diff options
| -rw-r--r-- | ChangeLog | 5 | ||||
| -rw-r--r-- | buildpkg.sh.in | 43 |
2 files changed, 33 insertions, 15 deletions
| @@ -6,6 +6,9 @@ | |||
| 6 | - (dtucker) [auth-pam.c] Bug #559 (last piece): Pass DISALLOW_NULL_AUTHTOK | 6 | - (dtucker) [auth-pam.c] Bug #559 (last piece): Pass DISALLOW_NULL_AUTHTOK |
| 7 | to pam_authenticate for challenge-response auth too. Originally from | 7 | to pam_authenticate for challenge-response auth too. Originally from |
| 8 | fcusack at fcusack.com, ok djm@ | 8 | fcusack at fcusack.com, ok djm@ |
| 9 | - (tim) [buildpkg.sh.in] Add $REV to bump the package revision within | ||
| 10 | the same version. Handle the case where someone uses --with-privsep-user= | ||
| 11 | and the user name does not match the group name. ok dtucker@ | ||
| 9 | 12 | ||
| 10 | 20040630 | 13 | 20040630 |
| 11 | - (dtucker) [auth-pam.c] Check for buggy PAM modules that return a NULL | 14 | - (dtucker) [auth-pam.c] Check for buggy PAM modules that return a NULL |
| @@ -1474,4 +1477,4 @@ | |||
| 1474 | - (djm) Trim deprecated options from INSTALL. Mention UsePAM | 1477 | - (djm) Trim deprecated options from INSTALL. Mention UsePAM |
| 1475 | - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu | 1478 | - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu |
| 1476 | 1479 | ||
| 1477 | $Id: ChangeLog,v 1.3466 2004/07/01 04:00:14 dtucker Exp $ | 1480 | $Id: ChangeLog,v 1.3467 2004/07/02 03:41:15 tim Exp $ |
diff --git a/buildpkg.sh.in b/buildpkg.sh.in index 3b5343b95..f243e90bf 100644 --- a/buildpkg.sh.in +++ b/buildpkg.sh.in | |||
| @@ -21,6 +21,8 @@ REMOVE_FAKE_ROOT_WHEN_DONE=yes | |||
| 21 | # that support the -R option to pkgadd. | 21 | # that support the -R option to pkgadd. |
| 22 | #TEST_DIR=/var/tmp # leave commented out for production build | 22 | #TEST_DIR=/var/tmp # leave commented out for production build |
| 23 | PKGNAME=OpenSSH | 23 | PKGNAME=OpenSSH |
| 24 | # revisions within the same version (REV=a) | ||
| 25 | #REV= | ||
| 24 | SYSVINIT_NAME=opensshd | 26 | SYSVINIT_NAME=opensshd |
| 25 | MAKE=${MAKE:="make"} | 27 | MAKE=${MAKE:="make"} |
| 26 | SSHDUID=67 # Default privsep uid | 28 | SSHDUID=67 # Default privsep uid |
| @@ -206,7 +208,7 @@ NAME="OpenSSH Portable for ${UNAME_S}" | |||
| 206 | DESC="Secure Shell remote access utility; replaces telnet and rlogin/rsh." | 208 | DESC="Secure Shell remote access utility; replaces telnet and rlogin/rsh." |
| 207 | VENDOR="OpenSSH Portable Team - http://www.openssh.com/portable.html" | 209 | VENDOR="OpenSSH Portable Team - http://www.openssh.com/portable.html" |
| 208 | ARCH=$ARCH | 210 | ARCH=$ARCH |
| 209 | VERSION=$VERSION | 211 | VERSION=$VERSION$REV |
| 210 | CATEGORY="Security,application" | 212 | CATEGORY="Security,application" |
| 211 | BASEDIR=/ | 213 | BASEDIR=/ |
| 212 | CLASSES="none" | 214 | CLASSES="none" |
| @@ -316,11 +318,27 @@ then | |||
| 316 | else | 318 | else |
| 317 | echo "UsePrivilegeSeparation enabled in config (or defaulting to on)." | 319 | echo "UsePrivilegeSeparation enabled in config (or defaulting to on)." |
| 318 | 320 | ||
| 319 | # create group if required | 321 | # user required? |
| 320 | if cut -f1 -d: \${PKG_INSTALL_ROOT}/etc/group | egrep '^'$SSH_PRIVSEP_USER'\$' >/dev/null | 322 | if cut -f1 -d: \${PKG_INSTALL_ROOT}/etc/passwd | egrep '^'$SSH_PRIVSEP_USER'\$' >/dev/null |
| 323 | then | ||
| 324 | echo "PrivSep user $SSH_PRIVSEP_USER already exists." | ||
| 325 | SSH_PRIVSEP_GROUP=\`grep "^$SSH_PRIVSEP_USER:" \${PKG_INSTALL_ROOT}/etc/passwd | awk -F: '{print \$4}'\` | ||
| 326 | SSH_PRIVSEP_GROUP=\`grep ":\$SSH_PRIVSEP_GROUP:" \${PKG_INSTALL_ROOT}/etc/group | awk -F: '{print \$1}'\` | ||
| 327 | else | ||
| 328 | DO_PASSWD=yes | ||
| 329 | fi | ||
| 330 | [ -z "\$SSH_PRIVSEP_GROUP" ] && SSH_PRIVSEP_GROUP=$SSH_PRIVSEP_USER | ||
| 331 | |||
| 332 | # group required? | ||
| 333 | if cut -f1 -d: \${PKG_INSTALL_ROOT}/etc/group | egrep '^'\$SSH_PRIVSEP_GROUP'\$' >/dev/null | ||
| 321 | then | 334 | then |
| 322 | echo "PrivSep group $SSH_PRIVSEP_USER already exists." | 335 | echo "PrivSep group \$SSH_PRIVSEP_GROUP already exists." |
| 323 | else | 336 | else |
| 337 | DO_GROUP=yes | ||
| 338 | fi | ||
| 339 | |||
| 340 | # create group if required | ||
| 341 | [ "\$DO_GROUP" = yes ] && { | ||
| 324 | # Use gid of 67 if possible | 342 | # Use gid of 67 if possible |
| 325 | if cut -f3 -d: \${PKG_INSTALL_ROOT}/etc/group | egrep '^'$SSHDGID'\$' >/dev/null | 343 | if cut -f3 -d: \${PKG_INSTALL_ROOT}/etc/group | egrep '^'$SSHDGID'\$' >/dev/null |
| 326 | then | 344 | then |
| @@ -328,15 +346,12 @@ else | |||
| 328 | else | 346 | else |
| 329 | sshdgid="-g $SSHDGID" | 347 | sshdgid="-g $SSHDGID" |
| 330 | fi | 348 | fi |
| 331 | echo "Creating PrivSep group $SSH_PRIVSEP_USER." | 349 | echo "Creating PrivSep group \$SSH_PRIVSEP_GROUP." |
| 332 | \$chroot ${PATH_GROUPADD_PROG} \$sshdgid $SSH_PRIVSEP_USER | 350 | \$chroot ${PATH_GROUPADD_PROG} \$sshdgid \$SSH_PRIVSEP_GROUP |
| 333 | fi | 351 | } |
| 334 | 352 | ||
| 335 | # Create user if required | 353 | # Create user if required |
| 336 | if cut -f1 -d: \${PKG_INSTALL_ROOT}/etc/passwd | egrep '^'$SSH_PRIVSEP_USER'\$' >/dev/null | 354 | [ "\$DO_PASSWD" = yes ] && { |
| 337 | then | ||
| 338 | echo "PrivSep user $SSH_PRIVSEP_USER already exists." | ||
| 339 | else | ||
| 340 | # Use uid of 67 if possible | 355 | # Use uid of 67 if possible |
| 341 | if cut -f3 -d: \${PKG_INSTALL_ROOT}/etc/passwd | egrep '^'$SSHDGID'\$' >/dev/null | 356 | if cut -f3 -d: \${PKG_INSTALL_ROOT}/etc/passwd | egrep '^'$SSHDGID'\$' >/dev/null |
| 342 | then | 357 | then |
| @@ -347,7 +362,7 @@ else | |||
| 347 | echo "Creating PrivSep user $SSH_PRIVSEP_USER." | 362 | echo "Creating PrivSep user $SSH_PRIVSEP_USER." |
| 348 | \$chroot ${PATH_USERADD_PROG} -c 'SSHD PrivSep User' -s /bin/false -g $SSH_PRIVSEP_USER \$sshduid $SSH_PRIVSEP_USER | 363 | \$chroot ${PATH_USERADD_PROG} -c 'SSHD PrivSep User' -s /bin/false -g $SSH_PRIVSEP_USER \$sshduid $SSH_PRIVSEP_USER |
| 349 | \$chroot ${PATH_PASSWD_PROG} -l $SSH_PRIVSEP_USER | 364 | \$chroot ${PATH_PASSWD_PROG} -l $SSH_PRIVSEP_USER |
| 350 | fi | 365 | } |
| 351 | fi | 366 | fi |
| 352 | 367 | ||
| 353 | [ "\${POST_INS_START}" = "yes" ] && ${TEST_DIR}/etc/init.d/${SYSVINIT_NAME} start | 368 | [ "\${POST_INS_START}" = "yes" ] && ${TEST_DIR}/etc/init.d/${SYSVINIT_NAME} start |
| @@ -526,7 +541,7 @@ cd .. | |||
| 526 | 541 | ||
| 527 | echo "Building package.." | 542 | echo "Building package.." |
| 528 | pkgmk -d ${FAKE_ROOT} -f $FAKE_ROOT/prototype -o | 543 | pkgmk -d ${FAKE_ROOT} -f $FAKE_ROOT/prototype -o |
| 529 | echo | pkgtrans -os ${FAKE_ROOT} ${START}/$PKGNAME-$VERSION-$UNAME_S-$ARCH.pkg | 544 | echo | pkgtrans -os ${FAKE_ROOT} ${START}/$PKGNAME-$VERSION$REV-$UNAME_S-$ARCH.pkg |
| 530 | ;; | 545 | ;; |
| 531 | 546 | ||
| 532 | justpkg.sh) | 547 | justpkg.sh) |
| @@ -537,7 +552,7 @@ cat >> $FAKE_ROOT/pkginfo << _EOF | |||
| 537 | PSTAMP="${UNAME_S} ${OS_VER} ${ARCH} `date '+%d%b%Y %H:%M'`" | 552 | PSTAMP="${UNAME_S} ${OS_VER} ${ARCH} `date '+%d%b%Y %H:%M'`" |
| 538 | _EOF | 553 | _EOF |
| 539 | pkgmk -d ${FAKE_ROOT} -f $FAKE_ROOT/prototype -o | 554 | pkgmk -d ${FAKE_ROOT} -f $FAKE_ROOT/prototype -o |
| 540 | echo | pkgtrans -os ${FAKE_ROOT} ${START}/$PKGNAME-$VERSION-$UNAME_S-$ARCH.pkg | 555 | echo | pkgtrans -os ${FAKE_ROOT} ${START}/$PKGNAME-$VERSION$REV-$UNAME_S-$ARCH.pkg |
| 541 | ;; | 556 | ;; |
| 542 | 557 | ||
| 543 | esac | 558 | esac |