diff --git a/ChangeLog b/ChangeLog index d3c7590dc..15b2b6eba 100644 --- a/ChangeLog +++ b/ChangeLog @@ -25,6 +25,7 @@ - markus@cvs.openbsd.org 2002/06/25 18:51:04 [sshd.c] lightweight do_setusercontext after chroot() + - (bal) Updated AIX package build. Patch by dtucker@zip.com.au 20020625 - (stevesk) [INSTALL acconfig.h configure.ac defines.h] remove --with-rsh @@ -1124,4 +1125,4 @@ - (stevesk) entropy.c: typo in debug message - (djm) ssh-keygen -i needs seeded RNG; report from markus@ -$Id: ChangeLog,v 1.2281 2002/06/25 23:24:18 mouring Exp $ +$Id: ChangeLog,v 1.2282 2002/06/25 23:38:47 mouring Exp $ diff --git a/contrib/aix/README b/contrib/aix/README index a08c08441..033fd0a5d 100644 --- a/contrib/aix/README +++ b/contrib/aix/README @@ -25,6 +25,10 @@ Other notes: The script treats all packages as USR packages (not ROOT+USR when appropriate). It seems to work, though...... +If there are any patches to this that have not yet been integrated they +may be found at http://www.zip.com.au/~dtucker/openssh/ or +http://home.usf.advantra.com.au/~dtucker/openssh/. + Disclaimer: diff --git a/contrib/aix/buildbff.sh b/contrib/aix/buildbff.sh index 409588484..d531e53f4 100755 --- a/contrib/aix/buildbff.sh +++ b/contrib/aix/buildbff.sh @@ -9,28 +9,96 @@ # Based originally on Ben Lindstrom's buildpkg.sh for Solaris # +# +# Tunable configuration settings +# create a "config.local" in your build directory to override these. +# +PERMIT_ROOT_LOGIN=no +X11_FORWARDING=no + umask 022 + +# +# We still support running from contrib/aix, but this is depreciated +# +if pwd | egrep 'contrib/aix$' +then + echo "Changing directory to `pwd`/../.." + echo "Please run buildbff.sh from your build directory in future." + cd ../.. + contribaix=1 +fi + +if [ ! -f Makefile ] +then + echo "Makefile not found (did you run configure?)" + exit 1 +fi + +# +# Directories used during build: +# current dir = $objdir directory you ran ./configure in. +# $objdir/$PKGDIR/ directory package files are constructed in +# $objdir/$PKGDIR/root/ package root ($FAKE_ROOT) +# +objdir=`pwd` PKGNAME=openssh PKGDIR=package -PATH=`pwd`:$PATH # set path for external tools -export PATH - -# Clean build directory -rm -rf $PKGDIR -mkdir $PKGDIR - -if [ ! -f ../../Makefile ] +# Path to inventory.sh: same place as buildbff.sh +if echo $0 | egrep '^/' then - echo "Top-level Makefile not found (did you run ./configure?)" - exit 1 + inventory=`dirname $0`/inventory.sh # absolute path +else + inventory=`pwd`/`dirname $0`/inventory.sh # relative path fi -## Start by faking root install +# +# Collect local configuration settings to override defaults +# +if [ -s ./config.local ] +then + echo Reading local settings from config.local + . ./config.local +fi + +# +# Fill in some details from Makefile, like prefix and sysconfdir +# the eval also expands variables like sysconfdir=${prefix}/etc +# provided they are eval'ed in the correct order +# +for confvar in prefix exec_prefix bindir sbindir libexecdir datadir mandir mansubdir sysconfdir piddir srcdir +do + eval $confvar=`grep "^$confvar=" $objdir/Makefile | cut -d = -f 2` +done + +# +# Collect values of privsep user and privsep path +# currently only found in config.h +# +for confvar in SSH_PRIVSEP_USER PRIVSEP_PATH +do + eval $confvar=`awk '/#define[ \t]'$confvar'/{print $3}' $objdir/config.h` +done + +# Set privsep defaults if not defined +if [ -z "$SSH_PRIVSEP_USER" ] +then + SSH_PRIVSEP_USER=sshd +fi +if [ -z "$PRIVSEP_PATH" ] +then + PRIVSEP_PATH=/var/empty +fi + +# Clean package build directory +rm -rf $objdir/$PKGDIR +FAKE_ROOT=$objdir/$PKGDIR/root +mkdir -p $FAKE_ROOT + +# Start by faking root install echo "Faking root install..." -START=`pwd` -FAKE_ROOT=$START/$PKGDIR -cd ../.. +cd $objdir make install-nokeys DESTDIR=$FAKE_ROOT if [ $? -gt 0 ] @@ -39,6 +107,12 @@ then exit 1 fi +# +# Copy informational files to include in package +# +cp $srcdir/LICENCE $objdir/$PKGDIR/ +cp $srcdir/README* $objdir/$PKGDIR/ + # # Extract common info requires for the 'info' part of the package. # AIX requires 4-part version numbers @@ -47,24 +121,27 @@ VERSION=`./ssh -V 2>&1 | sed -e 's/,.*//' | cut -f 2 -d _` MAJOR=`echo $VERSION | cut -f 1 -d p | cut -f 1 -d .` MINOR=`echo $VERSION | cut -f 1 -d p | cut -f 2 -d .` PATCH=`echo $VERSION | cut -f 1 -d p | cut -f 3 -d .` -PORTABLE=`echo $VERSION | cut -f 2 -d p` -if [ "$PATCH" = "" ] -then - PATCH=0 -fi +PORTABLE=`echo $VERSION | awk 'BEGIN{FS="p"}{print $2}'` +[ "$PATCH" = "" ] && PATCH=0 +[ "$PORTABLE" = "" ] && PORTABLE=0 BFFVERSION=`printf "%d.%d.%d.%d" $MAJOR $MINOR $PATCH $PORTABLE` echo "Building BFF for $PKGNAME $VERSION (package version $BFFVERSION)" # -# Fill in some details, like prefix and sysconfdir -# the eval also expands variables like sysconfdir=${prefix}/etc -# provided they are eval'ed in the correct order +# Set ssh and sshd parameters as per config.local # -for confvar in prefix exec_prefix bindir sbindir libexecdir datadir mandir mansubdir sysconfdir piddir -do - eval $confvar=`grep "^$confvar=" Makefile | cut -d = -f 2` -done +if [ "${PERMIT_ROOT_LOGIN}" = no ] +then + perl -p -i -e "s/#PermitRootLogin yes/PermitRootLogin no/" \ + $FAKE_ROOT/${sysconfdir}/sshd_config +fi +if [ "${X11_FORWARDING}" = yes ] +then + perl -p -i -e "s/#X11Forwarding no/X11Forwarding yes/" \ + $FAKE_ROOT/${sysconfdir}/sshd_config +fi + # Rename config files; postinstall script will copy them if necessary for cfgfile in ssh_config sshd_config ssh_prng_cmds @@ -74,14 +151,18 @@ done # # Generate lpp control files. -# working dir is $FAKE_ROOT but files are generated in contrib/aix +# working dir is $FAKE_ROOT but files are generated in dir above # and moved into place just before creation of .bff # cd $FAKE_ROOT echo Generating LPP control files find . ! -name . -print >../openssh.al -inventory.sh >../openssh.inventory -cp ../../../LICENCE ../openssh.copyright +$inventory >../openssh.inventory + +cat <../openssh.copyright +This software is distributed under a BSD-style license. +For the full text of the license, see /usr/lpp/openssh/LICENCE +EOD # # Create postinstall script @@ -89,7 +170,7 @@ cp ../../../LICENCE ../openssh.copyright cat <>../openssh.post_i #!/bin/sh -# Create configs from defaults if necessary +echo Creating configs from defaults if necessary. for cfgfile in ssh_config sshd_config ssh_prng_cmds do if [ ! -f $sysconfdir/\$cfgfile ] @@ -100,8 +181,51 @@ do echo "\$cfgfile already exists." fi done +echo + +# Create PrivSep user if PrivSep not disabled in config +echo Creating PrivSep prereqs if required. +if egrep '^[ \t]*UsePrivilegeSeparation[ \t]+no' $sysconfdir/sshd_config >/dev/null +then + echo "UsePrivilegeSeparation disabled in config, not creating PrivSep user," + echo "group or chroot directory." +else + echo "UsePrivilegeSeparation enabled in config (or defaulting to on)." + + # create group if required + if cut -f1 -d: /etc/group | egrep '^'$SSH_PRIVSEP_USER'\$' >/dev/null + then + echo "PrivSep group $SSH_PRIVSEP_USER already exists." + else + echo "Creating PrivSep group $SSH_PRIVSEP_USER." + mkgroup -A $SSH_PRIVSEP_USER + fi + + # Create user if required + if cut -f1 -d: /etc/passwd | egrep '^'$SSH_PRIVSEP_USER'\$' >/dev/null + then + echo "PrivSep user $SSH_PRIVSEP_USER already exists." + else + echo "Creating PrivSep user $SSH_PRIVSEP_USER." + mkuser gecos='SSHD PrivSep User' login=false rlogin=false account_locked=true pgrp=$SSH_PRIVSEP_USER $SSH_PRIVSEP_USER + fi + + # create chroot directory if required + if [ -d $PRIVSEP_PATH ] + then + echo "PrivSep chroot directory $PRIVSEP_PATH already exists." + else + echo "Creating PrivSep chroot directory $PRIVSEP_PATH." + mkdir $PRIVSEP_PATH + chown 0 $PRIVSEP_PATH + chgrp 0 $PRIVSEP_PATH + chmod 755 $PRIVSEP_PATH + fi +fi +echo # Generate keys unless they already exist +echo Creating host keys if required. if [ -f "$sysconfdir/ssh_host_key" ] ; then echo "$sysconfdir/ssh_host_key already exists, skipping." else @@ -117,6 +241,7 @@ if [ -f $sysconfdir/ssh_host_rsa_key ] ; then else $bindir/ssh-keygen -t rsa -f $sysconfdir/ssh_host_rsa_key -N "" fi +echo # Add to system startup if required if grep $sbindir/sshd /etc/rc.tcpip >/dev/null @@ -135,10 +260,10 @@ EOF echo Creating liblpp.a ( cd .. - for i in al copyright inventory post_i + for i in openssh.al openssh.copyright openssh.inventory openssh.post_i LICENCE README* do - ar -r liblpp.a openssh.$i - rm openssh.$i + ar -r liblpp.a $i + rm $i done ) @@ -159,6 +284,8 @@ echo Creating liblpp.a # /usr/local/share 3 # % # ] +# } + echo Creating lpp_name cat <../lpp_name 4 R I $PKGNAME { @@ -167,11 +294,14 @@ $PKGNAME $BFFVERSION 1 N U en_US OpenSSH $VERSION Portable for AIX % EOF -for i in $bindir $sysconfdir $libexecdir $mandir/man1 $mandir/man8 $sbindir $datadir +for i in $bindir $sysconfdir $libexecdir $mandir/${mansubdir}1 $mandir/${mansubdir}8 $sbindir $datadir /usr/lpp/openssh do # get size in 512 byte blocks - size=`du $FAKE_ROOT/$i | awk '{print $1}'` - echo "$i $size" >>../lpp_name + if [ -d $FAKE_ROOT/$i ] + then + size=`du $FAKE_ROOT/$i | awk '{print $1}'` + echo "$i $size" >>../lpp_name + fi done echo '%' >>../lpp_name @@ -187,7 +317,7 @@ mv ../lpp_name . # # Now invoke backup to create .bff file -# note: lpp_name needs to be the first file do we generate the +# note: lpp_name needs to be the first file so we generate the # file list on the fly and feed it to backup using -i # echo Creating $PKGNAME-$VERSION.bff with backup... @@ -197,8 +327,17 @@ rm -f $PKGNAME-$VERSION.bff find . ! -name lpp_name -a ! -name . -print ) | backup -i -q -f ../$PKGNAME-$VERSION.bff $filelist -cd .. +# +# Move package into final location +# +if [ "$contribaix" = "1" ] +then + mv ../$PKGNAME-$VERSION.bff $objdir/contrib/aix +else + mv ../$PKGNAME-$VERSION.bff $objdir +fi + +rm -rf $objdir/$PKGDIR -rm -rf $PKGDIR echo $0: done.