> We have a university license for SSH which we'd like to install on Solaris 7
> workstations. Doing this over Jumpstart is a nightmare without a precompiled
> binary package. I've been trying to make one for the last week but the Solaris
> package format is so poorly documented that I keep running into problems.
Here's what I do.
I assume you have some directories that are shared out to all computers
using NFS, AFS, or whatever.
Do the configure and make in a shared directory. Make it readable by
anyone. Then, when you've finished compilation, go to all computers
one at a time and "make install" from this directory.
It's not the most convenient method in the world, but it works.
I haven't bothered to learn Solaris packaging. I learned IRIX packaging,
which wasn't enjoyable, and people tell me Solaris packaging is even
worse.
Things that the installation does and you should keep in mind if you
choose to do the packaging anyway:
- Move the old binaries out of the way. Don't overwrite them. This way,
if your new installation fails, you'll have something to fall back on.
- Install the binaries and manpages with the version number suffix
(ssh1, ssh-add1, ssh-keygen1, or ssh2, and so on). Symlink these
to corresponding versionless names (ssh -> ssh2).
- Generate a host key if one doesn't exist already. Don't overwrite any
existing host keys as this causes a lot of unnecessary hassle.
Things that the installation DOESN'T do and you should do in the
packaging:
- Copy your central ssh_known_hosts file (containing the host keys of
all of the hosts in your network) to /etc (this for SSH1, or what-
ever the corresponding mechanism is in SSH2)
- Write a startup file in /etc/init.d
- Link it to /etc/rc2.d
The latter two of course only if you want to run the daemon, which I
suppose you would.
> Does anyone have a binary for Solaris 7 (or 8) that I could get a copy of?
Asking for binaries for security-related software is asking for trouble.
Sure, I could compile them for you, but do you have any guarantee that
I'm not putting any Trojan horses in them to allow me to 0wn your boxes
later on?
> Alternately, does anyone have expertise with Solaris packages so that they could
> tell me what I'm doing wrong?
You didn't tell much about what you were doing with them, or what the
actual problem was, so it's hard to say where you went wrong.
--
Atro Tossavainen (Mr.) / The Institute of Biotechnology at
Systems Analyst, Techno-Amish & / the University of Helsinki, Finland,
+358-9-19158939 UNIX Dinosaur / employs me, but my opinions are my own.
< URL : http : / / www . iki . fi / atro . tossavainen / >
