merged OpenSSH 3.5p1 to trunk

[gssapi-openssh.git] / openssh / contrib / aix / buildbff.sh

#!/bin/sh
#
# buildbff.sh: Create AIX SMIT-installable OpenSSH packages
#
# Author: Darren Tucker (dtucker at zip dot com dot au)
# This file is placed in the public domain and comes with absolutely
# no warranty.
# 
# Based originally on Ben Lindstrom's buildpkg.sh for Solaris
#

#
# Tunable configuration settings
#       create a "config.local" in your build directory to override these.
#
PERMIT_ROOT_LOGIN=no
X11_FORWARDING=no

umask 022

startdir=`pwd`

# Path to inventory.sh: same place as buildbff.sh
if  echo $0 | egrep '^/'
then
        inventory=`dirname $0`/inventory.sh             # absolute path
else
        inventory=`pwd`/`dirname $0`/inventory.sh       # relative path
fi

#
# We still support running from contrib/aix, but this is depreciated
#
if pwd | egrep 'contrib/aix$'
then
        echo "Changing directory to `pwd`/../.."
        echo "Please run buildbff.sh from your build directory in future."
        cd ../..
        contribaix=1
fi

if [ ! -f Makefile ]
then
        echo "Makefile not found (did you run configure?)"
        exit 1 
fi

#
# Directories used during build:
# current dir = $objdir         directory you ran ./configure in.
# $objdir/$PKGDIR/              directory package files are constructed in
# $objdir/$PKGDIR/root/         package root ($FAKE_ROOT)
#
objdir=`pwd`
PKGNAME=openssh
PKGDIR=package

#
# Collect local configuration settings to override defaults
#
if [ -s ./config.local ]
then
        echo Reading local settings from config.local
        . ./config.local
fi

#
# Fill in some details from Makefile, like prefix and sysconfdir
#       the eval also expands variables like sysconfdir=${prefix}/etc
#       provided they are eval'ed in the correct order
#
for confvar in prefix exec_prefix bindir sbindir libexecdir datadir mandir mansubdir sysconfdir piddir srcdir
do
        eval $confvar=`grep "^$confvar=" $objdir/Makefile | cut -d = -f 2`
done

#
# Collect values of privsep user and privsep path
#       currently only found in config.h
#
for confvar in SSH_PRIVSEP_USER PRIVSEP_PATH
do
        eval $confvar=`awk '/#define[ \t]'$confvar'/{print $3}' $objdir/config.h`
done

# Set privsep defaults if not defined
if [ -z "$SSH_PRIVSEP_USER" ]
then
        SSH_PRIVSEP_USER=sshd
fi
if [ -z "$PRIVSEP_PATH" ]
then
        PRIVSEP_PATH=/var/empty
fi

# Clean package build directory 
rm -rf $objdir/$PKGDIR
FAKE_ROOT=$objdir/$PKGDIR/root
mkdir -p $FAKE_ROOT

# Start by faking root install 
echo "Faking root install..."
cd $objdir
make install-nokeys DESTDIR=$FAKE_ROOT

if [ $? -gt 0 ]
then
        echo "Fake root install failed, stopping."
        exit 1
fi

#
# Copy informational files to include in package
#
cp $srcdir/LICENCE $objdir/$PKGDIR/
cp $srcdir/README* $objdir/$PKGDIR/

#
# Extract common info requires for the 'info' part of the package.
#       AIX requires 4-part version numbers
#
VERSION=`./ssh -V 2>&1 | sed -e 's/,.*//' | cut -f 2 -d _`
MAJOR=`echo $VERSION | cut -f 1 -d p | cut -f 1 -d .`
MINOR=`echo $VERSION | cut -f 1 -d p | cut -f 2 -d .`
PATCH=`echo $VERSION | cut -f 1 -d p | cut -f 3 -d .`
PORTABLE=`echo $VERSION | awk 'BEGIN{FS="p"}{print $2}'`
[ "$PATCH" = "" ] && PATCH=0
[ "$PORTABLE" = "" ] && PORTABLE=0
BFFVERSION=`printf "%d.%d.%d.%d" $MAJOR $MINOR $PATCH $PORTABLE`

echo "Building BFF for $PKGNAME $VERSION (package version $BFFVERSION)"

#
# Set ssh and sshd parameters as per config.local
#
if [ "${PERMIT_ROOT_LOGIN}" = no ] 
then
        perl -p -i -e "s/#PermitRootLogin yes/PermitRootLogin no/" \
                $FAKE_ROOT/${sysconfdir}/sshd_config
fi
if [ "${X11_FORWARDING}" = yes ]
then
        perl -p -i -e "s/#X11Forwarding no/X11Forwarding yes/" \
                $FAKE_ROOT/${sysconfdir}/sshd_config
fi


# Rename config files; postinstall script will copy them if necessary
for cfgfile in ssh_config sshd_config ssh_prng_cmds
do
        mv $FAKE_ROOT/$sysconfdir/$cfgfile $FAKE_ROOT/$sysconfdir/$cfgfile.default
done

#
# Generate lpp control files.
#       working dir is $FAKE_ROOT but files are generated in dir above
#       and moved into place just before creation of .bff
#
cd $FAKE_ROOT
echo Generating LPP control files
find . ! -name . -print >../openssh.al
$inventory >../openssh.inventory

cat <<EOD >../openssh.copyright
This software is distributed under a BSD-style license.
For the full text of the license, see /usr/lpp/openssh/LICENCE
EOD

#
# Create postinstall script
#
cat <<EOF >>../openssh.post_i
#!/bin/sh

echo Creating configs from defaults if necessary.
for cfgfile in ssh_config sshd_config ssh_prng_cmds
do
        if [ ! -f $sysconfdir/\$cfgfile ]
        then
                echo "Creating \$cfgfile from default"
                cp $sysconfdir/\$cfgfile.default $sysconfdir/\$cfgfile
        else
                echo "\$cfgfile already exists."
        fi
done
echo

# Create PrivSep user if PrivSep not disabled in config
echo Creating PrivSep prereqs if required.
if egrep '^[ \t]*UsePrivilegeSeparation[ \t]+no' $sysconfdir/sshd_config >/dev/null
then
        echo "UsePrivilegeSeparation disabled in config, not creating PrivSep user,"
        echo "group or chroot directory."
else
        echo "UsePrivilegeSeparation enabled in config (or defaulting to on)."

        # create group if required
        if cut -f1 -d: /etc/group | egrep '^'$SSH_PRIVSEP_USER'\$' >/dev/null
        then
                echo "PrivSep group $SSH_PRIVSEP_USER already exists."
        else
                echo "Creating PrivSep group $SSH_PRIVSEP_USER."
                mkgroup -A $SSH_PRIVSEP_USER
        fi

        # Create user if required
        if cut -f1 -d: /etc/passwd | egrep '^'$SSH_PRIVSEP_USER'\$' >/dev/null
        then
                echo "PrivSep user $SSH_PRIVSEP_USER already exists."
        else
                echo "Creating PrivSep user $SSH_PRIVSEP_USER."
                mkuser gecos='SSHD PrivSep User' login=false rlogin=false account_locked=true pgrp=$SSH_PRIVSEP_USER $SSH_PRIVSEP_USER
        fi

        # create chroot directory if required
        if [ -d $PRIVSEP_PATH ]
        then
                echo "PrivSep chroot directory $PRIVSEP_PATH already exists."
        else
                echo "Creating PrivSep chroot directory $PRIVSEP_PATH."
                mkdir $PRIVSEP_PATH
                chown 0 $PRIVSEP_PATH
                chgrp 0 $PRIVSEP_PATH
                chmod 755 $PRIVSEP_PATH
        fi
fi
echo

# Generate keys unless they already exist
echo Creating host keys if required.
if [ -f "$sysconfdir/ssh_host_key" ] ; then
        echo "$sysconfdir/ssh_host_key already exists, skipping."
else
        $bindir/ssh-keygen -t rsa1 -f $sysconfdir/ssh_host_key -N ""
fi
if [ -f $sysconfdir/ssh_host_dsa_key ] ; then
        echo "$sysconfdir/ssh_host_dsa_key already exists, skipping."
else
        $bindir/ssh-keygen -t dsa -f $sysconfdir/ssh_host_dsa_key -N ""
fi
if [ -f $sysconfdir/ssh_host_rsa_key ] ; then
        echo "$sysconfdir/ssh_host_rsa_key already exists, skipping."
else 
        $bindir/ssh-keygen -t rsa -f $sysconfdir/ssh_host_rsa_key -N ""
fi
echo

# Add to system startup if required
if grep $sbindir/sshd /etc/rc.tcpip >/dev/null
then
        echo "sshd found in rc.tcpip, not adding."
else
        echo >>/etc/rc.tcpip
        echo "echo Starting sshd" >>/etc/rc.tcpip
        echo "$sbindir/sshd" >>/etc/rc.tcpip
fi
EOF

#
# Create liblpp.a and move control files into it
#
echo Creating liblpp.a
(
        cd ..
        for i in openssh.al openssh.copyright openssh.inventory openssh.post_i LICENCE README*
        do
                ar -r liblpp.a $i
                rm $i
        done
)

#
# Create lpp_name
#
# This will end up looking something like:
# 4 R I OpenSSH {
# OpenSSH 3.0.2.1 1 N U en_US OpenSSH 3.0.2p1 Portable for AIX
# [
# %
# /usr/local/bin 8073
# /usr/local/etc 189
# /usr/local/libexec 185
# /usr/local/man/man1 145
# /usr/local/man/man8 83
# /usr/local/sbin 2105
# /usr/local/share 3
# %
# ]
# }

echo Creating lpp_name
cat <<EOF >../lpp_name
4 R I $PKGNAME {
$PKGNAME $BFFVERSION 1 N U en_US OpenSSH $VERSION Portable for AIX
[
%
EOF

for i in $bindir $sysconfdir $libexecdir $mandir/${mansubdir}1 $mandir/${mansubdir}8 $sbindir $datadir /usr/lpp/openssh
do
        # get size in 512 byte blocks
        if [ -d $FAKE_ROOT/$i ]
        then
                size=`du $FAKE_ROOT/$i | awk '{print $1}'`
                echo "$i $size" >>../lpp_name
        fi
done

echo '%' >>../lpp_name
echo ']' >>../lpp_name
echo '}' >>../lpp_name

#
# Move pieces into place
#
mkdir -p usr/lpp/openssh
mv ../liblpp.a usr/lpp/openssh
mv ../lpp_name .

#
# Now invoke backup to create .bff file
#       note: lpp_name needs to be the first file so we generate the
#       file list on the fly and feed it to backup using -i
#
echo Creating $PKGNAME-$VERSION.bff with backup...
rm -f $PKGNAME-$VERSION.bff
(
        echo "./lpp_name"
        find . ! -name lpp_name -a ! -name . -print 
) | backup  -i -q -f ../$PKGNAME-$VERSION.bff $filelist

#
# Move package into final location and clean up
#
mv ../$PKGNAME-$VERSION.bff $startdir
cd $startdir
rm -rf $objdir/$PKGDIR

echo $0: done.