204 lines
8.9 KiB
Plaintext
204 lines
8.9 KiB
Plaintext
# PostInstall script for OPENssh
|
|
INSTALLF="/usr/sbin/installf"
|
|
|
|
instbackup() {
|
|
_DIRECTORY=$1
|
|
_FILEBASE=$2
|
|
$INSTALLF $PKGINST ${_DIRECTORY}/${_FILEBASE}
|
|
_SUFFIX=`/usr/bin/date +%Y-%m-%d-%H%M`
|
|
if [ -f ${_DIRECTORY}/${_FILEBASE} ]; then
|
|
echo " Backing up file ${_FILEBASE}..."
|
|
if [ -f ${_DIRECTORY}/${_FILEBASE}.orig ]; then
|
|
$INSTALLF $PKGINST ${_DIRECTORY}/${_FILEBASE}.orig.${_SUFFIX}
|
|
cp -p ${_DIRECTORY}/${_FILEBASE} ${_DIRECTORY}/${_FILEBASE}.orig.${_SUFFIX}
|
|
echo " Saved as ${_DIRECTORY}/${_FILEBASE}.orig.${_SUFFIX}."
|
|
else
|
|
$INSTALLF $PKGINST ${_DIRECTORY}/${_FILEBASE}.orig
|
|
cp -p ${_DIRECTORY}/${_FILEBASE} ${_DIRECTORY}/${_FILEBASE}.orig
|
|
echo " Saved as ${_DIRECTORY}/${_FILEBASE}.orig."
|
|
fi
|
|
fi
|
|
cp -p ${_DIRECTORY}/${_FILEBASE}.default ${_DIRECTORY}/${_FILEBASE}
|
|
echo "Installed new ${_DIRECTORY}/${_FILEBASE} configuration file."
|
|
}
|
|
|
|
### Main body of script
|
|
|
|
echo ""
|
|
echo "Beginning postinstall script--this script should leave you with a"
|
|
echo "functional and operational configuration of OpenSSH."
|
|
echo ""
|
|
|
|
if [ ! "${UPDATE}" = "1" ]; then
|
|
echo "Performing a \"fresh\" installation of OpenSSH."
|
|
### Install init script and create symlinks
|
|
$INSTALLF $PKGINST ${PKG_INSTALL_ROOT}/etc/init.d/sshd f 0500 root sys || exit 2
|
|
cp -p ${CONFDIR}/sshd-initscript ${PKG_INSTALL_ROOT}/etc/init.d/sshd
|
|
$INSTALLF $PKGINST ${PKG_INSTALL_ROOT}/etc/rc2.d/S72local_sshd=/etc/init.d/sshd s || exit 2
|
|
$INSTALLF $PKGINST ${PKG_INSTALL_ROOT}/etc/rc1.d/K30local_sshd=/etc/init.d/sshd s || exit 2
|
|
$INSTALLF $PKGINST ${PKG_INSTALL_ROOT}/etc/rc0.d/K30local_sshd=/etc/init.d/sshd s || exit 2
|
|
|
|
### The initial package installation leaves default versions of
|
|
### ssh_prng_cmds, ssh_config, and sshd_config in ${CONFDIR}. Now
|
|
### we need to decide whether to install them. Since this is *not*
|
|
### an update install, we don't ask, but simply back up the old ones
|
|
### and put the new ones in their place.
|
|
instbackup ${CONFDIR} ssh_prng_cmds
|
|
instbackup ${CONFDIR} ssh_config
|
|
instbackup ${CONFDIR} sshd_config
|
|
instbackup ${CONFDIR} primes
|
|
|
|
### If no existing sshd_config and host key, then create
|
|
if [ ! -f "${CONFDIR}/ssh_host_key" ]; then
|
|
echo "Creating new RSA public/private host key pair for SSH-1."
|
|
$INSTALLF $PKGINST ${CONFDIR}/ssh_host_key
|
|
$INSTALLF $PKGINST ${CONFDIR}/ssh_host_key.pub
|
|
### If there is *anything* there then leave it, otherwise look
|
|
### in some reasonable alternate locations before giving up.
|
|
### It's worth spending some extra time looking for the old one
|
|
### to avoid a bunch of "host identification has changed" warnings.
|
|
### Note that some old keys from the commercial SSH might not
|
|
### be compatible, but we don't test for that.
|
|
if [ -f "${PKG_INSTALL_ROOT}/etc/ssh_host_key" ]; then
|
|
mv ${PKG_INSTALL_ROOT}/etc/ssh_host_key ${CONFDIR}
|
|
elif [ -f "${PKG_INSTALL_ROOT}/usr/local/etc/ssh_host_key" ]; then
|
|
mv ${PKG_INSTALL_ROOT}/usr/local/etc/ssh_host_key ${CONFDIR}
|
|
else
|
|
${DESTBIN}/ssh-keygen -b 1024 -f ${CONFDIR}/ssh_host_key -N ''
|
|
fi
|
|
else
|
|
echo "Using existing RSA public/private host key pair for SSH-1."
|
|
fi
|
|
if [ ! -f "${CONFDIR}/ssh_host_dsa_key" ]; then
|
|
echo "Creating new DSA public/private host key pair for SSH-2."
|
|
$INSTALLF $PKGINST ${CONFDIR}/ssh_host_dsa_key
|
|
$INSTALLF $PKGINST ${CONFDIR}/ssh_host_dsa_key.pub
|
|
### If there is *anything* there then leave it, otherwise look
|
|
### in some reasonable alternate locations before giving up.
|
|
### It's worth spending some extra time looking for the old one
|
|
### to avoid a bunch of "host identification has changed" warnings.
|
|
### Note that some old keys from the commercial SSH2 might not
|
|
### be compatible, but we don't test for that.
|
|
if [ -f "${PKG_INSTALL_ROOT}/etc/ssh_host_dsa_key" ]; then
|
|
mv ${PKG_INSTALL_ROOT}/etc/ssh_host_dsa_key ${CONFDIR}
|
|
elif [ -f "${PKG_INSTALL_ROOT}/usr/local/etc/ssh_host_dsa_key" ]; then
|
|
mv ${PKG_INSTALL_ROOT}/usr/local/etc/ssh_host_dsa_key ${CONFDIR}
|
|
else
|
|
${DESTBIN}/ssh-keygen -d -f ${CONFDIR}/ssh_host_dsa_key -N ''
|
|
fi
|
|
else
|
|
echo "Using existing DSA public/private host key pair for SSH-2."
|
|
fi
|
|
else
|
|
echo "Performing an \"update\" installation of OpenSSH."
|
|
### Okay, this part *is* an update install...so we need to ensure
|
|
### we don't overwrite any of the existing files.
|
|
|
|
### Install init script and create symlinks
|
|
if [ ! -f ${PKG_INSTALL_ROOT}/etc/init.d/sshd ]; then
|
|
echo "Installing init script in ${PKG_INSTALL_ROOT}/etc/init.d/sshd"
|
|
$INSTALLF $PKGINST ${PKG_INSTALL_ROOT}/etc/init.d/sshd || exit 2
|
|
cp -p ${CONFDIR}/sshd-initscript ${PKG_INSTALL_ROOT}/etc/init.d/sshd
|
|
chown root:root ${PKG_INSTALL_ROOT}/etc/init.d/sshd
|
|
chmod 500 ${PKG_INSTALL_ROOT}/etc/init.d/sshd
|
|
fi
|
|
if [ ! -r ${PKG_INSTALL_ROOT}/etc/rc2.d/S72local_sshd ]; then
|
|
$INSTALLF $PKGINST ${PKG_INSTALL_ROOT}/etc/rc2.d/S72local_sshd=/etc/init.d/sshd s || exit 2
|
|
fi
|
|
if [ ! -r ${PKG_INSTALL_ROOT}/etc/rc2.d/K30local_sshd ]; then
|
|
$INSTALLF $PKGINST /etc/rc0.d/K30local_sshd=/etc/init.d/sshd s || exit 2
|
|
fi
|
|
|
|
### The initial package installation leaves default versions of
|
|
### ssh_prng_cmds, ssh_config, and sshd_config in ${CONFDIR}. Now
|
|
### we need to decide whether to install them. Since this is
|
|
### an update install, we only install the new files if the old
|
|
### files somehow don't exist.
|
|
NEWCONF=0
|
|
if [ ! -r "${CONFDIR}/ssh_prng_cmds" ]; then
|
|
instbackup ${CONFDIR} ssh_prng_cmds
|
|
NEWCONF=1
|
|
fi
|
|
if [ ! -r "${CONFDIR}/ssh_config" ]; then
|
|
instbackup ${CONFDIR} ssh_config
|
|
NEWCONF=1
|
|
fi
|
|
if [ ! -r "${CONFDIR}/ssh_config" ]; then
|
|
instbackup ${CONFDIR} sshd_config
|
|
NEWCONF=1
|
|
fi
|
|
if [ ! -r "${CONFDIR}/primes" ]; then
|
|
instbackup ${CONFDIR} primes
|
|
NEWCONF=1
|
|
fi
|
|
if [ $NEWCONF -eq 0 ]; then
|
|
echo "Your existing SSH configuration files have not been altered."
|
|
else
|
|
echo "Your other existing SSH configuration files have not been altered."
|
|
fi
|
|
|
|
### If no existing sshd_config and host key, then create
|
|
if [ ! -f "${CONFDIR}/ssh_host_key" ]; then
|
|
echo "Creating new RSA public/private host key pair for SSH-1."
|
|
$INSTALLF $PKGINST ${CONFDIR}/ssh_host_key
|
|
$INSTALLF $PKGINST ${CONFDIR}/ssh_host_key.pub
|
|
### If there is *anything* there then leave it, otherwise look
|
|
### in some reasonable alternate locations before giving up.
|
|
### It's worth spending some extra time looking for the old one
|
|
### to avoid a bunch of "host identification has changed" warnings.
|
|
### Note that some old keys from the commercial SSH might not
|
|
### be compatible, but we don't test for that.
|
|
if [ -f "${PKG_INSTALL_ROOT}/etc/ssh_host_key" ]; then
|
|
mv ${PKG_INSTALL_ROOT}/etc/ssh_host_key ${CONFDIR}
|
|
elif [ -f "${PKG_INSTALL_ROOT}/usr/local/etc/ssh_host_key" ]; then
|
|
mv ${PKG_INSTALL_ROOT}/usr/local/etc/ssh_host_key ${CONFDIR}
|
|
else
|
|
${DESTBIN}/ssh-keygen -b 1024 -f ${CONFDIR}/ssh_host_key -N ''
|
|
fi
|
|
else
|
|
echo "Using existing RSA public/private host key pair for SSH-1."
|
|
fi
|
|
if [ ! -f "${CONFDIR}/ssh_host_dsa_key" ]; then
|
|
echo "Creating new DSA public/private host key pair for SSH-2."
|
|
$INSTALLF $PKGINST ${CONFDIR}/ssh_host_dsa_key
|
|
$INSTALLF $PKGINST ${CONFDIR}/ssh_host_dsa_key.pub
|
|
### If there is *anything* there then leave it, otherwise look
|
|
### in some reasonable alternate locations before giving up.
|
|
### It's worth spending some extra time looking for the old one
|
|
### to avoid a bunch of "host identification has changed" warnings.
|
|
### Note that some old keys from the commercial SSH2 might not
|
|
### be compatible, but we don't test for that.
|
|
if [ -f "${PKG_INSTALL_ROOT}/etc/ssh_host_dsa_key" ]; then
|
|
mv ${PKG_INSTALL_ROOT}/etc/ssh_host_dsa_key ${CONFDIR}
|
|
elif [ -f "${PKG_INSTALL_ROOT}/usr/local/etc/ssh_host_dsa_key" ]; then
|
|
mv ${PKG_INSTALL_ROOT}/usr/local/etc/ssh_host_dsa_key ${CONFDIR}
|
|
else
|
|
${DESTBIN}/ssh-keygen -d -f ${CONFDIR}/ssh_host_dsa_key -N ''
|
|
fi
|
|
else
|
|
echo "Using existing DSA public/private host key pair for SSH-2."
|
|
fi
|
|
fi
|
|
|
|
if [ ! -d %%PIDDIR%% ]; then
|
|
$INSTALLF $PKGINST %%PIDDIR%%
|
|
mkdir -p %%PIDDIR%%
|
|
chown root:sys %%PIDDIR%%
|
|
chmod 755 %%PIDDIR%%
|
|
fi
|
|
|
|
$INSTALLF -f $PKGINST || exit 2
|
|
|
|
if [ "X${PKG_INSTALL_ROOT}" = "X" ]; then
|
|
### We're doing a local install, rather than an install for
|
|
### old-style diskless clients.
|
|
echo "Stopping any current sshd process, and then starting the new sshd."
|
|
/etc/init.d/sshd stop
|
|
/etc/init.d/sshd start
|
|
else
|
|
echo "Not restarting sshd, since this appears to be a remote install"
|
|
echo "for support of diskless clients."
|
|
fi
|
|
|
|
exit 0
|