also create a relink kit for ssh-agent, since it is a long-running setgid

program carrying keys with some (not very powerful) communication channels.
solution for testing the binary from dtucker.  agreement from djm.
Will add it into /etc/rc in a few days.

diff --git a/usr.bin/ssh/ssh-agent/Makefile b/usr.bin/ssh/ssh-agent/Makefile
index 9e3a0d4..c60a219 100644 (file)
--- a/usr.bin/ssh/ssh-agent/Makefile
+++ b/usr.bin/ssh/ssh-agent/Makefile
@@ -1,4 +1,4 @@
-#      $OpenBSD: Makefile,v 1.38 2020/04/03 02:26:56 djm Exp $
+#      $OpenBSD: Makefile,v 1.39 2024/04/01 15:50:17 deraadt Exp $
 
 .PATH:         ${.CURDIR}/..
 
@@ -10,7 +10,7 @@ SRCS+=        ${SRCS_SK_CLIENT}
 PROG=  ssh-agent
 BINOWN=        root
 BINGRP=        _sshagnt
-BINMODE=2555
+BINMODE=2511
 
 BINDIR=        /usr/bin
 
@@ -18,3 +18,24 @@ BINDIR=      /usr/bin
 
 LDADD+=        -lcrypto -lutil
 DPADD+=        ${LIBCRYPTO} ${LIBUTIL}
+
+# The random relink kit, used on OpenBSD by /etc/rc
+
+CLEANFILES+= ssh-agent.tar install.sh
+
+install.sh: Makefile
+       echo "set -o errexit" > $@
+       echo "${CC} ${LDFLAGS} ${LDSTATIC} -o ${PROG}" \
+           "\`echo " ${OBJS} "| tr ' ' '\\\n' | sort -R\`" ${LDADD} >> $@
+       echo "./${PROG} /usr/bin/true" >> $@
+       echo "install -c -s  -o root -g bin -m ${BINMODE} ${PROG} " \
+           "${BINDIR}/${PROG}" >> $@
+
+${PROG}.tar: ${OBJS} install.sh
+       tar cf $@ ${OBJS} install.sh
+
+afterinstall: ${PROG}.tar
+       install -d -o root -g wheel -m 755 \
+           ${DESTDIR}/usr/share/relink/${BINDIR}/${PROG}
+       install -o ${BINOWN} -g ${BINGRP} -m 640 \
+           ${PROG}.tar ${DESTDIR}/usr/share/relink/${BINDIR}/${PROG}/${PROG}.tar