3 # buildbff.sh: Create AIX SMIT-installable OpenSSH packages
5 # Author: Darren Tucker (dtucker at zip dot com dot au)
6 # This file is placed in the public domain and comes with absolutely
9 # Based originally on Ben Lindstrom's buildpkg.sh for Solaris
13 # Tunable configuration settings
14 # create a "config.local" in your build directory or set
15 # environment variables to override these.
17 [ -z "$PERMIT_ROOT_LOGIN" ] || PERMIT_ROOT_LOGIN=no
18 [ -z "$X11_FORWARDING" ] || X11_FORWARDING=no
19 [ -z "$AIX_SRC" ] || AIX_SRC=no
25 # Path to inventory.sh: same place as buildbff.sh
26 if echo $0 | egrep '^/'
28 inventory=`dirname $0`/inventory.sh # absolute path
30 inventory=`pwd`/`dirname $0`/inventory.sh # relative path
34 # We still support running from contrib/aix, but this is depreciated
36 if pwd | egrep 'contrib/aix$'
38 echo "Changing directory to `pwd`/../.."
39 echo "Please run buildbff.sh from your build directory in future."
46 echo "Makefile not found (did you run configure?)"
51 # Directories used during build:
52 # current dir = $objdir directory you ran ./configure in.
53 # $objdir/$PKGDIR/ directory package files are constructed in
54 # $objdir/$PKGDIR/root/ package root ($FAKE_ROOT)
61 # Collect local configuration settings to override defaults
63 if [ -s ./config.local ]
65 echo Reading local settings from config.local
70 # Fill in some details from Makefile, like prefix and sysconfdir
71 # the eval also expands variables like sysconfdir=${prefix}/etc
72 # provided they are eval'ed in the correct order
74 for confvar in prefix exec_prefix bindir sbindir libexecdir datadir mandir mansubdir sysconfdir piddir srcdir
76 eval $confvar=`grep "^$confvar=" $objdir/Makefile | cut -d = -f 2`
80 # Collect values of privsep user and privsep path
81 # currently only found in config.h
83 for confvar in SSH_PRIVSEP_USER PRIVSEP_PATH
85 eval $confvar=`awk '/#define[ \t]'$confvar'/{print $3}' $objdir/config.h`
88 # Set privsep defaults if not defined
89 if [ -z "$SSH_PRIVSEP_USER" ]
93 if [ -z "$PRIVSEP_PATH" ]
95 PRIVSEP_PATH=/var/empty
98 # Clean package build directory
99 rm -rf $objdir/$PKGDIR
100 FAKE_ROOT=$objdir/$PKGDIR/root
103 # Start by faking root install
104 echo "Faking root install..."
106 make install-nokeys DESTDIR=$FAKE_ROOT
110 echo "Fake root install failed, stopping."
115 # Copy informational files to include in package
117 cp $srcdir/LICENCE $objdir/$PKGDIR/
118 cp $srcdir/README* $objdir/$PKGDIR/
121 # Extract common info requires for the 'info' part of the package.
122 # AIX requires 4-part version numbers
124 VERSION=`./ssh -V 2>&1 | sed -e 's/,.*//' | cut -f 2 -d _`
125 MAJOR=`echo $VERSION | cut -f 1 -d p | cut -f 1 -d .`
126 MINOR=`echo $VERSION | cut -f 1 -d p | cut -f 2 -d .`
127 PATCH=`echo $VERSION | cut -f 1 -d p | cut -f 3 -d .`
128 PORTABLE=`echo $VERSION | awk 'BEGIN{FS="p"}{print $2}'`
129 [ "$PATCH" = "" ] && PATCH=0
130 [ "$PORTABLE" = "" ] && PORTABLE=0
131 BFFVERSION=`printf "%d.%d.%d.%d" $MAJOR $MINOR $PATCH $PORTABLE`
133 echo "Building BFF for $PKGNAME $VERSION (package version $BFFVERSION)"
136 # Set ssh and sshd parameters as per config.local
138 if [ "${PERMIT_ROOT_LOGIN}" = no ]
140 perl -p -i -e "s/#PermitRootLogin yes/PermitRootLogin no/" \
141 $FAKE_ROOT/${sysconfdir}/sshd_config
143 if [ "${X11_FORWARDING}" = yes ]
145 perl -p -i -e "s/#X11Forwarding no/X11Forwarding yes/" \
146 $FAKE_ROOT/${sysconfdir}/sshd_config
150 # Rename config files; postinstall script will copy them if necessary
151 for cfgfile in ssh_config sshd_config ssh_prng_cmds
153 mv $FAKE_ROOT/$sysconfdir/$cfgfile $FAKE_ROOT/$sysconfdir/$cfgfile.default
157 # Generate lpp control files.
158 # working dir is $FAKE_ROOT but files are generated in dir above
159 # and moved into place just before creation of .bff
162 echo Generating LPP control files
163 find . ! -name . -print >../openssh.al
164 $inventory >../openssh.inventory
166 cat <<EOD >../openssh.copyright
167 This software is distributed under a BSD-style license.
168 For the full text of the license, see /usr/lpp/openssh/LICENCE
172 # openssh.size file allows filesystem expansion as required
173 # generate list of directories containing files
174 # then calculate disk usage for each directory and store in openssh.size
176 files=`find . -type f -print`
177 dirs=`for file in $files; do dirname $file; done | sort -u`
181 done > ../openssh.size
184 # Create postinstall script
186 cat <<EOF >>../openssh.post_i
189 echo Creating configs from defaults if necessary.
190 for cfgfile in ssh_config sshd_config ssh_prng_cmds
192 if [ ! -f $sysconfdir/\$cfgfile ]
194 echo "Creating \$cfgfile from default"
195 cp $sysconfdir/\$cfgfile.default $sysconfdir/\$cfgfile
197 echo "\$cfgfile already exists."
202 # Create PrivSep user if PrivSep not disabled in config
203 echo Creating PrivSep prereqs if required.
204 if egrep '^[ \t]*UsePrivilegeSeparation[ \t]+no' $sysconfdir/sshd_config >/dev/null
206 echo "UsePrivilegeSeparation disabled in config, not creating PrivSep user,"
207 echo "group or chroot directory."
209 echo "UsePrivilegeSeparation enabled in config (or defaulting to on)."
211 # create group if required
212 if cut -f1 -d: /etc/group | egrep '^'$SSH_PRIVSEP_USER'\$' >/dev/null
214 echo "PrivSep group $SSH_PRIVSEP_USER already exists."
216 echo "Creating PrivSep group $SSH_PRIVSEP_USER."
217 mkgroup -A $SSH_PRIVSEP_USER
220 # Create user if required
221 if cut -f1 -d: /etc/passwd | egrep '^'$SSH_PRIVSEP_USER'\$' >/dev/null
223 echo "PrivSep user $SSH_PRIVSEP_USER already exists."
225 echo "Creating PrivSep user $SSH_PRIVSEP_USER."
226 mkuser gecos='SSHD PrivSep User' login=false rlogin=false account_locked=true pgrp=$SSH_PRIVSEP_USER $SSH_PRIVSEP_USER
229 # create chroot directory if required
230 if [ -d $PRIVSEP_PATH ]
232 echo "PrivSep chroot directory $PRIVSEP_PATH already exists."
234 echo "Creating PrivSep chroot directory $PRIVSEP_PATH."
236 chown 0 $PRIVSEP_PATH
237 chgrp 0 $PRIVSEP_PATH
238 chmod 755 $PRIVSEP_PATH
243 # Generate keys unless they already exist
244 echo Creating host keys if required.
245 if [ -f "$sysconfdir/ssh_host_key" ] ; then
246 echo "$sysconfdir/ssh_host_key already exists, skipping."
248 $bindir/ssh-keygen -t rsa1 -f $sysconfdir/ssh_host_key -N ""
250 if [ -f $sysconfdir/ssh_host_dsa_key ] ; then
251 echo "$sysconfdir/ssh_host_dsa_key already exists, skipping."
253 $bindir/ssh-keygen -t dsa -f $sysconfdir/ssh_host_dsa_key -N ""
255 if [ -f $sysconfdir/ssh_host_rsa_key ] ; then
256 echo "$sysconfdir/ssh_host_rsa_key already exists, skipping."
258 $bindir/ssh-keygen -t rsa -f $sysconfdir/ssh_host_rsa_key -N ""
262 # Set startup command depending on SRC support
263 if [ "$AIX_SRC" = "yes" ]
265 echo Creating SRC sshd subsystem.
266 rmssys -s sshd 2>&1 >/dev/null
267 mkssys -s sshd -p "$sbindir/sshd" -a '-D' -u 0 -S -n 15 -f 9 -R -G tcpip
268 startupcmd="start $sbindir/sshd \\\"\\\$src_running\\\""
269 oldstartcmd="$sbindir/sshd"
271 startupcmd="$sbindir/sshd"
272 oldstartcmd="start $sbindir/sshd \\\"$src_running\\\""
275 # If migrating to or from SRC, change previous startup command
276 # otherwise add to rc.tcpip
277 if egrep "^\$oldstartcmd" /etc/rc.tcpip >/dev/null
279 if sed "s|^\$oldstartcmd|\$startupcmd|g" /etc/rc.tcpip >/etc/rc.tcpip.new
281 chmod 0755 /etc/rc.tcpip.new
282 mv /etc/rc.tcpip /etc/rc.tcpip.old && \
283 mv /etc/rc.tcpip.new /etc/rc.tcpip
285 echo "Updating /etc/rc.tcpip failed, please check."
288 # Add to system startup if required
289 if grep "^\$startupcmd" /etc/rc.tcpip >/dev/null
291 echo "sshd found in rc.tcpip, not adding."
293 echo "Adding sshd to rc.tcpip"
295 echo "# Start sshd" >>/etc/rc.tcpip
296 echo "\$startupcmd" >>/etc/rc.tcpip
302 # Create liblpp.a and move control files into it
304 echo Creating liblpp.a
307 for i in openssh.al openssh.copyright openssh.inventory openssh.post_i openssh.size LICENCE README*
317 # This will end up looking something like:
319 # OpenSSH 3.0.2.1 1 N U en_US OpenSSH 3.0.2p1 Portable for AIX
322 # /usr/local/bin 8073
324 # /usr/local/libexec 185
325 # /usr/local/man/man1 145
326 # /usr/local/man/man8 83
327 # /usr/local/sbin 2105
333 echo Creating lpp_name
334 cat <<EOF >../lpp_name
336 $PKGNAME $BFFVERSION 1 N U en_US OpenSSH $VERSION Portable for AIX
341 for i in $bindir $sysconfdir $libexecdir $mandir/${mansubdir}1 $mandir/${mansubdir}8 $sbindir $datadir /usr/lpp/openssh
343 # get size in 512 byte blocks
344 if [ -d $FAKE_ROOT/$i ]
346 size=`du $FAKE_ROOT/$i | awk '{print $1}'`
347 echo "$i $size" >>../lpp_name
351 echo '%' >>../lpp_name
352 echo ']' >>../lpp_name
353 echo '}' >>../lpp_name
356 # Move pieces into place
358 mkdir -p usr/lpp/openssh
359 mv ../liblpp.a usr/lpp/openssh
363 # Now invoke backup to create .bff file
364 # note: lpp_name needs to be the first file so we generate the
365 # file list on the fly and feed it to backup using -i
367 echo Creating $PKGNAME-$VERSION.bff with backup...
368 rm -f $PKGNAME-$VERSION.bff
371 find . ! -name lpp_name -a ! -name . -print
372 ) | backup -i -q -f ../$PKGNAME-$VERSION.bff $filelist
375 # Move package into final location and clean up
377 mv ../$PKGNAME-$VERSION.bff $startdir
379 rm -rf $objdir/$PKGDIR