diff options
| -rw-r--r-- | CREDITS | 1 | ||||
| -rw-r--r-- | ChangeLog | 1 | ||||
| -rw-r--r-- | contrib/solaris/README | 82 | ||||
| -rwxr-xr-x | contrib/solaris/build-pkg | 207 | ||||
| -rw-r--r-- | contrib/solaris/checkinstall.in | 37 | ||||
| -rw-r--r-- | contrib/solaris/pkginfo.in | 17 | ||||
| -rw-r--r-- | contrib/solaris/postinstall.in | 198 | ||||
| -rw-r--r-- | contrib/solaris/preremove | 2 | ||||
| -rw-r--r-- | contrib/solaris/prototype | 26 | ||||
| -rwxr-xr-x | contrib/solaris/sshd-initscript.in | 50 |
10 files changed, 621 insertions, 0 deletions
@@ -56,6 +56,7 @@ Peter Kocks <peter.kocks@baygate.com> - Makefile fixes Phil Hands <phil@hands.com> - Debian scripts, assorted patches Phil Karn <karn@ka9q.ampr.org> - Autoconf fix Phill Camp <P.S.S.Camp@ukc.ac.uk> - login code fix +Rip Loomis <loomisg@cist.saic.com> - Solaris package support, fixes SAKAI Kiyotaka <ksakai@kso.netwk.ntt-at.co.jp> - Multiple bugfixes Simon Wilkinson <sxw@dcs.ed.ac.uk> - PAM fixes Svante Signell <svante.signell@telia.com> - Bugfixes @@ -39,6 +39,7 @@ [session.c sshd.8 sshd.c] sshd -u len, similar to telnetd - (djm) Lastlog was not getting closed after writing login entry + - (djm) Add Solaris package support from Rip Loomis <loomisg@cist.saic.com> 20000816 - (djm) Replacement for inet_ntoa for Irix (which breaks on gcc) diff --git a/contrib/solaris/README b/contrib/solaris/README new file mode 100644 index 00000000..e5445c3a --- /dev/null +++ b/contrib/solaris/README @@ -0,0 +1,82 @@ +README for OpenSSH Solaris packaging scripts +Rip Loomis <loomisg@saic.com> - 2000-08-02 + +To use, simply expand this tarball under your main +OpenSSH source directory--it will create a +contrib/solaris subdirectory. Run configure and +make in OpenSSH as before. Then, from either +that directory or the main OpenSSH source directory, +run the command "build-pkg" (specifying the +appropriate path of course.) A subdirectory +will be created as contrib/solaris/build-SSH-package, +and after the build is done the package will be +present in that build-SSH-package directory +with a name of the form +OPENssh-$SSHversion-$arch-$OSversion[-$installLocation] + +The build and install scripts should take into account +most possible situations (existing SSH installation, +differences in Solaris version between build and +target systems, changes you have made to the default +configuration, etc.) I would appreciate any feedback +or comments. + +Copyright information is included below, followed by the known issue list. +Both are taken verbatim from the "build-pkg" script. + +# OpenSSH solaris build script and supporting data files +# Copyright (c) 2000 Rip Loomis and +# Science Applications International Corporation (SAIC) +# (http://www.cist-east.saic.com). All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# 3. The name of the author may not be used to endorse or promote products +# derived from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR +# IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES +# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. +# IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, +# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF +# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +# Obviously, without all the hard work of the OpenBSD OpenSSH developers +# and the OpenSSH Portability Team, these scripts would be pointless... +# so thanks again folks! +#=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= + +#### Known issues +# These methods are generally based on a "default" compilation of +# OpenSSH on Solaris--so the more things that you change from the default, +# the greater the chance that something in the script won't be able to +# handle the changes. In general, though, most things should be determined +# from your compile environment--the architecture, SSH version, and +# other related data should all get picked up by this script. The script +# and data files were last updated to match OpenSSH 2.1.1p4. +# +# All building and packaging is done under a temporary directory that is +# itself created under the contrib/solaris directory--so there shouldn't +# be any special security issues (or need for root access during the +# packaging process). The temporary directory is defined below as +# ${BUILDDIR}. +# +# The permissions on the installed files are based on how we prefer to +# do things here--so nothing is installed SetUID to root. +# +# The post-install script makes a good-faith attempt to install a +# functional configuration on your system. I would be interested in hearing +# of any failure modes that are found, as I tried to compensate for all +# the ones that showed up here when we started replacing all the +# different installed versions of SSH. + diff --git a/contrib/solaris/build-pkg b/contrib/solaris/build-pkg new file mode 100755 index 00000000..5f2e3add --- /dev/null +++ b/contrib/solaris/build-pkg @@ -0,0 +1,207 @@ +#!/bin/sh + +# OpenSSH solaris build script and supporting data files +# Copyright (c) 2000 Rip Loomis and +# Science Applications International Corporation (SAIC) +# (http://www.cist-east.saic.com). All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# 3. The name of the author may not be used to endorse or promote products +# derived from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR +# IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES +# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. +# IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, +# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF +# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +# Obviously, without all the hard work of the OpenBSD OpenSSH developers +# and the OpenSSH Portability Team, these scripts would be pointless... +# so thanks again folks! +#=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= + +#### Known issues +# These methods are generally based on a "default" compilation of +# OpenSSH on Solaris--so the more things that you change from the default, +# the greater the chance that something in the script won't be able to +# handle the changes. In general, though, most things should be determined +# from your compile environment--the architecture, SSH version, and +# other related data should all get picked up by this script. The script +# and data files were last updated to match OpenSSH 2.1.1p4. +# +# All building and packaging is done under a temporary directory that is +# itself created under the contrib/solaris directory--so there shouldn't +# be any special security issues (or need for root access during the +# packaging process). The temporary directory is defined below as +# ${BUILDDIR}. +# +# The permissions on the installed files are based on how we prefer to +# do things here--so nothing is installed SetUID to root. +# +# The post-install script makes a good-faith attempt to install a +# functional configuration on your system. I would be interested in hearing +# of any failure modes that are found, as I tried to compensate for all +# the ones that showed up here when we started replacing all the +# different installed versions of SSH. + +#### Body of the script (finally!) +# We expect to be building the solaris package under the contrib/solaris +# directory--but the build-package script might be run with a relative +# path by a user in the main SSH directory...so we try to handle this +# case. Note that this is still a quick and dirty solution, not robust. + +if [ -f sshd.c ]; then + cd contrib/solaris >/dev/null +fi + +# Locations of standard binaries +UNAME=/usr/bin/uname +SED=/usr/bin/sed +PWD=/usr/bin/pwd +CUT=/usr/bin/cut +STRIP=/usr/ccs/bin/strip +PKGMK=/usr/bin/pkgmk +PKGTRANS=/usr/bin/pkgtrans +GREP=/usr/bin/grep +DATE=/usr/bin/date + +CURRDIR=`${PWD}` +BUILDDIR=${CURRDIR}/build-SSH-package +# If you really want to name the package "ssh" then go ahead, but the +# Sun convention is that the first 2-4 characters are supposed to be +# uppercase representing the company or organization that produced the +# software, and the next 3-5 characters are supposed to be lowercase +# identifying the specific software. The best package names I could +# come up with were "OBSDssh" or "OPENssh", given those constraints. +PKGNAME="OPENssh" +# PSTAMP is a standard setting in the 'pkginfo' file that helps to identify +# the time and location that the packaging was done. +PSTAMP="`${UNAME} -n`-`${DATE} +%Y-%m-%d-%H%M`" +# The several lines below are designed to pull the relevant information +# out of the Makefile. It may be simpler to hard-code this if you have +# made changes and these lines don't find them. +prefix=`${GREP} "^prefix=" ../../Makefile | ${CUT} -d = -f 2` +execprefix=`${GREP} "^execprefix=" ../../Makefile | ${CUT} -d = -f 2` +INSTROOT=${prefix:=/usr/local} +ETCDIR=`${GREP} "^ETCDIR=" ../../Makefile | ${CUT} -d = -f 2` +PIDDIR=`${GREP} "^piddir=" ../../Makefile | ${CUT} -d = -f 2` + +if [ ! -f ../../sshd ]; then + echo "Unable to locate sshd binary where I expected, and can't continue." + echo "Verify that the SSH configure/make has been completed, and that" + echo " this script is being run from within the SSH source tree." + exit 1 +fi + + +VERSION=`${GREP} "SSH_VERSION" ../../version.h | ${CUT} -f 2 | sed -e 's/"//g' -e 's/OpenSSH_//g'` +# Extra shenanigans to compensate for Sun marketeer tricks with Solaris +# version numbering... +OSMINOR=`${UNAME} -r | ${CUT} -f 2 -d .` +if [ $OSMINOR -gt 6 ]; then + OSVERSION=$OSMINOR +else + OSVERSION=`${UNAME} -r | ${SED} 's/5/2/'` +fi +ARCH=`$UNAME -p` +SHORTINSTROOT="" +if [ "$INSTROOT" = "/usr/local" ]; then + SHORTINSTROOT="-local" +else + if [ "$INSTROOT" = "/opt" ]; then + SHORTINSTROOT="-opt" + fi +fi + +DESTFILE="${PKGNAME}-${VERSION}-sol${OSVERSION}-${ARCH}${SHORTINSTROOT}" + +echo "Building Solaris package of OpenSSH ${VERSION} in\n\t${BUILDDIR}." +echo "Binaries were compiled for Solaris ${OSVERSION} (${ARCH})" +echo "The installable package will be named ${DESTFILE}." +echo "When installed, the package will be located under ${INSTROOT}." +echo "" + +echo "Cleaning up old build files..." +rm -rf $BUILDDIR +mkdir $BUILDDIR +cd $BUILDDIR + +echo "Setting up build directories..." +mkdir -p ${BUILDDIR}/man/man1 +# Need manpages for sshd_config(5) and ssh_config(5), but we don't yet have. +#mkdir -p ${BUILDDIR}/man/man5 +mkdir -p ${BUILDDIR}/man/man8 +mkdir -p ${BUILDDIR}/etc +mkdir -p ${BUILDDIR}/bin +mkdir -p ${BUILDDIR}/sbin + +echo "Populating build directories..." +cp -p ../../../sshd sbin +cp -p ../../../ssh-keygen bin +cp -p ../../../ssh bin +cp -p ../../../ssh-add bin +cp -p ../../../ssh-agent bin +cp -p ../../../scp bin +cp -p ../../../scp.1 man/man1/scp.1 +cp -p ../../../ssh-add.1 man/man1/ssh-add.1 +cp -p ../../../ssh-agent.1 man/man1/ssh-agent.1 +cp -p ../../../ssh-keygen.1 man/man1/ssh-keygen.1 +cp -p ../../../ssh.1 man/man1/ssh.1 +cp -p ../../../sshd.8 man/man8/sshd.8 +cp -p ../../../sshd_config.out etc/sshd_config.default +cp -p ../../../ssh_config.out etc/ssh_config.default +cp -p ../../../ssh_prng_cmds etc/ssh_prng_cmds.default + +# One of the annoying things about the Solaris packaging process is that +# there's no simple way to prototype on the fly--so make sure you edit +# the prototype file if you add/subtract files from the mix. +cp -p ../prototype . +cp -p ../preremove . + +echo "Creating compile-dependent files from their prototypes" +$SED -e "s/%%PKGNAME%%/${PKGNAME}/g" -e "s|%%BASEDIR%%|${INSTROOT}|g" -e "s/%%VERSION%%/${VERSION}/g" -e "s/%%ARCH%%/${ARCH}/g" -e "s/%%OSVERSION%%/${OSVERSION}/g" <../pkginfo.in >./pkginfo +$SED -e "s/%%PKGNAME%%/${PKGNAME}/g" -e "s/%%OSMINOR%%/${OSMINOR}/g" -e "s/%%OSVERSION%%/${OSVERSION}/g" <../checkinstall.in >./checkinstall +$SED -e "s|%%PIDDIR%%|${PIDDIR}|g" <../postinstall.in >./postinstall +$SED -e "s|%%PIDDIR%%|${PIDDIR}|g" <../sshd-initscript.in > etc/sshd-initscript + +echo "Stripping binaries" +${STRIP} bin/ssh +${STRIP} bin/ssh-add +${STRIP} bin/ssh-agent +${STRIP} bin/ssh-keygen +${STRIP} sbin/sshd +${STRIP} bin/scp + +echo "" +echo "Building Package" + +cd ${BUILDDIR} +$PKGMK -o -r . -p ${PSTAMP} -d ${BUILDDIR} + +if [ $? -gt 0 ]; then + echo "Error performing pkgmk--cannot continue." + exit 1 +fi + +echo "" +echo "Translating Package Tree into Installable Image" +$PKGTRANS -s ${BUILDDIR} ${BUILDDIR}/${DESTFILE} OPENssh + +if [ $? -gt 0 ]; then + echo "Error performing pkgtrans--cannot continue." + exit 1 +fi + +echo "Done. Package is in ${BUILDDIR}/${DESTFILE} !" diff --git a/contrib/solaris/checkinstall.in b/contrib/solaris/checkinstall.in new file mode 100644 index 00000000..37571936 --- /dev/null +++ b/contrib/solaris/checkinstall.in @@ -0,0 +1,37 @@ +#!/bin/sh +echo "Checking SunOS revision..." +MINOR=`/bin/uname -r | /bin/cut -d "." -f 2` +if [ ${MINOR} -lt %%OSMINOR%% ]; then + echo "This package was created on Solaris %%OSVERSION%%, and will probably" + echo " not function correctly on older versions of Solaris." + echo "** Unable to continue. **" + exit 3 +fi +echo "\t...revision okay." + +echo "Checking for existing SSH installation..." +if [ -f /etc/sshd_config -o -f /usr/local/etc/sshd_config ]; then + UPDATE=1 +fi +if [ -f /etc/ssh_host_key -o -f /usr/local/etc/ssh_host_key ]; then + UPDATE=1 +fi + +if [ ${UPDATE} -eq 1 ]; then + echo "Performing an \"update\" installation of %%PKGNAME%%" +else + echo "Performing a \"fresh\" installation of %%PKGNAME%%" +fi +echo "" + +# We derive these at install time in case the package is relocated. +CONFDIR="${BASEDIR}/etc" +DESTBIN="${BASEDIR}/bin" + +# make parameters available to installation service, and +# so to any other packaging scripts +cat >$1 <<! +CONFDIR='$CONFDIR' +DESTBIN='$DESTBIN' +UPDATE='$UPDATE' +! diff --git a/contrib/solaris/pkginfo.in b/contrib/solaris/pkginfo.in new file mode 100644 index 00000000..4953d7d8 --- /dev/null +++ b/contrib/solaris/pkginfo.in @@ -0,0 +1,17 @@ +CLASSES=none +BASEDIR="%%BASEDIR%%" +PATH=/sbin:/usr/sbin:/usr/bin:/usr/sadm/install/bin +OAMBASE=/usr/sadm/sysadm +PKG=%%PKGNAME%% +NAME="OpenSSH %%VERSION%% %%ARCH%%" +DESC="Secure Shell remote access utility; replaces telnet and rlogin/rsh. OpenBSD version ported to Solaris. Compiled on Solaris %%OSVERSION%%" +ARCH="%%ARCH%%" +VERSION="%%VERSION%%" +CATEGORY=utility,application +VENDOR="Software produced by OpenSSH Portability Team, http://www.openssh.com/portable.html" +EMAIL="OpenSSH Development List <openssh-unix-dev@mindrot.org>" +PKGINST=%%PKGNAME%% +PKGSAV=/var/sadm/pkg/%%PKGNAME%%/save +ISTATES="S s 1 2 3" +RSTATES="S s 1 2 3" +UPDATE=0 diff --git a/contrib/solaris/postinstall.in b/contrib/solaris/postinstall.in new file mode 100644 index 00000000..58d773f8 --- /dev/null +++ b/contrib/solaris/postinstall.in @@ -0,0 +1,198 @@ +# PostInstall script for OPENssh +INSTALLF="/usr/sbin/installf" + +instbackup() { + _DIRECTORY=$1 + _FILEBASE=$2 + $INSTALLF $PKGINST ${_DIRECTORY}/${_FILEBASE} + _SUFFIX=`/usr/bin/date +%Y-%m-%d-%H%M` + if [ -f ${_DIRECTORY}/${_FILEBASE} ]; then + echo " Backing up file ${_FILEBASE}..." + if [ -f ${_DIRECTORY}/${_FILEBASE}.orig ]; then + $INSTALLF $PKGINST ${_DIRECTORY}/${_FILEBASE}.orig.${_SUFFIX} + cp -p ${_DIRECTORY}/${_FILEBASE} ${_DIRECTORY}/${_FILEBASE}.orig.${_SUFFIX} + echo " Saved as ${_DIRECTORY}/${_FILEBASE}.orig.${_SUFFIX}." + else + $INSTALLF $PKGINST ${_DIRECTORY}/${_FILEBASE}.orig + cp -p ${_DIRECTORY}/${_FILEBASE} ${_DIRECTORY}/${_FILEBASE}.orig + echo " Saved as ${_DIRECTORY}/${_FILEBASE}.orig." + fi + fi + cp -p ${_DIRECTORY}/${_FILEBASE}.default ${_DIRECTORY}/${_FILEBASE} + echo "Installed new ${_DIRECTORY}/${_FILEBASE} configuration file." +} + +### Main body of script + +echo "" +echo "Beginning postinstall script--this script should leave you with a" +echo "functional and operational configuration of OpenSSH." +echo "" + +if [ ! "${UPDATE}" = "1" ]; then + echo "Performing a \"fresh\" installation of OpenSSH." + ### Install init script and create symlinks + $INSTALLF $PKGINST ${PKG_INSTALL_ROOT}/etc/init.d/sshd f 0500 root sys || exit 2 + cp -p ${CONFDIR}/sshd-initscript ${PKG_INSTALL_ROOT}/etc/init.d/sshd + $INSTALLF $PKGINST ${PKG_INSTALL_ROOT}/etc/rc2.d/S72local_sshd=/etc/init.d/sshd s || exit 2 + $INSTALLF $PKGINST ${PKG_INSTALL_ROOT}/etc/rc1.d/K30local_sshd=/etc/init.d/sshd s || exit 2 + $INSTALLF $PKGINST ${PKG_INSTALL_ROOT}/etc/rc0.d/K30local_sshd=/etc/init.d/sshd s || exit 2 + + ### The initial package installation leaves default versions of + ### ssh_prng_cmds, ssh_config, and sshd_config in ${CONFDIR}. Now + ### we need to decide whether to install them. Since this is *not* + ### an update install, we don't ask, but simply back up the old ones + ### and put the new ones in their place. + instbackup ${CONFDIR} ssh_prng_cmds + instbackup ${CONFDIR} ssh_config + instbackup ${CONFDIR} sshd_config + + ### If no existing sshd_config and host key, then create + if [ ! -f "${CONFDIR}/ssh_host_key" ]; then + echo "Creating new RSA public/private host key pair for SSH-1." + $INSTALLF $PKGINST ${CONFDIR}/ssh_host_key + $INSTALLF $PKGINST ${CONFDIR}/ssh_host_key.pub + ### If there is *anything* there then leave it, otherwise look + ### in some reasonable alternate locations before giving up. + ### It's worth spending some extra time looking for the old one + ### to avoid a bunch of "host identification has changed" warnings. + ### Note that some old keys from the commercial SSH might not + ### be compatible, but we don't test for that. + if [ -f "${PKG_INSTALL_ROOT}/etc/ssh_host_key" ]; then + mv ${PKG_INSTALL_ROOT}/etc/ssh_host_key ${CONFDIR} + elif [ -f "${PKG_INSTALL_ROOT}/usr/local/etc/ssh_host_key" ]; then + mv ${PKG_INSTALL_ROOT}/usr/local/etc/ssh_host_key ${CONFDIR} + else + ${DESTBIN}/ssh-keygen -b 1024 -f ${CONFDIR}/ssh_host_key -N '' + fi + else + echo "Using existing RSA public/private host key pair for SSH-1." + fi + if [ ! -f "${CONFDIR}/ssh_host_dsa_key" ]; then + echo "Creating new DSA public/private host key pair for SSH-2." + $INSTALLF $PKGINST ${CONFDIR}/ssh_host_dsa_key + $INSTALLF $PKGINST ${CONFDIR}/ssh_host_dsa_key.pub + ### If there is *anything* there then leave it, otherwise look + ### in some reasonable alternate locations before giving up. + ### It's worth spending some extra time looking for the old one + ### to avoid a bunch of "host identification has changed" warnings. + ### Note that some old keys from the commercial SSH2 might not + ### be compatible, but we don't test for that. + if [ -f "${PKG_INSTALL_ROOT}/etc/ssh_host_dsa_key" ]; then + mv ${PKG_INSTALL_ROOT}/etc/ssh_host_dsa_key ${CONFDIR} + elif [ -f "${PKG_INSTALL_ROOT}/usr/local/etc/ssh_host_dsa_key" ]; then + mv ${PKG_INSTALL_ROOT}/usr/local/etc/ssh_host_dsa_key ${CONFDIR} + else + ${DESTBIN}/ssh-keygen -d -f ${CONFDIR}/ssh_host_dsa_key -N '' + fi + else + echo "Using existing DSA public/private host key pair for SSH-2." + fi +else + echo "Performing an \"update\" installation of OpenSSH." + ### Okay, this part *is* an update install...so we need to ensure + ### we don't overwrite any of the existing files. + + ### Install init script and create symlinks + if [ ! -f ${PKG_INSTALL_ROOT}/etc/init.d/sshd ]; then + echo "Installing init script in ${PKG_INSTALL_ROOT}/etc/init.d/sshd" + $INSTALLF $PKGINST ${PKG_INSTALL_ROOT}/etc/init.d/sshd || exit 2 + cp -p ${CONFDIR}/sshd-initscript ${PKG_INSTALL_ROOT}/etc/init.d/sshd + chown root:root ${PKG_INSTALL_ROOT}/etc/init.d/sshd + chmod 500 ${PKG_INSTALL_ROOT}/etc/init.d/sshd + fi + if [ ! -r ${PKG_INSTALL_ROOT}/etc/rc2.d/S72local_sshd ]; then + $INSTALLF $PKGINST ${PKG_INSTALL_ROOT}/etc/rc2.d/S72local_sshd=/etc/init.d/sshd s || exit 2 + fi + if [ ! -r ${PKG_INSTALL_ROOT}/etc/rc2.d/K30local_sshd ]; then + $INSTALLF $PKGINST /etc/rc0.d/K30local_sshd=/etc/init.d/sshd s || exit 2 + fi + + ### The initial package installation leaves default versions of + ### ssh_prng_cmds, ssh_config, and sshd_config in ${CONFDIR}. Now + ### we need to decide whether to install them. Since this is + ### an update install, we only install the new files if the old + ### files somehow don't exist. + NEWCONF=0 + if [ ! -r "${CONFDIR}/ssh_prng_cmds" ]; then + instbackup ${CONFDIR} ssh_prng_cmds + NEWCONF=1 + fi + if [ ! -r "${CONFDIR}/ssh_config" ]; then + instbackup ${CONFDIR} ssh_config + NEWCONF=1 + fi + if [ ! -r "${CONFDIR}/ssh_config" ]; then + instbackup ${CONFDIR} sshd_config + NEWCONF=1 + fi + if [ $NEWCONF -eq 0 ]; then + echo "Your existing SSH configuration files have not been altered." + else + echo "Your other existing SSH configuration files have not been altered." + fi + + ### If no existing sshd_config and host key, then create + if [ ! -f "${CONFDIR}/ssh_host_key" ]; then + echo "Creating new RSA public/private host key pair for SSH-1." + $INSTALLF $PKGINST ${CONFDIR}/ssh_host_key + $INSTALLF $PKGINST ${CONFDIR}/ssh_host_key.pub + ### If there is *anything* there then leave it, otherwise look + ### in some reasonable alternate locations before giving up. + ### It's worth spending some extra time looking for the old one + ### to avoid a bunch of "host identification has changed" warnings. + ### Note that some old keys from the commercial SSH might not + ### be compatible, but we don't test for that. + if [ -f "${PKG_INSTALL_ROOT}/etc/ssh_host_key" ]; then + mv ${PKG_INSTALL_ROOT}/etc/ssh_host_key ${CONFDIR} + elif [ -f "${PKG_INSTALL_ROOT}/usr/local/etc/ssh_host_key" ]; then + mv ${PKG_INSTALL_ROOT}/usr/local/etc/ssh_host_key ${CONFDIR} + else + ${DESTBIN}/ssh-keygen -b 1024 -f ${CONFDIR}/ssh_host_key -N '' + fi + else + echo "Using existing RSA public/private host key pair for SSH-1." + fi + if [ ! -f "${CONFDIR}/ssh_host_dsa_key" ]; then + echo "Creating new DSA public/private host key pair for SSH-2." + $INSTALLF $PKGINST ${CONFDIR}/ssh_host_dsa_key + $INSTALLF $PKGINST ${CONFDIR}/ssh_host_dsa_key.pub + ### If there is *anything* there then leave it, otherwise look + ### in some reasonable alternate locations before giving up. + ### It's worth spending some extra time looking for the old one + ### to avoid a bunch of "host identification has changed" warnings. + ### Note that some old keys from the commercial SSH2 might not + ### be compatible, but we don't test for that. + if [ -f "${PKG_INSTALL_ROOT}/etc/ssh_host_dsa_key" ]; then + mv ${PKG_INSTALL_ROOT}/etc/ssh_host_dsa_key ${CONFDIR} + elif [ -f "${PKG_INSTALL_ROOT}/usr/local/etc/ssh_host_dsa_key" ]; then + mv ${PKG_INSTALL_ROOT}/usr/local/etc/ssh_host_dsa_key ${CONFDIR} + else + ${DESTBIN}/ssh-keygen -d -f ${CONFDIR}/ssh_host_dsa_key -N '' + fi + else + echo "Using existing DSA public/private host key pair for SSH-2." + fi +fi + +if [ ! -d %%PIDDIR%% ]; then + $INSTALLF $PKGINST %%PIDDIR%% + mkdir -p %%PIDDIR%% + chown root:sys %%PIDDIR%% + chmod 755 %%PIDDIR%% +fi + +$INSTALLF -f $PKGINST || exit 2 + +if [ "X${PKG_INSTALL_ROOT}" = "X" ]; then + ### We're doing a local install, rather than an install for + ### old-style diskless clients. + echo "Stopping any current sshd process, and then starting the new sshd." + /etc/init.d/sshd stop + /etc/init.d/sshd start +else + echo "Not restarting sshd, since this appears to be a remote install" + echo "for support of diskless clients." +fi + +exit 0 diff --git a/contrib/solaris/preremove b/contrib/solaris/preremove new file mode 100644 index 00000000..701c8c55 --- /dev/null +++ b/contrib/solaris/preremove @@ -0,0 +1,2 @@ +# pre-removal script for OPENssh +/etc/init.d/sshd stop diff --git a/contrib/solaris/prototype b/contrib/solaris/prototype new file mode 100644 index 00000000..02c4823d --- /dev/null +++ b/contrib/solaris/prototype @@ -0,0 +1,26 @@ +i pkginfo +i checkinstall +i postinstall +i preremove +d none man 0755 root sys +d none man/man1 0755 root sys +f none man/man1/scp.1 0644 root sys +f none man/man1/ssh-add.1 0644 root sys +f none man/man1/ssh-agent.1 0644 root sys +f none man/man1/ssh-keygen.1 0644 root sys +f none man/man1/ssh.1 0644 root sys +d none man/man8 0755 root sys +f none man/man8/sshd.8 0644 root sys +d none etc 0755 root sys +f none etc/sshd_config.default 0644 root sys +f none etc/ssh_config.default 0644 root sys +f none etc/ssh_prng_cmds.default 0644 root sys +f none etc/sshd-initscript 0755 root sys +d none bin 0755 root sys +f none bin/ssh-keygen 0755 root sys +f none bin/ssh 0755 root sys +f none bin/ssh-add 0755 root sys +f none bin/ssh-agent 0755 root sys +f none bin/scp 0755 root sys +d none sbin 0755 root sys +f none sbin/sshd 0755 root sys diff --git a/contrib/solaris/sshd-initscript.in b/contrib/solaris/sshd-initscript.in new file mode 100755 index 00000000..886a51fb --- /dev/null +++ b/contrib/solaris/sshd-initscript.in @@ -0,0 +1,50 @@ +#! /sbin/sh + +# SSHd startup/shutdown script, based on uucp script. + +PIDFILE="%%PIDDIR%%/sshd.pid" +PGREP="/usr/bin/pgrep" +HEAD="/usr/bin/head" +XARGS="/usr/bin/xargs" +KILL="/usr/bin/kill" + +killproc() { + _procname=$1 + _signal=$2 + ${PGREP} ${_procname} | ${HEAD} -1 | ${XARGS} -t -I {} ${KILL} -${_signal} {} +} + +case $1 in +'start') + /usr/local/sbin/sshd + ;; + +'stop') + if [ -r $PIDFILE -a ! -z ${PIDFILE} ]; then + PID=`cat ${PIDFILE}` + fi + if [ ${PID:=0} -gt 1 -a ! "X$PID" = "X " ]; then + /usr/bin/kill $PID + else + echo "Unable to read PID file, killing using alternate method" + killproc sshd TERM + fi + ;; + +'restart') + if [ -r $PIDFILE -a ! -z ${PIDFILE} ]; then + PID=`cat ${PIDFILE}` + fi + if [ ${PID:=0} -gt 1 -a ! "X$PID" = "X " ]; then + /usr/bin/kill -HUP $PID + else + echo "Unable to read PID file, trying alternate method" + killproc sshd HUP + /usr/local/sbin/sshd + fi + ;; + +*) + echo "usage: /etc/init.d/sshd {start|stop|restart}" + ;; +esac |