SYSVINITSTART=S98
SYSVINITSTOPT=K30
# We will source these if they exist
-POST_MAKE_INSTALL_FIXES=./pkg-post-make-install-fixes.sh
+POST_MAKE_INSTALL_FIXES=./pkg_post_make_install_fixes.sh
POST_PROTOTYPE_EDITS=./pkg-post-prototype-edit.sh
# We'll be one level deeper looking for these
PKG_PREINSTALL_LOCAL=../pkg-preinstall.local
# end of sourced files
#
OPENSSHD=opensshd.init
-OPENSSH_MANIFEST=openssh.xml
-OPENSSH_FMRI=svc:/site/openssh:default
PATH_GROUPADD_PROG=@PATH_GROUPADD_PROG@
PATH_USERADD_PROG=@PATH_USERADD_PROG@
/etc/rc1.d \
/etc/rc2.d \
/etc/opt \
-/lib \
-/lib/svc \
-/lib/svc/method \
-/lib/svc/method/site \
/opt \
/opt/bin \
/usr \
/var \
/var/opt \
/var/run \
-/var/svc \
-/var/svc/manifest \
-/var/svc/manifest/site \
/var/tmp \
/tmp"
eval $confvar=`grep "^$confvar=" Makefile | cut -d = -f 2`
done
-## Are we using Solaris' SMF?
-DO_SMF=0
-if egrep "^#define USE_SOLARIS_PROCESS_CONTRACTS" config.h > /dev/null 2>&1
-then
- DO_SMF=1
-fi
## Collect value of privsep user
for confvar in SSH_PRIVSEP_USER
fi
## Setup our run level stuff while we are at it.
-if [ $DO_SMF -eq 1 ]
-then
- # For Solaris' SMF, /lib/svc/method/site is the preferred place
- # for start/stop scripts that aren't supplied with the OS, and
- # similarly /var/svc/manifest/site for manifests.
- mkdir -p $FAKE_ROOT${TEST_DIR}/lib/svc/method/site
- mkdir -p $FAKE_ROOT${TEST_DIR}/var/svc/manifest/site
-
- cp ${OPENSSHD} $FAKE_ROOT${TEST_DIR}/lib/svc/method/site/${SYSVINIT_NAME}
- chmod 744 $FAKE_ROOT${TEST_DIR}/lib/svc/method/site/${SYSVINIT_NAME}
-
- cp ${OPENSSH_MANIFEST} $FAKE_ROOT${TEST_DIR}/var/svc/manifest/site
- chmod 644 $FAKE_ROOT${TEST_DIR}/var/svc/manifest/site/${OPENSSH_MANIFEST}
-else
- mkdir -p $FAKE_ROOT${TEST_DIR}/etc/init.d
+mkdir -p $FAKE_ROOT${TEST_DIR}/etc/init.d
- cp ${OPENSSHD} $FAKE_ROOT${TEST_DIR}/etc/init.d/${SYSVINIT_NAME}
- chmod 744 $FAKE_ROOT${TEST_DIR}/etc/init.d/${SYSVINIT_NAME}
-fi
+cp ${OPENSSHD} $FAKE_ROOT${TEST_DIR}/etc/init.d/${SYSVINIT_NAME}
+chmod 744 $FAKE_ROOT${TEST_DIR}/etc/init.d/${SYSVINIT_NAME}
[ "${PERMIT_ROOT_LOGIN}" = no ] && \
perl -p -i -e "s/#PermitRootLogin yes/PermitRootLogin no/" \
## Build space file
echo "Building space file..."
-if [ $DO_SMF -eq 1 ]
-then
- # XXX Is this necessary? If not, remove space line from mk-proto.awk.
- touch space
-else
- cat > space << _EOF
-# extra space required by start/stop links added by installf
-# in postinstall
+cat > space << _EOF
+# extra space required by start/stop links added by installf in postinstall
$TEST_DIR/etc/rc0.d/${SYSVINITSTOPT}${SYSVINIT_NAME} 0 1
$TEST_DIR/etc/rc2.d/${SYSVINITSTART}${SYSVINIT_NAME} 0 1
_EOF
- [ "$RC1_D" = no ] || \
- echo "$TEST_DIR/etc/rc1.d/${SYSVINITSTOPT}${SYSVINIT_NAME} 0 1" >> space
- [ "$RCS_D" = yes ] && \
- echo "$TEST_DIR/etc/rcS.d/${SYSVINITSTOPT}${SYSVINIT_NAME} 0 1" >> space
-fi
+[ "$RC1_D" = no ] || \
+echo "$TEST_DIR/etc/rc1.d/${SYSVINITSTOPT}${SYSVINIT_NAME} 0 1" >> space
+[ "$RCS_D" = yes ] && \
+echo "$TEST_DIR/etc/rcS.d/${SYSVINITSTOPT}${SYSVINIT_NAME} 0 1" >> space
## Build preinstall file
echo "Building preinstall file..."
cat >> preinstall << _EOF
#
-if [ "\${PRE_INS_STOP}" = "yes" ]
-then
- if [ $DO_SMF -eq 1 ]
- then
- svcadm disable $OPENSSH_FMRI
- else
- ${TEST_DIR}/etc/init.d/${SYSVINIT_NAME} stop
- fi
-fi
-
+[ "\${PRE_INS_STOP}" = "yes" ] && ${TEST_DIR}/etc/init.d/${SYSVINIT_NAME} stop
exit 0
_EOF
}
# make rc?.d dirs only if we are doing a test install
-[ -n "${TEST_DIR}" ] && [ $DO_SMF -ne 1 ] && {
+[ -n "${TEST_DIR}" ] && {
[ "$RCS_D" = yes ] && mkdir -p ${TEST_DIR}/etc/rcS.d
mkdir -p ${TEST_DIR}/etc/rc0.d
[ "$RC1_D" = no ] || mkdir -p ${TEST_DIR}/etc/rc1.d
mkdir -p ${TEST_DIR}/etc/rc2.d
}
-if [ $DO_SMF -eq 1 ]
+if [ "\${USE_SYM_LINKS}" = yes ]
then
- # Delete the existing service, if it exists, then import the
- # new one.
- if svcs $OPENSSH_FMRI > /dev/null 2>&1
- then
- svccfg delete -f $OPENSSH_FMRI
- fi
- # NOTE, if manifest enables sshd by default, this will actually
- # start the daemon, which may not be what the user wants.
- svccfg import ${TEST_DIR}/var/svc/manifest/site/$OPENSSH_MANIFEST
+ [ "$RCS_D" = yes ] && \
+installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rcS.d/${SYSVINITSTOPT}${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s
+ installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc0.d/${SYSVINITSTOPT}${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s
+ [ "$RC1_D" = no ] || \
+ installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc1.d/${SYSVINITSTOPT}${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s
+ installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc2.d/${SYSVINITSTART}${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s
else
- if [ "\${USE_SYM_LINKS}" = yes ]
- then
- [ "$RCS_D" = yes ] && \
- installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rcS.d/${SYSVINITSTOPT}${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s
- installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc0.d/${SYSVINITSTOPT}${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s
- [ "$RC1_D" = no ] || \
- installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc1.d/${SYSVINITSTOPT}${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s
- installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc2.d/${SYSVINITSTART}${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s
- else
- [ "$RCS_D" = yes ] && \
- installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rcS.d/${SYSVINITSTOPT}${SYSVINIT_NAME}=\${PKG_INSTALL_ROOT}$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l
- installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc0.d/${SYSVINITSTOPT}${SYSVINIT_NAME}=\${PKG_INSTALL_ROOT}$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l
- [ "$RC1_D" = no ] || \
- installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc1.d/${SYSVINITSTOPT}${SYSVINIT_NAME}=\${PKG_INSTALL_ROOT}$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l
- installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc2.d/${SYSVINITSTART}${SYSVINIT_NAME}=\${PKG_INSTALL_ROOT}$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l
- fi
+ [ "$RCS_D" = yes ] && \
+installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rcS.d/${SYSVINITSTOPT}${SYSVINIT_NAME}=$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l
+ installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc0.d/${SYSVINITSTOPT}${SYSVINIT_NAME}=$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l
+ [ "$RC1_D" = no ] || \
+ installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc1.d/${SYSVINITSTOPT}${SYSVINIT_NAME}=$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l
+ installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc2.d/${SYSVINITSTART}${SYSVINIT_NAME}=$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l
fi
# If piddir doesn't exist we add it. (Ie. --with-pid-dir=/var/opt/ssh)
chroot=echo
fi
- echo "PrivilegeSeparation user always required."
+if egrep '^[ \t]*UsePrivilegeSeparation[ \t]+no' \${PKG_INSTALL_ROOT}/$sysconfdir/sshd_config >/dev/null
+then
+ echo "UsePrivilegeSeparation disabled in config, not creating PrivSep user"
+ echo "or group."
+else
+ echo "UsePrivilegeSeparation enabled in config (or defaulting to on)."
+
+ # user required?
if cut -f1 -d: \${PKG_INSTALL_ROOT}/etc/passwd | egrep '^'$SSH_PRIVSEP_USER'\$' >/dev/null
then
echo "PrivSep user $SSH_PRIVSEP_USER already exists."
# Create user if required
[ "\$DO_PASSWD" = yes ] && {
# Use uid of 67 if possible
- if cut -f3 -d: \${PKG_INSTALL_ROOT}/etc/passwd | egrep '^'$SSHDUID'\$' >/dev/null
+ if cut -f3 -d: \${PKG_INSTALL_ROOT}/etc/passwd | egrep '^'$SSHDGID'\$' >/dev/null
then
:
else
\$chroot ${PATH_USERADD_PROG} -c 'SSHD PrivSep User' -s /bin/false -g $SSH_PRIVSEP_USER \$sshduid $SSH_PRIVSEP_USER
\$chroot ${PATH_PASSWD_PROG} -l $SSH_PRIVSEP_USER
}
-
-if [ "\${POST_INS_START}" = "yes" ]
-then
- if [ $DO_SMF -eq 1 ]
- then
- # See svccfg import note above. The service may already
- # be started.
- svcadm enable $OPENSSH_FMRI
- else
- ${TEST_DIR}/etc/init.d/${SYSVINIT_NAME} start
- fi
fi
+
+[ "\${POST_INS_START}" = "yes" ] && ${TEST_DIR}/etc/init.d/${SYSVINIT_NAME} start
exit 0
_EOF
cat > preremove << _EOF
#! ${SCRIPT_SHELL}
#
-if [ $DO_SMF -eq 1 ]
-then
- svcadm disable $OPENSSH_FMRI
-else
- ${TEST_DIR}/etc/init.d/${SYSVINIT_NAME} stop
-fi
+${TEST_DIR}/etc/init.d/${SYSVINIT_NAME} stop
_EOF
# local preremove changes here
cat > postremove << _EOF
#! ${SCRIPT_SHELL}
#
-if [ $DO_SMF -eq 1 ]
-then
- if svcs $OPENSSH_FMRI > /dev/null 2>&1
- then
- svccfg delete -f $OPENSSH_FMRI
- fi
-fi
_EOF
# local postremove changes here
_EOF
-if [ $DO_SMF -eq 1 ]
-then
- # This could get hairy, as the running sshd may not be under SMF.
- # We'll assume an earlier version of OpenSSH started via SMF.
- cat >> request << _EOF
-PRE_INS_STOP=no
-POST_INS_START=no
-# determine if should restart the daemon
-if [ -s ${piddir}/sshd.pid ] && \
- /usr/bin/svcs $OPENSSH_FMRI 2>&1 | egrep "^online" > /dev/null 2>&1
-then
- ans=\`ckyorn -d n \
--p "Should the running sshd daemon be restarted? ${DEF_MSG}"\` || exit \$?
- case \$ans in
- [y,Y]*) PRE_INS_STOP=yes
- POST_INS_START=yes
- ;;
- esac
-
-else
-
-# determine if we should start sshd
- ans=\`ckyorn -d n \
--p "Start the sshd daemon after installing this package? ${DEF_MSG}"\` || exit \$?
- case \$ans in
- [y,Y]*) POST_INS_START=yes ;;
- esac
-fi
-
-# make parameters available to installation service,
-# and so to any other packaging scripts
-cat >\$1 <<!
-PRE_INS_STOP='\$PRE_INS_STOP'
-POST_INS_START='\$POST_INS_START'
-!
-
-_EOF
-else
- cat >> request << _EOF
+cat >> request << _EOF
USE_SYM_LINKS=no
PRE_INS_STOP=no
POST_INS_START=no
!
_EOF
-fi
# local request changes here
[ -s "${PKG_REQUEST_LOCAL}" ] && . ${PKG_REQUEST_LOCAL}