]>
Commit | Line | Data |
---|---|---|
d832c38e | 1 | #!/bin/sh |
2 | # | |
3 | # buildbff.sh: Create AIX SMIT-installable OpenSSH packages | |
4 | # | |
5 | # Author: Darren Tucker (dtucker at zip dot com dot au) | |
6 | # This file is placed in the public domain and comes with absolutely | |
7 | # no warranty. | |
8 | # | |
9 | # Based originally on Ben Lindstrom's buildpkg.sh for Solaris | |
10 | # | |
11 | ||
276b07a3 | 12 | # |
13 | # Tunable configuration settings | |
14 | # create a "config.local" in your build directory to override these. | |
15 | # | |
16 | PERMIT_ROOT_LOGIN=no | |
17 | X11_FORWARDING=no | |
18 | ||
d832c38e | 19 | umask 022 |
276b07a3 | 20 | |
d03f4262 | 21 | startdir=`pwd` |
22 | ||
23 | # Path to inventory.sh: same place as buildbff.sh | |
24 | if echo $0 | egrep '^/' | |
25 | then | |
26 | inventory=`dirname $0`/inventory.sh # absolute path | |
27 | else | |
28 | inventory=`pwd`/`dirname $0`/inventory.sh # relative path | |
29 | fi | |
30 | ||
276b07a3 | 31 | # |
32 | # We still support running from contrib/aix, but this is depreciated | |
33 | # | |
34 | if pwd | egrep 'contrib/aix$' | |
35 | then | |
36 | echo "Changing directory to `pwd`/../.." | |
37 | echo "Please run buildbff.sh from your build directory in future." | |
38 | cd ../.. | |
39 | contribaix=1 | |
40 | fi | |
41 | ||
42 | if [ ! -f Makefile ] | |
43 | then | |
44 | echo "Makefile not found (did you run configure?)" | |
45 | exit 1 | |
46 | fi | |
47 | ||
48 | # | |
49 | # Directories used during build: | |
50 | # current dir = $objdir directory you ran ./configure in. | |
51 | # $objdir/$PKGDIR/ directory package files are constructed in | |
52 | # $objdir/$PKGDIR/root/ package root ($FAKE_ROOT) | |
53 | # | |
54 | objdir=`pwd` | |
d832c38e | 55 | PKGNAME=openssh |
350391c5 | 56 | PKGDIR=package |
d832c38e | 57 | |
276b07a3 | 58 | # |
59 | # Collect local configuration settings to override defaults | |
60 | # | |
61 | if [ -s ./config.local ] | |
62 | then | |
63 | echo Reading local settings from config.local | |
64 | . ./config.local | |
65 | fi | |
66 | ||
67 | # | |
68 | # Fill in some details from Makefile, like prefix and sysconfdir | |
69 | # the eval also expands variables like sysconfdir=${prefix}/etc | |
70 | # provided they are eval'ed in the correct order | |
71 | # | |
72 | for confvar in prefix exec_prefix bindir sbindir libexecdir datadir mandir mansubdir sysconfdir piddir srcdir | |
73 | do | |
74 | eval $confvar=`grep "^$confvar=" $objdir/Makefile | cut -d = -f 2` | |
75 | done | |
76 | ||
77 | # | |
78 | # Collect values of privsep user and privsep path | |
79 | # currently only found in config.h | |
80 | # | |
81 | for confvar in SSH_PRIVSEP_USER PRIVSEP_PATH | |
82 | do | |
83 | eval $confvar=`awk '/#define[ \t]'$confvar'/{print $3}' $objdir/config.h` | |
84 | done | |
d832c38e | 85 | |
276b07a3 | 86 | # Set privsep defaults if not defined |
87 | if [ -z "$SSH_PRIVSEP_USER" ] | |
d832c38e | 88 | then |
276b07a3 | 89 | SSH_PRIVSEP_USER=sshd |
90 | fi | |
91 | if [ -z "$PRIVSEP_PATH" ] | |
92 | then | |
93 | PRIVSEP_PATH=/var/empty | |
d832c38e | 94 | fi |
95 | ||
276b07a3 | 96 | # Clean package build directory |
97 | rm -rf $objdir/$PKGDIR | |
98 | FAKE_ROOT=$objdir/$PKGDIR/root | |
99 | mkdir -p $FAKE_ROOT | |
100 | ||
101 | # Start by faking root install | |
d832c38e | 102 | echo "Faking root install..." |
276b07a3 | 103 | cd $objdir |
d832c38e | 104 | make install-nokeys DESTDIR=$FAKE_ROOT |
105 | ||
350391c5 | 106 | if [ $? -gt 0 ] |
107 | then | |
108 | echo "Fake root install failed, stopping." | |
109 | exit 1 | |
110 | fi | |
111 | ||
276b07a3 | 112 | # |
113 | # Copy informational files to include in package | |
114 | # | |
115 | cp $srcdir/LICENCE $objdir/$PKGDIR/ | |
116 | cp $srcdir/README* $objdir/$PKGDIR/ | |
117 | ||
350391c5 | 118 | # |
119 | # Extract common info requires for the 'info' part of the package. | |
120 | # AIX requires 4-part version numbers | |
121 | # | |
122 | VERSION=`./ssh -V 2>&1 | sed -e 's/,.*//' | cut -f 2 -d _` | |
123 | MAJOR=`echo $VERSION | cut -f 1 -d p | cut -f 1 -d .` | |
124 | MINOR=`echo $VERSION | cut -f 1 -d p | cut -f 2 -d .` | |
125 | PATCH=`echo $VERSION | cut -f 1 -d p | cut -f 3 -d .` | |
276b07a3 | 126 | PORTABLE=`echo $VERSION | awk 'BEGIN{FS="p"}{print $2}'` |
127 | [ "$PATCH" = "" ] && PATCH=0 | |
128 | [ "$PORTABLE" = "" ] && PORTABLE=0 | |
350391c5 | 129 | BFFVERSION=`printf "%d.%d.%d.%d" $MAJOR $MINOR $PATCH $PORTABLE` |
130 | ||
131 | echo "Building BFF for $PKGNAME $VERSION (package version $BFFVERSION)" | |
132 | ||
d832c38e | 133 | # |
276b07a3 | 134 | # Set ssh and sshd parameters as per config.local |
d832c38e | 135 | # |
276b07a3 | 136 | if [ "${PERMIT_ROOT_LOGIN}" = no ] |
137 | then | |
138 | perl -p -i -e "s/#PermitRootLogin yes/PermitRootLogin no/" \ | |
139 | $FAKE_ROOT/${sysconfdir}/sshd_config | |
140 | fi | |
141 | if [ "${X11_FORWARDING}" = yes ] | |
142 | then | |
143 | perl -p -i -e "s/#X11Forwarding no/X11Forwarding yes/" \ | |
144 | $FAKE_ROOT/${sysconfdir}/sshd_config | |
145 | fi | |
146 | ||
d832c38e | 147 | |
148 | # Rename config files; postinstall script will copy them if necessary | |
149 | for cfgfile in ssh_config sshd_config ssh_prng_cmds | |
150 | do | |
151 | mv $FAKE_ROOT/$sysconfdir/$cfgfile $FAKE_ROOT/$sysconfdir/$cfgfile.default | |
152 | done | |
153 | ||
154 | # | |
155 | # Generate lpp control files. | |
276b07a3 | 156 | # working dir is $FAKE_ROOT but files are generated in dir above |
d832c38e | 157 | # and moved into place just before creation of .bff |
158 | # | |
159 | cd $FAKE_ROOT | |
160 | echo Generating LPP control files | |
161 | find . ! -name . -print >../openssh.al | |
276b07a3 | 162 | $inventory >../openssh.inventory |
163 | ||
164 | cat <<EOD >../openssh.copyright | |
165 | This software is distributed under a BSD-style license. | |
166 | For the full text of the license, see /usr/lpp/openssh/LICENCE | |
167 | EOD | |
d832c38e | 168 | |
169 | # | |
170 | # Create postinstall script | |
171 | # | |
172 | cat <<EOF >>../openssh.post_i | |
173 | #!/bin/sh | |
174 | ||
276b07a3 | 175 | echo Creating configs from defaults if necessary. |
d832c38e | 176 | for cfgfile in ssh_config sshd_config ssh_prng_cmds |
177 | do | |
178 | if [ ! -f $sysconfdir/\$cfgfile ] | |
179 | then | |
180 | echo "Creating \$cfgfile from default" | |
181 | cp $sysconfdir/\$cfgfile.default $sysconfdir/\$cfgfile | |
182 | else | |
183 | echo "\$cfgfile already exists." | |
184 | fi | |
185 | done | |
276b07a3 | 186 | echo |
187 | ||
188 | # Create PrivSep user if PrivSep not disabled in config | |
189 | echo Creating PrivSep prereqs if required. | |
190 | if egrep '^[ \t]*UsePrivilegeSeparation[ \t]+no' $sysconfdir/sshd_config >/dev/null | |
191 | then | |
192 | echo "UsePrivilegeSeparation disabled in config, not creating PrivSep user," | |
193 | echo "group or chroot directory." | |
194 | else | |
195 | echo "UsePrivilegeSeparation enabled in config (or defaulting to on)." | |
196 | ||
197 | # create group if required | |
198 | if cut -f1 -d: /etc/group | egrep '^'$SSH_PRIVSEP_USER'\$' >/dev/null | |
199 | then | |
200 | echo "PrivSep group $SSH_PRIVSEP_USER already exists." | |
201 | else | |
202 | echo "Creating PrivSep group $SSH_PRIVSEP_USER." | |
203 | mkgroup -A $SSH_PRIVSEP_USER | |
204 | fi | |
205 | ||
206 | # Create user if required | |
207 | if cut -f1 -d: /etc/passwd | egrep '^'$SSH_PRIVSEP_USER'\$' >/dev/null | |
208 | then | |
209 | echo "PrivSep user $SSH_PRIVSEP_USER already exists." | |
210 | else | |
211 | echo "Creating PrivSep user $SSH_PRIVSEP_USER." | |
212 | mkuser gecos='SSHD PrivSep User' login=false rlogin=false account_locked=true pgrp=$SSH_PRIVSEP_USER $SSH_PRIVSEP_USER | |
213 | fi | |
214 | ||
215 | # create chroot directory if required | |
216 | if [ -d $PRIVSEP_PATH ] | |
217 | then | |
218 | echo "PrivSep chroot directory $PRIVSEP_PATH already exists." | |
219 | else | |
220 | echo "Creating PrivSep chroot directory $PRIVSEP_PATH." | |
221 | mkdir $PRIVSEP_PATH | |
222 | chown 0 $PRIVSEP_PATH | |
223 | chgrp 0 $PRIVSEP_PATH | |
224 | chmod 755 $PRIVSEP_PATH | |
225 | fi | |
226 | fi | |
227 | echo | |
d832c38e | 228 | |
229 | # Generate keys unless they already exist | |
276b07a3 | 230 | echo Creating host keys if required. |
d832c38e | 231 | if [ -f "$sysconfdir/ssh_host_key" ] ; then |
232 | echo "$sysconfdir/ssh_host_key already exists, skipping." | |
233 | else | |
234 | $bindir/ssh-keygen -t rsa1 -f $sysconfdir/ssh_host_key -N "" | |
235 | fi | |
236 | if [ -f $sysconfdir/ssh_host_dsa_key ] ; then | |
237 | echo "$sysconfdir/ssh_host_dsa_key already exists, skipping." | |
238 | else | |
239 | $bindir/ssh-keygen -t dsa -f $sysconfdir/ssh_host_dsa_key -N "" | |
240 | fi | |
241 | if [ -f $sysconfdir/ssh_host_rsa_key ] ; then | |
242 | echo "$sysconfdir/ssh_host_rsa_key already exists, skipping." | |
243 | else | |
244 | $bindir/ssh-keygen -t rsa -f $sysconfdir/ssh_host_rsa_key -N "" | |
245 | fi | |
276b07a3 | 246 | echo |
d832c38e | 247 | |
248 | # Add to system startup if required | |
249 | if grep $sbindir/sshd /etc/rc.tcpip >/dev/null | |
250 | then | |
251 | echo "sshd found in rc.tcpip, not adding." | |
252 | else | |
253 | echo >>/etc/rc.tcpip | |
254 | echo "echo Starting sshd" >>/etc/rc.tcpip | |
255 | echo "$sbindir/sshd" >>/etc/rc.tcpip | |
256 | fi | |
257 | EOF | |
258 | ||
259 | # | |
260 | # Create liblpp.a and move control files into it | |
261 | # | |
262 | echo Creating liblpp.a | |
263 | ( | |
264 | cd .. | |
276b07a3 | 265 | for i in openssh.al openssh.copyright openssh.inventory openssh.post_i LICENCE README* |
d832c38e | 266 | do |
276b07a3 | 267 | ar -r liblpp.a $i |
268 | rm $i | |
d832c38e | 269 | done |
270 | ) | |
271 | ||
272 | # | |
273 | # Create lpp_name | |
274 | # | |
275 | # This will end up looking something like: | |
276 | # 4 R I OpenSSH { | |
277 | # OpenSSH 3.0.2.1 1 N U en_US OpenSSH 3.0.2p1 Portable for AIX | |
278 | # [ | |
279 | # % | |
280 | # /usr/local/bin 8073 | |
281 | # /usr/local/etc 189 | |
282 | # /usr/local/libexec 185 | |
283 | # /usr/local/man/man1 145 | |
284 | # /usr/local/man/man8 83 | |
285 | # /usr/local/sbin 2105 | |
286 | # /usr/local/share 3 | |
287 | # % | |
288 | # ] | |
276b07a3 | 289 | # } |
290 | ||
d832c38e | 291 | echo Creating lpp_name |
292 | cat <<EOF >../lpp_name | |
293 | 4 R I $PKGNAME { | |
294 | $PKGNAME $BFFVERSION 1 N U en_US OpenSSH $VERSION Portable for AIX | |
295 | [ | |
296 | % | |
297 | EOF | |
298 | ||
276b07a3 | 299 | for i in $bindir $sysconfdir $libexecdir $mandir/${mansubdir}1 $mandir/${mansubdir}8 $sbindir $datadir /usr/lpp/openssh |
d832c38e | 300 | do |
301 | # get size in 512 byte blocks | |
276b07a3 | 302 | if [ -d $FAKE_ROOT/$i ] |
303 | then | |
304 | size=`du $FAKE_ROOT/$i | awk '{print $1}'` | |
305 | echo "$i $size" >>../lpp_name | |
306 | fi | |
d832c38e | 307 | done |
308 | ||
309 | echo '%' >>../lpp_name | |
310 | echo ']' >>../lpp_name | |
311 | echo '}' >>../lpp_name | |
312 | ||
313 | # | |
314 | # Move pieces into place | |
315 | # | |
316 | mkdir -p usr/lpp/openssh | |
317 | mv ../liblpp.a usr/lpp/openssh | |
318 | mv ../lpp_name . | |
319 | ||
320 | # | |
321 | # Now invoke backup to create .bff file | |
276b07a3 | 322 | # note: lpp_name needs to be the first file so we generate the |
d832c38e | 323 | # file list on the fly and feed it to backup using -i |
324 | # | |
325 | echo Creating $PKGNAME-$VERSION.bff with backup... | |
350391c5 | 326 | rm -f $PKGNAME-$VERSION.bff |
d832c38e | 327 | ( |
328 | echo "./lpp_name" | |
329 | find . ! -name lpp_name -a ! -name . -print | |
330 | ) | backup -i -q -f ../$PKGNAME-$VERSION.bff $filelist | |
331 | ||
276b07a3 | 332 | # |
d03f4262 | 333 | # Move package into final location and clean up |
276b07a3 | 334 | # |
d03f4262 | 335 | mv ../$PKGNAME-$VERSION.bff $startdir |
336 | cd $startdir | |
276b07a3 | 337 | rm -rf $objdir/$PKGDIR |
d832c38e | 338 | |
d832c38e | 339 | echo $0: done. |
340 |