openssh unix dev - Feb 2002 - Update to solaris package creation

Can someone else from the Solaris realm that uses our package system
verify that this should be done?  It looks right, but I want
another opinion before commiting.

- Ben
> On Wed, 27 Feb 2002, Antonio Navarro wrote:
>
>>  Hi Ben,
>>
>>  I have made some modifications to the buildpkg.sh script that is
>> distributed with openssh.
>>
>>  I am sending it to you in case you find my modification useful.
>>
>>  BTW, nice script!
>>
>>  The modifications are:
>>     - the rc?.d scripts are hard links not soft links
>>     - removed one of the BASEDIR entries in the pkginfo
>>     - modified the awk script that filters the prototype so that the
system
>> directories are marked as shared (using ? for permissions, owner and
group)
>>
>>  that's more or less about it.



--- buildpkg.sh.orig	Fri Oct 19 15:36:24 2001
+++ buildpkg.sh	Thu Feb 28 08:50:09 2002
@@ -42,10 +42,10 @@
 	../opensshd.in	> $FAKE_ROOT/etc/init.d/opensshd
 chmod 711 $FAKE_ROOT/etc/init.d/opensshd

-ln -s ../init.d/opensshd $FAKE_ROOT/etc/rcS.d/K30opensshd
-ln -s ../init.d/opensshd $FAKE_ROOT/etc/rc0.d/K30opensshd
-ln -s ../init.d/opensshd $FAKE_ROOT/etc/rc1.d/K30opensshd
-ln -s ../init.d/opensshd $FAKE_ROOT/etc/rc2.d/S98opensshd
+ln $FAKE_ROOT/etc/init.d/opensshd $FAKE_ROOT/etc/rcS.d/K30opensshd
+ln $FAKE_ROOT/etc/init.d/opensshd $FAKE_ROOT/etc/rc0.d/K30opensshd
+ln $FAKE_ROOT/etc/init.d/opensshd $FAKE_ROOT/etc/rc1.d/K30opensshd
+ln $FAKE_ROOT/etc/init.d/opensshd $FAKE_ROOT/etc/rc2.d/S98opensshd


 ## Ok, this is outright wrong, but it will work.  I'm tired of pkgmk
@@ -61,7 +61,6 @@
 NAME=OpenSSH Portable for Solaris
 DESC="Secure Shell remote access utility; replaces telnet and
rlogin/rsh."
 VENDOR="OpenSSH Portable Team - http://www.openssh.com/portable.html"
-BASEDIR=$FAKE_ROOT
 ARCH=$ARCH
 VERSION=$VERSION
 CATEGORY=Security
@@ -72,9 +71,15 @@
 echo "Building prototype file..."
 find . | egrep -v "prototype|pkginfo" | sort | pkgproto $PROTO_ARGS |
\
 	awk '
-            BEGIN { print "i pkginfo" }
-	    { $5="root"; $6="sys"; }
-	    { print; }' > prototype
+            BEGIN { print "i pkginfo"; \
+                    split("/opt /etc /etc/init.d /etc/rcS.d /etc/rd0.d
/etc/rc1.d /etc/rc2.d",sys_files); }
+            {
+             for (dir in sys_files) { if ( $3 != sys_files[dir] )
+                     { $5="root"; $6="sys"; }
+                else
+                     { $4="?"; $5="?"; $6="?";
break;}
+            } }
+            { print; }' > prototype

 ## Step back a directory and now build the package.
 echo "Building package.."

On Thu, 28 Feb 2002, Ben Lindstrom wrote:
>
> Can someone else from the Solaris realm that uses our package system
> verify that this should be done?  It looks right, but I want
> another opinion before commiting.
I'm working on some changes to the packing script. I'll check this out.

[snip]
> >>  The modifications are:
> >>     - the rc?.d scripts are hard links not soft links
I prefer hard links too. Anyone else vote for this?
> >>     - removed one of the BASEDIR entries in the pkginfo
I had allready caught that.
> >>     - modified the awk script that filters the prototype so that
the system
> >> directories are marked as shared (using ? for permissions, owner
and group)
Cool. I was still working on that part.
> >>
> >>  that's more or less about it.
>
> --- buildpkg.sh.orig	Fri Oct 19 15:36:24 2001
> +++ buildpkg.sh	Thu Feb 28 08:50:09 2002
> @@ -42,10 +42,10 @@
>  	../opensshd.in	> $FAKE_ROOT/etc/init.d/opensshd
>  chmod 711 $FAKE_ROOT/etc/init.d/opensshd
>
> -ln -s ../init.d/opensshd $FAKE_ROOT/etc/rcS.d/K30opensshd
> -ln -s ../init.d/opensshd $FAKE_ROOT/etc/rc0.d/K30opensshd
> -ln -s ../init.d/opensshd $FAKE_ROOT/etc/rc1.d/K30opensshd
> -ln -s ../init.d/opensshd $FAKE_ROOT/etc/rc2.d/S98opensshd
> +ln $FAKE_ROOT/etc/init.d/opensshd $FAKE_ROOT/etc/rcS.d/K30opensshd
> +ln $FAKE_ROOT/etc/init.d/opensshd $FAKE_ROOT/etc/rc0.d/K30opensshd
> +ln $FAKE_ROOT/etc/init.d/opensshd $FAKE_ROOT/etc/rc1.d/K30opensshd
> +ln $FAKE_ROOT/etc/init.d/opensshd $FAKE_ROOT/etc/rc2.d/S98opensshd
>
>
>  ## Ok, this is outright wrong, but it will work.  I'm tired of pkgmk
> @@ -61,7 +61,6 @@
>  NAME=OpenSSH Portable for Solaris
>  DESC="Secure Shell remote access utility; replaces telnet and
rlogin/rsh."
>  VENDOR="OpenSSH Portable Team -
http://www.openssh.com/portable.html"
> -BASEDIR=$FAKE_ROOT
>  ARCH=$ARCH
>  VERSION=$VERSION
>  CATEGORY=Security
> @@ -72,9 +71,15 @@
>  echo "Building prototype file..."
>  find . | egrep -v "prototype|pkginfo" | sort | pkgproto
$PROTO_ARGS | \
>  	awk '
> -            BEGIN { print "i pkginfo" }
> -	    { $5="root"; $6="sys"; }
> -	    { print; }' > prototype
> +            BEGIN { print "i pkginfo"; \
> +                    split("/opt /etc /etc/init.d /etc/rcS.d
/etc/rd0.d /etc/rc1.d /etc/rc2.d",sys_files); }
> +            {
> +             for (dir in sys_files) { if ( $3 != sys_files[dir] )
> +                     { $5="root"; $6="sys"; }
> +                else
> +                     { $4="?"; $5="?";
$6="?"; break;}
> +            } }
> +            { print; }' > prototype
>
>  ## Step back a directory and now build the package.
>  echo "Building package.."
>
-- 
Tim Rice				Multitalents	(707) 887-1469
tim at multitalents.net

On Thu, Feb 28, 2002 at 08:56:00AM -0600, Ben Lindstrom
wrote:
> 
> Can someone else from the Solaris realm that uses our package system
> verify that this should be done?  It looks right, but I want
> another opinion before commiting.
> 
> - Ben
> 
> > On Wed, 27 Feb 2002, Antonio Navarro wrote:
> >>
> >>  The modifications are:
> >>     - the rc?.d scripts are hard links not soft links
yep, that's the norm on solaris
> >>     - removed one of the BASEDIR entries in the pkginfo
yep, that shouldn't be there
> >>     - modified the awk script that filters the prototype so that
the system
> >> directories are marked as shared (using ? for permissions, owner
and group)
good


/fc

Here is a new buildpkg.sh for your review before commiting to CVS.
THe patch was larger than the script so I've attached the complete script.

Changes:

This should now work on any system that has SVR4 style package tools.
It now requires that you run it from your build dir. (you might have
a read only source tree).

CATAGORY="Security,application"

Solaris 8 man page says
     CATEGORY*
           A comma-separated list of  categories  under  which  a
           package  may  be  displayed.  A  package must at least
                                                    ^^^^
           belong  to  the  system   or   application   category.

One could argue that it should be system instead of application.

Added and enhanced Antonio Navarro's awk mods.
>     - modified the awk script that filters the prototype so that the system
> directories are marked as shared (using ? for permissions, owner and group)
All system directories listed in SYSTEM_DIR= will have ? ? ?
Now using nawk because on Solaris, awk is the old version.

There are now some options on building your package.
You can change the options in buildpkg.sh or create a config.local
file in your build dir that buildpkg.sh will source of it exists.
SYSVINIT_NAME=opensshd		(Some might prefer sshd)
USE_SYM_LINKS=no
The consensus was use hard links on the init scripts.
Set to yes for sym links.

PRE_INS_STOP=no		If you want preinstall to stop sshd
POST_INS_START=no	If you want postinstall to start sshd
MAKE=${MAKE:="make"}	In case your system make is brain dead


I've added a preremove that will stop sshd before removing it.

I've renamed the config files so multiple installs will not overwrite.
(Thanks to Darren Tucker for reminding me about ssh_prng_cmds)

Added some logic to deal with systems that don't have /etc/rcS.d

Fixed the pkgmk, pkgtrans parts to work on Solaris and other systems.

Enjoy.

-- 
Tim Rice				Multitalents	(707) 887-1469
tim at multitalents.net

-------------- next part --------------
#!/bin/sh
#
# Fake Root Solaris/SVR4/SVR5 Build System - Prototype
#
# The following code has been provide under Public Domain License.  I really
# don't care what you use it for.  Just as long as you don't complain to
me
# nor my employer if you break it. - Ben Lindstrom (mouring at eviladmin.org)
# 
umask 022
# Options for building the package
# You can create a config.local with your customized options
PKGNAME=OpenSSH
SYSVINIT_NAME=opensshd
USE_SYM_LINKS=no
PRE_INS_STOP=no
POST_INS_START=no
MAKE=${MAKE:="make"}
SYSTEM_DIR="/etc	\
/etc/init.d		\
/etc/rcS.d		\
/etc/rc0.d		\
/etc/rc1.d		\
/etc/rc2.d		\
/opt			\
/opt/bin		\
/usr			\
/usr/bin		\
/usr/lib		\
/usr/sbin		\
/usr/share		\
/usr/share/man		\
/usr/share/man/man1	\
/usr/share/man/man8	\
/usr/local		\
/usr/local/bin		\
/usr/local/etc		\
/usr/local/libexec	\
/usr/local/man		\
/usr/local/man/man1	\
/usr/local/man/man8	\
/usr/local/sbin		\
/usr/local/share	\
/var			\
/var/run"

# We may need to buiild as root so we make sure PATH is set up
# only set the path if it's not set already
[ -d /usr/local/bin ]  &&  {
	echo $PATH | grep ":/usr/local/bin"  > /dev/null 2>&1
	[ $? -ne 0 ] && PATH=$PATH:/usr/local/bin
}
[ -d /usr/ccs/bin ]  &&  {
	echo $PATH | grep ":/usr/ccs/bin"  > /dev/null 2>&1
	[ $? -ne 0 ] && PATH=$PATH:/usr/ccs/bin
}
export PATH
#

[ -f Makefile ]  ||  {
	echo "Please run this script from your build directory"
	exit 1
}

OPENSSHD_IN=`dirname $0`/opensshd.in
case ${OPENSSHD_IN} in
	/*)	;;
	*)	OPENSSHD_IN=../${OPENSSHD_IN} ;;
esac

# we will look for config.local to override the above options
[ -s ./config.local ]  &&  . ./config.local

## Start by faking root install 
echo "Faking root install..."
START=`pwd`
FAKE_ROOT=$START/package
mkdir $FAKE_ROOT
${MAKE} install-nokeys DESTDIR=$FAKE_ROOT

## Fill in some details, like prefix and sysconfdir
ETCDIR=`grep "^sysconfdir=" Makefile | sed 's/sysconfdir=//'`
prefix=`grep "^prefix=" Makefile | cut -d = -f 2`        
PIDDIR=`grep "^piddir=" Makefile | cut -d = -f 2`        
SRCDIR=`grep "^srcdir=" Makefile | cut -d = -f 2`        
## Extract common info requires for the 'info' part of the package.
VERSION=`tail -1 ${SRCDIR}/version.h | sed -e 's/.*_\([0-9]\)/\1/g' |
sed 's/\"$//'`
eval ETCDIR=$ETCDIR

UNAME_S=`uname -s`
case ${UNAME_S} in
	SunOS)	UNAME_S=Solaris
		ARCH=`uname -p`
		RCS_D=yes
		;;
	*)	ARCH=`uname -m` ;;
esac

cd $FAKE_ROOT

## Setup our run level stuff while we are at it.
mkdir -p $FAKE_ROOT/etc/init.d
[ "$RCS_D" = yes ]  &&  mkdir -p $FAKE_ROOT/etc/rcS.d
mkdir -p $FAKE_ROOT/etc/rc0.d
mkdir -p $FAKE_ROOT/etc/rc1.d
mkdir -p $FAKE_ROOT/etc/rc2.d

# We don't want to overwrite config files on multiple installs
mv $FAKE_ROOT/$ETCDIR/ssh_config $FAKE_ROOT/$ETCDIR/ssh_config.default
mv $FAKE_ROOT/$ETCDIR/sshd_config $FAKE_ROOT/$ETCDIR/sshd_config.default
[ -f $FAKE_ROOT/$ETCDIR/ssh_prng_cmds ]  &&  \
mv $FAKE_ROOT/$ETCDIR/ssh_prng_cmds $FAKE_ROOT/$ETCDIR/ssh_prng_cmds.default

## setup our initscript correctly
sed -e "s#%%configDir%%#$ETCDIR#g" 		\
    -e "s#%%openSSHDir%%#$prefix#g"	\
    -e "s#%%pidDir%%#$PIDDIR#g"	\
	${OPENSSHD_IN}	> $FAKE_ROOT/etc/init.d/${SYSVINIT_NAME}
chmod 744 $FAKE_ROOT/etc/init.d/${SYSVINIT_NAME}

if [ "${USE_SYM_LINKS}" = yes ]
then
[ "$RCS_D" = yes ]  &&  \
ln -s ../init.d/${SYSVINIT_NAME} $FAKE_ROOT/etc/rcS.d/K30${SYSVINIT_NAME}
ln -s ../init.d/${SYSVINIT_NAME} $FAKE_ROOT/etc/rc0.d/K30${SYSVINIT_NAME}
ln -s ../init.d/${SYSVINIT_NAME} $FAKE_ROOT/etc/rc1.d/K30${SYSVINIT_NAME}
ln -s ../init.d/${SYSVINIT_NAME} $FAKE_ROOT/etc/rc2.d/S98${SYSVINIT_NAME}
else
[ "$RCS_D" = yes ]  &&  \
ln $FAKE_ROOT/etc/init.d/${SYSVINIT_NAME}
$FAKE_ROOT/etc/rcS.d/K30${SYSVINIT_NAME}
ln $FAKE_ROOT/etc/init.d/${SYSVINIT_NAME}
$FAKE_ROOT/etc/rc0.d/K30${SYSVINIT_NAME}
ln $FAKE_ROOT/etc/init.d/${SYSVINIT_NAME}
$FAKE_ROOT/etc/rc1.d/K30${SYSVINIT_NAME}
ln $FAKE_ROOT/etc/init.d/${SYSVINIT_NAME}
$FAKE_ROOT/etc/rc2.d/S98${SYSVINIT_NAME}
fi


## Ok, this is outright wrong, but it will work.  I'm tired of pkgmk
## whining.
for i in *; do
  PROTO_ARGS="$PROTO_ARGS $i=/$i";
done

## Build info file
echo "Building pkginfo file..."
cat > pkginfo << _EOF
PKG=$PKGNAME
NAME="OpenSSH Portable for ${UNAME_S}"
DESC="Secure Shell remote access utility; replaces telnet and
rlogin/rsh."
VENDOR="OpenSSH Portable Team - http://www.openssh.com/portable.html"
ARCH=$ARCH
VERSION=$VERSION
CATEGORY="Security,application"
BASEDIR=/
_EOF

## Build preinstall file
echo "Building preinstall file..."
cat > preinstall << _EOF
#! /sbin/sh
#
[ "${PRE_INS_STOP}" = "yes" ]  &&  [ -f
/etc/init.d/${SYSVINIT_NAME} ]  &&  [ -f /etc/init.d/${SYSVINIT_NAME}
stop
exit 0
_EOF

## Build postinstall file
echo "Building postinstall file..."
cat > postinstall << _EOF
#! /sbin/sh
#
[ -f $ETCDIR/ssh_config ]  ||  \\
	cp -p $ETCDIR/ssh_config.default $ETCDIR/ssh_config
[ -f $ETCDIR/sshd_config ]  ||  \\
	cp -p $ETCDIR/sshd_config.default $ETCDIR/sshd_config
[ -f $ETCDIR/ssh_prng_cmds.default ]  &&  {
	[ -f $ETCDIR/ssh_prng_cmds ]  ||  \\
	cp -p $ETCDIR/ssh_prng_cmds.default $ETCDIR/ssh_prng_cmds
}
[ "${POST_INS_START}" = "yes" ]  &&  [ -f
/etc/init.d/${SYSVINIT_NAME} ]  &&  [ -f /etc/init.d/${SYSVINIT_NAME}
start
exit 0
_EOF

## Build preremove file
echo "Building preremove file..."
cat > preremove << _EOF
#! /sbin/sh
#
[ -f /etc/init.d/${SYSVINIT_NAME} ]  &&  [ -f
/etc/init.d/${SYSVINIT_NAME} stop
exit 0
_EOF

## Next Build our prototype
echo "Building prototype file..."
cat >mk-proto.awk << _EOF
	    BEGIN { print "i pkginfo"; print "i preinstall"; \\
		    print "i postinstall"; print "i preremove"; \\
	            split("$SYSTEM_DIR",sys_files); }
	    {
	     for (dir in sys_files) { if ( \$3 != sys_files[dir] )
	             { \$5="root"; \$6="sys"; }
	        else
	             { \$4="?"; \$5="?"; \$6="?"; break;}
	    } }
	    { print; }
_EOF
find . | egrep -v "prototype|pkginfo|mk-proto.awk" | sort | \
	pkgproto $PROTO_ARGS | nawk -f mk-proto.awk > prototype

## Step back a directory and now build the package.
echo "Building package.."
cd ..
pkgmk -d ${FAKE_ROOT} -f $FAKE_ROOT/prototype -o
echo | pkgtrans -os ${FAKE_ROOT} ${START}/$PKGNAME-$UNAME_S-$ARCH-$VERSION.pkg
rm -rf $FAKE_ROOT

How about adding:

[ "$POST_INS_START" = "yes" ] && PRE_INST_STOP=yes

somewhere before the whole "preinstall" thing, so that start
does not fail if there is another sshd running? 
(it will fail anyway if the running sshd has a startup script 
with a different name, but we can at least try)

I would also omit checking the startup script existence in
postinstall, or at least print some nasty looking error message
if it is not there.  Just don't fail silently.

Cheers,
Zoran
-- 
Zoran Milojevic
SS8 Networks Inc.   http://www.ss8.com
"One Better" 
Tel: +1-613-592-2100/x3231  Fax: +1-613-592-9634