blob: 6f2c9b303c424fc1ef4416a6db78bd66ea088028 [file] [log] [blame] [raw]
# PostInstall script for OPENssh
INSTALLF="/usr/sbin/installf"
instbackup() {
_DIRECTORY=$1
_FILEBASE=$2
$INSTALLF $PKGINST ${_DIRECTORY}/${_FILEBASE}
_SUFFIX=`/usr/bin/date +%Y-%m-%d-%H%M`
if [ -f ${_DIRECTORY}/${_FILEBASE} ]; then
echo " Backing up file ${_FILEBASE}..."
if [ -f ${_DIRECTORY}/${_FILEBASE}.orig ]; then
$INSTALLF $PKGINST ${_DIRECTORY}/${_FILEBASE}.orig.${_SUFFIX}
cp -p ${_DIRECTORY}/${_FILEBASE} ${_DIRECTORY}/${_FILEBASE}.orig.${_SUFFIX}
echo " Saved as ${_DIRECTORY}/${_FILEBASE}.orig.${_SUFFIX}."
else
$INSTALLF $PKGINST ${_DIRECTORY}/${_FILEBASE}.orig
cp -p ${_DIRECTORY}/${_FILEBASE} ${_DIRECTORY}/${_FILEBASE}.orig
echo " Saved as ${_DIRECTORY}/${_FILEBASE}.orig."
fi
fi
cp -p ${_DIRECTORY}/${_FILEBASE}.default ${_DIRECTORY}/${_FILEBASE}
echo "Installed new ${_DIRECTORY}/${_FILEBASE} configuration file."
}
### Main body of script
echo ""
echo "Beginning postinstall script--this script should leave you with a"
echo "functional and operational configuration of OpenSSH."
echo ""
if [ ! "${UPDATE}" = "1" ]; then
echo "Performing a \"fresh\" installation of OpenSSH."
### Install init script and create symlinks
$INSTALLF $PKGINST ${PKG_INSTALL_ROOT}/etc/init.d/sshd f 0500 root sys || exit 2
cp -p ${CONFDIR}/sshd-initscript ${PKG_INSTALL_ROOT}/etc/init.d/sshd
$INSTALLF $PKGINST ${PKG_INSTALL_ROOT}/etc/rc2.d/S72local_sshd=/etc/init.d/sshd s || exit 2
$INSTALLF $PKGINST ${PKG_INSTALL_ROOT}/etc/rc1.d/K30local_sshd=/etc/init.d/sshd s || exit 2
$INSTALLF $PKGINST ${PKG_INSTALL_ROOT}/etc/rc0.d/K30local_sshd=/etc/init.d/sshd s || exit 2
### The initial package installation leaves default versions of
### ssh_prng_cmds, ssh_config, and sshd_config in ${CONFDIR}. Now
### we need to decide whether to install them. Since this is *not*
### an update install, we don't ask, but simply back up the old ones
### and put the new ones in their place.
instbackup ${CONFDIR} ssh_prng_cmds
instbackup ${CONFDIR} ssh_config
instbackup ${CONFDIR} sshd_config
instbackup ${CONFDIR} primes
### If no existing sshd_config and host key, then create
if [ ! -f "${CONFDIR}/ssh_host_key" ]; then
echo "Creating new RSA public/private host key pair for SSH-1."
$INSTALLF $PKGINST ${CONFDIR}/ssh_host_key
$INSTALLF $PKGINST ${CONFDIR}/ssh_host_key.pub
### If there is *anything* there then leave it, otherwise look
### in some reasonable alternate locations before giving up.
### It's worth spending some extra time looking for the old one
### to avoid a bunch of "host identification has changed" warnings.
### Note that some old keys from the commercial SSH might not
### be compatible, but we don't test for that.
if [ -f "${PKG_INSTALL_ROOT}/etc/ssh_host_key" ]; then
mv ${PKG_INSTALL_ROOT}/etc/ssh_host_key ${CONFDIR}
elif [ -f "${PKG_INSTALL_ROOT}/usr/local/etc/ssh_host_key" ]; then
mv ${PKG_INSTALL_ROOT}/usr/local/etc/ssh_host_key ${CONFDIR}
else
${DESTBIN}/ssh-keygen -b 1024 -f ${CONFDIR}/ssh_host_key -N ''
fi
else
echo "Using existing RSA public/private host key pair for SSH-1."
fi
if [ ! -f "${CONFDIR}/ssh_host_dsa_key" ]; then
echo "Creating new DSA public/private host key pair for SSH-2."
$INSTALLF $PKGINST ${CONFDIR}/ssh_host_dsa_key
$INSTALLF $PKGINST ${CONFDIR}/ssh_host_dsa_key.pub
### If there is *anything* there then leave it, otherwise look
### in some reasonable alternate locations before giving up.
### It's worth spending some extra time looking for the old one
### to avoid a bunch of "host identification has changed" warnings.
### Note that some old keys from the commercial SSH2 might not
### be compatible, but we don't test for that.
if [ -f "${PKG_INSTALL_ROOT}/etc/ssh_host_dsa_key" ]; then
mv ${PKG_INSTALL_ROOT}/etc/ssh_host_dsa_key ${CONFDIR}
elif [ -f "${PKG_INSTALL_ROOT}/usr/local/etc/ssh_host_dsa_key" ]; then
mv ${PKG_INSTALL_ROOT}/usr/local/etc/ssh_host_dsa_key ${CONFDIR}
else
${DESTBIN}/ssh-keygen -d -f ${CONFDIR}/ssh_host_dsa_key -N ''
fi
else
echo "Using existing DSA public/private host key pair for SSH-2."
fi
else
echo "Performing an \"update\" installation of OpenSSH."
### Okay, this part *is* an update install...so we need to ensure
### we don't overwrite any of the existing files.
### Install init script and create symlinks
if [ ! -f ${PKG_INSTALL_ROOT}/etc/init.d/sshd ]; then
echo "Installing init script in ${PKG_INSTALL_ROOT}/etc/init.d/sshd"
$INSTALLF $PKGINST ${PKG_INSTALL_ROOT}/etc/init.d/sshd || exit 2
cp -p ${CONFDIR}/sshd-initscript ${PKG_INSTALL_ROOT}/etc/init.d/sshd
chown root:root ${PKG_INSTALL_ROOT}/etc/init.d/sshd
chmod 500 ${PKG_INSTALL_ROOT}/etc/init.d/sshd
fi
if [ ! -r ${PKG_INSTALL_ROOT}/etc/rc2.d/S72local_sshd ]; then
$INSTALLF $PKGINST ${PKG_INSTALL_ROOT}/etc/rc2.d/S72local_sshd=/etc/init.d/sshd s || exit 2
fi
if [ ! -r ${PKG_INSTALL_ROOT}/etc/rc2.d/K30local_sshd ]; then
$INSTALLF $PKGINST /etc/rc0.d/K30local_sshd=/etc/init.d/sshd s || exit 2
fi
### The initial package installation leaves default versions of
### ssh_prng_cmds, ssh_config, and sshd_config in ${CONFDIR}. Now
### we need to decide whether to install them. Since this is
### an update install, we only install the new files if the old
### files somehow don't exist.
NEWCONF=0
if [ ! -r "${CONFDIR}/ssh_prng_cmds" ]; then
instbackup ${CONFDIR} ssh_prng_cmds
NEWCONF=1
fi
if [ ! -r "${CONFDIR}/ssh_config" ]; then
instbackup ${CONFDIR} ssh_config
NEWCONF=1
fi
if [ ! -r "${CONFDIR}/sshd_config" ]; then
instbackup ${CONFDIR} sshd_config
NEWCONF=1
fi
if [ ! -r "${CONFDIR}/primes" ]; then
instbackup ${CONFDIR} primes
NEWCONF=1
fi
if [ $NEWCONF -eq 0 ]; then
echo "Your existing SSH configuration files have not been altered."
else
echo "Your other existing SSH configuration files have not been altered."
fi
### If no existing sshd_config and host key, then create
if [ ! -f "${CONFDIR}/ssh_host_key" ]; then
echo "Creating new RSA public/private host key pair for SSH-1."
$INSTALLF $PKGINST ${CONFDIR}/ssh_host_key
$INSTALLF $PKGINST ${CONFDIR}/ssh_host_key.pub
### If there is *anything* there then leave it, otherwise look
### in some reasonable alternate locations before giving up.
### It's worth spending some extra time looking for the old one
### to avoid a bunch of "host identification has changed" warnings.
### Note that some old keys from the commercial SSH might not
### be compatible, but we don't test for that.
if [ -f "${PKG_INSTALL_ROOT}/etc/ssh_host_key" ]; then
mv ${PKG_INSTALL_ROOT}/etc/ssh_host_key ${CONFDIR}
elif [ -f "${PKG_INSTALL_ROOT}/usr/local/etc/ssh_host_key" ]; then
mv ${PKG_INSTALL_ROOT}/usr/local/etc/ssh_host_key ${CONFDIR}
else
${DESTBIN}/ssh-keygen -b 1024 -f ${CONFDIR}/ssh_host_key -N ''
fi
else
echo "Using existing RSA public/private host key pair for SSH-1."
fi
if [ ! -f "${CONFDIR}/ssh_host_dsa_key" ]; then
echo "Creating new DSA public/private host key pair for SSH-2."
$INSTALLF $PKGINST ${CONFDIR}/ssh_host_dsa_key
$INSTALLF $PKGINST ${CONFDIR}/ssh_host_dsa_key.pub
### If there is *anything* there then leave it, otherwise look
### in some reasonable alternate locations before giving up.
### It's worth spending some extra time looking for the old one
### to avoid a bunch of "host identification has changed" warnings.
### Note that some old keys from the commercial SSH2 might not
### be compatible, but we don't test for that.
if [ -f "${PKG_INSTALL_ROOT}/etc/ssh_host_dsa_key" ]; then
mv ${PKG_INSTALL_ROOT}/etc/ssh_host_dsa_key ${CONFDIR}
elif [ -f "${PKG_INSTALL_ROOT}/usr/local/etc/ssh_host_dsa_key" ]; then
mv ${PKG_INSTALL_ROOT}/usr/local/etc/ssh_host_dsa_key ${CONFDIR}
else
${DESTBIN}/ssh-keygen -d -f ${CONFDIR}/ssh_host_dsa_key -N ''
fi
else
echo "Using existing DSA public/private host key pair for SSH-2."
fi
fi
if [ ! -d %%PIDDIR%% ]; then
$INSTALLF $PKGINST %%PIDDIR%%
mkdir -p %%PIDDIR%%
chown root:sys %%PIDDIR%%
chmod 755 %%PIDDIR%%
fi
$INSTALLF -f $PKGINST || exit 2
if [ "X${PKG_INSTALL_ROOT}" = "X" ]; then
### We're doing a local install, rather than an install for
### old-style diskless clients.
echo "Stopping any current sshd process, and then starting the new sshd."
/etc/init.d/sshd stop
/etc/init.d/sshd start
else
echo "Not restarting sshd, since this appears to be a remote install"
echo "for support of diskless clients."
fi
exit 0