1 # 2 # CDDL HEADER START 3 # 4 # The contents of this file are subject to the terms of the 5 # Common Development and Distribution License (the "License"). 6 # You may not use this file except in compliance with the License. 7 # 8 # You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 # or http://www.opensolaris.org/os/licensing. 10 # See the License for the specific language governing permissions 11 # and limitations under the License. 12 # 13 # When distributing Covered Code, include this CDDL HEADER in each 14 # file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 # If applicable, add the following below this CDDL HEADER, with the 16 # fields enclosed by brackets "[]" replaced with your own identifying 17 # information: Portions Copyright [yyyy] [name of copyright owner] 18 # 19 # CDDL HEADER END 20 # 21 # Copyright 2008 Sun Microsystems, Inc. All rights reserved. 22 # Use is subject to license terms. 23 # 24 # ident "%Z%%M% %I% %E% SMI" 25 # 26 BASEPREFIX=`echo $BASEDIR | sed "s/\//_/g"` 27 # 28 # Clear sysidtool which may have gone into maintenance due to a dependency 29 # cycle with milestone/single-user, when upgrading to a system that 30 # introduces milestone/sysconfig. 31 # 32 cat >> $BASEDIR/var/svc/profile/upgrade <<\_CLRSYSID 33 /usr/sbin/svcadm clear svc:/system/sysidtool:net 34 /usr/sbin/svcadm clear svc:/system/sysidtool:system 35 _CLRSYSID 36 37 if [ -f $BASEDIR/etc/inet/ipnodes.hostsmerge ]; then 38 rm -f $BASEDIR/etc/inet/ipnodes.hostsmerge 39 fi 40 41 if [ -h $BASEDIR/var/mail.ABCsavedXYZ ] ; then 42 rmdir $BASEDIR/var/mail/:saved >/dev/null 2>&1 43 if [ $? = 0 ] ; then 44 rmdir $BASEDIR/var/mail >/dev/null 2>&1 45 if [ $? = 0 ] ; then 46 mv $BASEDIR/var/mail.ABCsavedXYZ $BASEDIR/var/mail 47 fi 48 fi 49 rm -fr $BASEDIR/var/mail.ABCsavedXYZ 50 fi 51 52 if [ -h $BASEDIR/var/news.ABCsavedXYZ ] ; then 53 rmdir $BASEDIR/var/news >/dev/null 2>&1 54 if [ $? = 0 ] ; then 55 mv $BASEDIR/var/news.ABCsavedXYZ $BASEDIR/var/news 56 fi 57 rm -fr $BASEDIR/var/news.ABCsavedXYZ 58 fi 59 60 PMTAB=$BASEDIR/etc/saf/tcp/_pmtab 61 if [ -f $PMTAB ] ; then 62 sed -e 's/\\x00020ACE......../\\x00020ACE00000000/' \ 63 -e 's/\\x00020203......../\\x0002020300000000/' $PMTAB >/tmp/t.$$ 64 cp /tmp/t.$$ $PMTAB 65 fi 66 67 AUTH_ATTR=$BASEDIR/etc/security/auth_attr 68 if [ -f $AUTH_ATTR ] ; then 69 sed '/^solaris\.\*/d' $AUTH_ATTR > /tmp/a.$$ 70 cp /tmp/a.$$ $AUTH_ATTR 71 rm -f /tmp/a.$$ 72 fi 73 74 EXEC_ATTR=$BASEDIR/etc/security/exec_attr 75 if [ -f $EXEC_ATTR ] ; then 76 sed -e '/^Network Security.*sbin\/ipsec.*/ D' \ 77 -e '/^Network Security.*sbin\/ike.*/ D' \ 78 -e '/^Network Security.*inet\/in\.iked.*/ D' \ 79 -e '/^Network Security.*inet\/cert.*/ D' $EXEC_ATTR > /tmp/e.$$ 80 cp /tmp/e.$$ $EXEC_ATTR 81 rm -f /tmp/e.$$ 82 fi 83 84 INITTAB=$BASEDIR/etc/inittab 85 if [ -f $INITTAB -a -n "$SUNW_PKG_INSTALL_ZONENAME" -a \ 86 "$SUNW_PKG_INSTALL_ZONENAME" != "global" ]; then 87 sed -e '/^ap:/d' -e '/^sp:/d' $INITTAB > /tmp/i.$$ 88 cp /tmp/i.$$ $INITTAB 89 rm -f /tmp/i.$$ 90 fi 91 92 VFSTAB=$BASEDIR/etc/vfstab 93 if [ -f $VFSTAB -a -n "$SUNW_PKG_INSTALL_ZONENAME" -a \ 94 "$SUNW_PKG_INSTALL_ZONENAME" != "global" ]; then 95 sed '/^\/devices[ ]/d' $VFSTAB > /tmp/v.$$ 96 cp /tmp/v.$$ $VFSTAB 97 rm -f /tmp/v.$$ 98 fi 99 100 # 101 # Get rid of obsolete BIND 8 server instance 102 # 103 cat >> $BASEDIR/var/svc/profile/upgrade <<\_DEL_BIND8 104 obs_se=/usr/sbin/in.named 105 cur_se=`svcprop -p start/exec svc:/network/dns/server 2>/dev/null` 106 if [ "$obs_se" = "$cur_se" ]; then 107 svcadm disable -s svc:/network/dns/server:default 108 svccfg delete svc:/network/dns/server:default 109 # If this was the only instance, delete the service also 110 svcs network/dns/server >/dev/null 2>&1 || \ 111 svccfg delete svc:/network/dns/server 112 fi 113 _DEL_BIND8 114 115 # 116 # Get rid of obsolete DARPA trivial name server (Death to IEN-116!) 117 # 118 cat >> $BASEDIR/var/svc/profile/upgrade <<\_DEL_TNAME 119 svcs svc:/network/tname > /dev/null 2>&1 120 if [ "$?" = 0 ]; then 121 svccfg delete -f svc:/network/tname 122 fi 123 _DEL_TNAME 124 125 # 126 # Remove stale GLD services 127 # 128 SVCCFG_REPOSITORY=$PKG_INSTALL_ROOT/etc/svc/repository.db 129 export SVCCFG_REPOSITORY 130 if [ -x /usr/sbin/svcadm -a -x /usr/sbin/svccfg -a \ 131 -f $PKG_INSTALL_ROOT/var/svc/manifest/network/datalink.xml ]; then 132 if [ -r $PKG_INSTALL_ROOT/etc/svc/volatile/repository_door ]; then 133 # 134 # Local package install. Need to disable the services first 135 # before deleting. 136 # 137 svcadm disable -s svc:/network/aggregation >/dev/null 2>&1 138 svcadm disable -s svc:/network/datalink-init >/dev/null 2>&1 139 svcadm disable -s svc:/network/datalink >/dev/null 2>&1 140 fi 141 svccfg delete svc:/network/aggregation >/dev/null 2>&1 142 svccfg delete svc:/network/datalink-init >/dev/null 2>&1 143 svccfg delete svc:/network/datalink >/dev/null 2>&1 144 fi 145 146 # The ipsecalgs and policy services are delivered enabled. 147 # The ike and manual-key services are delivered disabled. The 148 # system administrator will need to enable them after creating 149 # the config file(s). If the system has been upgraded and the 150 # config files exist, enable the services on first boot. 151 # The file in /tmp indicates that this system had already been 152 # upgraded. The service will only be enabled on first upgrade. 153 IKEMANIFEST=`echo ike.xml"$BASEPREFIX" | cut -c 1-256` 154 if [ ! -f /tmp/${IKEMANIFEST} ]; then 155 cat >> ${PKG_INSTALL_ROOT}/var/svc/profile/upgrade <<\_IPSECUPGRD 156 if [ -f /etc/inet/ike/config ]; then 157 /usr/sbin/svcadm enable svc:/network/ipsec/ike:default 158 fi 159 _IPSECUPGRD 160 else 161 rm /tmp/${IKEMANIFEST} 162 fi 163 MANKEYMANIFEST=`echo manual-key.xml"$BASEPREFIX" | cut -c 1-256` 164 if [ ! -f /tmp/${MANKEYMANIFEST} ]; then 165 cat >> ${PKG_INSTALL_ROOT}/var/svc/profile/upgrade <<\_IPSECUPGRD 166 if [ -f /etc/inet/secret/ipseckeys ]; then 167 /usr/sbin/svcadm enable svc:/network/ipsec/manual-key:default 168 fi 169 _IPSECUPGRD 170 else 171 rm /tmp/${MANKEYMANIFEST} 172 fi 173 174 # 175 # If the eeprom service is present, remove it. We can't use 176 # /var/svc/profile/upgrade as it runs before manifest-import. 177 # 178 /usr/sbin/svccfg -s svc:/platform/i86pc/eeprom:default end >/dev/null 2>&1 179 if [ "$?" = 0 ]; then 180 if [ -r $PKG_INSTALL_ROOT/etc/svc/volatile/repository_door ]; then 181 svcadm disable -s svc:/platform/i86pc/eeprom:default \ 182 >/dev/null 2>&1 183 fi 184 svccfg delete svc:/platform/i86pc/eeprom >/dev/null 2>&1 185 rm -f $PKG_INSTALL_ROOT/var/svc/profile/platform_i86pc.xml 186 rm -f $PKG_INSTALL_ROOT/var/svc/profile/platform.xml 187 fi 188 189 # 190 # svc:/network/rpc/keyserv is expected to be off on systems that don't 191 # set domainname. On systems that do define a default domain, leave the 192 # setting as previously set. 193 # 194 cat >> $BASEDIR/var/svc/profile/upgrade <<\_CSVC_UPGRADE_2 195 if [ ! -f /etc/defaultdomain ]; then 196 svcadm disable network/rpc/keyserv 197 fi 198 _CSVC_UPGRADE_2 199 200 if [ "$UPDATE" != yes ]; then 201 # 202 # On initial install, default to ns_files.xml. The installer will 203 # customize, if appropriate. 204 # 205 ln -s ns_files.xml $BASEDIR/var/svc/profile/name_service.xml 206 elif [ ! -r $BASEDIR/var/svc/profile/name_service.xml ] || \ 207 [ ! -L $BASEDIR/var/svc/profile/name_service.xml ]; then 208 # 209 # Associate name service profile, if none present. 210 # 211 grep ldap $BASEDIR/etc/nsswitch.conf >/dev/null 2>&1 212 is_ldap=$? 213 grep nisplus $BASEDIR/etc/nsswitch.conf >/dev/null 2>&1 214 is_nisplus=$? 215 grep nis $BASEDIR/etc/nsswitch.conf >/dev/null 2>&1 216 is_nis=$? 217 218 if [ $is_ldap = 0 ]; then 219 ns_profile=ns_ldap.xml 220 elif [ $is_nisplus = 0 ]; then 221 ns_profile=ns_nisplus.xml 222 elif [ $is_nis = 0 ]; then 223 ns_profile=ns_nis.xml 224 else 225 ns_profile=ns_files.xml 226 fi 227 228 # Remove stale copy of name_service.xml, if it is not a symlink. 229 if [ ! -L $BASEDIR/var/svc/profile/name_service.xml ]; then 230 /usr/bin/rm -f $BASEDIR/var/svc/profile/name_service.xml 231 fi 232 233 ln -s $ns_profile $BASEDIR/var/svc/profile/name_service.xml 234 235 grep dns $BASEDIR/etc/nsswitch.conf >/dev/null 2>&1 236 if [ $? = 0 ]; then 237 echo "/usr/sbin/svcadm enable network/dns/client" >> \ 238 $BASEDIR/var/svc/profile/upgrade 239 fi 240 fi 241 242 # 243 # Associate correct inetd services profile. 244 # 245 rm -f $BASEDIR/var/svc/profile/inetd_services.xml 246 if [ "$UPDATE" = yes ]; then 247 ln -s inetd_upgrade.xml $BASEDIR/var/svc/profile/inetd_services.xml 248 # Ensure inetd-upgrade is run post-upgrade 249 echo "/usr/sbin/svcadm enable network/inetd-upgrade" >> \ 250 $BASEDIR/var/svc/profile/upgrade 251 else 252 ln -s inetd_generic.xml $BASEDIR/var/svc/profile/inetd_services.xml 253 fi 254 255 # 256 # /etc/svc/repository.db was previously packaged but it is now generated 257 # from one of the seed repositories and then updated by svccfg(1M). 258 # Therefore, removef(1M) is used to remove the packaging database entry 259 # although the repository itself is preserved. 260 # 261 /usr/sbin/removef $PKGINST /etc/svc/repository.db >/dev/null 2>&1 262 /usr/sbin/removef -f $PKGINST >/dev/null 2>&1 263 264 PROFILEDIR=$BASEDIR/var/svc/profile 265 GENERICXML=${PROFILEDIR}/generic.xml 266 if [ -f $BASEDIR/var/SUNWcsr-apply-limited-net ]; then 267 UPGRADEFILE=${PROFILEDIR}/upgrade 268 ln -sf ./generic_limited_net.xml ${GENERICXML} 269 cat >> ${UPGRADEFILE} <<\_ENABLE_LIMITED_NET 270 # 271 # apply the generic_limit_net profile selected at install 272 # time, and set the accompanying properties since they can't 273 # be readily set in the profile as of yet. 274 # 275 apply_limited_net() 276 { 277 /usr/sbin/netservices limited 278 } 279 280 # apply_limited_net as last action of this upgrade script 281 trap apply_limited_net 0 282 283 _ENABLE_LIMITED_NET 284 rm -f $BASEDIR/var/SUNWcsr-apply-limited-net 285 else 286 # 287 # This is not an initial (zone-)install: we are upgrading. 288 # 289 # If we have a previous version of generic.xml, keep that. 290 # Otherwise (upgrade from pre-SMF filesystem) take the default 291 # action, i.e., sym-link to ./generic_open.xml 292 # 293 if [ ! -h $GENERICXML -a ! -f $GENERICXML ]; then 294 ln -s ./generic_open.xml $GENERICXML 295 fi 296 fi 297 298 # generic.xml is now dynamically maintained at install/upgrade time 299 # and no longer delivered by any package. We therefore removef(1) 300 # any reference to it in the package database. 301 removef $PKGINST /var/svc/profile/generic.xml >/dev/null 2>&1 302 removef -f $PKGINST >/dev/null 2>&1 303 304 # Solaris audit's internal "enable/disable" state is maintained by 305 # c2audit; if c2audit accepts the auditconfig query, then auditing is 306 # enabled. If that is the case, then SMF should always enable auditd 307 # in the global zone and also in a non-global zone if perzone auditing 308 # is in use. 309 310 cat >> $BASEDIR/var/svc/profile/upgrade <<\_ENABLE_AUDIT 311 /usr/sbin/auditconfig -getcond 2> /dev/null 312 if [ $? -eq 0 ]; then 313 if [ `/sbin/zonename` = global ]; then 314 /usr/sbin/svcadm enable system/auditd 315 else 316 echo `/usr/sbin/auditconfig -getpolicy` | grep perzone > /dev/null 317 if [ $? -eq 0 ]; then 318 /usr/sbin/svcadm enable system/auditd 319 fi 320 fi 321 fi 322 _ENABLE_AUDIT 323 324 # if platform/sun4u/mpxio-upgrade service exists, then 325 # delete the service on boot after upgrading. 326 if [ "$UPDATE" = yes ]; then 327 cat >> $BASEDIR/var/svc/profile/upgrade <<\_MPXIOUPGRD 328 /usr/bin/svcs platform/sun4u/mpxio-upgrade > /dev/null 2>&1 329 if [ "$?" = 0 ]; then 330 /usr/sbin/svccfg delete svc:/platform/sun4u/mpxio-upgrade 331 fi 332 _MPXIOUPGRD 333 fi 334 335 # 336 # Add nwam to sysidconfig app list so sys-unconfig does the right thing 337 # 338 cat >> $BASEDIR/var/svc/profile/upgrade <<\_NWAM_SYSID 339 /usr/sbin/sysidconfig -b "${PKG_INSTALL_ROOT}" -l |\ 340 /usr/bin/grep -s net-nwam >/dev/null 341 342 if [ $? -ne 0 ]; then 343 /usr/sbin/sysidconfig -b "${PKG_INSTALL_ROOT}" \ 344 -a /lib/svc/method/net-nwam 345 fi 346 _NWAM_SYSID 347 348 # 349 # Migrate /etc/acctadm.conf settings to smf(5) repository. Enable the instance 350 # if the configuration differs from the default configuration. 351 # 352 cat >> $BASEDIR/var/svc/profile/upgrade <<\_ACCTADM 353 if [ -f /etc/acctadm.conf ]; then 354 . /etc/acctadm.conf 355 356 fmri="svc:/system/extended-accounting:flow" 357 svccfg -s $fmri setprop config/file = \ 358 ${ACCTADM_FLOW_FILE:="none"} 359 svccfg -s $fmri setprop config/tracked = \ 360 ${ACCTADM_FLOW_TRACKED:="none"} 361 svccfg -s $fmri setprop config/untracked = \ 362 ${ACCTADM_FLOW_UNTRACKED:="extended"} 363 if [ ${ACCTADM_FLOW_ENABLE:="no"} = "yes" ]; then 364 svccfg -s $fmri setprop config/enabled = "true" 365 else 366 svccfg -s $fmri setprop config/enabled = "false" 367 fi 368 if [ $ACCTADM_FLOW_ENABLE = "yes" -o $ACCTADM_FLOW_FILE != "none" -o \ 369 $ACCTADM_FLOW_TRACKED != "none" ]; then 370 svcadm enable $fmri 371 fi 372 373 fmri="svc:/system/extended-accounting:process" 374 svccfg -s $fmri setprop config/file = \ 375 ${ACCTADM_PROC_FILE:="none"} 376 svccfg -s $fmri setprop config/tracked = \ 377 ${ACCTADM_PROC_TRACKED:="none"} 378 svccfg -s $fmri setprop config/untracked = \ 379 ${ACCTADM_PROC_UNTRACKED:="extended,host"} 380 if [ ${ACCTADM_PROC_ENABLE:="no"} = "yes" ]; then 381 svccfg -s $fmri setprop config/enabled = "true" 382 else 383 svccfg -s $fmri setprop config/enabled = "false" 384 fi 385 if [ $ACCTADM_PROC_ENABLE = "yes" -o $ACCTADM_PROC_FILE != "none" -o \ 386 $ACCTADM_PROC_TRACKED != "none" ]; then 387 svcadm enable $fmri 388 fi 389 390 fmri="svc:/system/extended-accounting:task" 391 svccfg -s $fmri setprop config/file = \ 392 ${ACCTADM_TASK_FILE:="none"} 393 svccfg -s $fmri setprop config/tracked = \ 394 ${ACCTADM_TASK_TRACKED:="none"} 395 svccfg -s $fmri setprop config/untracked = \ 396 ${ACCTADM_TASK_UNTRACKED:="extended"} 397 if [ ${ACCTADM_TASK_ENABLE:="no"} = "yes" ]; then 398 svccfg -s $fmri setprop config/enabled = "true" 399 else 400 svccfg -s $fmri setprop config/enabled = "false" 401 fi 402 if [ $ACCTADM_TASK_ENABLE = "yes" -o $ACCTADM_TASK_FILE != "none" -o \ 403 $ACCTADM_TASK_TRACKED != "none" ]; then 404 svcadm enable $fmri 405 fi 406 407 rm /etc/acctadm.conf 408 fi 409 _ACCTADM 410 411 exit 0 412
Terms of Use |
Privacy |
Trademarks |
Copyright Policy |
Site Guidelines |
Help
Your use of this web site or any of its content or software indicates your agreement to be bound by these Terms of Use.
Copyright © 1995-2008 Sun Microsystems, Inc.