_cmds ]  ||  \\
	cp -p \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_prng_cmds.default \\
		\${PKG_INSTALL_ROOT}${sysconfdir}/ssh_prng_cmds
}

# make rc?.d dirs only if we are doing a test install
[ -n "${TEST_DIR}" ]  &&  {
	[ "$RCS_D" = yes ]  &&  mkdir -p ${TEST_DIR}/etc/rcS.d
	mkdir -p ${TEST_DIR}/etc/rc0.d
	mkdir -p ${TEST_DIR}/etc/rc1.d
	mkdir -p ${TEST_DIR}/etc/rc2.d
}

if [ "\${USE_SYM_LINKS}" = yes ]
then
	[ "$RCS_D" = yes ]  &&  \
installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rcS.d/K30${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s
	installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc0.d/K30${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s
	installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc1.d/K30${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s
	installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc2.d/S98${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s
else
	[ "$RCS_D" = yes ]  &&  \
installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rcS.d/K30${SYSVINIT_NAME}=$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l
	installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc0.d/K30${SYSVINIT_NAME}=$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l
	installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc1.d/K30${SYSVINIT_NAME}=$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l
	installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc2.d/S98${SYSVINIT_NAME}=$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l
fi

# If piddir doesn't exist we add it. (Ie. --with-pid-dir=/var/opt/ssh)
[ -d $piddir ]  ||  installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR$piddir d 755 root sys

installf -f ${PKGNAME}

# Use chroot to handle PKG_INSTALL_ROOT
if [ ! -z "\${PKG_INSTALL_ROOT}" ]
then
	chroot="chroot \${PKG_INSTALL_ROOT}"
fi
# If this is a test build, we will skip the groupadd/useradd/passwd commands
if [ ! -z "${TEST_DIR}" ]
then
	chroot=echo
fi

if egrep '^[ \t]*UsePrivilegeSeparation[ \t]+no' \${PKG_INSTALL_ROOT}/$sysconfdir/sshd_config >/dev/null
then
	echo "UsePrivilegeSeparation disabled in config, not creating PrivSep user"
	echo "or group."
else
	echo "UsePrivilegeSeparation enabled in config (or defaulting to on)."

	# create group if required
	if cut -f1 -d: \${PKG_INSTALL_ROOT}/etc/group | egrep '^'$SSH_PRIVSEP_USER'\$' >/dev/null
	then
		echo "PrivSep group $SSH_PRIVSEP_USER already exists."
	else
		# Use gid of 67 if possible
		if cut -f3 -d: \${PKG_INSTALL_ROOT}/etc/group | egrep '^'$SSHDGID'\$' >/dev/null
		then
			:
		else
			sshdgid="-g $SSHDGID"
		fi
		echo "Creating PrivSep group $SSH_PRIVSEP_USER."
		\$chroot /usr/sbin/groupadd \$sshdgid $SSH_PRIVSEP_USER
	fi

	# Create user if required
	if cut -f1 -d: \${PKG_INSTALL_ROOT}/etc/passwd | egrep '^'$SSH_PRIVSEP_USER'\$' >/dev/null
	then
		echo "PrivSep user $SSH_PRIVSEP_USER already exists."
	else
		# Use uid of 67 if possible
		if cut -f3 -d: \${PKG_INSTALL_ROOT}/etc/passwd | egrep '^'$SSHDGID'\$' >/dev/null
		then
			:
		else
			sshduid="-u $SSHDUID"
		fi
		echo "Creating PrivSep user $SSH_PRIVSEP_USER."
		\$chroot /usr/sbin/useradd -c 'SSHD PrivSep User' -s /bin/false -g $SSH_PRIVSEP_USER \$sshduid $SSH_PRIVSEP_USER
		\$chroot /usr/bin/passwd -l $SSH_PRIVSEP_USER
	fi
fi

[ "\${POST_INS_START}" = "yes" ]  &&  ${TEST_DIR}/etc/init.d/${SYSVINIT_NAME} start
exit 0
_EOF

## Build preremove file
echo "Building preremove file..."
cat > preremove << _EOF
#! /sbin/sh
#
${TEST_DIR}/etc/init.d/${SYSVINIT_NAME} stop
exit 0
_EOF

## Build request file
echo "Building request file..."
cat > request << _EOF
trap 'exit 3' 15
USE_SYM_LINKS=no
PRE_INS_STOP=no
POST_INS_START=no
# Use symbolic links?
ans=\`ckyorn -d n \
-p "Do you want symbolic links for the start/stop scripts? ${DEF_MSG}"\` || exit \$?
case \$ans in
	[y,Y]*)	USE_SYM_LINKS=yes ;;
esac

# determine if should restart the daemon
if [ -s ${piddir}/sshd.pid  -a  -f ${TEST_DIR}/etc/init.d/${SYSVINIT_NAME} ]
then
	ans=\`ckyorn -d n \
-p "Should the running sshd daemon be restarted? ${DEF_MSG}"\` || exit \$?
	case \$ans in
		[y,Y]*)	PRE_INS_STOP=yes
			POST_INS_START=yes
			;;
	esac

else

# determine if we should start sshd
	ans=\`ckyorn -d n \
-p "Start the sshd daemon after installing this package? ${DEF_MSG}"\` || exit \$?
	case \$ans in
		[y,Y]*)	POST_INS_START=yes ;;
	esac
fi

# make parameters available to installation service,
# and so to any other packaging scripts
cat >\$1 <<!
USE_SYM_LINKS='\$USE_SYM_LINKS'
PRE_INS_STOP='\$PRE_INS_STOP'
POST_INS_START='\$POST_INS_START'
!
exit 0

_EOF

## Build space file
echo "Building space file..."
cat > space << _EOF
# extra space required by start/stop links added by installf in postinstall
$TEST_DIR/etc/rc0.d/K30${SYSVINIT_NAME} 0 1
$TEST_DIR/etc/rc1.d/K30${SYSVINIT_NAME} 0 1
$TEST_DIR/etc/rc2.d/S98${SYSVINIT_NAME} 0 1
_EOF
[ "$RCS_D" = yes ]  &&  \
echo "$TEST_DIR/etc/rcS.d/K30${SYSVINIT_NAME} 0 1" >> space

## Next Build our prototype
echo "Building prototype file..."
cat >mk-proto.awk << _EOF
	    BEGIN { print "i pkginfo"; print "i preinstall"; \\
		    print "i postinstall"; print "i preremove"; \\
		    print "i request"; print "i space"; \\
		    split("$SYSTEM_DIR",sys_files); }
	    {
	     for (dir in sys_files) { if ( \$3 != sys_files[dir] )
		     { \$5="root"; \$6="sys"; }
		else
		     { \$4="?"; \$5="?"; \$6="?"; break;}
	    } }
	    { print; }
_EOF
find . | egrep -v "prototype|pkginfo|mk-proto.awk" | sort | \
	pkgproto $PROTO_ARGS | nawk -f mk-proto.awk > prototype

# /usr/local is a symlink on some systems
[ "${USR_LOCAL_IS_SYMLINK}" = yes ]  &&  {
	grep -v "^d none /usr/local ? ? ?$" prototype > prototype.new
	mv prototype.new prototype
}

## Step back a directory and now build the package.
echo "Building package.."
cd ..
pkgmk -d ${FAKE_ROOT} -f $FAKE_ROOT/prototype -o
echo | pkgtrans -os ${FAKE_ROOT} ${START}/$PKGNAME-$UNAME_S-$ARCH-$VERSION.pkg
rm -rf $FAKE_ROOT
Commit	Line	Data
3c0ef626	1	#!/bin/sh
3c0ef626	2	#
700318f3	3	# Fake Root Solaris/SVR4/SVR5 Build System - Prototype
3c0ef626	4	#
	5	# The following code has been provide under Public Domain License. I really
	6	# don't care what you use it for. Just as long as you don't complain to me
	7	# nor my employer if you break it. - Ben Lindstrom (mouring@eviladmin.org)
cdd66111	8	#
3c0ef626	9	umask 022
700318f3	10	#
	11	# Options for building the package
	12	# You can create a config.local with your customized options
	13	#
41b2f314	14	# uncommenting TEST_DIR and using
41b2f314	15	# configure --prefix=/var/tmp --with-privsep-path=/var/tmp/empty
cdd66111	16	# and
700318f3	17	# PKGNAME=tOpenSSH should allow testing a package without interfering
41b2f314	18	# with a real OpenSSH package on a system. This is not needed on systems
41b2f314	19	# that support the -R option to pkgadd.
700318f3	20	#TEST_DIR=/var/tmp # leave commented out for production build
3c0ef626	21	PKGNAME=OpenSSH
700318f3	22	SYSVINIT_NAME=opensshd
700318f3	23	MAKE=${MAKE:="make"}
41b2f314	24	SSHDUID=67 # Default privsep uid
41b2f314	25	SSHDGID=67 # Default privsep gid
cdd66111	26	# uncomment these next three as needed
700318f3	27	#PERMIT_ROOT_LOGIN=no
700318f3	28	#X11_FORWARDING=yes
cdd66111	29	#USR_LOCAL_IS_SYMLINK=yes
700318f3	30	# list of system directories we do NOT want to change owner/group/perms
	31	# when installing our package
	32	SYSTEM_DIR="/etc \
	33	/etc/init.d \
	34	/etc/rcS.d \
	35	/etc/rc0.d \
	36	/etc/rc1.d \
	37	/etc/rc2.d \
	38	/etc/opt \
	39	/opt \
	40	/opt/bin \
	41	/usr \
	42	/usr/bin \
	43	/usr/lib \
	44	/usr/sbin \
	45	/usr/share \
	46	/usr/share/man \
	47	/usr/share/man/man1 \
	48	/usr/share/man/man8 \
	49	/usr/local \
	50	/usr/local/bin \
	51	/usr/local/etc \
	52	/usr/local/libexec \
	53	/usr/local/man \
	54	/usr/local/man/man1 \
	55	/usr/local/man/man8 \
	56	/usr/local/sbin \
	57	/usr/local/share \
	58	/var \
	59	/var/opt \
	60	/var/run \
	61	/var/tmp \
	62	/tmp"
3c0ef626	63
41b2f314	64	# We may need to build as root so we make sure PATH is set up
700318f3	65	# only set the path if it's not set already
	66	[ -d /usr/local/bin ] && {
	67	echo $PATH \| grep ":/usr/local/bin" > /dev/null 2>&1
	68	[ $? -ne 0 ] && PATH=$PATH:/usr/local/bin
	69	}
	70	[ -d /usr/ccs/bin ] && {
	71	echo $PATH \| grep ":/usr/ccs/bin" > /dev/null 2>&1
	72	[ $? -ne 0 ] && PATH=$PATH:/usr/ccs/bin
	73	}
	74	export PATH
	75	#
	76
	77	[ -f Makefile ] \|\| {
	78	echo "Please run this script from your build directory"
	79	exit 1
	80	}
	81
	82	# we will look for config.local to override the above options
	83	[ -s ./config.local ] && . ./config.local
3c0ef626	84
cdd66111	85	## Start by faking root install
3c0ef626	86	echo "Faking root install..."
3c0ef626	87	START=`pwd`
700318f3	88	OPENSSHD_IN=`dirname $0`/opensshd.in
3c0ef626	89	FAKE_ROOT=$START/package
700318f3	90	[ -d $FAKE_ROOT ] && rm -fr $FAKE_ROOT
3c0ef626	91	mkdir $FAKE_ROOT
700318f3	92	${MAKE} install-nokeys DESTDIR=$FAKE_ROOT
	93	if [ $? -gt 0 ]
	94	then
	95	echo "Fake root install failed, stopping."
	96	exit 1
	97	fi
3c0ef626	98
3c0ef626	99	## Fill in some details, like prefix and sysconfdir
700318f3	100	for confvar in prefix exec_prefix bindir sbindir libexecdir datadir mandir sysconfdir piddir
700318f3	101	do
cdd66111	102	eval $confvar=`grep "^$confvar=" Makefile \| cut -d = -f 2`
700318f3	103	done
3c0ef626	104
41b2f314	105
	106	## Collect value of privsep user
	107	for confvar in SSH_PRIVSEP_USER
	108	do
cdd66111	109	eval $confvar=`awk '/#define[ \t]'$confvar'/{print $3}' config.h`
41b2f314	110	done
	111
	112	## Set privsep defaults if not defined
	113	if [ -z "$SSH_PRIVSEP_USER" ]
	114	then
cdd66111	115	SSH_PRIVSEP_USER=sshd
41b2f314	116	fi
41b2f314	117
700318f3	118	## Extract common info requires for the 'info' part of the package.
700318f3	119	VERSION=`./ssh -V 2>&1 \| sed -e 's/,.*//'`
3c0ef626	120
700318f3	121	UNAME_S=`uname -s`
	122	case ${UNAME_S} in
	123	SunOS) UNAME_S=Solaris
	124	ARCH=`uname -p`
	125	RCS_D=yes
	126	DEF_MSG="(default: n)"
	127	;;
41b2f314	128	*) ARCH=`uname -m`
41b2f314	129	DEF_MSG="\n" ;;
700318f3	130	esac
	131
	132	## Setup our run level stuff while we are at it.
	133	mkdir -p $FAKE_ROOT${TEST_DIR}/etc/init.d
3c0ef626	134
3c0ef626	135	## setup our initscript correctly
700318f3	136	sed -e "s#%%configDir%%#${sysconfdir}#g" \
	137	-e "s#%%openSSHDir%%#$prefix#g" \
	138	-e "s#%%pidDir%%#${piddir}#g" \
	139	${OPENSSHD_IN} > $FAKE_ROOT${TEST_DIR}/etc/init.d/${SYSVINIT_NAME}
	140	chmod 744 $FAKE_ROOT${TEST_DIR}/etc/init.d/${SYSVINIT_NAME}
3c0ef626	141
700318f3	142	[ "${PERMIT_ROOT_LOGIN}" = no ] && \
	143	perl -p -i -e "s/#PermitRootLogin yes/PermitRootLogin no/" \
	144	$FAKE_ROOT/${sysconfdir}/sshd_config
	145	[ "${X11_FORWARDING}" = yes ] && \
	146	perl -p -i -e "s/#X11Forwarding no/X11Forwarding yes/" \
	147	$FAKE_ROOT/${sysconfdir}/sshd_config
	148	# fix PrintMotd
	149	perl -p -i -e "s/#PrintMotd yes/PrintMotd no/" \
	150	$FAKE_ROOT/${sysconfdir}/sshd_config
3c0ef626	151
700318f3	152	# We don't want to overwrite config files on multiple installs
	153	mv $FAKE_ROOT/${sysconfdir}/ssh_config $FAKE_ROOT/${sysconfdir}/ssh_config.default
	154	mv $FAKE_ROOT/${sysconfdir}/sshd_config $FAKE_ROOT/${sysconfdir}/sshd_config.default
	155	[ -f $FAKE_ROOT/${sysconfdir}/ssh_prng_cmds ] && \
	156	mv $FAKE_ROOT/${sysconfdir}/ssh_prng_cmds $FAKE_ROOT/${sysconfdir}/ssh_prng_cmds.default
	157
	158	cd $FAKE_ROOT
3c0ef626	159
	160	## Ok, this is outright wrong, but it will work. I'm tired of pkgmk
	161	## whining.
	162	for i in *; do
	163	PROTO_ARGS="$PROTO_ARGS $i=/$i";
	164	done
	165
	166	## Build info file
	167	echo "Building pkginfo file..."
	168	cat > pkginfo << _EOF
	169	PKG=$PKGNAME
700318f3	170	NAME="OpenSSH Portable for ${UNAME_S}"
3c0ef626	171	DESC="Secure Shell remote access utility; replaces telnet and rlogin/rsh."
3c0ef626	172	VENDOR="OpenSSH Portable Team - http://www.openssh.com/portable.html"
3c0ef626	173	ARCH=$ARCH
3c0ef626	174	VERSION=$VERSION
700318f3	175	CATEGORY="Security,application"
3c0ef626	176	BASEDIR=/
700318f3	177	CLASSES="none"
	178	_EOF
	179
	180	## Build preinstall file
	181	echo "Building preinstall file..."
	182	cat > preinstall << _EOF
	183	#! /sbin/sh
	184	#
	185	[ "\${PRE_INS_STOP}" = "yes" ] && ${TEST_DIR}/etc/init.d/${SYSVINIT_NAME} stop
	186	exit 0
3c0ef626	187	_EOF
3c0ef626	188
700318f3	189	## Build postinstall file
	190	echo "Building postinstall file..."
	191	cat > postinstall << _EOF
	192	#! /sbin/sh
	193	#
41b2f314	194	[ -f \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_config ] \|\| \\
	195	cp -p \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_config.default \\
	196	\${PKG_INSTALL_ROOT}${sysconfdir}/ssh_config
	197	[ -f \${PKG_INSTALL_ROOT}${sysconfdir}/sshd_config ] \|\| \\
	198	cp -p \${PKG_INSTALL_ROOT}${sysconfdir}/sshd_config.default \\
	199	\${PKG_INSTALL_ROOT}${sysconfdir}/sshd_config
	200	[ -f \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_prng_cmds.default ] && {
	201	[ -f \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_prng_cmds ] \|\| \\
	202	cp -p \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_prng_cmds.default \\
	203	\${PKG_INSTALL_ROOT}${sysconfdir}/ssh_prng_cmds
700318f3	204	}
	205
	206	# make rc?.d dirs only if we are doing a test install
	207	[ -n "${TEST_DIR}" ] && {
	208	[ "$RCS_D" = yes ] && mkdir -p ${TEST_DIR}/etc/rcS.d
	209	mkdir -p ${TEST_DIR}/etc/rc0.d
	210	mkdir -p ${TEST_DIR}/etc/rc1.d
	211	mkdir -p ${TEST_DIR}/etc/rc2.d
	212	}
	213
	214	if [ "\${USE_SYM_LINKS}" = yes ]
	215	then
	216	[ "$RCS_D" = yes ] && \
41b2f314	217	installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rcS.d/K30${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s
	218	installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc0.d/K30${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s
	219	installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc1.d/K30${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s
	220	installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc2.d/S98${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s
700318f3	221	else
700318f3	222	[ "$RCS_D" = yes ] && \
41b2f314	223	installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rcS.d/K30${SYSVINIT_NAME}=$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l
	224	installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc0.d/K30${SYSVINIT_NAME}=$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l
	225	installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc1.d/K30${SYSVINIT_NAME}=$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l
	226	installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc2.d/S98${SYSVINIT_NAME}=$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l
700318f3	227	fi
	228
	229	# If piddir doesn't exist we add it. (Ie. --with-pid-dir=/var/opt/ssh)
41b2f314	230	[ -d $piddir ] \|\| installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR$piddir d 755 root sys
700318f3	231
	232	installf -f ${PKGNAME}
	233
41b2f314	234	# Use chroot to handle PKG_INSTALL_ROOT
	235	if [ ! -z "\${PKG_INSTALL_ROOT}" ]
	236	then
	237	chroot="chroot \${PKG_INSTALL_ROOT}"
	238	fi
	239	# If this is a test build, we will skip the groupadd/useradd/passwd commands
	240	if [ ! -z "${TEST_DIR}" ]
	241	then
	242	chroot=echo
	243	fi
	244
	245	if egrep '^[ \t]*UsePrivilegeSeparation[ \t]+no' \${PKG_INSTALL_ROOT}/$sysconfdir/sshd_config >/dev/null
	246	then
cdd66111	247	echo "UsePrivilegeSeparation disabled in config, not creating PrivSep user"
cdd66111	248	echo "or group."
41b2f314	249	else
cdd66111	250	echo "UsePrivilegeSeparation enabled in config (or defaulting to on)."
41b2f314	251
cdd66111	252	# create group if required
	253	if cut -f1 -d: \${PKG_INSTALL_ROOT}/etc/group \| egrep '^'$SSH_PRIVSEP_USER'\$' >/dev/null
	254	then
	255	echo "PrivSep group $SSH_PRIVSEP_USER already exists."
	256	else
41b2f314	257	# Use gid of 67 if possible
	258	if cut -f3 -d: \${PKG_INSTALL_ROOT}/etc/group \| egrep '^'$SSHDGID'\$' >/dev/null
	259	then
	260	:
	261	else
	262	sshdgid="-g $SSHDGID"
	263	fi
cdd66111	264	echo "Creating PrivSep group $SSH_PRIVSEP_USER."
	265	\$chroot /usr/sbin/groupadd \$sshdgid $SSH_PRIVSEP_USER
	266	fi
	267
	268	# Create user if required
	269	if cut -f1 -d: \${PKG_INSTALL_ROOT}/etc/passwd \| egrep '^'$SSH_PRIVSEP_USER'\$' >/dev/null
	270	then
	271	echo "PrivSep user $SSH_PRIVSEP_USER already exists."
	272	else
41b2f314	273	# Use uid of 67 if possible
	274	if cut -f3 -d: \${PKG_INSTALL_ROOT}/etc/passwd \| egrep '^'$SSHDGID'\$' >/dev/null
	275	then
	276	:
	277	else
	278	sshduid="-u $SSHDUID"
	279	fi
cdd66111	280	echo "Creating PrivSep user $SSH_PRIVSEP_USER."
41b2f314	281	\$chroot /usr/sbin/useradd -c 'SSHD PrivSep User' -s /bin/false -g $SSH_PRIVSEP_USER \$sshduid $SSH_PRIVSEP_USER
41b2f314	282	\$chroot /usr/bin/passwd -l $SSH_PRIVSEP_USER
cdd66111	283	fi
41b2f314	284	fi
41b2f314	285
700318f3	286	[ "\${POST_INS_START}" = "yes" ] && ${TEST_DIR}/etc/init.d/${SYSVINIT_NAME} start
	287	exit 0
	288	_EOF
	289
	290	## Build preremove file
	291	echo "Building preremove file..."
	292	cat > preremove << _EOF
	293	#! /sbin/sh
	294	#
	295	${TEST_DIR}/etc/init.d/${SYSVINIT_NAME} stop
	296	exit 0
	297	_EOF
	298
	299	## Build request file
	300	echo "Building request file..."
	301	cat > request << _EOF
	302	trap 'exit 3' 15
	303	USE_SYM_LINKS=no
	304	PRE_INS_STOP=no
	305	POST_INS_START=no
	306	# Use symbolic links?
	307	ans=\`ckyorn -d n \
	308	-p "Do you want symbolic links for the start/stop scripts? ${DEF_MSG}"\` \|\| exit \$?
	309	case \$ans in
	310	[y,Y]*) USE_SYM_LINKS=yes ;;
	311	esac
	312
	313	# determine if should restart the daemon
	314	if [ -s ${piddir}/sshd.pid -a -f ${TEST_DIR}/etc/init.d/${SYSVINIT_NAME} ]
	315	then
	316	ans=\`ckyorn -d n \
	317	-p "Should the running sshd daemon be restarted? ${DEF_MSG}"\` \|\| exit \$?
	318	case \$ans in
	319	[y,Y]*) PRE_INS_STOP=yes
	320	POST_INS_START=yes
	321	;;
	322	esac
	323
	324	else
	325
	326	# determine if we should start sshd
	327	ans=\`ckyorn -d n \
	328	-p "Start the sshd daemon after installing this package? ${DEF_MSG}"\` \|\| exit \$?
	329	case \$ans in
	330	[y,Y]*) POST_INS_START=yes ;;
	331	esac
	332	fi
	333
	334	# make parameters available to installation service,
	335	# and so to any other packaging scripts
	336	cat >\$1 <<!
	337	USE_SYM_LINKS='\$USE_SYM_LINKS'
	338	PRE_INS_STOP='\$PRE_INS_STOP'
	339	POST_INS_START='\$POST_INS_START'
	340	!
	341	exit 0
	342
	343	_EOF
	344
	345	## Build space file
	346	echo "Building space file..."
	347	cat > space << _EOF
	348	# extra space required by start/stop links added by installf in postinstall
	349	$TEST_DIR/etc/rc0.d/K30${SYSVINIT_NAME} 0 1
350	$TEST_DIR/etc/rc1.d/K30${SYSVINIT_NAME} 0 1
351	$TEST_DIR/etc/rc2.d/S98${SYSVINIT_NAME} 0 1
352	_EOF
353	[ "$RCS_D" = yes ] && \
354	echo "$TEST_DIR/etc/rcS.d/K30${SYSVINIT_NAME} 0 1" >> space
355
3c0ef626	356	## Next Build our prototype
3c0ef626	357	echo "Building prototype file..."
700318f3	358	cat >mk-proto.awk << _EOF
	359	BEGIN { print "i pkginfo"; print "i preinstall"; \\
	360	print "i postinstall"; print "i preremove"; \\
	361	print "i request"; print "i space"; \\
cdd66111	362	split("$SYSTEM_DIR",sys_files); }
700318f3	363	{
700318f3	364	for (dir in sys_files) { if ( \$3 != sys_files[dir] )
cdd66111	365	{ \$5="root"; \$6="sys"; }
	366	else
	367	{ \$4="?"; \$5="?"; \$6="?"; break;}
700318f3	368	} }
	369	{ print; }
	370	_EOF
	371	find . \| egrep -v "prototype\|pkginfo\|mk-proto.awk" \| sort \| \
	372	pkgproto $PROTO_ARGS \| nawk -f mk-proto.awk > prototype
3c0ef626	373
cdd66111	374	# /usr/local is a symlink on some systems
	375	[ "${USR_LOCAL_IS_SYMLINK}" = yes ] && {
	376	grep -v "^d none /usr/local ? ? ?$" prototype > prototype.new
	377	mv prototype.new prototype
	378	}
	379
3c0ef626	380	## Step back a directory and now build the package.
	381	echo "Building package.."
	382	cd ..
700318f3	383	pkgmk -d ${FAKE_ROOT} -f $FAKE_ROOT/prototype -o
700318f3	384	echo \| pkgtrans -os ${FAKE_ROOT} ${START}/$PKGNAME-$UNAME_S-$ARCH-$VERSION.pkg
3c0ef626	385	rm -rf $FAKE_ROOT
700318f3	386