]>
Commit | Line | Data |
---|---|---|
9cefe228 | 1 | #!/bin/sh |
2 | # | |
3 | # Fake Root Solaris/SVR4/SVR5 Build System - Prototype | |
4 | # | |
5 | # The following code has been provide under Public Domain License. I really | |
6 | # don't care what you use it for. Just as long as you don't complain to me | |
7 | # nor my employer if you break it. - Ben Lindstrom (mouring@eviladmin.org) | |
8 | # | |
9 | umask 022 | |
10 | # | |
11 | # Options for building the package | |
12 | # You can create a openssh-config.local with your customized options | |
13 | # | |
14 | REMOVE_FAKE_ROOT_WHEN_DONE=yes | |
15 | # | |
16 | # uncommenting TEST_DIR and using | |
17 | # configure --prefix=/var/tmp --with-privsep-path=/var/tmp/empty | |
18 | # and | |
19 | # PKGNAME=tOpenSSH should allow testing a package without interfering | |
20 | # with a real OpenSSH package on a system. This is not needed on systems | |
21 | # that support the -R option to pkgadd. | |
22 | #TEST_DIR=/var/tmp # leave commented out for production build | |
23 | PKGNAME=OpenSSH | |
d386a795 | 24 | # revisions within the same version (REV=a) |
25 | #REV= | |
9cefe228 | 26 | SYSVINIT_NAME=opensshd |
b18359f6 | 27 | AWK=${AWK:="nawk"} |
9cefe228 | 28 | MAKE=${MAKE:="make"} |
29 | SSHDUID=67 # Default privsep uid | |
30 | SSHDGID=67 # Default privsep gid | |
31 | # uncomment these next three as needed | |
32 | #PERMIT_ROOT_LOGIN=no | |
33 | #X11_FORWARDING=yes | |
34 | #USR_LOCAL_IS_SYMLINK=yes | |
35 | # System V init run levels | |
36 | SYSVINITSTART=S98 | |
37 | SYSVINITSTOPT=K30 | |
38 | # We will source these if they exist | |
103ff395 | 39 | POST_MAKE_INSTALL_FIXES=./pkg-post-make-install-fixes.sh |
9cefe228 | 40 | POST_PROTOTYPE_EDITS=./pkg-post-prototype-edit.sh |
41 | # We'll be one level deeper looking for these | |
42 | PKG_PREINSTALL_LOCAL=../pkg-preinstall.local | |
43 | PKG_POSTINSTALL_LOCAL=../pkg-postinstall.local | |
44 | PKG_PREREMOVE_LOCAL=../pkg-preremove.local | |
45 | PKG_POSTREMOVE_LOCAL=../pkg-postremove.local | |
46 | PKG_REQUEST_LOCAL=../pkg-request.local | |
47 | # end of sourced files | |
48 | # | |
ddd8c95b | 49 | OPENSSHD=opensshd.init |
29eadd7c | 50 | OPENSSH_MANIFEST=openssh.xml |
840bd607 | 51 | OPENSSH_FMRI=svc:/site/${SYSVINIT_NAME}:default |
5498741c | 52 | SMF_METHOD_DIR=/lib/svc/method/site |
53 | SMF_MANIFEST_DIR=/var/svc/manifest/site | |
9cefe228 | 54 | |
55 | PATH_GROUPADD_PROG=@PATH_GROUPADD_PROG@ | |
56 | PATH_USERADD_PROG=@PATH_USERADD_PROG@ | |
57 | PATH_PASSWD_PROG=@PATH_PASSWD_PROG@ | |
58 | # | |
59 | # list of system directories we do NOT want to change owner/group/perms | |
60 | # when installing our package | |
61 | SYSTEM_DIR="/etc \ | |
62 | /etc/init.d \ | |
63 | /etc/rcS.d \ | |
64 | /etc/rc0.d \ | |
65 | /etc/rc1.d \ | |
66 | /etc/rc2.d \ | |
67 | /etc/opt \ | |
29eadd7c | 68 | /lib \ |
69 | /lib/svc \ | |
70 | /lib/svc/method \ | |
71 | /lib/svc/method/site \ | |
9cefe228 | 72 | /opt \ |
73 | /opt/bin \ | |
74 | /usr \ | |
75 | /usr/bin \ | |
76 | /usr/lib \ | |
77 | /usr/sbin \ | |
78 | /usr/share \ | |
79 | /usr/share/man \ | |
80 | /usr/share/man/man1 \ | |
81 | /usr/share/man/man8 \ | |
82 | /usr/local \ | |
83 | /usr/local/bin \ | |
84 | /usr/local/etc \ | |
85 | /usr/local/libexec \ | |
86 | /usr/local/man \ | |
87 | /usr/local/man/man1 \ | |
88 | /usr/local/man/man8 \ | |
89 | /usr/local/sbin \ | |
90 | /usr/local/share \ | |
91 | /var \ | |
92 | /var/opt \ | |
93 | /var/run \ | |
29eadd7c | 94 | /var/svc \ |
95 | /var/svc/manifest \ | |
96 | /var/svc/manifest/site \ | |
9cefe228 | 97 | /var/tmp \ |
98 | /tmp" | |
99 | ||
100 | # We may need to build as root so we make sure PATH is set up | |
101 | # only set the path if it's not set already | |
102 | [ -d /opt/bin ] && { | |
103 | echo $PATH | grep ":/opt/bin" > /dev/null 2>&1 | |
104 | [ $? -ne 0 ] && PATH=$PATH:/opt/bin | |
105 | } | |
106 | [ -d /usr/local/bin ] && { | |
107 | echo $PATH | grep ":/usr/local/bin" > /dev/null 2>&1 | |
108 | [ $? -ne 0 ] && PATH=$PATH:/usr/local/bin | |
109 | } | |
110 | [ -d /usr/ccs/bin ] && { | |
111 | echo $PATH | grep ":/usr/ccs/bin" > /dev/null 2>&1 | |
112 | [ $? -ne 0 ] && PATH=$PATH:/usr/ccs/bin | |
113 | } | |
114 | export PATH | |
115 | # | |
116 | ||
117 | [ -f Makefile ] || { | |
118 | echo "Please run this script from your build directory" | |
119 | exit 1 | |
120 | } | |
121 | ||
122 | # we will look for openssh-config.local to override the above options | |
123 | [ -s ./openssh-config.local ] && . ./openssh-config.local | |
124 | ||
125 | START=`pwd` | |
126 | FAKE_ROOT=$START/pkg | |
127 | ||
128 | ## Fill in some details, like prefix and sysconfdir | |
129 | for confvar in prefix exec_prefix bindir sbindir libexecdir datadir mandir sysconfdir piddir srcdir | |
130 | do | |
131 | eval $confvar=`grep "^$confvar=" Makefile | cut -d = -f 2` | |
132 | done | |
133 | ||
29eadd7c | 134 | ## Are we using Solaris' SMF? |
135 | DO_SMF=0 | |
136 | if egrep "^#define USE_SOLARIS_PROCESS_CONTRACTS" config.h > /dev/null 2>&1 | |
137 | then | |
138 | DO_SMF=1 | |
139 | fi | |
9cefe228 | 140 | |
141 | ## Collect value of privsep user | |
142 | for confvar in SSH_PRIVSEP_USER | |
143 | do | |
144 | eval $confvar=`awk '/#define[ \t]'$confvar'/{print $3}' config.h` | |
145 | done | |
146 | ||
147 | ## Set privsep defaults if not defined | |
148 | if [ -z "$SSH_PRIVSEP_USER" ] | |
149 | then | |
150 | SSH_PRIVSEP_USER=sshd | |
151 | fi | |
152 | ||
153 | ## Extract common info requires for the 'info' part of the package. | |
154 | VERSION=`./ssh -V 2>&1 | sed -e 's/,.*//'` | |
155 | ||
156 | ARCH=`uname -m` | |
157 | DEF_MSG="\n" | |
158 | OS_VER=`uname -v` | |
159 | SCRIPT_SHELL=/sbin/sh | |
1f231631 | 160 | UNAME_R=`uname -r` |
9cefe228 | 161 | UNAME_S=`uname -s` |
162 | case ${UNAME_S} in | |
163 | SunOS) UNAME_S=Solaris | |
1f231631 | 164 | OS_VER=${UNAME_R} |
9cefe228 | 165 | ARCH=`uname -p` |
166 | RCS_D=yes | |
167 | DEF_MSG="(default: n)" | |
168 | ;; | |
1f231631 | 169 | SCO_SV) case ${UNAME_R} in |
170 | 3.2) UNAME_S=OpenServer5 | |
9cefe228 | 171 | OS_VER=`uname -X | grep Release | sed -e 's/^Rel.*3.2v//'` |
1f231631 | 172 | ;; |
173 | 5) UNAME_S=OpenServer6 | |
174 | ;; | |
175 | esac | |
9cefe228 | 176 | SCRIPT_SHELL=/bin/sh |
177 | RC1_D=no | |
178 | DEF_MSG="(default: n)" | |
179 | ;; | |
180 | esac | |
181 | ||
182 | case `basename $0` in | |
183 | buildpkg.sh) | |
184 | ## Start by faking root install | |
185 | echo "Faking root install..." | |
186 | [ -d $FAKE_ROOT ] && rm -fr $FAKE_ROOT | |
187 | mkdir $FAKE_ROOT | |
188 | ${MAKE} install-nokeys DESTDIR=$FAKE_ROOT | |
189 | if [ $? -gt 0 ] | |
190 | then | |
191 | echo "Fake root install failed, stopping." | |
192 | exit 1 | |
193 | fi | |
194 | ||
195 | ## Setup our run level stuff while we are at it. | |
29eadd7c | 196 | if [ $DO_SMF -eq 1 ] |
197 | then | |
198 | # For Solaris' SMF, /lib/svc/method/site is the preferred place | |
199 | # for start/stop scripts that aren't supplied with the OS, and | |
200 | # similarly /var/svc/manifest/site for manifests. | |
5498741c | 201 | mkdir -p $FAKE_ROOT${TEST_DIR}${SMF_METHOD_DIR} |
202 | mkdir -p $FAKE_ROOT${TEST_DIR}${SMF_MANIFEST_DIR} | |
29eadd7c | 203 | |
5498741c | 204 | cp ${OPENSSHD} $FAKE_ROOT${TEST_DIR}${SMF_METHOD_DIR}/${SYSVINIT_NAME} |
205 | chmod 744 $FAKE_ROOT${TEST_DIR}${SMF_METHOD_DIR}/${SYSVINIT_NAME} | |
29eadd7c | 206 | |
5498741c | 207 | cat ${OPENSSH_MANIFEST} | \ |
208 | sed -e "s|__SYSVINIT_NAME__|${SYSVINIT_NAME}|" \ | |
209 | -e "s|__SMF_METHOD_DIR__|${SMF_METHOD_DIR}|" \ | |
210 | > $FAKE_ROOT${TEST_DIR}${SMF_MANIFEST_DIR}/${SYSVINIT_NAME}.xml | |
211 | chmod 644 $FAKE_ROOT${TEST_DIR}${SMF_MANIFEST_DIR}/${SYSVINIT_NAME}.xml | |
29eadd7c | 212 | else |
213 | mkdir -p $FAKE_ROOT${TEST_DIR}/etc/init.d | |
9cefe228 | 214 | |
29eadd7c | 215 | cp ${OPENSSHD} $FAKE_ROOT${TEST_DIR}/etc/init.d/${SYSVINIT_NAME} |
216 | chmod 744 $FAKE_ROOT${TEST_DIR}/etc/init.d/${SYSVINIT_NAME} | |
217 | fi | |
9cefe228 | 218 | |
219 | [ "${PERMIT_ROOT_LOGIN}" = no ] && \ | |
220 | perl -p -i -e "s/#PermitRootLogin yes/PermitRootLogin no/" \ | |
a817bc2b | 221 | $FAKE_ROOT${sysconfdir}/sshd_config |
9cefe228 | 222 | [ "${X11_FORWARDING}" = yes ] && \ |
223 | perl -p -i -e "s/#X11Forwarding no/X11Forwarding yes/" \ | |
a817bc2b | 224 | $FAKE_ROOT${sysconfdir}/sshd_config |
9cefe228 | 225 | # fix PrintMotd |
226 | perl -p -i -e "s/#PrintMotd yes/PrintMotd no/" \ | |
a817bc2b | 227 | $FAKE_ROOT${sysconfdir}/sshd_config |
9cefe228 | 228 | |
229 | # We don't want to overwrite config files on multiple installs | |
a817bc2b | 230 | mv $FAKE_ROOT${sysconfdir}/ssh_config $FAKE_ROOT${sysconfdir}/ssh_config.default |
231 | mv $FAKE_ROOT${sysconfdir}/sshd_config $FAKE_ROOT${sysconfdir}/sshd_config.default | |
232 | [ -f $FAKE_ROOT${sysconfdir}/ssh_prng_cmds ] && \ | |
233 | mv $FAKE_ROOT${sysconfdir}/ssh_prng_cmds $FAKE_ROOT${sysconfdir}/ssh_prng_cmds.default | |
9cefe228 | 234 | |
235 | # local tweeks here | |
236 | [ -s "${POST_MAKE_INSTALL_FIXES}" ] && . ${POST_MAKE_INSTALL_FIXES} | |
237 | ||
238 | cd $FAKE_ROOT | |
239 | ||
240 | ## Ok, this is outright wrong, but it will work. I'm tired of pkgmk | |
241 | ## whining. | |
242 | for i in *; do | |
243 | PROTO_ARGS="$PROTO_ARGS $i=/$i"; | |
244 | done | |
245 | ||
246 | ## Build info file | |
247 | echo "Building pkginfo file..." | |
248 | cat > pkginfo << _EOF | |
249 | PKG=$PKGNAME | |
250 | NAME="OpenSSH Portable for ${UNAME_S}" | |
251 | DESC="Secure Shell remote access utility; replaces telnet and rlogin/rsh." | |
252 | VENDOR="OpenSSH Portable Team - http://www.openssh.com/portable.html" | |
253 | ARCH=$ARCH | |
d386a795 | 254 | VERSION=$VERSION$REV |
9cefe228 | 255 | CATEGORY="Security,application" |
256 | BASEDIR=/ | |
257 | CLASSES="none" | |
258 | PSTAMP="${UNAME_S} ${OS_VER} ${ARCH} `date '+%d%b%Y %H:%M'`" | |
259 | _EOF | |
260 | ||
261 | ## Build empty depend file that may get updated by $POST_PROTOTYPE_EDITS | |
262 | echo "Building depend file..." | |
263 | touch depend | |
264 | ||
265 | ## Build space file | |
266 | echo "Building space file..." | |
29eadd7c | 267 | if [ $DO_SMF -eq 1 ] |
268 | then | |
269 | # XXX Is this necessary? If not, remove space line from mk-proto.awk. | |
270 | touch space | |
271 | else | |
272 | cat > space << _EOF | |
273 | # extra space required by start/stop links added by installf | |
274 | # in postinstall | |
9cefe228 | 275 | $TEST_DIR/etc/rc0.d/${SYSVINITSTOPT}${SYSVINIT_NAME} 0 1 |
276 | $TEST_DIR/etc/rc2.d/${SYSVINITSTART}${SYSVINIT_NAME} 0 1 | |
277 | _EOF | |
29eadd7c | 278 | [ "$RC1_D" = no ] || \ |
279 | echo "$TEST_DIR/etc/rc1.d/${SYSVINITSTOPT}${SYSVINIT_NAME} 0 1" >> space | |
280 | [ "$RCS_D" = yes ] && \ | |
281 | echo "$TEST_DIR/etc/rcS.d/${SYSVINITSTOPT}${SYSVINIT_NAME} 0 1" >> space | |
282 | fi | |
9cefe228 | 283 | |
284 | ## Build preinstall file | |
285 | echo "Building preinstall file..." | |
286 | cat > preinstall << _EOF | |
287 | #! ${SCRIPT_SHELL} | |
288 | # | |
289 | _EOF | |
290 | ||
291 | # local preinstall changes here | |
292 | [ -s "${PKG_PREINSTALL_LOCAL}" ] && . ${PKG_PREINSTALL_LOCAL} | |
293 | ||
294 | cat >> preinstall << _EOF | |
295 | # | |
29eadd7c | 296 | if [ "\${PRE_INS_STOP}" = "yes" ] |
297 | then | |
298 | if [ $DO_SMF -eq 1 ] | |
299 | then | |
300 | svcadm disable $OPENSSH_FMRI | |
301 | else | |
302 | ${TEST_DIR}/etc/init.d/${SYSVINIT_NAME} stop | |
303 | fi | |
304 | fi | |
305 | ||
9cefe228 | 306 | exit 0 |
307 | _EOF | |
308 | ||
309 | ## Build postinstall file | |
310 | echo "Building postinstall file..." | |
311 | cat > postinstall << _EOF | |
312 | #! ${SCRIPT_SHELL} | |
313 | # | |
314 | [ -f \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_config ] || \\ | |
315 | cp -p \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_config.default \\ | |
316 | \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_config | |
317 | [ -f \${PKG_INSTALL_ROOT}${sysconfdir}/sshd_config ] || \\ | |
318 | cp -p \${PKG_INSTALL_ROOT}${sysconfdir}/sshd_config.default \\ | |
319 | \${PKG_INSTALL_ROOT}${sysconfdir}/sshd_config | |
320 | [ -f \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_prng_cmds.default ] && { | |
321 | [ -f \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_prng_cmds ] || \\ | |
322 | cp -p \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_prng_cmds.default \\ | |
323 | \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_prng_cmds | |
324 | } | |
325 | ||
326 | # make rc?.d dirs only if we are doing a test install | |
29eadd7c | 327 | [ -n "${TEST_DIR}" ] && [ $DO_SMF -ne 1 ] && { |
9cefe228 | 328 | [ "$RCS_D" = yes ] && mkdir -p ${TEST_DIR}/etc/rcS.d |
329 | mkdir -p ${TEST_DIR}/etc/rc0.d | |
330 | [ "$RC1_D" = no ] || mkdir -p ${TEST_DIR}/etc/rc1.d | |
331 | mkdir -p ${TEST_DIR}/etc/rc2.d | |
332 | } | |
333 | ||
29eadd7c | 334 | if [ $DO_SMF -eq 1 ] |
9cefe228 | 335 | then |
29eadd7c | 336 | # Delete the existing service, if it exists, then import the |
337 | # new one. | |
338 | if svcs $OPENSSH_FMRI > /dev/null 2>&1 | |
339 | then | |
340 | svccfg delete -f $OPENSSH_FMRI | |
341 | fi | |
840bd607 | 342 | # NOTE, The manifest disables sshd by default. |
5498741c | 343 | svccfg import ${TEST_DIR}${SMF_MANIFEST_DIR}/${SYSVINIT_NAME}.xml |
9cefe228 | 344 | else |
29eadd7c | 345 | if [ "\${USE_SYM_LINKS}" = yes ] |
346 | then | |
347 | [ "$RCS_D" = yes ] && \ | |
348 | installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rcS.d/${SYSVINITSTOPT}${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s | |
349 | installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc0.d/${SYSVINITSTOPT}${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s | |
350 | [ "$RC1_D" = no ] || \ | |
351 | installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc1.d/${SYSVINITSTOPT}${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s | |
352 | installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc2.d/${SYSVINITSTART}${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s | |
353 | else | |
354 | [ "$RCS_D" = yes ] && \ | |
355 | installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rcS.d/${SYSVINITSTOPT}${SYSVINIT_NAME}=\${PKG_INSTALL_ROOT}$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l | |
356 | installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc0.d/${SYSVINITSTOPT}${SYSVINIT_NAME}=\${PKG_INSTALL_ROOT}$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l | |
357 | [ "$RC1_D" = no ] || \ | |
358 | installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc1.d/${SYSVINITSTOPT}${SYSVINIT_NAME}=\${PKG_INSTALL_ROOT}$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l | |
359 | installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc2.d/${SYSVINITSTART}${SYSVINIT_NAME}=\${PKG_INSTALL_ROOT}$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l | |
360 | fi | |
9cefe228 | 361 | fi |
362 | ||
363 | # If piddir doesn't exist we add it. (Ie. --with-pid-dir=/var/opt/ssh) | |
364 | [ -d $piddir ] || installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR$piddir d 0755 root sys | |
365 | ||
366 | _EOF | |
367 | ||
368 | # local postinstall changes here | |
369 | [ -s "${PKG_POSTINSTALL_LOCAL}" ] && . ${PKG_POSTINSTALL_LOCAL} | |
370 | ||
371 | cat >> postinstall << _EOF | |
372 | installf -f ${PKGNAME} | |
373 | ||
374 | # Use chroot to handle PKG_INSTALL_ROOT | |
375 | if [ ! -z "\${PKG_INSTALL_ROOT}" ] | |
376 | then | |
377 | chroot="chroot \${PKG_INSTALL_ROOT}" | |
378 | fi | |
379 | # If this is a test build, we will skip the groupadd/useradd/passwd commands | |
380 | if [ ! -z "${TEST_DIR}" ] | |
381 | then | |
382 | chroot=echo | |
383 | fi | |
384 | ||
16082eaa | 385 | echo "PrivilegeSeparation user always required." |
d386a795 | 386 | if cut -f1 -d: \${PKG_INSTALL_ROOT}/etc/passwd | egrep '^'$SSH_PRIVSEP_USER'\$' >/dev/null |
387 | then | |
388 | echo "PrivSep user $SSH_PRIVSEP_USER already exists." | |
389 | SSH_PRIVSEP_GROUP=\`grep "^$SSH_PRIVSEP_USER:" \${PKG_INSTALL_ROOT}/etc/passwd | awk -F: '{print \$4}'\` | |
390 | SSH_PRIVSEP_GROUP=\`grep ":\$SSH_PRIVSEP_GROUP:" \${PKG_INSTALL_ROOT}/etc/group | awk -F: '{print \$1}'\` | |
391 | else | |
392 | DO_PASSWD=yes | |
393 | fi | |
394 | [ -z "\$SSH_PRIVSEP_GROUP" ] && SSH_PRIVSEP_GROUP=$SSH_PRIVSEP_USER | |
395 | ||
396 | # group required? | |
397 | if cut -f1 -d: \${PKG_INSTALL_ROOT}/etc/group | egrep '^'\$SSH_PRIVSEP_GROUP'\$' >/dev/null | |
9cefe228 | 398 | then |
d386a795 | 399 | echo "PrivSep group \$SSH_PRIVSEP_GROUP already exists." |
9cefe228 | 400 | else |
d386a795 | 401 | DO_GROUP=yes |
402 | fi | |
403 | ||
404 | # create group if required | |
405 | [ "\$DO_GROUP" = yes ] && { | |
9cefe228 | 406 | # Use gid of 67 if possible |
407 | if cut -f3 -d: \${PKG_INSTALL_ROOT}/etc/group | egrep '^'$SSHDGID'\$' >/dev/null | |
408 | then | |
409 | : | |
410 | else | |
411 | sshdgid="-g $SSHDGID" | |
412 | fi | |
d386a795 | 413 | echo "Creating PrivSep group \$SSH_PRIVSEP_GROUP." |
414 | \$chroot ${PATH_GROUPADD_PROG} \$sshdgid \$SSH_PRIVSEP_GROUP | |
415 | } | |
9cefe228 | 416 | |
417 | # Create user if required | |
d386a795 | 418 | [ "\$DO_PASSWD" = yes ] && { |
9cefe228 | 419 | # Use uid of 67 if possible |
b5c428f0 | 420 | if cut -f3 -d: \${PKG_INSTALL_ROOT}/etc/passwd | egrep '^'$SSHDUID'\$' >/dev/null |
9cefe228 | 421 | then |
422 | : | |
423 | else | |
424 | sshduid="-u $SSHDUID" | |
425 | fi | |
426 | echo "Creating PrivSep user $SSH_PRIVSEP_USER." | |
427 | \$chroot ${PATH_USERADD_PROG} -c 'SSHD PrivSep User' -s /bin/false -g $SSH_PRIVSEP_USER \$sshduid $SSH_PRIVSEP_USER | |
428 | \$chroot ${PATH_PASSWD_PROG} -l $SSH_PRIVSEP_USER | |
d386a795 | 429 | } |
9cefe228 | 430 | |
29eadd7c | 431 | if [ "\${POST_INS_START}" = "yes" ] |
432 | then | |
433 | if [ $DO_SMF -eq 1 ] | |
434 | then | |
29eadd7c | 435 | svcadm enable $OPENSSH_FMRI |
436 | else | |
437 | ${TEST_DIR}/etc/init.d/${SYSVINIT_NAME} start | |
438 | fi | |
439 | fi | |
9cefe228 | 440 | exit 0 |
441 | _EOF | |
442 | ||
443 | ## Build preremove file | |
444 | echo "Building preremove file..." | |
445 | cat > preremove << _EOF | |
446 | #! ${SCRIPT_SHELL} | |
447 | # | |
29eadd7c | 448 | if [ $DO_SMF -eq 1 ] |
449 | then | |
450 | svcadm disable $OPENSSH_FMRI | |
451 | else | |
452 | ${TEST_DIR}/etc/init.d/${SYSVINIT_NAME} stop | |
453 | fi | |
9cefe228 | 454 | _EOF |
455 | ||
456 | # local preremove changes here | |
457 | [ -s "${PKG_PREREMOVE_LOCAL}" ] && . ${PKG_PREREMOVE_LOCAL} | |
458 | ||
459 | cat >> preremove << _EOF | |
460 | exit 0 | |
461 | _EOF | |
462 | ||
463 | ## Build postremove file | |
464 | echo "Building postremove file..." | |
465 | cat > postremove << _EOF | |
466 | #! ${SCRIPT_SHELL} | |
467 | # | |
29eadd7c | 468 | if [ $DO_SMF -eq 1 ] |
469 | then | |
470 | if svcs $OPENSSH_FMRI > /dev/null 2>&1 | |
471 | then | |
472 | svccfg delete -f $OPENSSH_FMRI | |
473 | fi | |
474 | fi | |
9cefe228 | 475 | _EOF |
476 | ||
477 | # local postremove changes here | |
478 | [ -s "${PKG_POSTREMOVE_LOCAL}" ] && . ${PKG_POSTREMOVE_LOCAL} | |
479 | ||
480 | cat >> postremove << _EOF | |
481 | exit 0 | |
482 | _EOF | |
483 | ||
484 | ## Build request file | |
485 | echo "Building request file..." | |
486 | cat > request << _EOF | |
487 | trap 'exit 3' 15 | |
488 | ||
489 | _EOF | |
490 | ||
491 | [ -x /usr/bin/ckyorn ] || cat >> request << _EOF | |
492 | ||
493 | ckyorn() { | |
1f231631 | 494 | # for some strange reason OpenServer5 has no ckyorn |
9cefe228 | 495 | # We build a striped down version here |
496 | ||
497 | DEFAULT=n | |
498 | PROMPT="Yes or No [yes,no,?,quit]" | |
499 | HELP_PROMPT=" Enter y or yes if your answer is yes; n or no if your answer is no." | |
500 | USAGE="usage: ckyorn [options] | |
501 | where options may include: | |
502 | -d default | |
503 | -h help | |
504 | -p prompt | |
505 | " | |
506 | ||
507 | if [ \$# != 0 ] | |
508 | then | |
509 | while getopts d:p:h: c | |
510 | do | |
511 | case \$c in | |
512 | h) HELP_PROMPT="\$OPTARG" ;; | |
513 | d) DEFAULT=\$OPTARG ;; | |
514 | p) PROMPT=\$OPTARG ;; | |
515 | \\?) echo "\$USAGE" 1>&2 | |
516 | exit 1 ;; | |
517 | esac | |
518 | done | |
519 | shift \`expr \$OPTIND - 1\` | |
520 | fi | |
521 | ||
522 | while true | |
523 | do | |
524 | echo "\${PROMPT}\\c " 1>&2 | |
525 | read key | |
526 | [ -z "\$key" ] && key=\$DEFAULT | |
527 | case \$key in | |
528 | [n,N]|[n,N][o,O]|[y,Y]|[y,Y][e,E][s,S]) echo "\${key}\\c" | |
529 | exit 0 ;; | |
530 | \\?) echo \$HELP_PROMPT 1>&2 ;; | |
531 | q|quit) echo "q\\c" 1>&2 | |
532 | exit 3 ;; | |
533 | esac | |
534 | done | |
535 | ||
536 | } | |
537 | ||
538 | _EOF | |
539 | ||
29eadd7c | 540 | if [ $DO_SMF -eq 1 ] |
541 | then | |
542 | # This could get hairy, as the running sshd may not be under SMF. | |
543 | # We'll assume an earlier version of OpenSSH started via SMF. | |
544 | cat >> request << _EOF | |
545 | PRE_INS_STOP=no | |
546 | POST_INS_START=no | |
547 | # determine if should restart the daemon | |
548 | if [ -s ${piddir}/sshd.pid ] && \ | |
840bd607 | 549 | /usr/bin/svcs -H $OPENSSH_FMRI 2>&1 | egrep "^online" > /dev/null 2>&1 |
29eadd7c | 550 | then |
551 | ans=\`ckyorn -d n \ | |
552 | -p "Should the running sshd daemon be restarted? ${DEF_MSG}"\` || exit \$? | |
553 | case \$ans in | |
554 | [y,Y]*) PRE_INS_STOP=yes | |
555 | POST_INS_START=yes | |
556 | ;; | |
557 | esac | |
558 | ||
559 | else | |
560 | ||
561 | # determine if we should start sshd | |
562 | ans=\`ckyorn -d n \ | |
563 | -p "Start the sshd daemon after installing this package? ${DEF_MSG}"\` || exit \$? | |
564 | case \$ans in | |
565 | [y,Y]*) POST_INS_START=yes ;; | |
566 | esac | |
567 | fi | |
568 | ||
569 | # make parameters available to installation service, | |
570 | # and so to any other packaging scripts | |
571 | cat >\$1 <<! | |
572 | PRE_INS_STOP='\$PRE_INS_STOP' | |
573 | POST_INS_START='\$POST_INS_START' | |
574 | ! | |
575 | ||
576 | _EOF | |
577 | else | |
578 | cat >> request << _EOF | |
9cefe228 | 579 | USE_SYM_LINKS=no |
580 | PRE_INS_STOP=no | |
581 | POST_INS_START=no | |
582 | # Use symbolic links? | |
583 | ans=\`ckyorn -d n \ | |
584 | -p "Do you want symbolic links for the start/stop scripts? ${DEF_MSG}"\` || exit \$? | |
585 | case \$ans in | |
586 | [y,Y]*) USE_SYM_LINKS=yes ;; | |
587 | esac | |
588 | ||
589 | # determine if should restart the daemon | |
590 | if [ -s ${piddir}/sshd.pid -a -f ${TEST_DIR}/etc/init.d/${SYSVINIT_NAME} ] | |
591 | then | |
592 | ans=\`ckyorn -d n \ | |
593 | -p "Should the running sshd daemon be restarted? ${DEF_MSG}"\` || exit \$? | |
594 | case \$ans in | |
595 | [y,Y]*) PRE_INS_STOP=yes | |
596 | POST_INS_START=yes | |
597 | ;; | |
598 | esac | |
599 | ||
600 | else | |
601 | ||
602 | # determine if we should start sshd | |
603 | ans=\`ckyorn -d n \ | |
604 | -p "Start the sshd daemon after installing this package? ${DEF_MSG}"\` || exit \$? | |
605 | case \$ans in | |
606 | [y,Y]*) POST_INS_START=yes ;; | |
607 | esac | |
608 | fi | |
609 | ||
610 | # make parameters available to installation service, | |
611 | # and so to any other packaging scripts | |
612 | cat >\$1 <<! | |
613 | USE_SYM_LINKS='\$USE_SYM_LINKS' | |
614 | PRE_INS_STOP='\$PRE_INS_STOP' | |
615 | POST_INS_START='\$POST_INS_START' | |
616 | ! | |
617 | ||
618 | _EOF | |
29eadd7c | 619 | fi |
9cefe228 | 620 | |
621 | # local request changes here | |
622 | [ -s "${PKG_REQUEST_LOCAL}" ] && . ${PKG_REQUEST_LOCAL} | |
623 | ||
624 | cat >> request << _EOF | |
625 | exit 0 | |
626 | ||
627 | _EOF | |
628 | ||
629 | ## Next Build our prototype | |
630 | echo "Building prototype file..." | |
631 | cat >mk-proto.awk << _EOF | |
632 | BEGIN { print "i pkginfo"; print "i depend"; \\ | |
633 | print "i preinstall"; print "i postinstall"; \\ | |
634 | print "i preremove"; print "i postremove"; \\ | |
635 | print "i request"; print "i space"; \\ | |
636 | split("$SYSTEM_DIR",sys_files); } | |
637 | { | |
638 | for (dir in sys_files) { if ( \$3 != sys_files[dir] ) | |
639 | { if ( \$1 == "s" ) | |
640 | { \$5=""; \$6=""; } | |
641 | else | |
642 | { \$5="root"; \$6="sys"; } | |
643 | } | |
644 | else | |
645 | { \$4="?"; \$5="?"; \$6="?"; break;} | |
646 | } } | |
647 | { print; } | |
648 | _EOF | |
649 | ||
650 | find . | egrep -v "prototype|pkginfo|mk-proto.awk" | sort | \ | |
b18359f6 | 651 | pkgproto $PROTO_ARGS | ${AWK} -f mk-proto.awk > prototype |
9cefe228 | 652 | |
653 | # /usr/local is a symlink on some systems | |
654 | [ "${USR_LOCAL_IS_SYMLINK}" = yes ] && { | |
655 | grep -v "^d none /usr/local ? ? ?$" prototype > prototype.new | |
656 | mv prototype.new prototype | |
657 | } | |
658 | ||
659 | ## Step back a directory and now build the package. | |
660 | cd .. | |
661 | # local prototype tweeks here | |
662 | [ -s "${POST_PROTOTYPE_EDITS}" ] && . ${POST_PROTOTYPE_EDITS} | |
663 | ||
664 | echo "Building package.." | |
665 | pkgmk -d ${FAKE_ROOT} -f $FAKE_ROOT/prototype -o | |
d386a795 | 666 | echo | pkgtrans -os ${FAKE_ROOT} ${START}/$PKGNAME-$VERSION$REV-$UNAME_S-$ARCH.pkg |
9cefe228 | 667 | ;; |
668 | ||
669 | justpkg.sh) | |
670 | rm -fr ${FAKE_ROOT}/${PKGNAME} | |
671 | grep -v "^PSTAMP=" $FAKE_ROOT/pkginfo > $$tmp | |
672 | mv $$tmp $FAKE_ROOT/pkginfo | |
673 | cat >> $FAKE_ROOT/pkginfo << _EOF | |
674 | PSTAMP="${UNAME_S} ${OS_VER} ${ARCH} `date '+%d%b%Y %H:%M'`" | |
675 | _EOF | |
676 | pkgmk -d ${FAKE_ROOT} -f $FAKE_ROOT/prototype -o | |
d386a795 | 677 | echo | pkgtrans -os ${FAKE_ROOT} ${START}/$PKGNAME-$VERSION$REV-$UNAME_S-$ARCH.pkg |
9cefe228 | 678 | ;; |
679 | ||
680 | esac | |
681 | ||
682 | [ "${REMOVE_FAKE_ROOT_WHEN_DONE}" = yes ] && rm -rf $FAKE_ROOT | |
25616c13 | 683 | exit 0 |
9cefe228 | 684 |