Update to 5.0.

I've decided to change BASEDIR to / and take all the init scripts and stuff out of the postintall script. This marks a change from how opensshs own make package target does it.
2008-04-28 19:26:05 +00:00 · 2008-04-28 19:26:05 +00:00 · b541704ca1
commit b541704ca1
parent ee8cca6cfc
8 changed files with 191 additions and 141 deletions
--- a/openssh/build.sh
+++ b/openssh/build.sh
@ -9,8 +9,8 @@
 ###########################################################
 # Check the following 4 variables before running the script
 topdir=openssh
-version=4.7p1
+version=5.0p1
-pkgver=2
+pkgver=1
 source[0]=$topdir-$version.tar.gz
 # If there are no patches, simply comment this
 #patch[0]=
@ -19,14 +19,10 @@ source[0]=$topdir-$version.tar.gz
 . ${BUILDPKG_BASE}/scripts/buildpkg.functions
 # Global settings
-export LDFLAGS="-R/usr/local/lib -L/usr/local/lib"
+export LDFLAGS="-R$prefix/lib -L$prefix/lib"
-export CPPFLAGS="-I/usr/local/include"
+export CPPFLAGS="-I$prefix/include"
 # Use prngd socket (For Solaris 2.6,7 & 8 without patch 112438)
 #export ENTROPY="--with-prngd-socket=/var/run/egd-pool"
 # Use /dev/random (For Solaris 9 & 8 with patch 112438)
 export ENTROPY="--without-prngd --without-rand-helper"
 configure_args='--prefix=$prefix --sysconfdir=$prefix/${_sysconfdir} --datadir=$prefix/${_sharedir}/openssh --with-default-path=/usr/bin:/usr/local/bin --with-mantype=cat --with-pam --disable-suid-ssh --without-rsh --with-privsep-user=sshd --with-privsep-path=/var/empty/sshd --with-superuser-path=/usr/bin:/usr/sbin:/usr/local/bin --with-lastlog=/var/adm/lastlog --without-zlib-version-check $ENTROPY'
 configure_args="--prefix=$prefix --mandir=$prefix/$_mandir --sysconfdir=$prefix/${_sysconfdir}/ssh --datadir=$prefix/${_sharedir}/openssh --with-default-path=/usr/bin:$prefix/${_bindir} --with-mantype=cat --with-pam --disable-suid-ssh --without-rsh --with-privsep-user=sshd --with-privsep-path=/var/empty/sshd --with-superuser-path=/usr/bin:/usr/sbin:$prefix/$_bindir:$prefix/$_sbindir --with-lastlog=/var/adm/lastlog --without-zlib-version-check"
 reg prep
 prep()
@ -45,18 +41,36 @@ install()
 {
    clean stage
    setdir source
-    $MAKE_PROG DESTDIR=$stagedir install-nokeys
+    ${__make} DESTDIR=$stagedir install-nokeys
-    setdir ${stagedir}${prefix}/${_sysconfdir}
+
-    for i in *; do ${MV} $i $i.default; done
+    ${__mkdir} -p ${stagedir}/${_sysconfdir}/init.d
-    ${CP} -p $srcdir/sshd.init $stagedir/usr/local/etc
+    ${__mkdir} -p ${stagedir}/${_sysconfdir}/rc0.d
    ${__mkdir} -p ${stagedir}/${_sysconfdir}/rc1.d
    ${__mkdir} -p ${stagedir}/${_sysconfdir}/rc2.d
    ${__mkdir} -p ${stagedir}/${_sysconfdir}/rcS.d
    ${__mkdir} -p ${stagedir}/var/empty/sshd
    # Install initscript
    ${__cp} $srcdir/sshd.init ${stagedir}/${_sysconfdir}/init.d/tgc_sshd
    chmod 755 ${stagedir}/${_sysconfdir}/init.d/tgc_sshd
    (setdir ${stagedir}/${_sysconfdir}/rc0.d; ${__ln} -sf ../init.d/tgc_sshd K02tgc_sshd)
    (setdir ${stagedir}/${_sysconfdir}/rc1.d; ${__ln} -sf ../init.d/tgc_sshd K02tgc_sshd)
    (setdir ${stagedir}/${_sysconfdir}/rcS.d; ${__ln} -sf ../init.d/tgc_sshd K02tgc_sshd)
    (setdir ${stagedir}/${_sysconfdir}/rc2.d; ${__ln} -sf ../init.d/tgc_sshd S98tgc_sshd)
    custom_install=1
    generic_install
    doc CREDITS ChangeLog INSTALL LICENCE OVERVIEW README README.privsep README.smartcard RFC.nroff TODO WARNING.RNG
- }
+
    setdir ${stagedir}${prefix}/${_sysconfdir}/ssh
    for i in *; do ${__mv} $i $i.default; done
 }
 reg pack
 pack()
 {
    lprefix=${prefix#/*}
    topinstalldir=/
    generic_pack
 }
--- a/openssh/meta/depend.openssh
+++ b/openssh/meta/depend.openssh
@ -1,2 +0,0 @@
 P   SBossl098glib   OpenSSL - Secure Socket Layer
 P   SBlibgccso1	    libgcc_s.so.1 from gcc 3.3.2+
--- a/openssh/meta/pkgdef
+++ b/openssh/meta/pkgdef
@ -1,9 +1,36 @@
 [openssh]
-pkgname="$pkgprefix""ossh"
+pkgname="${pkgprefix}ossh"
-name="OpenSSH portable for Solaris"
+name="openssh - OpenSSH portable"
 pkgcat="application"
 pkgvendor="http://www.openssh.org"
-pkgdesc="Secure Shell remote access utility"
+pkgdesc="Secure remote access utilities"
 pkgver="$pkgver"
 #
 files(-,root,bin)
-*
+dir $_sysconfdir
 #
 files(775,root,sys)
 dir $_sysconfdir/init.d
 dir $_sysconfdir/rc0.d
 dir $_sysconfdir/rc1.d
 dir $_sysconfdir/rc2.d
 dir $_sysconfdir/rcS.d
 dir usr
 dir usr/tgcware
 dir var
 dir var/empty
 #
 files(711,root,sys)
 dir var/empty/sshd
 #
 files(-,root,sys)
 ${_sysconfdir}/*/*tgc_sshd
 $lprefix/$_bindir
 $lprefix/$_sbindir
 $lprefix/$_mandir
 $lprefix/$_sysconfdir
 $lprefix/libexec/ssh-keysign
 $lprefix/libexec/sftp-server
 ${lprefix}/${_sharedir}/openssh/Ssh.bin
 default_docs
--- a/openssh/meta/postinstall.openssh
+++ b/openssh/meta/postinstall.openssh
@ -1,125 +1,83 @@
 INSTALLF=/usr/sbin/installf
 REMOVEF=/usr/sbin/removef
 GROUPADD=/usr/sbin/groupadd
 USERADD=/usr/sbin/useradd
 GREP=/usr/bin/grep
 CUT=/usr/bin/cut
 CAT=/usr/bin/cat
-CONFDIR=${BASEDIR}/etc
+PREFIX=/usr/tgcware
-DESTBIN=${BASEDIR}/bin
+OLDCONFDIR=/usr/local/etc
 CONFDIR=${PREFIX}/etc/ssh
 DESTBIN=${PREFIX}/bin
 CHECKCONF=0
 OLDCONF=0
 SSHID=199
 # We provide default config-files, check and see if they should be installed.
-if [ ! -f "${CONFDIR}/ssh_config" ] ; then
+for config in ssh_config sshd_config; do
-	cp -p ${CONFDIR}/ssh_config.default ${CONFDIR}/ssh_config
+    if [ ! -f "${CONFDIR}/$config" ] ; then
-	echo "Installing new ssh_config"
+	# No config, it might be an upgrade scenario
-else
+	if [ -f "${OLDCONFDIR}/$config" ] ; then
-	echo "Keeping existing ssh_config"
+	    cp -p ${OLDCONFDIR}/$config ${CONFDIR}
-	CHECKCONF=1
+	    echo "Migrating $OLDCONFDIR/$config to $CONFDIR"
-fi
+	    OLDCONF=1
 if [ ! -f "${CONFDIR}/sshd_config" ] ; then
 	cp -p ${CONFDIR}/sshd_config.default ${CONFDIR}/sshd_config
 	echo "Installing new sshd_config"
 else
 	echo "Keeping existing sshd_config"
 	CHECKCONF=1
 fi
 if [ -f "${CONFDIR}/ssh_prng_cmds" ] ; then
 	rm -f ${CONFDIR}/ssh_prng_cmds.default ${CONFDIR}/ssh_prng_cmds
 	echo "Removing unneeded ssh_prng_cmds file"
 fi
 if [ ! -f "${CONFDIR}/moduli" ] ; then
 	if [ -f "${CONFDIR}/primes" ]; then
 		echo "Keeping existing primes but renaming it to moduli"
 		mv ${CONFDIR}/primes ${CONFDIR}/moduli
 	else
-		echo "Installing new moduli (formerly known as primes)"
+	    cp -p ${CONFDIR}/$config.default ${CONFDIR}/$config
-		cp -p ${CONFDIR}/moduli.default ${CONFDIR}/moduli
+	    echo "Installing new $config"
 	fi
-else
+    else
-	echo "Keeping existing moduli"
+	echo "Keeping existing $config"
 	CHECKCONF=1
    fi
 done
 if [ -f "${CONFDIR}/ssh_prng_cmds" ] ; then
    rm -f ${CONFDIR}/ssh_prng_cmds.default ${CONFDIR}/ssh_prng_cmds
    echo "Removing unneeded ssh_prng_cmds file"
 fi
-# We will try to preserve any existing keys
+if [ ! -f "${CONFDIR}/moduli" ] ; then
-if [ -f "${CONFDIR}/ssh_host_key" ] ; then
+    if [ -f "${OLDCONFDIR}" ]; then
-	echo "Keeping existing ssh_host_key"
+	cp -p $OLDCONFDIR/moduli $CONFDIR
 	echo "Migrating $OLDCONFDIR/module to $CONFDIR"
 	OLDCONF=1
    else
 	if [ -f "${CONFDIR}/primes" ]; then
 	    echo "Keeping existing primes but renaming it to moduli"
 	    mv ${CONFDIR}/primes ${CONFDIR}/moduli
 	else
 	    echo "Installing new moduli (formerly known as primes)"
 	    cp -p ${CONFDIR}/moduli.default ${CONFDIR}/moduli
 	fi
    fi
 else
-	${DESTBIN}/ssh-keygen -t rsa1 -f ${CONFDIR}/ssh_host_key -N ""
+    echo "Keeping existing moduli"
 fi
 if [ -f "${CONFDIR}/ssh_host_dsa_key" ] ; then
 	echo "Keeping existing ssh_host_dsa_key"
 else
 	${DESTBIN}/ssh-keygen -t dsa -f ${CONFDIR}/ssh_host_dsa_key -N ""
 fi
 if [ -f "${CONFDIR}/ssh_host_rsa_key" ] ; then
 	echo "Keeping existing ssh_host_rsa_key"
 else
 	${DESTBIN}/ssh-keygen -t rsa -f ${CONFDIR}/ssh_host_rsa_key -N ""
 fi
-# Right, now move the init script into place and make some symlinks 
+# We will try to preserve any existing keys from an old setup
-# for automatic startup.
+# Note that new keygen is done in the init script
-
+for keyfile in ssh_host_key ssh_host_dsa_key ssh_host_rsa_key; do
-# start by removing knowledge of sshd.init from the pkgdb
+    if [ ! -f "${CONFDIR}/$keyfile" ] ; then
-${REMOVEF} ${PKGINST} /usr/local/etc/sshd.init 2>&1 > /dev/null # suppress output
+	# Check and see if we might find it in $OLDCONFDIR
-
+	if [ -f "${OLDCONFDIR}/$keyfile" ]; then
-# confirm the changes to the pkgdb (removef -f)
+	    cp -p $OLDCONFDIR/$keyfile $CONFDIR
-${REMOVEF} -f ${PKGINST}
+	    cp -p $OLDCONFDIR/${keyfile}.pub $CONFDIR
-
+	    echo "Migrating $OLDCONFDIR/$keyfile to $CONFDIR"
-# Now that the holds from the pkgdb are gone, move the script to it's final destination.
+	    OLDCONF=1
-mv /usr/local/etc/sshd.init /etc/init.d/sshd.local
+	fi
-
+    fi
-# Install new *symlinks*
+done
 ln -sf /etc/init.d/sshd.local /etc/rc0.d/K30sshd.local
 ln -sf /etc/init.d/sshd.local /etc/rc1.d/K30sshd.local
 ln -sf /etc/init.d/sshd.local /etc/rc2.d/S78sshd.local
 ln -sf /etc/init.d/sshd.local /etc/rcS.d/K30sshd.local
 # Then installf the new pathnames
 ${INSTALLF} ${PKGINST} /etc/init.d/sshd.local f 744 root sys
 ${INSTALLF} ${PKGINST} /etc/rc2.d/S78sshd.local=/etc/init.d/sshd.local s
 ${INSTALLF} ${PKGINST} /etc/rc1.d/K30sshd.local=/etc/init.d/sshd.local s
 ${INSTALLF} ${PKGINST} /etc/rc0.d/K30sshd.local=/etc/init.d/sshd.local s
 ${INSTALLF} ${PKGINST} /etc/rcS.d/K30sshd.local=/etc/init.d/sshd.local s
 # confirm the changes to the pkgdb (installf -f)
 ${INSTALLF} -f ${PKGINST}
 #uh yeah, better make sure that /var/run exists aswell (for pid files)
 echo "Checking to see if /var/run exists... \c"
 if [ ! -d /var/run ]; then
   echo "no, creating..."
   mkdir -p /var/run;
   chown root:sys /var/run;
   chmod 755 /var/run
 else
    echo "yes"
 fi
 # New in OpenSSH 3.3+ is Privilege seperation, it requires an empty dir to chroot into
 # and an unprivileged user to run as.
 echo "Checking to see if /var/empty/sshd exists... \c"
 if [ ! -d /var/empty ]; then
    echo "no, creating..."
    mkdir -p /var/empty/sshd
    chown root:sys /var/empty/sshd
    chmod 755 /var/empty/sshd
 else
    echo "yes"
 fi
 # OpenSSH 3.3+ has privilege seperation which requires a user/group to run
 # Attempt to create a group & user for sshd
 echo "Checking for sshd group... \c"
 temp=`$GREP sshd /etc/group`
 if [ -n "$temp" ]; then
    echo "yes"
-    gid=`echo $temp|$CUT -d : -f 3`
+    gid=`echo $temp|$CUT -d: -f3`
    if [ "$gid" != "$SSHID" ]; then
-	echo "  Group sshd found but gid does not match with the preferred ($SSHID)"
+        echo "  Group sshd found but gid does not match with the preferred ($SSHID)!"
-	echo "  I will continue anyway, but please check up on this afterwards!"
+	echo "  This is not a critical error but please make sure this group"
 	echo "  is one you actually want to use for sshd."
    fi
 else
    echo "no"
@ -132,16 +90,28 @@ echo "Checking for sshd user... \c"
 temp=`$GREP sshd /etc/passwd`
 if [ -n "$temp" ]; then
    echo "yes"
-    uid=`echo $temp|$CUT -d : -f 3`
+    uid=`echo $temp|$CUT -d: -f3`
-    ugid=`echo $temp|$CUT -d : -f 4`
+    ugid=`echo $temp|$CUT -d: -f4`
    if [ "$uid" != "$SSHID" ]; then
-	echo "  User sshd found but uid doesn't match with the preferred ($SSHID)"
+        echo "  User sshd found but uid doesn't match with the preferred ($SSHID)!"
-	echo "  I will continue anyway, but please check up on this afterwards!"
+	echo "  This is not a critical error but please make sure this user"
 	echo "  is one you actually want to use for sshd."
    fi
    if [ "$ugid" != "$gid" ]; then
-	echo "  User sshd doesn't have group sshd!"
+        echo "  User sshd doesn't have group sshd!"
-	echo "  I will continue anyway, but this is a critical error that must be resolved"
+        echo "  This is a critical error that must be resolved"
-	echo "  before privilege seperation can be enabled!"
+        echo "  before privilege seperation can be enabled."
 	echo "  Since privilege seperation is on by default this problem"
 	echo "  will prevent sshd from starting."
    fi
    if [ "`echo $temp|$CUT -d: -f6`" != "/var/empty/sshd" ]; then
 	echo "  User sshd does not have homedir in /var/empty/sshd!"
 	echo "  This is a possible security risk so please make sure that"
 	echo "  user sshd has a homedir accessable only by root (perm 711)."
    fi
    if [ "`echo $temp|$CUT -d: -f7`" != "/bin/false" ]; then
 	echo "  User sshd does not have /bin/false as its shell!"
 	echo "  Please verify that the sshd user has a non-login shell."
    fi
 else
    echo "no"
@ -149,10 +119,7 @@ else
    $USERADD -u $SSHID -g $SSHID -c "sshd privsep" -d /var/empty/sshd -s /bin/false sshd
 fi
-# FIXME Other stuff about the user/group situation should probably be checked
+# Notice how the ssh host keys are not associated with the package.
 # FIXME like the homedir and shell of the sshd user
 # Notice how the ssh host keys are not associated with the SBossh package.
 # I find that convenient as I'm sure that they don't disappear if someone
 # uninstalls the package.
 # This is nice because we can then avoid the "hostid changed" warnings.  
@ -167,3 +134,16 @@ if [ "$CHECKCONF" = "1" ] ; then
 	echo "Please check the *.default config files for configuration hints"
 	echo "and update your existing config files accordingly."
 fi
 # Try and catch the upgrade scenario from previous packages which had
 # config in etc and not etc/ssh
 if [ "$OLDCONF" = "1" ] ; then
 	echo "#######"
 	echo ""
 	echo "Configuration files and keys was found in $OLDCONFDIR"
 	echo "If you're upgrading from a previous release then please"
 	echo "make sure to migrate any settings and keys to the new config location"
 	echo "in $CONFDIR and remove the old files."
 	echo "Also please check the *.default config files for configuration hints"
 	echo "and update your existing config files accordingly."
 fi
--- a/openssh/meta/postremove.openssh
+++ b/openssh/meta/postremove.openssh
@ -1,7 +1,8 @@
 PREFIX=/usr/tgcware
 # Inform the operator that ssh configfiles and keys are intact
 echo ""
 echo "!!ATTENTION!!"
-echo "SSH configfiles and keys are still available in ${BASEDIR}/etc/"
+echo "SSH configfiles and keys are still available in ${PREFIX}/etc/ssh"
 echo "Please make sure that you remove these if you won't be using them again."
 echo ""
 echo "No attempt has been made to remove user and group sshd"
--- a/openssh/meta/preremove.openssh
+++ b/openssh/meta/preremove.openssh
@ -1 +1 @@
-/etc/init.d/sshd.local stop
+/etc/init.d/tgc_sshd stop
--- a/openssh/meta/space.openssh
+++ b/openssh/meta/space.openssh
@ -1,4 +0,0 @@
 /etc/rcS.d/K30sshd.local 0 1
 /etc/rc0.d/K30sshd.local 0 1
 /etc/rc1.d/K30sshd.local 0 1
 /etc/rc2.d/S78sshd.local 0 1
--- a/openssh/src/sshd.init
+++ b/openssh/src/sshd.init
@ -1,13 +1,42 @@
 #!/bin/sh
 # Script to control ssh server start/stop
-# History:
+# Written by Tom G. Christensen <swpkg@jupiterrise.com>
 #   Please see CVS for history information
-SSHD=/usr/local/sbin/sshd
+SSHD=/usr/tgcware/sbin/sshd
 KEYGEN=/usr/tgcware/bin/ssh-keygen
 RSA1_KEY=/usr/tgcware/etc/ssh/ssh_host_key
 RSA_KEY=/usr/tgcware/etc/ssh/ssh_host_rsa_key
 DSA_KEY=/usr/tgcware/etc/ssh/ssh_host_dsa_key
 ECHO=/usr/bin/echo
 pidfile=/var/run/sshd.pid
 check_pid_dir()
 {
        if [ ! -d /var/run ]; then
                mkdir -p /var/run
                chown root.sys /var/run
                chmod 755 /var/run
        fi
 }
 do_hostkeygen()
 {
        if [ ! -s $RSA1_KEY ]; then
                $ECHO "Generating $RSA1_KEY: "
                $KEYGEN -q -t rsa1 -f $RSA1_KEY -N '' > /dev/null 2>&1
        fi
        if [ ! -s $RSA_KEY ]; then
                $ECHO "Generating $RSA_KEY: "
                $KEYGEN -q -t rsa -f $RSA_KEY -N '' > /dev/null 2>&1
        fi
        if [ ! -s $DSA_KEY ]; then
                $ECHO "Generating $DSA_KEY: "
                $KEYGEN -q -t dsa -f $DSA_KEY -N '' > /dev/null 2>&1
        fi
 }
 kill_sshd()
 {
        if [ -r $pidfile ]; then
@ -26,9 +55,14 @@ if [ $1 = "0" ]; then
 case $mode in
    start)
 	kill_sshd
-	echo "Starting sshd" 
+        if test -x $SSHD; then
-	$SSHD
+            $ECHO "Starting sshd:\c"
-	;;
+            do_hostkeygen
            check_pid_dir
 	    $SSHD
            $ECHO "."
        fi
        ;;
    stop) 
 	kill_sshd
 	exit 0
		`@ -1,2 +0,0 @@`
			`P SBossl098glib OpenSSL - Secure Socket Layer`
			`P SBlibgccso1 libgcc_s.so.1 from gcc 3.3.2+`
`@ -1 +1 @@`
	`/etc/init.d/sshd.local stop`	`/etc/init.d/tgc_sshd stop`