diff options
Diffstat (limited to 'contrib/solaris/buildpkg.sh')
-rwxr-xr-x | contrib/solaris/buildpkg.sh | 114 |
1 files changed, 94 insertions, 20 deletions
diff --git a/contrib/solaris/buildpkg.sh b/contrib/solaris/buildpkg.sh index 1be6ed8d1..c41b3f963 100755 --- a/contrib/solaris/buildpkg.sh +++ b/contrib/solaris/buildpkg.sh | |||
@@ -11,13 +11,18 @@ umask 022 | |||
11 | # Options for building the package | 11 | # Options for building the package |
12 | # You can create a config.local with your customized options | 12 | # You can create a config.local with your customized options |
13 | # | 13 | # |
14 | # uncommenting TEST_DIR and using configure--prefix=/var/tmp and | 14 | # uncommenting TEST_DIR and using |
15 | # configure --prefix=/var/tmp --with-privsep-path=/var/tmp/empty | ||
16 | # and | ||
15 | # PKGNAME=tOpenSSH should allow testing a package without interfering | 17 | # PKGNAME=tOpenSSH should allow testing a package without interfering |
16 | # with a real OpenSSH package on a system. | 18 | # with a real OpenSSH package on a system. This is not needed on systems |
19 | # that support the -R option to pkgadd. | ||
17 | #TEST_DIR=/var/tmp # leave commented out for production build | 20 | #TEST_DIR=/var/tmp # leave commented out for production build |
18 | PKGNAME=OpenSSH | 21 | PKGNAME=OpenSSH |
19 | SYSVINIT_NAME=opensshd | 22 | SYSVINIT_NAME=opensshd |
20 | MAKE=${MAKE:="make"} | 23 | MAKE=${MAKE:="make"} |
24 | SSHDUID=67 # Default privsep uid | ||
25 | SSHDGID=67 # Default privsep gid | ||
21 | # uncomment these next two as needed | 26 | # uncomment these next two as needed |
22 | #PERMIT_ROOT_LOGIN=no | 27 | #PERMIT_ROOT_LOGIN=no |
23 | #X11_FORWARDING=yes | 28 | #X11_FORWARDING=yes |
@@ -55,7 +60,7 @@ SYSTEM_DIR="/etc \ | |||
55 | /var/tmp \ | 60 | /var/tmp \ |
56 | /tmp" | 61 | /tmp" |
57 | 62 | ||
58 | # We may need to buiild as root so we make sure PATH is set up | 63 | # We may need to build as root so we make sure PATH is set up |
59 | # only set the path if it's not set already | 64 | # only set the path if it's not set already |
60 | [ -d /usr/local/bin ] && { | 65 | [ -d /usr/local/bin ] && { |
61 | echo $PATH | grep ":/usr/local/bin" > /dev/null 2>&1 | 66 | echo $PATH | grep ":/usr/local/bin" > /dev/null 2>&1 |
@@ -96,6 +101,19 @@ do | |||
96 | eval $confvar=`grep "^$confvar=" Makefile | cut -d = -f 2` | 101 | eval $confvar=`grep "^$confvar=" Makefile | cut -d = -f 2` |
97 | done | 102 | done |
98 | 103 | ||
104 | |||
105 | ## Collect value of privsep user | ||
106 | for confvar in SSH_PRIVSEP_USER | ||
107 | do | ||
108 | eval $confvar=`awk '/#define[ \t]'$confvar'/{print $3}' config.h` | ||
109 | done | ||
110 | |||
111 | ## Set privsep defaults if not defined | ||
112 | if [ -z "$SSH_PRIVSEP_USER" ] | ||
113 | then | ||
114 | SSH_PRIVSEP_USER=sshd | ||
115 | fi | ||
116 | |||
99 | ## Extract common info requires for the 'info' part of the package. | 117 | ## Extract common info requires for the 'info' part of the package. |
100 | VERSION=`./ssh -V 2>&1 | sed -e 's/,.*//'` | 118 | VERSION=`./ssh -V 2>&1 | sed -e 's/,.*//'` |
101 | 119 | ||
@@ -106,7 +124,8 @@ case ${UNAME_S} in | |||
106 | RCS_D=yes | 124 | RCS_D=yes |
107 | DEF_MSG="(default: n)" | 125 | DEF_MSG="(default: n)" |
108 | ;; | 126 | ;; |
109 | *) ARCH=`uname -m` ;; | 127 | *) ARCH=`uname -m` |
128 | DEF_MSG="\n" ;; | ||
110 | esac | 129 | esac |
111 | 130 | ||
112 | ## Setup our run level stuff while we are at it. | 131 | ## Setup our run level stuff while we are at it. |
@@ -171,13 +190,16 @@ echo "Building postinstall file..." | |||
171 | cat > postinstall << _EOF | 190 | cat > postinstall << _EOF |
172 | #! /sbin/sh | 191 | #! /sbin/sh |
173 | # | 192 | # |
174 | [ -f ${sysconfdir}/ssh_config ] || \\ | 193 | [ -f \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_config ] || \\ |
175 | cp -p ${sysconfdir}/ssh_config.default ${sysconfdir}/ssh_config | 194 | cp -p \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_config.default \\ |
176 | [ -f ${sysconfdir}/sshd_config ] || \\ | 195 | \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_config |
177 | cp -p ${sysconfdir}/sshd_config.default ${sysconfdir}/sshd_config | 196 | [ -f \${PKG_INSTALL_ROOT}${sysconfdir}/sshd_config ] || \\ |
178 | [ -f ${sysconfdir}/ssh_prng_cmds.default ] && { | 197 | cp -p \${PKG_INSTALL_ROOT}${sysconfdir}/sshd_config.default \\ |
179 | [ -f ${sysconfdir}/ssh_prng_cmds ] || \\ | 198 | \${PKG_INSTALL_ROOT}${sysconfdir}/sshd_config |
180 | cp -p ${sysconfdir}/ssh_prng_cmds.default ${sysconfdir}/ssh_prng_cmds | 199 | [ -f \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_prng_cmds.default ] && { |
200 | [ -f \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_prng_cmds ] || \\ | ||
201 | cp -p \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_prng_cmds.default \\ | ||
202 | \${PKG_INSTALL_ROOT}${sysconfdir}/ssh_prng_cmds | ||
181 | } | 203 | } |
182 | 204 | ||
183 | # make rc?.d dirs only if we are doing a test install | 205 | # make rc?.d dirs only if we are doing a test install |
@@ -191,23 +213,75 @@ cat > postinstall << _EOF | |||
191 | if [ "\${USE_SYM_LINKS}" = yes ] | 213 | if [ "\${USE_SYM_LINKS}" = yes ] |
192 | then | 214 | then |
193 | [ "$RCS_D" = yes ] && \ | 215 | [ "$RCS_D" = yes ] && \ |
194 | installf ${PKGNAME} $TEST_DIR/etc/rcS.d/K30${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s | 216 | installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rcS.d/K30${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s |
195 | installf ${PKGNAME} $TEST_DIR/etc/rc0.d/K30${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s | 217 | installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc0.d/K30${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s |
196 | installf ${PKGNAME} $TEST_DIR/etc/rc1.d/K30${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s | 218 | installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc1.d/K30${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s |
197 | installf ${PKGNAME} $TEST_DIR/etc/rc2.d/S98${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s | 219 | installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc2.d/S98${SYSVINIT_NAME}=../init.d/${SYSVINIT_NAME} s |
198 | else | 220 | else |
199 | [ "$RCS_D" = yes ] && \ | 221 | [ "$RCS_D" = yes ] && \ |
200 | installf ${PKGNAME} $TEST_DIR/etc/rcS.d/K30${SYSVINIT_NAME}=$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l | 222 | installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rcS.d/K30${SYSVINIT_NAME}=$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l |
201 | installf ${PKGNAME} $TEST_DIR/etc/rc0.d/K30${SYSVINIT_NAME}=$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l | 223 | installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc0.d/K30${SYSVINIT_NAME}=$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l |
202 | installf ${PKGNAME} $TEST_DIR/etc/rc1.d/K30${SYSVINIT_NAME}=$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l | 224 | installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc1.d/K30${SYSVINIT_NAME}=$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l |
203 | installf ${PKGNAME} $TEST_DIR/etc/rc2.d/S98${SYSVINIT_NAME}=$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l | 225 | installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR/etc/rc2.d/S98${SYSVINIT_NAME}=$TEST_DIR/etc/init.d/${SYSVINIT_NAME} l |
204 | fi | 226 | fi |
205 | 227 | ||
206 | # If piddir doesn't exist we add it. (Ie. --with-pid-dir=/var/opt/ssh) | 228 | # If piddir doesn't exist we add it. (Ie. --with-pid-dir=/var/opt/ssh) |
207 | [ -d $piddir ] || installf ${PKGNAME} $TEST_DIR$piddir d 755 root sys | 229 | [ -d $piddir ] || installf ${PKGNAME} \${PKG_INSTALL_ROOT}$TEST_DIR$piddir d 755 root sys |
208 | 230 | ||
209 | installf -f ${PKGNAME} | 231 | installf -f ${PKGNAME} |
210 | 232 | ||
233 | # Use chroot to handle PKG_INSTALL_ROOT | ||
234 | if [ ! -z "\${PKG_INSTALL_ROOT}" ] | ||
235 | then | ||
236 | chroot="chroot \${PKG_INSTALL_ROOT}" | ||
237 | fi | ||
238 | # If this is a test build, we will skip the groupadd/useradd/passwd commands | ||
239 | if [ ! -z "${TEST_DIR}" ] | ||
240 | then | ||
241 | chroot=echo | ||
242 | fi | ||
243 | |||
244 | if egrep '^[ \t]*UsePrivilegeSeparation[ \t]+no' \${PKG_INSTALL_ROOT}/$sysconfdir/sshd_config >/dev/null | ||
245 | then | ||
246 | echo "UsePrivilegeSeparation disabled in config, not creating PrivSep user" | ||
247 | echo "or group." | ||
248 | else | ||
249 | echo "UsePrivilegeSeparation enabled in config (or defaulting to on)." | ||
250 | |||
251 | # create group if required | ||
252 | if cut -f1 -d: \${PKG_INSTALL_ROOT}/etc/group | egrep '^'$SSH_PRIVSEP_USER'\$' >/dev/null | ||
253 | then | ||
254 | echo "PrivSep group $SSH_PRIVSEP_USER already exists." | ||
255 | else | ||
256 | # Use gid of 67 if possible | ||
257 | if cut -f3 -d: \${PKG_INSTALL_ROOT}/etc/group | egrep '^'$SSHDGID'\$' >/dev/null | ||
258 | then | ||
259 | : | ||
260 | else | ||
261 | sshdgid="-g $SSHDGID" | ||
262 | fi | ||
263 | echo "Creating PrivSep group $SSH_PRIVSEP_USER." | ||
264 | \$chroot /usr/sbin/groupadd \$sshdgid $SSH_PRIVSEP_USER | ||
265 | fi | ||
266 | |||
267 | # Create user if required | ||
268 | if cut -f1 -d: \${PKG_INSTALL_ROOT}/etc/passwd | egrep '^'$SSH_PRIVSEP_USER'\$' >/dev/null | ||
269 | then | ||
270 | echo "PrivSep user $SSH_PRIVSEP_USER already exists." | ||
271 | else | ||
272 | # Use uid of 67 if possible | ||
273 | if cut -f3 -d: \${PKG_INSTALL_ROOT}/etc/passwd | egrep '^'$SSHDGID'\$' >/dev/null | ||
274 | then | ||
275 | : | ||
276 | else | ||
277 | sshduid="-u $SSHDUID" | ||
278 | fi | ||
279 | echo "Creating PrivSep user $SSH_PRIVSEP_USER." | ||
280 | \$chroot /usr/sbin/useradd -c 'SSHD PrivSep User' -s /bin/false -g $SSH_PRIVSEP_USER \$sshduid $SSH_PRIVSEP_USER | ||
281 | \$chroot /usr/bin/passwd -l $SSH_PRIVSEP_USER | ||
282 | fi | ||
283 | fi | ||
284 | |||
211 | [ "\${POST_INS_START}" = "yes" ] && ${TEST_DIR}/etc/init.d/${SYSVINIT_NAME} start | 285 | [ "\${POST_INS_START}" = "yes" ] && ${TEST_DIR}/etc/init.d/${SYSVINIT_NAME} start |
212 | exit 0 | 286 | exit 0 |
213 | _EOF | 287 | _EOF |