#!/bin/sh
chrootdir=/pkgs/bzr/chroot
bindir=$chrootdir/usr/bin
libdir=$chrootdir/usr/lib64
rootlib=$chrootdir/lib64
devdir=$chrootdir/dev
sysconfdir=$chrootdir/etc
libexecdir=$chrootdir/usr/libexec

rm -r $bindir $libdir $rootdir $devdir $sysconfdir $libexecdir
mkdir -p $bindir $libdir $rootlib $devdir $sysconfdir $libexecdir/openssh

cp -L /usr/libexec/openssh/sftp-server $libexecdir/openssh
LDLINUX=`ldd $libexecdir/openssh/sftp-server|grep ld-linux|sed 's/^[[:space:]]*\([^ ]*\) .*/\1/'`
cp -L $LDLINUX $rootlib
for lib in `ldd $libexecdir/openssh/sftp-server|grep '=>'|sed 's/.*=> \([^ ]*\).*/\1/'`; do
	echo "Copying:" $lib
	cp $lib* $libdir
done

# Create a passwd file with only the users that can login and root so the
# ownership on files resolves to a symbolic name.
#
# The ssh daemon running outside the chroot takes care of authentication.
# ACLs take care of authorization.  The root user is prevented from logging
# into the chroot by scponlyc.
echo 'root :x:0:0:root:/root:/bin/false' > $sysconfdir/passwd
egrep ":x:[0-9]+:[0-9]+:[^:]*:$chrootdir//:/usr/sbin/scponlyc\$" /etc/passwd >>$sysconfdir/passwd

cp -p /etc/group $sysconfdir/group

if [ "$EUID" = "0" ]; then
	mknod $devdir/null c 1 3
	chmod 0666 $devdir/null
	chown -R root:root $chrootdir
else
	echo "/dev/null must be created in the chroot by the root user."
	echo "run chown to make root the owner of all files in $chrootdir."
fi