# that support the -R option to pkgadd.
#TEST_DIR=/var/tmp # leave commented out for production build
PKGNAME=OpenSSH
+# revisions within the same version (REV=a)
+#REV=
SYSVINIT_NAME=opensshd
+AWK=${AWK:="nawk"}
MAKE=${MAKE:="make"}
SSHDUID=67 # Default privsep uid
SSHDGID=67 # Default privsep gid
SYSVINITSTART=S98
SYSVINITSTOPT=K30
# We will source these if they exist
-POST_MAKE_INSTALL_FIXES=./pkg_post_make_install_fixes.sh
+POST_MAKE_INSTALL_FIXES=./pkg-post-make-install-fixes.sh
POST_PROTOTYPE_EDITS=./pkg-post-prototype-edit.sh
# We'll be one level deeper looking for these
PKG_PREINSTALL_LOCAL=../pkg-preinstall.local
PKG_REQUEST_LOCAL=../pkg-request.local
# end of sourced files
#
-OPENSSHD_IN=@top_srcdir@/contrib/solaris/opensshd.in
+OPENSSHD=opensshd.init
+OPENSSH_MANIFEST=openssh.xml
+OPENSSH_FMRI=svc:/site/openssh:default
PATH_GROUPADD_PROG=@PATH_GROUPADD_PROG@
PATH_USERADD_PROG=@PATH_USERADD_PROG@
/etc/rc1.d \
/etc/rc2.d \
/etc/opt \
+/lib \
+/lib/svc \
+/lib/svc/method \
+/lib/svc/method/site \
/opt \
/opt/bin \
/usr \
/var \
/var/opt \
/var/run \
+/var/svc \
+/var/svc/manifest \
+/var/svc/manifest/site \
/var/tmp \
/tmp"
eval $confvar=`grep "^$confvar=" Makefile | cut -d = -f 2`
done
+## Are we using Solaris' SMF?
+DO_SMF=0
+if egrep "^#define USE_SOLARIS_PROCESS_CONTRACTS" config.h > /dev/null 2>&1
+then
+ DO_SMF=1
+fi
## Collect value of privsep user
for confvar in SSH_PRIVSEP_USER
DEF_MSG="\n"
OS_VER=`uname -v`
SCRIPT_SHELL=/sbin/sh
+UNAME_R=`uname -r`
UNAME_S=`uname -s`
case ${UNAME_S} in
SunOS) UNAME_S=Solaris
+ OS_VER=${UNAME_R}
ARCH=`uname -p`
RCS_D=yes
DEF_MSG="(default: n)"
;;
- SCO_SV) UNAME_S=OpenServer
+ SCO_SV) case ${UNAME_R} in
+ 3.2) UNAME_S=OpenServer5
OS_VER=`uname -X | grep Release | sed -e 's/^Rel.*3.2v//'`
+ ;;
+ 5) UNAME_S=OpenServer6
+ ;;
+ esac
SCRIPT_SHELL=/bin/sh
RC1_D=no
DEF_MSG="(default: n)"
fi
## Setup our run level stuff while we are at it.
-mkdir -p $FAKE_ROOT${TEST_DIR}/etc/init.d
+if [ $DO_SMF -eq 1 ]
+then
+ # For Solaris' SMF, /lib/svc/method/site is the preferred place
+ # for start/stop scripts that aren't supplied with the OS, and
+ # similarly /var/svc/manifest/site for manifests.
+ mkdir -p $FAKE_ROOT${TEST_DIR}/lib/svc/method/site
+ mkdir -p $FAKE_ROOT${TEST_DIR}/var/svc/manifest/site
+
+ cp ${OPENSSHD} $FAKE_ROOT${TEST_DIR}/lib/svc/method/site/${SYSVINIT_NAME}
+ chmod 744 $FAKE_ROOT${TEST_DIR}/lib/svc/method/site/${SYSVINIT_NAME}
+
+ cp ${OPENSSH_MANIFEST} $FAKE_ROOT${TEST_DIR}/var/svc/manifest/site
+ chmod 644 $FAKE_ROOT${TEST_DIR}/var/svc/manifest/site/${OPENSSH_MANIFEST}
+else
+ mkdir -p $FAKE_ROOT${TEST_DIR}/etc/init.d
-## setup our initscript correctly
-sed -e "s#%%configDir%%#${sysconfdir}#g" \
- -e "s#%%openSSHDir%%#$prefix#g" \
- -e "s#%%pidDir%%#${piddir}#g" \
- ${OPENSSHD_IN} > $FAKE_ROOT${TEST_DIR}/etc/init.d/${SYSVINIT_NAME}
-chmod 744 $FAKE_ROOT${TEST_DIR}/etc/init.d/${SYSVINIT_NAME}
+ cp ${OPENSSHD} $FAKE_ROOT${TEST_DIR}/etc/init.d/${SYSVINIT_NAME}
+ chmod 744 $FAKE_ROOT${TEST_DIR}/etc/init.d/${SYSVINIT_NAME}
+fi
[ "${PERMIT_ROOT_LOGIN}" = no ] && \
perl -p -i -e "s/#PermitRootLogin yes/PermitRootLogin no/" \
DESC="Secure Shell remote access utility; replaces telnet and rlogin/rsh."
VENDOR="OpenSSH Portable Team - http://www.openssh.com/portable.html"
ARCH=$ARCH
-VERSION=$VERSION
+VERSION=$VERSION$REV
CATEGORY="Security,application"
BASEDIR=/
CLASSES="none"
## Build space file
echo "Building space file..."
-cat > space << _EOF
-# extra space required by start/stop links added by installf in postinstall
+if [ $DO_SMF -eq 1 ]
+then
+ # XXX Is this necessary? If not, remove space line from mk-proto.awk.
+ touch space
+else
+ cat > space << _EOF
+# extra space required by start/stop links added by installf
+# in postinstall
$TEST_DIR/etc/rc0.d/${SYSVINITSTOPT}${SYSVINIT_NAME} 0 1
$TEST_DIR/etc/rc2.d/${SYSVINITSTART}${SYSVINIT_NAME} 0 1
_EOF
-[ "$RC1_D" = no ] || \
-echo "$TEST_DIR/etc/rc1.d/${SYSVINITSTOPT}${SYSVINIT_NAME} 0 1" >> space
-[ "$RCS_D" = yes ] && \
-echo "$TEST_DIR/etc/rcS.d/${SYSVINITSTOPT}${SYSVINIT_NAME} 0 1" >> space
+ [ "$RC1_D" = no ] || \
+ echo "$TEST_DIR/etc/rc1.d/${SYSVINITSTOPT}${SYSVINIT_NAME} 0 1" >> space
+ [ "$RCS_D" = yes ] && \
+ echo "$TEST_DIR/etc/rcS.d/${SYSVINITSTOPT}${SYSVINIT_NAME} 0 1" >> space
+fi
## Build preinstall file
echo "Building preinstall file..."
cat >> preinstall << _EOF
#
-[ "\${PRE_INS_STOP}" = "yes" ] && ${TEST_DIR}/etc/init.d/${SYSVINIT_NAME} stop
+if [ "\${PRE_INS_STOP}" = "yes" ]
+then
+ if [ $DO_SMF -eq 1 ]
+ then
+ svcadm disable $OPENSSH_FMRI
+ else
+ ${TEST_DIR}/etc/init.d/${SYSVINIT_NAME} stop
+ fi
+fi
+
exit 0
_EOF
}
# make rc?.d dirs only if we are doing a test install
-[ -n "${TEST_DIR}" ] && {
+[ -n "${TEST_DIR}" ] && [ $DO_SMF -ne 1 ] && {
[ "$RCS_D" = yes ] && mkdir -p ${TEST_DIR}/etc/rcS.d
mkdir -p ${TEST_DIR}/etc/rc0.d
[ "$RC1_D" = no ] || mkdir -p ${TEST_DIR}/etc/rc1.d
mkdir -p ${TEST_DIR}/etc/rc2.d
}
-if [ "\${USE_SYM_LINKS}" = yes ]
+if [ $DO_SMF -eq 1 ]
then
- [ "$RCS_D" = yes ] && \
-installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rcS.d/${SYSVINITSTOPT}${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s
- installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc0.d/${SYSVINITSTOPT}${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s
- [ "$RC1_D" = no ] || \
- installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc1.d/${SYSVINITSTOPT}${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s
- installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc2.d/${SYSVINITSTART}${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s
+ # Delete the existing service, if it exists, then import the
+ # new one.
+ if svcs $OPENSSH_FMRI > /dev/null 2>&1
+ then
+ svccfg delete -f $OPENSSH_FMRI
+ fi
+ # NOTE, if manifest enables sshd by default, this will actually
+ # start the daemon, which may not be what the user wants.
+ svccfg import ${TEST_DIR}/var/svc/manifest/site/$OPENSSH_MANIFEST
else
- [ "$RCS_D" = yes ] && \
-installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rcS.d/${SYSVINITSTOPT}${SYSVINIT_NAME}=$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l
- installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc0.d/${SYSVINITSTOPT}${SYSVINIT_NAME}=$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l
- [ "$RC1_D" = no ] || \
- installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc1.d/${SYSVINITSTOPT}${SYSVINIT_NAME}=$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l
- installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc2.d/${SYSVINITSTART}${SYSVINIT_NAME}=$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l
+ if [ "\${USE_SYM_LINKS}" = yes ]
+ then
+ [ "$RCS_D" = yes ] && \
+ installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rcS.d/${SYSVINITSTOPT}${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s
+ installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc0.d/${SYSVINITSTOPT}${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s
+ [ "$RC1_D" = no ] || \
+ installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc1.d/${SYSVINITSTOPT}${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s
+ installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc2.d/${SYSVINITSTART}${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s
+ else
+ [ "$RCS_D" = yes ] && \
+ installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rcS.d/${SYSVINITSTOPT}${SYSVINIT_NAME}=\${PKG_INSTALL_ROOT}$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l
+ installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc0.d/${SYSVINITSTOPT}${SYSVINIT_NAME}=\${PKG_INSTALL_ROOT}$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l
+ [ "$RC1_D" = no ] || \
+ installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc1.d/${SYSVINITSTOPT}${SYSVINIT_NAME}=\${PKG_INSTALL_ROOT}$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l
+ installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc2.d/${SYSVINITSTART}${SYSVINIT_NAME}=\${PKG_INSTALL_ROOT}$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l
+ fi
fi
# If piddir doesn't exist we add it. (Ie. --with-pid-dir=/var/opt/ssh)
chroot=echo
fi
-if egrep '^[ \t]*UsePrivilegeSeparation[ \t]+no' \${PKG_INSTALL_ROOT}/$sysconfdir/sshd_config >/dev/null
-then
- echo "UsePrivilegeSeparation disabled in config, not creating PrivSep user"
- echo "or group."
-else
- echo "UsePrivilegeSeparation enabled in config (or defaulting to on)."
+ echo "PrivilegeSeparation user always required."
+ if cut -f1 -d: \${PKG_INSTALL_ROOT}/etc/passwd | egrep '^'$SSH_PRIVSEP_USER'\$' >/dev/null
+ then
+ echo "PrivSep user $SSH_PRIVSEP_USER already exists."
+ SSH_PRIVSEP_GROUP=\`grep "^$SSH_PRIVSEP_USER:" \${PKG_INSTALL_ROOT}/etc/passwd | awk -F: '{print \$4}'\`
+ SSH_PRIVSEP_GROUP=\`grep ":\$SSH_PRIVSEP_GROUP:" \${PKG_INSTALL_ROOT}/etc/group | awk -F: '{print \$1}'\`
+ else
+ DO_PASSWD=yes
+ fi
+ [ -z "\$SSH_PRIVSEP_GROUP" ] && SSH_PRIVSEP_GROUP=$SSH_PRIVSEP_USER
- # create group if required
- if cut -f1 -d: \${PKG_INSTALL_ROOT}/etc/group | egrep '^'$SSH_PRIVSEP_USER'\$' >/dev/null
+ # group required?
+ if cut -f1 -d: \${PKG_INSTALL_ROOT}/etc/group | egrep '^'\$SSH_PRIVSEP_GROUP'\$' >/dev/null
then
- echo "PrivSep group $SSH_PRIVSEP_USER already exists."
+ echo "PrivSep group \$SSH_PRIVSEP_GROUP already exists."
else
+ DO_GROUP=yes
+ fi
+
+ # create group if required
+ [ "\$DO_GROUP" = yes ] && {
# Use gid of 67 if possible
if cut -f3 -d: \${PKG_INSTALL_ROOT}/etc/group | egrep '^'$SSHDGID'\$' >/dev/null
then
else
sshdgid="-g $SSHDGID"
fi
- echo "Creating PrivSep group $SSH_PRIVSEP_USER."
- \$chroot ${PATH_GROUPADD_PROG} \$sshdgid $SSH_PRIVSEP_USER
- fi
+ echo "Creating PrivSep group \$SSH_PRIVSEP_GROUP."
+ \$chroot ${PATH_GROUPADD_PROG} \$sshdgid \$SSH_PRIVSEP_GROUP
+ }
# Create user if required
- if cut -f1 -d: \${PKG_INSTALL_ROOT}/etc/passwd | egrep '^'$SSH_PRIVSEP_USER'\$' >/dev/null
- then
- echo "PrivSep user $SSH_PRIVSEP_USER already exists."
- else
+ [ "\$DO_PASSWD" = yes ] && {
# Use uid of 67 if possible
- if cut -f3 -d: \${PKG_INSTALL_ROOT}/etc/passwd | egrep '^'$SSHDGID'\$' >/dev/null
+ if cut -f3 -d: \${PKG_INSTALL_ROOT}/etc/passwd | egrep '^'$SSHDUID'\$' >/dev/null
then
:
else
echo "Creating PrivSep user $SSH_PRIVSEP_USER."
\$chroot ${PATH_USERADD_PROG} -c 'SSHD PrivSep User' -s /bin/false -g $SSH_PRIVSEP_USER \$sshduid $SSH_PRIVSEP_USER
\$chroot ${PATH_PASSWD_PROG} -l $SSH_PRIVSEP_USER
+ }
+
+if [ "\${POST_INS_START}" = "yes" ]
+then
+ if [ $DO_SMF -eq 1 ]
+ then
+ # See svccfg import note above. The service may already
+ # be started.
+ svcadm enable $OPENSSH_FMRI
+ else
+ ${TEST_DIR}/etc/init.d/${SYSVINIT_NAME} start
fi
fi
-
-[ "\${POST_INS_START}" = "yes" ] && ${TEST_DIR}/etc/init.d/${SYSVINIT_NAME} start
exit 0
_EOF
cat > preremove << _EOF
#! ${SCRIPT_SHELL}
#
-${TEST_DIR}/etc/init.d/${SYSVINIT_NAME} stop
+if [ $DO_SMF -eq 1 ]
+then
+ svcadm disable $OPENSSH_FMRI
+else
+ ${TEST_DIR}/etc/init.d/${SYSVINIT_NAME} stop
+fi
_EOF
# local preremove changes here
cat > postremove << _EOF
#! ${SCRIPT_SHELL}
#
+if [ $DO_SMF -eq 1 ]
+then
+ if svcs $OPENSSH_FMRI > /dev/null 2>&1
+ then
+ svccfg delete -f $OPENSSH_FMRI
+ fi
+fi
_EOF
# local postremove changes here
[ -x /usr/bin/ckyorn ] || cat >> request << _EOF
ckyorn() {
-# for some strange reason OpenServer has no ckyorn
+# for some strange reason OpenServer5 has no ckyorn
# We build a striped down version here
DEFAULT=n
_EOF
-cat >> request << _EOF
+if [ $DO_SMF -eq 1 ]
+then
+ # This could get hairy, as the running sshd may not be under SMF.
+ # We'll assume an earlier version of OpenSSH started via SMF.
+ cat >> request << _EOF
+PRE_INS_STOP=no
+POST_INS_START=no
+# determine if should restart the daemon
+if [ -s ${piddir}/sshd.pid ] && \
+ /usr/bin/svcs $OPENSSH_FMRI 2>&1 | egrep "^online" > /dev/null 2>&1
+then
+ ans=\`ckyorn -d n \
+-p "Should the running sshd daemon be restarted? ${DEF_MSG}"\` || exit \$?
+ case \$ans in
+ [y,Y]*) PRE_INS_STOP=yes
+ POST_INS_START=yes
+ ;;
+ esac
+
+else
+
+# determine if we should start sshd
+ ans=\`ckyorn -d n \
+-p "Start the sshd daemon after installing this package? ${DEF_MSG}"\` || exit \$?
+ case \$ans in
+ [y,Y]*) POST_INS_START=yes ;;
+ esac
+fi
+
+# make parameters available to installation service,
+# and so to any other packaging scripts
+cat >\$1 <<!
+PRE_INS_STOP='\$PRE_INS_STOP'
+POST_INS_START='\$POST_INS_START'
+!
+
+_EOF
+else
+ cat >> request << _EOF
USE_SYM_LINKS=no
PRE_INS_STOP=no
POST_INS_START=no
!
_EOF
+fi
# local request changes here
[ -s "${PKG_REQUEST_LOCAL}" ] && . ${PKG_REQUEST_LOCAL}
_EOF
find . | egrep -v "prototype|pkginfo|mk-proto.awk" | sort | \
- pkgproto $PROTO_ARGS | nawk -f mk-proto.awk > prototype
+ pkgproto $PROTO_ARGS | ${AWK} -f mk-proto.awk > prototype
# /usr/local is a symlink on some systems
[ "${USR_LOCAL_IS_SYMLINK}" = yes ] && {
echo "Building package.."
pkgmk -d ${FAKE_ROOT} -f $FAKE_ROOT/prototype -o
-echo | pkgtrans -os ${FAKE_ROOT} ${START}/$PKGNAME-$VERSION-$UNAME_S-$ARCH.pkg
+echo | pkgtrans -os ${FAKE_ROOT} ${START}/$PKGNAME-$VERSION$REV-$UNAME_S-$ARCH.pkg
;;
justpkg.sh)
PSTAMP="${UNAME_S} ${OS_VER} ${ARCH} `date '+%d%b%Y %H:%M'`"
_EOF
pkgmk -d ${FAKE_ROOT} -f $FAKE_ROOT/prototype -o
-echo | pkgtrans -os ${FAKE_ROOT} ${START}/$PKGNAME-$VERSION-$UNAME_S-$ARCH.pkg
+echo | pkgtrans -os ${FAKE_ROOT} ${START}/$PKGNAME-$VERSION$REV-$UNAME_S-$ARCH.pkg
;;
esac
[ "${REMOVE_FAKE_ROOT_WHEN_DONE}" = yes ] && rm -rf $FAKE_ROOT
+exit 0