3 # Fake Root Solaris/SVR4/SVR5 Build System - Prototype
5 # The following code has been provide under Public Domain License. I really
6 # don't care what you use it for. Just as long as you don't complain to me
7 # nor my employer if you break it. - Ben Lindstrom (mouring@eviladmin.org)
11 # Options for building the package
12 # You can create a config.local with your customized options
14 # uncommenting TEST_DIR and using
15 # configure --prefix=/var/tmp --with-privsep-path=/var/tmp/empty
17 # PKGNAME=tOpenSSH should allow testing a package without interfering
18 # with a real OpenSSH package on a system. This is not needed on systems
19 # that support the -R option to pkgadd.
20 #TEST_DIR=/var/tmp # leave commented out for production build
22 SYSVINIT_NAME=opensshd
24 SSHDUID=67 # Default privsep uid
25 SSHDGID=67 # Default privsep gid
26 # uncomment these next two as needed
29 # list of system directories we do NOT want to change owner/group/perms
30 # when installing our package
63 # We may need to build as root so we make sure PATH is set up
64 # only set the path if it's not set already
65 [ -d /usr/local/bin ] && {
66 echo $PATH | grep ":/usr/local/bin" > /dev/null 2>&1
67 [ $? -ne 0 ] && PATH=$PATH:/usr/local/bin
69 [ -d /usr/ccs/bin ] && {
70 echo $PATH | grep ":/usr/ccs/bin" > /dev/null 2>&1
71 [ $? -ne 0 ] && PATH=$PATH:/usr/ccs/bin
77 echo "Please run this script from your build directory"
81 # we will look for config.local to override the above options
82 [ -s ./config.local ] && . ./config.local
84 ## Start by faking root install
85 echo "Faking root install..."
87 OPENSSHD_IN=`dirname $0`/opensshd.in
88 FAKE_ROOT=$START/package
89 [ -d $FAKE_ROOT ] && rm -fr $FAKE_ROOT
91 ${MAKE} install-nokeys DESTDIR=$FAKE_ROOT
94 echo "Fake root install failed, stopping."
98 ## Fill in some details, like prefix and sysconfdir
99 for confvar in prefix exec_prefix bindir sbindir libexecdir datadir mandir sysconfdir piddir
101 eval $confvar=`grep "^$confvar=" Makefile | cut -d = -f 2`
105 ## Collect value of privsep user
106 for confvar in SSH_PRIVSEP_USER
108 eval $confvar=`awk '/#define[ \t]'$confvar'/{print $3}' config.h`
111 ## Set privsep defaults if not defined
112 if [ -z "$SSH_PRIVSEP_USER" ]
114 SSH_PRIVSEP_USER=sshd
117 ## Extract common info requires for the 'info' part of the package.
118 VERSION=`./ssh -V 2>&1 | sed -e 's/,.*//'`
122 SunOS) UNAME_S=Solaris
125 DEF_MSG="(default: n)"
131 ## Setup our run level stuff while we are at it.
132 mkdir -p $FAKE_ROOT${TEST_DIR}/etc/init.d
134 ## setup our initscript correctly
135 sed -e "s#%%configDir%%#${sysconfdir}#g" \
136 -e "s#%%openSSHDir%%#$prefix#g" \
137 -e "s#%%pidDir%%#${piddir}#g" \
138 ${OPENSSHD_IN} > $FAKE_ROOT${TEST_DIR}/etc/init.d/${SYSVINIT_NAME}
139 chmod 744 $FAKE_ROOT${TEST_DIR}/etc/init.d/${SYSVINIT_NAME}
141 [ "${PERMIT_ROOT_LOGIN}" = no ] && \
142 perl -p -i -e "s/#PermitRootLogin yes/PermitRootLogin no/" \
143 $FAKE_ROOT/${sysconfdir}/sshd_config
144 [ "${X11_FORWARDING}" = yes ] && \
145 perl -p -i -e "s/#X11Forwarding no/X11Forwarding yes/" \
146 $FAKE_ROOT/${sysconfdir}/sshd_config
148 perl -p -i -e "s/#PrintMotd yes/PrintMotd no/" \
149 $FAKE_ROOT/${sysconfdir}/sshd_config
151 # We don't want to overwrite config files on multiple installs
152 mv $FAKE_ROOT/${sysconfdir}/ssh_config $FAKE_ROOT/${sysconfdir}/ssh_config.default
153 mv $FAKE_ROOT/${sysconfdir}/sshd_config $FAKE_ROOT/${sysconfdir}/sshd_config.default
154 [ -f $FAKE_ROOT/${sysconfdir}/ssh_prng_cmds ] && \
155 mv $FAKE_ROOT/${sysconfdir}/ssh_prng_cmds $FAKE_ROOT/${sysconfdir}/ssh_prng_cmds.default
159 ## Ok, this is outright wrong, but it will work. I'm tired of pkgmk
162 PROTO_ARGS="$PROTO_ARGS $i=/$i";
166 echo "Building pkginfo file..."
167 cat > pkginfo << _EOF
169 NAME="OpenSSH Portable for ${UNAME_S}"
170 DESC="Secure Shell remote access utility; replaces telnet and rlogin/rsh."
171 VENDOR="OpenSSH Portable Team - http://www.openssh.com/portable.html"
174 CATEGORY="Security,application"
179 ## Build preinstall file
180 echo "Building preinstall file..."
181 cat > preinstall << _EOF
184 [ "\${PRE_INS_STOP}" = "yes" ] && ${TEST_DIR}/etc/init.d/${SYSVINIT_NAME} stop
188 ## Build postinstall file
189 echo "Building postinstall file..."
190 cat > postinstall << _EOF
193 [ -f \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_config ] || \\
194 cp -p \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_config.default \\
195 \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_config
196 [ -f \${PKG_INSTALL_ROOT}${sysconfdir}/sshd_config ] || \\
197 cp -p \${PKG_INSTALL_ROOT}${sysconfdir}/sshd_config.default \\
198 \${PKG_INSTALL_ROOT}${sysconfdir}/sshd_config
199 [ -f \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_prng_cmds.default ] && {
200 [ -f \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_prng_cmds ] || \\
201 cp -p \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_prng_cmds.default \\
202 \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_prng_cmds
205 # make rc?.d dirs only if we are doing a test install
206 [ -n "${TEST_DIR}" ] && {
207 [ "$RCS_D" = yes ] && mkdir -p ${TEST_DIR}/etc/rcS.d
208 mkdir -p ${TEST_DIR}/etc/rc0.d
209 mkdir -p ${TEST_DIR}/etc/rc1.d
210 mkdir -p ${TEST_DIR}/etc/rc2.d
213 if [ "\${USE_SYM_LINKS}" = yes ]
215 [ "$RCS_D" = yes ] && \
216 installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rcS.d/K30${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s
217 installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc0.d/K30${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s
218 installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc1.d/K30${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s
219 installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc2.d/S98${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s
221 [ "$RCS_D" = yes ] && \
222 installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rcS.d/K30${SYSVINIT_NAME}=$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l
223 installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc0.d/K30${SYSVINIT_NAME}=$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l
224 installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc1.d/K30${SYSVINIT_NAME}=$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l
225 installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc2.d/S98${SYSVINIT_NAME}=$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l
228 # If piddir doesn't exist we add it. (Ie. --with-pid-dir=/var/opt/ssh)
229 [ -d $piddir ] || installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR$piddir d 755 root sys
231 installf -f ${PKGNAME}
233 # Use chroot to handle PKG_INSTALL_ROOT
234 if [ ! -z "\${PKG_INSTALL_ROOT}" ]
236 chroot="chroot \${PKG_INSTALL_ROOT}"
238 # If this is a test build, we will skip the groupadd/useradd/passwd commands
239 if [ ! -z "${TEST_DIR}" ]
244 if egrep '^[ \t]*UsePrivilegeSeparation[ \t]+no' \${PKG_INSTALL_ROOT}/$sysconfdir/sshd_config >/dev/null
246 echo "UsePrivilegeSeparation disabled in config, not creating PrivSep user"
249 echo "UsePrivilegeSeparation enabled in config (or defaulting to on)."
251 # create group if required
252 if cut -f1 -d: \${PKG_INSTALL_ROOT}/etc/group | egrep '^'$SSH_PRIVSEP_USER'\$' >/dev/null
254 echo "PrivSep group $SSH_PRIVSEP_USER already exists."
256 # Use gid of 67 if possible
257 if cut -f3 -d: \${PKG_INSTALL_ROOT}/etc/group | egrep '^'$SSHDGID'\$' >/dev/null
261 sshdgid="-g $SSHDGID"
263 echo "Creating PrivSep group $SSH_PRIVSEP_USER."
264 \$chroot /usr/sbin/groupadd \$sshdgid $SSH_PRIVSEP_USER
267 # Create user if required
268 if cut -f1 -d: \${PKG_INSTALL_ROOT}/etc/passwd | egrep '^'$SSH_PRIVSEP_USER'\$' >/dev/null
270 echo "PrivSep user $SSH_PRIVSEP_USER already exists."
272 # Use uid of 67 if possible
273 if cut -f3 -d: \${PKG_INSTALL_ROOT}/etc/passwd | egrep '^'$SSHDGID'\$' >/dev/null
277 sshduid="-u $SSHDUID"
279 echo "Creating PrivSep user $SSH_PRIVSEP_USER."
280 \$chroot /usr/sbin/useradd -c 'SSHD PrivSep User' -s /bin/false -g $SSH_PRIVSEP_USER \$sshduid $SSH_PRIVSEP_USER
281 \$chroot /usr/bin/passwd -l $SSH_PRIVSEP_USER
285 [ "\${POST_INS_START}" = "yes" ] && ${TEST_DIR}/etc/init.d/${SYSVINIT_NAME} start
289 ## Build preremove file
290 echo "Building preremove file..."
291 cat > preremove << _EOF
294 ${TEST_DIR}/etc/init.d/${SYSVINIT_NAME} stop
298 ## Build request file
299 echo "Building request file..."
300 cat > request << _EOF
305 # Use symbolic links?
307 -p "Do you want symbolic links for the start/stop scripts? ${DEF_MSG}"\` || exit \$?
309 [y,Y]*) USE_SYM_LINKS=yes ;;
312 # determine if should restart the daemon
313 if [ -s ${piddir}/sshd.pid -a -f ${TEST_DIR}/etc/init.d/${SYSVINIT_NAME} ]
316 -p "Should the running sshd daemon be restarted? ${DEF_MSG}"\` || exit \$?
318 [y,Y]*) PRE_INS_STOP=yes
325 # determine if we should start sshd
327 -p "Start the sshd daemon after installing this package? ${DEF_MSG}"\` || exit \$?
329 [y,Y]*) POST_INS_START=yes ;;
333 # make parameters available to installation service,
334 # and so to any other packaging scripts
336 USE_SYM_LINKS='\$USE_SYM_LINKS'
337 PRE_INS_STOP='\$PRE_INS_STOP'
338 POST_INS_START='\$POST_INS_START'
345 echo "Building space file..."
347 # extra space required by start/stop links added by installf in postinstall
348 $TEST_DIR/etc/rc0.d/K30${SYSVINIT_NAME} 0 1
349 $TEST_DIR/etc/rc1.d/K30${SYSVINIT_NAME} 0 1
350 $TEST_DIR/etc/rc2.d/S98${SYSVINIT_NAME} 0 1
352 [ "$RCS_D" = yes ] && \
353 echo "$TEST_DIR/etc/rcS.d/K30${SYSVINIT_NAME} 0 1" >> space
355 ## Next Build our prototype
356 echo "Building prototype file..."
357 cat >mk-proto.awk << _EOF
358 BEGIN { print "i pkginfo"; print "i preinstall"; \\
359 print "i postinstall"; print "i preremove"; \\
360 print "i request"; print "i space"; \\
361 split("$SYSTEM_DIR",sys_files); }
363 for (dir in sys_files) { if ( \$3 != sys_files[dir] )
364 { \$5="root"; \$6="sys"; }
366 { \$4="?"; \$5="?"; \$6="?"; break;}
370 find . | egrep -v "prototype|pkginfo|mk-proto.awk" | sort | \
371 pkgproto $PROTO_ARGS | nawk -f mk-proto.awk > prototype
373 ## Step back a directory and now build the package.
374 echo "Building package.."
376 pkgmk -d ${FAKE_ROOT} -f $FAKE_ROOT/prototype -o
377 echo | pkgtrans -os ${FAKE_ROOT} ${START}/$PKGNAME-$UNAME_S-$ARCH-$VERSION.pkg