3 # buildbff.sh: Create AIX SMIT-installable OpenSSH packages
5 # Author: Darren Tucker (dtucker at zip dot com dot au)
6 # This file is placed in the public domain and comes with absolutely
9 # Based originally on Ben Lindstrom's buildpkg.sh for Solaris
13 # Tunable configuration settings
14 # create a "config.local" in your build directory to override these.
22 # We still support running from contrib/aix, but this is depreciated
24 if pwd | egrep 'contrib/aix$'
26 echo "Changing directory to `pwd`/../.."
27 echo "Please run buildbff.sh from your build directory in future."
34 echo "Makefile not found (did you run configure?)"
39 # Directories used during build:
40 # current dir = $objdir directory you ran ./configure in.
41 # $objdir/$PKGDIR/ directory package files are constructed in
42 # $objdir/$PKGDIR/root/ package root ($FAKE_ROOT)
48 # Path to inventory.sh: same place as buildbff.sh
49 if echo $0 | egrep '^/'
51 inventory=`dirname $0`/inventory.sh # absolute path
53 inventory=`pwd`/`dirname $0`/inventory.sh # relative path
57 # Collect local configuration settings to override defaults
59 if [ -s ./config.local ]
61 echo Reading local settings from config.local
66 # Fill in some details from Makefile, like prefix and sysconfdir
67 # the eval also expands variables like sysconfdir=${prefix}/etc
68 # provided they are eval'ed in the correct order
70 for confvar in prefix exec_prefix bindir sbindir libexecdir datadir mandir mansubdir sysconfdir piddir srcdir
72 eval $confvar=`grep "^$confvar=" $objdir/Makefile | cut -d = -f 2`
76 # Collect values of privsep user and privsep path
77 # currently only found in config.h
79 for confvar in SSH_PRIVSEP_USER PRIVSEP_PATH
81 eval $confvar=`awk '/#define[ \t]'$confvar'/{print $3}' $objdir/config.h`
84 # Set privsep defaults if not defined
85 if [ -z "$SSH_PRIVSEP_USER" ]
89 if [ -z "$PRIVSEP_PATH" ]
91 PRIVSEP_PATH=/var/empty
94 # Clean package build directory
95 rm -rf $objdir/$PKGDIR
96 FAKE_ROOT=$objdir/$PKGDIR/root
99 # Start by faking root install
100 echo "Faking root install..."
102 make install-nokeys DESTDIR=$FAKE_ROOT
106 echo "Fake root install failed, stopping."
111 # Copy informational files to include in package
113 cp $srcdir/LICENCE $objdir/$PKGDIR/
114 cp $srcdir/README* $objdir/$PKGDIR/
117 # Extract common info requires for the 'info' part of the package.
118 # AIX requires 4-part version numbers
120 VERSION=`./ssh -V 2>&1 | sed -e 's/,.*//' | cut -f 2 -d _`
121 MAJOR=`echo $VERSION | cut -f 1 -d p | cut -f 1 -d .`
122 MINOR=`echo $VERSION | cut -f 1 -d p | cut -f 2 -d .`
123 PATCH=`echo $VERSION | cut -f 1 -d p | cut -f 3 -d .`
124 PORTABLE=`echo $VERSION | awk 'BEGIN{FS="p"}{print $2}'`
125 [ "$PATCH" = "" ] && PATCH=0
126 [ "$PORTABLE" = "" ] && PORTABLE=0
127 BFFVERSION=`printf "%d.%d.%d.%d" $MAJOR $MINOR $PATCH $PORTABLE`
129 echo "Building BFF for $PKGNAME $VERSION (package version $BFFVERSION)"
132 # Set ssh and sshd parameters as per config.local
134 if [ "${PERMIT_ROOT_LOGIN}" = no ]
136 perl -p -i -e "s/#PermitRootLogin yes/PermitRootLogin no/" \
137 $FAKE_ROOT/${sysconfdir}/sshd_config
139 if [ "${X11_FORWARDING}" = yes ]
141 perl -p -i -e "s/#X11Forwarding no/X11Forwarding yes/" \
142 $FAKE_ROOT/${sysconfdir}/sshd_config
146 # Rename config files; postinstall script will copy them if necessary
147 for cfgfile in ssh_config sshd_config ssh_prng_cmds
149 mv $FAKE_ROOT/$sysconfdir/$cfgfile $FAKE_ROOT/$sysconfdir/$cfgfile.default
153 # Generate lpp control files.
154 # working dir is $FAKE_ROOT but files are generated in dir above
155 # and moved into place just before creation of .bff
158 echo Generating LPP control files
159 find . ! -name . -print >../openssh.al
160 $inventory >../openssh.inventory
162 cat <<EOD >../openssh.copyright
163 This software is distributed under a BSD-style license.
164 For the full text of the license, see /usr/lpp/openssh/LICENCE
168 # Create postinstall script
170 cat <<EOF >>../openssh.post_i
173 echo Creating configs from defaults if necessary.
174 for cfgfile in ssh_config sshd_config ssh_prng_cmds
176 if [ ! -f $sysconfdir/\$cfgfile ]
178 echo "Creating \$cfgfile from default"
179 cp $sysconfdir/\$cfgfile.default $sysconfdir/\$cfgfile
181 echo "\$cfgfile already exists."
186 # Create PrivSep user if PrivSep not disabled in config
187 echo Creating PrivSep prereqs if required.
188 if egrep '^[ \t]*UsePrivilegeSeparation[ \t]+no' $sysconfdir/sshd_config >/dev/null
190 echo "UsePrivilegeSeparation disabled in config, not creating PrivSep user,"
191 echo "group or chroot directory."
193 echo "UsePrivilegeSeparation enabled in config (or defaulting to on)."
195 # create group if required
196 if cut -f1 -d: /etc/group | egrep '^'$SSH_PRIVSEP_USER'\$' >/dev/null
198 echo "PrivSep group $SSH_PRIVSEP_USER already exists."
200 echo "Creating PrivSep group $SSH_PRIVSEP_USER."
201 mkgroup -A $SSH_PRIVSEP_USER
204 # Create user if required
205 if cut -f1 -d: /etc/passwd | egrep '^'$SSH_PRIVSEP_USER'\$' >/dev/null
207 echo "PrivSep user $SSH_PRIVSEP_USER already exists."
209 echo "Creating PrivSep user $SSH_PRIVSEP_USER."
210 mkuser gecos='SSHD PrivSep User' login=false rlogin=false account_locked=true pgrp=$SSH_PRIVSEP_USER $SSH_PRIVSEP_USER
213 # create chroot directory if required
214 if [ -d $PRIVSEP_PATH ]
216 echo "PrivSep chroot directory $PRIVSEP_PATH already exists."
218 echo "Creating PrivSep chroot directory $PRIVSEP_PATH."
220 chown 0 $PRIVSEP_PATH
221 chgrp 0 $PRIVSEP_PATH
222 chmod 755 $PRIVSEP_PATH
227 # Generate keys unless they already exist
228 echo Creating host keys if required.
229 if [ -f "$sysconfdir/ssh_host_key" ] ; then
230 echo "$sysconfdir/ssh_host_key already exists, skipping."
232 $bindir/ssh-keygen -t rsa1 -f $sysconfdir/ssh_host_key -N ""
234 if [ -f $sysconfdir/ssh_host_dsa_key ] ; then
235 echo "$sysconfdir/ssh_host_dsa_key already exists, skipping."
237 $bindir/ssh-keygen -t dsa -f $sysconfdir/ssh_host_dsa_key -N ""
239 if [ -f $sysconfdir/ssh_host_rsa_key ] ; then
240 echo "$sysconfdir/ssh_host_rsa_key already exists, skipping."
242 $bindir/ssh-keygen -t rsa -f $sysconfdir/ssh_host_rsa_key -N ""
246 # Add to system startup if required
247 if grep $sbindir/sshd /etc/rc.tcpip >/dev/null
249 echo "sshd found in rc.tcpip, not adding."
252 echo "echo Starting sshd" >>/etc/rc.tcpip
253 echo "$sbindir/sshd" >>/etc/rc.tcpip
258 # Create liblpp.a and move control files into it
260 echo Creating liblpp.a
263 for i in openssh.al openssh.copyright openssh.inventory openssh.post_i LICENCE README*
273 # This will end up looking something like:
275 # OpenSSH 3.0.2.1 1 N U en_US OpenSSH 3.0.2p1 Portable for AIX
278 # /usr/local/bin 8073
280 # /usr/local/libexec 185
281 # /usr/local/man/man1 145
282 # /usr/local/man/man8 83
283 # /usr/local/sbin 2105
289 echo Creating lpp_name
290 cat <<EOF >../lpp_name
292 $PKGNAME $BFFVERSION 1 N U en_US OpenSSH $VERSION Portable for AIX
297 for i in $bindir $sysconfdir $libexecdir $mandir/${mansubdir}1 $mandir/${mansubdir}8 $sbindir $datadir /usr/lpp/openssh
299 # get size in 512 byte blocks
300 if [ -d $FAKE_ROOT/$i ]
302 size=`du $FAKE_ROOT/$i | awk '{print $1}'`
303 echo "$i $size" >>../lpp_name
307 echo '%' >>../lpp_name
308 echo ']' >>../lpp_name
309 echo '}' >>../lpp_name
312 # Move pieces into place
314 mkdir -p usr/lpp/openssh
315 mv ../liblpp.a usr/lpp/openssh
319 # Now invoke backup to create .bff file
320 # note: lpp_name needs to be the first file so we generate the
321 # file list on the fly and feed it to backup using -i
323 echo Creating $PKGNAME-$VERSION.bff with backup...
324 rm -f $PKGNAME-$VERSION.bff
327 find . ! -name lpp_name -a ! -name . -print
328 ) | backup -i -q -f ../$PKGNAME-$VERSION.bff $filelist
331 # Move package into final location
333 if [ "$contribaix" = "1" ]
335 mv ../$PKGNAME-$VERSION.bff $objdir/contrib/aix
337 mv ../$PKGNAME-$VERSION.bff $objdir
340 rm -rf $objdir/$PKGDIR