summaryrefslogtreecommitdiff
path: root/contrib/solaris/postinstall.in
blob: 834b5b204290d76a6093ac9da6d7d6836c4ef53d (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
# PostInstall script for OPENssh
INSTALLF="/usr/sbin/installf"

instbackup() {
    _DIRECTORY=$1
    _FILEBASE=$2
    $INSTALLF $PKGINST ${_DIRECTORY}/${_FILEBASE}
    _SUFFIX=`/usr/bin/date +%Y-%m-%d-%H%M`
    if [ -f ${_DIRECTORY}/${_FILEBASE} ]; then
	echo "   Backing up file ${_FILEBASE}..."
	if [ -f ${_DIRECTORY}/${_FILEBASE}.orig ]; then
	    $INSTALLF $PKGINST ${_DIRECTORY}/${_FILEBASE}.orig.${_SUFFIX}
	    cp -p ${_DIRECTORY}/${_FILEBASE} ${_DIRECTORY}/${_FILEBASE}.orig.${_SUFFIX}
	    echo "   Saved as ${_DIRECTORY}/${_FILEBASE}.orig.${_SUFFIX}."
	else 
            $INSTALLF $PKGINST ${_DIRECTORY}/${_FILEBASE}.orig
            cp -p ${_DIRECTORY}/${_FILEBASE} ${_DIRECTORY}/${_FILEBASE}.orig
            echo "   Saved as ${_DIRECTORY}/${_FILEBASE}.orig."
	fi
    fi
    cp -p ${_DIRECTORY}/${_FILEBASE}.default ${_DIRECTORY}/${_FILEBASE}
    echo "Installed new ${_DIRECTORY}/${_FILEBASE} configuration file."
} 

### Main body of script

echo ""
echo "Beginning postinstall script--this script should leave you with a"
echo "functional and operational configuration of OpenSSH."
echo ""

if [ ! "${UPDATE}" = "1" ]; then
    echo "Performing a \"fresh\" installation of OpenSSH."
    ### Install init script and create symlinks
    $INSTALLF $PKGINST ${PKG_INSTALL_ROOT}/etc/init.d/sshd f 0500 root sys || exit 2
    cp -p ${CONFDIR}/sshd-initscript ${PKG_INSTALL_ROOT}/etc/init.d/sshd
    $INSTALLF $PKGINST ${PKG_INSTALL_ROOT}/etc/rc2.d/S72local_sshd=/etc/init.d/sshd s || exit 2
    $INSTALLF $PKGINST ${PKG_INSTALL_ROOT}/etc/rc1.d/K30local_sshd=/etc/init.d/sshd s || exit 2
    $INSTALLF $PKGINST ${PKG_INSTALL_ROOT}/etc/rc0.d/K30local_sshd=/etc/init.d/sshd s || exit 2

    ### The initial package installation leaves default versions of
    ### ssh_prng_cmds, ssh_config, and sshd_config in ${CONFDIR}.  Now
    ### we need to decide whether to install them.  Since this is *not*
    ### an update install, we don't ask, but simply back up the old ones
    ### and put the new ones in their place.
    instbackup ${CONFDIR} ssh_prng_cmds
    instbackup ${CONFDIR} ssh_config
    instbackup ${CONFDIR} sshd_config
    instbackup ${CONFDIR} primes

    ### If no existing sshd_config and host key, then create
    if [ ! -f "${CONFDIR}/ssh_host_key" ]; then
	echo "Creating new RSA public/private host key pair for SSH-1."
	$INSTALLF $PKGINST ${CONFDIR}/ssh_host_key
	$INSTALLF $PKGINST ${CONFDIR}/ssh_host_key.pub
	### If there is *anything* there then leave it, otherwise look
	### in some reasonable alternate locations before giving up.
	### It's worth spending some extra time looking for the old one
	### to avoid a bunch of "host identification has changed" warnings.
        ### Note that some old keys from the commercial SSH might not
        ### be compatible, but we don't test for that.
	if [ -f "${PKG_INSTALL_ROOT}/etc/ssh_host_key" ]; then
	   mv ${PKG_INSTALL_ROOT}/etc/ssh_host_key ${CONFDIR}
	elif [ -f "${PKG_INSTALL_ROOT}/usr/local/etc/ssh_host_key" ]; then
	   mv ${PKG_INSTALL_ROOT}/usr/local/etc/ssh_host_key ${CONFDIR}
	else
	   ${DESTBIN}/ssh-keygen -b 1024 -f ${CONFDIR}/ssh_host_key -N ''
	fi
    else
        echo "Using existing RSA public/private host key pair for SSH-1."
    fi
    if [ ! -f "${CONFDIR}/ssh_host_dsa_key" ]; then
        echo "Creating new DSA public/private host key pair for SSH-2."
        $INSTALLF $PKGINST ${CONFDIR}/ssh_host_dsa_key
        $INSTALLF $PKGINST ${CONFDIR}/ssh_host_dsa_key.pub
        ### If there is *anything* there then leave it, otherwise look
        ### in some reasonable alternate locations before giving up.
        ### It's worth spending some extra time looking for the old one
        ### to avoid a bunch of "host identification has changed" warnings.
	### Note that some old keys from the commercial SSH2 might not
	### be compatible, but we don't test for that.
        if [ -f "${PKG_INSTALL_ROOT}/etc/ssh_host_dsa_key" ]; then
           mv ${PKG_INSTALL_ROOT}/etc/ssh_host_dsa_key ${CONFDIR}
        elif [ -f "${PKG_INSTALL_ROOT}/usr/local/etc/ssh_host_dsa_key" ]; then
           mv ${PKG_INSTALL_ROOT}/usr/local/etc/ssh_host_dsa_key ${CONFDIR}
        else
           ${DESTBIN}/ssh-keygen -d -f ${CONFDIR}/ssh_host_dsa_key -N ''
        fi
    else
        echo "Using existing DSA public/private host key pair for SSH-2."
    fi
else
    echo "Performing an \"update\" installation of OpenSSH."
    ### Okay, this part *is* an update install...so we need to ensure
    ### we don't overwrite any of the existing files.

    ### Install init script and create symlinks
    if [ ! -f ${PKG_INSTALL_ROOT}/etc/init.d/sshd ]; then
	echo "Installing init script in  ${PKG_INSTALL_ROOT}/etc/init.d/sshd"
       $INSTALLF $PKGINST ${PKG_INSTALL_ROOT}/etc/init.d/sshd || exit 2
	cp -p ${CONFDIR}/sshd-initscript ${PKG_INSTALL_ROOT}/etc/init.d/sshd
	chown root:root ${PKG_INSTALL_ROOT}/etc/init.d/sshd
	chmod 500 ${PKG_INSTALL_ROOT}/etc/init.d/sshd
    fi
    if [ ! -r ${PKG_INSTALL_ROOT}/etc/rc2.d/S72local_sshd ]; then
       $INSTALLF $PKGINST ${PKG_INSTALL_ROOT}/etc/rc2.d/S72local_sshd=/etc/init.d/sshd s || exit 2
    fi
    if [ ! -r ${PKG_INSTALL_ROOT}/etc/rc2.d/K30local_sshd ]; then
       $INSTALLF $PKGINST /etc/rc0.d/K30local_sshd=/etc/init.d/sshd s || exit 2
    fi 

    ### The initial package installation leaves default versions of
    ### ssh_prng_cmds, ssh_config, and sshd_config in ${CONFDIR}.  Now
    ### we need to decide whether to install them.  Since this is
    ### an update install, we only install the new files if the old
    ### files somehow don't exist.
    NEWCONF=0
    if [ ! -r "${CONFDIR}/ssh_prng_cmds" ]; then
       instbackup ${CONFDIR} ssh_prng_cmds
        NEWCONF=1
    fi
    if [ ! -r "${CONFDIR}/ssh_config" ]; then
       instbackup ${CONFDIR} ssh_config
        NEWCONF=1
    fi
    if [ ! -r "${CONFDIR}/ssh_config" ]; then
       instbackup ${CONFDIR} sshd_config
        NEWCONF=1
    fi
    if [ ! -r "${CONFDIR}/primes" ]; then
       instbackup ${CONFDIR} primes
        NEWCONF=1
    fi
    if [ $NEWCONF -eq 0 ]; then
        echo "Your existing SSH configuration files have not been altered."
    else
        echo "Your other existing SSH configuration files have not been altered."
    fi

    ### If no existing sshd_config and host key, then create
    if [ ! -f "${CONFDIR}/ssh_host_key" ]; then
        echo "Creating new RSA public/private host key pair for SSH-1."
        $INSTALLF $PKGINST ${CONFDIR}/ssh_host_key
        $INSTALLF $PKGINST ${CONFDIR}/ssh_host_key.pub
        ### If there is *anything* there then leave it, otherwise look
        ### in some reasonable alternate locations before giving up.
        ### It's worth spending some extra time looking for the old one
        ### to avoid a bunch of "host identification has changed" warnings.
        ### Note that some old keys from the commercial SSH might not
        ### be compatible, but we don't test for that.
        if [ -f "${PKG_INSTALL_ROOT}/etc/ssh_host_key" ]; then
           mv ${PKG_INSTALL_ROOT}/etc/ssh_host_key ${CONFDIR}
        elif [ -f "${PKG_INSTALL_ROOT}/usr/local/etc/ssh_host_key" ]; then
           mv ${PKG_INSTALL_ROOT}/usr/local/etc/ssh_host_key ${CONFDIR}
        else
           ${DESTBIN}/ssh-keygen -b 1024 -f ${CONFDIR}/ssh_host_key -N ''
        fi
    else
        echo "Using existing RSA public/private host key pair for SSH-1."
    fi
    if [ ! -f "${CONFDIR}/ssh_host_dsa_key" ]; then
        echo "Creating new DSA public/private host key pair for SSH-2."
        $INSTALLF $PKGINST ${CONFDIR}/ssh_host_dsa_key
        $INSTALLF $PKGINST ${CONFDIR}/ssh_host_dsa_key.pub
        ### If there is *anything* there then leave it, otherwise look
        ### in some reasonable alternate locations before giving up.
        ### It's worth spending some extra time looking for the old one
        ### to avoid a bunch of "host identification has changed" warnings.
        ### Note that some old keys from the commercial SSH2 might not
        ### be compatible, but we don't test for that.
        if [ -f "${PKG_INSTALL_ROOT}/etc/ssh_host_dsa_key" ]; then
           mv ${PKG_INSTALL_ROOT}/etc/ssh_host_dsa_key ${CONFDIR}
        elif [ -f "${PKG_INSTALL_ROOT}/usr/local/etc/ssh_host_dsa_key" ]; then
           mv ${PKG_INSTALL_ROOT}/usr/local/etc/ssh_host_dsa_key ${CONFDIR}
        else
           ${DESTBIN}/ssh-keygen -d -f ${CONFDIR}/ssh_host_dsa_key -N ''
        fi
    else
        echo "Using existing DSA public/private host key pair for SSH-2."
    fi
fi

if [ ! -d %%PIDDIR%% ]; then
    $INSTALLF $PKGINST %%PIDDIR%%
    mkdir -p %%PIDDIR%%
    chown root:sys %%PIDDIR%%
    chmod 755 %%PIDDIR%%
fi

$INSTALLF -f $PKGINST || exit 2

if [ "X${PKG_INSTALL_ROOT}" = "X" ]; then
   ### We're doing a local install, rather than an install for
   ### old-style diskless clients.
   echo "Stopping any current sshd process, and then starting the new sshd."
   /etc/init.d/sshd stop
   /etc/init.d/sshd start
else
   echo "Not restarting sshd, since this appears to be a remote install"
   echo "for support of diskless clients."
fi

exit 0