3 # Fake Root Solaris/SVR4/SVR5 Build System - Prototype
5 # The following code has been provide under Public Domain License. I really
6 # don't care what you use it for. Just as long as you don't complain to me
7 # nor my employer if you break it. - Ben Lindstrom (mouring@eviladmin.org)
11 # Options for building the package
12 # You can create a openssh-config.local with your customized options
14 REMOVE_FAKE_ROOT_WHEN_DONE=yes
16 # uncommenting TEST_DIR and using
17 # configure --prefix=/var/tmp --with-privsep-path=/var/tmp/empty
19 # PKGNAME=tOpenSSH should allow testing a package without interfering
20 # with a real OpenSSH package on a system. This is not needed on systems
21 # that support the -R option to pkgadd.
22 #TEST_DIR=/var/tmp # leave commented out for production build
24 # revisions within the same version (REV=a)
26 SYSVINIT_NAME=opensshd
28 SSHDUID=67 # Default privsep uid
29 SSHDGID=67 # Default privsep gid
30 # uncomment these next three as needed
33 #USR_LOCAL_IS_SYMLINK=yes
34 # System V init run levels
37 # We will source these if they exist
38 POST_MAKE_INSTALL_FIXES=./pkg-post-make-install-fixes.sh
39 POST_PROTOTYPE_EDITS=./pkg-post-prototype-edit.sh
40 # We'll be one level deeper looking for these
41 PKG_PREINSTALL_LOCAL=../pkg-preinstall.local
42 PKG_POSTINSTALL_LOCAL=../pkg-postinstall.local
43 PKG_PREREMOVE_LOCAL=../pkg-preremove.local
44 PKG_POSTREMOVE_LOCAL=../pkg-postremove.local
45 PKG_REQUEST_LOCAL=../pkg-request.local
46 # end of sourced files
48 OPENSSHD=opensshd.init
49 OPENSSH_MANIFEST=openssh.xml
50 OPENSSH_FMRI=svc:/site/openssh:default
52 PATH_GROUPADD_PROG=@PATH_GROUPADD_PROG@
53 PATH_USERADD_PROG=@PATH_USERADD_PROG@
54 PATH_PASSWD_PROG=@PATH_PASSWD_PROG@
56 # list of system directories we do NOT want to change owner/group/perms
57 # when installing our package
68 /lib/svc/method/site \
93 /var/svc/manifest/site \
97 # We may need to build as root so we make sure PATH is set up
98 # only set the path if it's not set already
100 echo $PATH | grep ":/opt/bin" > /dev/null 2>&1
101 [ $? -ne 0 ] && PATH=$PATH:/opt/bin
103 [ -d /usr/local/bin ] && {
104 echo $PATH | grep ":/usr/local/bin" > /dev/null 2>&1
105 [ $? -ne 0 ] && PATH=$PATH:/usr/local/bin
107 [ -d /usr/ccs/bin ] && {
108 echo $PATH | grep ":/usr/ccs/bin" > /dev/null 2>&1
109 [ $? -ne 0 ] && PATH=$PATH:/usr/ccs/bin
115 echo "Please run this script from your build directory"
119 # we will look for openssh-config.local to override the above options
120 [ -s ./openssh-config.local ] && . ./openssh-config.local
125 ## Fill in some details, like prefix and sysconfdir
126 for confvar in prefix exec_prefix bindir sbindir libexecdir datadir mandir sysconfdir piddir srcdir
128 eval $confvar=`grep "^$confvar=" Makefile | cut -d = -f 2`
131 ## Are we using Solaris' SMF?
133 if egrep "^#define USE_SOLARIS_PROCESS_CONTRACTS" config.h > /dev/null 2>&1
138 ## Collect value of privsep user
139 for confvar in SSH_PRIVSEP_USER
141 eval $confvar=`awk '/#define[ \t]'$confvar'/{print $3}' config.h`
144 ## Set privsep defaults if not defined
145 if [ -z "$SSH_PRIVSEP_USER" ]
147 SSH_PRIVSEP_USER=sshd
150 ## Extract common info requires for the 'info' part of the package.
151 VERSION=`./ssh -V 2>&1 | sed -e 's/,.*//'`
156 SCRIPT_SHELL=/sbin/sh
159 SunOS) UNAME_S=Solaris
162 DEF_MSG="(default: n)"
164 SCO_SV) UNAME_S=OpenServer
165 OS_VER=`uname -X | grep Release | sed -e 's/^Rel.*3.2v//'`
168 DEF_MSG="(default: n)"
172 case `basename $0` in
174 ## Start by faking root install
175 echo "Faking root install..."
176 [ -d $FAKE_ROOT ] && rm -fr $FAKE_ROOT
178 ${MAKE} install-nokeys DESTDIR=$FAKE_ROOT
181 echo "Fake root install failed, stopping."
185 ## Setup our run level stuff while we are at it.
188 # For Solaris' SMF, /lib/svc/method/site is the preferred place
189 # for start/stop scripts that aren't supplied with the OS, and
190 # similarly /var/svc/manifest/site for manifests.
191 mkdir -p $FAKE_ROOT${TEST_DIR}/lib/svc/method/site
192 mkdir -p $FAKE_ROOT${TEST_DIR}/var/svc/manifest/site
194 cp ${OPENSSHD} $FAKE_ROOT${TEST_DIR}/lib/svc/method/site/${SYSVINIT_NAME}
195 chmod 744 $FAKE_ROOT${TEST_DIR}/lib/svc/method/site/${SYSVINIT_NAME}
197 cp ${OPENSSH_MANIFEST} $FAKE_ROOT${TEST_DIR}/var/svc/manifest/site
198 chmod 644 $FAKE_ROOT${TEST_DIR}/var/svc/manifest/site/${OPENSSH_MANIFEST}
200 mkdir -p $FAKE_ROOT${TEST_DIR}/etc/init.d
202 cp ${OPENSSHD} $FAKE_ROOT${TEST_DIR}/etc/init.d/${SYSVINIT_NAME}
203 chmod 744 $FAKE_ROOT${TEST_DIR}/etc/init.d/${SYSVINIT_NAME}
206 [ "${PERMIT_ROOT_LOGIN}" = no ] && \
207 perl -p -i -e "s/#PermitRootLogin yes/PermitRootLogin no/" \
208 $FAKE_ROOT/${sysconfdir}/sshd_config
209 [ "${X11_FORWARDING}" = yes ] && \
210 perl -p -i -e "s/#X11Forwarding no/X11Forwarding yes/" \
211 $FAKE_ROOT/${sysconfdir}/sshd_config
213 perl -p -i -e "s/#PrintMotd yes/PrintMotd no/" \
214 $FAKE_ROOT/${sysconfdir}/sshd_config
216 # We don't want to overwrite config files on multiple installs
217 mv $FAKE_ROOT/${sysconfdir}/ssh_config $FAKE_ROOT/${sysconfdir}/ssh_config.default
218 mv $FAKE_ROOT/${sysconfdir}/sshd_config $FAKE_ROOT/${sysconfdir}/sshd_config.default
219 [ -f $FAKE_ROOT/${sysconfdir}/ssh_prng_cmds ] && \
220 mv $FAKE_ROOT/${sysconfdir}/ssh_prng_cmds $FAKE_ROOT/${sysconfdir}/ssh_prng_cmds.default
223 [ -s "${POST_MAKE_INSTALL_FIXES}" ] && . ${POST_MAKE_INSTALL_FIXES}
227 ## Ok, this is outright wrong, but it will work. I'm tired of pkgmk
230 PROTO_ARGS="$PROTO_ARGS $i=/$i";
234 echo "Building pkginfo file..."
235 cat > pkginfo << _EOF
237 NAME="OpenSSH Portable for ${UNAME_S}"
238 DESC="Secure Shell remote access utility; replaces telnet and rlogin/rsh."
239 VENDOR="OpenSSH Portable Team - http://www.openssh.com/portable.html"
242 CATEGORY="Security,application"
245 PSTAMP="${UNAME_S} ${OS_VER} ${ARCH} `date '+%d%b%Y %H:%M'`"
248 ## Build empty depend file that may get updated by $POST_PROTOTYPE_EDITS
249 echo "Building depend file..."
253 echo "Building space file..."
256 # XXX Is this necessary? If not, remove space line from mk-proto.awk.
260 # extra space required by start/stop links added by installf
262 $TEST_DIR/etc/rc0.d/${SYSVINITSTOPT}${SYSVINIT_NAME} 0 1
263 $TEST_DIR/etc/rc2.d/${SYSVINITSTART}${SYSVINIT_NAME} 0 1
265 [ "$RC1_D" = no ] || \
266 echo "$TEST_DIR/etc/rc1.d/${SYSVINITSTOPT}${SYSVINIT_NAME} 0 1" >> space
267 [ "$RCS_D" = yes ] && \
268 echo "$TEST_DIR/etc/rcS.d/${SYSVINITSTOPT}${SYSVINIT_NAME} 0 1" >> space
271 ## Build preinstall file
272 echo "Building preinstall file..."
273 cat > preinstall << _EOF
278 # local preinstall changes here
279 [ -s "${PKG_PREINSTALL_LOCAL}" ] && . ${PKG_PREINSTALL_LOCAL}
281 cat >> preinstall << _EOF
283 if [ "\${PRE_INS_STOP}" = "yes" ]
287 svcadm disable $OPENSSH_FMRI
289 ${TEST_DIR}/etc/init.d/${SYSVINIT_NAME} stop
296 ## Build postinstall file
297 echo "Building postinstall file..."
298 cat > postinstall << _EOF
301 [ -f \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_config ] || \\
302 cp -p \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_config.default \\
303 \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_config
304 [ -f \${PKG_INSTALL_ROOT}${sysconfdir}/sshd_config ] || \\
305 cp -p \${PKG_INSTALL_ROOT}${sysconfdir}/sshd_config.default \\
306 \${PKG_INSTALL_ROOT}${sysconfdir}/sshd_config
307 [ -f \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_prng_cmds.default ] && {
308 [ -f \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_prng_cmds ] || \\
309 cp -p \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_prng_cmds.default \\
310 \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_prng_cmds
313 # make rc?.d dirs only if we are doing a test install
314 [ -n "${TEST_DIR}" ] && [ $DO_SMF -ne 1 ] && {
315 [ "$RCS_D" = yes ] && mkdir -p ${TEST_DIR}/etc/rcS.d
316 mkdir -p ${TEST_DIR}/etc/rc0.d
317 [ "$RC1_D" = no ] || mkdir -p ${TEST_DIR}/etc/rc1.d
318 mkdir -p ${TEST_DIR}/etc/rc2.d
323 # Delete the existing service, if it exists, then import the
325 if svcs $OPENSSH_FMRI > /dev/null 2>&1
327 svccfg delete -f $OPENSSH_FMRI
329 # NOTE, if manifest enables sshd by default, this will actually
330 # start the daemon, which may not be what the user wants.
331 svccfg import ${TEST_DIR}/var/svc/manifest/site/$OPENSSH_MANIFEST
333 if [ "\${USE_SYM_LINKS}" = yes ]
335 [ "$RCS_D" = yes ] && \
336 installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rcS.d/${SYSVINITSTOPT}${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s
337 installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc0.d/${SYSVINITSTOPT}${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s
338 [ "$RC1_D" = no ] || \
339 installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc1.d/${SYSVINITSTOPT}${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s
340 installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc2.d/${SYSVINITSTART}${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s
342 [ "$RCS_D" = yes ] && \
343 installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rcS.d/${SYSVINITSTOPT}${SYSVINIT_NAME}=\${PKG_INSTALL_ROOT}$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l
344 installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc0.d/${SYSVINITSTOPT}${SYSVINIT_NAME}=\${PKG_INSTALL_ROOT}$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l
345 [ "$RC1_D" = no ] || \
346 installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc1.d/${SYSVINITSTOPT}${SYSVINIT_NAME}=\${PKG_INSTALL_ROOT}$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l
347 installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc2.d/${SYSVINITSTART}${SYSVINIT_NAME}=\${PKG_INSTALL_ROOT}$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l
351 # If piddir doesn't exist we add it. (Ie. --with-pid-dir=/var/opt/ssh)
352 [ -d $piddir ] || installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR$piddir d 0755 root sys
356 # local postinstall changes here
357 [ -s "${PKG_POSTINSTALL_LOCAL}" ] && . ${PKG_POSTINSTALL_LOCAL}
359 cat >> postinstall << _EOF
360 installf -f ${PKGNAME}
362 # Use chroot to handle PKG_INSTALL_ROOT
363 if [ ! -z "\${PKG_INSTALL_ROOT}" ]
365 chroot="chroot \${PKG_INSTALL_ROOT}"
367 # If this is a test build, we will skip the groupadd/useradd/passwd commands
368 if [ ! -z "${TEST_DIR}" ]
373 echo "PrivilegeSeparation user always required."
374 if cut -f1 -d: \${PKG_INSTALL_ROOT}/etc/passwd | egrep '^'$SSH_PRIVSEP_USER'\$' >/dev/null
376 echo "PrivSep user $SSH_PRIVSEP_USER already exists."
377 SSH_PRIVSEP_GROUP=\`grep "^$SSH_PRIVSEP_USER:" \${PKG_INSTALL_ROOT}/etc/passwd | awk -F: '{print \$4}'\`
378 SSH_PRIVSEP_GROUP=\`grep ":\$SSH_PRIVSEP_GROUP:" \${PKG_INSTALL_ROOT}/etc/group | awk -F: '{print \$1}'\`
382 [ -z "\$SSH_PRIVSEP_GROUP" ] && SSH_PRIVSEP_GROUP=$SSH_PRIVSEP_USER
385 if cut -f1 -d: \${PKG_INSTALL_ROOT}/etc/group | egrep '^'\$SSH_PRIVSEP_GROUP'\$' >/dev/null
387 echo "PrivSep group \$SSH_PRIVSEP_GROUP already exists."
392 # create group if required
393 [ "\$DO_GROUP" = yes ] && {
394 # Use gid of 67 if possible
395 if cut -f3 -d: \${PKG_INSTALL_ROOT}/etc/group | egrep '^'$SSHDGID'\$' >/dev/null
399 sshdgid="-g $SSHDGID"
401 echo "Creating PrivSep group \$SSH_PRIVSEP_GROUP."
402 \$chroot ${PATH_GROUPADD_PROG} \$sshdgid \$SSH_PRIVSEP_GROUP
405 # Create user if required
406 [ "\$DO_PASSWD" = yes ] && {
407 # Use uid of 67 if possible
408 if cut -f3 -d: \${PKG_INSTALL_ROOT}/etc/passwd | egrep '^'$SSHDUID'\$' >/dev/null
412 sshduid="-u $SSHDUID"
414 echo "Creating PrivSep user $SSH_PRIVSEP_USER."
415 \$chroot ${PATH_USERADD_PROG} -c 'SSHD PrivSep User' -s /bin/false -g $SSH_PRIVSEP_USER \$sshduid $SSH_PRIVSEP_USER
416 \$chroot ${PATH_PASSWD_PROG} -l $SSH_PRIVSEP_USER
419 if [ "\${POST_INS_START}" = "yes" ]
423 # See svccfg import note above. The service may already
425 svcadm enable $OPENSSH_FMRI
427 ${TEST_DIR}/etc/init.d/${SYSVINIT_NAME} start
433 ## Build preremove file
434 echo "Building preremove file..."
435 cat > preremove << _EOF
440 svcadm disable $OPENSSH_FMRI
442 ${TEST_DIR}/etc/init.d/${SYSVINIT_NAME} stop
446 # local preremove changes here
447 [ -s "${PKG_PREREMOVE_LOCAL}" ] && . ${PKG_PREREMOVE_LOCAL}
449 cat >> preremove << _EOF
453 ## Build postremove file
454 echo "Building postremove file..."
455 cat > postremove << _EOF
460 if svcs $OPENSSH_FMRI > /dev/null 2>&1
462 svccfg delete -f $OPENSSH_FMRI
467 # local postremove changes here
468 [ -s "${PKG_POSTREMOVE_LOCAL}" ] && . ${PKG_POSTREMOVE_LOCAL}
470 cat >> postremove << _EOF
474 ## Build request file
475 echo "Building request file..."
476 cat > request << _EOF
481 [ -x /usr/bin/ckyorn ] || cat >> request << _EOF
484 # for some strange reason OpenServer has no ckyorn
485 # We build a striped down version here
488 PROMPT="Yes or No [yes,no,?,quit]"
489 HELP_PROMPT=" Enter y or yes if your answer is yes; n or no if your answer is no."
490 USAGE="usage: ckyorn [options]
491 where options may include:
499 while getopts d:p:h: c
502 h) HELP_PROMPT="\$OPTARG" ;;
503 d) DEFAULT=\$OPTARG ;;
504 p) PROMPT=\$OPTARG ;;
505 \\?) echo "\$USAGE" 1>&2
509 shift \`expr \$OPTIND - 1\`
514 echo "\${PROMPT}\\c " 1>&2
516 [ -z "\$key" ] && key=\$DEFAULT
518 [n,N]|[n,N][o,O]|[y,Y]|[y,Y][e,E][s,S]) echo "\${key}\\c"
520 \\?) echo \$HELP_PROMPT 1>&2 ;;
521 q|quit) echo "q\\c" 1>&2
532 # This could get hairy, as the running sshd may not be under SMF.
533 # We'll assume an earlier version of OpenSSH started via SMF.
534 cat >> request << _EOF
537 # determine if should restart the daemon
538 if [ -s ${piddir}/sshd.pid ] && \
539 /usr/bin/svcs $OPENSSH_FMRI 2>&1 | egrep "^online" > /dev/null 2>&1
542 -p "Should the running sshd daemon be restarted? ${DEF_MSG}"\` || exit \$?
544 [y,Y]*) PRE_INS_STOP=yes
551 # determine if we should start sshd
553 -p "Start the sshd daemon after installing this package? ${DEF_MSG}"\` || exit \$?
555 [y,Y]*) POST_INS_START=yes ;;
559 # make parameters available to installation service,
560 # and so to any other packaging scripts
562 PRE_INS_STOP='\$PRE_INS_STOP'
563 POST_INS_START='\$POST_INS_START'
568 cat >> request << _EOF
572 # Use symbolic links?
574 -p "Do you want symbolic links for the start/stop scripts? ${DEF_MSG}"\` || exit \$?
576 [y,Y]*) USE_SYM_LINKS=yes ;;
579 # determine if should restart the daemon
580 if [ -s ${piddir}/sshd.pid -a -f ${TEST_DIR}/etc/init.d/${SYSVINIT_NAME} ]
583 -p "Should the running sshd daemon be restarted? ${DEF_MSG}"\` || exit \$?
585 [y,Y]*) PRE_INS_STOP=yes
592 # determine if we should start sshd
594 -p "Start the sshd daemon after installing this package? ${DEF_MSG}"\` || exit \$?
596 [y,Y]*) POST_INS_START=yes ;;
600 # make parameters available to installation service,
601 # and so to any other packaging scripts
603 USE_SYM_LINKS='\$USE_SYM_LINKS'
604 PRE_INS_STOP='\$PRE_INS_STOP'
605 POST_INS_START='\$POST_INS_START'
611 # local request changes here
612 [ -s "${PKG_REQUEST_LOCAL}" ] && . ${PKG_REQUEST_LOCAL}
614 cat >> request << _EOF
619 ## Next Build our prototype
620 echo "Building prototype file..."
621 cat >mk-proto.awk << _EOF
622 BEGIN { print "i pkginfo"; print "i depend"; \\
623 print "i preinstall"; print "i postinstall"; \\
624 print "i preremove"; print "i postremove"; \\
625 print "i request"; print "i space"; \\
626 split("$SYSTEM_DIR",sys_files); }
628 for (dir in sys_files) { if ( \$3 != sys_files[dir] )
632 { \$5="root"; \$6="sys"; }
635 { \$4="?"; \$5="?"; \$6="?"; break;}
640 find . | egrep -v "prototype|pkginfo|mk-proto.awk" | sort | \
641 pkgproto $PROTO_ARGS | nawk -f mk-proto.awk > prototype
643 # /usr/local is a symlink on some systems
644 [ "${USR_LOCAL_IS_SYMLINK}" = yes ] && {
645 grep -v "^d none /usr/local ? ? ?$" prototype > prototype.new
646 mv prototype.new prototype
649 ## Step back a directory and now build the package.
651 # local prototype tweeks here
652 [ -s "${POST_PROTOTYPE_EDITS}" ] && . ${POST_PROTOTYPE_EDITS}
654 echo "Building package.."
655 pkgmk -d ${FAKE_ROOT} -f $FAKE_ROOT/prototype -o
656 echo | pkgtrans -os ${FAKE_ROOT} ${START}/$PKGNAME-$VERSION$REV-$UNAME_S-$ARCH.pkg
660 rm -fr ${FAKE_ROOT}/${PKGNAME}
661 grep -v "^PSTAMP=" $FAKE_ROOT/pkginfo > $$tmp
662 mv $$tmp $FAKE_ROOT/pkginfo
663 cat >> $FAKE_ROOT/pkginfo << _EOF
664 PSTAMP="${UNAME_S} ${OS_VER} ${ARCH} `date '+%d%b%Y %H:%M'`"
666 pkgmk -d ${FAKE_ROOT} -f $FAKE_ROOT/prototype -o
667 echo | pkgtrans -os ${FAKE_ROOT} ${START}/$PKGNAME-$VERSION$REV-$UNAME_S-$ARCH.pkg
672 [ "${REMOVE_FAKE_ROOT_WHEN_DONE}" = yes ] && rm -rf $FAKE_ROOT