3 # buildbff.sh: Create AIX SMIT-installable OpenSSH packages
5 # Author: Darren Tucker (dtucker at zip dot com dot au)
6 # This file is placed in the public domain and comes with absolutely
9 # Based originally on Ben Lindstrom's buildpkg.sh for Solaris
13 # Tunable configuration settings
14 # create a "config.local" in your build directory to override these.
23 # Path to inventory.sh: same place as buildbff.sh
24 if echo $0 | egrep '^/'
26 inventory=`dirname $0`/inventory.sh # absolute path
28 inventory=`pwd`/`dirname $0`/inventory.sh # relative path
32 # We still support running from contrib/aix, but this is depreciated
34 if pwd | egrep 'contrib/aix$'
36 echo "Changing directory to `pwd`/../.."
37 echo "Please run buildbff.sh from your build directory in future."
44 echo "Makefile not found (did you run configure?)"
49 # Directories used during build:
50 # current dir = $objdir directory you ran ./configure in.
51 # $objdir/$PKGDIR/ directory package files are constructed in
52 # $objdir/$PKGDIR/root/ package root ($FAKE_ROOT)
59 # Collect local configuration settings to override defaults
61 if [ -s ./config.local ]
63 echo Reading local settings from config.local
68 # Fill in some details from Makefile, like prefix and sysconfdir
69 # the eval also expands variables like sysconfdir=${prefix}/etc
70 # provided they are eval'ed in the correct order
72 for confvar in prefix exec_prefix bindir sbindir libexecdir datadir mandir mansubdir sysconfdir piddir srcdir
74 eval $confvar=`grep "^$confvar=" $objdir/Makefile | cut -d = -f 2`
78 # Collect values of privsep user and privsep path
79 # currently only found in config.h
81 for confvar in SSH_PRIVSEP_USER PRIVSEP_PATH
83 eval $confvar=`awk '/#define[ \t]'$confvar'/{print $3}' $objdir/config.h`
86 # Set privsep defaults if not defined
87 if [ -z "$SSH_PRIVSEP_USER" ]
91 if [ -z "$PRIVSEP_PATH" ]
93 PRIVSEP_PATH=/var/empty
96 # Clean package build directory
97 rm -rf $objdir/$PKGDIR
98 FAKE_ROOT=$objdir/$PKGDIR/root
101 # Start by faking root install
102 echo "Faking root install..."
104 make install-nokeys DESTDIR=$FAKE_ROOT
108 echo "Fake root install failed, stopping."
113 # Copy informational files to include in package
115 cp $srcdir/LICENCE $objdir/$PKGDIR/
116 cp $srcdir/README* $objdir/$PKGDIR/
119 # Extract common info requires for the 'info' part of the package.
120 # AIX requires 4-part version numbers
122 VERSION=`./ssh -V 2>&1 | sed -e 's/,.*//' | cut -f 2 -d _`
123 MAJOR=`echo $VERSION | cut -f 1 -d p | cut -f 1 -d .`
124 MINOR=`echo $VERSION | cut -f 1 -d p | cut -f 2 -d .`
125 PATCH=`echo $VERSION | cut -f 1 -d p | cut -f 3 -d .`
126 PORTABLE=`echo $VERSION | awk 'BEGIN{FS="p"}{print $2}'`
127 [ "$PATCH" = "" ] && PATCH=0
128 [ "$PORTABLE" = "" ] && PORTABLE=0
129 BFFVERSION=`printf "%d.%d.%d.%d" $MAJOR $MINOR $PATCH $PORTABLE`
131 echo "Building BFF for $PKGNAME $VERSION (package version $BFFVERSION)"
134 # Set ssh and sshd parameters as per config.local
136 if [ "${PERMIT_ROOT_LOGIN}" = no ]
138 perl -p -i -e "s/#PermitRootLogin yes/PermitRootLogin no/" \
139 $FAKE_ROOT/${sysconfdir}/sshd_config
141 if [ "${X11_FORWARDING}" = yes ]
143 perl -p -i -e "s/#X11Forwarding no/X11Forwarding yes/" \
144 $FAKE_ROOT/${sysconfdir}/sshd_config
148 # Rename config files; postinstall script will copy them if necessary
149 for cfgfile in ssh_config sshd_config ssh_prng_cmds
151 mv $FAKE_ROOT/$sysconfdir/$cfgfile $FAKE_ROOT/$sysconfdir/$cfgfile.default
155 # Generate lpp control files.
156 # working dir is $FAKE_ROOT but files are generated in dir above
157 # and moved into place just before creation of .bff
160 echo Generating LPP control files
161 find . ! -name . -print >../openssh.al
162 $inventory >../openssh.inventory
164 cat <<EOD >../openssh.copyright
165 This software is distributed under a BSD-style license.
166 For the full text of the license, see /usr/lpp/openssh/LICENCE
170 # Create postinstall script
172 cat <<EOF >>../openssh.post_i
175 echo Creating configs from defaults if necessary.
176 for cfgfile in ssh_config sshd_config ssh_prng_cmds
178 if [ ! -f $sysconfdir/\$cfgfile ]
180 echo "Creating \$cfgfile from default"
181 cp $sysconfdir/\$cfgfile.default $sysconfdir/\$cfgfile
183 echo "\$cfgfile already exists."
188 # Create PrivSep user if PrivSep not disabled in config
189 echo Creating PrivSep prereqs if required.
190 if egrep '^[ \t]*UsePrivilegeSeparation[ \t]+no' $sysconfdir/sshd_config >/dev/null
192 echo "UsePrivilegeSeparation disabled in config, not creating PrivSep user,"
193 echo "group or chroot directory."
195 echo "UsePrivilegeSeparation enabled in config (or defaulting to on)."
197 # create group if required
198 if cut -f1 -d: /etc/group | egrep '^'$SSH_PRIVSEP_USER'\$' >/dev/null
200 echo "PrivSep group $SSH_PRIVSEP_USER already exists."
202 echo "Creating PrivSep group $SSH_PRIVSEP_USER."
203 mkgroup -A $SSH_PRIVSEP_USER
206 # Create user if required
207 if cut -f1 -d: /etc/passwd | egrep '^'$SSH_PRIVSEP_USER'\$' >/dev/null
209 echo "PrivSep user $SSH_PRIVSEP_USER already exists."
211 echo "Creating PrivSep user $SSH_PRIVSEP_USER."
212 mkuser gecos='SSHD PrivSep User' login=false rlogin=false account_locked=true pgrp=$SSH_PRIVSEP_USER $SSH_PRIVSEP_USER
215 # create chroot directory if required
216 if [ -d $PRIVSEP_PATH ]
218 echo "PrivSep chroot directory $PRIVSEP_PATH already exists."
220 echo "Creating PrivSep chroot directory $PRIVSEP_PATH."
222 chown 0 $PRIVSEP_PATH
223 chgrp 0 $PRIVSEP_PATH
224 chmod 755 $PRIVSEP_PATH
229 # Generate keys unless they already exist
230 echo Creating host keys if required.
231 if [ -f "$sysconfdir/ssh_host_key" ] ; then
232 echo "$sysconfdir/ssh_host_key already exists, skipping."
234 $bindir/ssh-keygen -t rsa1 -f $sysconfdir/ssh_host_key -N ""
236 if [ -f $sysconfdir/ssh_host_dsa_key ] ; then
237 echo "$sysconfdir/ssh_host_dsa_key already exists, skipping."
239 $bindir/ssh-keygen -t dsa -f $sysconfdir/ssh_host_dsa_key -N ""
241 if [ -f $sysconfdir/ssh_host_rsa_key ] ; then
242 echo "$sysconfdir/ssh_host_rsa_key already exists, skipping."
244 $bindir/ssh-keygen -t rsa -f $sysconfdir/ssh_host_rsa_key -N ""
248 # Add to system startup if required
249 if grep $sbindir/sshd /etc/rc.tcpip >/dev/null
251 echo "sshd found in rc.tcpip, not adding."
254 echo "echo Starting sshd" >>/etc/rc.tcpip
255 echo "$sbindir/sshd" >>/etc/rc.tcpip
260 # Create liblpp.a and move control files into it
262 echo Creating liblpp.a
265 for i in openssh.al openssh.copyright openssh.inventory openssh.post_i LICENCE README*
275 # This will end up looking something like:
277 # OpenSSH 3.0.2.1 1 N U en_US OpenSSH 3.0.2p1 Portable for AIX
280 # /usr/local/bin 8073
282 # /usr/local/libexec 185
283 # /usr/local/man/man1 145
284 # /usr/local/man/man8 83
285 # /usr/local/sbin 2105
291 echo Creating lpp_name
292 cat <<EOF >../lpp_name
294 $PKGNAME $BFFVERSION 1 N U en_US OpenSSH $VERSION Portable for AIX
299 for i in $bindir $sysconfdir $libexecdir $mandir/${mansubdir}1 $mandir/${mansubdir}8 $sbindir $datadir /usr/lpp/openssh
301 # get size in 512 byte blocks
302 if [ -d $FAKE_ROOT/$i ]
304 size=`du $FAKE_ROOT/$i | awk '{print $1}'`
305 echo "$i $size" >>../lpp_name
309 echo '%' >>../lpp_name
310 echo ']' >>../lpp_name
311 echo '}' >>../lpp_name
314 # Move pieces into place
316 mkdir -p usr/lpp/openssh
317 mv ../liblpp.a usr/lpp/openssh
321 # Now invoke backup to create .bff file
322 # note: lpp_name needs to be the first file so we generate the
323 # file list on the fly and feed it to backup using -i
325 echo Creating $PKGNAME-$VERSION.bff with backup...
326 rm -f $PKGNAME-$VERSION.bff
329 find . ! -name lpp_name -a ! -name . -print
330 ) | backup -i -q -f ../$PKGNAME-$VERSION.bff $filelist
333 # Move package into final location and clean up
335 mv ../$PKGNAME-$VERSION.bff $startdir
337 rm -rf $objdir/$PKGDIR