openssh converted to the new-style buildpkg environment
the script files in meta are unchanged from the last commit in the old tree (now openssh.old)
This commit is contained in:
Tom G. Christensen
tgc
11
openssh/meta/pkginfo.in
Normal file
11
openssh/meta/pkginfo.in
Normal file
@@ -0,0 +1,11 @@
|
||||
PKG="%%pkgname%%"
|
||||
NAME="%%name%%"
|
||||
ARCH="sparc"
|
||||
VERSION="%%version%%"
|
||||
CATEGORY="application"
|
||||
VENDOR="http://www.openssh.org"
|
||||
EMAIL="Tom G. Christenen - tgc@statsbiblioteket.dk"
|
||||
PSTAMP="%%pkgver%%"
|
||||
BASEDIR="%%topinstalldir%%"
|
||||
CLASSES="none"
|
||||
DESC="Secure Shell remote access utility"
|
||||
169
openssh/meta/postinstall
Normal file
169
openssh/meta/postinstall
Normal file
@@ -0,0 +1,169 @@
|
||||
INSTALLF=/usr/sbin/installf
|
||||
REMOVEF=/usr/sbin/removef
|
||||
GROUPADD=/usr/sbin/groupadd
|
||||
USERADD=/usr/sbin/useradd
|
||||
GREP=/usr/bin/grep
|
||||
CUT=/usr/bin/cut
|
||||
CAT=/usr/bin/cat
|
||||
|
||||
CONFDIR=${BASEDIR}/etc
|
||||
DESTBIN=${BASEDIR}/bin
|
||||
CHECKCONF=0
|
||||
SSHID=199
|
||||
|
||||
# We provide default config-files, check and see if they should be installed.
|
||||
if [ ! -f "${CONFDIR}/ssh_config" ] ; then
|
||||
cp -p ${CONFDIR}/ssh_config.default ${CONFDIR}/ssh_config
|
||||
echo "Installing new ssh_config"
|
||||
else
|
||||
echo "Keeping existing ssh_config"
|
||||
CHECKCONF=1
|
||||
fi
|
||||
if [ ! -f "${CONFDIR}/sshd_config" ] ; then
|
||||
cp -p ${CONFDIR}/sshd_config.default ${CONFDIR}/sshd_config
|
||||
echo "Installing new sshd_config"
|
||||
else
|
||||
echo "Keeping existing sshd_config"
|
||||
CHECKCONF=1
|
||||
fi
|
||||
if [ -f "${CONFDIR}/ssh_prng_cmds" ] ; then
|
||||
rm -f ${CONFDIR}/ssh_prng_cmds.default ${CONFDIR}/ssh_prng_cmds
|
||||
echo "Removing unneeded ssh_prng_cmds file"
|
||||
|
||||
fi
|
||||
if [ ! -f "${CONFDIR}/moduli" ] ; then
|
||||
if [ -f "${CONFDIR}/primes" ]; then
|
||||
echo "Keeping existing primes but renaming it to moduli"
|
||||
mv ${CONFDIR}/primes ${CONFDIR}/moduli
|
||||
else
|
||||
echo "Installing new moduli (formerly known as primes)"
|
||||
cp -p ${CONFDIR}/moduli.default ${CONFDIR}/moduli
|
||||
fi
|
||||
else
|
||||
echo "Keeping existing moduli"
|
||||
fi
|
||||
|
||||
# We will try to preserve any existing keys
|
||||
if [ -f "${CONFDIR}/ssh_host_key" ] ; then
|
||||
echo "Keeping existing ssh_host_key"
|
||||
else
|
||||
${DESTBIN}/ssh-keygen -t rsa1 -f ${CONFDIR}/ssh_host_key -N ""
|
||||
fi
|
||||
if [ -f "${CONFDIR}/ssh_host_dsa_key" ] ; then
|
||||
echo "Keeping existing ssh_host_dsa_key"
|
||||
else
|
||||
${DESTBIN}/ssh-keygen -t dsa -f ${CONFDIR}/ssh_host_dsa_key -N ""
|
||||
fi
|
||||
if [ -f "${CONFDIR}/ssh_host_rsa_key" ] ; then
|
||||
echo "Keeping existing ssh_host_rsa_key"
|
||||
else
|
||||
${DESTBIN}/ssh-keygen -t rsa -f ${CONFDIR}/ssh_host_rsa_key -N ""
|
||||
fi
|
||||
|
||||
# Right, now move the init script into place and make some symlinks
|
||||
# for automatic startup.
|
||||
|
||||
# start by removing knowledge of sshd.init from the pkgdb
|
||||
${REMOVEF} ${PKGINST} /usr/local/etc/sshd.init 2>&1 > /dev/null # suppress output
|
||||
|
||||
# confirm the changes to the pkgdb (removef -f)
|
||||
${REMOVEF} -f ${PKGINST}
|
||||
|
||||
# Now that the holds from the pkgdb are gone, move the script to it's final destination.
|
||||
mv /usr/local/etc/sshd.init /etc/init.d/sshd.local
|
||||
|
||||
# Install new *symlinks*
|
||||
ln -s /etc/init.d/sshd.local /etc/rc0.d/K30sshd.local
|
||||
ln -s /etc/init.d/sshd.local /etc/rc1.d/K30sshd.local
|
||||
ln -s /etc/init.d/sshd.local /etc/rc2.d/S78sshd.local
|
||||
ln -s /etc/init.d/sshd.local /etc/rcS.d/K30sshd.local
|
||||
|
||||
# Then installf the new pathnames
|
||||
${INSTALLF} ${PKGINST} /etc/init.d/sshd.local f 744 root sys
|
||||
${INSTALLF} ${PKGINST} /etc/rc2.d/S78sshd.local=/etc/init.d/sshd.local s
|
||||
${INSTALLF} ${PKGINST} /etc/rc1.d/K30sshd.local=/etc/init.d/sshd.local s
|
||||
${INSTALLF} ${PKGINST} /etc/rc0.d/K30sshd.local=/etc/init.d/sshd.local s
|
||||
${INSTALLF} ${PKGINST} /etc/rcS.d/K30sshd.local=/etc/init.d/sshd.local s
|
||||
|
||||
# confirm the changes to the pkgdb (installf -f)
|
||||
${INSTALLF} -f ${PKGINST}
|
||||
|
||||
#uh yeah, better make sure that /var/run exists aswell (for pid files)
|
||||
echo "Checking to see if /var/run exists... \c"
|
||||
if [ ! -d /var/run ]; then
|
||||
echo "no, creating..."
|
||||
mkdir -p /var/run;
|
||||
chown root:sys /var/run;
|
||||
chmod 755 /var/run
|
||||
else
|
||||
echo "yes"
|
||||
fi
|
||||
|
||||
# New in OpenSSH 3.3+ is Privilege seperation, it requires an empty dir to chroot into
|
||||
# and an unprivileged user to run as.
|
||||
echo "Checking to see if /var/empty/sshd exists... \c"
|
||||
if [ ! -d /var/empty ]; then
|
||||
echo "no, creating..."
|
||||
mkdir -p /var/empty/sshd
|
||||
chown root:sys /var/empty/sshd
|
||||
chmod 755 /var/empty/sshd
|
||||
else
|
||||
echo "yes"
|
||||
fi
|
||||
|
||||
# Attempt to create a group & user for sshd
|
||||
echo "Checking for sshd group... \c"
|
||||
temp=`$GREP sshd /etc/group`
|
||||
if [ -n "$temp" ]; then
|
||||
echo "yes"
|
||||
gid=`echo $temp|$CUT -d : -f 3`
|
||||
if [ "$gid" != "$SSHID" ]; then
|
||||
echo " Group sshd found but gid does not match with the preferred ($SSHID)"
|
||||
echo " I will continue anyway, but please check up on this afterwards!"
|
||||
fi
|
||||
else
|
||||
echo "no"
|
||||
echo " Attempting to create sshd group (gid=$SSHID)"
|
||||
$GROUPADD -g $SSHID sshd
|
||||
gid=$SSHID
|
||||
fi
|
||||
|
||||
echo "Checking for sshd user... \c"
|
||||
temp=`$GREP sshd /etc/passwd`
|
||||
if [ -n "$temp" ]; then
|
||||
echo "yes"
|
||||
uid=`echo $temp|$CUT -d : -f 3`
|
||||
ugid=`echo $temp|$CUT -d : -f 4`
|
||||
if [ "$uid" != "$SSHID" ]; then
|
||||
echo " User sshd found but uid doesn't match with the preferred ($SSHID)"
|
||||
echo " I will continue anyway, but please check up on this afterwards!"
|
||||
fi
|
||||
if [ "$ugid" != "$gid" ]; then
|
||||
echo " User sshd doesn't have group sshd!"
|
||||
echo " I will continue anyway, but this is a critical error that must be resolved"
|
||||
echo " before privilege seperation can be enabled!"
|
||||
fi
|
||||
else
|
||||
echo "no"
|
||||
echo " Attempting to create sshd user (uid=$SSHID, gid=$SSHID)"
|
||||
$USERADD -u $SSHID -g $SSHID -c "sshd privsep" -d /var/empty/sshd -s /bin/false sshd
|
||||
fi
|
||||
|
||||
# FIXME Other stuff about the user/group situation should probably be checked
|
||||
# FIXME like the homedir and shell of the sshd user
|
||||
|
||||
# Notice how the ssh host keys are not associated with the SBossh package.
|
||||
# I find that convenient as I'm sure that they don't disappear if someone
|
||||
# uninstalls the package.
|
||||
# This is nice because we can then avoid the "hostid changed" warnings.
|
||||
# The config files will not be associated with the package either, this way when
|
||||
# installing a newer version the config files will be in place and will be preserved
|
||||
|
||||
# If original config-files where preserved, urge the operator
|
||||
# to check the new default files for hints on recommended configuration
|
||||
if [ "$CHECKCONF" = "1" ] ; then
|
||||
echo "#######"
|
||||
echo ""
|
||||
echo "Please check the *.default config files for configuration hints"
|
||||
echo "and update your existing config files accordingly."
|
||||
fi
|
||||
9
openssh/meta/postremove
Normal file
9
openssh/meta/postremove
Normal file
@@ -0,0 +1,9 @@
|
||||
# Inform the operator that ssh configfiles and keys are intact
|
||||
echo ""
|
||||
echo "!!ATTENTION!!"
|
||||
echo "SSH configfiles and keys are still available in ${BASEDIR}/etc/"
|
||||
echo "Please make sure that you remove these if you won't be using them again."
|
||||
echo ""
|
||||
echo "No attempt has been made to remove user and group sshd"
|
||||
echo "These should be manually removed if they are no longer used."
|
||||
echo ""
|
||||
1
openssh/meta/preremove
Normal file
1
openssh/meta/preremove
Normal file
@@ -0,0 +1 @@
|
||||
/etc/init.d/sshd.local stop
|
||||
Reference in New Issue
Block a user