From 0f95aec6ee484c384a052aa98693db4eac1cf0c9 Mon Sep 17 00:00:00 2001 From: "Tom G. Christensen" Date: Tue, 8 Jul 2003 11:39:38 +0000 Subject: [PATCH] openssh converted to the new-style buildpkg environment the script files in meta are unchanged from the last commit in the old tree (now openssh.old) --- openssh/build.sh | 116 +++++++++++++++++++++++++++ openssh/meta/pkginfo.in | 11 +++ openssh/meta/postinstall | 169 +++++++++++++++++++++++++++++++++++++++ openssh/meta/postremove | 9 +++ openssh/meta/preremove | 1 + openssh/src/sshd.init | 40 +++++++++ 6 files changed, 346 insertions(+) create mode 100755 openssh/build.sh create mode 100644 openssh/meta/pkginfo.in create mode 100644 openssh/meta/postinstall create mode 100644 openssh/meta/postremove create mode 100644 openssh/meta/preremove create mode 100755 openssh/src/sshd.init diff --git a/openssh/build.sh b/openssh/build.sh new file mode 100755 index 0000000..5140015 --- /dev/null +++ b/openssh/build.sh @@ -0,0 +1,116 @@ +#!/bin/bash +# +# This is a generic build.sh script +# It can be used nearly unmodified with many packages +# +# The concept of "method" registering and the logic that implements it was shamelessly +# stolen from jhlj's Compile.sh script :) +# +# Check the following 4 variables before running the script +topdir=openssh +version=3.6.1p1 +pkgver=2 +source[0]=$topdir-$version.tar.gz +# If there are no patches, simply comment this +#patch[0]= + +# Source function library +. ${HOME}/buildpkg/scripts/buildpkg.functions + +# Fill in pkginfo values if necessary +# using pkgname,name,pkgcat,pkgvendor & pkgdesc +pkgname=SBossh +name="OpenSSH portable for Solaris" +pkgvendor="http://www.openssh.org" +pkgdesc="Secure Shell remote access utility" + +# Define script functions and register them +METHODS="" +reg() { + METHODS="$METHODS $1" +} + +reg prep +prep() +{ + generic_prep +} + +reg build +build() +{ + setdir source + ./configure --prefix=$prefix --with-prngd-socket=/var/run/egd-pool --with-default-path=/usr/bin:/usr/local/bin:/opt/sfw/bin --with-mantype=cat --with-pam --disable-suid-ssh --without-rsh --with-privsep-user=sshd --with-superuser-path=/usr/bin:/usr/sbin:/usr/local/bin + $MAKE_PROG +} + +reg install +install() +{ + clean stage + setdir source + $MAKE_PROG DESTDIR=$stagedir install-nokeys + strip +} + +reg pack +pack() +{ + clean meta + pack_info + setdir $stagedir$prefix/etc + for i in *; do mv $i $i.default; done + cp -p $srcdir/sshd.init $stagedir/usr/local/etc + setdir $stagedir$prefix + prototype root bin script + make_pkg +} + +reg distclean +distclean() +{ + clean distclean +} + +################################################### +# No need to look below here +################################################### + +reg all +all() +{ + for METHOD in $METHODS + do + case $METHOD in + all*) ;; + *) $METHOD + ;; + esac + done + +} + +reg +usage() { + echo Usage $0 "{"$(echo $METHODS | tr " " "|")"}" + exit 1 +} + +OK=0 +for METHOD in $* +do + METHOD=" $METHOD *" + if [ "${METHODS%$METHOD}" == "$METHODS" ] ; then + usage + fi + OK=1 +done + +if [ $OK = 0 ] ; then + usage; +fi + +for METHOD in $* +do + ( $METHOD ) +done diff --git a/openssh/meta/pkginfo.in b/openssh/meta/pkginfo.in new file mode 100644 index 0000000..331b47d --- /dev/null +++ b/openssh/meta/pkginfo.in @@ -0,0 +1,11 @@ +PKG="%%pkgname%%" +NAME="%%name%%" +ARCH="sparc" +VERSION="%%version%%" +CATEGORY="application" +VENDOR="http://www.openssh.org" +EMAIL="Tom G. Christenen - tgc@statsbiblioteket.dk" +PSTAMP="%%pkgver%%" +BASEDIR="%%topinstalldir%%" +CLASSES="none" +DESC="Secure Shell remote access utility" diff --git a/openssh/meta/postinstall b/openssh/meta/postinstall new file mode 100644 index 0000000..f62869f --- /dev/null +++ b/openssh/meta/postinstall @@ -0,0 +1,169 @@ +INSTALLF=/usr/sbin/installf +REMOVEF=/usr/sbin/removef +GROUPADD=/usr/sbin/groupadd +USERADD=/usr/sbin/useradd +GREP=/usr/bin/grep +CUT=/usr/bin/cut +CAT=/usr/bin/cat + +CONFDIR=${BASEDIR}/etc +DESTBIN=${BASEDIR}/bin +CHECKCONF=0 +SSHID=199 + +# We provide default config-files, check and see if they should be installed. +if [ ! -f "${CONFDIR}/ssh_config" ] ; then + cp -p ${CONFDIR}/ssh_config.default ${CONFDIR}/ssh_config + echo "Installing new ssh_config" +else + echo "Keeping existing ssh_config" + CHECKCONF=1 +fi +if [ ! -f "${CONFDIR}/sshd_config" ] ; then + cp -p ${CONFDIR}/sshd_config.default ${CONFDIR}/sshd_config + echo "Installing new sshd_config" +else + echo "Keeping existing sshd_config" + CHECKCONF=1 +fi +if [ -f "${CONFDIR}/ssh_prng_cmds" ] ; then + rm -f ${CONFDIR}/ssh_prng_cmds.default ${CONFDIR}/ssh_prng_cmds + echo "Removing unneeded ssh_prng_cmds file" + +fi +if [ ! -f "${CONFDIR}/moduli" ] ; then + if [ -f "${CONFDIR}/primes" ]; then + echo "Keeping existing primes but renaming it to moduli" + mv ${CONFDIR}/primes ${CONFDIR}/moduli + else + echo "Installing new moduli (formerly known as primes)" + cp -p ${CONFDIR}/moduli.default ${CONFDIR}/moduli + fi +else + echo "Keeping existing moduli" +fi + +# We will try to preserve any existing keys +if [ -f "${CONFDIR}/ssh_host_key" ] ; then + echo "Keeping existing ssh_host_key" +else + ${DESTBIN}/ssh-keygen -t rsa1 -f ${CONFDIR}/ssh_host_key -N "" +fi +if [ -f "${CONFDIR}/ssh_host_dsa_key" ] ; then + echo "Keeping existing ssh_host_dsa_key" +else + ${DESTBIN}/ssh-keygen -t dsa -f ${CONFDIR}/ssh_host_dsa_key -N "" +fi +if [ -f "${CONFDIR}/ssh_host_rsa_key" ] ; then + echo "Keeping existing ssh_host_rsa_key" +else + ${DESTBIN}/ssh-keygen -t rsa -f ${CONFDIR}/ssh_host_rsa_key -N "" +fi + +# Right, now move the init script into place and make some symlinks +# for automatic startup. + +# start by removing knowledge of sshd.init from the pkgdb +${REMOVEF} ${PKGINST} /usr/local/etc/sshd.init 2>&1 > /dev/null # suppress output + +# confirm the changes to the pkgdb (removef -f) +${REMOVEF} -f ${PKGINST} + +# Now that the holds from the pkgdb are gone, move the script to it's final destination. +mv /usr/local/etc/sshd.init /etc/init.d/sshd.local + +# Install new *symlinks* +ln -s /etc/init.d/sshd.local /etc/rc0.d/K30sshd.local +ln -s /etc/init.d/sshd.local /etc/rc1.d/K30sshd.local +ln -s /etc/init.d/sshd.local /etc/rc2.d/S78sshd.local +ln -s /etc/init.d/sshd.local /etc/rcS.d/K30sshd.local + +# Then installf the new pathnames +${INSTALLF} ${PKGINST} /etc/init.d/sshd.local f 744 root sys +${INSTALLF} ${PKGINST} /etc/rc2.d/S78sshd.local=/etc/init.d/sshd.local s +${INSTALLF} ${PKGINST} /etc/rc1.d/K30sshd.local=/etc/init.d/sshd.local s +${INSTALLF} ${PKGINST} /etc/rc0.d/K30sshd.local=/etc/init.d/sshd.local s +${INSTALLF} ${PKGINST} /etc/rcS.d/K30sshd.local=/etc/init.d/sshd.local s + +# confirm the changes to the pkgdb (installf -f) +${INSTALLF} -f ${PKGINST} + +#uh yeah, better make sure that /var/run exists aswell (for pid files) +echo "Checking to see if /var/run exists... \c" +if [ ! -d /var/run ]; then + echo "no, creating..." + mkdir -p /var/run; + chown root:sys /var/run; + chmod 755 /var/run +else + echo "yes" +fi + +# New in OpenSSH 3.3+ is Privilege seperation, it requires an empty dir to chroot into +# and an unprivileged user to run as. +echo "Checking to see if /var/empty/sshd exists... \c" +if [ ! -d /var/empty ]; then + echo "no, creating..." + mkdir -p /var/empty/sshd + chown root:sys /var/empty/sshd + chmod 755 /var/empty/sshd +else + echo "yes" +fi + +# Attempt to create a group & user for sshd +echo "Checking for sshd group... \c" +temp=`$GREP sshd /etc/group` +if [ -n "$temp" ]; then + echo "yes" + gid=`echo $temp|$CUT -d : -f 3` + if [ "$gid" != "$SSHID" ]; then + echo " Group sshd found but gid does not match with the preferred ($SSHID)" + echo " I will continue anyway, but please check up on this afterwards!" + fi +else + echo "no" + echo " Attempting to create sshd group (gid=$SSHID)" + $GROUPADD -g $SSHID sshd + gid=$SSHID +fi + +echo "Checking for sshd user... \c" +temp=`$GREP sshd /etc/passwd` +if [ -n "$temp" ]; then + echo "yes" + uid=`echo $temp|$CUT -d : -f 3` + ugid=`echo $temp|$CUT -d : -f 4` + if [ "$uid" != "$SSHID" ]; then + echo " User sshd found but uid doesn't match with the preferred ($SSHID)" + echo " I will continue anyway, but please check up on this afterwards!" + fi + if [ "$ugid" != "$gid" ]; then + echo " User sshd doesn't have group sshd!" + echo " I will continue anyway, but this is a critical error that must be resolved" + echo " before privilege seperation can be enabled!" + fi +else + echo "no" + echo " Attempting to create sshd user (uid=$SSHID, gid=$SSHID)" + $USERADD -u $SSHID -g $SSHID -c "sshd privsep" -d /var/empty/sshd -s /bin/false sshd +fi + +# FIXME Other stuff about the user/group situation should probably be checked +# FIXME like the homedir and shell of the sshd user + +# Notice how the ssh host keys are not associated with the SBossh package. +# I find that convenient as I'm sure that they don't disappear if someone +# uninstalls the package. +# This is nice because we can then avoid the "hostid changed" warnings. +# The config files will not be associated with the package either, this way when +# installing a newer version the config files will be in place and will be preserved + +# If original config-files where preserved, urge the operator +# to check the new default files for hints on recommended configuration +if [ "$CHECKCONF" = "1" ] ; then + echo "#######" + echo "" + echo "Please check the *.default config files for configuration hints" + echo "and update your existing config files accordingly." +fi diff --git a/openssh/meta/postremove b/openssh/meta/postremove new file mode 100644 index 0000000..e2a69fd --- /dev/null +++ b/openssh/meta/postremove @@ -0,0 +1,9 @@ +# Inform the operator that ssh configfiles and keys are intact +echo "" +echo "!!ATTENTION!!" +echo "SSH configfiles and keys are still available in ${BASEDIR}/etc/" +echo "Please make sure that you remove these if you won't be using them again." +echo "" +echo "No attempt has been made to remove user and group sshd" +echo "These should be manually removed if they are no longer used." +echo "" diff --git a/openssh/meta/preremove b/openssh/meta/preremove new file mode 100644 index 0000000..d65ad65 --- /dev/null +++ b/openssh/meta/preremove @@ -0,0 +1 @@ +/etc/init.d/sshd.local stop diff --git a/openssh/src/sshd.init b/openssh/src/sshd.init new file mode 100755 index 0000000..e4fbef2 --- /dev/null +++ b/openssh/src/sshd.init @@ -0,0 +1,40 @@ +#!/bin/sh + +# Script to control ssh server start/stop +# History: +# Please see CVS for history information + +pidfile=/var/run/sshd.pid +desc="sshd" + +mode=$1 + +set `/usr/xpg4/bin/id -u` +if [ $1 = "0" ]; then + +case $mode in + +'start' ) if [ -r $pidfile ]; then + echo "A pidfile was found, trying to stop $desc first" + $0 stop + fi + echo "Starting $desc" + /usr/local/sbin/sshd + ;; +'stop' ) if [ -r $pidfile ]; then + echo "Stopping $desc" + kill `cat $pidfile` + else + echo "$desc already stopped (no pid file found)" + fi + ;; +'restart') $0 stop + $0 start + ;; +*) echo "Usage: $0 {start|stop|restart}" +esac + +else + echo "$0: this script must be run as root... fatal error" + +fi