- (djm) Add Solaris package support from Rip Loomis <loomisg@cist.saic.com>

8 files changed, 619 insertions, 0 deletions

diff --git a/contrib/solaris/README b/contrib/solaris/README
new file mode 100644
index 000000000..e5445c3ac
--- /dev/null
+++ b/contrib/solaris/README
@@ -0,0 +1,82 @@
+README for OpenSSH Solaris packaging scripts
+Rip Loomis <loomisg@saic.com> - 2000-08-02
+
+To use, simply expand this tarball under your main
+OpenSSH source directory--it will create a
+contrib/solaris subdirectory.  Run configure and
+make in OpenSSH as before.  Then, from either
+that directory or the main OpenSSH source directory,
+run the command "build-pkg" (specifying the
+appropriate path of course.)  A subdirectory
+will be created as contrib/solaris/build-SSH-package,
+and after the build is done the package will be
+present in that build-SSH-package directory
+with a name of the form
+OPENssh-$SSHversion-$arch-$OSversion[-$installLocation]
+
+The build and install scripts should take into account
+most possible situations (existing SSH installation,
+differences in Solaris version between build and
+target systems, changes you have made to the default
+configuration, etc.)  I would appreciate any feedback
+or comments.
+
+Copyright information is included below, followed by the known issue list.
+Both are taken verbatim from the "build-pkg" script.
+
+# OpenSSH solaris build script and supporting data files
+# Copyright (c) 2000 Rip Loomis and
+#   Science Applications International Corporation (SAIC)
+#   (http://www.cist-east.saic.com).  All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+#    notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+#    notice, this list of conditions and the following disclaimer in the
+#    documentation and/or other materials provided with the distribution.
+# 3. The name of the author may not be used to endorse or promote products
+#    derived from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+# IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+# IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+# Obviously, without all the hard work of the OpenBSD OpenSSH developers
+# and the OpenSSH Portability Team, these scripts would be pointless...
+# so thanks again folks!
+#=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
+
+#### Known issues
+# These methods are generally based on a "default" compilation of
+# OpenSSH on Solaris--so the more things that you change from the default,
+# the greater the chance that something in the script won't be able to
+# handle the changes.  In general, though, most things should be determined
+# from your compile environment--the architecture, SSH version, and
+# other related data should all get picked up by this script.  The script
+# and data files were last updated to match OpenSSH 2.1.1p4.
+#
+# All building and packaging is done under a temporary directory that is
+# itself created under the contrib/solaris directory--so there shouldn't
+# be any special security issues (or need for root access during the
+# packaging process).  The temporary directory is defined below as
+# ${BUILDDIR}.
+#
+# The permissions on the installed files are based on how we prefer to
+# do things here--so nothing is installed SetUID to root.
+#
+# The post-install script makes a good-faith attempt to install a
+# functional configuration on your system.  I would be interested in hearing
+# of any failure modes that are found, as I tried to compensate for all
+# the ones that showed up here when we started replacing all the
+# different installed versions of SSH.
+
diff --git a/contrib/solaris/build-pkg b/contrib/solaris/build-pkg
new file mode 100755
index 000000000..5f2e3addd
--- /dev/null
+++ b/contrib/solaris/build-pkg
@@ -0,0 +1,207 @@
+#!/bin/sh
+
+# OpenSSH solaris build script and supporting data files
+# Copyright (c) 2000 Rip Loomis and
+#   Science Applications International Corporation (SAIC)
+#   (http://www.cist-east.saic.com).  All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+#    notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+#    notice, this list of conditions and the following disclaimer in the
+#    documentation and/or other materials provided with the distribution.
+# 3. The name of the author may not be used to endorse or promote products
+#    derived from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+# IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+# IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+# Obviously, without all the hard work of the OpenBSD OpenSSH developers
+# and the OpenSSH Portability Team, these scripts would be pointless...
+# so thanks again folks!
+#=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
+
+#### Known issues
+# These methods are generally based on a "default" compilation of
+# OpenSSH on Solaris--so the more things that you change from the default,
+# the greater the chance that something in the script won't be able to
+# handle the changes.  In general, though, most things should be determined
+# from your compile environment--the architecture, SSH version, and
+# other related data should all get picked up by this script.  The script
+# and data files were last updated to match OpenSSH 2.1.1p4.
+#
+# All building and packaging is done under a temporary directory that is
+# itself created under the contrib/solaris directory--so there shouldn't
+# be any special security issues (or need for root access during the
+# packaging process).  The temporary directory is defined below as
+# ${BUILDDIR}.
+#
+# The permissions on the installed files are based on how we prefer to
+# do things here--so nothing is installed SetUID to root.
+#
+# The post-install script makes a good-faith attempt to install a
+# functional configuration on your system.  I would be interested in hearing
+# of any failure modes that are found, as I tried to compensate for all
+# the ones that showed up here when we started replacing all the
+# different installed versions of SSH.
+
+#### Body of the script (finally!)
+# We expect to be building the solaris package under the contrib/solaris
+# directory--but the build-package script might be run with a relative
+# path by a user in the main SSH directory...so we try to handle this
+# case.  Note that this is still a quick and dirty solution, not robust.
+
+if [ -f sshd.c ]; then
+   cd contrib/solaris >/dev/null
+fi
+
+# Locations of standard binaries
+UNAME=/usr/bin/uname
+SED=/usr/bin/sed
+PWD=/usr/bin/pwd
+CUT=/usr/bin/cut
+STRIP=/usr/ccs/bin/strip
+PKGMK=/usr/bin/pkgmk
+PKGTRANS=/usr/bin/pkgtrans
+GREP=/usr/bin/grep
+DATE=/usr/bin/date
+
+CURRDIR=`${PWD}`
+BUILDDIR=${CURRDIR}/build-SSH-package
+# If you really want to name the package "ssh" then go ahead, but the
+# Sun convention is that the first 2-4 characters are supposed to be
+# uppercase representing the company or organization that produced the
+# software, and the next 3-5 characters are supposed to be lowercase
+# identifying the specific software.  The best package names I could
+# come up with were "OBSDssh" or "OPENssh", given those constraints.
+PKGNAME="OPENssh"
+# PSTAMP is a standard setting in the 'pkginfo' file that helps to identify
+# the time and location that the packaging was done.
+PSTAMP="`${UNAME} -n`-`${DATE} +%Y-%m-%d-%H%M`"
+# The several lines below are designed to pull the relevant information
+# out of the Makefile.  It may be simpler to hard-code this if you have
+# made changes and these lines don't find them. 
+prefix=`${GREP} "^prefix=" ../../Makefile | ${CUT} -d = -f 2`
+execprefix=`${GREP} "^execprefix=" ../../Makefile | ${CUT} -d = -f 2`
+INSTROOT=${prefix:=/usr/local}
+ETCDIR=`${GREP} "^ETCDIR=" ../../Makefile | ${CUT} -d = -f 2`
+PIDDIR=`${GREP} "^piddir=" ../../Makefile | ${CUT} -d = -f 2`
+
+if [ ! -f ../../sshd ]; then
+   echo "Unable to locate sshd binary where I expected, and can't continue."
+   echo "Verify that the SSH configure/make has been completed, and that"
+   echo "  this script is being run from within the SSH source tree."
+   exit 1
+fi
+
+
+VERSION=`${GREP} "SSH_VERSION" ../../version.h | ${CUT} -f 2 | sed -e 's/"//g' -e 's/OpenSSH_//g'`
+# Extra shenanigans to compensate for Sun marketeer tricks with Solaris
+# version numbering...
+OSMINOR=`${UNAME} -r | ${CUT} -f 2 -d .`
+if [ $OSMINOR -gt 6 ]; then
+    OSVERSION=$OSMINOR
+else
+    OSVERSION=`${UNAME} -r | ${SED} 's/5/2/'`
+fi
+ARCH=`$UNAME -p`
+SHORTINSTROOT=""
+if [ "$INSTROOT" = "/usr/local" ]; then
+  SHORTINSTROOT="-local"
+else
+  if [ "$INSTROOT" = "/opt" ]; then
+    SHORTINSTROOT="-opt"
+  fi
+fi
+
+DESTFILE="${PKGNAME}-${VERSION}-sol${OSVERSION}-${ARCH}${SHORTINSTROOT}"
+
+echo "Building Solaris package of OpenSSH ${VERSION} in\n\t${BUILDDIR}."
+echo "Binaries were compiled for Solaris ${OSVERSION} (${ARCH})"
+echo "The installable package will be named ${DESTFILE}."
+echo "When installed, the package will be located under ${INSTROOT}."
+echo ""
+
+echo "Cleaning up old build files..."
+rm -rf $BUILDDIR
+mkdir $BUILDDIR
+cd $BUILDDIR
+
+echo "Setting up build directories..."
+mkdir -p ${BUILDDIR}/man/man1
+# Need manpages for sshd_config(5) and ssh_config(5), but we don't yet have.
+#mkdir -p ${BUILDDIR}/man/man5
+mkdir -p ${BUILDDIR}/man/man8
+mkdir -p ${BUILDDIR}/etc
+mkdir -p ${BUILDDIR}/bin
+mkdir -p ${BUILDDIR}/sbin
+
+echo "Populating build directories..."
+cp -p ../../../sshd sbin
+cp -p ../../../ssh-keygen bin
+cp -p ../../../ssh bin
+cp -p ../../../ssh-add bin
+cp -p ../../../ssh-agent bin
+cp -p ../../../scp bin
+cp -p ../../../scp.1 man/man1/scp.1
+cp -p ../../../ssh-add.1 man/man1/ssh-add.1
+cp -p ../../../ssh-agent.1 man/man1/ssh-agent.1
+cp -p ../../../ssh-keygen.1 man/man1/ssh-keygen.1
+cp -p ../../../ssh.1 man/man1/ssh.1
+cp -p ../../../sshd.8 man/man8/sshd.8
+cp -p ../../../sshd_config.out etc/sshd_config.default 
+cp -p ../../../ssh_config.out etc/ssh_config.default
+cp -p ../../../ssh_prng_cmds etc/ssh_prng_cmds.default
+
+# One of the annoying things about the Solaris packaging process is that
+# there's no simple way to prototype on the fly--so make sure you edit
+# the prototype file if you add/subtract files from the mix.
+cp -p ../prototype .
+cp -p ../preremove .
+
+echo "Creating compile-dependent files from their prototypes"
+$SED -e "s/%%PKGNAME%%/${PKGNAME}/g" -e "s|%%BASEDIR%%|${INSTROOT}|g" -e "s/%%VERSION%%/${VERSION}/g" -e "s/%%ARCH%%/${ARCH}/g" -e "s/%%OSVERSION%%/${OSVERSION}/g" <../pkginfo.in >./pkginfo
+$SED -e "s/%%PKGNAME%%/${PKGNAME}/g" -e "s/%%OSMINOR%%/${OSMINOR}/g" -e "s/%%OSVERSION%%/${OSVERSION}/g" <../checkinstall.in >./checkinstall
+$SED -e "s|%%PIDDIR%%|${PIDDIR}|g" <../postinstall.in >./postinstall
+$SED -e "s|%%PIDDIR%%|${PIDDIR}|g" <../sshd-initscript.in > etc/sshd-initscript
+
+echo "Stripping binaries"
+${STRIP} bin/ssh
+${STRIP} bin/ssh-add
+${STRIP} bin/ssh-agent
+${STRIP} bin/ssh-keygen
+${STRIP} sbin/sshd
+${STRIP} bin/scp
+
+echo ""
+echo "Building Package"
+
+cd ${BUILDDIR}
+$PKGMK -o -r . -p ${PSTAMP} -d ${BUILDDIR}
+
+if [ $? -gt 0 ]; then
+   echo "Error performing pkgmk--cannot continue."
+   exit 1
+fi
+
+echo ""
+echo "Translating Package Tree into Installable Image"
+$PKGTRANS -s ${BUILDDIR} ${BUILDDIR}/${DESTFILE} OPENssh
+
+if [ $? -gt 0 ]; then
+   echo "Error performing pkgtrans--cannot continue."
+   exit 1
+fi
+
+echo "Done.  Package is in ${BUILDDIR}/${DESTFILE} !"
diff --git a/contrib/solaris/checkinstall.in b/contrib/solaris/checkinstall.in
new file mode 100644
index 000000000..37571936a
--- /dev/null
+++ b/contrib/solaris/checkinstall.in
@@ -0,0 +1,37 @@
+#!/bin/sh
+echo "Checking SunOS revision..."
+MINOR=`/bin/uname -r | /bin/cut -d "." -f 2`
+if [ ${MINOR} -lt %%OSMINOR%% ]; then
+   echo "This package was created on Solaris %%OSVERSION%%, and will probably"
+   echo "  not function correctly on older versions of Solaris."
+   echo "** Unable to continue. **"
+   exit 3
+fi
+echo "\t...revision okay."
+
+echo "Checking for existing SSH installation..."
+if [ -f /etc/sshd_config -o -f /usr/local/etc/sshd_config ]; then
+   UPDATE=1
+fi
+if [ -f /etc/ssh_host_key -o -f /usr/local/etc/ssh_host_key ]; then
+   UPDATE=1
+fi
+
+if [ ${UPDATE} -eq 1 ]; then
+   echo "Performing an \"update\" installation of %%PKGNAME%%"
+else
+   echo "Performing a \"fresh\" installation of %%PKGNAME%%"
+fi
+echo ""
+
+# We derive these at install time in case the package is relocated.
+CONFDIR="${BASEDIR}/etc"
+DESTBIN="${BASEDIR}/bin"
+
+# make parameters available to installation service, and
+# so to any other packaging scripts
+cat >$1 <<!
+CONFDIR='$CONFDIR'
+DESTBIN='$DESTBIN'
+UPDATE='$UPDATE'
+!
diff --git a/contrib/solaris/pkginfo.in b/contrib/solaris/pkginfo.in
new file mode 100644
index 000000000..4953d7d8e
--- /dev/null
+++ b/contrib/solaris/pkginfo.in
@@ -0,0 +1,17 @@
+CLASSES=none
+BASEDIR="%%BASEDIR%%"
+PATH=/sbin:/usr/sbin:/usr/bin:/usr/sadm/install/bin
+OAMBASE=/usr/sadm/sysadm
+PKG=%%PKGNAME%%
+NAME="OpenSSH %%VERSION%% %%ARCH%%"
+DESC="Secure Shell remote access utility; replaces telnet and rlogin/rsh.  OpenBSD version ported to Solaris.  Compiled on Solaris %%OSVERSION%%"
+ARCH="%%ARCH%%"
+VERSION="%%VERSION%%"
+CATEGORY=utility,application
+VENDOR="Software produced by OpenSSH Portability Team, http://www.openssh.com/portable.html"
+EMAIL="OpenSSH Development List <openssh-unix-dev@mindrot.org>"
+PKGINST=%%PKGNAME%%
+PKGSAV=/var/sadm/pkg/%%PKGNAME%%/save
+ISTATES="S s 1 2 3"
+RSTATES="S s 1 2 3"
+UPDATE=0
diff --git a/contrib/solaris/postinstall.in b/contrib/solaris/postinstall.in
new file mode 100644
index 000000000..58d773f87
--- /dev/null
+++ b/contrib/solaris/postinstall.in
@@ -0,0 +1,198 @@
+# PostInstall script for OPENssh
+INSTALLF="/usr/sbin/installf"
+
+instbackup() {
+    _DIRECTORY=$1
+    _FILEBASE=$2
+    $INSTALLF $PKGINST ${_DIRECTORY}/${_FILEBASE}
+    _SUFFIX=`/usr/bin/date +%Y-%m-%d-%H%M`
+    if [ -f ${_DIRECTORY}/${_FILEBASE} ]; then
+        echo "   Backing up file ${_FILEBASE}..."
+        if [ -f ${_DIRECTORY}/${_FILEBASE}.orig ]; then
+            $INSTALLF $PKGINST ${_DIRECTORY}/${_FILEBASE}.orig.${_SUFFIX}
+            cp -p ${_DIRECTORY}/${_FILEBASE} ${_DIRECTORY}/${_FILEBASE}.orig.${_SUFFIX}
+            echo "   Saved as ${_DIRECTORY}/${_FILEBASE}.orig.${_SUFFIX}."
+        else 
+            $INSTALLF $PKGINST ${_DIRECTORY}/${_FILEBASE}.orig
+            cp -p ${_DIRECTORY}/${_FILEBASE} ${_DIRECTORY}/${_FILEBASE}.orig
+            echo "   Saved as ${_DIRECTORY}/${_FILEBASE}.orig."
+        fi
+    fi
+    cp -p ${_DIRECTORY}/${_FILEBASE}.default ${_DIRECTORY}/${_FILEBASE}
+    echo "Installed new ${_DIRECTORY}/${_FILEBASE} configuration file."
+} 
+
+### Main body of script
+
+echo ""
+echo "Beginning postinstall script--this script should leave you with a"
+echo "functional and operational configuration of OpenSSH."
+echo ""
+
+if [ ! "${UPDATE}" = "1" ]; then
+    echo "Performing a \"fresh\" installation of OpenSSH."
+    ### Install init script and create symlinks
+    $INSTALLF $PKGINST ${PKG_INSTALL_ROOT}/etc/init.d/sshd f 0500 root sys || exit 2
+    cp -p ${CONFDIR}/sshd-initscript ${PKG_INSTALL_ROOT}/etc/init.d/sshd
+    $INSTALLF $PKGINST ${PKG_INSTALL_ROOT}/etc/rc2.d/S72local_sshd=/etc/init.d/sshd s || exit 2
+    $INSTALLF $PKGINST ${PKG_INSTALL_ROOT}/etc/rc1.d/K30local_sshd=/etc/init.d/sshd s || exit 2
+    $INSTALLF $PKGINST ${PKG_INSTALL_ROOT}/etc/rc0.d/K30local_sshd=/etc/init.d/sshd s || exit 2
+
+    ### The initial package installation leaves default versions of
+    ### ssh_prng_cmds, ssh_config, and sshd_config in ${CONFDIR}.  Now
+    ### we need to decide whether to install them.  Since this is *not*
+    ### an update install, we don't ask, but simply back up the old ones
+    ### and put the new ones in their place.
+    instbackup ${CONFDIR} ssh_prng_cmds
+    instbackup ${CONFDIR} ssh_config
+    instbackup ${CONFDIR} sshd_config
+
+    ### If no existing sshd_config and host key, then create
+    if [ ! -f "${CONFDIR}/ssh_host_key" ]; then
+        echo "Creating new RSA public/private host key pair for SSH-1."
+        $INSTALLF $PKGINST ${CONFDIR}/ssh_host_key
+        $INSTALLF $PKGINST ${CONFDIR}/ssh_host_key.pub
+        ### If there is *anything* there then leave it, otherwise look
+        ### in some reasonable alternate locations before giving up.
+        ### It's worth spending some extra time looking for the old one
+        ### to avoid a bunch of "host identification has changed" warnings.
+        ### Note that some old keys from the commercial SSH might not
+        ### be compatible, but we don't test for that.
+        if [ -f "${PKG_INSTALL_ROOT}/etc/ssh_host_key" ]; then
+           mv ${PKG_INSTALL_ROOT}/etc/ssh_host_key ${CONFDIR}
+        elif [ -f "${PKG_INSTALL_ROOT}/usr/local/etc/ssh_host_key" ]; then
+           mv ${PKG_INSTALL_ROOT}/usr/local/etc/ssh_host_key ${CONFDIR}
+        else
+           ${DESTBIN}/ssh-keygen -b 1024 -f ${CONFDIR}/ssh_host_key -N ''
+        fi
+    else
+        echo "Using existing RSA public/private host key pair for SSH-1."
+    fi
+    if [ ! -f "${CONFDIR}/ssh_host_dsa_key" ]; then
+        echo "Creating new DSA public/private host key pair for SSH-2."
+        $INSTALLF $PKGINST ${CONFDIR}/ssh_host_dsa_key
+        $INSTALLF $PKGINST ${CONFDIR}/ssh_host_dsa_key.pub
+        ### If there is *anything* there then leave it, otherwise look
+        ### in some reasonable alternate locations before giving up.
+        ### It's worth spending some extra time looking for the old one
+        ### to avoid a bunch of "host identification has changed" warnings.
+        ### Note that some old keys from the commercial SSH2 might not
+        ### be compatible, but we don't test for that.
+        if [ -f "${PKG_INSTALL_ROOT}/etc/ssh_host_dsa_key" ]; then
+           mv ${PKG_INSTALL_ROOT}/etc/ssh_host_dsa_key ${CONFDIR}
+        elif [ -f "${PKG_INSTALL_ROOT}/usr/local/etc/ssh_host_dsa_key" ]; then
+           mv ${PKG_INSTALL_ROOT}/usr/local/etc/ssh_host_dsa_key ${CONFDIR}
+        else
+           ${DESTBIN}/ssh-keygen -d -f ${CONFDIR}/ssh_host_dsa_key -N ''
+        fi
+    else
+        echo "Using existing DSA public/private host key pair for SSH-2."
+    fi
+else
+    echo "Performing an \"update\" installation of OpenSSH."
+    ### Okay, this part *is* an update install...so we need to ensure
+    ### we don't overwrite any of the existing files.
+
+    ### Install init script and create symlinks
+    if [ ! -f ${PKG_INSTALL_ROOT}/etc/init.d/sshd ]; then
+        echo "Installing init script in  ${PKG_INSTALL_ROOT}/etc/init.d/sshd"
+       $INSTALLF $PKGINST ${PKG_INSTALL_ROOT}/etc/init.d/sshd || exit 2
+        cp -p ${CONFDIR}/sshd-initscript ${PKG_INSTALL_ROOT}/etc/init.d/sshd
+        chown root:root ${PKG_INSTALL_ROOT}/etc/init.d/sshd
+        chmod 500 ${PKG_INSTALL_ROOT}/etc/init.d/sshd
+    fi
+    if [ ! -r ${PKG_INSTALL_ROOT}/etc/rc2.d/S72local_sshd ]; then
+       $INSTALLF $PKGINST ${PKG_INSTALL_ROOT}/etc/rc2.d/S72local_sshd=/etc/init.d/sshd s || exit 2
+    fi
+    if [ ! -r ${PKG_INSTALL_ROOT}/etc/rc2.d/K30local_sshd ]; then
+       $INSTALLF $PKGINST /etc/rc0.d/K30local_sshd=/etc/init.d/sshd s || exit 2
+    fi 
+
+    ### The initial package installation leaves default versions of
+    ### ssh_prng_cmds, ssh_config, and sshd_config in ${CONFDIR}.  Now
+    ### we need to decide whether to install them.  Since this is
+    ### an update install, we only install the new files if the old
+    ### files somehow don't exist.
+    NEWCONF=0
+    if [ ! -r "${CONFDIR}/ssh_prng_cmds" ]; then
+       instbackup ${CONFDIR} ssh_prng_cmds
+        NEWCONF=1
+    fi
+    if [ ! -r "${CONFDIR}/ssh_config" ]; then
+       instbackup ${CONFDIR} ssh_config
+        NEWCONF=1
+    fi
+    if [ ! -r "${CONFDIR}/ssh_config" ]; then
+       instbackup ${CONFDIR} sshd_config
+        NEWCONF=1
+    fi
+    if [ $NEWCONF -eq 0 ]; then
+        echo "Your existing SSH configuration files have not been altered."
+    else
+        echo "Your other existing SSH configuration files have not been altered."
+    fi
+
+    ### If no existing sshd_config and host key, then create
+    if [ ! -f "${CONFDIR}/ssh_host_key" ]; then
+        echo "Creating new RSA public/private host key pair for SSH-1."
+        $INSTALLF $PKGINST ${CONFDIR}/ssh_host_key
+        $INSTALLF $PKGINST ${CONFDIR}/ssh_host_key.pub
+        ### If there is *anything* there then leave it, otherwise look
+        ### in some reasonable alternate locations before giving up.
+        ### It's worth spending some extra time looking for the old one
+        ### to avoid a bunch of "host identification has changed" warnings.
+        ### Note that some old keys from the commercial SSH might not
+        ### be compatible, but we don't test for that.
+        if [ -f "${PKG_INSTALL_ROOT}/etc/ssh_host_key" ]; then
+           mv ${PKG_INSTALL_ROOT}/etc/ssh_host_key ${CONFDIR}
+        elif [ -f "${PKG_INSTALL_ROOT}/usr/local/etc/ssh_host_key" ]; then
+           mv ${PKG_INSTALL_ROOT}/usr/local/etc/ssh_host_key ${CONFDIR}
+        else
+           ${DESTBIN}/ssh-keygen -b 1024 -f ${CONFDIR}/ssh_host_key -N ''
+        fi
+    else
+        echo "Using existing RSA public/private host key pair for SSH-1."
+    fi
+    if [ ! -f "${CONFDIR}/ssh_host_dsa_key" ]; then
+        echo "Creating new DSA public/private host key pair for SSH-2."
+        $INSTALLF $PKGINST ${CONFDIR}/ssh_host_dsa_key
+        $INSTALLF $PKGINST ${CONFDIR}/ssh_host_dsa_key.pub
+        ### If there is *anything* there then leave it, otherwise look
+        ### in some reasonable alternate locations before giving up.
+        ### It's worth spending some extra time looking for the old one
+        ### to avoid a bunch of "host identification has changed" warnings.
+        ### Note that some old keys from the commercial SSH2 might not
+        ### be compatible, but we don't test for that.
+        if [ -f "${PKG_INSTALL_ROOT}/etc/ssh_host_dsa_key" ]; then
+           mv ${PKG_INSTALL_ROOT}/etc/ssh_host_dsa_key ${CONFDIR}
+        elif [ -f "${PKG_INSTALL_ROOT}/usr/local/etc/ssh_host_dsa_key" ]; then
+           mv ${PKG_INSTALL_ROOT}/usr/local/etc/ssh_host_dsa_key ${CONFDIR}
+        else
+           ${DESTBIN}/ssh-keygen -d -f ${CONFDIR}/ssh_host_dsa_key -N ''
+        fi
+    else
+        echo "Using existing DSA public/private host key pair for SSH-2."
+    fi
+fi
+
+if [ ! -d %%PIDDIR%% ]; then
+    $INSTALLF $PKGINST %%PIDDIR%%
+    mkdir -p %%PIDDIR%%
+    chown root:sys %%PIDDIR%%
+    chmod 755 %%PIDDIR%%
+fi
+
+$INSTALLF -f $PKGINST || exit 2
+
+if [ "X${PKG_INSTALL_ROOT}" = "X" ]; then
+   ### We're doing a local install, rather than an install for
+   ### old-style diskless clients.
+   echo "Stopping any current sshd process, and then starting the new sshd."
+   /etc/init.d/sshd stop
+   /etc/init.d/sshd start
+else
+   echo "Not restarting sshd, since this appears to be a remote install"
+   echo "for support of diskless clients."
+fi
+
+exit 0
diff --git a/contrib/solaris/preremove b/contrib/solaris/preremove
new file mode 100644
index 000000000..701c8c55b
--- /dev/null
+++ b/contrib/solaris/preremove
@@ -0,0 +1,2 @@
+# pre-removal script for OPENssh
+/etc/init.d/sshd stop
diff --git a/contrib/solaris/prototype b/contrib/solaris/prototype
new file mode 100644
index 000000000..02c4823de
--- /dev/null
+++ b/contrib/solaris/prototype
@@ -0,0 +1,26 @@
+i pkginfo
+i checkinstall
+i postinstall
+i preremove
+d none man 0755 root sys 
+d none man/man1 0755 root sys
+f none man/man1/scp.1 0644 root sys
+f none man/man1/ssh-add.1 0644 root sys
+f none man/man1/ssh-agent.1 0644 root sys
+f none man/man1/ssh-keygen.1 0644 root sys
+f none man/man1/ssh.1 0644 root sys
+d none man/man8 0755 root sys
+f none man/man8/sshd.8 0644 root sys
+d none etc 0755 root sys
+f none etc/sshd_config.default 0644 root sys
+f none etc/ssh_config.default 0644 root sys
+f none etc/ssh_prng_cmds.default 0644 root sys
+f none etc/sshd-initscript 0755 root sys
+d none bin 0755 root sys
+f none bin/ssh-keygen 0755 root sys
+f none bin/ssh 0755 root sys
+f none bin/ssh-add 0755 root sys
+f none bin/ssh-agent 0755 root sys
+f none bin/scp 0755 root sys
+d none sbin 0755 root sys
+f none sbin/sshd 0755 root sys
diff --git a/contrib/solaris/sshd-initscript.in b/contrib/solaris/sshd-initscript.in
new file mode 100755
index 000000000..886a51fba
--- /dev/null
+++ b/contrib/solaris/sshd-initscript.in
@@ -0,0 +1,50 @@
+#! /sbin/sh
+
+# SSHd startup/shutdown script, based on uucp script.
+
+PIDFILE="%%PIDDIR%%/sshd.pid"
+PGREP="/usr/bin/pgrep"
+HEAD="/usr/bin/head"
+XARGS="/usr/bin/xargs"
+KILL="/usr/bin/kill"
+
+killproc() {
+   _procname=$1
+   _signal=$2
+   ${PGREP} ${_procname} | ${HEAD} -1 | ${XARGS} -t -I {} ${KILL} -${_signal} {}
+}
+
+case $1 in
+'start')
+        /usr/local/sbin/sshd
+        ;;
+
+'stop')
+        if [  -r $PIDFILE  -a  ! -z ${PIDFILE}  ]; then
+                PID=`cat ${PIDFILE}`
+        fi
+        if [  ${PID:=0} -gt 1 -a  ! "X$PID" = "X "  ]; then 
+                /usr/bin/kill $PID
+        else
+                echo "Unable to read PID file, killing using alternate method"
+                killproc sshd TERM
+        fi
+        ;;
+
+'restart')
+        if [ -r $PIDFILE -a ! -z ${PIDFILE} ]; then
+                PID=`cat ${PIDFILE}`
+        fi
+        if [ ${PID:=0} -gt 1 -a ! "X$PID" = "X " ]; then
+                /usr/bin/kill -HUP $PID
+        else
+                echo "Unable to read PID file, trying alternate method"
+                killproc sshd HUP
+                /usr/local/sbin/sshd
+        fi
+        ;;
+
+*)
+        echo "usage: /etc/init.d/sshd {start|stop|restart}"
+        ;;
+esac