From 3124af8d0be47d48d12f00c1b0887e157f133c53 Mon Sep 17 00:00:00 2001 From: deraadt Date: Mon, 1 Apr 2024 15:50:17 +0000 Subject: [PATCH] also create a relink kit for ssh-agent, since it is a long-running setgid program carrying keys with some (not very powerful) communication channels. solution for testing the binary from dtucker. agreement from djm. Will add it into /etc/rc in a few days. --- usr.bin/ssh/ssh-agent/Makefile | 25 +++++++++++++++++++++++-- 1 file changed, 23 insertions(+), 2 deletions(-) diff --git a/usr.bin/ssh/ssh-agent/Makefile b/usr.bin/ssh/ssh-agent/Makefile index 9e3a0d47001..c60a219f735 100644 --- a/usr.bin/ssh/ssh-agent/Makefile +++ b/usr.bin/ssh/ssh-agent/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.38 2020/04/03 02:26:56 djm Exp $ +# $OpenBSD: Makefile,v 1.39 2024/04/01 15:50:17 deraadt Exp $ .PATH: ${.CURDIR}/.. @@ -10,7 +10,7 @@ SRCS+= ${SRCS_SK_CLIENT} PROG= ssh-agent BINOWN= root BINGRP= _sshagnt -BINMODE=2555 +BINMODE=2511 BINDIR= /usr/bin @@ -18,3 +18,24 @@ BINDIR= /usr/bin LDADD+= -lcrypto -lutil DPADD+= ${LIBCRYPTO} ${LIBUTIL} + +# The random relink kit, used on OpenBSD by /etc/rc + +CLEANFILES+= ssh-agent.tar install.sh + +install.sh: Makefile + echo "set -o errexit" > $@ + echo "${CC} ${LDFLAGS} ${LDSTATIC} -o ${PROG}" \ + "\`echo " ${OBJS} "| tr ' ' '\\\n' | sort -R\`" ${LDADD} >> $@ + echo "./${PROG} /usr/bin/true" >> $@ + echo "install -c -s -o root -g bin -m ${BINMODE} ${PROG} " \ + "${BINDIR}/${PROG}" >> $@ + +${PROG}.tar: ${OBJS} install.sh + tar cf $@ ${OBJS} install.sh + +afterinstall: ${PROG}.tar + install -d -o root -g wheel -m 755 \ + ${DESTDIR}/usr/share/relink/${BINDIR}/${PROG} + install -o ${BINOWN} -g ${BINGRP} -m 640 \ + ${PROG}.tar ${DESTDIR}/usr/share/relink/${BINDIR}/${PROG}/${PROG}.tar -- 2.20.1