- (bal) Updated AIX package build. Patch by dtucker@zip.com.au

author: Ben Lindstrom <mouring@eviladmin.org> 2002-06-25 23:38:47 +0000
committer: Ben Lindstrom <mouring@eviladmin.org> 2002-06-25 23:38:47 +0000
commit: 5223727672deba1236c5d5f43c1c363ae85bb94b (patch)
tree: 4beab704a60b57acd175157d61892381b8d41faf
parent: fbcc3f71f24cf92fecc0bd51ec70271e5488e908 (diff)
3 files changed, 182 insertions, 38 deletions
diff --git a/ChangeLog b/ChangeLog
index d3c7590dc..15b2b6eba 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -25,6 +25,7 @@
   - markus@cvs.openbsd.org 2002/06/25 18:51:04
     [sshd.c]
     lightweight do_setusercontext after chroot()
+ - (bal) Updated AIX package build.  Patch by dtucker@zip.com.au
 20020625
 - (stevesk) [INSTALL acconfig.h configure.ac defines.h] remove --with-rsh
@@ -1124,4 +1125,4 @@
 - (stevesk) entropy.c: typo in debug message
 - (djm) ssh-keygen -i needs seeded RNG; report from markus@
-$Id: ChangeLog,v 1.2281 2002/06/25 23:24:18 mouring Exp $
+$Id: ChangeLog,v 1.2282 2002/06/25 23:38:47 mouring Exp $
diff --git a/contrib/aix/README b/contrib/aix/README
index a08c08441..033fd0a5d 100644
--- a/contrib/aix/README
+++ b/contrib/aix/README
@@ -25,6 +25,10 @@ Other notes:
 The script treats all packages as USR packages (not ROOT+USR when
 appropriate).  It seems to work, though......
+If there are any patches to this that have not yet been integrated they
+may be found at http://www.zip.com.au/~dtucker/openssh/ or
+http://home.usf.advantra.com.au/~dtucker/openssh/.
 Disclaimer:
diff --git a/contrib/aix/buildbff.sh b/contrib/aix/buildbff.sh
index 409588484..d531e53f4 100755
--- a/contrib/aix/buildbff.sh
+++ b/contrib/aix/buildbff.sh
@@ -9,28 +9,96 @@
 # Based originally on Ben Lindstrom's buildpkg.sh for Solaris
 #
+#
+# Tunable configuration settings
+#       create a "config.local" in your build directory to override these.
+#
+PERMIT_ROOT_LOGIN=no
+X11_FORWARDING=no
 umask 022
+#
+# We still support running from contrib/aix, but this is depreciated
+#
+if pwd | egrep 'contrib/aix$'
+then
+        echo "Changing directory to `pwd`/../.."
+        echo "Please run buildbff.sh from your build directory in future."
+        cd ../..
+        contribaix=1
+fi
+if [ ! -f Makefile ]
+then
+        echo "Makefile not found (did you run configure?)"
+        exit 1 
+fi
+#
+# Directories used during build:
+# current dir = $objdir         directory you ran ./configure in.
+# $objdir/$PKGDIR/              directory package files are constructed in
+# $objdir/$PKGDIR/root/         package root ($FAKE_ROOT)
+#
+objdir=`pwd`
 PKGNAME=openssh
 PKGDIR=package
-PATH=`pwd`:$PATH                # set path for external tools
+# Path to inventory.sh: same place as buildbff.sh
-export PATH
+if  echo $0 | egrep '^/'
+then
+        inventory=`dirname $0`/inventory.sh             # absolute path
+else
+        inventory=`pwd`/`dirname $0`/inventory.sh       # relative path
+fi
-# Clean build directory 
+#
-rm -rf $PKGDIR
+# Collect local configuration settings to override defaults
-mkdir $PKGDIR
+#
+if [ -s ./config.local ]
+then
+        echo Reading local settings from config.local
+        . ./config.local
+fi
+#
+# Fill in some details from Makefile, like prefix and sysconfdir
+#       the eval also expands variables like sysconfdir=${prefix}/etc
+#       provided they are eval'ed in the correct order
+#
+for confvar in prefix exec_prefix bindir sbindir libexecdir datadir mandir mansubdir sysconfdir piddir srcdir
+do
+        eval $confvar=`grep "^$confvar=" $objdir/Makefile | cut -d = -f 2`
+done
+#
+# Collect values of privsep user and privsep path
+#       currently only found in config.h
+#
+for confvar in SSH_PRIVSEP_USER PRIVSEP_PATH
+do
+        eval $confvar=`awk '/#define[ \t]'$confvar'/{print $3}' $objdir/config.h`
+done
-if [ ! -f ../../Makefile ]
+# Set privsep defaults if not defined
+if [ -z "$SSH_PRIVSEP_USER" ]
 then
-        echo "Top-level Makefile not found (did you run ./configure?)"
+        SSH_PRIVSEP_USER=sshd
-        exit 1
+fi
+if [ -z "$PRIVSEP_PATH" ]
+then
+        PRIVSEP_PATH=/var/empty
 fi
-## Start by faking root install 
+# Clean package build directory 
+rm -rf $objdir/$PKGDIR
+FAKE_ROOT=$objdir/$PKGDIR/root
+mkdir -p $FAKE_ROOT
+# Start by faking root install 
 echo "Faking root install..."
-START=`pwd`
+cd $objdir
-FAKE_ROOT=$START/$PKGDIR
-cd ../.. 
 make install-nokeys DESTDIR=$FAKE_ROOT
 if [ $? -gt 0 ]
@@ -40,6 +108,12 @@ then
 fi
 #
+# Copy informational files to include in package
+#
+cp $srcdir/LICENCE $objdir/$PKGDIR/
+cp $srcdir/README* $objdir/$PKGDIR/
+#
 # Extract common info requires for the 'info' part of the package.
 #       AIX requires 4-part version numbers
 #
@@ -47,24 +121,27 @@ VERSION=`./ssh -V 2>&1 | sed -e 's/,.*//' | cut -f 2 -d _`
 MAJOR=`echo $VERSION | cut -f 1 -d p | cut -f 1 -d .`
 MINOR=`echo $VERSION | cut -f 1 -d p | cut -f 2 -d .`
 PATCH=`echo $VERSION | cut -f 1 -d p | cut -f 3 -d .`
-PORTABLE=`echo $VERSION | cut -f 2 -d p`
+PORTABLE=`echo $VERSION | awk 'BEGIN{FS="p"}{print $2}'`
-if [ "$PATCH" = "" ]
+[ "$PATCH" = "" ] && PATCH=0
-then
+[ "$PORTABLE" = "" ] && PORTABLE=0
-        PATCH=0
-fi
 BFFVERSION=`printf "%d.%d.%d.%d" $MAJOR $MINOR $PATCH $PORTABLE`
 echo "Building BFF for $PKGNAME $VERSION (package version $BFFVERSION)"
 #
-# Fill in some details, like prefix and sysconfdir
+# Set ssh and sshd parameters as per config.local
-#       the eval also expands variables like sysconfdir=${prefix}/etc
-#       provided they are eval'ed in the correct order
 #
-for confvar in prefix exec_prefix bindir sbindir libexecdir datadir mandir mansubdir sysconfdir piddir
+if [ "${PERMIT_ROOT_LOGIN}" = no ] 
-do
+then
-        eval $confvar=`grep "^$confvar=" Makefile | cut -d = -f 2`
+        perl -p -i -e "s/#PermitRootLogin yes/PermitRootLogin no/" \
-done
+                $FAKE_ROOT/${sysconfdir}/sshd_config
+fi
+if [ "${X11_FORWARDING}" = yes ]
+then
+        perl -p -i -e "s/#X11Forwarding no/X11Forwarding yes/" \
+                $FAKE_ROOT/${sysconfdir}/sshd_config
+fi
 # Rename config files; postinstall script will copy them if necessary
 for cfgfile in ssh_config sshd_config ssh_prng_cmds
@@ -74,14 +151,18 @@ done
 #
 # Generate lpp control files.
-#       working dir is $FAKE_ROOT but files are generated in contrib/aix
+#       working dir is $FAKE_ROOT but files are generated in dir above
 #       and moved into place just before creation of .bff
 #
 cd $FAKE_ROOT
 echo Generating LPP control files
 find . ! -name . -print >../openssh.al
-inventory.sh >../openssh.inventory
+$inventory >../openssh.inventory
-cp ../../../LICENCE ../openssh.copyright
+cat <<EOD >../openssh.copyright
+This software is distributed under a BSD-style license.
+For the full text of the license, see /usr/lpp/openssh/LICENCE
+EOD
 #
 # Create postinstall script
@@ -89,7 +170,7 @@ cp ../../../LICENCE ../openssh.copyright
 cat <<EOF >>../openssh.post_i
 #!/bin/sh
-# Create configs from defaults if necessary
+echo Creating configs from defaults if necessary.
 for cfgfile in ssh_config sshd_config ssh_prng_cmds
 do
        if [ ! -f $sysconfdir/\$cfgfile ]
@@ -100,8 +181,51 @@ do
                echo "\$cfgfile already exists."
        fi
 done
+echo
+# Create PrivSep user if PrivSep not disabled in config
+echo Creating PrivSep prereqs if required.
+if egrep '^[ \t]*UsePrivilegeSeparation[ \t]+no' $sysconfdir/sshd_config >/dev/null
+then
+        echo "UsePrivilegeSeparation disabled in config, not creating PrivSep user,"
+        echo "group or chroot directory."
+else
+        echo "UsePrivilegeSeparation enabled in config (or defaulting to on)."
+        # create group if required
+        if cut -f1 -d: /etc/group | egrep '^'$SSH_PRIVSEP_USER'\$' >/dev/null
+        then
+                echo "PrivSep group $SSH_PRIVSEP_USER already exists."
+        else
+                echo "Creating PrivSep group $SSH_PRIVSEP_USER."
+                mkgroup -A $SSH_PRIVSEP_USER
+        fi
+        # Create user if required
+        if cut -f1 -d: /etc/passwd | egrep '^'$SSH_PRIVSEP_USER'\$' >/dev/null
+        then
+                echo "PrivSep user $SSH_PRIVSEP_USER already exists."
+        else
+                echo "Creating PrivSep user $SSH_PRIVSEP_USER."
+                mkuser gecos='SSHD PrivSep User' login=false rlogin=false account_locked=true pgrp=$SSH_PRIVSEP_USER $SSH_PRIVSEP_USER
+        fi
+        # create chroot directory if required
+        if [ -d $PRIVSEP_PATH ]
+        then
+                echo "PrivSep chroot directory $PRIVSEP_PATH already exists."
+        else
+                echo "Creating PrivSep chroot directory $PRIVSEP_PATH."
+                mkdir $PRIVSEP_PATH
+                chown 0 $PRIVSEP_PATH
+                chgrp 0 $PRIVSEP_PATH
+                chmod 755 $PRIVSEP_PATH
+        fi
+fi
+echo
 # Generate keys unless they already exist
+echo Creating host keys if required.
 if [ -f "$sysconfdir/ssh_host_key" ] ; then
        echo "$sysconfdir/ssh_host_key already exists, skipping."
 else
@@ -117,6 +241,7 @@ if [ -f $sysconfdir/ssh_host_rsa_key ] ; then
 else 
        $bindir/ssh-keygen -t rsa -f $sysconfdir/ssh_host_rsa_key -N ""
 fi
+echo
 # Add to system startup if required
 if grep $sbindir/sshd /etc/rc.tcpip >/dev/null
@@ -135,10 +260,10 @@ EOF
 echo Creating liblpp.a
 (
        cd ..
-        for i in al copyright inventory post_i
+        for i in openssh.al openssh.copyright openssh.inventory openssh.post_i LICENCE README*
        do
-                ar -r liblpp.a openssh.$i
+                ar -r liblpp.a $i
-                rm openssh.$i
+                rm $i
        done
 )
@@ -159,6 +284,8 @@ echo Creating liblpp.a
 # /usr/local/share 3
 # %
 # ]
+# }
 echo Creating lpp_name
 cat <<EOF >../lpp_name
 4 R I $PKGNAME {
@@ -167,11 +294,14 @@ $PKGNAME $BFFVERSION 1 N U en_US OpenSSH $VERSION Portable for AIX
 %
 EOF
-for i in $bindir $sysconfdir $libexecdir $mandir/man1 $mandir/man8 $sbindir $datadir
+for i in $bindir $sysconfdir $libexecdir $mandir/${mansubdir}1 $mandir/${mansubdir}8 $sbindir $datadir /usr/lpp/openssh
 do
        # get size in 512 byte blocks
-        size=`du $FAKE_ROOT/$i | awk '{print $1}'`
+        if [ -d $FAKE_ROOT/$i ]
-        echo "$i $size" >>../lpp_name
+        then
+                size=`du $FAKE_ROOT/$i | awk '{print $1}'`
+                echo "$i $size" >>../lpp_name
+        fi
 done
 echo '%' >>../lpp_name
@@ -187,7 +317,7 @@ mv ../lpp_name .
 #
 # Now invoke backup to create .bff file
-#       note: lpp_name needs to be the first file do we generate the
+#       note: lpp_name needs to be the first file so we generate the
 #       file list on the fly and feed it to backup using -i
 #
 echo Creating $PKGNAME-$VERSION.bff with backup...
@@ -197,8 +327,17 @@ rm -f $PKGNAME-$VERSION.bff
        find . ! -name lpp_name -a ! -name . -print 
 ) | backup  -i -q -f ../$PKGNAME-$VERSION.bff $filelist
-cd ..
+#
+# Move package into final location
+#
+if [ "$contribaix" = "1" ]
+then
+        mv ../$PKGNAME-$VERSION.bff $objdir/contrib/aix
+else
+        mv ../$PKGNAME-$VERSION.bff $objdir
+fi
+rm -rf $objdir/$PKGDIR
-rm -rf $PKGDIR
 echo $0: done.
author	Ben Lindstrom <mouring@eviladmin.org>	2002-06-25 23:38:47 +0000
committer	Ben Lindstrom <mouring@eviladmin.org>	2002-06-25 23:38:47 +0000
commit	5223727672deba1236c5d5f43c1c363ae85bb94b (patch)
tree	4beab704a60b57acd175157d61892381b8d41faf
parent	fbcc3f71f24cf92fecc0bd51ec70271e5488e908 (diff)

diff --git a/ChangeLog b/ChangeLog index d3c7590dc..15b2b6eba 100644 --- a/ChangeLog +++ b/ChangeLog
@@ -25,6 +25,7 @@
25	- markus@cvs.openbsd.org 2002/06/25 18:51:04	25	- markus@cvs.openbsd.org 2002/06/25 18:51:04
26	[sshd.c]	26	[sshd.c]
27	lightweight do_setusercontext after chroot()	27	lightweight do_setusercontext after chroot()
		28	- (bal) Updated AIX package build. Patch by dtucker@zip.com.au
28		29
29	20020625	30	20020625
30	- (stevesk) [INSTALL acconfig.h configure.ac defines.h] remove --with-rsh	31	- (stevesk) [INSTALL acconfig.h configure.ac defines.h] remove --with-rsh
@@ -1124,4 +1125,4 @@
1124	- (stevesk) entropy.c: typo in debug message	1125	- (stevesk) entropy.c: typo in debug message
1125	- (djm) ssh-keygen -i needs seeded RNG; report from markus@	1126	- (djm) ssh-keygen -i needs seeded RNG; report from markus@
1126		1127
1127	$Id: ChangeLog,v 1.2281 2002/06/25 23:24:18 mouring Exp $	1128	$Id: ChangeLog,v 1.2282 2002/06/25 23:38:47 mouring Exp $


diff --git a/contrib/aix/README b/contrib/aix/README index a08c08441..033fd0a5d 100644 --- a/contrib/aix/README +++ b/contrib/aix/README
@@ -25,6 +25,10 @@ Other notes:
25	The script treats all packages as USR packages (not ROOT+USR when	25	The script treats all packages as USR packages (not ROOT+USR when
26	appropriate). It seems to work, though......	26	appropriate). It seems to work, though......
27		27
		28	If there are any patches to this that have not yet been integrated they
		29	may be found at http://www.zip.com.au/~dtucker/openssh/ or
		30	http://home.usf.advantra.com.au/~dtucker/openssh/.
		31
28		32
29	Disclaimer:	33	Disclaimer:
30		34


diff --git a/contrib/aix/buildbff.sh b/contrib/aix/buildbff.sh index 409588484..d531e53f4 100755 --- a/contrib/aix/buildbff.sh +++ b/contrib/aix/buildbff.sh
@@ -9,28 +9,96 @@
9	# Based originally on Ben Lindstrom's buildpkg.sh for Solaris	9	# Based originally on Ben Lindstrom's buildpkg.sh for Solaris
10	#	10	#
11		11
		12	#
		13	# Tunable configuration settings
		14	# create a "config.local" in your build directory to override these.
		15	#
		16	PERMIT_ROOT_LOGIN=no
		17	X11_FORWARDING=no
		18
12	umask 022	19	umask 022
		20
		21	#
		22	# We still support running from contrib/aix, but this is depreciated
		23	#
		24	if pwd \| egrep 'contrib/aix$'
		25	then
		26	echo "Changing directory to `pwd`/../.."
		27	echo "Please run buildbff.sh from your build directory in future."
		28	cd ../..
		29	contribaix=1
		30	fi
		31
		32	if [ ! -f Makefile ]
		33	then
		34	echo "Makefile not found (did you run configure?)"
		35	exit 1
		36	fi
		37
		38	#
		39	# Directories used during build:
		40	# current dir = $objdir directory you ran ./configure in.
		41	# $objdir/$PKGDIR/ directory package files are constructed in
		42	# $objdir/$PKGDIR/root/ package root ($FAKE_ROOT)
		43	#
		44	objdir=`pwd`
13	PKGNAME=openssh	45	PKGNAME=openssh
14	PKGDIR=package	46	PKGDIR=package
15		47
16	PATH=`pwd`:$PATH # set path for external tools	48	# Path to inventory.sh: same place as buildbff.sh
17	export PATH	49	if echo $0 \| egrep '^/'
		50	then
		51	inventory=`dirname $0`/inventory.sh # absolute path
		52	else
		53	inventory=`pwd`/`dirname $0`/inventory.sh # relative path
		54	fi
18		55
19	# Clean build directory	56	#
20	rm -rf $PKGDIR	57	# Collect local configuration settings to override defaults
21	mkdir $PKGDIR	58	#
		59	if [ -s ./config.local ]
		60	then
		61	echo Reading local settings from config.local
		62	. ./config.local
		63	fi
		64
		65	#
		66	# Fill in some details from Makefile, like prefix and sysconfdir
		67	# the eval also expands variables like sysconfdir=${prefix}/etc
		68	# provided they are eval'ed in the correct order
		69	#
		70	for confvar in prefix exec_prefix bindir sbindir libexecdir datadir mandir mansubdir sysconfdir piddir srcdir
		71	do
		72	eval $confvar=`grep "^$confvar=" $objdir/Makefile \| cut -d = -f 2`
		73	done
		74
		75	#
		76	# Collect values of privsep user and privsep path
		77	# currently only found in config.h
		78	#
		79	for confvar in SSH_PRIVSEP_USER PRIVSEP_PATH
		80	do
		81	eval $confvar=`awk '/#define[ \t]'$confvar'/{print $3}' $objdir/config.h`
		82	done
22		83
23	if [ ! -f ../../Makefile ]	84	# Set privsep defaults if not defined
		85	if [ -z "$SSH_PRIVSEP_USER" ]
24	then	86	then
25	echo "Top-level Makefile not found (did you run ./configure?)"	87	SSH_PRIVSEP_USER=sshd
26	exit 1	88	fi
		89	if [ -z "$PRIVSEP_PATH" ]
		90	then
		91	PRIVSEP_PATH=/var/empty
27	fi	92	fi
28		93
29	## Start by faking root install	94	# Clean package build directory
		95	rm -rf $objdir/$PKGDIR
		96	FAKE_ROOT=$objdir/$PKGDIR/root
		97	mkdir -p $FAKE_ROOT
		98
		99	# Start by faking root install
30	echo "Faking root install..."	100	echo "Faking root install..."
31	START=`pwd`	101	cd $objdir
32	FAKE_ROOT=$START/$PKGDIR
33	cd ../..
34	make install-nokeys DESTDIR=$FAKE_ROOT	102	make install-nokeys DESTDIR=$FAKE_ROOT
35		103
36	if [ $? -gt 0 ]	104	if [ $? -gt 0 ]
@@ -40,6 +108,12 @@ then
40	fi	108	fi
41		109
42	#	110	#
		111	# Copy informational files to include in package
		112	#
		113	cp $srcdir/LICENCE $objdir/$PKGDIR/
		114	cp $srcdir/README* $objdir/$PKGDIR/
		115
		116	#
43	# Extract common info requires for the 'info' part of the package.	117	# Extract common info requires for the 'info' part of the package.
44	# AIX requires 4-part version numbers	118	# AIX requires 4-part version numbers
45	#	119	#
@@ -47,24 +121,27 @@ VERSION=`./ssh -V 2>&1 \| sed -e 's/,.*//' \| cut -f 2 -d _`
47	MAJOR=`echo $VERSION \| cut -f 1 -d p \| cut -f 1 -d .`	121	MAJOR=`echo $VERSION \| cut -f 1 -d p \| cut -f 1 -d .`
48	MINOR=`echo $VERSION \| cut -f 1 -d p \| cut -f 2 -d .`	122	MINOR=`echo $VERSION \| cut -f 1 -d p \| cut -f 2 -d .`
49	PATCH=`echo $VERSION \| cut -f 1 -d p \| cut -f 3 -d .`	123	PATCH=`echo $VERSION \| cut -f 1 -d p \| cut -f 3 -d .`
50	PORTABLE=`echo $VERSION \| cut -f 2 -d p`	124	PORTABLE=`echo $VERSION \| awk 'BEGIN{FS="p"}{print $2}'`
51	if [ "$PATCH" = "" ]	125	[ "$PATCH" = "" ] && PATCH=0
52	then	126	[ "$PORTABLE" = "" ] && PORTABLE=0
53	PATCH=0
54	fi
55	BFFVERSION=`printf "%d.%d.%d.%d" $MAJOR $MINOR $PATCH $PORTABLE`	127	BFFVERSION=`printf "%d.%d.%d.%d" $MAJOR $MINOR $PATCH $PORTABLE`
56		128
57	echo "Building BFF for $PKGNAME $VERSION (package version $BFFVERSION)"	129	echo "Building BFF for $PKGNAME $VERSION (package version $BFFVERSION)"
58		130
59	#	131	#
60	# Fill in some details, like prefix and sysconfdir	132	# Set ssh and sshd parameters as per config.local
61	# the eval also expands variables like sysconfdir=${prefix}/etc
62	# provided they are eval'ed in the correct order
63	#	133	#
64	for confvar in prefix exec_prefix bindir sbindir libexecdir datadir mandir mansubdir sysconfdir piddir	134	if [ "${PERMIT_ROOT_LOGIN}" = no ]
65	do	135	then
66	eval $confvar=`grep "^$confvar=" Makefile \| cut -d = -f 2`	136	perl -p -i -e "s/#PermitRootLogin yes/PermitRootLogin no/" \
67	done	137	$FAKE_ROOT/${sysconfdir}/sshd_config
		138	fi
		139	if [ "${X11_FORWARDING}" = yes ]
		140	then
		141	perl -p -i -e "s/#X11Forwarding no/X11Forwarding yes/" \
		142	$FAKE_ROOT/${sysconfdir}/sshd_config
		143	fi
		144
68		145
69	# Rename config files; postinstall script will copy them if necessary	146	# Rename config files; postinstall script will copy them if necessary
70	for cfgfile in ssh_config sshd_config ssh_prng_cmds	147	for cfgfile in ssh_config sshd_config ssh_prng_cmds
@@ -74,14 +151,18 @@ done
74		151
75	#	152	#
76	# Generate lpp control files.	153	# Generate lpp control files.
77	# working dir is $FAKE_ROOT but files are generated in contrib/aix	154	# working dir is $FAKE_ROOT but files are generated in dir above
78	# and moved into place just before creation of .bff	155	# and moved into place just before creation of .bff
79	#	156	#
80	cd $FAKE_ROOT	157	cd $FAKE_ROOT
81	echo Generating LPP control files	158	echo Generating LPP control files
82	find . ! -name . -print >../openssh.al	159	find . ! -name . -print >../openssh.al
83	inventory.sh >../openssh.inventory	160	$inventory >../openssh.inventory
84	cp ../../../LICENCE ../openssh.copyright	161
		162	cat <<EOD >../openssh.copyright
		163	This software is distributed under a BSD-style license.
		164	For the full text of the license, see /usr/lpp/openssh/LICENCE
		165	EOD
85		166
86	#	167	#
87	# Create postinstall script	168	# Create postinstall script
@@ -89,7 +170,7 @@ cp ../../../LICENCE ../openssh.copyright
89	cat <<EOF >>../openssh.post_i	170	cat <<EOF >>../openssh.post_i
90	#!/bin/sh	171	#!/bin/sh
91		172
92	# Create configs from defaults if necessary	173	echo Creating configs from defaults if necessary.
93	for cfgfile in ssh_config sshd_config ssh_prng_cmds	174	for cfgfile in ssh_config sshd_config ssh_prng_cmds
94	do	175	do
95	if [ ! -f $sysconfdir/\$cfgfile ]	176	if [ ! -f $sysconfdir/\$cfgfile ]
@@ -100,8 +181,51 @@ do
100	echo "\$cfgfile already exists."	181	echo "\$cfgfile already exists."
101	fi	182	fi
102	done	183	done
		184	echo
		185
		186	# Create PrivSep user if PrivSep not disabled in config
		187	echo Creating PrivSep prereqs if required.
		188	if egrep '^[ \t]*UsePrivilegeSeparation[ \t]+no' $sysconfdir/sshd_config >/dev/null
		189	then
		190	echo "UsePrivilegeSeparation disabled in config, not creating PrivSep user,"
		191	echo "group or chroot directory."
		192	else
		193	echo "UsePrivilegeSeparation enabled in config (or defaulting to on)."
		194
		195	# create group if required
		196	if cut -f1 -d: /etc/group \| egrep '^'$SSH_PRIVSEP_USER'\$' >/dev/null
		197	then
		198	echo "PrivSep group $SSH_PRIVSEP_USER already exists."
		199	else
		200	echo "Creating PrivSep group $SSH_PRIVSEP_USER."
		201	mkgroup -A $SSH_PRIVSEP_USER
		202	fi
		203
		204	# Create user if required
		205	if cut -f1 -d: /etc/passwd \| egrep '^'$SSH_PRIVSEP_USER'\$' >/dev/null
		206	then
		207	echo "PrivSep user $SSH_PRIVSEP_USER already exists."
		208	else
		209	echo "Creating PrivSep user $SSH_PRIVSEP_USER."
		210	mkuser gecos='SSHD PrivSep User' login=false rlogin=false account_locked=true pgrp=$SSH_PRIVSEP_USER $SSH_PRIVSEP_USER
		211	fi
		212
		213	# create chroot directory if required
		214	if [ -d $PRIVSEP_PATH ]
		215	then
		216	echo "PrivSep chroot directory $PRIVSEP_PATH already exists."
		217	else
		218	echo "Creating PrivSep chroot directory $PRIVSEP_PATH."
		219	mkdir $PRIVSEP_PATH
		220	chown 0 $PRIVSEP_PATH
		221	chgrp 0 $PRIVSEP_PATH
		222	chmod 755 $PRIVSEP_PATH
		223	fi
		224	fi
		225	echo
103		226
104	# Generate keys unless they already exist	227	# Generate keys unless they already exist
		228	echo Creating host keys if required.
105	if [ -f "$sysconfdir/ssh_host_key" ] ; then	229	if [ -f "$sysconfdir/ssh_host_key" ] ; then
106	echo "$sysconfdir/ssh_host_key already exists, skipping."	230	echo "$sysconfdir/ssh_host_key already exists, skipping."
107	else	231	else
@@ -117,6 +241,7 @@ if [ -f $sysconfdir/ssh_host_rsa_key ] ; then
117	else	241	else
118	$bindir/ssh-keygen -t rsa -f $sysconfdir/ssh_host_rsa_key -N ""	242	$bindir/ssh-keygen -t rsa -f $sysconfdir/ssh_host_rsa_key -N ""
119	fi	243	fi
		244	echo
120		245
121	# Add to system startup if required	246	# Add to system startup if required
122	if grep $sbindir/sshd /etc/rc.tcpip >/dev/null	247	if grep $sbindir/sshd /etc/rc.tcpip >/dev/null
@@ -135,10 +260,10 @@ EOF
135	echo Creating liblpp.a	260	echo Creating liblpp.a
136	(	261	(
137	cd ..	262	cd ..
138	for i in al copyright inventory post_i	263	for i in openssh.al openssh.copyright openssh.inventory openssh.post_i LICENCE README*
139	do	264	do
140	ar -r liblpp.a openssh.$i	265	ar -r liblpp.a $i
141	rm openssh.$i	266	rm $i
142	done	267	done
143	)	268	)
144		269
@@ -159,6 +284,8 @@ echo Creating liblpp.a
159	# /usr/local/share 3	284	# /usr/local/share 3
160	# %	285	# %
161	# ]	286	# ]
		287	# }
		288
162	echo Creating lpp_name	289	echo Creating lpp_name
163	cat <<EOF >../lpp_name	290	cat <<EOF >../lpp_name
164	4 R I $PKGNAME {	291	4 R I $PKGNAME {
@@ -167,11 +294,14 @@ $PKGNAME $BFFVERSION 1 N U en_US OpenSSH $VERSION Portable for AIX
167	%	294	%
168	EOF	295	EOF
169		296
170	for i in $bindir $sysconfdir $libexecdir $mandir/man1 $mandir/man8 $sbindir $datadir	297	for i in $bindir $sysconfdir $libexecdir $mandir/${mansubdir}1 $mandir/${mansubdir}8 $sbindir $datadir /usr/lpp/openssh
171	do	298	do
172	# get size in 512 byte blocks	299	# get size in 512 byte blocks
173	size=`du $FAKE_ROOT/$i \| awk '{print $1}'`	300	if [ -d $FAKE_ROOT/$i ]
174	echo "$i $size" >>../lpp_name	301	then
		302	size=`du $FAKE_ROOT/$i \| awk '{print $1}'`
		303	echo "$i $size" >>../lpp_name
		304	fi
175	done	305	done
176		306
177	echo '%' >>../lpp_name	307	echo '%' >>../lpp_name
@@ -187,7 +317,7 @@ mv ../lpp_name .
187		317
188	#	318	#
189	# Now invoke backup to create .bff file	319	# Now invoke backup to create .bff file
190	# note: lpp_name needs to be the first file do we generate the	320	# note: lpp_name needs to be the first file so we generate the
191	# file list on the fly and feed it to backup using -i	321	# file list on the fly and feed it to backup using -i
192	#	322	#
193	echo Creating $PKGNAME-$VERSION.bff with backup...	323	echo Creating $PKGNAME-$VERSION.bff with backup...
@@ -197,8 +327,17 @@ rm -f $PKGNAME-$VERSION.bff
197	find . ! -name lpp_name -a ! -name . -print	327	find . ! -name lpp_name -a ! -name . -print
198	) \| backup -i -q -f ../$PKGNAME-$VERSION.bff $filelist	328	) \| backup -i -q -f ../$PKGNAME-$VERSION.bff $filelist
199		329
200	cd ..	330	#
		331	# Move package into final location
		332	#
		333	if [ "$contribaix" = "1" ]
		334	then
		335	mv ../$PKGNAME-$VERSION.bff $objdir/contrib/aix
		336	else
		337	mv ../$PKGNAME-$VERSION.bff $objdir
		338	fi
		339
		340	rm -rf $objdir/$PKGDIR
201		341
202	rm -rf $PKGDIR
203	echo $0: done.	342	echo $0: done.
204		343